1f20d50f886138f94232c9b6b848163f5ed7edf4ed473c1507411b06b840debf

Analysis

max time kernel
0s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
25/03/2025, 17:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Burrawang.ps1
Size

50KB
MD5

6d32d99c206a81fcfc06d7ed6225282d
SHA1

f3740ea1acaa8452aa34a4dda3c1a6865881845c
SHA256

d8602baba5af6700d20d5e2048fd527b3d84e4c5c78abb1b95f9abb20fee2c94
SHA512

f430ed98550e4fdf4bd1905251ab0f81374c88b29d245a6c5fba7c1e9fd58d01b93467efd2e7813e7b37e76affdb985a24bdae715eb07f9215d77fd77253f22b
SSDEEP

1536:HyMLcrTk2qMrlNQFNynfVkkyRDWSW1cZJI4:HZIXYnIkZWSW1K

Score

3^/10

execution

Malware Config

Signatures

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Using powershell.exe command.

execution

PowerShell

T1059.001

pid	Process
384	powershell.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
384	powershell.exe
384	powershell.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	384	powershell.exe

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\Burrawang.ps1
1⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:384

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:5880

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:3488

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:2248

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:4296

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:5404

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:2228

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
PID:5640

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:1704

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:448

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
PID:876

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:2288

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:3936

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
PID:4064

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:1924

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:4884

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
PID:5464

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:1964

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:4196

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
PID:2120

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:5356

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:4292

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
PID:6064

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:1072

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:3556

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
PID:1156

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:5556

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:4304

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
PID:5052

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:5688

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:4280

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
PID:5780

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:3168

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:1196

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
PID:5188

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:4424

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:3364

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:6008

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:1260

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
PID:4292

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:4332

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:3416

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
PID:3308

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:3240

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:4912

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
PID:2896

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:4168

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:3184

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
PID:3752

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:2904

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:4520

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
PID:4032

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:2184

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:3168

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
PID:3736

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:5276

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:4368

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
PID:3792

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:4948

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:5228

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
PID:5232

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:5632

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:5040

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
PID:2044

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:2560

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:4644

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
PID:3472

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:3248

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:2192

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
PID:3396

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:1120

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:544

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
PID:2272

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:464

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:4796

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
PID:4808

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:700

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:5040

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
PID:4152

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:2120

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:1704

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
PID:4572

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:4064

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:2616

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
PID:5524

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:1396

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:3044

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
PID:6068

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:1508

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:3680

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
PID:4612

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:320

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:2864

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
PID:3724

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:5052

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:2416

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
PID:5348

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_CBDCCBFE4F7A916411C1E69BDD97BB04

Filesize
471B

MD5
0bbedbe65d529a83d458d6526145e2ad

SHA1
0ef91b572d5bdd216b667213ce0972ab5dab8482

SHA256
7094a02b13391f14c2b731b35593e765eb217a80c77786932bf71a312447bbee

SHA512
d5b1ba49dd8be5cf575f92bb218e487ff00055eb52ed38b5f3539c3e0033a0f93813e7b2598b181ae05363d4ef5d996860f3136a8ac60482159f74cb81efef17

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_CBDCCBFE4F7A916411C1E69BDD97BB04

Filesize
412B

MD5
7a9e874525e21a220117462c9887ed3d

SHA1
eec091fc25152167d6af92726dfe8c6b2614c727

SHA256
700b020b0717941973d96722046f6e2f7e4283a41c86c523215bd7046852d667

SHA512
b3455b4d43ac2975a7ca799f0175188c655cb8449648c5dc345d74d005b3ff94901365adb42d3ccde1c7c3492368bccffd25a74a45266bbe3e3ed8e4432c99d9

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\7V6S7ER6\microsoft.windows[1].xml

Filesize
97B

MD5
3017c444c236a0b05070a1385b10a037

SHA1
e376bdabddfa35b094c43984687727eecd043e91

SHA256
8ea65bec3ccb80b560df67e1ed3b240060b4d1a4f67596003d816456fa8ceff9

SHA512
0d7c7eff12ca945cb14ff8516371807bb0b9d8eb33d26011dd1359c371681aed920652fdd0cf105e164bdf3989763a6ba9cb7f451f769c0d3a6374e2a7d20870

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\TokenBroker\Cache\fbaf94e759052658216786bfbabcdced1b67a5c2.tbres

Filesize
2KB

MD5
fa383147c0cd38f647af81d4ce91f48a

SHA1
f53f70a1bb9b3a861beab0ae7893efaf3ca8e105

SHA256
74f52e6d313edb947de65ba7b724bb4abb5571dfd8fe6eb7ee1ea9273e529eae

SHA512
7217f50a098778d42480e3505c13550c160aac7d24eaca31ecc361d1aa47ae7c6e84699b99712c2a6813e90b4de6d0d9b047bff8f5a8bc5a1beb1811cf306827

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133873961842873909.txt

Filesize
88KB

MD5
e472009f5609a1c2033064ce872d3c1d

SHA1
9cab321e70f7e13a32de95885a545d3f312a8bf3

SHA256
4c36ed1f99331b3251278e9eab318ca05a8641659f40d6f2c10c263c01e8d457

SHA512
d86e748b28fb8b563dec21519af0086fd14ae5efb4c6ede6634097eef0c51efdefcea3dea746458332e093ddc99b1ed5c9c2182c1207e2626669eac315f2b713

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_tk0uejnz.yve.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
memory/384-17-0x0000021DA1810000-0x0000021DA1834000-memory.dmp

Filesize
144KB

Download
memory/384-15-0x00007FFE67400000-0x00007FFE67EC1000-memory.dmp

Filesize
10.8MB

Download
memory/384-16-0x0000021DA1810000-0x0000021DA183A000-memory.dmp

Filesize
168KB

Download
memory/384-19-0x00007FFE67400000-0x00007FFE67EC1000-memory.dmp

Filesize
10.8MB

Download
memory/384-20-0x00007FFE67400000-0x00007FFE67EC1000-memory.dmp

Filesize
10.8MB

Download
memory/384-21-0x00007FFE67400000-0x00007FFE67EC1000-memory.dmp

Filesize
10.8MB

Download
memory/384-14-0x00007FFE67400000-0x00007FFE67EC1000-memory.dmp

Filesize
10.8MB

Download
memory/384-13-0x00007FFE67400000-0x00007FFE67EC1000-memory.dmp

Filesize
10.8MB

Download
memory/384-12-0x00007FFE67400000-0x00007FFE67EC1000-memory.dmp

Filesize
10.8MB

Download
memory/384-0-0x00007FFE67403000-0x00007FFE67405000-memory.dmp

Filesize
8KB

Download
memory/384-11-0x00007FFE67400000-0x00007FFE67EC1000-memory.dmp

Filesize
10.8MB

Download
memory/384-1-0x0000021D86F00000-0x0000021D86F22000-memory.dmp

Filesize
136KB

Download
memory/876-221-0x00000211EDAE0000-0x00000211EDB00000-memory.dmp

Filesize
128KB

Download
memory/876-197-0x00000211EC600000-0x00000211EC700000-memory.dmp

Filesize
1024KB

Download
memory/876-203-0x00000211ED510000-0x00000211ED530000-memory.dmp

Filesize
128KB

Download
memory/876-211-0x00000211ED4D0000-0x00000211ED4F0000-memory.dmp

Filesize
128KB

Download
memory/876-199-0x00000211EC600000-0x00000211EC700000-memory.dmp

Filesize
1024KB

Download
memory/876-198-0x00000211EC600000-0x00000211EC700000-memory.dmp

Filesize
1024KB

Download
memory/1072-929-0x0000000003E10000-0x0000000003E11000-memory.dmp

Filesize
4KB

Download
memory/1156-930-0x0000022C56F00000-0x0000022C57000000-memory.dmp

Filesize
1024KB

Download
memory/1156-959-0x0000022C583E0000-0x0000022C58400000-memory.dmp

Filesize
128KB

Download
memory/1156-946-0x0000022C57BD0000-0x0000022C57BF0000-memory.dmp

Filesize
128KB

Download
memory/1156-935-0x0000022C58020000-0x0000022C58040000-memory.dmp

Filesize
128KB

Download
memory/1704-195-0x0000000004CD0000-0x0000000004CD1000-memory.dmp

Filesize
4KB

Download
memory/1924-488-0x00000000041E0000-0x00000000041E1000-memory.dmp

Filesize
4KB

Download
memory/1964-637-0x00000000042D0000-0x00000000042D1000-memory.dmp

Filesize
4KB

Download
memory/2120-676-0x0000021C1FEC0000-0x0000021C1FEE0000-memory.dmp

Filesize
128KB

Download
memory/2120-654-0x0000021C1F5A0000-0x0000021C1F5C0000-memory.dmp

Filesize
128KB

Download
memory/2120-645-0x0000021C1F5E0000-0x0000021C1F600000-memory.dmp

Filesize
128KB

Download
memory/2288-339-0x0000000004E00000-0x0000000004E01000-memory.dmp

Filesize
4KB

Download
memory/3168-1384-0x00000000049A0000-0x00000000049A1000-memory.dmp

Filesize
4KB

Download
memory/4064-377-0x000001FCB0D80000-0x000001FCB0DA0000-memory.dmp

Filesize
128KB

Download
memory/4064-347-0x000001FCB0DC0000-0x000001FCB0DE0000-memory.dmp

Filesize
128KB

Download
memory/4064-378-0x000001FCB1190000-0x000001FCB11B0000-memory.dmp

Filesize
128KB

Download
memory/4292-1535-0x0000026074500000-0x0000026074600000-memory.dmp

Filesize
1024KB

Download
memory/5052-1097-0x000001DA15A60000-0x000001DA15A80000-memory.dmp

Filesize
128KB

Download
memory/5052-1083-0x000001DA14B40000-0x000001DA14C40000-memory.dmp

Filesize
1024KB

Download
memory/5052-1111-0x000001DA16080000-0x000001DA160A0000-memory.dmp

Filesize
128KB

Download
memory/5052-1084-0x000001DA14B40000-0x000001DA14C40000-memory.dmp

Filesize
1024KB

Download
memory/5052-1087-0x000001DA15AA0000-0x000001DA15AC0000-memory.dmp

Filesize
128KB

Download
memory/5052-1082-0x000001DA14B40000-0x000001DA14C40000-memory.dmp

Filesize
1024KB

Download
memory/5188-1386-0x000001C648E40000-0x000001C648F40000-memory.dmp

Filesize
1024KB

Download
memory/5188-1392-0x000001C649FA0000-0x000001C649FC0000-memory.dmp

Filesize
128KB

Download
memory/5188-1418-0x000001C64A370000-0x000001C64A390000-memory.dmp

Filesize
128KB

Download
memory/5188-1396-0x000001C649F60000-0x000001C649F80000-memory.dmp

Filesize
128KB

Download
memory/5356-783-0x0000000002FB0000-0x0000000002FB1000-memory.dmp

Filesize
4KB

Download
memory/5404-31-0x00000000042F0000-0x00000000042F1000-memory.dmp

Filesize
4KB

Download
memory/5464-526-0x000001FE94310000-0x000001FE94330000-memory.dmp

Filesize
128KB

Download
memory/5464-489-0x000001FE92E00000-0x000001FE92F00000-memory.dmp

Filesize
1024KB

Download
memory/5464-491-0x000001FE92E00000-0x000001FE92F00000-memory.dmp

Filesize
1024KB

Download
memory/5464-507-0x000001FE93F00000-0x000001FE93F20000-memory.dmp

Filesize
128KB

Download
memory/5464-494-0x000001FE93F40000-0x000001FE93F60000-memory.dmp

Filesize
128KB

Download
memory/5556-1080-0x0000000004430000-0x0000000004431000-memory.dmp

Filesize
4KB

Download
memory/5640-33-0x000001BDA5B80000-0x000001BDA5C80000-memory.dmp

Filesize
1024KB

Download
memory/5640-32-0x000001BDA5B80000-0x000001BDA5C80000-memory.dmp

Filesize
1024KB

Download
memory/5640-37-0x000001C5A7BC0000-0x000001C5A7BE0000-memory.dmp

Filesize
128KB

Download
memory/5640-34-0x000001BDA5B80000-0x000001BDA5C80000-memory.dmp

Filesize
1024KB

Download
memory/5640-51-0x000001C5A7B80000-0x000001C5A7BA0000-memory.dmp

Filesize
128KB

Download
memory/5640-68-0x000001C5A7F90000-0x000001C5A7FB0000-memory.dmp

Filesize
128KB

Download
memory/5688-1232-0x0000000004BB0000-0x0000000004BB1000-memory.dmp

Filesize
4KB

Download
memory/5780-1270-0x00000257852A0000-0x00000257852C0000-memory.dmp

Filesize
128KB

Download
memory/5780-1236-0x0000025784500000-0x0000025784600000-memory.dmp

Filesize
1024KB

Download
memory/5780-1271-0x00000257858C0000-0x00000257858E0000-memory.dmp

Filesize
128KB

Download
memory/5780-1239-0x00000257852E0000-0x0000025785300000-memory.dmp

Filesize
128KB

Download
memory/6008-1533-0x00000000033F0000-0x00000000033F1000-memory.dmp

Filesize
4KB

Download
memory/6064-784-0x0000018D29100000-0x0000018D29200000-memory.dmp

Filesize
1024KB

Download
memory/6064-789-0x0000018D2A260000-0x0000018D2A280000-memory.dmp

Filesize
128KB

Download
memory/6064-813-0x0000018D2A630000-0x0000018D2A650000-memory.dmp

Filesize
128KB

Download
memory/6064-810-0x0000018D2A220000-0x0000018D2A240000-memory.dmp

Filesize
128KB

Download