balaclava | 5d38ebafe05f6b9a2a94dd107bdda796b33563865ca6a1b9e562bcea63526a8e

General

Target

5d38ebafe05f6b9a2a94dd107bdda796b33563865ca6a1b9e562bcea63526a8e.exe
Size

70KB
MD5

fa7bc80be251a4ab8f68be18149b50f1
SHA1

eeed35174700516ad6d500b7976d3ff86582579c
SHA256

5d38ebafe05f6b9a2a94dd107bdda796b33563865ca6a1b9e562bcea63526a8e
SHA512

e1828e9e20cbb9fd06d2addf446b957ccce96739adb286bc57c68f0b23269ec1ac27b7e0e14d96718b405834d117e56db9cd1c8bcc739b8d650f58e5b74e4ee9

Score

10^/10

balaclava ransomware

Malware Config

Signatures

Balaclava Malware
Balaclava malware is a ransomware program.
ransomware balaclava

Drops desktop.ini file(s) 3 IoCs

Processes:

5d38ebafe05f6b9a2a94dd107bdda796b33563865ca6a1b9e562bcea63526a8e.exe

description	ioc	process
File opened for modification	C:\Program Files\desktop.ini	5d38ebafe05f6b9a2a94dd107bdda796b33563865ca6a1b9e562bcea63526a8e.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\DESKTOP.INI	5d38ebafe05f6b9a2a94dd107bdda796b33563865ca6a1b9e562bcea63526a8e.exe
File opened for modification	C:\$Recycle.Bin\S-1-5-21-1346565761-3498240568-4147300184-1000\desktop.ini	5d38ebafe05f6b9a2a94dd107bdda796b33563865ca6a1b9e562bcea63526a8e.exe

Enumerates connected drives 3 TTPs 1 IoCs
Attempts to read the root path of hard drives other than the default C: drive.

Query Registry
T1012

Peripheral Device Discovery
T1120

System Information Discovery
T1082

Processes:

5d38ebafe05f6b9a2a94dd107bdda796b33563865ca6a1b9e562bcea63526a8e.exe

description ioc process

File opened (read-only) \??\A: 5d38ebafe05f6b9a2a94dd107bdda796b33563865ca6a1b9e562bcea63526a8e.exe

description	ioc	process
File opened (read-only)	\??\A:	5d38ebafe05f6b9a2a94dd107bdda796b33563865ca6a1b9e562bcea63526a8e.exe

Drops file in Program Files directory 64 IoCs

Processes:

5d38ebafe05f6b9a2a94dd107bdda796b33563865ca6a1b9e562bcea63526a8e.exe

description	ioc	process
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.p2.touchpoint.eclipse_2.1.200.v20140512-1650.jar	5d38ebafe05f6b9a2a94dd107bdda796b33563865ca6a1b9e562bcea63526a8e.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_3.6.73.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\Square71x71Logo.scale-100.png	5d38ebafe05f6b9a2a94dd107bdda796b33563865ca6a1b9e562bcea63526a8e.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteNotebookLargeTile.scale-400.png	5d38ebafe05f6b9a2a94dd107bdda796b33563865ca6a1b9e562bcea63526a8e.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vreg\officemuiset.msi.16.en-us.vreg.dat	5d38ebafe05f6b9a2a94dd107bdda796b33563865ca6a1b9e562bcea63526a8e.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_x64__8wekyb3d8bbwe\Win10\MicrosoftSolitaireAppList.targetsize-32_altform-unplated.png	5d38ebafe05f6b9a2a94dd107bdda796b33563865ca6a1b9e562bcea63526a8e.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\Assets\Images\SkypeAppList.targetsize-32_altform-unplated.png	5d38ebafe05f6b9a2a94dd107bdda796b33563865ca6a1b9e562bcea63526a8e.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\resources\strings\LocalizedStrings_pl.json	5d38ebafe05f6b9a2a94dd107bdda796b33563865ca6a1b9e562bcea63526a8e.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\OutlookVL_MAK-ul-phn.xrm-ms	5d38ebafe05f6b9a2a94dd107bdda796b33563865ca6a1b9e562bcea63526a8e.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\ms-MY\View3d\3DViewerProductDescription-universal.xml	5d38ebafe05f6b9a2a94dd107bdda796b33563865ca6a1b9e562bcea63526a8e.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_3.6.73.0_x64__8wekyb3d8bbwe\Assets\SplashScreen.scale-200.png	5d38ebafe05f6b9a2a94dd107bdda796b33563865ca6a1b9e562bcea63526a8e.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-black\SplashScreen.scale-125_contrast-black.png	5d38ebafe05f6b9a2a94dd107bdda796b33563865ca6a1b9e562bcea63526a8e.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\bg6.jpg	5d38ebafe05f6b9a2a94dd107bdda796b33563865ca6a1b9e562bcea63526a8e.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\EmptyCalendarSearch-Dark.scale-150.png	5d38ebafe05f6b9a2a94dd107bdda796b33563865ca6a1b9e562bcea63526a8e.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\HOW_TO_RECOVERY_FILES.txt	5d38ebafe05f6b9a2a94dd107bdda796b33563865ca6a1b9e562bcea63526a8e.exe
File created	C:\Program Files\VideoLAN\VLC\locale\vi\LC_MESSAGES\HOW_TO_RECOVERY_FILES.txt	5d38ebafe05f6b9a2a94dd107bdda796b33563865ca6a1b9e562bcea63526a8e.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe\Assets\Store\SmallTile.scale-150.png	5d38ebafe05f6b9a2a94dd107bdda796b33563865ca6a1b9e562bcea63526a8e.exe
File created	C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_3.6.73.0_x64__8wekyb3d8bbwe\Assets\HOW_TO_RECOVERY_FILES.txt	5d38ebafe05f6b9a2a94dd107bdda796b33563865ca6a1b9e562bcea63526a8e.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Dial\ZviewOverlay.png	5d38ebafe05f6b9a2a94dd107bdda796b33563865ca6a1b9e562bcea63526a8e.exe
File opened for modification	C:\Program Files\WindowsPowerShell\Modules\Pester\3.4.0\Functions\Context.Tests.ps1	5d38ebafe05f6b9a2a94dd107bdda796b33563865ca6a1b9e562bcea63526a8e.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\jre\bin\ssv.dll	5d38ebafe05f6b9a2a94dd107bdda796b33563865ca6a1b9e562bcea63526a8e.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\JMC.profile\1423496926306.profile.gz	5d38ebafe05f6b9a2a94dd107bdda796b33563865ca6a1b9e562bcea63526a8e.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.p2.operations.nl_ja_4.4.0.v20140623020002.jar	5d38ebafe05f6b9a2a94dd107bdda796b33563865ca6a1b9e562bcea63526a8e.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL048.XML	5d38ebafe05f6b9a2a94dd107bdda796b33563865ca6a1b9e562bcea63526a8e.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxA-Advanced-Dark.scale-200.png	5d38ebafe05f6b9a2a94dd107bdda796b33563865ca6a1b9e562bcea63526a8e.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Work\HOW_TO_RECOVERY_FILES.txt	5d38ebafe05f6b9a2a94dd107bdda796b33563865ca6a1b9e562bcea63526a8e.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\contrast-black\Logo.scale-100_contrast-black.png	5d38ebafe05f6b9a2a94dd107bdda796b33563865ca6a1b9e562bcea63526a8e.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\System\vccorlib140.dll	5d38ebafe05f6b9a2a94dd107bdda796b33563865ca6a1b9e562bcea63526a8e.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\WideTile.scale-100.png	5d38ebafe05f6b9a2a94dd107bdda796b33563865ca6a1b9e562bcea63526a8e.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\Assets\FileAssociation\FileAssociation.targetsize-20.png	5d38ebafe05f6b9a2a94dd107bdda796b33563865ca6a1b9e562bcea63526a8e.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-black\MedTile.scale-200_contrast-black.png	5d38ebafe05f6b9a2a94dd107bdda796b33563865ca6a1b9e562bcea63526a8e.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxMailWideTile.scale-200.png	5d38ebafe05f6b9a2a94dd107bdda796b33563865ca6a1b9e562bcea63526a8e.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\HOW_TO_RECOVERY_FILES.txt	5d38ebafe05f6b9a2a94dd107bdda796b33563865ca6a1b9e562bcea63526a8e.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentVNextR_Grace-ul-oob.xrm-ms	5d38ebafe05f6b9a2a94dd107bdda796b33563865ca6a1b9e562bcea63526a8e.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Square44x44Logo.targetsize-36.png	5d38ebafe05f6b9a2a94dd107bdda796b33563865ca6a1b9e562bcea63526a8e.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.ui.intro.nl_ja_4.4.0.v20140623020002.jar	5d38ebafe05f6b9a2a94dd107bdda796b33563865ca6a1b9e562bcea63526a8e.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Red Orange.xml	5d38ebafe05f6b9a2a94dd107bdda796b33563865ca6a1b9e562bcea63526a8e.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\sqmapi.dll	5d38ebafe05f6b9a2a94dd107bdda796b33563865ca6a1b9e562bcea63526a8e.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.ZuneVideo_10.19071.19011.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-black\Logo.scale-125_contrast-black.png	5d38ebafe05f6b9a2a94dd107bdda796b33563865ca6a1b9e562bcea63526a8e.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsMedTile.contrast-black_scale-200.png	5d38ebafe05f6b9a2a94dd107bdda796b33563865ca6a1b9e562bcea63526a8e.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\config\Modules\org-openide-loaders.xml	5d38ebafe05f6b9a2a94dd107bdda796b33563865ca6a1b9e562bcea63526a8e.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\DESIGNER\MSADDNDR.OLB	5d38ebafe05f6b9a2a94dd107bdda796b33563865ca6a1b9e562bcea63526a8e.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\jscripts\wefgallerywinrt.js	5d38ebafe05f6b9a2a94dd107bdda796b33563865ca6a1b9e562bcea63526a8e.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe	5d38ebafe05f6b9a2a94dd107bdda796b33563865ca6a1b9e562bcea63526a8e.exe
File created	C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_neutral_~_8wekyb3d8bbwe\microsoft.system.package.metadata\HOW_TO_RECOVERY_FILES.txt	5d38ebafe05f6b9a2a94dd107bdda796b33563865ca6a1b9e562bcea63526a8e.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\lt-LT\HOW_TO_RECOVERY_FILES.txt	5d38ebafe05f6b9a2a94dd107bdda796b33563865ca6a1b9e562bcea63526a8e.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxA-GoogleCloudCache.scale-100.png	5d38ebafe05f6b9a2a94dd107bdda796b33563865ca6a1b9e562bcea63526a8e.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\modules\org-netbeans-modules-profiler.jar	5d38ebafe05f6b9a2a94dd107bdda796b33563865ca6a1b9e562bcea63526a8e.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-16_altform-unplated_contrast-black.png	5d38ebafe05f6b9a2a94dd107bdda796b33563865ca6a1b9e562bcea63526a8e.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\StoreLargeTile.scale-200.png	5d38ebafe05f6b9a2a94dd107bdda796b33563865ca6a1b9e562bcea63526a8e.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\HOW_TO_RECOVERY_FILES.txt	5d38ebafe05f6b9a2a94dd107bdda796b33563865ca6a1b9e562bcea63526a8e.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubAppList.targetsize-96_altform-unplated_devicefamily-colorfulunplated.png	5d38ebafe05f6b9a2a94dd107bdda796b33563865ca6a1b9e562bcea63526a8e.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.XboxIdentityProvider_12.50.6001.0_neutral_~_8wekyb3d8bbwe\AppxMetadata\AppxBundleManifest.xml	5d38ebafe05f6b9a2a94dd107bdda796b33563865ca6a1b9e562bcea63526a8e.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-36_altform-lightunplated.png	5d38ebafe05f6b9a2a94dd107bdda796b33563865ca6a1b9e562bcea63526a8e.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.XboxApp_48.49.31001.0_neutral_split.scale-125_8wekyb3d8bbwe\microsoft.system.package.metadata\HOW_TO_RECOVERY_FILES.txt	5d38ebafe05f6b9a2a94dd107bdda796b33563865ca6a1b9e562bcea63526a8e.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Images\thumb_stats_render_smallest.png	5d38ebafe05f6b9a2a94dd107bdda796b33563865ca6a1b9e562bcea63526a8e.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\Assets\ScreenSketchSquare44x44Logo.targetsize-96_altform-lightunplated.png	5d38ebafe05f6b9a2a94dd107bdda796b33563865ca6a1b9e562bcea63526a8e.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxMailBadge.scale-125.png	5d38ebafe05f6b9a2a94dd107bdda796b33563865ca6a1b9e562bcea63526a8e.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\AppxMetadata\CodeIntegrity.cat	5d38ebafe05f6b9a2a94dd107bdda796b33563865ca6a1b9e562bcea63526a8e.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\AppIcon.targetsize-96_altform-lightunplated.png	5d38ebafe05f6b9a2a94dd107bdda796b33563865ca6a1b9e562bcea63526a8e.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-openide-io_ja.jar	5d38ebafe05f6b9a2a94dd107bdda796b33563865ca6a1b9e562bcea63526a8e.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.MixedReality.Portal_2000.19081.1301.0_neutral_split.scale-125_8wekyb3d8bbwe\microsoft.system.package.metadata\HOW_TO_RECOVERY_FILES.txt	5d38ebafe05f6b9a2a94dd107bdda796b33563865ca6a1b9e562bcea63526a8e.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Square44x44Logo.scale-200.png	5d38ebafe05f6b9a2a94dd107bdda796b33563865ca6a1b9e562bcea63526a8e.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\MediaInkTransportControls.xbf	5d38ebafe05f6b9a2a94dd107bdda796b33563865ca6a1b9e562bcea63526a8e.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-core_zh_CN.jar	5d38ebafe05f6b9a2a94dd107bdda796b33563865ca6a1b9e562bcea63526a8e.exe

Drops file in Windows directory 6 IoCs

Processes:

svchost.exe

description	ioc	process
File opened for modification	C:\Windows\WindowsUpdate.log	svchost.exe
File opened for modification	C:\Windows\SoftwareDistribution\DataStore\Logs\edb.chk	svchost.exe
File opened for modification	C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log	svchost.exe
File opened for modification	C:\Windows\SoftwareDistribution\DataStore\DataStore.edb	svchost.exe
File opened for modification	C:\Windows\SoftwareDistribution\DataStore\DataStore.jfm	svchost.exe
File opened for modification	C:\Windows\SoftwareDistribution\ReportingEvents.log	svchost.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

Processes:

svchost.exe

description	pid	process
Token: SeShutdownPrivilege	1748	svchost.exe
Token: SeCreatePagefilePrivilege	1748	svchost.exe
Token: SeShutdownPrivilege	1748	svchost.exe
Token: SeCreatePagefilePrivilege	1748	svchost.exe
Token: SeShutdownPrivilege	1748	svchost.exe
Token: SeCreatePagefilePrivilege	1748	svchost.exe

C:\Users\Admin\AppData\Local\Temp\5d38ebafe05f6b9a2a94dd107bdda796b33563865ca6a1b9e562bcea63526a8e.exe
"C:\Users\Admin\AppData\Local\Temp\5d38ebafe05f6b9a2a94dd107bdda796b33563865ca6a1b9e562bcea63526a8e.exe"
1⤵
- Drops desktop.ini file(s)
- Enumerates connected drives
- Drops file in Program Files directory
PID:4756

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s wuauserv
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
PID:1748

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

Peripheral Device Discovery

1

T1120

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1346565761-3498240568-4147300184-1000\desktop.ini
MD5
a7a2139059f03ffb3402309f35cc2e04

SHA1
8abcbe25488c96c1a5887d5628d57db6e0cedc0d

SHA256
24168f0be075da61de9289152f765bbad9e09b515f54344fb9fddb2b233e9a56

SHA512
ff8dfe2e240b468b6acf493de8daf49346c5f9965daebbc46cfc1b0aaca9c6d3a1acdbe340ff4151dd0a2d0f02a1669c272d05327f274b8de82f3b62474e2eae

Download Submit
memory/1748-131-0x00000244E6F80000-0x00000244E6F90000-memory.dmp

Filesize
64KB

Download
memory/1748-138-0x00000244EA360000-0x00000244EA364000-memory.dmp

Filesize
16KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v6

Replay Monitor

Loading Replay Monitor...

Downloads