Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
103s -
platform
windows10-2004_x64 -
resource
win10v2004-20240419-en -
resource tags
-
submitted
03/05/2024, 05:34
General
-
Target
f958c9c4ce058c67b74090cfb18fe68178c8bbe87595564a2c7ce7ba121c89fd.exe
-
Size
188KB
-
MD5
7523679f6e5f103125526940dfbdd9ca
-
SHA1
cdddb2b45547f288c78bb3cee519912035258a9f
-
SHA256
f958c9c4ce058c67b74090cfb18fe68178c8bbe87595564a2c7ce7ba121c89fd
-
SHA512
43c16bf3cd54a6b7ea17fd8f17908b8e156f9102a2f61f5bba50d42243c734e3890d359b1cc0e5ddbb6f13d4078a4c58740c916141f6ad52b9d9fabd343ee20f
-
SSDEEP
3072:Iy3pOBC3bEpqavBSPcC2ScrgCjlyKOanF9t6xtZYwlslGp:Iy3pOBC3wpqavBSPcC2ScrgCCs3o7lsk
Score
10/10
Malware Config
Signatures
-
Modifies visibility of file extensions in Explorer 2 TTPs 2 IoCs
-
Modifies visiblity of hidden/system files in Explorer 2 TTPs 2 IoCs
-
Adds policy Run key to start application 2 TTPs 4 IoCs
-
Executes dropped EXE 4 IoCs
-
Modifies system executable filetype association 2 TTPs 4 IoCs
-
UPX packed file 5 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application 2 TTPs 2 IoCs
-
Drops file in System32 directory 7 IoCs
-
Modifies registry class 12 IoCs
-
Modifies registry key 1 TTPs 64 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of SetWindowsHookEx 5 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\f958c9c4ce058c67b74090cfb18fe68178c8bbe87595564a2c7ce7ba121c89fd.exe"C:\Users\Admin\AppData\Local\Temp\f958c9c4ce058c67b74090cfb18fe68178c8bbe87595564a2c7ce7ba121c89fd.exe"1⤵
- Modifies visibility of file extensions in Explorer
- Modifies visiblity of hidden/system files in Explorer
- Adds policy Run key to start application
- Modifies system executable filetype association
- Adds Run key to start application
- Drops file in System32 directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\REG.exeREG DELETE HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot /f2⤵
- Modifies registry key
-
-
C:\Users\Admin\AppData\Local\Temp\Usbconeted.exeC:\Users\Admin\AppData\Local\Temp\Usbconeted.exe2⤵
- Modifies visibility of file extensions in Explorer
- Modifies visiblity of hidden/system files in Explorer
- Adds policy Run key to start application
- Executes dropped EXE
- Modifies system executable filetype association
- Adds Run key to start application
- Drops file in System32 directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\Usbconeted.exeC:\Users\Admin\AppData\Local\Temp\Usbconeted.exe3⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\windows\SysWOW64\32rc.exeC:\windows\system32\32rc.exe3⤵
- Executes dropped EXE
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
-
-
C:\Windows\SysWOW64\REG.exeREG DELETE HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot /f3⤵
- Modifies registry key
-
-
C:\Windows\SysWOW64\REG.exeREG DELETE HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot /f3⤵
- Modifies registry key
-
-
C:\Windows\SysWOW64\REG.exeREG DELETE HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot /f3⤵
-
-
C:\Windows\SysWOW64\REG.exeREG DELETE HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot /f3⤵
- Modifies registry key
-
-
C:\Windows\SysWOW64\REG.exeREG DELETE HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot /f3⤵
-
-
C:\Windows\SysWOW64\REG.exeREG DELETE HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot /f3⤵
-
-
C:\Windows\SysWOW64\REG.exeREG DELETE HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot /f3⤵
-
-
C:\Windows\SysWOW64\REG.exeREG DELETE HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot /f3⤵
-
-
C:\Windows\SysWOW64\REG.exeREG DELETE HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot /f3⤵
-
-
C:\Windows\SysWOW64\REG.exeREG DELETE HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot /f3⤵
-
-
C:\Windows\SysWOW64\REG.exeREG DELETE HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot /f3⤵
- Modifies registry key
-
-
C:\Windows\SysWOW64\REG.exeREG DELETE HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot /f3⤵
- Modifies registry key
-
-
C:\Windows\SysWOW64\REG.exeREG DELETE HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot /f3⤵
- Modifies registry key
-
-
C:\Windows\SysWOW64\REG.exeREG DELETE HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot /f3⤵
- Modifies registry key
-
-
C:\Windows\SysWOW64\REG.exeREG DELETE HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot /f3⤵
- Modifies registry key
-
-
C:\Windows\SysWOW64\REG.exeREG DELETE HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot /f3⤵
-
-
C:\Windows\SysWOW64\REG.exeREG DELETE HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot /f3⤵
-
-
C:\Windows\SysWOW64\REG.exeREG DELETE HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot /f3⤵
-
-
C:\Windows\SysWOW64\REG.exeREG DELETE HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot /f3⤵
-
-
C:\Windows\SysWOW64\REG.exeREG DELETE HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot /f3⤵
- Modifies registry key
-
-
C:\Windows\SysWOW64\REG.exeREG DELETE HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot /f3⤵
-
-
C:\Windows\SysWOW64\REG.exeREG DELETE HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot /f3⤵
- Modifies registry key
-
-
C:\Windows\SysWOW64\REG.exeREG DELETE HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot /f3⤵
-
-
C:\Windows\SysWOW64\REG.exeREG DELETE HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot /f3⤵
-
-
C:\Windows\SysWOW64\REG.exeREG DELETE HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot /f3⤵
-
-
C:\Windows\SysWOW64\REG.exeREG DELETE HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot /f3⤵
-
-
C:\Windows\SysWOW64\REG.exeREG DELETE HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot /f3⤵
- Modifies registry key
-
-
C:\Windows\SysWOW64\REG.exeREG DELETE HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot /f3⤵
- Modifies registry key
-
-
C:\Windows\SysWOW64\REG.exeREG DELETE HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot /f3⤵
-
-
C:\Windows\SysWOW64\REG.exeREG DELETE HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot /f3⤵
-
-
C:\Windows\SysWOW64\REG.exeREG DELETE HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot /f3⤵
- Modifies registry key
-
-
C:\Windows\SysWOW64\REG.exeREG DELETE HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot /f3⤵
- Modifies registry key
-
-
C:\Windows\SysWOW64\REG.exeREG DELETE HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot /f3⤵
- Modifies registry key
-
-
C:\Windows\SysWOW64\REG.exeREG DELETE HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot /f3⤵
- Modifies registry key
-
-
C:\Windows\SysWOW64\REG.exeREG DELETE HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot /f3⤵
-
-
C:\Windows\SysWOW64\REG.exeREG DELETE HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot /f3⤵
-
-
C:\Windows\SysWOW64\REG.exeREG DELETE HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot /f3⤵
- Modifies registry key
-
-
C:\Windows\SysWOW64\REG.exeREG DELETE HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot /f3⤵
-
-
C:\Windows\SysWOW64\REG.exeREG DELETE HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot /f3⤵
- Modifies registry key
-
-
C:\Windows\SysWOW64\REG.exeREG DELETE HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot /f3⤵
-
-
C:\Windows\SysWOW64\REG.exeREG DELETE HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot /f3⤵
-
-
C:\Windows\SysWOW64\REG.exeREG DELETE HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot /f3⤵
- Modifies registry key
-
-
C:\Windows\SysWOW64\REG.exeREG DELETE HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot /f3⤵
-
-
C:\Windows\SysWOW64\REG.exeREG DELETE HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot /f3⤵
-
-
C:\Windows\SysWOW64\REG.exeREG DELETE HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot /f3⤵
- Modifies registry key
-
-
C:\Windows\SysWOW64\REG.exeREG DELETE HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot /f3⤵
- Modifies registry key
-
-
C:\Windows\SysWOW64\REG.exeREG DELETE HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot /f3⤵
-
-
C:\Windows\SysWOW64\REG.exeREG DELETE HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot /f3⤵
-
-
C:\Windows\SysWOW64\REG.exeREG DELETE HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot /f3⤵
-
-
C:\Windows\SysWOW64\REG.exeREG DELETE HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot /f3⤵
-
-
C:\Windows\SysWOW64\REG.exeREG DELETE HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot /f3⤵
-
-
C:\Windows\SysWOW64\REG.exeREG DELETE HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot /f3⤵
- Modifies registry key
-
-
C:\Windows\SysWOW64\REG.exeREG DELETE HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot /f3⤵
- Modifies registry key
-
-
C:\Windows\SysWOW64\REG.exeREG DELETE HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot /f3⤵
- Modifies registry key
-
-
C:\Windows\SysWOW64\REG.exeREG DELETE HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot /f3⤵
- Modifies registry key
-
-
C:\Windows\SysWOW64\REG.exeREG DELETE HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot /f3⤵
- Modifies registry key
-
-
C:\Windows\SysWOW64\REG.exeREG DELETE HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot /f3⤵
-
-
C:\Windows\SysWOW64\REG.exeREG DELETE HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot /f3⤵
- Modifies registry key
-
-
C:\Windows\SysWOW64\REG.exeREG DELETE HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot /f3⤵
-
-
C:\Windows\SysWOW64\REG.exeREG DELETE HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot /f3⤵
- Modifies registry key
-
-
C:\Windows\SysWOW64\REG.exeREG DELETE HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot /f3⤵
- Modifies registry key
-
-
C:\Windows\SysWOW64\REG.exeREG DELETE HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot /f3⤵
- Modifies registry key
-
-
C:\Windows\SysWOW64\REG.exeREG DELETE HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot /f3⤵
-
-
C:\Windows\SysWOW64\REG.exeREG DELETE HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot /f3⤵
-
-
C:\Windows\SysWOW64\REG.exeREG DELETE HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot /f3⤵
- Modifies registry key
-
-
C:\Windows\SysWOW64\REG.exeREG DELETE HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot /f3⤵
- Modifies registry key
-
-
C:\Windows\SysWOW64\REG.exeREG DELETE HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot /f3⤵
-
-
C:\Windows\SysWOW64\REG.exeREG DELETE HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot /f3⤵
- Modifies registry key
-
-
C:\Windows\SysWOW64\REG.exeREG DELETE HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot /f3⤵
-
-
C:\Windows\SysWOW64\REG.exeREG DELETE HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot /f3⤵
-
-
C:\Windows\SysWOW64\REG.exeREG DELETE HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot /f3⤵
-
-
C:\Windows\SysWOW64\REG.exeREG DELETE HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot /f3⤵
-
-
C:\Windows\SysWOW64\REG.exeREG DELETE HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot /f3⤵
- Modifies registry key
-
-
C:\Windows\SysWOW64\REG.exeREG DELETE HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot /f3⤵
-
-
C:\Windows\SysWOW64\REG.exeREG DELETE HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot /f3⤵
- Modifies registry key
-
-
C:\Windows\SysWOW64\REG.exeREG DELETE HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot /f3⤵
-
-
C:\Windows\SysWOW64\REG.exeREG DELETE HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot /f3⤵
-
-
C:\Windows\SysWOW64\REG.exeREG DELETE HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot /f3⤵
-
-
C:\Windows\SysWOW64\REG.exeREG DELETE HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot /f3⤵
-
-
C:\Windows\SysWOW64\REG.exeREG DELETE HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot /f3⤵
-
-
C:\Windows\SysWOW64\REG.exeREG DELETE HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot /f3⤵
-
-
C:\Windows\SysWOW64\REG.exeREG DELETE HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot /f3⤵
-
-
C:\Windows\SysWOW64\REG.exeREG DELETE HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot /f3⤵
- Modifies registry key
-
-
C:\Windows\SysWOW64\REG.exeREG DELETE HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot /f3⤵
-
-
C:\Windows\SysWOW64\REG.exeREG DELETE HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot /f3⤵
-
-
C:\Windows\SysWOW64\REG.exeREG DELETE HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot /f3⤵
- Modifies registry key
-
-
C:\Windows\SysWOW64\REG.exeREG DELETE HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot /f3⤵
-
-
C:\Windows\SysWOW64\REG.exeREG DELETE HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot /f3⤵
-
-
C:\Windows\SysWOW64\REG.exeREG DELETE HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot /f3⤵
-
-
C:\Windows\SysWOW64\REG.exeREG DELETE HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot /f3⤵
- Modifies registry key
-
-
C:\Windows\SysWOW64\REG.exeREG DELETE HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot /f3⤵
-
-
C:\Windows\SysWOW64\REG.exeREG DELETE HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot /f3⤵
- Modifies registry key
-
-
C:\Windows\SysWOW64\REG.exeREG DELETE HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot /f3⤵
-
-
C:\Windows\SysWOW64\REG.exeREG DELETE HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot /f3⤵
-
-
C:\Windows\SysWOW64\REG.exeREG DELETE HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot /f3⤵
- Modifies registry key
-
-
C:\Windows\SysWOW64\REG.exeREG DELETE HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot /f3⤵
- Modifies registry key
-
-
C:\Windows\SysWOW64\REG.exeREG DELETE HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot /f3⤵
-
-
C:\Windows\SysWOW64\REG.exeREG DELETE HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot /f3⤵
-
-
C:\Windows\SysWOW64\REG.exeREG DELETE HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot /f3⤵
-
-
C:\Windows\SysWOW64\REG.exeREG DELETE HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot /f3⤵
- Modifies registry key
-
-
C:\Windows\SysWOW64\REG.exeREG DELETE HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot /f3⤵
-
-
C:\Windows\SysWOW64\REG.exeREG DELETE HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot /f3⤵
-
-
C:\Windows\SysWOW64\REG.exeREG DELETE HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot /f3⤵
- Modifies registry key
-
-
C:\Windows\SysWOW64\REG.exeREG DELETE HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot /f3⤵
- Modifies registry key
-
-
C:\Windows\SysWOW64\REG.exeREG DELETE HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot /f3⤵
- Modifies registry key
-
-
C:\Windows\SysWOW64\REG.exeREG DELETE HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot /f3⤵
-
-
C:\Windows\SysWOW64\REG.exeREG DELETE HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot /f3⤵
- Modifies registry key
-
-
C:\Windows\SysWOW64\REG.exeREG DELETE HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot /f3⤵
-
-
C:\Windows\SysWOW64\REG.exeREG DELETE HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot /f3⤵
-
-
C:\Windows\SysWOW64\REG.exeREG DELETE HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot /f3⤵
-
-
C:\Windows\SysWOW64\REG.exeREG DELETE HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot /f3⤵
-
-
C:\Windows\SysWOW64\REG.exeREG DELETE HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot /f3⤵
- Modifies registry key
-
-
C:\Windows\SysWOW64\REG.exeREG DELETE HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot /f3⤵
-
-
C:\Windows\SysWOW64\REG.exeREG DELETE HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot /f3⤵
- Modifies registry key
-
-
C:\Windows\SysWOW64\REG.exeREG DELETE HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot /f3⤵
-
-
C:\Windows\SysWOW64\REG.exeREG DELETE HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot /f3⤵
-
-
C:\Windows\SysWOW64\REG.exeREG DELETE HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot /f3⤵
-
-
C:\Windows\SysWOW64\REG.exeREG DELETE HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot /f3⤵
-
-
C:\Windows\SysWOW64\REG.exeREG DELETE HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot /f3⤵
-
-
C:\Windows\SysWOW64\REG.exeREG DELETE HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot /f3⤵
-
-
C:\Windows\SysWOW64\REG.exeREG DELETE HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot /f3⤵
- Modifies registry key
-
-
C:\Windows\SysWOW64\REG.exeREG DELETE HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot /f3⤵
- Modifies registry key
-
-
C:\Windows\SysWOW64\REG.exeREG DELETE HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot /f3⤵
-
-
C:\Windows\SysWOW64\REG.exeREG DELETE HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot /f3⤵
-
-
C:\Windows\SysWOW64\REG.exeREG DELETE HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot /f3⤵
-
-
C:\Windows\SysWOW64\REG.exeREG DELETE HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot /f3⤵
-
-
C:\Windows\SysWOW64\REG.exeREG DELETE HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot /f3⤵
- Modifies registry key
-
-
C:\Windows\SysWOW64\REG.exeREG DELETE HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot /f3⤵
-
-
C:\Windows\SysWOW64\REG.exeREG DELETE HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot /f3⤵
- Modifies registry key
-
-
C:\Windows\SysWOW64\REG.exeREG DELETE HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot /f3⤵
- Modifies registry key
-
-
C:\Windows\SysWOW64\REG.exeREG DELETE HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot /f3⤵
- Modifies registry key
-
-
C:\Windows\SysWOW64\REG.exeREG DELETE HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot /f3⤵
- Modifies registry key
-
-
C:\Windows\SysWOW64\REG.exeREG DELETE HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot /f3⤵
-
-
C:\Windows\SysWOW64\REG.exeREG DELETE HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot /f3⤵
- Modifies registry key
-
-
C:\Windows\SysWOW64\REG.exeREG DELETE HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot /f3⤵
- Modifies registry key
-
-
C:\Windows\SysWOW64\REG.exeREG DELETE HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot /f3⤵
-
-
C:\Windows\SysWOW64\REG.exeREG DELETE HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot /f3⤵
- Modifies registry key
-
-
C:\Windows\SysWOW64\REG.exeREG DELETE HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot /f3⤵
- Modifies registry key
-
-
C:\Windows\SysWOW64\REG.exeREG DELETE HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot /f3⤵
- Modifies registry key
-
-
C:\Windows\SysWOW64\REG.exeREG DELETE HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot /f3⤵
-
-
C:\Windows\SysWOW64\REG.exeREG DELETE HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot /f3⤵
- Modifies registry key
-
-
C:\Windows\SysWOW64\REG.exeREG DELETE HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot /f3⤵
-
-
C:\Windows\SysWOW64\REG.exeREG DELETE HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot /f3⤵
-
-
C:\Windows\SysWOW64\REG.exeREG DELETE HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot /f3⤵
- Modifies registry key
-
-
C:\Windows\SysWOW64\REG.exeREG DELETE HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot /f3⤵
- Modifies registry key
-
-
C:\Windows\SysWOW64\REG.exeREG DELETE HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot /f3⤵
-
-
C:\Windows\SysWOW64\REG.exeREG DELETE HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot /f3⤵
-
-
C:\Windows\SysWOW64\REG.exeREG DELETE HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot /f3⤵
-
-
-
C:\windows\SysWOW64\32rc.exeC:\windows\system32\32rc.exe2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
Network
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Event Triggered Execution
1Change Default File Association
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Event Triggered Execution
1Change Default File Association
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
188KB
MD57ba0e6ffb92209afe74c5cd6b0db8529
SHA16c8967483fb708b451a0bf955938ddf5147bb21f
SHA256216054dfbef3c8a1a645d0e5aec1c418fa1e965836b0cdf84fcd471fc1d85ce5
SHA512ec6d4cc806b946312908a09de8aa28b3e2dc70b3e785c00abad075116078a8283c743535bb2b489673797ee490575241701fc5df010a977f1901f38da429a65e
-
Filesize
8KB
MD5f9f7458e38836264fadd8769e4f0593d
SHA1263fde556ff45d19ace363febaf2ebbe0a1ac4cd
SHA256db2805e1c03086d98463331811f8c1021fd11c1f85b9b1532045fd72de2a31f0
SHA51245861833b9b5e3448aa10d39323749617532ecfc5f6d2d29e823c6760e8f2fe610086317eee4e3f6d4b1d446a9309b7e8c70fd7567bb541058ebd75563cdb535
-
Filesize
52KB
-
Filesize
52KB
-
Filesize
52KB
-
Filesize
52KB