4b30f308a5f0cf34361f5a53f2d73c523188adbbd9ac264275946197a3a8aa28

Resubmissions

03-03-2024 13:51

240303-q5vgpscb85 10

03-03-2024 13:45

240303-q2r76sbd9y 10

Analysis

max time kernel
20s
max time network
24s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
03-03-2024 13:45

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

Trojan.Win32.BossDaMajor.exe
Size

1.9MB
MD5

38ff71c1dee2a9add67f1edb1a30ff8c
SHA1

10f0defd98d4e5096fbeb321b28d6559e44d66db
SHA256

730a41a7656f606a22e9f0d68782612d6e00ab8cfe1260160b9e0b00bc2e442a
SHA512

8347782951f2647fe433482cb13186653afa32ee9f5be83a138c4ed47ff34d8de66a26e74b5a28ea21c1529b2078401922a9a26803772677b70489967c10f3e9
SSDEEP

49152:veG3J7FtM9SbJakTiTBMGSARaspyyx979PSxgKFdGlYU:2GZxSoJrTiTBMGtRa8t7EFddU

Score

10^/10

evasion persistence trojan

Malware Config

Signatures

Modifies WinLogon for persistence 2 TTPs 1 IoCs

persistence

Winlogon Helper DLL

T1547.004

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "explorer.exe, wscript.exe \"C:\\Program Files\\mrsmajor\\Launcher.vbs\""	wscript.exe

UAC bypass 3 TTPs 1 IoCs

evasion trojan

Bypass User Account Control

T1548.002

Disable or Modify Tools

T1562.001

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0"	wscript.exe

Disables RegEdit via registry modification 1 IoCs

evasion

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Windows\CurrentVersion\Policies\system\disableregistrytools = "1"	wscript.exe

Disables Task Manager via registry modification
evasion

Modifies system executable filetype association 2 TTPs 2 IoCs

persistence

Modify Registry

T1112

Change Default File Association

T1546.001

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\exefile\DefaultIcon	wscript.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\exefile\DefaultIcon\ = "C:\\Program Files\\mrsmajor\\Icon_resource\\SkullIco.ico"	wscript.exe

Drops file in Program Files directory 16 IoCs

description	ioc	Process
File created	C:\Program Files\mrsmajor\reStart.vbs	wscript.exe
File opened for modification	C:\Program Files\mrsmajor\CPUUsage.vbs	wscript.exe
File created	C:\Program Files\mrsmajor\def_resource\@Tile@@.jpg	wscript.exe
File created	C:\Program Files\mrsmajor\def_resource\f11.mp4	wscript.exe
File created	C:\Program Files\mrsmajor\def_resource\Skullcur.cur	wscript.exe
File created	C:\Program Files\mrsmajor\DreS_X.bat	wscript.exe
File created	C:\Program Files\mrsmajor\MrsMjrGui.exe	wscript.exe
File created	C:\Program Files\mrsmajor\MrsMjrGuiLauncher.bat	wscript.exe
File created	C:\Program Files\mrsmajor\WinLogon.bat	wscript.exe
File created	C:\Program Files\mrsmajor\def_resource\creepysound.mp3	wscript.exe
File created	C:\Program Files\mrsmajor\Icon_resource\SkullIco.ico	wscript.exe
File created	C:\Program Files\mrsmajor\Launcher.vbs	wscript.exe
File created	C:\Program Files\mrsmajor\Doll_patch.xml	wscript.exe
File created	C:\Program Files\mrsmajor\CPUUsage.vbs	wscript.exe
File created	C:\Program Files\mrsmajor\default.txt	wscript.exe
File created	C:\Program Files\mrsmajor\mrsmajorlauncher.vbs	wscript.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Control Panel 4 IoCs

evasion

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Control Panel\Cursors	wscript.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Control Panel\Cursors\Arrow = "C:\\Program Files\\mrsmajor\\def_resource\\skullcur.cur"	wscript.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Control Panel\Cursors\AppStarting = "C:\\Program Files\\mrsmajor\\def_resource\\skullcur.cur"	wscript.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Control Panel\Cursors\Hand = "C:\\Program Files\\mrsmajor\\def_resource\\skullcur.cur"	wscript.exe

Modifies registry class 11 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\mp3file\DefaultIcon\ = "C:\\Program Files\\mrsmajor\\Icon_resource\\SkullIco.ico"	wscript.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\mp4file\DefaultIcon\ = "C:\\Program Files\\mrsmajor\\Icon_resource\\SkullIco.ico"	wscript.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\inifile\DefaultIcon	wscript.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\inifile\DefaultIcon\ = "C:\\Program Files\\mrsmajor\\Icon_resource\\SkullIco.ico"	wscript.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\txtfile\DefaultIcon	wscript.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\txtfile\DefaultIcon\ = "C:\\Program Files\\mrsmajor\\Icon_resource\\SkullIco.ico"	wscript.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\exefile\DefaultIcon	wscript.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\mp4file	wscript.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\exefile\DefaultIcon\ = "C:\\Program Files\\mrsmajor\\Icon_resource\\SkullIco.ico"	wscript.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\mp3file\DefaultIcon	wscript.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\mp4file\DefaultIcon	wscript.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
2872	vlc.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2872	vlc.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2560	shutdown.exe
Token: SeRemoteShutdownPrivilege	2560	shutdown.exe

Suspicious use of FindShellTrayWindow 13 IoCs

pid	Process
2872	vlc.exe
2872	vlc.exe
2872	vlc.exe
2872	vlc.exe
2872	vlc.exe
2872	vlc.exe
2872	vlc.exe
2872	vlc.exe
2872	vlc.exe
2872	vlc.exe
2872	vlc.exe
2872	vlc.exe
2872	vlc.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
2872	vlc.exe
2872	vlc.exe
2872	vlc.exe
2872	vlc.exe
2872	vlc.exe
2872	vlc.exe
2872	vlc.exe
2872	vlc.exe
2872	vlc.exe
2872	vlc.exe
2872	vlc.exe
2872	vlc.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2872	vlc.exe

Suspicious use of WriteProcessMemory 24 IoCs

description	pid	Process	procid_target
PID 3048 wrote to memory of 2788	3048	Trojan.Win32.BossDaMajor.exe	28
PID 3048 wrote to memory of 2788	3048	Trojan.Win32.BossDaMajor.exe	28
PID 3048 wrote to memory of 2788	3048	Trojan.Win32.BossDaMajor.exe	28
PID 3048 wrote to memory of 2788	3048	Trojan.Win32.BossDaMajor.exe	28
PID 2788 wrote to memory of 2392	2788	wscript.exe	29
PID 2788 wrote to memory of 2392	2788	wscript.exe	29
PID 2788 wrote to memory of 2392	2788	wscript.exe	29
PID 2788 wrote to memory of 2924	2788	wscript.exe	31
PID 2788 wrote to memory of 2924	2788	wscript.exe	31
PID 2788 wrote to memory of 2924	2788	wscript.exe	31
PID 2924 wrote to memory of 1368	2924	wscript.exe	32
PID 2924 wrote to memory of 1368	2924	wscript.exe	32
PID 2924 wrote to memory of 1368	2924	wscript.exe	32
PID 2924 wrote to memory of 1368	2924	wscript.exe	32
PID 1368 wrote to memory of 2084	1368	wmplayer.exe	33
PID 1368 wrote to memory of 2084	1368	wmplayer.exe	33
PID 1368 wrote to memory of 2084	1368	wmplayer.exe	33
PID 1368 wrote to memory of 2084	1368	wmplayer.exe	33
PID 1368 wrote to memory of 2084	1368	wmplayer.exe	33
PID 1368 wrote to memory of 2084	1368	wmplayer.exe	33
PID 1368 wrote to memory of 2084	1368	wmplayer.exe	33
PID 2924 wrote to memory of 2560	2924	wscript.exe	35
PID 2924 wrote to memory of 2560	2924	wscript.exe	35
PID 2924 wrote to memory of 2560	2924	wscript.exe	35

System policy modification 1 TTPs 2 IoCs

evasion

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\system	wscript.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0"	wscript.exe

