Analysis
-
max time kernel
150s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20241010-en -
resource tags
-
submitted
28-10-2024 12:32
General
-
Target
79a5196da396b96343044126f66d4edc_JaffaCakes118.exe
-
Size
720KB
-
MD5
79a5196da396b96343044126f66d4edc
-
SHA1
a2a864d1aa86d2309c88c205de87b0024cb51522
-
SHA256
cc2711fdcb2faad489be94a39ad855c0923da38a86a7b1a9739aef3f51991dc1
-
SHA512
308c831918f71de6501ddc6983c2fca3aa727940a932f44cf5e7beb7a20e2860aa4b070778b4a1320315c3589ec8b2f97c1012cc2371d89b4d036b843f1af554
-
SSDEEP
12288:e+XbsaO1RUgWA6MKedpjpKNNt6vSR5SFgeiqRwMnJZQDx8XCj1B6CwbqR:Zr7WUZA6MKSWPNTDx8XCUbw
Score
10/10
Malware Config
Signatures
-
Detect XtremeRAT payload 5 IoCs
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Xtremerat family
-
Boot or Logon Autostart Execution: Active Setup 2 TTPs 62 IoCs
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Checks BIOS information in registry 2 TTPs 62 IoCs
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE 60 IoCs
-
Loads dropped DLL 3 IoCs
-
Adds Run key to start application 2 TTPs 62 IoCs
-
Drops file in System32 directory 3 IoCs
-
Suspicious use of SetThreadContext 31 IoCs
-
Drops file in Windows directory 2 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 63 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Modifies registry class 64 IoCs
-
Suspicious use of AdjustPrivilegeToken 62 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 33 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\79a5196da396b96343044126f66d4edc_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\79a5196da396b96343044126f66d4edc_JaffaCakes118.exe"1⤵
- Checks BIOS information in registry
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\79a5196da396b96343044126f66d4edc_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\79a5196da396b96343044126f66d4edc_JaffaCakes118.exe2⤵
- Boot or Logon Autostart Execution: Active Setup
- Loads dropped DLL
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"3⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"3⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"3⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"3⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"3⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"3⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"3⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"3⤵
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"3⤵
- Checks BIOS information in registry
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe4⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Adds Run key to start application
- System Location Discovery: System Language Discovery
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"5⤵
- Checks BIOS information in registry
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
-
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe6⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Adds Run key to start application
- System Location Discovery: System Language Discovery
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"7⤵
- Checks BIOS information in registry
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
-
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe8⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Adds Run key to start application
- System Location Discovery: System Language Discovery
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"9⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"9⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"9⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"9⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"9⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"9⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"9⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"9⤵
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"9⤵
- Checks BIOS information in registry
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
-
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe10⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Adds Run key to start application
- System Location Discovery: System Language Discovery
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"11⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"11⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"11⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"11⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"11⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"11⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"11⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"11⤵
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"11⤵
- Checks BIOS information in registry
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
-
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe12⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Adds Run key to start application
- System Location Discovery: System Language Discovery
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"13⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"13⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"13⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"13⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"13⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"13⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"13⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"13⤵
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"13⤵
- Checks BIOS information in registry
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
-
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe14⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Adds Run key to start application
- System Location Discovery: System Language Discovery
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"15⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"15⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"15⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"15⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"15⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"15⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"15⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"15⤵
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"15⤵
- Checks BIOS information in registry
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
-
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe16⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Adds Run key to start application
- System Location Discovery: System Language Discovery
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"17⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"17⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"17⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"17⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"17⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"17⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"17⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"17⤵
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"17⤵
- Checks BIOS information in registry
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
-
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe18⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Adds Run key to start application
- System Location Discovery: System Language Discovery
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"19⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"19⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"19⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"19⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"19⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"19⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"19⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"19⤵
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"19⤵
- Checks BIOS information in registry
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
-
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe20⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Adds Run key to start application
- System Location Discovery: System Language Discovery
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"21⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"21⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"21⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"21⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"21⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"21⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"21⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"21⤵
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"21⤵
- Checks BIOS information in registry
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
-
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe22⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Adds Run key to start application
- System Location Discovery: System Language Discovery
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"23⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"23⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"23⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"23⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"23⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"23⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"23⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"23⤵
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"23⤵
- Checks BIOS information in registry
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
-
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe24⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Adds Run key to start application
- System Location Discovery: System Language Discovery
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"25⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"25⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"25⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"25⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"25⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"25⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"25⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"25⤵
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"25⤵
- Checks BIOS information in registry
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
-
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe26⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Adds Run key to start application
- System Location Discovery: System Language Discovery
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"27⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"27⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"27⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"27⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"27⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"27⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"27⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"27⤵
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"27⤵
- Checks BIOS information in registry
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
-
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe28⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Adds Run key to start application
- System Location Discovery: System Language Discovery
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"29⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"29⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"29⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"29⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"29⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"29⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"29⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"29⤵
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"29⤵
- Checks BIOS information in registry
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
-
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe30⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Adds Run key to start application
- System Location Discovery: System Language Discovery
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"31⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"31⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"31⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"31⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"31⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"31⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"31⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"31⤵
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"31⤵
- Checks BIOS information in registry
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
-
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe32⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Adds Run key to start application
- System Location Discovery: System Language Discovery
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"33⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"33⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"33⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"33⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"33⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"33⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"33⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"33⤵
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"33⤵
- Checks BIOS information in registry
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
-
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe34⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Adds Run key to start application
- System Location Discovery: System Language Discovery
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"35⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"35⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"35⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"35⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"35⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"35⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"35⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"35⤵
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"35⤵
- Checks BIOS information in registry
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
-
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe36⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Adds Run key to start application
- System Location Discovery: System Language Discovery
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"37⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"37⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"37⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"37⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"37⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"37⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"37⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"37⤵
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"37⤵
- Checks BIOS information in registry
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
-
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe38⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Adds Run key to start application
- System Location Discovery: System Language Discovery
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"39⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"39⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"39⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"39⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"39⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"39⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"39⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"39⤵
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"39⤵
- Checks BIOS information in registry
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
-
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe40⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Adds Run key to start application
- System Location Discovery: System Language Discovery
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"41⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"41⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"41⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"41⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"41⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"41⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"41⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"41⤵
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"41⤵
- Checks BIOS information in registry
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
-
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe42⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Adds Run key to start application
- System Location Discovery: System Language Discovery
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"43⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"43⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"43⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"43⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"43⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"43⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"43⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"43⤵
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"43⤵
- Checks BIOS information in registry
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
-
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe44⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Adds Run key to start application
- System Location Discovery: System Language Discovery
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"45⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"45⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"45⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"45⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"45⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"45⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"45⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"45⤵
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"45⤵
- Checks BIOS information in registry
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
-
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe46⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Adds Run key to start application
- System Location Discovery: System Language Discovery
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"47⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"47⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"47⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"47⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"47⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"47⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"47⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"47⤵
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"47⤵
- Checks BIOS information in registry
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
-
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe48⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Adds Run key to start application
- System Location Discovery: System Language Discovery
