54f005ebc30ea5ba65ea412cfdf5f6b0c5958da2efb1bd4db7150700f1447dc3

Analysis

max time kernel
151s
max time network
159s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
27/11/2023, 18:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3d94e92b365acec3100d7ee7d036b2b0.exe
Size

29KB
MD5

3d94e92b365acec3100d7ee7d036b2b0
SHA1

e148ac4342c363fd4d7d5c24f1f737135fabb4af
SHA256

54f005ebc30ea5ba65ea412cfdf5f6b0c5958da2efb1bd4db7150700f1447dc3
SHA512

2eee1b33d7ae07c8553fb075e985e79bbf739096bb6ce8624fc685b705e8cac5a731490630dd16f1387192afa4776ff05a2b6cacc33acc4aacfa31ec1f62beba
SSDEEP

768:AEwHupU99d2JE0jNJJ83+8zzqgTdVY9/X0:AEwVs+0jNDY1qi/qs

Score

7^/10

persistence upx

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
3860	services.exe

UPX packed file 24 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3632-0-0x0000000000500000-0x0000000000510200-memory.dmp	upx
behavioral2/files/0x0006000000022dde-4.dat	upx
behavioral2/files/0x0006000000022dde-7.dat	upx
behavioral2/memory/3860-6-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral2/memory/3632-13-0x0000000000500000-0x0000000000510200-memory.dmp	upx
behavioral2/memory/3860-14-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral2/memory/3860-19-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral2/memory/3860-24-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral2/memory/3860-26-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral2/memory/3860-31-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral2/memory/3860-36-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral2/memory/3860-38-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral2/memory/3860-43-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral2/memory/3860-48-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral2/memory/3860-50-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral2/files/0x0006000000000037-60.dat	upx
behavioral2/memory/3632-154-0x0000000000500000-0x0000000000510200-memory.dmp	upx
behavioral2/memory/3860-155-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral2/memory/3632-344-0x0000000000500000-0x0000000000510200-memory.dmp	upx
behavioral2/memory/3860-345-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral2/memory/3632-483-0x0000000000500000-0x0000000000510200-memory.dmp	upx
behavioral2/memory/3860-514-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral2/memory/3632-685-0x0000000000500000-0x0000000000510200-memory.dmp	upx
behavioral2/memory/3860-686-0x0000000000400000-0x0000000000408000-memory.dmp	upx

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\JavaVM = "C:\\Windows\\java.exe"	3d94e92b365acec3100d7ee7d036b2b0.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Services = "C:\\Windows\\services.exe"	services.exe

Drops file in Windows directory 3 IoCs

description	ioc	Process
File created	C:\Windows\services.exe	3d94e92b365acec3100d7ee7d036b2b0.exe
File opened for modification	C:\Windows\java.exe	3d94e92b365acec3100d7ee7d036b2b0.exe
File created	C:\Windows\java.exe	3d94e92b365acec3100d7ee7d036b2b0.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3632 wrote to memory of 3860	3632	3d94e92b365acec3100d7ee7d036b2b0.exe	83
PID 3632 wrote to memory of 3860	3632	3d94e92b365acec3100d7ee7d036b2b0.exe	83
PID 3632 wrote to memory of 3860	3632	3d94e92b365acec3100d7ee7d036b2b0.exe	83

C:\Users\Admin\AppData\Local\Temp\3d94e92b365acec3100d7ee7d036b2b0.exe
"C:\Users\Admin\AppData\Local\Temp\3d94e92b365acec3100d7ee7d036b2b0.exe"
1⤵
- Adds Run key to start application
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:3632
- C:\Windows\services.exe
  "C:\Windows\services.exe"
  2⤵
  - Executes dropped EXE
  - Adds Run key to start application
  PID:3860

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\5CVX12JG\results[3].htm

Filesize
1KB

MD5
3587117c1296d5f2f1d4f74e516b147b

SHA1
9e5f07bd6916ae9087a44f6ccecbf3698197371b

SHA256
ceb2c4df8e4667372b4079498d71c68b916fe1f1f2bd8953719fc6575912559d

SHA512
e9e74be9242daccce7cd4e83a53a9621a1aaea55a6d1d5b95e9a44731c815c206a925528d71e193254700051825611252061f07dcea912bc42dfbc296938ddcb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\5CVX12JG\searchX8QOZUPQ.htm

Filesize
157KB

MD5
cfb77b3d17b12bf62499d8052aa6754a

SHA1
77d78a841119dc2c77821c930360c4fa80684e7b

SHA256
750955a1941760c53b5e5667bec97625b69931951d89a8e99a95412bcc30bbc0

SHA512
3065cedf29617a56c4e9e65610b7d752f243088e1e8afea525cc49b5752910126c3182f80f1e01a380bde9d7369080e283dd31e435cc23158623a2c6df0c7fda

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\5CVX12JG\search[10].htm

Filesize
168KB

MD5
5368d5bfa3761f6e481e824c5ad88f4b

SHA1
a76b8e73944a8860039e4d012f5935a87c3ea7e6

SHA256
d98ac3b3011b786cffcafa7c2d14cae087d44f7cb8fcd2dba51237373b49f2bd

SHA512
cdf312358f80160ea67fcf6baefc09e100184e9653898bf50333e994e7b196db203a5ee90cb41f1bf2e33ab4fb30ef4777c75f51fa0b6ddd2005b91f758f8045

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\5CVX12JG\search[3].htm

Filesize
168KB

MD5
f8c1516c9fff47794f2bbc3836702d70

SHA1
6f7cc45857dc801dbb53bcad6d64c1dedf267443

SHA256
e8b5802e56baf348288062ccef2477fd7f0b015f9006621c156adf167286f916

SHA512
5b0bd9efc5ab9820b3eb8e4d1ea1d639b3d972da4b2f29e00b766fda4413f9d5293357b87f38bb53b632987fc8e278448a26afc344769f23327f4f344f4c1fa0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\5CVX12JG\search[9].htm

Filesize
167KB

MD5
507a68d677dded2fc53a3f517efeb6a2

SHA1
cfe8134e3922617df16016e47f68f355dc757fff

SHA256
18245e56d17a8459f03dbdadfd446332a05ffe65acf0b46b5297517b1ecff804

SHA512
c18b6fbbeb1267068bf0e56b1c62751817265f76d8805555d6751b9b505c458a40c3ea7b2458f8ee798c1a4eb82508e38b604e9204ecd3493559db17802e0a70

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\FNC8FKXQ\0EC2Q43G.htm

Filesize
145KB

MD5
b716da7733a59aab22e1cf9338f84cbd

SHA1
6aa567772ae844b65d3d4312ccf98aa266419153

SHA256
be215946b1853c5aee4ae173dc491ae548d137858ba0e28114ba09fd23aa92a0

SHA512
89abb0c63e66132936e2b37469ecfce29bd5440eb3d0c629977493984bf6d7b3a8fd7a8739df5fe1ca7adebc04f4b312a723d7ad029d754c10e2a8339f8eeca3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\FNC8FKXQ\3DM66D5P.htm

Filesize
145KB

MD5
475a8b6a54e110ec53e44e480fb627df

SHA1
7d242c9a66a6d3937a07a95be76999866ff64af6

SHA256
e53c7f0570942d120f421ae9dfd2001bc505834a6225c749b5fc81726a6d8e4d

SHA512
edaf52baba403f4fa5c26e782b70edd90a76f183b2bee1fcb696a60acfd0ffd0a5054a7c82b937ad199d4f28114c79a7cfc0e64c4359f38c03651ca04ba864a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\FNC8FKXQ\G1Q6MK0R.htm

