pid	Process
4584	powershell.exe
4572	powershell.exe
3240	powershell.exe
4592	powershell.exe

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	taskmgr.exe

pid	Process
2052	upx.exe
4592	powershell.exe
4592	powershell.exe
4584	powershell.exe
4584	powershell.exe
4572	powershell.exe
4572	powershell.exe
936	powershell.exe
936	powershell.exe
3240	powershell.exe
3240	powershell.exe
4628	taskmgr.exe
4628	taskmgr.exe
4628	taskmgr.exe
4628	taskmgr.exe
4628	taskmgr.exe
4628	taskmgr.exe
4628	taskmgr.exe
4628	taskmgr.exe
4628	taskmgr.exe
4628	taskmgr.exe
4628	taskmgr.exe
4628	taskmgr.exe
4628	taskmgr.exe
4628	taskmgr.exe

description	pid	Process
Token: SeDebugPrivilege	2052	upx.exe
Token: SeIncreaseQuotaPrivilege	3276	wmic.exe
Token: SeSecurityPrivilege	3276	wmic.exe
Token: SeTakeOwnershipPrivilege	3276	wmic.exe
Token: SeLoadDriverPrivilege	3276	wmic.exe
Token: SeSystemProfilePrivilege	3276	wmic.exe
Token: SeSystemtimePrivilege	3276	wmic.exe
Token: SeProfSingleProcessPrivilege	3276	wmic.exe
Token: SeIncBasePriorityPrivilege	3276	wmic.exe
Token: SeCreatePagefilePrivilege	3276	wmic.exe
Token: SeBackupPrivilege	3276	wmic.exe
Token: SeRestorePrivilege	3276	wmic.exe
Token: SeShutdownPrivilege	3276	wmic.exe
Token: SeDebugPrivilege	3276	wmic.exe
Token: SeSystemEnvironmentPrivilege	3276	wmic.exe
Token: SeRemoteShutdownPrivilege	3276	wmic.exe
Token: SeUndockPrivilege	3276	wmic.exe
Token: SeManageVolumePrivilege	3276	wmic.exe
Token: 33	3276	wmic.exe
Token: 34	3276	wmic.exe
Token: 35	3276	wmic.exe
Token: 36	3276	wmic.exe
Token: SeIncreaseQuotaPrivilege	3276	wmic.exe
Token: SeSecurityPrivilege	3276	wmic.exe
Token: SeTakeOwnershipPrivilege	3276	wmic.exe
Token: SeLoadDriverPrivilege	3276	wmic.exe
Token: SeSystemProfilePrivilege	3276	wmic.exe
Token: SeSystemtimePrivilege	3276	wmic.exe
Token: SeProfSingleProcessPrivilege	3276	wmic.exe
Token: SeIncBasePriorityPrivilege	3276	wmic.exe
Token: SeCreatePagefilePrivilege	3276	wmic.exe
Token: SeBackupPrivilege	3276	wmic.exe
Token: SeRestorePrivilege	3276	wmic.exe
Token: SeShutdownPrivilege	3276	wmic.exe
Token: SeDebugPrivilege	3276	wmic.exe
Token: SeSystemEnvironmentPrivilege	3276	wmic.exe
Token: SeRemoteShutdownPrivilege	3276	wmic.exe
Token: SeUndockPrivilege	3276	wmic.exe
Token: SeManageVolumePrivilege	3276	wmic.exe
Token: 33	3276	wmic.exe
Token: 34	3276	wmic.exe
Token: 35	3276	wmic.exe
Token: 36	3276	wmic.exe
Token: SeDebugPrivilege	4592	powershell.exe
Token: SeDebugPrivilege	4584	powershell.exe
Token: SeDebugPrivilege	4572	powershell.exe
Token: SeDebugPrivilege	936	powershell.exe
Token: SeIncreaseQuotaPrivilege	4996	wmic.exe
Token: SeSecurityPrivilege	4996	wmic.exe
Token: SeTakeOwnershipPrivilege	4996	wmic.exe
Token: SeLoadDriverPrivilege	4996	wmic.exe
Token: SeSystemProfilePrivilege	4996	wmic.exe
Token: SeSystemtimePrivilege	4996	wmic.exe
Token: SeProfSingleProcessPrivilege	4996	wmic.exe
Token: SeIncBasePriorityPrivilege	4996	wmic.exe
Token: SeCreatePagefilePrivilege	4996	wmic.exe
Token: SeBackupPrivilege	4996	wmic.exe
Token: SeRestorePrivilege	4996	wmic.exe
Token: SeShutdownPrivilege	4996	wmic.exe
Token: SeDebugPrivilege	4996	wmic.exe
Token: SeSystemEnvironmentPrivilege	4996	wmic.exe
Token: SeRemoteShutdownPrivilege	4996	wmic.exe
Token: SeUndockPrivilege	4996	wmic.exe
Token: SeManageVolumePrivilege	4996	wmic.exe

description	pid	Process	procid_target
PID 2052 wrote to memory of 3276	2052	upx.exe	83
PID 2052 wrote to memory of 3276	2052	upx.exe	83
PID 2052 wrote to memory of 348	2052	upx.exe	89
PID 2052 wrote to memory of 348	2052	upx.exe	89
PID 2052 wrote to memory of 4592	2052	upx.exe	92
PID 2052 wrote to memory of 4592	2052	upx.exe	92
PID 2052 wrote to memory of 4584	2052	upx.exe	94
PID 2052 wrote to memory of 4584	2052	upx.exe	94
PID 2052 wrote to memory of 4572	2052	upx.exe	96
PID 2052 wrote to memory of 4572	2052	upx.exe	96
PID 2052 wrote to memory of 936	2052	upx.exe	98
PID 2052 wrote to memory of 936	2052	upx.exe	98
PID 2052 wrote to memory of 4996	2052	upx.exe	103
PID 2052 wrote to memory of 4996	2052	upx.exe	103
PID 2052 wrote to memory of 5016	2052	upx.exe	105
PID 2052 wrote to memory of 5016	2052	upx.exe	105
PID 2052 wrote to memory of 5116	2052	upx.exe	107
PID 2052 wrote to memory of 5116	2052	upx.exe	107
PID 2052 wrote to memory of 3240	2052	upx.exe	109
PID 2052 wrote to memory of 3240	2052	upx.exe	109
PID 2052 wrote to memory of 4884	2052	upx.exe	111
PID 2052 wrote to memory of 4884	2052	upx.exe	111
PID 2052 wrote to memory of 2984	2052	upx.exe	115
PID 2052 wrote to memory of 2984	2052	upx.exe	115
PID 2984 wrote to memory of 3448	2984	cmd.exe	117
PID 2984 wrote to memory of 3448	2984	cmd.exe	117

flow	ioc
26	discord.com
27	discord.com

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.