Analysis
-
max time kernel
150s -
max time network
146s -
platform
windows7_x64 -
resource
win7-20241023-en -
resource tags
-
submitted
21-11-2024 07:46
General
-
Target
Client.exe
-
Size
378KB
-
MD5
7b14a00f19e0fb39b84b37a9365d19ec
-
SHA1
c3bd379a385d4db71df719c25495aca101f3396d
-
SHA256
8bd8893f47bbc91bef5e7b9747ef4a7cf36c749a2c21c5af1e0dd297ddc20991
-
SHA512
a19ff44b31eed8a622c5e78a75c2d8132e2d29a051595e1d0fb9ab0b4f1144d561206ba3e8b3685903ff7c0dd85a2d979ce1548ff94a9da11a82aff614e01610
-
SSDEEP
6144:b0jZ/ce6pz9Jge6VlWT8b9qhlm23w3crW3rboZb:bYMpsPVle8YhLB/
Score
10/10
Malware Config
Signatures
-
Modifies WinLogon for persistence 2 TTPs 1 IoCs
-
Event Triggered Execution: AppInit DLLs 1 TTPs
Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Drops file in Windows directory 3 IoCs
-
Scheduled Task/Job: Scheduled Task 1 TTPs 42 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Users\Admin\AppData\Local\Temp\Client.exe"C:\Users\Admin\AppData\Local\Temp\Client.exe"1⤵
- Modifies WinLogon for persistence
- Adds Run key to start application
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\CMD.exe"CMD" /C SchTaSKs /CrEAte /F /sc OnLoGoN /rl HighEst /tn "Adobe Premiere Pro" /tr "C:\Windows\xdwdBitdefender Antivirus.exe" & exit2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\schtasks.exeSchTaSKs /CrEAte /F /sc OnLoGoN /rl HighEst /tn "Adobe Premiere Pro" /tr "C:\Windows\xdwdBitdefender Antivirus.exe"3⤵
- Scheduled Task/Job: Scheduled Task
-
-
-
C:\Windows\system32\CMD.exe"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "edge update" /tr "C:\Windows\xdwdBitdefender Antivirus.exe" /RL HIGHEST & exit2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\schtasks.exeSchTaSKs /create /f /sc minute /mo -1 /tn "edge update" /tr "C:\Windows\xdwdBitdefender Antivirus.exe" /RL HIGHEST3⤵
- Scheduled Task/Job: Scheduled Task
-
-
-
C:\Windows\system32\CMD.exe"CMD" /c SchTaSKs /create /f /sc minute /mo 5 /tn "Trello" /tr "C:\Users\Admin\Videos\xdwdVirtualBox.exe" /RL HIGHEST & exit2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\schtasks.exeSchTaSKs /create /f /sc minute /mo 5 /tn "Trello" /tr "C:\Users\Admin\Videos\xdwdVirtualBox.exe" /RL HIGHEST3⤵
- Scheduled Task/Job: Scheduled Task
- Suspicious behavior: EnumeratesProcesses
-
-
-
C:\Windows\system32\CMD.exe"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "edge update" /tr "C:\Windows\xdwdBitdefender Antivirus.exe" /RL HIGHEST & exit2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\schtasks.exeSchTaSKs /create /f /sc minute /mo -1 /tn "edge update" /tr "C:\Windows\xdwdBitdefender Antivirus.exe" /RL HIGHEST3⤵
- Scheduled Task/Job: Scheduled Task
- Suspicious behavior: EnumeratesProcesses
-
-
-
C:\Windows\system32\CMD.exe"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "edge update" /tr "C:\Windows\xdwdBitdefender Antivirus.exe" /RL HIGHEST & exit2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\schtasks.exeSchTaSKs /create /f /sc minute /mo -1 /tn "edge update" /tr "C:\Windows\xdwdBitdefender Antivirus.exe" /RL HIGHEST3⤵
- Scheduled Task/Job: Scheduled Task
- Suspicious behavior: EnumeratesProcesses
-
-
-
C:\Windows\system32\CMD.exe"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "edge update" /tr "C:\Windows\xdwdBitdefender Antivirus.exe" /RL HIGHEST & exit2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\schtasks.exeSchTaSKs /create /f /sc minute /mo -1 /tn "edge update" /tr "C:\Windows\xdwdBitdefender Antivirus.exe" /RL HIGHEST3⤵
- Scheduled Task/Job: Scheduled Task
- Suspicious behavior: EnumeratesProcesses
-
-
-
C:\Windows\system32\CMD.exe"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "edge update" /tr "C:\Windows\xdwdBitdefender Antivirus.exe" /RL HIGHEST & exit2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\schtasks.exeSchTaSKs /create /f /sc minute /mo -1 /tn "edge update" /tr "C:\Windows\xdwdBitdefender Antivirus.exe" /RL HIGHEST3⤵
- Scheduled Task/Job: Scheduled Task
-
-
-
C:\Windows\system32\CMD.exe"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "edge update" /tr "C:\Windows\xdwdBitdefender Antivirus.exe" /RL HIGHEST & exit2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\schtasks.exeSchTaSKs /create /f /sc minute /mo -1 /tn "edge update" /tr "C:\Windows\xdwdBitdefender Antivirus.exe" /RL HIGHEST3⤵
- Scheduled Task/Job: Scheduled Task
-
-
-
C:\Windows\system32\CMD.exe"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "edge update" /tr "C:\Windows\xdwdBitdefender Antivirus.exe" /RL HIGHEST & exit2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\schtasks.exeSchTaSKs /create /f /sc minute /mo -1 /tn "edge update" /tr "C:\Windows\xdwdBitdefender Antivirus.exe" /RL HIGHEST3⤵
- Scheduled Task/Job: Scheduled Task
-
-
-
C:\Windows\system32\CMD.exe"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "edge update" /tr "C:\Windows\xdwdBitdefender Antivirus.exe" /RL HIGHEST & exit2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\schtasks.exeSchTaSKs /create /f /sc minute /mo -1 /tn "edge update" /tr "C:\Windows\xdwdBitdefender Antivirus.exe" /RL HIGHEST3⤵
- Scheduled Task/Job: Scheduled Task
-
-
-
C:\Windows\system32\CMD.exe"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "edge update" /tr "C:\Windows\xdwdBitdefender Antivirus.exe" /RL HIGHEST & exit2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\schtasks.exeSchTaSKs /create /f /sc minute /mo -1 /tn "edge update" /tr "C:\Windows\xdwdBitdefender Antivirus.exe" /RL HIGHEST3⤵
- Scheduled Task/Job: Scheduled Task
-
-
-
C:\Windows\system32\CMD.exe"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "edge update" /tr "C:\Windows\xdwdBitdefender Antivirus.exe" /RL HIGHEST & exit2⤵
-
C:\Windows\system32\schtasks.exeSchTaSKs /create /f /sc minute /mo -1 /tn "edge update" /tr "C:\Windows\xdwdBitdefender Antivirus.exe" /RL HIGHEST3⤵
- Scheduled Task/Job: Scheduled Task
-
-
-
C:\Windows\system32\CMD.exe"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "edge update" /tr "C:\Windows\xdwdBitdefender Antivirus.exe" /RL HIGHEST & exit2⤵
-
C:\Windows\system32\schtasks.exeSchTaSKs /create /f /sc minute /mo -1 /tn "edge update" /tr "C:\Windows\xdwdBitdefender Antivirus.exe" /RL HIGHEST3⤵
- Scheduled Task/Job: Scheduled Task
-
-
-
C:\Windows\system32\CMD.exe"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "edge update" /tr "C:\Windows\xdwdBitdefender Antivirus.exe" /RL HIGHEST & exit2⤵
-
C:\Windows\system32\schtasks.exeSchTaSKs /create /f /sc minute /mo -1 /tn "edge update" /tr "C:\Windows\xdwdBitdefender Antivirus.exe" /RL HIGHEST3⤵
- Scheduled Task/Job: Scheduled Task
-
-
-
C:\Windows\system32\CMD.exe"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "edge update" /tr "C:\Windows\xdwdBitdefender Antivirus.exe" /RL HIGHEST & exit2⤵
-
C:\Windows\system32\schtasks.exeSchTaSKs /create /f /sc minute /mo -1 /tn "edge update" /tr "C:\Windows\xdwdBitdefender Antivirus.exe" /RL HIGHEST3⤵
- Scheduled Task/Job: Scheduled Task
-
-
-
C:\Windows\system32\CMD.exe"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "edge update" /tr "C:\Windows\xdwdBitdefender Antivirus.exe" /RL HIGHEST & exit2⤵
-
C:\Windows\system32\schtasks.exeSchTaSKs /create /f /sc minute /mo -1 /tn "edge update" /tr "C:\Windows\xdwdBitdefender Antivirus.exe" /RL HIGHEST3⤵
- Scheduled Task/Job: Scheduled Task
-
-
-
C:\Windows\system32\CMD.exe"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "edge update" /tr "C:\Windows\xdwdBitdefender Antivirus.exe" /RL HIGHEST & exit2⤵
-
C:\Windows\system32\schtasks.exeSchTaSKs /create /f /sc minute /mo -1 /tn "edge update" /tr "C:\Windows\xdwdBitdefender Antivirus.exe" /RL HIGHEST3⤵
- Scheduled Task/Job: Scheduled Task
-
-
-
C:\Windows\system32\CMD.exe"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "edge update" /tr "C:\Windows\xdwdBitdefender Antivirus.exe" /RL HIGHEST & exit2⤵
-
C:\Windows\system32\schtasks.exeSchTaSKs /create /f /sc minute /mo -1 /tn "edge update" /tr "C:\Windows\xdwdBitdefender Antivirus.exe" /RL HIGHEST3⤵
- Scheduled Task/Job: Scheduled Task
-
-
-
C:\Windows\system32\CMD.exe"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "edge update" /tr "C:\Windows\xdwdBitdefender Antivirus.exe" /RL HIGHEST & exit2⤵
-
C:\Windows\system32\schtasks.exeSchTaSKs /create /f /sc minute /mo -1 /tn "edge update" /tr "C:\Windows\xdwdBitdefender Antivirus.exe" /RL HIGHEST3⤵
- Scheduled Task/Job: Scheduled Task
-
-
-
C:\Windows\system32\CMD.exe"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "edge update" /tr "C:\Windows\xdwdBitdefender Antivirus.exe" /RL HIGHEST & exit2⤵
-
C:\Windows\system32\schtasks.exeSchTaSKs /create /f /sc minute /mo -1 /tn "edge update" /tr "C:\Windows\xdwdBitdefender Antivirus.exe" /RL HIGHEST3⤵
- Scheduled Task/Job: Scheduled Task
-
-
-
C:\Windows\system32\CMD.exe"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "edge update" /tr "C:\Windows\xdwdBitdefender Antivirus.exe" /RL HIGHEST & exit2⤵
-
C:\Windows\system32\schtasks.exeSchTaSKs /create /f /sc minute /mo -1 /tn "edge update" /tr "C:\Windows\xdwdBitdefender Antivirus.exe" /RL HIGHEST3⤵
- Scheduled Task/Job: Scheduled Task
-
-
-
C:\Windows\system32\CMD.exe"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "edge update" /tr "C:\Windows\xdwdBitdefender Antivirus.exe" /RL HIGHEST & exit2⤵
-
C:\Windows\system32\schtasks.exeSchTaSKs /create /f /sc minute /mo -1 /tn "edge update" /tr "C:\Windows\xdwdBitdefender Antivirus.exe" /RL HIGHEST3⤵
- Scheduled Task/Job: Scheduled Task
-
-
-
C:\Windows\system32\CMD.exe"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "edge update" /tr "C:\Windows\xdwdBitdefender Antivirus.exe" /RL HIGHEST & exit2⤵
-
C:\Windows\system32\schtasks.exeSchTaSKs /create /f /sc minute /mo -1 /tn "edge update" /tr "C:\Windows\xdwdBitdefender Antivirus.exe" /RL HIGHEST3⤵
- Scheduled Task/Job: Scheduled Task
-
-
-
C:\Windows\system32\CMD.exe"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "edge update" /tr "C:\Windows\xdwdBitdefender Antivirus.exe" /RL HIGHEST & exit2⤵
-
C:\Windows\system32\schtasks.exeSchTaSKs /create /f /sc minute /mo -1 /tn "edge update" /tr "C:\Windows\xdwdBitdefender Antivirus.exe" /RL HIGHEST3⤵
- Scheduled Task/Job: Scheduled Task
-
-
-
C:\Windows\system32\CMD.exe"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "edge update" /tr "C:\Windows\xdwdBitdefender Antivirus.exe" /RL HIGHEST & exit2⤵
-
C:\Windows\system32\schtasks.exeSchTaSKs /create /f /sc minute /mo -1 /tn "edge update" /tr "C:\Windows\xdwdBitdefender Antivirus.exe" /RL HIGHEST3⤵
- Scheduled Task/Job: Scheduled Task
-
-
-
C:\Windows\system32\CMD.exe"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "edge update" /tr "C:\Windows\xdwdBitdefender Antivirus.exe" /RL HIGHEST & exit2⤵
-
C:\Windows\system32\schtasks.exeSchTaSKs /create /f /sc minute /mo -1 /tn "edge update" /tr "C:\Windows\xdwdBitdefender Antivirus.exe" /RL HIGHEST3⤵
- Scheduled Task/Job: Scheduled Task
-
-
-
C:\Windows\system32\CMD.exe"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "edge update" /tr "C:\Windows\xdwdBitdefender Antivirus.exe" /RL HIGHEST & exit2⤵
-
C:\Windows\system32\schtasks.exeSchTaSKs /create /f /sc minute /mo -1 /tn "edge update" /tr "C:\Windows\xdwdBitdefender Antivirus.exe" /RL HIGHEST3⤵
- Scheduled Task/Job: Scheduled Task
-
-
-
C:\Windows\system32\CMD.exe"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "edge update" /tr "C:\Windows\xdwdBitdefender Antivirus.exe" /RL HIGHEST & exit2⤵
-
C:\Windows\system32\schtasks.exeSchTaSKs /create /f /sc minute /mo -1 /tn "edge update" /tr "C:\Windows\xdwdBitdefender Antivirus.exe" /RL HIGHEST3⤵
- Scheduled Task/Job: Scheduled Task
-
-
-
C:\Windows\system32\CMD.exe"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "edge update" /tr "C:\Windows\xdwdBitdefender Antivirus.exe" /RL HIGHEST & exit2⤵
-
C:\Windows\system32\schtasks.exeSchTaSKs /create /f /sc minute /mo -1 /tn "edge update" /tr "C:\Windows\xdwdBitdefender Antivirus.exe" /RL HIGHEST3⤵
- Scheduled Task/Job: Scheduled Task
-
-
-
C:\Windows\system32\CMD.exe"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "edge update" /tr "C:\Windows\xdwdBitdefender Antivirus.exe" /RL HIGHEST & exit2⤵
-
C:\Windows\system32\schtasks.exeSchTaSKs /create /f /sc minute /mo -1 /tn "edge update" /tr "C:\Windows\xdwdBitdefender Antivirus.exe" /RL HIGHEST3⤵
- Scheduled Task/Job: Scheduled Task
-
-
-
C:\Windows\system32\CMD.exe"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "edge update" /tr "C:\Windows\xdwdBitdefender Antivirus.exe" /RL HIGHEST & exit2⤵
-
C:\Windows\system32\schtasks.exeSchTaSKs /create /f /sc minute /mo -1 /tn "edge update" /tr "C:\Windows\xdwdBitdefender Antivirus.exe" /RL HIGHEST3⤵
- Scheduled Task/Job: Scheduled Task
-
-
-
C:\Windows\system32\CMD.exe"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "edge update" /tr "C:\Windows\xdwdBitdefender Antivirus.exe" /RL HIGHEST & exit2⤵
-
C:\Windows\system32\schtasks.exeSchTaSKs /create /f /sc minute /mo -1 /tn "edge update" /tr "C:\Windows\xdwdBitdefender Antivirus.exe" /RL HIGHEST3⤵
- Scheduled Task/Job: Scheduled Task
-
-
-
C:\Windows\system32\CMD.exe"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "edge update" /tr "C:\Windows\xdwdBitdefender Antivirus.exe" /RL HIGHEST & exit2⤵
-
C:\Windows\system32\schtasks.exeSchTaSKs /create /f /sc minute /mo -1 /tn "edge update" /tr "C:\Windows\xdwdBitdefender Antivirus.exe" /RL HIGHEST3⤵
- Scheduled Task/Job: Scheduled Task
-
-
-
C:\Windows\system32\CMD.exe"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "edge update" /tr "C:\Windows\xdwdBitdefender Antivirus.exe" /RL HIGHEST & exit2⤵
-
C:\Windows\system32\schtasks.exeSchTaSKs /create /f /sc minute /mo -1 /tn "edge update" /tr "C:\Windows\xdwdBitdefender Antivirus.exe" /RL HIGHEST3⤵
- Scheduled Task/Job: Scheduled Task
-
-
-
C:\Windows\system32\CMD.exe"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "edge update" /tr "C:\Windows\xdwdBitdefender Antivirus.exe" /RL HIGHEST & exit2⤵
-
C:\Windows\system32\schtasks.exeSchTaSKs /create /f /sc minute /mo -1 /tn "edge update" /tr "C:\Windows\xdwdBitdefender Antivirus.exe" /RL HIGHEST3⤵
- Scheduled Task/Job: Scheduled Task
-
-
-
C:\Windows\system32\CMD.exe"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "edge update" /tr "C:\Windows\xdwdBitdefender Antivirus.exe" /RL HIGHEST & exit2⤵
-
C:\Windows\system32\schtasks.exeSchTaSKs /create /f /sc minute /mo -1 /tn "edge update" /tr "C:\Windows\xdwdBitdefender Antivirus.exe" /RL HIGHEST3⤵
- Scheduled Task/Job: Scheduled Task
-
-
-
C:\Windows\system32\CMD.exe"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "edge update" /tr "C:\Windows\xdwdBitdefender Antivirus.exe" /RL HIGHEST & exit2⤵
-
C:\Windows\system32\schtasks.exeSchTaSKs /create /f /sc minute /mo -1 /tn "edge update" /tr "C:\Windows\xdwdBitdefender Antivirus.exe" /RL HIGHEST3⤵
- Scheduled Task/Job: Scheduled Task
-
-
-
C:\Windows\system32\CMD.exe"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "edge update" /tr "C:\Windows\xdwdBitdefender Antivirus.exe" /RL HIGHEST & exit2⤵
-
C:\Windows\system32\schtasks.exeSchTaSKs /create /f /sc minute /mo -1 /tn "edge update" /tr "C:\Windows\xdwdBitdefender Antivirus.exe" /RL HIGHEST3⤵
- Scheduled Task/Job: Scheduled Task
-
-
-
C:\Windows\system32\CMD.exe"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "edge update" /tr "C:\Windows\xdwdBitdefender Antivirus.exe" /RL HIGHEST & exit2⤵
-
C:\Windows\system32\schtasks.exeSchTaSKs /create /f /sc minute /mo -1 /tn "edge update" /tr "C:\Windows\xdwdBitdefender Antivirus.exe" /RL HIGHEST3⤵
- Scheduled Task/Job: Scheduled Task
-
-
-
C:\Windows\system32\CMD.exe"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "edge update" /tr "C:\Windows\xdwdBitdefender Antivirus.exe" /RL HIGHEST & exit2⤵
-
C:\Windows\system32\schtasks.exeSchTaSKs /create /f /sc minute /mo -1 /tn "edge update" /tr "C:\Windows\xdwdBitdefender Antivirus.exe" /RL HIGHEST3⤵
- Scheduled Task/Job: Scheduled Task
-
-
-
C:\Windows\system32\CMD.exe"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "edge update" /tr "C:\Windows\xdwdBitdefender Antivirus.exe" /RL HIGHEST & exit2⤵
-
C:\Windows\system32\schtasks.exeSchTaSKs /create /f /sc minute /mo -1 /tn "edge update" /tr "C:\Windows\xdwdBitdefender Antivirus.exe" /RL HIGHEST3⤵
- Scheduled Task/Job: Scheduled Task
-
-
-
C:\Windows\system32\CMD.exe"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "edge update" /tr "C:\Windows\xdwdBitdefender Antivirus.exe" /RL HIGHEST & exit2⤵
-
C:\Windows\system32\schtasks.exeSchTaSKs /create /f /sc minute /mo -1 /tn "edge update" /tr "C:\Windows\xdwdBitdefender Antivirus.exe" /RL HIGHEST3⤵
- Scheduled Task/Job: Scheduled Task
-
-
-
C:\Windows\system32\wbem\WmiApSrv.exeC:\Windows\system32\wbem\WmiApSrv.exe1⤵
- Suspicious behavior: EnumeratesProcesses
Network
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Event Triggered Execution
1AppInit DLLs
1Scheduled Task/Job
1Scheduled Task
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
136KB
MD516e5a492c9c6ae34c59683be9c51fa31
SHA197031b41f5c56f371c28ae0d62a2df7d585adaba
SHA25635c8d022e1d917f1aabdceae98097ccc072161b302f84c768ca63e4b32ac2b66
SHA51220fd369172ef5e3e2fde388666b42e8fe5f0c2bfa338c0345f45e98af6561a249ba3ecc48c3f16efcc73f02ecb67b3ddb1e2e8f0e77d18fa00ac34e6379e50b6
-
Filesize
136KB
-
Filesize
136KB
-
Filesize
136KB
-
Filesize
136KB
-
Filesize
136KB
-
Filesize
136KB
-
Filesize
136KB
-
Filesize
136KB
-
Filesize
136KB
-
Filesize
136KB
-
Filesize
136KB
-
Filesize
136KB
-
Filesize
136KB
-
Filesize
136KB
-
Filesize
136KB
-
Filesize
136KB
-
Filesize
136KB
-
Filesize
136KB
-
Filesize
136KB
-
Filesize
136KB
-
Filesize
136KB
-
Filesize
9.9MB
-
Filesize
48KB
-
Filesize
4KB
-
Filesize
9.9MB
-
Filesize
4KB
-
Filesize
400KB
-
Filesize
136KB
-
Filesize
136KB
-
Filesize
136KB
-
Filesize
136KB
-
Filesize
136KB
-
Filesize
136KB
-
Filesize
136KB
-
Filesize
136KB
-
Filesize
136KB
-
Filesize
136KB
-
Filesize
136KB
-
Filesize
136KB
-
Filesize
136KB
-
Filesize
136KB
-
Filesize
136KB
-
Filesize
136KB
-
Filesize
136KB
-
Filesize
136KB
-
Filesize
136KB
-
Filesize
136KB
-
Filesize
136KB
-
Filesize
136KB
-
Filesize
136KB
-
Filesize
136KB
-
Filesize
136KB
-
Filesize
136KB
-
Filesize
136KB
-
Filesize
136KB
-
Filesize
136KB
-
Filesize
136KB
-
Filesize
136KB
-
Filesize
136KB
-
Filesize
136KB
-
Filesize
136KB
-
Filesize
136KB
-
Filesize
136KB
-
Filesize
136KB
-
Filesize
136KB
-
Filesize
136KB
-
Filesize
1.7MB
-
Filesize
136KB
-
Filesize
1.7MB
-
Filesize
4KB
-
Filesize
136KB
-
Filesize
136KB
-
Filesize
136KB