Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
23s -
max time network
13s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
07/04/2024, 00:07
Static task
static1
Behavioral task
behavioral1
Sample
a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe
Resource
win10v2004-20231215-en
General
-
Target
a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe
-
Size
367KB
-
MD5
47003e6a14a32ce0c0a7a83d1cf5cfe8
-
SHA1
5bca37d70d3cc7da571d6b37f6d345162f55e9a0
-
SHA256
a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7
-
SHA512
a2c47ce4cee1d867ba61debe8c8a06c2610a38bcbbeaf195268ae83a81ff3e18043ad724fd2bfb78f8a26a661d478a9674acfaa7c305ebcf730c04aa354e659b
-
SSDEEP
6144:/rTfUHeeSKOS9ccFKk3Y9t9YZ9wA36TVgoD/4qtv+j:/n8yN0Mr8Z9BqTVgoD4K2j
Malware Config
Signatures
-
UPX dump on OEP (original entry point) 56 IoCs
resource yara_rule behavioral2/files/0x0008000000023205-2.dat UPX behavioral2/memory/2672-4-0x0000000000400000-0x00000000016A8E52-memory.dmp UPX behavioral2/memory/1896-5-0x0000000000400000-0x00000000016A8E52-memory.dmp UPX behavioral2/memory/2672-7-0x0000000000400000-0x00000000016A8E52-memory.dmp UPX behavioral2/memory/3940-11-0x0000000000400000-0x00000000016A8E52-memory.dmp UPX behavioral2/memory/4148-15-0x0000000000400000-0x00000000016A8E52-memory.dmp UPX behavioral2/memory/1620-18-0x0000000000400000-0x00000000016A8E52-memory.dmp UPX behavioral2/memory/5096-22-0x0000000000400000-0x00000000016A8E52-memory.dmp UPX behavioral2/memory/1896-24-0x0000000000400000-0x00000000016A8E52-memory.dmp UPX behavioral2/memory/1180-25-0x0000000000400000-0x00000000016A8E52-memory.dmp UPX behavioral2/memory/624-29-0x0000000000400000-0x00000000016A8E52-memory.dmp UPX behavioral2/memory/8-32-0x0000000000400000-0x00000000016A8E52-memory.dmp UPX behavioral2/memory/3648-36-0x0000000000400000-0x00000000016A8E52-memory.dmp UPX behavioral2/memory/1144-39-0x0000000000400000-0x00000000016A8E52-memory.dmp UPX behavioral2/memory/4408-43-0x0000000000400000-0x00000000016A8E52-memory.dmp UPX behavioral2/memory/2956-46-0x0000000000400000-0x00000000016A8E52-memory.dmp UPX behavioral2/memory/3904-50-0x0000000000400000-0x00000000016A8E52-memory.dmp UPX behavioral2/memory/3080-52-0x0000000000400000-0x00000000016A8E52-memory.dmp UPX behavioral2/memory/4540-56-0x0000000000400000-0x00000000016A8E52-memory.dmp UPX behavioral2/memory/3744-59-0x0000000000400000-0x00000000016A8E52-memory.dmp UPX behavioral2/memory/4640-63-0x0000000000400000-0x00000000016A8E52-memory.dmp UPX behavioral2/memory/4332-66-0x0000000000400000-0x00000000016A8E52-memory.dmp UPX behavioral2/memory/2732-70-0x0000000000400000-0x00000000016A8E52-memory.dmp UPX behavioral2/memory/4948-72-0x0000000000400000-0x00000000016A8E52-memory.dmp UPX behavioral2/memory/888-75-0x0000000000400000-0x00000000016A8E52-memory.dmp UPX behavioral2/memory/1124-77-0x0000000000400000-0x00000000016A8E52-memory.dmp UPX behavioral2/memory/3384-80-0x0000000000400000-0x00000000016A8E52-memory.dmp UPX behavioral2/memory/1420-82-0x0000000000400000-0x00000000016A8E52-memory.dmp UPX behavioral2/memory/824-86-0x0000000000400000-0x00000000016A8E52-memory.dmp UPX behavioral2/memory/1896-87-0x0000000000400000-0x00000000016A8E52-memory.dmp UPX behavioral2/memory/1284-89-0x0000000000400000-0x00000000016A8E52-memory.dmp UPX behavioral2/memory/1556-93-0x0000000000400000-0x00000000016A8E52-memory.dmp UPX behavioral2/memory/4884-96-0x0000000000400000-0x00000000016A8E52-memory.dmp UPX behavioral2/memory/2896-100-0x0000000000400000-0x00000000016A8E52-memory.dmp UPX behavioral2/memory/4644-102-0x0000000000400000-0x00000000016A8E52-memory.dmp UPX behavioral2/memory/2904-103-0x0000000000400000-0x00000000016A8E52-memory.dmp UPX behavioral2/memory/1276-109-0x0000000000400000-0x00000000016A8E52-memory.dmp UPX behavioral2/memory/2760-113-0x0000000000400000-0x00000000016A8E52-memory.dmp UPX behavioral2/memory/3068-116-0x0000000000400000-0x00000000016A8E52-memory.dmp UPX behavioral2/memory/4560-117-0x0000000000400000-0x00000000016A8E52-memory.dmp UPX behavioral2/memory/1476-133-0x0000000000400000-0x00000000016A8E52-memory.dmp UPX behavioral2/memory/2268-129-0x0000000000400000-0x00000000016A8E52-memory.dmp UPX behavioral2/memory/4660-135-0x0000000000400000-0x00000000016A8E52-memory.dmp UPX behavioral2/memory/2140-139-0x0000000000400000-0x00000000016A8E52-memory.dmp UPX behavioral2/memory/772-141-0x0000000000400000-0x00000000016A8E52-memory.dmp