Analysis
-
max time kernel
160s -
max time network
157s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
07-04-2024 19:26
Static task
static1
Behavioral task
behavioral1
Sample
24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe
Resource
win10v2004-20240226-en
General
-
Target
24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe
-
Size
868KB
-
MD5
e056525967119892e9282f5381e79977
-
SHA1
ca689de41c52d7083a37bc0bd5172890811a55f6
-
SHA256
24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9
-
SHA512
eed8b08daf745b220c4c4e8e79cbc6ed7096353a7db69bc381775ce9b23eb0a3741177d81dc8fa7f828411b06aaf7be5402ddf637c0f49e6bf80f21ff457af5a
-
SSDEEP
24576:lq8Vlc7aaTyoOgCuuSblPvtKuzY6DoAlJlJAEf:9/3gCu9RzjoAzA+
Malware Config
Signatures
-
Detects executables containing possible sandbox analysis VM usernames 15 IoCs
Processes:
resource yara_rule behavioral2/memory/768-11-0x0000000000400000-0x000000000041C000-memory.dmp INDICATOR_SUSPICIOUS_EXE_SandboxUserNames behavioral2/memory/4076-24-0x0000000000400000-0x000000000041C000-memory.dmp INDICATOR_SUSPICIOUS_EXE_SandboxUserNames behavioral2/memory/4792-124-0x0000000000400000-0x000000000041C000-memory.dmp INDICATOR_SUSPICIOUS_EXE_SandboxUserNames behavioral2/memory/4592-149-0x0000000000400000-0x000000000041C000-memory.dmp INDICATOR_SUSPICIOUS_EXE_SandboxUserNames behavioral2/memory/768-150-0x0000000000400000-0x000000000041C000-memory.dmp INDICATOR_SUSPICIOUS_EXE_SandboxUserNames behavioral2/memory/4076-163-0x0000000000400000-0x000000000041C000-memory.dmp INDICATOR_SUSPICIOUS_EXE_SandboxUserNames behavioral2/memory/4076-164-0x0000000000400000-0x000000000041C000-memory.dmp INDICATOR_SUSPICIOUS_EXE_SandboxUserNames behavioral2/memory/4076-194-0x0000000000400000-0x000000000041C000-memory.dmp INDICATOR_SUSPICIOUS_EXE_SandboxUserNames behavioral2/memory/4076-214-0x0000000000400000-0x000000000041C000-memory.dmp INDICATOR_SUSPICIOUS_EXE_SandboxUserNames behavioral2/memory/4076-222-0x0000000000400000-0x000000000041C000-memory.dmp INDICATOR_SUSPICIOUS_EXE_SandboxUserNames behavioral2/memory/4076-226-0x0000000000400000-0x000000000041C000-memory.dmp INDICATOR_SUSPICIOUS_EXE_SandboxUserNames behavioral2/memory/4076-230-0x0000000000400000-0x000000000041C000-memory.dmp INDICATOR_SUSPICIOUS_EXE_SandboxUserNames behavioral2/memory/4076-234-0x0000000000400000-0x000000000041C000-memory.dmp INDICATOR_SUSPICIOUS_EXE_SandboxUserNames behavioral2/memory/4076-238-0x0000000000400000-0x000000000041C000-memory.dmp INDICATOR_SUSPICIOUS_EXE_SandboxUserNames behavioral2/memory/4076-242-0x0000000000400000-0x000000000041C000-memory.dmp INDICATOR_SUSPICIOUS_EXE_SandboxUserNames -
UPX dump on OEP (original entry point) 17 IoCs
Processes:
resource yara_rule behavioral2/memory/4076-0-0x0000000000400000-0x000000000041C000-memory.dmp UPX C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\norwegian handjob voyeur pregnant .zip.exe UPX behavioral2/memory/768-11-0x0000000000400000-0x000000000041C000-memory.dmp UPX behavioral2/memory/4076-24-0x0000000000400000-0x000000000041C000-memory.dmp UPX behavioral2/memory/4792-124-0x0000000000400000-0x000000000041C000-memory.dmp UPX behavioral2/memory/4592-149-0x0000000000400000-0x000000000041C000-memory.dmp UPX behavioral2/memory/768-150-0x0000000000400000-0x000000000041C000-memory.dmp UPX behavioral2/memory/4076-163-0x0000000000400000-0x000000000041C000-memory.dmp UPX behavioral2/memory/4076-164-0x0000000000400000-0x000000000041C000-memory.dmp UPX behavioral2/memory/4076-194-0x0000000000400000-0x000000000041C000-memory.dmp UPX behavioral2/memory/4076-214-0x0000000000400000-0x000000000041C000-memory.dmp UPX behavioral2/memory/4076-222-0x0000000000400000-0x000000000041C000-memory.dmp UPX behavioral2/memory/4076-226-0x0000000000400000-0x000000000041C000-memory.dmp UPX behavioral2/memory/4076-230-0x0000000000400000-0x000000000041C000-memory.dmp UPX behavioral2/memory/4076-234-0x0000000000400000-0x000000000041C000-memory.dmp UPX behavioral2/memory/4076-238-0x0000000000400000-0x000000000041C000-memory.dmp UPX behavioral2/memory/4076-242-0x0000000000400000-0x000000000041C000-memory.dmp UPX -
Checks computer location settings 2 TTPs 2 IoCs
Looks up country code configured in the registry, likely geofence.
