Analysis
-
max time kernel
149s -
max time network
148s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
13-10-2024 15:25
General
-
Target
409e0a90f1d77bfa0a64162fef75dee5_JaffaCakes118.exe
-
Size
742KB
-
MD5
409e0a90f1d77bfa0a64162fef75dee5
-
SHA1
fdd709f4f426784b8deddf13bbc9cc9ee0432b35
-
SHA256
2351ea88e204dd23c942610956d2d8a89761794c3db853b55dfd0dd3cd8fb538
-
SHA512
8f884a581eb6f2f910d572607826343b5cabc4ba6bb68f96e2f065c6c7a076492aea175243b21ab84760c1bb0c817af56b5283146c91f49daec500838faa4053
-
SSDEEP
12288:orgdNDEpK58V1oY++f/P3R6qhBA0fEpRRmh7yu4rLqXTViJ1iiB2tt/7OZSE5hVz:orUdEo+1o2J6qndEpReOuGO4vB2tt/7+
Score
10/10
Malware Config
Signatures
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Checks computer location settings 2 TTPs 8 IoCs
Looks up country code configured in the registry, likely geofence.
-
Deletes itself 1 IoCs
-
Executes dropped EXE 61 IoCs
-
Loads dropped DLL 64 IoCs
-
Adds Run key to start application 2 TTPs 52 IoCs
-
Suspicious use of SetThreadContext 46 IoCs
-
UPX packed file 12 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Drops file in Windows directory 2 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Program crash 2 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
NSIS installer 4 IoCs
-
Checks SCSI registry key(s) 3 TTPs 48 IoCs
SCSI information is often read in order to detect sandboxing environments.
-
Suspicious behavior: EnumeratesProcesses 12 IoCs
-
Suspicious use of SetWindowsHookEx 12 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\409e0a90f1d77bfa0a64162fef75dee5_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\409e0a90f1d77bfa0a64162fef75dee5_JaffaCakes118.exe"1⤵
- Loads dropped DLL
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\409e0a90f1d77bfa0a64162fef75dee5_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\409e0a90f1d77bfa0a64162fef75dee5_JaffaCakes118.exe"2⤵
- Checks computer location settings
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\mxsetup.exe"C:\Users\Admin\AppData\Local\Temp\mxsetup.exe"3⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\nsfD275.tmp\install_data\MxInstallOnline.exe"C:\Users\Admin\AppData\Local\Temp\nsfD275.tmp\install_data\MxInstallOnline.exe"4⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
-
-
-
C:\Users\Admin\AppData\Local\Temp\409e0a90f1d77bfa0a64162fef75dee5_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\409e0a90f1d77bfa0a64162fef75dee5_JaffaCakes118.exe"3⤵
- Checks computer location settings
- Adds Run key to start application
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\svchost.exesvchost.exe4⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵
-
-
C:\Windows\SysWOW64\explorer.exeexplorer.exe4⤵
-
-
C:\Windows\SysWOW64\explorer.exeexplorer.exe4⤵
- Deletes itself
- System Location Discovery: System Language Discovery
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵
-
-
C:\Windows\SysWOW64\explorer.exeexplorer.exe4⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵
-
-
C:\Windows\SysWOW64\explorer.exeexplorer.exe4⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵
-
-
C:\Windows\SysWOW64\explorer.exeexplorer.exe4⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵
-
-
C:\Windows\SysWOW64\explorer.exeexplorer.exe4⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵
-
-
C:\Windows\SysWOW64\explorer.exeexplorer.exe4⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵
-
-
C:\Windows\SysWOW64\explorer.exeexplorer.exe4⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵
-
-
C:\Windows\SysWOW64\explorer.exeexplorer.exe4⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵
-
-
C:\Windows\SysWOW64\explorer.exeexplorer.exe4⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵
-
-
C:\Windows\SysWOW64\explorer.exeexplorer.exe4⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵
-
-
C:\Windows\SysWOW64\explorer.exeexplorer.exe4⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵
-
-
C:\Windows\SysWOW64\explorer.exeexplorer.exe4⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵
-
-
C:\Windows\SysWOW64\explorer.exeexplorer.exe4⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵
-
-
C:\Windows\SysWOW64\explorer.exeexplorer.exe4⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵
-
-
C:\Windows\SysWOW64\explorer.exeexplorer.exe4⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵
-
-
C:\Windows\SysWOW64\explorer.exeexplorer.exe4⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵
-
-
C:\Windows\SysWOW64\explorer.exeexplorer.exe4⤵
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"5⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"6⤵
- Executes dropped EXE
- Adds Run key to start application
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\svchost.exesvchost.exe7⤵
- Adds Run key to start application
- System Location Discovery: System Language Discovery
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"8⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"9⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"10⤵
- Checks computer location settings
- Executes dropped EXE
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"11⤵
-
-
C:\Windows\SysWOW64\explorer.exeexplorer.exe11⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"11⤵
-
-
C:\Windows\SysWOW64\explorer.exeexplorer.exe11⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"11⤵
-
-
C:\Windows\SysWOW64\explorer.exeexplorer.exe11⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"11⤵
-
-
C:\Windows\SysWOW64\explorer.exeexplorer.exe11⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"11⤵
-
-
C:\Windows\SysWOW64\explorer.exeexplorer.exe11⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"11⤵
-
-
C:\Windows\SysWOW64\explorer.exeexplorer.exe11⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"11⤵
-
-
C:\Windows\SysWOW64\explorer.exeexplorer.exe11⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"11⤵
-
-
C:\Windows\SysWOW64\explorer.exeexplorer.exe11⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"11⤵
-
-
C:\Windows\SysWOW64\explorer.exeexplorer.exe11⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"11⤵
-
-
C:\Windows\SysWOW64\explorer.exeexplorer.exe11⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"11⤵
-
-
C:\Windows\SysWOW64\explorer.exeexplorer.exe11⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"11⤵
-
-
C:\Windows\SysWOW64\explorer.exeexplorer.exe11⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"11⤵
-
-
C:\Windows\SysWOW64\explorer.exeexplorer.exe11⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"11⤵
-
-
C:\Windows\SysWOW64\explorer.exeexplorer.exe11⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"11⤵
-
-
C:\Windows\SysWOW64\explorer.exeexplorer.exe11⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"11⤵
-
-
C:\Windows\SysWOW64\explorer.exeexplorer.exe11⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"11⤵
-
-
C:\Windows\SysWOW64\explorer.exeexplorer.exe11⤵
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"11⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"12⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"13⤵
- Executes dropped EXE
-
-
-
-
-
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"8⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"9⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"10⤵
- Executes dropped EXE
- Adds Run key to start application
- System Location Discovery: System Language Discovery
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"11⤵
-
-
C:\Windows\SysWOW64\explorer.exeexplorer.exe11⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"11⤵
-
-
C:\Windows\SysWOW64\explorer.exeexplorer.exe11⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"11⤵
-
-
C:\Windows\SysWOW64\explorer.exeexplorer.exe11⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"11⤵
-
-
C:\Windows\SysWOW64\explorer.exeexplorer.exe11⤵
-
-
-
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"8⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"9⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"10⤵
- Executes dropped EXE
- Adds Run key to start application
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"11⤵
-
-
C:\Windows\SysWOW64\explorer.exeexplorer.exe11⤵
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
-
-
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"8⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"9⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"10⤵
- Checks computer location settings
- Executes dropped EXE
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"11⤵
-
-
C:\Windows\SysWOW64\explorer.exeexplorer.exe11⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"11⤵
-
-
C:\Windows\SysWOW64\explorer.exeexplorer.exe11⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"11⤵
-
-
C:\Windows\SysWOW64\explorer.exeexplorer.exe11⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"11⤵
-
-
C:\Windows\SysWOW64\explorer.exeexplorer.exe11⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"11⤵
-
-
C:\Windows\SysWOW64\explorer.exeexplorer.exe11⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"11⤵
-
-
C:\Windows\SysWOW64\explorer.exeexplorer.exe11⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"11⤵
-
-
C:\Windows\SysWOW64\explorer.exeexplorer.exe11⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"11⤵
-
-
C:\Windows\SysWOW64\explorer.exeexplorer.exe11⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"11⤵
-
-
C:\Windows\SysWOW64\explorer.exeexplorer.exe11⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"11⤵
-
-
C:\Windows\SysWOW64\explorer.exeexplorer.exe11⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"11⤵
-
-
C:\Windows\SysWOW64\explorer.exeexplorer.exe11⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"11⤵
-
-
C:\Windows\SysWOW64\explorer.exeexplorer.exe11⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"11⤵
-
-
C:\Windows\SysWOW64\explorer.exeexplorer.exe11⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"11⤵
-
-
C:\Windows\SysWOW64\explorer.exeexplorer.exe11⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"11⤵
-
-
C:\Windows\SysWOW64\explorer.exeexplorer.exe11⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"11⤵
-
-
C:\Windows\SysWOW64\explorer.exeexplorer.exe11⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"11⤵
-
-
C:\Windows\SysWOW64\explorer.exeexplorer.exe11⤵
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"11⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"12⤵
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1380 -s 82412⤵
- Program crash
-
-
-
-
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"8⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"9⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"10⤵
- Executes dropped EXE
- Adds Run key to start application
- System Location Discovery: System Language Discovery
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"11⤵
-
-
C:\Windows\SysWOW64\explorer.exeexplorer.exe11⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"11⤵
-
-
C:\Windows\SysWOW64\explorer.exeexplorer.exe11⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"11⤵
-
-
C:\Windows\SysWOW64\explorer.exeexplorer.exe11⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"11⤵
-
-
C:\Windows\SysWOW64\explorer.exeexplorer.exe11⤵
-
-
-
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"8⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"9⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"10⤵
- Executes dropped EXE
- Adds Run key to start application
- Suspicious use of SetThreadContext
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"11⤵
-
-
C:\Windows\SysWOW64\explorer.exeexplorer.exe11⤵
- Adds Run key to start application
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
-
-
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"8⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"9⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"10⤵
- Checks computer location settings
- Executes dropped EXE
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"11⤵
-
-
C:\Windows\SysWOW64\explorer.exeexplorer.exe11⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"11⤵
-
-
C:\Windows\SysWOW64\explorer.exeexplorer.exe11⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"11⤵
-
-
C:\Windows\SysWOW64\explorer.exeexplorer.exe11⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"11⤵
-
-
C:\Windows\SysWOW64\explorer.exeexplorer.exe11⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"11⤵
-
-
C:\Windows\SysWOW64\explorer.exeexplorer.exe11⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"11⤵
-
-
C:\Windows\SysWOW64\explorer.exeexplorer.exe11⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"11⤵
-
-
C:\Windows\SysWOW64\explorer.exeexplorer.exe11⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"11⤵
-
-
C:\Windows\SysWOW64\explorer.exeexplorer.exe11⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"11⤵
-
-
C:\Windows\SysWOW64\explorer.exeexplorer.exe11⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"11⤵
-
-
C:\Windows\SysWOW64\explorer.exeexplorer.exe11⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"11⤵
-
-
C:\Windows\SysWOW64\explorer.exeexplorer.exe11⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"11⤵
-
-
C:\Windows\SysWOW64\explorer.exeexplorer.exe11⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"11⤵
-
-
C:\Windows\SysWOW64\explorer.exeexplorer.exe11⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"11⤵
-
-
C:\Windows\SysWOW64\explorer.exeexplorer.exe11⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"11⤵
-
-
C:\Windows\SysWOW64\explorer.exeexplorer.exe11⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"11⤵
-
-
C:\Windows\SysWOW64\explorer.exeexplorer.exe11⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"11⤵
-
-
C:\Windows\SysWOW64\explorer.exeexplorer.exe11⤵
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"11⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"12⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"13⤵
- Executes dropped EXE
- Adds Run key to start application
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"14⤵
-
-
C:\Windows\SysWOW64\explorer.exeexplorer.exe14⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"14⤵
-
-
C:\Windows\SysWOW64\explorer.exeexplorer.exe14⤵
-
-
-
-
-
-
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"8⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"9⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"10⤵
- Executes dropped EXE
- Adds Run key to start application
- System Location Discovery: System Language Discovery
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"11⤵
-
-
C:\Windows\SysWOW64\explorer.exeexplorer.exe11⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"11⤵
-
-
C:\Windows\SysWOW64\explorer.exeexplorer.exe11⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"11⤵
-
-
C:\Windows\SysWOW64\explorer.exeexplorer.exe11⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"11⤵
-
-
C:\Windows\SysWOW64\explorer.exeexplorer.exe11⤵
-
-
-
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"8⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"9⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"10⤵
- Executes dropped EXE
- Adds Run key to start application
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"11⤵
-
-
C:\Windows\SysWOW64\explorer.exeexplorer.exe11⤵
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
-
-
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"8⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"9⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"10⤵
- Checks computer location settings
- Executes dropped EXE
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"11⤵
-
-
C:\Windows\SysWOW64\explorer.exeexplorer.exe11⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"11⤵
-
-
C:\Windows\SysWOW64\explorer.exeexplorer.exe11⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"11⤵
-
-
C:\Windows\SysWOW64\explorer.exeexplorer.exe11⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"11⤵
-
-
C:\Windows\SysWOW64\explorer.exeexplorer.exe11⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"11⤵
-
-
C:\Windows\SysWOW64\explorer.exeexplorer.exe11⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"11⤵
-
-
C:\Windows\SysWOW64\explorer.exeexplorer.exe11⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"11⤵
-
-
C:\Windows\SysWOW64\explorer.exeexplorer.exe11⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"11⤵
-
-
C:\Windows\SysWOW64\explorer.exeexplorer.exe11⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"11⤵
-
-
C:\Windows\SysWOW64\explorer.exeexplorer.exe11⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"11⤵
-
-
C:\Windows\SysWOW64\explorer.exeexplorer.exe11⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"11⤵
-
-
C:\Windows\SysWOW64\explorer.exeexplorer.exe11⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"11⤵
-
-
C:\Windows\SysWOW64\explorer.exeexplorer.exe11⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"11⤵
-
-
C:\Windows\SysWOW64\explorer.exeexplorer.exe11⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"11⤵
-
-
C:\Windows\SysWOW64\explorer.exeexplorer.exe11⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"11⤵
-
-
C:\Windows\SysWOW64\explorer.exeexplorer.exe11⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"11⤵
-
-
C:\Windows\SysWOW64\explorer.exeexplorer.exe11⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"11⤵
-
-
C:\Windows\SysWOW64\explorer.exeexplorer.exe11⤵
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"11⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"12⤵
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1696 -s 81212⤵
- Program crash
-
-
-
-
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"8⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"9⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"10⤵
- Executes dropped EXE
- Adds Run key to start application
- System Location Discovery: System Language Discovery
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"11⤵
-
-
C:\Windows\SysWOW64\explorer.exeexplorer.exe11⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"11⤵
-
-
C:\Windows\SysWOW64\explorer.exeexplorer.exe11⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"11⤵
-
-
C:\Windows\SysWOW64\explorer.exeexplorer.exe11⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"11⤵
-
-
C:\Windows\SysWOW64\explorer.exeexplorer.exe11⤵
-
-
-
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"8⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"9⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"10⤵
- Executes dropped EXE
- Adds Run key to start application
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"11⤵
-
-
C:\Windows\SysWOW64\explorer.exeexplorer.exe11⤵
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
-
-
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"8⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"9⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"10⤵
- Checks computer location settings
- Executes dropped EXE
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"11⤵
-
-
C:\Windows\SysWOW64\explorer.exeexplorer.exe11⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"11⤵
-
-
C:\Windows\SysWOW64\explorer.exeexplorer.exe11⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"11⤵
-
-
C:\Windows\SysWOW64\explorer.exeexplorer.exe11⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"11⤵
-
-
C:\Windows\SysWOW64\explorer.exeexplorer.exe11⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"11⤵
-
-
C:\Windows\SysWOW64\explorer.exeexplorer.exe11⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"11⤵
-
-
C:\Windows\SysWOW64\explorer.exeexplorer.exe11⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"11⤵
-
-
C:\Windows\SysWOW64\explorer.exeexplorer.exe11⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"11⤵
-
-
C:\Windows\SysWOW64\explorer.exeexplorer.exe11⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"11⤵
-
-
C:\Windows\SysWOW64\explorer.exeexplorer.exe11⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"11⤵
-
-
C:\Windows\SysWOW64\explorer.exeexplorer.exe11⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"11⤵
-
-
C:\Windows\SysWOW64\explorer.exeexplorer.exe11⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"11⤵
-
-
C:\Windows\SysWOW64\explorer.exeexplorer.exe11⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"11⤵
-
-
C:\Windows\SysWOW64\explorer.exeexplorer.exe11⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"11⤵
-
-
C:\Windows\SysWOW64\explorer.exeexplorer.exe11⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"11⤵
-
-
C:\Windows\SysWOW64\explorer.exeexplorer.exe11⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"11⤵
-
-
C:\Windows\SysWOW64\explorer.exeexplorer.exe11⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"11⤵
-
-
C:\Windows\SysWOW64\explorer.exeexplorer.exe11⤵
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"11⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"12⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"13⤵
- Executes dropped EXE
- Adds Run key to start application
- System Location Discovery: System Language Discovery
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"14⤵
-
-
C:\Windows\SysWOW64\explorer.exeexplorer.exe14⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"14⤵
-
-
C:\Windows\SysWOW64\explorer.exeexplorer.exe14⤵
-
-
-
-
-
-
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"8⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"9⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"10⤵
- Executes dropped EXE
- Adds Run key to start application
- System Location Discovery: System Language Discovery
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"11⤵
-
-
C:\Windows\SysWOW64\explorer.exeexplorer.exe11⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"11⤵
-
-
C:\Windows\SysWOW64\explorer.exeexplorer.exe11⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"11⤵
-
-
C:\Windows\SysWOW64\explorer.exeexplorer.exe11⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"11⤵
-
-
C:\Windows\SysWOW64\explorer.exeexplorer.exe11⤵
-
-
-
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"8⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"9⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"10⤵
- Executes dropped EXE
- Adds Run key to start application
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"11⤵
-
-
C:\Windows\SysWOW64\explorer.exeexplorer.exe11⤵
- Adds Run key to start application
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
-
-
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"7⤵
-
-
C:\Windows\SysWOW64\explorer.exeexplorer.exe7⤵
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
-
-
-
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1380 -ip 13801⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 1696 -ip 16961⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
5KB
MD5fa012d4b6012d52ddb5a68cc8c31292c
SHA1e23498959b742b6c14e122d3d2384ba364da165a
SHA256abf7143775c079378153f9800fe706ad17b9b1a12d54c8ba2f87164d46f09df0
SHA512d03736d1294c4f123dcb29d223e5159ec5d01bc69e4d7c158504a2748cf15bb95fb3293137f09cae9bbfff1f1b5a80a6f185ced9e5f33189e0078ac71aaba032
-
Filesize
3KB
MD517dfc5ea607c7be7441a90bb0f90e388
SHA1a348f29a39f2e1b8b81f52c8f333909bfdf4f0e9
SHA256a18b1c6593bda967f15f212bdf63ed5f9032bc945477922807bf7fbc8b9f7cda
SHA51284cf74275ac905073b50a2ec8438418f21befce1865a5dcfa4d120ba93d5d1297cbbb8211ace4945c44cd5415a135e30fe08def8e4ec92213aa9ba8ffa617a79
-
Filesize
292KB
MD53bf24a621ead96af3ffa33d1de194eb9
SHA1a73d862768f79fd17163a8a38604423c6e92beff
SHA256c05735b853122ab00981fa9bf255590b8c4881dce033bced85d7161ad39aa6c3
SHA51264b35e269cf148c1399866e6e4ba98ed8dd8d46e817ac7320a2db6d28b5ae8f3bcda39f972890df93c78915a2b4941e06e52c5da550a2196a0d5604304905243
-
Filesize
11KB
MD5c17103ae9072a06da581dec998343fc1
SHA1b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d
SHA256dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f
SHA512d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f
-
Filesize
3KB
MD511182f27c18af8ae16d8e9ecb5d13cb4
SHA12b3f01bbfc93abf7114d3088e858c024c4ee2269
SHA256c8349da0cc664d838cc992e19e59658e0222de9695d1db5174969c4f027dc666
SHA51290695e726caacdaea36363a6b832d48d758f414a5e3ff2fb8950c36d97a9269b8265faf22d5d6d7c2ffde2fd883129a7f712b65d354a8ea697e22fbc73c03bd1
-
Filesize
23B
MD5947708030b99032a0bdd278caa3dc97c
SHA14c72b80a0d5fe519f2bcbb1dc4c9a5e0a3fe7f6d
SHA256b2946511dc16dd97a2b62ae152d6073279e261e8f0b6168c62f29d26c9bcbfe4
SHA512317db92c2e8860d7e09ccfaa787ef1ea99a699025126a6eb3228cb45c672b64b0dd1656f6ad2f51be737770678ddcf17332debf7e79e0daed7ad4a25246d02d0
-
Filesize
11KB
MD500a0194c20ee912257df53bfe258ee4a
SHA1d7b4e319bc5119024690dc8230b9cc919b1b86b2
SHA256dc4da2ccadb11099076926b02764b2b44ad8f97cd32337421a4cc21a3f5448f3
SHA5123b38a2c17996c3b77ebf7b858a6c37415615e756792132878d8eddbd13cb06710b7da0e8b58104768f8e475fc93e8b44b3b1ab6f70ddf52edee111aaf5ef5667
-
Filesize
89KB
MD5e6e9ff42656fba9bc8cc7ac2febfe2d0
SHA114f034b295d03a5018765aa1513d9fb7546b5b1d
SHA256f3e7c33e7c6a9d6f2519bf46322b9c18a2470d66532124f9ede9218313012e16
SHA512f7bc55163210eae3afefd6fd860bb70e1b79497ac5074f2bb8a0a88540accb328657d446f131ec91b95be93c963f8ee3461e05a47261bcc71e7c28bf9da41230
-
Filesize
109KB
MD5d42caadf2661c604d3641513b91a3125
SHA12833d59c4b47ce3ddab24fdebb6bd42e7921bf41
SHA256a4d7ea08ac9157c4fcd7fb6c68e1f7a7702750c2dd31bd073a5f3fc5c5fa93a2
SHA512489aa48996497eec2cda5ca48df361c730088720aa762d863f8d81ef412e3ed4a1e2ac7f3b9db215e387c17816fc2410e959004cf219e02b2f20cccc8a14d3aa
-
Filesize
400KB
MD56d41dc7a96d957cbbe4703e7ec1dcd9f
SHA1ed590576ad4c43ba777b2498a3fa59ec769d2bc8
SHA25636251a533d3630d6d3d2280385a20fbd23407d02e5764b44bacc224f916b84d7
SHA512e3395b45315eaa35c3232fd657af97152c5825226a71df8ae47e1b5e45fdab56bb06f16b2ba7e1ca74dd1c7963f9aff0eac3a53a76cd8e1cf08fb4e6d9b2cc29
-
Filesize
201B
MD5f52340ad4f6b1aa0e5184dd54ae87623
SHA1a3ee5b0c7a9a29e235aaec727c43ad3d35446d9b
SHA25697bcdf7d2b41c505506d69eb08d643d31ec32f08e9eb9f2cc9a6d2b05f5fb4f9
SHA512a74afdd7b046812c4e35a0a02fc7c9cbfe6f1640c03cb72c9663f1d01c1dea964287ffb0fc894dfcbd52545d0c865b32370ecb44d3fc91a4be70ab114cf4d71b
-
Filesize
159B
MD5f1db901f48cc3bfd1656c5dc880112d5
SHA18e10f2cd53aa654cfcef3a68c3b20c09bad50287
SHA2567cf5f38a911fe153e9f1b51ab3806b0f5e65fa7a3a6e3a756fc7018300e0a252
SHA512d5eaf6bc9a57eccb22c9468f65815015981ff2ff572ee8152611af9f8fdb222093b3d20e2629832beaf563f892dd7454064013ae252c40b47538b51f3767bb94
-
Filesize
1KB
MD543cc745297a9ed49bf484da25fea5cc9
SHA156e49c38d694eb201eaf26c9dc7bb130523c1cf1
SHA25681b21b8e9937ae7e66dc5d2187a163d6ba34905afd26e175b72001f2fe51a51d
SHA5129627b8ede85b5fc944ebde7229b45f194231177d7baac77c84360997ca7395f2bcaa81a17fdd37b255063373a82b40566ba0bf2a2a9ebeb21a1d05518a15ce43
-
Filesize
347B
MD50e2bf9500c9810e540c2f04260b4c9ab
SHA15fc89632bf6096ca8fac69a92f62d56fb5dd2ec0
SHA2561bfc48600788cf5ff0bfdf3fa7b29bff205746b98b1e7a4cd3b34e494cde55e4
SHA5123f7a8d27629558b53c8a345df251639abad12da82a0ad3b0da222c3836e359eadf8e90763d8a7d23b7c9416df832085c9fd29dccb4f4326317b0c17043d6db4e
-
Filesize
1KB
MD51bf824c445eed11004d1b49960be5b06
SHA19ef8c11c5d7542a131e66174230cf12aaa204aa8
SHA2566fa699af4ed49bab4e9697704e940cc71d3a31c1836c7f95a6795f0e73f511a5
SHA5124e36697eaa1e57d4ca954da22e6c974ce4441ac201dcd1d91d63d329e326257a1b29fd08c8bfe13d60c953e1ecbc6e2e21bcb6c04badde8f4d741f5f89bb07a1
-
Filesize
336B
MD52af9d6317e7bb3c9797122a2e37313d1
SHA1a44ed1fde56610e4cbadac84152edd8889c0bfac
SHA256a4b0644d1b5189b5bcd09c3fd0120b55eeb20f39546d6705a487a2580c47cc1a
SHA512daf698a344d0c055d58d63504667d7a6848ac985effd9374f72fa0da4547f9e2dc3f2450734d27b140b601a23f5c53dbe6ca5588e41085a8de8a2ca8338df8b9
-
Filesize
3KB
MD592424a213ef4b40153a9a9904479409b
SHA1b260b55b8633a6b0a95fc9bae877d510ae63a072
SHA2564a9ebe695a4f1bd997720072e2891341af0a5a647a6d9268064692ff42df80e0
SHA5120f777bdaea208e75f00aed9cd8676bf79d757dc5769d0f3306e84734be44f3d79d7c047e281b1fc7309888e3adbe082e7219dffd6cd6031b5fa634f29635ed66
-
Filesize
916B
MD55a1cb3aff61c04d831e4dea2b62f3942
SHA1874eed1183e21f4a856cb97beec6f413724d2ca6
SHA25616aa579c30d9730f6d735f69060e1fac922a65956409c24904ce3871f5f9bc57
SHA5129523ae8bb18af7e8ac44330bb329cdde333bf74975a310cc930e51f7789ce28baa4ac61626f2cc49a57bcf98fb3dca8d7ceeea0f7e789e40bd2e3fdf7fdfeb57
-
Filesize
226B
MD5912d3eae481b7b9342f22fd4f204e34a
SHA16dde25fa934e7bf3524f58a6273e256277870b7f
SHA256c42f49933f29b8119ffae893dfbdf650183b233403cfdd0be009dcb0906aea68
SHA51258dc9291b5519d627979bd999f04568fcd7b9560b97f7f513e2bed9b12f300c6eae9f8600f12143d60453f2fbbe659e1f13c15919d8b4f834576d2620b73e9d4
-
Filesize
3KB
MD5ca8b761d4d06343c413f8ceea0b63884
SHA14601ce2ae93cd729a0c63e4d4cba8bcff53685aa
SHA256468dee4f6ba0fbe94a878f71b92762ca5e0850187c2be4e0bbec4fc72e20be77
SHA5121fca2f4b717dcf111082fa40d2141d5fcffad4c64cb3191fb6b03d1345448cfc68e48ee9afb783e0f4e44d7d269153e2c6333b8c714052a43c448fd650067e47
-
Filesize
670KB
MD561255b991c241f32e932567c4a395b8d
SHA1a5611f1de3bd0292b27878c124516e3c2d93b093
SHA25624d3dad26a6adf8cb9c295175a2736657252c6ce89ba04260ca2d9722759541a
SHA512db615f1849d78b80a23b798bb2b14ece245c3b3f1b87bc43db0f8c20323addfab24276d026ecf77354426331d1daa2d32096415a06fede8810cd7ce91f79f2c7
-
Filesize
2B
MD593e00066d099c0485cfffa1359246d26
SHA1bc69a773f37b2f2071e25f755a66d47b871e5d98
SHA2563b271649a94ad5be4ef46ecbb6a4e7363e8498b7e69b751737bf30df2e0d1dde
SHA512d3dfe508cacae7d36f13908134b5b438b87429fcf93ccb060bcfa346c04633a99e9ca497297418c969537be1da2405171982794055dd0f52e59a82720d3b3d02
-
Filesize
3KB
MD5cfb22b74b14794a5129ebba4782fe8ef
SHA1b4f760348b49cbba239d4cd62e588c2049818441
SHA2563e227f9e22c9c2e71bd0692fa01fba63912a2483b93728a1e1ab9717ba1e37d9
SHA5122ac32f3d02287fb2bdbe7a6a38151faf24b574313a3ea3818af3844ac9d1c240bbe915e838cfeebfc9fe90d8a1755a946a144abe34bc01b2bcf31de405a3c3d1
-
Filesize
346KB
MD5b6d63330959896290103db9786bd33d6
SHA1b2558e1b4c6d9e012801a6e6564cf44fa16d6d14
SHA25638d68f85dd0d99524efb7b537ce8fc5c7494126da1455a8d700cec51ef021c24
SHA51254cd768f2df8e7e570a95073e1727465c6c22945334e33b835608b8933ef81d59eb33b3b5b434dde5c8b2f25130b417a076916fa4b7fcd9c33a133681cecc9b2
-
Filesize
742KB
MD5409e0a90f1d77bfa0a64162fef75dee5
SHA1fdd709f4f426784b8deddf13bbc9cc9ee0432b35
SHA2562351ea88e204dd23c942610956d2d8a89761794c3db853b55dfd0dd3cd8fb538
SHA5128f884a581eb6f2f910d572607826343b5cabc4ba6bb68f96e2f065c6c7a076492aea175243b21ab84760c1bb0c817af56b5283146c91f49daec500838faa4053
-
Filesize
432KB
-
Filesize
256KB
-
Filesize
432KB
-
Filesize
432KB
-
Filesize
432KB
-
Filesize
432KB
-
Filesize
684KB
-
Filesize
684KB
-
Filesize
684KB
-
Filesize
432KB
-
Filesize
432KB
-
Filesize
432KB
-
Filesize
1.0MB
-
Filesize
1.0MB
-
Filesize
1.0MB
-
Filesize
1.0MB
-
Filesize
1.0MB
-
Filesize
1.0MB
-
Filesize
1.0MB
-
Filesize
1.0MB
-
Filesize
1.0MB
-
Filesize
1.0MB
-
Filesize
1.0MB
-
Filesize
1.0MB
-
Filesize
432KB