UPX behavioral2/memory/2960-144-0x0000000000400000-0x00000000016A8E52-memory.dmp UPX behavioral2/memory/3208-146-0x0000000000400000-0x00000000016A8E52-memory.dmp UPX behavioral2/memory/2996-150-0x0000000000400000-0x00000000016A8E52-memory.dmp UPX behavioral2/memory/4324-152-0x0000000000400000-0x00000000016A8E52-memory.dmp UPX behavioral2/memory/3984-156-0x0000000000400000-0x00000000016A8E52-memory.dmp UPX behavioral2/memory/1896-160-0x0000000000400000-0x00000000016A8E52-memory.dmp UPX behavioral2/memory/5084-162-0x0000000000400000-0x00000000016A8E52-memory.dmp UPX behavioral2/memory/4024-169-0x0000000000400000-0x00000000016A8E52-memory.dmp UPX behavioral2/memory/3800-172-0x0000000000400000-0x00000000016A8E52-memory.dmp UPX behavioral2/memory/4012-176-0x0000000000400000-0x00000000016A8E52-memory.dmp UPX behavioral2/memory/4088-179-0x0000000000400000-0x00000000016A8E52-memory.dmp UPX -
Executes dropped EXE 1 IoCs
pid Process 1896 Isass.exe -
Adds Run key to start application 2 TTPs 2 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Isass.exe = "C:\\Users\\Public\\Microsoft Build\\Isass.exe" a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Isass.exe = "C:\\Users\\Public\\Microsoft Build\\Isass.exe" a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 2672 a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe 2672 a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe 1896 Isass.exe 1896 Isass.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2672 wrote to memory of 1896 2672 a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe 84 PID 2672 wrote to memory of 1896 2672 a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe 84 PID 2672 wrote to memory of 1896 2672 a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe 84
Processes
-
C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe"C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe"1⤵
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2672 -
C:\Users\Public\Microsoft Build\Isass.exe"C:\Users\Public\Microsoft Build\Isass.exe"2⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:1896
-
-
C:\Users\Public\Microsoft Build\Isass.exe"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe2⤵PID:3940
-
C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe"C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe"3⤵PID:4148
-
C:\Users\Public\Microsoft Build\Isass.exe"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe4⤵PID:1620
-
C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe"C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe"5⤵PID:5096
-
C:\Users\Public\Microsoft Build\Isass.exe"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe6⤵PID:1180
-
C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe"C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe"7⤵PID:624
-
C:\Users\Public\Microsoft Build\Isass.exe"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe8⤵PID:8
-
C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe"C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe"9⤵PID:3648
-
C:\Users\Public\Microsoft Build\Isass.exe"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe10⤵PID:1144
-
C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe"C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe"11⤵PID:4408
-
C:\Users\Public\Microsoft Build\Isass.exe"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe12⤵PID:2956
-
C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe"C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe"13⤵PID:3904
-
C:\Users\Public\Microsoft Build\Isass.exe"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe14⤵PID:3080
-
C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe"C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe"15⤵PID:4540
-
C:\Users\Public\Microsoft Build\Isass.exe"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe16⤵PID:3744
-
C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe"C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe"17⤵PID:4640
-
C:\Users\Public\Microsoft Build\Isass.exe"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe18⤵PID:4332
-
C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe"C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe"19⤵PID:2732
-
C:\Users\Public\Microsoft Build\Isass.exe"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe20⤵PID:4948
-
C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe"C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe"21⤵PID:888
-
C:\Users\Public\Microsoft Build\Isass.exe"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe22⤵PID:1124
-
C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe"C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe"23⤵PID:3384
-
C:\Users\Public\Microsoft Build\Isass.exe"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe24⤵PID:1420
-
C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe"C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe"25⤵PID:824
-
C:\Users\Public\Microsoft Build\Isass.exe"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe26⤵PID:1284
-
C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe"C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe"27⤵PID:1556
-
C:\Users\Public\Microsoft Build\Isass.exe"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe28⤵PID:4884
-
C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe"C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe"29⤵PID:2896
-
C:\Users\Public\Microsoft Build\Isass.exe"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe30⤵PID:4644
-
C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe"C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe"31⤵PID:2904
-
C:\Users\Public\Microsoft Build\Isass.exe"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe32⤵PID:1276
-
C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe"C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe"33⤵PID:2760
-
C:\Users\Public\Microsoft Build\Isass.exe"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe34⤵PID:3068
-
C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe"C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe"35⤵PID:4560
-
C:\Users\Public\Microsoft Build\Isass.exe"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe36⤵PID:1648
-
C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe"C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe"37⤵PID:712
-
C:\Users\Public\Microsoft Build\Isass.exe"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe38⤵PID:2268
-
C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe"C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe"39⤵PID:1476
-
C:\Users\Public\Microsoft Build\Isass.exe"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe40⤵PID:4660
-
C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe"C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe"41⤵PID:2140
-
C:\Users\Public\Microsoft Build\Isass.exe"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe42⤵PID:772
-
C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe"C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe"43⤵PID:2960
-
C:\Users\Public\Microsoft Build\Isass.exe"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe44⤵PID:3208
-
C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe"C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe"45⤵PID:2996
-
C:\Users\Public\Microsoft Build\Isass.exe"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe46⤵PID:4324
-
C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe"C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe"47⤵PID:3984
-
C:\Users\Public\Microsoft Build\Isass.exe"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe48⤵PID:5084
-
C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe"C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe"49⤵PID:4024
-
C:\Users\Public\Microsoft Build\Isass.exe"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe50⤵PID:3800
-
C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe"C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe"51⤵PID:4012
-
C:\Users\Public\Microsoft Build\Isass.exe"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe52⤵PID:4088
-
C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe"C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe"53⤵PID:3940
-
C:\Users\Public\Microsoft Build\Isass.exe"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\a861cf11db05c018ac8074c1aaba4a165c8f262fd9e968eda282da0ede9726b7.exe54⤵PID:1472
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
216KB
MD5a92fd1818bc42eb1711028effd4bd1bd
SHA1f5ffb2e8578588b5445d98d31936c644c10d9388
SHA2562dfe42e4a995abebe4d67009205c3b2274afe39fc796bf22e23832edc0564847
SHA51280d8fc9b1369d644bd362bd8f4d5ebdad041d083ef994797429cd5ffb9a3a19005600f1869eb884d49cb81a191f5233efa6fd79562463372bbb095c52f21fa59