description	ioc	Process
File opened for modification	C:\Windows\system32\AVe5Ds\msra.exe	cmd.exe
File created	C:\Windows\system32\AVe5Ds\msra.exe	cmd.exe

description	ioc	Process
Key deleted	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000_CLASSES\MSCFile\shell\open	Process not Found
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000_CLASSES\MSCFile\shell	Process not Found
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000_CLASSES\MSCFile\shell\open	Process not Found
Set value (str)	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000_CLASSES\MSCFile\shell\open\command\ = "C:\\Windows\\system32\\cmd.exe /c C:\\Users\\Admin\\AppData\\Local\\Temp\\TUuqz.cmd"	Process not Found
Key deleted	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000_CLASSES\MSCFile\shell\open\command	Process not Found
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000_CLASSES\MSCFile\shell\open\command	Process not Found
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000_CLASSES\MSCFile	Process not Found
Key deleted	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000_CLASSES\MSCFile\shell	Process not Found
Key deleted	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000_CLASSES\MSCFile	Process not Found

pid	Process
2552	rundll32.exe
2552	rundll32.exe
2552	rundll32.exe
1184	Process not Found
1184	Process not Found
1184	Process not Found
1184	Process not Found
1184	Process not Found
1184	Process not Found
1184	Process not Found
1184	Process not Found
1184	Process not Found
1184	Process not Found
1184	Process not Found
1184	Process not Found
1184	Process not Found
1184	Process not Found
1184	Process not Found
1184	Process not Found
1184	Process not Found
1184	Process not Found
1184	Process not Found
1184	Process not Found
1184	Process not Found
1184	Process not Found
1184	Process not Found
1184	Process not Found
1184	Process not Found
1184	Process not Found
1184	Process not Found
1184	Process not Found
1184	Process not Found
1184	Process not Found
1184	Process not Found
1184	Process not Found
1184	Process not Found
1184	Process not Found
1184	Process not Found
1184	Process not Found
1184	Process not Found
1184	Process not Found
1184	Process not Found
1184	Process not Found
1184	Process not Found
1184	Process not Found
1184	Process not Found
1184	Process not Found
1184	Process not Found
1184	Process not Found
1184	Process not Found
1184	Process not Found
1184	Process not Found
1184	Process not Found
1184	Process not Found
1184	Process not Found
1184	Process not Found
1184	Process not Found
1184	Process not Found
1184	Process not Found
1184	Process not Found
1184	Process not Found
1184	Process not Found
1184	Process not Found
1184	Process not Found

description	pid	Process	procid_target
PID 1184 wrote to memory of 3044	1184	Process not Found	31
PID 1184 wrote to memory of 3044	1184	Process not Found	31
PID 1184 wrote to memory of 3044	1184	Process not Found	31
PID 1184 wrote to memory of 2756	1184	Process not Found	32
PID 1184 wrote to memory of 2756	1184	Process not Found	32
PID 1184 wrote to memory of 2756	1184	Process not Found	32
PID 1184 wrote to memory of 3036	1184	Process not Found	34
PID 1184 wrote to memory of 3036	1184	Process not Found	34
PID 1184 wrote to memory of 3036	1184	Process not Found	34
PID 1184 wrote to memory of 1740	1184	Process not Found	35
PID 1184 wrote to memory of 1740	1184	Process not Found	35
PID 1184 wrote to memory of 1740	1184	Process not Found	35
PID 1184 wrote to memory of 1476	1184	Process not Found	37
PID 1184 wrote to memory of 1476	1184	Process not Found	37
PID 1184 wrote to memory of 1476	1184	Process not Found	37
PID 1476 wrote to memory of 2652	1476	eventvwr.exe	38
PID 1476 wrote to memory of 2652	1476	eventvwr.exe	38
PID 1476 wrote to memory of 2652	1476	eventvwr.exe	38
PID 2652 wrote to memory of 2680	2652	cmd.exe	40
PID 2652 wrote to memory of 2680	2652	cmd.exe	40
PID 2652 wrote to memory of 2680	2652	cmd.exe	40
PID 1184 wrote to memory of 1864	1184	Process not Found	41
PID 1184 wrote to memory of 1864	1184	Process not Found	41
PID 1184 wrote to memory of 1864	1184	Process not Found	41
PID 1864 wrote to memory of 1736	1864	cmd.exe	43
PID 1864 wrote to memory of 1736	1864	cmd.exe	43
PID 1864 wrote to memory of 1736	1864	cmd.exe	43
PID 1184 wrote to memory of 836	1184	Process not Found	44
PID 1184 wrote to memory of 836	1184	Process not Found	44
PID 1184 wrote to memory of 836	1184	Process not Found	44
PID 836 wrote to memory of 2224	836	cmd.exe	46
PID 836 wrote to memory of 2224	836	cmd.exe	46
PID 836 wrote to memory of 2224	836	cmd.exe	46
PID 1184 wrote to memory of 1464	1184	Process not Found	47
PID 1184 wrote to memory of 1464	1184	Process not Found	47
PID 1184 wrote to memory of 1464	1184	Process not Found	47
PID 1464 wrote to memory of 2476	1464	cmd.exe	49
PID 1464 wrote to memory of 2476	1464	cmd.exe	49
PID 1464 wrote to memory of 2476	1464	cmd.exe	49
PID 1184 wrote to memory of 2964	1184	Process not Found	50
PID 1184 wrote to memory of 2964	1184	Process not Found	50
PID 1184 wrote to memory of 2964	1184	Process not Found	50
PID 2964 wrote to memory of 448	2964	cmd.exe	52
PID 2964 wrote to memory of 448	2964	cmd.exe	52
PID 2964 wrote to memory of 448	2964	cmd.exe	52
PID 1184 wrote to memory of 1284	1184	Process not Found	53
PID 1184 wrote to memory of 1284	1184	Process not Found	53
PID 1184 wrote to memory of 1284	1184	Process not Found	53
PID 1284 wrote to memory of 1512	1284	cmd.exe	55
PID 1284 wrote to memory of 1512	1284	cmd.exe	55
PID 1284 wrote to memory of 1512	1284	cmd.exe	55
PID 1184 wrote to memory of 924	1184	Process not Found	56
PID 1184 wrote to memory of 924	1184	Process not Found	56
PID 1184 wrote to memory of 924	1184	Process not Found	56
PID 924 wrote to memory of 760	924	cmd.exe	58
PID 924 wrote to memory of 760	924	cmd.exe	58
PID 924 wrote to memory of 760	924	cmd.exe	58

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads