Analysis
-
max time kernel
103s -
max time network
104s -
platform
windows11-21h2_x64 -
resource
win11-20250313-en -
resource tags
-
submitted
30/03/2025, 13:57
General
-
Target
https://gofile.io/d/bKgr4K
Malware Config
Extracted
njrat
im523
HacKed
pdf-cape.gl.at.ply.gg:6772
00567af5ec2bc52d723fbecaae5c104b
-
reg_key
00567af5ec2bc52d723fbecaae5c104b
-
splitter
|'|'|
Signatures
-
Njrat family
-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Modifies Windows Firewall 2 TTPs 1 IoCs
-
Executes dropped EXE 2 IoCs
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs
-
Drops file in Windows directory 9 IoCs
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
Event Triggered Execution: Netsh Helper DLL 1 TTPs 3 IoCs
Netsh.exe (also referred to as Netshell) is a command-line scripting utility used to interact with the network configuration of a system.
-
System Location Discovery: System Language Discovery 1 TTPs 3 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies data under HKEY_USERS 2 IoCs
-
Modifies registry class 3 IoCs
-
NTFS ADS 1 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs
-
Suspicious use of AdjustPrivilegeToken 7 IoCs
-
Suspicious use of FindShellTrayWindow 35 IoCs
-
Suspicious use of SendNotifyMessage 12 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://gofile.io/d/bKgr4K1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x240,0x244,0x248,0x23c,0x254,0x7ffac16cf208,0x7ffac16cf214,0x7ffac16cf2202⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1892,i,4674095165210219634,15911539795215232395,262144 --variations-seed-version --mojo-platform-channel-handle=2244 /prefetch:112⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2208,i,4674095165210219634,15911539795215232395,262144 --variations-seed-version --mojo-platform-channel-handle=2204 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2516,i,4674095165210219634,15911539795215232395,262144 --variations-seed-version --mojo-platform-channel-handle=2540 /prefetch:132⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3416,i,4674095165210219634,15911539795215232395,262144 --variations-seed-version --mojo-platform-channel-handle=3468 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3436,i,4674095165210219634,15911539795215232395,262144 --variations-seed-version --mojo-platform-channel-handle=3560 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=3948,i,4674095165210219634,15911539795215232395,262144 --variations-seed-version --mojo-platform-channel-handle=4172 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --extension-process --renderer-sub-type=extension --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --always-read-main-dll --field-trial-handle=4040,i,4674095165210219634,15911539795215232395,262144 --variations-seed-version --mojo-platform-channel-handle=4180 /prefetch:92⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --extension-process --renderer-sub-type=extension --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --always-read-main-dll --field-trial-handle=4092,i,4674095165210219634,15911539795215232395,262144 --variations-seed-version --mojo-platform-channel-handle=4324 /prefetch:92⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --always-read-main-dll --field-trial-handle=4048,i,4674095165210219634,15911539795215232395,262144 --variations-seed-version --mojo-platform-channel-handle=4208 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --always-read-main-dll --field-trial-handle=4652,i,4674095165210219634,15911539795215232395,262144 --variations-seed-version --mojo-platform-channel-handle=4684 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5312,i,4674095165210219634,15911539795215232395,262144 --variations-seed-version --mojo-platform-channel-handle=5228 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5440,i,4674095165210219634,15911539795215232395,262144 --variations-seed-version --mojo-platform-channel-handle=5412 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3720,i,4674095165210219634,15911539795215232395,262144 --variations-seed-version --mojo-platform-channel-handle=5512 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3724,i,4674095165210219634,15911539795215232395,262144 --variations-seed-version --mojo-platform-channel-handle=5388 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5800,i,4674095165210219634,15911539795215232395,262144 --variations-seed-version --mojo-platform-channel-handle=5824 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5800,i,4674095165210219634,15911539795215232395,262144 --variations-seed-version --mojo-platform-channel-handle=5824 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5976,i,4674095165210219634,15911539795215232395,262144 --variations-seed-version --mojo-platform-channel-handle=6004 /prefetch:142⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\cookie_exporter.execookie_exporter.exe --cookie-json=11443⤵
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6264,i,4674095165210219634,15911539795215232395,262144 --variations-seed-version --mojo-platform-channel-handle=6188 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6384,i,4674095165210219634,15911539795215232395,262144 --variations-seed-version --mojo-platform-channel-handle=6392 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6292,i,4674095165210219634,15911539795215232395,262144 --variations-seed-version --mojo-platform-channel-handle=6504 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6424,i,4674095165210219634,15911539795215232395,262144 --variations-seed-version --mojo-platform-channel-handle=6444 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6452,i,4674095165210219634,15911539795215232395,262144 --variations-seed-version --mojo-platform-channel-handle=6716 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6868,i,4674095165210219634,15911539795215232395,262144 --variations-seed-version --mojo-platform-channel-handle=6884 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6904,i,4674095165210219634,15911539795215232395,262144 --variations-seed-version --mojo-platform-channel-handle=7036 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6732,i,4674095165210219634,15911539795215232395,262144 --variations-seed-version --mojo-platform-channel-handle=7172 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4240,i,4674095165210219634,15911539795215232395,262144 --variations-seed-version --mojo-platform-channel-handle=4424 