Analysis
-
max time kernel
121s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system -
submitted
10-07-2024 15:07
Static task
static1
Behavioral task
behavioral1
Sample
COMANDA URGENTA.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
COMANDA URGENTA.exe
Resource
win10v2004-20240709-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240704-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240704-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/nsExec.dll
Resource
win7-20240704-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/nsExec.dll
Resource
win10v2004-20240709-en
General
-
Target
COMANDA URGENTA.exe
-
Size
620KB
-
MD5
b409d2fd594633bc71e64da08aed9951
-
SHA1
c6f38e204419c12044e34baf398030b76e616a2f
-
SHA256
c605bbb80497f649c14f03846249dbe6c72ac434ec1e1ef9292e80f1d92b832b
-
SHA512
b234f0a848c3d775cde23d4965084714fe13b3dd076f3749213e0f55a3f69cad302bebd2db2ce189333f85b4d81554dffc74b58553120251acb0f2ce6b03ecf6
-
SSDEEP
12288:9vxwRbB0H5KUjUPKCuO+ggobwxbAW07FN3WNZt:9vx6bB0ZqAHgDSbxQFN3WDt
Malware Config
Signatures
-
Loads dropped DLL 64 IoCs
Processes:
COMANDA URGENTA.exepid process 2312 COMANDA URGENTA.exe 2312 COMANDA URGENTA.exe 2312 COMANDA URGENTA.exe 2312 COMANDA URGENTA.exe 2312 COMANDA URGENTA.exe 2312 COMANDA URGENTA.exe 2312 COMANDA URGENTA.exe 2312 COMANDA URGENTA.exe 2312 COMANDA URGENTA.exe 2312 COMANDA URGENTA.exe 2312 COMANDA URGENTA.exe 2312 COMANDA URGENTA.exe 2312 COMANDA URGENTA.exe 2312 COMANDA URGENTA.exe 2312 COMANDA URGENTA.exe 2312 COMANDA URGENTA.exe 2312 COMANDA URGENTA.exe 2312 COMANDA URGENTA.exe 2312 COMANDA URGENTA.exe 2312 COMANDA URGENTA.exe 2312 COMANDA URGENTA.exe 2312 COMANDA URGENTA.exe 2312 COMANDA URGENTA.exe 2312 COMANDA URGENTA.exe 2312 COMANDA URGENTA.exe 2312 COMANDA URGENTA.exe 2312 COMANDA URGENTA.exe 2312 COMANDA URGENTA.exe 2312 COMANDA URGENTA.exe 2312 COMANDA URGENTA.exe 2312 COMANDA URGENTA.exe 2312 COMANDA URGENTA.exe 2312 COMANDA URGENTA.exe 2312 COMANDA URGENTA.exe 2312 COMANDA URGENTA.exe 2312 COMANDA URGENTA.exe 2312 COMANDA URGENTA.exe 2312 COMANDA URGENTA.exe 2312 COMANDA URGENTA.exe 2312 COMANDA URGENTA.exe 2312 COMANDA URGENTA.exe 2312 COMANDA URGENTA.exe 2312 COMANDA URGENTA.exe 2312 COMANDA URGENTA.exe 2312 COMANDA URGENTA.exe 2312 COMANDA URGENTA.exe 2312 COMANDA URGENTA.exe 2312 COMANDA URGENTA.exe 2312 COMANDA URGENTA.exe 2312 COMANDA URGENTA.exe 2312 COMANDA URGENTA.exe 2312 COMANDA URGENTA.exe 2312 COMANDA URGENTA.exe 2312 COMANDA URGENTA.exe 2312 COMANDA URGENTA.exe 2312 COMANDA URGENTA.exe 2312 COMANDA URGENTA.exe 2312 COMANDA URGENTA.exe 2312 COMANDA URGENTA.exe 2312 COMANDA URGENTA.exe 2312 COMANDA URGENTA.exe 2312 COMANDA URGENTA.exe 2312 COMANDA URGENTA.exe 2312 COMANDA URGENTA.exe -
Drops file in Program Files directory 1 IoCs
Processes:
COMANDA URGENTA.exedescription ioc process File opened for modification C:\Program Files (x86)\Common Files\ideologised\responseless.hvo COMANDA URGENTA.exe -
Drops file in Windows directory 1 IoCs
Processes:
COMANDA URGENTA.exedescription ioc process File opened for modification C:\Windows\resources\postnaris\Omsaetningen.ini COMANDA URGENTA.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 940 2312 WerFault.exe COMANDA URGENTA.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
COMANDA URGENTA.exedescription pid process target process PID 2312 wrote to memory of 2720 2312 COMANDA URGENTA.exe cmd.exe PID 2312 wrote to memory of 2720 2312 COMANDA URGENTA.exe cmd.exe PID 2312 wrote to memory of 2720 2312 COMANDA URGENTA.exe cmd.exe PID 2312 wrote to memory of 2720 2312 COMANDA URGENTA.exe cmd.exe PID 2312 wrote to memory of 2748 2312 COMANDA URGENTA.exe cmd.exe PID 2312 wrote to memory of 2748 2312 COMANDA URGENTA.exe cmd.exe PID 2312 wrote to memory of 2748 2312 COMANDA URGENTA.exe cmd.exe PID 2312 wrote to memory of 2748 2312 COMANDA URGENTA.exe cmd.exe PID 2312 wrote to memory of 2936 2312 COMANDA URGENTA.exe cmd.exe PID 2312 wrote to memory of 2936 2312 COMANDA URGENTA.exe cmd.exe PID 2312 wrote to memory of 2936 2312 COMANDA URGENTA.exe cmd.exe PID 2312 wrote to memory of 2936 2312 COMANDA URGENTA.exe cmd.exe PID 2312 wrote to memory of 2580 2312 COMANDA URGENTA.exe cmd.exe PID 2312 wrote to memory of 2580 2312 COMANDA URGENTA.exe cmd.exe PID 2312 wrote to memory of 2580 2312 COMANDA URGENTA.exe cmd.exe PID 2312 wrote to memory of 2580 2312 COMANDA URGENTA.exe cmd.exe PID 2312 wrote to memory of 2708 2312 COMANDA URGENTA.exe cmd.exe PID 2312 wrote to memory of 2708 2312 COMANDA URGENTA.exe cmd.exe PID 2312 wrote to memory of 2708 2312 COMANDA URGENTA.exe cmd.exe PID 2312 wrote to memory of 2708 2312 COMANDA URGENTA.exe cmd.exe PID 2312 wrote to memory of 2088 2312 COMANDA URGENTA.exe cmd.exe PID 2312 wrote to memory of 2088 2312 COMANDA URGENTA.exe cmd.exe PID 2312 wrote to memory of 2088 2312 COMANDA URGENTA.exe cmd.exe PID 2312 wrote to memory of 2088 2312 COMANDA URGENTA.exe cmd.exe PID 2312 wrote to memory of 332 2312 COMANDA URGENTA.exe cmd.exe PID 2312 wrote to memory of 332 2312 COMANDA URGENTA.exe cmd.exe PID 2312 wrote to memory of 332 2312 COMANDA URGENTA.exe cmd.exe PID 2312 wrote to memory of 332 2312 COMANDA URGENTA.exe cmd.exe PID 2312 wrote to memory of 572 2312 COMANDA URGENTA.exe cmd.exe PID 2312 wrote to memory of 572 2312 COMANDA URGENTA.exe cmd.exe PID 2312 wrote to memory of 572 2312 COMANDA URGENTA.exe cmd.exe PID 2312 wrote to memory of 572 2312 COMANDA URGENTA.exe cmd.exe PID 2312 wrote to memory of 2820 2312 COMANDA URGENTA.exe cmd.exe PID 2312 wrote to memory of 2820 2312 COMANDA URGENTA.exe cmd.exe PID 2312 wrote to memory of 2820 2312 COMANDA URGENTA.exe cmd.exe PID 2312 wrote to memory of 2820 2312 COMANDA URGENTA.exe cmd.exe PID 2312 wrote to memory of 2160 2312 COMANDA URGENTA.exe cmd.exe PID 2312 wrote to memory of 2160 2312 COMANDA URGENTA.exe cmd.exe PID 2312 wrote to memory of 2160 2312 COMANDA URGENTA.exe cmd.exe PID 2312 wrote to memory of 2160 2312 COMANDA URGENTA.exe cmd.exe PID 2312 wrote to memory of 2108 2312 COMANDA URGENTA.exe cmd.exe PID 2312 wrote to memory of 2108 2312 COMANDA URGENTA.exe cmd.exe PID 2312 wrote to memory of 2108 2312 COMANDA URGENTA.exe cmd.exe PID 2312 wrote to memory of 2108 2312 COMANDA URGENTA.exe cmd.exe PID 2312 wrote to memory of 1940 2312 COMANDA URGENTA.exe cmd.exe PID 2312 wrote to memory of 1940 2312 COMANDA URGENTA.exe cmd.exe PID 2312 wrote to memory of 1940 2312 COMANDA URGENTA.exe cmd.exe PID 2312 wrote to memory of 1940 2312 COMANDA URGENTA.exe cmd.exe PID 2312 wrote to memory of 2860 2312 COMANDA URGENTA.exe cmd.exe PID 2312 wrote to memory of 2860 2312 COMANDA URGENTA.exe cmd.exe PID 2312 wrote to memory of 2860 2312 COMANDA URGENTA.exe cmd.exe PID 2312 wrote to memory of 2860 2312 COMANDA URGENTA.exe cmd.exe PID 2312 wrote to memory of 2336 2312 COMANDA URGENTA.exe cmd.exe PID 2312 wrote to memory of 2336 2312 COMANDA URGENTA.exe cmd.exe PID 2312 wrote to memory of 2336 2312 COMANDA URGENTA.exe cmd.exe PID 2312 wrote to memory of 2336 2312 COMANDA URGENTA.exe cmd.exe PID 2312 wrote to memory of 2856 2312 COMANDA URGENTA.exe cmd.exe PID 2312 wrote to memory of 2856 2312 COMANDA URGENTA.exe cmd.exe PID 2312 wrote to memory of 2856 2312 COMANDA URGENTA.exe cmd.exe PID 2312 wrote to memory of 2856 2312 COMANDA URGENTA.exe cmd.exe PID 2312 wrote to memory of 1880 2312 COMANDA URGENTA.exe cmd.exe PID 2312 wrote to memory of 1880 2312 COMANDA URGENTA.exe cmd.exe PID 2312 wrote to memory of 1880 2312 COMANDA URGENTA.exe cmd.exe PID 2312 wrote to memory of 1880 2312 COMANDA URGENTA.exe cmd.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\COMANDA URGENTA.exe"C:\Users\Admin\AppData\Local\Temp\COMANDA URGENTA.exe"1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2312 -
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "250^177"2⤵PID:2720
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "244^177"2⤵PID:2748
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "227^177"2⤵PID:2936
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "255^177"2⤵PID:2580
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "244^177"2⤵PID:2708
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "253^177"2⤵PID:2088
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "130^177"2⤵PID:332
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "131^177"2⤵PID:572
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "139^177"2⤵PID:2820
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "139^177"2⤵PID:2160
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "242^177"2⤵PID:2108
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "195^177"2⤵PID:1940
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "212^177"2⤵PID:2860
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "208^177"2⤵PID:2336
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "197^177"2⤵PID:2856
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "212^177"2⤵PID:1880
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "247^177"2⤵PID:3016
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "216^177"2⤵PID:2512
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "221^177"2⤵PID:2548
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "212^177"2⤵PID:1648
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "240^177"2⤵PID:2320
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "153^177"2⤵PID:3008
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "220^177"2⤵PID:3056
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "145^177"2⤵PID:2484
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "195^177"2⤵PID:2436
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "133^177"2⤵PID:1808
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "145^177"2⤵PID:908
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "157^177"2⤵PID:2688
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "145^177"2⤵PID:2252
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "216^177"2⤵PID:3036
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "145^177"2⤵PID:1948
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "129^177"2⤵PID:2384
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "201^177"2⤵PID:2520
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "137^177"2⤵PID:1604
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "129^177"2⤵PID:2888
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "129^177"2⤵PID:2832
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "129^177"2⤵PID:2896
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "129^177"2⤵PID:2608
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "129^177"2⤵PID:2792
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "129^177"2⤵PID:2636
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "129^177"2⤵PID:2288
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "157^177"2⤵PID:344
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "145^177"2⤵PID:304
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "216^177"2⤵PID:572
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "145^177"2⤵PID:2820
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "129^177"2⤵PID:2160
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "157^177"2⤵PID:2108
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "145^177"2⤵PID:1940
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "193^177"2⤵PID:2860
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "145^177"2⤵PID:2336
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "129^177"2⤵PID:2848
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "157^177"2⤵PID:2540
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "145^177"2⤵PID:1700
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "216^177"2⤵PID:2512
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "145^177"2⤵PID:2548
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "133^177"2⤵PID:1648
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "157^177"2⤵PID:2320
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "145^177"2⤵PID:3008
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "216^177"2⤵PID:3056
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "145^177"2⤵PID:2484
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "129^177"2⤵PID:2436
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "201^177"2⤵PID:1808
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "137^177"2⤵PID:1748
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "129^177"2⤵PID:1676
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "157^177"2⤵PID:2988
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "145^177"2⤵PID:1088
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "216^177"2⤵PID:2352
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "145^177"2⤵PID:1504
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "129^177"2⤵PID:2064
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "152^177"2⤵PID:1612
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "216^177"2⤵PID:2828
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "159^177"2⤵PID:2812
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "195^177"2⤵PID:2832
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "132^177"2⤵PID:2808
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "141^177"2⤵PID:2620
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "250^177"2⤵PID:2588
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "244^177"2⤵PID:2660
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "227^177"2⤵PID:2412
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "255^177"2⤵PID:1164
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "244^177"2⤵PID:1484
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "253^177"2⤵PID:588
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "130^177"2⤵PID:1436
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "131^177"2⤵PID:2260
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "139^177"2⤵PID:2160
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "139^177"2⤵PID:1552
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "231^177"2⤵PID:2880
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "216^177"2⤵PID:1640
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "195^177"2⤵PID:2656
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "197^177"2⤵PID:2044
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "196^177"2⤵PID:3020
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "208^177"2⤵PID:2564
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "221^177"2⤵PID:2280
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "240^177"2⤵PID:2356
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "221^177"2⤵PID:2296
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "221^177"2⤵PID:1648
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "222^177"2⤵PID:716
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "210^177"2⤵PID:1528
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "153^177"2⤵PID:2216
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "216^177"2⤵PID:1672
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "145^177"2⤵PID:1408
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "129^177"2⤵PID:1712
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "157^177"2⤵PID:692
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "216^177"2⤵PID:896
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "145^177"2⤵PID:1684
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "133^177"2⤵PID:1768
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "135^177"2⤵PID:2404
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "133^177"2⤵PID:1692
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "129^177"2⤵PID:2772
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "130^177"2⤵PID:1600
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "132^177"2⤵PID:2804
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "137^177"2⤵PID:2996
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "133^177"2⤵PID:2480
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "157^177"2⤵PID:2712
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "145^177"2⤵PID:2756
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "216^177"2⤵PID:1944
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "145^177"2⤵PID:2664
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "129^177"2⤵PID:2708
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "201^177"2⤵PID:736
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "130^177"2⤵PID:332
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "129^177"2⤵PID:2932
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "129^177"2⤵PID:1656
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "129^177"2⤵PID:2420
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "157^177"2⤵PID:2180
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "145^177"2⤵PID:2424
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "216^177"2⤵PID:1968
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "145^177"2⤵PID:1512
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "129^177"2⤵PID:2920
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "201^177"2⤵PID:2916
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "133^177"2⤵PID:1952
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "129^177"2⤵PID:1764
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "152^177"2⤵PID:2104
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "193^177"2⤵PID:1664
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "159^177"2⤵PID:2548
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "195^177"2⤵PID:2192
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "128^177"2⤵PID:1108
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "141^177"2⤵PID:804
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "250^177"2⤵PID:296
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "244^177"2⤵PID:956
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "227^177"2⤵PID:348
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "255^177"2⤵PID:1412
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "244^177"2⤵PID:1744
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "253^177"2⤵PID:1004
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "130^177"2⤵PID:1732
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "131^177"2⤵PID:1812
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "139^177"2⤵PID:2244
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "139^177"2⤵PID:2136
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "226^177"2⤵PID:1504
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "212^177"2⤵PID:2064
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "197^177"2⤵PID:1716
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "247^177"2⤵PID:2824
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "216^177"2⤵PID:2908
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "221^177"2⤵PID:2012
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "212^177"2⤵PID:2700
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "225^177"2⤵PID:2604
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "222^177"2⤵PID:2124
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "216^177"2⤵PID:2628
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "223^177"2⤵PID:2088
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "197^177"2⤵PID:484
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "212^177"2⤵PID:304
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "195^177"2⤵PID:560
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "153^177"2⤵PID:2200
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "216^177"2⤵PID:3052
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "145^177"2⤵PID:1980
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "195^177"2⤵PID:2496
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "132^177"2⤵PID:1452
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "157^177"2⤵PID:2948
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "145^177"2⤵PID:2000
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "216^177"2⤵PID:2016
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "145^177"2⤵PID:2944
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "135^177"2⤵PID:1700
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "134^177"2⤵PID:1872
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "134^177"2⤵PID:2228
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "145^177"2⤵PID:2444
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "157^177"2⤵PID:1240
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "145^177"2⤵PID:1136
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "216^177"2⤵PID:2112
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "145^177"2⤵PID:2220
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "129^177"2⤵PID:1064
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "157^177"2⤵PID:1544
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "216^177"2⤵PID:2060
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "145^177"2⤵PID:1748
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "129^177"2⤵PID:896
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "152^177"2⤵PID:1684
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "216^177"2⤵PID:1088
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "159^177"2⤵PID:2352
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "195^177"2⤵PID:1692
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "130^177"2⤵PID:2224
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "141^177"2⤵PID:1608
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "250^177"2⤵PID:2836
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "244^177"2⤵PID:1964
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "227^177"2⤵PID:2480
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "255^177"2⤵PID:2712
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "244^177"2⤵PID:2724
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "253^177"2⤵PID:2792
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "130^177"2⤵PID:2636
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "131^177"2⤵PID:2708
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "139^177"2⤵PID:2088
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "139^177"2⤵PID:484
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "227^177"2⤵PID:304
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "212^177"2⤵PID:560
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "208^177"2⤵PID:2200
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "213^177"2⤵PID:2128
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "247^177"2⤵PID:2424
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "216^177"2⤵PID:2496
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "221^177"2⤵PID:1452
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "212^177"2⤵PID:2948
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "153^177"2⤵PID:2000
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "216^177"2⤵PID:2016
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "145^177"2⤵PID:2944
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "195^177"2⤵PID:1700
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "132^177"2⤵PID:1872
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "157^177"2⤵PID:2228
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "145^177"2⤵PID:1404
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "216^177"2⤵PID:1240
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "145^177"2⤵PID:1136
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "195^177"2⤵PID:2256
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "128^177"2⤵PID:1508
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "157^177"2⤵PID:1788
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "145^177"2⤵PID:2056
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "216^177"2⤵PID:1740
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "145^177"2⤵PID:636
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "133^177"2⤵PID:1676
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "135^177"2⤵PID:2988
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "133^177"2⤵PID:3060
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "129^177"2⤵PID:2352
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "130^177"2⤵PID:1692
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "132^177"2⤵PID:2344
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "137^177"2⤵PID:1608
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "133^177"2⤵PID:2836
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "157^177"2⤵PID:1964
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "155^177"2⤵PID:2480
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "216^177"2⤵PID:2712
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "145^177"2⤵PID:2724
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "129^177"2⤵PID:2792
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "157^177"2⤵PID:2636
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "145^177"2⤵PID:2708
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "216^177"2⤵PID:2232
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "145^177"2⤵PID:2720
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "129^177"2⤵PID:304
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "152^177"2⤵PID:560
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "216^177"2⤵PID:2200
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "159^177"2⤵PID:2128
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "195^177"2⤵PID:2424
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "130^177"2⤵PID:2496
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "141^177"2⤵PID:1452
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "196^177"2⤵PID:2948
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "194^177"2⤵PID:2000
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "212^177"2⤵PID:2100
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "195^177"2⤵PID:2492
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "130^177"2⤵PID:1700
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "131^177"2⤵PID:1872
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "139^177"2⤵PID:2228
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "139^177"2⤵PID:1404
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "242^177"2⤵PID:1240
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "208^177"2⤵PID:1136
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "221^177"2⤵PID:2256
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "221^177"2⤵PID:1508
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "230^177"2⤵PID:1788
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "216^177"2⤵PID:2296
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "223^177"2⤵PID:1192
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "213^177"2⤵PID:636
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "222^177"2⤵PID:1676
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "198^177"2⤵PID:2988
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "225^177"2⤵PID:3060
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "195^177"2⤵PID:2352
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "222^177"2⤵PID:1692
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "210^177"2⤵PID:2224
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "240^177"2⤵PID:1604
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "153^177"2⤵PID:2776
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "216^177"2⤵PID:2892
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "145^177"2⤵PID:2480
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "195^177"2⤵PID:2712
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "128^177"2⤵PID:2596
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "145^177"2⤵PID:2660
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "157^177"2⤵PID:2412
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "216^177"2⤵PID:2304
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "145^177"2⤵PID:1492
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "129^177"2⤵PID:2932
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "157^177"2⤵PID:1656
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "216^177"2⤵PID:2840
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "145^177"2⤵PID:2180
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "129^177"2⤵PID:1552
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "157^177"2⤵PID:1968
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "145^177"2⤵PID:1512
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "216^177"2⤵PID:2920
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "145^177"2⤵PID:2044
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "129^177"2⤵PID:1952
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "157^177"2⤵PID:2568
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "145^177"2⤵PID:2600
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "216^177"2⤵PID:1664
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "145^177"2⤵PID:2548
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "129^177"2⤵PID:1560
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "152^177"2⤵PID:716
-
C:\Windows\SysWOW64\cmd.execmd.exe /c set /a "141^177"2⤵PID:1048
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2312 -s 5482⤵
- Program crash
PID:940
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
11KB
MD5bff2a11d26d951ec34679b8fa1ee7192
SHA1d3de629a5a86ee35b6afa1802f6ac8b141b07062
SHA256aec5af9c7c551c3590492b0c0120b535b55ab048e84f695b617a5ab4b1a52f54
SHA5121dce397c9cab3cd3b58c181688286a89067c743f195403694819c2d988435268ffd01939beaaa17cfa344160c89414f28273b70de154be0def034af8c470723a
-
Filesize
6KB
MD5fdee755c4987e9859e0eec130ee22efd
SHA1ba32823881a98da6b92eee1d866be2b3a20c6e5d
SHA256e18984e78d58b2383f2c1e8ed0000088ee8d9d469345383618f179176fcddff6
SHA51231ba3dad22fd9b78ab3f6017c4373c923d048cf0c010900a131c4533ef185d408a88052aa4cf6184dbe484d44aab9cfa94a052185cf0b9ad19286ed921e4723f