Analysis Overview
SHA256
2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0
Threat Level: Known bad
The file 2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0 was found to be: Known bad.
Malicious Activity Summary
UPX dump on OEP (original entry point)
UPX dump on OEP (original entry point)
Loads dropped DLL
Executes dropped EXE
Reads user/profile data of web browsers
Adds Run key to start application
Drops file in Windows directory
Unsigned PE
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-04-07 19:49
Signatures
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-07 19:49
Reported
2024-04-07 19:52
Platform
win7-20240221-en
Max time kernel
140s
Max time network
125s
Command Line
Signatures
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Executes dropped EXE
Loads dropped DLL
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Run\Isass.exe = "C:\\Users\\Public\\Microsoft Build\\Isass.exe" | C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Isass.exe = "C:\\Users\\Public\\Microsoft Build\\Isass.exe" | C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log | C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe | N/A |
| File created | C:\Windows\assembly\GACLock.dat | C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe | N/A |
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
"C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"
C:\Users\Public\Microsoft Build\Isass.exe
"C:\Users\Public\Microsoft Build\Isass.exe"
C:\Users\Public\Microsoft Build\Isass.exe
"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
"C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"
C:\Users\Public\Microsoft Build\Isass.exe
"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
"C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"
C:\Users\Public\Microsoft Build\Isass.exe
"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
"C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"
C:\Users\Public\Microsoft Build\Isass.exe
"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
"C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"
C:\Users\Public\Microsoft Build\Isass.exe
"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
"C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"
C:\Users\Public\Microsoft Build\Isass.exe
"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
"C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"
C:\Users\Public\Microsoft Build\Isass.exe
"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
"C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"
C:\Users\Public\Microsoft Build\Isass.exe
"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
"C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"
C:\Users\Public\Microsoft Build\Isass.exe
"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
"C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"
C:\Users\Public\Microsoft Build\Isass.exe
"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
"C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"
C:\Users\Public\Microsoft Build\Isass.exe
"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
"C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"
C:\Users\Public\Microsoft Build\Isass.exe
"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
"C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"
C:\Users\Public\Microsoft Build\Isass.exe
"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
"C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"
C:\Users\Public\Microsoft Build\Isass.exe
"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
"C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"
C:\Users\Public\Microsoft Build\Isass.exe
"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
"C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"
Network
Files
\Users\Public\Microsoft Build\Isass.exe
| MD5 | 70cc7e668d4d271148bcd4034c545e0c |
| SHA1 | ab5efae9b8d95a537ec378935c4d24cb10c0fc27 |
| SHA256 | 46aa89de26cd3802b9c938641c82ccce1e5879c376cbef841a45cc75d6cfc364 |
| SHA512 | 28c1967a57d19eb254ac988a93a17124e2757ba6bebe1ef9619ad05ce201d5f3e6977a6fb463daaddf099a7918a66688c22e4a7c00eb8a3f915170d149d9327f |
memory/856-12-0x0000000000400000-0x00000000016A8000-memory.dmp
memory/856-11-0x0000000000400000-0x00000000016A8000-memory.dmp
memory/856-14-0x0000000004500000-0x00000000057A8000-memory.dmp
memory/2796-15-0x0000000000400000-0x00000000016A8000-memory.dmp
memory/2312-16-0x0000000000400000-0x00000000016A8000-memory.dmp
memory/3024-21-0x0000000000400000-0x00000000016A8000-memory.dmp
memory/3024-22-0x0000000000400000-0x00000000016A8000-memory.dmp
memory/3024-25-0x00000000003B0000-0x00000000003B1000-memory.dmp
memory/2648-24-0x0000000000400000-0x00000000016A8000-memory.dmp
memory/3024-26-0x0000000004C00000-0x0000000005EA8000-memory.dmp
memory/2652-32-0x0000000000400000-0x00000000016A8000-memory.dmp
memory/2652-34-0x00000000003B0000-0x00000000003B1000-memory.dmp
memory/2716-33-0x0000000000400000-0x00000000016A8000-memory.dmp
memory/2716-37-0x0000000000400000-0x00000000016A8000-memory.dmp
memory/2648-27-0x00000000050E0000-0x0000000006388000-memory.dmp
memory/2648-23-0x00000000003F0000-0x00000000003F1000-memory.dmp
memory/2728-40-0x0000000000400000-0x00000000016A8000-memory.dmp
memory/2624-39-0x0000000000400000-0x00000000016A8000-memory.dmp
memory/2624-41-0x00000000003B0000-0x00000000003B1000-memory.dmp
memory/2312-17-0x00000000003F0000-0x00000000003F1000-memory.dmp
memory/2624-42-0x0000000005000000-0x00000000062A8000-memory.dmp
memory/2452-46-0x0000000000400000-0x00000000016A8000-memory.dmp
memory/2532-48-0x0000000000400000-0x00000000016A8000-memory.dmp
memory/2900-49-0x0000000000400000-0x00000000016A8000-memory.dmp
memory/2532-50-0x0000000004F30000-0x00000000061D8000-memory.dmp
memory/2900-53-0x00000000003B0000-0x00000000003B1000-memory.dmp
memory/2900-52-0x0000000000400000-0x00000000016A8000-memory.dmp
memory/2900-55-0x0000000004B70000-0x0000000005E18000-memory.dmp
memory/1628-56-0x0000000000400000-0x00000000016A8000-memory.dmp
memory/1628-57-0x0000000004F00000-0x00000000061A8000-memory.dmp
memory/1628-61-0x0000000004F00000-0x00000000061A8000-memory.dmp
memory/2752-59-0x0000000000400000-0x00000000016A8000-memory.dmp
memory/2884-62-0x0000000000400000-0x00000000016A8000-memory.dmp
memory/2276-63-0x0000000000400000-0x00000000016A8000-memory.dmp
memory/2884-64-0x00000000003B0000-0x00000000003B1000-memory.dmp
memory/2312-65-0x0000000000400000-0x00000000016A8000-memory.dmp
memory/2276-69-0x0000000004C20000-0x0000000005EC8000-memory.dmp
memory/2276-67-0x0000000000400000-0x00000000016A8000-memory.dmp
memory/1304-71-0x00000000003B0000-0x00000000003B1000-memory.dmp
memory/1304-70-0x0000000000400000-0x00000000016A8000-memory.dmp
memory/1656-77-0x0000000004BD0000-0x0000000005E78000-memory.dmp
memory/1364-78-0x0000000000400000-0x00000000016A8000-memory.dmp
memory/1656-75-0x0000000000400000-0x00000000016A8000-memory.dmp
memory/3024-79-0x0000000004C00000-0x0000000005EA8000-memory.dmp
memory/2172-83-0x0000000000400000-0x00000000016A8000-memory.dmp
memory/1364-84-0x0000000004F90000-0x0000000006238000-memory.dmp
memory/2648-80-0x00000000050E0000-0x0000000006388000-memory.dmp
memory/1704-85-0x0000000000400000-0x00000000016A8000-memory.dmp
memory/2728-86-0x0000000000400000-0x00000000016A8000-memory.dmp
memory/2716-87-0x0000000000400000-0x00000000016A8000-memory.dmp
memory/1704-88-0x00000000003B0000-0x00000000003B1000-memory.dmp
memory/2704-91-0x0000000000400000-0x00000000016A8000-memory.dmp
memory/1604-93-0x00000000003B0000-0x00000000003B1000-memory.dmp
