description	ioc	Process
File created	C:\Windows\system32\yrqdf\wusa.exe	cmd.exe
File opened for modification	C:\Windows\system32\yrqdf\wusa.exe	cmd.exe

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000_CLASSES\MSCFile\shell	Process not Found
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000_CLASSES\MSCFile\shell\open	Process not Found
Key deleted	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000_CLASSES\MSCFile\shell\open	Process not Found
Key deleted	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000_CLASSES\MSCFile\shell	Process not Found
Key deleted	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000_CLASSES\MSCFile	Process not Found
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000_CLASSES\MSCFile	Process not Found
Set value (str)	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000_CLASSES\MSCFile\shell\open\command\ = "C:\\Windows\\system32\\cmd.exe /c C:\\Users\\Admin\\AppData\\Local\\Temp\\gSffju.cmd"	Process not Found
Key deleted	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000_CLASSES\MSCFile\shell\open\command	Process not Found
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000_CLASSES\MSCFile\shell\open\command	Process not Found

pid	Process
2512	rundll32.exe
2512	rundll32.exe
2512	rundll32.exe
1128	Process not Found
1128	Process not Found
1128	Process not Found
1128	Process not Found
1128	Process not Found
1128	Process not Found
1128	Process not Found
1128	Process not Found
1128	Process not Found
1128	Process not Found
1128	Process not Found
1128	Process not Found
1128	Process not Found
1128	Process not Found
1128	Process not Found
1128	Process not Found
1128	Process not Found
1128	Process not Found
1128	Process not Found
1128	Process not Found
1128	Process not Found
1128	Process not Found
1128	Process not Found
1128	Process not Found
1128	Process not Found
1128	Process not Found
1128	Process not Found
1128	Process not Found
1128	Process not Found
1128	Process not Found
1128	Process not Found
1128	Process not Found
1128	Process not Found
1128	Process not Found
1128	Process not Found
1128	Process not Found
1128	Process not Found
1128	Process not Found
1128	Process not Found
1128	Process not Found
1128	Process not Found
1128	Process not Found
1128	Process not Found
1128	Process not Found
1128	Process not Found
1128	Process not Found
1128	Process not Found
1128	Process not Found
1128	Process not Found
1128	Process not Found
1128	Process not Found
1128	Process not Found
1128	Process not Found
1128	Process not Found
1128	Process not Found
1128	Process not Found
1128	Process not Found
1128	Process not Found
1128	Process not Found
1128	Process not Found
1128	Process not Found

description	pid	Process	procid_target
PID 1128 wrote to memory of 2812	1128	Process not Found	31
PID 1128 wrote to memory of 2812	1128	Process not Found	31
PID 1128 wrote to memory of 2812	1128	Process not Found	31
PID 1128 wrote to memory of 1248	1128	Process not Found	32
PID 1128 wrote to memory of 1248	1128	Process not Found	32
PID 1128 wrote to memory of 1248	1128	Process not Found	32
PID 1128 wrote to memory of 380	1128	Process not Found	34
PID 1128 wrote to memory of 380	1128	Process not Found	34
PID 1128 wrote to memory of 380	1128	Process not Found	34
PID 1128 wrote to memory of 2236	1128	Process not Found	35
PID 1128 wrote to memory of 2236	1128	Process not Found	35
PID 1128 wrote to memory of 2236	1128	Process not Found	35
PID 1128 wrote to memory of 1644	1128	Process not Found	37
PID 1128 wrote to memory of 1644	1128	Process not Found	37
PID 1128 wrote to memory of 1644	1128	Process not Found	37
PID 1644 wrote to memory of 1344	1644	eventvwr.exe	38
PID 1644 wrote to memory of 1344	1644	eventvwr.exe	38
PID 1644 wrote to memory of 1344	1644	eventvwr.exe	38
PID 1344 wrote to memory of 1936	1344	cmd.exe	40
PID 1344 wrote to memory of 1936	1344	cmd.exe	40
PID 1344 wrote to memory of 1936	1344	cmd.exe	40
PID 1128 wrote to memory of 1672	1128	Process not Found	41
PID 1128 wrote to memory of 1672	1128	Process not Found	41
PID 1128 wrote to memory of 1672	1128	Process not Found	41
PID 1672 wrote to memory of 1856	1672	cmd.exe	43
PID 1672 wrote to memory of 1856	1672	cmd.exe	43
PID 1672 wrote to memory of 1856	1672	cmd.exe	43
PID 1128 wrote to memory of 2916	1128	Process not Found	44
PID 1128 wrote to memory of 2916	1128	Process not Found	44
PID 1128 wrote to memory of 2916	1128	Process not Found	44
PID 2916 wrote to memory of 2944	2916	cmd.exe	46
PID 2916 wrote to memory of 2944	2916	cmd.exe	46
PID 2916 wrote to memory of 2944	2916	cmd.exe	46
PID 1128 wrote to memory of 2928	1128	Process not Found	47
PID 1128 wrote to memory of 2928	1128	Process not Found	47
PID 1128 wrote to memory of 2928	1128	Process not Found	47
PID 2928 wrote to memory of 1480	2928	cmd.exe	49
PID 2928 wrote to memory of 1480	2928	cmd.exe	49
PID 2928 wrote to memory of 1480	2928	cmd.exe	49
PID 1128 wrote to memory of 112	1128	Process not Found	51
PID 1128 wrote to memory of 112	1128	Process not Found	51
PID 1128 wrote to memory of 112	1128	Process not Found	51
PID 112 wrote to memory of 1308	112	cmd.exe	53
PID 112 wrote to memory of 1308	112	cmd.exe	53
PID 112 wrote to memory of 1308	112	cmd.exe	53
PID 1128 wrote to memory of 1780	1128	Process not Found	54
PID 1128 wrote to memory of 1780	1128	Process not Found	54
PID 1128 wrote to memory of 1780	1128	Process not Found	54
PID 1780 wrote to memory of 952	1780	cmd.exe	56
PID 1780 wrote to memory of 952	1780	cmd.exe	56
PID 1780 wrote to memory of 952	1780	cmd.exe	56
PID 1128 wrote to memory of 2520	1128	Process not Found	57
PID 1128 wrote to memory of 2520	1128	Process not Found	57
PID 1128 wrote to memory of 2520	1128	Process not Found	57
PID 2520 wrote to memory of 2780	2520	cmd.exe	59
PID 2520 wrote to memory of 2780	2520	cmd.exe	59
PID 2520 wrote to memory of 2780	2520	cmd.exe	59

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads