Resubmissions
31/03/2025, 00:46
250331-a4vs3sztev 1010/03/2025, 05:28
250310-f6ht7atry9 1010/11/2024, 23:53
241110-3xj28axlay 1009/11/2024, 01:37
241109-b1yk8svarc 1009/11/2024, 01:31
241109-bxmpkatkgv 10Analysis
-
max time kernel
18s -
max time network
18s -
platform
windows10-2004_x64 -
resource
win10v2004-20250314-en -
resource tags
-
submitted
31/03/2025, 00:46
General
-
Target
0b4df70b068c231a06bb8fcc5a256e34.exe
-
Size
929KB
-
MD5
0b4df70b068c231a06bb8fcc5a256e34
-
SHA1
29ecfc8234162b43674d90e137546a4ecd4f65d7
-
SHA256
3ddb787dc820ae5ac61121bc0ff42e0cc86164f00bbe694d524497bd03123e93
-
SHA512
603a19c3c084bd71dbeda26d34d3d179d1c7f1eb23f4f411a83cbb4d365482885794763fa0d9711dbb6a383a32e60e8ec50aeacce7b87c859b70bf8998ff958b
-
SSDEEP
24576:pAT8QE+krVNpJc7Y/sDZ0239GhjS9knREHXsW02EhY:pAI+wNpJc7Y60EGhjSmE3sW02EhY
Malware Config
Extracted
redline
nam3
103.89.90.61:34589
-
auth_value
64b900120bbceaa6a9c60e9079492895
Extracted
redline
4
31.41.244.134:11643
-
auth_value
a516b2d034ecd34338f12b50347fbd92
Extracted
redline
@tag12312341
62.204.41.144:14096
-
auth_value
71466795417275fac01979e57016e277
Extracted
redline
5076357887
195.54.170.157:16525
-
auth_value
0dfaff60271d374d0c206d19883e06f3
Extracted
redline
RuXaRR_GG
insttaller.com:40915
-
auth_value
4a733ff307847db3ee220c11d113a305
Extracted
raccoon
afb5c633c4650f69312baef49db9dfa4
http://193.56.146.177
-
user_agent
mozzzzzzzzzzz
Extracted
raccoon
76426c3f362f5a47a469f0e9d8bc3eef
http://45.95.11.158/
-
user_agent
mozzzzzzzzzzz
Signatures
-
Raccoon
Raccoon is an infostealer written in C++ and first seen in 2019.
-
Raccoon family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload 10 IoCs
-
Redline family
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE 11 IoCs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
-
Drops file in Program Files directory 11 IoCs
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 12 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies data under HKEY_USERS 2 IoCs
-
Modifies registry class 2 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs
-
Suspicious use of FindShellTrayWindow 2 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\0b4df70b068c231a06bb8fcc5a256e34.exe"C:\Users\Admin\AppData\Local\Temp\0b4df70b068c231a06bb8fcc5a256e34.exe"1⤵
- Checks computer location settings
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://iplogger.org/1AbtZ42⤵
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x2c8,0x2cc,0x2d0,0x2c4,0x344,0x7fff4dbef208,0x7fff4dbef214,0x7fff4dbef2203⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1832,i,3007645759742747618,8966320572232093849,262144 --variations-seed-version --mojo-platform-channel-handle=2448 /prefetch:33⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2420,i,3007645759742747618,8966320572232093849,262144 --variations-seed-version --mojo-platform-channel-handle=2416 /prefetch:23⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2252,i,3007645759742747618,8966320572232093849,262144 --variations-seed-version --mojo-platform-channel-handle=2956 /prefetch:83⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3484,i,3007645759742747618,8966320572232093849,262144 --variations-seed-version --mojo-platform-channel-handle=3520 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3508,i,3007645759742747618,8966320572232093849,262144 --variations-seed-version --mojo-platform-channel-handle=3848 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=4148,i,3007645759742747618,8966320572232093849,262144 --variations-seed-version --mojo-platform-channel-handle=4204 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --extension-process --renderer-sub-type=extension --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --always-read-main-dll --field-trial-handle=4256,i,3007645759742747618,8966320572232093849,262144 --variations-seed-version --mojo-platform-channel-handle=4264 /prefetch:23⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --always-read-main-dll --field-trial-handle=4564,i,3007645759742747618,8966320572232093849,262144 --variations-seed-version --mojo-platform-channel-handle=4680 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --always-read-main-dll --field-trial-handle=4912,i,3007645759742747618,8966320572232093849,262144 --variations-seed-version --mojo-platform-channel-handle=4944 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --always-read-main-dll --field-trial-handle=5072,i,3007645759742747618,8966320572232093849,262144 --variations-seed-version --mojo-platform-channel-handle=3844 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --always-read-main-dll --field-trial-handle=5224,i,3007645759742747618,8966320572232093849,262144 --variations-seed-version --mojo-platform-channel-handle=5232 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --always-read-main-dll --field-trial-handle=5264,i,3007645759742747618,8966320572232093849,262144 --variations-seed-version --mojo-platform-channel-handle=5392 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --always-read-main-dll --field-trial-handle=5756,i,3007645759742747618,8966320572232093849,262144 --variations-seed-version --mojo-platform-channel-handle=3792 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3976,i,3007645759742747618,8966320572232093849,262144 --variations-seed-version --mojo-platform-channel-handle=3480 /prefetch:83⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --always-read-main-dll --field-trial-handle=6260,i,3007645759742747618,8966320572232093849,262144 --variations-seed-version --mojo-platform-channel-handle=6268 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --always-read-main-dll --field-trial-handle=6444,i,3007645759742747618,8966320572232093849,262144 --variations-seed-version --mojo-platform-channel-handle=6448 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3968,i,3007645759742747618,8966320572232093849,262144 --variations-seed-version --mojo-platform-channel-handle=6500 /prefetch:83⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6876,i,3007645759742747618,8966320572232093849,262144 --variations-seed-version --mojo-platform-channel-handle=6860 /prefetch:83⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6884,i,3007645759742747618,8966320572232093849,262144 --variations-seed-version --mojo-platform-channel-handle=6940 /prefetch:83⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7548,i,3007645759742747618,8966320572232093849,262144 --variations-seed-version --mojo-platform-channel-handle=7588 /prefetch:83⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7548,i,3007645759742747618,8966320572232093849,262144 --variations-seed-version --mojo-platform-channel-handle=7588 /prefetch:83⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6164,i,3007645759742747618,8966320572232093849,262144 --variations-seed-version --mojo-platform-channel-handle=4032 /prefetch:83⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3480,i,3007645759742747618,8966320572232093849,262144 --variations-seed-version --mojo-platform-channel-handle=7652 /prefetch:83⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6508,i,3007645759742747618,8966320572232093849,262144 --variations-seed-version --mojo-platform-channel-handle=6636 /prefetch:83⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7844,i,3007645759742747618,8966320572232093849,262144 --variations-seed-version --mojo-platform-channel-handle=6156 /prefetch:83⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6864,i,3007645759742747618,8966320572232093849,262144 --variations-seed-version --mojo-platform-channel-handle=8072 /prefetch:83⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7720,i,3007645759742747618,8966320572232093849,262144 --variations-seed-version --mojo-platform-channel-handle=8204 /prefetch:83⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=8364,i,3007645759742747618,8966320572232093849,262144 --variations-seed-version --mojo-platform-channel-handle=8376 /prefetch:83⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=8384,i,3007645759742747618,8966320572232093849,262144 --variations-seed-version --mojo-platform-channel-handle=8396 /prefetch:83⤵
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://iplogger.org/1RyjC42⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://iplogger.org/1A4aK42⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://iplogger.org/1RLtX42⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://iplogger.org/1naEL42⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://iplogger.org/1RCgX42⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://iplogger.org/1nhGL42⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://iplogger.org/1A3AZ42⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://iplogger.org/1AUSZ42⤵
-
-
C:\Program Files (x86)\Company\NewProduct\F0geI.exe"C:\Program Files (x86)\Company\NewProduct\F0geI.exe"2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
-
C:\Program Files (x86)\Company\NewProduct\kukurzka9000.exe"C:\Program Files (x86)\Company\NewProduct\kukurzka9000.exe"2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
-
C:\Program Files (x86)\Company\NewProduct\namdoitntn.exe"C:\Program Files (x86)\Company\NewProduct\namdoitntn.exe"2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
-
C:\Program Files (x86)\Company\NewProduct\nuplat.exe"C:\Program Files (x86)\Company\NewProduct\nuplat.exe"2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
-
C:\Program Files (x86)\Company\NewProduct\real.exe"C:\Program Files (x86)\Company\NewProduct\real.exe"2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
-
C:\Program Files (x86)\Company\NewProduct\safert44.exe"C:\Program Files (x86)\Company\NewProduct\safert44.exe"2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
-
C:\Program Files (x86)\Company\NewProduct\tag.exe"C:\Program Files (x86)\Company\NewProduct\tag.exe"2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
-
C:\Program Files (x86)\Company\NewProduct\jshainx.exe"C:\Program Files (x86)\Company\NewProduct\jshainx.exe"2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
-
C:\Program Files (x86)\Company\NewProduct\ffnameedit.exe"C:\Program Files (x86)\Company\NewProduct\ffnameedit.exe"2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
-
C:\Program Files (x86)\Company\NewProduct\rawxdev.exe"C:\Program Files (x86)\Company\NewProduct\rawxdev.exe"2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
-
C:\Program Files (x86)\Company\NewProduct\EU1.exe"C:\Program Files (x86)\Company\NewProduct\EU1.exe"2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"1⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
286KB
MD5eaa8eacd3c59ed71b7f68ef7a96602a3
SHA19b35e7b6cd147a4a729d3f6b1791e774a754c589
SHA2562f7a5ab1ce00d00b1196b2cd815457176467928a47a8c652b8af41e6bab8772b
SHA512c19934e143dcf1242f2f1584baaad4cebbd2e06d048c2ef9d347683ef0d77e2791c364608957e8ea4c1b9613450c3c2e4112bb56280ee12a4b1b1a63c714d83e
-
Filesize
339KB
MD5501e0f6fa90340e3d7ff26f276cd582e
SHA11bce4a6153f71719e786f8f612fbfcd23d3e130a
SHA256f07d918c6571f11abf9ab7268ac6e2ecbcd931c3d9d878895c777d15052aae2b
SHA512dee3aabfca7912f15b628253222cfe8d8e13cd64f0438e8d705b68b0a14b4c9523b7a207583be7b424e444d6b05f237484a0c38bf2e075d347ef937d409a3a69
-
Filesize
107KB
MD54bf892a854af9af2802f526837819f6e
SHA109f2e9938466e74a67368ecd613efdc57f80c30b
SHA256713eeb4e9271fe4b15160d900ad78498838bb33f7f97ad544a705ab2a46d97cf
SHA5127ef9d8cb4daf6be60c5a41439dab4e7384676b34de2341ac52cb33815645fbb51a4b78725ea97479d287a8d7a0a61b4b337b1ad49cce2a23c9192fd9b7678d44
-
Filesize
107KB
MD52647a5be31a41a39bf2497125018dbce
SHA1a1ac856b9d6556f5bb3370f0342914eb7cbb8840
SHA25684c7458316adf09943e459b4fb1aa79bd359ec1516e0ad947f44bdc6c0931665
SHA51268f70140af2ad71a40b6c884627047cdcbc92b4c6f851131e61dc9db3658bde99c1a09cad88c7c922aa5873ab6829cf4100dc12b75f237b2465e22770657ae26
-
Filesize
491KB
MD5681d98300c552b8c470466d9e8328c8a
SHA1d15f4a432a2abce96ba9ba74443e566c1ffb933f
SHA2568bbc892aedc1424ca5c66677b465c826f867515a3fea28821d015edcee71c912
SHA512b909975d0212d5a5a0cb2e2809ee02224aac729cb761be97a8e3be4ee0a1d7470946da8cf725953c1b2d71fb5fc9dc3c26fd74bce5db5cc0e91a106f8bded887
-
Filesize
107KB
MD5bbd8ea73b7626e0ca5b91d355df39b7f
SHA166e298653beb7f652eb44922010910ced6242879
SHA2561aa3fdc24e789b01a39944b85c99e4ac08864d2eae7530164cea2821acbf184e
SHA512625cc9c108b4660030be1282493700e5f0ccfb973f466f61254ed1e1a96f5f042cdeaa94607825a2f694647468e2f525a6451542fe3aac785ebac1ccfe39864f
-
Filesize
287KB
MD517c42a0dad379448ee1e6b21c85e5ac9
SHA12fec7fbb4a47092f9c17cd5ebb509a6403cb6d69
SHA256e080161f57d4eaaad9173b63219ba5a9c2c595324a6b3ffe96783db40839807b
SHA5125ddfe9af625c54e417452fe582041cdd373b52d4ededbcba71a88050fd834bc8af822257f7ad606e89db3fde15be98f58c1d8ff139dac71d81a23f669617a189
-
Filesize
287KB
MD53434d57b4ceb54b8c85974e652175294
SHA16d0c7e6b7f61b73564b06ac2020a2674d227bac4
SHA256cdd49958dd7504d9d1753899815a1542056372222687442e5b5c7fbd2993039e
SHA512f06fa676d10ff4f5f5c20d00e06ad94895e059724fea47cdf727bd278d9a3ba9daec26f5a0695cb74d87967d6d8020e14305e82725d5bc8c421c095e6704d9aa
-
Filesize
286KB
MD58a370815d8a47020150efa559ffdf736
SHA1ba9d8df8f484b8da51161a0e29fd29e5001cff5d
SHA256975457ed5ae0174f06cc093d4f9edcf75d88118cbbac5a1e76ad7bc7c679cd58
SHA512d2eb60e220f64e76ebed2b051cc14f3a2da29707d8b2eb52fb41760800f11eafeb8bb3f1f8edcfca693a791aa60e56e263063f2b72abe4ad8784061feee6f7bf
-
Filesize
244KB
MD5dbe947674ea388b565ae135a09cc6638
SHA1ae8e1c69bd1035a92b7e06baad5e387de3a70572
SHA25686aeac2a4ee8e62265ee570718bbd41a4e643e0bad69e7b4fa6c24baeb220709
SHA51267441aebbf7ce4d53fbb665124f309faed7842b3e424e018454ff6d6f790219633ce6a9b370aeaf77c5092e84f4391df13e964ca6a28597810dee41c3c833893
-
Filesize
107KB
MD52ebc22860c7d9d308c018f0ffb5116ff
SHA178791a83f7161e58f9b7df45f9be618e9daea4cd
SHA2568e2c9fd68fc850fa610d1edfd46fc4a66adbef24e42a1841290b0e0c08597e89
SHA512d4842627f6fab09f9472ed0b09b5e012524bf6b821d90a753275f68de65b7ba084a9e15daca58a183f89b166cc9d2d2f2d6a81e1110e66c5822b548279c8c05e
-
Filesize
280B
MD536f9fd1ea77d2f590556c7d635edd948
SHA177be267292d38d47ce859e8924a6730130f7f2da
SHA2563e876f232d2a766cc7244538ab5fc61da25853942ffe237bbee3077f0cbb435c
SHA5125c222b04d880e65af08e3ca8e8695af07d0c29ef5cf70c74fa0d81baf12f7dd7ad11073cff8651767e4743f40bc3fa93df6198bd3cbdcbcf38ba1ecbedea5a42
-
Filesize
280B
MD5caba3b97f983eb81b0720471256478c8
SHA1339f3ecc344478074922a419c72f2d5ae5057596
SHA256ee9a4e8df1a64f019f80b1d75be15fd30693816fcaab4c7425230e96b6badba3
SHA5122509f6b967fd54eb3dce44408b7e0b5c32c2900a68082f573aa8382def609314022cdb0759ce9cbd88f6a7c2b83b3026f464388f3848fed913cae30d7f2b730f
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd
-
Filesize
69KB
MD5164a788f50529fc93a6077e50675c617
SHA1c53f6cd0531fd98d6abbd2a9e5fbb4319b221f48
SHA256b305e470fb9f8b69a8cd53b5a8ffb88538c9f6a9c7c2c194a226e8f6c9b53c17
SHA512ec7d173b55283f3e59a468a0037921dc4e1bf3fab1c693330b9d8e5826273c917b374c4b802f3234bbb5e5e210d55e52351426867e0eb8c9f6fba1a053cb05d4
-
Filesize
9KB
MD53d20584f7f6c8eac79e17cca4207fb79
SHA13c16dcc27ae52431c8cdd92fbaab0341524d3092
SHA2560d40a5153cb66b5bde64906ca3ae750494098f68ad0b4d091256939eea243643
SHA512315d1b4cc2e70c72d7eb7d51e0f304f6e64ac13ae301fd2e46d585243a6c936b2ad35a0964745d291ae9b317c316a29760b9b9782c88cc6a68599db531f87d59
-
Filesize
107KB
MD540e2018187b61af5be8caf035fb72882
SHA172a0b7bcb454b6b727bf90da35879b3e9a70621e
SHA256b3efd9d75856016510dd0bdb5e22359925cee7f2056b3cde6411c55ae8ae8ee5
SHA512a21b8f3f7d646909d6aed605ad5823269f52fda1255aa9bb4d4643e165a7b11935572bf9e0a6a324874f99c20a6f3b6d1e457c7ccd30adcac83c15febc063d12
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
14KB
MD50d9d95524242307405f6d2a513d04289
SHA1e7c32ac8e5a2dc9a29b214344153c7c47dea36ea
SHA2568e4aadfe192cafd58c183673521f59150b44bdd3dd09895d5776ffb7925322ad
SHA512b8d81f775a7d7435838c1c894d9497bb66f1364b4840899bbf56fa3cb93a3f8b938c3cda27ed6f690ec1f51f1d1daacec0b7672413b98992d3f1d1dae6851083
-
Filesize
36KB
MD504e08225ee337ca751cefd40b2ef6028
SHA1fd670f892788aeba49b6df9715b01b89e8044916
SHA2563b280c126363cb656e6fbdcdad1dcee5bb80edcbe9cf6cc4c4128de379726ee8
SHA512519eda64c791462c629b4f41ea26501c82fb53e37987ef1e248d16efaf6a14d89318825c34f7b72f99663ab1b378213f0b6471e4d3fa07e62a54ccd4c8bf85cb
-
Filesize
4KB
MD500b1e627bfad780c8d8cd663b7660e4b
SHA15155957cdc99ef6c03cb91514c6d34b91216e174
SHA2565a37794d79503dbec7db0b03f681241c2309fa35015d3fca4324a050cf54b124
SHA5122a686c3afc8837a61c307079a1b1e68104015d43e8f5a04b9d26ae64d870301904382c278491c4df1f08d5f6f69ce31484cd6f941aa5e5a54398803d3e4f1e41
-
Filesize
30KB
MD51cc74e57870cca24189143bea10f8a48
SHA19d2752164926b483a3e259554283936e701ff94f
SHA256848665029f650c0525b36ceb778e100ec243979d50263a983e1d4d7a08344614
SHA5122fb18a313b0198bc2e281bdfd8580a079adb434ebb9f622e18d500c7bf6c14f9fa48612a0d7a447431e64cade1c4cf4fb5f9ecef1d5155f2ca69f9a330b92d2a
-
Filesize
6KB
MD5a16dcebf0bc5d3cf1a845ff791d812c9
SHA1c1e730f23175b74d29339af669c66bd491d5a733
SHA256bbae49a03a0b46f9eb6d2daec289b1206d9f6822317c2d832dd9c1064b700788
SHA51297c8b8e257806b48c151d8d3af84944c180eb90512fab005e05c8ed9979c1c2e1bbbb34180afcab9c36375f2f913e2683aba91ae820a27f9187a64e971bbd35d
-
Filesize
7KB
MD5f0ac165052f632d26820409f9e0aae91
SHA1cc2b209b009c5b40dc4bbff642b886e80ca48936
SHA2568e6fe319819f69f9e267d4aabf3aa7374a9ea06db9b68693f721b206ff3c61e0
SHA512d3339f5a04b659103f122a36215a5b847e7f20f0d20031de5fc119d367ec16e3a70c3f6c7120f58fe6e3492b22aa621049d816a152be719aa9544f02d2a3a907
-
Filesize
8KB
MD5f7e22293d108ea24545879d19d3d236e
SHA11af4e4ac7cae0d552a5f9fa23fba82fd021e6bcd
SHA2563062fb27a2fb5706d8468943430cc228a401fbb45044dacbabbb82a9edfca146
SHA5127301cd536703a25d21d048cc44aee59b5a73531c9e7bf29357a1e48cf157f80965746086ba9fc65f1df2648083c28b133e21d04a3525ad10cde7d67328cb0594
-
Filesize
8KB
MD5c269ba56f4e213a6e54c2d397c5b5cb9
SHA158a587b059bcd83232d8d270119b3bfb424468c8
SHA2560145f133ffe9c07fdcf24e8abe6aeb212db49618ba3456afe97779b93230d2fe
SHA5125cf5eb5a3c0cfd3ab0495d655902a97752365fecf96c12fa61621be9a9d0b79589b41f1ac6533da0c987596d8397f5bb7d1210a30881f8f539823b256f644ba0
-
Filesize
8KB
MD5c970237b5cfc4a3a776d20d0b8da3ab3
SHA17591ae1a93054585df93a5409ea08a39cb3b7ca6
SHA2567a4bed03fa7a98c8a01c31ad04171d1cea66575498752b3d7ea4ae170439a663
SHA5126e55bf4f9f818992dd1cd2672657c3c7cdd72b8c4ecb2c7e926da4247603ceb92eca9e54d6bb8795819a79f3e5f2b90406a11cc1ddc30c75f8f6fb4aa6330c7e
-
Filesize
8KB
MD54764e79770c13be9b64cb05e67518db8
SHA10ecba4ecb88473efe59e3ebe57b51e29fda1ed07
SHA256d5911e9594bb13b5c0e13481a38bc184785cefec0f5a36f61ca6c0ac21f44ae2
SHA512f91bed94fa88bb4d74d953a7d8972caebd19b55275574e558ee372161c6068d85e2adef54d61ce5aa8609e6815a2f4b4fba432f5fa251f513eb53faccc4d825e
-
Filesize
8KB
MD5153b4d00b953ea217daa5ef9063d8631
SHA14bd6098588c8fa125e4419457dab78be82387bef
SHA256e4ef692e207447524ea38f79160faed11449c244c393ad421939629a7933acfd
SHA5122c14a93a25cb016627338d258fba9bc834ab9b0a674125684aedb20f93ce9a94b97a6b6a9359688528ae157f7030bceb12c6fccff050cacb0abae3c9dd606993
-
Filesize
11KB
MD540849fb13b20fd10af849af128896b86
SHA1226b3b83d851decd011682e9e45d6b3672d96cb6
SHA256f955339e206c7146a2f3dd84489a429d6fac4afbd8cef945f09dd3592bfbda9a
SHA512b529ab6ee2b035549679ac4ddb6be12b8faa889d03feff760607ae4df674137dad31d54d6f8e630700f9c383eae4937dd43a4c2a5f33155e4bbc9c54eadb6423
-
Filesize
8KB
MD5be6c28c65ca33e94e938834d40195152
SHA1b4ad025a207215019f442135c8ffb0d9d97e17cc
SHA2569861e8bc477fb93e4985a0850179fc57ce458798949ad484f0447a8bb25d0d38
SHA512eb5bb36b2c76a21f8b84d26bd33c904bec81e6e30f912171cd07562c85782aa34680f435d9d67404ca14b73c4f9c6f6a260d49beb25d2dbde916f60474855530
-
Filesize
10KB
MD51b3a53b8ff7626a2d6a0042f1e9fadf2
SHA1c9fbbf2b011a702fc8337697d66dca80e69d2cf2
SHA256238a823cb85eacb4d2610a0c48e51255e7b7e19e120904aed9df0d2caf447fb4
SHA512ac8af9558a9332c6f742df9e1b01906694ab7ba6b419cec2fc8bc5653fd9358311e79297222844136b54eb7dab821795271589f872c96c79de5307051ca06aa9
-
Filesize
10KB
MD578e47dda17341bed7be45dccfd89ac87
SHA11afde30e46997452d11e4a2adbbf35cce7a1404f
SHA25667d161098be68cd24febc0c7b48f515f199dda72f20ae3bbb97fcf2542bb0550
SHA5129574a66d3756540479dc955c4057144283e09cae11ce11ebce801053bb48e536e67dc823b91895a9e3ee8d3cb27c065d5e9030c39a26cbf3f201348385b418a5
-
Filesize
1B
MD55058f1af8388633f609cadb75a75dc9d
SHA13a52ce780950d4d969792a2559cd519d7ee8c727
SHA256cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA5120b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21
-
Filesize
152KB
MD5dd9bf8448d3ddcfd067967f01e8bf6d7
SHA1d7829475b2bd6a3baa8fabfaf39af57c6439b35e
SHA256fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72
SHA51265347df34378c2bbb34417e2cccfb3251a0b2412422cc190eed9df525b6e0a9948e0295ea3c33b3ad873ce81e369e89a138ac41d6eb7229546c3269107e661de
-
Filesize
440KB
-
Filesize
24KB
-
Filesize
272KB
-
Filesize
520KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
204KB
-
Filesize
304KB
-
Filesize
6.1MB
-
Filesize
72KB
-
Filesize
1.0MB
-
Filesize
240KB
-
Filesize
128KB