Resubmissions
31/03/2025, 01:21
250331-bqtvaszyhx 1031/03/2025, 01:18
250331-bn4xgszydt 1031/03/2025, 01:17
250331-bnwwwasqv7 1029/03/2025, 14:30
250329-rveh6swqw4 10Analysis
-
max time kernel
158s -
max time network
157s -
platform
windows10-ltsc_2021_x64 -
resource
win10ltsc2021-20250314-en -
resource tags
-
submitted
31/03/2025, 01:18
General
-
Target
jjexploer.exe
-
Size
25KB
-
MD5
48f18e8a6a3f9b0f948b0e11e736f9e5
-
SHA1
643cec64499163563d018edbece54075c13e7cc3
-
SHA256
8e9b72f5c85f33855d55ba43828a9eb6747a20c269fd2f0a3e8e79927adcc644
-
SHA512
110a9e9bae0e4d527c6f8e5c9958aff8a13db398f0b18a727e28d69fa30d0bd759033f8efcbb59b11c2c1816b2cb17c43b7453244a198c217aa48cced0088d7b
-
SSDEEP
768:svpoyEEfxcQ4UBPq9lzcdaxfvM/r7yPV6U6m:QoyhuLUIjzgCfvM/r7yH6m
Score
10/10
Malware Config
Extracted
Family
njrat
Version
Njrat 0.7 Golden By Hassan Amiri
Botnet
svhost.exe
C2
animal-premium.gl.at.ply.gg:16843
Mutex
Update
Attributes
-
reg_key
Update
-
splitter
|Hassan|
Signatures
-
Njrat family
-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
-
Drops startup file 1 IoCs
-
Executes dropped EXE 8 IoCs
-
Adds Run key to start application 2 TTPs 2 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Checks SCSI registry key(s) 3 TTPs 3 IoCs
SCSI information is often read in order to detect sandboxing environments.
-
Modifies registry class 1 IoCs
-
Scheduled Task/Job: Scheduled Task 1 TTPs 1 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
-
Suspicious behavior: EnumeratesProcesses 38 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 4 IoCs
-
Suspicious behavior: LoadsDriver 6 IoCs
-
Suspicious use of AdjustPrivilegeToken 6 IoCs
-
Suspicious use of FindShellTrayWindow 44 IoCs
-
Suspicious use of SendNotifyMessage 44 IoCs
-
Suspicious use of WriteProcessMemory 18 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Users\Admin\AppData\Local\Temp\jjexploer.exe"C:\Users\Admin\AppData\Local\Temp\jjexploer.exe"1⤵
- Checks computer location settings
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Roaming\Dllhost.exe"C:\Users\Admin\AppData\Roaming\Dllhost.exe"2⤵
- Drops startup file
- Executes dropped EXE
- Adds Run key to start application
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SYSTEM32\schtasks.exeschtasks /create /sc minute /mo 1 /tn Server /tr C:\Users\Admin\AppData\Local\Temp/Server.exe3⤵
- Scheduled Task/Job: Scheduled Task
-
-
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /71⤵
- Checks SCSI registry key(s)
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\Dllhost.exe" ..1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Roaming\Dllhost.exeC:\Users\Admin\AppData\Roaming\Dllhost.exe ..2⤵
- Executes dropped EXE
- Suspicious behavior: GetForegroundWindowSpam
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\Dllhost.exe" ..1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Roaming\Dllhost.exeC:\Users\Admin\AppData\Roaming\Dllhost.exe ..2⤵
- Executes dropped EXE
- Suspicious behavior: GetForegroundWindowSpam
-
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\Dllhost.exe" ..1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Roaming\Dllhost.exeC:\Users\Admin\AppData\Roaming\Dllhost.exe ..2⤵
- Executes dropped EXE
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\Dllhost.exe" ..1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Roaming\Dllhost.exeC:\Users\Admin\AppData\Roaming\Dllhost.exe ..2⤵
- Executes dropped EXE
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\Dllhost.exe" ..1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Roaming\Dllhost.exeC:\Users\Admin\AppData\Roaming\Dllhost.exe ..2⤵
- Executes dropped EXE
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\Dllhost.exe" ..1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Roaming\Dllhost.exeC:\Users\Admin\AppData\Roaming\Dllhost.exe ..2⤵
- Executes dropped EXE
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\Dllhost.exe" ..1⤵
-
C:\Users\Admin\AppData\Roaming\Dllhost.exeC:\Users\Admin\AppData\Roaming\Dllhost.exe ..2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\Dllhost.exe" ..1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Roaming\Dllhost.exeC:\Users\Admin\AppData\Roaming\Dllhost.exe ..2⤵
- Executes dropped EXE
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\Dllhost.exe" ..1⤵
-
C:\Users\Admin\AppData\Roaming\Dllhost.exeC:\Users\Admin\AppData\Roaming\Dllhost.exe ..2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\Dllhost.exe" ..1⤵
-
C:\Users\Admin\AppData\Roaming\Dllhost.exeC:\Users\Admin\AppData\Roaming\Dllhost.exe ..2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\Dllhost.exe" ..1⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\Dllhost.exe" ..1⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\Dllhost.exe" ..1⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\Dllhost.exe" ..1⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\Dllhost.exe" ..1⤵
-
C:\Users\Admin\AppData\Roaming\Dllhost.exeC:\Users\Admin\AppData\Roaming\Dllhost.exe ..2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\Dllhost.exe" ..1⤵
-
C:\Users\Admin\AppData\Roaming\Dllhost.exeC:\Users\Admin\AppData\Roaming\Dllhost.exe ..2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\Dllhost.exe" ..1⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\Dllhost.exe" ..1⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\Dllhost.exe" ..1⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\Dllhost.exe" ..1⤵
-
C:\Users\Admin\AppData\Roaming\Dllhost.exeC:\Users\Admin\AppData\Roaming\Dllhost.exe ..2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\Dllhost.exe" ..1⤵
-
C:\Users\Admin\AppData\Roaming\Dllhost.exeC:\Users\Admin\AppData\Roaming\Dllhost.exe ..2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\Dllhost.exe" ..1⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\Dllhost.exe" ..1⤵
-
C:\Users\Admin\AppData\Roaming\Dllhost.exeC:\Users\Admin\AppData\Roaming\Dllhost.exe ..2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\Dllhost.exe" ..1⤵
-
C:\Users\Admin\AppData\Roaming\Dllhost.exeC:\Users\Admin\AppData\Roaming\Dllhost.exe ..2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\Dllhost.exe" ..1⤵
-
C:\Users\Admin\AppData\Roaming\Dllhost.exeC:\Users\Admin\AppData\Roaming\Dllhost.exe ..2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\Dllhost.exe" ..1⤵
-
C:\Users\Admin\AppData\Roaming\Dllhost.exeC:\Users\Admin\AppData\Roaming\Dllhost.exe ..2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\Dllhost.exe" ..1⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\Dllhost.exe" ..1⤵
-
C:\Users\Admin\AppData\Roaming\Dllhost.exeC:\Users\Admin\AppData\Roaming\Dllhost.exe ..2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\Dllhost.exe" ..1⤵
-
C:\Users\Admin\AppData\Roaming\Dllhost.exeC:\Users\Admin\AppData\Roaming\Dllhost.exe ..2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\Dllhost.exe" ..1⤵
-
C:\Users\Admin\AppData\Roaming\Dllhost.exeC:\Users\Admin\AppData\Roaming\Dllhost.exe ..2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\Dllhost.exe" ..1⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\Dllhost.exe" ..1⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\Dllhost.exe" ..1⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\Dllhost.exe" ..1⤵
-
C:\Users\Admin\AppData\Roaming\Dllhost.exeC:\Users\Admin\AppData\Roaming\Dllhost.exe ..2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\Dllhost.exe" ..1⤵
-
C:\Users\Admin\AppData\Roaming\Dllhost.exeC:\Users\Admin\AppData\Roaming\Dllhost.exe ..2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\Dllhost.exe" ..1⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\Dllhost.exe" ..1⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\Dllhost.exe" ..1⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\Dllhost.exe" ..1⤵
-
C:\Users\Admin\AppData\Roaming\Dllhost.exeC:\Users\Admin\AppData\Roaming\Dllhost.exe ..2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\Dllhost.exe" ..1⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\Dllhost.exe" ..1⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\Dllhost.exe" ..1⤵
-
C:\Users\Admin\AppData\Roaming\Dllhost.exeC:\Users\Admin\AppData\Roaming\Dllhost.exe ..2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\Dllhost.exe" ..1⤵
-
C:\Users\Admin\AppData\Roaming\Dllhost.exeC:\Users\Admin\AppData\Roaming\Dllhost.exe ..2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\Dllhost.exe" ..1⤵
-
C:\Users\Admin\AppData\Roaming\Dllhost.exeC:\Users\Admin\AppData\Roaming\Dllhost.exe ..2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\Dllhost.exe" ..1⤵
-
C:\Users\Admin\AppData\Roaming\Dllhost.exeC:\Users\Admin\AppData\Roaming\Dllhost.exe ..2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\Dllhost.exe" ..1⤵
-
C:\Users\Admin\AppData\Roaming\Dllhost.exeC:\Users\Admin\AppData\Roaming\Dllhost.exe ..2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\Dllhost.exe" ..1⤵
-
C:\Users\Admin\AppData\Roaming\Dllhost.exeC:\Users\Admin\AppData\Roaming\Dllhost.exe ..2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\Dllhost.exe" ..1⤵
-
C:\Users\Admin\AppData\Roaming\Dllhost.exeC:\Users\Admin\AppData\Roaming\Dllhost.exe ..2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\Dllhost.exe" ..1⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\Dllhost.exe" ..1⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\Dllhost.exe" ..1⤵
-
C:\Users\Admin\AppData\Roaming\Dllhost.exeC:\Users\Admin\AppData\Roaming\Dllhost.exe ..2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\Dllhost.exe" ..1⤵
-
C:\Users\Admin\AppData\Roaming\Dllhost.exeC:\Users\Admin\AppData\Roaming\Dllhost.exe ..2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\Dllhost.exe" ..1⤵
-
C:\Users\Admin\AppData\Roaming\Dllhost.exeC:\Users\Admin\AppData\Roaming\Dllhost.exe ..2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\Dllhost.exe" ..1⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\Dllhost.exe" ..1⤵
-
C:\Users\Admin\AppData\Roaming\Dllhost.exeC:\Users\Admin\AppData\Roaming\Dllhost.exe ..2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\Dllhost.exe" ..1⤵
-
C:\Users\Admin\AppData\Roaming\Dllhost.exeC:\Users\Admin\AppData\Roaming\Dllhost.exe ..2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\Dllhost.exe" ..1⤵
-
C:\Users\Admin\AppData\Roaming\Dllhost.exeC:\Users\Admin\AppData\Roaming\Dllhost.exe ..2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\Dllhost.exe" ..1⤵
-
C:\Users\Admin\AppData\Roaming\Dllhost.exeC:\Users\Admin\AppData\Roaming\Dllhost.exe ..2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\Dllhost.exe" ..1⤵
-
C:\Users\Admin\AppData\Roaming\Dllhost.exeC:\Users\Admin\AppData\Roaming\Dllhost.exe ..2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\Dllhost.exe" ..1⤵
-
C:\Users\Admin\AppData\Roaming\Dllhost.exeC:\Users\Admin\AppData\Roaming\Dllhost.exe ..2⤵
-
-
C:\Users\Admin\AppData\Local\Temp\Server.exe"C:\Users\Admin\AppData\Local\Temp/Server.exe"1⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\Dllhost.exe" ..1⤵
-
C:\Users\Admin\AppData\Roaming\Dllhost.exeC:\Users\Admin\AppData\Roaming\Dllhost.exe ..2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\Dllhost.exe" ..1⤵
-
C:\Users\Admin\AppData\Roaming\Dllhost.exeC:\Users\Admin\AppData\Roaming\Dllhost.exe ..2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\Dllhost.exe" ..1⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\Dllhost.exe" ..1⤵
-
C:\Users\Admin\AppData\Roaming\Dllhost.exeC:\Users\Admin\AppData\Roaming\Dllhost.exe ..2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\Dllhost.exe" ..1⤵
-
C:\Users\Admin\AppData\Roaming\Dllhost.exeC:\Users\Admin\AppData\Roaming\Dllhost.exe ..2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\Dllhost.exe" ..1⤵
-
C:\Users\Admin\AppData\Roaming\Dllhost.exeC:\Users\Admin\AppData\Roaming\Dllhost.exe ..2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\Dllhost.exe" ..1⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\Dllhost.exe" ..1⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\Dllhost.exe" ..1⤵
-
C:\Users\Admin\AppData\Roaming\Dllhost.exeC:\Users\Admin\AppData\Roaming\Dllhost.exe ..2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\Dllhost.exe" ..1⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\Dllhost.exe" ..1⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\Dllhost.exe" ..1⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\Dllhost.exe" ..1⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\Dllhost.exe" ..1⤵
-
C:\Users\Admin\AppData\Roaming\Dllhost.exeC:\Users\Admin\AppData\Roaming\Dllhost.exe ..2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\Dllhost.exe" ..1⤵
-
C:\Users\Admin\AppData\Roaming\Dllhost.exeC:\Users\Admin\AppData\Roaming\Dllhost.exe ..2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\Dllhost.exe" ..1⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\Dllhost.exe" ..1⤵
-
C:\Users\Admin\AppData\Roaming\Dllhost.exeC:\Users\Admin\AppData\Roaming\Dllhost.exe ..2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\Dllhost.exe" ..1⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\Dllhost.exe" ..1⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\Dllhost.exe" ..1⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\Dllhost.exe" ..1⤵
-
C:\Users\Admin\AppData\Roaming\Dllhost.exeC:\Users\Admin\AppData\Roaming\Dllhost.exe ..2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\Dllhost.exe" ..1⤵
-
C:\Users\Admin\AppData\Roaming\Dllhost.exeC:\Users\Admin\AppData\Roaming\Dllhost.exe ..2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\Dllhost.exe" ..1⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\Dllhost.exe" ..1⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\Dllhost.exe" ..1⤵
-
C:\Users\Admin\AppData\Roaming\Dllhost.exeC:\Users\Admin\AppData\Roaming\Dllhost.exe ..2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\Dllhost.exe" ..1⤵
-
C:\Users\Admin\AppData\Roaming\Dllhost.exeC:\Users\Admin\AppData\Roaming\Dllhost.exe ..2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\Dllhost.exe" ..1⤵
-
C:\Users\Admin\AppData\Roaming\Dllhost.exeC:\Users\Admin\AppData\Roaming\Dllhost.exe ..2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\Dllhost.exe" ..1⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\Dllhost.exe" ..1⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\Dllhost.exe" ..1⤵
-
C:\Users\Admin\AppData\Roaming\Dllhost.exeC:\Users\Admin\AppData\Roaming\Dllhost.exe ..2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\Dllhost.exe" ..1⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\Dllhost.exe" ..1⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\Dllhost.exe" ..1⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\Dllhost.exe" ..1⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\Dllhost.exe" ..1⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\Dllhost.exe" ..1⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\Dllhost.exe" ..1⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\Dllhost.exe" ..1⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\Dllhost.exe" ..1⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\Dllhost.exe" ..1⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\Dllhost.exe" ..1⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\Dllhost.exe" ..1⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\Dllhost.exe" ..1⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\Dllhost.exe" ..1⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\Dllhost.exe" ..1⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\Dllhost.exe" ..1⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\Dllhost.exe" ..1⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\Dllhost.exe" ..1⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\Dllhost.exe" ..1⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\Dllhost.exe" ..1⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\Dllhost.exe" ..1⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\Dllhost.exe" ..1⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\Dllhost.exe" ..1⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\Dllhost.exe" ..1⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\Dllhost.exe" ..1⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\Dllhost.exe" ..1⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\Dllhost.exe" ..1⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\Dllhost.exe" ..1⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\Dllhost.exe" ..1⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\Dllhost.exe" ..1⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\Dllhost.exe" ..1⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\Dllhost.exe" ..1⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\Dllhost.exe" ..1⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\Dllhost.exe" ..1⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\Dllhost.exe" ..1⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\Dllhost.exe" ..1⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\Dllhost.exe" ..1⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\Dllhost.exe" ..1⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\Dllhost.exe" ..1⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\Dllhost.exe" ..1⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\Dllhost.exe" ..1⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\Dllhost.exe" ..1⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\Dllhost.exe" ..1⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\Dllhost.exe" ..1⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\Dllhost.exe" ..1⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\Dllhost.exe" ..1⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\Dllhost.exe" ..1⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\Dllhost.exe" ..1⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\Dllhost.exe" ..1⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\Dllhost.exe" ..1⤵
Network
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD54f6b05ffda31f521f50ab51bdc5d012c
SHA197a007d2796eadbf97c9f4a5c1b221b19c265a45
SHA2562264d6027143e95b6e04d1c6a2305555bad4639c38ba90002be6f07fac4be1a9
SHA51224e0352fa6c2cedc98ee9b2f080af3931aed5ae20363787f49b911f8e3e842569db0248f5e8bccc58ed941af0ff4942fb104d9ea1ea4700e7deebf1012bbd7a9
-
Filesize
25KB
MD548f18e8a6a3f9b0f948b0e11e736f9e5
SHA1643cec64499163563d018edbece54075c13e7cc3
SHA2568e9b72f5c85f33855d55ba43828a9eb6747a20c269fd2f0a3e8e79927adcc644
SHA512110a9e9bae0e4d527c6f8e5c9958aff8a13db398f0b18a727e28d69fa30d0bd759033f8efcbb59b11c2c1816b2cb17c43b7453244a198c217aa48cced0088d7b
-
Filesize
368KB
MD5ba54b32c91ed981bcd0a4ee3c41942d6
SHA1ddd89de3931c03735a1976ceec1f308c1d162e5f
SHA256081848fa360954538d663597d76f1e4c387baf1262f7e860f5aecfa597587e8a
SHA51228e61758ae4914e9ca885429247d7618aff7437be3a92fe6a6e59200395c88cd8a93746e3cd34237b10bf101b3f297c8086a8eefbce274eb3e41db88c888059b
-
Filesize
8KB
-
Filesize
32KB
-
Filesize
72KB
-
Filesize
10.8MB
-
Filesize
8KB
-
Filesize
10.8MB
-
Filesize
10.8MB
-
Filesize
72KB
-
Filesize
72KB
-
Filesize
72KB
-
Filesize
72KB
-
Filesize
72KB
-
Filesize
72KB
-
Filesize
72KB
-
Filesize
72KB
-
Filesize
10.8MB
-
Filesize
10.8MB
-
Filesize
10.8MB
-
Filesize
10.8MB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
72KB
-
Filesize
72KB
-
Filesize
72KB