Filesize
145KB

MD5
0dcebcd4b713a63dfcbd90e232b60cc2

SHA1
a2a6c1762d37bf24184f848965c98609b1425677

SHA256
67027ed2fcf5099d55f543847fc4c97e4cdb6690387c85bf325b53801b0f531e

SHA512
e60d8a03749f008a8748bfb68382cee1045c64853ec4503876e379a8f71eea081627109019aed28d0667c6baa6575dd415ec11b5d50b2633e8e68a9ab5ba88fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\FNC8FKXQ\WHWZW5S3.htm

Filesize
145KB

MD5
8afcb91da393348524f733bc006edaad

SHA1
e5d77f2d8480c9de2082b55bcc59aca02bb59bb9

SHA256
00e081e6c1417632728f2f3f64e03f423937334c67dea0216132c468218a5fdb

SHA512
f1f3c00271a06068df604806c8d6a8fea27a6faf6293a375a71d786651a7ec9ce180f2618acd39bae68ad3225f2c831e5501ef39e0b1996b71d24b3cbb9306a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\FNC8FKXQ\default[2].htm

Filesize
304B

MD5
8251fff4df202c8d6dd6aaf34f4838ea

SHA1
fa88f08dfdeaff6b86873d447fd26cb7d83a694d

SHA256
a17db628f6bdbf4cdc6fe029542404867306406510dbbdb57a047a75ac294962

SHA512
e9c0fe2a920377777bdda16a8744cf80d15e1d1b3c94b704f8a4c4cf54d2529ede4aea8a2d6d38f4e3c4d02f602edfed659db6613ac7c374e5214a201f16a3b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\FNC8FKXQ\default[3].htm

Filesize
305B

MD5
2c4ce699b73ce3278646321d836aca40

SHA1
72ead77fbd91cfadae8914cbb4c023a618bf0bd1

SHA256
e7391b33aeb3be8afbe1b180430c606c5d3368baf7f458254cef5db9eef966e3

SHA512
89ec604cd4a4ad37c5392da0bb28bd9072d731a3efdd38707eeb7b1caf7626e6917da687529bf9426d8eb89fab23175399032d545d96ab93ffd19dd54c02c075

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\FNC8FKXQ\results[8].htm

Filesize
1KB

MD5
d66c7f6fd195ebb66412c8db429ecfe0

SHA1
d001516d3d392bceaeb92dcab62212e92b17f5ea

SHA256
990f7d2a1c1c1d44a3cbb87b46d995dbc1fa2ac3e62dc278e09364b3236f4f98

SHA512
ba86e1ae44ae59a374c590922522d09ec6826f3dc7be74c9b21fb9a8ea066950e3a6757f6402fb7618b43916133c86244d35c7bcd13d21dedd549d77b41830bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\FNC8FKXQ\search0DZ8SV4B.htm

Filesize
168KB

MD5
d2852714164c0b7736d88c4e2ac47db1

SHA1
a4a60b8ba388b173aad9fc4eda7a232acf0ad353

SHA256
20710c323654e4bd29018f8f5a01e6667a02d05f024948b3109a77ab4210b52a

SHA512
dd0ca4b0e9beb0425752c1a34404a242b05333e3c86c4b43449f2635bbe9a68b02166a097b80b3fb7df35ac9aab3dcb9399f257d7a8b053416847c6b3f3a3c1d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\FNC8FKXQ\search[4].htm

Filesize
155KB

MD5
3a11349df4d303692b23afff5fc293d1

SHA1
80990e5aafdd455e91fede5b54d56cb01a5b4109

SHA256
87471acdbb8005af1623adebfca587f7177b29fe4e84269c461fa14ec6726795

SHA512
2c0383d441ef1cccda4d9516de012786b03ec4f41f3b227616001c0057a5ffeec7c36a997dc55c7cc7ad51433f88716872b5b97de1d63da1761f27e12e063b11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\FNC8FKXQ\search[5].htm

Filesize
169KB

MD5
17a41fa2186addc63c9a2ad32eddc45f

SHA1
a29535d98aebbe7ec007e28addee9fcfc648ab23

SHA256
2f6fc9257478b371d7433b5136c1d8240ea1dd685365416120937e0cfaa3933a

SHA512
ae6278b988b2a095a2410172e008a7cc658b0489634375028ac43aeede67624f961806531642b96da3d5b9081b14affe06f88e75ab843ab0c156937299f034a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\FNC8FKXQ\search[6].htm

Filesize
171KB

MD5
83036db529389877d1716c7cfaff6f0e

SHA1
11aea57a07858c08ed552e8ee76d2f62c4e567b7

SHA256
c3b09abaad377b3b015597d2031c295f820ba86ea7325907be7f4fd786d2a13c

SHA512
2e3f8a5918a9e429d196d640528daaa41b8f7b0a974f0e7a1f967affa6610c49cff31d63776ce8178fca3811120ee2129dec61a908c35d37774189288c2130f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\MMC5AP7F\default[2].htm

Filesize
304B

MD5
605de1f61d0446f81e63c25750e99301

SHA1
0eaf9121f9dc1338807a511f92ea0b30dc2982a5

SHA256
049f75dee036da00f8c8366d29ee14268239df75b8be53aa104aec22b84560f0

SHA512
a6a2505b8b89a895922ad6dc06d2ce620cb51cc6582c1b7e498a9f1ee1e4e47c53ebc4f92f8aa37532d558667225e30574732c9fe7187153a262c933893e4285

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\MMC5AP7F\results[3].htm

Filesize
1KB

MD5
1f54bb772898601864114ea6f0b12b25

SHA1
6e7988e843cc302509d64e192d18c83b2c7dec3a

SHA256
31c4da7079c2bd7ca47ff1c5088456fefa48f6ab5a5836950d4b255b4b5e0d0b

SHA512
f05085ba7521d70f35eda262962a3b11ed0d76edec90d3c8eeda27f99a947ef519df5191d964c2e1b9fee1db606ae0dd9d7cbbf924aa50d2e872556127479b62

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\MMC5AP7F\search1OFPRIHO.htm

Filesize
167KB

MD5
80ea70b66b57a05f199182e3bea0ce25

SHA1
22730ae84d48e8079520e7b41086887414871f2b

SHA256
c05e528d7f8a36910260c1e0074f6824b9db1c629d629fb617db61122287b944

SHA512
e9eab39cc84d5276901ff4d994d22ed91fac01966baf36fbf8eb356404c27d830c6d49d52e70baee1e65241ff7c793f8c13c591912c9c630ed35a8b422465aab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\MMC5AP7F\searchV357A9SL.htm

Filesize
170KB

MD5
527a400201282ed06ae6812c65435ed5

SHA1
f4e80967980e9e7130304c40d76fccde91b0c13c

SHA256
0f286c8bbca88a4a6d86251b1a9ad7cd96b5da06fd8c3bb282fe32f3447fbda7

SHA512
553ceaa8e5ce12fef62ae0b0272c8983625c49045c495160ff93f1ff7006ce8eb0bc23c8162172791756763373b44083eed644efd6023b40bdfc534b6423848c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\MMC5AP7F\search[1].htm

Filesize
171KB

MD5
563bb80608454ab62a01b1c01cede502

SHA1
b816d4df45cc0855e345aace0ab7a08fcd7625e2

SHA256
b4b19bef4fb16a8d06050ae8a758d859b789587f61b78ac0e25fac9f9d09e7c2

SHA512
d1fcacf336281f019e3d0added64ef3542917190a4cc6319f3a343b483466d4f5dc7d71fa4572fe85b7bb38e1bf60aae939a35cd4ffe08437c492ceda4405d7d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\OAM0FGD0\default[3].htm

Filesize
303B

MD5
ab7421802af48230da4837d84ca54208

SHA1
ee1036ca523fe527c1e4ff585983f59720d07e3e

SHA256
87937d2d6d98641310a5ac9d849a483bd192318a197d352d5db7b074f926c944

SHA512
c690cd667ba4a7f339c74276cdf2400ba8ebaa348ca83e2cb1ef26413e41a0ab96d9b6e13e697b3472ece4be2c85d2591977679383c43f4f55a40ab06476736d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\OAM0FGD0\search3FTABKP2.htm

Filesize
187KB

MD5
cfb59bc8743d86100c35aff17521649f

SHA1
1841d0ee54cc7e27a4f191bbcd3e9e6058d023ff

SHA256
c10556310499cd825dc1aa0383b407c22afb74ab68dea687302b88b1112642af

SHA512
b33e4da2cb2b2dc89c1ab5f7ae5e1a97921621c5c5d11c4262b9d20b03acaf87854ddc81ceef6b251d4b6d626d7001ba9587d0b62e8a9001b952dd6c2804344a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\OAM0FGD0\search[1].htm

Filesize
25B

MD5
8ba61a16b71609a08bfa35bc213fce49

SHA1
8374dddcc6b2ede14b0ea00a5870a11b57ced33f

SHA256
6aa63394c1f5e705b1e89c55ff19eed71957e735c3831a845ff62f74824e13f1

SHA512
5855f5b2a78877f7a27ff92eaaa900d81d02486e6e2ea81d80b6f6cf1fe254350444980017e00cdeecdd3c67b86e7acc90cd2d77f06210bdd1d7b1a71d262df1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\OAM0FGD0\search[5].htm

Filesize
155KB

MD5
5a91ab1952bdf40e01bf05c4f489aca3

SHA1
09f4c4937e902292e191c99677e259c69516ccc4

SHA256
ac31eef95d73850cfe788448769d3aa21a43b351272f779fd134affafde45ccd

SHA512
61d3a9cda3565f295f5e7de705045b18f8f1426d5f2b4f9089dc276fe93f1846160be45546436a21c8cc5c0d4d3c1e55460c1aab5d4690d50f38270be950714d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\OAM0FGD0\search[6].htm

Filesize
170KB

MD5
45256299cab2d7ee744ce639a8da683a

SHA1
80e2443647fa7aae948f71eb2d785eaee630581f

SHA256
1550b72653aaa0db80b0fabffe40e67dc706aeca183f72876f33d35be2b6968b

SHA512
b441c4177416f6501e9b739311e451807c7405cf61af409d0802860003c545674dba403e4f4de264dc23dc19f495e973a185155109659523968eac10939d8903

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\OAM0FGD0\search[7].htm

Filesize
170KB

MD5
4657cef78300abec89a107104b6be1ca

SHA1
2af30ee377684ff7482d763f5243c42fd52eeb52

SHA256
b4b3687064b76ecbe5c5aa8e200f25f352a9e380688b553bc2439e7739abb20a

SHA512
9afa1fb53aa6dd5af8447dc4574f48f53b4f1bb054ff1c29ab032d8e4b3e8c7bd8949269a917e6559700f652ede6f342af863fbdf092b09fa7ca50d985874bf1

Download Submit
C:\Users\Admin\AppData\Local\Temp\94U8peojbc.log

Filesize
256B

MD5
64a652fbfbfdbabfe373b9f78ca1276d

SHA1
7228d4c574c6ad1c100e74c63a1fcd7027690159

SHA256
616cce6d14a239cfec0fb2e22e0fc15192eac6510f3969f775441099d6099b40

SHA512
6b8b9ad7e1c2c9606cacd7ef65d2472c2094fbc84bebd4ab11fad1d9f2a6eb9394f428b03f5c77a6802d89d7de0a335ff11f41947ee8ba84e4c4ea6e59f639fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp4D7C.tmp

Filesize
29KB

MD5
bc4711c0d0fef47b7b0212668f019506

SHA1
81b2f112d5943ab4c03ad451106e0cc961fed652

SHA256
4113050aac9d93bcd998e81edae83fb35d7405f12ae336aedb13976938354d51

SHA512
f032f3468301ed8adb7b106e3ec3f45a05baae52180beb177f2694a7bac1c9edc9d57a6886bff449d566a83070d96d2bec76664b859f556f124ea143e3944fff

Download Submit
C:\Users\Admin\AppData\Local\Temp\zincite.log

Filesize
288B

MD5
7ea1906c22e90d8812d89b1081db5b1a

SHA1
49e81b8c1bf7121ef2956d26f801fe1e0de66878

SHA256
3a538a3eb6422e7dc826d2319dd1b07494748bef36378a667b2d36b152b01b07

SHA512
5a229bc8a596c91f7a749879f693ef4eb699dbba0e6cfc6ce9b7bf28001cd16f83c681280a5e7a6a9dec8ccdf7361ee609f6c9044705c7fc80235492674ffbad

Download Submit
C:\Users\Admin\AppData\Local\Temp\zincite.log

Filesize
288B

MD5
36828f13ff587f93b0d97bf551f3d650

SHA1
40a0a47d0c51a9c98a1c36abaa9c90306fa651f7

SHA256
f8b872cec66276e54d9520d8af8156a973331ae90d4d9f814e2f63d5b03c7e6e

SHA512
2cf08046698b0fecb512cec810aad3c517537049cfc2d432690e445de031e81fc487e8888cda13e9fc0998c8b69ac195687ef9a45369e98b95c1237aefee8425

Download Submit
C:\Users\Admin\AppData\Local\Temp\zincite.log

Filesize
288B

MD5
924f3b3af75a5f36fff71a30222875c8

SHA1
d134131cf5badd0214bdeef29a2bdccaaedc7a83

SHA256
d770d963756b044b3ef61e000e702d204d8160f06d5fd521337f58ac0f4fb4a4

SHA512
94d8eb7c637b00a34b903b220d162f7bbebffceffc40a412ec945e0301a6e8d5461f66fc079b2771b537b8692c921a29e41e61cbb0fbca439cef08023ac53bc6

Download Submit
C:\Users\Admin\AppData\Local\Temp\zincite.log

Filesize
288B

MD5
fd07758f79771c94042b5d374aecbc2a

SHA1
1e2fc4155efbe5db8f6b8313d3cfbb3febb5fc1f

SHA256
e5954f5c51bfaf2ae787dca4e612410bfc011e1fc359eab5677f80274ebdeaa8

SHA512
21bde7e9593caba0eb54311ec701b98e78837e0b06205b1d58c39d718c00277a1d85c15acbfc8827facca4a88df32546c8560410595a8386e755c4e90fe15f17

Download Submit
C:\Windows\services.exe

Filesize
8KB

MD5
b0fe74719b1b647e2056641931907f4a

SHA1
e858c206d2d1542a79936cb00d85da853bfc95e2

SHA256
bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c

SHA512
9c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2

Download Submit
C:\Windows\services.exe

Filesize
8KB

MD5
b0fe74719b1b647e2056641931907f4a

SHA1
e858c206d2d1542a79936cb00d85da853bfc95e2

SHA256
bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c

SHA512
9c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2

Download Submit
memory/3632-483-0x0000000000500000-0x0000000000510200-memory.dmp

Filesize
64KB

Download
memory/3632-0-0x0000000000500000-0x0000000000510200-memory.dmp

Filesize
64KB

Download
memory/3632-344-0x0000000000500000-0x0000000000510200-memory.dmp

Filesize
64KB

Download
memory/3632-13-0x0000000000500000-0x0000000000510200-memory.dmp

Filesize
64KB

Download
memory/3632-154-0x0000000000500000-0x0000000000510200-memory.dmp

Filesize
64KB

Download
memory/3632-685-0x0000000000500000-0x0000000000510200-memory.dmp

Filesize
64KB

Download
memory/3860-36-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/3860-50-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/3860-48-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/3860-43-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/3860-38-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/3860-345-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/3860-31-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/3860-514-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/3860-686-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/3860-26-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/3860-24-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/3860-19-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/3860-14-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/3860-155-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/3860-6-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads