hxxps://archive[.]org/details/malware-pack-2

Analysis

max time kernel
80s
max time network
105s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
23-09-2023 21:14

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

https://archive.org/details/malware-pack-2

Score

8^/10

evasion ransomware

Malware Config

Signatures

Disables Task Manager via registry modification
evasion

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\B:	[email protected]
File opened (read-only)	\??\E:	[email protected]
File opened (read-only)	\??\H:	[email protected]
File opened (read-only)	\??\U:	[email protected]
File opened (read-only)	\??\V:	[email protected]
File opened (read-only)	\??\A:	[email protected]
File opened (read-only)	\??\I:	[email protected]
File opened (read-only)	\??\J:	[email protected]
File opened (read-only)	\??\L:	[email protected]
File opened (read-only)	\??\O:	[email protected]
File opened (read-only)	\??\W:	[email protected]
File opened (read-only)	\??\X:	[email protected]
File opened (read-only)	\??\G:	[email protected]
File opened (read-only)	\??\N:	[email protected]
File opened (read-only)	\??\Q:	[email protected]
File opened (read-only)	\??\R:	[email protected]
File opened (read-only)	\??\Z:	[email protected]
File opened (read-only)	\??\K:	[email protected]
File opened (read-only)	\??\M:	[email protected]
File opened (read-only)	\??\P:	[email protected]
File opened (read-only)	\??\S:	[email protected]
File opened (read-only)	\??\T:	[email protected]
File opened (read-only)	\??\Y:	[email protected]

Sets desktop wallpaper using registry 2 TTPs 1 IoCs

ransomware

Defacement

T1491

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\Control Panel\Desktop\Wallpaper	[email protected]

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Kills process with taskkill 2 IoCs

evasion

pid	Process
860	taskkill.exe
4960	taskkill.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133399772977514846"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 3 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1141987721-3945596982-3297311814-1000\{04D7259A-7184-42C2-A5B6-6A0759FFCDCB}	[email protected]
Key created	\REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000_Classes\Local Settings	chrome.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\txtfile\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\icon.ico"	[email protected]

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
756	chrome.exe
756	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
756	chrome.exe
756	chrome.exe
756	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	756	chrome.exe
Token: SeCreatePagefilePrivilege	756	chrome.exe
Token: SeShutdownPrivilege	756	chrome.exe
Token: SeCreatePagefilePrivilege	756	chrome.exe
Token: SeShutdownPrivilege	756	chrome.exe
Token: SeCreatePagefilePrivilege	756	chrome.exe
Token: SeShutdownPrivilege	756	chrome.exe
Token: SeCreatePagefilePrivilege	756	chrome.exe
Token: SeShutdownPrivilege	756	chrome.exe
Token: SeCreatePagefilePrivilege	756	chrome.exe
Token: SeShutdownPrivilege	756	chrome.exe
Token: SeCreatePagefilePrivilege	756	chrome.exe
Token: SeShutdownPrivilege	756	chrome.exe
Token: SeCreatePagefilePrivilege	756	chrome.exe
Token: SeShutdownPrivilege	756	chrome.exe
Token: SeCreatePagefilePrivilege	756	chrome.exe
Token: SeShutdownPrivilege	756	chrome.exe
Token: SeCreatePagefilePrivilege	756	chrome.exe
Token: SeShutdownPrivilege	756	chrome.exe
Token: SeCreatePagefilePrivilege	756	chrome.exe
Token: SeShutdownPrivilege	756	chrome.exe
Token: SeCreatePagefilePrivilege	756	chrome.exe
Token: SeShutdownPrivilege	756	chrome.exe
Token: SeCreatePagefilePrivilege	756	chrome.exe
Token: SeShutdownPrivilege	756	chrome.exe
Token: SeCreatePagefilePrivilege	756	chrome.exe
Token: SeShutdownPrivilege	756	chrome.exe
Token: SeCreatePagefilePrivilege	756	chrome.exe
Token: SeShutdownPrivilege	756	chrome.exe
Token: SeCreatePagefilePrivilege	756	chrome.exe
Token: SeShutdownPrivilege	756	chrome.exe
Token: SeCreatePagefilePrivilege	756	chrome.exe
Token: SeShutdownPrivilege	756	chrome.exe
Token: SeCreatePagefilePrivilege	756	chrome.exe
Token: SeShutdownPrivilege	756	chrome.exe
Token: SeCreatePagefilePrivilege	756	chrome.exe
Token: SeShutdownPrivilege	756	chrome.exe
Token: SeCreatePagefilePrivilege	756	chrome.exe
Token: SeShutdownPrivilege	756	chrome.exe
Token: SeCreatePagefilePrivilege	756	chrome.exe
Token: SeShutdownPrivilege	756	chrome.exe
Token: SeCreatePagefilePrivilege	756	chrome.exe
Token: SeShutdownPrivilege	756	chrome.exe
Token: SeCreatePagefilePrivilege	756	chrome.exe
Token: SeShutdownPrivilege	756	chrome.exe
Token: SeCreatePagefilePrivilege	756	chrome.exe
Token: SeShutdownPrivilege	756	chrome.exe
Token: SeCreatePagefilePrivilege	756	chrome.exe
Token: SeShutdownPrivilege	756	chrome.exe
Token: SeCreatePagefilePrivilege	756	chrome.exe
Token: SeShutdownPrivilege	756	chrome.exe
Token: SeCreatePagefilePrivilege	756	chrome.exe
Token: SeShutdownPrivilege	756	chrome.exe
Token: SeCreatePagefilePrivilege	756	chrome.exe
Token: SeShutdownPrivilege	756	chrome.exe
Token: SeCreatePagefilePrivilege	756	chrome.exe
Token: SeShutdownPrivilege	756	chrome.exe
Token: SeCreatePagefilePrivilege	756	chrome.exe
Token: SeShutdownPrivilege	756	chrome.exe
Token: SeCreatePagefilePrivilege	756	chrome.exe
Token: SeShutdownPrivilege	756	chrome.exe
Token: SeCreatePagefilePrivilege	756	chrome.exe
Token: SeShutdownPrivilege	756	chrome.exe
Token: SeCreatePagefilePrivilege	756	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
756	chrome.exe
756	chrome.exe
756	chrome.exe
756	chrome.exe
756	chrome.exe
756	chrome.exe
756	chrome.exe
756	chrome.exe
756	chrome.exe
756	chrome.exe
756	chrome.exe
756	chrome.exe
756	chrome.exe
756	chrome.exe
756	chrome.exe
756	chrome.exe
756	chrome.exe
756	chrome.exe
756	chrome.exe
756	chrome.exe
756	chrome.exe
756	chrome.exe
756	chrome.exe
756	chrome.exe
756	chrome.exe
756	chrome.exe
756	chrome.exe
756	chrome.exe
756	chrome.exe
756	chrome.exe
756	chrome.exe
756	chrome.exe
756	chrome.exe
756	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
756	chrome.exe
756	chrome.exe
756	chrome.exe
756	chrome.exe
756	chrome.exe
756	chrome.exe
756	chrome.exe
756	chrome.exe
756	chrome.exe
756	chrome.exe
756	chrome.exe
756	chrome.exe
756	chrome.exe
756	chrome.exe
756	chrome.exe
756	chrome.exe
756	chrome.exe
756	chrome.exe
756	chrome.exe
756	chrome.exe
756	chrome.exe
756	chrome.exe
756	chrome.exe
756	chrome.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
3360	[email protected]
3360	[email protected]

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 756 wrote to memory of 3948	756	chrome.exe	75
PID 756 wrote to memory of 3948	756	chrome.exe	75
PID 756 wrote to memory of 4364	756	chrome.exe	85
PID 756 wrote to memory of 4364	756	chrome.exe	85
PID 756 wrote to memory of 4364	756	chrome.exe	85
PID 756 wrote to memory of 4364	756	chrome.exe	85
PID 756 wrote to memory of 4364	756	chrome.exe	85
PID 756 wrote to memory of 4364	756	chrome.exe	85
PID 756 wrote to memory of 4364	756	chrome.exe	85
PID 756 wrote to memory of 4364	756	chrome.exe	85
PID 756 wrote to memory of 4364	756	chrome.exe	85
PID 756 wrote to memory of 4364	756	chrome.exe	85
PID 756 wrote to memory of 4364	756	chrome.exe	85
PID 756 wrote to memory of 4364	756	chrome.exe	85
PID 756 wrote to memory of 4364	756	chrome.exe	85
PID 756 wrote to memory of 4364	756	chrome.exe	85
PID 756 wrote to memory of 4364	756	chrome.exe	85
PID 756 wrote to memory of 4364	756	chrome.exe	85
PID 756 wrote to memory of 4364	756	chrome.exe	85
PID 756 wrote to memory of 4364	756	chrome.exe	85
PID 756 wrote to memory of 4364	756	chrome.exe	85
PID 756 wrote to memory of 4364	756	chrome.exe	85
PID 756 wrote to memory of 4364	756	chrome.exe	85
PID 756 wrote to memory of 4364	756	chrome.exe	85
PID 756 wrote to memory of 4364	756	chrome.exe	85
PID 756 wrote to memory of 4364	756	chrome.exe	85
PID 756 wrote to memory of 4364	756	chrome.exe	85
PID 756 wrote to memory of 4364	756	chrome.exe	85
PID 756 wrote to memory of 4364	756	chrome.exe	85
PID 756 wrote to memory of 4364	756	chrome.exe	85
PID 756 wrote to memory of 4364	756	chrome.exe	85
PID 756 wrote to memory of 4364	756	chrome.exe	85
PID 756 wrote to memory of 4364	756	chrome.exe	85
PID 756 wrote to memory of 4364	756	chrome.exe	85
PID 756 wrote to memory of 4364	756	chrome.exe	85
PID 756 wrote to memory of 4364	756	chrome.exe	85
PID 756 wrote to memory of 4364	756	chrome.exe	85
PID 756 wrote to memory of 4364	756	chrome.exe	85
PID 756 wrote to memory of 4364	756	chrome.exe	85
PID 756 wrote to memory of 4364	756	chrome.exe	85
PID 756 wrote to memory of 2528	756	chrome.exe	86
PID 756 wrote to memory of 2528	756	chrome.exe	86
PID 756 wrote to memory of 4112	756	chrome.exe	87
PID 756 wrote to memory of 4112	756	chrome.exe	87
PID 756 wrote to memory of 4112	756	chrome.exe	87
PID 756 wrote to memory of 4112	756	chrome.exe	87
PID 756 wrote to memory of 4112	756	chrome.exe	87
PID 756 wrote to memory of 4112	756	chrome.exe	87
PID 756 wrote to memory of 4112	756	chrome.exe	87
PID 756 wrote to memory of 4112	756	chrome.exe	87
PID 756 wrote to memory of 4112	756	chrome.exe	87
PID 756 wrote to memory of 4112	756	chrome.exe	87
PID 756 wrote to memory of 4112	756	chrome.exe	87
PID 756 wrote to memory of 4112	756	chrome.exe	87
PID 756 wrote to memory of 4112	756	chrome.exe	87
PID 756 wrote to memory of 4112	756	chrome.exe	87
PID 756 wrote to memory of 4112	756	chrome.exe	87
PID 756 wrote to memory of 4112	756	chrome.exe	87
PID 756 wrote to memory of 4112	756	chrome.exe	87
PID 756 wrote to memory of 4112	756	chrome.exe	87
PID 756 wrote to memory of 4112	756	chrome.exe	87
PID 756 wrote to memory of 4112	756	chrome.exe	87
PID 756 wrote to memory of 4112	756	chrome.exe	87
PID 756 wrote to memory of 4112	756	chrome.exe	87

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://archive.org/details/malware-pack-2
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffee0c99758,0x7ffee0c99768,0x7ffee0c99778
  2⤵
  PID:3948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1664 --field-trial-handle=1912,i,12925891596996812309,9586202635840032996,131072 /prefetch:2
  2⤵
  PID:4364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 --field-trial-handle=1912,i,12925891596996812309,9586202635840032996,131072 /prefetch:8
  2⤵
  PID:2528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2188 --field-trial-handle=1912,i,12925891596996812309,9586202635840032996,131072 /prefetch:8
  2⤵
  PID:4112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2996 --field-trial-handle=1912,i,12925891596996812309,9586202635840032996,131072 /prefetch:1
  2⤵
  PID:228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3008 --field-trial-handle=1912,i,12925891596996812309,9586202635840032996,131072 /prefetch:1
  2⤵
  PID:808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5196 --field-trial-handle=1912,i,12925891596996812309,9586202635840032996,131072 /prefetch:8
  2⤵
  PID:3464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3612 --field-trial-handle=1912,i,12925891596996812309,9586202635840032996,131072 /prefetch:8
  2⤵
  PID:1648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5392 --field-trial-handle=1912,i,12925891596996812309,9586202635840032996,131072 /prefetch:1
  2⤵
  PID:1928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5768 --field-trial-handle=1912,i,12925891596996812309,9586202635840032996,131072 /prefetch:8
  2⤵
  PID:1748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4892 --field-trial-handle=1912,i,12925891596996812309,9586202635840032996,131072 /prefetch:8
  2⤵
  PID:1232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5736 --field-trial-handle=1912,i,12925891596996812309,9586202635840032996,131072 /prefetch:8
  2⤵
  PID:3880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5880 --field-trial-handle=1912,i,12925891596996812309,9586202635840032996,131072 /prefetch:8
  2⤵
  PID:5116

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4440

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4616

C:\Users\Admin\AppData\Local\Temp\Temp1_000.zip\[email protected]
"C:\Users\Admin\AppData\Local\Temp\Temp1_000.zip\[email protected]"
1⤵
- Enumerates connected drives
- Sets desktop wallpaper using registry
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3360
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\windl.bat""
  2⤵
  PID:3592
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im explorer.exe
    3⤵
    - Kills process with taskkill
    PID:860
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im taskmgr.exe
    3⤵
    - Kills process with taskkill
    PID:4960
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic useraccount where name='Admin' set FullName='UR NEXT'
    3⤵
    PID:4468
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic useraccount where name='Admin' rename 'UR NEXT'
    3⤵
    PID:3832
- - C:\Windows\SysWOW64\shutdown.exe
    shutdown /f /r /t 0
    3⤵
    PID:1456

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa39a5055 /state1:0x41c64e6d
1⤵
PID:2696

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Defacement

T1491

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000e

Filesize
40KB

MD5
56e6be029d77f578e709c24b614846c9

SHA1
489c375c9f3497c386174d83cad05129e537ba2f

SHA256
25f1d7fee2bd9cf97933b907f627a6ff47534b2ad58fb99676f17b472fb1cbba

SHA512
efe69b930590d01364af98e68539d8bda4538ca7becb19b8b38f6ad6838c3f42778bd5625afb6f76c12aa360b6d3a13d42419bc0a198cd4c043852130a90e8bd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000f

Filesize
72KB

MD5
4f6377a1b1a0a36a0e6c383b4543bfe6

SHA1
41f49256395e5abf6722bbf5497f899534d72e7c

SHA256
1094bc1e0648a5b112504c5f2b6650adcc2209762384f479c6eaa1cb961528a9

SHA512
8ad5f95c7dd72652b72b8e9ab3c5482c44a69f76275c5b1e4e2c025b850c6e83530942ad851f8b62488692798b8063e8534b0a000032aad148a2d35651914dd1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
d9ef5a692d381be00974deb9334c3901

SHA1
2ba5c9f7713cb6344b11333803713e8fee3839f0

SHA256
7f0044dee81c6563968029346a69eb66785a478f0bf5ba4f62cc6c76372d8b77

SHA512
09b1cd0c17fd221d657f24b55ab9df391da0d541294b59fa00a6cdb2282e170156de8783bb2310ee72c2c70b3acebd1f644f61fc58c82dd0b82161dc629aa48b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
c7ba8695172156c8635c72aa66996c1f

SHA1
6a97c836bb67de84745b292e3b03b80fe7bbb49a

SHA256
22deab6d5bc733b7cdceac72a5a79f6d64b5320b19b14e6bb4faec12fb90ca53

SHA512
4ba3435265d6dc24a1aaea77ed3a76b62b75e6f8ef137512341a0314ba1e2647582da696437771d9466133c37a5d141eb5f1ed6f366426fe8e2b9a1566ef4174

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
6247301b2440493982caa571a7b106e4

SHA1
81f4a2c290aaa501660a0259c023db1706fb3ffd

SHA256
6a717b8ace7e191ddcdda988f94cfb22d005210cc0dc29ef8f9533dcc817d7cd

SHA512
798526ac093bff7f47cbb3ecafcfd561c960b348508ada5bdaecdc477ff18a0fb1d1dc7446d56ea6d1271b9d43fefb5686d6d1f475e4c5a7e43403ce94626fed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
707B

MD5
7c3c67206c9fb539bed5107cd47594aa

SHA1
3df644d148a9c57f4f06cc887ec200475b8ff39c

SHA256
0863dd85af6c66297b33144a5147dd6ac0068dfbb8c7132776ea2e35e6ef2769

SHA512
31fe32457a2c90ba9820be76819b8be30a6093bc57416d99d8e0ee594367c5a4b77b32d3650d1473443e242b5ad2d089acab2f266a687d9e8da305982b96689f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
875B

MD5
0b88a043967b6d302da9bba926e1e0a8

SHA1
491124e7c1924d06204fa8aefb3c7072ce33b207

SHA256
2f3d472f8a2618495ab8d655bc2fd1208657a1b93bd4c353906db121c7bcc3ae

SHA512
0943dc6d13aafd6388ef082e6847453ceedada4e905ba77be972f447399d29159e0d61dac1168e6266d176c12c39f3bc7e3717d341f9826ebd9fd1006b5b6f74

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
c1e269b176df92a6b24c6f72088a6c8e

SHA1
4d5bb5c3716319c749845ae842793007d448691d

SHA256
838b7d5b158d98957cf7635a9f9b7b1e37b3d2dd98c8bfb36d4acf1e204fc37c

SHA512
8a23a9417ee2ff24648b3200dd4d4f52bddfe2807fae6105c76bb471c92e760adc371776d57c4de5862e4f4b451915b5c25a60b8eaaf86f4390c366c11424591

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
493a5e0279252573e524e657982ca55b

SHA1
3ce891ab5b13cf31b523af75bfb8cfbe4bd7c21a

SHA256
6ecda832a58b03bfbdc5fa4766757b7042565210831f3ff65b610cfef6a9f2f3

SHA512
7ad86383b4665bdc64f244cae85e72997080c63dd11613b28e84bbb5cbaf18268fa4b4d18159ccdd1b29a64afe315413d0705a77d0cc2126deaae687146d2d13

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
afd0a217d9c4b8f766b90b91bffc9d7f

SHA1
8dafac267e7648f9914f8e7141791d2b74c97574

SHA256
9b9e823e034db2df8d4bc72589e84dbeda6c90adec39faf8aef353fef1adba9b

SHA512
2d83205445c19e3b00b024c22b09e959d4b652dd10e99eb513ad572eb23869df80b907b00ae4232acb43d563a122eef23c2741e8e3e93e46fa80457ba5d7a571

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
f17235335eeb356dfc431789d81c2e27

SHA1
52820aa01981c73cdb9d8b36334f1fc0c2e5a14c

SHA256
bea6a6d658f0b5ef02d631e60136b37956ef379a862aeec654ecdb2e3e440ffd

SHA512
e618481b6410f358d535bf0c50b4806f67631466bcce519f16409b94dfbe51eecc00e22a19ebbd5f7011ede10a1900490500ea43775383eaa160246a48a205f2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
103KB

MD5
6034083e75d87a72603eee1348240cbf

SHA1
e2ce1bbbccfefff4e2fd7b182f2dcc69413042a0

SHA256
228ce1bfdf48398ef43dbbafba69b127993af39434b2f81e26cf8e2548f5bc03

SHA512
334e4e7f24ac35aa6a53a20818d26bf406c30c2e5350237ed26ef88a57bfe7f221cf8357612a27a6736da954f014620926ed514bfb37272026195ee8aa7cfa89

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
104KB

MD5
452f2106dbe83e2c9e6a7c02994fb17b

SHA1
8b627ae54fbb806dc23385a3864624dfaca29709

SHA256
1ce059081c852ffc8bbb84a84207473cc30dbdaa77b035baf8c7558a77eac76b

SHA512
19d9308a6e8411946e10e514b17b0db9cce91e99f1b2a87069a44ccd012f6d19edd9c94ec305a5be8d74224f5e26b3634204a369d4586bb243c0be8ade7d5b63

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
104KB

MD5
bc47981f180fd4b20ae1ac9156a94935

SHA1
329b5ad7a70b002d217acb54e249a5ccfca8e082

SHA256
7b740262f78c5be2a030083cf649ec171b1d0faee85f00fbda9c5faa73ed0fe0

SHA512
c01db3a524eb309d5e0e35f33023d71921d360a6e7aedfa3a0046841fe7cc65b57be5d55829be1b32bc3264d35e352a7f7bcad14486da122dab4636cec1de4da

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
104KB

MD5
324c36f309be565a9f471dc985442010

SHA1
1a3c66915513917e5aa75833d731e3952e737249

SHA256
4bc28b361547a02517e0a59d2131b70f0df68246546ea991188d9efd4f7ae61e

SHA512
de64f9bc8623faee1b3125117c563a5ff252b1598641a2d57e9369111cac79eeb079b52c74cde7eb2afdc22b1c1f491ea372db3809ace56321f05f5bf18982b9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
212891264327ac3dd51deb9363039b91

SHA1
ae04e896bc92b55325b4ad1b2d2c490a0591d5e3

SHA256
fe728f36c91ecff7dc82423fd90622252c6c510f050b3c9dedae1e89825444fd

SHA512
c941156fd5f1dc04eab6f85e0fd736ccf8f302b252ed703850caa36c85c7742973436f85dc4947d3db180aee70c378535a49f8e182ea2c07d69be16159ec90de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb

Filesize
384KB

MD5
5ad089f194166d48412fb53084c80b6c

SHA1
e98a34e25bf2ad6742a4d0a3ec20572de45511ad

SHA256
e4895a0c263f276fa250f390f8fd3eac22fafd2a0124baaa6b65077f03aebea2

SHA512
c94b38539f191864c09f771728a5edf0226bf9aa213ae394870ca00be3664c7e931b1f0e6a3f5864b2d54a812ffdada8d9f08f3fa714bc1fef24d48a7b99b7e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.2\WMSDKNS.XML

Filesize
9KB

MD5
7050d5ae8acfbe560fa11073fef8185d

SHA1
5bc38e77ff06785fe0aec5a345c4ccd15752560e

SHA256
cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b

SHA512
a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b

Download Submit
C:\Users\Admin\AppData\Local\Temp\one.rtf

Filesize
403B

MD5
6fbd6ce25307749d6e0a66ebbc0264e7

SHA1
faee71e2eac4c03b96aabecde91336a6510fff60

SHA256
e152b106733d9263d3cf175f0b6197880d70acb753f8bde8035a3e4865b31690

SHA512
35a0d6d91178ec10619cf4d2fd44d3e57aa0266e1779e15b1eef6e9c359c77c384e0ffe4edb2cde980a6847e53f47733e6eacb72d46762066b3541dee3d29064

Download Submit
C:\Users\Admin\AppData\Local\Temp\rniw.exe

Filesize
76KB

MD5
9232120b6ff11d48a90069b25aa30abc

SHA1
97bb45f4076083fca037eee15d001fd284e53e47

SHA256
70faa0e1498461731f873d3594f20cbf2beaa6f123a06b66f9df59a9cdf862be

SHA512
b06688a9fc0b853d2895f11e812c48d5871f2793183fda5e9638ded22fc5dc1e813f174baedc980a1f0b6a7b0a65cd61f29bb16acc6dd45da62988eb012d6877

Download Submit
C:\Users\Admin\AppData\Local\Temp\text.txt

Filesize
396B

MD5
9037ebf0a18a1c17537832bc73739109

SHA1
1d951dedfa4c172a1aa1aae096cfb576c1fb1d60

SHA256
38c889b5d7bdcb79bbcb55554c520a9ce74b5bfc29c19d1e4cb1419176c99f48

SHA512
4fb5c06089524c6dcd48b6d165cedb488e9efe2d27613289ef8834dbb6c010632d2bd5e3ac75f83b1d8024477ebdf05b9e0809602bbe1780528947c36e4de32f

Download Submit
C:\Users\Admin\AppData\Local\Temp\v.mp4

Filesize
81KB

MD5
d2774b188ab5dde3e2df5033a676a0b4

SHA1
6e8f668cba211f1c3303e4947676f2fc9e4a1bcc

SHA256
95374cf300097872a546d89306374e7cf2676f7a8b4c70274245d2dccfc79443

SHA512
3047a831ed9c8690b00763061807e98e15e9534ebc9499e3e5abb938199f9716c0e24a83a13291a8fd5b91a6598aeeef377d6793f6461fc0247ec4bbd901a131

Download Submit
C:\Users\Admin\AppData\Local\Temp\windl.bat

Filesize
771B

MD5
a9401e260d9856d1134692759d636e92

SHA1
4141d3c60173741e14f36dfe41588bb2716d2867

SHA256
b551fba71dfd526d4916ae277d8686d83fff36d22fcf6f18457924a070b30ef7

SHA512
5cbe38cdab0283b87d9a9875f7ba6fa4e8a7673d933ca05deddddbcf6cf793bd1bf34ac0add798b4ed59ab483e49f433ce4012f571a658bc0add28dd987a57b6

Download Submit
C:\Users\Admin\Desktop\UR NEXT UR NEXT UR NEXT UR NEXT UR NEXT UR NEXT UR NEXT UR N1XT.txt

Filesize
396B

MD5
9037ebf0a18a1c17537832bc73739109

SHA1
1d951dedfa4c172a1aa1aae096cfb576c1fb1d60

SHA256
38c889b5d7bdcb79bbcb55554c520a9ce74b5bfc29c19d1e4cb1419176c99f48

SHA512
4fb5c06089524c6dcd48b6d165cedb488e9efe2d27613289ef8834dbb6c010632d2bd5e3ac75f83b1d8024477ebdf05b9e0809602bbe1780528947c36e4de32f

Download Submit
C:\Users\Admin\Downloads\000.zip.crdownload

Filesize
119KB

MD5
d113bd83e59586dd8f1843bdb9b98ee0

SHA1
6c203d91d5184dade63dbab8aecbdfaa8a5402ab

SHA256
9d3fe04d88c401178165f7fbdf307ac0fb690cc5fef8b70ee7f380307d4748f8

SHA512
0e763ff972068d2d9946a2659968e0f78945e9bf9a73090ec81f2a6f96ac9b43a240544455068d41afa327035b20b0509bb1ad79a28147b6375ed0c0cf3efec5

Download Submit
memory/3360-291-0x0000000009A30000-0x0000000009A40000-memory.dmp

Filesize
64KB

Download
memory/3360-310-0x0000000009A30000-0x0000000009A40000-memory.dmp

Filesize
64KB

Download
memory/3360-289-0x0000000009A30000-0x0000000009A40000-memory.dmp

Filesize
64KB

Download
memory/3360-271-0x0000000005D90000-0x0000000005DA0000-memory.dmp

Filesize
64KB

Download
memory/3360-293-0x0000000009A30000-0x0000000009A40000-memory.dmp

Filesize
64KB

Download
memory/3360-295-0x0000000009A30000-0x0000000009A40000-memory.dmp

Filesize
64KB

Download
memory/3360-296-0x0000000009A30000-0x0000000009A40000-memory.dmp

Filesize
64KB

Download
memory/3360-297-0x000000000C600000-0x000000000C610000-memory.dmp

Filesize
64KB

Download
memory/3360-298-0x000000000C600000-0x000000000C610000-memory.dmp

Filesize
64KB

Download
memory/3360-285-0x000000000BF70000-0x000000000BFA8000-memory.dmp

Filesize
224KB

Download
memory/3360-309-0x0000000009A30000-0x0000000009A40000-memory.dmp

Filesize
64KB

Download
memory/3360-286-0x0000000009970000-0x000000000997E000-memory.dmp

Filesize
56KB

Download
memory/3360-312-0x000000000C600000-0x000000000C610000-memory.dmp

Filesize
64KB

Download
memory/3360-313-0x0000000009A30000-0x0000000009A40000-memory.dmp

Filesize
64KB

Download
memory/3360-315-0x0000000005D90000-0x0000000005DA0000-memory.dmp

Filesize
64KB

Download
memory/3360-314-0x000000000C600000-0x000000000C610000-memory.dmp

Filesize
64KB

Download
memory/3360-318-0x000000000C600000-0x000000000C610000-memory.dmp

Filesize
64KB

Download
memory/3360-311-0x0000000074590000-0x0000000074D40000-memory.dmp

Filesize
7.7MB

Download
memory/3360-299-0x000000000C600000-0x000000000C610000-memory.dmp

Filesize
64KB

Download
memory/3360-262-0x0000000005D90000-0x0000000005DA0000-memory.dmp

Filesize
64KB

Download
memory/3360-261-0x0000000000CE0000-0x000000000138E000-memory.dmp

Filesize
6.7MB

Download
memory/3360-260-0x0000000074590000-0x0000000074D40000-memory.dmp

Filesize
7.7MB

Download
memory/3360-263-0x0000000006420000-0x00000000069C4000-memory.dmp

Filesize
5.6MB

Download
memory/3360-1132-0x0000000074590000-0x0000000074D40000-memory.dmp

Filesize
7.7MB

Download

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads