76f55cd5072dfef2fcb1038db9c1bb1baf2b7c72e8403511c09479f6337f4a9d

Analysis

max time kernel
29s
max time network
16s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
06/09/2024, 00:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

31033152dbc1687da2278ed20d76e7a0N.exe
Size

5.0MB
MD5

31033152dbc1687da2278ed20d76e7a0
SHA1

31ff30cecb0631c8d7ba4c88d3a1f2cc5202dc66
SHA256

76f55cd5072dfef2fcb1038db9c1bb1baf2b7c72e8403511c09479f6337f4a9d
SHA512

46803408519a316cc3aefd8b4b8ebff2b7df8ff2f2754f74625df1a95e81faf7d60facb952daffa7aca668470ff6409c50c06028138b523ee086fa5ce60be716
SSDEEP

49152:lD2VX7WFhVMnfW8ljhIR8PqnstLet3Ly/DzxegjI45TMwwapIgTfT3:lD2VSKuIIiPqnstLEGDFULapIID

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 6 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2368-0-0x0000000000400000-0x000000000040F000-memory.dmp	upx
behavioral1/files/0x0008000000016688-6.dat	upx
behavioral1/memory/2368-1589-0x0000000000400000-0x000000000040F000-memory.dmp	upx
behavioral1/memory/2368-1588-0x0000000000400000-0x000000000040F000-memory.dmp	upx
behavioral1/memory/2368-3670-0x0000000000400000-0x000000000040F000-memory.dmp	upx
behavioral1/memory/2368-3674-0x0000000000400000-0x000000000040F000-memory.dmp	upx

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\fixmapi.exe	31033152dbc1687da2278ed20d76e7a0N.exe
File created	C:\Windows\SysWOW64\TRACERT.EXE	31033152dbc1687da2278ed20d76e7a0N.exe
File created	C:\Windows\SysWOW64\unlodctr.exe	31033152dbc1687da2278ed20d76e7a0N.exe
File created	C:\Windows\System32\DriverStore\FileRepository\brmfcwia.inf_amd64_neutral_817b8835aed3d6b7\BrmfRsmg.exe-	31033152dbc1687da2278ed20d76e7a0N.exe
File created	C:\Windows\SysWOW64\subst.exe-	31033152dbc1687da2278ed20d76e7a0N.exe
File created	C:\Windows\SysWOW64\xcopy.exe	31033152dbc1687da2278ed20d76e7a0N.exe
File created	C:\Windows\SysWOW64\CertEnrollCtrl.exe	31033152dbc1687da2278ed20d76e7a0N.exe
File created	C:\Windows\System32\DriverStore\FileRepository\brmfcmf.inf_amd64_neutral_67b5984f8e8ff717\BrmfRsmg.exe-	31033152dbc1687da2278ed20d76e7a0N.exe
File created	C:\Windows\SysWOW64\ftp.exe	31033152dbc1687da2278ed20d76e7a0N.exe
File created	C:\Windows\SysWOW64\sc.exe	31033152dbc1687da2278ed20d76e7a0N.exe
File created	C:\Windows\SysWOW64\credwiz.exe-	31033152dbc1687da2278ed20d76e7a0N.exe
File created	C:\Windows\SysWOW64\EhStorAuthn.exe	31033152dbc1687da2278ed20d76e7a0N.exe
File created	C:\Windows\SysWOW64\SndVol.exe-	31033152dbc1687da2278ed20d76e7a0N.exe
File created	C:\Windows\SysWOW64\waitfor.exe-	31033152dbc1687da2278ed20d76e7a0N.exe
File created	C:\Windows\SysWOW64\charmap.exe	31033152dbc1687da2278ed20d76e7a0N.exe
File created	C:\Windows\SysWOW64\dvdupgrd.exe-	31033152dbc1687da2278ed20d76e7a0N.exe
File created	C:\Windows\SysWOW64\logman.exe-	31033152dbc1687da2278ed20d76e7a0N.exe
File created	C:\Windows\SysWOW64\mmc.exe-	31033152dbc1687da2278ed20d76e7a0N.exe
File created	C:\Windows\SysWOW64\esentutl.exe-	31033152dbc1687da2278ed20d76e7a0N.exe
File created	C:\Windows\SysWOW64\ftp.exe-	31033152dbc1687da2278ed20d76e7a0N.exe
File created	C:\Windows\SysWOW64\msdt.exe	31033152dbc1687da2278ed20d76e7a0N.exe
File created	C:\Windows\SysWOW64\newdev.exe-	31033152dbc1687da2278ed20d76e7a0N.exe
File created	C:\Windows\SysWOW64\PhotoScreensaver.scr	31033152dbc1687da2278ed20d76e7a0N.exe
File created	C:\Windows\SysWOW64\rundll32.exe-	31033152dbc1687da2278ed20d76e7a0N.exe
File created	C:\Windows\SysWOW64\schtasks.exe-	31033152dbc1687da2278ed20d76e7a0N.exe
File created	C:\Windows\SysWOW64\taskmgr.exe	31033152dbc1687da2278ed20d76e7a0N.exe
File created	C:\Windows\SysWOW64\xcopy.exe-	31033152dbc1687da2278ed20d76e7a0N.exe
File created	C:\Windows\SysWOW64\AtBroker.exe-	31033152dbc1687da2278ed20d76e7a0N.exe
File created	C:\Windows\System32\DriverStore\FileRepository\bth.inf_amd64_neutral_e54666f6a3e5af91\fsquirt.exe-	31033152dbc1687da2278ed20d76e7a0N.exe
File created	C:\Windows\SysWOW64\efsui.exe	31033152dbc1687da2278ed20d76e7a0N.exe
File created	C:\Windows\SysWOW64\netsh.exe	31033152dbc1687da2278ed20d76e7a0N.exe
File created	C:\Windows\SysWOW64\verclsid.exe-	31033152dbc1687da2278ed20d76e7a0N.exe
File created	C:\Windows\SysWOW64\wbem\WinMgmt.exe	31033152dbc1687da2278ed20d76e7a0N.exe
File created	C:\Windows\SysWOW64\wbem\WmiPrvSE.exe	31033152dbc1687da2278ed20d76e7a0N.exe
File created	C:\Windows\SysWOW64\cipher.exe	31033152dbc1687da2278ed20d76e7a0N.exe
File created	C:\Windows\SysWOW64\icardagt.exe	31033152dbc1687da2278ed20d76e7a0N.exe
File created	C:\Windows\SysWOW64\lodctr.exe	31033152dbc1687da2278ed20d76e7a0N.exe
File created	C:\Windows\SysWOW64\Mystify.scr-	31033152dbc1687da2278ed20d76e7a0N.exe
File created	C:\Windows\SysWOW64\setupugc.exe	31033152dbc1687da2278ed20d76e7a0N.exe
File created	C:\Windows\SysWOW64\wscript.exe	31033152dbc1687da2278ed20d76e7a0N.exe
File created	C:\Windows\SysWOW64\xwizard.exe	31033152dbc1687da2278ed20d76e7a0N.exe
File created	C:\Windows\SysWOW64\lodctr.exe-	31033152dbc1687da2278ed20d76e7a0N.exe
File created	C:\Windows\SysWOW64\pcaui.exe	31033152dbc1687da2278ed20d76e7a0N.exe
File created	C:\Windows\SysWOW64\resmon.exe-	31033152dbc1687da2278ed20d76e7a0N.exe
File created	C:\Windows\SysWOW64\SecEdit.exe	31033152dbc1687da2278ed20d76e7a0N.exe
File created	C:\Windows\SysWOW64\calc.exe-	31033152dbc1687da2278ed20d76e7a0N.exe
File created	C:\Windows\SysWOW64\chkntfs.exe	31033152dbc1687da2278ed20d76e7a0N.exe
File created	C:\Windows\SysWOW64\diskcopy.com-	31033152dbc1687da2278ed20d76e7a0N.exe
File created	C:\Windows\SysWOW64\MRINFO.EXE	31033152dbc1687da2278ed20d76e7a0N.exe
File created	C:\Windows\SysWOW64\msfeedssync.exe-	31033152dbc1687da2278ed20d76e7a0N.exe
File created	C:\Windows\SysWOW64\PresentationHost.exe	31033152dbc1687da2278ed20d76e7a0N.exe
File created	C:\Windows\SysWOW64\ReAgentc.exe-	31033152dbc1687da2278ed20d76e7a0N.exe
File created	C:\Windows\SysWOW64\shutdown.exe-	31033152dbc1687da2278ed20d76e7a0N.exe
File created	C:\Windows\SysWOW64\wbem\WMIADAP.exe	31033152dbc1687da2278ed20d76e7a0N.exe
File created	C:\Windows\SysWOW64\DisplaySwitch.exe-	31033152dbc1687da2278ed20d76e7a0N.exe
File created	C:\Windows\SysWOW64\SearchFilterHost.exe	31033152dbc1687da2278ed20d76e7a0N.exe
File created	C:\Windows\SysWOW64\DeviceProperties.exe	31033152dbc1687da2278ed20d76e7a0N.exe
File created	C:\Windows\SysWOW64\DWWIN.EXE	31033152dbc1687da2278ed20d76e7a0N.exe
File created	C:\Windows\SysWOW64\msfeedssync.exe	31033152dbc1687da2278ed20d76e7a0N.exe
File created	C:\Windows\SysWOW64\perfmon.exe-	31033152dbc1687da2278ed20d76e7a0N.exe
File created	C:\Windows\SysWOW64\shutdown.exe	31033152dbc1687da2278ed20d76e7a0N.exe
File created	C:\Windows\SysWOW64\SystemPropertiesRemote.exe	31033152dbc1687da2278ed20d76e7a0N.exe
File created	C:\Windows\SysWOW64\wininit.exe-	31033152dbc1687da2278ed20d76e7a0N.exe
File created	C:\Windows\SysWOW64\regedit.exe	31033152dbc1687da2278ed20d76e7a0N.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe-	31033152dbc1687da2278ed20d76e7a0N.exe
File created	C:\Program Files\UpdateRepair.exe	31033152dbc1687da2278ed20d76e7a0N.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\msinfo32.exe-	31033152dbc1687da2278ed20d76e7a0N.exe
File created	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdate.exe-	31033152dbc1687da2278ed20d76e7a0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.exe	31033152dbc1687da2278ed20d76e7a0N.exe
File created	C:\Program Files\Internet Explorer\iexplore.exe	31033152dbc1687da2278ed20d76e7a0N.exe
File created	C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\template.exe	31033152dbc1687da2278ed20d76e7a0N.exe
File created	C:\Program Files (x86)\Windows Media Player\wmpshare.exe	31033152dbc1687da2278ed20d76e7a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\pack200.exe	31033152dbc1687da2278ed20d76e7a0N.exe
File created	C:\Program Files\Microsoft Games\Chess\Chess.exe	31033152dbc1687da2278ed20d76e7a0N.exe
File created	C:\Program Files\Windows Defender\MpCmdRun.exe-	31033152dbc1687da2278ed20d76e7a0N.exe
File created	C:\Program Files\Windows Media Player\wmprph.exe-	31033152dbc1687da2278ed20d76e7a0N.exe
File created	C:\Program Files\7-Zip\Uninstall.exe-	31033152dbc1687da2278ed20d76e7a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jcmd.exe-	31033152dbc1687da2278ed20d76e7a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\startNetworkServer.bat-	31033152dbc1687da2278ed20d76e7a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\policytool.exe	31033152dbc1687da2278ed20d76e7a0N.exe
File created	C:\Program Files\Windows Defender\MpCmdRun.exe	31033152dbc1687da2278ed20d76e7a0N.exe
File created	C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\airappinstaller.exe	31033152dbc1687da2278ed20d76e7a0N.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\VSTA\8.0\x86\vsta_ep32.exe	31033152dbc1687da2278ed20d76e7a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jrunscript.exe	31033152dbc1687da2278ed20d76e7a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\wsgen.exe	31033152dbc1687da2278ed20d76e7a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\setNetworkClientCP.bat-	31033152dbc1687da2278ed20d76e7a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\orbd.exe	31033152dbc1687da2278ed20d76e7a0N.exe
File created	C:\Program Files\Java\jre7\bin\tnameserv.exe-	31033152dbc1687da2278ed20d76e7a0N.exe
File created	C:\Program Files\Mozilla Firefox\pingsender.exe	31033152dbc1687da2278ed20d76e7a0N.exe
File created	C:\Program Files\PushMount.cmd-	31033152dbc1687da2278ed20d76e7a0N.exe
File created	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleCrashHandler.exe	31033152dbc1687da2278ed20d76e7a0N.exe
File created	C:\Program Files (x86)\Mozilla Maintenance Service\Uninstall.exe	31033152dbc1687da2278ed20d76e7a0N.exe
File created	C:\Program Files (x86)\Windows Mail\wabmig.exe-	31033152dbc1687da2278ed20d76e7a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\apt.exe	31033152dbc1687da2278ed20d76e7a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\javaws.exe-	31033152dbc1687da2278ed20d76e7a0N.exe
File created	C:\Program Files\VideoLAN\VLC\vlc-cache-gen.exe	31033152dbc1687da2278ed20d76e7a0N.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32Info.exe	31033152dbc1687da2278ed20d76e7a0N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\misc.exe-	31033152dbc1687da2278ed20d76e7a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jmc.exe	31033152dbc1687da2278ed20d76e7a0N.exe
File created	C:\Program Files\Microsoft Games\FreeCell\FreeCell.exe-	31033152dbc1687da2278ed20d76e7a0N.exe
File created	C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\106.0.5249.119\chrome_installer.exe-	31033152dbc1687da2278ed20d76e7a0N.exe
File created	C:\Program Files\Java\jre7\bin\kinit.exe	31033152dbc1687da2278ed20d76e7a0N.exe
File created	C:\Program Files\Java\jre7\bin\pack200.exe-	31033152dbc1687da2278ed20d76e7a0N.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\DW\DWTRIG20.EXE-	31033152dbc1687da2278ed20d76e7a0N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\MSACCESS.EXE-	31033152dbc1687da2278ed20d76e7a0N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\MSACCESS.EXE	31033152dbc1687da2278ed20d76e7a0N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\PPTICO.EXE-	31033152dbc1687da2278ed20d76e7a0N.exe
File created	C:\Program Files (x86)\Windows Mail\wabmig.exe	31033152dbc1687da2278ed20d76e7a0N.exe
File created	C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe	31033152dbc1687da2278ed20d76e7a0N.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\pipanel.exe-	31033152dbc1687da2278ed20d76e7a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\dblook.bat	31033152dbc1687da2278ed20d76e7a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\tnameserv.exe	31033152dbc1687da2278ed20d76e7a0N.exe
File created	C:\Program Files\Windows Media Player\setup_wm.exe	31033152dbc1687da2278ed20d76e7a0N.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroBroker.exe-	31033152dbc1687da2278ed20d76e7a0N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\SCANPST.EXE-	31033152dbc1687da2278ed20d76e7a0N.exe
File created	C:\Program Files (x86)\Mozilla Maintenance Service\Uninstall.exe-	31033152dbc1687da2278ed20d76e7a0N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe-	31033152dbc1687da2278ed20d76e7a0N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\nacl_irt_x86_64.nexe	31033152dbc1687da2278ed20d76e7a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\orbd.exe-	31033152dbc1687da2278ed20d76e7a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\derby_common.bat-	31033152dbc1687da2278ed20d76e7a0N.exe
File created	C:\Program Files\Java\jre7\bin\javaw.exe	31033152dbc1687da2278ed20d76e7a0N.exe
File created	C:\Program Files\Windows Defender\MSASCui.exe-	31033152dbc1687da2278ed20d76e7a0N.exe
File created	C:\Program Files (x86)\Google\Update\DisabledGoogleUpdate.exe-	31033152dbc1687da2278ed20d76e7a0N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\GROOVEMN.EXE	31033152dbc1687da2278ed20d76e7a0N.exe
File created	C:\Program Files (x86)\Windows Mail\wab.exe-	31033152dbc1687da2278ed20d76e7a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\serialver.exe-	31033152dbc1687da2278ed20d76e7a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\nbexec64.exe	31033152dbc1687da2278ed20d76e7a0N.exe
File created	C:\Program Files\VideoLAN\VLC\vlc.exe	31033152dbc1687da2278ed20d76e7a0N.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\winsxs\amd64_microsoft-windows-f..temcompareutilities_31bf3856ad364e35_6.1.7600.16385_none_5cbb962a4f0d58c1\fc.exe-	31033152dbc1687da2278ed20d76e7a0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-msinfo32-exe-common_31bf3856ad364e35_6.1.7601.17514_none_e46b048a01806891\msinfo32.exe-	31033152dbc1687da2278ed20d76e7a0N.exe
File created	C:\Windows\winsxs\amd64_netfx-aspnet_state_exe_b03f5f7f11d50a3a_6.1.7600.16385_none_0df703f36aac2f13\aspnet_state.exe-	31033152dbc1687da2278ed20d76e7a0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-clip_31bf3856ad364e35_6.1.7600.16385_none_03d0d3c435b27637\clip.exe-	31033152dbc1687da2278ed20d76e7a0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-ktmutil_31bf3856ad364e35_6.1.7600.16385_none_e47ee9c51ad9df17\ktmutil.exe-	31033152dbc1687da2278ed20d76e7a0N.exe
File created	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exe	31033152dbc1687da2278ed20d76e7a0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-directshow-dvdupgrd_31bf3856ad364e35_6.1.7600.16385_none_d9bb586ff6564bbc\dvdupgrd.exe-	31033152dbc1687da2278ed20d76e7a0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-ie-gc-registeriepkeys_31bf3856ad364e35_11.2.9600.16428_none_0a3fe92b38dd8c45\RegisterIEPKEYs.exe-	31033152dbc1687da2278ed20d76e7a0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p..randprintui-ntprint_31bf3856ad364e35_6.1.7601.17514_none_4e297fab940bc0e5\ntprint.exe-	31033152dbc1687da2278ed20d76e7a0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-diskraid_31bf3856ad364e35_6.1.7601.17514_none_67910dfbf63c4aae\diskraid.exe-	31033152dbc1687da2278ed20d76e7a0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-grouppolicy-script_31bf3856ad364e35_6.1.7600.16385_none_64ed8ea5d0ffd85e\gpscript.exe-	31033152dbc1687da2278ed20d76e7a0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-p..erandprintui-pmcppc_31bf3856ad364e35_6.1.7601.17514_none_0d6fabd7def3be93\PushPrinterConnections.exe-	31033152dbc1687da2278ed20d76e7a0N.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.Workflow.Compiler.exe	31033152dbc1687da2278ed20d76e7a0N.exe
File created	C:\Windows\Microsoft.NET\Framework64\v3.5\MSBuild.exe-	31033152dbc1687da2278ed20d76e7a0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-bcdboot-cmdlinetool_31bf3856ad364e35_6.1.7601.17514_none_bf7bea0454c3f0cf\bcdboot.exe-	31033152dbc1687da2278ed20d76e7a0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_6.1.7601.17514_none_ce2d22115368db7a\WerFaultSecure.exe-	31033152dbc1687da2278ed20d76e7a0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5023a70bf589ad3e\regedt32.exe-	31033152dbc1687da2278ed20d76e7a0N.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_79642285ffd2a388\aspnetca.exe-	31033152dbc1687da2278ed20d76e7a0N.exe
File created	C:\Windows\winsxs\x86_infocard_b77a5c561934e089_6.1.7601.17514_none_9fe7c337d52f2ea7\infocard.exe-	31033152dbc1687da2278ed20d76e7a0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_6.1.7601.17514_none_720e868d9b0b6a44\WerFaultSecure.exe-	31033152dbc1687da2278ed20d76e7a0N.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	31033152dbc1687da2278ed20d76e7a0N.exe
File created	C:\Windows\Microsoft.NET\Framework64\v3.5\WFServicesReg.exe-	31033152dbc1687da2278ed20d76e7a0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-authentication-logonui_31bf3856ad364e35_6.1.7601.17514_none_c3b917fd89d834f3\LogonUI.exe-	31033152dbc1687da2278ed20d76e7a0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-s..csengine-nativehost_31bf3856ad364e35_6.1.7600.16385_none_761ad65676427bd9\sdiagnhost.exe-	31033152dbc1687da2278ed20d76e7a0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe-	31033152dbc1687da2278ed20d76e7a0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7600.16385_none_655452efe0fb810b\PkgMgr.exe-	31033152dbc1687da2278ed20d76e7a0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-vssadmin_31bf3856ad364e35_6.1.7600.16385_none_207247174b54af00\vssadmin.exe-	31033152dbc1687da2278ed20d76e7a0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-w..sition-uicomponents_31bf3856ad364e35_6.1.7601.17514_none_2d1a84c49beb2055\wiaacmgr.exe-	31033152dbc1687da2278ed20d76e7a0N.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	31033152dbc1687da2278ed20d76e7a0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-tasklist_31bf3856ad364e35_6.1.7600.16385_none_28198854bba53a00\tasklist.exe-	31033152dbc1687da2278ed20d76e7a0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-mediaplayer-wmpenc_31bf3856ad364e35_6.1.7600.16385_none_00192601418cadff\wmpenc.exe-	31033152dbc1687da2278ed20d76e7a0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-notepad_31bf3856ad364e35_6.1.7600.16385_none_cb0f7f2289b0c21a\notepad.exe-	31033152dbc1687da2278ed20d76e7a0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p..ng-server-isolation_31bf3856ad364e35_6.1.7600.16385_none_f8a40495785334a9\PrintIsolationHost.exe-	31033152dbc1687da2278ed20d76e7a0N.exe
File created	C:\Windows\winsxs\amd64_wcf-wsatconfig_b03f5f7f11d50a3a_6.1.7601.17514_none_d7ce65f32404434b\WsatConfig.exe-	31033152dbc1687da2278ed20d76e7a0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-waitfor_31bf3856ad364e35_6.1.7600.16385_none_b63c0c04dc872e59\waitfor.exe-	31033152dbc1687da2278ed20d76e7a0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-b..iondata-cmdlinetool_31bf3856ad364e35_6.1.7601.17514_none_e6510234bbcb2a8c\bcdedit.exe-	31033152dbc1687da2278ed20d76e7a0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-mediaplayer-setup_31bf3856ad364e35_6.1.7601.17514_none_0c19cef0ed2a642e\unregmp2.exe-	31033152dbc1687da2278ed20d76e7a0N.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-ie-htmlapplication_31bf3856ad364e35_11.2.9600.16428_none_4605aca152cc8281\mshta.exe-	31033152dbc1687da2278ed20d76e7a0N.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-rasconnectionmanager_31bf3856ad364e35_6.1.7601.17514_none_c79aef32ab85d92b\cmdl32.exe-	31033152dbc1687da2278ed20d76e7a0N.exe
File created	C:\Windows\twunk_32.exe-	31033152dbc1687da2278ed20d76e7a0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-efs-ui_31bf3856ad364e35_6.1.7600.16385_none_5269b9a9a14782a8\efsui.exe-	31033152dbc1687da2278ed20d76e7a0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-netplwiz-exe_31bf3856ad364e35_6.1.7600.16385_none_494ba66d2a12efc3\Netplwiz.exe-	31033152dbc1687da2278ed20d76e7a0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-r..s-regkeys-component_31bf3856ad364e35_6.1.7601.17514_none_7df14b591094e7ec\TsUsbRedirectionGroupPolicyControl.exe-	31033152dbc1687da2278ed20d76e7a0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-commandlinehelp_31bf3856ad364e35_6.1.7600.16385_none_d4018bc76a8b37d9\help.exe-	31033152dbc1687da2278ed20d76e7a0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-filtermanager-utils_31bf3856ad364e35_6.1.7600.16385_none_1964092586ab4352\fltMC.exe-	31033152dbc1687da2278ed20d76e7a0N.exe
File created	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ilasm.exe-	31033152dbc1687da2278ed20d76e7a0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-com-complus-setup_31bf3856ad364e35_6.1.7600.16385_none_459ccaf008ff34f6\mtstocom.exe-	31033152dbc1687da2278ed20d76e7a0N.exe
File created	C:\Windows\winsxs\amd64_netfx-aspnet_regiis_exe_b03f5f7f11d50a3a_6.1.7600.16385_none_9f01d3f4c9ca5275\aspnet_regiis.exe-	31033152dbc1687da2278ed20d76e7a0N.exe
File created	C:\Windows\winsxs\wow64_windowssearchengine_31bf3856ad364e35_7.0.7601.17514_none_dbd4d2796675bc72\SearchProtocolHost.exe-	31033152dbc1687da2278ed20d76e7a0N.exe
File created	C:\Windows\Microsoft.NET\Framework64\v3.5\AddInProcess32.exe	31033152dbc1687da2278ed20d76e7a0N.exe
File created	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dfsvc.exe	31033152dbc1687da2278ed20d76e7a0N.exe
File created	C:\Windows\winhlp32.exe	31033152dbc1687da2278ed20d76e7a0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-ehome-ehmsas_31bf3856ad364e35_6.1.7600.16385_none_8707c620868fdf75\ehmsas.exe-	31033152dbc1687da2278ed20d76e7a0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-ieinstal_31bf3856ad364e35_11.2.9600.16428_none_caf2ec2ca6b08f27\ieinstal.exe-	31033152dbc1687da2278ed20d76e7a0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-wmi-core_31bf3856ad364e35_6.1.7601.17514_none_177a088436382a34\WmiApSrv.exe-	31033152dbc1687da2278ed20d76e7a0N.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe	31033152dbc1687da2278ed20d76e7a0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-ehome-devices-mcx2prov_31bf3856ad364e35_6.1.7600.16385_none_3482237b32c1daff\Mcx2Prov.exe-	31033152dbc1687da2278ed20d76e7a0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-scripting_31bf3856ad364e35_6.1.7600.16385_none_a45d44bd1a0af822\wscript.exe-	31033152dbc1687da2278ed20d76e7a0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-secinit_31bf3856ad364e35_6.1.7600.16385_none_e3ace21ee6af3fb6\secinit.exe-	31033152dbc1687da2278ed20d76e7a0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-virtualdiskservice_31bf3856ad364e35_6.1.7601.17514_none_c910d80f114e267a\vds.exe-	31033152dbc1687da2278ed20d76e7a0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-runas_31bf3856ad364e35_6.1.7600.16385_none_5fbe9f67bec0f818\runas.exe-	31033152dbc1687da2278ed20d76e7a0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-coreusermodepnp_31bf3856ad364e35_6.1.7601.17514_none_d527b0a5438b8346\drvinst.exe-	31033152dbc1687da2278ed20d76e7a0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe-	31033152dbc1687da2278ed20d76e7a0N.exe
File created	C:\Windows\winsxs\amd64_netfx-ngen_exe_b03f5f7f11d50a3a_6.1.7601.17514_none_046c078df2caf5d8\ngen.exe-	31033152dbc1687da2278ed20d76e7a0N.exe

C:\Users\Admin\AppData\Local\Temp\31033152dbc1687da2278ed20d76e7a0N.exe
"C:\Users\Admin\AppData\Local\Temp\31033152dbc1687da2278ed20d76e7a0N.exe"
1⤵
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
PID:2368

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7zFM.exe-

Filesize
5.9MB

MD5
e990039b80f956dc2ee747a16a73c1f0

SHA1
e148d343f05d027d706ca39bc629e05014edf136

SHA256
26c8925b7e40858353e32c2ec522384bef31744640de0e696d6bc094d73104f2

SHA512
1d73e02d4bb43702b6c446b25fe62f8d940940442a1d193e9bee596882a87cadcefbcbc0d7b291aa9155af128656246c057099ad9ecd0aba180af4444442cb7b

Download Submit
memory/2368-0-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/2368-1589-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/2368-1588-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/2368-3670-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/2368-3674-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download