Malware Analysis Report

2025-08-10 22:43

Sample ID 250127-zn7kdavnby
Target 2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851
SHA256 2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851
Tags
discovery
score
5/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
5/10

SHA256

2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851

Threat Level: Likely benign

The file 2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851 was found to be: Likely benign.

Malicious Activity Summary

discovery

Drops file in System32 directory

Drops file in Windows directory

Unsigned PE

System Location Discovery: System Language Discovery

Program crash

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2025-01-27 20:52

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2025-01-27 20:52

Reported

2025-01-27 20:55

Platform

win7-20241010-en

Max time kernel

122s

Max time network

123s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe"

Signatures

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\dvdplay.exe C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe N/A
File opened for modification C:\Windows\SysWOW64\explorer.exe C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe N/A
File opened for modification C:\Windows\SysWOW64\sethc.exe C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe N/A
File opened for modification C:\Windows\SysWOW64\rundll32.exe C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe N/A
File opened for modification C:\Windows\SysWOW64\sdiagnhost.exe C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe N/A
File opened for modification C:\Windows\SysWOW64\setupSNK.exe C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe N/A
File opened for modification C:\Windows\SysWOW64\systeminfo.exe C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe N/A
File opened for modification C:\Windows\SysWOW64\TCPSVCS.EXE C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe N/A
File opened for modification C:\Windows\SysWOW64\ReAgentc.exe C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe N/A
File opened for modification C:\Windows\SysWOW64\label.exe C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe N/A
File opened for modification C:\Windows\SysWOW64\wsmprovhost.exe C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe N/A
File opened for modification C:\Windows\SysWOW64\PushPrinterConnections.exe C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe N/A
File opened for modification C:\Windows\SysWOW64\wiaacmgr.exe C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe N/A
File opened for modification C:\Windows\SysWOW64\InfDefaultInstall.exe C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe N/A
File opened for modification C:\Windows\SysWOW64\typeperf.exe C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe N/A
File opened for modification C:\Windows\SysWOW64\ieUnatt.exe C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe N/A
File opened for modification C:\Windows\SysWOW64\LocationNotifications.exe C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe N/A
File opened for modification C:\Windows\SysWOW64\fontview.exe C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe N/A
File opened for modification C:\Windows\SysWOW64\help.exe C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe N/A
File opened for modification C:\Windows\SysWOW64\msdt.exe C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe N/A
File opened for modification C:\Windows\SysWOW64\powercfg.exe C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe N/A
File opened for modification C:\Windows\SysWOW64\control.exe C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe N/A
File opened for modification C:\Windows\SysWOW64\driverquery.exe C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe N/A
File opened for modification C:\Windows\SysWOW64\WerFaultSecure.exe C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe N/A
File opened for modification C:\Windows\SysWOW64\wermgr.exe C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe N/A
File opened for modification C:\Windows\SysWOW64\iscsicli.exe C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe N/A
File opened for modification C:\Windows\SysWOW64\prevhost.exe C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe N/A
File opened for modification C:\Windows\SysWOW64\dfrgui.exe C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe N/A
File opened for modification C:\Windows\SysWOW64\rrinstaller.exe C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe N/A
File opened for modification C:\Windows\SysWOW64\wecutil.exe C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe N/A
File opened for modification C:\Windows\SysWOW64\xwizard.exe C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe N/A
File opened for modification C:\Windows\SysWOW64\OptionalFeatures.exe C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe N/A
File opened for modification C:\Windows\SysWOW64\winrs.exe C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe N/A
File opened for modification C:\Windows\SysWOW64\Dism.exe C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe N/A
File opened for modification C:\Windows\SysWOW64\wbem\WMIC.exe C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe N/A
File opened for modification C:\Windows\SysWOW64\ctfmon.exe C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe N/A
File opened for modification C:\Windows\SysWOW64\HOSTNAME.EXE C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe N/A
File opened for modification C:\Windows\SysWOW64\lodctr.exe C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe N/A
File opened for modification C:\Windows\SysWOW64\poqexec.exe C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe N/A
File opened for modification C:\Windows\SysWOW64\tasklist.exe C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe N/A
File opened for modification C:\Windows\SysWOW64\ComputerDefaults.exe C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe N/A
File opened for modification C:\Windows\SysWOW64\mshta.exe C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe N/A
File opened for modification C:\Windows\SysWOW64\rekeywiz.exe C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe N/A
File opened for modification C:\Windows\SysWOW64\Robocopy.exe C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe N/A
File opened for modification C:\Windows\SysWOW64\perfmon.exe C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe N/A
File opened for modification C:\Windows\SysWOW64\ddodiag.exe C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe N/A
File opened for modification C:\Windows\SysWOW64\SearchProtocolHost.exe C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe N/A
File opened for modification C:\Windows\SysWOW64\verclsid.exe C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe N/A
File opened for modification C:\Windows\SysWOW64\wbem\mofcomp.exe C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe N/A
File opened for modification C:\Windows\SysWOW64\userinit.exe C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe N/A
File opened for modification C:\Windows\SysWOW64\wininit.exe C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe N/A
File opened for modification C:\Windows\SysWOW64\dvdupgrd.exe C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe N/A
File opened for modification C:\Windows\SysWOW64\reg.exe C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe N/A
File opened for modification C:\Windows\SysWOW64\shrpubw.exe C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe N/A
File opened for modification C:\Windows\SysWOW64\ipconfig.exe C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe N/A
File opened for modification C:\Windows\SysWOW64\mmc.exe C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe N/A
File opened for modification C:\Windows\SysWOW64\DpiScaling.exe C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe N/A
File opened for modification C:\Windows\SysWOW64\sort.exe C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe N/A
File opened for modification C:\Windows\SysWOW64\SystemPropertiesProtection.exe C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe N/A
File opened for modification C:\Windows\SysWOW64\RMActivate_ssp.exe C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe N/A
File opened for modification C:\Windows\SysWOW64\grpconv.exe C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe N/A
File opened for modification C:\Windows\SysWOW64\eudcedit.exe C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe N/A
File opened for modification C:\Windows\SysWOW64\mobsync.exe C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe N/A
File opened for modification C:\Windows\SysWOW64\w32tm.exe C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-setup-component_31bf3856ad364e35_6.1.7601.17514_none_905283bdc3e1d2d8\oobeldr.exe C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-writewin_31bf3856ad364e35_6.1.7600.16385_none_378836c309ee380e\write.exe C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe N/A
File opened for modification C:\Windows\winsxs\amd64_netfx35cdf-csd_cdf_installer_31bf3856ad364e35_6.1.7600.16385_none_b45109ec45a678fc\WFServicesReg.exe C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe N/A
File opened for modification C:\Windows\winsxs\x86_microsoft-windows-m..cationnotifications_31bf3856ad364e35_6.1.7600.16385_none_175ab6276b721d6a\LocationNotifications.exe C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-msinfo32-exe_31bf3856ad364e35_6.1.7601.17514_none_0a026c46104dd379\msinfo32.exe C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe N/A
File opened for modification C:\Windows\winsxs\x86_microsoft-windows-shell-previewhost_31bf3856ad364e35_6.1.7601.17514_none_4544cf0e5f20beea\prevhost.exe C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-compact_31bf3856ad364e35_6.1.7600.16385_none_55ea2c71cf438ffc\compact.exe C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-i..-setieinstalleddate_31bf3856ad364e35_11.2.9600.16428_none_eace14b8d6178cca\SetIEInstalledDate.exe C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-s..mpropertieshardware_31bf3856ad364e35_6.1.7600.16385_none_9cef76e6ecab612f\SystemPropertiesHardware.exe C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-sidebar_31bf3856ad364e35_6.1.7601.17514_none_2d02b12c3d47a517\sidebar.exe C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe N/A
File opened for modification C:\Windows\winsxs\msil_jsc_b03f5f7f11d50a3a_6.1.7600.16385_none_7c5b469993c3ad32\jsc.exe C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-s..restartup-repairbde_31bf3856ad364e35_6.1.7601.17514_none_301a46c726a4cdc6\repair-bde.exe C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe N/A
File opened for modification C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.17514_none_b5e2b6396ecea306\MpCmdRun.exe C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-s..-downlevel.binaries_31bf3856ad364e35_6.3.9600.16428_none_5faf8886ff3d65d0\MsSpellCheckingFacility.exe C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe N/A
File opened for modification C:\Windows\winsxs\amd64_netfx35linq-vb_compiler_orcas_31bf3856ad364e35_6.1.7601.17514_none_f4285a06060032a9\vbc.exe C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe N/A
File opened for modification C:\Windows\winsxs\x86_microsoft-windows-d..-japanese-utilities_31bf3856ad364e35_6.1.7601.17514_none_ef38a8d0d05cc2c7\IMJPDCT.EXE C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe N/A
File opened for modification C:\Windows\winsxs\x86_netfx-clrgc_b03f5f7f11d50a3a_6.1.7601.17514_none_f5276fe6b5adf276\clrgc.exe C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-autofmt_31bf3856ad364e35_6.1.7601.17514_none_441a424cd5cda219\autofmt.exe C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-dispdiag_31bf3856ad364e35_6.1.7600.16385_none_a0d95afc49c833b6\dispdiag.exe C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe N/A
File opened for modification C:\Windows\winsxs\x86_microsoft-windows-r..eak-diagnostic-core_31bf3856ad364e35_6.1.7600.16385_none_5ae7f926deb5de01\rdrleakdiag.exe C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-ie-setup-support_31bf3856ad364e35_8.0.7601.17514_none_3eb101caec1acc2c\ie4uinit.exe C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..installerandprintui_31bf3856ad364e35_6.1.7601.17514_none_347a450f0c8bd52d\printui.exe C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe N/A
File opened for modification C:\Windows\winsxs\amd64_regasm_b03f5f7f11d50a3a_6.1.7601.17514_none_a3c349b4bdac0898\RegAsm.exe C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-computerdefaults_31bf3856ad364e35_6.1.7600.16385_none_626b9352dcfa715c\ComputerDefaults.exe C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-ie-pdm_31bf3856ad364e35_8.0.7600.16385_none_6425238b793ee910\PDMSetup.exe C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-m..-diagnostic-results_31bf3856ad364e35_6.1.7600.16385_none_84db2473005c51cb\MdRes.exe C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-commandlinehelp_31bf3856ad364e35_6.1.7600.16385_none_3020274b22e8a90f\help.exe C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-directshow-dvdupgrd_31bf3856ad364e35_6.1.7600.16385_none_d9bb586ff6564bbc\dvdupgrd.exe C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_6.1.7601.17514_none_ce2d22115368db7a\WerFaultSecure.exe C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe N/A
File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-netbt_31bf3856ad364e35_6.1.7601.17514_none_c8df7823424473a1\netbtugc.exe C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe N/A
File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-tzutil_31bf3856ad364e35_6.1.7601.17514_none_9cbe849a4e275c84\tzutil.exe C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe N/A
File opened for modification C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17727_none_6e30004a126a8db7\ntoskrnl.exe C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe N/A
File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-setupapi_31bf3856ad364e35_6.1.7601.17514_none_9d700972113e2691\wowreg32.exe C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-fontview_31bf3856ad364e35_6.1.7600.16385_none_a058fee6d0280cab\fontview.exe C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-makecab_31bf3856ad364e35_6.1.7600.16385_none_4cc4738d82efdf85\makecab.exe C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe N/A
File opened for modification C:\Windows\winsxs\x86_microsoft-windows-control_31bf3856ad364e35_6.1.7600.16385_none_99424f610bd169de\control.exe C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe N/A
File opened for modification C:\Windows\twunk_16.exe C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-e..otocol-host-service_31bf3856ad364e35_6.1.7600.16385_none_e63ed98817cf16b1\Eap3Host.exe C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe N/A
File opened for modification C:\Windows\winsxs\amd64_netfx35linq-linqwebconfig_31bf3856ad364e35_6.1.7601.17514_none_b532bb17fea7ee9a\LinqWebConfig.exe C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe N/A
File opened for modification C:\Windows\winsxs\x86_addinprocess32_b77a5c561934e089_6.1.7601.17514_none_83171a284b28fcec\AddInProcess32.exe C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-muicachebuilder_31bf3856ad364e35_6.1.7601.17514_none_7832a1aacb77df29\mcbuilder.exe C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-terminalservices-theme_31bf3856ad364e35_6.1.7600.16385_none_31db018394805d6b\TSTheme.exe C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe N/A
File opened for modification C:\Windows\winsxs\x86_microsoft-windows-msinfo32-exe-common_31bf3856ad364e35_6.1.7601.17514_none_884c69064922f75b\msinfo32.exe C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe N/A
File opened for modification C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-ie-iexpress_31bf3856ad364e35_11.2.9600.16428_none_46d2efef53c02386\wextract.exe C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_6f0f7833cb71e18d\appcmd.exe C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.17514_none_4008824c98f8edac\dnscacheugc.exe C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-rasconnectionmanager_31bf3856ad364e35_6.1.7601.17514_none_bd4644e077251730\cmmon32.exe C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe N/A
File opened for modification C:\Windows\winsxs\wow64_microsoft-windows-m..onwizardapplication_31bf3856ad364e35_6.1.7601.17514_none_22f5c6aadf559287\migwiz.exe C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe N/A
File opened for modification C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17514_none_0b66cb34258c936f\poqexec.exe C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe N/A
File opened for modification C:\Windows\winsxs\amd64_brmfcmf.inf_31bf3856ad364e35_6.1.7600.16385_none_6f8740b92fea8e01\BrmfRsmg.exe C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-ie-htmlapplication_31bf3856ad364e35_11.2.9600.16428_none_3bb1024f1e6bc086\mshta.exe C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-s..ative-serverbox-isv_31bf3856ad364e35_6.1.7601.17514_none_533cd4f8150e6a86\RMActivate_ssp_isv.exe C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_60c2504d62fd4f0e\icsunattend.exe C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe N/A
File opened for modification C:\Windows\winsxs\x86_microsoft-windows-ie-ielowutil_31bf3856ad364e35_11.2.9600.16428_none_8cae83b0cdeb7a9b\ielowutil.exe C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe N/A
File opened for modification C:\Windows\winsxs\x86_microsoft-windows-ping-utilities_31bf3856ad364e35_6.1.7600.16385_none_a907fb2af12e5dc6\PING.EXE C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe N/A
File opened for modification C:\Windows\winhlp32.exe C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-mapi_31bf3856ad364e35_6.1.7601.17514_none_097346be305f3966\fixmapi.exe C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe N/A
File opened for modification C:\Windows\explorer.exe C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe N/A
File opened for modification C:\Windows\winsxs\amd64_brmfcwia.inf_31bf3856ad364e35_6.1.7600.16385_none_11493a3982b640b7\BrmfRsmg.exe C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-p..ng-server-isolation_31bf3856ad364e35_6.1.7600.16385_none_f8a40495785334a9\PrintIsolationHost.exe C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe N/A
File opened for modification C:\Windows\notepad.exe C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.1.7601.17514_none_698fc88e65b943d6\wmpconfig.exe C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe

"C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe"

Network

N/A

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2025-01-27 20:52

Reported

2025-01-27 20:55

Platform

win10v2004-20241007-en

Max time kernel

91s

Max time network

142s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe"

Signatures

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe

"C:\Users\Admin\AppData\Local\Temp\2c88ccda58164a6b875beae37faee71af5fc2992ba06dfbe2502975e5b01c851.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 3164 -ip 3164

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3164 -s 320

Network

Country Destination Domain Proto
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 182.129.81.91.in-addr.arpa udp
US 8.8.8.8:53 5.114.82.104.in-addr.arpa udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 167.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 133.130.81.91.in-addr.arpa udp

Files

N/A