5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
24-04-2024 16:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11.exe
Size

326KB
MD5

2b8142469ec76f023611bd27e53074c6
SHA1

f9e3d9a1a7abefd77305cf14cc26512c439948b4
SHA256

5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11
SHA512

54f17fafb0da05a1a3d574815a7322eae0d42cc2877929bcea75483b1870ca2260c82e13309eb892d82ab5f0eafdc38dfa7bb4366722c2709e45eb052c5dd4d9
SSDEEP

3072:Wae7OubpGGErCbuZM4EQrjo7vgHJJPPIjyBrOd3U:WacxGfTMfQrjoziJJHIQH

Score

7^/10

persistence upx

Malware Config

Signatures

Executes dropped EXE 26 IoCs

pid	Process
2308	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202.exe
2960	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202a.exe
2656	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202b.exe
2460	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202c.exe
2476	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202d.exe
2468	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202e.exe
2128	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202f.exe
2556	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202g.exe
2172	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202h.exe
2348	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202i.exe
1980	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202j.exe
1612	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202k.exe
2116	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202l.exe
1392	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202m.exe
540	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202n.exe
2404	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202o.exe
1924	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202p.exe
1236	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202q.exe
1332	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202r.exe
3060	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202s.exe
704	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202t.exe
2988	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202u.exe
3064	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202v.exe
2056	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202w.exe
1600	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202x.exe
2308	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202y.exe

Loads dropped DLL 52 IoCs

pid	Process
2864	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11.exe
2864	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11.exe
2308	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202.exe
2308	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202.exe
2960	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202a.exe
2960	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202a.exe
2656	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202b.exe
2656	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202b.exe
2460	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202c.exe
2460	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202c.exe
2476	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202d.exe
2476	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202d.exe
2468	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202e.exe
2468	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202e.exe
2128	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202f.exe
2128	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202f.exe
2556	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202g.exe
2556	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202g.exe
2172	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202h.exe
2172	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202h.exe
2348	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202i.exe
2348	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202i.exe
1980	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202j.exe
1980	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202j.exe
1612	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202k.exe
1612	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202k.exe
2116	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202l.exe
2116	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202l.exe
1392	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202m.exe
1392	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202m.exe
540	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202n.exe
540	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202n.exe
2404	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202o.exe
2404	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202o.exe
1924	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202p.exe
1924	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202p.exe
1236	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202q.exe
1236	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202q.exe
1332	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202r.exe
1332	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202r.exe
3060	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202s.exe
3060	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202s.exe
704	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202t.exe
704	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202t.exe
2988	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202u.exe
2988	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202u.exe
3064	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202v.exe
3064	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202v.exe
2056	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202w.exe
2056	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202w.exe
1600	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202x.exe
1600	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202x.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2864-0-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/memory/2864-12-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/memory/2960-36-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/memory/2308-21-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/files/0x002b000000012721-37.dat	upx
behavioral1/memory/2656-51-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/memory/2960-43-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/files/0x000d00000001224d-15.dat	upx
behavioral1/files/0x000b00000001267a-30.dat	upx
behavioral1/memory/2308-28-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/files/0x000800000001322b-52.dat	upx
behavioral1/memory/2460-67-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/memory/2656-59-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/memory/2656-54-0x00000000002A0000-0x00000000002DA000-memory.dmp	upx
behavioral1/memory/2460-74-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/memory/2476-82-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/files/0x000800000001332e-76.dat	upx
behavioral1/memory/2468-97-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/files/0x000800000001340b-91.dat	upx
behavioral1/files/0x000a000000013413-98.dat	upx
behavioral1/memory/2476-89-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/memory/2468-105-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/files/0x000900000001341c-121.dat	upx
behavioral1/memory/2128-119-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/memory/2128-114-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/memory/2556-127-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/files/0x0006000000014228-128.dat	upx
behavioral1/memory/2556-135-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/memory/2172-143-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/files/0x0006000000014246-144.dat	upx
behavioral1/memory/2172-150-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/files/0x0006000000014312-166.dat	upx
behavioral1/memory/2348-158-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/memory/2348-165-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/memory/1980-174-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/memory/1612-195-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/files/0x0006000000014358-198.dat	upx
behavioral1/files/0x00060000000143e5-205.dat	upx
behavioral1/memory/2116-212-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/memory/1392-220-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/files/0x0006000000014326-183.dat	upx
behavioral1/memory/1980-181-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/files/0x002b000000012747-221.dat	upx
behavioral1/memory/1392-227-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/memory/540-237-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/files/0x000600000001443b-238.dat	upx
behavioral1/memory/2404-252-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/memory/540-244-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/memory/2404-257-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/memory/1924-263-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/memory/1924-268-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/memory/1236-275-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/memory/1980-286-0x00000000003C0000-0x00000000003FA000-memory.dmp	upx
behavioral1/memory/1236-280-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/memory/1332-289-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/memory/1332-294-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/memory/3060-300-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/memory/3060-305-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/memory/704-312-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/memory/704-317-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/memory/2988-323-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/memory/2988-328-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/memory/3064-334-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/memory/3064-339-0x0000000000400000-0x000000000043A000-memory.dmp	upx

Adds Run key to start application 2 TTPs 26 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Modifies registry class 54 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202a.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 9eb143df3ccde53c	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202d.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202g.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 9eb143df3ccde53c	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202k.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 9eb143df3ccde53c	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202n.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 9eb143df3ccde53c	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202a.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 9eb143df3ccde53c	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202b.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202k.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202i.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202n.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 9eb143df3ccde53c	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202w.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 9eb143df3ccde53c	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202p.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202x.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202m.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202r.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202c.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 9eb143df3ccde53c	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202u.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 9eb143df3ccde53c	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 9eb143df3ccde53c	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202c.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 9eb143df3ccde53c	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202g.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 9eb143df3ccde53c	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202j.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202s.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202d.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202h.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 9eb143df3ccde53c	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202s.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 9eb143df3ccde53c	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202v.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 9eb143df3ccde53c	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202f.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202j.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 9eb143df3ccde53c	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202q.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202t.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 9eb143df3ccde53c	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 9eb143df3ccde53c	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202l.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 9eb143df3ccde53c	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202m.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 9eb143df3ccde53c	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202r.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 9eb143df3ccde53c	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202y.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202f.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202l.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202o.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202u.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 9eb143df3ccde53c	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202x.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202e.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202q.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202v.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 9eb143df3ccde53c	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202i.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202p.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202w.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202y.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202b.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 9eb143df3ccde53c	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202e.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 9eb143df3ccde53c	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202h.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 9eb143df3ccde53c	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202o.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 9eb143df3ccde53c	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202t.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2864 wrote to memory of 2308	2864	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11.exe	28
PID 2864 wrote to memory of 2308	2864	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11.exe	28
PID 2864 wrote to memory of 2308	2864	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11.exe	28
PID 2864 wrote to memory of 2308	2864	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11.exe	28
PID 2308 wrote to memory of 2960	2308	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202.exe	29
PID 2308 wrote to memory of 2960	2308	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202.exe	29
PID 2308 wrote to memory of 2960	2308	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202.exe	29
PID 2308 wrote to memory of 2960	2308	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202.exe	29
