Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
147s -
max time network
151s -
platform
windows11-21h2_x64 -
resource
win11-20240802-en -
resource tags
arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system -
submitted
04/08/2024, 11:53
Behavioral task
behavioral1
Sample
7b0f5d34e8021af4134dbc9b5a0119f8e2acf18ade91c5f2b2fd168daec0027b.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
9 signatures
150 seconds
Behavioral task
behavioral2
Sample
7b0f5d34e8021af4134dbc9b5a0119f8e2acf18ade91c5f2b2fd168daec0027b.exe
Resource
win11-20240802-en
windows11-21h2-x64
9 signatures
150 seconds
General
-
Target
7b0f5d34e8021af4134dbc9b5a0119f8e2acf18ade91c5f2b2fd168daec0027b.exe
-
Size
147KB
-
MD5
1b8977fa6d45aa48c790b038a8696b71
-
SHA1
6c29c41ca7d413846057b6f32059ca1c714782bb
-
SHA256
7b0f5d34e8021af4134dbc9b5a0119f8e2acf18ade91c5f2b2fd168daec0027b
-
SHA512
189080dbc029f333251135bb702b5ecad477f9f9811c2704810e063c64b109fa8d2f5771a41fd286435d9a8ce368c352675971cd2d4d6c1191d9c2980333cebd
-
SSDEEP
3072:1qJogYkcSNm9V7DtXJqJIw1gUQil+4O6JT:1q2kc4m9tDtXJqJIwll+
Score
10/10
Malware Config
Extracted
Path
C:\ashOWYJUH.README.txt
Ransom Note
>>>> You need to contact us soon!
Our contact email:
[email protected]
>>>> Your data are stolen and encrypted
>>>> Your personal DECRYPTION ID: D9AC5C30CE91307BC45756FEC54E3A07
>>>> All files on your computer have been encrypted.
>>>> If you want to recover encrypted files, then contact us soon!
>>>> We can decrypt 1-3 files (doc, xls, pdf, txt, jpeg) for free. You can attach them to your email. Databases, archives, backups are decrypted only after payment!
>>>> What guarantees that we will not deceive you?
We are not a politically motivated group and we do not need anything other than your money.
If you pay, we will provide you the programs for decryption and we will delete your data.
Life is too short to be sad. Be not sad, money, it is only paper.
If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future.
Therefore to us our reputation is very important. We attack the companies worldwide and there is no dissatisfied victim after payment.
>>>> You need to contact us soon!
Our contact email:
[email protected]
>>>> Warning! Do not DELETE or MODIFY any files, it can lead to recovery problems!
>>>> Warning! If you do not pay the ransom we will attack your company repeatedly again!
Emails
Signatures
-
Renames multiple (638) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Drops desktop.ini file(s) 2 IoCs
description ioc Process File opened for modification C:\$Recycle.Bin\S-1-5-21-970747758-134341002-3585657277-1000\desktop.ini 7b0f5d34e8021af4134dbc9b5a0119f8e2acf18ade91c5f2b2fd168daec0027b.exe File opened for modification F:\$RECYCLE.BIN\S-1-5-21-970747758-134341002-3585657277-1000\desktop.ini 7b0f5d34e8021af4134dbc9b5a0119f8e2acf18ade91c5f2b2fd168daec0027b.exe -
Sets desktop wallpaper using registry 2 TTPs 2 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000\Control Panel\Desktop\WallPaper = "C:\\ProgramData\\ashOWYJUH.bmp" 7b0f5d34e8021af4134dbc9b5a0119f8e2acf18ade91c5f2b2fd168daec0027b.exe Set value (str) \REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000\Control Panel\Desktop\Wallpaper = "C:\\ProgramData\\ashOWYJUH.bmp" 7b0f5d34e8021af4134dbc9b5a0119f8e2acf18ade91c5f2b2fd168daec0027b.exe -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 7b0f5d34e8021af4134dbc9b5a0119f8e2acf18ade91c5f2b2fd168daec0027b.exe -
Modifies Control Panel 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000\Control Panel\Desktop 7b0f5d34e8021af4134dbc9b5a0119f8e2acf18ade91c5f2b2fd168daec0027b.exe Set value (str) \REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000\Control Panel\Desktop\WallpaperStyle = "10" 7b0f5d34e8021af4134dbc9b5a0119f8e2acf18ade91c5f2b2fd168daec0027b.exe -
Modifies registry class 5 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.ashOWYJUH\ = "ashOWYJUH" 7b0f5d34e8021af4134dbc9b5a0119f8e2acf18ade91c5f2b2fd168daec0027b.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ashOWYJUH\DefaultIcon 7b0f5d34e8021af4134dbc9b5a0119f8e2acf18ade91c5f2b2fd168daec0027b.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ashOWYJUH 7b0f5d34e8021af4134dbc9b5a0119f8e2acf18ade91c5f2b2fd168daec0027b.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ashOWYJUH\DefaultIcon\ = "C:\\ProgramData\\ashOWYJUH.ico" 7b0f5d34e8021af4134dbc9b5a0119f8e2acf18ade91c5f2b2fd168daec0027b.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.ashOWYJUH 7b0f5d34e8021af4134dbc9b5a0119f8e2acf18ade91c5f2b2fd168daec0027b.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 3924 7b0f5d34e8021af4134dbc9b5a0119f8e2acf18ade91c5f2b2fd168daec0027b.exe 3924 7b0f5d34e8021af4134dbc9b5a0119f8e2acf18ade91c5f2b2fd168daec0027b.exe 3924 7b0f5d34e8021af4134dbc9b5a0119f8e2acf18ade91c5f2b2fd168daec0027b.exe 3924 7b0f5d34e8021af4134dbc9b5a0119f8e2acf18ade91c5f2b2fd168daec0027b.exe 3924 7b0f5d34e8021af4134dbc9b5a0119f8e2acf18ade91c5f2b2fd168daec0027b.exe 3924 7b0f5d34e8021af4134dbc9b5a0119f8e2acf18ade91c5f2b2fd168daec0027b.exe 3924 7b0f5d34e8021af4134dbc9b5a0119f8e2acf18ade91c5f2b2fd168daec0027b.exe 3924 7b0f5d34e8021af4134dbc9b5a0119f8e2acf18ade91c5f2b2fd168daec0027b.exe 3924 7b0f5d34e8021af4134dbc9b5a0119f8e2acf18ade91c5f2b2fd168daec0027b.exe 3924 7b0f5d34e8021af4134dbc9b5a0119f8e2acf18ade91c5f2b2fd168daec0027b.exe 3924 7b0f5d34e8021af4134dbc9b5a0119f8e2acf18ade91c5f2b2fd168daec0027b.exe 3924 7b0f5d34e8021af4134dbc9b5a0119f8e2acf18ade91c5f2b2fd168daec0027b.exe 3924 7b0f5d34e8021af4134dbc9b5a0119f8e2acf18ade91c5f2b2fd168daec0027b.exe 3924 7b0f5d34e8021af4134dbc9b5a0119f8e2acf18ade91c5f2b2fd168daec0027b.exe 3924 7b0f5d34e8021af4134dbc9b5a0119f8e2acf18ade91c5f2b2fd168daec0027b.exe 3924 7b0f5d34e8021af4134dbc9b5a0119f8e2acf18ade91c5f2b2fd168daec0027b.exe 3924 7b0f5d34e8021af4134dbc9b5a0119f8e2acf18ade91c5f2b2fd168daec0027b.exe 3924 7b0f5d34e8021af4134dbc9b5a0119f8e2acf18ade91c5f2b2fd168daec0027b.exe 3924 7b0f5d34e8021af4134dbc9b5a0119f8e2acf18ade91c5f2b2fd168daec0027b.exe 3924 7b0f5d34e8021af4134dbc9b5a0119f8e2acf18ade91c5f2b2fd168daec0027b.exe 3924 7b0f5d34e8021af4134dbc9b5a0119f8e2acf18ade91c5f2b2fd168daec0027b.exe 3924 7b0f5d34e8021af4134dbc9b5a0119f8e2acf18ade91c5f2b2fd168daec0027b.exe 3924 7b0f5d34e8021af4134dbc9b5a0119f8e2acf18ade91c5f2b2fd168daec0027b.exe 3924 7b0f5d34e8021af4134dbc9b5a0119f8e2acf18ade91c5f2b2fd168daec0027b.exe 3924 7b0f5d34e8021af4134dbc9b5a0119f8e2acf18ade91c5f2b2fd168daec0027b.exe 3924 7b0f5d34e8021af4134dbc9b5a0119f8e2acf18ade91c5f2b2fd168daec0027b.exe 3924 7b0f5d34e8021af4134dbc9b5a0119f8e2acf18ade91c5f2b2fd168daec0027b.exe 3924 7b0f5d34e8021af4134dbc9b5a0119f8e2acf18ade91c5f2b2fd168daec0027b.exe 3924 7b0f5d34e8021af4134dbc9b5a0119f8e2acf18ade91c5f2b2fd168daec0027b.exe 3924 7b0f5d34e8021af4134dbc9b5a0119f8e2acf18ade91c5f2b2fd168daec0027b.exe 3924 7b0f5d34e8021af4134dbc9b5a0119f8e2acf18ade91c5f2b2fd168daec0027b.exe 3924 7b0f5d34e8021af4134dbc9b5a0119f8e2acf18ade91c5f2b2fd168daec0027b.exe 3924 7b0f5d34e8021af4134dbc9b5a0119f8e2acf18ade91c5f2b2fd168daec0027b.exe 3924 7b0f5d34e8021af4134dbc9b5a0119f8e2acf18ade91c5f2b2fd168daec0027b.exe 3924 7b0f5d34e8021af4134dbc9b5a0119f8e2acf18ade91c5f2b2fd168daec0027b.exe 3924 7b0f5d34e8021af4134dbc9b5a0119f8e2acf18ade91c5f2b2fd168daec0027b.exe 3924 7b0f5d34e8021af4134dbc9b5a0119f8e2acf18ade91c5f2b2fd168daec0027b.exe 3924 7b0f5d34e8021af4134dbc9b5a0119f8e2acf18ade91c5f2b2fd168daec0027b.exe 3924 7b0f5d34e8021af4134dbc9b5a0119f8e2acf18ade91c5f2b2fd168daec0027b.exe 3924 7b0f5d34e8021af4134dbc9b5a0119f8e2acf18ade91c5f2b2fd168daec0027b.exe 3924 7b0f5d34e8021af4134dbc9b5a0119f8e2acf18ade91c5f2b2fd168daec0027b.exe 3924 7b0f5d34e8021af4134dbc9b5a0119f8e2acf18ade91c5f2b2fd168daec0027b.exe 3924 7b0f5d34e8021af4134dbc9b5a0119f8e2acf18ade91c5f2b2fd168daec0027b.exe 3924 7b0f5d34e8021af4134dbc9b5a0119f8e2acf18ade91c5f2b2fd168daec0027b.exe 3924 7b0f5d34e8021af4134dbc9b5a0119f8e2acf18ade91c5f2b2fd168daec0027b.exe 3924 7b0f5d34e8021af4134dbc9b5a0119f8e2acf18ade91c5f2b2fd168daec0027b.exe 3924 7b0f5d34e8021af4134dbc9b5a0119f8e2acf18ade91c5f2b2fd168daec0027b.exe 3924 7b0f5d34e8021af4134dbc9b5a0119f8e2acf18ade91c5f2b2fd168daec0027b.exe 3924 7b0f5d34e8021af4134dbc9b5a0119f8e2acf18ade91c5f2b2fd168daec0027b.exe 3924 7b0f5d34e8021af4134dbc9b5a0119f8e2acf18ade91c5f2b2fd168daec0027b.exe 3924 7b0f5d34e8021af4134dbc9b5a0119f8e2acf18ade91c5f2b2fd168daec0027b.exe 3924 7b0f5d34e8021af4134dbc9b5a0119f8e2acf18ade91c5f2b2fd168daec0027b.exe 3924 7b0f5d34e8021af4134dbc9b5a0119f8e2acf18ade91c5f2b2fd168daec0027b.exe 3924 7b0f5d34e8021af4134dbc9b5a0119f8e2acf18ade91c5f2b2fd168daec0027b.exe 3924 7b0f5d34e8021af4134dbc9b5a0119f8e2acf18ade91c5f2b2fd168daec0027b.exe 3924 7b0f5d34e8021af4134dbc9b5a0119f8e2acf18ade91c5f2b2fd168daec0027b.exe 3924 7b0f5d34e8021af4134dbc9b5a0119f8e2acf18ade91c5f2b2fd168daec0027b.exe 3924 7b0f5d34e8021af4134dbc9b5a0119f8e2acf18ade91c5f2b2fd168daec0027b.exe 3924 7b0f5d34e8021af4134dbc9b5a0119f8e2acf18ade91c5f2b2fd168daec0027b.exe 3924 7b0f5d34e8021af4134dbc9b5a0119f8e2acf18ade91c5f2b2fd168daec0027b.exe 3924 7b0f5d34e8021af4134dbc9b5a0119f8e2acf18ade91c5f2b2fd168daec0027b.exe 3924 7b0f5d34e8021af4134dbc9b5a0119f8e2acf18ade91c5f2b2fd168daec0027b.exe 3924 7b0f5d34e8021af4134dbc9b5a0119f8e2acf18ade91c5f2b2fd168daec0027b.exe 3924 7b0f5d34e8021af4134dbc9b5a0119f8e2acf18ade91c5f2b2fd168daec0027b.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeAssignPrimaryTokenPrivilege 3924 7b0f5d34e8021af4134dbc9b5a0119f8e2acf18ade91c5f2b2fd168daec0027b.exe Token: SeBackupPrivilege 3924 7b0f5d34e8021af4134dbc9b5a0119f8e2acf18ade91c5f2b2fd168daec0027b.exe Token: SeDebugPrivilege 3924 7b0f5d34e8021af4134dbc9b5a0119f8e2acf18ade91c5f2b2fd168daec0027b.exe Token: 36 3924 7b0f5d34e8021af4134dbc9b5a0119f8e2acf18ade91c5f2b2fd168daec0027b.exe Token: SeImpersonatePrivilege 3924 7b0f5d34e8021af4134dbc9b5a0119f8e2acf18ade91c5f2b2fd168daec0027b.exe Token: SeIncBasePriorityPrivilege 3924 7b0f5d34e8021af4134dbc9b5a0119f8e2acf18ade91c5f2b2fd168daec0027b.exe Token: SeIncreaseQuotaPrivilege 3924 7b0f5d34e8021af4134dbc9b5a0119f8e2acf18ade91c5f2b2fd168daec0027b.exe Token: 33 3924 7b0f5d34e8021af4134dbc9b5a0119f8e2acf18ade91c5f2b2fd168daec0027b.exe Token: SeManageVolumePrivilege 3924 7b0f5d34e8021af4134dbc9b5a0119f8e2acf18ade91c5f2b2fd168daec0027b.exe Token: SeProfSingleProcessPrivilege 3924 7b0f5d34e8021af4134dbc9b5a0119f8e2acf18ade91c5f2b2fd168daec0027b.exe Token: SeRestorePrivilege 3924 7b0f5d34e8021af4134dbc9b5a0119f8e2acf18ade91c5f2b2fd168daec0027b.exe Token: SeSecurityPrivilege 3924 7b0f5d34e8021af4134dbc9b5a0119f8e2acf18ade91c5f2b2fd168daec0027b.exe Token: SeSystemProfilePrivilege 3924 7b0f5d34e8021af4134dbc9b5a0119f8e2acf18ade91c5f2b2fd168daec0027b.exe Token: SeTakeOwnershipPrivilege 3924 7b0f5d34e8021af4134dbc9b5a0119f8e2acf18ade91c5f2b2fd168daec0027b.exe Token: SeShutdownPrivilege 3924 7b0f5d34e8021af4134dbc9b5a0119f8e2acf18ade91c5f2b2fd168daec0027b.exe Token: SeDebugPrivilege 3924 7b0f5d34e8021af4134dbc9b5a0119f8e2acf18ade91c5f2b2fd168daec0027b.exe Token: SeBackupPrivilege 3924 7b0f5d34e8021af4134dbc9b5a0119f8e2acf18ade91c5f2b2fd168daec0027b.exe Token: SeBackupPrivilege 3924 7b0f5d34e8021af4134dbc9b5a0119f8e2acf18ade91c5f2b2fd168daec0027b.exe Token: SeSecurityPrivilege 3924 7b0f5d34e8021af4134dbc9b5a0119f8e2acf18ade91c5f2b2fd168daec0027b.exe Token: SeSecurityPrivilege 3924 7b0f5d34e8021af4134dbc9b5a0119f8e2acf18ade91c5f2b2fd168daec0027b.exe Token: SeBackupPrivilege 3924 7b0f5d34e8021af4134dbc9b5a0119f8e2acf18ade91c5f2b2fd168daec0027b.exe Token: SeBackupPrivilege 3924 7b0f5d34e8021af4134dbc9b5a0119f8e2acf18ade91c5f2b2fd168daec0027b.exe Token: SeSecurityPrivilege 3924 7b0f5d34e8021af4134dbc9b5a0119f8e2acf18ade91c5f2b2fd168daec0027b.exe Token: SeSecurityPrivilege 3924 7b0f5d34e8021af4134dbc9b5a0119f8e2acf18ade91c5f2b2fd168daec0027b.exe Token: SeBackupPrivilege 3924 7b0f5d34e8021af4134dbc9b5a0119f8e2acf18ade91c5f2b2fd168daec0027b.exe Token: SeBackupPrivilege 3924 7b0f5d34e8021af4134dbc9b5a0119f8e2acf18ade91c5f2b2fd168daec0027b.exe Token: SeSecurityPrivilege 3924 7b0f5d34e8021af4134dbc9b5a0119f8e2acf18ade91c5f2b2fd168daec0027b.exe Token: SeSecurityPrivilege 3924 7b0f5d34e8021af4134dbc9b5a0119f8e2acf18ade91c5f2b2fd168daec0027b.exe Token: SeBackupPrivilege 3924 7b0f5d34e8021af4134dbc9b5a0119f8e2acf18ade91c5f2b2fd168daec0027b.exe Token: SeBackupPrivilege 3924 7b0f5d34e8021af4134dbc9b5a0119f8e2acf18ade91c5f2b2fd168daec0027b.exe Token: SeSecurityPrivilege 3924 7b0f5d34e8021af4134dbc9b5a0119f8e2acf18ade91c5f2b2fd168daec0027b.exe Token: SeSecurityPrivilege 3924 7b0f5d34e8021af4134dbc9b5a0119f8e2acf18ade91c5f2b2fd168daec0027b.exe Token: SeBackupPrivilege 3924 7b0f5d34e8021af4134dbc9b5a0119f8e2acf18ade91c5f2b2fd168daec0027b.exe Token: SeBackupPrivilege 3924 7b0f5d34e8021af4134dbc9b5a0119f8e2acf18ade91c5f2b2fd168daec0027b.exe Token: SeSecurityPrivilege 3924 7b0f5d34e8021af4134dbc9b5a0119f8e2acf18ade91c5f2b2fd168daec0027b.exe Token: SeSecurityPrivilege 3924 7b0f5d34e8021af4134dbc9b5a0119f8e2acf18ade91c5f2b2fd168daec0027b.exe Token: SeBackupPrivilege 3924 7b0f5d34e8021af4134dbc9b5a0119f8e2acf18ade91c5f2b2fd168daec0027b.exe Token: SeBackupPrivilege 3924 7b0f5d34e8021af4134dbc9b5a0119f8e2acf18ade91c5f2b2fd168daec0027b.exe Token: SeSecurityPrivilege 3924 7b0f5d34e8021af4134dbc9b5a0119f8e2acf18ade91c5f2b2fd168daec0027b.exe Token: SeSecurityPrivilege 3924 7b0f5d34e8021af4134dbc9b5a0119f8e2acf18ade91c5f2b2fd168daec0027b.exe Token: SeBackupPrivilege 3924 7b0f5d34e8021af4134dbc9b5a0119f8e2acf18ade91c5f2b2fd168daec0027b.exe Token: SeBackupPrivilege 3924 7b0f5d34e8021af4134dbc9b5a0119f8e2acf18ade91c5f2b2fd168daec0027b.exe Token: SeSecurityPrivilege 3924 7b0f5d34e8021af4134dbc9b5a0119f8e2acf18ade91c5f2b2fd168daec0027b.exe Token: SeSecurityPrivilege 3924 7b0f5d34e8021af4134dbc9b5a0119f8e2acf18ade91c5f2b2fd168daec0027b.exe Token: SeBackupPrivilege 3924 7b0f5d34e8021af4134dbc9b5a0119f8e2acf18ade91c5f2b2fd168daec0027b.exe Token: SeBackupPrivilege 3924 7b0f5d34e8021af4134dbc9b5a0119f8e2acf18ade91c5f2b2fd168daec0027b.exe Token: SeSecurityPrivilege 3924 7b0f5d34e8021af4134dbc9b5a0119f8e2acf18ade91c5f2b2fd168daec0027b.exe Token: SeSecurityPrivilege 3924 7b0f5d34e8021af4134dbc9b5a0119f8e2acf18ade91c5f2b2fd168daec0027b.exe Token: SeBackupPrivilege 3924 7b0f5d34e8021af4134dbc9b5a0119f8e2acf18ade91c5f2b2fd168daec0027b.exe Token: SeBackupPrivilege 3924 7b0f5d34e8021af4134dbc9b5a0119f8e2acf18ade91c5f2b2fd168daec0027b.exe Token: SeSecurityPrivilege 3924 7b0f5d34e8021af4134dbc9b5a0119f8e2acf18ade91c5f2b2fd168daec0027b.exe Token: SeSecurityPrivilege 3924 7b0f5d34e8021af4134dbc9b5a0119f8e2acf18ade91c5f2b2fd168daec0027b.exe Token: SeBackupPrivilege 3924 7b0f5d34e8021af4134dbc9b5a0119f8e2acf18ade91c5f2b2fd168daec0027b.exe Token: SeBackupPrivilege 3924 7b0f5d34e8021af4134dbc9b5a0119f8e2acf18ade91c5f2b2fd168daec0027b.exe Token: SeSecurityPrivilege 3924 7b0f5d34e8021af4134dbc9b5a0119f8e2acf18ade91c5f2b2fd168daec0027b.exe Token: SeSecurityPrivilege 3924 7b0f5d34e8021af4134dbc9b5a0119f8e2acf18ade91c5f2b2fd168daec0027b.exe Token: SeBackupPrivilege 3924 7b0f5d34e8021af4134dbc9b5a0119f8e2acf18ade91c5f2b2fd168daec0027b.exe Token: SeBackupPrivilege 3924 7b0f5d34e8021af4134dbc9b5a0119f8e2acf18ade91c5f2b2fd168daec0027b.exe Token: SeSecurityPrivilege 3924 7b0f5d34e8021af4134dbc9b5a0119f8e2acf18ade91c5f2b2fd168daec0027b.exe Token: SeSecurityPrivilege 3924 7b0f5d34e8021af4134dbc9b5a0119f8e2acf18ade91c5f2b2fd168daec0027b.exe Token: SeBackupPrivilege 3924 7b0f5d34e8021af4134dbc9b5a0119f8e2acf18ade91c5f2b2fd168daec0027b.exe Token: SeBackupPrivilege 3924 7b0f5d34e8021af4134dbc9b5a0119f8e2acf18ade91c5f2b2fd168daec0027b.exe Token: SeSecurityPrivilege 3924 7b0f5d34e8021af4134dbc9b5a0119f8e2acf18ade91c5f2b2fd168daec0027b.exe Token: SeSecurityPrivilege 3924 7b0f5d34e8021af4134dbc9b5a0119f8e2acf18ade91c5f2b2fd168daec0027b.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\7b0f5d34e8021af4134dbc9b5a0119f8e2acf18ade91c5f2b2fd168daec0027b.exe"C:\Users\Admin\AppData\Local\Temp\7b0f5d34e8021af4134dbc9b5a0119f8e2acf18ade91c5f2b2fd168daec0027b.exe"1⤵
- Drops desktop.ini file(s)
- Sets desktop wallpaper using registry
- System Location Discovery: System Language Discovery
- Modifies Control Panel
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:3924
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
129B
MD55c2f58bec1aee14aff160d8f2b4ce3bc
SHA14997517bf91809989717f7fa1e53465ef522c20d
SHA2564846029fc7cc90749df484c3135c14cbe6e37837037faf12aeb4de87b96ebdce
SHA5121003dbe206d1a69ec43d7170238c998521bc370258df008a14cdac5ef51fe3267b3687fe37ee3b5c608db376f1087f3501506c4726cbc08f5db5feec0feed112
-
Filesize
1KB
MD59b31aa43545c38071f7f397dddecb96c
SHA1b48de432f6b13c575384e8684cb98b54a56e9544
SHA256ff29789851b9b3df761ea1e29224bbb013d4367daccf63b4cb92d3c78a87dc58
SHA5129a6b85307ba74360a584c8bc9a2adcd5c4e16fc0d6c6d11e7e04e1c8b91c4468bdbcbc4f6e5f6ebb2e386bdd6660c01db70680a08177dedc8576fffbefa3a5f8
-
Filesize
129B
MD5ba1e8a7189b47bb27084430ee0dc1b19
SHA19115a7562ca12ed5de6e3b1cae3263f6896385de
SHA2568644ffaa6c9ebf07094352f052b81aceb240ae069e1f25f5eb72c74a6a7c962d
SHA5127e8a5b2f730f4cb8e8629a2658ce917d672d6404f30b5c9794f82c9118e1051d0c7339f1dc812b67f6b6c958ad97df9c70b3fdfc02b815db2cf50c8718ebcf56