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4444,i,4674095165210219634,15911539795215232395,262144 --variations-seed-version --mojo-platform-channel-handle=4372 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4432,i,4674095165210219634,15911539795215232395,262144 --variations-seed-version --mojo-platform-channel-handle=4360 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5020,i,4674095165210219634,15911539795215232395,262144 --variations-seed-version --mojo-platform-channel-handle=4492 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7028,i,4674095165210219634,15911539795215232395,262144 --variations-seed-version --mojo-platform-channel-handle=7172 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --always-read-main-dll --field-trial-handle=7376,i,4674095165210219634,15911539795215232395,262144 --variations-seed-version --mojo-platform-channel-handle=3696 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4668,i,4674095165210219634,15911539795215232395,262144 --variations-seed-version --mojo-platform-channel-handle=3704 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --always-read-main-dll --field-trial-handle=7296,i,4674095165210219634,15911539795215232395,262144 --variations-seed-version --mojo-platform-channel-handle=7468 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5344,i,4674095165210219634,15911539795215232395,262144 --variations-seed-version --mojo-platform-channel-handle=3584 /prefetch:142⤵
- NTFS ADS
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7796,i,4674095165210219634,15911539795215232395,262144 --variations-seed-version --mojo-platform-channel-handle=7356 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7676,i,4674095165210219634,15911539795215232395,262144 --variations-seed-version --mojo-platform-channel-handle=5432 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"1⤵
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Program Files\7-Zip\7zG.exe"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\New folder\" -spe -an -ai#7zMap213:82:7zEvent129271⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
-
C:\Users\Admin\Downloads\New folder\Server.exe"C:\Users\Admin\Downloads\New folder\Server.exe"1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\netsh.exenetsh firewall add allowedprogram "C:\Users\Admin\Downloads\New folder\Server.exe" "Server.exe" ENABLE2⤵
- Modifies Windows Firewall
- Event Triggered Execution: Netsh Helper DLL
- System Location Discovery: System Language Discovery
-
-
C:\Users\Admin\Downloads\New folder\Server.exe"C:\Users\Admin\Downloads\New folder\Server.exe"1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
Network
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
105KB
MD5a46d3bd3d1b1279435f16fc29f4b080b
SHA192e157b56e4d23355d04487264572f5d30f7fc83
SHA2561e0939779a17fc6ee3c15fd086f53aa027b12055b0e20403bb5f1f2a5140c37a
SHA512dc6f643c0a5477ffa545952bcdf936dcc2f483bf3cbcfcd9d2ef8661b22fa13d3738e399c9ceb52066cafd2f8afa7893040ce4f73a70bab0ac69ca10527afdf4
-
Filesize
3KB
MD5f9fd82b572ef4ce41a3d1075acc52d22
SHA1fdded5eef95391be440cc15f84ded0480c0141e3
SHA2565f21978e992a53ebd9c138cb5391c481def7769e3525c586a8a94f276b3cd8d6