PID 2960 wrote to memory of 2656	2960	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202a.exe	30
PID 2960 wrote to memory of 2656	2960	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202a.exe	30
PID 2960 wrote to memory of 2656	2960	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202a.exe	30
PID 2960 wrote to memory of 2656	2960	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202a.exe	30
PID 2656 wrote to memory of 2460	2656	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202b.exe	31
PID 2656 wrote to memory of 2460	2656	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202b.exe	31
PID 2656 wrote to memory of 2460	2656	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202b.exe	31
PID 2656 wrote to memory of 2460	2656	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202b.exe	31
PID 2460 wrote to memory of 2476	2460	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202c.exe	32
PID 2460 wrote to memory of 2476	2460	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202c.exe	32
PID 2460 wrote to memory of 2476	2460	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202c.exe	32
PID 2460 wrote to memory of 2476	2460	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202c.exe	32
PID 2476 wrote to memory of 2468	2476	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202d.exe	33
PID 2476 wrote to memory of 2468	2476	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202d.exe	33
PID 2476 wrote to memory of 2468	2476	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202d.exe	33
PID 2476 wrote to memory of 2468	2476	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202d.exe	33
PID 2468 wrote to memory of 2128	2468	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202e.exe	34
PID 2468 wrote to memory of 2128	2468	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202e.exe	34
PID 2468 wrote to memory of 2128	2468	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202e.exe	34
PID 2468 wrote to memory of 2128	2468	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202e.exe	34
PID 2128 wrote to memory of 2556	2128	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202f.exe	35
PID 2128 wrote to memory of 2556	2128	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202f.exe	35
PID 2128 wrote to memory of 2556	2128	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202f.exe	35
PID 2128 wrote to memory of 2556	2128	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202f.exe	35
PID 2556 wrote to memory of 2172	2556	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202g.exe	36
PID 2556 wrote to memory of 2172	2556	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202g.exe	36
PID 2556 wrote to memory of 2172	2556	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202g.exe	36
PID 2556 wrote to memory of 2172	2556	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202g.exe	36
PID 2172 wrote to memory of 2348	2172	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202h.exe	37
PID 2172 wrote to memory of 2348	2172	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202h.exe	37
PID 2172 wrote to memory of 2348	2172	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202h.exe	37
PID 2172 wrote to memory of 2348	2172	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202h.exe	37
PID 2348 wrote to memory of 1980	2348	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202i.exe	38
PID 2348 wrote to memory of 1980	2348	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202i.exe	38
PID 2348 wrote to memory of 1980	2348	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202i.exe	38
PID 2348 wrote to memory of 1980	2348	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202i.exe	38
PID 1980 wrote to memory of 1612	1980	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202j.exe	39
PID 1980 wrote to memory of 1612	1980	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202j.exe	39
PID 1980 wrote to memory of 1612	1980	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202j.exe	39
PID 1980 wrote to memory of 1612	1980	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202j.exe	39
PID 1612 wrote to memory of 2116	1612	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202k.exe	40
PID 1612 wrote to memory of 2116	1612	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202k.exe	40
PID 1612 wrote to memory of 2116	1612	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202k.exe	40
PID 1612 wrote to memory of 2116	1612	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202k.exe	40
PID 2116 wrote to memory of 1392	2116	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202l.exe	41
PID 2116 wrote to memory of 1392	2116	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202l.exe	41
PID 2116 wrote to memory of 1392	2116	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202l.exe	41
PID 2116 wrote to memory of 1392	2116	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202l.exe	41
PID 1392 wrote to memory of 540	1392	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202m.exe	42
PID 1392 wrote to memory of 540	1392	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202m.exe	42
PID 1392 wrote to memory of 540	1392	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202m.exe	42
PID 1392 wrote to memory of 540	1392	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202m.exe	42
PID 540 wrote to memory of 2404	540	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202n.exe	43
PID 540 wrote to memory of 2404	540	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202n.exe	43
PID 540 wrote to memory of 2404	540	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202n.exe	43
PID 540 wrote to memory of 2404	540	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202n.exe	43

C:\Users\Admin\AppData\Local\Temp\5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11.exe
"C:\Users\Admin\AppData\Local\Temp\5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11.exe"
1⤵
- Loads dropped DLL
- Adds Run key to start application
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:2864
- \??\c:\users\admin\appdata\local\temp\5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202.exe
  c:\users\admin\appdata\local\temp\5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Adds Run key to start application
  - Modifies registry class
  - Suspicious use of WriteProcessMemory
  PID:2308
- - \??\c:\users\admin\appdata\local\temp\5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202a.exe
    c:\users\admin\appdata\local\temp\5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202a.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Adds Run key to start application
    - Modifies registry class
    - Suspicious use of WriteProcessMemory
    PID:2960
  - - \??\c:\users\admin\appdata\local\temp\5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202b.exe
      c:\users\admin\appdata\local\temp\5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202b.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Adds Run key to start application
      Modifies registry class
      Suspicious use of WriteProcessMemory
      PID:2656
    - - \??\c:\users\admin\appdata\local\temp\5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202c.exe
        
        c:\users\admin\appdata\local\temp\5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202c.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2460
      - \??\c:\users\admin\appdata\local\temp\5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202d.exe
        
        c:\users\admin\appdata\local\temp\5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202d.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2476
        
        \??\c:\users\admin\appdata\local\temp\5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202e.exe
        
        c:\users\admin\appdata\local\temp\5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202e.exe
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2468
        
        \??\c:\users\admin\appdata\local\temp\5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202f.exe
        
        c:\users\admin\appdata\local\temp\5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202f.exe
        8⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2128
        
        \??\c:\users\admin\appdata\local\temp\5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202g.exe
        
        c:\users\admin\appdata\local\temp\5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202g.exe
        9⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2556
        
        \??\c:\users\admin\appdata\local\temp\5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202h.exe
        
        c:\users\admin\appdata\local\temp\5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202h.exe
        10⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2172
        
        \??\c:\users\admin\appdata\local\temp\5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202i.exe
        
        c:\users\admin\appdata\local\temp\5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202i.exe
        11⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2348
        
        \??\c:\users\admin\appdata\local\temp\5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202j.exe
        
        c:\users\admin\appdata\local\temp\5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202j.exe
        12⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:1980
        
        \??\c:\users\admin\appdata\local\temp\5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202k.exe
        
        c:\users\admin\appdata\local\temp\5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202k.exe
        13⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:1612
        
        \??\c:\users\admin\appdata\local\temp\5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202l.exe
        
        c:\users\admin\appdata\local\temp\5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202l.exe
        14⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2116
        
        \??\c:\users\admin\appdata\local\temp\5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202m.exe
        
        c:\users\admin\appdata\local\temp\5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202m.exe
        15⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:1392
        
        \??\c:\users\admin\appdata\local\temp\5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202n.exe
        
        c:\users\admin\appdata\local\temp\5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202n.exe
        16⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:540
        
        \??\c:\users\admin\appdata\local\temp\5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202o.exe
        
        c:\users\admin\appdata\local\temp\5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202o.exe
        17⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        
        PID:2404
        
        \??\c:\users\admin\appdata\local\temp\5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202p.exe
        
        c:\users\admin\appdata\local\temp\5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202p.exe
        18⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        
        PID:1924
        
        \??\c:\users\admin\appdata\local\temp\5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202q.exe
        
        c:\users\admin\appdata\local\temp\5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202q.exe
        19⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        
        PID:1236
        
        \??\c:\users\admin\appdata\local\temp\5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202r.exe
        
        c:\users\admin\appdata\local\temp\5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202r.exe
        20⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        
        PID:1332
        
        \??\c:\users\admin\appdata\local\temp\5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202s.exe
        
        c:\users\admin\appdata\local\temp\5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202s.exe
        21⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        
        PID:3060
        
        \??\c:\users\admin\appdata\local\temp\5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202t.exe
        
        c:\users\admin\appdata\local\temp\5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202t.exe
        22⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        
        PID:704
        
        \??\c:\users\admin\appdata\local\temp\5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202u.exe
        
        c:\users\admin\appdata\local\temp\5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202u.exe
        23⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        
        PID:2988
        
        \??\c:\users\admin\appdata\local\temp\5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202v.exe
        
        c:\users\admin\appdata\local\temp\5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202v.exe
        24⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        
        PID:3064
        
        \??\c:\users\admin\appdata\local\temp\5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202w.exe
        
        c:\users\admin\appdata\local\temp\5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202w.exe
        25⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        
        PID:2056
        
        \??\c:\users\admin\appdata\local\temp\5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202x.exe
        
        c:\users\admin\appdata\local\temp\5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202x.exe
        26⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        
        PID:1600
        
        \??\c:\users\admin\appdata\local\temp\5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202y.exe
        
        c:\users\admin\appdata\local\temp\5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202y.exe
        27⤵
        Executes dropped EXE
        Modifies registry class
        
        PID:2308

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202j.exe

Filesize
328KB

MD5
5f492da8e9d835c708d5e60bcee3db64

SHA1
9fdc63cf2ffdacb9dd35aab4469b25efc5e51f21

SHA256
4af14a5832333c2fbdfc710de7b37531d8b41bfdb27c3dbbb6c39b8743035407

SHA512
9bae9eca48091593d3bb8251c31919bae695e594e80272982003dbf01a2b847ce2d356ba627b1d1b8cbbb54b2984ef02fd5345fad2fd019e84bc77fbe15caa22

Download Submit
\??\c:\users\admin\appdata\local\temp\5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202.exe

Filesize
326KB

MD5
4ef0f0c8ab10c94eee0931def08a6335

SHA1
a4482d3a5ee8fc5ab8c35134e0fb19d98beb72dc

SHA256
7e34bb3787ef9c17035feaf4ed62c6953e3109ac547ad8a883e46dbd577b7529

SHA512
b64968124d1c8928f7fb73ac80be4538e44c447347877e45430b3a188d2a232ca9316aecaaccc8e6c4cc95357ef901d2cfd7eed8e1c25085e81e3ae24bf5f1b7

Download Submit
\??\c:\users\admin\appdata\local\temp\5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202a.exe

Filesize
326KB

MD5
b6fc705217948afcf5041f6f898ec415

SHA1
12bde70eafbb39d928d2233dd2f414dbc1a370a1

SHA256
8dc7a1c291c750040c6af1ef4581c03a5479fa9435923cb65b7e0e2ca1a3730d

SHA512
efff2b6baa014863668b68fea81dd9c7deb78f6268e31f5315ff34b86ec3d19a8e1eb8956b68030f78dcd91833562f8a62e15fb385e3b57e9b3765099ef35fd0

Download Submit
\??\c:\users\admin\appdata\local\temp\5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202d.exe

Filesize
327KB

MD5
46ec382528218527e44b251794164799

SHA1
e1c5327f46a458bd535f78ea111a2d015258a413

SHA256
d92c5448407a6cc72c09656df1fbc94468fdbd925a583de2198198a21cbaa969

SHA512
47b3bf953cd41c3a5d6876512ffbefd8a2c56ab52295f7b8cccd2a94666f033dbff59dfaaf3f91b2cc4ad16defa53e041221780db61a60273e5b1a4d1cab2486

Download Submit
\??\c:\users\admin\appdata\local\temp\5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202e.exe

Filesize
327KB

MD5
ee7402d87bd362e6e5ac7571346c2497

SHA1
50c9960c8564ed58fb2763ebc8d599854ca6f6ad

SHA256
e80690a65c7fdb9ea03f8a6f8fc717ffbb9af04395b3d6b5c52d8aa5de51f9ff

SHA512
2fe48e94ac9dbc399b71238d7f552e278f868df9eae1888865dd51a72a54021116f5b02b1311cd0dba3ebe55421ce5fd707a0952ba4ccaa58146f1b1dac8b928

Download Submit
\??\c:\users\admin\appdata\local\temp\5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202g.exe

Filesize
328KB

MD5
fa76f99691692614e3bb2c138772c937

SHA1
b59c93ef0ecc235fb51cea05bf02a78902803c25

SHA256
c07d7d862a3c3bb15a6d2473aa2165b958792575d74075790fd2f2db7443efb0

SHA512
ab2e574b7c822b54c5bfd96a3314ef3f67e92055f5258d24510c5ca7020d607247d734d6d750d873b3bd27f790c6c1f16e3cd14f7a48206b6a09fe4d5cc0acfa

Download Submit
\??\c:\users\admin\appdata\local\temp\5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202k.exe

Filesize
328KB

MD5
6033a13a26d1277cb44a96f71474fd8e

SHA1
8c9cd28754f74e92aea13391ee7aea87b24674dc

SHA256
7f99bcbcd9f41416fc03da48f837da7a4f23b89ee3f861f4dc5ac606139d6b5c

SHA512
385e72d998fd5fff298f1c8c60d0d4da3d304b2f9b08ba093a34674f2d1d0094289efbbfc6c488f2cbbe45dd32b7a0a1f673ca763522def1ec956a8f73819d50

Download Submit
\??\c:\users\admin\appdata\local\temp\5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202l.exe

Filesize
329KB

MD5
ed3869bd692986e8d8c3aeeae1aed5bd

SHA1
220bf4bc4454e7501f982c82c8ec189e9f8ec11e

SHA256
ee65f13873bbac159f3a4c859d86b17ca633304e4a818f2b497dabf085e4f5a7

SHA512
820f609cf621bce0e7a1c15ee3825ebd3038a1b31a52ef2cfc7ca1bd69893d7b427bea8d4eeeb9a386b13838fe7f8fd3c671b3f4e5ccd3a911f4a68e1a0a17b9

Download Submit
\Users\Admin\AppData\Local\Temp\5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202b.exe

Filesize
326KB

MD5
16164f48e9024c7d37dd4823a8471087

SHA1
292a7da8e3492b92c71a9087945545f76854a8d4

SHA256
173e4ce4d4a21efd26cb976bd7265d34847da0c23929d2a036d593be9fb59e15

SHA512
2ee248e040923b069ac2271acd7ac53fcfcce3ac307aeab9d48309bf56ad458e28d8cc7b43a471173424deaf402574c66dafb66c700ea02aa3f1aa5c4c402b0e

Download Submit
\Users\Admin\AppData\Local\Temp\5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202c.exe

Filesize
327KB

MD5
608136593ab2e91d3cdd2083409b2fb2

SHA1
b05f6ba3f8b6b06c5d8acd31538f8c0acb7291bc

SHA256
ea5d01dbf94c99a8e9b1c244d0e05d6bb7c2605651cd201aa17b933b66366882

SHA512
b7e4d238fcd940353d97e641f92c89953978f2e42b800bdc95cb8cabd3a9d0229428b1160b5fd116a7bbe43189e3e0cc2df3a62e4ab5554cdc5da02f257ad333

Download Submit
\Users\Admin\AppData\Local\Temp\5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202f.exe

Filesize
327KB

MD5
ab22271f107e7f01a1f88f4a12ae017e

SHA1
f52be32720a1e0db0cfa358f62096fb714c6dc35

SHA256
09a5bc3538be4e58e8cb0812abf18f627691c4763928dc86ad116d90067612c5

SHA512
2bf4a795c539b1feafdab3c8f4096ce21cf31b64ef80fb3882e8f645e00cf36090aafec3a6037593f867f73851792716e05489b2381838c31a4b92359d761ef5

Download Submit
\Users\Admin\AppData\Local\Temp\5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202h.exe

Filesize
328KB

MD5
bcfd4fc6f84071ce3a48387c44ab0f27

SHA1
098baa77c13fc2726f0b7dbca5887fda545a83b3

SHA256
8ae71f257edcc5fe3813e8584000414caf5ffe460c91658d5f9261028b1ac268

SHA512
4ee80dc8fafd908c39cc3727672f00b50d182bb5fda4ca8e750b86547cb46d7c4e1b77194b1bc554d444613eda594d635ec3f3bebd0d0f987618fddf69c9a12d

Download Submit
\Users\Admin\AppData\Local\Temp\5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202i.exe

Filesize
328KB

MD5
1c473032581fc7f6214209cb11bcb616

SHA1
5355a54354652e5e12f9f30d7f8e488792a87f53

SHA256
178a328025e4dfdf13bd818506a0679a04d9099c3c1a3b20c7e7a296f013c2cc

SHA512
4d005732241cd0abe71ca945af667f62d38ab01e57db3c8071a80974dec6d219d837b928bdf253ccc2447774a9d1ef95c2c3ba8f183b383d79eb0e420c4b547b

Download Submit
\Users\Admin\AppData\Local\Temp\5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202m.exe

Filesize
329KB

MD5
8c50c0cb0dc968b0fb8f56397f9859ec

SHA1
1df6cb828737ccd876393d7b4d579be4605ef3de

SHA256
b73c0e10e383f3c81614bfd24f97ca9383bf6a1b0fba413a617441ca02650f5c

SHA512
ab8a5e12de0ea008372679245397f477cd084e897a9e613c127a383a16ae50e5690ae63fa85056a9ef039469229fd5e9afa193d410a69d85d2943a1609fa05d3

Download Submit
\Users\Admin\AppData\Local\Temp\5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202n.exe

Filesize
329KB

MD5
0c3b717dac899da82b4cf5c357e7abfc

SHA1
dcd94c9057efd4c5a943335ee38dde3e72ef4fc7

SHA256
385f964772766ca0e4efbcc11b6b80e7a3846e3f13a8a3ef59ce4f54d124ff91

SHA512
2de4b8d2a69ee39f9ff0a1a0e0c9526f7c14473baec24d5c581a624f6b95a0804e1371500ed356394e9c98f9c2049ab9c7b0abf884acbee73955cb93d6288526

Download Submit
\Users\Admin\AppData\Local\Temp\5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202o.exe

Filesize
329KB

MD5
911442f29cb4d0830919b9d4c93ece8a

SHA1
7ee29b697d1d3b3783335e0b29b7fcc06ef4c1a1

SHA256
108967923528431b17c62a4ba56b22b7d63b30152db0e31790d187ac5edbd816

SHA512
6df07d9da9138d66fa02a93351d3c42a3eb5cc842d1a17583c23165558a175e29426152a696b7c850c94d4c8994af158a092210bb1face038456cc12762a3125

Download Submit
memory/540-237-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/540-244-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/704-312-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/704-317-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/1236-280-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/1236-275-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/1332-289-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/1332-294-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/1392-227-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/1392-236-0x0000000000440000-0x000000000047A000-memory.dmp

Filesize
232KB

Download
memory/1392-220-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/1392-228-0x0000000000440000-0x000000000047A000-memory.dmp

Filesize
232KB

Download
memory/1600-357-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/1600-362-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/1612-288-0x0000000000440000-0x000000000047A000-memory.dmp

Filesize
232KB

Download
memory/1612-204-0x0000000000440000-0x000000000047A000-memory.dmp

Filesize
232KB

Download
memory/1612-195-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/1924-268-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/1924-269-0x0000000001D00000-0x0000000001D3A000-memory.dmp

Filesize
232KB

Download
memory/1924-263-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/1980-174-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/1980-196-0x00000000003C0000-0x00000000003FA000-memory.dmp

Filesize
232KB

Download
memory/1980-286-0x00000000003C0000-0x00000000003FA000-memory.dmp

Filesize
232KB

Download
memory/1980-181-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2056-356-0x00000000005D0000-0x000000000060A000-memory.dmp

Filesize
232KB

Download
memory/2056-345-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2056-366-0x00000000005D0000-0x000000000060A000-memory.dmp

Filesize
232KB

Download
memory/2056-350-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2116-287-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2116-212-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2128-114-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2128-119-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2172-143-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2172-150-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2308-28-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2308-364-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2308-21-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2348-165-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2348-173-0x00000000003B0000-0x00000000003EA000-memory.dmp

Filesize
232KB

Download
memory/2348-158-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2404-257-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2404-252-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2460-74-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2460-67-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2468-105-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2468-97-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2476-89-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2476-82-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2556-127-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2556-135-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2556-130-0x00000000002D0000-0x000000000030A000-memory.dmp

Filesize
232KB

Download
memory/2656-59-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2656-51-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2656-54-0x00000000002A0000-0x00000000002DA000-memory.dmp

Filesize
232KB

Download
memory/2864-0-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2864-12-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2864-13-0x0000000000270000-0x00000000002AA000-memory.dmp

Filesize
232KB

Download
memory/2960-36-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2960-43-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2988-323-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2988-328-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/3060-311-0x00000000002E0000-0x000000000031A000-memory.dmp

Filesize
232KB

Download
memory/3060-305-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/3060-300-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/3060-365-0x00000000002E0000-0x000000000031A000-memory.dmp

Filesize
232KB

Download
memory/3064-334-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/3064-339-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202j.exe\""	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202i.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202y.exe\""	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202x.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202d.exe\""	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202c.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202l.exe\""	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202k.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202r.exe\""	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202q.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202s.exe\""	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202r.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202x.exe\""	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202w.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202a.exe\""	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202f.exe\""	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202h.exe\""	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202g.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202n.exe\""	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202m.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202v.exe\""	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202u.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202e.exe\""	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202d.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202i.exe\""	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202h.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202o.exe\""	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202n.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202t.exe\""	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202s.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202g.exe\""	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202f.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202k.exe\""	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202j.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202m.exe\""	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202l.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202u.exe\""	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202t.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202b.exe\""	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202a.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202c.exe\""	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202b.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202p.exe\""	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202o.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202.exe\""	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202q.exe\""	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202p.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202w.exe\""	5722f4d052bd2d7172bf8e30d0f00024c0dd25065548b9aca948358556988f11_3202v.exe

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads