Analysis
-
max time kernel
120s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
-
submitted
26-11-2024 01:28
General
-
Target
8fcc76b2ce9751b9c2dae8c96e9d6d0f5a8585decb3700d256772b75a8eff0b9.exe
-
Size
56KB
-
MD5
cca34c9d021e1f5078fe708e8f819ee0
-
SHA1
ffd9c7f917d17d0bc8f5fa89937a5536740e1eba
-
SHA256
8fcc76b2ce9751b9c2dae8c96e9d6d0f5a8585decb3700d256772b75a8eff0b9
-
SHA512
600a25f2299cd6c673e1bf3d89fa4b78ff173ec1853d01b8795a7533997c9ae58eb744be1f53e5a6c5d8cc540112adc840c9bdae46ee3d202e8ed83c736c199c
-
SSDEEP
768:uEaz5G7MaEtbwQpeyjaSLyfOPT4xcsrRA9Xu/IC4X3i2AH350azknSRXJuRWQlhd:v4GYUWeypTUuuQj635cSRU3iN/ntNm
Score
7/10
Malware Config
Signatures
-
Drops startup file 64 IoCs
-
Executes dropped EXE 64 IoCs
-
Loads dropped DLL 64 IoCs
-
Adds Run key to start application 2 TTPs 2 IoCs
-
Drops file in System32 directory 64 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Modifies registry class 64 IoCs
-
Suspicious use of SetWindowsHookEx 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\8fcc76b2ce9751b9c2dae8c96e9d6d0f5a8585decb3700d256772b75a8eff0b9.exe"C:\Users\Admin\AppData\Local\Temp\8fcc76b2ce9751b9c2dae8c96e9d6d0f5a8585decb3700d256772b75a8eff0b9.exe"1⤵
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
\??\c:\windows\SysWOW64\dwdsrngt.exec:\windows\system32\dwdsrngt.exe CHD0012⤵
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
\??\c:\windows\SysWOW64\dwdsrngt.exec:\windows\system32\dwdsrngt.exe CHD0013⤵
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
\??\c:\windows\SysWOW64\dwdsrngt.exec:\windows\system32\dwdsrngt.exe CHD0014⤵
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
\??\c:\windows\SysWOW64\dwdsrngt.exec:\windows\system32\dwdsrngt.exe CHD0015⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
\??\c:\windows\SysWOW64\dwdsrngt.exec:\windows\system32\dwdsrngt.exe CHD0016⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
\??\c:\windows\SysWOW64\dwdsrngt.exec:\windows\system32\dwdsrngt.exe CHD0017⤵
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
\??\c:\windows\SysWOW64\dwdsrngt.exec:\windows\system32\dwdsrngt.exe CHD0018⤵
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
\??\c:\windows\SysWOW64\dwdsrngt.exec:\windows\system32\dwdsrngt.exe CHD0019⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
\??\c:\windows\SysWOW64\dwdsrngt.exec:\windows\system32\dwdsrngt.exe CHD00110⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
\??\c:\windows\SysWOW64\dwdsrngt.exec:\windows\system32\dwdsrngt.exe CHD00111⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
\??\c:\windows\SysWOW64\dwdsrngt.exec:\windows\system32\dwdsrngt.exe CHD00112⤵
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
\??\c:\windows\SysWOW64\dwdsrngt.exec:\windows\system32\dwdsrngt.exe CHD00113⤵
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
\??\c:\windows\SysWOW64\dwdsrngt.exec:\windows\system32\dwdsrngt.exe CHD00114⤵
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
\??\c:\windows\SysWOW64\dwdsrngt.exec:\windows\system32\dwdsrngt.exe CHD00115⤵
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
\??\c:\windows\SysWOW64\dwdsrngt.exec:\windows\system32\dwdsrngt.exe CHD00116⤵
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
\??\c:\windows\SysWOW64\dwdsrngt.exec:\windows\system32\dwdsrngt.exe CHD00117⤵
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
\??\c:\windows\SysWOW64\dwdsrngt.exec:\windows\system32\dwdsrngt.exe CHD00118⤵
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
\??\c:\windows\SysWOW64\dwdsrngt.exec:\windows\system32\dwdsrngt.exe CHD00119⤵
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
\??\c:\windows\SysWOW64\dwdsrngt.exec:\windows\system32\dwdsrngt.exe CHD00120⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
\??\c:\windows\SysWOW64\dwdsrngt.exec:\windows\system32\dwdsrngt.exe CHD00121⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
\??\c:\windows\SysWOW64\dwdsrngt.exec:\windows\system32\dwdsrngt.exe CHD00122⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
\??\c:\windows\SysWOW64\dwdsrngt.exec:\windows\system32\dwdsrngt.exe CHD00123⤵
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
\??\c:\windows\SysWOW64\dwdsrngt.exec:\windows\system32\dwdsrngt.exe CHD00124⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of SetWindowsHookEx
-
\??\c:\windows\SysWOW64\dwdsrngt.exec:\windows\system32\dwdsrngt.exe CHD00125⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
\??\c:\windows\SysWOW64\dwdsrngt.exec:\windows\system32\dwdsrngt.exe CHD00126⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
\??\c:\windows\SysWOW64\dwdsrngt.exec:\windows\system32\dwdsrngt.exe CHD00127⤵
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
\??\c:\windows\SysWOW64\dwdsrngt.exec:\windows\system32\dwdsrngt.exe CHD00128⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
\??\c:\windows\SysWOW64\dwdsrngt.exec:\windows\system32\dwdsrngt.exe CHD00129⤵
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
\??\c:\windows\SysWOW64\dwdsrngt.exec:\windows\system32\dwdsrngt.exe CHD00130⤵
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
\??\c:\windows\SysWOW64\dwdsrngt.exec:\windows\system32\dwdsrngt.exe CHD00131⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of SetWindowsHookEx
-
\??\c:\windows\SysWOW64\dwdsrngt.exec:\windows\system32\dwdsrngt.exe CHD00132⤵
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
\??\c:\windows\SysWOW64\dwdsrngt.exec:\windows\system32\dwdsrngt.exe CHD00133⤵
- Drops startup file
- Executes dropped EXE
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Modifies registry class
-
\??\c:\windows\SysWOW64\dwdsrngt.exec:\windows\system32\dwdsrngt.exe CHD00134⤵
- Drops startup file
- Executes dropped EXE
- Drops file in System32 directory
-
\??\c:\windows\SysWOW64\dwdsrngt.exec:\windows\system32\dwdsrngt.exe CHD00135⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Modifies registry class
-
\??\c:\windows\SysWOW64\dwdsrngt.exec:\windows\system32\dwdsrngt.exe CHD00136⤵
- Executes dropped EXE
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
-
\??\c:\windows\SysWOW64\dwdsrngt.exec:\windows\system32\dwdsrngt.exe CHD00137⤵
- Executes dropped EXE
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Modifies registry class
-
\??\c:\windows\SysWOW64\dwdsrngt.exec:\windows\system32\dwdsrngt.exe CHD00138⤵
- Drops startup file
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Modifies registry class
-
\??\c:\windows\SysWOW64\dwdsrngt.exec:\windows\system32\dwdsrngt.exe CHD00139⤵
- Executes dropped EXE
-
\??\c:\windows\SysWOW64\dwdsrngt.exec:\windows\system32\dwdsrngt.exe CHD00140⤵
- Executes dropped EXE
- Modifies registry class
-
\??\c:\windows\SysWOW64\dwdsrngt.exec:\windows\system32\dwdsrngt.exe CHD00141⤵
- Executes dropped EXE
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
-
\??\c:\windows\SysWOW64\dwdsrngt.exec:\windows\system32\dwdsrngt.exe CHD00142⤵
- Drops startup file
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\windows\SysWOW64\dwdsrngt.exec:\windows\system32\dwdsrngt.exe CHD00143⤵
- Drops startup file
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Modifies registry class
-
\??\c:\windows\SysWOW64\dwdsrngt.exec:\windows\system32\dwdsrngt.exe CHD00144⤵
- Executes dropped EXE
- Modifies registry class
-
\??\c:\windows\SysWOW64\dwdsrngt.exec:\windows\system32\dwdsrngt.exe CHD00145⤵
- Executes dropped EXE
- Drops file in System32 directory
-
\??\c:\windows\SysWOW64\dwdsrngt.exec:\windows\system32\dwdsrngt.exe CHD00146⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Modifies registry class
-
\??\c:\windows\SysWOW64\dwdsrngt.exec:\windows\system32\dwdsrngt.exe CHD00147⤵
- Drops startup file
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Modifies registry class
-
\??\c:\windows\SysWOW64\dwdsrngt.exec:\windows\system32\dwdsrngt.exe CHD00148⤵
- Drops startup file
- Executes dropped EXE
- Modifies registry class
-
\??\c:\windows\SysWOW64\dwdsrngt.exec:\windows\system32\dwdsrngt.exe CHD00149⤵
- Drops startup file
- Executes dropped EXE
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Modifies registry class
-
\??\c:\windows\SysWOW64\dwdsrngt.exec:\windows\system32\dwdsrngt.exe CHD00150⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Modifies registry class
-
\??\c:\windows\SysWOW64\dwdsrngt.exec:\windows\system32\dwdsrngt.exe CHD00151⤵
- Drops startup file
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\windows\SysWOW64\dwdsrngt.exec:\windows\system32\dwdsrngt.exe CHD00152⤵
- Drops startup file
- Executes dropped EXE
- Modifies registry class
-
\??\c:\windows\SysWOW64\dwdsrngt.exec:\windows\system32\dwdsrngt.exe CHD00153⤵
- Drops startup file
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\windows\SysWOW64\dwdsrngt.exec:\windows\system32\dwdsrngt.exe CHD00154⤵
- Executes dropped EXE
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Modifies registry class
-
\??\c:\windows\SysWOW64\dwdsrngt.exec:\windows\system32\dwdsrngt.exe CHD00155⤵
- Executes dropped EXE
- Drops file in System32 directory
- Modifies registry class
-
\??\c:\windows\SysWOW64\dwdsrngt.exec:\windows\system32\dwdsrngt.exe CHD00156⤵
- Drops startup file
- Executes dropped EXE
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
-
\??\c:\windows\SysWOW64\dwdsrngt.exec:\windows\system32\dwdsrngt.exe CHD00157⤵
- Drops startup file
- Executes dropped EXE
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Modifies registry class
-
\??\c:\windows\SysWOW64\dwdsrngt.exec:\windows\system32\dwdsrngt.exe CHD00158⤵
- Drops startup file
- Executes dropped EXE
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Modifies registry class
-
\??\c:\windows\SysWOW64\dwdsrngt.exec:\windows\system32\dwdsrngt.exe CHD00159⤵
- Executes dropped EXE
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
-
\??\c:\windows\SysWOW64\dwdsrngt.exec:\windows\system32\dwdsrngt.exe CHD00160⤵
- Executes dropped EXE
- Drops file in System32 directory
-
\??\c:\windows\SysWOW64\dwdsrngt.exec:\windows\system32\dwdsrngt.exe CHD00161⤵
- Executes dropped EXE
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Modifies registry class
-
\??\c:\windows\SysWOW64\dwdsrngt.exec:\windows\system32\dwdsrngt.exe CHD00162⤵
- Executes dropped EXE
- Modifies registry class
-
\??\c:\windows\SysWOW64\dwdsrngt.exec:\windows\system32\dwdsrngt.exe CHD00163⤵
- Drops startup file
- Executes dropped EXE
- Modifies registry class
-
\??\c:\windows\SysWOW64\dwdsrngt.exec:\windows\system32\dwdsrngt.exe CHD00164⤵
- Drops startup file
- Executes dropped EXE
-
\??\c:\windows\SysWOW64\dwdsrngt.exec:\windows\system32\dwdsrngt.exe CHD00165⤵
- Drops startup file
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\windows\SysWOW64\dwdsrngt.exec:\windows\system32\dwdsrngt.exe CHD00166⤵
- Drops startup file
- System Location Discovery: System Language Discovery
- Modifies registry class
-
\??\c:\windows\SysWOW64\dwdsrngt.exec:\windows\system32\dwdsrngt.exe CHD00167⤵
- Drops startup file
- System Location Discovery: System Language Discovery
-
\??\c:\windows\SysWOW64\dwdsrngt.exec:\windows\system32\dwdsrngt.exe CHD00168⤵
- Drops startup file
- Drops file in System32 directory
- Modifies registry class
-
\??\c:\windows\SysWOW64\dwdsrngt.exec:\windows\system32\dwdsrngt.exe CHD00169⤵
- Drops startup file
- System Location Discovery: System Language Discovery
-
\??\c:\windows\SysWOW64\dwdsrngt.exec:\windows\system32\dwdsrngt.exe CHD00170⤵
- Drops startup file
- System Location Discovery: System Language Discovery
- Modifies registry class
-
\??\c:\windows\SysWOW64\dwdsrngt.exec:\windows\system32\dwdsrngt.exe CHD00171⤵
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
-
\??\c:\windows\SysWOW64\dwdsrngt.exec:\windows\system32\dwdsrngt.exe CHD00172⤵
- Drops startup file
- Modifies registry class
-
\??\c:\windows\SysWOW64\dwdsrngt.exec:\windows\system32\dwdsrngt.exe CHD00173⤵
- Drops startup file
- Modifies registry class
-
\??\c:\windows\SysWOW64\dwdsrngt.exec:\windows\system32\dwdsrngt.exe CHD00174⤵
- Modifies registry class
-
\??\c:\windows\SysWOW64\dwdsrngt.exec:\windows\system32\dwdsrngt.exe CHD00175⤵
- Drops startup file
- Drops file in System32 directory
- Modifies registry class
-
\??\c:\windows\SysWOW64\dwdsrngt.exec:\windows\system32\dwdsrngt.exe CHD00176⤵
- Modifies registry class
-
\??\c:\windows\SysWOW64\dwdsrngt.exec:\windows\system32\dwdsrngt.exe CHD00177⤵
- Drops startup file
- Modifies registry class
-
\??\c:\windows\SysWOW64\dwdsrngt.exec:\windows\system32\dwdsrngt.exe CHD00178⤵
- Drops startup file
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Modifies registry class
-
\??\c:\windows\SysWOW64\dwdsrngt.exec:\windows\system32\dwdsrngt.exe CHD00179⤵
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Modifies registry class
-
\??\c:\windows\SysWOW64\dwdsrngt.exec:\windows\system32\dwdsrngt.exe CHD00180⤵
- Drops startup file
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Modifies registry class
-
\??\c:\windows\SysWOW64\dwdsrngt.exec:\windows\system32\dwdsrngt.exe CHD00181⤵
- Drops startup file
- System Location Discovery: System Language Discovery
-
\??\c:\windows\SysWOW64\dwdsrngt.exec:\windows\system32\dwdsrngt.exe CHD00182⤵
- Modifies registry class
-
\??\c:\windows\SysWOW64\dwdsrngt.exec:\windows\system32\dwdsrngt.exe CHD00183⤵
- Drops startup file
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
-
\??\c:\windows\SysWOW64\dwdsrngt.exec:\windows\system32\dwdsrngt.exe CHD00184⤵
- Modifies registry class
-
\??\c:\windows\SysWOW64\dwdsrngt.exec:\windows\system32\dwdsrngt.exe CHD00185⤵
- Drops startup file
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
-
\??\c:\windows\SysWOW64\dwdsrngt.exec:\windows\system32\dwdsrngt.exe CHD00186⤵
- Drops startup file
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
-
\??\c:\windows\SysWOW64\dwdsrngt.exec:\windows\system32\dwdsrngt.exe CHD00187⤵
- Drops file in System32 directory
- Modifies registry class
-
\??\c:\windows\SysWOW64\dwdsrngt.exec:\windows\system32\dwdsrngt.exe CHD00188⤵
- Drops startup file
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
-
\??\c:\windows\SysWOW64\dwdsrngt.exec:\windows\system32\dwdsrngt.exe CHD00189⤵
- Drops file in System32 directory
- Modifies registry class
-
\??\c:\windows\SysWOW64\dwdsrngt.exec:\windows\system32\dwdsrngt.exe CHD00190⤵
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
-
\??\c:\windows\SysWOW64\dwdsrngt.exec:\windows\system32\dwdsrngt.exe CHD00191⤵
- Drops startup file
- Drops file in System32 directory
- Modifies registry class
-
\??\c:\windows\SysWOW64\dwdsrngt.exec:\windows\system32\dwdsrngt.exe CHD00192⤵
- Drops startup file
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
-
\??\c:\windows\SysWOW64\dwdsrngt.exec:\windows\system32\dwdsrngt.exe CHD00193⤵
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Modifies registry class
-
\??\c:\windows\SysWOW64\dwdsrngt.exec:\windows\system32\dwdsrngt.exe CHD00194⤵
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Modifies registry class
-
\??\c:\windows\SysWOW64\dwdsrngt.exec:\windows\system32\dwdsrngt.exe CHD00195⤵
- Drops startup file
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
-
\??\c:\windows\SysWOW64\dwdsrngt.exec:\windows\system32\dwdsrngt.exe CHD00196⤵
- Drops startup file
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
-
\??\c:\windows\SysWOW64\dwdsrngt.exec:\windows\system32\dwdsrngt.exe CHD00197⤵
- System Location Discovery: System Language Discovery
- Modifies registry class
-
\??\c:\windows\SysWOW64\dwdsrngt.exec:\windows\system32\dwdsrngt.exe CHD00198⤵
- Drops startup file
- System Location Discovery: System Language Discovery
-
\??\c:\windows\SysWOW64\dwdsrngt.exec:\windows\system32\dwdsrngt.exe CHD00199⤵
- Drops startup file
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Modifies registry class
-
\??\c:\windows\SysWOW64\dwdsrngt.exec:\windows\system32\dwdsrngt.exe CHD001100⤵
- System Location Discovery: System Language Discovery
- Modifies registry class
-
\??\c:\windows\SysWOW64\dwdsrngt.exec:\windows\system32\dwdsrngt.exe CHD001101⤵
- Drops startup file
- Modifies registry class
-
\??\c:\windows\SysWOW64\dwdsrngt.exec:\windows\system32\dwdsrngt.exe CHD001102⤵
- Drops file in System32 directory
-
\??\c:\windows\SysWOW64\dwdsrngt.exec:\windows\system32\dwdsrngt.exe CHD001103⤵
- Drops startup file
- Drops file in System32 directory
-
\??\c:\windows\SysWOW64\dwdsrngt.exec:\windows\system32\dwdsrngt.exe CHD001104⤵
- Drops startup file
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Modifies registry class
-
\??\c:\windows\SysWOW64\dwdsrngt.exec:\windows\system32\dwdsrngt.exe CHD001105⤵
- Drops startup file
- Drops file in System32 directory
- Modifies registry class
-
\??\c:\windows\SysWOW64\dwdsrngt.exec:\windows\system32\dwdsrngt.exe CHD001106⤵
- Drops startup file
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
-
\??\c:\windows\SysWOW64\dwdsrngt.exec:\windows\system32\dwdsrngt.exe CHD001107⤵
- Drops file in System32 directory
- Modifies registry class
-
\??\c:\windows\SysWOW64\dwdsrngt.exec:\windows\system32\dwdsrngt.exe CHD001108⤵
- Drops startup file
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Modifies registry class
-
\??\c:\windows\SysWOW64\dwdsrngt.exec:\windows\system32\dwdsrngt.exe CHD001109⤵
-
\??\c:\windows\SysWOW64\dwdsrngt.exec:\windows\system32\dwdsrngt.exe CHD001110⤵
- System Location Discovery: System Language Discovery
- Modifies registry class
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
Filesize
920B
MD5e696c3808f1c86462e4eeb4ed998cb26
SHA13515d35da3419be4da7b4777cbfe1bfc5f88f5ff
SHA2562e70bf1a6887a55c1f0620fc393619dcd9208bfb764feb7cd5c791a9fe807c07
SHA512052108430d4f203b8711007112c99153505b4ef060e80ffae80e1382f5d5b2fd54539f95d4e72f257366733f9025cd6b8e9385cdc213d521001322d649b3db1c
-
Filesize
56KB
MD521b937135a58d49ebfc5d1a64c7a8ef0
SHA19343b9bf387214c8833ef1310b12c8509f05fef8
SHA256cd14109bf6bf3fc3d2417e8f3f1910976455251df2ae628fbd17f43cac5d264d
SHA512806894bbc7b0809fcfca41f8007bf510704c2230850cae720d6b4b48c94b366740a71668e6e319fb04ee9311c13708a178206f663bb7c943d8ede1be61b56233
-
Filesize
17B
MD5b9b738b5d5b92889336547a6c22d3991
SHA155e7ec0184ac63a182d8973d68a7294d493b75e4
SHA256c327e7bb193088f8afc07ff624422abc3cf7f06bed33b62ba08b443bf306d69f
SHA5125a2879f1aeb783e1b1895cc7a7fc3f752c6a6173581f71062c0c145bf78e560de848294111a1f1ae79e92e96e604ec455af0e69d073a74e9827dcd0fd5489af7