Processes:
24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exedescription ioc process Key value queried \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000\Control Panel\International\Geo\Nation 24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe Key value queried \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000\Control Panel\International\Geo\Nation 24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe -
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application 2 TTPs 1 IoCs
Processes:
24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exedescription ioc process Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" 24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe -
Enumerates connected drives 3 TTPs 23 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
Processes:
24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exedescription ioc process File opened (read-only) \??\J: 24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe File opened (read-only) \??\O: 24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe File opened (read-only) \??\P: 24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe File opened (read-only) \??\R: 24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe File opened (read-only) \??\S: 24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe File opened (read-only) \??\V: 24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe File opened (read-only) \??\W: 24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe File opened (read-only) \??\E: 24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe File opened (read-only) \??\N: 24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe File opened (read-only) \??\X: 24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe File opened (read-only) \??\Y: 24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe File opened (read-only) \??\U: 24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe File opened (read-only) \??\A: 24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe File opened (read-only) \??\B: 24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe File opened (read-only) \??\H: 24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe File opened (read-only) \??\I: 24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe File opened (read-only) \??\K: 24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe File opened (read-only) \??\L: 24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe File opened (read-only) \??\M: 24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe File opened (read-only) \??\G: 24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe File opened (read-only) \??\Q: 24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe File opened (read-only) \??\T: 24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe File opened (read-only) \??\Z: 24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe -
Drops file in System32 directory 12 IoCs
Processes:
24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exedescription ioc process File created C:\Windows\SysWOW64\IME\SHARED\malaysia beast [bangbus] (Ashley).zip.exe 24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe File created C:\Windows\System32\DriverStore\Temp\trambling bukkake [milf] young (Jenna).mpg.exe 24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\animal trambling big sm .avi.exe 24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe File created C:\Windows\SysWOW64\FxsTmp\blowjob lingerie [bangbus] lady .zip.exe 24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe File created C:\Windows\System32\LogFiles\Fax\Incoming\black trambling hidden girly .mpg.exe 24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\swedish animal big traffic (Samantha,Britney).mpg.exe 24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe File created C:\Windows\SysWOW64\config\systemprofile\danish horse licking hole .zip.exe 24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\norwegian hardcore blowjob hidden granny .rar.exe 24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\brasilian horse big high heels (Janette).rar.exe 24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe File created C:\Windows\SysWOW64\config\systemprofile\italian beast fetish catfight latex .avi.exe 24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe File created C:\Windows\SysWOW64\FxsTmp\sperm handjob uncut .rar.exe 24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe File created C:\Windows\SysWOW64\IME\SHARED\swedish porn hidden 50+ .avi.exe 24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe -
Drops file in Program Files directory 17 IoCs
Processes:
24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exedescription ioc process File created C:\Program Files\dotnet\shared\cum hidden nipples (Melissa).avi.exe 24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe File created C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\russian trambling gay licking sweet .mpg.exe 24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe File created C:\Program Files\Common Files\microsoft shared\swedish fetish big ash ejaculation .zip.exe 24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe File created C:\Program Files\Microsoft Office\root\Templates\american kicking big .avi.exe 24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\norwegian handjob voyeur pregnant .zip.exe 24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\african porn cum girls .avi.exe 24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe File created C:\Program Files\Microsoft Office\Updates\Download\american horse horse hot (!) .mpg.exe 24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\asian lingerie nude full movie nipples leather (Sonja,Jenna).rar.exe 24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\spanish hardcore gay full movie bondage (Anniston).mpeg.exe 24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe File created C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\tyrkish fetish beast several models shoes .zip.exe 24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe File created C:\Program Files\Windows Sidebar\Shared Gadgets\italian beastiality [bangbus] legs hairy .mpeg.exe 24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\african beastiality [free] hairy .rar.exe 24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe File created C:\Program Files (x86)\Common Files\Microsoft Shared\horse horse voyeur vagina wifey (Sonja,Sandy).zip.exe 24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\hardcore trambling masturbation feet blondie .zip.exe 24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\sperm uncut .rar.exe 24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe File created C:\Program Files (x86)\Google\Temp\norwegian fucking hidden sweet .mpeg.exe 24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe File created C:\Program Files (x86)\Google\Update\Download\porn beastiality [bangbus] .zip.exe 24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe -
Drops file in Windows directory 64 IoCs
Processes:
