Analysis
-
max time kernel
150s -
max time network
155s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
01-06-2024 21:06
General
-
Target
4b8f92aa6a002e641841214c6aff942cf2f44cbfb4ef570817a547638c277461.exe
-
Size
42KB
-
MD5
7534978911e4c25ea1911cfa2533ff3b
-
SHA1
e61c511c1bd3bb92af2a5858afa7196bce09b3a6
-
SHA256
4b8f92aa6a002e641841214c6aff942cf2f44cbfb4ef570817a547638c277461
-
SHA512
178f40305d30d6e4b190f6c2bd5dca36776597ddd2e0fae48edae4421a83844dd6578a101fda133ed16faef3aee059e0d2ba46af2493a93b8930243b44739fc8
-
SSDEEP
768:yiYoIfHbL8KatMHv+7dwwaleRp2OuyamBlabCY787fsBANeje:XbyYt7LagG3N13oDWAN7
Score
9/10
Malware Config
Signatures
-
UPX dump on OEP (original entry point) 52 IoCs
-
Deletes itself 1 IoCs
-
Executes dropped EXE 64 IoCs
-
Loads dropped DLL 64 IoCs
-
UPX packed file 55 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Drops file in System32 directory 64 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\4b8f92aa6a002e641841214c6aff942cf2f44cbfb4ef570817a547638c277461.exe"C:\Users\Admin\AppData\Local\Temp\4b8f92aa6a002e641841214c6aff942cf2f44cbfb4ef570817a547638c277461.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\wkihm.exe"C:\Windows\system32\wkihm.exe"2⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\wohuqh.exe"C:\Windows\system32\wohuqh.exe"3⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\wjpnnkr.exe"C:\Windows\system32\wjpnnkr.exe"4⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\whyea.exe"C:\Windows\system32\whyea.exe"5⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\wcqbifwcm.exe"C:\Windows\system32\wcqbifwcm.exe"6⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\wlmnffi.exe"C:\Windows\system32\wlmnffi.exe"7⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\wjnql.exe"C:\Windows\system32\wjnql.exe"8⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\wum.exe"C:\Windows\system32\wum.exe"9⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Windows\SysWOW64\wcld.exe"C:\Windows\system32\wcld.exe"10⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Windows\SysWOW64\wbvst.exe"C:\Windows\system32\wbvst.exe"11⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Windows\SysWOW64\wnnvt.exe"C:\Windows\system32\wnnvt.exe"12⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
-
C:\Windows\SysWOW64\wugqv.exe"C:\Windows\system32\wugqv.exe"13⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Windows\SysWOW64\wgxswciu.exe"C:\Windows\system32\wgxswciu.exe"14⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\wfgkjxvtw.exe"C:\Windows\system32\wfgkjxvtw.exe"15⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\wncwf.exe"C:\Windows\system32\wncwf.exe"16⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\wynxrrjy.exe"C:\Windows\system32\wynxrrjy.exe"17⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\wkaau.exe"C:\Windows\system32\wkaau.exe"18⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\wakxahhx.exe"C:\Windows\system32\wakxahhx.exe"19⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\wti.exe"C:\Windows\system32\wti.exe"20⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\wwnngwr.exe"C:\Windows\system32\wwnngwr.exe"21⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\wvmt.exe"C:\Windows\system32\wvmt.exe"22⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\wucj.exe"C:\Windows\system32\wucj.exe"23⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\wxwhha.exe"C:\Windows\system32\wxwhha.exe"24⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\wbpdrm.exe"C:\Windows\system32\wbpdrm.exe"25⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\whiwuq.exe"C:\Windows\system32\whiwuq.exe"26⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\woqfo.exe"C:\Windows\system32\woqfo.exe"27⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\wlypgc.exe"C:\Windows\system32\wlypgc.exe"28⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\wtrjigvne.exe"C:\Windows\system32\wtrjigvne.exe"29⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\wedkvaxu.exe"C:\Windows\system32\wedkvaxu.exe"30⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\wptanvidy.exe"C:\Windows\system32\wptanvidy.exe"31⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\worfu.exe"C:\Windows\system32\worfu.exe"32⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\wachijmv.exe"C:\Windows\system32\wachijmv.exe"33⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\wcweswn.exe"C:\Windows\system32\wcweswn.exe"34⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\wjenoy.exe"C:\Windows\system32\wjenoy.exe"35⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\wfu.exe"C:\Windows\system32\wfu.exe"36⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\wtxenpyky.exe"C:\Windows\system32\wtxenpyky.exe"37⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\wkhcrbegy.exe"C:\Windows\system32\wkhcrbegy.exe"38⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\wlcydngjd.exe"C:\Windows\system32\wlcydngjd.exe"39⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\wxoagsvnk.exe"C:\Windows\system32\wxoagsvnk.exe"40⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\wirbgp.exe"C:\Windows\system32\wirbgp.exe"41⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\wxjmqceh.exe"C:\Windows\system32\wxjmqceh.exe"42⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\wfcfthib.exe"C:\Windows\system32\wfcfthib.exe"43⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\wtmcwro.exe"C:\Windows\system32\wtmcwro.exe"44⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\whmuem.exe"C:\Windows\system32\whmuem.exe"45⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\wjuh.exe"C:\Windows\system32\wjuh.exe"46⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\wufjvsy.exe"C:\Windows\system32\wufjvsy.exe"47⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\wxnuyera.exe"C:\Windows\system32\wxnuyera.exe"48⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\wqiyb.exe"C:\Windows\system32\wqiyb.exe"49⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\wxbsd.exe"C:\Windows\system32\wxbsd.exe"50⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\wtsnmni.exe"C:\Windows\system32\wtsnmni.exe"51⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\wiqckxeuj.exe"C:\Windows\system32\wiqckxeuj.exe"52⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\wopxyb.exe"C:\Windows\system32\wopxyb.exe"53⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\wdpogukq.exe"C:\Windows\system32\wdpogukq.exe"54⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\wrymjfql.exe"C:\Windows\system32\wrymjfql.exe"55⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\wusjts.exe"C:\Windows\system32\wusjts.exe"56⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\wlrlaao.exe"C:\Windows\system32\wlrlaao.exe"57⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\wtgwhbs.exe"C:\Windows\system32\wtgwhbs.exe"58⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\wgfonvjmb.exe"C:\Windows\system32\wgfonvjmb.exe"59⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\widsrln.exe"C:\Windows\system32\widsrln.exe"60⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\wbmmn.exe"C:\Windows\system32\wbmmn.exe"61⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\wrmalys.exe"C:\Windows\system32\wrmalys.exe"62⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\wpmds.exe"C:\Windows\system32\wpmds.exe"63⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\wvgvu.exe"C:\Windows\system32\wvgvu.exe"64⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\wwkdoop.exe"C:\Windows\system32\wwkdoop.exe"65⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\wydayb.exe"C:\Windows\system32\wydayb.exe"66⤵
-
C:\Windows\SysWOW64\wfidig.exe"C:\Windows\system32\wfidig.exe"67⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\wqasacqt.exe"C:\Windows\system32\wqasacqt.exe"68⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\wkknvfbe.exe"C:\Windows\system32\wkknvfbe.exe"69⤵
-
C:\Windows\SysWOW64\wrchyih.exe"C:\Windows\system32\wrchyih.exe"70⤵
-
C:\Windows\SysWOW64\wexoly.exe"C:\Windows\system32\wexoly.exe"71⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\wtlvjn.exe"C:\Windows\system32\wtlvjn.exe"72⤵
-
C:\Windows\SysWOW64\wsxhpdx.exe"C:\Windows\system32\wsxhpdx.exe"73⤵
-
C:\Windows\SysWOW64\wcthra.exe"C:\Windows\system32\wcthra.exe"74⤵
-
C:\Windows\SysWOW64\wfmdem.exe"C:\Windows\system32\wfmdem.exe"75⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\wdvuqgy.exe"C:\Windows\system32\wdvuqgy.exe"76⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\wqnxqx.exe"C:\Windows\system32\wqnxqx.exe"77⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\wsvlukbhx.exe"C:\Windows\system32\wsvlukbhx.exe"78⤵
-
C:\Windows\SysWOW64\wwwjrvmu.exe"C:\Windows\system32\wwwjrvmu.exe"79⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\wgais.exe"C:\Windows\system32\wgais.exe"80⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\wjvsa.exe"C:\Windows\system32\wjvsa.exe"81⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\wmeffynp.exe"C:\Windows\system32\wmeffynp.exe"82⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\whgxnep.exe"C:\Windows\system32\whgxnep.exe"83⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\wsfebti.exe"C:\Windows\system32\wsfebti.exe"84⤵
- Drops file in System32 directory
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\whgxnep.exe"84⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wmeffynp.exe"83⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wjvsa.exe"82⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wgais.exe"81⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wwwjrvmu.exe"80⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wsvlukbhx.exe"79⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wqnxqx.exe"78⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wdvuqgy.exe"77⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wfmdem.exe"76⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wcthra.exe"75⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wsxhpdx.exe"74⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wtlvjn.exe"73⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wexoly.exe"72⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wrchyih.exe"71⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wkknvfbe.exe"70⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wqasacqt.exe"69⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wfidig.exe"68⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wydayb.exe"67⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wwkdoop.exe"66⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wvgvu.exe"65⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wpmds.exe"64⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wrmalys.exe"63⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wbmmn.exe"62⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\widsrln.exe"61⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wgfonvjmb.exe"60⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wtgwhbs.exe"59⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wlrlaao.exe"58⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wusjts.exe"57⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wrymjfql.exe"56⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wdpogukq.exe"55⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wopxyb.exe"54⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wiqckxeuj.exe"53⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wtsnmni.exe"52⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wxbsd.exe"51⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wqiyb.exe"50⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wxnuyera.exe"49⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wufjvsy.exe"48⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wjuh.exe"47⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\whmuem.exe"46⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wtmcwro.exe"45⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wfcfthib.exe"44⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wxjmqceh.exe"43⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wirbgp.exe"42⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wxoagsvnk.exe"41⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wlcydngjd.exe"40⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wkhcrbegy.exe"39⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wtxenpyky.exe"38⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wfu.exe"37⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wjenoy.exe"36⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wcweswn.exe"35⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wachijmv.exe"34⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\worfu.exe"33⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wptanvidy.exe"32⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wedkvaxu.exe"31⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wtrjigvne.exe"30⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wlypgc.exe"29⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\woqfo.exe"28⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\whiwuq.exe"27⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wbpdrm.exe"26⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wxwhha.exe"25⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wucj.exe"24⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wvmt.exe"23⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wwnngwr.exe"22⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wti.exe"21⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wakxahhx.exe"20⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wkaau.exe"19⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wynxrrjy.exe"18⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wncwf.exe"17⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wfgkjxvtw.exe"16⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wgxswciu.exe"15⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wugqv.exe"14⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wnnvt.exe"13⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wbvst.exe"12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wcld.exe"11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wum.exe"10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wjnql.exe"9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wlmnffi.exe"8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wcqbifwcm.exe"7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\whyea.exe"6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wjpnnkr.exe"5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wohuqh.exe"4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wkihm.exe"3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del "C:\Users\Admin\AppData\Local\Temp\4b8f92aa6a002e641841214c6aff942cf2f44cbfb4ef570817a547638c277461.exe"2⤵
- Deletes itself
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
99B
MD5b5a1d13993f5e7b3317878dc33bc88ea
SHA1901fd7101471c272ad9ca22a96a90771800f8857
SHA256f2de45600f95bcc63b4e2006d08a38ef59132cb3d9f754886069054b9cd3a411
SHA5126323c8609acf9be563ff9a21d81dbfe5438eef8cbb01f658b3cb1c6a784582c6b6c8aff91c48c426e0827eb0803c10b56f627c7a1b781211e90588f593e801ec
-
Filesize
43KB
MD5a89ec400de1577cb827c9fe70abe9f00
SHA13cbdfba8abd5baddf4e974b76aa669aea7f211b9
SHA256a08e04c2bacb1634f2a70ea9a8e3090c6c7c5be9ae8116d68d458bf3c2813ebb
SHA512ffb0d953d4690dd5fc3ccf2ca3a3fd2ec16eade0538858b09d83bcbc31b2ca266368d00cd643dcf04060325116a553fb39dd289fca19ef79b6572781fac40ef8
-
Filesize
43KB
MD5aa5aa5c3edb65258b56782e4589fefba
SHA11419c6c3371509529eb8220e4e3caa16aed597fa
SHA256994368d42a04256d26c4fbbf62b7beb50658755b67635bf6b8e5e7f997a30b9a
SHA5125612f9bc203c1e1fb3c740cf559ecb723d5878ed49dc9841eb40fb7e8740b4f2450de72542eed9bcec6b26298de7eb3307e0062ba71ecb6c5595f8a5f4260c4d
-
Filesize
43KB
MD55767349b1c2b7a392e4a980fbaad5d28
SHA10008765681a6fc235715ace1b02373d7bcbb2deb
SHA2564d13a12f10397077fa1b5208e5a689a6f2ad47774027a2acec508a5ef545ccb5
SHA5126072dfd71d9efccb6bcd3c102ecf03a0ee0ae53e39bf92bab632a4ce299ccf4553095ad433449b07d035117947efbbbcaf2146ea28f7fe34888bfb36678081ea
-
Filesize
43KB
MD570ad291b3eacd3ddeb09fa3fdb35103a
SHA12811f1f84e1ec587ad4de566e9d26c340a7fd26a
SHA2561f02689b4407cd6d855cb0c84d0140cd4e9f1798de82940893fd16412550c656
SHA5121d576ef662612ef1700013d637b8163f9c5bc5b487da5ace44ba643a79e8bf082497764837381154529175e5ba1b476caa0d3d385d8f9f62ff8d28e9ab6b8ec9
-
Filesize
43KB
MD5c8dd16d3cbbe67f80675f6aae5d48c56
SHA1e62d795d923b363ca685da6c95877f7a42b4e4ca
SHA256367a7728fdbed9da28243abdca38ea6b9db34706a38c7c69082468dc0c9833cb
SHA512375cb30b62fa0bf69fabbe9eacf69c6c01a7cb7628ee301e1c76bc084ca15f195a0a75b0b5b38466d73d12749a1379fa50ad7f6c9d5b188e92c4393252299e06
-
Filesize
43KB
MD5e6a0fc7e2d6140d61acfef26b880ed09
SHA1c53f5f033b610bf9e7cac68fe64fc8774acfb99a
SHA256fdc1e534db4fb7008449cfefbd1292fb58d05a818c87f6bdc3fb2816ef5c169f
SHA512582684c5eec868e42a011f99dfc15a6a534e1feb8fe1013a7b71942d23a0f5995a5ae8764f0cd9708c7520d923c81d871c1130a935b9a6b21ddc1a041c93cac9
-
Filesize
42KB
MD5a5e05dd8876bab0afa82ab42c0dc2f1f
SHA1020e1133e588b19addd33acc197f942bf9a6a1ff
SHA25625ee0b9f10586bfa6895a487845a64a2a417ac0bb03378844c325d75eba94f93
SHA51221bbc17f9d00a4cfb5cdd383028a96494eb23c3338eabacaf42e5f9a100d280b83fd17e2952a3c843ec30803e6d548d1324a19b3c6f6e435117331f591d9e4e8
-
Filesize
43KB
MD5593757b3e3b1dec8a7f27eee1f277190
SHA1d1396e86be7d500a9c266cdced0e222e78ecc283
SHA256860a998a1e0fa326aadc345cb8df3ff51562222a9eba404768408d941ee0ddf9
SHA512e5f2d8f5607cef12a0e6c488f31b7596441a15067bcb9044da6b584eee3b9533c93ac2d329f3d791e78114a49d2fcaaef0754346a563376548df66198a06ac06
-
Filesize
43KB
MD58ed0b0a1b1b77e641f5e9a45d0e56c79
SHA189c4b1bd4e9d5faf3e36c0fd95f0493273daa76d
SHA256cd97157529da9d844ef59e810014131f1f78bac5c98c74394ebe84ce3b8e8f2e
SHA512937bd9696fef4a12e56740e4b0d8b2eec4924576b880509c80131d5d2681dae1feed8e192f9834889a3788a0b22092946fd075904bef193fa9d3023a0f0a1e8c
-
Filesize
43KB
MD56c76ccb62e3c2c89e86825c1c0f4c1bd
SHA1d7fa300f222979c46649ba8a158287118b7a9702
SHA2568fa047ab12913fcbf9f62e46ee9c6b1fde38599bf73e8cfaacce7a3345154e3c
SHA512c4e373956ab6d88489890468188698f3ced8f1ac7ddf17899fb2e5d588c530975b645fa70f89d8b883beea3a389df0d937829fa2919ababc2d95ab550f7ae42a
-
Filesize
104KB
-
Filesize
104KB
-
Filesize
104KB
-
Filesize
44KB
-
Filesize
104KB
-
Filesize
44KB
-
Filesize
104KB
-
Filesize
104KB
-
Filesize
104KB
-
Filesize
104KB
-
Filesize
104KB
-
Filesize
104KB
-
Filesize
44KB
-
Filesize
104KB
-
Filesize
104KB
-
Filesize
104KB
-
Filesize
104KB
-
Filesize
104KB
-
Filesize
104KB
-
Filesize
104KB
-
Filesize
104KB
-
Filesize
104KB
-
Filesize
104KB
-
Filesize
104KB
-
Filesize
104KB
-
Filesize
104KB
-
Filesize
44KB
-
Filesize
104KB
-
Filesize
104KB
-
Filesize
104KB
-
Filesize
104KB
-
Filesize
104KB
-
Filesize
104KB
-
Filesize
104KB
-
Filesize
104KB
-
Filesize
104KB
-
Filesize
104KB
-
Filesize
104KB
-
Filesize
104KB
-
Filesize
44KB
-
Filesize
104KB
-
Filesize
104KB
-
Filesize
104KB
-
Filesize
104KB
-
Filesize
104KB
-
Filesize
104KB
-
Filesize
104KB
-
Filesize
44KB
-
Filesize
104KB
-
Filesize
104KB
-
Filesize
44KB
-
Filesize
104KB
-
Filesize
104KB
-
Filesize
104KB
-
Filesize
104KB
-
Filesize
104KB
-
Filesize
104KB
-
Filesize
104KB
-
Filesize
104KB
-
Filesize
44KB
-
Filesize
104KB
-
Filesize
104KB
-
Filesize
104KB
-
Filesize
104KB
-
Filesize
104KB
-
Filesize
44KB
-
Filesize
104KB
-
Filesize
104KB
-
Filesize
104KB
-
Filesize
104KB
-
Filesize
104KB
-
Filesize
104KB
-
Filesize
44KB
-
Filesize
104KB
-
Filesize
104KB
-
Filesize
104KB
-
Filesize
104KB
-
Filesize
104KB
-
Filesize
44KB
-
Filesize
44KB
-
Filesize
104KB
-
Filesize
104KB
-
Filesize
104KB
-
Filesize
104KB
-
Filesize
104KB
-
Filesize
104KB
-
Filesize
104KB
-
Filesize
104KB
-
Filesize
104KB
-
Filesize
104KB
-
Filesize
104KB
-
Filesize
44KB
-
Filesize
104KB
-
Filesize
104KB
-
Filesize
104KB
-
Filesize
44KB
-
Filesize
104KB
-
Filesize
104KB
-
Filesize
104KB