SHA51217084cc74462310a608355fbeafa8b51f295fb5fd067dfc641e752e69b1ee4ffba0e9eafa263aab67daab780b9b6be370dd3b54dd4ba8426ab499e50ff5c7339
-
Filesize
280B
MD5ca53cefa89eda1561903f2cec58af742
SHA166cc43f787136e1070d79ae51e3fdd4c0ddf6159
SHA25632e69371ea4fce52c45992bcb31113c9ffb90016e93d0f5f9ec119caa8a8cee9
SHA512a71715ec9c429d3ffb4e59b4e995e6698187ff8cfb5b3096dac9f54f0a87d02cc97ed181cebe55043bee5a75834ad1f893b72d345210459e92efa95404ee70cf
-
Filesize
280B
MD516324d67eebfa38055529e9e5f1f9ef0
SHA1d8e94ea2c3d5a7f4e73880055b9247e1014c5c1d
SHA256aec06bcadf691e0d12402f0c8ac092df48f1c2b4b77dae27d10ec618d27f8e95
SHA512ce528cf5233a9f3b40367f45612e7e11eeb89aba427a7b353109fc742681e99c8368e217a0d51f882c31cb6f88cf02dc9e352a01b86863749929d71f78864f66
-
Filesize
3KB
MD5ddf406f99e32235b23dcb58a46fe8c2a
SHA15b9d578ed488cd65474d2931e590f1cf38e6a9f6
SHA25651a5781061cb178e594f106d6bf6ee4ba2baf2553688d81ae0f28eb11c4fad7d
SHA512f132552126946cb31413ec32b595fca8d0d94d458df32b061ae74375440988679e2ed49cbfc58830e3c67719b75b253368961c5491eca59a87d11387c7e6b8d9
-
Filesize
3KB
MD51335236b52c89d123b11280263f3b03f
SHA1f979f81d8c59cd50a68657742f4924ac79ed1be3
SHA256b032a56c2e21d1a6fdeeca8bb8f93e4aa90bfbdff140557a30983e5e5b29f8de
SHA5126fecaf624b442b6e2908dbb04a3f40f7189f9161e6e6acc0de5569331b983d34a93ffa7de48a2b3492bab68f490eb075a41ae1c29eadc7240877e978f53b0b20
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd
-
Filesize
69KB
MD5164a788f50529fc93a6077e50675c617
SHA1c53f6cd0531fd98d6abbd2a9e5fbb4319b221f48
SHA256b305e470fb9f8b69a8cd53b5a8ffb88538c9f6a9c7c2c194a226e8f6c9b53c17
SHA512ec7d173b55283f3e59a468a0037921dc4e1bf3fab1c693330b9d8e5826273c917b374c4b802f3234bbb5e5e210d55e52351426867e0eb8c9f6fba1a053cb05d4
-
Filesize
9KB
MD53d20584f7f6c8eac79e17cca4207fb79
SHA13c16dcc27ae52431c8cdd92fbaab0341524d3092
SHA2560d40a5153cb66b5bde64906ca3ae750494098f68ad0b4d091256939eea243643
SHA512315d1b4cc2e70c72d7eb7d51e0f304f6e64ac13ae301fd2e46d585243a6c936b2ad35a0964745d291ae9b317c316a29760b9b9782c88cc6a68599db531f87d59
-
Filesize
107KB
MD540e2018187b61af5be8caf035fb72882
SHA172a0b7bcb454b6b727bf90da35879b3e9a70621e
SHA256b3efd9d75856016510dd0bdb5e22359925cee7f2056b3cde6411c55ae8ae8ee5
SHA512a21b8f3f7d646909d6aed605ad5823269f52fda1255aa9bb4d4643e165a7b11935572bf9e0a6a324874f99c20a6f3b6d1e457c7ccd30adcac83c15febc063d12
-
Filesize
2KB
MD5d1263274a3e28df1f1bae1d049cfa863
SHA1a2ec12cf632740e2ff4a2848a6d6194cbd43ef00
SHA2568b1e5f9e6018da6fc636d5b62783f7204c3fd674f27c50770c6c80063108d7b0
SHA512db989fe1e5bddd326e6882f178efb6e3956e93d58b860aa6fe0d149e45c3a45a1a8b23dbe20cac206d4455b701f6b4934810e2a3822e5b200db12cc1ae15b285
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
13KB
MD537a271f1a7265b6739188d4f7d5c1867
SHA11ac131589fc60d274a3e1fabdec635cad36a36ad
SHA256d0371dd3d6996dee0753be1610a4c489f0d6bb5d48374fc8fcbc1b0e9650c2e6
SHA512f3ad2d9b645a356081fe49e6db0dbde57e1d3408057f47d83228b003ffd643fe3bb725b885ddb4bd9cee2ee598f4e6a70145da4334ff41085ba066262c36ec6b
-
Filesize
14KB
MD5150ab314bb9094019ed99ee2e6a207c4
SHA135b23b1c42e7f9aecd3d07f5d568cbda1f59c8ce
SHA256c2b97adfa35b35dccff2b9da619645cf228ba1f2736b288e39235611630917bd
SHA512ab8ba4fb16c9dae8334d622cfb5d058abffb331ed232a2eabdcbebf7e78bed8ab981e363ba3d9bba8c05d368445d40498df63c9a338c2f615382967fd587baaa
-
Filesize
37KB
MD55051686eb5b72b9d454bd0cf421043b6
SHA18d16fa99879d6fa7a97208ca2756fda21668d4ef
SHA256d97424a5d52d88448b273b22391e19185c41a90f2a22be82dbc129ed63ae3b8a
SHA5123e97c1546d01c5bc138e02e46e19b146fc362ec5b04a4569d0bbdbf20924228b449a4800adbb43ddda4132b5cf1755eac66e310bf67da52ddff216ded75f7ad1
-
Filesize
4KB
MD54d69ea2c188339dbe9a42fd1d6caf5f0
SHA10a647f29851f3ee0c44d9fac04edfd45b3acd8bb
SHA2561a5629aa8688a3c7d59611c239424daf938b992eb646bed3fa24c6a83fbe7627
SHA51220e2eb6cff9765ce510a15533a74cbdf5b16da0a01c6a6369f46be0d70e3ec762f575e43bfb28838b8fdd52a7050d4ea37d9a26428788e1bc4b7afbb7a6b3716
-
Filesize
22KB
MD556a63f182b2938fbe3e59fbf9681dc08
SHA1b76578ca24fb20b8bd5dafad4296e5a46735a5e1
SHA25636edc2510fb072092e4c6b95efe4521857d9dcb7f0b45afdf5e8ef02e5d19593
SHA512b17246b7c61e26fce1f211311b578d6b3d22c03a042137bb2bb5b23018ce5290a8fbf7a34b2f66fa30b2027296b8a570478f66a144385c320d63c1cef64434f8
-
Filesize
880B
MD5fbe6702684158e03933f632190d16fd9
SHA1031f6b98b88c9f09feab6c3d1c2426516f89d6fb
SHA2563c3e2b6f7e0661c2237cdf6b6d8e85000a97252f497e2cc790d26245943e06a6
SHA512a78ac9c35c1b97fedbd441c662b98a1395aa3838d7cd1231f1211de07ce613df30a88cbc5035d5468b936c72a00b51ffc2405c0bc71f77be5ddf5424224b227d
-
Filesize
23KB
MD57f12d9f646d13ca2a5fbde9b453ca188
SHA1a9ec7fa9c057389e360a4c3a5f12ba5bb19d55f8
SHA25649a04fa93dcba5792319fbc914e2e43ad3b34999e14b5fc89b658a3efb2a5d44
SHA512db044102d742b82e152f92605ed3a97a146df735db5394ec9c34d3dcc283bdb5c140d7243130da38e4e59b8fe128969e74f20eebdd25da0f2e370081a3a0aa82
-
Filesize
469B
MD5130bc92f44fa275816e4ab6bf7800c21
SHA145767f76e89e2f4e59272b88a25852a8c55a7fc3
SHA256292224c2b11c3b917b2b40561dea6ae0fe28ec171275d92e56df34dd78eafc89
SHA51212da9f2ac83bca8033f766e89a20eddbd0d50752ce69ad2b4e18c232428a14dcf34eba541034c90bf675947f045ce4b53c52f39ff211e324a8d84529631eeb12
-
Filesize
30KB
MD5c3093e6ee2e7ef5f665d8076302b590e
SHA1b7b1dbddf81b934288e8ea3f6d67a6a2e502e86e
SHA25674302dba41ff5db63a6809ff86137d3c7c7e1a6c2d68cb311c6d9c079277fc67
SHA5123a30c0fe79c6a1e7d870973cbc71e6b0b69e9340a8ef722fd9cfe9036e2749ba6892fad1b9829e55d58232c1654885c89edb2cf47bc6e5a2ff5fa4b8d7671390
-
Filesize
39KB
MD51f8dc19f00429d89f5505c0491781c35
SHA12835d8490dfdd1fec5a22634a004220bb491a090
SHA2564f39215982c25f03686f18613aebeeed355e6af17e11a2d79e3c22561412cd3a
SHA5127bc72f6ba4aceb9718dc53692675f1922eed3d62eab2f9337741685b367d51944b2910437c30bcc3f207280169aba961616c28e179c6598236b36cfcc749319a
-
Filesize
6KB
MD5c6706ba366a440b6fc2b91e1bf2f574e
SHA1ba3446cb338c3499e8c2b048d85caeb960e9af76
SHA256d48760b61dcb11e0577a4381cb817b5f2f47c9120b58e0bb12fc316d8ed579fc
SHA512dc49c4d924dfc28fcce3def320be3657f19fe3fbebc5a908171f027a6379c6bff2f2f08a7584397ce2f32cf2817e36328075743869ed7cbe165c477b2ea288cf
-
Filesize
30KB
MD5cf63dd7259f262152771802daf5cf1e1
SHA121a271b8420e11166b8c35d8099b070308e8cb4a
SHA256d8e50724a9f48de0962f19071fcba7744f76a1a35d4a2a1a2f8e916997d5e87c
SHA512d88cdd9486a4cde0bcaaa87492687d44df8b0e38a4b0159def2185c96d29f01ef7ade1508b2fe45390f46290603cbc12eb5f639c2e97f640f8a666e3ba72c19d
-
Filesize
39KB
MD5776efe351fe6f4d6a53b2570abf4b372
SHA1e452f1e6d5aa5b05e2c2afff3d0ab03e0bed98ff
SHA2567738550ca8a90d4feaf87eb75f35a306b0d7d12b4a6023e7b34c7b95ed7177b8
SHA5122dc827daad2de0c2c789a7c86f2e2997464f16ba1d4bd39eebe2b12e7ddd32b04c6400b46b5cf28c19d7673c3c8a4a17e1073ab7bf3b83efcb5044c073beef7a
-
Filesize
7KB
MD521f9c3b49783458132ff34d83d0f647a
SHA1478c399216aa861a094e33619792df2170358683
SHA2567f9ea59602dcbbe311a3b1f44be2ac4c5bd51f9405bccf0ae3e38a99c771059d
SHA51272a687ede70a36a5f54c055a1154ba7c1ae9eba04d7183df571ae783454f03e40d82c54b173a5ef4a6c78e67648506e4889d2b347ebc5723a9f7fec8d747ec96
-
Filesize
2KB
MD5499d9e568b96e759959dc69635470211
SHA12462a315342e0c09fd6c5fbd7f1e7ff6914c17e6
SHA25698252dc9f9e81167e893f2c32f08ee60e9a6c43fadb454400ed3bff3a68fbf0d
SHA5123a5922697b5356fd29ccf8dcc2e5e0e8c1fd955046a5bacf11b8ac5b7c147625d31ade6ff17be86e79c2c613104b2d2aebb11557399084d422e304f287d8b905
-
Filesize
10KB
MD578e47dda17341bed7be45dccfd89ac87
SHA11afde30e46997452d11e4a2adbbf35cce7a1404f
SHA25667d161098be68cd24febc0c7b48f515f199dda72f20ae3bbb97fcf2542bb0550
SHA5129574a66d3756540479dc955c4057144283e09cae11ce11ebce801053bb48e536e67dc823b91895a9e3ee8d3cb27c065d5e9030c39a26cbf3f201348385b418a5
-
Filesize
1B
MD55058f1af8388633f609cadb75a75dc9d
SHA13a52ce780950d4d969792a2559cd519d7ee8c727
SHA256cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA5120b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21
-
Filesize
152KB
MD5dd9bf8448d3ddcfd067967f01e8bf6d7
SHA1d7829475b2bd6a3baa8fabfaf39af57c6439b35e
SHA256fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72
SHA51265347df34378c2bbb34417e2cccfb3251a0b2412422cc190eed9df525b6e0a9948e0295ea3c33b3ad873ce81e369e89a138ac41d6eb7229546c3269107e661de
-
Filesize
362KB
MD5182e247edc00754d666a0c6391ce2e28
SHA171d04ee5a3fe1a5112f0fe5195b58611ac8158b5
SHA2566ad46c5db5128d52a9e316c1a4b151512a05320678bc3c5ff0e2543c82e340ad
SHA512097223bfb51bd9177537abf2a028f8f2467a2bfccae0c55e96de3fa062f9d3febdb67bde39cb813de9d10b5a00301ddc223d23d6e712d589c042b2d2ff593e5d
-
Filesize
26B
MD5fbccf14d504b7b2dbcb5a5bda75bd93b
SHA1d59fc84cdd5217c6cf74785703655f78da6b582b
SHA256eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
SHA512aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98
-
Filesize
37KB
MD5cb5c646402db2171de122a1a8959594b
SHA10732e8456f041a7bae31a69ee83076b475b8a628
SHA2567bbab02779e323d38d8a5c1b1572ed7d276babf5a48eeabb9f71dc078842f169
SHA512517ac9f56cdbedb5e5818d7e2b40b94f7d60e18be501b38d00bf2086a11a22be2c07058c2fe2bea570420902500ab7221d182c0f1cd1b2a168b118097dda108c
-
Filesize
134B
MD5049c307f30407da557545d34db8ced16
SHA1f10b86ebfe8d30d0dc36210939ca7fa7a819d494
SHA256c36944790c4a1fa2f2acec5f7809a4d6689ecb7fb3b2f19c831c9adb4e17fc54
SHA51214f04e768956bdd9634f6a172104f2b630e2eeada2f73b9a249be2ec707f4a47ff60f2f700005ca95addd838db9438ad560e5136a10ed32df1d304d65f445780
-
Filesize
43B
MD5af3a9104ca46f35bb5f6123d89c25966
SHA11ffb1b0aa9f44bdbc57bdf4b98d26d3be0207ee8
SHA25681bd82ac27612a58be30a72dd8956b13f883e32ffb54a58076bd6a42b8afaeea
SHA5126a7a543fa2d1ead3574b4897d2fc714bb218c60a04a70a7e92ecfd2ea59d67028f91b6a2094313f606560087336c619093f1d38d66a3c63a1d1d235ca03d36d1
-
Filesize
160B
MD5c3911ceb35539db42e5654bdd60ac956
SHA171be0751e5fc583b119730dbceb2c723f2389f6c
SHA25631952875f8bb2e71f49231c95349945ffc0c1dd975f06309a0d138f002cfd23d
SHA512d8b2c7c5b7105a6f0c4bc9c79c05b1202bc8deb90e60a037fec59429c04fc688a745ee1a0d06a8311466b4d14e2921dfb4476104432178c01df1e99deb48b331