Analysis
-
max time kernel
150s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240704-en -
resource tags
-
submitted
14/07/2024, 18:06
General
-
Target
https://disk.yandex.ru/d/gWETppg44pYfGw
Malware Config
Signatures
-
Checks computer location settings 2 TTPs 28 IoCs
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE 28 IoCs
-
Drops file in Program Files directory 2 IoCs
-
Drops file in Windows directory 2 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Checks SCSI registry key(s) 3 TTPs 3 IoCs
SCSI information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies registry class 21 IoCs
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs
-
Suspicious use of AdjustPrivilegeToken 21 IoCs
-
Suspicious use of FindShellTrayWindow 64 IoCs
-
Suspicious use of SendNotifyMessage 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://disk.yandex.ru/d/gWETppg44pYfGw1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff99b5546f8,0x7ff99b554708,0x7ff99b5547182⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,16588097613414537851,6797928078482445370,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2068,16588097613414537851,6797928078482445370,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2068,16588097613414537851,6797928078482445370,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2740 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,16588097613414537851,6797928078482445370,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,16588097613414537851,6797928078482445370,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,16588097613414537851,6797928078482445370,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4988 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,16588097613414537851,6797928078482445370,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4764 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,16588097613414537851,6797928078482445370,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4764 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,16588097613414537851,6797928078482445370,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4760 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,16588097613414537851,6797928078482445370,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5768 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2068,16588097613414537851,6797928078482445370,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5164 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,16588097613414537851,6797928078482445370,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5976 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2068,16588097613414537851,6797928078482445370,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6204 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,16588097613414537851,6797928078482445370,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6284 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,16588097613414537851,6797928078482445370,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6300 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2068,16588097613414537851,6797928078482445370,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6556 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,16588097613414537851,6797928078482445370,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6220 /prefetch:12⤵
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Program Files\7-Zip\7zG.exe"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\MM2DUPE\" -ad -an -ai#7zMap19836:72:7zEvent63271⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
-
C:\Program Files\7-Zip\7zG.exe"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\MM2DUPE\" -ad -an -ai#7zMap22765:72:7zEvent219011⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
-
C:\Users\Admin\Desktop\MM2DUPE\MM2DUPE2024.exe"C:\Users\Admin\Desktop\MM2DUPE\MM2DUPE2024.exe"1⤵
- Checks computer location settings
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\BridgeblockcommonitorDhcp\dDbp8eP2aU61iNqgpTjsl7NkufyaAYjZ8OvSOJkNFK.vbe"2⤵
- Checks computer location settings
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\BridgeblockcommonitorDhcp\iRzYEbg37Sz9jgxSwN6zypwboSX0c5T9bE.bat" "3⤵
-
C:\BridgeblockcommonitorDhcp\hyperNet.exe"C:\BridgeblockcommonitorDhcp/hyperNet.exe"4⤵
- Checks computer location settings
- Executes dropped EXE
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\M1uTvsFRnI.bat"5⤵
-
C:\Windows\system32\chcp.comchcp 650016⤵
-
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:26⤵
-
-
C:\Windows\Resources\Themes\aero\Shell\OfficeClickToRun.exe"C:\Windows\Resources\Themes\aero\Shell\OfficeClickToRun.exe"6⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
-
-
-
-
-
-
C:\Users\Admin\Desktop\MM2DUPE\MM2DUPE2024.exe"C:\Users\Admin\Desktop\MM2DUPE\MM2DUPE2024.exe"1⤵
- Checks computer location settings
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\BridgeblockcommonitorDhcp\dDbp8eP2aU61iNqgpTjsl7NkufyaAYjZ8OvSOJkNFK.vbe"2⤵
- Checks computer location settings
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\BridgeblockcommonitorDhcp\iRzYEbg37Sz9jgxSwN6zypwboSX0c5T9bE.bat" "3⤵
-
C:\BridgeblockcommonitorDhcp\hyperNet.exe"C:\BridgeblockcommonitorDhcp/hyperNet.exe"4⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
-
-
-
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /41⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Users\Admin\Desktop\MM2DUPE\MM2DUPE2024.exe"C:\Users\Admin\Desktop\MM2DUPE\MM2DUPE2024.exe"1⤵
- Checks computer location settings
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\BridgeblockcommonitorDhcp\dDbp8eP2aU61iNqgpTjsl7NkufyaAYjZ8OvSOJkNFK.vbe"2⤵
- Checks computer location settings
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\BridgeblockcommonitorDhcp\iRzYEbg37Sz9jgxSwN6zypwboSX0c5T9bE.bat" "3⤵
-
C:\BridgeblockcommonitorDhcp\hyperNet.exe"C:\BridgeblockcommonitorDhcp/hyperNet.exe"4⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
-
-
-
-
C:\Users\Admin\Desktop\MM2DUPE\MM2DUPE2024.exe"C:\Users\Admin\Desktop\MM2DUPE\MM2DUPE2024.exe"1⤵
- Checks computer location settings
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\BridgeblockcommonitorDhcp\dDbp8eP2aU61iNqgpTjsl7NkufyaAYjZ8OvSOJkNFK.vbe"2⤵
- Checks computer location settings
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\BridgeblockcommonitorDhcp\iRzYEbg37Sz9jgxSwN6zypwboSX0c5T9bE.bat" "3⤵
-
C:\BridgeblockcommonitorDhcp\hyperNet.exe"C:\BridgeblockcommonitorDhcp/hyperNet.exe"4⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
-
-
-
-
C:\Users\Admin\Desktop\MM2DUPE\MM2DUPE2024.exe"C:\Users\Admin\Desktop\MM2DUPE\MM2DUPE2024.exe"1⤵
- Checks computer location settings
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\BridgeblockcommonitorDhcp\dDbp8eP2aU61iNqgpTjsl7NkufyaAYjZ8OvSOJkNFK.vbe"2⤵
- Checks computer location settings
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\BridgeblockcommonitorDhcp\iRzYEbg37Sz9jgxSwN6zypwboSX0c5T9bE.bat" "3⤵
-
C:\BridgeblockcommonitorDhcp\hyperNet.exe"C:\BridgeblockcommonitorDhcp/hyperNet.exe"4⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
-
-
-
-
C:\Users\Admin\Desktop\MM2DUPE\MM2DUPE2024.exe"C:\Users\Admin\Desktop\MM2DUPE\MM2DUPE2024.exe"1⤵
- Checks computer location settings
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\BridgeblockcommonitorDhcp\dDbp8eP2aU61iNqgpTjsl7NkufyaAYjZ8OvSOJkNFK.vbe"2⤵
- Checks computer location settings
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\BridgeblockcommonitorDhcp\iRzYEbg37Sz9jgxSwN6zypwboSX0c5T9bE.bat" "3⤵
-
C:\BridgeblockcommonitorDhcp\hyperNet.exe"C:\BridgeblockcommonitorDhcp/hyperNet.exe"4⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
-
-
-
-
C:\Users\Admin\Desktop\MM2DUPE\MM2DUPE2024.exe"C:\Users\Admin\Desktop\MM2DUPE\MM2DUPE2024.exe"1⤵
- Checks computer location settings
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\BridgeblockcommonitorDhcp\dDbp8eP2aU61iNqgpTjsl7NkufyaAYjZ8OvSOJkNFK.vbe"2⤵
- Checks computer location settings
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\BridgeblockcommonitorDhcp\iRzYEbg37Sz9jgxSwN6zypwboSX0c5T9bE.bat" "3⤵
-
C:\BridgeblockcommonitorDhcp\hyperNet.exe"C:\BridgeblockcommonitorDhcp/hyperNet.exe"4⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
-
-
-
-
C:\Users\Admin\Desktop\MM2DUPE\MM2DUPE2024.exe"C:\Users\Admin\Desktop\MM2DUPE\MM2DUPE2024.exe"1⤵
- Checks computer location settings
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\BridgeblockcommonitorDhcp\dDbp8eP2aU61iNqgpTjsl7NkufyaAYjZ8OvSOJkNFK.vbe"2⤵
-
-
C:\Users\Admin\Desktop\MM2DUPE\MM2DUPE2024.exe"C:\Users\Admin\Desktop\MM2DUPE\MM2DUPE2024.exe"1⤵
- Checks computer location settings
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\BridgeblockcommonitorDhcp\dDbp8eP2aU61iNqgpTjsl7NkufyaAYjZ8OvSOJkNFK.vbe"2⤵
-
-
C:\Users\Admin\Desktop\MM2DUPE\MM2DUPE2024.exe"C:\Users\Admin\Desktop\MM2DUPE\MM2DUPE2024.exe"1⤵
- Checks computer location settings
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\BridgeblockcommonitorDhcp\dDbp8eP2aU61iNqgpTjsl7NkufyaAYjZ8OvSOJkNFK.vbe"2⤵
-
-
C:\Users\Admin\Desktop\MM2DUPE\MM2DUPE2024.exe"C:\Users\Admin\Desktop\MM2DUPE\MM2DUPE2024.exe"1⤵
- Checks computer location settings
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\BridgeblockcommonitorDhcp\dDbp8eP2aU61iNqgpTjsl7NkufyaAYjZ8OvSOJkNFK.vbe"2⤵
-
-
C:\Users\Admin\Desktop\MM2DUPE\MM2DUPE2024.exe"C:\Users\Admin\Desktop\MM2DUPE\MM2DUPE2024.exe"1⤵
- Checks computer location settings
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\BridgeblockcommonitorDhcp\dDbp8eP2aU61iNqgpTjsl7NkufyaAYjZ8OvSOJkNFK.vbe"2⤵
-
-
C:\Users\Admin\Desktop\MM2DUPE\MM2DUPE2024.exe"C:\Users\Admin\Desktop\MM2DUPE\MM2DUPE2024.exe"1⤵
- Checks computer location settings
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\BridgeblockcommonitorDhcp\dDbp8eP2aU61iNqgpTjsl7NkufyaAYjZ8OvSOJkNFK.vbe"2⤵
-
-
C:\Users\Admin\Desktop\MM2DUPE\MM2DUPE2024.exe"C:\Users\Admin\Desktop\MM2DUPE\MM2DUPE2024.exe"1⤵
- Checks computer location settings
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\BridgeblockcommonitorDhcp\dDbp8eP2aU61iNqgpTjsl7NkufyaAYjZ8OvSOJkNFK.vbe"2⤵
-
-
C:\Users\Admin\Desktop\MM2DUPE\MM2DUPE2024.exe"C:\Users\Admin\Desktop\MM2DUPE\MM2DUPE2024.exe"1⤵
- Checks computer location settings
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\BridgeblockcommonitorDhcp\dDbp8eP2aU61iNqgpTjsl7NkufyaAYjZ8OvSOJkNFK.vbe"2⤵
-
-
C:\Users\Admin\Desktop\MM2DUPE\MM2DUPE2024.exe"C:\Users\Admin\Desktop\MM2DUPE\MM2DUPE2024.exe"1⤵
- Checks computer location settings
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\BridgeblockcommonitorDhcp\dDbp8eP2aU61iNqgpTjsl7NkufyaAYjZ8OvSOJkNFK.vbe"2⤵
-
-
C:\Users\Admin\Desktop\MM2DUPE\MM2DUPE2024.exe"C:\Users\Admin\Desktop\MM2DUPE\MM2DUPE2024.exe"1⤵
- Checks computer location settings
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\BridgeblockcommonitorDhcp\dDbp8eP2aU61iNqgpTjsl7NkufyaAYjZ8OvSOJkNFK.vbe"2⤵
-
-
C:\Users\Admin\Desktop\MM2DUPE\MM2DUPE2024.exe"C:\Users\Admin\Desktop\MM2DUPE\MM2DUPE2024.exe"1⤵
- Checks computer location settings
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\BridgeblockcommonitorDhcp\dDbp8eP2aU61iNqgpTjsl7NkufyaAYjZ8OvSOJkNFK.vbe"2⤵
-
-
C:\Users\Admin\Desktop\MM2DUPE\MM2DUPE2024.exe"C:\Users\Admin\Desktop\MM2DUPE\MM2DUPE2024.exe"1⤵
- Checks computer location settings
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\BridgeblockcommonitorDhcp\dDbp8eP2aU61iNqgpTjsl7NkufyaAYjZ8OvSOJkNFK.vbe"2⤵
-
-
C:\Users\Admin\Desktop\MM2DUPE\MM2DUPE2024.exe"C:\Users\Admin\Desktop\MM2DUPE\MM2DUPE2024.exe"1⤵
- Checks computer location settings
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\BridgeblockcommonitorDhcp\dDbp8eP2aU61iNqgpTjsl7NkufyaAYjZ8OvSOJkNFK.vbe"2⤵
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
238B
MD5a4e1817d45f74240b03ae70caf2678c6
SHA1d83ff2bb7d212692dd9359aa28366c820d3b1ec7
SHA2565d4fe36859278784ccdee635e849260a7bfdb3b62c500e67ed1e1ba6d4cbfca7
SHA512d3e21824055c62922ed79b69f20716ee6f62b9a3229b0228bbb57595a628f1f6af5677b1ac31ad714e8f0031ddd4dea96461d480189e96ca45dc055524294125
-
Filesize
1.7MB
MD56919edca0b4fddc5508c40f65fbdb842
SHA16e0a6251de98676b91bb79acb151a77349a03c7b
SHA2566b6654326e1d239b5b36e3fb689f492a5670cce091bc1e03602ad6c0c84d71ed
SHA5128f9c1db7d9794623b9d74f4d729d68a7bc8dd1d0e6cf7f2b73a8e17557e73ebe841cba53cc9d2a2c2c99b0205f1bae906a8fce18595b24e89791835aedd30a5a
-
Filesize
93B
MD592f569ca1c02a5e96a343ad0e5b09201
SHA1de4eb2db92cfe18ffbb956b24d34ba6a268cef21
SHA256a371b816c11c127ed4f8672b0a21446d25bedf2152ca6b3782964e0d955b1b2c
SHA512a54835e5e84576ab61e1389fb27ae6cb4bcb10ff5033664136a320a4573d43ec9d2cc20ba3b9b8e43a81f94e3184039bb4f5ab0b758ad44c2b3205061c50e255
-
Filesize
1KB
MD51eff74e45bb1f7104e691358cb209546
SHA1253b13ffad516cc34704f5b882c6fa36953a953f
SHA2567ad96be486e6058b19446b95bb734acdaf4addc557b2d059a66ee1acfe19b3fc
SHA51244163ed001baf697ce66d3b386e13bf5cb94bc24ce6b1ae98665d766d5fcdf0ca28b41ecc26c5f11bbea117ac17099e87f204f9d5469bb102a769548edeead7e
-
Filesize
152B
MD5210676dde5c0bd984dc057e2333e1075
SHA12d2f8c14ee48a2580f852db7ac605f81b5b1399a
SHA2562a89d71b4ddd34734b16d91ebd8ea68b760f321baccdd4963f91b8d3507a3fb5
SHA512aeb81804cac5b17a5d1e55327f62df7645e9bbbfa8cad1401e7382628341a939b7aedc749b2412c06174a9e3fcdd5248d6df9b5d3f56c53232d17e59277ab017
-
Filesize
152B
MD5f4e6521c03f1bc16d91d99c059cc5424
SHA1043665051c486192a6eefe6d0632cf34ae8e89ad
SHA2567759c346539367b2f80e78abca170f09731caa169e3462f11eda84c3f1ca63d1
SHA5120bb4f628da6d715910161439685052409be54435e192cb4105191472bb14a33724592df24686d1655e9ba9572bd3dff8f46e211c0310e16bfe2ac949c49fbc5e
-
Filesize
54KB
MD5a3da8da561a251112656f943421ba226
SHA168c5d2d12c743d3f5294ba0172243459d446c0d1
SHA256d371e8f7c11bd31b51b2b367b20df41d4917ee23d6bdd4a7a95ad1a5473386df
SHA512d5dd5f64a8b5d193e64d1d85a50b658f51e6b9f27c6259d89d20ec22ad292152266fd99aa7682d163b4d00286d53d149e15266d5e3e0f74934cb2e560c1a0294
-
Filesize
456B
MD531332cd3085d62781f10db6b5a9fc490
SHA1483fd7377893041c6bf9f64cabffefc33e8dd663
SHA256378efb84d23392195f3b22ee660548c86975f1254496b95ccc5fcc5ea45932f8
SHA512ad24acf1e9a8beeef1a180f7cc81e2c246352cbad47836564d52d0e9752c76bfe874600bbbf62c44ba559ed99ee23f7c528996acead3edc36280c54ff00c06b3
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
626B
MD5ca38dd7b52fafe3d9bdf500e6b2e8667
SHA15dc8f4c072149bb353efad3d12ce237e3b8c8f6d
SHA256f2019b422cd9d8f4f68ec8e18e30d195023d6112778a50d4c18c1903fe770d4d
SHA5127abb73d0afd9127d3558b6d4be9b115ab3123c2e588f160535fb0632e46d2954e287da72769e68608fc7035f16479243c49ccfadf2484fc4e73eb2af2c908487
-
Filesize
6KB
MD56d567448745bb0bbdf214f1144fe044c
SHA151e5901d700af506fd073c0e29e06591b4b4261e
SHA256830386181df0806f3e9fbdfad8cb6200b5876e16c3696b2e00aec3cbd2d9e171
SHA512d79bcb4dd3a408e5ccca73587f4fd0a6d54767e5cc1d0941604e9129473c8e93a61aa9c14e876c2a6d165c7ce6af8bb85c288825092cdce26b1cd968a0c81056
-
Filesize
6KB
MD5ce9ed558c4942542324ccdba289e4eca
SHA1455fd933696519e5df38c3596df38507759b9e23
SHA2560c9a02cb55ab6713f961d1e8ceacbe69a40c8c6463069f6a551968b0c91b8c39
SHA51200c8d506f8fcaf0cad07c2fc756644498a65a31bbdcea55493264b415d9f1527ccc11d2cf9d55eb3c9e769978d7351f86621306a20e872e7c62d1d2f0656815b
-
Filesize
6KB
MD543872d6280a919f61c60188cd9aa5985
SHA1ffc426ba11527d0071844f352c51485aa748535b
SHA256e47098abe186e2eb8658bd748b9e41580f57e6c854974f190ac914debb0dc74d
SHA512e24ad07ab24c731d3ba6dfa4239c6241ec86ccb23af1d741140a3ab0ff6c5f734913fc2bcb440545636354b38715d0cdbcd89b63901117996cfad83bb30b21ed
-
Filesize
7KB
MD52b6c41cbf79492225400206b7c689696
SHA11c08177c6ada555608218b88eb2e7ae432f92796
SHA256e02b7b594cc7a64457d3a5f1ca429577f7e9c3b90720e829eb7a206ea85df720
SHA512555b42349660d193b9be4db83e062c6a83a9c7d9e39ce1d983b3b915f5ec1d0563ba6d6ecd0b0cdb94dad0131742ced2bd4326b799ec683ea2ec1fdd529d58eb
-
Filesize
705B
MD58b3f59c48e389959a9be655d7ee8a0dd
SHA15f95bcd72f1a020aee1c94b16bd67d9cd2969cf2
SHA25608653441a9e56afb7e388d47da76c9b57902af35aeb1dbd7ffe9e62559ac89de
SHA5128701e09db1af027428f318b8de33ee715b09fc729fc95905540a8ea5c8193a79d6f50d8a8fd6a3932e72ba8b7b78e91e41f0d870c6781c77c04cef5134f58c02
-
Filesize
705B
MD5b653cdcbfb79bbd9bc3a2ee4be0fd40e
SHA1cc5ed78697aa1fa25edbbb55269925472aaac8df
SHA2567031ddeebb9c48c4451a086e13bf3d6694c3addbdf7ad1a08371d12f52f33d47
SHA512b572a5f989372f287432cf5b992c1d2a4d18d14746242b26720320f6fe5aa4ad39584095d2dd54821cd29299e5df71c4103e3498a180a36fcfe0d1a9b8e23e99
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
41B
MD55af87dfd673ba2115e2fcf5cfdb727ab
SHA1d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b
-
Filesize
11KB
MD5fe35dafaad0b6817148f666056af11a1
SHA153b2ce6f772aefa4fd85322cc8cb53a2a89b50b3
SHA2564bbe32191296ea1dcd0313f6b35420947dccfe70a2600cc394aa238c87a5dd0c
SHA5129d7d1159349196d2fded9988d867b7563f90000c78eed154fc54cea768ff35e121489d5fee5cf542b992cadf346eb7a8bb0d9039f69a003f86da9f1f45a84f71
-
Filesize
11KB
MD5f89990cfbba6e16911f0da6a9bc263ed
SHA1e41ea8c0378248178d8043af798d1e2bb468045c
SHA2563278ef06507defa468a5aeb2033c49f8eadd1e989c57873b595fab9d81019a32
SHA512a357ace3dce3f96ba620b193c7ab993ce4a291981be2f161dbc8e54d30b718df1dbb9c852ea49caa37b7d61afe312ca25bc1bc22292c414662ba11593c6b283d
-
Filesize
235B
MD5a19263e4271ddf0124ae42f151c83b46
SHA10710c4a0bbfabb837453822cebfe2ebf1099d845
SHA2565c11ceabdbaecf4e08a7f4397b8a251c4374d036a55b77e1bd05396907560f48
SHA512835bc3307abb1cde4e53a00f13c3049d4c12adb2e33ad32cc2dbea5f160353cf5f7726f65ebf8e498b33fbd608edabe7cc1095c732702eed972ee133880db152
-
Filesize
2.0MB
MD57c1216bcfc6543f7a8f9b8ba2637fba1
SHA11a3e803889dec647c9117feadecc005d1cf2814e
SHA2564660e99e4a40b85202b93648180cf63be46e7b2d87ab2258b2aa0ef85cee0ae6
SHA512611c072ef869c6126f05813769d1819c657e87e1163542252a5eef5a4c5b1386c5061ebaa906a18b3fab6cc2229ee670f0b8c1a1deed31a2230ddab11d045d2a
-
Filesize
1.4MB
MD5393710cbca247af09361b42ecd4707ae
SHA1bf82dc316019c86b22201c8df2f4b074fad0c122
SHA256ea50def0dd932594fe6430faa97af3b0c8ea9ac388e2ce8bce2a8b955562592a
SHA512aad83e3dc0f4cbe79fe3b157eb1581ff3f635a28b3651643f674b20180d7a8caf6dad694589dab0e6a10af61ed1389599bf545dda91d60c3a1f4991e317a65e1
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
1.7MB
-
Filesize
320KB
-
Filesize
112KB
-
Filesize
56KB