Analysis
-
max time kernel
590s -
max time network
590s -
platform
windows10-1703_x64 -
resource
win10-20240404-en -
resource tags
-
submitted
23-10-2024 13:34
General
-
Target
https://raw.githubusercontent.com/NecroxisTeam/Necroxis_Executor/main/Necroxis%201.0.zip
Malware Config
Extracted
stealc
6079999470
http://95.217.125.57
-
url_path
/2f571d994666c8cb.php
Signatures
-
Stealc
Stealc is an infostealer written in C++.
-
Unexpected DNS network traffic destination 42 IoCs
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 6 IoCs
-
Drops file in Windows directory 7 IoCs
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
Program crash 1 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Checks SCSI registry key(s) 3 TTPs 3 IoCs
SCSI information is often read in order to detect sandboxing environments.
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Gathers network information 2 TTPs 2 IoCs
Uses commandline utility to view network configuration.
-
Modifies Internet Explorer settings 1 TTPs 2 IoCs
-
Modifies data under HKEY_USERS 2 IoCs
-
Modifies registry class 64 IoCs
-
NTFS ADS 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious behavior: MapViewOfSection 4 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs
-
Suspicious use of AdjustPrivilegeToken 64 IoCs
-
Suspicious use of FindShellTrayWindow 64 IoCs
-
Suspicious use of SendNotifyMessage 64 IoCs
-
Suspicious use of SetWindowsHookEx 4 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
-
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
-
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
Processes
-
C:\Windows\system32\LaunchWinApp.exe"C:\Windows\system32\LaunchWinApp.exe" "https://raw.githubusercontent.com/NecroxisTeam/Necroxis_Executor/main/Necroxis%201.0.zip"1⤵
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\browser_broker.exeC:\Windows\system32\browser_broker.exe -Embedding1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- NTFS ADS
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
- Modifies registry class
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
- Drops file in Windows directory
- Modifies registry class
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
- Drops file in Windows directory
- Modifies registry class
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\Necroxis 1.0\Necroxis 1.0\Necroxis.exe"C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\Necroxis 1.0\Necroxis 1.0\Necroxis.exe"1⤵
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\Necroxis 1.0\Necroxis 1.0\Necroxis.exe"C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\Necroxis 1.0\Necroxis 1.0\Necroxis.exe"1⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffb27329758,0x7ffb27329768,0x7ffb273297782⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1616 --field-trial-handle=1832,i,16575632575410022609,166799680690671134,131072 /prefetch:22⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1804 --field-trial-handle=1832,i,16575632575410022609,166799680690671134,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2096 --field-trial-handle=1832,i,16575632575410022609,166799680690671134,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2848 --field-trial-handle=1832,i,16575632575410022609,166799680690671134,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2856 --field-trial-handle=1832,i,16575632575410022609,166799680690671134,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4008 --field-trial-handle=1832,i,16575632575410022609,166799680690671134,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4656 --field-trial-handle=1832,i,16575632575410022609,166799680690671134,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4668 --field-trial-handle=1832,i,16575632575410022609,166799680690671134,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4944 --field-trial-handle=1832,i,16575632575410022609,166799680690671134,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --reenable-autoupdates --system-level2⤵
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x24c,0x250,0x254,0x228,0x258,0x7ff767b77688,0x7ff767b77698,0x7ff767b776a83⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4696 --field-trial-handle=1832,i,16575632575410022609,166799680690671134,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4696 --field-trial-handle=1832,i,16575632575410022609,166799680690671134,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3696 --field-trial-handle=1832,i,16575632575410022609,166799680690671134,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4880 --field-trial-handle=1832,i,16575632575410022609,166799680690671134,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=1556 --field-trial-handle=1832,i,16575632575410022609,166799680690671134,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=1560 --field-trial-handle=1832,i,16575632575410022609,166799680690671134,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3032 --field-trial-handle=1832,i,16575632575410022609,166799680690671134,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4004 --field-trial-handle=1832,i,16575632575410022609,166799680690671134,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=4920 --field-trial-handle=1832,i,16575632575410022609,166799680690671134,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=3524 --field-trial-handle=1832,i,16575632575410022609,166799680690671134,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5468 --field-trial-handle=1832,i,16575632575410022609,166799680690671134,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2504 --field-trial-handle=1832,i,16575632575410022609,166799680690671134,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3816 --field-trial-handle=1832,i,16575632575410022609,166799680690671134,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1780 --field-trial-handle=1832,i,16575632575410022609,166799680690671134,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3768 --field-trial-handle=1832,i,16575632575410022609,166799680690671134,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=3396 --field-trial-handle=1832,i,16575632575410022609,166799680690671134,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=5792 --field-trial-handle=1832,i,16575632575410022609,166799680690671134,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5260 --field-trial-handle=1832,i,16575632575410022609,166799680690671134,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4820 --field-trial-handle=1832,i,16575632575410022609,166799680690671134,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4056 --field-trial-handle=1832,i,16575632575410022609,166799680690671134,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵
-
C:\Users\Admin\Downloads\Solara\Bootstrapper.exe"C:\Users\Admin\Downloads\Solara\Bootstrapper.exe"1⤵
-
C:\Windows\SYSTEM32\cmd.exe"cmd" /c ipconfig /all2⤵
-
C:\Windows\system32\ipconfig.exeipconfig /all3⤵
- Gathers network information
-
C:\Windows\SYSTEM32\cmd.exe"cmd" /c wmic nicconfig where (IPEnabled=TRUE) call SetDNSServerSearchOrder ("1.1.1.1", "1.0.0.1")2⤵
-
C:\Windows\System32\Wbem\WMIC.exewmic nicconfig where (IPEnabled=TRUE) call SetDNSServerSearchOrder ("1.1.1.1", "1.0.0.1")3⤵
-
C:\Users\Admin\Downloads\Solara\Bootstrapper.exe"C:\Users\Admin\Downloads\Solara\Bootstrapper.exe"1⤵
-
C:\Windows\SYSTEM32\cmd.exe"cmd" /c ipconfig /all2⤵
-
C:\Windows\system32\ipconfig.exeipconfig /all3⤵
- Gathers network information
-
C:\Users\Admin\Downloads\Update\Update_(password_github)\Launch.exe"C:\Users\Admin\Downloads\Update\Update_(password_github)\Launch.exe"1⤵
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3460 -s 11722⤵
- Program crash
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /41⤵
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SendNotifyMessage
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
72KB
MD5c2aff226dc0e429be7c1ea0f1747f05d
SHA16fc3b888a8974e9b9e948cad2be5eb2327a17f80
SHA256c5afcd065785a602eafed3149f17ec551800e76c6aa29695f17b250834f76229
SHA512b79086d14fc2efef42c932ffd54bc05bc071945c2f172152bbef0ba1264763d19547ad7d88e767ceffc133037a0c27c402a8bbeb089f899e61e10c40e694ecb7
-
Filesize
410KB
MD5b2a995061dc3fa899ec2baf2bb247279
SHA1829ee665e20adec95668d2f7f9ccf702ae6671d2
SHA256f6a5e9ca3c7f66b21c48e107fb5cca8b28a8a5c793e2f2d7e62e45318e775641
SHA512c44dc5ddb8a93879487b1dcfbd4c1ceb9b32a41d32d9be97f7f36ad1dc78add01deafce98ddfe5b0841b5bb5106596e992391b53ffc98bed26a569fba083f8b9
-
Filesize
107KB
MD5ebd1dd7f69664b8e37286c2c99a8d199
SHA16178212bc632b3872af9ccbda33d2bd594cfd5bd
SHA256697268244487e4c532101040fe4e6fac27e960ab217da7be18f8d92bdb64d638
SHA5128fa5dd77d6dc04b9b26151ea1dc22ad674e1bcab1a3df9a8937e3d18d61cfd56e3a2ecbcd2e18dda6e6f68988399d1973701bc610969e1e4d861d687d7b423d1
-
Filesize
52KB
MD5e3e4edea32f95c0960d0c134478fb1f4
SHA119892761b2a77f6f7abed85b443d2dce67e6b7dc
SHA2569971a3614bce5ad5e422131b8e29f1b0064e04c5c6549cb417973f5532b988c6
SHA512bc9ce9eb35d25781c578092ff62caa65062bec0cdf136553a28c9ec962e5634abe313f4b59009ffd18d540c5b7cc93eb7ec6c84d51d2ce3918bdc30cae50ebff
-
Filesize
3KB
MD5ad7794ca4e1f1e8610c767f26da02183
SHA17830a7ba7f2b13fba54de1d94b5b2929e84b8b1c
SHA256493cea09f787e8cea5228b44447c2380c2f7250e5e16e22acebb453c4309a904
SHA51205beea7f23599515b6a29a0b53a9738a1d278e31ec5b997243d03563a83b737153fe7c77fd0eae67648ebe1b72708b24489ad0d598ee360b500ff1ade4e1e405
-
Filesize
1KB
MD503faf9d8afadb86ebe11a426c4af3417
SHA1ddfc631137ad5593125ea69211258acfe17114b7
SHA256d9d0f82f23b171b5e2049f581f5dfcef6f5602ef89aedf2a1a4cc672faabceb4
SHA51260e04808cd571c96130754c6555d3c6fe578fe7f5cb6b04ef73dbd19d0411c630dab23f2f191a368a672ea2e6ff18e5768e7b9910523cd40c7803c8d049675ef
-
Filesize
6KB
MD51eff1e83009a8ee31565f2ff5ea6a560
SHA145ff5cbd02cdf5bb9d24e5c867bb816176fe7f7f
SHA2569eab421f3bff48203bcc814be4cae1f7b353f6ccf972acba71f3e02c5581ce35
SHA51273a94aae0ce2954c49ce9d6df368273d1a9fa6cfa5f17b8e4558b8066286c4f84f9091734673b241f9ac75765ffe05d2e5ff1808b8e4e447f653e44c64762709
-
Filesize
7KB
MD575952cd422dff9b0114fa42eae037991
SHA1482e9872fae7d6c0f36e41b4bb47f1eaaafa1f15
SHA25692c824e79fd578fee2ce6ffd008f03f2d3b3f23d6e3cdbf07d12e2c9dabba74d
SHA5122db841ec8299cecd131045f6cf3224bd085e55d7113c093f4dc926d3e9d3b95c9229ead5d6f01b55bccc040c54de7861ff7ebedee7f6ae4d1ec2dc17fea180e1
-
Filesize
7KB
MD54b56d460a7287856edf0b792f171b5f0
SHA1fea3e0ea3ef9a111a4ed3432cd164f73da9de9fd
SHA2561691bca8bea46268eeb385dfd6f36b8fd960ea2e4b10108f5136f768eefa0dcc
SHA51281b56a8a31ae2932efddb8e25a4694cc5ed82b476be2050368ff4125e5f08a06efa46b925736eccda008dbe8f31af9714e43cd4cd810d9ea83efa7330026060d
-
Filesize
2KB
MD50e5da9adab594bc3d218b95691a4044c
SHA1ad9d9ac6d403285b9cc48d7599d10e7de2299e83
SHA25698061219cd668ac2c10ce7e3186e16649b98f2f6eb34f29736a4933244d93868
SHA51289a33352ba9be28cbe3e7c4a4c7b484fcb82859d0de117ede6e1114aacc2309ac4b26115f36247ed41198261135023237c9817d72715e069745b657e0ff2a162
-
Filesize
371B
MD5f3c887f8434ca9e8055fb7e994a5909a
SHA1fff3b4b3ea23ad48bf28d1c811962e00301cd31d
SHA25654afafd678bf4f951d6ae69c7bf1c4968c47691f06b062fb4414c326c09ba231
SHA512c339393c4f90394605a966d9f114f4deb9d06c9186ac0f74c22a4fe12b0d9f442ea75cbe880319b916b3ab45497e9d96bad5e13f693ebd74c8020c63e3b4920e
-
Filesize
1KB
MD50e9ffb71d045ffaca5fc7ca7354d8343
SHA17015970e6ea5dc341e8928a2d9bc6fd45825dc04
SHA2560f1627a2b7c00c995de7d8c5c6b016944bfc040a31860677b913a10bb21e4453
SHA512616bf0e9c6348a86b74cef73a6e56cf6668db7b3494625e01916deaace3cc2f7c81dea52f2cc57870d1bdfaf2d94dd87d2a2c9c5eefbdc6aeca7af34c4be2290
-
Filesize
2KB
MD5c85d79aed70dd41bf3910e54342e4c19
SHA14f6df62532881bc5af436396b31a21811e445fb4
SHA2569b8c054c77e0145519fb1c1af864ac19c0088805baf1434a981d73d4d07c9edc
SHA5124a5f66291d4527729179bd0b690530e23d70857895c2eb02f9ecac1610b762c87d67ce4095798c6348c3a9ecf5e5fe2553ba73a667b2ff738fbe2f49df5b2ec7
-
Filesize
371B
MD5a314fcefc9b831ed49a2c5c4dfe52962
SHA1ad613d1cc8c52fa38499b6c5b8b1d7ced824fd38
SHA2569a47d1c69012b95c07b514a214a560158a3c13cb6de3da9371e5a1ec6cb7ff37
SHA51286dd66681af68bfc5fdc5eb12d58a6ba5a92c12b4320b03e5874c73679584f1675efa1b1a1445799a7390d956de30b6a4a9aa170ea2d1f2056175dcf4c88f778
-
Filesize
1KB
MD50474fd212bcecda7c56c08947c41d835
SHA1be9e3f2ba61a9ab424c79669859efdb8f7e2c9bd
SHA256546a0eac8d987dd508755ea7f880a19cae2840a3edb396685cb3aa1fc1174085
SHA512ae75759f270870d67c2519a41136285d30c5315c91572675fe16f63163b38655c1fd214a47ec3126c0e0b2a08088ef639a903472e0f552f50d4c3ab4798eaf8a
-
Filesize
7KB
MD5df4e77ed3ca9aa16b35d242ce0a751ae
SHA1c62acddb0a8decce2fc89877f3a0f5aa1990eced
SHA256adaac9352037d94020f836f4042741df966974ea21ef1a0d65dba13d1d4a5684
SHA5126fe4dcf4af9db4b116e0b79b7ba8b65af2a22b82ff4330b64cb477153f4af8dae7175c5b90e90a6e5c48104dfccb00573465e155a301893ebb1626a3d87a39b6
-
Filesize
7KB
MD56761523968198cf0ad7777321ff02df7
SHA1cf98d11bbcc92272a49862511d9feae40eb59d03
SHA2562bfe280b903570c1869fb951dd7ded89102f53b688da3613486d26caad357398
SHA512b103ea55612a3c6aea7c148ba9fce649b5c5cbeb512b0cf3801aa4f64c371dfd5813ca2f08fd32b88697531295e87f085ced1ed6d44454be1245c1393cd97abf
-
Filesize
6KB
MD52f2f427985c6d43a163af54db696efe0
SHA132e88a9c46cc742e07365d5d2f9f3bc21d2afca1
SHA256b5482c31cc1442247e54df1f00e6ab7489682e42bc958850f7891ce3e14ba3a3
SHA512eb064b72eed8aac57333c4b68aa1fd65cb117cb2c78b6e928afb6d0a43655f1b60abfd7b259eb519e04909c2ab402cdae2479f2dad118a2fd944147f97bdae10
-
Filesize
6KB
MD572137af4e406175f2d5f73e599aa1370
SHA1f077acc58c72c832fd4fdc1ac0cb1f2efacb5972
SHA256f2a438fb2fa978689cab6f60838c83432324a71edf7fee07ff30c075bc51c518
SHA512dac04a8cefb8b26c19e8e1383477a4e90654f5555e4ca3312c57e14332fd9b066b7ccd8135dab286ed3dfc7b69a6f5b3c4d103dea46795ef1ea27f427af4b502
-
Filesize
7KB
MD51b00b19c8c0c7aaf4a438d9c71416b4c
SHA1621f79faad13f37ab0cb4217a55f0085b2092c6b
SHA2566e20ef0f0dc078ce54cbad2e14aa0eae8a21447ff066de2977d1054ccb2c0c35
SHA512dc220f562bdce1532ede46cebbc535d20b48e29f40cba85fd3e19618e02a8c81196d28bec483b37d7e948813424c704cbc9534f209ac0ec90e10b98323f40ba3
-
Filesize
6KB
MD56ff6b5edb173581d654fe47b28399f75
SHA17ea1e38749911f937779f29e804ab7e9ae979af6
SHA256d865f2be20aefb6d96bd4b2cf4c9abea7f95c910de6d10d4ab5c6636ba787277
SHA51254ca1743ed7b94a63f683d81b68579bc007ad94e99bf9950957d2def4bee7605457e2dccfd6f9cb48003233595965b5d7f0ed653182ca3b7a62c79a937ab83c9
-
Filesize
12KB
MD58623f2eb6642169439a69a99ffa533b0
SHA1fd2960ca1079b9258f6245753fcfc5e09f3c1bc5
SHA256bc063da335710945d2a7c818c0ee0a09f337fd3db509bcff671f6cc26c2f7a97
SHA5120c888b0482a3316316b99757207829481df96eb0af1934d2e893031ea553c0ec42e9098b5b4596cc4bfc152324af65ce1690e14393eb4c25915e741e5a3ec1bf
-
Filesize
72B
MD5fa01dc9758b843664b99bbd22b5f646a
SHA1092429f5a446a17211255e4c4a23d421e1f846bd
SHA256e802ff2b542a0f28938e1c100d015fc189a9a829fb725e07ab222c42e6dde03f
SHA51296b6c866d8f8fc76192de3d391ce34cba16aad1e6e5387c104c023acb6735da81702090be4e2cca54c16cbe7dc489ad5c54559855685e68aa6aa5d0f7f90b99c
-
Filesize
48B
MD5f2d65803547ded9b74ec4aeb2421cb38
SHA1594a3fc44343da78ce097d3fb8df814bfa4a431e
SHA256718064b4939a69570edb83a56f36f272e917b924d2a482676a284dde58805dd5
SHA512a771a64148e38075942321dd01c5c9558c33a7e1d4151aa5a5e5b8c2fce8c1562e449030749571c45d14996ef78f950d9325bcdc531f2c5294f626306ed1935e
-
Filesize
311KB
MD5ee929ff6105f59caff6b7a9bbe22824b
SHA138d82a2a5b550037514889e6330124bd0a8af134
SHA25684c9028a17aac548b7a414147336faaebae46b07cbd460eb187694c284fb65f2
SHA5120e2a4adc36aa607796bc6c081dd26250e16fa9d6174ad3385b3704d6a02614f18d853335b714d4837afb22fc129e681f6003756bf8cc806a61321fa3c1d4b716
-
Filesize
311KB
MD5a0e6e47794d088667a3e4413bee297a7
SHA17a126d1e36e63a6c865400baea396dcc76b9469a
SHA25643523f6d09825a439bdf336dfff3d1d93b0beb348fec24888e6157e852534401
SHA5121b277de480eddb57911d3f8f3eec4ead5b948b0afc387352a22aef7759db1b01dc2bd146ac0af00f23a0fb5418b66793078a00834b3133be3b7036c7c455c5af
-
Filesize
105KB
MD5dec03d3b669aea5fc7c392b78d55d163
SHA1fdc0112ee60cb13f4489282d6e26d8b3acb6aa7d
SHA256478604c6b27f1e5539d208428ca4e7a69de02bf27b1ebe96e76d0284c6f508d4
SHA512718af96b4d3162fdf25e2105a54c0d088c622bf2fbc32b249e5d9de72abede30b272fa98e17ae75c3feb6207909387fa3becf50279d1927ca6f0d51c62870df3
-
Filesize
105KB
MD503c41d9ae3def54937a6345d71abc8a8
SHA10465eb15db28536762372148b9753821f262d240
SHA2569e53b6a27d8c6e087ca5a9e987ffe6a22d5add3dfe0b0c0d9ad3429f1cf29361
SHA512c42fbdb13176b350d7c1736796afc5643470365cf52cc7b4956375bf098f0f4bed6e7eb377425b120bcfa419a5ac3c570c693c755287b7efbc1f69f84f9764be
-
Filesize
101KB
MD57f601f5493d828b67bb09d67febeb937
SHA17b3a0a42316399e1137ba87ced8f5bbb3ea47e2e
SHA25631373bd0ba91f899a7b3fba6448fbc19e104d16755734d9fc4ba87275fcc12c1
SHA512eafd6c81dd276f2d38a2feeb499d6e5ea663099b2c9f68bd7271d532fcd4694724e65f01da47d6c281a0151a6522f7418b19e72aafb85eb0e371a5e6f13540c1
-
Filesize
104KB
MD564b2b5ca9c279936d114c6e58d9a3285
SHA15a0b7bd0e847a6e1a1e2ebe96acdacee79c3c003
SHA256843c718a9f24492f2cab6535f84b03393a1d17014d063a6a5cbdcadb11837ee2
SHA51296537b617e35c46863c8d3d77563fcc8ef6e52f32736d5c8e1310c45c6751f814388c883f6331bba804d5356564bad7bfa2195591d71d10555c3fa811bb86666
-
Filesize
93KB
MD59c187fc69fde22574d8268855e961f0c
SHA115e2934486cf7b0df385b40032897f5de7b7824d
SHA256d12307ea42841ce913615a211964a52645144103ec5088db7563901fb930f2db
SHA512cf85155324eb5ea9e530f30176b7754b3bfc874bb809933078899550def3b12cc8658bb5762118d5e2c282362edff531c89c1646efbaf00a934f9322de244cff
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd
-
Filesize
74KB
MD5d4fc49dc14f63895d997fa4940f24378
SHA13efb1437a7c5e46034147cbbc8db017c69d02c31
SHA256853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1
SHA512cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a
-
Filesize
6.9MB
MD5a1d67b0d2477a730aa0a442a86c152af
SHA1b053f17005836ec77407d8a36b706b284a60c49f
SHA256f4ff85831e11233e05e544ea8bc77fdb9393e9cdb7df5a6df909a80c875c5433
SHA512cc50c55692200a9216a66a51802700f692d6e6d73e8d7c7fa2fa2b08284c557e307caba6af6719588c212cd5bdf3a0eb45df224e49d8cc7533a15005131b5f4b
-
Filesize
24KB
MD5d3cdb7663712ddb6ef5056c72fe69e86
SHA1f08bf69934fb2b9ca0aba287c96abe145a69366c
SHA2563e8c2095986b262ac8fccfabda2d021fc0d3504275e83cffe1f0a333f9efbe15
SHA512c0acd65db7098a55dae0730eb1dcd8aa94e95a71f39dd40b087be0b06afc5d1bb310f555781853b5a78a8803dba0fb44df44bd2bb14baeca29c7c7410dffc812
-
Filesize
111KB
MD5d601f5bff59b8b27718c2d4fdc0af171
SHA1cc38cd42cf284dea49cb7c9b5157e5c7b3a43a8e
SHA2564b7eb8a0088e2972e62f2761a413634ab9938fb766393e14d34f405d52fcf669
SHA5128ab8f16706d7dd4ab784b5d82aaf0e9d568239f60aa771ad087cc285a82844ff6b814721ecee4e23817cfccfc142e003ce7c1159c34ed7f767160f842e7f183c
-
Filesize
278KB
MD5ae7659ddd28dd899f73954109dd9c460
SHA11c0495339e78d2bf4b6c8d53e4d5f42d47fc5396
SHA2563d45be1924b7c40f60290b5f04b9c028aa5963bdeeba793adcf7f7938d095fae
SHA5128ac46369c3cd615c8c60d020c8ef683c1a31680c6fae2f617fa81bbf5dfe5f0016bba5439dfbc25fc3aaba742f61d00140566f1a0578503ab74d2af13d22c35a
-
Filesize
103B
MD5b016dafca051f817c6ba098c096cb450
SHA14cc74827c4b2ed534613c7764e6121ceb041b459
SHA256b03c8c2d2429e9dbc7920113dedf6fc09095ab39421ee0cc8819ad412e5d67b9
SHA512d69663e1e81ec33654b87f2dfaddd5383681c8ebf029a559b201d65eb12fa2989fa66c25fa98d58066eab7b897f0eef6b7a68fa1a9558482a17dfed7b6076aca
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
Filesize
4KB
-
Filesize
64KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
8KB
-
Filesize
4KB
-
Filesize
64KB
-
Filesize
8KB
-
Filesize
1024KB
-
Filesize
1024KB
-
Filesize
11.7MB
-
Filesize
11.7MB
-
Filesize
11.7MB
-
Filesize
11.7MB
-
Filesize
11.7MB
-
Filesize
1024KB
-
Filesize
824KB
-
Filesize
1024KB
-
Filesize
8KB
-
Filesize
8KB
-
Filesize
8KB