memory/1604-94-0x0000000000400000-0x00000000016A8000-memory.dmp
memory/2624-95-0x0000000005000000-0x00000000062A8000-memory.dmp
memory/1540-99-0x0000000000400000-0x00000000016A8000-memory.dmp
memory/1520-101-0x0000000000400000-0x00000000016A8000-memory.dmp
memory/1520-102-0x0000000000400000-0x00000000016A8000-memory.dmp
memory/1540-96-0x0000000000400000-0x00000000016A8000-memory.dmp
memory/1520-103-0x0000000005140000-0x00000000063E8000-memory.dmp
memory/2108-108-0x00000000003B0000-0x00000000003B1000-memory.dmp
memory/2108-104-0x0000000000400000-0x00000000016A8000-memory.dmp
memory/2900-109-0x0000000004B70000-0x0000000005E18000-memory.dmp
memory/1540-97-0x00000000003B0000-0x00000000003B1000-memory.dmp
memory/1304-73-0x00000000051B0000-0x0000000006458000-memory.dmp
memory/1304-72-0x00000000051B0000-0x0000000006458000-memory.dmp
memory/1628-110-0x0000000004F00000-0x00000000061A8000-memory.dmp
memory/2052-111-0x0000000000400000-0x00000000016A8000-memory.dmp
memory/2052-112-0x0000000005680000-0x0000000006928000-memory.dmp
memory/2948-113-0x0000000000400000-0x00000000016A8000-memory.dmp
memory/2948-117-0x0000000004CE0000-0x0000000005F88000-memory.dmp
memory/2948-115-0x0000000000400000-0x00000000016A8000-memory.dmp
memory/1364-118-0x0000000004F90000-0x0000000006238000-memory.dmp
memory/1304-120-0x00000000051B0000-0x0000000006458000-memory.dmp
memory/1748-119-0x0000000000400000-0x00000000016A8000-memory.dmp
memory/600-123-0x0000000000400000-0x00000000016A8000-memory.dmp
memory/600-122-0x0000000000400000-0x00000000016A8000-memory.dmp
memory/2312-125-0x0000000000400000-0x00000000016A8000-memory.dmp
memory/1704-128-0x00000000003B0000-0x00000000003B1000-memory.dmp
memory/1188-127-0x0000000000400000-0x00000000016A8000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
| MD5 | 2557c0af4fbb8f735f01f751a3d19103 |
| SHA1 | 0b502de159576804d48b24d88b1f9545500be0b3 |
| SHA256 | 0a17132c93b11ee8e897ec23a8f3f73e717fa0d82ae6b3828a53b42f5e364013 |
| SHA512 | 6340d6a86338cca88c6f040d0c4c40c656debe9b49fb59e1c4c9a4d3bd3b24af1d34ca0d05edefbea1010e24b9e0dd71d362f8a8fc6bc374e8d75d9145311aaa |
memory/1188-133-0x0000000000400000-0x00000000016A8000-memory.dmp
memory/2080-135-0x0000000000800000-0x0000000000808000-memory.dmp
memory/2080-136-0x000007FEF5A10000-0x000007FEF63FC000-memory.dmp
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log
| MD5 | 59afbbddb8088578aef08f0520ac46ca |
| SHA1 | eef7d8b7f60fde97961f426d7f4694e0fef9dc3d |
| SHA256 | 628125bcf772f7706ce94cff3798afcbee482806ed19fb754e7142f25efc6954 |
| SHA512 | 0380d8241168536dd52dd3c5a6c5961f6626274fcbe074916e595096ee651da58fb32f593d18bd0d3b3f57c0a152f9c2eb998d7a4833ed01e6e253e9cd5543fc |
memory/2312-151-0x0000000000400000-0x00000000016A8000-memory.dmp
memory/2080-152-0x000007FEF5A10000-0x000007FEF63FC000-memory.dmp
memory/2312-153-0x0000000000400000-0x00000000016A8000-memory.dmp
memory/2312-160-0x0000000000400000-0x00000000016A8000-memory.dmp
memory/2312-161-0x0000000000400000-0x00000000016A8000-memory.dmp
memory/2312-169-0x0000000000400000-0x00000000016A8000-memory.dmp
memory/2312-170-0x0000000000400000-0x00000000016A8000-memory.dmp
memory/2312-176-0x0000000000400000-0x00000000016A8000-memory.dmp
memory/2312-177-0x0000000000400000-0x00000000016A8000-memory.dmp
memory/2312-185-0x0000000000400000-0x00000000016A8000-memory.dmp
memory/2312-186-0x0000000000400000-0x00000000016A8000-memory.dmp
memory/2312-194-0x0000000000400000-0x00000000016A8000-memory.dmp
memory/2312-195-0x0000000000400000-0x00000000016A8000-memory.dmp
memory/2312-207-0x0000000000400000-0x00000000016A8000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-04-07 19:49
Reported
2024-04-07 19:52
Platform
win10v2004-20240226-en
Max time kernel
31s
Max time network
82s
Command Line
Signatures
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Public\Microsoft Build\Isass.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Isass.exe = "C:\\Users\\Public\\Microsoft Build\\Isass.exe" | C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Isass.exe = "C:\\Users\\Public\\Microsoft Build\\Isass.exe" | C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe | N/A |
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe | N/A |
| N/A | N/A | C:\Users\Public\Microsoft Build\Isass.exe | N/A |
| N/A | N/A | C:\Users\Public\Microsoft Build\Isass.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 4892 wrote to memory of 1316 | N/A | C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe | C:\Users\Public\Microsoft Build\Isass.exe |
| PID 4892 wrote to memory of 1316 | N/A | C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe | C:\Users\Public\Microsoft Build\Isass.exe |
| PID 4892 wrote to memory of 1316 | N/A | C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe | C:\Users\Public\Microsoft Build\Isass.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
"C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"
C:\Users\Public\Microsoft Build\Isass.exe
"C:\Users\Public\Microsoft Build\Isass.exe"
C:\Users\Public\Microsoft Build\Isass.exe
"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
"C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"
C:\Users\Public\Microsoft Build\Isass.exe
"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
"C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"
C:\Users\Public\Microsoft Build\Isass.exe
"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
"C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"
C:\Users\Public\Microsoft Build\Isass.exe
"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
"C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"
C:\Users\Public\Microsoft Build\Isass.exe
"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
"C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"
C:\Users\Public\Microsoft Build\Isass.exe
"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
"C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"
C:\Users\Public\Microsoft Build\Isass.exe
"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
"C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"
C:\Users\Public\Microsoft Build\Isass.exe
"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
"C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"
C:\Users\Public\Microsoft Build\Isass.exe
"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
"C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"
C:\Users\Public\Microsoft Build\Isass.exe
"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
"C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"
C:\Users\Public\Microsoft Build\Isass.exe
"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
"C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"
C:\Users\Public\Microsoft Build\Isass.exe
"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
"C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"
C:\Users\Public\Microsoft Build\Isass.exe
"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
"C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"
C:\Users\Public\Microsoft Build\Isass.exe
"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
"C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"
C:\Users\Public\Microsoft Build\Isass.exe
"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
"C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"
C:\Users\Public\Microsoft Build\Isass.exe
"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
"C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"
C:\Users\Public\Microsoft Build\Isass.exe
"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
"C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"
C:\Users\Public\Microsoft Build\Isass.exe
"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
"C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"
C:\Users\Public\Microsoft Build\Isass.exe
"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
"C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"
C:\Users\Public\Microsoft Build\Isass.exe
"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
"C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"
C:\Users\Public\Microsoft Build\Isass.exe
"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
"C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"
C:\Users\Public\Microsoft Build\Isass.exe
"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
"C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"
C:\Users\Public\Microsoft Build\Isass.exe
"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
"C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"
C:\Users\Public\Microsoft Build\Isass.exe
"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
"C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"
C:\Users\Public\Microsoft Build\Isass.exe
"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
"C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"
C:\Users\Public\Microsoft Build\Isass.exe
"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
"C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"
C:\Users\Public\Microsoft Build\Isass.exe
"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
"C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"
C:\Users\Public\Microsoft Build\Isass.exe
"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
"C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"
C:\Users\Public\Microsoft Build\Isass.exe
"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
"C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"
C:\Users\Public\Microsoft Build\Isass.exe
"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
"C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"
C:\Users\Public\Microsoft Build\Isass.exe
"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
"C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"
C:\Users\Public\Microsoft Build\Isass.exe
"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
"C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"
C:\Users\Public\Microsoft Build\Isass.exe
"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
"C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"
C:\Users\Public\Microsoft Build\Isass.exe
"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
"C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"
C:\Users\Public\Microsoft Build\Isass.exe
"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
"C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"
C:\Users\Public\Microsoft Build\Isass.exe
"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
"C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"
C:\Users\Public\Microsoft Build\Isass.exe
"C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
"C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 183.142.211.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 45.56.20.217.in-addr.arpa | udp |
| US | 20.231.121.79:80 | tcp | |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
Files
C:\Users\Public\Microsoft Build\Isass.exe
| MD5 | 70cc7e668d4d271148bcd4034c545e0c |
| SHA1 | ab5efae9b8d95a537ec378935c4d24cb10c0fc27 |
| SHA256 | 46aa89de26cd3802b9c938641c82ccce1e5879c376cbef841a45cc75d6cfc364 |
| SHA512 | 28c1967a57d19eb254ac988a93a17124e2757ba6bebe1ef9619ad05ce201d5f3e6977a6fb463daaddf099a7918a66688c22e4a7c00eb8a3f915170d149d9327f |
memory/4892-4-0x0000000000400000-0x00000000016A8000-memory.dmp
memory/1316-5-0x0000000000400000-0x00000000016A8000-memory.dmp
memory/1316-6-0x0000000001A70000-0x0000000001A71000-memory.dmp
memory/4892-7-0x0000000001A70000-0x0000000001A71000-memory.dmp
memory/4892-9-0x0000000000400000-0x00000000016A8000-memory.dmp
memory/2564-10-0x0000000000400000-0x00000000016A8000-memory.dmp
memory/2564-11-0x0000000003A20000-0x0000000003A21000-memory.dmp
memory/2564-12-0x0000000000400000-0x00000000016A8000-memory.dmp
memory/4772-13-0x0000000000400000-0x00000000016A8000-memory.dmp
memory/4772-14-0x0000000001C30000-0x0000000001C31000-memory.dmp
memory/4772-16-0x0000000000400000-0x00000000016A8000-memory.dmp
memory/2920-17-0x0000000000400000-0x00000000016A8000-memory.dmp
memory/2920-18-0x0000000001A70000-0x0000000001A71000-memory.dmp
memory/2920-19-0x0000000000400000-0x00000000016A8000-memory.dmp
memory/3528-20-0x0000000001A60000-0x0000000001A61000-memory.dmp
memory/3528-22-0x0000000000400000-0x00000000016A8000-memory.dmp
memory/1316-23-0x0000000000400000-0x00000000016A8000-memory.dmp
memory/5044-24-0x0000000000400000-0x00000000016A8000-memory.dmp
memory/5044-26-0x0000000001F90000-0x0000000001F91000-memory.dmp
memory/3784-27-0x0000000000400000-0x00000000016A8000-memory.dmp
memory/3784-28-0x0000000001A70000-0x0000000001A71000-memory.dmp
memory/3784-30-0x0000000000400000-0x00000000016A8000-memory.dmp
memory/2316-31-0x0000000002060000-0x0000000002061000-memory.dmp
memory/1676-33-0x0000000000400000-0x00000000016A8000-memory.dmp
memory/2316-32-0x0000000000400000-0x00000000016A8000-memory.dmp
memory/1676-34-0x0000000001A50000-0x0000000001A51000-memory.dmp
memory/684-37-0x0000000000400000-0x00000000016A8000-memory.dmp
memory/1676-36-0x0000000000400000-0x00000000016A8000-memory.dmp
memory/684-38-0x0000000001A40000-0x0000000001A41000-memory.dmp
memory/684-39-0x0000000000400000-0x00000000016A8000-memory.dmp
memory/4920-40-0x0000000000400000-0x00000000016A8000-memory.dmp
memory/4920-41-0x0000000001CD0000-0x0000000001CD1000-memory.dmp
memory/4920-43-0x0000000000400000-0x00000000016A8000-memory.dmp
memory/5008-45-0x0000000000400000-0x00000000016A8000-memory.dmp
memory/5092-47-0x0000000000400000-0x00000000016A8000-memory.dmp
memory/3188-48-0x0000000000400000-0x00000000016A8000-memory.dmp
memory/5092-49-0x0000000003710000-0x0000000003711000-memory.dmp
memory/3188-50-0x00000000001D0000-0x00000000001D1000-memory.dmp
memory/3188-51-0x0000000000400000-0x00000000016A8000-memory.dmp
memory/1560-54-0x0000000000400000-0x00000000016A8000-memory.dmp
memory/1560-56-0x0000000001A00000-0x0000000001A01000-memory.dmp
memory/4484-55-0x0000000000400000-0x00000000016A8000-memory.dmp
memory/4764-57-0x0000000001A60000-0x0000000001A61000-memory.dmp
memory/4764-58-0x0000000000400000-0x00000000016A8000-memory.dmp
memory/1620-61-0x0000000001A50000-0x0000000001A51000-memory.dmp
memory/1620-62-0x0000000000400000-0x00000000016A8000-memory.dmp
memory/1892-63-0x0000000000400000-0x00000000016A8000-memory.dmp
memory/1892-64-0x00000000001F0000-0x00000000001F1000-memory.dmp
memory/1892-66-0x0000000000400000-0x00000000016A8000-memory.dmp
memory/2872-68-0x0000000001A30000-0x0000000001A31000-memory.dmp
memory/2872-67-0x0000000000400000-0x00000000016A8000-memory.dmp
memory/5008-70-0x0000000000400000-0x00000000016A8000-memory.dmp
memory/2964-72-0x0000000003610000-0x0000000003611000-memory.dmp
memory/2964-71-0x0000000000400000-0x00000000016A8000-memory.dmp
memory/4136-75-0x0000000000400000-0x00000000016A8000-memory.dmp
memory/4484-76-0x0000000000400000-0x00000000016A8000-memory.dmp
memory/368-78-0x0000000000400000-0x00000000016A8000-memory.dmp
memory/368-79-0x0000000001E60000-0x0000000001E61000-memory.dmp
memory/4136-77-0x0000000000400000-0x00000000016A8000-memory.dmp
memory/588-82-0x0000000000400000-0x00000000016A8000-memory.dmp
memory/368-81-0x0000000000400000-0x00000000016A8000-memory.dmp
memory/588-83-0x0000000001E60000-0x0000000001E61000-memory.dmp
memory/1316-84-0x0000000000400000-0x00000000016A8000-memory.dmp
memory/588-85-0x0000000000400000-0x00000000016A8000-memory.dmp
memory/1144-86-0x0000000000400000-0x00000000016A8000-memory.dmp
memory/1144-87-0x0000000001E20000-0x0000000001E21000-memory.dmp
memory/3980-90-0x0000000000400000-0x00000000016A8000-memory.dmp
memory/3980-91-0x00000000019F0000-0x00000000019F1000-memory.dmp
memory/3980-92-0x0000000000400000-0x00000000016A8000-memory.dmp
memory/1480-94-0x00000000001F0000-0x00000000001F1000-memory.dmp
memory/1480-93-0x0000000000400000-0x00000000016A8000-memory.dmp
memory/1480-96-0x0000000000400000-0x00000000016A8000-memory.dmp
memory/2148-97-0x0000000000400000-0x00000000016A8000-memory.dmp
memory/2148-98-0x0000000000400000-0x00000000016A8000-memory.dmp
memory/952-100-0x0000000000400000-0x00000000016A8000-memory.dmp
memory/952-101-0x00000000001F0000-0x00000000001F1000-memory.dmp
memory/4540-102-0x00000000020F0000-0x00000000020F1000-memory.dmp
memory/4540-104-0x0000000000400000-0x00000000016A8000-memory.dmp
memory/4712-106-0x0000000000400000-0x00000000016A8000-memory.dmp
memory/4712-107-0x0000000001A70000-0x0000000001A71000-memory.dmp
memory/2224-108-0x0000000003A20000-0x0000000003A21000-memory.dmp
memory/2224-109-0x0000000000400000-0x00000000016A8000-memory.dmp
memory/3928-110-0x0000000001A50000-0x0000000001A51000-memory.dmp
memory/3928-112-0x0000000000400000-0x00000000016A8000-memory.dmp
memory/5044-113-0x0000000000400000-0x00000000016A8000-memory.dmp
memory/5044-114-0x0000000000400000-0x00000000016A8000-memory.dmp
memory/4912-116-0x0000000000400000-0x00000000016A8000-memory.dmp
memory/4912-117-0x00000000001F0000-0x00000000001F1000-memory.dmp
memory/4728-118-0x0000000000400000-0x00000000016A8000-memory.dmp
memory/4728-119-0x0000000001E70000-0x0000000001E71000-memory.dmp
memory/2560-121-0x0000000000400000-0x00000000016A8000-memory.dmp
memory/3768-124-0x0000000000400000-0x00000000016A8000-memory.dmp
memory/3768-126-0x0000000000400000-0x00000000016A8000-memory.dmp
memory/540-132-0x0000000000400000-0x00000000016A8000-memory.dmp
memory/3388-149-0x0000000000400000-0x00000000016A8000-memory.dmp
memory/1316-148-0x0000000000400000-0x00000000016A8000-memory.dmp
memory/3412-156-0x0000000000400000-0x00000000016A8000-memory.dmp
memory/3216-159-0x0000000000400000-0x00000000016A8000-memory.dmp
memory/1988-162-0x0000000000400000-0x00000000016A8000-memory.dmp
memory/3472-165-0x0000000000400000-0x00000000016A8000-memory.dmp
memory/2348-169-0x0000000000400000-0x00000000016A8000-memory.dmp
memory/1876-172-0x0000000000400000-0x00000000016A8000-memory.dmp
memory/3528-179-0x0000000000400000-0x00000000016A8000-memory.dmp
memory/4856-183-0x0000000000400000-0x00000000016A8000-memory.dmp
memory/4912-185-0x0000000000400000-0x00000000016A8000-memory.dmp
memory/2984-189-0x0000000000400000-0x00000000016A8000-memory.dmp
memory/1156-191-0x0000000000400000-0x00000000016A8000-memory.dmp
memory/4900-193-0x0000000000400000-0x00000000016A8000-memory.dmp
memory/392-195-0x0000000000400000-0x00000000016A8000-memory.dmp
memory/4464-199-0x0000000000400000-0x00000000016A8000-memory.dmp
memory/3812-202-0x0000000000400000-0x00000000016A8000-memory.dmp
memory/4424-206-0x0000000000400000-0x00000000016A8000-memory.dmp
memory/4204-209-0x0000000000400000-0x00000000016A8000-memory.dmp
C:\Users\Public\Microsoft Build\Isass.exe
| MD5 | 33bd23e5a94e8b89c77b603fc542b2e2 |
| SHA1 | 2277fd71f6935ff406adc519f537397a975ad55f |
| SHA256 | 55028199044cd6460ce49e5cefb52b69e044f8e03551b3270d956e194a567555 |
| SHA512 | fa2972f6e44959c96b08389b6cf92785aeb79e30a006faff57f0becdfa57915eaca3a2b5792960da9c60603c95338a88ec4e4e6c84fea89c7be2dcff233309cd |