Analysis
-
max time kernel
138s -
max time network
155s -
platform
windows10-2004_x64 -
resource
win10v2004-20250314-en -
resource tags
-
submitted
22/03/2025, 06:09
General
-
Target
3d90976d58eb1346f68434f0575cec2ed017a5959384e7137600668ad7777d8c.exe
-
Size
587KB
-
MD5
58388ff123bd5e52aa3e7fa34cfa8a7f
-
SHA1
6b43aa7430ad9e446acf2f8d04ecb8f6b6eaa4c5
-
SHA256
3d90976d58eb1346f68434f0575cec2ed017a5959384e7137600668ad7777d8c
-
SHA512
a4b5405d5e0c4f555e151c207c2d6d38e52b3dc3c59f3629729cec2578dc0426621b8f321ce770e69270e974e1d96f6eacc6d38d2f9b89c6aed4ed4ce397a991
-
SSDEEP
12288:tZFFZDJe6R3dvAheWxnMbbY1wLBuYEAmDUDAc5c:tZnR3ROWblBuYVD
Malware Config
Extracted
njrat
0.7d
Lammer
8f04f9cf1cb0a66772ec936fb174701b
-
reg_key
8f04f9cf1cb0a66772ec936fb174701b
-
splitter
|'|'|
Signatures
-
Njrat family
-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Modifies Windows Firewall 2 TTPs 1 IoCs
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
-
Drops startup file 2 IoCs
-
Executes dropped EXE 2 IoCs
-
Adds Run key to start application 2 TTPs 2 IoCs
-
Suspicious use of SetThreadContext 2 IoCs
-
Drops file in Program Files directory 8 IoCs
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Event Triggered Execution: Netsh Helper DLL 1 TTPs 3 IoCs
Netsh.exe (also referred to as Netshell) is a command-line scripting utility used to interact with the network configuration of a system.
-
System Location Discovery: System Language Discovery 1 TTPs 5 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies data under HKEY_USERS 2 IoCs
-
Modifies registry class 2 IoCs
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
-
Suspicious use of AdjustPrivilegeToken 31 IoCs
-
Suspicious use of FindShellTrayWindow 2 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\3d90976d58eb1346f68434f0575cec2ed017a5959384e7137600668ad7777d8c.exe"C:\Users\Admin\AppData\Local\Temp\3d90976d58eb1346f68434f0575cec2ed017a5959384e7137600668ad7777d8c.exe"1⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Roaming\Proposta.pdf2⤵
- Drops file in Program Files directory
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x2c8,0x2cc,0x2d0,0x2c4,0x360,0x7ffc80a3f208,0x7ffc80a3f214,0x7ffc80a3f2203⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2216,i,7368426392203817508,7275671457277416104,262144 --variations-seed-version --mojo-platform-channel-handle=2200 /prefetch:23⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1980,i,7368426392203817508,7275671457277416104,262144 --variations-seed-version --mojo-platform-channel-handle=2236 /prefetch:33⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2576,i,7368426392203817508,7275671457277416104,262144 --variations-seed-version --mojo-platform-channel-handle=2588 /prefetch:83⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3432,i,7368426392203817508,7275671457277416104,262144 --variations-seed-version --mojo-platform-channel-handle=3516 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3440,i,7368426392203817508,7275671457277416104,262144 --variations-seed-version --mojo-platform-channel-handle=3520 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=4232,i,7368426392203817508,7275671457277416104,262144 --variations-seed-version --mojo-platform-channel-handle=4264 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --extension-process --renderer-sub-type=extension --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --always-read-main-dll --field-trial-handle=4256,i,7368426392203817508,7275671457277416104,262144 --variations-seed-version --mojo-platform-channel-handle=4268 /prefetch:23⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --extension-process --renderer-sub-type=extension --init-isolate-as-foreground --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --always-read-main-dll --field-trial-handle=3636,i,7368426392203817508,7275671457277416104,262144 --variations-seed-version --mojo-platform-channel-handle=3600 /prefetch:23⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=ppapi --lang=en-US --device-scale-factor=1 --ppapi-antialiased-text-enabled=1 --ppapi-subpixel-rendering-setting=1 --string-annotations --always-read-main-dll --field-trial-handle=5328,i,7368426392203817508,7275671457277416104,262144 --variations-seed-version --mojo-platform-channel-handle=5368 /prefetch:33⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5500,i,7368426392203817508,7275671457277416104,262144 --variations-seed-version --mojo-platform-channel-handle=5488 /prefetch:83⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5644,i,7368426392203817508,7275671457277416104,262144 --variations-seed-version --mojo-platform-channel-handle=5088 /prefetch:83⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5656,i,7368426392203817508,7275671457277416104,262144 --variations-seed-version --mojo-platform-channel-handle=5692 /prefetch:83⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6372,i,7368426392203817508,7275671457277416104,262144 --variations-seed-version --mojo-platform-channel-handle=6352 /prefetch:83⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6372,i,7368426392203817508,7275671457277416104,262144 --variations-seed-version --mojo-platform-channel-handle=6352 /prefetch:83⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4588,i,7368426392203817508,7275671457277416104,262144 --variations-seed-version --mojo-platform-channel-handle=4616 /prefetch:83⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --always-read-main-dll --field-trial-handle=6476,i,7368426392203817508,7275671457277416104,262144 --variations-seed-version --mojo-platform-channel-handle=5608 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6612,i,7368426392203817508,7275671457277416104,262144 --variations-seed-version --mojo-platform-channel-handle=5600 /prefetch:83⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6916,i,7368426392203817508,7275671457277416104,262144 --variations-seed-version --mojo-platform-channel-handle=6924 /prefetch:83⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6696,i,7368426392203817508,7275671457277416104,262144 --variations-seed-version --mojo-platform-channel-handle=7036 /prefetch:83⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6512,i,7368426392203817508,7275671457277416104,262144 --variations-seed-version --mojo-platform-channel-handle=6928 /prefetch:83⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6852,i,7368426392203817508,7275671457277416104,262144 --variations-seed-version --mojo-platform-channel-handle=6896 /prefetch:83⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6924,i,7368426392203817508,7275671457277416104,262144 --variations-seed-version --mojo-platform-channel-handle=7060 /prefetch:83⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6832,i,7368426392203817508,7275671457277416104,262144 --variations-seed-version --mojo-platform-channel-handle=6892 /prefetch:83⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5548,i,7368426392203817508,7275671457277416104,262144 --variations-seed-version --mojo-platform-channel-handle=7128 /prefetch:83⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6424,i,7368426392203817508,7275671457277416104,262144 --variations-seed-version --mojo-platform-channel-handle=4312 /prefetch:83⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6336,i,7368426392203817508,7275671457277416104,262144 --variations-seed-version --mojo-platform-channel-handle=4404 /prefetch:83⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6448,i,7368426392203817508,7275671457277416104,262144 --variations-seed-version --mojo-platform-channel-handle=6468 /prefetch:83⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5836,i,7368426392203817508,7275671457277416104,262144 --variations-seed-version --mojo-platform-channel-handle=5828 /prefetch:83⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6240,i,7368426392203817508,7275671457277416104,262144 --variations-seed-version --mojo-platform-channel-handle=7228 /prefetch:83⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7244,i,7368426392203817508,7275671457277416104,262144 --variations-seed-version --mojo-platform-channel-handle=7348 /prefetch:83⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7236,i,7368426392203817508,7275671457277416104,262144 --variations-seed-version --mojo-platform-channel-handle=7344 /prefetch:83⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=7476,i,7368426392203817508,7275671457277416104,262144 --variations-seed-version --mojo-platform-channel-handle=7404 /prefetch:83⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6048,i,7368426392203817508,7275671457277416104,262144 --variations-seed-version --mojo-platform-channel-handle=6100 /prefetch:83⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\3d90976d58eb1346f68434f0575cec2ed017a5959384e7137600668ad7777d8c.exe"C:\Users\Admin\AppData\Local\Temp\3d90976d58eb1346f68434f0575cec2ed017a5959384e7137600668ad7777d8c.exe"2⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
-
C:\Users\Admin\AppData\Roaming\Trojan.exe"C:\Users\Admin\AppData\Roaming\Trojan.exe"3⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Roaming\Proposta.pdf4⤵
-
-
C:\Users\Admin\AppData\Roaming\Trojan.exe"C:\Users\Admin\AppData\Roaming\Trojan.exe"4⤵
- Drops startup file
- Executes dropped EXE
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\netsh.exenetsh firewall add allowedprogram "C:\Users\Admin\AppData\Roaming\Trojan.exe" "Trojan.exe" ENABLE5⤵
- Modifies Windows Firewall
- Event Triggered Execution: Netsh Helper DLL
- System Location Discovery: System Language Discovery
-
-
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"1⤵
Network
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Defense Evasion
Impair Defenses
1Disable or Modify System Firewall
1Modify Registry
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
160B
MD5a24a1941bbb8d90784f5ef76712002f5
SHA15c2b6323c7ed8913b5d0d65a4d21062c96df24eb
SHA2562a7fe18a087d8e8be847d9569420b6e8907917ff6ca0fa42be15d4e3653c8747
SHA512fd7dfec3d46b2af0bddb5aaeae79467507e0c29bab814007a39ea61231e76123659f18a453ed3feb25f16652a0c63c33545e2a0d419fafea89f563fca6a07ce2
-
Filesize
134B
MD558d3ca1189df439d0538a75912496bcf
SHA199af5b6a006a6929cc08744d1b54e3623fec2f36
SHA256a946db31a6a985bdb64ea9f403294b479571ca3c22215742bdc26ea1cf123437
SHA512afd7f140e89472d4827156ec1c48da488b0d06daaa737351c7bec6bc12edfc4443460c4ac169287350934ca66fb2f883347ed8084c62caf9f883a736243194a2
-
Filesize
43B
MD5af3a9104ca46f35bb5f6123d89c25966
SHA11ffb1b0aa9f44bdbc57bdf4b98d26d3be0207ee8
SHA25681bd82ac27612a58be30a72dd8956b13f883e32ffb54a58076bd6a42b8afaeea
SHA5126a7a543fa2d1ead3574b4897d2fc714bb218c60a04a70a7e92ecfd2ea59d67028f91b6a2094313f606560087336c619093f1d38d66a3c63a1d1d235ca03d36d1
-
Filesize
160B
MD5c3911ceb35539db42e5654bdd60ac956
SHA171be0751e5fc583b119730dbceb2c723f2389f6c
SHA25631952875f8bb2e71f49231c95349945ffc0c1dd975f06309a0d138f002cfd23d
SHA512d8b2c7c5b7105a6f0c4bc9c79c05b1202bc8deb90e60a037fec59429c04fc688a745ee1a0d06a8311466b4d14e2921dfb4476104432178c01df1e99deb48b331
-
Filesize
594B
MD5fdb26b3b547022b45cfaeee57eafd566
SHA111c6798b8a59233f404014c5e79b3363cd564b37
SHA2562707fc7f074413881b7bafca05079327b188db6005709951e7f69d39a2af97c0
SHA51244d9bb8c0f0b341690d00eda86e15a50f7f29ce9595925c1a2a7e19ad26202d10049a7a97bea278ecb7d429ad555de8edceeffff664d4b06309a9410a09bb700
-
Filesize
3KB
MD56bbb18bb210b0af189f5d76a65f7ad80
SHA187b804075e78af64293611a637504273fadfe718
SHA25601594d510a1bbc016897ec89402553eca423dfdc8b82bafbc5653bf0c976f57c
SHA5124788edcfa3911c3bb2be8fc447166c330e8ac389f74e8c44e13238ead2fa45c8538aee325bd0d1cc40d91ad47dea1aa94a92148a62983144fdecff2130ee120d
-
Filesize
280B
MD5a997b0297bff22e78513aa587f547b3a
SHA1c095a6ddeeef08fedcf686591c9e19ea90142206
SHA256e993c678d3b80ab4fe3c48f349120395cdf90021cc24462289d460e2ef9e3a48
SHA512e5a77362b501e7cb1c4affa1a3b5a038756177e417284e3bffb3ce01c0d2817b6510acff52ab5e1e2c5f7428003f5ca580dfd927d2cb94875ec5e810de31ca01
-
Filesize
280B
MD53d689edf3e0ef92347eff3c689acdb24
SHA186cec422436354b476116b65395d63a5ef09201e
SHA256d4b0773d3bc0838fd83c903b3df564a8f66390f9e4788f0325bc26c4f6c7e89c
SHA512ae3dfb881466a7e7d4549b56ae8e2dd487eed626f88c2caf90a849af1ea826edc2f07806500504f5f85698d975c94678c9c7558a3a408c3fc20bbaf003857e0f
-
Filesize
3KB
MD54c04ad099e43438c77a154b3f5c6fa72
SHA181602800c4be5fd2b79bf1924d155e2633500ca3
SHA25693e80d45dcdcf5cb18a4f7200ec192c1f7d9c99eb3c6b5b9ee1200ef9710b417
SHA512ba54a2c85d2ab74aa6db6ee8063580e1536162fa2747f014123af186e1a5554897f4a45c0e152abed3f603d120618fce66ec8caa1f99e070cd035d5cfca25da8
-
Filesize
3KB
MD593eca0803ce5d24168913cc3260d7115
SHA124787c09a247d111c8738f4674f29af9e0ee6cbb
SHA25613087d2051e2e61ee48f38272d2633cd10d118c682dae8f20c1733e889bbb910
SHA512d31ba2d32a624af6e220e8a77729ab16e969d7866b4c1492fe3c4b6dbbbb6d59e2b7a2974b8d46d9f3938952dce943962b4c8d5122f9a4594d113c1ced2bebc4
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd
-
Filesize
69KB
MD5164a788f50529fc93a6077e50675c617
SHA1c53f6cd0531fd98d6abbd2a9e5fbb4319b221f48
SHA256b305e470fb9f8b69a8cd53b5a8ffb88538c9f6a9c7c2c194a226e8f6c9b53c17
SHA512ec7d173b55283f3e59a468a0037921dc4e1bf3fab1c693330b9d8e5826273c917b374c4b802f3234bbb5e5e210d55e52351426867e0eb8c9f6fba1a053cb05d4
-
Filesize
1KB
MD5578215fbb8c12cb7e6cd73fbd16ec994
SHA19471d71fa6d82ce1863b74e24237ad4fd9477187
SHA256102b586b197ea7d6edfeb874b97f95b05d229ea6a92780ea8544c4ff1e6bc5b1
SHA512e698b1a6a6ed6963182f7d25ac12c6de06c45d14499ddc91e81bdb35474e7ec9071cfebd869b7d129cb2cd127bc1442c75e408e21eb8e5e6906a607a3982b212
-
Filesize
2KB
MD51048f1f4d861f5c812e5bc268eb68a06
SHA14c9495a3202f63fd0878086f27310db6d3bf5be9
SHA2568b3b5b96a5d6d7c613052b4a751c6632f5f91cb0a912c96e515978999b6f43f5
SHA512158ca9fc4e59568c8d04b8f6ad16fd8216ee10d8869ce1e2dec844e52d3d3b19bd98433665fa003552e8896a2691531141ee11fef212d8d66283d7002ece8c76
-
Filesize
9KB
MD53d20584f7f6c8eac79e17cca4207fb79
SHA13c16dcc27ae52431c8cdd92fbaab0341524d3092
SHA2560d40a5153cb66b5bde64906ca3ae750494098f68ad0b4d091256939eea243643
SHA512315d1b4cc2e70c72d7eb7d51e0f304f6e64ac13ae301fd2e46d585243a6c936b2ad35a0964745d291ae9b317c316a29760b9b9782c88cc6a68599db531f87d59
-
Filesize
1KB
MD594b2392255c2db77f3cedeb4bd565e86
SHA138cec27b7aa57771f410ef61db2f11aebf8f7dd9
SHA256b7751fdf7ff899d35c3cd13a8e6c0d2af5f0e8f6d5850824516035570c48b8f0
SHA512720c94b598369ef6394dcf57b8013eb280565cbbb2528a9c4bbcd028a649956291761ca1b30f288f6099d0fe9bd984522fb97c39a9c9cda3e9bacd25cc7fa1dd
-
Filesize
111B
MD5807419ca9a4734feaf8d8563a003b048
SHA1a723c7d60a65886ffa068711f1e900ccc85922a6
SHA256aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631
SHA512f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c
-
Filesize
1KB
MD582b877257a02dea55b0e0cd914f4eca7
SHA1420f5726ae5cffa86772fcb36ceb2e72349a588a
SHA256bc5f238ab29e34519f335dd74c64e9e609c8b1cf25b941979513ad0f36c0077e
SHA512031ad7215757434634e547f9db7847ae7a4e752d45318fad2b8daf03fc9abb6ee37a18588c2dfb249b710e5a8651b4eeb80a4e7a2c190f94fb68edf912ede3d3
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
10KB
MD5fef5c036d090627978d9903cfd8c37f5
SHA1e3878af962b44b07f2eae878791f21fc655bb4e9
SHA256d30ff312cf27c568b55c43a91f88922afe3c0f23c85a08e7f61132f1e9fe4882
SHA512a33f5e21b52618daff59767cd900dbea19cc1fbfae1a9d665b8bff8b24b0e62a32e7fd9af238cdc58cb582a1a2b1b2023458dff70f5c81edd8a84509f6aaf151
-
Filesize
14KB
MD5000d56e2c6c26901d7395fdddaf345cf
SHA15caf9631e343ff205ce55276b1af7d9a084013a2
SHA25654e3653d0c5b134130b9188766a8bd1559902063487b774680ebfb99e65f893e
SHA5126c09f7a1e4f78c9e4d41ff07aa4eaf5da512b4d69a5f2f7129961c05bb937398d4f8051f6e3bab5bd88e8cd77626406c9dc490a5a959a70e68827b7cc6d634da
-
Filesize
13KB
MD544927ccc646ba96793eed61767221b4b
SHA1ed59bbc83fdf796ae2a759d2853e441147dfbf9c
SHA256ce7d0aadd045412720aac0358d6a3b23cbd55bc4babfdf1c9763fdcda9e53709
SHA512f999699d17a8b2ba9e0e9df749d49cd5b23175c5b84595288b6ee1ae044a3f87d9f39897ef6d199db16d87b68e573184e1b60f4e41d8a3bb86d5f2a1dd0d670d
-
Filesize
27KB
MD588ce19bab55cdf3f5f2a066f7ca55c7a
SHA18db093266cf53dcf0272d9dc7e4efb3a1245d26f
SHA256d0e36bb04f63d8a552c8178acf098dbe3f96fff163451f6416e65f0d5d8080f1
SHA5125dd304bf3acffb568dea0124a56a9b50535f45e96ee22e04ebd81d09d36d41e2c643a4f9cc53bca4b2a7560220eef38cd40e366755d3a539488e57bb94c44c15
-
Filesize
36KB
MD50f635d2742aecb200e9fe8938c740bd7
SHA120a51acaaf6f465a8cfba633f7983e3a969a49ff
SHA2562888ac751d5012c7417f704a321f4480a071e4e822b3c8166fddc0c25d60ac05
SHA5122edda0ab81047a847e2a5bb9abb195cf284e680a7b40bb23868953e39bb6581f99ae57fe881f1ab71c86f4c045b2e5b1d33d433b8ecb0e305af86b4c30eb64e0
-
Filesize
4KB
MD56cf872e22aa92ccafb1b29dd9bfddc8b
SHA15d5df6d127d9c36e6ef8a4216611e205cb31bec7
SHA256827719acec1a159550b3b0b7069a9fdb6fc30de77ba01fa009c1d50d9262cb71
SHA5121d5d64febee627eb8ef726113244700994f8cdaff52f1065ef407f155c43dccfa3fabcd2a0804c57a1ff28e92abd8f0b053242784f6a92e689c16dbb5622cc64
-
Filesize
22KB
MD5de9e98c3532c338eb9faa727dd868854
SHA108870a476aa593d9f03bfca8c9d7aa6d58dfad2f
SHA256967a8d415fe0c4acdde506b18310f8c79ef76bdd21af582549573f91d436b88f
SHA51240dd813054187bf27504a1d6b59d426f37160450450254017db2bee3e6f07e98499892d3e01a47bf7c8420d9b024ecb80474d18245bfc20209829f06a9d4211e
-
Filesize
876B
MD5aa2abe4bc94ca93a9971eddff05d8a73
SHA12d4f39113370af45d4cd8cd185af14a4cdbf7ec2
SHA25630f345ea22846f6ce49ba1c5bb229d0937fdec3e46db0d25dfb482aee9394e9d
SHA51242d328014f12b60f3d1fd0069ead723aa4adabed9546287bfc9f95b7bf5a15abe4b6165b318d284702a74e75e22c0b050f2362363cc6b99a246ab8fc43d6dbb4
-
Filesize
467B
MD5423859cf777df81e9545c12d88d282dd
SHA1b00d30287631b1aedc4ce4dc329897440845d01e
SHA2561a90f0d64c5f5752f575c6b37d66b91d3df86c4df8ed64cfd9ace21e46d0d86b
SHA512343106f91e15942e7c8857611b381b208053ea8767e65fccf2e03c00cfa9f6ef4f4971d4bc9c5ca25eaa682c70fa7b9416497149eef527df9ae382001f3f094b
-
Filesize
21KB
MD5e4dfd0504387a1ebcc4a48846e44a23e
SHA1a5a91da421e3d8728ae857694dbeb24ea72b7866
SHA256d3c39babd9652bcdb02ae17f895437ed85f617cb04f7ba4bbaf7ad7e8ab78cb6
SHA51294a1d4ab7b18763b55c9246d73feb0ed64a7e506572884a2940696b12910d6ff2a03a0b1aca3e4035a81548633acd437e762e758952ba72dafc97f191e46d419
-
Filesize
3KB
MD5c7569efb2fa9fe93c0ea2f0896f54036
SHA1e231c700b778b624f6065b035e5803fdd8b4db4b
SHA2562422f055fd21adce7a027c3eaab1bbc474345a26cb1b9762b3d7572ebde67d3f
SHA512c394da9a75cca87f6e20cb2abbc2e087d3e374b613bbc960f255ebfc8f01d4349fc8a487ec56ff8141f47566cf021dc33196e42b6295ce5399ff78e5ce4b066f
-
Filesize
3KB
MD594406cdd51b55c0f006cfea05745effb
SHA1a15dc50ca0fd54d6f54fbc6e0788f6dcfc876cc9
SHA2568480f3d58faa017896ba8239f3395e3551325d7a6466497a9a69bf182647b25e
SHA512d4e621f57454fea7049cffc9cc3adfb0d8016360912e6a580f6fe16677e7dd7aa2ee0671cb3c5092a9435708a817f497c3b2cc7aba237d32dbdaae82f10591c3
-
Filesize
7KB
MD58200c1669b4dff23818e02c4ec419f2e
SHA1107a51b73418459c2578073a3cad8a6b3c6d2025
SHA2563a73f843c38b843bfdc2ea30befb2c60581e8d92b0c4ba2f119f8341fce40257
SHA512e8be9224f895d5fe52366347ac1772124b802288dec43fe00ceb295f0366ccdd68a634805de4b24171ea9dd34a7bd865f9c2542637e4c14969b91400afa2104c
-
Filesize
30KB
MD5a4ca985b946d2676b0070c541489e709
SHA1996f986eb8ab194a97bc849d0487ef8b70517be2
SHA256d1f9683c5497dd3c7ff128c208d7a7dd24c3e867d2462b53a2c334c771efa631
SHA512a077821d286eafb50603b68e471e4e5dd284d526f01b3c389b52a5724b32d255c918fc93d8b04f3d31b821c0bc72002918b35e55df0f900fb0faf42f06fb2dc6
-
Filesize
6KB
MD5925ebba705aa3ee1c565a214c57051ac
SHA155b8dab220e828e6e5b1db2a1e3b0cdf87a4d429
SHA25634ac697b56c4587621b0e11ca2d8fc6058405c0175c2ff6e7fbdac498aa66eb3
SHA51271ec349219e8dc85209229de589e66cd91a43914c8e60827c124ce8556ad8529d26420fd1a83471c6e7e83e4d6da0a44f37a8c0a6b52f25ead8fbcea0187e12b
-
Filesize
34KB
MD574478487c037305e79adaefa10edd8cc
SHA133ce013adc8a772381c251dcdf76ca7407b76b3e
SHA256b8429ffd83f414194a8890361cd06b57800dcff358dd7dca9ba94abd3c3b5ff8
SHA512e4d17cdc1404ec37d15484ebeb48c63df825153de6009ecfc6165e33bc9475034bf235183e5d45f50929c8c225196123cd22e1006d4854285fe37b78bfe780b1
-
Filesize
19KB
MD502e9abc8bafec27876183bd430396ebd
SHA167ba442181500dd1a8e76ba79307e6a094eae2a9
SHA256dac7037e7e1a46def752c6f95ad43a3411195b00c2db4b2ccd5b3f52b93ad54d
SHA512707e33b4c13a5c5274a9e607c74c307781e1cabd66f10f4e8884d8b38fde8c2f675b8403637f95a8846bebef942bdcceb905c1db81ec0339ed50f93325acc88b
-
Filesize
2KB
MD5499d9e568b96e759959dc69635470211
SHA12462a315342e0c09fd6c5fbd7f1e7ff6914c17e6
SHA25698252dc9f9e81167e893f2c32f08ee60e9a6c43fadb454400ed3bff3a68fbf0d
SHA5123a5922697b5356fd29ccf8dcc2e5e0e8c1fd955046a5bacf11b8ac5b7c147625d31ade6ff17be86e79c2c613104b2d2aebb11557399084d422e304f287d8b905
-
Filesize
2KB
MD572b1126dfc9603451ebd18856e875a36
SHA194f3cf85646b4ece3780318e1733fb6080333eba
SHA25660fff08551ac4baa5b2615340b0d82496f3ece26505b3efe21a27288611b62b7
SHA512a0f47dc82b1760dbf8b05d800b863e2491bd31e70e06c97d79c970b996e259a1f8317977dc712ae81e2ea128f5316e1484b849085090bf165df9a73b88b2a80e
-
Filesize
1B
MD55058f1af8388633f609cadb75a75dc9d
SHA13a52ce780950d4d969792a2559cd519d7ee8c727
SHA256cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA5120b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21
-
Filesize
10KB
MD578e47dda17341bed7be45dccfd89ac87
SHA11afde30e46997452d11e4a2adbbf35cce7a1404f
SHA25667d161098be68cd24febc0c7b48f515f199dda72f20ae3bbb97fcf2542bb0550
SHA5129574a66d3756540479dc955c4057144283e09cae11ce11ebce801053bb48e536e67dc823b91895a9e3ee8d3cb27c065d5e9030c39a26cbf3f201348385b418a5
-
Filesize
152KB
MD5dd9bf8448d3ddcfd067967f01e8bf6d7
SHA1d7829475b2bd6a3baa8fabfaf39af57c6439b35e
SHA256fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72
SHA51265347df34378c2bbb34417e2cccfb3251a0b2412422cc190eed9df525b6e0a9948e0295ea3c33b3ad873ce81e369e89a138ac41d6eb7229546c3269107e661de
-
Filesize
851B
MD507ffbe5f24ca348723ff8c6c488abfb8
SHA16dc2851e39b2ee38f88cf5c35a90171dbea5b690
SHA2566895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c
SHA5127ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6
-
Filesize
854B
MD54ec1df2da46182103d2ffc3b92d20ca5
SHA1fb9d1ba3710cf31a87165317c6edc110e98994ce
SHA2566c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6
SHA512939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d
-
Filesize
210KB
MD511dd9b4f7e3b192fb7b570a1dd587945
SHA10696d05623ee0b34e3b71bbd1ed69e04180848c5
SHA2564a90c56d35a677dd9bf91a9a89ae8396936cb47b5fdf6094b582d2208c76cd96
SHA5128aa5c5d7d522c14287d10db92ee7378f22ca96e18ae453b5cd7b72ac95207736b7ad721e08454de1cc5dec0387f455dac83cbd09144db711fdfe5591034a0f19
-
Filesize
587KB
MD558388ff123bd5e52aa3e7fa34cfa8a7f
SHA16b43aa7430ad9e446acf2f8d04ecb8f6b6eaa4c5
SHA2563d90976d58eb1346f68434f0575cec2ed017a5959384e7137600668ad7777d8c
SHA512a4b5405d5e0c4f555e151c207c2d6d38e52b3dc3c59f3629729cec2578dc0426621b8f321ce770e69270e974e1d96f6eacc6d38d2f9b89c6aed4ed4ce397a991
-
Filesize
5.7MB
-
Filesize
5.7MB
-
Filesize
5.7MB
-
Filesize
48KB
-
Filesize
5.7MB
-
Filesize
4KB
-
Filesize
5.7MB
-
Filesize
5.7MB
-
Filesize
5.7MB
-
Filesize
5.7MB
-
Filesize
5.7MB