9082c8a1083ba1cd9e58a767eddfa11e84fcca0915e846219a7080dd7645a6cb

Analysis

max time kernel
4s
max time network
18s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
24/08/2024, 21:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

C11Executor23.exe
Size

515KB
MD5

66a87c841aa4cdb915dd9940c2f6cd64
SHA1

35a28ebd8184af91f825b4dd1ea85af74bd2b1c3
SHA256

9082c8a1083ba1cd9e58a767eddfa11e84fcca0915e846219a7080dd7645a6cb
SHA512

19dd13169b031b64558fa4024b403e8ad66d0b9f3b82705c3eca77715a5bb4ee2fa7abf7b8b0ad850816bb30c5813aed03319b55490e16bdf7e236e40cd292f2
SSDEEP

12288:/iPu2vepKVQB4jd+UAdnSZaJ0CF7DUNaqjnznegDEIey7WDQdz:/MRvePsd+UAd8aTZDQamnznegVP7WDQ

Score

7^/10

Malware Config

Signatures

Checks computer location settings 2 TTPs 30 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\International\Geo\Nation	C11Executor23.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\International\Geo\Nation	C11Executor23.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\International\Geo\Nation	C11Executor23.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\International\Geo\Nation	C11Executor23.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\International\Geo\Nation	C11Executor23.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\International\Geo\Nation	C11Executor23.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\International\Geo\Nation	C11Executor23.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\International\Geo\Nation	C11Executor23.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\International\Geo\Nation	C11Executor23.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\International\Geo\Nation	C11Executor23.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\International\Geo\Nation	C11Executor23.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\International\Geo\Nation	C11Executor23.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\International\Geo\Nation	C11Executor23.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\International\Geo\Nation	C11Executor23.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\International\Geo\Nation	C11Executor23.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\International\Geo\Nation	C11Executor23.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\International\Geo\Nation	C11Executor23.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\International\Geo\Nation	C11Executor23.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\International\Geo\Nation	C11Executor23.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\International\Geo\Nation	C11Executor23.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\International\Geo\Nation	C11Executor23.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\International\Geo\Nation	C11Executor23.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\International\Geo\Nation	C11Executor23.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\International\Geo\Nation	C11Executor23.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\International\Geo\Nation	C11Executor23.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\International\Geo\Nation	C11Executor23.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\International\Geo\Nation	C11Executor23.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\International\Geo\Nation	C11Executor23.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\International\Geo\Nation	C11Executor23.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\International\Geo\Nation	C11Executor23.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 60 IoCs

description	pid	Process	procid_target
PID 3272 wrote to memory of 1596	3272	C11Executor23.exe	85
PID 3272 wrote to memory of 1596	3272	C11Executor23.exe	85
PID 1596 wrote to memory of 2160	1596	C11Executor23.exe	86
PID 1596 wrote to memory of 2160	1596	C11Executor23.exe	86
PID 2160 wrote to memory of 1504	2160	C11Executor23.exe	87
PID 2160 wrote to memory of 1504	2160	C11Executor23.exe	87
PID 1504 wrote to memory of 2952	1504	C11Executor23.exe	89
PID 1504 wrote to memory of 2952	1504	C11Executor23.exe	89
PID 2952 wrote to memory of 4216	2952	C11Executor23.exe	91
PID 2952 wrote to memory of 4216	2952	C11Executor23.exe	91
PID 4216 wrote to memory of 4772	4216	C11Executor23.exe	92
PID 4216 wrote to memory of 4772	4216	C11Executor23.exe	92
PID 4772 wrote to memory of 4480	4772	C11Executor23.exe	94
PID 4772 wrote to memory of 4480	4772	C11Executor23.exe	94
PID 4480 wrote to memory of 4688	4480	C11Executor23.exe	95
PID 4480 wrote to memory of 4688	4480	C11Executor23.exe	95
PID 4688 wrote to memory of 3688	4688	C11Executor23.exe	96
PID 4688 wrote to memory of 3688	4688	C11Executor23.exe	96
PID 3688 wrote to memory of 2180	3688	C11Executor23.exe	125
PID 3688 wrote to memory of 2180	3688	C11Executor23.exe	125
PID 2180 wrote to memory of 2488	2180	C11Executor23.exe	98
PID 2180 wrote to memory of 2488	2180	C11Executor23.exe	98
PID 2488 wrote to memory of 896	2488	C11Executor23.exe	99
PID 2488 wrote to memory of 896	2488	C11Executor23.exe	99
PID 896 wrote to memory of 3180	896	C11Executor23.exe	100
PID 896 wrote to memory of 3180	896	C11Executor23.exe	100
PID 3180 wrote to memory of 4304	3180	C11Executor23.exe	101
PID 3180 wrote to memory of 4304	3180	C11Executor23.exe	101
PID 4304 wrote to memory of 4504	4304	C11Executor23.exe	102
PID 4304 wrote to memory of 4504	4304	C11Executor23.exe	102
PID 4504 wrote to memory of 4400	4504	C11Executor23.exe	103
PID 4504 wrote to memory of 4400	4504	C11Executor23.exe	103
PID 4400 wrote to memory of 536	4400	C11Executor23.exe	155
PID 4400 wrote to memory of 536	4400	C11Executor23.exe	155
PID 536 wrote to memory of 4312	536	C11Executor23.exe	105
PID 536 wrote to memory of 4312	536	C11Executor23.exe	105
PID 4312 wrote to memory of 3120	4312	C11Executor23.exe	106
PID 4312 wrote to memory of 3120	4312	C11Executor23.exe	106
PID 3120 wrote to memory of 3060	3120	C11Executor23.exe	107
PID 3120 wrote to memory of 3060	3120	C11Executor23.exe	107
PID 3060 wrote to memory of 3080	3060	C11Executor23.exe	108
PID 3060 wrote to memory of 3080	3060	C11Executor23.exe	108
PID 3080 wrote to memory of 2632	3080	C11Executor23.exe	109
PID 3080 wrote to memory of 2632	3080	C11Executor23.exe	109
PID 2632 wrote to memory of 4940	2632	C11Executor23.exe	160
PID 2632 wrote to memory of 4940	2632	C11Executor23.exe	160
PID 4940 wrote to memory of 2080	4940	C11Executor23.exe	162
PID 4940 wrote to memory of 2080	4940	C11Executor23.exe	162
PID 2080 wrote to memory of 3500	2080	C11Executor23.exe	112
PID 2080 wrote to memory of 3500	2080	C11Executor23.exe	112
PID 3500 wrote to memory of 4744	3500	C11Executor23.exe	113
PID 3500 wrote to memory of 4744	3500	C11Executor23.exe	113
PID 4744 wrote to memory of 516	4744	C11Executor23.exe	183
PID 4744 wrote to memory of 516	4744	C11Executor23.exe	183
PID 516 wrote to memory of 4704	516	C11Executor23.exe	164
PID 516 wrote to memory of 4704	516	C11Executor23.exe	164
PID 4704 wrote to memory of 1156	4704	C11Executor23.exe	116
PID 4704 wrote to memory of 1156	4704	C11Executor23.exe	116
PID 1156 wrote to memory of 3776	1156	C11Executor23.exe	117
PID 1156 wrote to memory of 3776	1156	C11Executor23.exe	117

C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe
"C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe"
1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:3272
- C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe
  "C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe"
  2⤵
  - Checks computer location settings
  - Suspicious use of WriteProcessMemory
  PID:1596
- - C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe
    "C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe"
    3⤵
    - Checks computer location settings
    - Suspicious use of WriteProcessMemory
    PID:2160
  - - C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe
      "C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe"
      4⤵
      Checks computer location settings
      Suspicious use of WriteProcessMemory
      PID:1504
    - - C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe
        
        "C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe"
        5⤵
        Checks computer location settings
        Suspicious use of WriteProcessMemory
        
        PID:2952
      - C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe
        
        "C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe"
        6⤵
        Checks computer location settings
        Suspicious use of WriteProcessMemory
        
        PID:4216
        
        C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe
        
        "C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe"
        7⤵
        Checks computer location settings
        Suspicious use of WriteProcessMemory
        
        PID:4772
        
        C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe
        
        "C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe"
        8⤵
        Checks computer location settings
        Suspicious use of WriteProcessMemory
        
        PID:4480
        
        C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe
        
        "C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe"
        9⤵
        Checks computer location settings
        Suspicious use of WriteProcessMemory
        
        PID:4688
        
        C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe
        
        "C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe"
        10⤵
        Checks computer location settings
        Suspicious use of WriteProcessMemory
        
        PID:3688
        
        C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe
        
        "C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe"
        11⤵
        Checks computer location settings
        Suspicious use of WriteProcessMemory
        
        PID:2180
        
        C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe
        
        "C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe"
        12⤵
        Checks computer location settings
        Suspicious use of WriteProcessMemory
        
        PID:2488
        
        C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe
        
        "C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe"
        13⤵
        Checks computer location settings
        Suspicious use of WriteProcessMemory
        
        PID:896
        
        C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe
        
        "C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe"
        14⤵
        Checks computer location settings
        Suspicious use of WriteProcessMemory
        
        PID:3180
        
        C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe
        
        "C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe"
        15⤵
        Checks computer location settings
        Suspicious use of WriteProcessMemory
        
        PID:4304
        
        C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe
        
        "C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe"
        16⤵
        Checks computer location settings
        Suspicious use of WriteProcessMemory
        
        PID:4504
        
        C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe
        
        "C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe"
        17⤵
        Checks computer location settings
        Suspicious use of WriteProcessMemory
        
        PID:4400
        
        C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe
        
        "C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe"
        18⤵
        Checks computer location settings
        Suspicious use of WriteProcessMemory
        
        PID:536
        
        C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe
        
        "C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe"
        19⤵
        Checks computer location settings
        Suspicious use of WriteProcessMemory
        
        PID:4312
        
        C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe
        
        "C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe"
        20⤵
        Checks computer location settings
        Suspicious use of WriteProcessMemory
        
        PID:3120
        
        C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe
        
        "C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe"
        21⤵
        Checks computer location settings
        Suspicious use of WriteProcessMemory
        
        PID:3060
        
        C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe
        
        "C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe"
        22⤵
        Checks computer location settings
        Suspicious use of WriteProcessMemory
        
        PID:3080
        
        C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe
        
        "C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe"
        23⤵
        Checks computer location settings
        Suspicious use of WriteProcessMemory
        
        PID:2632
        
        C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe
        
        "C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe"
        24⤵
        Checks computer location settings
        Suspicious use of WriteProcessMemory
        
        PID:4940
        
        C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe
        
        "C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe"
        25⤵
        Checks computer location settings
        Suspicious use of WriteProcessMemory
        
        PID:2080
        
        C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe
        
        "C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe"
        26⤵
        Checks computer location settings
        Suspicious use of WriteProcessMemory
        
        PID:3500
        
        C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe
        
        "C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe"
        27⤵
        Checks computer location settings
        Suspicious use of WriteProcessMemory
        
        PID:4744
        
        C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe
        
        "C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe"
        28⤵
        Checks computer location settings
        Suspicious use of WriteProcessMemory
        
        PID:516
        
        C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe
        
        "C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe"
        29⤵
        Checks computer location settings
        Suspicious use of WriteProcessMemory
        
        PID:4704
        
        C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe
        
        "C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe"
        30⤵
        Checks computer location settings
        Suspicious use of WriteProcessMemory
        
        PID:1156
        
        C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe
        
        "C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe"
        31⤵
        
        PID:3776
        
        C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe
        
        "C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe"
        32⤵
        
        PID:5080
        
        C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe
        
        "C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe"
        33⤵
        
        PID:4008
        
        C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe
        
        "C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe"
        34⤵
        
        PID:4172
        
        C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe
        
        "C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe"
        35⤵
        
        PID:4900
        
        C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe
        
        "C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe"
        36⤵
        
        PID:1076
        
        C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe
        
        "C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe"
        37⤵
        
        PID:4076
        
        C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe
        
        "C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe"
        38⤵
        
        PID:3028
        
        C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe
        
        "C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe"
        39⤵
        
        PID:4084
        
        C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe
        
        "C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe"
        40⤵
        
        PID:5048
        
        C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe
        
        "C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe"
        41⤵
        
        PID:3660
        
        C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe
        
        "C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe"
        42⤵
        
        PID:3628
        
        C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe
        
        "C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe"
        43⤵
        
        PID:4592
        
        C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe
        
        "C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe"
        44⤵
        
        PID:3456
        
        C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe
        
        "C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe"
        45⤵
        
        PID:768
        
        C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe
        
        "C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe"
        46⤵
        
        PID:1760
        
        C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe
        
        "C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe"
        47⤵
        
        PID:624
        
        C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe
        
        "C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe"
        48⤵
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe
        
        "C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe"
        49⤵
        
        PID:3128
        
        C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe
        
        "C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe"
        50⤵
        
        PID:2080
        
        C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe
        
        "C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe"
        51⤵
        
        PID:1588
        
        C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe
        
        "C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe"
        52⤵
        
        PID:4816
        
        C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe
        
        "C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe"
        53⤵
        
        PID:2036
        
        C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe
        
        "C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe"
        54⤵
        
        PID:4836
        
        C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe
        
        "C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe"
        55⤵
        
        PID:2952
        
        C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe
        
        "C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe"
        56⤵
        
        PID:696
        
        C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe
        
        "C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe"
        57⤵
        
        PID:4380
        
        C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe
        
        "C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe"
        58⤵
        
        PID:2264
        
        C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe
        
        "C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe"
        59⤵
        
        PID:4900
        
        C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe
        
        "C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe"
        60⤵
        
        PID:1076
        
        C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe
        
        "C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe"
        61⤵
        
        PID:4076
        
        C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe
        
        "C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe"
        62⤵
        
        PID:3028
        
        C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe
        
        "C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe"
        63⤵
        
        PID:4084
        
        C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe
        
        "C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe"
        64⤵
        
        PID:5048
        
        C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe
        
        "C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe"
        65⤵
        
        PID:3660
        
        C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe
        
        "C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe"
        66⤵
        
        PID:536
        
        C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe
        
        "C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe"
        67⤵
        
        PID:4280
        
        C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe
        
        "C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe"
        68⤵
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe
        
        "C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe"
        69⤵
        
        PID:4940
        
        C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe
        
        "C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe"
        70⤵
        
        PID:2148
        
        C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe
        
        "C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe"
        71⤵
        
        PID:2080
        
        C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe
        
        "C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe"
        72⤵
        
        PID:1588
        
        C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe
        
        "C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe"
        73⤵
        
        PID:4704
        
        C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe
        
        "C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe"
        74⤵
        
        PID:1112
        
        C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe
        
        "C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe"
        75⤵
        
        PID:5056
        
        C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe
        
        "C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe"
        76⤵
        
        PID:4320
        
        C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe
        
        "C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe"
        77⤵
        
        PID:1824
        
        C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe
        
        "C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe"
        78⤵
        
        PID:948
        
        C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe
        
        "C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe"
        79⤵
        
        PID:2456
        
        C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe
        
        "C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe"
        80⤵
        
        PID:2284
        
        C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe
        
        "C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe"
        81⤵
        
        PID:2940
        
        C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe
        
        "C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe"
        82⤵
        
        PID:1684
        
        C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe
        
        "C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe"
        83⤵
        
        PID:2540
        
        C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe
        
        "C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe"
        84⤵
        
        PID:2408
        
        C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe
        
        "C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe"
        85⤵
        
        PID:5112
        
        C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe
        
        "C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe"
        86⤵
        
        PID:5024
        
        C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe
        
        "C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe"
        87⤵
        
        PID:3976
        
        C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe
        
        "C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe"
        88⤵
        
        PID:4328
        
        C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe
        
        "C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe"
        89⤵
        
        PID:3308
        
        C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe
        
        "C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe"
        90⤵
        
        PID:2148
        
        C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe
        
        "C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe"
        91⤵
        
        PID:516
        
        C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe
        
        "C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe"
        92⤵
        
        PID:3024
        
        C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe
        
        "C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe"
        93⤵
        
        PID:2160
        
        C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe
        
        "C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe"
        94⤵
        
        PID:4340
        
        C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe
        
        "C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe"
        95⤵
        
        PID:4728
        
        C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe
        
        "C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe"
        96⤵
        
        PID:3448
        
        C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe
        
        "C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe"
        97⤵
        
        PID:4416
        
        C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe
        
        "C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe"
        98⤵
        
        PID:884
        
        C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe
        
        "C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe"
        99⤵
        
        PID:1036
        
        C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe
        
        "C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe"
        100⤵
        
        PID:1148
        
        C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe
        
        "C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe"
        101⤵
        
        PID:3576
        
        C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe
        
        "C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe"
        102⤵
        
        PID:4396
        
        C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe
        
        "C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe"
        103⤵
        
        PID:536
        
        C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe
        
        "C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe"
        104⤵
        
        PID:5112
        
        C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe
        
        "C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe"
        105⤵
        
        PID:3888
        
        C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe
        
        "C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe"
        106⤵
        
        PID:4368
        
        C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe
        
        "C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe"
        107⤵
        
        PID:4528
        
        C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe
        
        "C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe"
        108⤵
        
        PID:380
        
        C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe
        
        "C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe"
        109⤵
        
        PID:3712
        
        C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe
        
        "C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe"
        110⤵
        
        PID:2208
        
        C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe
        
        "C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe"
        111⤵
        
        PID:1716
        
        C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe
        
        "C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe"
        112⤵
        
        PID:5052
        
        C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe
        
        "C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe"
        113⤵
        
        PID:4856
        
        C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe
        
        "C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe"
        114⤵
        
        PID:1344
        
        C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe
        
        "C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe"
        115⤵
        
        PID:5080
        
        C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe
        
        "C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe"
        116⤵
        
        PID:3948
        
        C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe
        
        "C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe"
        117⤵
        
        PID:3540
        
        C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe
        
        "C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe"
        118⤵
        
        PID:1008
        
        C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe
        
        "C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe"
        119⤵
        
        PID:4756
        
        C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe
        
        "C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe"
        120⤵
        
        PID:4596
        
        C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe
        
        "C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe"
        121⤵
        
        PID:3220

C:\Windows\system32\backgroundTaskHost.exe
"C:\Windows\system32\backgroundTaskHost.exe" -ServerName:ShellFeedsUI.AppXnj65k2d1a1rnztt2t2nng5ctmk3e76pn.mca
1⤵
PID:2180

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\C11Executor23.exe.log

Filesize
654B

MD5
2ff39f6c7249774be85fd60a8f9a245e

SHA1
684ff36b31aedc1e587c8496c02722c6698c1c4e

SHA256
e1b91642d85d98124a6a31f710e137ab7fd90dec30e74a05ab7fcf3b7887dced

SHA512
1d7e8b92ef4afd463d62cfa7e8b9d1799db5bf2a263d3cd7840df2e0a1323d24eb595b5f8eb615c6cb15f9e3a7b4fc99f8dd6a3d34479222e966ec708998aed1

Download Submit
memory/1596-4-0x00007FF9837D0000-0x00007FF984291000-memory.dmp

Filesize
10.8MB

Download
memory/1596-5-0x00007FF9837D0000-0x00007FF984291000-memory.dmp

Filesize
10.8MB

Download
memory/3272-0-0x00007FF9837D3000-0x00007FF9837D5000-memory.dmp

Filesize
8KB

Download
memory/3272-1-0x0000000000170000-0x00000000001F8000-memory.dmp

Filesize
544KB

Download