Analysis Overview
SHA256
08d4585a7c6f6f1734b0d69ac75373b3d5c346489645cfe6257ebe4a408f522b
Threat Level: Known bad
The file SERVER.exe was found to be: Known bad.
Malicious Activity Summary
njRAT/Bladabindi
Njrat family
Unsigned PE
Enumerates physical storage devices
Modifies registry class
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-01-17 12:34
Signatures
Njrat family
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-01-17 12:34
Reported
2024-01-17 13:05
Platform
win7-20231215-en
Max time kernel
1564s
Max time network
1567s
Command Line
Signatures
njRAT/Bladabindi
Enumerates physical storage devices
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0 | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0" | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000 | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02 | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000_Classes\Local Settings | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1" | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000007800000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1" | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 19002f433a5c000000000000000000000000000000000000000000 | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4" | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257" | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\MRUListEx = ffffffff | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1 | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Generic" | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0 = 94003100000000008f577384110050524f4752417e3200007c0008000400efbeee3a851a8f5773842a00000011010000000001000000000000000000520000000000500072006f006700720061006d002000460069006c0065007300200028007800380036002900000040007300680065006c006c00330032002e0064006c006c002c002d0032003100380031003700000018000000 | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\KnownFolderDerivedFolderType = "{57807898-8C4F-4462-BB63-71042380B109}" | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = 00000000ffffffff | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\NodeSlot = "1" | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 | C:\Windows\SysWOW64\rundll32.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\SERVER.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\SERVER.exe
"C:\Users\Admin\AppData\Local\Temp\SERVER.exe"
C:\Windows\SysWOW64\rundll32.exe
"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\Svhost
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Svhost"
Network
Files
memory/2480-0-0x0000000000D20000-0x0000000000D32000-memory.dmp
memory/2480-1-0x0000000074BE0000-0x00000000752CE000-memory.dmp
memory/2480-2-0x0000000004D00000-0x0000000004D40000-memory.dmp
memory/2480-5-0x0000000074BE0000-0x00000000752CE000-memory.dmp
memory/2736-6-0x00000000037E0000-0x00000000037E2000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Svhost
| MD5 | f8a35dfdebb9b6ee5f1ea10a4a492bfb |
| SHA1 | eefc78908390cb6ef9604dd5649a167f254f8da7 |
| SHA256 | 08d4585a7c6f6f1734b0d69ac75373b3d5c346489645cfe6257ebe4a408f522b |
| SHA512 | b1bc6cbeae3a89227c4c8733fa6601720986babff129883b32a298b87fa9fb63f84f3a4d0cd45056e10f656357b4057cec4f5a29f0e6202d749d47a44dc1c329 |
C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
| MD5 | a9a0a238eacf93892adbf8fbdb6a2eb9 |
| SHA1 | 3587c3c41c4c312479167cd97afe15dac1724d2c |
| SHA256 | b98d0d7926bfd574dae347c415e5b7f82a027d0ae169e66cf6b3d74c98dfd727 |
| SHA512 | a3f4b9a269f96c96f3029e81964b4dc0aac7b0ce75ea31d4af38b8d98f4caf25356c36e46fc2275c50298af97215fe189ab5c7b338aa2e2538781aabf739ed44 |
C:\Users\Admin\Desktop\GrantFind.php
| MD5 | a6aa4d1643e99e1e621a9abb3e5e8d80 |
| SHA1 | e5eb28142c06a366db7a74e1592237856fe1d08b |
| SHA256 | f899771422fcc981b06260af7c6262ade399cc26a7d53f882a9ed00a9f0abc50 |
| SHA512 | 97e59a9215f8cf57a4eeee8a83d3d889cc373a8a07e7e8b20aeaf61f2fc162fe5074f2a4ed988c5c38fa387fba9a4386a126627f020f16519602351b02232510 |
C:\Users\Admin\Desktop\LockStop.jpeg
| MD5 | eb2e8ed910e87dc82097b6f928d15549 |
| SHA1 | 738af4cadc821644b484df27ee12e4c0ec13891b |
| SHA256 | 83164374797c8108e94cff0aff9adf30c2a955ecf69fcd8e30b7aea1190f7762 |
| SHA512 | ad9559bba1f06994513ae2a5d5ec26cae0e8bbbf03b55b2fb587cb7951c186db436b320042e59cb919fd07e793c658c282be12230f3acbcbc48474685ff03f10 |
C:\Users\Admin\Desktop\PushSet.vdw
| MD5 | 6bb2e7bf7f5a045851c08caeb9e9855b |
| SHA1 | 170b39532fe5b528da33674bb2070376986527e3 |
| SHA256 | 9b482ff6d06483950f223923168885f77959da3053998c09fad6c49c823a81fc |
| SHA512 | 3f86f5e0fa86110185a37043cdbc0f9dd88e8d44a97b5bd40114abd4532985ad4d6f482f8897a787fcf42bd4831663937b3b53c47e9ca6942112cc5dc0374347 |
C:\Users\Admin\Desktop\PushUnblock.bmp
| MD5 | b5f2f6b198e8d977bd461b98b4184971 |
| SHA1 | 8f3c307184c00977d50b36bd4a56f85c2dd29dd8 |
| SHA256 | 715d8cad11e4f33f3fbab05fc7cc1c99277f65a503e389c10ff33a6831632fa3 |
| SHA512 | 8eee7cee9f8db26996356a73453f8a0c3387ee6b30981ac07305c73450682daabaa98a9622d75b7e791967e0ee2b60845e66b1100dc6376ba262f1a9b7efa731 |
C:\Users\Admin\Desktop\RestartUse.mp4
| MD5 | d124b1baec8849b95a171e4aaf7c401f |
| SHA1 | a1af2f03a9ca98db9c65267cab8d8f8e93c298f9 |
| SHA256 | d6ab7c9519aed1f9659c93d3b925158da0943bbdf8cb51ab04d1b1cb56391deb |
| SHA512 | 271cc7343c65104ca1fe55abcddf3e2737c8261e39e73a4b0b15c72a8c0018fc5ec890b83467d0db16d6dd3773b419c3a4cb8125a395f71c1cfbf0317079ca9b |
C:\Users\Admin\Desktop\RepairBackup.mid
| MD5 | 66af4bdf67a7b1188c7f49b07860c611 |
| SHA1 | 3bb9c1395a5493b23133a7d6b1953e6614423c6e |
| SHA256 | 6e15edbd504b4c4ecc76a7d21837a1638d3953875839e3147d94811828bf2d86 |
| SHA512 | 66cf72f894ca19f0b6b3796a99bdb8bffe64a102c8a6fdf0bcf4dc8e4824438f4421ae86bb1d7c6ea8dfe0877d8b53fee69e20fa2f3c069a3ef27cec6e76ec12 |
C:\Users\Admin\Desktop\SearchConvertTo.jtx
| MD5 | 077b730d223b97c23ea2919d0f7c6eea |
| SHA1 | bb9fc7c534e832f99b7d6352b50c708134ee5067 |
| SHA256 | caa90abe0fd75f60b4b429ca9c88cc7027682d1948f94f7f13a1ae15adb80c74 |
| SHA512 | 03eaa2ff47ff23979662fa066b71a2d9f8122116a588f795fd55c07eb0fac01dc8b85dd2d81265227179260d6db6302161b26ccabcd3b07cff0533c2303956b1 |
C:\Users\Admin\Desktop\StepEnable.AAC
| MD5 | 32e0da5f60b7739432ba9bfa3da35834 |
| SHA1 | 894760669e2c538485b4a0af6dc8a2e324d4931a |
| SHA256 | 68383190dcdbe352008bb047e48741f1b6000d8a0a6eb0464b9af7135664f8ab |
| SHA512 | 51d6f3a09185ab61fa3c3a2bdd221e41522d14a6182be748e0416b6b28ba363ec39e6b29906eb1c836507b318f60c195b5decdeafca7294f2a79666f0094ed8d |
C:\Users\Admin\Desktop\ConvertRequest.gif
| MD5 | ea79d3bc3f53a1a177df3788f3187407 |
| SHA1 | 4fe46913882b24a734eb7777d9354709125b2796 |
| SHA256 | 2b7662cdec5dabe86f5cca5c4976bece52528e6ff5a281a3251c06aafffdc84d |
| SHA512 | b7da6887fc150ab8087837fb8de0a056b846f38fc738f72d18ef82c4a21204de7ce24eef2d9895b911c08f9cc92cc24f7da379b444d49edb0ebdc77f6c876fe0 |
C:\Users\Admin\Desktop\CompleteAdd.au
| MD5 | 049243b39f5292eb7bcb814c6aa54d25 |
| SHA1 | a6d47f2a6c16c82db4f885624d3a2e103a3b3b84 |
| SHA256 | a77f7c88c26cc44fd5b06c20bed137e2516b0311e3e2b9bb8efa55f2826e1a0f |
| SHA512 | 82c7583a83b148a19517455cb1acd4457e4d31b49465de07d10fc5f28cb957b9ccd7d37cfea91c328822c8c0c708673db8e7013af69d944fe39ffbcdd88ee642 |
C:\Users\Admin\Desktop\ClearSave.vsx
| MD5 | 3a0bc6c0c7e8850d487e16249e95982c |
| SHA1 | 1949c6d10746dead907ecd20c715e07d22486dd5 |
| SHA256 | 5fa4e8e78d8d5bf1029bcc12c18255cedee0763558147f6a32ab4df515d5347a |
| SHA512 | 60c6974c86bdfe5f215cda2079fa7bc7930184dcaae740644572d1bed896296bd1aeb9b2b1d0cddc7dae6e0b1d8b1b75f4d05a6fca8a54ee3f91bd448556bea5 |
C:\Users\Admin\Desktop\EnableInstall.7z
| MD5 | 09bc3fd7369269e606e6d230468c2c56 |
| SHA1 | 40b030d34d1c2f31c60357204ef96826d9700240 |
| SHA256 | 6319ed841f28b79b82835b8d263c7e2d22a735da16a31b7acb5fa975ba965a61 |
| SHA512 | b9a6bad60415af48d88460326e493a84df7d05056f197bdc7baf54658d05a29bfa9cc83d9b0c7f39a6792016f9a56786a3416be9afba3d255e2dbe974b64ed39 |
C:\Users\Admin\Desktop\WatchConnect.edrwx
| MD5 | 530460d7bcb7fe55f4d3fb1f2ea8f57d |
| SHA1 | 56615209ffc730784e924a0a027154b7cce4f54e |
| SHA256 | 00aa0f6e9b051b732d7f9b7c81cae180055c38c9efc75ec3813deb1ac9274a7f |
| SHA512 | 4371d43bf62652c277e141ed1ad417e11c7205b8a2745d21b053be1363c13acf50dd8ef54e66d22d380161aad5b3d777d901a6793fdb690123eced259bebe168 |
C:\Users\Admin\Desktop\WaitPublish.reg
| MD5 | 042e9ce452235a87892900b33fd1e74c |
| SHA1 | 01d2e091dedae27afc87f7c66202eab72601aec3 |
| SHA256 | 7c468d1d98c595d58914ee7149185050edcc5878a1f29ad33759f7eaf15e47f9 |
| SHA512 | 4ae29c058454b782b11768ea3c1f0e63e161aae64b4928297097066bc06200853d86bf01d2959acdbf6d1f047306f0928ba3a3476b1585e514787ac340c97bc4 |
C:\Users\Admin\Desktop\UnlockJoin.rar
| MD5 | 276164dc0d0c505115d3746e4a927990 |
| SHA1 | 47e301c44c9f1ea190e99764c7b4b0b967a0098d |
| SHA256 | b1f69a3274140cb430b57b735cd9a590269b4189981c86c27d0a870ce2263e10 |
| SHA512 | 51d5961d09645dd52d4814f9fffc33dc948b3fa2b95251a9004b0cfb5672be0c10e0d5cf0d8751cdbb6beff5e24a6ccc3e17d138dcdc2304337e12711e5b570c |
C:\Users\Admin\Desktop\TestFind.xls
| MD5 | 8769e43d17dc551f0f4f9f03fcc19e88 |
| SHA1 | 79aa06fe6a291bee16a50958ddbb731c9b3c25b1 |
| SHA256 | 7bffd86938b43892d0aee9d1981c6b5336b80cf33a6b7e9fabfbce43bc8c61b7 |
| SHA512 | cc4eae491f1d9db1ad6a1983c78ca308b467b4f81ed99d8155ac06af8ca7084f47c020b0f2feccf275ca6faaf7648bcbbde3ab2d4cf4bcc28db668d702f0f912 |
C:\Users\Admin\Desktop\TestConnect.mht
| MD5 | f3f65912b163644168755633b632c319 |
| SHA1 | abba8631f54ab649beeb27cd33c6b09f07273fd7 |
| SHA256 | 2c0621d1c7e698f54fcc3f057616e3c9d952ccd2df8d12d752e9bc32e8bbe72e |
| SHA512 | 8c064011edaf6bf2d33b757f561ac45eef8baeea92472eae2cc8d63e7782e14ceb3171143070e64d244e4d1f13b6c88828bf69707176defd5ff55e6894abeb01 |
C:\Users\Admin\Desktop\EnableUnlock.bin
| MD5 | 79cc691ba34f25eb9c38879947d785e2 |
| SHA1 | 789ca8b1927c9602d2b17461c70478b4ea52b806 |
| SHA256 | d77d478b8d08f6a5a83006c4be2fe5108f5cccb94f4fde376447666074228858 |
| SHA512 | a367623c6f6d4c93f35b83c59b9f42471fb8f81668e5daca40e8fabe568b7e53c380f812f31083c2d8ed6435af40c3ea790e0fbe7cabbc7a5450cc972024923e |
C:\Users\Admin\Desktop\StopRemove.dxf
| MD5 | fd49fb6f75a88ca5f76e9982d413bcb8 |
| SHA1 | 84f2136c32227b1e4e1098c21e95ba2e1f05b158 |
| SHA256 | b5e398506afcd359f99f5e6c2e40329d3c189acf7c7c86d3809039b726a820d5 |
| SHA512 | 66651f956c9a49c453e9b1e3baa7bb15a7130c3dd560dd63cbe78bd960d40c6f0efd8440afadd40ce3654f345ce247aeb50f4e562ed8d99b0315113cd342c491 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-01-17 12:34
Reported
2024-01-17 12:35
Platform
android-x86-arm-20231215-en
Max time network
2s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp |