Overview

overview

3

Static

static

1

Documentat...x.html

windows7-x64

1

Documentat...x.html

windows10-2004-x64

1

Documentat...l.html

windows7-x64

1

Documentat...l.html

windows10-2004-x64

1

Documentat...e.html

windows7-x64

1

Documentat...e.html

windows10-2004-x64

1

Documentat...e.html

windows7-x64

1

Documentat...e.html

windows10-2004-x64

1

Documentat...��.url

windows7-x64

1

Documentat...��.url

windows10-2004-x64

1

Upload/adm...x.html

windows7-x64

1

Upload/adm...x.html

windows10-2004-x64

1

Upload/adm...rm.ps1

windows7-x64

3

Upload/adm...rm.ps1

windows10-2004-x64

3

Upload/adm...age.js

windows7-x64

3

Upload/adm...age.js

windows10-2004-x64

3

Upload/adm...le.ps1

windows7-x64

3

Upload/adm...le.ps1

windows10-2004-x64

3

Upload/adm...ns.ps1

windows7-x64

3

Upload/adm...ns.ps1

windows10-2004-x64

3

Upload/adm...es.ps1

windows7-x64

3

Upload/adm...es.ps1

windows10-2004-x64

3

Upload/adm...er.ps1

windows7-x64

3

Upload/adm...er.ps1

windows10-2004-x64

3

Upload/adm...x.html

windows7-x64

1

Upload/adm...x.html

windows10-2004-x64

1

Upload/admin/index.js

windows7-x64

3

Upload/admin/index.js

windows10-2004-x64

3

Upload/adm...ncp.js

windows7-x64

3

Upload/adm...ncp.js

windows10-2004-x64

3

Upload/adm...s.html

windows7-x64

1

Upload/adm...s.html

windows10-2004-x64

1
Report Analysis Logs
  • Analog Header
    version
    0.2
    sample
    240620-dxx7eazhmr
    task
    240620-dxx7eazhmr-behavioral15
    backend
    fu1m1
    resource
    win7-20240611-en
    platform
    windows7_x64
  • Process Create
    proc
    7
    time
    3103
    kind
    Existing
    image
    C:\Windows\system32\lsass.exe
    cmd
    C:\Windows\system32\lsass.exe
    pid
    476
    orig
    true
    status
    0x00000000
  • Process Create
    proc
    6
    time
    3103
    kind
    Existing
    image
    C:\Windows\system32\services.exe
    cmd
    C:\Windows\system32\services.exe
    pid
    464
    orig
    true
    status
    0x00000000
  • Process Create
    proc
    5
    time
    3103
    kind
    Existing
    image
    C:\Windows\system32\winlogon.exe
    cmd
    winlogon.exe
    pid
    420
    orig
    true
    status
    0x00000000
  • Process Create
    proc
    4
    time
    3103
    kind
    Existing
    image
    C:\Windows\system32\csrss.exe
    cmd
    %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
    pid
    380
    orig
    true
    status
    0x00000000
  • Process Create
    proc
    3
    time
    3103
    kind
    Existing
    image
    C:\Windows\system32\wininit.exe
    cmd
    wininit.exe
    pid
    372
    orig
    true
    status
    0x00000000
  • Process Create
    proc
    2
    time
    3103
    kind
    Existing
    image
    C:\Windows\system32\csrss.exe
    cmd
    %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
    pid
    332
    orig
    true
    status
    0x00000000
  • Process Create
    proc
    1
    time
    3103
    kind
    Existing
    image
    C:\Windows\System32\smss.exe
    cmd
    \SystemRoot\System32\smss.exe
    pid
    256
    orig
    true
    status
    0x00000000
  • Process Create
    proc
    8
    time
    3103
    kind
    Existing
    image
    C:\Windows\system32\lsm.exe
    cmd
    C:\Windows\system32\lsm.exe
    pid
    484
    parent_proc
    3
    orig
    true
    status
    0x00000000
  • Process Create
    proc
    12
    time
    3103
    kind
    Existing
    image
    C:\Windows\System32\svchost.exe
    cmd
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    pid
    804
    parent_proc
    6
    orig
    true
    status
    0x00000000
  • Process Create
    proc
    14
    time
    3118
    kind
    Existing
    image
    C:\Windows\system32\AUDIODG.EXE
    cmd
    C:\Windows\system32\AUDIODG.EXE 0x304
    pid
    912
    orig
    true
    status
    0x00000000
  • Process Create
    proc
    16
    time
    3118
    kind
    Existing
    image
    C:\Windows\system32\svchost.exe
    cmd
    C:\Windows\system32\svchost.exe -k NetworkService
    pid
    284
    parent_proc
    6
    orig
    true
    status
    0x00000000
  • Process Create
    proc
    18
    time
    3118
    kind
    Existing
    image
    C:\Windows\system32\svchost.exe
    cmd
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    pid
    1060
    parent_proc
    6
    orig
    true
    status
    0x00000000
  • Process Create
    proc
    20
    time
    3118
    kind
    Existing
    image
    C:\Windows\system32\Dwm.exe
    cmd
    "C:\Windows\system32\Dwm.exe"
    pid
    1160
    parent_proc
    12
    orig
    true
    status
    0x00000000
  • Process Create
    proc
    22
    time
    3118
    kind
    Hidden
    image
    C:\Windows\System32\sj0mxx.exe
    cmd
    "C:\Windows\System32\sj0mxx.exe"
    pid
    1552
    orig
    true
    status
    0x00000000
  • Process Create
    proc
    26
    time
    3118
    kind
    Hidden
    image
    C:\Users\Admin\AppData\Local\Temp\3572521535\zmstage.exe
    cmd
    C:\Users\Admin\AppData\Local\Temp\3572521535\zmstage.exe
    pid
    2096
    parent_proc
    22
    orig
    true
    status
    0x00000000
  • Process Create
    proc
    25
    time
    3118
    kind
    Existing
    image
    C:\Windows\system32\sppsvc.exe
    cmd
    C:\Windows\system32\sppsvc.exe
    pid
    2304
    parent_proc
    6
    orig
    true
    status
    0x00000000
  • Process Create
    proc
    24
    time
    3118
    kind
    Existing
    image
    C:\Windows\system32\svchost.exe
    cmd
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    pid
    2356
    parent_proc
    6
    orig
    true
    status
    0x00000000
  • Process Create
    proc
    23
    time
    3118
    kind
    Existing
    image
    C:\Windows\system32\DllHost.exe
    cmd
    C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
    pid
    2208
    orig
    true
    status
    0x00000000
  • Process Create
    proc
    21
    time
    3118
    kind
    Existing
    image
    C:\Windows\Explorer.EXE
    cmd
    C:\Windows\Explorer.EXE
    pid
    1192
    orig
    true
    status
    0x00000000
  • Process Create
    proc
    19
    time
    3118
    kind
    Existing
    image
    C:\Windows\system32\taskhost.exe
    cmd
    "taskhost.exe"
    pid
    1080
    parent_proc
    6
    orig
    true
    status
    0x00000000
  • Process Create
    proc
    17
    time
    3118
    kind
    Existing
    image
    C:\Windows\System32\spoolsv.exe
    cmd
    C:\Windows\System32\spoolsv.exe
    pid
    112
    parent_proc
    6
    orig
    true
    status
    0x00000000
  • Process Create
    proc
    15
    time
    3118
    kind
    Existing
    image
    C:\Windows\system32\svchost.exe
    cmd
    C:\Windows\system32\svchost.exe -k LocalService
    pid
    988
    parent_proc
    6
    orig
    true
    status
    0x00000000
  • Process Create
    proc
    13
    time
    3103
    kind
    Existing
    image
    C:\Windows\system32\svchost.exe
    cmd
    C:\Windows\system32\svchost.exe -k netsvcs
    pid
    844
    parent_proc
    6
    orig
    true
    status
    0x00000000
  • Process Create
    proc
    11
    time
    3103
    kind
    Existing
    image
    C:\Windows\System32\svchost.exe
    cmd
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    pid
    724
    parent_proc
    6
    orig
    true
    status
    0x00000000
  • Process Create
    proc
    10
    time
    3103
    kind
    Existing
    image
    C:\Windows\system32\svchost.exe
    cmd
    C:\Windows\system32\svchost.exe -k RPCSS
    pid
    664
    parent_proc
    6
    orig
    true
    status
    0x00000000
  • Process Create
    proc
    9
    time
    3103
    kind
    Existing
    image
    C:\Windows\system32\svchost.exe
    cmd
    C:\Windows\system32\svchost.exe -k DcomLaunch
    pid
    588
    parent_proc
    6
    orig
    true
    status
    0x00000000
  • Process Create
    proc
    27
    time
    3118
    kind
    Create
    image
    C:\Windows\system32\wscript.exe
    cmd
    wscript.exe C:\Users\Admin\AppData\Local\Temp\Upload\admin\inc\class_page.js
    pid
    2440
    parent_proc
    21
    orig
    true
    status
    0x00000000
  • Registry Read
    proc
    27
    op
    OpenKeyEx
    status
    0x00000104
    path
    HKLM\SYSTEM\ControlSet001\Control\Session Manager
  • Registry Read
    proc
    27
    op
    OpenKeyEx
    status
    0x00000000
    path
    HKLM\SYSTEM\ControlSet001\Control\Session Manager
  • Registry Read
    proc
    27
    op
    QueryValueKey
    status
    0xc0000034
    path
    HKLM\SYSTEM\ControlSet001\Control\SESSION MANAGER\CWDIllegalInDLLSearch
  • File Read
    proc
    27
    path
    C:\Users\Admin\AppData\Local\Temp\Upload\admin\inc\
    op
    Unknown
    status
    0x00000000
  • Registry Read
    proc
    27
    op
    OpenKeyEx
    status
    0x00000104
    path
    HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Option
  • Registry Read
    proc
    27
    op
    OpenKeyEx
    status
    0xc0000034
    path
    HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Option
  • Registry Read
    proc
    27
    op
    OpenKeyEx
    status
    0x00000104
    path
    HKLM\SYSTEM\ControlSet001\Control\Srp\GP\DLL
  • Registry Read
    proc
    27
    op
    OpenKeyEx
    status
    0xc0000034
    path
    HKLM\SYSTEM\ControlSet001\Control\Srp\GP\DLL
  • Registry Read
    proc
    27
    op
    OpenKeyEx
    status
    0x00000000
    path
    HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
  • Registry Read
    proc
    27
    op
    QueryValueKey
    status
    0xc0000034
    path
    HKLM\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\TransparentEnabled
  • Registry Read
    proc
    27
    op
    OpenKeyEx
    status
    0x00000104
    path
    HKLM\SYSTEM\ControlSet001\Control\Nls\Sorting\Versions
  • Registry Read
    proc
    27
    op
    OpenKeyEx
    status
    0x00000000
    path
    HKLM\SYSTEM\ControlSet001\Control\Nls\Sorting\Versions
  • Registry Read
    proc
    27
    op
    QueryValueKey
    status
    0x00000000
    path
    HKLM\SYSTEM\ControlSet001\Control\Nls\Sorting\Versions\
  • Registry Read
    proc
    27
    op
    OpenKeyEx
    status
    0x00000000
    path
    HKLM
  • Registry Read
    proc
    27
    op
    QueryKey
    status
    0x00000000
    path
    HKLM
  • Registry Read
    proc
    27
    op
    OpenKeyEx
    status
    0xc0000034
    path
    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Diagnostics
  • Registry Read
    proc
    27
    op
    OpenKeyEx
    status
    0x00000104
    path
    HKLM\SYSTEM\ControlSet001\Control\Session Manager
  • Registry Read
    proc
    27
    op
    OpenKeyEx
    status
    0x00000000
    path
    HKLM\SYSTEM\ControlSet001\Control\Session Manager
  • Registry Read
    proc
    27
    op
    QueryValueKey
    status
    0xc0000034
    path
    HKLM\SYSTEM\ControlSet001\Control\SESSION MANAGER\SafeDllSearchMode
  • Registry Read
    proc
    27
    op
    OpenKeyEx
    status
    0x00000104
    path
    HKLM\SYSTEM\ControlSet001\Control\Error Message Instrument
  • Registry Read
    proc
    27
    op
    OpenKeyEx
    status
    0xc0000034
    path
    HKLM\SYSTEM\ControlSet001\Control\Error Message Instrument
  • Registry Read
    proc
    27
    op
    QueryValueKey
    status
    0xc0000034
    path
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Compatibility32\wscript
  • Registry Read
    proc
    27
    op
    OpenKeyEx
    status
    0x00000000
    path
    HKCU
  • Registry Read
    proc
    27
    op
    OpenKeyEx
    status
    0xc0000034
    path
    HKLM\Software\Policies\Microsoft\MUI\Settings
  • Registry Read
    proc
    27
    op
    OpenKeyEx
    status
    0x00000000
    path
    HKCU
  • Registry Read
    proc
    27
    op
    OpenKeyEx
    status
    0xc0000034
    path
    HKLM\Software\Policies\Microsoft\MUI\Settings
  • Registry Read
    proc
    27
    op
    OpenKeyEx
    status
    0x00000000
    path
    HKCU
  • Registry Read
    proc
    27
    op
    OpenKeyEx
    status
    0xc0000034
    path
    HKLM\Software\Policies\Microsoft\MUI\Settings
  • Registry Read
    proc
    27
    op
    OpenKeyEx
    status
    0x00000000
    path
    HKCU
  • Registry Read
    proc
    27
    op
    OpenKeyEx
    status
    0xc0000034
    path
    HKLM\Software\Policies\Microsoft\MUI\Settings
  • Registry Read
    proc
    27
    op
    OpenKeyEx
    status
    0x00000000
    path
    HKCU
  • Registry Read
    proc
    27
    op
    OpenKeyEx
    status
    0xc0000034
    path
    HKLM\Software\Policies\Microsoft\MUI\Settings
  • Registry Read
    proc
    27
    op
    OpenKeyEx
    status
    0x00000000
    path
    HKCU
  • Registry Read
    proc
    27
    op
    OpenKeyEx
    status
    0x00000104
    path
    HKLM\SYSTEM\ControlSet001\Control\CMF\Config
  • Registry Read
    proc
    27
    op
    OpenKeyEx
    status
    0x00000000
    path
    HKLM\SYSTEM\ControlSet001\Control\CMF\Config
  • Registry Read
    proc
    27
    op
    QueryValueKey
    status
    0x00000000
    path
    HKLM\SYSTEM\ControlSet001\Control\CMF\Config\SYSTEM
  • Registry Read
    proc
    27
    op
    QueryKey
    status
    0x00000000
    path
    HKLM
  • Registry Read
    proc
    27
    op
    QueryValueKey
    status
    0x00000000
    path
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\LoadAppInit_DLLs
  • Registry Read
    proc
    27
    op
    QueryKey
    status
    0x00000000
    path
    HKLM
  • Registry Read
    proc
    27
    op
    QueryKey
    status
    0x00000000
    path
    HKLM
  • Registry Read
    proc
    27
    op
    QueryKey
    status
    0x00000000
    path
    HKLM
  • Event
    proc
    27
    event
    HookSwitchHookEnabledEvent
    op
    EventOpen
    status
    0xc0000034
  • Registry Read
    proc
    27
    op
    QueryKey
    status
    0x00000000
    path
    HKLM
  • Registry Read
    proc
    27
    op
    OpenKeyEx
    status
    0xc0000034
    path
    HKLM\SOFTWARE\Microsoft\OLEAUT
  • Registry Read
    proc
    27
    op
    QueryKey
    status
    0x00000000
    path
    HKLM
  • Registry Read
    proc
    27
    op
    OpenKeyEx
    status
    0xc0000034
    path
    HKLM\SOFTWARE\Microsoft\OLEAUT
  • Registry Read
    proc
    27
    op
    OpenKeyEx
    status
    0x00000104
    path
    HKLM\SYSTEM\ControlSet001\Control\Nls\CustomLocale
  • Registry Read
    proc
    27
    op
    OpenKeyEx
    status
    0x00000000
    path
    HKLM\SYSTEM\ControlSet001\Control\Nls\CustomLocale
  • Registry Read
    proc
    27
    op
    QueryValueKey
    status
    0xc0000034
    path
    HKLM\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-US
  • Registry Read
    proc
    27
    op
    OpenKeyEx
    status
    0x00000104
    path
    HKLM\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale
  • Registry Read
    proc
    27
    op
    OpenKeyEx
    status
    0x00000000
    path
    HKLM\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale
  • Registry Read
    proc
    27
    op
    QueryValueKey
    status
    0xc0000034
    path
    HKLM\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-US
  • File Read
    proc
    27
    path
    \Device\KsecDD
    op
    OpenRead
    status
    0x00000000
  • Registry Read
    proc
    27
    op
    OpenKeyEx
    status
    0x00000000
    path
    HKCU
  • Registry Read
    proc
    27
    op
    QueryKey
    status
    0x00000000
    path
    HKCU
  • Registry Read
    proc
    27
    op
    OpenKeyEx
    status
    0x00000000
    path
    HKCU\Software\Microsoft\Windows Script Host\Settings
  • Registry Read
    proc
    27
    op
    QueryKey
    status
    0x00000000
    path
    HKLM
  • Registry Read
    proc
    27
    op
    OpenKeyEx
    status
    0x00000000
    path
    HKLM\Software\Microsoft\Windows Script Host\Settings
  • Registry Read
    proc
    27
    op
    QueryValueKey
    status
    0xc0000034
    path
    HKLM\SOFTWARE\Microsoft\Windows Script Host\Settings\IgnoreUserSettings
  • Registry Read
    proc
    27
    op
    QueryValueKey
    status
    0xc0000034
    path
    HKCU\Software\Microsoft\Windows Script Host\Settings\Enabled
  • Registry Read
    proc
    27
    op
    QueryValueKey
    status
    0xc0000034
    path
    HKLM\SOFTWARE\Microsoft\Windows Script Host\Settings\Enabled
  • Registry Read
    proc
    27
    op
    QueryKey
    status
    0x00000000
    path
    HKLM
  • Registry Read
    proc
    27
    op
    OpenKeyEx
    status
    0x00000000
    path
    HKLM\Software\Microsoft\Rpc
  • Registry Read
    proc
    27
    op
    QueryValueKey
    status
    0xc0000034
    path
    HKLM\SOFTWARE\Microsoft\Rpc\MaxRpcSize
  • Registry Read
    proc
    27
    op
    OpenKeyEx
    status
    0x00000104
    path
    HKLM\SYSTEM\ControlSet001\Control\ComputerName\ActiveComputerName
  • Registry Read
    proc
    27
    op
    OpenKeyEx
    status
    0x00000000
    path
    HKLM\SYSTEM\ControlSet001\Control\ComputerName\ActiveComputerName
  • Registry Read
    proc
    27
    op
    QueryValueKey
    status
    0x00000000
    path
    HKLM\SYSTEM\ControlSet001\Control\ComputerName\ActiveComputerName\ComputerName
  • Registry Read
    proc
    27
    op
    OpenKeyEx
    status
    0x00000000
    path
    HKLM\System\Setup
  • Registry Read
    proc
    27
    op
    QueryValueKey
    status
    0x00000000
    path
    HKLM\SYSTEM\Setup\OOBEInProgress
  • Registry Read
    proc
    27
    op
    OpenKeyEx
    status
    0x00000000
    path
    HKLM\System\Setup
  • Registry Read
    proc
    27
    op
    QueryValueKey
    status
    0x00000000
    path
    HKLM\SYSTEM\Setup\SystemSetupInProgress
  • Registry Read
    proc
    27
    op
    QueryKey
    status
    0x00000000
    path
    HKLM

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.