C:\Users\user\Desktop\CjFaGVmupj.exe
|
"C:\Users\user\Desktop\CjFaGVmupj.exe"
|
|
|
Is windows: |
false
|
Is dropped: |
false
|
PID: |
6264
|
Target ID: |
0
|
Parent PID: |
2580
|
Name: |
CjFaGVmupj.exe
|
Path: |
C:\Users\user\Desktop\CjFaGVmupj.exe
|
Commandline: |
"C:\Users\user\Desktop\CjFaGVmupj.exe"
|
Size: |
9433088
|
MD5: |
889E6365D82A9A89B6C8C86D672B8F0C
|
Time: |
04:02:04
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
low
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff725380000
|
Modulesize: |
9478144
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Multi AV Scanner detection for submitted file |
AV Detection |
|
Drops PE files to the startup folder |
Boot Survival |
Registry Run Keys / Startup Folder
|
Installs a global keyboard hook |
Key, Mouse, Clipboard, Microphone and Screen Capturing |
|
Creates a start menu entry (Start Menu\Programs\Startup) |
Boot Survival |
Registry Run Keys / Startup Folder
|
Drops PE files |
Persistence and Installation Behavior |
|
PE file contains sections with non-standard names |
Data Obfuscation |
|
Sigma detected: Startup Folder File Write |
System Summary |
|
Sigma detected: Suspicious desktop.ini Action |
System Summary |
|
Stores files to the Windows start menu directory |
Boot Survival |
Registry Run Keys / Startup Folder
|
Creates files inside the user directory |
System Summary |
|
PE file has an executable .text section and no other executable section |
System Summary |
|
Sample is known by Antivirus |
System Summary |
|
Sample reads its own file content |
System Summary |
|
Spawns processes |
System Summary |
|
Contains modern PE file flags such as dynamic base (ASLR) or NX |
Compliance, System Summary |
|
PE file has a big raw section |
System Summary |
|
PE file has a big code size |
System Summary |
|
PE file has a high image base, often used for DLLs |
System Summary |
|
Submission file is bigger than most known malware samples |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2172
|
Target ID: |
2
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:02:05
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
high
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
1748
|
Target ID: |
3
|
Parent PID: |
2172
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:02:05
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
moderate
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2316
|
Target ID: |
4
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:02:06
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
high
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3020
|
Target ID: |
5
|
Parent PID: |
2316
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:02:06
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
moderate
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
4588
|
Target ID: |
6
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:02:07
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
high
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2504
|
Target ID: |
7
|
Parent PID: |
4588
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:02:07
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
moderate
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
1420
|
Target ID: |
8
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:02:08
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
high
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x800000
|
Modulesize: |
962560
|
Wow64: |
true
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2676
|
Target ID: |
9
|
Parent PID: |
1420
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:02:08
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
moderate
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6596
|
Target ID: |
10
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:02:09
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
high
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6424
|
Target ID: |
11
|
Parent PID: |
6596
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:02:09
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
moderate
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3320
|
Target ID: |
12
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:02:10
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
1740
|
Target ID: |
13
|
Parent PID: |
3320
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:02:10
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2000
|
Target ID: |
14
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:02:11
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3020
|
Target ID: |
15
|
Parent PID: |
2000
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:02:11
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2256
|
Target ID: |
16
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:02:12
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
4348
|
Target ID: |
17
|
Parent PID: |
2256
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:02:12
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5664
|
Target ID: |
18
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:02:13
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
1596
|
Target ID: |
19
|
Parent PID: |
5664
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:02:13
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6424
|
Target ID: |
20
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:02:14
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3220
|
Target ID: |
21
|
Parent PID: |
6424
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:02:14
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
404
|
Target ID: |
22
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:02:15
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
1196
|
Target ID: |
23
|
Parent PID: |
404
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:02:15
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
4544
|
Target ID: |
24
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:02:16
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6204
|
Target ID: |
25
|
Parent PID: |
4544
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:02:16
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
1312
|
Target ID: |
27
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:02:17
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
4192
|
Target ID: |
28
|
Parent PID: |
1312
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:02:17
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3052
|
Target ID: |
30
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:02:18
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2696
|
Target ID: |
31
|
Parent PID: |
3052
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:02:18
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3152
|
Target ID: |
32
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:02:19
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
764
|
Target ID: |
33
|
Parent PID: |
3152
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:02:19
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3192
|
Target ID: |
34
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:02:20
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3020
|
Target ID: |
35
|
Parent PID: |
3192
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:02:20
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5436
|
Target ID: |
36
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:02:21
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5664
|
Target ID: |
37
|
Parent PID: |
5436
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:02:22
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2108
|
Target ID: |
38
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:02:23
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
1196
|
Target ID: |
39
|
Parent PID: |
2108
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:02:23
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3060
|
Target ID: |
41
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:02:24
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
4548
|
Target ID: |
42
|
Parent PID: |
3060
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:02:24
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6984
|
Target ID: |
45
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:02:25
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
4888
|
Target ID: |
46
|
Parent PID: |
6984
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:02:25
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
1596
|
Target ID: |
47
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:02:26
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2212
|
Target ID: |
48
|
Parent PID: |
1596
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:02:26
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
4296
|
Target ID: |
49
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:02:27
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7112
|
Target ID: |
50
|
Parent PID: |
4296
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:02:27
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2368
|
Target ID: |
51
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:02:28
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2828
|
Target ID: |
52
|
Parent PID: |
2368
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:02:28
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5300
|
Target ID: |
53
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:02:29
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3060
|
Target ID: |
54
|
Parent PID: |
5300
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:02:29
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
4284
|
Target ID: |
55
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:02:30
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7699e0000
|
Modulesize: |
892928
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2912
|
Target ID: |
56
|
Parent PID: |
4284
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:02:30
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6204
|
Target ID: |
57
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:02:31
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3020
|
Target ID: |
58
|
Parent PID: |
6204
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:02:31
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6208
|
Target ID: |
59
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:02:32
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
352
|
Target ID: |
60
|
Parent PID: |
6208
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:02:32
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5844
|
Target ID: |
61
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:02:33
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6344
|
Target ID: |
62
|
Parent PID: |
5844
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:02:33
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff70f330000
|
Modulesize: |
36864
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
1396
|
Target ID: |
63
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:02:34
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5776
|
Target ID: |
64
|
Parent PID: |
1396
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:02:34
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5756
|
Target ID: |
65
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:02:35
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
4020
|
Target ID: |
66
|
Parent PID: |
5756
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:02:35
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
1440
|
Target ID: |
67
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:02:36
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
1196
|
Target ID: |
68
|
Parent PID: |
1440
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:02:36
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2784
|
Target ID: |
69
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:02:37
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5264
|
Target ID: |
70
|
Parent PID: |
2784
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:02:37
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2056
|
Target ID: |
71
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:02:38
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6568
|
Target ID: |
72
|
Parent PID: |
2056
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:02:38
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6912
|
Target ID: |
73
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:02:39
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6932
|
Target ID: |
74
|
Parent PID: |
6912
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:02:39
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6480
|
Target ID: |
75
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:02:40
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2084
|
Target ID: |
76
|
Parent PID: |
6480
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:02:40
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
1020
|
Target ID: |
77
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:02:41
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3412
|
Target ID: |
78
|
Parent PID: |
1020
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:02:41
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
1596
|
Target ID: |
79
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:02:42
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2676
|
Target ID: |
80
|
Parent PID: |
1596
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:02:42
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3756
|
Target ID: |
81
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:02:43
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
1060
|
Target ID: |
82
|
Parent PID: |
3756
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:02:43
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5776
|
Target ID: |
83
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:02:44
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
1396
|
Target ID: |
84
|
Parent PID: |
5776
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:02:44
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
1984
|
Target ID: |
85
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:02:45
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
4020
|
Target ID: |
86
|
Parent PID: |
1984
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:02:45
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
1272
|
Target ID: |
87
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:02:45
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2648
|
Target ID: |
88
|
Parent PID: |
1272
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:02:45
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3396
|
Target ID: |
89
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:02:46
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3236
|
Target ID: |
90
|
Parent PID: |
3396
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:02:47
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3796
|
Target ID: |
91
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:02:47
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6404
|
Target ID: |
92
|
Parent PID: |
3796
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:02:47
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
1420
|
Target ID: |
93
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:02:48
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6932
|
Target ID: |
94
|
Parent PID: |
1420
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:02:48
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
332
|
Target ID: |
95
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:02:48
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3140
|
Target ID: |
96
|
Parent PID: |
332
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:02:48
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6480
|
Target ID: |
97
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:02:49
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
4040
|
Target ID: |
98
|
Parent PID: |
6480
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:02:49
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3052
|
Target ID: |
99
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:02:50
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
1740
|
Target ID: |
100
|
Parent PID: |
3052
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:02:50
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3320
|
Target ID: |
101
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:02:50
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6344
|
Target ID: |
102
|
Parent PID: |
3320
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:02:50
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5780
|
Target ID: |
103
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:02:51
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5376
|
Target ID: |
104
|
Parent PID: |
5780
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:02:51
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5440
|
Target ID: |
105
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:02:52
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2848
|
Target ID: |
106
|
Parent PID: |
5440
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:02:52
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3176
|
Target ID: |
107
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:02:52
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2176
|
Target ID: |
108
|
Parent PID: |
3176
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:02:52
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2252
|
Target ID: |
109
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:02:53
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2920
|
Target ID: |
110
|
Parent PID: |
2252
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:02:53
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3896
|
Target ID: |
111
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:02:53
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5776
|
Target ID: |
112
|
Parent PID: |
3896
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:02:53
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2336
|
Target ID: |
113
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:02:54
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3916
|
Target ID: |
114
|
Parent PID: |
2336
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:02:54
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
4904
|
Target ID: |
115
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:02:55
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
1456
|
Target ID: |
116
|
Parent PID: |
4904
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:02:55
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5292
|
Target ID: |
117
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:02:55
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3336
|
Target ID: |
118
|
Parent PID: |
5292
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:02:55
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
1196
|
Target ID: |
119
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:02:55
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
1272
|
Target ID: |
120
|
Parent PID: |
1196
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:02:56
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3120
|
Target ID: |
121
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:02:56
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2800
|
Target ID: |
122
|
Parent PID: |
3120
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:02:56
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
1860
|
Target ID: |
123
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:02:56
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6384
|
Target ID: |
124
|
Parent PID: |
1860
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:02:57
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3396
|
Target ID: |
125
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:02:57
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2932
|
Target ID: |
126
|
Parent PID: |
3396
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:02:57
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6268
|
Target ID: |
127
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:02:57
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
1004
|
Target ID: |
128
|
Parent PID: |
6268
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:02:58
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5480
|
Target ID: |
129
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:02:58
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2164
|
Target ID: |
130
|
Parent PID: |
5480
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:02:58
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2084
|
Target ID: |
131
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:02:58
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
1668
|
Target ID: |
132
|
Parent PID: |
2084
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:02:58
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3636
|
Target ID: |
133
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:02:58
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5968
|
Target ID: |
134
|
Parent PID: |
3636
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:02:58
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
4408
|
Target ID: |
135
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:02:59
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
1244
|
Target ID: |
136
|
Parent PID: |
4408
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:02:59
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5436
|
Target ID: |
137
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:02:59
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6504
|
Target ID: |
138
|
Parent PID: |
5436
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:02:59
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3220
|
Target ID: |
139
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:00
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6008
|
Target ID: |
140
|
Parent PID: |
3220
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:03:00
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6964
|
Target ID: |
141
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:00
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3756
|
Target ID: |
142
|
Parent PID: |
6964
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:03:00
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2024
|
Target ID: |
143
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:00
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2176
|
Target ID: |
144
|
Parent PID: |
2024
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:03:00
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6072
|
Target ID: |
145
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:01
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2668
|
Target ID: |
146
|
Parent PID: |
6072
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:03:01
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7140
|
Target ID: |
147
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:01
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
4020
|
Target ID: |
148
|
Parent PID: |
7140
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:03:01
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5800
|
Target ID: |
149
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:01
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3684
|
Target ID: |
150
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:02
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3344
|
Target ID: |
151
|
Parent PID: |
5800
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:03:02
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3288
|
Target ID: |
152
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:02
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3584
|
Target ID: |
153
|
Parent PID: |
3288
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:03:02
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
1456
|
Target ID: |
154
|
Parent PID: |
3684
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:03:02
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2368
|
Target ID: |
155
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:02
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5080
|
Target ID: |
156
|
Parent PID: |
2368
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:03:02
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
4476
|
Target ID: |
157
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:02
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5304
|
Target ID: |
158
|
Parent PID: |
4476
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:03:02
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
4092
|
Target ID: |
159
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:03
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2800
|
Target ID: |
160
|
Parent PID: |
4092
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:03:03
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3060
|
Target ID: |
161
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:03
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2364
|
Target ID: |
162
|
Parent PID: |
3060
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:03:03
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5348
|
Target ID: |
163
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:03
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6404
|
Target ID: |
164
|
Parent PID: |
5348
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:03:03
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
1508
|
Target ID: |
165
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:03
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6912
|
Target ID: |
166
|
Parent PID: |
1508
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:03:03
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2692
|
Target ID: |
167
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:03
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5168
|
Target ID: |
168
|
Parent PID: |
2692
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:03:04
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5264
|
Target ID: |
169
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:04
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3084
|
Target ID: |
170
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:04
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3140
|
Target ID: |
171
|
Parent PID: |
3084
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:03:04
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2484
|
Target ID: |
172
|
Parent PID: |
5264
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:03:04
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6104
|
Target ID: |
173
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:04
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
1244
|
Target ID: |
174
|
Parent PID: |
6104
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:03:04
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
4280
|
Target ID: |
175
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:04
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
732
|
Target ID: |
176
|
Parent PID: |
4280
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:03:04
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5324
|
Target ID: |
177
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:05
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
4348
|
Target ID: |
178
|
Parent PID: |
5324
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:03:05
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5076
|
Target ID: |
179
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:05
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5844
|
Target ID: |
180
|
Parent PID: |
5076
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:03:05
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5436
|
Target ID: |
181
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:05
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3852
|
Target ID: |
182
|
Parent PID: |
5436
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:03:05
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5672
|
Target ID: |
183
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:05
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3128
|
Target ID: |
184
|
Parent PID: |
5672
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:03:05
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5812
|
Target ID: |
185
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:05
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3384
|
Target ID: |
186
|
Parent PID: |
5812
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:03:05
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
1640
|
Target ID: |
187
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:05
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
1284
|
Target ID: |
188
|
Parent PID: |
1640
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:03:05
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
4048
|
Target ID: |
189
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:06
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
4124
|
Target ID: |
190
|
Parent PID: |
4048
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:03:06
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6596
|
Target ID: |
191
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:06
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
1848
|
Target ID: |
192
|
Parent PID: |
6596
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:03:06
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6176
|
Target ID: |
193
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:06
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6180
|
Target ID: |
194
|
Parent PID: |
6176
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:03:06
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
1988
|
Target ID: |
195
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:06
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6260
|
Target ID: |
196
|
Parent PID: |
1988
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:03:06
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6312
|
Target ID: |
197
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:06
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6408
|
Target ID: |
198
|
Parent PID: |
6312
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:03:06
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3632
|
Target ID: |
199
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:06
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6536
|
Target ID: |
200
|
Parent PID: |
3632
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:03:06
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6968
|
Target ID: |
201
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:06
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6580
|
Target ID: |
202
|
Parent PID: |
6968
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:03:06
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6560
|
Target ID: |
203
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:07
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6656
|
Target ID: |
204
|
Parent PID: |
6560
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:03:07
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6744
|
Target ID: |
205
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:07
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6816
|
Target ID: |
206
|
Parent PID: |
6744
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:03:07
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6832
|
Target ID: |
207
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:07
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6788
|
Target ID: |
208
|
Parent PID: |
6832
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:03:07
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6888
|
Target ID: |
209
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:07
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6996
|
Target ID: |
210
|
Parent PID: |
6888
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:03:07
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7120
|
Target ID: |
211
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:07
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7160
|
Target ID: |
212
|
Parent PID: |
7120
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:03:07
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3176
|
Target ID: |
213
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:07
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
1784
|
Target ID: |
214
|
Parent PID: |
3176
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:03:07
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2104
|
Target ID: |
215
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:07
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3736
|
Target ID: |
216
|
Parent PID: |
2104
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:03:07
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2668
|
Target ID: |
217
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:07
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6072
|
Target ID: |
218
|
Parent PID: |
2668
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:03:07
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5756
|
Target ID: |
219
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:07
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2088
|
Target ID: |
220
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:08
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2648
|
Target ID: |
221
|
Parent PID: |
5756
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:03:08
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
1892
|
Target ID: |
222
|
Parent PID: |
2088
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:03:08
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3588
|
Target ID: |
223
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:08
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5496
|
Target ID: |
224
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:08
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3156
|
Target ID: |
225
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:08
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2996
|
Target ID: |
226
|
Parent PID: |
3156
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:03:08
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
888
|
Target ID: |
227
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:08
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5292
|
Target ID: |
228
|
Parent PID: |
888
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:03:08
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2368
|
Target ID: |
229
|
Parent PID: |
3588
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:03:08
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2568
|
Target ID: |
230
|
Parent PID: |
5496
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:03:08
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
4080
|
Target ID: |
231
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:08
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2792
|
Target ID: |
232
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:08
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
4476
|
Target ID: |
233
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:08
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5300
|
Target ID: |
234
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:08
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2476
|
Target ID: |
235
|
Parent PID: |
5300
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:03:08
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6020
|
Target ID: |
236
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:08
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3888
|
Target ID: |
237
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:08
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3808
|
Target ID: |
238
|
Parent PID: |
3888
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:03:08
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
1004
|
Target ID: |
239
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:09
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
4336
|
Target ID: |
240
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:09
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6348
|
Target ID: |
241
|
Parent PID: |
2792
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:03:09
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6516
|
Target ID: |
242
|
Parent PID: |
4080
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:03:09
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3812
|
Target ID: |
243
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:09
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5124
|
Target ID: |
244
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:09
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
4128
|
Target ID: |
245
|
Parent PID: |
4476
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:03:09
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
4852
|
Target ID: |
246
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:09
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2084
|
Target ID: |
247
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:09
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6204
|
Target ID: |
248
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:09
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
4588
|
Target ID: |
249
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:09
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6480
|
Target ID: |
250
|
Parent PID: |
6020
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:03:09
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3412
|
Target ID: |
251
|
Parent PID: |
2084
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:03:09
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
4040
|
Target ID: |
252
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:09
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6424
|
Target ID: |
253
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:09
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3652
|
Target ID: |
254
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:09
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
4348
|
Target ID: |
255
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:09
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
1748
|
Target ID: |
256
|
Parent PID: |
3652
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:03:09
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
1012
|
Target ID: |
257
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:09
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5460
|
Target ID: |
258
|
Parent PID: |
4336
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:03:09
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3320
|
Target ID: |
259
|
Parent PID: |
4348
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:03:09
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
1856
|
Target ID: |
260
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:09
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2200
|
Target ID: |
261
|
Parent PID: |
3812
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:03:09
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3852
|
Target ID: |
262
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:09
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2924
|
Target ID: |
263
|
Parent PID: |
5124
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:03:10
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5672
|
Target ID: |
264
|
Parent PID: |
1012
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:03:10
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2848
|
Target ID: |
265
|
Parent PID: |
1856
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:03:10
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3492
|
Target ID: |
266
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:10
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3384
|
Target ID: |
267
|
Parent PID: |
1004
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:03:10
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3272
|
Target ID: |
268
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:10
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2180
|
Target ID: |
269
|
Parent PID: |
3492
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:03:10
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5500
|
Target ID: |
270
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:10
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6160
|
Target ID: |
271
|
Parent PID: |
4852
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:03:10
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2004
|
Target ID: |
272
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:10
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
4428
|
Target ID: |
273
|
Parent PID: |
3272
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:03:10
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6352
|
Target ID: |
274
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:10
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6180
|
Target ID: |
275
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:10
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
884
|
Target ID: |
276
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:10
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
1988
|
Target ID: |
277
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:10
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6164
|
Target ID: |
278
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:10
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6176
|
Target ID: |
279
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:10
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6244
|
Target ID: |
280
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:10
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6564
|
Target ID: |
281
|
Parent PID: |
6204
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:03:11
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6372
|
Target ID: |
282
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:11
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6472
|
Target ID: |
283
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:11
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6688
|
Target ID: |
284
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:11
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6772
|
Target ID: |
285
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:11
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6760
|
Target ID: |
286
|
Parent PID: |
4588
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:03:11
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
1068
|
Target ID: |
287
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:11
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6968
|
Target ID: |
288
|
Parent PID: |
6688
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:03:11
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3496
|
Target ID: |
289
|
Parent PID: |
4040
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:03:11
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
1060
|
Target ID: |
290
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:11
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6828
|
Target ID: |
291
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:11
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6864
|
Target ID: |
292
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:11
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6152
|
Target ID: |
293
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:11
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7076
|
Target ID: |
294
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:11
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7016
|
Target ID: |
295
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:11
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6996
|
Target ID: |
296
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:11
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6832
|
Target ID: |
297
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:11
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
1716
|
Target ID: |
298
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:11
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6812
|
Target ID: |
299
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:11
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7036
|
Target ID: |
300
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:11
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5040
|
Target ID: |
301
|
Parent PID: |
6424
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:03:12
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff71e800000
|
Modulesize: |
114688
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2844
|
Target ID: |
302
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:12
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5848
|
Target ID: |
303
|
Parent PID: |
1068
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:03:12
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2828
|
Target ID: |
304
|
Parent PID: |
1716
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:03:12
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
4904
|
Target ID: |
305
|
Parent PID: |
3852
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:03:12
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2088
|
Target ID: |
306
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:12
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5696
|
Target ID: |
307
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:12
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
4268
|
Target ID: |
308
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:12
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3336
|
Target ID: |
309
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:12
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
340
|
Target ID: |
310
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:12
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
1272
|
Target ID: |
311
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:12
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5800
|
Target ID: |
312
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:12
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3236
|
Target ID: |
313
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:12
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2364
|
Target ID: |
314
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:12
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2368
|
Target ID: |
315
|
Parent PID: |
4268
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:03:12
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5924
|
Target ID: |
316
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:12
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5080
|
Target ID: |
317
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:12
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3732
|
Target ID: |
318
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:12
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3704
|
Target ID: |
319
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:12
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5000
|
Target ID: |
320
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:12
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7180
|
Target ID: |
321
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:12
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7196
|
Target ID: |
322
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:12
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7208
|
Target ID: |
323
|
Parent PID: |
5924
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:03:12
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7216
|
Target ID: |
324
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:12
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7714f0000
|
Modulesize: |
163840
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7248
|
Target ID: |
325
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:12
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7264
|
Target ID: |
326
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:12
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7272
|
Target ID: |
327
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:12
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7280
|
Target ID: |
328
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:12
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7296
|
Target ID: |
329
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:12
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7328
|
Target ID: |
330
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:12
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7336
|
Target ID: |
331
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:12
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7352
|
Target ID: |
332
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:12
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7380
|
Target ID: |
333
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:12
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7388
|
Target ID: |
334
|
Parent PID: |
7280
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:03:13
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7396
|
Target ID: |
335
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:13
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7432
|
Target ID: |
336
|
Parent PID: |
6372
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:03:13
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7440
|
Target ID: |
337
|
Parent PID: |
884
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:03:13
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7476
|
Target ID: |
338
|
Parent PID: |
7272
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:03:13
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7484
|
Target ID: |
339
|
Parent PID: |
7380
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:03:13
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7512
|
Target ID: |
340
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:13
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7528
|
Target ID: |
341
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:13
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7540
|
Target ID: |
342
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:13
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7564
|
Target ID: |
343
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:13
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7580
|
Target ID: |
344
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:13
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0xe50000
|
Modulesize: |
155648
|
Wow64: |
true
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7588
|
Target ID: |
345
|
Parent PID: |
6352
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:03:13
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7596
|
Target ID: |
346
|
Parent PID: |
2004
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:03:13
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7612
|
Target ID: |
347
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:13
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7624
|
Target ID: |
348
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:13
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7632
|
Target ID: |
349
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:13
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7640
|
Target ID: |
350
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:13
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7648
|
Target ID: |
351
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:13
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7656
|
Target ID: |
352
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:13
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7672
|
Target ID: |
353
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:13
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7696
|
Target ID: |
354
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:13
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7720
|
Target ID: |
355
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:13
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7736
|
Target ID: |
356
|
Parent PID: |
5500
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:03:13
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff6eef20000
|
Modulesize: |
65536
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7744
|
Target ID: |
357
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:13
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7752
|
Target ID: |
358
|
Parent PID: |
6176
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:03:13
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7760
|
Target ID: |
359
|
Parent PID: |
6180
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:03:13
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7788
|
Target ID: |
360
|
Parent PID: |
7612
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:03:13
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7868
|
Target ID: |
361
|
Parent PID: |
1988
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:03:13
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7876
|
Target ID: |
362
|
Parent PID: |
6164
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:03:13
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7884
|
Target ID: |
363
|
Parent PID: |
6772
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:03:13
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7900
|
Target ID: |
364
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:13
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff6eef20000
|
Modulesize: |
65536
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7916
|
Target ID: |
365
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:13
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7924
|
Target ID: |
366
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:13
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7964
|
Target ID: |
367
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:13
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7972
|
Target ID: |
368
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:13
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7988
|
Target ID: |
369
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:13
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
8004
|
Target ID: |
370
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:13
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
8012
|
Target ID: |
371
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:13
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
8024
|
Target ID: |
372
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:13
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
8044
|
Target ID: |
373
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:13
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
8052
|
Target ID: |
374
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:13
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
8060
|
Target ID: |
375
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:13
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
8080
|
Target ID: |
376
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:13
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
8100
|
Target ID: |
377
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:14
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
8112
|
Target ID: |
378
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:14
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
8140
|
Target ID: |
379
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:14
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
8148
|
Target ID: |
380
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:14
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
8156
|
Target ID: |
381
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:14
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
8164
|
Target ID: |
382
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:14
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
8176
|
Target ID: |
383
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:14
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
8184
|
Target ID: |
384
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:14
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
8204
|
Target ID: |
385
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:14
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
8216
|
Target ID: |
386
|
Parent PID: |
7988
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:03:14
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
8224
|
Target ID: |
387
|
Parent PID: |
8012
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:03:14
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
8248
|
Target ID: |
388
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:14
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
8256
|
Target ID: |
389
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:14
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
8276
|
Target ID: |
390
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:14
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
8284
|
Target ID: |
391
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:14
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
8296
|
Target ID: |
392
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:14
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
8312
|
Target ID: |
393
|
Parent PID: |
6244
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:03:14
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
8320
|
Target ID: |
394
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:14
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
8352
|
Target ID: |
395
|
Parent PID: |
6832
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:03:14
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
8360
|
Target ID: |
396
|
Parent PID: |
6812
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:03:14
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
8376
|
Target ID: |
397
|
Parent PID: |
7016
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:03:14
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
8392
|
Target ID: |
398
|
Parent PID: |
7076
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:03:14
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
8368
|
Target ID: |
399
|
Parent PID: |
6828
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:03:14
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
8384
|
Target ID: |
400
|
Parent PID: |
6996
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:03:14
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
8400
|
Target ID: |
401
|
Parent PID: |
6864
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:03:14
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
8424
|
Target ID: |
402
|
Parent PID: |
8256
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:03:14
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
8440
|
Target ID: |
403
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:14
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
8468
|
Target ID: |
404
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:14
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
8480
|
Target ID: |
405
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:14
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
8488
|
Target ID: |
406
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:14
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
8500
|
Target ID: |
407
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:14
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
8512
|
Target ID: |
408
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:14
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff68cef0000
|
Modulesize: |
28672
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
8528
|
Target ID: |
409
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:14
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
8540
|
Target ID: |
410
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:14
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
8548
|
Target ID: |
411
|
Parent PID: |
7624
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:03:14
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
8564
|
Target ID: |
412
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:14
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
8556
|
Target ID: |
413
|
Parent PID: |
6472
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:03:14
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
8572
|
Target ID: |
414
|
Parent PID: |
1060
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:03:14
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
8616
|
Target ID: |
415
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:14
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
8672
|
Target ID: |
416
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:14
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
8684
|
Target ID: |
417
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:14
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
8704
|
Target ID: |
418
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:14
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
8732
|
Target ID: |
419
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:14
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
8740
|
Target ID: |
420
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:14
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
8768
|
Target ID: |
421
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:14
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
8792
|
Target ID: |
422
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:14
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
8800
|
Target ID: |
423
|
Parent PID: |
8004
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:03:15
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
8828
|
Target ID: |
424
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:15
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
8900
|
Target ID: |
425
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:15
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
8908
|
Target ID: |
426
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:15
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
8916
|
Target ID: |
427
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:15
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
8924
|
Target ID: |
428
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:15
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
8932
|
Target ID: |
429
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:15
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
8940
|
Target ID: |
430
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:15
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
8960
|
Target ID: |
431
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:15
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
9012
|
Target ID: |
432
|
Parent PID: |
7248
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:03:15
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
9084
|
Target ID: |
433
|
Parent PID: |
3336
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:03:15
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
9092
|
Target ID: |
434
|
Parent PID: |
1272
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:03:15
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
9116
|
Target ID: |
435
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:15
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
9164
|
Target ID: |
436
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:15
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
9188
|
Target ID: |
437
|
Parent PID: |
7528
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:03:15
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
9196
|
Target ID: |
438
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:15
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
9204
|
Target ID: |
439
|
Parent PID: |
6152
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:03:15
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
9212
|
Target ID: |
440
|
Parent PID: |
7036
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:03:15
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
9248
|
Target ID: |
441
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:15
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
9324
|
Target ID: |
442
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:15
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
9372
|
Target ID: |
443
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:15
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
9440
|
Target ID: |
444
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:15
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
9448
|
Target ID: |
445
|
Parent PID: |
2364
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:03:16
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
9456
|
Target ID: |
446
|
Parent PID: |
8204
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:03:16
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
9464
|
Target ID: |
447
|
Parent PID: |
8148
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:03:16
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
9472
|
Target ID: |
448
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:16
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
9548
|
Target ID: |
449
|
Parent PID: |
5800
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:03:16
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
9556
|
Target ID: |
450
|
Parent PID: |
2088
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:03:16
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
9564
|
Target ID: |
451
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:16
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
9576
|
Target ID: |
452
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:16
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
9584
|
Target ID: |
453
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:16
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
9592
|
Target ID: |
454
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:16
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
9600
|
Target ID: |
455
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:16
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
9608
|
Target ID: |
456
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:16
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
9624
|
Target ID: |
457
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:16
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
9636
|
Target ID: |
458
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:16
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
9668
|
Target ID: |
459
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:16
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
9684
|
Target ID: |
460
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:16
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
9692
|
Target ID: |
461
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:16
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
9700
|
Target ID: |
462
|
Parent PID: |
2844
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:03:16
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
9708
|
Target ID: |
463
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:16
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
9720
|
Target ID: |
464
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:16
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
9736
|
Target ID: |
465
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:16
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
9744
|
Target ID: |
466
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:16
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
9752
|
Target ID: |
467
|
Parent PID: |
7540
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:03:16
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
9760
|
Target ID: |
468
|
Parent PID: |
7564
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:03:16
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
9820
|
Target ID: |
469
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:16
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
9828
|
Target ID: |
470
|
Parent PID: |
340
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:03:16
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
9836
|
Target ID: |
471
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:16
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
9848
|
Target ID: |
472
|
Parent PID: |
5696
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:03:16
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
9856
|
Target ID: |
473
|
Parent PID: |
7640
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:03:16
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
9880
|
Target ID: |
474
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:17
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
9928
|
Target ID: |
475
|
Parent PID: |
3236
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:03:17
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
9920
|
Target ID: |
476
|
Parent PID: |
3732
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:03:17
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
9936
|
Target ID: |
477
|
Parent PID: |
3704
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:03:17
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
9944
|
Target ID: |
478
|
Parent PID: |
5000
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:03:17
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
9952
|
Target ID: |
479
|
Parent PID: |
7180
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:03:17
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
9960
|
Target ID: |
480
|
Parent PID: |
7336
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:03:17
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
9968
|
Target ID: |
481
|
Parent PID: |
7352
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:03:17
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
9976
|
Target ID: |
482
|
Parent PID: |
7264
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:03:17
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
10004
|
Target ID: |
483
|
Parent PID: |
5080
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:03:17
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
10012
|
Target ID: |
484
|
Parent PID: |
8672
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:03:17
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f74b0000
|
Modulesize: |
430080
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
10020
|
Target ID: |
485
|
Parent PID: |
8684
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:03:17
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
10028
|
Target ID: |
486
|
Parent PID: |
8564
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:03:17
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
10036
|
Target ID: |
487
|
Parent PID: |
8732
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:03:17
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
10044
|
Target ID: |
488
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:17
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
10092
|
Target ID: |
489
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:17
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
10104
|
Target ID: |
490
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:17
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
10128
|
Target ID: |
491
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:17
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
10144
|
Target ID: |
492
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:17
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff68cef0000
|
Modulesize: |
28672
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
10192
|
Target ID: |
493
|
Parent PID: |
7216
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:03:17
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
10200
|
Target ID: |
494
|
Parent PID: |
7196
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:03:17
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
10208
|
Target ID: |
495
|
Parent PID: |
7296
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:03:17
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
10216
|
Target ID: |
496
|
Parent PID: |
7328
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:03:17
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
10224
|
Target ID: |
497
|
Parent PID: |
7972
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:03:17
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
10232
|
Target ID: |
498
|
Parent PID: |
8184
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:03:17
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6568
|
Target ID: |
499
|
Parent PID: |
8248
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:03:17
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6268
|
Target ID: |
500
|
Parent PID: |
8100
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:03:17
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
1344
|
Target ID: |
501
|
Parent PID: |
8112
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:03:17
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
10296
|
Target ID: |
502
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:17
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
10340
|
Target ID: |
503
|
Parent PID: |
7648
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:03:17
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
10356
|
Target ID: |
504
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:17
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
10376
|
Target ID: |
505
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:17
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
10392
|
Target ID: |
506
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:17
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
10400
|
Target ID: |
507
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:17
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
10408
|
Target ID: |
508
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:17
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
10416
|
Target ID: |
509
|
Parent PID: |
7720
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:03:17
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
10424
|
Target ID: |
510
|
Parent PID: |
7512
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:03:17
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
10432
|
Target ID: |
511
|
Parent PID: |
7580
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:03:17
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
10440
|
Target ID: |
512
|
Parent PID: |
8080
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:03:17
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
10448
|
Target ID: |
513
|
Parent PID: |
8176
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:03:17
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
10456
|
Target ID: |
514
|
Parent PID: |
8768
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:03:17
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
10464
|
Target ID: |
515
|
Parent PID: |
8052
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:03:17
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
10472
|
Target ID: |
516
|
Parent PID: |
8284
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:03:17
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
10480
|
Target ID: |
517
|
Parent PID: |
8512
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:03:17
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
10488
|
Target ID: |
518
|
Parent PID: |
8528
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:03:17
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
10496
|
Target ID: |
519
|
Parent PID: |
8440
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:03:17
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
10532
|
Target ID: |
520
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:17
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
10576
|
Target ID: |
521
|
Parent PID: |
7656
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:03:18
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
10584
|
Target ID: |
522
|
Parent PID: |
7672
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:03:18
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
10592
|
Target ID: |
523
|
Parent PID: |
7696
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:03:18
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
10600
|
Target ID: |
524
|
Parent PID: |
7396
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:03:18
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
10608
|
Target ID: |
525
|
Parent PID: |
8156
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:03:18
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
10616
|
Target ID: |
526
|
Parent PID: |
8024
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:03:18
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
10640
|
Target ID: |
527
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:18
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
10720
|
Target ID: |
528
|
Parent PID: |
8164
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:03:18
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
10728
|
Target ID: |
529
|
Parent PID: |
8140
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:03:18
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
10736
|
Target ID: |
530
|
Parent PID: |
7900
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:03:18
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
10744
|
Target ID: |
531
|
Parent PID: |
7916
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:03:18
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
10752
|
Target ID: |
532
|
Parent PID: |
7924
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:03:18
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
10760
|
Target ID: |
533
|
Parent PID: |
7632
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:03:18
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
10780
|
Target ID: |
534
|
Parent PID: |
8828
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:03:18
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
10788
|
Target ID: |
535
|
Parent PID: |
8924
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:03:18
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\taskkill.exe
|
taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
10824
|
Target ID: |
536
|
Parent PID: |
10640
|
Name: |
taskkill.exe
|
Path: |
C:\Windows\System32\taskkill.exe
|
Commandline: |
taskkill /f /im mmc.exe /t
|
Size: |
101376
|
MD5: |
A599D3B2FAFBDE4C1A6D7D0F839451C7
|
Time: |
04:03:18
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f4910000
|
Modulesize: |
118784
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Excessive usage of taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Uses taskkill to terminate processes |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c taskkill /f /im mmc.exe /t
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
10832
|
Target ID: |
537
|
Parent PID: |
6264
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd.exe /c taskkill /f /im mmc.exe /t
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
04:03:18
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7fd420000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Too many similar processes found |
DDoS |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6220
|
Target ID: |
1
|
Parent PID: |
6264
|
Name: |
conhost.exe
|
Path: |
C:\Windows\System32\conhost.exe
|
Commandline: |
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
Size: |
862208
|
MD5: |
0D698AF330FD17BEE3BF90011D49251D
|
Time: |
04:02:04
|
Date: |
06/10/2024
|
Reason: |
newprocess
|
Reputation: |
high
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7699e0000
|
Modulesize: |
892928
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Spawns processes |
System Summary |
|
|