bc52edf75f10223dfca0e123d41dec31eb9f64686fccc2382ec37d0430eb1e5b

Analysis

max time kernel
150s
max time network
154s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
11-05-2024 12:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

043bfc763475d8f9a02fe32bb95fd500_NeikiAnalytics.exe
Size

73KB
MD5

043bfc763475d8f9a02fe32bb95fd500
SHA1

ede2fcc8645ee581903c6ce1c1fa99cc257b7a1a
SHA256

bc52edf75f10223dfca0e123d41dec31eb9f64686fccc2382ec37d0430eb1e5b
SHA512

6faf01f4f31737af76a5bf42ce576959a2332ce032fcce2d4900eed7d4e3eb1204e6ca7b41e01d3acbde95b82a0729e844d0765b0086644f8f29a4369439e420
SSDEEP

1536:sDcLLfPxPtp14zgyXVdtnBDvtwHNWnnnl:sDKLzn4zgyXVd1NSE

Score

8^/10

evasion

Malware Config

Signatures

Sets file to hidden 1 TTPs 1 IoCs

Modifies file attributes to stop it showing in Explorer etc.

evasion

Hidden Files and Directories

T1564.001

pid	Process
2044	attrib.exe

Deletes itself 1 IoCs

pid	Process
876	cmd.exe

Executes dropped EXE 64 IoCs

pid	Process
2356	scchost.exe
1276	scchost.exe
2008	scchost.exe
516	scchost.exe
1100	scchost.exe
2464	scchost.exe
2536	scchost.exe
2688	scchost.exe
1828	scchost.exe
2908	scchost.exe
3000	scchost.exe
3052	scchost.exe
2896	scchost.exe
2492	scchost.exe
2504	scchost.exe
2060	scchost.exe
2108	scchost.exe
2740	scchost.exe
952	scchost.exe
772	scchost.exe
2392	scchost.exe
2224	scchost.exe
1968	scchost.exe
1708	scchost.exe
2168	scchost.exe
776	scchost.exe
596	scchost.exe
2412	scchost.exe
2672	scchost.exe
2596	scchost.exe
2532	scchost.exe
2656	scchost.exe
2632	scchost.exe
2520	scchost.exe
1836	scchost.exe
1824	scchost.exe
2988	scchost.exe
2104	scchost.exe
1512	scchost.exe
2516	scchost.exe
1392	scchost.exe
1452	scchost.exe
2068	scchost.exe
1732	scchost.exe
2140	scchost.exe
2184	scchost.exe
1692	scchost.exe
1036	scchost.exe
1288	scchost.exe
2604	scchost.exe
2564	scchost.exe
464	scchost.exe
548	scchost.exe
1880	scchost.exe
2772	scchost.exe
1772	scchost.exe
2704	scchost.exe
1632	scchost.exe
1940	scchost.exe
2836	scchost.exe
2536	scchost.exe
1808	scchost.exe
2436	scchost.exe
3004	scchost.exe

Loads dropped DLL 64 IoCs

pid	Process
1288	WerFault.exe
1288	WerFault.exe
1288	WerFault.exe
1288	WerFault.exe
1288	WerFault.exe
1288	WerFault.exe
2328	WerFault.exe
2328	WerFault.exe
2328	WerFault.exe
2328	WerFault.exe
2328	WerFault.exe
2328	WerFault.exe
704	WerFault.exe
704	WerFault.exe
704	WerFault.exe
704	WerFault.exe
704	WerFault.exe
704	WerFault.exe
2412	WerFault.exe
2412	WerFault.exe
2412	WerFault.exe
2412	WerFault.exe
2412	WerFault.exe
2412	WerFault.exe
2616	WerFault.exe
2616	WerFault.exe
2616	WerFault.exe
2616	WerFault.exe
2616	WerFault.exe
2616	WerFault.exe
2828	WerFault.exe
2828	WerFault.exe
2828	WerFault.exe
2828	WerFault.exe
2828	WerFault.exe
2828	WerFault.exe
2856	WerFault.exe
2856	WerFault.exe
2856	WerFault.exe
2856	WerFault.exe
2856	WerFault.exe
2856	WerFault.exe
1868	WerFault.exe
1868	WerFault.exe
1868	WerFault.exe
1868	WerFault.exe
1868	WerFault.exe
1868	WerFault.exe
1780	WerFault.exe
1780	WerFault.exe
1780	WerFault.exe
1780	WerFault.exe
1780	WerFault.exe
1780	WerFault.exe
3020	WerFault.exe
3020	WerFault.exe
3020	WerFault.exe
3020	WerFault.exe
3020	WerFault.exe
3020	WerFault.exe
2980	WerFault.exe
2980	WerFault.exe
2980	WerFault.exe
2980	WerFault.exe

Drops file in Windows directory 3 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Debug\scchost.exe	attrib.exe
File created	C:\Windows\Debug\scchost.exe	043bfc763475d8f9a02fe32bb95fd500_NeikiAnalytics.exe
File opened for modification	C:\Windows\Debug\scchost.exe	043bfc763475d8f9a02fe32bb95fd500_NeikiAnalytics.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 64 IoCs

pid	pid_target	Process	procid_target
1288	2356	WerFault.exe	32
2328	1276	WerFault.exe	36
704	2008	WerFault.exe	38
2412	516	WerFault.exe	40
2616	1100	WerFault.exe	42
2828	2464	WerFault.exe	44
2856	2536	WerFault.exe	46
1868	2688	WerFault.exe	48
1780	1828	WerFault.exe	50
3020	2908	WerFault.exe	52
2980	3000	WerFault.exe	54
1404	3052	WerFault.exe	56
2808	2896	WerFault.exe	58
2804	2492	WerFault.exe	60
2448	2504	WerFault.exe	62
2880	2060	WerFault.exe	64
640	2108	WerFault.exe	66
1764	2740	WerFault.exe	68
2584	952	WerFault.exe	70
1592	772	WerFault.exe	72
1296	2392	WerFault.exe	74
1568	2224	WerFault.exe	76
2592	1968	WerFault.exe	78
2000	1708	WerFault.exe	80
1984	2168	WerFault.exe	82
548	776	WerFault.exe	84
2408	596	WerFault.exe	86
956	2412	WerFault.exe	88
1772	2672	WerFault.exe	90
2872	2596	WerFault.exe	92
2472	2532	WerFault.exe	94
2856	2656	WerFault.exe	96
2620	2632	WerFault.exe	98
2864	2520	WerFault.exe	100
1780	1836	WerFault.exe	102
3008	1824	WerFault.exe	104
2980	2988	WerFault.exe	106
1404	2104	WerFault.exe	108
2808	1512	WerFault.exe	110
2804	2516	WerFault.exe	112
2448	1392	WerFault.exe	114
2892	1452	WerFault.exe	116
2064	2068	WerFault.exe	118
276	1732	WerFault.exe	120
832	2140	WerFault.exe	122
1696	2184	WerFault.exe	124
1116	1692	WerFault.exe	126
1416	1036	WerFault.exe	128
944	1288	WerFault.exe	130
1272	2604	WerFault.exe	132
1264	2564	WerFault.exe	134
1436	464	WerFault.exe	136
1752	548	WerFault.exe	138
2404	1880	WerFault.exe	140
516	2772	WerFault.exe	142
2376	1772	WerFault.exe	144
1684	2704	WerFault.exe	146
2552	1632	WerFault.exe	148
2600	1940	WerFault.exe	150
2620	2836	WerFault.exe	152
2256	2536	WerFault.exe	154
2708	1808	WerFault.exe	156
2972	2436	WerFault.exe	158
3012	3004	WerFault.exe	160

Checks processor information in registry 2 TTPs 64 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	scchost.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	scchost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	scchost.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	scchost.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	scchost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	scchost.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	scchost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	scchost.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	scchost.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	scchost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	scchost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	scchost.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	scchost.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	scchost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	scchost.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	scchost.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	scchost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	scchost.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	scchost.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	scchost.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	scchost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	scchost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	scchost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	scchost.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	scchost.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	scchost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	scchost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	scchost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	scchost.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	scchost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	scchost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	scchost.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	scchost.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	scchost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	scchost.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	scchost.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	scchost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	scchost.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	scchost.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	scchost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	scchost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	scchost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	scchost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	scchost.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	scchost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	scchost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	scchost.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	scchost.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	scchost.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	scchost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	scchost.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	scchost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	scchost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	scchost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	scchost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	scchost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	scchost.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	scchost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	scchost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	scchost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	scchost.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	scchost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	scchost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	scchost.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeIncBasePriorityPrivilege	2224	043bfc763475d8f9a02fe32bb95fd500_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2224 wrote to memory of 2044	2224	043bfc763475d8f9a02fe32bb95fd500_NeikiAnalytics.exe	30
PID 2224 wrote to memory of 2044	2224	043bfc763475d8f9a02fe32bb95fd500_NeikiAnalytics.exe	30
PID 2224 wrote to memory of 2044	2224	043bfc763475d8f9a02fe32bb95fd500_NeikiAnalytics.exe	30
PID 2224 wrote to memory of 2044	2224	043bfc763475d8f9a02fe32bb95fd500_NeikiAnalytics.exe	30
PID 2224 wrote to memory of 876	2224	043bfc763475d8f9a02fe32bb95fd500_NeikiAnalytics.exe	33
PID 2224 wrote to memory of 876	2224	043bfc763475d8f9a02fe32bb95fd500_NeikiAnalytics.exe	33
PID 2224 wrote to memory of 876	2224	043bfc763475d8f9a02fe32bb95fd500_NeikiAnalytics.exe	33
PID 2224 wrote to memory of 876	2224	043bfc763475d8f9a02fe32bb95fd500_NeikiAnalytics.exe	33
PID 2356 wrote to memory of 1288	2356	scchost.exe	35
PID 2356 wrote to memory of 1288	2356	scchost.exe	35
PID 2356 wrote to memory of 1288	2356	scchost.exe	35
PID 2356 wrote to memory of 1288	2356	scchost.exe	35
PID 1276 wrote to memory of 2328	1276	scchost.exe	37
PID 1276 wrote to memory of 2328	1276	scchost.exe	37
PID 1276 wrote to memory of 2328	1276	scchost.exe	37
PID 1276 wrote to memory of 2328	1276	scchost.exe	37
PID 2008 wrote to memory of 704	2008	scchost.exe	39
PID 2008 wrote to memory of 704	2008	scchost.exe	39
PID 2008 wrote to memory of 704	2008	scchost.exe	39
PID 2008 wrote to memory of 704	2008	scchost.exe	39
PID 516 wrote to memory of 2412	516	scchost.exe	41
PID 516 wrote to memory of 2412	516	scchost.exe	41
PID 516 wrote to memory of 2412	516	scchost.exe	41
PID 516 wrote to memory of 2412	516	scchost.exe	41
PID 1100 wrote to memory of 2616	1100	scchost.exe	43
PID 1100 wrote to memory of 2616	1100	scchost.exe	43
PID 1100 wrote to memory of 2616	1100	scchost.exe	43
PID 1100 wrote to memory of 2616	1100	scchost.exe	43
PID 2464 wrote to memory of 2828	2464	scchost.exe	45
PID 2464 wrote to memory of 2828	2464	scchost.exe	45
PID 2464 wrote to memory of 2828	2464	scchost.exe	45
PID 2464 wrote to memory of 2828	2464	scchost.exe	45
PID 2536 wrote to memory of 2856	2536	scchost.exe	47
PID 2536 wrote to memory of 2856	2536	scchost.exe	47
PID 2536 wrote to memory of 2856	2536	scchost.exe	47
PID 2536 wrote to memory of 2856	2536	scchost.exe	47
PID 2688 wrote to memory of 1868	2688	scchost.exe	49
PID 2688 wrote to memory of 1868	2688	scchost.exe	49
PID 2688 wrote to memory of 1868	2688	scchost.exe	49
PID 2688 wrote to memory of 1868	2688	scchost.exe	49
PID 1828 wrote to memory of 1780	1828	scchost.exe	51
PID 1828 wrote to memory of 1780	1828	scchost.exe	51
PID 1828 wrote to memory of 1780	1828	scchost.exe	51
PID 1828 wrote to memory of 1780	1828	scchost.exe	51
PID 2908 wrote to memory of 3020	2908	scchost.exe	53
PID 2908 wrote to memory of 3020	2908	scchost.exe	53
PID 2908 wrote to memory of 3020	2908	scchost.exe	53
PID 2908 wrote to memory of 3020	2908	scchost.exe	53
PID 3000 wrote to memory of 2980	3000	scchost.exe	55
PID 3000 wrote to memory of 2980	3000	scchost.exe	55
PID 3000 wrote to memory of 2980	3000	scchost.exe	55
PID 3000 wrote to memory of 2980	3000	scchost.exe	55
PID 3052 wrote to memory of 1404	3052	scchost.exe	57
PID 3052 wrote to memory of 1404	3052	scchost.exe	57
PID 3052 wrote to memory of 1404	3052	scchost.exe	57
PID 3052 wrote to memory of 1404	3052	scchost.exe	57
PID 2896 wrote to memory of 2808	2896	scchost.exe	59
PID 2896 wrote to memory of 2808	2896	scchost.exe	59
PID 2896 wrote to memory of 2808	2896	scchost.exe	59
PID 2896 wrote to memory of 2808	2896	scchost.exe	59
PID 2492 wrote to memory of 2804	2492	scchost.exe	61
PID 2492 wrote to memory of 2804	2492	scchost.exe	61
PID 2492 wrote to memory of 2804	2492	scchost.exe	61
PID 2492 wrote to memory of 2804	2492	scchost.exe	61

Views/modifies file attributes 1 TTPs 1 IoCs

evasion

Hidden Files and Directories

T1564.001

pid	Process
2044	attrib.exe

C:\Users\Admin\AppData\Local\Temp\043bfc763475d8f9a02fe32bb95fd500_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\043bfc763475d8f9a02fe32bb95fd500_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2224
- C:\Windows\SysWOW64\attrib.exe
  attrib +a +s +h +r C:\Windows\Debug\scchost.exe
  2⤵
  - Sets file to hidden
  - Drops file in Windows directory
  - Views/modifies file attributes
  PID:2044
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\system32\cmd.exe" /c del C:\Users\Admin\AppData\Local\Temp\043BFC~1.EXE > nul
  2⤵
  - Deletes itself
  PID:876

C:\Windows\Debug\scchost.exe
C:\Windows\Debug\scchost.exe
1⤵
- Executes dropped EXE
- Checks processor information in registry
- Suspicious use of WriteProcessMemory
PID:2356
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2356 -s 460
  2⤵
  - Loads dropped DLL
  - Program crash
  PID:1288

C:\Windows\Debug\scchost.exe
C:\Windows\Debug\scchost.exe
1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1276
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1276 -s 460
  2⤵
  - Loads dropped DLL
  - Program crash
  PID:2328

C:\Windows\Debug\scchost.exe
C:\Windows\Debug\scchost.exe
1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2008
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2008 -s 464
  2⤵
  - Loads dropped DLL
  - Program crash
  PID:704

C:\Windows\Debug\scchost.exe
C:\Windows\Debug\scchost.exe
1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:516
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 516 -s 460
  2⤵
  - Loads dropped DLL
  - Program crash
  PID:2412

C:\Windows\Debug\scchost.exe
C:\Windows\Debug\scchost.exe
1⤵
- Executes dropped EXE
- Checks processor information in registry
- Suspicious use of WriteProcessMemory
PID:1100
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1100 -s 460
  2⤵
  - Loads dropped DLL
  - Program crash
  PID:2616

C:\Windows\Debug\scchost.exe
C:\Windows\Debug\scchost.exe
1⤵
- Executes dropped EXE
- Checks processor information in registry
- Suspicious use of WriteProcessMemory
PID:2464
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2464 -s 460
  2⤵
  - Loads dropped DLL
  - Program crash
  PID:2828

C:\Windows\Debug\scchost.exe
C:\Windows\Debug\scchost.exe
1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2536
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2536 -s 460
  2⤵
  - Loads dropped DLL
  - Program crash
  PID:2856

C:\Windows\Debug\scchost.exe
C:\Windows\Debug\scchost.exe
1⤵
- Executes dropped EXE
- Checks processor information in registry
- Suspicious use of WriteProcessMemory
PID:2688
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2688 -s 460
  2⤵
  - Loads dropped DLL
  - Program crash
  PID:1868

C:\Windows\Debug\scchost.exe
C:\Windows\Debug\scchost.exe
1⤵
- Executes dropped EXE
- Checks processor information in registry
- Suspicious use of WriteProcessMemory
PID:1828
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1828 -s 460
  2⤵
  - Loads dropped DLL
  - Program crash
  PID:1780

C:\Windows\Debug\scchost.exe
C:\Windows\Debug\scchost.exe
1⤵
- Executes dropped EXE
- Checks processor information in registry
- Suspicious use of WriteProcessMemory
PID:2908
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2908 -s 460
  2⤵
  - Loads dropped DLL
  - Program crash
  PID:3020

C:\Windows\Debug\scchost.exe
C:\Windows\Debug\scchost.exe
1⤵
- Executes dropped EXE
- Checks processor information in registry
- Suspicious use of WriteProcessMemory
PID:3000
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3000 -s 460
  2⤵
  - Loads dropped DLL
  - Program crash
  PID:2980

C:\Windows\Debug\scchost.exe
C:\Windows\Debug\scchost.exe
1⤵
- Executes dropped EXE
- Checks processor information in registry
- Suspicious use of WriteProcessMemory
PID:3052
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3052 -s 460
  2⤵
  - Program crash
  PID:1404

C:\Windows\Debug\scchost.exe
C:\Windows\Debug\scchost.exe
1⤵
- Executes dropped EXE
- Checks processor information in registry
- Suspicious use of WriteProcessMemory
PID:2896
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2896 -s 460
  2⤵
  - Program crash
  PID:2808

C:\Windows\Debug\scchost.exe
C:\Windows\Debug\scchost.exe
1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2492
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2492 -s 460
  2⤵
  - Program crash
  PID:2804

C:\Windows\Debug\scchost.exe
C:\Windows\Debug\scchost.exe
1⤵
- Executes dropped EXE
- Checks processor information in registry
PID:2504
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2504 -s 460
  2⤵
  - Program crash
  PID:2448

C:\Windows\Debug\scchost.exe
C:\Windows\Debug\scchost.exe
1⤵
- Executes dropped EXE
- Checks processor information in registry
PID:2060
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2060 -s 460
  2⤵
  - Program crash
  PID:2880

C:\Windows\Debug\scchost.exe
C:\Windows\Debug\scchost.exe
1⤵
- Executes dropped EXE
- Checks processor information in registry
PID:2108
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2108 -s 460
  2⤵
  - Program crash
  PID:640

C:\Windows\Debug\scchost.exe
C:\Windows\Debug\scchost.exe
1⤵
- Executes dropped EXE
- Checks processor information in registry
PID:2740
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2740 -s 460
  2⤵
  - Program crash
  PID:1764

C:\Windows\Debug\scchost.exe
C:\Windows\Debug\scchost.exe
1⤵
- Executes dropped EXE
PID:952
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 952 -s 460
  2⤵
  - Program crash
  PID:2584

C:\Windows\Debug\scchost.exe
C:\Windows\Debug\scchost.exe
1⤵
- Executes dropped EXE
PID:772
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 772 -s 464
  2⤵
  - Program crash
  PID:1592

C:\Windows\Debug\scchost.exe
C:\Windows\Debug\scchost.exe
1⤵
- Executes dropped EXE
- Checks processor information in registry
PID:2392
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2392 -s 460
  2⤵
  - Program crash
  PID:1296

C:\Windows\Debug\scchost.exe
C:\Windows\Debug\scchost.exe
1⤵
- Executes dropped EXE
- Checks processor information in registry
PID:2224
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2224 -s 460
  2⤵
  - Program crash
  PID:1568

C:\Windows\Debug\scchost.exe
C:\Windows\Debug\scchost.exe
1⤵
- Executes dropped EXE
- Checks processor information in registry
PID:1968
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1968 -s 460
  2⤵
  - Program crash
  PID:2592

C:\Windows\Debug\scchost.exe
C:\Windows\Debug\scchost.exe
1⤵
- Executes dropped EXE
PID:1708
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1708 -s 460
  2⤵
  - Program crash
  PID:2000

C:\Windows\Debug\scchost.exe
C:\Windows\Debug\scchost.exe
1⤵
- Executes dropped EXE
- Checks processor information in registry
PID:2168
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2168 -s 460
  2⤵
  - Program crash
  PID:1984

C:\Windows\Debug\scchost.exe
C:\Windows\Debug\scchost.exe
1⤵
- Executes dropped EXE
- Checks processor information in registry
PID:776
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 776 -s 460
  2⤵
  - Program crash
  PID:548

C:\Windows\Debug\scchost.exe
C:\Windows\Debug\scchost.exe
1⤵
- Executes dropped EXE
PID:596
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 596 -s 460
  2⤵
  - Program crash
  PID:2408

C:\Windows\Debug\scchost.exe
C:\Windows\Debug\scchost.exe
1⤵
- Executes dropped EXE
- Checks processor information in registry
PID:2412
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2412 -s 460
  2⤵
  - Program crash
  PID:956

C:\Windows\Debug\scchost.exe
C:\Windows\Debug\scchost.exe
1⤵
- Executes dropped EXE
- Checks processor information in registry
PID:2672
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2672 -s 460
  2⤵
  - Program crash
  PID:1772

C:\Windows\Debug\scchost.exe
C:\Windows\Debug\scchost.exe
1⤵
- Executes dropped EXE
- Checks processor information in registry
PID:2596
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2596 -s 460
  2⤵
  - Program crash
  PID:2872

C:\Windows\Debug\scchost.exe
C:\Windows\Debug\scchost.exe
1⤵
- Executes dropped EXE
- Checks processor information in registry
PID:2532
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2532 -s 460
  2⤵
  - Program crash
  PID:2472

C:\Windows\Debug\scchost.exe
C:\Windows\Debug\scchost.exe
1⤵
- Executes dropped EXE
PID:2656
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2656 -s 460
  2⤵
  - Program crash
  PID:2856

C:\Windows\Debug\scchost.exe
C:\Windows\Debug\scchost.exe
1⤵
- Executes dropped EXE
- Checks processor information in registry
PID:2632
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2632 -s 464
  2⤵
  - Program crash
  PID:2620

C:\Windows\Debug\scchost.exe
C:\Windows\Debug\scchost.exe
1⤵
- Executes dropped EXE
PID:2520
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2520 -s 460
  2⤵
  - Program crash
  PID:2864

C:\Windows\Debug\scchost.exe
C:\Windows\Debug\scchost.exe
1⤵
- Executes dropped EXE
- Checks processor information in registry
PID:1836
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1836 -s 460
  2⤵
  - Program crash
  PID:1780

C:\Windows\Debug\scchost.exe
C:\Windows\Debug\scchost.exe
1⤵
- Executes dropped EXE
PID:1824
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1824 -s 460
  2⤵
  - Program crash
  PID:3008

C:\Windows\Debug\scchost.exe
C:\Windows\Debug\scchost.exe
1⤵
- Executes dropped EXE
PID:2988
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2988 -s 460
  2⤵
  - Program crash
  PID:2980

C:\Windows\Debug\scchost.exe
C:\Windows\Debug\scchost.exe
1⤵
- Executes dropped EXE
- Checks processor information in registry
PID:2104
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2104 -s 460
  2⤵
  - Program crash
  PID:1404

C:\Windows\Debug\scchost.exe
C:\Windows\Debug\scchost.exe
1⤵
- Executes dropped EXE
PID:1512
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1512 -s 460
  2⤵
  - Program crash
  PID:2808

C:\Windows\Debug\scchost.exe
C:\Windows\Debug\scchost.exe
1⤵
- Executes dropped EXE
- Checks processor information in registry
PID:2516
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2516 -s 460
  2⤵
  - Program crash
  PID:2804

C:\Windows\Debug\scchost.exe
C:\Windows\Debug\scchost.exe
1⤵
- Executes dropped EXE
- Checks processor information in registry
PID:1392
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1392 -s 460
  2⤵
  - Program crash
  PID:2448

C:\Windows\Debug\scchost.exe
C:\Windows\Debug\scchost.exe
1⤵
- Executes dropped EXE
- Checks processor information in registry
PID:1452
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1452 -s 460
  2⤵
  - Program crash
  PID:2892

C:\Windows\Debug\scchost.exe
C:\Windows\Debug\scchost.exe
1⤵
- Executes dropped EXE
- Checks processor information in registry
PID:2068
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2068 -s 460
  2⤵
  - Program crash
  PID:2064

C:\Windows\Debug\scchost.exe
C:\Windows\Debug\scchost.exe
1⤵
- Executes dropped EXE
- Checks processor information in registry
PID:1732
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1732 -s 460
  2⤵
  - Program crash
  PID:276

C:\Windows\Debug\scchost.exe
C:\Windows\Debug\scchost.exe
1⤵
- Executes dropped EXE
- Checks processor information in registry
PID:2140
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2140 -s 460
  2⤵
  - Program crash
  PID:832

C:\Windows\Debug\scchost.exe
C:\Windows\Debug\scchost.exe
1⤵
- Executes dropped EXE
- Checks processor information in registry
PID:2184
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2184 -s 460
  2⤵
  - Program crash
  PID:1696

C:\Windows\Debug\scchost.exe
C:\Windows\Debug\scchost.exe
1⤵
- Executes dropped EXE
- Checks processor information in registry
PID:1692
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1692 -s 460
  2⤵
  - Program crash
  PID:1116

C:\Windows\Debug\scchost.exe
C:\Windows\Debug\scchost.exe
1⤵
- Executes dropped EXE
- Checks processor information in registry
PID:1036
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1036 -s 460
  2⤵
  - Program crash
  PID:1416

C:\Windows\Debug\scchost.exe
C:\Windows\Debug\scchost.exe
1⤵
- Executes dropped EXE
- Checks processor information in registry
PID:1288
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1288 -s 460
  2⤵
  - Program crash
  PID:944

C:\Windows\Debug\scchost.exe
C:\Windows\Debug\scchost.exe
1⤵
- Executes dropped EXE
- Checks processor information in registry
PID:2604
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2604 -s 460
  2⤵
  - Program crash
  PID:1272

C:\Windows\Debug\scchost.exe
C:\Windows\Debug\scchost.exe
1⤵
- Executes dropped EXE
PID:2564
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2564 -s 460
  2⤵
  - Program crash
  PID:1264

C:\Windows\Debug\scchost.exe
C:\Windows\Debug\scchost.exe
1⤵
- Executes dropped EXE
- Checks processor information in registry
PID:464
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 464 -s 460
  2⤵
  - Program crash
  PID:1436

C:\Windows\Debug\scchost.exe
C:\Windows\Debug\scchost.exe
1⤵
- Executes dropped EXE
PID:548
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 548 -s 460
  2⤵
  - Program crash
  PID:1752

C:\Windows\Debug\scchost.exe
C:\Windows\Debug\scchost.exe
1⤵
- Executes dropped EXE
- Checks processor information in registry
PID:1880
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1880 -s 460
  2⤵
  - Program crash
  PID:2404

C:\Windows\Debug\scchost.exe
C:\Windows\Debug\scchost.exe
1⤵
- Executes dropped EXE
- Checks processor information in registry
PID:2772
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2772 -s 460
  2⤵
  - Program crash
  PID:516

C:\Windows\Debug\scchost.exe
C:\Windows\Debug\scchost.exe
1⤵
- Executes dropped EXE
PID:1772
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1772 -s 460
  2⤵
  - Program crash
  PID:2376

C:\Windows\Debug\scchost.exe
C:\Windows\Debug\scchost.exe
1⤵
- Executes dropped EXE
- Checks processor information in registry
PID:2704
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2704 -s 460
  2⤵
  - Program crash
  PID:1684

C:\Windows\Debug\scchost.exe
C:\Windows\Debug\scchost.exe
1⤵
- Executes dropped EXE
- Checks processor information in registry
PID:1632
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1632 -s 460
  2⤵
  - Program crash
  PID:2552

C:\Windows\Debug\scchost.exe
C:\Windows\Debug\scchost.exe
1⤵
- Executes dropped EXE
- Checks processor information in registry
PID:1940
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1940 -s 464
  2⤵
  - Program crash
  PID:2600

C:\Windows\Debug\scchost.exe
C:\Windows\Debug\scchost.exe
1⤵
- Executes dropped EXE
- Checks processor information in registry
PID:2836
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2836 -s 460
  2⤵
  - Program crash
  PID:2620

C:\Windows\Debug\scchost.exe
C:\Windows\Debug\scchost.exe
1⤵
- Executes dropped EXE
- Checks processor information in registry
PID:2536
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2536 -s 464
  2⤵
  - Program crash
  PID:2256

C:\Windows\Debug\scchost.exe
C:\Windows\Debug\scchost.exe
1⤵
- Executes dropped EXE
- Checks processor information in registry
PID:1808
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1808 -s 460
  2⤵
  - Program crash
  PID:2708

C:\Windows\Debug\scchost.exe
C:\Windows\Debug\scchost.exe
1⤵
- Executes dropped EXE
PID:2436
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2436 -s 460
  2⤵
  - Program crash
  PID:2972

C:\Windows\Debug\scchost.exe
C:\Windows\Debug\scchost.exe
1⤵
- Executes dropped EXE
PID:3004
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3004 -s 460
  2⤵
  - Program crash
  PID:3012

C:\Windows\Debug\scchost.exe
C:\Windows\Debug\scchost.exe
1⤵
PID:1640
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1640 -s 460
  2⤵
  PID:2984

C:\Windows\Debug\scchost.exe
C:\Windows\Debug\scchost.exe
1⤵
PID:1516
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1516 -s 460
  2⤵
  PID:980

C:\Windows\Debug\scchost.exe
C:\Windows\Debug\scchost.exe
1⤵
- Checks processor information in registry
PID:908
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 908 -s 460
  2⤵
  PID:2608

C:\Windows\Debug\scchost.exe
C:\Windows\Debug\scchost.exe
1⤵
- Checks processor information in registry
PID:1556
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1556 -s 460
  2⤵
  PID:2440

C:\Windows\Debug\scchost.exe
C:\Windows\Debug\scchost.exe
1⤵
- Checks processor information in registry
PID:1456
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1456 -s 460
  2⤵
  PID:800

C:\Windows\Debug\scchost.exe
C:\Windows\Debug\scchost.exe
1⤵
- Checks processor information in registry
PID:2160
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2160 -s 460
  2⤵
  PID:1356

C:\Windows\Debug\scchost.exe
C:\Windows\Debug\scchost.exe
1⤵
- Checks processor information in registry
PID:1784
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1784 -s 460
  2⤵
  PID:2068

C:\Windows\Debug\scchost.exe
C:\Windows\Debug\scchost.exe
1⤵
PID:1768

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

T1564

Hidden Files and Directories

T1564.001

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\Debug\scchost.exe

Filesize
73KB

MD5
65056492e528690b5a1f309bb81b4d5b

SHA1
cb705b140e3bbccf819d7e8423cec58b1dfcc4a2

SHA256
6f0dabdb4656aa15b6fe81c444d5ab398df6885f15cb7c3f397277bc01bf4fb7

SHA512
8ba28b71c7e1b5ff0857245604b37444b412cb8dafc263426ced9afda30152e8f8b0c53b10d4704ae47e95e6a8d587f8389d214df620f09eec9d722d840f0a48

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads