Analysis
-
max time kernel
31s -
max time network
82s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
07-04-2024 19:49
Static task
static1
Behavioral task
behavioral1
Sample
2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
Resource
win10v2004-20240226-en
General
-
Target
2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
-
Size
276KB
-
MD5
5f982f95a3b1529f43d3b1150c4b4489
-
SHA1
9d1ec5115b2ec1ee79cbc0cb2cc470a75049ea31
-
SHA256
2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0
-
SHA512
7c568a2e2d9bc19d19aab93f9302f0d133890445a41d281ecfe885c4128dc012da9264c5809672f5a09ff96c108c922dd382a6164d343f69274eb086cfe554c4
-
SSDEEP
6144:9rTfUHeeSKOS9ccFKk3Y9t9YxVPAAIFE6:9n8yN0Mr8Qk6
Malware Config
Signatures
-
UPX dump on OEP (original entry point) 64 IoCs
Processes:
resource yara_rule C:\Users\Public\Microsoft Build\Isass.exe UPX behavioral2/memory/4892-4-0x0000000000400000-0x00000000016A8000-memory.dmp UPX behavioral2/memory/1316-5-0x0000000000400000-0x00000000016A8000-memory.dmp UPX behavioral2/memory/4892-9-0x0000000000400000-0x00000000016A8000-memory.dmp UPX behavioral2/memory/2564-10-0x0000000000400000-0x00000000016A8000-memory.dmp UPX behavioral2/memory/2564-12-0x0000000000400000-0x00000000016A8000-memory.dmp UPX behavioral2/memory/4772-13-0x0000000000400000-0x00000000016A8000-memory.dmp UPX behavioral2/memory/4772-16-0x0000000000400000-0x00000000016A8000-memory.dmp UPX behavioral2/memory/2920-17-0x0000000000400000-0x00000000016A8000-memory.dmp UPX behavioral2/memory/2920-19-0x0000000000400000-0x00000000016A8000-memory.dmp UPX behavioral2/memory/3528-22-0x0000000000400000-0x00000000016A8000-memory.dmp UPX behavioral2/memory/1316-23-0x0000000000400000-0x00000000016A8000-memory.dmp UPX behavioral2/memory/5044-24-0x0000000000400000-0x00000000016A8000-memory.dmp UPX behavioral2/memory/3784-27-0x0000000000400000-0x00000000016A8000-memory.dmp UPX behavioral2/memory/3784-30-0x0000000000400000-0x00000000016A8000-memory.dmp UPX behavioral2/memory/1676-33-0x0000000000400000-0x00000000016A8000-memory.dmp UPX behavioral2/memory/2316-32-0x0000000000400000-0x00000000016A8000-memory.dmp UPX behavioral2/memory/1676-36-0x0000000000400000-0x00000000016A8000-memory.dmp UPX behavioral2/memory/684-39-0x0000000000400000-0x00000000016A8000-memory.dmp UPX behavioral2/memory/4920-43-0x0000000000400000-0x00000000016A8000-memory.dmp UPX behavioral2/memory/5008-45-0x0000000000400000-0x00000000016A8000-memory.dmp UPX behavioral2/memory/5092-47-0x0000000000400000-0x00000000016A8000-memory.dmp UPX behavioral2/memory/3188-51-0x0000000000400000-0x00000000016A8000-memory.dmp UPX behavioral2/memory/1560-54-0x0000000000400000-0x00000000016A8000-memory.dmp UPX behavioral2/memory/4484-55-0x0000000000400000-0x00000000016A8000-memory.dmp UPX behavioral2/memory/4764-58-0x0000000000400000-0x00000000016A8000-memory.dmp UPX behavioral2/memory/1620-62-0x0000000000400000-0x00000000016A8000-memory.dmp UPX behavioral2/memory/1892-66-0x0000000000400000-0x00000000016A8000-memory.dmp UPX behavioral2/memory/2872-67-0x0000000000400000-0x00000000016A8000-memory.dmp UPX behavioral2/memory/2964-71-0x0000000000400000-0x00000000016A8000-memory.dmp UPX behavioral2/memory/4136-77-0x0000000000400000-0x00000000016A8000-memory.dmp UPX behavioral2/memory/368-81-0x0000000000400000-0x00000000016A8000-memory.dmp UPX behavioral2/memory/1316-84-0x0000000000400000-0x00000000016A8000-memory.dmp UPX behavioral2/memory/588-85-0x0000000000400000-0x00000000016A8000-memory.dmp UPX behavioral2/memory/1144-86-0x0000000000400000-0x00000000016A8000-memory.dmp UPX behavioral2/memory/3980-92-0x0000000000400000-0x00000000016A8000-memory.dmp UPX behavioral2/memory/1480-96-0x0000000000400000-0x00000000016A8000-memory.dmp UPX behavioral2/memory/2148-97-0x0000000000400000-0x00000000016A8000-memory.dmp UPX behavioral2/memory/952-100-0x0000000000400000-0x00000000016A8000-memory.dmp UPX behavioral2/memory/4540-104-0x0000000000400000-0x00000000016A8000-memory.dmp UPX behavioral2/memory/4712-106-0x0000000000400000-0x00000000016A8000-memory.dmp UPX behavioral2/memory/2224-109-0x0000000000400000-0x00000000016A8000-memory.dmp UPX behavioral2/memory/3928-112-0x0000000000400000-0x00000000016A8000-memory.dmp UPX behavioral2/memory/5044-114-0x0000000000400000-0x00000000016A8000-memory.dmp UPX behavioral2/memory/4912-116-0x0000000000400000-0x00000000016A8000-memory.dmp UPX behavioral2/memory/4728-118-0x0000000000400000-0x00000000016A8000-memory.dmp UPX behavioral2/memory/2560-121-0x0000000000400000-0x00000000016A8000-memory.dmp UPX behavioral2/memory/3768-126-0x0000000000400000-0x00000000016A8000-memory.dmp UPX behavioral2/memory/540-132-0x0000000000400000-0x00000000016A8000-memory.dmp UPX behavioral2/memory/3388-149-0x0000000000400000-0x00000000016A8000-memory.dmp UPX behavioral2/memory/1316-148-0x0000000000400000-0x00000000016A8000-memory.dmp UPX behavioral2/memory/3412-156-0x0000000000400000-0x00000000016A8000-memory.dmp UPX behavioral2/memory/3216-159-0x0000000000400000-0x00000000016A8000-memory.dmp UPX behavioral2/memory/1988-162-0x0000000000400000-0x00000000016A8000-memory.dmp UPX behavioral2/memory/3472-165-0x0000000000400000-0x00000000016A8000-memory.dmp UPX behavioral2/memory/2348-169-0x0000000000400000-0x00000000016A8000-memory.dmp UPX behavioral2/memory/1876-172-0x0000000000400000-0x00000000016A8000-memory.dmp UPX behavioral2/memory/3528-179-0x0000000000400000-0x00000000016A8000-memory.dmp UPX behavioral2/memory/4856-183-0x0000000000400000-0x00000000016A8000-memory.dmp UPX behavioral2/memory/4912-185-0x0000000000400000-0x00000000016A8000-memory.dmp UPX behavioral2/memory/2984-189-0x0000000000400000-0x00000000016A8000-memory.dmp UPX behavioral2/memory/1156-191-0x0000000000400000-0x00000000016A8000-memory.dmp UPX behavioral2/memory/4900-193-0x0000000000400000-0x00000000016A8000-memory.dmp UPX behavioral2/memory/392-195-0x0000000000400000-0x00000000016A8000-memory.dmp UPX -
Executes dropped EXE 1 IoCs
Processes:
Isass.exepid process 1316 Isass.exe -
Adds Run key to start application 2 TTPs 2 IoCs
Processes:
2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exedescription ioc process Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Isass.exe = "C:\\Users\\Public\\Microsoft Build\\Isass.exe" 2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe Set value (str) \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Isass.exe = "C:\\Users\\Public\\Microsoft Build\\Isass.exe" 2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious behavior: EnumeratesProcesses 4 IoCs
Processes:
2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exeIsass.exepid process 4892 2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe 4892 2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe 1316 Isass.exe 1316 Isass.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exedescription pid process target process PID 4892 wrote to memory of 1316 4892 2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe Isass.exe PID 4892 wrote to memory of 1316 4892 2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe Isass.exe PID 4892 wrote to memory of 1316 4892 2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe Isass.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"1⤵
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:4892 -
C:\Users\Public\Microsoft Build\Isass.exe"C:\Users\Public\Microsoft Build\Isass.exe"2⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:1316
-
-
C:\Users\Public\Microsoft Build\Isass.exe"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe2⤵PID:2564
-
C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"3⤵PID:4772
-
C:\Users\Public\Microsoft Build\Isass.exe"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe4⤵PID:2920
-
C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"5⤵PID:3528
-
C:\Users\Public\Microsoft Build\Isass.exe"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe6⤵PID:5044
-
C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"7⤵PID:3784
-
C:\Users\Public\Microsoft Build\Isass.exe"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe8⤵PID:2316
-
C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"9⤵PID:1676
-
C:\Users\Public\Microsoft Build\Isass.exe"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe10⤵PID:684
-
C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"11⤵PID:4920
-
C:\Users\Public\Microsoft Build\Isass.exe"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe12⤵PID:5008
-
C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"13⤵PID:5092
-
C:\Users\Public\Microsoft Build\Isass.exe"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe14⤵PID:3188
-
C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"15⤵PID:4484
-
C:\Users\Public\Microsoft Build\Isass.exe"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe16⤵PID:1560
-
C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"17⤵PID:4764
-
C:\Users\Public\Microsoft Build\Isass.exe"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe18⤵PID:1620
-
C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"19⤵PID:1892
-
C:\Users\Public\Microsoft Build\Isass.exe"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe20⤵PID:2872
-
C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"21⤵PID:2964
-
C:\Users\Public\Microsoft Build\Isass.exe"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe22⤵PID:4136
-
C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"23⤵PID:368
-
C:\Users\Public\Microsoft Build\Isass.exe"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe24⤵PID:588
-
C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"25⤵PID:1144
-
C:\Users\Public\Microsoft Build\Isass.exe"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe26⤵PID:3980
-
C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"27⤵PID:1480
-
C:\Users\Public\Microsoft Build\Isass.exe"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe28⤵PID:2148
-
C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"29⤵PID:952
-
C:\Users\Public\Microsoft Build\Isass.exe"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe30⤵PID:4540
-
C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"31⤵PID:4712
-
C:\Users\Public\Microsoft Build\Isass.exe"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe32⤵PID:2224
-
C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"33⤵PID:3928
-
C:\Users\Public\Microsoft Build\Isass.exe"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe34⤵PID:5044
-
C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"35⤵PID:4912
-
C:\Users\Public\Microsoft Build\Isass.exe"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe36⤵PID:4728
-
C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"37⤵PID:2560
-
C:\Users\Public\Microsoft Build\Isass.exe"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe38⤵PID:3768
-
C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"39⤵PID:3664
-
C:\Users\Public\Microsoft Build\Isass.exe"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe40⤵PID:540
-
C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"41⤵PID:1880
-
C:\Users\Public\Microsoft Build\Isass.exe"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe42⤵PID:4048
-
C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"43⤵PID:4204
-
C:\Users\Public\Microsoft Build\Isass.exe"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe44⤵PID:3388
-
C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"45⤵PID:3412
-
C:\Users\Public\Microsoft Build\Isass.exe"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe46⤵PID:3216
-
C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"47⤵PID:1988
-
C:\Users\Public\Microsoft Build\Isass.exe"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe48⤵PID:3472
-
C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"49⤵PID:2348
-
C:\Users\Public\Microsoft Build\Isass.exe"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe50⤵PID:1876
-
C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"51⤵PID:5072
-
C:\Users\Public\Microsoft Build\Isass.exe"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe52⤵PID:3528
-
C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"53⤵PID:4856
-
C:\Users\Public\Microsoft Build\Isass.exe"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe54⤵PID:4912
-
C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"55⤵PID:2984
-
C:\Users\Public\Microsoft Build\Isass.exe"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe56⤵PID:1156
-
C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"57⤵PID:4900
-
C:\Users\Public\Microsoft Build\Isass.exe"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe58⤵PID:392
-
C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"59⤵PID:4464
-
C:\Users\Public\Microsoft Build\Isass.exe"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe60⤵PID:3812
-
C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"61⤵PID:4424
-
C:\Users\Public\Microsoft Build\Isass.exe"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe62⤵PID:4204
-
C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"63⤵PID:1548
-
C:\Users\Public\Microsoft Build\Isass.exe"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe64⤵PID:2904
-
C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"65⤵PID:4884
-
C:\Users\Public\Microsoft Build\Isass.exe"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe66⤵PID:1988
-
C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"67⤵PID:3472
-
C:\Users\Public\Microsoft Build\Isass.exe"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe68⤵PID:1068
-
C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"69⤵PID:1216
-
C:\Users\Public\Microsoft Build\Isass.exe"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe70⤵PID:1896
-
C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"71⤵PID:4728
-
C:\Users\Public\Microsoft Build\Isass.exe"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe72⤵PID:3760
-
C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"73⤵PID:4008
-
C:\Users\Public\Microsoft Build\Isass.exe"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe74⤵PID:4900
-
C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"75⤵PID:1220
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
211KB
MD570cc7e668d4d271148bcd4034c545e0c
SHA1ab5efae9b8d95a537ec378935c4d24cb10c0fc27
SHA25646aa89de26cd3802b9c938641c82ccce1e5879c376cbef841a45cc75d6cfc364
SHA51228c1967a57d19eb254ac988a93a17124e2757ba6bebe1ef9619ad05ce201d5f3e6977a6fb463daaddf099a7918a66688c22e4a7c00eb8a3f915170d149d9327f
-
Filesize
149KB
MD533bd23e5a94e8b89c77b603fc542b2e2
SHA12277fd71f6935ff406adc519f537397a975ad55f
SHA25655028199044cd6460ce49e5cefb52b69e044f8e03551b3270d956e194a567555
SHA512fa2972f6e44959c96b08389b6cf92785aeb79e30a006faff57f0becdfa57915eaca3a2b5792960da9c60603c95338a88ec4e4e6c84fea89c7be2dcff233309cd