Analysis
-
max time kernel
147s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
10-06-2024 23:40
Static task
static1
Behavioral task
behavioral1
Sample
NicoVirus.rar
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
NicoVirus.rar
Resource
win10v2004-20240426-en
General
-
Target
NicoVirus.rar
-
Size
49KB
-
MD5
e1f2077603f210a2a4d50a973e17599c
-
SHA1
c4c5d4d0a75a521dbfb0ecdaf044a8e325b7ec16
-
SHA256
540a9d2c26aa115b2ff9de27cc5a9dd5f2e18b3e23a2ec2d940b0b8bc046d8a3
-
SHA512
57a2b4625e4cc20e9726e83f831eba1887f419abdb1bd1e24c812ad869caeeaac04da72aa894fdf93c8238e60cfcab40d42b43b9a2e7bd1231a7b4af7a828ffd
-
SSDEEP
1536:KagibNDNuUXqo0nYszAj4W4RllGsXBDZUtpXmzFd0/:vHuUXWnYszA4/82l2m6
Malware Config
Signatures
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
description ioc Process Key value queried \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Control Panel\International\Geo\Nation cmd.exe -
Sets desktop wallpaper using registry 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\NicoVirus\\f.jpg" reg.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\Local Settings cmd.exe Key created \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\Local Settings OpenWith.exe -
Runs ping.exe 1 TTPs 64 IoCs
pid Process 6260 PING.EXE 7260 PING.EXE 10516 PING.EXE 1520 PING.EXE 8692 PING.EXE 9196 PING.EXE 9164 PING.EXE 9084 PING.EXE 11976 PING.EXE 7596 PING.EXE 8944 PING.EXE 8544 PING.EXE 2944 PING.EXE 5824 PING.EXE 3296 PING.EXE 7252 PING.EXE 7476 PING.EXE 9076 PING.EXE 15124 PING.EXE 15044 PING.EXE 5692 PING.EXE 14932 PING.EXE 14948 PING.EXE 6704 PING.EXE 7832 PING.EXE 7860 PING.EXE 3040 PING.EXE 8288 PING.EXE 15052 PING.EXE 3724 PING.EXE 3560 PING.EXE 6084 PING.EXE 4124 PING.EXE 7244 PING.EXE 8492 PING.EXE 8568 PING.EXE 14980 PING.EXE 5524 PING.EXE 7000 PING.EXE 9108 PING.EXE 15100 PING.EXE 3464 PING.EXE 1440 PING.EXE 8900 PING.EXE 11076 PING.EXE 14964 PING.EXE 4200 PING.EXE 552 PING.EXE 5928 PING.EXE 8184 PING.EXE 8636 PING.EXE 6376 PING.EXE 8752 PING.EXE 9148 PING.EXE 4800 PING.EXE 14996 PING.EXE 12152 PING.EXE 8584 PING.EXE 8856 PING.EXE 9140 PING.EXE 9068 PING.EXE 11244 PING.EXE 14972 PING.EXE 14916 PING.EXE -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 3560 OpenWith.exe -
Suspicious use of AdjustPrivilegeToken 3 IoCs
description pid Process Token: SeRestorePrivilege 4200 7zFM.exe Token: 35 4200 7zFM.exe Token: SeSecurityPrivilege 4200 7zFM.exe -
Suspicious use of FindShellTrayWindow 2 IoCs
pid Process 4200 7zFM.exe 4200 7zFM.exe -
Suspicious use of SetWindowsHookEx 47 IoCs
pid Process 3560 OpenWith.exe 3560 OpenWith.exe 3560 OpenWith.exe 3560 OpenWith.exe 3560 OpenWith.exe 3560 OpenWith.exe 3560 OpenWith.exe 3560 OpenWith.exe 3560 OpenWith.exe 3560 OpenWith.exe 3560 OpenWith.exe 3560 OpenWith.exe 3560 OpenWith.exe 3560 OpenWith.exe 3560 OpenWith.exe 3560 OpenWith.exe 3560 OpenWith.exe 3560 OpenWith.exe 3560 OpenWith.exe 3560 OpenWith.exe 3560 OpenWith.exe 3560 OpenWith.exe 3560 OpenWith.exe 3560 OpenWith.exe 3560 OpenWith.exe 3560 OpenWith.exe 3560 OpenWith.exe 3560 OpenWith.exe 3560 OpenWith.exe 3560 OpenWith.exe 3560 OpenWith.exe 3560 OpenWith.exe 3560 OpenWith.exe 3560 OpenWith.exe 3560 OpenWith.exe 3560 OpenWith.exe 3560 OpenWith.exe 3560 OpenWith.exe 3560 OpenWith.exe 3560 OpenWith.exe 3560 OpenWith.exe 3560 OpenWith.exe 3560 OpenWith.exe 3560 OpenWith.exe 3560 OpenWith.exe 3560 OpenWith.exe 3560 OpenWith.exe -
Suspicious use of WriteProcessMemory 14 IoCs
description pid Process procid_target PID 1044 wrote to memory of 540 1044 cmd.exe 104 PID 1044 wrote to memory of 540 1044 cmd.exe 104 PID 1044 wrote to memory of 2932 1044 cmd.exe 105 PID 1044 wrote to memory of 2932 1044 cmd.exe 105 PID 1044 wrote to memory of 5052 1044 cmd.exe 106 PID 1044 wrote to memory of 5052 1044 cmd.exe 106 PID 1044 wrote to memory of 1140 1044 cmd.exe 107 PID 1044 wrote to memory of 1140 1044 cmd.exe 107 PID 1044 wrote to memory of 952 1044 cmd.exe 109 PID 1044 wrote to memory of 952 1044 cmd.exe 109 PID 1044 wrote to memory of 1904 1044 cmd.exe 110 PID 1044 wrote to memory of 1904 1044 cmd.exe 110 PID 1044 wrote to memory of 4120 1044 cmd.exe 111 PID 1044 wrote to memory of 4120 1044 cmd.exe 111
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\NicoVirus.rar1⤵
- Modifies registry class
PID:3076
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:3560
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:2320
-
C:\Program Files\7-Zip\7zFM.exe"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\NicoVirus.rar"1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:4200
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\NicoVirus\NicoVirus.bat" "1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:1044 -
C:\Windows\system32\reg.exereg add "HKEY_CURRENT_USER\Control Panel\Desktop" /v Wallpaper /t REG_SZ /d "C:\Users\Admin\Desktop\NicoVirus\f.jpg" /f2⤵
- Sets desktop wallpaper using registry
PID:540
-
-
C:\Windows\system32\rundll32.exeRUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters2⤵PID:2932
-
-
C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE"C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE"2⤵PID:5052
-
-
C:\Windows\system32\cmd.execmd2⤵PID:1140
-
-
C:\Windows\explorer.exeexplorer2⤵PID:952
-
-
C:\Windows\system32\control.execontrol2⤵PID:1904
-
-
C:\Windows\system32\calc.execalc2⤵PID:4120
-
-
C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE"C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE"2⤵PID:1948
-
-
C:\Windows\system32\cmd.execmd2⤵PID:4592
-
-
C:\Windows\explorer.exeexplorer2⤵PID:2944
-
-
C:\Windows\system32\control.execontrol2⤵PID:2536
-
-
C:\Windows\system32\calc.execalc2⤵PID:4528
-
-
C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE"C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE"2⤵PID:4156
-
-
C:\Windows\system32\cmd.execmd2⤵PID:2448
-
-
C:\Windows\explorer.exeexplorer2⤵PID:1596
-
-
C:\Windows\system32\control.execontrol2⤵PID:1892
-
-
C:\Windows\system32\calc.execalc2⤵PID:1840
-
-
C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE"C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE"2⤵PID:4608
-
-
C:\Windows\system32\cmd.execmd2⤵PID:3060
-
-
C:\Windows\explorer.exeexplorer2⤵PID:3296
-
-
C:\Windows\system32\control.execontrol2⤵PID:2272
-
-
C:\Windows\system32\calc.execalc2⤵PID:440
-
-
C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE"C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE"2⤵PID:1384
-
-
C:\Windows\system32\cmd.execmd2⤵PID:2348
-
-
C:\Windows\explorer.exeexplorer2⤵PID:2676
-
-
C:\Windows\system32\control.execontrol2⤵PID:4512
-
-
C:\Windows\system32\calc.execalc2⤵PID:4008
-
-
C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE"C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE"2⤵PID:4404
-
-
C:\Windows\system32\cmd.execmd2⤵PID:3912
-
-
C:\Windows\explorer.exeexplorer2⤵PID:2476
-
-
C:\Windows\system32\control.execontrol2⤵PID:4528
-
-
C:\Windows\system32\calc.execalc2⤵PID:4496
-
-
C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE"C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE"2⤵PID:4564
-
-
C:\Windows\system32\cmd.execmd2⤵PID:4404
-
-
C:\Windows\explorer.exeexplorer2⤵PID:4548
-
-
C:\Windows\system32\control.execontrol2⤵PID:952
-
-
C:\Windows\system32\calc.execalc2⤵PID:1448
-
-
C:\Windows\system32\PING.EXEping -n 10000 localhost2⤵PID:1948
-
-
C:\Windows\system32\PING.EXEping -n 10000 localhost2⤵
- Runs ping.exe
PID:3464
-
-
C:\Windows\system32\PING.EXEping -n 10000 localhost2⤵
- Runs ping.exe
PID:2944
-
-
C:\Windows\system32\PING.EXEping -n 10000 localhost2⤵
- Runs ping.exe
PID:1520
-
-
C:\Windows\system32\PING.EXEping -n 10000 localhost2⤵PID:2476
-
-
C:\Windows\system32\PING.EXEping -n 10000 localhost2⤵PID:3804
-
-
C:\Windows\system32\PING.EXEping -n 10000 localhost2⤵PID:1668
-
-
C:\Windows\system32\PING.EXEping -n 10000 localhost2⤵PID:2156
-
-
C:\Windows\system32\PING.EXEping -n 10000 localhost2⤵
- Runs ping.exe
PID:552
-
-
C:\Windows\system32\PING.EXEping -n 10000 localhost2⤵PID:4348
-
-
C:\Windows\system32\PING.EXEping -n 10000 localhost2⤵PID:3716
-
-
C:\Windows\system32\PING.EXEping -n 10000 localhost2⤵
- Runs ping.exe
PID:4200
-
-
C:\Windows\system32\PING.EXEping -n 10000 localhost2⤵
- Runs ping.exe
PID:4800
-
-
C:\Windows\system32\PING.EXEping -n 10000 localhost2⤵PID:572
-
-
C:\Windows\system32\PING.EXEping -n 10000 localhost2⤵PID:5336
-
-
C:\Windows\system32\PING.EXEping -n 10000 localhost2⤵PID:5456
-
-
C:\Windows\system32\PING.EXEping -n 10000 localhost2⤵
- Runs ping.exe
PID:5524
-
-
C:\Windows\system32\PING.EXEping -n 10000 localhost2⤵
- Runs ping.exe
PID:5692
-
-
C:\Windows\system32\PING.EXEping -n 10000 localhost2⤵
- Runs ping.exe
PID:5824
-
-
C:\Windows\system32\PING.EXEping -n 10000 localhost2⤵
- Runs ping.exe
PID:5928
-
-
C:\Windows\system32\PING.EXEping -n 10000 localhost2⤵PID:6016
-
-
C:\Windows\system32\PING.EXEping -n 10000 localhost2⤵PID:6040
-
-
C:\Windows\system32\PING.EXEping -n 10000 localhost2⤵PID:6096
-
-
C:\Windows\system32\PING.EXEping -n 10000 localhost2⤵PID:6136
-
-
C:\Windows\system32\PING.EXEping -n 10000 localhost2⤵
- Runs ping.exe
PID:3560
-
-
C:\Windows\system32\PING.EXEping -n 10000 localhost2⤵PID:4876
-
-
C:\Windows\system32\PING.EXEping -n 10000 localhost2⤵PID:5740
-
-
C:\Windows\system32\PING.EXEping -n 10000 localhost2⤵
- Runs ping.exe
PID:6084
-
-
C:\Windows\system32\PING.EXEping -n 10000 localhost2⤵
- Runs ping.exe
PID:1440
-
-
C:\Windows\system32\PING.EXEping -n 10000 localhost2⤵
- Runs ping.exe
PID:3724
-
-
C:\Windows\system32\PING.EXEping -n 10000 localhost2⤵PID:6164
-
-
C:\Windows\system32\PING.EXEping -n 10000 localhost2⤵PID:6240
-
-
C:\Windows\system32\PING.EXEping -n 10000 localhost2⤵
- Runs ping.exe
PID:6260
-
-
C:\Windows\system32\PING.EXEping -n 10000 localhost2⤵PID:6368
-
-
C:\Windows\system32\PING.EXEping -n 10000 localhost2⤵PID:6444
-
-
C:\Windows\system32\PING.EXEping -n 10000 localhost2⤵PID:6484
-
-
C:\Windows\system32\PING.EXEping -n 10000 localhost2⤵PID:6560
-
-
C:\Windows\system32\PING.EXEping -n 10000 localhost2⤵PID:6588
-
-
C:\Windows\system32\PING.EXEping -n 10000 localhost2⤵PID:6672
-
-
C:\Windows\system32\PING.EXEping -n 10000 localhost2⤵
- Runs ping.exe
PID:6704
-
-
C:\Windows\system32\PING.EXEping -n 10000 localhost2⤵PID:6788
-
-
C:\Windows\system32\PING.EXEping -n 10000 localhost2⤵PID:6860
-
-
C:\Windows\system32\PING.EXEping -n 10000 localhost2⤵PID:6936
-
-
C:\Windows\system32\PING.EXEping -n 10000 localhost2⤵PID:7016
-
-
C:\Windows\system32\PING.EXEping -n 10000 localhost2⤵PID:7064
-
-
C:\Windows\system32\PING.EXEping -n 10000 localhost2⤵PID:7100
-
-
C:\Windows\system32\PING.EXEping -n 10000 localhost2⤵PID:6236
-
-
C:\Windows\system32\PING.EXEping -n 10000 localhost2⤵
- Runs ping.exe
PID:3296
-
-
C:\Windows\system32\PING.EXEping -n 10000 localhost2⤵PID:6584
-
-
C:\Windows\system32\PING.EXEping -n 10000 localhost2⤵PID:6524
-
-
C:\Windows\system32\PING.EXEping -n 10000 localhost2⤵
- Runs ping.exe
PID:4124
-
-
C:\Windows\system32\PING.EXEping -n 10000 localhost2⤵PID:7196
-
-
C:\Windows\system32\PING.EXEping -n 10000 localhost2⤵PID:7232
-
-
C:\Windows\system32\PING.EXEping -n 10000 localhost2⤵
- Runs ping.exe
PID:7252
-
-
C:\Windows\system32\PING.EXEping -n 10000 localhost2⤵
- Runs ping.exe
PID:7260
-
-
C:\Windows\system32\PING.EXEping -n 10000 localhost2⤵PID:7268
-
-
C:\Windows\system32\PING.EXEping -n 10000 localhost2⤵PID:7276
-
-
C:\Windows\system32\PING.EXEping -n 10000 localhost2⤵PID:7320
-
-
C:\Windows\system32\PING.EXEping -n 10000 localhost2⤵PID:7372
-
-
C:\Windows\system32\PING.EXEping -n 10000 localhost2⤵
- Runs ping.exe
PID:7476
-
-
C:\Windows\system32\PING.EXEping -n 10000 localhost2⤵
- Runs ping.exe
PID:7596
-
-
C:\Windows\system32\PING.EXEping -n 10000 localhost2⤵PID:7736
-
-
C:\Windows\system32\PING.EXEping -n 10000 localhost2⤵
- Runs ping.exe
PID:7832
-
-
C:\Windows\system32\PING.EXEping -n 10000 localhost2⤵
- Runs ping.exe
PID:7860
-
-
C:\Windows\system32\PING.EXEping -n 10000 localhost2⤵PID:7916
-
-
C:\Windows\system32\PING.EXEping -n 10000 localhost2⤵PID:8008
-
-
C:\Windows\system32\PING.EXEping -n 10000 localhost2⤵PID:8068
-
-
C:\Windows\system32\PING.EXEping -n 10000 localhost2⤵PID:8128
-
-
C:\Windows\system32\PING.EXEping -n 10000 localhost2⤵
- Runs ping.exe
PID:8184
-
-
C:\Windows\system32\PING.EXEping -n 10000 localhost2⤵PID:4120
-
-
C:\Windows\system32\PING.EXEping -n 10000 localhost2⤵
- Runs ping.exe
PID:3040
-
-
C:\Windows\system32\PING.EXEping -n 10000 localhost2⤵PID:5564
-
-
C:\Windows\system32\PING.EXEping -n 10000 localhost2⤵
- Runs ping.exe
PID:7244
-
-
C:\Windows\system32\PING.EXEping -n 10000 localhost2⤵PID:8204
-
-
C:\Windows\system32\PING.EXEping -n 10000 localhost2⤵PID:8256
-
-
C:\Windows\system32\PING.EXEping -n 10000 localhost2⤵PID:8336
-
-
C:\Windows\system32\PING.EXEping -n 10000 localhost2⤵PID:8384
-
-
C:\Windows\system32\PING.EXEping -n 10000 localhost2⤵PID:8452
-
-
C:\Windows\system32\PING.EXEping -n 10000 localhost2⤵
- Runs ping.exe
PID:8492
-
-
C:\Windows\system32\PING.EXEping -n 10000 localhost2⤵
- Runs ping.exe
PID:8568
-
-
C:\Windows\system32\PING.EXEping -n 10000 localhost2⤵
- Runs ping.exe
PID:8584
-
-
C:\Windows\system32\PING.EXEping -n 10000 localhost2⤵
- Runs ping.exe
PID:8636
-
-
C:\Windows\system32\PING.EXEping -n 10000 localhost2⤵
- Runs ping.exe
PID:8692
-
-
C:\Windows\system32\PING.EXEping -n 10000 localhost2⤵PID:8732
-
-
C:\Windows\system32\PING.EXEping -n 10000 localhost2⤵PID:8768
-
-
C:\Windows\system32\PING.EXEping -n 10000 localhost2⤵PID:8816
-
-
C:\Windows\system32\PING.EXEping -n 10000 localhost2⤵
- Runs ping.exe
PID:8856
-
-
C:\Windows\system32\PING.EXEping -n 10000 localhost2⤵
- Runs ping.exe
PID:8900
-
-
C:\Windows\system32\PING.EXEping -n 10000 localhost2⤵
- Runs ping.exe
PID:8944
-
-
C:\Windows\system32\PING.EXEping -n 10000 localhost2⤵PID:9044
-
-
C:\Windows\system32\PING.EXEping -n 10000 localhost2⤵PID:9060
-
-
C:\Windows\system32\PING.EXEping -n 10000 localhost2⤵
- Runs ping.exe
PID:9068
-
-
C:\Windows\system32\PING.EXEping -n 10000 localhost2⤵
- Runs ping.exe
PID:9076
-
-
C:\Windows\system32\PING.EXEping -n 10000 localhost2⤵
- Runs ping.exe
PID:9084
-
-
C:\Windows\system32\PING.EXEping -n 10000 localhost2⤵PID:9092
-
-
C:\Windows\system32\PING.EXEping -n 10000 localhost2⤵PID:9100
-
-
C:\Windows\system32\PING.EXEping -n 10000 localhost2⤵
- Runs ping.exe
PID:9108
-
-
C:\Windows\system32\PING.EXEping -n 10000 localhost2⤵PID:9116
-
-
C:\Windows\system32\PING.EXEping -n 10000 localhost2⤵PID:9124
-
-
C:\Windows\system32\PING.EXEping -n 10000 localhost2⤵PID:9132
-
-
C:\Windows\system32\PING.EXEping -n 10000 localhost2⤵
- Runs ping.exe
PID:9140
-
-
C:\Windows\system32\PING.EXEping -n 10000 localhost2⤵
- Runs ping.exe
PID:9148
-
-
C:\Windows\system32\PING.EXEping -n 10000 localhost2⤵PID:9156
-
-
C:\Windows\system32\PING.EXEping -n 10000 localhost2⤵
- Runs ping.exe
PID:9164
-
-
C:\Windows\system32\PING.EXEping -n 10000 localhost2⤵PID:9172
-
-
C:\Windows\system32\PING.EXEping -n 10000 localhost2⤵PID:9180
-
-
C:\Windows\system32\PING.EXEping -n 10000 localhost2⤵PID:9188
-
-
C:\Windows\system32\PING.EXEping -n 10000 localhost2⤵
- Runs ping.exe
PID:9196
-
-
C:\Windows\system32\PING.EXEping -n 10000 localhost2⤵PID:9204
-
-
C:\Windows\system32\PING.EXEping -n 10000 localhost2⤵PID:9212
-
-
C:\Windows\system32\PING.EXEping -n 10000 localhost2⤵
- Runs ping.exe
PID:7000
-
-
C:\Windows\system32\PING.EXEping -n 10000 localhost2⤵
- Runs ping.exe
PID:8288
-
-
C:\Windows\system32\PING.EXEping -n 10000 localhost2⤵PID:8412
-
-
C:\Windows\system32\PING.EXEping -n 10000 localhost2⤵
- Runs ping.exe
PID:8544
-
-
C:\Windows\system32\PING.EXEping -n 10000 localhost2⤵PID:8616
-
-
C:\Windows\system32\PING.EXEping -n 10000 localhost2⤵
- Runs ping.exe
PID:8752
-
-
C:\Windows\system32\PING.EXEping -n 10000 localhost2⤵PID:8868
-
-
C:\Windows\system32\PING.EXEping -n 10000 localhost2⤵
- Runs ping.exe
PID:6376
-
-
C:\Windows\system32\PING.EXEping -n 10000 localhost2⤵PID:6928
-
-
C:\Windows\system32\PING.EXEping -n 10000 localhost2⤵PID:9812
-
-
C:\Windows\system32\PING.EXEping -n 10000 localhost2⤵PID:10128
-
-
C:\Windows\system32\PING.EXEping -n 10000 localhost2⤵PID:10228
-
-
C:\Windows\system32\PING.EXEping -n 10000 localhost2⤵PID:10320
-
-
C:\Windows\system32\PING.EXEping -n 10000 localhost2⤵
- Runs ping.exe
PID:10516
-
-
C:\Windows\system32\PING.EXEping -n 10000 localhost2⤵PID:10600
-
-
C:\Windows\system32\PING.EXEping -n 10000 localhost2⤵PID:10712
-
-
C:\Windows\system32\PING.EXEping -n 10000 localhost2⤵PID:10936
-
-
C:\Windows\system32\PING.EXEping -n 10000 localhost2⤵PID:11004
-
-
C:\Windows\system32\PING.EXEping -n 10000 localhost2⤵
- Runs ping.exe
PID:11076
-
-
C:\Windows\system32\PING.EXEping -n 10000 localhost2⤵PID:11104
-
-
C:\Windows\system32\PING.EXEping -n 10000 localhost2⤵PID:11112
-
-
C:\Windows\system32\PING.EXEping -n 10000 localhost2⤵
- Runs ping.exe
PID:11976
-
-
C:\Windows\system32\PING.EXEping -n 10000 localhost2⤵
- Runs ping.exe
PID:12152
-
-
C:\Windows\system32\PING.EXEping -n 10000 localhost2⤵PID:12200
-
-
C:\Windows\system32\PING.EXEping -n 10000 localhost2⤵PID:12228
-
-
C:\Windows\system32\PING.EXEping -n 10000 localhost2⤵PID:4092
-
-
C:\Windows\system32\PING.EXEping -n 10000 localhost2⤵
- Runs ping.exe
PID:11244
-
-
C:\Windows\system32\PING.EXEping -n 10000 localhost2⤵PID:11388
-
-
C:\Windows\system32\PING.EXEping -n 10000 localhost2⤵PID:11532
-
-
C:\Windows\system32\PING.EXEping -n 10000 localhost2⤵PID:11328
-
-
C:\Windows\system32\PING.EXEping -n 10000 localhost2⤵PID:13876
-
-
C:\Windows\system32\PING.EXEping -n 10000 localhost2⤵PID:14776
-
-
C:\Windows\system32\PING.EXEping -n 10000 localhost2⤵PID:14892
-
-
C:\Windows\system32\PING.EXEping -n 10000 localhost2⤵
- Runs ping.exe
PID:14916
-
-
C:\Windows\system32\PING.EXEping -n 10000 localhost2⤵PID:14924
-
-
C:\Windows\system32\PING.EXEping -n 10000 localhost2⤵
- Runs ping.exe
PID:14932
-
-
C:\Windows\system32\PING.EXEping -n 10000 localhost2⤵PID:14940
-
-
C:\Windows\system32\PING.EXEping -n 10000 localhost2⤵
- Runs ping.exe
PID:14948
-
-
C:\Windows\system32\PING.EXEping -n 10000 localhost2⤵PID:14956
-
-
C:\Windows\system32\PING.EXEping -n 10000 localhost2⤵
- Runs ping.exe
PID:14964
-
-
C:\Windows\system32\PING.EXEping -n 10000 localhost2⤵
- Runs ping.exe
PID:14972
-
-
C:\Windows\system32\PING.EXEping -n 10000 localhost2⤵
- Runs ping.exe
PID:14980
-
-
C:\Windows\system32\PING.EXEping -n 10000 localhost2⤵PID:14988
-
-
C:\Windows\system32\PING.EXEping -n 10000 localhost2⤵
- Runs ping.exe
PID:14996
-
-
C:\Windows\system32\PING.EXEping -n 10000 localhost2⤵PID:15004
-
-
C:\Windows\system32\PING.EXEping -n 10000 localhost2⤵PID:15012
-
-
C:\Windows\system32\PING.EXEping -n 10000 localhost2⤵PID:15020
-
-
C:\Windows\system32\PING.EXEping -n 10000 localhost2⤵PID:15028
-
-
C:\Windows\system32\PING.EXEping -n 10000 localhost2⤵PID:15036
-
-
C:\Windows\system32\PING.EXEping -n 10000 localhost2⤵
- Runs ping.exe
PID:15044
-
-
C:\Windows\system32\PING.EXEping -n 10000 localhost2⤵
- Runs ping.exe
PID:15052
-
-
C:\Windows\system32\PING.EXEping -n 10000 localhost2⤵PID:15060
-
-
C:\Windows\system32\PING.EXEping -n 10000 localhost2⤵PID:15068
-
-
C:\Windows\system32\PING.EXEping -n 10000 localhost2⤵PID:15076
-
-
C:\Windows\system32\PING.EXEping -n 10000 localhost2⤵PID:15084
-
-
C:\Windows\system32\PING.EXEping -n 10000 localhost2⤵PID:15092
-
-
C:\Windows\system32\PING.EXEping -n 10000 localhost2⤵
- Runs ping.exe
PID:15100
-
-
C:\Windows\system32\PING.EXEping -n 10000 localhost2⤵PID:15108
-
-
C:\Windows\system32\PING.EXEping -n 10000 localhost2⤵PID:15116
-
-
C:\Windows\system32\PING.EXEping -n 10000 localhost2⤵
- Runs ping.exe
PID:15124
-
-
C:\Windows\system32\PING.EXEping -n 10000 localhost2⤵PID:14228
-
-
C:\Windows\system32\PING.EXEping -n 10000 localhost2⤵PID:15872
-
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{5BD95610-9434-43C2-886C-57852CC8A120} -Embedding1⤵PID:2244
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:3256
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:5084
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:4064
-
C:\Windows\SysWOW64\DllHost.exeC:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}1⤵PID:4828
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:868
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:2104
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:3256
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:5468
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
263KB
MD5ff0e07eff1333cdf9fc2523d323dd654
SHA177a1ae0dd8dbc3fee65dd6266f31e2a564d088a4
SHA2563f925e0cc1542f09de1f99060899eafb0042bb9682507c907173c392115a44b5
SHA512b4615f995fab87661c2dbe46625aa982215d7bde27cafae221dca76087fe76da4b4a381943436fcac1577cb3d260d0050b32b7b93e3eb07912494429f126bb3d
-
Filesize
946B
MD5d0502e79eb346e37f4bda5d0ce2fb53a
SHA123d9ae0e4a7407c3a3fa420776b6db2bef6dc9e4
SHA25625e7c55a59d3d9fec976fc6dc401cbe6cb35bc57b9cd3e912b07551765aafdc3
SHA512ce2bfc97a89540ae8ff8ab5bf2acd85f0d4d5206f0c35922dd6bc50b08f666f306b9f8baed755040a8b4fb4e950629e305d2e1f3647fc1d6c0d7bddf89270789