description	ioc	Process
File created	C:\Windows\system32\4QmF\Magnify.exe	cmd.exe
File opened for modification	C:\Windows\system32\4QmF\Magnify.exe	cmd.exe

description	ioc	Process
Key deleted	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000_CLASSES\MSCFile\shell\open	Process not Found
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000_CLASSES\MSCFile\shell\open	Process not Found
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000_CLASSES\MSCFile	Process not Found
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000_CLASSES\MSCFile\shell	Process not Found
Set value (str)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000_CLASSES\MSCFile\shell\open\command\ = "C:\\Windows\\system32\\cmd.exe /c C:\\Users\\Admin\\AppData\\Local\\Temp\\4QFxKr.cmd"	Process not Found
Key deleted	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000_CLASSES\MSCFile\shell\open\command	Process not Found
Key deleted	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000_CLASSES\MSCFile\shell	Process not Found
Key deleted	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000_CLASSES\MSCFile	Process not Found
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000_CLASSES\MSCFile\shell\open\command	Process not Found

pid	Process
2712	rundll32.exe
2712	rundll32.exe
2712	rundll32.exe
1244	Process not Found
1244	Process not Found
1244	Process not Found
1244	Process not Found
1244	Process not Found
1244	Process not Found
1244	Process not Found
1244	Process not Found
1244	Process not Found
1244	Process not Found
1244	Process not Found
1244	Process not Found
1244	Process not Found
1244	Process not Found
1244	Process not Found
1244	Process not Found
1244	Process not Found
1244	Process not Found
1244	Process not Found
1244	Process not Found
1244	Process not Found
1244	Process not Found
1244	Process not Found
1244	Process not Found
1244	Process not Found
1244	Process not Found
1244	Process not Found
1244	Process not Found
1244	Process not Found
1244	Process not Found
1244	Process not Found
1244	Process not Found
1244	Process not Found
1244	Process not Found
1244	Process not Found
1244	Process not Found
1244	Process not Found
1244	Process not Found
1244	Process not Found
1244	Process not Found
1244	Process not Found
1244	Process not Found
1244	Process not Found
1244	Process not Found
1244	Process not Found
1244	Process not Found
1244	Process not Found
1244	Process not Found
1244	Process not Found
1244	Process not Found
1244	Process not Found
1244	Process not Found
1244	Process not Found
1244	Process not Found
1244	Process not Found
1244	Process not Found
1244	Process not Found
1244	Process not Found
1244	Process not Found
1244	Process not Found
1244	Process not Found

description	pid	Process	procid_target
PID 1244 wrote to memory of 1976	1244	Process not Found	30
PID 1244 wrote to memory of 1976	1244	Process not Found	30
PID 1244 wrote to memory of 1976	1244	Process not Found	30
PID 1244 wrote to memory of 3024	1244	Process not Found	31
PID 1244 wrote to memory of 3024	1244	Process not Found	31
PID 1244 wrote to memory of 3024	1244	Process not Found	31
PID 1244 wrote to memory of 2276	1244	Process not Found	33
PID 1244 wrote to memory of 2276	1244	Process not Found	33
PID 1244 wrote to memory of 2276	1244	Process not Found	33
PID 1244 wrote to memory of 2252	1244	Process not Found	34
PID 1244 wrote to memory of 2252	1244	Process not Found	34
PID 1244 wrote to memory of 2252	1244	Process not Found	34
PID 1244 wrote to memory of 2260	1244	Process not Found	36
PID 1244 wrote to memory of 2260	1244	Process not Found	36
PID 1244 wrote to memory of 2260	1244	Process not Found	36
PID 2260 wrote to memory of 2184	2260	eventvwr.exe	37
PID 2260 wrote to memory of 2184	2260	eventvwr.exe	37
PID 2260 wrote to memory of 2184	2260	eventvwr.exe	37
PID 2184 wrote to memory of 1732	2184	cmd.exe	39
PID 2184 wrote to memory of 1732	2184	cmd.exe	39
PID 2184 wrote to memory of 1732	2184	cmd.exe	39
PID 1244 wrote to memory of 2532	1244	Process not Found	40
PID 1244 wrote to memory of 2532	1244	Process not Found	40
PID 1244 wrote to memory of 2532	1244	Process not Found	40
PID 2532 wrote to memory of 1972	2532	cmd.exe	42
PID 2532 wrote to memory of 1972	2532	cmd.exe	42
PID 2532 wrote to memory of 1972	2532	cmd.exe	42
PID 1244 wrote to memory of 580	1244	Process not Found	43
PID 1244 wrote to memory of 580	1244	Process not Found	43
PID 1244 wrote to memory of 580	1244	Process not Found	43
PID 580 wrote to memory of 2288	580	cmd.exe	45
PID 580 wrote to memory of 2288	580	cmd.exe	45
PID 580 wrote to memory of 2288	580	cmd.exe	45
PID 1244 wrote to memory of 2352	1244	Process not Found	46
PID 1244 wrote to memory of 2352	1244	Process not Found	46
PID 1244 wrote to memory of 2352	1244	Process not Found	46
PID 2352 wrote to memory of 1984	2352	cmd.exe	48
PID 2352 wrote to memory of 1984	2352	cmd.exe	48
PID 2352 wrote to memory of 1984	2352	cmd.exe	48
PID 1244 wrote to memory of 944	1244	Process not Found	50
PID 1244 wrote to memory of 944	1244	Process not Found	50
PID 1244 wrote to memory of 944	1244	Process not Found	50
PID 944 wrote to memory of 1800	944	cmd.exe	52
PID 944 wrote to memory of 1800	944	cmd.exe	52
PID 944 wrote to memory of 1800	944	cmd.exe	52
PID 1244 wrote to memory of 2536	1244	Process not Found	53
PID 1244 wrote to memory of 2536	1244	Process not Found	53
PID 1244 wrote to memory of 2536	1244	Process not Found	53
PID 2536 wrote to memory of 1108	2536	cmd.exe	55
PID 2536 wrote to memory of 1108	2536	cmd.exe	55
PID 2536 wrote to memory of 1108	2536	cmd.exe	55
PID 1244 wrote to memory of 328	1244	Process not Found	56
PID 1244 wrote to memory of 328	1244	Process not Found	56
PID 1244 wrote to memory of 328	1244	Process not Found	56
PID 328 wrote to memory of 1056	328	cmd.exe	58
PID 328 wrote to memory of 1056	328	cmd.exe	58
PID 328 wrote to memory of 1056	328	cmd.exe	58

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads