Analysis
-
max time kernel
109s -
max time network
69s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
04-10-2024 10:49
Behavioral task
behavioral1
Sample
2024-10-04_1c49ec489a2e338afce7cbca2161a035_darkside.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
2024-10-04_1c49ec489a2e338afce7cbca2161a035_darkside.exe
Resource
win10v2004-20240802-en
General
-
Target
2024-10-04_1c49ec489a2e338afce7cbca2161a035_darkside.exe
-
Size
153KB
-
MD5
1c49ec489a2e338afce7cbca2161a035
-
SHA1
9495ec90275745b9f23bf1e3116d7a00c8a26412
-
SHA256
62bc717e6da4e21751362a7c3893fde74b0531bb37696aa9462c4067b5b95bbe
-
SHA512
fa2b443459626000291f39899e9cc435f4e5dbf7b089d26f4ded150587e9dca4c36170e83765af4aa58665b00257648f427bc94d4c5e4149d4660f99a6ba3974
-
SSDEEP
3072:m6glyuxE4GsUPnliByocWepmOiBs/9WpiFfLiU:m6gDBGpvEByocWeI9Bg9W
Malware Config
Extracted
C:\iTMxVCUhe.README.txt
lockbit
http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion
http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion
http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion
http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion
http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion
http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion
http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion
http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion
http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion
http://lockbitapt.uz
http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly
http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion.ly
http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion.ly
http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion.ly
http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion.ly
http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion.ly
http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion.ly
http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion.ly
http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.ly
https://twitter.com/hashtag/lockbit?f=live
http://lockbitsupt7nr3fa6e7xyb73lk6bw6rcneqhoyblniiabj4uwvzapqd.onion
http://lockbitsupuhswh4izvoucoxsbnotkmgq6durg7kficg6u33zfvq3oyd.onion
http://lockbitsupn2h6be2cnqpvncyhj4rgmnwn44633hnzzmtxdvjoqlp7yd.onion
http://lockbitsupp.uz
https://tox.chat/download.html
Signatures
-
Lockbit
Ransomware family with multiple variants released since late 2019.
-
Renames multiple (4110) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Deletes itself 1 IoCs
pid Process 692 DAB6.tmp -
Executes dropped EXE 1 IoCs
pid Process 692 DAB6.tmp -
Loads dropped DLL 1 IoCs
pid Process 2168 2024-10-04_1c49ec489a2e338afce7cbca2161a035_darkside.exe -
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Drops desktop.ini file(s) 2 IoCs
description ioc Process File opened for modification C:\$Recycle.Bin\S-1-5-21-457978338-2990298471-2379561640-1000\desktop.ini 2024-10-04_1c49ec489a2e338afce7cbca2161a035_darkside.exe File opened for modification F:\$RECYCLE.BIN\S-1-5-21-457978338-2990298471-2379561640-1000\desktop.ini 2024-10-04_1c49ec489a2e338afce7cbca2161a035_darkside.exe -
Indicator Removal: File Deletion 1 TTPs
Adversaries may delete files left behind by the actions of their intrusion activity.
-
Sets desktop wallpaper using registry 2 TTPs 2 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Control Panel\Desktop\WallPaper = "C:\\ProgramData\\iTMxVCUhe.bmp" 2024-10-04_1c49ec489a2e338afce7cbca2161a035_darkside.exe Set value (str) \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Control Panel\Desktop\Wallpaper = "C:\\ProgramData\\iTMxVCUhe.bmp" 2024-10-04_1c49ec489a2e338afce7cbca2161a035_darkside.exe -
Suspicious use of NtSetInformationThreadHideFromDebugger 5 IoCs
pid Process 2168 2024-10-04_1c49ec489a2e338afce7cbca2161a035_darkside.exe 2168 2024-10-04_1c49ec489a2e338afce7cbca2161a035_darkside.exe 2168 2024-10-04_1c49ec489a2e338afce7cbca2161a035_darkside.exe 2168 2024-10-04_1c49ec489a2e338afce7cbca2161a035_darkside.exe 692 DAB6.tmp -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 3 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 2024-10-04_1c49ec489a2e338afce7cbca2161a035_darkside.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language DAB6.tmp Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe -
Modifies Control Panel 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Control Panel\Desktop 2024-10-04_1c49ec489a2e338afce7cbca2161a035_darkside.exe Set value (str) \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Control Panel\Desktop\WallpaperStyle = "10" 2024-10-04_1c49ec489a2e338afce7cbca2161a035_darkside.exe -
Modifies registry class 5 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.iTMxVCUhe 2024-10-04_1c49ec489a2e338afce7cbca2161a035_darkside.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.iTMxVCUhe\ = "iTMxVCUhe" 2024-10-04_1c49ec489a2e338afce7cbca2161a035_darkside.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\iTMxVCUhe\DefaultIcon 2024-10-04_1c49ec489a2e338afce7cbca2161a035_darkside.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\iTMxVCUhe 2024-10-04_1c49ec489a2e338afce7cbca2161a035_darkside.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\iTMxVCUhe\DefaultIcon\ = "C:\\ProgramData\\iTMxVCUhe.ico" 2024-10-04_1c49ec489a2e338afce7cbca2161a035_darkside.exe -
Suspicious behavior: EnumeratesProcesses 50 IoCs
pid Process 2168 2024-10-04_1c49ec489a2e338afce7cbca2161a035_darkside.exe 2168 2024-10-04_1c49ec489a2e338afce7cbca2161a035_darkside.exe 2168 2024-10-04_1c49ec489a2e338afce7cbca2161a035_darkside.exe 2168 2024-10-04_1c49ec489a2e338afce7cbca2161a035_darkside.exe 2168 2024-10-04_1c49ec489a2e338afce7cbca2161a035_darkside.exe 2168 2024-10-04_1c49ec489a2e338afce7cbca2161a035_darkside.exe 2168 2024-10-04_1c49ec489a2e338afce7cbca2161a035_darkside.exe 2168 2024-10-04_1c49ec489a2e338afce7cbca2161a035_darkside.exe 2168 2024-10-04_1c49ec489a2e338afce7cbca2161a035_darkside.exe 2168 2024-10-04_1c49ec489a2e338afce7cbca2161a035_darkside.exe 2168 2024-10-04_1c49ec489a2e338afce7cbca2161a035_darkside.exe 2168 2024-10-04_1c49ec489a2e338afce7cbca2161a035_darkside.exe 2168 2024-10-04_1c49ec489a2e338afce7cbca2161a035_darkside.exe 2168 2024-10-04_1c49ec489a2e338afce7cbca2161a035_darkside.exe 2168 2024-10-04_1c49ec489a2e338afce7cbca2161a035_darkside.exe 2168 2024-10-04_1c49ec489a2e338afce7cbca2161a035_darkside.exe 2168 2024-10-04_1c49ec489a2e338afce7cbca2161a035_darkside.exe 2168 2024-10-04_1c49ec489a2e338afce7cbca2161a035_darkside.exe 2168 2024-10-04_1c49ec489a2e338afce7cbca2161a035_darkside.exe 2168 2024-10-04_1c49ec489a2e338afce7cbca2161a035_darkside.exe 2168 2024-10-04_1c49ec489a2e338afce7cbca2161a035_darkside.exe 2168 2024-10-04_1c49ec489a2e338afce7cbca2161a035_darkside.exe 2168 2024-10-04_1c49ec489a2e338afce7cbca2161a035_darkside.exe 2168 2024-10-04_1c49ec489a2e338afce7cbca2161a035_darkside.exe 2168 2024-10-04_1c49ec489a2e338afce7cbca2161a035_darkside.exe 2168 2024-10-04_1c49ec489a2e338afce7cbca2161a035_darkside.exe 2168 2024-10-04_1c49ec489a2e338afce7cbca2161a035_darkside.exe 2168 2024-10-04_1c49ec489a2e338afce7cbca2161a035_darkside.exe 2168 2024-10-04_1c49ec489a2e338afce7cbca2161a035_darkside.exe 2168 2024-10-04_1c49ec489a2e338afce7cbca2161a035_darkside.exe 2168 2024-10-04_1c49ec489a2e338afce7cbca2161a035_darkside.exe 2168 2024-10-04_1c49ec489a2e338afce7cbca2161a035_darkside.exe 2168 2024-10-04_1c49ec489a2e338afce7cbca2161a035_darkside.exe 2168 2024-10-04_1c49ec489a2e338afce7cbca2161a035_darkside.exe 2168 2024-10-04_1c49ec489a2e338afce7cbca2161a035_darkside.exe 2168 2024-10-04_1c49ec489a2e338afce7cbca2161a035_darkside.exe 2168 2024-10-04_1c49ec489a2e338afce7cbca2161a035_darkside.exe 2168 2024-10-04_1c49ec489a2e338afce7cbca2161a035_darkside.exe 2168 2024-10-04_1c49ec489a2e338afce7cbca2161a035_darkside.exe 2168 2024-10-04_1c49ec489a2e338afce7cbca2161a035_darkside.exe 2168 2024-10-04_1c49ec489a2e338afce7cbca2161a035_darkside.exe 2168 2024-10-04_1c49ec489a2e338afce7cbca2161a035_darkside.exe 2168 2024-10-04_1c49ec489a2e338afce7cbca2161a035_darkside.exe 2168 2024-10-04_1c49ec489a2e338afce7cbca2161a035_darkside.exe 2168 2024-10-04_1c49ec489a2e338afce7cbca2161a035_darkside.exe 2168 2024-10-04_1c49ec489a2e338afce7cbca2161a035_darkside.exe 2168 2024-10-04_1c49ec489a2e338afce7cbca2161a035_darkside.exe 2168 2024-10-04_1c49ec489a2e338afce7cbca2161a035_darkside.exe 2168 2024-10-04_1c49ec489a2e338afce7cbca2161a035_darkside.exe 2168 2024-10-04_1c49ec489a2e338afce7cbca2161a035_darkside.exe -
Suspicious behavior: RenamesItself 26 IoCs
pid Process 692 DAB6.tmp 692 DAB6.tmp 692 DAB6.tmp 692 DAB6.tmp 692 DAB6.tmp 692 DAB6.tmp 692 DAB6.tmp 692 DAB6.tmp 692 DAB6.tmp 692 DAB6.tmp 692 DAB6.tmp 692 DAB6.tmp 692 DAB6.tmp 692 DAB6.tmp 692 DAB6.tmp 692 DAB6.tmp 692 DAB6.tmp 692 DAB6.tmp 692 DAB6.tmp 692 DAB6.tmp 692 DAB6.tmp 692 DAB6.tmp 692 DAB6.tmp 692 DAB6.tmp 692 DAB6.tmp 692 DAB6.tmp -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeAssignPrimaryTokenPrivilege 2168 2024-10-04_1c49ec489a2e338afce7cbca2161a035_darkside.exe Token: SeBackupPrivilege 2168 2024-10-04_1c49ec489a2e338afce7cbca2161a035_darkside.exe Token: SeDebugPrivilege 2168 2024-10-04_1c49ec489a2e338afce7cbca2161a035_darkside.exe Token: 36 2168 2024-10-04_1c49ec489a2e338afce7cbca2161a035_darkside.exe Token: SeImpersonatePrivilege 2168 2024-10-04_1c49ec489a2e338afce7cbca2161a035_darkside.exe Token: SeIncBasePriorityPrivilege 2168 2024-10-04_1c49ec489a2e338afce7cbca2161a035_darkside.exe Token: SeIncreaseQuotaPrivilege 2168 2024-10-04_1c49ec489a2e338afce7cbca2161a035_darkside.exe Token: 33 2168 2024-10-04_1c49ec489a2e338afce7cbca2161a035_darkside.exe Token: SeManageVolumePrivilege 2168 2024-10-04_1c49ec489a2e338afce7cbca2161a035_darkside.exe Token: SeProfSingleProcessPrivilege 2168 2024-10-04_1c49ec489a2e338afce7cbca2161a035_darkside.exe Token: SeRestorePrivilege 2168 2024-10-04_1c49ec489a2e338afce7cbca2161a035_darkside.exe Token: SeSecurityPrivilege 2168 2024-10-04_1c49ec489a2e338afce7cbca2161a035_darkside.exe Token: SeSystemProfilePrivilege 2168 2024-10-04_1c49ec489a2e338afce7cbca2161a035_darkside.exe Token: SeTakeOwnershipPrivilege 2168 2024-10-04_1c49ec489a2e338afce7cbca2161a035_darkside.exe Token: SeShutdownPrivilege 2168 2024-10-04_1c49ec489a2e338afce7cbca2161a035_darkside.exe Token: SeDebugPrivilege 2168 2024-10-04_1c49ec489a2e338afce7cbca2161a035_darkside.exe Token: SeBackupPrivilege 2168 2024-10-04_1c49ec489a2e338afce7cbca2161a035_darkside.exe Token: SeBackupPrivilege 2168 2024-10-04_1c49ec489a2e338afce7cbca2161a035_darkside.exe Token: SeSecurityPrivilege 2168 2024-10-04_1c49ec489a2e338afce7cbca2161a035_darkside.exe Token: SeSecurityPrivilege 2168 2024-10-04_1c49ec489a2e338afce7cbca2161a035_darkside.exe Token: SeBackupPrivilege 2168 2024-10-04_1c49ec489a2e338afce7cbca2161a035_darkside.exe Token: SeBackupPrivilege 2168 2024-10-04_1c49ec489a2e338afce7cbca2161a035_darkside.exe Token: SeSecurityPrivilege 2168 2024-10-04_1c49ec489a2e338afce7cbca2161a035_darkside.exe Token: SeSecurityPrivilege 2168 2024-10-04_1c49ec489a2e338afce7cbca2161a035_darkside.exe Token: SeBackupPrivilege 2168 2024-10-04_1c49ec489a2e338afce7cbca2161a035_darkside.exe Token: SeBackupPrivilege 2168 2024-10-04_1c49ec489a2e338afce7cbca2161a035_darkside.exe Token: SeSecurityPrivilege 2168 2024-10-04_1c49ec489a2e338afce7cbca2161a035_darkside.exe Token: SeSecurityPrivilege 2168 2024-10-04_1c49ec489a2e338afce7cbca2161a035_darkside.exe Token: SeBackupPrivilege 2168 2024-10-04_1c49ec489a2e338afce7cbca2161a035_darkside.exe Token: SeBackupPrivilege 2168 2024-10-04_1c49ec489a2e338afce7cbca2161a035_darkside.exe Token: SeSecurityPrivilege 2168 2024-10-04_1c49ec489a2e338afce7cbca2161a035_darkside.exe Token: SeSecurityPrivilege 2168 2024-10-04_1c49ec489a2e338afce7cbca2161a035_darkside.exe Token: SeBackupPrivilege 2168 2024-10-04_1c49ec489a2e338afce7cbca2161a035_darkside.exe Token: SeBackupPrivilege 2168 2024-10-04_1c49ec489a2e338afce7cbca2161a035_darkside.exe Token: SeSecurityPrivilege 2168 2024-10-04_1c49ec489a2e338afce7cbca2161a035_darkside.exe Token: SeSecurityPrivilege 2168 2024-10-04_1c49ec489a2e338afce7cbca2161a035_darkside.exe Token: SeBackupPrivilege 2168 2024-10-04_1c49ec489a2e338afce7cbca2161a035_darkside.exe Token: SeBackupPrivilege 2168 2024-10-04_1c49ec489a2e338afce7cbca2161a035_darkside.exe Token: SeSecurityPrivilege 2168 2024-10-04_1c49ec489a2e338afce7cbca2161a035_darkside.exe Token: SeSecurityPrivilege 2168 2024-10-04_1c49ec489a2e338afce7cbca2161a035_darkside.exe Token: SeBackupPrivilege 2168 2024-10-04_1c49ec489a2e338afce7cbca2161a035_darkside.exe Token: SeBackupPrivilege 2168 2024-10-04_1c49ec489a2e338afce7cbca2161a035_darkside.exe Token: SeSecurityPrivilege 2168 2024-10-04_1c49ec489a2e338afce7cbca2161a035_darkside.exe Token: SeSecurityPrivilege 2168 2024-10-04_1c49ec489a2e338afce7cbca2161a035_darkside.exe Token: SeBackupPrivilege 2168 2024-10-04_1c49ec489a2e338afce7cbca2161a035_darkside.exe Token: SeBackupPrivilege 2168 2024-10-04_1c49ec489a2e338afce7cbca2161a035_darkside.exe Token: SeSecurityPrivilege 2168 2024-10-04_1c49ec489a2e338afce7cbca2161a035_darkside.exe Token: SeSecurityPrivilege 2168 2024-10-04_1c49ec489a2e338afce7cbca2161a035_darkside.exe Token: SeBackupPrivilege 2168 2024-10-04_1c49ec489a2e338afce7cbca2161a035_darkside.exe Token: SeBackupPrivilege 2168 2024-10-04_1c49ec489a2e338afce7cbca2161a035_darkside.exe Token: SeSecurityPrivilege 2168 2024-10-04_1c49ec489a2e338afce7cbca2161a035_darkside.exe Token: SeSecurityPrivilege 2168 2024-10-04_1c49ec489a2e338afce7cbca2161a035_darkside.exe Token: SeBackupPrivilege 2168 2024-10-04_1c49ec489a2e338afce7cbca2161a035_darkside.exe Token: SeBackupPrivilege 2168 2024-10-04_1c49ec489a2e338afce7cbca2161a035_darkside.exe Token: SeSecurityPrivilege 2168 2024-10-04_1c49ec489a2e338afce7cbca2161a035_darkside.exe Token: SeSecurityPrivilege 2168 2024-10-04_1c49ec489a2e338afce7cbca2161a035_darkside.exe Token: SeBackupPrivilege 2168 2024-10-04_1c49ec489a2e338afce7cbca2161a035_darkside.exe Token: SeBackupPrivilege 2168 2024-10-04_1c49ec489a2e338afce7cbca2161a035_darkside.exe Token: SeSecurityPrivilege 2168 2024-10-04_1c49ec489a2e338afce7cbca2161a035_darkside.exe Token: SeSecurityPrivilege 2168 2024-10-04_1c49ec489a2e338afce7cbca2161a035_darkside.exe Token: SeBackupPrivilege 2168 2024-10-04_1c49ec489a2e338afce7cbca2161a035_darkside.exe Token: SeBackupPrivilege 2168 2024-10-04_1c49ec489a2e338afce7cbca2161a035_darkside.exe Token: SeSecurityPrivilege 2168 2024-10-04_1c49ec489a2e338afce7cbca2161a035_darkside.exe Token: SeSecurityPrivilege 2168 2024-10-04_1c49ec489a2e338afce7cbca2161a035_darkside.exe -
Suspicious use of WriteProcessMemory 9 IoCs
description pid Process procid_target PID 2168 wrote to memory of 692 2168 2024-10-04_1c49ec489a2e338afce7cbca2161a035_darkside.exe 31 PID 2168 wrote to memory of 692 2168 2024-10-04_1c49ec489a2e338afce7cbca2161a035_darkside.exe 31 PID 2168 wrote to memory of 692 2168 2024-10-04_1c49ec489a2e338afce7cbca2161a035_darkside.exe 31 PID 2168 wrote to memory of 692 2168 2024-10-04_1c49ec489a2e338afce7cbca2161a035_darkside.exe 31 PID 2168 wrote to memory of 692 2168 2024-10-04_1c49ec489a2e338afce7cbca2161a035_darkside.exe 31 PID 692 wrote to memory of 2208 692 DAB6.tmp 32 PID 692 wrote to memory of 2208 692 DAB6.tmp 32 PID 692 wrote to memory of 2208 692 DAB6.tmp 32 PID 692 wrote to memory of 2208 692 DAB6.tmp 32
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-10-04_1c49ec489a2e338afce7cbca2161a035_darkside.exe"C:\Users\Admin\AppData\Local\Temp\2024-10-04_1c49ec489a2e338afce7cbca2161a035_darkside.exe"1⤵
- Loads dropped DLL
- Drops desktop.ini file(s)
- Sets desktop wallpaper using registry
- Suspicious use of NtSetInformationThreadHideFromDebugger
- System Location Discovery: System Language Discovery
- Modifies Control Panel
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2168 -
C:\ProgramData\DAB6.tmp"C:\ProgramData\DAB6.tmp"2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
- System Location Discovery: System Language Discovery
- Suspicious behavior: RenamesItself
- Suspicious use of WriteProcessMemory
PID:692 -
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /C DEL /F /Q C:\PROGRA~3\DAB6.tmp >> NUL3⤵
- System Location Discovery: System Language Discovery
PID:2208
-
-
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x1501⤵PID:2544
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
129B
MD517c46eb9ddce89d5e79aaf73664fc0cb
SHA1be6362fa3922c4edf044fbf70a6c611c1ca85aa2
SHA256d70714507b9af58bffb34280d1ae3dcbcad438f30e0d1d5cb6579306c6340c82
SHA512c02fdc1fe61790cb7775e93bd49cb7f038a193ba9e631474520218c87abe3552d0e8ebc9a3d413afd7005911c8ac713c8fac57f62472571393612572be739b75
-
Filesize
153KB
MD58aef577d2f7c1906fd2cbef41430083d
SHA1dc2bc4926bbef1ddef5e4c97c0588f5d2a64eb18
SHA256589aa641afa501779b4eb90b9d794c54dd421cdd23b98abd93093037e2bcc9d0
SHA5129089b5409db96f3b79bd329da1f541b8e76c760fff18a401bf024c7b580ceb6258d3df1f0c2b32992c62ca0aa131bf9a49337866554adc452fb3b01e3ffa2081
-
Filesize
6KB
MD51ca95099cb617838b9cdd9afc1723a13
SHA19bec8d452775e06c52dec5b12643cbc97bf369e9
SHA256ab293103440375674db677c834f9576bd7b9b5ba4b68e20524aca9a141196cd2
SHA5129b68193b859ee6cfd068fb23e8f5abdc0ca779abe0d24342ca42659e9d5a97e1dca3afd19228d21397b32ec41c9ba64a701ea93643be1cf218fed229f5702a1c
-
Filesize
129B
MD5b15f227e3f48a1c7e02657b1256fe973
SHA1707186de93312a6f61ec9aa267e5708fa6661a27
SHA2564f1caa299233940e2a528de840145c8f27af6f16184a4fe364cbcb5c1221d025
SHA512f59b463e0edbd57ae2e66609ec58a216abcce2fcd3313d94892c5e9cf69741b60cdb23f4ec6e1b96f36b6db96b44f473f1cabd80a259f0ddc2804cf3af73f28e
-
Filesize
14KB
MD5294e9f64cb1642dd89229fff0592856b
SHA197b148c27f3da29ba7b18d6aee8a0db9102f47c9
SHA256917e115cc403e29b4388e0d175cbfac3e7e40ca1742299fbdb353847db2de7c2
SHA512b87d531890bf1577b9b4af41dddb2cdbbfa164cf197bd5987df3a3075983645a3acba443e289b7bfd338422978a104f55298fbfe346872de0895bde44adc89cf