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"49⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"49⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"49⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"49⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"49⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"49⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"49⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"49⤵
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"49⤵
- Checks BIOS information in registry
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
-
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe50⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Adds Run key to start application
- System Location Discovery: System Language Discovery
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"51⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"51⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"51⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"51⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"51⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"51⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"51⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"51⤵
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"51⤵
- Checks BIOS information in registry
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
-
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe52⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Adds Run key to start application
- System Location Discovery: System Language Discovery
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"53⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"53⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"53⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"53⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"53⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"53⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"53⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"53⤵
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"53⤵
- Checks BIOS information in registry
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
-
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe54⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Adds Run key to start application
- System Location Discovery: System Language Discovery
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"55⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"55⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"55⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"55⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"55⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"55⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"55⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"55⤵
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"55⤵
- Checks BIOS information in registry
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
-
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe56⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Adds Run key to start application
- System Location Discovery: System Language Discovery
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"57⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"57⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"57⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"57⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"57⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"57⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"57⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"57⤵
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"57⤵
- Checks BIOS information in registry
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
-
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe58⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Adds Run key to start application
- System Location Discovery: System Language Discovery
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"59⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"59⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"59⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"59⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"59⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"59⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"59⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"59⤵
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"59⤵
- Checks BIOS information in registry
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
-
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe60⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Adds Run key to start application
- System Location Discovery: System Language Discovery
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"61⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"61⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"61⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"61⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"61⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"61⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"61⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"61⤵
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"61⤵
- Checks BIOS information in registry
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
-
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe62⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Adds Run key to start application
- System Location Discovery: System Language Discovery
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"63⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"63⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"63⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"63⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"63⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"63⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"63⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
C:\Windows\SysWOW64\DllHost.exeC:\Windows\SysWOW64\DllHost.exe /Processid:{76D0CB12-7604-4048-B83C-1005C7DDC503}1⤵
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1Privilege Escalation
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
72B
MD5e4d2b34cb35072321f311f4beddd9378
SHA1e158638af667ddae79ea15ca00307bfd664104a5
SHA2565f998ce37b1b7f6b5c0272f93cc5eac03c88ce81eaca931b8dabcbb4c861d031
SHA5126309512f34e366eeeb87e4fe6041786c9506295a762d406206ed5dd2a52afc1cacfed51aff5f6ce9385438b0ecee42778cf09a3574940b55acbfadaa617c787e
-
Filesize
72B
MD5bb9a3ab63d76cee59dabd3384185c64e
SHA13db2446778701a1e7f9099f3903b3081862fa7bb
SHA2567df56078189cf6ff771c29d662232c20ff741839eeb8d7e887a6de9c53531c02
SHA512d8ec3e017aa2798c5408b8e3a154e0eaee310348e92a380cd14ecb555eb9f223414447d9ec6227ced77bf12b0eb07db7cfc5b4a3a584ca37719bae3146d7211f
-
Filesize
72B
MD5a3e2b8ee314dedd3571adc72764f3e3f
SHA10ffd65ec55841b067c14ce968b07e65b44d561f4
SHA256efdaddf7227e3564700424e4948f9e9695cc9af78624631eafe760c6da3f0635
SHA51218b2ac97e37ee613f9658959d166aa1a03f86495c9628c192fa383b71808dca6ce51980f32a381ed40e619091f29deb05dd83cd57c3e4110118211a4bff11797
-
Filesize
72B
MD5fb914a9539867e82811e65377e8bed9a
SHA1a92de522d918e7f1e9a2d740aee85fb4ff1ca78f
SHA256fcdcaac1c108c562ec96016cc5dec183d8f713553966d9901a9d4e8c27d78605
SHA512b5a9df5233a109dc2b9e641ee5342dc350ba3147703bfecd78a8c3032d6b73600e57c347456e0f102577ff95ded0ea3155b446ee7b99e0983b3ecc877ee50056
-
Filesize
72B
MD5ed0c7d5c9372d6e7439a91e9b4efe2ac
SHA1ce46d911daf29a6e20f191ba040ab38de5c9e1bc
SHA2569acebbafd0bf0d30686b5b8b4636c0cfb0253b0a83f9f4f15fa37d18237963a6
SHA51202b749d5798e3bbc0e728dd769286206dafc892535631abb4557077d5a8bc590930b8a1a5e67f845b203ee103d1ece438ac3d54923c3486ac9bead593a2eace3
-
Filesize
72B
MD5f2a03a685737c53e6aa544691f8a57d0
SHA15f06228cb76858a0880d88b4c3a03a340ecbf8fd
SHA2560474c819a8ba6eb0932ce439b1930b0700d75290bf3e95f05942fde72dc9cd66
SHA5120a0d38e7d4ae624571e64ec7a34cbba4f485922e2015e91eaa7605dad34af27ff25f33a1570d01c7fc6336b596c972c4e4175ed932c6d0d3ad2f8d6bf15858c9
-
Filesize
72B
MD51b51eb3d1dbcc5f2337e7647c12582e5
SHA13908d0cc05028b91f7bb904c9ac4ba8abb28632f
SHA2562ee7b59f2f6a9b6da2c9b519a4d2ae57323dc4c930cc3e2b1276dd29ece5ced6
SHA51248fb34c483cef8a9063eb603f571d9502f52ebedb6568372ed5586d275878bd92afe7a9d24a0623cc941dad982231a59d685987119ed5a0b6928f51c7a695a45
-
Filesize
72B
MD5fb6e091924753bf839450ff541a431ea
SHA11831a3fee73dc402777fa97548a901b27724e773
SHA256e60c84631ce4ec4542c0751cafbd4c2cc21092f053da163b361ac00c5b9bbb62
SHA5124eddede90f0ea718d652ed2438bce21381796c667d5ca7de2c0f25116bd6baf55aa56d9bdf3129ea281c791545ff0a523f6ae859958ff5759f739c4be1dcf585
-
Filesize
72B
MD5d33092fc06d7c7b71d9e14f42770fa91
SHA1f8e34485360cd5cff8035ae0bf0f83c8ea7c49df
SHA256fa293248ba50845c99e4fe90d75bbd3f6a1106cfc5014be30d078f0289db8707
SHA512ccdcb18abc69cff5d19ec64a19e5ce797289dcda9748d37e0613ce0003359cd3525b9c99a39f6b2e73b699ab8e7e2bf1da67a2db2e0ebee4bf24ec7668ae20ff
-
Filesize
72B
MD582ad325bd8d3571308343fcd6318715c
SHA111ec1ac9bda9afc84cdcf6776f2ac1e23cb2a118
SHA25639b4f05c26889d5babab8fd20d62d018cf6b359a646033b8f8a24e743849e68b
SHA512475062f9688ce15efb28bace0aa5637a372e94e49e1e26c2c539e1f77793dffa2836ff7d169691ee9735f38406d3f07e2f5e29313a88b0ef67d21928b12d2f5b
-
Filesize
72B
MD510c1d785528d471a491504b5733e88b6
SHA10dc041e0ca197e824a6390748f562b8d46bb2034
SHA2563859e417561e35f67fdbd4f50b842b0ad14a5c451d9dd6cb56ea7e3dd4779f1b
SHA51286f8b705d6f65758e5f9b8ceb8fcbb6a252bb23c365d0a95672edac21c0a0fe29da6311c35be58a683afc1f6f89a08858d27777d6b05f77c67872284578ba6e4
-
Filesize
72B
MD5e704926dbcb978ef81efe14788a17b21
SHA168733ce554a05087b74c73d8f8692357c505edc1
SHA25619c1d9a7e8c11ed5b7019beabb57459fcb71469c565106abe2d01c792b86c895
SHA51285452ff25b88acb3f7e1e22f66a474aad9b1df44fb121326d722c25cdbd508677ce6b50bb3b1017e1149d8da7dd5c11acebc57234506bd3e07a3bfcf3b888962
-
Filesize
72B
MD51336475d9a3ef8a1686efd0caa5fc3c4
SHA1c3c80b21d91ea5ece400aef3f99364f10acc245f
SHA25603b02d2cf86b2867b0b3a27acb99e638a0ba243d1d854e63d0081cd1d06e1b26
SHA5125c8e479a8bbe6f0303fdfd04f4c6b8fddc563e449eb62aae40ab47c77231298e9fce07caeddf37e5bbd5f739563e166c28ca8e5375fa55f8aa22c5c9d647692c
-
Filesize
72B
MD59ba2ca7af0540821f205be98db2bcb2d
SHA16cfd202036bdbaa3d2b99c5863e84670a56b3d67
SHA256790d299fbffcba9cf53c0676d6cc35c0ff466344cd7cde14aa9571414124dbf9
SHA51213a7335ddf3ddd03f094637d7787542c604361db67882e9e3de63e0f57c42e65ef507be7675021631dda95eba6111d75c390c3d72bc9a5a86467af0e4405f082
-
Filesize
72B
MD59d9c026fc9d63995e2652319ae09f83a
SHA18346a278970f219eb9f9a7d2929e1046792577bb
SHA256884c9de50ff8e9fd948342221bc8e0dea1a7a09d2c0d0676fd1279190fe40743
SHA512f8af6dfc15101cc9eb082c2f35dd41585e042ae30745becf522dd7e962fda3d562d45be1325ea9029599c409f53d12f6d126f2a793857469c6e193664f606546
-
Filesize
1KB
MD50ba42a03120e3b6b9b5f55b86a7d087d
SHA1d5a5d1cd0bcf89cc7bd0c4920201c1cc7c2f27c4
SHA256ef79caf60efe07ce9cd68403ae0d1ede11bf5c23c4f12909801d2ef6ed317ae9
SHA512a3761d66a0a9d4590348e6f403dccfabd1b982eab2543fbd19c5d1bef0752ed6a12abf8d9d00529682804e9138a69749bb4159d076aada2dbbb34e4a81a3b637
-
Filesize
205KB
MD591fa0e0f2ba3305e397a6f26c8fe3ee4
SHA1e0b3e91c4106fad91fc872aeaee787d2e4210555
SHA25603200b72d40d2e733ebf13494388eac37a98c9e72a7718e98a2bf3d500cb7c94
SHA5125e9d93092349f5b4e87e92a17a0c434cf6342498cebac975774547d5b644a12e65cae49ec5d97c30683de016b7c28a7bbea278c85db04ccdbfb02bdba4e71e75
-
Filesize
720KB
MD579a5196da396b96343044126f66d4edc
SHA1a2a864d1aa86d2309c88c205de87b0024cb51522
SHA256cc2711fdcb2faad489be94a39ad855c0923da38a86a7b1a9739aef3f51991dc1
SHA512308c831918f71de6501ddc6983c2fca3aa727940a932f44cf5e7beb7a20e2860aa4b070778b4a1320315c3589ec8b2f97c1012cc2371d89b4d036b843f1af554
-
Filesize
912KB
-
Filesize
912KB
-
Filesize
912KB
-
Filesize
912KB
-
Filesize
912KB
-
Filesize
912KB
-
Filesize
912KB
-
Filesize
912KB
-
Filesize
912KB
-
Filesize
912KB
-
Filesize
912KB
-
Filesize
912KB
-
Filesize
912KB
-
Filesize
912KB
-
Filesize
912KB
-
Filesize
912KB
-
Filesize
912KB
-
Filesize
912KB
-
Filesize
912KB
-
Filesize
292KB
-
Filesize
292KB
-
Filesize
912KB
-
Filesize
280KB
-
Filesize
912KB
-
Filesize
912KB
-
Filesize
912KB
-
Filesize
280KB
-
Filesize
912KB
-
Filesize
8KB
-
Filesize
280KB
-
Filesize
280KB
-
Filesize
280KB
-
Filesize
912KB
-
Filesize
912KB
-
Filesize
912KB
-
Filesize
292KB
-
Filesize
8KB
-
Filesize
8KB
-
Filesize
912KB
-
Filesize
292KB
-
Filesize
292KB
-
Filesize
912KB
-
Filesize
292KB
-
Filesize
912KB
-
Filesize
912KB
-
Filesize
912KB
-
Filesize
912KB
-
Filesize
8KB
-
Filesize
292KB
-
Filesize
292KB
-
Filesize
292KB
-
Filesize
912KB
-
Filesize
912KB
-
Filesize
292KB
-
Filesize
292KB
-
Filesize
4KB
-
Filesize
912KB
-
Filesize
912KB
-
Filesize
912KB
-
Filesize
8KB
-
Filesize
912KB
-
Filesize
912KB
-
Filesize
4KB
-
Filesize
8KB
-
Filesize
4KB
-
Filesize
912KB
-
Filesize
912KB
-
Filesize
292KB
-
Filesize
912KB
-
Filesize
292KB
-
Filesize
912KB
-
Filesize
912KB
-
Filesize
292KB
-
Filesize
292KB
-
Filesize
8KB
-
Filesize
8KB
-
Filesize
912KB
-
Filesize
912KB
-
Filesize
912KB
-
Filesize
912KB
-
Filesize
912KB
-
Filesize
912KB
-
Filesize
912KB
-
Filesize
912KB
-
Filesize
912KB
-
Filesize
912KB
-
Filesize
912KB
-
Filesize
912KB
-
Filesize
912KB
