Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

bca3772529...45.exe

windows7-x64

10

bca3772529...45.exe

windows10-2004-x64

10

bccb34575f...72.exe

windows7-x64

10

bccb34575f...72.exe

windows10-2004-x64

10

bcf1af9a5a...be.exe

windows7-x64

10

bcf1af9a5a...be.exe

windows10-2004-x64

8

bcf783e363...97.exe

windows7-x64

3

bcf783e363...97.exe

windows10-2004-x64

3

bd515574dc...8c.exe

windows7-x64

1

bd515574dc...8c.exe

windows10-2004-x64

1

bd68ca7605...39.exe

windows7-x64

10

bd68ca7605...39.exe

windows10-2004-x64

10

bd707a0357...e3.exe

windows7-x64

9

bd707a0357...e3.exe

windows10-2004-x64

9

bd7edfedeb...0b.exe

windows7-x64

10

bd7edfedeb...0b.exe

windows10-2004-x64

10

bdad1ff46d...f2.exe

windows7-x64

10

bdad1ff46d...f2.exe

windows10-2004-x64

10

bdae9ff159...df.exe

windows7-x64

10

bdae9ff159...df.exe

windows10-2004-x64

10

be01d2552c...1c.exe

windows7-x64

10

be01d2552c...1c.exe

windows10-2004-x64

10

be077774c9...87.exe

windows7-x64

10

be077774c9...87.exe

windows10-2004-x64

10

be0a8aeb7e...56.exe

windows7-x64

3

be0a8aeb7e...56.exe

windows10-2004-x64

3

be1643898c...f5.exe

windows7-x64

7

be1643898c...f5.exe

windows10-2004-x64

10

be183db6d4...94.exe

windows7-x64

10

be183db6d4...94.exe

windows10-2004-x64

10

be2375e810...94.exe

windows7-x64

10

be2375e810...94.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20250207-en
  • resource tags

    arch:x64arch:x86image:win7-20250207-enlocale:en-usos:windows7-x64system
  • submitted
    22/03/2025, 06:15 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bd7edfedebe8a680d801ffd5b2415cd3877e95c78edb8cfc44eaae3e0e9a1e0b.exe

  • Size

    300KB

  • MD5

    4bb553f72fc435ab9d6bc0cd2f5dcf27

  • SHA1

    3a4623813ca0b3e8ce929bd7c555534c2e207e6c

  • SHA256

    bd7edfedebe8a680d801ffd5b2415cd3877e95c78edb8cfc44eaae3e0e9a1e0b

  • SHA512

    6c42ef68d52d473f7beb12109eadedb59eed09d5126b13330beccb793d2a2e717d94f9aa493e4190c5d6283518a2fc245dd6aa24b69f5d82649d5b6a07b5e8de

  • SSDEEP

    6144:mevNyKnYli6n3hICfse6VlWT8b9PBLQBbmZSV:94K2WPVle8dS

Score
10/10
persistenceprivilege_escalation

Malware Config

Signatures

  • Modifies WinLogon for persistence 2 TTPs 1 IoCs
    persistence
  • Event Triggered Execution: AppInit DLLs 1 TTPs

    Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.

    persistenceprivilege_escalation
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in Windows directory 1 IoCs
  • Scheduled Task/Job: Scheduled Task 1 TTPs 46 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

    persistenceexecution
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Users\Admin\AppData\Local\Temp\bd7edfedebe8a680d801ffd5b2415cd3877e95c78edb8cfc44eaae3e0e9a1e0b.exe
    "C:\Users\Admin\AppData\Local\Temp\bd7edfedebe8a680d801ffd5b2415cd3877e95c78edb8cfc44eaae3e0e9a1e0b.exe"
    1⤵
    • Modifies WinLogon for persistence
    • Adds Run key to start application
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2840
    • C:\Windows\system32\CMD.exe
      "CMD" /C SchTaSKs /CrEAte /F /sc OnLoGoN /rl HighEst /tn "HandBrake" /tr "C:\Users\Public\Documents\xdwdMicrosoft Security Essentials.exe" & exit
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2636
      • C:\Windows\system32\schtasks.exe
        SchTaSKs /CrEAte /F /sc OnLoGoN /rl HighEst /tn "HandBrake" /tr "C:\Users\Public\Documents\xdwdMicrosoft Security Essentials.exe"
        3⤵
        • Scheduled Task/Job: Scheduled Task
        PID:2740
    • C:\Windows\system32\CMD.exe
      "CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "MATLAB" /tr "C:\Users\Public\Documents\xdwdMicrosoft Security Essentials.exe" /RL HIGHEST & exit
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2916
      • C:\Windows\system32\schtasks.exe
        SchTaSKs /create /f /sc minute /mo -1 /tn "MATLAB" /tr "C:\Users\Public\Documents\xdwdMicrosoft Security Essentials.exe" /RL HIGHEST
        3⤵
        • Scheduled Task/Job: Scheduled Task
        PID:1316
    • C:\Windows\system32\CMD.exe
      "CMD" /c SchTaSKs /create /f /sc minute /mo 5 /tn "Evernote" /tr "C:\Users\Public\Pictures\xdwdRainmeter.exe" /RL HIGHEST & exit
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2128
      • C:\Windows\system32\schtasks.exe
        SchTaSKs /create /f /sc minute /mo 5 /tn "Evernote" /tr "C:\Users\Public\Pictures\xdwdRainmeter.exe" /RL HIGHEST
        3⤵
        • Scheduled Task/Job: Scheduled Task
        • Suspicious behavior: EnumeratesProcesses
        PID:764
    • C:\Windows\system32\CMD.exe
      "CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "MATLAB" /tr "C:\Users\Public\Documents\xdwdMicrosoft Security Essentials.exe" /RL HIGHEST & exit
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:2868
      • C:\Windows\system32\schtasks.exe
        SchTaSKs /create /f /sc minute /mo -1 /tn "MATLAB" /tr "C:\Users\Public\Documents\xdwdMicrosoft Security Essentials.exe" /RL HIGHEST
        3⤵
        • Scheduled Task/Job: Scheduled Task
        • Suspicious behavior: EnumeratesProcesses
        PID:1940
    • C:\Windows\system32\CMD.exe
      "CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "MATLAB" /tr "C:\Users\Public\Documents\xdwdMicrosoft Security Essentials.exe" /RL HIGHEST & exit
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:3068
      • C:\Windows\system32\schtasks.exe
        SchTaSKs /create /f /sc minute /mo -1 /tn "MATLAB" /tr "C:\Users\Public\Documents\xdwdMicrosoft Security Essentials.exe" /RL HIGHEST
        3⤵
        • Scheduled Task/Job: Scheduled Task
        • Suspicious behavior: EnumeratesProcesses
        PID:2272
    • C:\Windows\system32\CMD.exe
      "CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "MATLAB" /tr "C:\Users\Public\Documents\xdwdMicrosoft Security Essentials.exe" /RL HIGHEST & exit
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:288
      • C:\Windows\system32\schtasks.exe
        SchTaSKs /create /f /sc minute /mo -1 /tn "MATLAB" /tr "C:\Users\Public\Documents\xdwdMicrosoft Security Essentials.exe" /RL HIGHEST
        3⤵
        • Scheduled Task/Job: Scheduled Task
        • Suspicious behavior: EnumeratesProcesses
        PID:3008
    • C:\Windows\system32\CMD.exe
      "CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "MATLAB" /tr "C:\Users\Public\Documents\xdwdMicrosoft Security Essentials.exe" /RL HIGHEST & exit
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1672
      • C:\Windows\system32\schtasks.exe
        SchTaSKs /create /f /sc minute /mo -1 /tn "MATLAB" /tr "C:\Users\Public\Documents\xdwdMicrosoft Security Essentials.exe" /RL HIGHEST
        3⤵
        • Scheduled Task/Job: Scheduled Task
        PID:840
    • C:\Windows\system32\CMD.exe
      "CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "MATLAB" /tr "C:\Users\Public\Documents\xdwdMicrosoft Security Essentials.exe" /RL HIGHEST & exit
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1156
      • C:\Windows\system32\schtasks.exe
        SchTaSKs /create /f /sc minute /mo -1 /tn "MATLAB" /tr "C:\Users\Public\Documents\xdwdMicrosoft Security Essentials.exe" /RL HIGHEST
        3⤵
        • Scheduled Task/Job: Scheduled Task
        PID:944
    • C:\Windows\system32\CMD.exe
      "CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "MATLAB" /tr "C:\Users\Public\Documents\xdwdMicrosoft Security Essentials.exe" /RL HIGHEST & exit
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1724
      • C:\Windows\system32\schtasks.exe
        SchTaSKs /create /f /sc minute /mo -1 /tn "MATLAB" /tr "C:\Users\Public\Documents\xdwdMicrosoft Security Essentials.exe" /RL HIGHEST
        3⤵
        • Scheduled Task/Job: Scheduled Task
        PID:3048
    • C:\Windows\system32\CMD.exe
      "CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "MATLAB" /tr "C:\Users\Public\Documents\xdwdMicrosoft Security Essentials.exe" /RL HIGHEST & exit
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1760
      • C:\Windows\system32\schtasks.exe
        SchTaSKs /create /f /sc minute /mo -1 /tn "MATLAB" /tr "C:\Users\Public\Documents\xdwdMicrosoft Security Essentials.exe" /RL HIGHEST
        3⤵
        • Scheduled Task/Job: Scheduled Task
        PID:3024
    • C:\Windows\system32\CMD.exe
      "CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "MATLAB" /tr "C:\Users\Public\Documents\xdwdMicrosoft Security Essentials.exe" /RL HIGHEST & exit
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2468
      • C:\Windows\system32\schtasks.exe
        SchTaSKs /create /f /sc minute /mo -1 /tn "MATLAB" /tr "C:\Users\Public\Documents\xdwdMicrosoft Security Essentials.exe" /RL HIGHEST
        3⤵
        • Scheduled Task/Job: Scheduled Task
        PID:2524
    • C:\Windows\system32\CMD.exe
      "CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "MATLAB" /tr "C:\Users\Public\Documents\xdwdMicrosoft Security Essentials.exe" /RL HIGHEST & exit
      2⤵
        PID:688
        • C:\Windows\system32\schtasks.exe
          SchTaSKs /create /f /sc minute /mo -1 /tn "MATLAB" /tr "C:\Users\Public\Documents\xdwdMicrosoft Security Essentials.exe" /RL HIGHEST
          3⤵
          • Scheduled Task/Job: Scheduled Task
          PID:572
      • C:\Windows\system32\CMD.exe
        "CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "MATLAB" /tr "C:\Users\Public\Documents\xdwdMicrosoft Security Essentials.exe" /RL HIGHEST & exit
