Malware Analysis Report

2025-01-18 02:01

Sample ID 240613-jf3y8atdkk
Target 1c9a7023fab35dbbcb3d1cbedc0c3f8bc8ddb69712764995ccf3df8d1e88f1eb
SHA256 1c9a7023fab35dbbcb3d1cbedc0c3f8bc8ddb69712764995ccf3df8d1e88f1eb
Tags
score
6/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
6/10

SHA256

1c9a7023fab35dbbcb3d1cbedc0c3f8bc8ddb69712764995ccf3df8d1e88f1eb

Threat Level: Shows suspicious behavior

The file 1c9a7023fab35dbbcb3d1cbedc0c3f8bc8ddb69712764995ccf3df8d1e88f1eb was found to be: Shows suspicious behavior.

Malicious Activity Summary


Looks up external IP address via web service

Unsigned PE

Gathers network information

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-13 07:37

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 07:37

Reported

2024-06-13 07:40

Platform

win7-20240508-en

Max time kernel

119s

Max time network

123s

Command Line

"C:\Users\Admin\AppData\Local\Temp\1c9a7023fab35dbbcb3d1cbedc0c3f8bc8ddb69712764995ccf3df8d1e88f1eb.exe"

Signatures

Looks up external IP address via web service

Description Indicator Process Target
N/A api.ipify.org N/A N/A

Gathers network information

Description Indicator Process Target
N/A N/A C:\Windows\system32\ipconfig.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: 33 N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: 34 N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: 35 N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: 33 N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: 34 N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: 35 N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: 33 N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: 34 N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: 35 N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2716 wrote to memory of 2120 N/A C:\Users\Admin\AppData\Local\Temp\1c9a7023fab35dbbcb3d1cbedc0c3f8bc8ddb69712764995ccf3df8d1e88f1eb.exe C:\Windows\System32\Wbem\wmic.exe
PID 2716 wrote to memory of 2120 N/A C:\Users\Admin\AppData\Local\Temp\1c9a7023fab35dbbcb3d1cbedc0c3f8bc8ddb69712764995ccf3df8d1e88f1eb.exe C:\Windows\System32\Wbem\wmic.exe
PID 2716 wrote to memory of 2120 N/A C:\Users\Admin\AppData\Local\Temp\1c9a7023fab35dbbcb3d1cbedc0c3f8bc8ddb69712764995ccf3df8d1e88f1eb.exe C:\Windows\System32\Wbem\wmic.exe
PID 2716 wrote to memory of 3064 N/A C:\Users\Admin\AppData\Local\Temp\1c9a7023fab35dbbcb3d1cbedc0c3f8bc8ddb69712764995ccf3df8d1e88f1eb.exe C:\Windows\System32\Wbem\wmic.exe
PID 2716 wrote to memory of 3064 N/A C:\Users\Admin\AppData\Local\Temp\1c9a7023fab35dbbcb3d1cbedc0c3f8bc8ddb69712764995ccf3df8d1e88f1eb.exe C:\Windows\System32\Wbem\wmic.exe
PID 2716 wrote to memory of 3064 N/A C:\Users\Admin\AppData\Local\Temp\1c9a7023fab35dbbcb3d1cbedc0c3f8bc8ddb69712764995ccf3df8d1e88f1eb.exe C:\Windows\System32\Wbem\wmic.exe
PID 2716 wrote to memory of 2748 N/A C:\Users\Admin\AppData\Local\Temp\1c9a7023fab35dbbcb3d1cbedc0c3f8bc8ddb69712764995ccf3df8d1e88f1eb.exe C:\Windows\system32\cmd.exe
PID 2716 wrote to memory of 2748 N/A C:\Users\Admin\AppData\Local\Temp\1c9a7023fab35dbbcb3d1cbedc0c3f8bc8ddb69712764995ccf3df8d1e88f1eb.exe C:\Windows\system32\cmd.exe
PID 2716 wrote to memory of 2748 N/A C:\Users\Admin\AppData\Local\Temp\1c9a7023fab35dbbcb3d1cbedc0c3f8bc8ddb69712764995ccf3df8d1e88f1eb.exe C:\Windows\system32\cmd.exe
PID 2748 wrote to memory of 2056 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\chcp.com
PID 2748 wrote to memory of 2056 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\chcp.com
PID 2748 wrote to memory of 2056 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\chcp.com
PID 2748 wrote to memory of 2868 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\ipconfig.exe
PID 2748 wrote to memory of 2868 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\ipconfig.exe
PID 2748 wrote to memory of 2868 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\ipconfig.exe
PID 2716 wrote to memory of 2548 N/A C:\Users\Admin\AppData\Local\Temp\1c9a7023fab35dbbcb3d1cbedc0c3f8bc8ddb69712764995ccf3df8d1e88f1eb.exe C:\Windows\system32\cmd.exe
PID 2716 wrote to memory of 2548 N/A C:\Users\Admin\AppData\Local\Temp\1c9a7023fab35dbbcb3d1cbedc0c3f8bc8ddb69712764995ccf3df8d1e88f1eb.exe C:\Windows\system32\cmd.exe
PID 2716 wrote to memory of 2548 N/A C:\Users\Admin\AppData\Local\Temp\1c9a7023fab35dbbcb3d1cbedc0c3f8bc8ddb69712764995ccf3df8d1e88f1eb.exe C:\Windows\system32\cmd.exe
PID 2548 wrote to memory of 2692 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\whoami.exe
PID 2548 wrote to memory of 2692 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\whoami.exe
PID 2548 wrote to memory of 2692 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\whoami.exe

Processes

C:\Users\Admin\AppData\Local\Temp\1c9a7023fab35dbbcb3d1cbedc0c3f8bc8ddb69712764995ccf3df8d1e88f1eb.exe

"C:\Users\Admin\AppData\Local\Temp\1c9a7023fab35dbbcb3d1cbedc0c3f8bc8ddb69712764995ccf3df8d1e88f1eb.exe"

C:\Windows\System32\Wbem\wmic.exe

wmic cpu get Name

C:\Windows\System32\Wbem\wmic.exe

wmic memorychip get Speed

C:\Windows\system32\cmd.exe

cmd /c chcp 65001 && ipconfig /all

C:\Windows\system32\chcp.com

chcp 65001

C:\Windows\system32\ipconfig.exe

ipconfig /all

C:\Windows\system32\cmd.exe

cmd /c whoami

C:\Windows\system32\whoami.exe

whoami

Network

Country Destination Domain Proto
US 8.8.8.8:53 api.ipify.org udp
CN 123.57.182.3:8080 tcp

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 07:37

Reported

2024-06-13 07:40

Platform

win10v2004-20240508-en

Max time kernel

51s

Max time network

51s

Command Line

"C:\Users\Admin\AppData\Local\Temp\1c9a7023fab35dbbcb3d1cbedc0c3f8bc8ddb69712764995ccf3df8d1e88f1eb.exe"

Signatures

Looks up external IP address via web service

Description Indicator Process Target
N/A api.ipify.org N/A N/A

Gathers network information

Description Indicator Process Target
N/A N/A C:\Windows\system32\ipconfig.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: 33 N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: 34 N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: 35 N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: 36 N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: 33 N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: 34 N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: 35 N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: 36 N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: 33 N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: 34 N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: 35 N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: 36 N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3260 wrote to memory of 3728 N/A C:\Users\Admin\AppData\Local\Temp\1c9a7023fab35dbbcb3d1cbedc0c3f8bc8ddb69712764995ccf3df8d1e88f1eb.exe C:\Windows\System32\Wbem\wmic.exe
PID 3260 wrote to memory of 3728 N/A C:\Users\Admin\AppData\Local\Temp\1c9a7023fab35dbbcb3d1cbedc0c3f8bc8ddb69712764995ccf3df8d1e88f1eb.exe C:\Windows\System32\Wbem\wmic.exe
PID 3260 wrote to memory of 1420 N/A C:\Users\Admin\AppData\Local\Temp\1c9a7023fab35dbbcb3d1cbedc0c3f8bc8ddb69712764995ccf3df8d1e88f1eb.exe C:\Windows\System32\Wbem\wmic.exe
PID 3260 wrote to memory of 1420 N/A C:\Users\Admin\AppData\Local\Temp\1c9a7023fab35dbbcb3d1cbedc0c3f8bc8ddb69712764995ccf3df8d1e88f1eb.exe C:\Windows\System32\Wbem\wmic.exe
PID 3260 wrote to memory of 4904 N/A C:\Users\Admin\AppData\Local\Temp\1c9a7023fab35dbbcb3d1cbedc0c3f8bc8ddb69712764995ccf3df8d1e88f1eb.exe C:\Windows\system32\cmd.exe
PID 3260 wrote to memory of 4904 N/A C:\Users\Admin\AppData\Local\Temp\1c9a7023fab35dbbcb3d1cbedc0c3f8bc8ddb69712764995ccf3df8d1e88f1eb.exe C:\Windows\system32\cmd.exe
PID 4904 wrote to memory of 5056 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\chcp.com
PID 4904 wrote to memory of 5056 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\chcp.com
PID 4904 wrote to memory of 4532 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\ipconfig.exe
PID 4904 wrote to memory of 4532 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\ipconfig.exe
PID 3260 wrote to memory of 2704 N/A C:\Users\Admin\AppData\Local\Temp\1c9a7023fab35dbbcb3d1cbedc0c3f8bc8ddb69712764995ccf3df8d1e88f1eb.exe C:\Windows\system32\cmd.exe
PID 3260 wrote to memory of 2704 N/A C:\Users\Admin\AppData\Local\Temp\1c9a7023fab35dbbcb3d1cbedc0c3f8bc8ddb69712764995ccf3df8d1e88f1eb.exe C:\Windows\system32\cmd.exe
PID 2704 wrote to memory of 3236 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\whoami.exe
PID 2704 wrote to memory of 3236 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\whoami.exe

Processes

C:\Users\Admin\AppData\Local\Temp\1c9a7023fab35dbbcb3d1cbedc0c3f8bc8ddb69712764995ccf3df8d1e88f1eb.exe

"C:\Users\Admin\AppData\Local\Temp\1c9a7023fab35dbbcb3d1cbedc0c3f8bc8ddb69712764995ccf3df8d1e88f1eb.exe"

C:\Windows\System32\Wbem\wmic.exe

wmic cpu get Name

C:\Windows\System32\Wbem\wmic.exe

wmic memorychip get Speed

C:\Windows\system32\cmd.exe

cmd /c chcp 65001 && ipconfig /all

C:\Windows\system32\chcp.com

chcp 65001

C:\Windows\system32\ipconfig.exe

ipconfig /all

C:\Windows\system32\cmd.exe

cmd /c whoami

C:\Windows\system32\whoami.exe

whoami

Network

Country Destination Domain Proto
US 8.8.8.8:53 api.ipify.org udp
CN 123.57.182.3:8080 tcp

Files

N/A