Overview

overview

10

Static

static

5

78d8798321...c1.exe

windows7-x64

10

78d8798321...c1.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    38s
  • max time network
    118s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01-01-2025 00:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    78d8798321d584cc4ddae211cee8e580e69d3b488b8a1766cc0c2a74d5fc85c1.exe

  • Size

    45KB

  • MD5

    684af18f6e2d31560c806ddef68d6251

  • SHA1

    325833769314cfae1d6eec3549dcee6ce66edd9f

  • SHA256

    78d8798321d584cc4ddae211cee8e580e69d3b488b8a1766cc0c2a74d5fc85c1

  • SHA512

    3efbf913b149455133bb831bf288959b5af3bfe663eaf078e1e2a744ddc5d457e89c371f5e8f10c2e1c09f139bbe7dd3017fd8565132a87c625f06daa74b1d85

  • SSDEEP

    768:qhP0kDE9N5dCA8J7VHXdrIniQaBTT+QQ+r1n4K8+C9TtIuCjaqUODvJVQ2X:GsWE9N5dFu53dsniQaB/xZ14n7zIF+qD

Score
10/10
tinbabankerdiscoverypersistencetrojanupx

Malware Config

Signatures

  • Tinba / TinyBanker

    Banking trojan which uses packet sniffing to steal data.

    trojanbankertinba
  • Tinba family
    tinba
  • Boot or Logon Autostart Execution: Active Setup 2 TTPs 8 IoCs

    Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    persistence
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Enumerates connected drives 3 TTPs 16 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • UPX packed file 1 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks SCSI registry key(s) 3 TTPs 64 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 12 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 14 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\sihost.exe
    sihost.exe
    1⤵
    • Modifies registry class
    PID:2128
  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:3480
      • C:\Users\Admin\AppData\Local\Temp\78d8798321d584cc4ddae211cee8e580e69d3b488b8a1766cc0c2a74d5fc85c1.exe
        "C:\Users\Admin\AppData\Local\Temp\78d8798321d584cc4ddae211cee8e580e69d3b488b8a1766cc0c2a74d5fc85c1.exe"
        2⤵
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2468
        • C:\Windows\SysWOW64\winver.exe
          winver
          3⤵
          • Adds Run key to start application
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of WriteProcessMemory
          PID:4072
          • C:\Windows\SysWOW64\WerFault.exe
            C:\Windows\SysWOW64\WerFault.exe -u -p 4072 -s 352
            4⤵
            • Program crash
            PID:3532
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Boot or Logon Autostart Execution: Active Setup
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:3780
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 4072 -ip 4072
      1⤵
        PID:4336
      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
        1⤵
        • Modifies registry class
        • Suspicious use of SetWindowsHookEx
        PID:4172
      • C:\Windows\explorer.exe
        explorer.exe
        1⤵
        • Boot or Logon Autostart Execution: Active Setup
        • Enumerates connected drives
        • Checks SCSI registry key(s)
        • Modifies registry class
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        PID:2004
      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
        1⤵
        • Suspicious use of SetWindowsHookEx
        PID:1512
      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
        1⤵
        • Modifies Internet Explorer settings
        • Modifies registry class
        • Suspicious use of SetWindowsHookEx
        PID:3016
      • C:\Windows\explorer.exe
        explorer.exe
        1⤵
        • Boot or Logon Autostart Execution: Active Setup
        • Enumerates connected drives
        • Checks SCSI registry key(s)
        • Modifies registry class
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of SendNotifyMessage
        PID:4280
      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
        1⤵
        • Modifies registry class
        • Suspicious use of SetWindowsHookEx
        PID:3992
      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
        1⤵
        • Modifies Internet Explorer settings
        • Modifies registry class
        • Suspicious use of SetWindowsHookEx
        PID:3032
      • C:\Windows\explorer.exe
        explorer.exe
        1⤵
        • Boot or Logon Autostart Execution: Active Setup
        • Enumerates connected drives
        • Checks SCSI registry key(s)
        • Modifies registry class
        • Suspicious use of SendNotifyMessage
        PID:4452
      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
        1⤵
        • Suspicious use of SetWindowsHookEx
        PID:4176
      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
        1⤵
        • Modifies Internet Explorer settings
        • Modifies registry class
        • Suspicious use of SetWindowsHookEx
        PID:3612
      • C:\Windows\explorer.exe
        explorer.exe
        1⤵
        • Boot or Logon Autostart Execution: Active Setup
        • Enumerates connected drives
        • Checks SCSI registry key(s)
        PID:3856
      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
        1⤵
        • Suspicious use of SetWindowsHookEx
        PID:3980
      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
        1⤵
        • Modifies Internet Explorer settings
        • Modifies registry class
        • Suspicious use of SetWindowsHookEx
        PID:1072
      • C:\Windows\explorer.exe
        explorer.exe
        1⤵
        • Boot or Logon Autostart Execution: Active Setup
        • Enumerates connected drives
        • Checks SCSI registry key(s)
        PID:4124
      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
        1⤵
        • Suspicious use of SetWindowsHookEx
        PID:4632
      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
        1⤵
        • Modifies Internet Explorer settings
        • Modifies registry class
        • Suspicious use of SetWindowsHookEx
        PID:4060
      • C:\Windows\explorer.exe
        explorer.exe
        1⤵
        • Boot or Logon Autostart Execution: Active Setup
        • Enumerates connected drives
        • Checks SCSI registry key(s)
        • Modifies registry class
        PID:180
      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
        1⤵
        • Suspicious use of SetWindowsHookEx
        PID:3616
      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
        1⤵
        • Modifies Internet Explorer settings
        • Modifies registry class
        • Suspicious use of SetWindowsHookEx
        PID:2808
      • C:\Windows\explorer.exe
        explorer.exe
        1⤵
        • Boot or Logon Autostart Execution: Active Setup
        • Enumerates connected drives
        • Checks SCSI registry key(s)
        • Modifies registry class
        PID:2508
      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
        1⤵
        • Modifies registry class
        • Suspicious use of SetWindowsHookEx
        PID:840
      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
        1⤵
          PID:3832
        • C:\Windows\explorer.exe
          explorer.exe
          1⤵
            PID:3540
          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
            1⤵
              PID:3688
            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
              1⤵
                PID:180
              • C:\Windows\explorer.exe
                explorer.exe
                1⤵
                  PID:4720
                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                  1⤵
                    PID:2160
                  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                    1⤵
                      PID:3628
                    • C:\Windows\explorer.exe
                      explorer.exe
                      1⤵
                        PID:3504
                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                        1⤵
                          PID:2844
                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                          1⤵
                            PID:1500
                          • C:\Windows\explorer.exe
                            explorer.exe
                            1⤵
                              PID:4716
                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                              1⤵
                                PID:1392
                              • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                1⤵
                                  PID:5068
                                • C:\Windows\explorer.exe
                                  explorer.exe
                                  1⤵
                                    PID:1168
                                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                    1⤵
                                      PID:1588
                                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                      1⤵
                                        PID:4176
                                      • C:\Windows\explorer.exe
                                        explorer.exe
                                        1⤵
                                          PID:4364
                                        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                          1⤵
                                            PID:636
                                          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                            1⤵
                                              PID:3992
                                            • C:\Windows\explorer.exe
                                              explorer.exe
                                              1⤵
                                                PID:1000
                                              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                1⤵
                                                  PID:4188
                                                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                  1⤵
                                                    PID:1252
                                                  • C:\Windows\explorer.exe
                                                    explorer.exe
                                                    1⤵
                                                      PID:3580
                                                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                      1⤵
                                                        PID:4656
                                                      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                        1⤵
                                                          PID:1820
                                                        • C:\Windows\explorer.exe
                                                          explorer.exe
                                                          1⤵
                                                            PID:4060
                                                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                            1⤵
                                                              PID:2644
                                                            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                              1⤵
                                                                PID:2912
                                                              • C:\Windows\explorer.exe
                                                                explorer.exe
                                                                1⤵
                                                                  PID:3584
                                                                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                  1⤵
                                                                    PID:5000
                                                                  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                    1⤵
                                                                      PID:3652
                                                                    • C:\Windows\explorer.exe
                                                                      explorer.exe
                                                                      1⤵
                                                                        PID:5004
                                                                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                        1⤵
                                                                          PID:3948
                                                                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                          1⤵
                                                                            PID:4232
                                                                          • C:\Windows\explorer.exe
                                                                            explorer.exe
                                                                            1⤵
                                                                              PID:4136
                                                                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                              1⤵
                                                                                PID:1944
                                                                              • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                1⤵
                                                                                  PID:2592
                                                                                • C:\Windows\explorer.exe
                                                                                  explorer.exe
                                                                                  1⤵
                                                                                    PID:392
                                                                                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                    1⤵
                                                                                      PID:3992
                                                                                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                      1⤵
                                                                                        PID:1064
                                                                                      • C:\Windows\explorer.exe
                                                                                        explorer.exe
                                                                                        1⤵
                                                                                          PID:5036
                                                                                        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                          1⤵
                                                                                            PID:2580
                                                                                          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                            1⤵
                                                                                              PID:3996
                                                                                            • C:\Windows\explorer.exe
                                                                                              explorer.exe
                                                                                              1⤵
                                                                                                PID:636
                                                                                              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                1⤵
                                                                                                  PID:4804
                                                                                                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                  1⤵
                                                                                                    PID:4224
                                                                                                  • C:\Windows\explorer.exe
                                                                                                    explorer.exe
                                                                                                    1⤵
                                                                                                      PID:3996
                                                                                                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                      1⤵
                                                                                                        PID:1416
                                                                                                      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                        1⤵
                                                                                                          PID:1124
                                                                                                        • C:\Windows\explorer.exe
                                                                                                          explorer.exe
                                                                                                          1⤵
                                                                                                            PID:3540

                                                                                                          Network

                                                                                                          MITRE ATT&CK Enterprise v15

                                                                                                          Replay Monitor

                                                                                                          Loading Replay Monitor...

                                                                                                          Downloads

                                                                                                          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_CBDCCBFE4F7A916411C1E69BDD97BB04
                                                                                                            Filesize

                                                                                                            471B

                                                                                                            MD5

                                                                                                            04813c2e01bae56ddd2d943fcb96910c

                                                                                                            SHA1

                                                                                                            bacbb2e023ce07201a180a241642427740b1a220

                                                                                                            SHA256

                                                                                                            f402f46c2cbe5c4049fd10104af51ae77db4eb5a5d257a775b4d9283b52ee6ab

                                                                                                            SHA512

                                                                                                            19f74ee2665fc74f0a4e72e67f5f447403a03445e68db0599c2e121676a8eda92a191674b91a33c358a6bff6b25526dffdff16dc57c31369ec43f55f3f8e438b

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_CBDCCBFE4F7A916411C1E69BDD97BB04
                                                                                                            Filesize

                                                                                                            412B

                                                                                                            MD5

                                                                                                            196d0c93a85a5aa42c469dfe72640c32

                                                                                                            SHA1

                                                                                                            029ebc1a2c1faab99d1b1521f96911d3fb652b74

                                                                                                            SHA256

                                                                                                            2905b00528423b05c81cfa1194ff2f83a399787f44354a5c593e2c5cd74ab20a

                                                                                                            SHA512

                                                                                                            a4149c6627ee0dc2ec9f60bfe9583e663560534588d8f7811b1fe54396c84eb82bbdbe5e87b8be159a24a2b5d6b451968f171581bc043d5c5779f8068a35316c

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\TokenBroker\Cache\fbaf94e759052658216786bfbabcdced1b67a5c2.tbres
                                                                                                            Filesize

                                                                                                            2KB

                                                                                                            MD5

                                                                                                            ff79099baa19042f3af030850a9ef7cf

                                                                                                            SHA1

                                                                                                            5600a95645a7312c596bef0f44cbc9d99cd4b382

                                                                                                            SHA256

                                                                                                            a7d784048ec9dc450f1708ea2da23d5cf68aedd1956378c5df518a0f2856b4a7

                                                                                                            SHA512

                                                                                                            16fdc64f709d36afa1e9b94289cf105733b4d6ea769906111f53df3ae17f6f9a2fc912901da48d935d4faa8d930c01c703a0d017894b7ef2cea6e5fa02af2b90

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\1QK7O5FT\microsoft.windows[1].xml
                                                                                                            Filesize

                                                                                                            97B

                                                                                                            MD5

                                                                                                            d999f65105ba511b9a85c92595366aa5

                                                                                                            SHA1

                                                                                                            acd1800ccb77d1ed5bf43fd29c05fbcdd9d14adb

                                                                                                            SHA256

                                                                                                            626774fae7cf7de253841c4d2244fa2a50cc4a5abf5cb2d2006afd836412ba5a

                                                                                                            SHA512

                                                                                                            c793a44c17918e30348fe2b836bfbcf0edacb4f76b99f6dc6a67d8047cfbd2079645a853500e9520b202883f8cce2433690406edf47b08cf334272df6c4c60f9

                                                                                                            Download Submit

                                                                                                          • memory/180-1057-0x00000287B6840000-0x00000287B6940000-memory.dmp

                                                                                                            Filesize

                                                                                                            1024KB

                                                                                                            Download

                                                                                                          • memory/180-1056-0x00000287B6840000-0x00000287B6940000-memory.dmp

                                                                                                            Filesize

                                                                                                            1024KB

                                                                                                            Download

                                                                                                          • memory/180-765-0x0000000004850000-0x0000000004851000-memory.dmp

                                                                                                            Filesize

                                                                                                            4KB

                                                                                                            Download

                                                                                                          • memory/180-1055-0x00000287B6840000-0x00000287B6940000-memory.dmp

                                                                                                            Filesize

                                                                                                            1024KB

                                                                                                            Download

                                                                                                          • memory/180-1083-0x00000287B7D60000-0x00000287B7D80000-memory.dmp

                                                                                                            Filesize

                                                                                                            128KB

                                                                                                            Download

                                                                                                          • memory/180-1071-0x00000287B7950000-0x00000287B7970000-memory.dmp

                                                                                                            Filesize

                                                                                                            128KB

                                                                                                            Download

                                                                                                          • memory/180-1060-0x00000287B7990000-0x00000287B79B0000-memory.dmp

                                                                                                            Filesize

                                                                                                            128KB

                                                                                                            Download

                                                                                                          • memory/1072-477-0x000002BA726B0000-0x000002BA726D0000-memory.dmp

                                                                                                            Filesize

                                                                                                            128KB

                                                                                                            Download

                                                                                                          • memory/1072-472-0x000002B270550000-0x000002B270650000-memory.dmp

                                                                                                            Filesize

                                                                                                            1024KB

                                                                                                            Download

                                                                                                          • memory/1072-500-0x000002BA72A80000-0x000002BA72AA0000-memory.dmp

                                                                                                            Filesize

                                                                                                            128KB

                                                                                                            Download

                                                                                                          • memory/1072-489-0x000002BA72670000-0x000002BA72690000-memory.dmp

                                                                                                            Filesize

                                                                                                            128KB

                                                                                                            Download

                                                                                                          • memory/1072-473-0x000002B270550000-0x000002B270650000-memory.dmp

                                                                                                            Filesize

                                                                                                            1024KB

                                                                                                            Download

                                                                                                          • memory/2004-23-0x0000000004B40000-0x0000000004B41000-memory.dmp

                                                                                                            Filesize

                                                                                                            4KB

                                                                                                            Download

                                                                                                          • memory/2128-145-0x00000000001B0000-0x00000000001B6000-memory.dmp

                                                                                                            Filesize

                                                                                                            24KB

                                                                                                            Download

                                                                                                          • memory/2468-9-0x0000000002230000-0x0000000002C30000-memory.dmp

                                                                                                            Filesize

                                                                                                            10.0MB

                                                                                                            Download

                                                                                                          • memory/2468-8-0x0000000000400000-0x000000000041D000-memory.dmp

                                                                                                            Filesize

                                                                                                            116KB

                                                                                                            Download

                                                                                                          • memory/2468-0-0x0000000000400000-0x000000000041D000-memory.dmp

                                                                                                            Filesize

                                                                                                            116KB

                                                                                                            Download

                                                                                                          • memory/2468-1-0x00000000006C0000-0x00000000006C1000-memory.dmp

                                                                                                            Filesize

                                                                                                            4KB

                                                                                                            Download

                                                                                                          • memory/2468-4-0x0000000002230000-0x0000000002C30000-memory.dmp

                                                                                                            Filesize

                                                                                                            10.0MB

                                                                                                            Download

                                                                                                          • memory/2508-914-0x0000000004680000-0x0000000004681000-memory.dmp

                                                                                                            Filesize

                                                                                                            4KB

                                                                                                            Download

                                                                                                          • memory/2808-768-0x000001F1BF9B0000-0x000001F1BFAB0000-memory.dmp

                                                                                                            Filesize

                                                                                                            1024KB

                                                                                                            Download

                                                                                                          • memory/2808-767-0x000001F1BF9B0000-0x000001F1BFAB0000-memory.dmp

                                                                                                            Filesize

                                                                                                            1024KB

                                                                                                            Download

                                                                                                          • memory/2808-772-0x000001F1C0B20000-0x000001F1C0B40000-memory.dmp

                                                                                                            Filesize

                                                                                                            128KB

                                                                                                            Download

                                                                                                          • memory/2808-795-0x000001F1C0EE0000-0x000001F1C0F00000-memory.dmp

                                                                                                            Filesize

                                                                                                            128KB

                                                                                                            Download

                                                                                                          • memory/2808-786-0x000001F1C07D0000-0x000001F1C07F0000-memory.dmp

                                                                                                            Filesize

                                                                                                            128KB

                                                                                                            Download

                                                                                                          • memory/3016-24-0x000001C725320000-0x000001C725420000-memory.dmp

                                                                                                            Filesize

                                                                                                            1024KB

                                                                                                            Download

                                                                                                          • memory/3016-60-0x000001C726700000-0x000001C726720000-memory.dmp

                                                                                                            Filesize

                                                                                                            128KB

                                                                                                            Download

                                                                                                          • memory/3016-25-0x000001C725320000-0x000001C725420000-memory.dmp

                                                                                                            Filesize

                                                                                                            1024KB

                                                                                                            Download

                                                                                                          • memory/3016-29-0x000001C726340000-0x000001C726360000-memory.dmp

                                                                                                            Filesize

                                                                                                            128KB

                                                                                                            Download

                                                                                                          • memory/3016-40-0x000001C726300000-0x000001C726320000-memory.dmp

                                                                                                            Filesize

                                                                                                            128KB

                                                                                                            Download

                                                                                                          • memory/3032-181-0x0000022035300000-0x0000022035400000-memory.dmp

                                                                                                            Filesize

                                                                                                            1024KB

                                                                                                            Download

                                                                                                          • memory/3032-205-0x0000022036810000-0x0000022036830000-memory.dmp

                                                                                                            Filesize

                                                                                                            128KB

                                                                                                            Download

                                                                                                          • memory/3032-196-0x0000022036400000-0x0000022036420000-memory.dmp

                                                                                                            Filesize

                                                                                                            128KB

                                                                                                            Download

                                                                                                          • memory/3032-180-0x0000022035300000-0x0000022035400000-memory.dmp

                                                                                                            Filesize

                                                                                                            1024KB

                                                                                                            Download

                                                                                                          • memory/3032-185-0x0000022036440000-0x0000022036460000-memory.dmp

                                                                                                            Filesize

                                                                                                            128KB

                                                                                                            Download

                                                                                                          • memory/3480-3-0x0000000001380000-0x0000000001386000-memory.dmp

                                                                                                            Filesize

                                                                                                            24KB

                                                                                                            Download

                                                                                                          • memory/3480-2-0x0000000001380000-0x0000000001386000-memory.dmp

                                                                                                            Filesize

                                                                                                            24KB

                                                                                                            Download

                                                                                                          • memory/3480-6-0x00007FFD6E98D000-0x00007FFD6E98E000-memory.dmp

                                                                                                            Filesize

                                                                                                            4KB

                                                                                                            Download

                                                                                                          • memory/3480-12-0x0000000001460000-0x0000000001461000-memory.dmp

                                                                                                            Filesize

                                                                                                            4KB

                                                                                                            Download

                                                                                                          • memory/3540-1054-0x0000000004480000-0x0000000004481000-memory.dmp

                                                                                                            Filesize

                                                                                                            4KB

                                                                                                            Download

                                                                                                          • memory/3612-339-0x000002CC852D0000-0x000002CC852F0000-memory.dmp

                                                                                                            Filesize

                                                                                                            128KB

                                                                                                            Download

                                                                                                          • memory/3612-348-0x000002CC85290000-0x000002CC852B0000-memory.dmp

                                                                                                            Filesize

                                                                                                            128KB

                                                                                                            Download

                                                                                                          • memory/3612-360-0x000002CC858A0000-0x000002CC858C0000-memory.dmp

                                                                                                            Filesize

                                                                                                            128KB

                                                                                                            Download

                                                                                                          • memory/3628-1201-0x0000025C66800000-0x0000025C66900000-memory.dmp

                                                                                                            Filesize

                                                                                                            1024KB

                                                                                                            Download

                                                                                                          • memory/3628-1200-0x0000025C66800000-0x0000025C66900000-memory.dmp

                                                                                                            Filesize

                                                                                                            1024KB

                                                                                                            Download

                                                                                                          • memory/3832-943-0x000002D637F80000-0x000002D637FA0000-memory.dmp

                                                                                                            Filesize

                                                                                                            128KB

                                                                                                            Download

                                                                                                          • memory/3832-931-0x000002D637B70000-0x000002D637B90000-memory.dmp

                                                                                                            Filesize

                                                                                                            128KB

                                                                                                            Download

                                                                                                          • memory/3832-917-0x000002CE35900000-0x000002CE35A00000-memory.dmp

                                                                                                            Filesize

                                                                                                            1024KB

                                                                                                            Download

                                                                                                          • memory/3832-921-0x000002D637BB0000-0x000002D637BD0000-memory.dmp

                                                                                                            Filesize

                                                                                                            128KB

                                                                                                            Download

                                                                                                          • memory/3856-471-0x0000000002A20000-0x0000000002A21000-memory.dmp

                                                                                                            Filesize

                                                                                                            4KB

                                                                                                            Download

                                                                                                          • memory/4060-622-0x00000239B8200000-0x00000239B8300000-memory.dmp

                                                                                                            Filesize

                                                                                                            1024KB

                                                                                                            Download

                                                                                                          • memory/4060-635-0x00000239B8DC0000-0x00000239B8DE0000-memory.dmp

                                                                                                            Filesize

                                                                                                            128KB

                                                                                                            Download

                                                                                                          • memory/4060-646-0x00000239B96D0000-0x00000239B96F0000-memory.dmp

                                                                                                            Filesize

                                                                                                            128KB

                                                                                                            Download

                                                                                                          • memory/4060-627-0x00000239B9300000-0x00000239B9320000-memory.dmp

                                                                                                            Filesize

                                                                                                            128KB

                                                                                                            Download

                                                                                                          • memory/4072-11-0x0000000000630000-0x0000000000636000-memory.dmp

                                                                                                            Filesize

                                                                                                            24KB

                                                                                                            Download

                                                                                                          • memory/4072-7-0x00007FFD6E8F0000-0x00007FFD6EAE5000-memory.dmp

                                                                                                            Filesize

                                                                                                            2.0MB

                                                                                                            Download

                                                                                                          • memory/4072-5-0x0000000077012000-0x0000000077013000-memory.dmp

                                                                                                            Filesize

                                                                                                            4KB

                                                                                                            Download

                                                                                                          • memory/4072-18-0x0000000000630000-0x0000000000636000-memory.dmp

                                                                                                            Filesize

                                                                                                            24KB

                                                                                                            Download

                                                                                                          • memory/4124-620-0x0000000004C50000-0x0000000004C51000-memory.dmp

                                                                                                            Filesize

                                                                                                            4KB

                                                                                                            Download

                                                                                                          • memory/4280-178-0x00000000045E0000-0x00000000045E1000-memory.dmp

                                                                                                            Filesize

                                                                                                            4KB

                                                                                                            Download

                                                                                                          • memory/4452-332-0x0000000004AE0000-0x0000000004AE1000-memory.dmp

                                                                                                            Filesize

                                                                                                            4KB

                                                                                                            Download

                                                                                                          • memory/4720-1198-0x0000000004820000-0x0000000004821000-memory.dmp

                                                                                                            Filesize

                                                                                                            4KB

                                                                                                            Download