24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exedescription ioc process File created C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.906_none_ef0e010d1381269b\canadian fetish nude [bangbus] feet .rar.exe 24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_887b2378b7b5651d\beast lesbian feet granny .avi.exe 24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ces-ime-eashared-lm_31bf3856ad364e35_10.0.19041.1_none_3d0229d17c310f10\american fucking girls .mpeg.exe 24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe File created C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\black animal girls feet beautyfull .rar.exe 24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_en-us_310bfb76047869ad\sperm gay full movie bondage .zip.exe 24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.746_none_ab42fb092bda9182\swedish animal nude big cock .avi.exe 24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.1_none_c6da8048542fddc7\tyrkish action girls (Sarah).mpg.exe 24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe File created C:\Windows\assembly\tmp\brasilian beast [bangbus] .mpeg.exe 24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_es-es_bf79b5fcc06b3128\italian hardcore licking traffic .rar.exe 24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.1202_none_621728fcd3c9d5f6\asian sperm cumshot girls .mpg.exe 24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_10.0.19041.1_none_de1581e9a275faf8\action girls black hairunshaved .zip.exe 24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.1_none_abfc9db6c377b91f\german kicking catfight 50+ .mpg.exe 24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe File created C:\Windows\security\templates\bukkake beastiality uncut glans sweet (Samantha,Janette).zip.exe 24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe File created C:\Windows\CbsTemp\bukkake gay hidden circumcision (Sandy,Sandy).rar.exe 24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\indian hardcore cumshot [bangbus] (Christine,Jade).mpeg.exe 24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.844_none_855aff45853749ef\cum [milf] YEâPSè& (Liz).zip.exe 24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_10.0.19041.1_none_f07d4fae3e8e883f\chinese gay horse several models (Sylvia).rar.exe 24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_es-es_30d7585a049f5b52\indian xxx girls (Melissa,Sylvia).zip.exe 24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe File created C:\Windows\WinSxS\amd64_microsoft-composable-sharepicker_31bf3856ad364e35_10.0.19041.1_none_c87e96327faffd0e\asian horse fetish big .mpg.exe 24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_it-it_bdb6c49fcea35732\chinese gang bang fetish sleeping boots .mpg.exe 24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-a..gement-uevtemplates_31bf3856ad364e35_10.0.19041.1_none_0d66b54875835a49\russian cumshot several models (Sylvia,Jade).mpeg.exe 24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-d..s-ime-eashared-ihds_31bf3856ad364e35_10.0.19041.1_none_e8996b7d3512363f\tyrkish horse horse voyeur (Christine).mpeg.exe 24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_10.0.19041.1_none_bd731e5b85dd203e\hardcore gang bang [free] bedroom (Sarah,Anniston).mpeg.exe 24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe File created C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\horse gay masturbation .avi.exe 24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-d..se-shared-datafiles_31bf3856ad364e35_10.0.19041.1_none_2f5f00d280dce9f6\danish fetish horse voyeur boobs .zip.exe 24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_en-us_bfae5918c0443f83\horse voyeur (Liz).mpg.exe 24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_it-it_72a319bf8ee74a9b\beast gay lesbian ejaculation (Christine,Karin).mpeg.exe 24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.844_none_67b5915b5651dd8a\american sperm [milf] .mpeg.exe 24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_de-de_881b257d159a5de8\hardcore beast sleeping 40+ (Sonja).zip.exe 24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_adfc5e0bfca53431\danish blowjob hidden 40+ .zip.exe 24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_89c0bf1761110f07\british horse full movie sm .rar.exe 24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe File created C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\danish fetish gang bang several models (Jenna).avi.exe 24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe File created C:\Windows\SoftwareDistribution\Download\british hardcore lesbian traffic .avi.exe 24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.746_none_2212358fc33cc10f\american hardcore fucking catfight young .avi.exe 24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.746_none_d404daff82e97769\african beastiality sleeping .zip.exe 24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_b1ffa0e7b4ed03e2\animal girls lady .rar.exe 24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe File created C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\indian gay fetish big glans .mpg.exe 24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe File created C:\Windows\ServiceProfiles\NetworkService\Downloads\cum animal [milf] traffic .mpeg.exe 24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_5abbd3c4a3f2014c\african handjob licking bondage .mpeg.exe 24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_en-us_e5f85095c4bc5d16\horse xxx masturbation hairy .zip.exe 24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe File created C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\canadian bukkake hot (!) girly .zip.exe 24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_10.0.19041.1_none_ae957c4c35a7bf73\horse fucking licking YEâPSè& .avi.exe 24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.867_none_c29826784f9429f8\beastiality [bangbus] circumcision .zip.exe 24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe File created C:\Windows\InputMethod\SHARED\beast hot (!) feet mature (Liz,Samantha).rar.exe 24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.84_none_81616275259e37fe\black blowjob sleeping glans YEâPSè& .mpeg.exe 24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_ee7ea14f7d8a3ee3\norwegian lingerie bukkake catfight .mpeg.exe 24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe File created C:\Windows\Downloaded Program Files\porn porn full movie shower .zip.exe 24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_215194e2327a46ac\cum lesbian circumcision .mpeg.exe 24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_d38ece58f77171b4\indian beastiality [milf] swallow (Karin).mpeg.exe 24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.789_en-us_58ebf9ecc407e3c0\blowjob porn licking glans penetration (Sonja).zip.exe 24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_de-de_16bd831fd16633be\action nude hot (!) wifey .mpeg.exe 24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.1266_none_7916f7558927ae23\norwegian cum full movie wifey .mpg.exe 24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_10.0.19041.1_none_8c0b126c198fcf70\action sleeping (Curtney).avi.exe 24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe File created C:\Windows\SystemResources\Windows.ShellCommon.SharedResources\asian sperm public circumcision .mpeg.exe 24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.1_none_fa09f84703cb02c5\trambling big legs Ôï .rar.exe 24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1_none_3cfd44d351b1a8ab\norwegian fucking horse girls .zip.exe 24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.964_none_1c1a193f5bfcf136\cumshot fucking hidden ejaculation .mpg.exe 24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe File created C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\view\templates\british animal uncut (Melissa).mpeg.exe 24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5021dd18efc0460c\indian nude big .mpeg.exe 24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.264_none_cb389cf57d74d691\indian cumshot bukkake girls beautyfull .avi.exe 24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.746_none_1bbb9ab9fc52bac9\italian beast blowjob [free] ash .zip.exe 24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_62312bfbb33d478a\nude horse girls femdom .zip.exe 24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_it-it_4c5922428a6f2d08\italian porn handjob catfight (Jenna).avi.exe 24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_5af076e0a3cb0fa7\american bukkake xxx masturbation glans traffic .mpg.exe 24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
Processes:
24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exepid process 4076 24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe 4076 24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe 4792 24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe 4792 24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe 4076 24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe 4076 24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe 4592 24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe 4592 24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe 768 24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe 768 24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe 4076 24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe 4076 24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe 4792 24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe 4792 24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe 4592 24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe 4592 24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe 768 24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe 768 24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe 4076 24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe 4076 24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe 4792 24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe 4792 24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe 4592 24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe 4592 24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe 768 24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe 768 24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe 4076 24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe 4076 24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe 4792 24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe 4792 24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe 4592 24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe 4592 24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe 768 24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe 768 24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe 4076 24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe 4076 24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe 4792 24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe 4792 24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe 4592 24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe 4592 24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe 768 24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe 768 24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe 4076 24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe 4076 24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe 4792 24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe 4792 24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe 4592 24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe 4592 24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe 768 24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe 768 24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe 4076 24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe 4076 24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe 4792 24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe 4792 24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe 4592 24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe 4592 24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe 768 24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe 768 24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe 4076 24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe 4076 24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe 4792 24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe 4792 24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe 4592 24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe 4592 24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe -
Suspicious use of WriteProcessMemory 9 IoCs
Processes:
24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exedescription pid process target process PID 4076 wrote to memory of 4792 4076 24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe 24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe PID 4076 wrote to memory of 4792 4076 24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe 24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe PID 4076 wrote to memory of 4792 4076 24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe 24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe PID 4076 wrote to memory of 4592 4076 24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe 24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe PID 4076 wrote to memory of 4592 4076 24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe 24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe PID 4076 wrote to memory of 4592 4076 24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe 24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe PID 4792 wrote to memory of 768 4792 24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe 24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe PID 4792 wrote to memory of 768 4792 24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe 24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe PID 4792 wrote to memory of 768 4792 24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe 24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe"C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe"1⤵
- Checks computer location settings
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:4076 -
C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe"C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe"2⤵
- Checks computer location settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:4792 -
C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe"C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe"3⤵
- Suspicious behavior: EnumeratesProcesses
PID:768
-
-
-
C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe"C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe"2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4592
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\norwegian handjob voyeur pregnant .zip.exe
Filesize1.6MB
MD58ba1b535041231c3dde2ade1858e4d33
SHA1581179bf5afc0eec424f8018bc8e84cef0bbcfc9
SHA256db26d3506440ffcea2918798a3479bd5d54299c6b4af08361a7ff32b6e0fe3e2
SHA512a5777d43c75f60052101999ac1d797b97328f32d436e9dc3b50b032ec526012dc1f25f51b0b0852d3999beeed15069dd1806254bcb5688f8894c12985c0a82c3