vjw0rm | 39a2e082897abaaf11cc9e955d4b1dff633be28a0be463b748c3bd6dc6dfd6ec

Analysis

max time kernel
0s
max time network
131s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
22-12-2023 13:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a9b85388aae2c05a662703488dc484b0.js
Size

910KB
MD5

a9b85388aae2c05a662703488dc484b0
SHA1

461f673f7af1f372e42fd4e8e6edbd60ddbb5dc7
SHA256

39a2e082897abaaf11cc9e955d4b1dff633be28a0be463b748c3bd6dc6dfd6ec
SHA512

abd01d08176c3fd6e45407f9222d5b02d60d719ea82366c4431282a1779e28cedeb4923f0c897e8d9df3b3ee3f05d10c509c0e3861119f8a712b9cca809384a7
SSDEEP

12288:eIziPJqueLX4tD3WYFztROhdbmtdPzNiXPLqnqXHBIqRNMeM3VJcSTj/qrqx9W9y:eIeoq3WYZPtdPzE5NWfhqrAIMfCPA

Score

10^/10

vjw0rm persistence trojan worm

Malware Config

Signatures

Vjw0rm
Vjw0rm is a remote access trojan written in JavaScript.
trojan worm vjw0rm

Drops startup file 2 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vTTsXwVcli.js	WScript.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vTTsXwVcli.js	WScript.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Windows\CurrentVersion\Run\SEJOKAOI5S = "\"C:\\Users\\Admin\\AppData\\Roaming\\vTTsXwVcli.js\""	WScript.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry key 1 TTPs 1 IoCs

Modify Registry

T1112

pid	Process
1656	reg.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2492 wrote to memory of 2380	2492	wscript.exe	20
PID 2492 wrote to memory of 2380	2492	wscript.exe	20
PID 2492 wrote to memory of 2380	2492	wscript.exe	20
PID 2492 wrote to memory of 2764	2492	wscript.exe	19
PID 2492 wrote to memory of 2764	2492	wscript.exe	19
PID 2492 wrote to memory of 2764	2492	wscript.exe	19

Views/modifies file attributes 1 TTPs 2 IoCs

evasion

Hidden Files and Directories

T1564.001

pid	Process
2504	attrib.exe
2536	attrib.exe

C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\a9b85388aae2c05a662703488dc484b0.js
1⤵
- Suspicious use of WriteProcessMemory
PID:2492
- C:\Program Files\Java\jre7\bin\javaw.exe
  "C:\Program Files\Java\jre7\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Roaming\hjmmusngc.txt"
  2⤵
  PID:2764
- - C:\Program Files\Java\jre7\bin\java.exe
    "C:\Program Files\Java\jre7\bin\java.exe" -jar C:\Users\Admin\AppData\Local\Temp\_0.70713688809555125904358048406866658.class
    3⤵
    PID:2660
  - - C:\Windows\system32\cmd.exe
      cmd.exe /C cscript.exe C:\Users\Admin\AppData\Local\Temp\Retrive4517774309571867814.vbs
      4⤵
      PID:2448
    - - C:\Windows\system32\cscript.exe
        
        cscript.exe C:\Users\Admin\AppData\Local\Temp\Retrive4517774309571867814.vbs
        5⤵
        
        PID:1800
  - - C:\Windows\system32\cmd.exe
      cmd.exe /C cscript.exe C:\Users\Admin\AppData\Local\Temp\Retrive1937504074861387410.vbs
      4⤵
      PID:2516
    - - C:\Windows\system32\cscript.exe
        
        cscript.exe C:\Users\Admin\AppData\Local\Temp\Retrive1937504074861387410.vbs
        5⤵
        
        PID:2412
  - - C:\Windows\system32\xcopy.exe
      xcopy "C:\Program Files\Java\jre7" "C:\Users\Admin\AppData\Roaming\Oracle\" /e
      4⤵
      PID:1684
  - - C:\Windows\system32\cmd.exe
      cmd.exe
      4⤵
      PID:1108
- - C:\Windows\system32\cmd.exe
    cmd.exe /C cscript.exe C:\Users\Admin\AppData\Local\Temp\Retrive8827673696518971254.vbs
    3⤵
    PID:2596
  - - C:\Windows\system32\cscript.exe
      cscript.exe C:\Users\Admin\AppData\Local\Temp\Retrive8827673696518971254.vbs
      4⤵
      PID:2932
- - C:\Windows\system32\cmd.exe
    cmd.exe
    3⤵
    PID:2164
- - C:\Windows\system32\cmd.exe
    cmd.exe /C cscript.exe C:\Users\Admin\AppData\Local\Temp\Retrive7844599090167446312.vbs
    3⤵
    PID:1608
- - C:\Users\Admin\AppData\Roaming\Oracle\bin\javaw.exe
    C:\Users\Admin\AppData\Roaming\Oracle\bin\javaw.exe -jar C:\Users\Admin\cUZBwVizSSd\voYZHMSwtjQ.PdyglH
    3⤵
    PID:936
- - C:\Windows\system32\attrib.exe
    attrib +h "C:\Users\Admin\cUZBwVizSSd"
    3⤵
    - Views/modifies file attributes
    PID:2504
- - C:\Windows\system32\attrib.exe
    attrib +h "C:\Users\Admin\cUZBwVizSSd\*.*"
    3⤵
    - Views/modifies file attributes
    PID:2536
- - C:\Windows\system32\reg.exe
    reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v vyZQspzeTXl /t REG_EXPAND_SZ /d "\"C:\Users\Admin\AppData\Roaming\Oracle\bin\javaw.exe\" -jar \"C:\Users\Admin\cUZBwVizSSd\voYZHMSwtjQ.PdyglH\"" /f
    3⤵
    - Modifies registry key
    PID:1656
- C:\Windows\System32\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Roaming\vTTsXwVcli.js"
  2⤵
  - Drops startup file
  - Adds Run key to start application
  PID:2380

C:\Windows\system32\cscript.exe
cscript.exe C:\Users\Admin\AppData\Local\Temp\Retrive7844599090167446312.vbs
1⤵
PID:3032

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Hide Artifacts

T1564

Hidden Files and Directories

T1564.001

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Retrive4517774309571867814.vbs

Filesize
276B

MD5
3bdfd33017806b85949b6faa7d4b98e4

SHA1
f92844fee69ef98db6e68931adfaa9a0a0f8ce66

SHA256
9da575dd2d5b7c1e9bab8b51a16cde457b3371c6dcdb0537356cf1497fa868f6

SHA512
ae5e5686ae71edef53e71cd842cb6799e4383b9c238a5c361b81647efa128d2fedf3bf464997771b5b0c47a058fecae7829aeedcd098c80a11008581e5781429

Download Submit
C:\Users\Admin\AppData\Local\Temp\Retrive8827673696518971254.vbs

Filesize
281B

MD5
a32c109297ed1ca155598cd295c26611

SHA1
dc4a1fdbaad15ddd6fe22d3907c6b03727b71510

SHA256
45bfe34aa3ef932f75101246eb53d032f5e7cf6d1f5b4e495334955a255f32e7

SHA512
70372552dc86fe02ece9fe3b7721463f80be07a34126b2c75b41e30078cda9e90744c7d644df623f63d4fb985482e345b3351c4d3da873162152c67fc6ecc887

Download Submit
C:\Users\Admin\AppData\Local\Temp\_0.70713688809555125904358048406866658.class

Filesize
128KB

MD5
4c1bd01b73d68be5a48b977bb4a61948

SHA1
ff07cf5cc64c55f1b4c010e87763087dd9ffb146

SHA256
a4298bd9f17d202dd9cb60ab434bbf2cb0a36d54ff15912a1a2ca7476aef8337

SHA512
b0f1bfd417b5567b4e4c7e26249163e21f5292b4bebd4b84a334e95bfb9ebdfe0e265dd9f35506aae2680839697cd4ad4cf6e35bc248016efd6c3e5346abbe3c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3818056530-936619650-3554021955-1000\83aa4cc77f591dfc2374580bbd95f6ba_67e5d042-ed1d-4531-931d-573ca9a1f24d

Filesize
45B

MD5
c8366ae350e7019aefc9d1e6e6a498c6

SHA1
5731d8a3e6568a5f2dfbbc87e3db9637df280b61

SHA256
11e6aca8e682c046c83b721eeb5c72c5ef03cb5936c60df6f4993511ddc61238

SHA512
33c980d5a638bfc791de291ebf4b6d263b384247ab27f261a54025108f2f85374b579a026e545f81395736dd40fa4696f2163ca17640dd47f1c42bc9971b18cd

Download Submit
C:\Users\Admin\AppData\Roaming\Oracle\bin\javaw.exe

Filesize
64KB

MD5
66c186c16cfcd9943bdd430ad58bc58e

SHA1
eedcbf1361d285ebe7b7c269cb5e42b1ced3ab82

SHA256
bbcb0fdc3a4e025d4e0f6bd6afc048a20413ed9f09a4f632810b0a66250fc537

SHA512
5558b456188c9c0b5e5bd39a2950c0f70e8312986eccaeb47483b1107304345bea29254dc973bbb0be35a01251aa75258acaa47678233804b0213fe2a87225d6

Download Submit
C:\Users\Admin\AppData\Roaming\Oracle\bin\plugin2\msvcr100.dll

Filesize
809KB

MD5
df3ca8d16bded6a54977b30e66864d33

SHA1
b7b9349b33230c5b80886f5c1f0a42848661c883

SHA256
1d1a1ae540ba132f998d60d3622f0297b6e86ae399332c3b47462d7c0f560a36

SHA512
951b2f67c2f2ef1cfcd4b43bd3ee0e486cdba7d04b4ea7259df0e4b3112e360aefb8dcd058becccacd99aca7f56d4f9bd211075bd16b28c2661d562e50b423f0

Download Submit
C:\Users\Admin\AppData\Roaming\Oracle\lib\amd64\jvm.cfg

Filesize
703B

MD5
ab035b969e9bcf200cbdfd1158d475a7

SHA1
e36c2a8e62edf04b3b8f282c28e9408ee6d1da10

SHA256
940c29cd2a34a9d84275e3b526d595eec6e08ba5f7f0806fc545ce0d26fe9024

SHA512
2f96657645a4e25e80ac684c00bd931857ab91e72c9411024f5de06ab629de0a7c79ae13efef9ccba6bd19442d823ea840d066ba133bfd89144dd6c0eb0b32bf

Download Submit
C:\Users\Admin\AppData\Roaming\Oracle\lib\deploy\messages_zh_TW.properties

Filesize
3KB

MD5
0547e7c8dade7157d58f6bf5e74bcce7

SHA1
f1ef0a100276e7d3adf38b9fbb802d12f4bb8d9f

SHA256
6953ed5729acafb594c9e81b970f946848453abc6033d4b5519870b58c72abac

SHA512
b213982a0935465b8d468822912169457b60a55382eba7ee39c62be953512a2d524aa6d01953d05dab981b72c417e62bcdff661bac99534e54778f906ad44d6b

Download Submit
C:\Users\Admin\AppData\Roaming\Oracle\lib\images\cursors\win32_CopyNoDrop32x32.gif

Filesize
153B

MD5
1e9d8f133a442da6b0c74d49bc84a341

SHA1
259edc45b4569427e8319895a444f4295d54348f

SHA256
1a1d3079d49583837662b84e11d8c0870698511d9110e710eb8e7eb20df7ae3b

SHA512
63d6f70c8cab9735f0f857f5bf99e319f6ae98238dc7829dd706b7d6855c70be206e32e3e55df884402483cf8bebad00d139283af5c0b85dc1c5bf8f253acd37

Download Submit
C:\Users\Admin\AppData\Roaming\Oracle\lib\zi\Etc\GMT

Filesize
27B

MD5
7da9aa0de33b521b3399a4ffd4078bdb

SHA1
f188a712f77103d544d4acf91d13dbc664c67034

SHA256
0a526439ed04845ce94f7e9ae55c689ad01e1493f3b30c5c2b434a31fa33a43d

SHA512
9d2170571a58aed23f29fc465c2b14db3511e88907e017c010d452ecdf7a77299020d71f8b621a86e94dd2774a5418612d381e39335f92e287a4f451ee90cfb6

Download Submit
C:\Users\Admin\AppData\Roaming\Oracle\lib\zi\Etc\GMT+10

Filesize
27B

MD5
715dc3fcec7a4b845347b628caf46c84

SHA1
1b194cdd0a0dc5560680c33f19fc2e7c09523cd1

SHA256
3144bc5353ebbd941cdccbbd9f5fb5a06f38abf5cc7b672111705c9778412d08

SHA512
72ab4b4ad0990cce0723a882652bf4f37aac09b32a8dd33b56b1fbf25ac56ae054328909efd68c8243e54e449d845fb9d53dd95f47eaaf5873762fcd55a39662

Download Submit
C:\Users\Admin\AppData\Roaming\Oracle\lib\zi\Etc\GMT+2

Filesize
27B

MD5
e256eccde666f27e69199b07497437b2

SHA1
b2912c99ee4dff27ab1e3e897a31fc8f0cfcf5d7

SHA256
9e971632a3e9860a15af04efec3a9d5af9e7220cd4a731c3d9262d00670496a5

SHA512
460a225678c59a0259edef0c2868a45140ce139a394a00f07245cc1c542b4a74ff6fe36248f2fccc91a30d0a1d59d4ebcc497d6d3c31afad39934463f0496ee4

Download Submit
C:\Users\Admin\AppData\Roaming\Oracle\lib\zi\Etc\GMT+5

Filesize
27B

MD5
a2abe32f03e019dbd5c21e71cc0f0db9

SHA1
25b042eb931fff4e815adcc2ddce3636debf0ae1

SHA256
27ba8b5814833b1e8e8b5d08246b383cb8a5fb7e74e237cdbcadf320e882ab78

SHA512
197c065b9c17c6849a15f45ac69dafa68aaa0b792219fedb153d146f23997bfa4fbc4127b1d030a92a4d7103bded76a1389df715b9539ea23ea21e6a4bb65fb2

Download Submit
C:\Users\Admin\AppData\Roaming\Oracle\lib\zi\Etc\GMT+7

Filesize
27B

MD5
11f8e73ad57571383afa5eaf6bc0456a

SHA1
65a736dddd8e9a3f1dd6fbe999b188910b5f7931

SHA256
0e6a7f1ab731ae6840eacc36b37cbe3277a991720a7c779e116ab488e0eeed4e

SHA512
578665a0897a2c05eda59fb6828f4a9f440fc784059a5f97c8484f164a5fcec95274159c6ff6336f4863b942129cb884110d14c9bd507a2d12d83a4e17f596d2

Download Submit
C:\Users\Admin\AppData\Roaming\Oracle\lib\zi\Indian\Christmas

Filesize
27B

MD5
02bc5aaee85e8b96af646d479bb3307c

SHA1
1bf41be125fe8058d5999555add1ea2a83505e72

SHA256
e8d8d94f0a94768716701faa977a4d0d6ef93603de925078822f5c7a89cc8fca

SHA512
e01d82ac33729e7ee14516f5d9ff753559f73143c7aa8a25ed4cc65b59dc364b1a020bc28427f8ec43fec8ef139cf30b09e492d77f15d7b09ae83240cdf8bc14

Download Submit
C:\Users\Admin\AppData\Roaming\Oracle\lib\zi\MET

Filesize
1KB

MD5
df1d6d7601b75822e9cf454c03c583b6

SHA1
966737a61ec5f9bcac90154389f5249ca6c0e1e2

SHA256
f3936669b75c67d577d93655b07629b30371aefd32845f69d7cef09b27409d8c

SHA512
50f1943794f84faa26ec8aa1175d98dac365ad3a48eda7b1899e57f1e7fe88365d595403131df926c0471900bf1dcf43f534c57bfb2fb33fe5a81870f4e103ba

Download Submit
C:\Users\Admin\AppData\Roaming\Oracle\lib\zi\Pacific\Port_Moresby

Filesize
27B

MD5
ab2fd12cd39fd03d4a2aef0378c5265c

SHA1
4a75ef59534203a4f19ea1e675b442c003d5b2f4

SHA256
df69a28476e88043eba1f893859d5ebf8a8d5f4f5a3696e0e0d3aa0fe6701720

SHA512
a82567f84dd4300733cd233d1b8fd781e73eaf62f2f6d5e33a4129418d9b0dfc1001e1fa3deeed9a8129acd0ecc0e1153bfb154f93f26a4ca484c04e753808bf

Download Submit
C:\Users\Admin\AppData\Roaming\Oracle\lib\zi\SystemV\AST4

Filesize
27B

MD5
090c3805a378e5c6f9170de1f08505a0

SHA1
b462772078f0264c175f7c9998a8e39d6e4bcc64

SHA256
4ddfc9ed251c2298e6fca3a0742de925442d9164ba230d28e869097d27b74415

SHA512
67e57206bff887539568596789c8d77bbb843a97a8ea2ae373225ad4c4fd185b6e602d9b171232a2b8811f2911778b9152ba08daac355e7eeb2e1558b1555763

Download Submit
C:\Users\Admin\AppData\Roaming\Oracle\lib\zi\SystemV\CST6

Filesize
27B

MD5
37e9ac1310a963cd36e478a2b59160f8

SHA1
1406eaa01d4eea3b26054871f7d738e4630500e9

SHA256
04c9e4b0f69a155074b9ff26351265f78090c7ea2f23c5593b7130b4eb1e5e32

SHA512
0ccc4e958bd34c2a28dca7b9fc3e9ca018ffc6c54d0f24e3db40e86f0bfc5a232228288cce38350bf8140b98c74658d2616e2ef15b2a085a590711cf975982e1

Download Submit
C:\Users\Admin\AppData\Roaming\Oracle\lib\zi\SystemV\PST8

Filesize
27B

MD5
f49040ffcebf951b752c194a42ed775e

SHA1
4632642740c1db115843409f0bc32b9ca8d834d7

SHA256
7422b2a82603f03d711b7ac7a9bebe5d1e4d9307cd283ce3d2714af46362f934

SHA512
f7be16b8418f2d57132ccd6b65f40296c80aa2d34634dee839eb2b50c45cb511db1135f8816956bfa90f4f0ca298909adf70787cd8c9e30c894e836f32ef5ed6

Download Submit
C:\Users\Admin\AppData\Roaming\Oracle\lib\zi\SystemV\YST9

Filesize
27B

MD5
4fae101fead3cd098a57d1715ca79a97

SHA1
f0a556f72dea44bd4065cb874398994005bc5237

SHA256
fbc6ae3bcdbdd8c91acc153bde0862d443afd70b211404879c36045442524b56

SHA512
c9d2e4c94b8b0e87b251cc22b8e96799268545e73a9ba3cde726ac0797d6c3288344615bcf30fbe8135e7ddb8d429958357b1ba03a7e953a2c7c8eac3c5dde8f

Download Submit
C:\Users\Admin\AppData\Roaming\hjmmusngc.txt

Filesize
479KB

MD5
c67d02c567461d6fad607a89ac1084b8

SHA1
1c8af842bda12c315b7a78b4a44f3c4e8a1721a9

SHA256
13510f3ee14e47e2fc457215420e795f0959e33411e4fa2e8a889a3c7fb858d9

SHA512
9151cfaff17d3cd2d832ad5a4e9fbcf93e49c955a1ed0748d67d9df307d7714bff346caa4239482ca676697ee48c689759f3ef86fd360e47e8910246dce0a043

Download Submit
C:\Users\Admin\AppData\Roaming\vTTsXwVcli.js

Filesize
9KB

MD5
e068ea577e83f36e6f5a3a64bd763648

SHA1
83764893b98e89350c261609b76b0fd812b44630

SHA256
d75a2e8e930b82f2cf2e751b298294f5594d74ff68aa65ca27ff6c1eb46730b6

SHA512
ed0d2fa859b239f84d736dc138a9a7c100cececdf565ed6a2d401ef9f20b526feffee4587eaf93697d9bb7db33f8bc8eb91a66d70b08645b913d1f6edcea47c6

Download Submit
C:\Users\Admin\cUZBwVizSSd\ID.txt

Filesize
47B

MD5
a9e27c23bcd44e106e471bcd564fd1de

SHA1
f3faf203fa18d78f67b9dcea57996e291748391b

SHA256
48466afc34711ef085719b6d153a72b0db9380a1585f5b308629dc547d9c9224

SHA512
bcdda38f9fb6a6aa7a8866ed6002612ac47a872790d8b0095e789af80fd6a402b349771192b424caf657205b70f50ad685cb866bc9c0114fa239d1482dd57d44

Download Submit
C:\Windows\System32\test.txt

Filesize
778B

MD5
9620fbb0162dea81a06b14858dfcc587

SHA1
072309c52593857daafe5d771efee8a2797768df

SHA256
caf13f072d442e76acf379fd2dcb31cd9c8a13aa1c6efe63c1f1afb3071008f4

SHA512
8be0c462c930b745b7e04cf40b46969ec4c540efe2a9a7b7284eef6fec0217e2985ae6dcf94e531de4d328fb049b0e5044f57aa009be771e6f1553812e0be11c

Download Submit
\Users\Admin\AppData\Roaming\Oracle\bin\java.dll

Filesize
64KB

MD5
e9fcf14c70d1f9fc377ad4f5d67512fd

SHA1
cdfc10aa7debaa3ae67f041c344bbf8f65c65d2f

SHA256
6127590d1cfaeefb5410a25c4d22afc95c3c082d841989be8f395e7f076f25b9

SHA512
ad2ede596b9935390ae66574857bc66542f0e7fa2818321e107cb79c348aa59562fac5d20e2a015cf13029537265937ac85e4e9561f931551ab819c845a346ee

Download Submit
\Users\Admin\AppData\Roaming\Oracle\bin\java.dll

Filesize
128KB

MD5
e28c1af8c0056e682edf12c307bd8387

SHA1
de63ed4c935e869023a1d97a2911981a69b9882a

SHA256
6723cdafed1e95b57b98ab1f55f9df8a5f941d300305b37f74ec83de1f85abaf

SHA512
c8a5dce685575202bbff7cb5882a8501cf6f4640db46e869b05cac764d748b333a86231cd348c5445da80ef727e8e1e468ad0bfa4961780a8daff5fae1fa62b7

Download Submit
\Users\Admin\AppData\Roaming\Oracle\bin\verify.dll

Filesize
47KB

MD5
ffa8f0ee3aace64fac7f55cb718472a9

SHA1
d199b599dd062737c64e49213088b4e568418a1c

SHA256
4484408f77c26aec4229a8c3b0b7a3199590f338ffc23b480df0515f4b76cbff

SHA512
2298afdad7e5b8f98ff3e28c14a51ab533b03ec89d02a061473f2d67e1c49797bd74308d7a6a0dab23fab7bf8908f89921e52a010832ab601d646b09d5c4884f

Download Submit
\Users\Admin\AppData\Roaming\Oracle\bin\zip.dll

Filesize
75KB

MD5
4b4153f3ae3454a5d9dae1b41846e908

SHA1
6082bb1a46ea5b1a6cd3e2bcae196c532f56050d

SHA256
09ecb4d529a7aef436e0b629aaa8d4717886bedc65223e6b693358369efe6160

SHA512
07398432f2efc2a29f569cf3f421f36b2bf2ca60c71c6a1d193b2b1c0b2ce4b4433029f9c37c79d0bd912c1dda3e1a90a1da9836531145cd6b003b45d9f1946d

Download Submit
memory/2660-1866-0x0000000000440000-0x0000000000441000-memory.dmp

Filesize
4KB

Download
memory/2660-49-0x0000000000440000-0x0000000000441000-memory.dmp

Filesize
4KB

Download
memory/2660-24-0x00000000025C0000-0x00000000055C0000-memory.dmp

Filesize
48.0MB

Download
memory/2660-35-0x0000000000440000-0x0000000000441000-memory.dmp

Filesize
4KB

Download
memory/2660-77-0x00000000025C0000-0x00000000055C0000-memory.dmp

Filesize
48.0MB

Download
memory/2660-72-0x0000000000440000-0x0000000000441000-memory.dmp

Filesize
4KB

Download
memory/2660-70-0x0000000000440000-0x0000000000441000-memory.dmp

Filesize
4KB

Download
memory/2660-1853-0x0000000000440000-0x0000000000441000-memory.dmp

Filesize
4KB

Download
memory/2764-10-0x0000000002580000-0x0000000005580000-memory.dmp

Filesize
48.0MB

Download
memory/2764-28-0x0000000000130000-0x0000000000131000-memory.dmp

Filesize
4KB

Download
memory/2764-55-0x0000000000130000-0x0000000000131000-memory.dmp

Filesize
4KB

Download
memory/2764-79-0x0000000000130000-0x0000000000131000-memory.dmp

Filesize
4KB

Download
memory/2764-82-0x0000000000130000-0x0000000000131000-memory.dmp

Filesize
4KB

Download
memory/2764-73-0x0000000000130000-0x0000000000131000-memory.dmp

Filesize
4KB

Download
memory/2764-56-0x0000000000130000-0x0000000000131000-memory.dmp

Filesize
4KB

Download
memory/2764-1881-0x0000000000130000-0x0000000000131000-memory.dmp

Filesize
4KB

Download
memory/2764-1878-0x0000000000130000-0x0000000000131000-memory.dmp

Filesize
4KB

Download
memory/2764-59-0x0000000002580000-0x0000000005580000-memory.dmp

Filesize
48.0MB

Download
memory/2764-65-0x0000000000130000-0x0000000000131000-memory.dmp

Filesize
4KB

Download
memory/2764-88-0x0000000000130000-0x0000000000131000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads