Overview

overview

10

Static

static

3

edd09e4032...18.exe

windows7-x64

10

edd09e4032...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    67s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20/09/2024, 14:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    edd09e4032aaf3f2f560d7378492672b_JaffaCakes118.exe

  • Size

    171KB

  • MD5

    edd09e4032aaf3f2f560d7378492672b

  • SHA1

    96e231ee4e16b7052bb6f18c09da585fe026b0db

  • SHA256

    72f44ac484006cfaf2b9a89e1b267801b819a579efdf80037e0841f2cd3d7dd1

  • SHA512

    6c399065a225accf45fba96fe178264793029273c5b7df4f592a0492d80dd9a685677e09966fa1ca6adcad1ad2ced3b2558affc2555644b9ee3b7c0ff34b241c

  • SSDEEP

    3072:6bNpBJzIdgUh/pk1x9KetIsE+PQ2xtDjcJV00qSXjDGCtHEGATkh4Vehez2s1pc8:udIdgUg1x9Key2L6mFSXjD7tHELk+khX

Score
10/10
discoveryevasionpersistenceupx

Malware Config

Signatures

  • Modifies security service 2 TTPs 1 IoCs
    evasion
  • Boot or Logon Autostart Execution: Active Setup 2 TTPs 9 IoCs

    Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    persistence
  • Disables taskbar notifications via registry modification
    evasion
  • UPX packed file 8 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Enumerates connected drives 3 TTPs 18 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks SCSI registry key(s) 3 TTPs 64 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 12 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 15 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs
  • System policy modification 1 TTPs 2 IoCs
    evasion
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Users\Admin\AppData\Local\Temp\edd09e4032aaf3f2f560d7378492672b_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\edd09e4032aaf3f2f560d7378492672b_JaffaCakes118.exe"
    1⤵
    • Modifies security service
    • Adds Run key to start application
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    • System policy modification
    PID:2260
    • C:\Users\Admin\AppData\Local\Temp\edd09e4032aaf3f2f560d7378492672b_JaffaCakes118.exe
      C:\Users\Admin\AppData\Local\Temp\edd09e4032aaf3f2f560d7378492672b_JaffaCakes118.exe startC:\Users\Admin\AppData\Roaming\034B1\46ED3.exe%C:\Users\Admin\AppData\Roaming\034B1
      2⤵
        PID:3824
      • C:\Users\Admin\AppData\Local\Temp\edd09e4032aaf3f2f560d7378492672b_JaffaCakes118.exe
        C:\Users\Admin\AppData\Local\Temp\edd09e4032aaf3f2f560d7378492672b_JaffaCakes118.exe startC:\Program Files (x86)\B1170\lvvm.exe%C:\Program Files (x86)\B1170
        2⤵
          PID:3028
      • C:\Windows\explorer.exe
        explorer.exe
        1⤵
        • Boot or Logon Autostart Execution: Active Setup
        • Enumerates connected drives
        • Checks SCSI registry key(s)
        • Modifies registry class
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        PID:4680
      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
        1⤵
        • Modifies registry class
        • Suspicious use of SetWindowsHookEx
        PID:2944
      • C:\Windows\explorer.exe
        explorer.exe
        1⤵
        • Boot or Logon Autostart Execution: Active Setup
        • Enumerates connected drives
        • Checks SCSI registry key(s)
        • Modifies registry class
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        PID:2292
      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
        1⤵
        • Modifies registry class
        • Suspicious use of SetWindowsHookEx
        PID:2996
      • C:\Windows\explorer.exe
        explorer.exe
        1⤵
        • Boot or Logon Autostart Execution: Active Setup
        • Enumerates connected drives
        • Checks SCSI registry key(s)
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        PID:4140
      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
        1⤵
        • Suspicious use of SetWindowsHookEx
        PID:1508
      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
        1⤵
        • Modifies Internet Explorer settings
        • Modifies registry class
        • Suspicious use of SetWindowsHookEx
        PID:820
      • C:\Windows\explorer.exe
        explorer.exe
        1⤵
        • Boot or Logon Autostart Execution: Active Setup
        • Enumerates connected drives
        • Checks SCSI registry key(s)
        • Modifies registry class
        • Suspicious use of SendNotifyMessage
        PID:1148
      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
        1⤵
        • Modifies registry class
        • Suspicious use of SetWindowsHookEx
        PID:5104
      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
        1⤵
        • Modifies Internet Explorer settings
        • Modifies registry class
        • Suspicious use of SetWindowsHookEx
        PID:3600
      • C:\Windows\explorer.exe
        explorer.exe
        1⤵
        • Boot or Logon Autostart Execution: Active Setup
        • Enumerates connected drives
        • Checks SCSI registry key(s)
        • Modifies registry class
        PID:2160
      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
        1⤵
        • Suspicious use of SetWindowsHookEx
        PID:2976
      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
        1⤵
        • Modifies Internet Explorer settings
        • Modifies registry class
        • Suspicious use of SetWindowsHookEx
        PID:3984
      • C:\Windows\explorer.exe
        explorer.exe
        1⤵
        • Boot or Logon Autostart Execution: Active Setup
        • Enumerates connected drives
        • Checks SCSI registry key(s)
        • Modifies registry class
        PID:3048
      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
        1⤵
        • Modifies registry class
        • Suspicious use of SetWindowsHookEx
        PID:4388
      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
        1⤵
        • Modifies Internet Explorer settings
        • Modifies registry class
        • Suspicious use of SetWindowsHookEx
        PID:3600
      • C:\Windows\explorer.exe
        explorer.exe
        1⤵
        • Boot or Logon Autostart Execution: Active Setup
        • Enumerates connected drives
        • Checks SCSI registry key(s)
        • Modifies registry class
        PID:4132
      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
        1⤵
        • Suspicious use of SetWindowsHookEx
        PID:1496
      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
        1⤵
        • Modifies Internet Explorer settings
        • Modifies registry class
        • Suspicious use of SetWindowsHookEx
        PID:3468
      • C:\Windows\explorer.exe
        explorer.exe
        1⤵
        • Boot or Logon Autostart Execution: Active Setup
        • Enumerates connected drives
        • Checks SCSI registry key(s)
        • Modifies registry class
        PID:4028
      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
        1⤵
        • Suspicious use of SetWindowsHookEx
        PID:884
      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
        1⤵
        • Modifies Internet Explorer settings
        • Modifies registry class
        • Suspicious use of SetWindowsHookEx
        PID:4024
      • C:\Windows\explorer.exe
        explorer.exe
        1⤵
        • Boot or Logon Autostart Execution: Active Setup
        • Enumerates connected drives
        • Checks SCSI registry key(s)
        • Modifies registry class
        PID:3908
      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
        1⤵
        • Modifies registry class
        • Suspicious use of SetWindowsHookEx
        PID:3104
      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
        1⤵
          PID:2340
        • C:\Windows\explorer.exe
          explorer.exe
          1⤵
            PID:3796
          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
            1⤵
              PID:2444
            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
              1⤵
                PID:4784
              • C:\Windows\explorer.exe
                explorer.exe
                1⤵
                  PID:376
                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                  1⤵
                    PID:4284
                  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                    1⤵
                      PID:2468
                    • C:\Windows\explorer.exe
                      explorer.exe
                      1⤵
                        PID:2344
                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                        1⤵
                          PID:1468
                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                          1⤵
                            PID:2292
                          • C:\Windows\explorer.exe
                            explorer.exe
                            1⤵
                              PID:1984
                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                              1⤵
                                PID:1076
                              • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                1⤵
                                  PID:3104
                                • C:\Windows\explorer.exe
                                  explorer.exe
                                  1⤵
                                    PID:2992
                                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                    1⤵
                                      PID:3480
                                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                      1⤵
                                        PID:4364
                                      • C:\Windows\explorer.exe
                                        explorer.exe
                                        1⤵
                                          PID:4868
                                        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                          1⤵
                                            PID:4004
                                          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                            1⤵
                                              PID:3868
                                            • C:\Windows\explorer.exe
                                              explorer.exe
                                              1⤵
                                                PID:3480
                                              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                1⤵
                                                  PID:884
                                                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                  1⤵
                                                    PID:3660
                                                  • C:\Windows\explorer.exe
                                                    explorer.exe
                                                    1⤵
                                                      PID:3984
                                                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                      1⤵
                                                        PID:3220
                                                      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                        1⤵
                                                          PID:3596
                                                        • C:\Windows\explorer.exe
                                                          explorer.exe
                                                          1⤵
                                                            PID:4344
                                                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                            1⤵
                                                              PID:3048
                                                            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                              1⤵
                                                                PID:4132
                                                              • C:\Windows\explorer.exe
                                                                explorer.exe
                                                                1⤵
                                                                  PID:3476
                                                                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                  1⤵
                                                                    PID:1828
                                                                  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                    1⤵
                                                                      PID:1704
                                                                    • C:\Windows\explorer.exe
                                                                      explorer.exe
                                                                      1⤵
                                                                        PID:3532
                                                                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                        1⤵
                                                                          PID:4816
                                                                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                          1⤵
                                                                            PID:336
                                                                          • C:\Windows\explorer.exe
                                                                            explorer.exe
                                                                            1⤵
                                                                              PID:1588
                                                                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                              1⤵
                                                                                PID:3024
                                                                              • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                1⤵
                                                                                  PID:2684
                                                                                • C:\Windows\explorer.exe
                                                                                  explorer.exe
                                                                                  1⤵
                                                                                    PID:4260
                                                                                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                    1⤵
                                                                                      PID:2744
                                                                                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                      1⤵
                                                                                        PID:4100
                                                                                      • C:\Windows\explorer.exe
                                                                                        explorer.exe
                                                                                        1⤵
                                                                                          PID:4116
                                                                                        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                          1⤵
                                                                                            PID:3288
                                                                                          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                            1⤵
                                                                                              PID:3836
                                                                                            • C:\Windows\explorer.exe
                                                                                              explorer.exe
                                                                                              1⤵
                                                                                                PID:456
                                                                                              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                1⤵
                                                                                                  PID:3048
                                                                                                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                  1⤵
                                                                                                    PID:1508
                                                                                                  • C:\Windows\explorer.exe
                                                                                                    explorer.exe
                                                                                                    1⤵
                                                                                                      PID:5008
                                                                                                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                      1⤵
                                                                                                        PID:3420
                                                                                                      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                        1⤵
                                                                                                          PID:4360

                                                                                                        Network

                                                                                                        MITRE ATT&CK Enterprise v15

                                                                                                        Replay Monitor

                                                                                                        Loading Replay Monitor...

                                                                                                        Downloads

                                                                                                        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_6372E0472AFF76BB926C97818BC773B9
                                                                                                          Filesize

                                                                                                          471B

                                                                                                          MD5

                                                                                                          109b0900e7476ed981f16034b342d64b

                                                                                                          SHA1

                                                                                                          7abe77549520d523d52115a4bc97d78357af6699

                                                                                                          SHA256

                                                                                                          97a89e0b088fcaf6c8e44cbb2b05701b99c4e12619539e91dd0303a58b282257

                                                                                                          SHA512

                                                                                                          1afc2e959942ff517a35f47b5cce3fc7dbc731a61922acc5c0522854e7aac6f428e467609c88f93db3ba01efe83f18a165c5e2b5f7497fbfeb6de0b8eb3f3e63

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_6372E0472AFF76BB926C97818BC773B9
                                                                                                          Filesize

                                                                                                          420B

                                                                                                          MD5

                                                                                                          e3db0f468fd594119c69407fe272ed5e

                                                                                                          SHA1

                                                                                                          8f9592895c86058d8c50d32c9b2b97bc16641e0e

                                                                                                          SHA256

                                                                                                          e567509d57608a491edc0c878bcb3ddc037cd14ef9facca655741d6dff55ed6e

                                                                                                          SHA512

                                                                                                          971052f2b2c38298851dc78c13900c10fc528b84034f6d2364e72dc1626cea541eb23f9c599d0069085862e43d308bdd882d18f5b2ea40129d7f7036469e34a5

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\TokenBroker\Cache\fbaf94e759052658216786bfbabcdced1b67a5c2.tbres
                                                                                                          Filesize

                                                                                                          2KB

                                                                                                          MD5

                                                                                                          bb8d8b9f3d24fa0d496a51d7a1575f91

                                                                                                          SHA1

                                                                                                          487058d2506d4d9fc5f2fb9f75c3c6350aea0fab

                                                                                                          SHA256

                                                                                                          26cb5f9b373a0e27561c43d1cfb6f7ecfae2f73441a08353de0fcd0a291bde06

                                                                                                          SHA512

                                                                                                          a8115600ce9f54f837a63ff47d3ca4f26815febd0a84294c949006aa7d2360b87a9bd506454b353735680421863b8b4e368e2c423d95e2a92bfd82897ee3d876

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\MP05IF81\microsoft.windows[1].xml
                                                                                                          Filesize

                                                                                                          96B

                                                                                                          MD5

                                                                                                          188f8f76ad695de69c313c1113722ec5

                                                                                                          SHA1

                                                                                                          acf66cf340e75c0997ab844f745ed139e05b5c1c

                                                                                                          SHA256

                                                                                                          d926dfadf64142c9d6e871f8e3d4709e78b5e82e237fcde0680740eed9c82b5b

                                                                                                          SHA512

                                                                                                          00eb7bda00afe8efe5b3f29460e2d92d173911f7deabb097d9995fb9af556371c4cecb473d328c8f9c7c85978fd560b1b9cec723805c44bd167ff59c3cf5bbf3

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\AppData\Roaming\034B1\1170.34B
                                                                                                          Filesize

                                                                                                          1KB

                                                                                                          MD5

                                                                                                          cb5446a62fa79bd1486b992e02a840a5

                                                                                                          SHA1

                                                                                                          39e1e6e60d2778b451dd9176408e8e30565bc96d

                                                                                                          SHA256

                                                                                                          ebd8d2dbb7ff58eb7803e42897ec96ac69d45124ed6bc5a1005bd1e83d159485

                                                                                                          SHA512

                                                                                                          970ccb51653f2c8d3cb5240ed29f8498ba3896cedd3dac47e685053a491d5ba75e33e9e030af95f908a286d111e642d06974e422863f58cf7d1149156e9b59a3

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\AppData\Roaming\034B1\1170.34B
                                                                                                          Filesize

                                                                                                          600B

                                                                                                          MD5

                                                                                                          8477671c793b1b2c7faf855007ebdc5c

                                                                                                          SHA1

                                                                                                          a9676c79cc2e176705a80a4daf0c279d5f81a540

                                                                                                          SHA256

                                                                                                          3380879e4cbbd066204e5adea494e0f35b30a921ee994b02ebc1a5d714277f9d

                                                                                                          SHA512

                                                                                                          863e2d1d7dcb094b49b5fccbbe8bfb724690509411f931ad44175f1b376598a2b2bcec4e25c5314f25f2c9c2ca2a05fc24513de3c3b65c460b34315da0021bbf

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\AppData\Roaming\034B1\1170.34B
                                                                                                          Filesize

                                                                                                          996B

                                                                                                          MD5

                                                                                                          f8daa727c16ec46972b5b7990e28e1b1

                                                                                                          SHA1

                                                                                                          869f4ad8703a0b40437d8070c52f0cad3307bf0b

                                                                                                          SHA256

                                                                                                          c4bcca3a4ea452a37d431b2d682581a3294b4729e65a78de86e836b6a4935ba7

                                                                                                          SHA512

                                                                                                          3d2cf7a8514ea087bc996d72c5e7e82acf75ed1ec113ddcc64c19ca6f3762b90e9b2045200b01648721eb110bfb6ed98a02f205c7aafd0a74695930f0a876bef

                                                                                                          Download Submit

                                                                                                        • memory/376-1374-0x0000000004680000-0x0000000004681000-memory.dmp

                                                                                                          Filesize

                                                                                                          4KB

                                                                                                          Download

                                                                                                        • memory/820-189-0x0000017902500000-0x0000017902600000-memory.dmp

                                                                                                          Filesize

                                                                                                          1024KB

                                                                                                          Download

                                                                                                        • memory/820-206-0x0000017902FB0000-0x0000017902FD0000-memory.dmp

                                                                                                          Filesize

                                                                                                          128KB

                                                                                                          Download

                                                                                                        • memory/820-194-0x0000017903300000-0x0000017903320000-memory.dmp

                                                                                                          Filesize

                                                                                                          128KB

                                                                                                          Download

                                                                                                        • memory/820-225-0x00000179038C0000-0x00000179038E0000-memory.dmp

                                                                                                          Filesize

                                                                                                          128KB

                                                                                                          Download

                                                                                                        • memory/1148-344-0x0000000002950000-0x0000000002951000-memory.dmp

                                                                                                          Filesize

                                                                                                          4KB

                                                                                                          Download

                                                                                                        • memory/2160-489-0x0000000004BD0000-0x0000000004BD1000-memory.dmp

                                                                                                          Filesize

                                                                                                          4KB

                                                                                                          Download

                                                                                                        • memory/2260-1-0x0000000000400000-0x000000000044C000-memory.dmp

                                                                                                          Filesize

                                                                                                          304KB

                                                                                                          Download

                                                                                                        • memory/2260-139-0x0000000000400000-0x000000000044C000-memory.dmp

                                                                                                          Filesize

                                                                                                          304KB

                                                                                                          Download

                                                                                                        • memory/2260-15-0x0000000000400000-0x000000000044C000-memory.dmp

                                                                                                          Filesize

                                                                                                          304KB

                                                                                                          Download

                                                                                                        • memory/2260-1226-0x0000000000400000-0x000000000044C000-memory.dmp

                                                                                                          Filesize

                                                                                                          304KB

                                                                                                          Download

                                                                                                        • memory/2260-2-0x0000000000400000-0x000000000044C000-memory.dmp

                                                                                                          Filesize

                                                                                                          304KB

                                                                                                          Download

                                                                                                        • memory/2340-1116-0x000002AC1A1E0000-0x000002AC1A200000-memory.dmp

                                                                                                          Filesize

                                                                                                          128KB

                                                                                                          Download

                                                                                                        • memory/2340-1084-0x000002AC18B00000-0x000002AC18C00000-memory.dmp

                                                                                                          Filesize

                                                                                                          1024KB

                                                                                                          Download

                                                                                                        • memory/2340-1089-0x000002AC19E20000-0x000002AC19E40000-memory.dmp

                                                                                                          Filesize

                                                                                                          128KB

                                                                                                          Download

                                                                                                        • memory/2340-1103-0x000002AC19BD0000-0x000002AC19BF0000-memory.dmp

                                                                                                          Filesize

                                                                                                          128KB

                                                                                                          Download

                                                                                                        • memory/2340-1085-0x000002AC18B00000-0x000002AC18C00000-memory.dmp

                                                                                                          Filesize

                                                                                                          1024KB

                                                                                                          Download

                                                                                                        • memory/2340-1086-0x000002AC18B00000-0x000002AC18C00000-memory.dmp

                                                                                                          Filesize

                                                                                                          1024KB

                                                                                                          Download

                                                                                                        • memory/2468-1381-0x000001C9AA6E0000-0x000001C9AA700000-memory.dmp

                                                                                                          Filesize

                                                                                                          128KB

                                                                                                          Download

                                                                                                        • memory/2468-1376-0x000001C9A9800000-0x000001C9A9900000-memory.dmp

                                                                                                          Filesize

                                                                                                          1024KB

                                                                                                          Download

                                                                                                        • memory/2468-1378-0x000001C9A9800000-0x000001C9A9900000-memory.dmp

                                                                                                          Filesize

                                                                                                          1024KB

                                                                                                          Download

                                                                                                        • memory/3028-80-0x0000000000400000-0x000000000044C000-memory.dmp

                                                                                                          Filesize

                                                                                                          304KB

                                                                                                          Download

                                                                                                        • memory/3028-78-0x0000000000400000-0x000000000044C000-memory.dmp

                                                                                                          Filesize

                                                                                                          304KB

                                                                                                          Download

                                                                                                        • memory/3048-636-0x0000000004230000-0x0000000004231000-memory.dmp

                                                                                                          Filesize

                                                                                                          4KB

                                                                                                          Download

                                                                                                        • memory/3468-804-0x000001466B250000-0x000001466B270000-memory.dmp

                                                                                                          Filesize

                                                                                                          128KB

                                                                                                          Download

                                                                                                        • memory/3468-787-0x000001466B290000-0x000001466B2B0000-memory.dmp

                                                                                                          Filesize

                                                                                                          128KB

                                                                                                          Download

                                                                                                        • memory/3468-816-0x000001466B660000-0x000001466B680000-memory.dmp

                                                                                                          Filesize

                                                                                                          128KB

                                                                                                          Download

                                                                                                        • memory/3600-655-0x00000215DBF50000-0x00000215DBF70000-memory.dmp

                                                                                                          Filesize

                                                                                                          128KB

                                                                                                          Download

                                                                                                        • memory/3600-642-0x00000215DBF90000-0x00000215DBFB0000-memory.dmp

                                                                                                          Filesize

                                                                                                          128KB

                                                                                                          Download

                                                                                                        • memory/3600-674-0x00000215DC360000-0x00000215DC380000-memory.dmp

                                                                                                          Filesize

                                                                                                          128KB

                                                                                                          Download

                                                                                                        • memory/3600-373-0x000001F69F120000-0x000001F69F140000-memory.dmp

                                                                                                          Filesize

                                                                                                          128KB

                                                                                                          Download

                                                                                                        • memory/3600-637-0x0000020DD9E40000-0x0000020DD9F40000-memory.dmp

                                                                                                          Filesize

                                                                                                          1024KB

                                                                                                          Download

                                                                                                        • memory/3600-362-0x000001F69ED20000-0x000001F69ED40000-memory.dmp

                                                                                                          Filesize

                                                                                                          128KB

                                                                                                          Download

                                                                                                        • memory/3600-345-0x000001F69DC00000-0x000001F69DD00000-memory.dmp

                                                                                                          Filesize

                                                                                                          1024KB

                                                                                                          Download

                                                                                                        • memory/3600-350-0x000001F69ED60000-0x000001F69ED80000-memory.dmp

                                                                                                          Filesize

                                                                                                          128KB

                                                                                                          Download

                                                                                                        • memory/3600-346-0x000001F69DC00000-0x000001F69DD00000-memory.dmp

                                                                                                          Filesize

                                                                                                          1024KB

                                                                                                          Download

                                                                                                        • memory/3796-1228-0x0000000004A60000-0x0000000004A61000-memory.dmp

                                                                                                          Filesize

                                                                                                          4KB

                                                                                                          Download

                                                                                                        • memory/3824-10-0x0000000000400000-0x000000000044C000-memory.dmp

                                                                                                          Filesize

                                                                                                          304KB

                                                                                                          Download

                                                                                                        • memory/3824-8-0x0000000000400000-0x000000000044C000-memory.dmp

                                                                                                          Filesize

                                                                                                          304KB

                                                                                                          Download

                                                                                                        • memory/3908-1082-0x0000000002650000-0x0000000002651000-memory.dmp

                                                                                                          Filesize

                                                                                                          4KB

                                                                                                          Download

                                                                                                        • memory/3984-507-0x000001755C660000-0x000001755C680000-memory.dmp

                                                                                                          Filesize

                                                                                                          128KB

                                                                                                          Download

                                                                                                        • memory/3984-497-0x000001755C6A0000-0x000001755C6C0000-memory.dmp

                                                                                                          Filesize

                                                                                                          128KB

                                                                                                          Download

                                                                                                        • memory/3984-528-0x000001755CC80000-0x000001755CCA0000-memory.dmp

                                                                                                          Filesize

                                                                                                          128KB

                                                                                                          Download

                                                                                                        • memory/4024-932-0x000001AC7E800000-0x000001AC7E900000-memory.dmp

                                                                                                          Filesize

                                                                                                          1024KB

                                                                                                          Download

                                                                                                        • memory/4024-933-0x000001AC7E800000-0x000001AC7E900000-memory.dmp

                                                                                                          Filesize

                                                                                                          1024KB

                                                                                                          Download

                                                                                                        • memory/4024-969-0x000001AC7FCE0000-0x000001AC7FD00000-memory.dmp

                                                                                                          Filesize

                                                                                                          128KB

                                                                                                          Download

                                                                                                        • memory/4024-937-0x000001AC7F700000-0x000001AC7F720000-memory.dmp

                                                                                                          Filesize

                                                                                                          128KB

                                                                                                          Download

                                                                                                        • memory/4024-954-0x000001AC7F6C0000-0x000001AC7F6E0000-memory.dmp

                                                                                                          Filesize

                                                                                                          128KB

                                                                                                          Download

                                                                                                        • memory/4028-930-0x00000000040F0000-0x00000000040F1000-memory.dmp

                                                                                                          Filesize

                                                                                                          4KB

                                                                                                          Download

                                                                                                        • memory/4132-780-0x00000000042C0000-0x00000000042C1000-memory.dmp

                                                                                                          Filesize

                                                                                                          4KB

                                                                                                          Download

                                                                                                        • memory/4140-187-0x0000000003790000-0x0000000003791000-memory.dmp

                                                                                                          Filesize

                                                                                                          4KB

                                                                                                          Download

                                                                                                        • memory/4784-1232-0x000002B3F7520000-0x000002B3F7620000-memory.dmp

                                                                                                          Filesize

                                                                                                          1024KB

                                                                                                          Download

                                                                                                        • memory/4784-1244-0x000002B3F8630000-0x000002B3F8650000-memory.dmp

                                                                                                          Filesize

                                                                                                          128KB

                                                                                                          Download

                                                                                                        • memory/4784-1267-0x000002B3F8A40000-0x000002B3F8A60000-memory.dmp

                                                                                                          Filesize

                                                                                                          128KB

                                                                                                          Download

                                                                                                        • memory/4784-1230-0x000002B3F7520000-0x000002B3F7620000-memory.dmp

                                                                                                          Filesize

                                                                                                          1024KB

                                                                                                          Download

                                                                                                        • memory/4784-1235-0x000002B3F8670000-0x000002B3F8690000-memory.dmp

                                                                                                          Filesize

                                                                                                          128KB

                                                                                                          Download

                                                                                                        • memory/4784-1231-0x000002B3F7520000-0x000002B3F7620000-memory.dmp

                                                                                                          Filesize

                                                                                                          1024KB

                                                                                                          Download