C:\Users\Admin\AppData\Local\Temp\Trojan.Win32.BossDaMajor.exe
"C:\Users\Admin\AppData\Local\Temp\Trojan.Win32.BossDaMajor.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3048
- C:\Windows\system32\wscript.exe
  "C:\Windows\sysnative\wscript.exe" C:\Users\Admin\AppData\Local\Temp\6BAE.tmp\6BAF.vbs
  2⤵
  - Drops file in Program Files directory
  - Suspicious use of WriteProcessMemory
  PID:2788
- - C:\Windows\System32\notepad.exe
    "C:\Windows\System32\notepad.exe"
    3⤵
    PID:2392
- - C:\Windows\System32\wscript.exe
    "C:\Windows\System32\wscript.exe" "C:\Program files\mrsmajor\mrsmajorlauncher.vbs" RunAsAdministrator
    3⤵
    - Modifies WinLogon for persistence
    - UAC bypass
    - Disables RegEdit via registry modification
    - Modifies system executable filetype association
    - Drops file in Program Files directory
    - Modifies Control Panel
    - Modifies registry class
    - Suspicious use of WriteProcessMemory
    - System policy modification
    PID:2924
  - - C:\Program Files (x86)\Windows Media Player\wmplayer.exe
      "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" "C:\Program Files\mrsmajor\def_resource\f11.mp4"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:1368
    - - C:\Program Files (x86)\Windows Media Player\setup_wm.exe
        
        "C:\Program Files (x86)\Windows Media Player\setup_wm.exe" /RunOnce:"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" "C:\Program Files\mrsmajor\def_resource\f11.mp4"
        5⤵
        
        PID:2084
  - - C:\Windows\System32\shutdown.exe
      "C:\Windows\System32\shutdown.exe" -r -t 03
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:2560

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\SearchWait.3gp2"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:2872

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x0
1⤵
PID:1064

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x1
1⤵
PID:1940

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Winlogon Helper DLL

T1547.004

Event Triggered Execution

T1546

Change Default File Association

T1546.001

Privilege Escalation

Abuse Elevation Control Mechanism

T1548

Bypass User Account Control

T1548.002

Boot or Logon Autostart Execution

T1547

Winlogon Helper DLL

T1547.004

Event Triggered Execution

T1546

Change Default File Association

T1546.001

Defense Evasion

Abuse Elevation Control Mechanism

T1548

Bypass User Account Control

T1548.002

Impair Defenses

T1562

Disable or Modify Tools

T1562.001

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\6BAE.tmp\6BAF.vbs

Filesize
1007B

MD5
5706bc5d518069a3b2be5e6fac51b12f

SHA1
d7361f3623ecf05e63bb97cc9da8d5c50401575c

SHA256
8a74eead47657582c84209eb4cdba545404d9c67dd288c605515a86e06de0aad

SHA512
fb68727db0365ab10c5b0d5e5e1d44b95aa38806e33b0af3280abcefae83f30eb8252653e158ac941320f3b38507649cce41898c8511223ee8642339cfece047

Download Submit
C:\Users\Admin\AppData\Local\Temp\6BAE.tmp\mrsmajor\CPUUsage.vbs

Filesize
92B

MD5
0e4c01bf30b13c953f8f76db4a7e857d

SHA1
b8ddbc05adcf890b55d82a9f00922376c1a22696

SHA256
28e69e90466034ce392e84db2bde3ad43ad556d12609e3860f92016641b2a738

SHA512
5e66e2793e7bc88066b8df3dccb554351287dea18207e280b69d7798ecd5cdc99bd4c126c3e394db9f45f54bb561e6688f928de4f638c5eca4f101dc2cea54a1

Download Submit
C:\Users\Admin\AppData\Local\Temp\6BAE.tmp\mrsmajor\DreS_X.bat

Filesize
360B

MD5
ba81d7fa0662e8ee3780c5becc355a14

SHA1
0bd3d86116f431a43d02894337af084caf2b4de1

SHA256
2590879a8cd745dbbe7ad66a548f31375ccfb0f8090d56b5e4bd5909573ac816

SHA512
0b768995187f988dc15d055f9689cee3ab3908d10b05a625b40d9757c101e067bbd6067ccbcf1951ebb683f5259eec562802ea6161d59475ce86cf6bc7c957f2

Download Submit
C:\Users\Admin\AppData\Local\Temp\6BAE.tmp\mrsmajor\Icon_resource\SkullIco.ico

Filesize
244KB

MD5
c7bf05d7cb3535f7485606cf5b5987fe

SHA1
9d480d6f1e3f17d5018c1d2f4ae257ae983f0bb5

SHA256
4c1cfbe274f993941ac5fa512c376b6d7344800fb8be08cc6344e6c16a418311

SHA512
d30952a75d94dd64b7bd253ed72810690f3550f2262cfaaef45854fc8334f6201a8cbafb9b175c6435f7ce0499567f2fa8667b4b0046bfb651bf61eb4278e6c8

Download Submit
C:\Users\Admin\AppData\Local\Temp\6BAE.tmp\mrsmajor\Launcher.vbs

Filesize
590B

MD5
b5a1c9ae4c2ae863ac3f6a019f556a22

SHA1
9ae506e04b4b7394796d5c5640b8ba9eba71a4a6

SHA256
6f0bb8cc239af15c9215867d6225c8ff344052aaa0deeb3452dbf463b8c46529

SHA512
a644c48562e38190720fb55a6c6e7d5ccfab60f362236fe7d63caebdc01758f17196d123fb37bd11f7e247ce8ab21812165b27496d3bd6ca5e2c5efefab8fb03

Download Submit
C:\Users\Admin\AppData\Local\Temp\6BAE.tmp\mrsmajor\MrsMjrGui.exe

Filesize
71KB

MD5
450f49426b4519ecaac8cd04814c03a4

SHA1
063ee81f46d56544a5c217ffab69ee949eaa6f45

SHA256
087fca40e079746b9c1dfaf777d3994c0321ea8f69d08238cdfc02fb109add1d

SHA512
0cae15d863120f4edc6b6dabfe2f0f3d2e028057025d7d5ffe615cde8144f29bdaf099850e91e101e95d13f8a83cb1410a06172dda25a5f92967abcbc8453cbc

Download Submit
C:\Users\Admin\AppData\Local\Temp\6BAE.tmp\mrsmajor\MrsMjrGuiLauncher.bat

Filesize
98B

MD5
c7146f88f4184c6ee5dcf7a62846aa23

SHA1
215adb85d81cc4130154e73a2ab76c6e0f6f2ff3

SHA256
47e6c9f62ffc41fbc555f8644ad099a96573c8c023797127f78b1a952ca1b963

SHA512
3b30fa1334b88af3e3382813d316104e3698173bb159c20ff3468cf3494ecfbbc32a9ae78b4919ecd47c05d506435af4a7ccee0576c0d0018a81fbd1b2dfcf10

Download Submit
C:\Users\Admin\AppData\Local\Temp\6BAE.tmp\mrsmajor\WinLogon.bat

Filesize
117B

MD5
870bce376c1b71365390a9e9aefb9a33

SHA1
176fdbdb8e5795fb5fddc81b2b4e1d9677779786

SHA256
2798dad008f62aace1841edfb43146147a9cade388c419c96da788fcaa2f76bc

SHA512
f17c9898f81387daf42c9b858f507889919474ac2a17f96fc6d4606be94327e0b941b23a3ccc3f4af92b8abc0522e94745616da0564cdef1c3f20ee17ee31f53

Download Submit
C:\Users\Admin\AppData\Local\Temp\6BAE.tmp\mrsmajor\def_resource\@Tile@@.jpg

Filesize
7KB

MD5
3e21bcf0d1e7f39d8b8ec2c940489ca2

SHA1
fa6879a984d70241557bb0abb849f175ace2fd78

SHA256
064f135fcc026a574552f42901b51052345f4b0f122edd7acd5f2dcc023160a5

SHA512
5577e20f76d6b1cccc513392532a09bdc6dcd3a8a177b8035dc5d7eb082e0093436068f92059e301c5987e6122c4d9aff3e5ae9cc94ccc1ecc9951e2785b0922

Download Submit
C:\Users\Admin\AppData\Local\Temp\6BAE.tmp\mrsmajor\def_resource\Skullcur.cur

Filesize
3KB

MD5
cea57c3a54a04118f1db9db8b38ea17a

SHA1
112d0f8913ff205776b975f54639c5c34ce43987

SHA256
d2b6db8b28112da51e34972dec513278a56783d24b8b5408f11997e9e67d422b

SHA512
561860907fa2f53c7853094299758232a70c0cd22c6df3534abd094c6970f28792c6c334a33b129d661a46930d90fd8c98f11cb34f3e277cf20a355b792f64f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\6BAE.tmp\mrsmajor\def_resource\creepysound.mp3

Filesize
1.2MB

MD5
4a9b1d8a8fe8a75c81ddba3e411ddc5d

SHA1
e40cb1ee4490f6d7520902e12222446a8efbf9a8

SHA256
79e9a3611494b5ffafaa79788ba7e11dd218e3800c40b56684ccc0c33ab64eac

SHA512
e7a28acb04ca33d57efe0474bb67d6d4b8ceff9198198b81574c76c835d5df05d113fc468f4a4434580b1b58189f38184c376976604dc05d1424af1721995601

Download Submit
C:\Users\Admin\AppData\Local\Temp\6BAE.tmp\mrsmajor\def_resource\f11.mp4

Filesize
227KB

MD5
17042b9e5fc04a571311cd484f17b9eb

SHA1
585d91c69c3f9e3d2e8cb8cf984871d89cc4adbb

SHA256
a9b0f1f849e0b41924f5e80b0c4948e63fc4b4f335bbdf0f997b03a3aff55424

SHA512
709076c6cef8dd61701c93e1fe331d2b1a218498b833db10ee4d2be0816e3444aeebfa092ab1bd10322617cf3385414e8fdb76fd90f25b44ac24d38937b4d47f

Download Submit
C:\Users\Admin\AppData\Local\Temp\6BAE.tmp\mrsmajor\default.txt

Filesize
266B

MD5
30cfd8bb946a7e889090fb148ea6f501

SHA1
c49dbc93f0f17ff65faf3b313562c655ef3f9753

SHA256
e1ebbd3abfcaddf7d6960708f3ccd8eda64c944723f0905ff76551c692b94210

SHA512
8e7d98e6d0c05d199114d2d6ab8da886aed68de690c4d79643868eaf051c229fff94c88d937adb3da5e31fe48116613cf79dd00dda30f296746ce0a8aded9fe2

Download Submit
C:\Users\Admin\AppData\Local\Temp\6BAE.tmp\mrsmajor\mrsmajorlauncher.vbs

Filesize
3KB

MD5
e3fdf285b14fb588f674ebfc2134200c

SHA1
30fba2298b6e1fade4b5f9c8c80f7f1ea07de811

SHA256
4d3aa3ecd16a6ba46a9d6c0bdacdcd9dce70d93585941a94e544696e3e6f7d92

SHA512
9b0bfbb07c77d9e9979a6c0f88b0a93010133f7dd3cf01e1de5dfbe812a5ed920e916d16d6a32fe21b9ee4b5425e61a616ded1aeeb35a410d4f77c0f9392ed0a

Download Submit
C:\Users\Admin\AppData\Local\Temp\6BAE.tmp\mrsmajor\reStart.vbs

Filesize
638B

MD5
0851e8d791f618daa5b72d40e0c8e32b

SHA1
80bea0443dc4cc508e846fefdb9de6c44ad8ff91

SHA256
2cbd8bc239c5cfc3ef02f8472d867dff61e5aed9fde8a3823cda28cc37d77722

SHA512
57a9d1d75dbbab842060b29f01958f7e6b27d0175ff9a3f7b97e423c1b4e3fae94547a569c2e5c88224fc5dcc785f5a1d49c61199a8c7b3afeb4fc520600df40

Download Submit
C:\Users\Admin\AppData\Roaming\vlc\vlcrc.2872

Filesize
93KB

MD5
478a4a09f4f74e97335cd4d5e9da7ab5

SHA1
3c4f1dc52a293f079095d0b0370428ec8e8f9315

SHA256
884b59950669842f3c45e6da3480cd9a553538b951fb155b435b48ff38683974

SHA512
e96719663cd264132a8e1ea8c3f8a148c778a0c68caa2468ba47629393605b197dd9e00efad91f389de9fcc77b04981a0cf87f785f3c645cdc9e4ebd98060ca1

Download Submit
C:\Users\Admin\Desktop\MRS MAJOR WANTS TO MEET YOU 5.txt

Filesize
27B

MD5
e20f623b1d5a781f86b51347260d68a5

SHA1
7e06a43ba81d27b017eb1d5dcc62124a9579f96e

SHA256
afeebe824fc4a955a673d3d8569a0b49dfbc43c6cc1d4e3d66d9855c28a7a179

SHA512
2e74cccdd158ce1ffde84573d43e44ec6e488d00282a661700906ba1966ad90968a16c405a9640b9d33db03b33753733c9b7078844b0f6ac3af3de0c3c044c0b

Download Submit
memory/1064-349-0x00000000029C0000-0x00000000029C1000-memory.dmp

Filesize
4KB

Download
memory/1940-419-0x00000000026E0000-0x00000000026E1000-memory.dmp

Filesize
4KB

Download
memory/2872-298-0x000007FEF4F40000-0x000007FEF4FAF000-memory.dmp

Filesize
444KB

Download
memory/2872-313-0x000007FEF4D80000-0x000007FEF4D93000-memory.dmp

Filesize
76KB

Download
memory/2872-279-0x000007FEF7210000-0x000007FEF7227000-memory.dmp

Filesize
92KB

Download
memory/2872-280-0x000007FEF6C30000-0x000007FEF6C41000-memory.dmp

Filesize
68KB

Download
memory/2872-281-0x000007FEF6C10000-0x000007FEF6C27000-memory.dmp

Filesize
92KB

Download
memory/2872-282-0x000007FEF6BF0000-0x000007FEF6C01000-memory.dmp

Filesize
68KB

Download
memory/2872-283-0x000007FEF6BD0000-0x000007FEF6BED000-memory.dmp

Filesize
116KB

Download
memory/2872-284-0x000007FEF6BB0000-0x000007FEF6BC1000-memory.dmp

Filesize
68KB

Download
memory/2872-285-0x000007FEF61E0000-0x000007FEF63E0000-memory.dmp

Filesize
2.0MB

Download
memory/2872-286-0x000007FEF6B70000-0x000007FEF6BAF000-memory.dmp

Filesize
252KB

Download
memory/2872-287-0x000007FEF5130000-0x000007FEF61DB000-memory.dmp

Filesize
16.7MB

Download
memory/2872-288-0x000007FEF6B40000-0x000007FEF6B61000-memory.dmp

Filesize
132KB

Download
memory/2872-289-0x000007FEF5110000-0x000007FEF5128000-memory.dmp

Filesize
96KB

Download
memory/2872-290-0x000007FEF50F0000-0x000007FEF5101000-memory.dmp

Filesize
68KB

Download
memory/2872-291-0x000007FEF50D0000-0x000007FEF50E1000-memory.dmp

Filesize
68KB

Download
memory/2872-292-0x000007FEF50B0000-0x000007FEF50C1000-memory.dmp

Filesize
68KB

Download
memory/2872-293-0x000007FEF5090000-0x000007FEF50AB000-memory.dmp

Filesize
108KB

Download
memory/2872-294-0x000007FEF5070000-0x000007FEF5081000-memory.dmp

Filesize
68KB

Download
memory/2872-295-0x000007FEF5050000-0x000007FEF5068000-memory.dmp

Filesize
96KB

Download
memory/2872-296-0x000007FEF5020000-0x000007FEF5050000-memory.dmp

Filesize
192KB

Download
memory/2872-297-0x000007FEF4FB0000-0x000007FEF5017000-memory.dmp

Filesize
412KB

Download
memory/2872-277-0x000007FEF6510000-0x000007FEF67C4000-memory.dmp

Filesize
2.7MB

Download
memory/2872-300-0x000007FEF4F20000-0x000007FEF4F31000-memory.dmp

Filesize
68KB

Download
memory/2872-301-0x000007FEF4EC0000-0x000007FEF4F16000-memory.dmp

Filesize
344KB

Download
memory/2872-306-0x000007FEF4E90000-0x000007FEF4EB8000-memory.dmp

Filesize
160KB

Download
memory/2872-307-0x000007FEF4E60000-0x000007FEF4E84000-memory.dmp

Filesize
144KB

Download
memory/2872-308-0x000007FEF4E40000-0x000007FEF4E57000-memory.dmp

Filesize
92KB

Download
memory/2872-309-0x000007FEF4E10000-0x000007FEF4E33000-memory.dmp

Filesize
140KB

Download
memory/2872-310-0x000007FEF4DF0000-0x000007FEF4E01000-memory.dmp

Filesize
68KB

Download
memory/2872-311-0x000007FEF4DD0000-0x000007FEF4DE2000-memory.dmp

Filesize
72KB

Download
memory/2872-312-0x000007FEF4DA0000-0x000007FEF4DC1000-memory.dmp

Filesize
132KB

Download
memory/2872-278-0x000007FEF7230000-0x000007FEF7248000-memory.dmp

Filesize
96KB

Download
memory/2872-314-0x000007FEF4D60000-0x000007FEF4D72000-memory.dmp

Filesize
72KB

Download
memory/2872-315-0x000007FEF4C20000-0x000007FEF4D5B000-memory.dmp

Filesize
1.2MB

Download
memory/2872-316-0x000007FEF4BF0000-0x000007FEF4C1C000-memory.dmp

Filesize
176KB

Download
memory/2872-317-0x000007FEF4A30000-0x000007FEF4BE2000-memory.dmp

Filesize
1.7MB

Download
memory/2872-318-0x000007FEF49D0000-0x000007FEF4A2C000-memory.dmp

Filesize
368KB

Download
memory/2872-319-0x000007FEF49B0000-0x000007FEF49C1000-memory.dmp

Filesize
68KB

Download
memory/2872-320-0x000007FEF4910000-0x000007FEF49A7000-memory.dmp

Filesize
604KB

Download
memory/2872-321-0x000007FEF48F0000-0x000007FEF4902000-memory.dmp

Filesize
72KB

Download
memory/2872-322-0x000007FEF46B0000-0x000007FEF48E1000-memory.dmp

Filesize
2.2MB

Download
memory/2872-323-0x000007FEF4590000-0x000007FEF46A2000-memory.dmp

Filesize
1.1MB

Download
memory/2872-324-0x000007FEF4550000-0x000007FEF4585000-memory.dmp

Filesize
212KB

Download
memory/2872-325-0x000007FEF4520000-0x000007FEF4545000-memory.dmp

Filesize
148KB

Download
memory/2872-326-0x000007FEF4500000-0x000007FEF4511000-memory.dmp

Filesize
68KB

Download
memory/2872-327-0x000007FEF4490000-0x000007FEF44F1000-memory.dmp

Filesize
388KB

Download
memory/2872-328-0x000007FEF4470000-0x000007FEF4481000-memory.dmp

Filesize
68KB

Download
memory/2872-329-0x000007FEF4450000-0x000007FEF4462000-memory.dmp

Filesize
72KB

Download
memory/2872-330-0x000007FEF4430000-0x000007FEF4443000-memory.dmp

Filesize
76KB

Download
memory/2872-331-0x000007FEF4390000-0x000007FEF442F000-memory.dmp

Filesize
636KB

Download
memory/2872-332-0x000007FEF4370000-0x000007FEF4381000-memory.dmp

Filesize
68KB

Download
memory/2872-333-0x000007FEF4260000-0x000007FEF4362000-memory.dmp

Filesize
1.0MB

Download
memory/2872-334-0x000007FEF4240000-0x000007FEF4251000-memory.dmp

Filesize
68KB

Download
memory/2872-335-0x000007FEF4220000-0x000007FEF4231000-memory.dmp

Filesize
68KB

Download
memory/2872-336-0x000007FEF4200000-0x000007FEF4211000-memory.dmp

Filesize
68KB

Download
memory/2872-337-0x000007FEF41E0000-0x000007FEF41F2000-memory.dmp

Filesize
72KB

Download
memory/2872-338-0x000007FEF41C0000-0x000007FEF41D8000-memory.dmp

Filesize
96KB

Download
memory/2872-339-0x000007FEF41A0000-0x000007FEF41B6000-memory.dmp

Filesize
88KB

Download
memory/2872-340-0x000007FEF4170000-0x000007FEF4199000-memory.dmp

Filesize
164KB

Download
memory/2872-341-0x000007FEF4150000-0x000007FEF4162000-memory.dmp

Filesize
72KB

Download
memory/2872-342-0x000007FEF4130000-0x000007FEF4141000-memory.dmp

Filesize
68KB

Download
memory/2872-343-0x000007FEF4110000-0x000007FEF4121000-memory.dmp

Filesize
68KB

Download
memory/2872-276-0x000007FEF72E0000-0x000007FEF7314000-memory.dmp

Filesize
208KB

Download
memory/2872-275-0x000000013F720000-0x000000013F818000-memory.dmp

Filesize
992KB

Download

Resubmissions

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads