acbb97a69cb3a2e91bdf8419c3bc17d2324c64ca1d3abdae46d2092b8461be19

Analysis

max time kernel
149s
max time network
121s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
09/08/2024, 18:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

acbb97a69cb3a2e91bdf8419c3bc17d2324c64ca1d3abdae46d2092b8461be19.exe
Size

26KB
MD5

99f0fc02c36fcf6a20f2d4a1458a98ec
SHA1

29ed1d40f3861d9feb481c656efeff8544923a60
SHA256

acbb97a69cb3a2e91bdf8419c3bc17d2324c64ca1d3abdae46d2092b8461be19
SHA512

b27054906827e87bf9928c8f5addcc49f0e585220c0a80dfa1cd2bbeff3be6150cf10b8cef31e32e2fd5868dd5b72e67cd9629302f2493ddf2229065c4bf912f
SSDEEP

768:g1ODKAaDMG8H92RwZNQSw+IlJIJJREIOAEeF1:yfgLdQAQfhJIJ0IO61

Score

6^/10

discovery

Malware Config

Signatures

Enumerates connected drives 3 TTPs 21 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\V:	acbb97a69cb3a2e91bdf8419c3bc17d2324c64ca1d3abdae46d2092b8461be19.exe
File opened (read-only)	\??\R:	acbb97a69cb3a2e91bdf8419c3bc17d2324c64ca1d3abdae46d2092b8461be19.exe
File opened (read-only)	\??\P:	acbb97a69cb3a2e91bdf8419c3bc17d2324c64ca1d3abdae46d2092b8461be19.exe
File opened (read-only)	\??\K:	acbb97a69cb3a2e91bdf8419c3bc17d2324c64ca1d3abdae46d2092b8461be19.exe
File opened (read-only)	\??\G:	acbb97a69cb3a2e91bdf8419c3bc17d2324c64ca1d3abdae46d2092b8461be19.exe
File opened (read-only)	\??\Z:	acbb97a69cb3a2e91bdf8419c3bc17d2324c64ca1d3abdae46d2092b8461be19.exe
File opened (read-only)	\??\W:	acbb97a69cb3a2e91bdf8419c3bc17d2324c64ca1d3abdae46d2092b8461be19.exe
File opened (read-only)	\??\Q:	acbb97a69cb3a2e91bdf8419c3bc17d2324c64ca1d3abdae46d2092b8461be19.exe
File opened (read-only)	\??\N:	acbb97a69cb3a2e91bdf8419c3bc17d2324c64ca1d3abdae46d2092b8461be19.exe
File opened (read-only)	\??\M:	acbb97a69cb3a2e91bdf8419c3bc17d2324c64ca1d3abdae46d2092b8461be19.exe
File opened (read-only)	\??\Y:	acbb97a69cb3a2e91bdf8419c3bc17d2324c64ca1d3abdae46d2092b8461be19.exe
File opened (read-only)	\??\X:	acbb97a69cb3a2e91bdf8419c3bc17d2324c64ca1d3abdae46d2092b8461be19.exe
File opened (read-only)	\??\U:	acbb97a69cb3a2e91bdf8419c3bc17d2324c64ca1d3abdae46d2092b8461be19.exe
File opened (read-only)	\??\S:	acbb97a69cb3a2e91bdf8419c3bc17d2324c64ca1d3abdae46d2092b8461be19.exe
File opened (read-only)	\??\H:	acbb97a69cb3a2e91bdf8419c3bc17d2324c64ca1d3abdae46d2092b8461be19.exe
File opened (read-only)	\??\E:	acbb97a69cb3a2e91bdf8419c3bc17d2324c64ca1d3abdae46d2092b8461be19.exe
File opened (read-only)	\??\T:	acbb97a69cb3a2e91bdf8419c3bc17d2324c64ca1d3abdae46d2092b8461be19.exe
File opened (read-only)	\??\O:	acbb97a69cb3a2e91bdf8419c3bc17d2324c64ca1d3abdae46d2092b8461be19.exe
File opened (read-only)	\??\L:	acbb97a69cb3a2e91bdf8419c3bc17d2324c64ca1d3abdae46d2092b8461be19.exe
File opened (read-only)	\??\J:	acbb97a69cb3a2e91bdf8419c3bc17d2324c64ca1d3abdae46d2092b8461be19.exe
File opened (read-only)	\??\I:	acbb97a69cb3a2e91bdf8419c3bc17d2324c64ca1d3abdae46d2092b8461be19.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\_desktop.ini	acbb97a69cb3a2e91bdf8419c3bc17d2324c64ca1d3abdae46d2092b8461be19.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\ProjectTool\_desktop.ini	acbb97a69cb3a2e91bdf8419c3bc17d2324c64ca1d3abdae46d2092b8461be19.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\_desktop.ini	acbb97a69cb3a2e91bdf8419c3bc17d2324c64ca1d3abdae46d2092b8461be19.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\bg\_desktop.ini	acbb97a69cb3a2e91bdf8419c3bc17d2324c64ca1d3abdae46d2092b8461be19.exe
File created	C:\Program Files\VideoLAN\VLC\locale\gd\_desktop.ini	acbb97a69cb3a2e91bdf8419c3bc17d2324c64ca1d3abdae46d2092b8461be19.exe
File created	C:\Program Files\VideoLAN\VLC\locale\is\_desktop.ini	acbb97a69cb3a2e91bdf8419c3bc17d2324c64ca1d3abdae46d2092b8461be19.exe
File created	C:\Program Files\VideoLAN\VLC\locale\pl\LC_MESSAGES\_desktop.ini	acbb97a69cb3a2e91bdf8419c3bc17d2324c64ca1d3abdae46d2092b8461be19.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\_desktop.ini	acbb97a69cb3a2e91bdf8419c3bc17d2324c64ca1d3abdae46d2092b8461be19.exe
File opened for modification	C:\Program Files\Microsoft Games\Multiplayer\Checkers\_desktop.ini	acbb97a69cb3a2e91bdf8419c3bc17d2324c64ca1d3abdae46d2092b8461be19.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\fr-FR\js\_desktop.ini	acbb97a69cb3a2e91bdf8419c3bc17d2324c64ca1d3abdae46d2092b8461be19.exe
File opened for modification	C:\Program Files\Windows Defender\MpCmdRun.exe	acbb97a69cb3a2e91bdf8419c3bc17d2324c64ca1d3abdae46d2092b8461be19.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\es-ES\js\_desktop.ini	acbb97a69cb3a2e91bdf8419c3bc17d2324c64ca1d3abdae46d2092b8461be19.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Lime\_desktop.ini	acbb97a69cb3a2e91bdf8419c3bc17d2324c64ca1d3abdae46d2092b8461be19.exe
File opened for modification	C:\Program Files (x86)\Windows Media Player\wmlaunch.exe	acbb97a69cb3a2e91bdf8419c3bc17d2324c64ca1d3abdae46d2092b8461be19.exe
File created	C:\Program Files\VideoLAN\VLC\locale\hy\_desktop.ini	acbb97a69cb3a2e91bdf8419c3bc17d2324c64ca1d3abdae46d2092b8461be19.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\_desktop.ini	acbb97a69cb3a2e91bdf8419c3bc17d2324c64ca1d3abdae46d2092b8461be19.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\AXIS\_desktop.ini	acbb97a69cb3a2e91bdf8419c3bc17d2324c64ca1d3abdae46d2092b8461be19.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\_desktop.ini	acbb97a69cb3a2e91bdf8419c3bc17d2324c64ca1d3abdae46d2092b8461be19.exe
File created	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\ja\_desktop.ini	acbb97a69cb3a2e91bdf8419c3bc17d2324c64ca1d3abdae46d2092b8461be19.exe
File opened for modification	C:\Program Files (x86)\Windows Mail\_desktop.ini	acbb97a69cb3a2e91bdf8419c3bc17d2324c64ca1d3abdae46d2092b8461be19.exe
File created	C:\Program Files (x86)\Windows NT\TableTextService\ja-JP\_desktop.ini	acbb97a69cb3a2e91bdf8419c3bc17d2324c64ca1d3abdae46d2092b8461be19.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\dark\_desktop.ini	acbb97a69cb3a2e91bdf8419c3bc17d2324c64ca1d3abdae46d2092b8461be19.exe
File created	C:\Program Files\VideoLAN\VLC\locale\gu\_desktop.ini	acbb97a69cb3a2e91bdf8419c3bc17d2324c64ca1d3abdae46d2092b8461be19.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\GRAPH.EXE	acbb97a69cb3a2e91bdf8419c3bc17d2324c64ca1d3abdae46d2092b8461be19.exe
File created	C:\Program Files\Microsoft Games\Hearts\es-ES\_desktop.ini	acbb97a69cb3a2e91bdf8419c3bc17d2324c64ca1d3abdae46d2092b8461be19.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\it-IT\_desktop.ini	acbb97a69cb3a2e91bdf8419c3bc17d2324c64ca1d3abdae46d2092b8461be19.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\_desktop.ini	acbb97a69cb3a2e91bdf8419c3bc17d2324c64ca1d3abdae46d2092b8461be19.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\Help\1033\_desktop.ini	acbb97a69cb3a2e91bdf8419c3bc17d2324c64ca1d3abdae46d2092b8461be19.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\de-DE\css\_desktop.ini	acbb97a69cb3a2e91bdf8419c3bc17d2324c64ca1d3abdae46d2092b8461be19.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Excel.en-us\_desktop.ini	acbb97a69cb3a2e91bdf8419c3bc17d2324c64ca1d3abdae46d2092b8461be19.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\de-DE\css\_desktop.ini	acbb97a69cb3a2e91bdf8419c3bc17d2324c64ca1d3abdae46d2092b8461be19.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\ne\LC_MESSAGES\_desktop.ini	acbb97a69cb3a2e91bdf8419c3bc17d2324c64ca1d3abdae46d2092b8461be19.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\de-DE\css\_desktop.ini	acbb97a69cb3a2e91bdf8419c3bc17d2324c64ca1d3abdae46d2092b8461be19.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\_desktop.ini	acbb97a69cb3a2e91bdf8419c3bc17d2324c64ca1d3abdae46d2092b8461be19.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\_desktop.ini	acbb97a69cb3a2e91bdf8419c3bc17d2324c64ca1d3abdae46d2092b8461be19.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\te\_desktop.ini	acbb97a69cb3a2e91bdf8419c3bc17d2324c64ca1d3abdae46d2092b8461be19.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Proof.en\_desktop.ini	acbb97a69cb3a2e91bdf8419c3bc17d2324c64ca1d3abdae46d2092b8461be19.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\_desktop.ini	acbb97a69cb3a2e91bdf8419c3bc17d2324c64ca1d3abdae46d2092b8461be19.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\_desktop.ini	acbb97a69cb3a2e91bdf8419c3bc17d2324c64ca1d3abdae46d2092b8461be19.exe
File opened for modification	C:\Program Files\Java\jre7\bin\keytool.exe	acbb97a69cb3a2e91bdf8419c3bc17d2324c64ca1d3abdae46d2092b8461be19.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ca@valencia\_desktop.ini	acbb97a69cb3a2e91bdf8419c3bc17d2324c64ca1d3abdae46d2092b8461be19.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\RADIAL\_desktop.ini	acbb97a69cb3a2e91bdf8419c3bc17d2324c64ca1d3abdae46d2092b8461be19.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\_desktop.ini	acbb97a69cb3a2e91bdf8419c3bc17d2324c64ca1d3abdae46d2092b8461be19.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\mr\_desktop.ini	acbb97a69cb3a2e91bdf8419c3bc17d2324c64ca1d3abdae46d2092b8461be19.exe
File opened for modification	C:\Program Files\Microsoft Games\Hearts\_desktop.ini	acbb97a69cb3a2e91bdf8419c3bc17d2324c64ca1d3abdae46d2092b8461be19.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\Web Server Extensions\_desktop.ini	acbb97a69cb3a2e91bdf8419c3bc17d2324c64ca1d3abdae46d2092b8461be19.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Bibliography\Sort\_desktop.ini	acbb97a69cb3a2e91bdf8419c3bc17d2324c64ca1d3abdae46d2092b8461be19.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\_desktop.ini	acbb97a69cb3a2e91bdf8419c3bc17d2324c64ca1d3abdae46d2092b8461be19.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\d3d9\_desktop.ini	acbb97a69cb3a2e91bdf8419c3bc17d2324c64ca1d3abdae46d2092b8461be19.exe
File created	C:\Program Files\VideoLAN\VLC\locale\it\_desktop.ini	acbb97a69cb3a2e91bdf8419c3bc17d2324c64ca1d3abdae46d2092b8461be19.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ka\LC_MESSAGES\_desktop.ini	acbb97a69cb3a2e91bdf8419c3bc17d2324c64ca1d3abdae46d2092b8461be19.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\nl\_desktop.ini	acbb97a69cb3a2e91bdf8419c3bc17d2324c64ca1d3abdae46d2092b8461be19.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\PrivateAssemblies\_desktop.ini	acbb97a69cb3a2e91bdf8419c3bc17d2324c64ca1d3abdae46d2092b8461be19.exe
File created	C:\Program Files (x86)\Windows Photo Viewer\ja-JP\_desktop.ini	acbb97a69cb3a2e91bdf8419c3bc17d2324c64ca1d3abdae46d2092b8461be19.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\as_IN\_desktop.ini	acbb97a69cb3a2e91bdf8419c3bc17d2324c64ca1d3abdae46d2092b8461be19.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\fr-FR\css\_desktop.ini	acbb97a69cb3a2e91bdf8419c3bc17d2324c64ca1d3abdae46d2092b8461be19.exe
File opened for modification	C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe	acbb97a69cb3a2e91bdf8419c3bc17d2324c64ca1d3abdae46d2092b8461be19.exe
File opened for modification	C:\Program Files (x86)\Windows NT\TableTextService\_desktop.ini	acbb97a69cb3a2e91bdf8419c3bc17d2324c64ca1d3abdae46d2092b8461be19.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\es-ES\_desktop.ini	acbb97a69cb3a2e91bdf8419c3bc17d2324c64ca1d3abdae46d2092b8461be19.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\es-ES\css\_desktop.ini	acbb97a69cb3a2e91bdf8419c3bc17d2324c64ca1d3abdae46d2092b8461be19.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\SCANPST.EXE	acbb97a69cb3a2e91bdf8419c3bc17d2324c64ca1d3abdae46d2092b8461be19.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Swirl\_desktop.ini	acbb97a69cb3a2e91bdf8419c3bc17d2324c64ca1d3abdae46d2092b8461be19.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\meta_engine\_desktop.ini	acbb97a69cb3a2e91bdf8419c3bc17d2324c64ca1d3abdae46d2092b8461be19.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\en-US\css\_desktop.ini	acbb97a69cb3a2e91bdf8419c3bc17d2324c64ca1d3abdae46d2092b8461be19.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File created	C:\Windows\rundl132.exe	acbb97a69cb3a2e91bdf8419c3bc17d2324c64ca1d3abdae46d2092b8461be19.exe

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	acbb97a69cb3a2e91bdf8419c3bc17d2324c64ca1d3abdae46d2092b8461be19.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	net.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	net1.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2124	acbb97a69cb3a2e91bdf8419c3bc17d2324c64ca1d3abdae46d2092b8461be19.exe
2124	acbb97a69cb3a2e91bdf8419c3bc17d2324c64ca1d3abdae46d2092b8461be19.exe
2124	acbb97a69cb3a2e91bdf8419c3bc17d2324c64ca1d3abdae46d2092b8461be19.exe
2124	acbb97a69cb3a2e91bdf8419c3bc17d2324c64ca1d3abdae46d2092b8461be19.exe
2124	acbb97a69cb3a2e91bdf8419c3bc17d2324c64ca1d3abdae46d2092b8461be19.exe
2124	acbb97a69cb3a2e91bdf8419c3bc17d2324c64ca1d3abdae46d2092b8461be19.exe
2124	acbb97a69cb3a2e91bdf8419c3bc17d2324c64ca1d3abdae46d2092b8461be19.exe
2124	acbb97a69cb3a2e91bdf8419c3bc17d2324c64ca1d3abdae46d2092b8461be19.exe
2124	acbb97a69cb3a2e91bdf8419c3bc17d2324c64ca1d3abdae46d2092b8461be19.exe
2124	acbb97a69cb3a2e91bdf8419c3bc17d2324c64ca1d3abdae46d2092b8461be19.exe

Suspicious use of WriteProcessMemory 10 IoCs

description	pid	Process	procid_target
PID 2124 wrote to memory of 2076	2124	acbb97a69cb3a2e91bdf8419c3bc17d2324c64ca1d3abdae46d2092b8461be19.exe	30
PID 2124 wrote to memory of 2076	2124	acbb97a69cb3a2e91bdf8419c3bc17d2324c64ca1d3abdae46d2092b8461be19.exe	30
PID 2124 wrote to memory of 2076	2124	acbb97a69cb3a2e91bdf8419c3bc17d2324c64ca1d3abdae46d2092b8461be19.exe	30
PID 2124 wrote to memory of 2076	2124	acbb97a69cb3a2e91bdf8419c3bc17d2324c64ca1d3abdae46d2092b8461be19.exe	30
PID 2076 wrote to memory of 3052	2076	net.exe	32
PID 2076 wrote to memory of 3052	2076	net.exe	32
PID 2076 wrote to memory of 3052	2076	net.exe	32
PID 2076 wrote to memory of 3052	2076	net.exe	32
PID 2124 wrote to memory of 1188	2124	acbb97a69cb3a2e91bdf8419c3bc17d2324c64ca1d3abdae46d2092b8461be19.exe	21
PID 2124 wrote to memory of 1188	2124	acbb97a69cb3a2e91bdf8419c3bc17d2324c64ca1d3abdae46d2092b8461be19.exe	21

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:1188
- C:\Users\Admin\AppData\Local\Temp\acbb97a69cb3a2e91bdf8419c3bc17d2324c64ca1d3abdae46d2092b8461be19.exe
  "C:\Users\Admin\AppData\Local\Temp\acbb97a69cb3a2e91bdf8419c3bc17d2324c64ca1d3abdae46d2092b8461be19.exe"
  2⤵
  - Enumerates connected drives
  - Drops file in Program Files directory
  - Drops file in Windows directory
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2124
- - C:\Windows\SysWOW64\net.exe
    net stop "Kingsoft AntiVirus Service"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious use of WriteProcessMemory
    PID:2076
  - - C:\Windows\SysWOW64\net1.exe
      C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
      4⤵
      System Location Discovery: System Language Discovery
      PID:3052

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe

Filesize
251KB

MD5
3ae3ac421c21e5119bb5dc4d7faf5f09

SHA1
782e2bd87ac41b2eccd007f62ca143358b8ee97c

SHA256
99f6dd71c96b03da298d9037582a62faf915cfe5e86ba34f4dbebe3984137b2f

SHA512
e0feaf5229d1b3f262c1f9dffdea01962e207e12e675d698dfa8a04991a3acae942231114b0d501b8cfbb50f75efafe064f41cb0e8129f883b1005141942c76e

Download Submit
C:\Program Files\7-Zip\7zFM.exe

Filesize
957KB

MD5
5d3531535cdb99866ba1c3e512913101

SHA1
216a6254d9a6d844320b6c9fb0dcc20dd633b466

SHA256
774d97cad45bde1308649eca21bf144a74f5e5c4e9976aa92309cc5e0f66f1ea

SHA512
37fc30c34ccf07343e3f1b1abb5a289ec003dfc4007dc1fca65e8916f12101adb3ef8643106f54f5d4454cf6cbe60e62d694748d9ca38c694bcd3de269b29641

Download Submit
C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe

Filesize
471KB

MD5
f9fc019eacb573ec828d2d9ff6a48318

SHA1
b91958dc8d178b6eeb35e829bab84d0fb12c2280

SHA256
bf9ba3df2bad76d15f4efe42c0c59f37b9454907958892df8ab996552658934e

SHA512
998ba7bc7cdd5df3e1acfda6f4f92ec9d27732e1e182177dff310f3c918f3be99626a3526bebdff5bb7eb980640434baf56e0f08bfd125168c0a9e37e7239305

Download Submit
F:\$RECYCLE.BIN\S-1-5-21-2257386474-3982792636-3902186748-1000\_desktop.ini

Filesize
8B

MD5
fcbaf0a2c3988ef775359f94d545ab42

SHA1
174ccd98ff87b8e6f46eebc493f379beafeb3b08

SHA256
895aaa8dac57f2bb76ddc8c2681e0480bf57dbf3f62cda3840cb448b8615612f

SHA512
7c81b6445708b1c482599bfb808e90462d6111e885691dd947d9cdf95ba028d580b20027575814a310a81f310261b649792b65153ce43063da063b5005561d20

Download Submit
memory/1188-5-0x00000000025C0000-0x00000000025C1000-memory.dmp

Filesize
4KB

Download
memory/2124-66-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2124-0-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2124-72-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2124-20-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2124-623-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2124-1849-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2124-14-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2124-2596-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2124-3309-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2124-7-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download