        2⤵
          PID:3064
          • C:\Windows\system32\schtasks.exe
            SchTaSKs /create /f /sc minute /mo -1 /tn "MATLAB" /tr "C:\Users\Public\Documents\xdwdMicrosoft Security Essentials.exe" /RL HIGHEST
            3⤵
            • Scheduled Task/Job: Scheduled Task
            PID:2244
        • C:\Windows\system32\CMD.exe
          "CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "MATLAB" /tr "C:\Users\Public\Documents\xdwdMicrosoft Security Essentials.exe" /RL HIGHEST & exit
          2⤵
            PID:2796
            • C:\Windows\system32\schtasks.exe
              SchTaSKs /create /f /sc minute /mo -1 /tn "MATLAB" /tr "C:\Users\Public\Documents\xdwdMicrosoft Security Essentials.exe" /RL HIGHEST
              3⤵
              • Scheduled Task/Job: Scheduled Task
              PID:1876
          • C:\Windows\system32\CMD.exe
            "CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "MATLAB" /tr "C:\Users\Public\Documents\xdwdMicrosoft Security Essentials.exe" /RL HIGHEST & exit
            2⤵
              PID:1688
              • C:\Windows\system32\schtasks.exe
                SchTaSKs /create /f /sc minute /mo -1 /tn "MATLAB" /tr "C:\Users\Public\Documents\xdwdMicrosoft Security Essentials.exe" /RL HIGHEST
                3⤵
                • Scheduled Task/Job: Scheduled Task
                PID:3012
            • C:\Windows\system32\CMD.exe
              "CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "MATLAB" /tr "C:\Users\Public\Documents\xdwdMicrosoft Security Essentials.exe" /RL HIGHEST & exit
              2⤵
                PID:2392
                • C:\Windows\system32\schtasks.exe
                  SchTaSKs /create /f /sc minute /mo -1 /tn "MATLAB" /tr "C:\Users\Public\Documents\xdwdMicrosoft Security Essentials.exe" /RL HIGHEST
                  3⤵
                  • Scheduled Task/Job: Scheduled Task
                  PID:2568
              • C:\Windows\system32\CMD.exe
                "CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "MATLAB" /tr "C:\Users\Public\Documents\xdwdMicrosoft Security Essentials.exe" /RL HIGHEST & exit
                2⤵
                  PID:2564
                  • C:\Windows\system32\schtasks.exe
                    SchTaSKs /create /f /sc minute /mo -1 /tn "MATLAB" /tr "C:\Users\Public\Documents\xdwdMicrosoft Security Essentials.exe" /RL HIGHEST
                    3⤵
                    • Scheduled Task/Job: Scheduled Task
                    PID:1756
                • C:\Windows\system32\CMD.exe
                  "CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "MATLAB" /tr "C:\Users\Public\Documents\xdwdMicrosoft Security Essentials.exe" /RL HIGHEST & exit
                  2⤵
                    PID:1336
                    • C:\Windows\system32\schtasks.exe
                      SchTaSKs /create /f /sc minute /mo -1 /tn "MATLAB" /tr "C:\Users\Public\Documents\xdwdMicrosoft Security Essentials.exe" /RL HIGHEST
                      3⤵
                      • Scheduled Task/Job: Scheduled Task
                      PID:1028
                  • C:\Windows\system32\CMD.exe
                    "CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "MATLAB" /tr "C:\Users\Public\Documents\xdwdMicrosoft Security Essentials.exe" /RL HIGHEST & exit
                    2⤵
                      PID:2536
                      • C:\Windows\system32\schtasks.exe
                        SchTaSKs /create /f /sc minute /mo -1 /tn "MATLAB" /tr "C:\Users\Public\Documents\xdwdMicrosoft Security Essentials.exe" /RL HIGHEST
                        3⤵
                        • Scheduled Task/Job: Scheduled Task
                        PID:1484
                    • C:\Windows\system32\CMD.exe
                      "CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "MATLAB" /tr "C:\Users\Public\Documents\xdwdMicrosoft Security Essentials.exe" /RL HIGHEST & exit
                      2⤵
                        PID:2656
                        • C:\Windows\system32\schtasks.exe
                          SchTaSKs /create /f /sc minute /mo -1 /tn "MATLAB" /tr "C:\Users\Public\Documents\xdwdMicrosoft Security Essentials.exe" /RL HIGHEST
                          3⤵
                          • Scheduled Task/Job: Scheduled Task
                          PID:2668
                      • C:\Windows\system32\CMD.exe
                        "CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "MATLAB" /tr "C:\Users\Public\Documents\xdwdMicrosoft Security Essentials.exe" /RL HIGHEST & exit
                        2⤵
                          PID:1144
                          • C:\Windows\system32\schtasks.exe
                            SchTaSKs /create /f /sc minute /mo -1 /tn "MATLAB" /tr "C:\Users\Public\Documents\xdwdMicrosoft Security Essentials.exe" /RL HIGHEST
                            3⤵
                            • Scheduled Task/Job: Scheduled Task
                            PID:2268
                        • C:\Windows\system32\CMD.exe
                          "CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "MATLAB" /tr "C:\Users\Public\Documents\xdwdMicrosoft Security Essentials.exe" /RL HIGHEST & exit
                          2⤵
                            PID:1504
                            • C:\Windows\system32\schtasks.exe
                              SchTaSKs /create /f /sc minute /mo -1 /tn "MATLAB" /tr "C:\Users\Public\Documents\xdwdMicrosoft Security Essentials.exe" /RL HIGHEST
                              3⤵
                              • Scheduled Task/Job: Scheduled Task
                              PID:2124
                          • C:\Windows\system32\CMD.exe
                            "CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "MATLAB" /tr "C:\Users\Public\Documents\xdwdMicrosoft Security Essentials.exe" /RL HIGHEST & exit
                            2⤵
                              PID:2096
                              • C:\Windows\system32\schtasks.exe
                                SchTaSKs /create /f /sc minute /mo -1 /tn "MATLAB" /tr "C:\Users\Public\Documents\xdwdMicrosoft Security Essentials.exe" /RL HIGHEST
                                3⤵
                                • Scheduled Task/Job: Scheduled Task
                                PID:2552
                            • C:\Windows\system32\CMD.exe
                              "CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "MATLAB" /tr "C:\Users\Public\Documents\xdwdMicrosoft Security Essentials.exe" /RL HIGHEST & exit
                              2⤵
                                PID:3068
                                • C:\Windows\system32\schtasks.exe
                                  SchTaSKs /create /f /sc minute /mo -1 /tn "MATLAB" /tr "C:\Users\Public\Documents\xdwdMicrosoft Security Essentials.exe" /RL HIGHEST
                                  3⤵
                                  • Scheduled Task/Job: Scheduled Task
                                  PID:2376
                              • C:\Windows\system32\CMD.exe
                                "CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "MATLAB" /tr "C:\Users\Public\Documents\xdwdMicrosoft Security Essentials.exe" /RL HIGHEST & exit
                                2⤵
                                  PID:1800
                                  • C:\Windows\system32\schtasks.exe
                                    SchTaSKs /create /f /sc minute /mo -1 /tn "MATLAB" /tr "C:\Users\Public\Documents\xdwdMicrosoft Security Essentials.exe" /RL HIGHEST
                                    3⤵
                                    • Scheduled Task/Job: Scheduled Task
                                    PID:2204
                                • C:\Windows\system32\CMD.exe
                                  "CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "MATLAB" /tr "C:\Users\Public\Documents\xdwdMicrosoft Security Essentials.exe" /RL HIGHEST & exit
                                  2⤵
                                    PID:1492
                                    • C:\Windows\system32\schtasks.exe
                                      SchTaSKs /create /f /sc minute /mo -1 /tn "MATLAB" /tr "C:\Users\Public\Documents\xdwdMicrosoft Security Essentials.exe" /RL HIGHEST
                                      3⤵
                                      • Scheduled Task/Job: Scheduled Task
                                      PID:1544
                                  • C:\Windows\system32\CMD.exe
                                    "CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "MATLAB" /tr "C:\Users\Public\Documents\xdwdMicrosoft Security Essentials.exe" /RL HIGHEST & exit
                                    2⤵
                                      PID:1792
                                      • C:\Windows\system32\schtasks.exe
                                        SchTaSKs /create /f /sc minute /mo -1 /tn "MATLAB" /tr "C:\Users\Public\Documents\xdwdMicrosoft Security Essentials.exe" /RL HIGHEST
                                        3⤵
                                        • Scheduled Task/Job: Scheduled Task
                                        PID:1308
                                    • C:\Windows\system32\CMD.exe
                                      "CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "MATLAB" /tr "C:\Users\Public\Documents\xdwdMicrosoft Security Essentials.exe" /RL HIGHEST & exit
                                      2⤵
                                        PID:760
                                        • C:\Windows\system32\schtasks.exe
                                          SchTaSKs /create /f /sc minute /mo -1 /tn "MATLAB" /tr "C:\Users\Public\Documents\xdwdMicrosoft Security Essentials.exe" /RL HIGHEST
                                          3⤵
                                          • Scheduled Task/Job: Scheduled Task
                                          PID:1452
                                      • C:\Windows\system32\CMD.exe
                                        "CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "MATLAB" /tr "C:\Users\Public\Documents\xdwdMicrosoft Security Essentials.exe" /RL HIGHEST & exit
                                        2⤵
                                          PID:2060
                                          • C:\Windows\system32\schtasks.exe
                                            SchTaSKs /create /f /sc minute /mo -1 /tn "MATLAB" /tr "C:\Users\Public\Documents\xdwdMicrosoft Security Essentials.exe" /RL HIGHEST
                                            3⤵
                                            • Scheduled Task/Job: Scheduled Task
                                            PID:1712
                                        • C:\Windows\system32\CMD.exe
                                          "CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "MATLAB" /tr "C:\Users\Public\Documents\xdwdMicrosoft Security Essentials.exe" /RL HIGHEST & exit
                                          2⤵
                                            PID:2300
                                            • C:\Windows\system32\schtasks.exe
                                              SchTaSKs /create /f /sc minute /mo -1 /tn "MATLAB" /tr "C:\Users\Public\Documents\xdwdMicrosoft Security Essentials.exe" /RL HIGHEST
                                              3⤵
                                              • Scheduled Task/Job: Scheduled Task
                                              PID:1596
                                          • C:\Windows\system32\CMD.exe
                                            "CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "MATLAB" /tr "C:\Users\Public\Documents\xdwdMicrosoft Security Essentials.exe" /RL HIGHEST & exit
                                            2⤵
                                              PID:2636
                                              • C:\Windows\system32\schtasks.exe
                                                SchTaSKs /create /f /sc minute /mo -1 /tn "MATLAB" /tr "C:\Users\Public\Documents\xdwdMicrosoft Security Essentials.exe" /RL HIGHEST
                                                3⤵
                                                • Scheduled Task/Job: Scheduled Task
                                                PID:536
                                            • C:\Windows\system32\CMD.exe
                                              "CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "MATLAB" /tr "C:\Users\Public\Documents\xdwdMicrosoft Security Essentials.exe" /RL HIGHEST & exit
                                              2⤵
                                                PID:888
                                                • C:\Windows\system32\schtasks.exe
                                                  SchTaSKs /create /f /sc minute /mo -1 /tn "MATLAB" /tr "C:\Users\Public\Documents\xdwdMicrosoft Security Essentials.exe" /RL HIGHEST
                                                  3⤵
                                                  • Scheduled Task/Job: Scheduled Task
                                                  PID:1304
                                              • C:\Windows\system32\CMD.exe
                                                "CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "MATLAB" /tr "C:\Users\Public\Documents\xdwdMicrosoft Security Essentials.exe" /RL HIGHEST & exit
                                                2⤵
                                                  PID:2920
                                                  • C:\Windows\system32\schtasks.exe
                                                    SchTaSKs /create /f /sc minute /mo -1 /tn "MATLAB" /tr "C:\Users\Public\Documents\xdwdMicrosoft Security Essentials.exe" /RL HIGHEST
                                                    3⤵
                                                    • Scheduled Task/Job: Scheduled Task
                                                    PID:2824
                                                • C:\Windows\system32\CMD.exe
                                                  "CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "MATLAB" /tr "C:\Users\Public\Documents\xdwdMicrosoft Security Essentials.exe" /RL HIGHEST & exit
                                                  2⤵
                                                    PID:1628
                                                    • C:\Windows\system32\schtasks.exe
                                                      SchTaSKs /create /f /sc minute /mo -1 /tn "MATLAB" /tr "C:\Users\Public\Documents\xdwdMicrosoft Security Essentials.exe" /RL HIGHEST
                                                      3⤵
                                                      • Scheduled Task/Job: Scheduled Task
                                                      PID:3012
                                                  • C:\Windows\system32\CMD.exe
                                                    "CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "MATLAB" /tr "C:\Users\Public\Documents\xdwdMicrosoft Security Essentials.exe" /RL HIGHEST & exit
                                                    2⤵
                                                      PID:1648
                                                      • C:\Windows\system32\schtasks.exe
                                                        SchTaSKs /create /f /sc minute /mo -1 /tn "MATLAB" /tr "C:\Users\Public\Documents\xdwdMicrosoft Security Essentials.exe" /RL HIGHEST
                                                        3⤵
                                                        • Scheduled Task/Job: Scheduled Task
                                                        PID:2056
                                                    • C:\Windows\system32\CMD.exe
                                                      "CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "MATLAB" /tr "C:\Users\Public\Documents\xdwdMicrosoft Security Essentials.exe" /RL HIGHEST & exit
                                                      2⤵
                                                        PID:1672
                                                        • C:\Windows\system32\schtasks.exe
                                                          SchTaSKs /create /f /sc minute /mo -1 /tn "MATLAB" /tr "C:\Users\Public\Documents\xdwdMicrosoft Security Essentials.exe" /RL HIGHEST
                                                          3⤵
                                                          • Scheduled Task/Job: Scheduled Task
                                                          PID:2736
                                                      • C:\Windows\system32\CMD.exe
                                                        "CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "MATLAB" /tr "C:\Users\Public\Documents\xdwdMicrosoft Security Essentials.exe" /RL HIGHEST & exit
                                                        2⤵
                                                          PID:1000
                                                          • C:\Windows\system32\schtasks.exe
                                                            SchTaSKs /create /f /sc minute /mo -1 /tn "MATLAB" /tr "C:\Users\Public\Documents\xdwdMicrosoft Security Essentials.exe" /RL HIGHEST
                                                            3⤵
                                                            • Scheduled Task/Job: Scheduled Task
                                                            PID:1244
                                                        • C:\Windows\system32\CMD.exe
                                                          "CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "MATLAB" /tr "C:\Users\Public\Documents\xdwdMicrosoft Security Essentials.exe" /RL HIGHEST & exit
                                                          2⤵
                                                            PID:872
                                                            • C:\Windows\system32\schtasks.exe
                                                              SchTaSKs /create /f /sc minute /mo -1 /tn "MATLAB" /tr "C:\Users\Public\Documents\xdwdMicrosoft Security Essentials.exe" /RL HIGHEST
                                                              3⤵
                                                              • Scheduled Task/Job: Scheduled Task
                                                              PID:1252
                                                          • C:\Windows\system32\CMD.exe
                                                            "CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "MATLAB" /tr "C:\Users\Public\Documents\xdwdMicrosoft Security Essentials.exe" /RL HIGHEST & exit
                                                            2⤵
                                                              PID:2556
                                                              • C:\Windows\system32\schtasks.exe
                                                                SchTaSKs /create /f /sc minute /mo -1 /tn "MATLAB" /tr "C:\Users\Public\Documents\xdwdMicrosoft Security Essentials.exe" /RL HIGHEST
                                                                3⤵
                                                                • Scheduled Task/Job: Scheduled Task
                                                                PID:1604
                                                            • C:\Windows\system32\CMD.exe
                                                              "CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "MATLAB" /tr "C:\Users\Public\Documents\xdwdMicrosoft Security Essentials.exe" /RL HIGHEST & exit
                                                              2⤵
                                                                PID:2524
                                                                • C:\Windows\system32\schtasks.exe
                                                                  SchTaSKs /create /f /sc minute /mo -1 /tn "MATLAB" /tr "C:\Users\Public\Documents\xdwdMicrosoft Security Essentials.exe" /RL HIGHEST
                                                                  3⤵
                                                                  • Scheduled Task/Job: Scheduled Task
                                                                  PID:2776
                                                              • C:\Windows\system32\CMD.exe
                                                                "CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "MATLAB" /tr "C:\Users\Public\Documents\xdwdMicrosoft Security Essentials.exe" /RL HIGHEST & exit
                                                                2⤵
                                                                  PID:1160
                                                                  • C:\Windows\system32\schtasks.exe
                                                                    SchTaSKs /create /f /sc minute /mo -1 /tn "MATLAB" /tr "C:\Users\Public\Documents\xdwdMicrosoft Security Essentials.exe" /RL HIGHEST
                                                                    3⤵
                                                                    • Scheduled Task/Job: Scheduled Task
                                                                    PID:1624
                                                                • C:\Windows\system32\CMD.exe
                                                                  "CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "MATLAB" /tr "C:\Users\Public\Documents\xdwdMicrosoft Security Essentials.exe" /RL HIGHEST & exit
                                                                  2⤵
                                                                    PID:2108
                                                                    • C:\Windows\system32\schtasks.exe
                                                                      SchTaSKs /create /f /sc minute /mo -1 /tn "MATLAB" /tr "C:\Users\Public\Documents\xdwdMicrosoft Security Essentials.exe" /RL HIGHEST
                                                                      3⤵
                                                                      • Scheduled Task/Job: Scheduled Task
                                                                      PID:1064
                                                                  • C:\Windows\system32\CMD.exe
                                                                    "CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "MATLAB" /tr "C:\Users\Public\Documents\xdwdMicrosoft Security Essentials.exe" /RL HIGHEST & exit
                                                                    2⤵
                                                                      PID:1952
                                                                      • C:\Windows\system32\schtasks.exe
                                                                        SchTaSKs /create /f /sc minute /mo -1 /tn "MATLAB" /tr "C:\Users\Public\Documents\xdwdMicrosoft Security Essentials.exe" /RL HIGHEST
                                                                        3⤵
                                                                        • Scheduled Task/Job: Scheduled Task
                                                                        PID:2316
                                                                    • C:\Windows\system32\CMD.exe
                                                                      "CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "MATLAB" /tr "C:\Users\Public\Documents\xdwdMicrosoft Security Essentials.exe" /RL HIGHEST & exit
                                                                      2⤵
                                                                        PID:2264
                                                                        • C:\Windows\system32\schtasks.exe
                                                                          SchTaSKs /create /f /sc minute /mo -1 /tn "MATLAB" /tr "C:\Users\Public\Documents\xdwdMicrosoft Security Essentials.exe" /RL HIGHEST
                                                                          3⤵
                                                                          • Scheduled Task/Job: Scheduled Task
                                                                          PID:1880
                                                                      • C:\Windows\system32\CMD.exe
                                                                        "CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "MATLAB" /tr "C:\Users\Public\Documents\xdwdMicrosoft Security Essentials.exe" /RL HIGHEST & exit
                                                                        2⤵
                                                                          PID:108
                                                                          • C:\Windows\system32\schtasks.exe
                                                                            SchTaSKs /create /f /sc minute /mo -1 /tn "MATLAB" /tr "C:\Users\Public\Documents\xdwdMicrosoft Security Essentials.exe" /RL HIGHEST
                                                                            3⤵
                                                                            • Scheduled Task/Job: Scheduled Task
                                                                            PID:2324
                                                                        • C:\Windows\system32\CMD.exe
                                                                          "CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "MATLAB" /tr "C:\Users\Public\Documents\xdwdMicrosoft Security Essentials.exe" /RL HIGHEST & exit
                                                                          2⤵
                                                                            PID:2968
                                                                            • C:\Windows\system32\schtasks.exe
                                                                              SchTaSKs /create /f /sc minute /mo -1 /tn "MATLAB" /tr "C:\Users\Public\Documents\xdwdMicrosoft Security Essentials.exe" /RL HIGHEST
                                                                              3⤵
                                                                              • Scheduled Task/Job: Scheduled Task
                                                                              PID:2236

                                                                        Network

                                                                        MITRE ATT&CK Enterprise v15

                                                                        Replay Monitor

                                                                        Loading Replay Monitor...

                                                                        Downloads

                                                                        • C:\Windows\xdwd.dll
                                                                          Filesize

                                                                          136KB

                                                                          MD5

                                                                          16e5a492c9c6ae34c59683be9c51fa31

                                                                          SHA1

                                                                          97031b41f5c56f371c28ae0d62a2df7d585adaba

                                                                          SHA256

                                                                          35c8d022e1d917f1aabdceae98097ccc072161b302f84c768ca63e4b32ac2b66

                                                                          SHA512

                                                                          20fd369172ef5e3e2fde388666b42e8fe5f0c2bfa338c0345f45e98af6561a249ba3ecc48c3f16efcc73f02ecb67b3ddb1e2e8f0e77d18fa00ac34e6379e50b6

                                                                          Download Submit

                                                                        • memory/288-117-0x000007FEF5BA0000-0x000007FEF5BC2000-memory.dmp

                                                                          Filesize

                                                                          136KB

                                                                          Download

                                                                        • memory/536-817-0x000007FEF6060000-0x000007FEF6082000-memory.dmp

                                                                          Filesize

                                                                          136KB

                                                                          Download

                                                                        • memory/572-281-0x000007FEF5BA0000-0x000007FEF5BC2000-memory.dmp

                                                                          Filesize

                                                                          136KB

                                                                          Download

                                                                        • memory/688-283-0x000007FEF5BA0000-0x000007FEF5BC2000-memory.dmp

                                                                          Filesize

                                                                          136KB

                                                                          Download

                                                                        • memory/760-729-0x000007FEF7140000-0x000007FEF7162000-memory.dmp

                                                                          Filesize

                                                                          136KB

                                                                          Download

                                                                        • memory/764-53-0x000007FEF5BA0000-0x000007FEF5BC2000-memory.dmp

                                                                          Filesize

                                                                          136KB

                                                                          Download

                                                                        • memory/840-148-0x000007FEF12B0000-0x000007FEF12D2000-memory.dmp

                                                                          Filesize

                                                                          136KB

                                                                          Download

                                                                        • memory/888-840-0x000007FEF7140000-0x000007FEF7162000-memory.dmp

                                                                          Filesize

                                                                          136KB

                                                                          Download

                                                                        • memory/944-168-0x000007FEF1280000-0x000007FEF12A2000-memory.dmp

                                                                          Filesize

                                                                          136KB

                                                                          Download

                                                                        • memory/1028-448-0x000007FEF7140000-0x000007FEF7162000-memory.dmp

                                                                          Filesize

                                                                          136KB

                                                                          Download

                                                                        • memory/1144-539-0x000007FEF5BA0000-0x000007FEF5BC2000-memory.dmp

                                                                          Filesize

                                                                          136KB

                                                                          Download

                                                                        • memory/1156-169-0x000007FEF1280000-0x000007FEF12A2000-memory.dmp

                                                                          Filesize

                                                                          136KB

                                                                          Download

                                                                        • memory/1304-839-0x000007FEF7140000-0x000007FEF7162000-memory.dmp

                                                                          Filesize

                                                                          136KB

                                                                          Download

                                                                        • memory/1308-700-0x000007FEF5BA0000-0x000007FEF5BC2000-memory.dmp

                                                                          Filesize

                                                                          136KB

                                                                          Download

                                                                        • memory/1336-449-0x000007FEF7140000-0x000007FEF7162000-memory.dmp

                                                                          Filesize

                                                                          136KB

                                                                          Download

                                                                        • memory/1452-728-0x000007FEF7140000-0x000007FEF7162000-memory.dmp

                                                                          Filesize

                                                                          136KB

                                                                          Download

                                                                        • memory/1484-476-0x000007FEF5BA0000-0x000007FEF5BC2000-memory.dmp

                                                                          Filesize

                                                                          136KB

                                                                          Download

                                                                        • memory/1492-673-0x000007FEF7140000-0x000007FEF7162000-memory.dmp

                                                                          Filesize

                                                                          136KB

                                                                          Download

                                                                        • memory/1504-561-0x000007FEF7140000-0x000007FEF7162000-memory.dmp

                                                                          Filesize

                                                                          136KB

                                                                          Download

                                                                        • memory/1544-672-0x000007FEF7140000-0x000007FEF7162000-memory.dmp

                                                                          Filesize

                                                                          136KB

                                                                          Download

                                                                        • memory/1596-784-0x000007FEF7140000-0x000007FEF7162000-memory.dmp

                                                                          Filesize

                                                                          136KB

                                                                          Download

                                                                        • memory/1628-897-0x000007FEF7140000-0x000007FEF7162000-memory.dmp

                                                                          Filesize

                                                                          136KB

                                                                          Download

                                                                        • memory/1672-149-0x000007FEF12B0000-0x000007FEF12D2000-memory.dmp

                                                                          Filesize

                                                                          136KB

                                                                          Download

                                                                        • memory/1688-370-0x000007FEF12B0000-0x000007FEF12D2000-memory.dmp

                                                                          Filesize

                                                                          136KB

                                                                          Download

                                                                        • memory/1712-761-0x000007FEF6060000-0x000007FEF6082000-memory.dmp

                                                                          Filesize

                                                                          136KB

                                                                          Download

                                                                        • memory/1724-202-0x000007FEF1280000-0x000007FEF12A2000-memory.dmp

                                                                          Filesize

                                                                          136KB

                                                                          Download

                                                                        • memory/1756-420-0x000007FEF12B0000-0x000007FEF12D2000-memory.dmp

                                                                          Filesize

                                                                          136KB

                                                                          Download

                                                                        • memory/1760-225-0x000007FEF1280000-0x000007FEF12A2000-memory.dmp

                                                                          Filesize

                                                                          136KB

                                                                          Download

                                                                        • memory/1792-701-0x000007FEF5BA0000-0x000007FEF5BC2000-memory.dmp

                                                                          Filesize

                                                                          136KB

                                                                          Download

                                                                        • memory/1800-645-0x000007FEF5BA0000-0x000007FEF5BC2000-memory.dmp

                                                                          Filesize

                                                                          136KB

                                                                          Download

                                                                        • memory/1876-336-0x000007FEF5BA0000-0x000007FEF5BC2000-memory.dmp

                                                                          Filesize

                                                                          136KB

                                                                          Download

                                                                        • memory/1940-60-0x000007FEF5BA0000-0x000007FEF5BC2000-memory.dmp

                                                                          Filesize

                                                                          136KB

                                                                          Download

                                                                        • memory/2056-923-0x000007FEF6060000-0x000007FEF6082000-memory.dmp

                                                                          Filesize

                                                                          136KB

                                                                          Download

                                                                        • memory/2060-762-0x000007FEF6060000-0x000007FEF6082000-memory.dmp

                                                                          Filesize

                                                                          136KB

                                                                          Download

                                                                        • memory/2096-589-0x000007FEF5BA0000-0x000007FEF5BC2000-memory.dmp

                                                                          Filesize

                                                                          136KB

                                                                          Download

                                                                        • memory/2124-560-0x000007FEF7140000-0x000007FEF7162000-memory.dmp

                                                                          Filesize

                                                                          136KB

                                                                          Download

                                                                        • memory/2204-644-0x000007FEF5BA0000-0x000007FEF5BC2000-memory.dmp

                                                                          Filesize

                                                                          136KB

                                                                          Download

                                                                        • memory/2244-313-0x000007FEF12B0000-0x000007FEF12D2000-memory.dmp

                                                                          Filesize

                                                                          136KB

                                                                          Download

                                                                        • memory/2268-537-0x000007FEF5BA0000-0x000007FEF5BC2000-memory.dmp

                                                                          Filesize

                                                                          136KB

                                                                          Download

                                                                        • memory/2272-83-0x000007FEF12B0000-0x000007FEF12D2000-memory.dmp

                                                                          Filesize

                                                                          136KB

                                                                          Download

                                                                        • memory/2300-785-0x000007FEF7140000-0x000007FEF7162000-memory.dmp

                                                                          Filesize

                                                                          136KB

                                                                          Download

                                                                        • memory/2376-616-0x000007FEF7140000-0x000007FEF7162000-memory.dmp

                                                                          Filesize

                                                                          136KB

                                                                          Download

                                                                        • memory/2392-393-0x000007FEF5BA0000-0x000007FEF5BC2000-memory.dmp

                                                                          Filesize

                                                                          136KB

                                                                          Download

                                                                        • memory/2468-252-0x000007FEF1280000-0x000007FEF12A2000-memory.dmp

                                                                          Filesize

                                                                          136KB

                                                                          Download

                                                                        • memory/2524-251-0x000007FEF1280000-0x000007FEF12A2000-memory.dmp

                                                                          Filesize

                                                                          136KB

                                                                          Download

                                                                        • memory/2536-477-0x000007FEF5BA0000-0x000007FEF5BC2000-memory.dmp

                                                                          Filesize

                                                                          136KB

                                                                          Download

                                                                        • memory/2552-588-0x000007FEF5BA0000-0x000007FEF5BC2000-memory.dmp

                                                                          Filesize

                                                                          136KB

                                                                          Download

                                                                        • memory/2564-421-0x000007FEF12B0000-0x000007FEF12D2000-memory.dmp

                                                                          Filesize

                                                                          136KB

                                                                          Download

                                                                        • memory/2568-392-0x000007FEF5BA0000-0x000007FEF5BC2000-memory.dmp

                                                                          Filesize

                                                                          136KB

                                                                          Download

                                                                        • memory/2636-818-0x000007FEF6060000-0x000007FEF6082000-memory.dmp

                                                                          Filesize

                                                                          136KB

                                                                          Download

                                                                        • memory/2656-505-0x000007FEF7140000-0x000007FEF7162000-memory.dmp

                                                                          Filesize

                                                                          136KB

                                                                          Download

                                                                        • memory/2668-504-0x000007FEF7140000-0x000007FEF7162000-memory.dmp

                                                                          Filesize

                                                                          136KB

                                                                          Download

                                                                        • memory/2796-340-0x000007FEF5BA0000-0x000007FEF5BC2000-memory.dmp

                                                                          Filesize

                                                                          136KB

                                                                          Download

                                                                        • memory/2824-873-0x000007FEF6060000-0x000007FEF6082000-memory.dmp

                                                                          Filesize

                                                                          136KB

                                                                          Download

                                                                        • memory/2840-64-0x000007FEF4E40000-0x000007FEF582C000-memory.dmp

                                                                          Filesize

                                                                          9.9MB

                                                                          Download

                                                                        • memory/2840-121-0x000007FEF4E40000-0x000007FEF582C000-memory.dmp

                                                                          Filesize

                                                                          9.9MB

                                                                          Download

                                                                        • memory/2840-0-0x000007FEF4E43000-0x000007FEF4E44000-memory.dmp

                                                                          Filesize

                                                                          4KB

                                                                          Download

                                                                        • memory/2840-2-0x000007FEF4E43000-0x000007FEF4E44000-memory.dmp

                                                                          Filesize

                                                                          4KB

                                                                          Download

                                                                        • memory/2840-1-0x0000000000C00000-0x0000000000C52000-memory.dmp

                                                                          Filesize

                                                                          328KB

                                                                          Download

                                                                        • memory/2868-61-0x000007FEF5BA0000-0x000007FEF5BC2000-memory.dmp

                                                                          Filesize

                                                                          136KB

                                                                          Download

                                                                        • memory/2920-874-0x000007FEF6060000-0x000007FEF6082000-memory.dmp

                                                                          Filesize

                                                                          136KB

                                                                          Download

                                                                        • memory/3008-116-0x000007FEF5BA0000-0x000007FEF5BC2000-memory.dmp

                                                                          Filesize

                                                                          136KB

                                                                          Download

                                                                        • memory/3012-369-0x000007FEF12B0000-0x000007FEF12D2000-memory.dmp

                                                                          Filesize

                                                                          136KB

                                                                          Download

                                                                        • memory/3012-896-0x000007FEF7140000-0x000007FEF7162000-memory.dmp

                                                                          Filesize

                                                                          136KB

                                                                          Download

                                                                        • memory/3024-224-0x000007FEF1280000-0x000007FEF12A2000-memory.dmp

                                                                          Filesize

                                                                          136KB

                                                                          Download

                                                                        • memory/3048-201-0x000007FEF1280000-0x000007FEF12A2000-memory.dmp

                                                                          Filesize

                                                                          136KB

                                                                          Download

                                                                        • memory/3064-315-0x000007FEF12B0000-0x000007FEF12D2000-memory.dmp

                                                                          Filesize

                                                                          136KB

                                                                          Download

                                                                        • memory/3068-617-0x000007FEF7140000-0x000007FEF7162000-memory.dmp

                                                                          Filesize

                                                                          136KB

                                                                          Download

                                                                        • memory/3068-84-0x000007FEF12B0000-0x000007FEF12D2000-memory.dmp

                                                                          Filesize

                                                                          136KB

                                                                          Download

                                                                        We care about your privacy.

                                                                        This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.