Analysis
-
max time kernel
150s -
max time network
155s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
13-03-2024 22:32
Behavioral task
behavioral1
Sample
2024-03-13_ac6a7885e55155b6025f45bf90d5af64_darkside.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
2024-03-13_ac6a7885e55155b6025f45bf90d5af64_darkside.exe
Resource
win10v2004-20240226-en
General
-
Target
2024-03-13_ac6a7885e55155b6025f45bf90d5af64_darkside.exe
-
Size
149KB
-
MD5
ac6a7885e55155b6025f45bf90d5af64
-
SHA1
08d5edf13c34b78c68c6a01e1f2346baa9de5d54
-
SHA256
a779818597f3d64aac07f3db86bfa6019bf84069691e581f9f2d1b5a0c15daf0
-
SHA512
1d13fb7f5808392883e9644b91d4423765f3ac063ade2d511c85302fb9c9ebe5d2819f908b2223bf20f49b3162879bef60f50980d70b7fc4f90d8c1b5be47e51
-
SSDEEP
3072:S6glyuxE4GsUPnliByocWepBoOoWPuqMLWlYcaS:S6gDBGpvEByocWejotfqMClY0
Malware Config
Extracted
C:\LPJKYjRBM.README.txt
lockbit
https://twitter.com/hashtag/lockbit?f=live
https://tox.chat/download.html
Signatures
-
Lockbit
Ransomware family with multiple variants released since late 2019.
-
Renames multiple (583) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Drops desktop.ini file(s) 2 IoCs
Processes:
2024-03-13_ac6a7885e55155b6025f45bf90d5af64_darkside.exedescription ioc process File opened for modification C:\$Recycle.Bin\S-1-5-21-275798769-4264537674-1142822080-1000\desktop.ini 2024-03-13_ac6a7885e55155b6025f45bf90d5af64_darkside.exe File opened for modification F:\$RECYCLE.BIN\S-1-5-21-275798769-4264537674-1142822080-1000\desktop.ini 2024-03-13_ac6a7885e55155b6025f45bf90d5af64_darkside.exe -
Drops file in System32 directory 4 IoCs
Processes:
splwow64.exeprintfilterpipelinesvc.exedescription ioc process File created C:\Windows\system32\spool\PRINTERS\00002.SPL splwow64.exe File created C:\Windows\system32\spool\PRINTERS\PPf42ghvw0_gfqrhvdme7kwufad.TMP printfilterpipelinesvc.exe File created C:\Windows\system32\spool\PRINTERS\PP9r1q4_bsd0nojutdepi27dh7d.TMP printfilterpipelinesvc.exe File created C:\Windows\system32\spool\PRINTERS\PP22w44m0ky87o3olyq_b3av48.TMP printfilterpipelinesvc.exe -
Sets desktop wallpaper using registry 2 TTPs 2 IoCs
Processes:
2024-03-13_ac6a7885e55155b6025f45bf90d5af64_darkside.exedescription ioc process Set value (str) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Control Panel\Desktop\WallPaper = "C:\\ProgramData\\LPJKYjRBM.bmp" 2024-03-13_ac6a7885e55155b6025f45bf90d5af64_darkside.exe Set value (str) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Control Panel\Desktop\Wallpaper = "C:\\ProgramData\\LPJKYjRBM.bmp" 2024-03-13_ac6a7885e55155b6025f45bf90d5af64_darkside.exe -
Suspicious use of NtSetInformationThreadHideFromDebugger 4 IoCs
Processes:
2024-03-13_ac6a7885e55155b6025f45bf90d5af64_darkside.exepid process 1108 2024-03-13_ac6a7885e55155b6025f45bf90d5af64_darkside.exe 1108 2024-03-13_ac6a7885e55155b6025f45bf90d5af64_darkside.exe 1108 2024-03-13_ac6a7885e55155b6025f45bf90d5af64_darkside.exe 1108 2024-03-13_ac6a7885e55155b6025f45bf90d5af64_darkside.exe -
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
ONENOTE.EXEdescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz ONENOTE.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString ONENOTE.EXE Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 ONENOTE.EXE -
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
ONENOTE.EXEdescription ioc process Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS ONENOTE.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily ONENOTE.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU ONENOTE.EXE -
Modifies Control Panel 2 IoCs
Processes:
2024-03-13_ac6a7885e55155b6025f45bf90d5af64_darkside.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Control Panel\Desktop 2024-03-13_ac6a7885e55155b6025f45bf90d5af64_darkside.exe Set value (str) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Control Panel\Desktop\WallpaperStyle = "10" 2024-03-13_ac6a7885e55155b6025f45bf90d5af64_darkside.exe -
Modifies registry class 5 IoCs
Processes:
2024-03-13_ac6a7885e55155b6025f45bf90d5af64_darkside.exedescription ioc process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\LPJKYjRBM 2024-03-13_ac6a7885e55155b6025f45bf90d5af64_darkside.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\LPJKYjRBM\DefaultIcon\ = "C:\\ProgramData\\LPJKYjRBM.ico" 2024-03-13_ac6a7885e55155b6025f45bf90d5af64_darkside.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.LPJKYjRBM 2024-03-13_ac6a7885e55155b6025f45bf90d5af64_darkside.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.LPJKYjRBM\ = "LPJKYjRBM" 2024-03-13_ac6a7885e55155b6025f45bf90d5af64_darkside.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\LPJKYjRBM\DefaultIcon 2024-03-13_ac6a7885e55155b6025f45bf90d5af64_darkside.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
Processes:
2024-03-13_ac6a7885e55155b6025f45bf90d5af64_darkside.exepid process 1108 2024-03-13_ac6a7885e55155b6025f45bf90d5af64_darkside.exe 1108 2024-03-13_ac6a7885e55155b6025f45bf90d5af64_darkside.exe 1108 2024-03-13_ac6a7885e55155b6025f45bf90d5af64_darkside.exe 1108 2024-03-13_ac6a7885e55155b6025f45bf90d5af64_darkside.exe 1108 2024-03-13_ac6a7885e55155b6025f45bf90d5af64_darkside.exe 1108 2024-03-13_ac6a7885e55155b6025f45bf90d5af64_darkside.exe 1108 2024-03-13_ac6a7885e55155b6025f45bf90d5af64_darkside.exe 1108 2024-03-13_ac6a7885e55155b6025f45bf90d5af64_darkside.exe 1108 2024-03-13_ac6a7885e55155b6025f45bf90d5af64_darkside.exe 1108 2024-03-13_ac6a7885e55155b6025f45bf90d5af64_darkside.exe 1108 2024-03-13_ac6a7885e55155b6025f45bf90d5af64_darkside.exe 1108 2024-03-13_ac6a7885e55155b6025f45bf90d5af64_darkside.exe 1108 2024-03-13_ac6a7885e55155b6025f45bf90d5af64_darkside.exe 1108 2024-03-13_ac6a7885e55155b6025f45bf90d5af64_darkside.exe 1108 2024-03-13_ac6a7885e55155b6025f45bf90d5af64_darkside.exe 1108 2024-03-13_ac6a7885e55155b6025f45bf90d5af64_darkside.exe 1108 2024-03-13_ac6a7885e55155b6025f45bf90d5af64_darkside.exe 1108 2024-03-13_ac6a7885e55155b6025f45bf90d5af64_darkside.exe 1108 2024-03-13_ac6a7885e55155b6025f45bf90d5af64_darkside.exe 1108 2024-03-13_ac6a7885e55155b6025f45bf90d5af64_darkside.exe 1108 2024-03-13_ac6a7885e55155b6025f45bf90d5af64_darkside.exe 1108 2024-03-13_ac6a7885e55155b6025f45bf90d5af64_darkside.exe 1108 2024-03-13_ac6a7885e55155b6025f45bf90d5af64_darkside.exe 1108 2024-03-13_ac6a7885e55155b6025f45bf90d5af64_darkside.exe 1108 2024-03-13_ac6a7885e55155b6025f45bf90d5af64_darkside.exe 1108 2024-03-13_ac6a7885e55155b6025f45bf90d5af64_darkside.exe 1108 2024-03-13_ac6a7885e55155b6025f45bf90d5af64_darkside.exe 1108 2024-03-13_ac6a7885e55155b6025f45bf90d5af64_darkside.exe 1108 2024-03-13_ac6a7885e55155b6025f45bf90d5af64_darkside.exe 1108 2024-03-13_ac6a7885e55155b6025f45bf90d5af64_darkside.exe 1108 2024-03-13_ac6a7885e55155b6025f45bf90d5af64_darkside.exe 1108 2024-03-13_ac6a7885e55155b6025f45bf90d5af64_darkside.exe 1108 2024-03-13_ac6a7885e55155b6025f45bf90d5af64_darkside.exe 1108 2024-03-13_ac6a7885e55155b6025f45bf90d5af64_darkside.exe 1108 2024-03-13_ac6a7885e55155b6025f45bf90d5af64_darkside.exe 1108 2024-03-13_ac6a7885e55155b6025f45bf90d5af64_darkside.exe 1108 2024-03-13_ac6a7885e55155b6025f45bf90d5af64_darkside.exe 1108 2024-03-13_ac6a7885e55155b6025f45bf90d5af64_darkside.exe 1108 2024-03-13_ac6a7885e55155b6025f45bf90d5af64_darkside.exe 1108 2024-03-13_ac6a7885e55155b6025f45bf90d5af64_darkside.exe 1108 2024-03-13_ac6a7885e55155b6025f45bf90d5af64_darkside.exe 1108 2024-03-13_ac6a7885e55155b6025f45bf90d5af64_darkside.exe 1108 2024-03-13_ac6a7885e55155b6025f45bf90d5af64_darkside.exe 1108 2024-03-13_ac6a7885e55155b6025f45bf90d5af64_darkside.exe 1108 2024-03-13_ac6a7885e55155b6025f45bf90d5af64_darkside.exe 1108 2024-03-13_ac6a7885e55155b6025f45bf90d5af64_darkside.exe 1108 2024-03-13_ac6a7885e55155b6025f45bf90d5af64_darkside.exe 1108 2024-03-13_ac6a7885e55155b6025f45bf90d5af64_darkside.exe 1108 2024-03-13_ac6a7885e55155b6025f45bf90d5af64_darkside.exe 1108 2024-03-13_ac6a7885e55155b6025f45bf90d5af64_darkside.exe 1108 2024-03-13_ac6a7885e55155b6025f45bf90d5af64_darkside.exe 1108 2024-03-13_ac6a7885e55155b6025f45bf90d5af64_darkside.exe 1108 2024-03-13_ac6a7885e55155b6025f45bf90d5af64_darkside.exe 1108 2024-03-13_ac6a7885e55155b6025f45bf90d5af64_darkside.exe 1108 2024-03-13_ac6a7885e55155b6025f45bf90d5af64_darkside.exe 1108 2024-03-13_ac6a7885e55155b6025f45bf90d5af64_darkside.exe 1108 2024-03-13_ac6a7885e55155b6025f45bf90d5af64_darkside.exe 1108 2024-03-13_ac6a7885e55155b6025f45bf90d5af64_darkside.exe 1108 2024-03-13_ac6a7885e55155b6025f45bf90d5af64_darkside.exe 1108 2024-03-13_ac6a7885e55155b6025f45bf90d5af64_darkside.exe 1108 2024-03-13_ac6a7885e55155b6025f45bf90d5af64_darkside.exe 1108 2024-03-13_ac6a7885e55155b6025f45bf90d5af64_darkside.exe 1108 2024-03-13_ac6a7885e55155b6025f45bf90d5af64_darkside.exe 1108 2024-03-13_ac6a7885e55155b6025f45bf90d5af64_darkside.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
Processes:
2024-03-13_ac6a7885e55155b6025f45bf90d5af64_darkside.exedescription pid process Token: SeAssignPrimaryTokenPrivilege 1108 2024-03-13_ac6a7885e55155b6025f45bf90d5af64_darkside.exe Token: SeBackupPrivilege 1108 2024-03-13_ac6a7885e55155b6025f45bf90d5af64_darkside.exe Token: SeDebugPrivilege 1108 2024-03-13_ac6a7885e55155b6025f45bf90d5af64_darkside.exe Token: 36 1108 2024-03-13_ac6a7885e55155b6025f45bf90d5af64_darkside.exe Token: SeImpersonatePrivilege 1108 2024-03-13_ac6a7885e55155b6025f45bf90d5af64_darkside.exe Token: SeIncBasePriorityPrivilege 1108 2024-03-13_ac6a7885e55155b6025f45bf90d5af64_darkside.exe Token: SeIncreaseQuotaPrivilege 1108 2024-03-13_ac6a7885e55155b6025f45bf90d5af64_darkside.exe Token: 33 1108 2024-03-13_ac6a7885e55155b6025f45bf90d5af64_darkside.exe Token: SeManageVolumePrivilege 1108 2024-03-13_ac6a7885e55155b6025f45bf90d5af64_darkside.exe Token: SeProfSingleProcessPrivilege 1108 2024-03-13_ac6a7885e55155b6025f45bf90d5af64_darkside.exe Token: SeRestorePrivilege 1108 2024-03-13_ac6a7885e55155b6025f45bf90d5af64_darkside.exe Token: SeSecurityPrivilege 1108 2024-03-13_ac6a7885e55155b6025f45bf90d5af64_darkside.exe Token: SeSystemProfilePrivilege 1108 2024-03-13_ac6a7885e55155b6025f45bf90d5af64_darkside.exe Token: SeTakeOwnershipPrivilege 1108 2024-03-13_ac6a7885e55155b6025f45bf90d5af64_darkside.exe Token: SeShutdownPrivilege 1108 2024-03-13_ac6a7885e55155b6025f45bf90d5af64_darkside.exe Token: SeDebugPrivilege 1108 2024-03-13_ac6a7885e55155b6025f45bf90d5af64_darkside.exe Token: SeBackupPrivilege 1108 2024-03-13_ac6a7885e55155b6025f45bf90d5af64_darkside.exe Token: SeBackupPrivilege 1108 2024-03-13_ac6a7885e55155b6025f45bf90d5af64_darkside.exe Token: SeSecurityPrivilege 1108 2024-03-13_ac6a7885e55155b6025f45bf90d5af64_darkside.exe Token: SeSecurityPrivilege 1108 2024-03-13_ac6a7885e55155b6025f45bf90d5af64_darkside.exe Token: SeBackupPrivilege 1108 2024-03-13_ac6a7885e55155b6025f45bf90d5af64_darkside.exe Token: SeBackupPrivilege 1108 2024-03-13_ac6a7885e55155b6025f45bf90d5af64_darkside.exe Token: SeSecurityPrivilege 1108 2024-03-13_ac6a7885e55155b6025f45bf90d5af64_darkside.exe Token: SeSecurityPrivilege 1108 2024-03-13_ac6a7885e55155b6025f45bf90d5af64_darkside.exe Token: SeBackupPrivilege 1108 2024-03-13_ac6a7885e55155b6025f45bf90d5af64_darkside.exe Token: SeBackupPrivilege 1108 2024-03-13_ac6a7885e55155b6025f45bf90d5af64_darkside.exe Token: SeSecurityPrivilege 1108 2024-03-13_ac6a7885e55155b6025f45bf90d5af64_darkside.exe Token: SeSecurityPrivilege 1108 2024-03-13_ac6a7885e55155b6025f45bf90d5af64_darkside.exe Token: SeBackupPrivilege 1108 2024-03-13_ac6a7885e55155b6025f45bf90d5af64_darkside.exe Token: SeBackupPrivilege 1108 2024-03-13_ac6a7885e55155b6025f45bf90d5af64_darkside.exe Token: SeSecurityPrivilege 1108 2024-03-13_ac6a7885e55155b6025f45bf90d5af64_darkside.exe Token: SeSecurityPrivilege 1108 2024-03-13_ac6a7885e55155b6025f45bf90d5af64_darkside.exe Token: SeBackupPrivilege 1108 2024-03-13_ac6a7885e55155b6025f45bf90d5af64_darkside.exe Token: SeBackupPrivilege 1108 2024-03-13_ac6a7885e55155b6025f45bf90d5af64_darkside.exe Token: SeSecurityPrivilege 1108 2024-03-13_ac6a7885e55155b6025f45bf90d5af64_darkside.exe Token: SeSecurityPrivilege 1108 2024-03-13_ac6a7885e55155b6025f45bf90d5af64_darkside.exe Token: SeBackupPrivilege 1108 2024-03-13_ac6a7885e55155b6025f45bf90d5af64_darkside.exe Token: SeBackupPrivilege 1108 2024-03-13_ac6a7885e55155b6025f45bf90d5af64_darkside.exe Token: SeSecurityPrivilege 1108 2024-03-13_ac6a7885e55155b6025f45bf90d5af64_darkside.exe Token: SeSecurityPrivilege 1108 2024-03-13_ac6a7885e55155b6025f45bf90d5af64_darkside.exe Token: SeBackupPrivilege 1108 2024-03-13_ac6a7885e55155b6025f45bf90d5af64_darkside.exe Token: SeBackupPrivilege 1108 2024-03-13_ac6a7885e55155b6025f45bf90d5af64_darkside.exe Token: SeSecurityPrivilege 1108 2024-03-13_ac6a7885e55155b6025f45bf90d5af64_darkside.exe Token: SeSecurityPrivilege 1108 2024-03-13_ac6a7885e55155b6025f45bf90d5af64_darkside.exe Token: SeBackupPrivilege 1108 2024-03-13_ac6a7885e55155b6025f45bf90d5af64_darkside.exe Token: SeBackupPrivilege 1108 2024-03-13_ac6a7885e55155b6025f45bf90d5af64_darkside.exe Token: SeSecurityPrivilege 1108 2024-03-13_ac6a7885e55155b6025f45bf90d5af64_darkside.exe Token: SeSecurityPrivilege 1108 2024-03-13_ac6a7885e55155b6025f45bf90d5af64_darkside.exe Token: SeBackupPrivilege 1108 2024-03-13_ac6a7885e55155b6025f45bf90d5af64_darkside.exe Token: SeBackupPrivilege 1108 2024-03-13_ac6a7885e55155b6025f45bf90d5af64_darkside.exe Token: SeSecurityPrivilege 1108 2024-03-13_ac6a7885e55155b6025f45bf90d5af64_darkside.exe Token: SeSecurityPrivilege 1108 2024-03-13_ac6a7885e55155b6025f45bf90d5af64_darkside.exe Token: SeBackupPrivilege 1108 2024-03-13_ac6a7885e55155b6025f45bf90d5af64_darkside.exe Token: SeBackupPrivilege 1108 2024-03-13_ac6a7885e55155b6025f45bf90d5af64_darkside.exe Token: SeSecurityPrivilege 1108 2024-03-13_ac6a7885e55155b6025f45bf90d5af64_darkside.exe Token: SeSecurityPrivilege 1108 2024-03-13_ac6a7885e55155b6025f45bf90d5af64_darkside.exe Token: SeBackupPrivilege 1108 2024-03-13_ac6a7885e55155b6025f45bf90d5af64_darkside.exe Token: SeBackupPrivilege 1108 2024-03-13_ac6a7885e55155b6025f45bf90d5af64_darkside.exe Token: SeSecurityPrivilege 1108 2024-03-13_ac6a7885e55155b6025f45bf90d5af64_darkside.exe Token: SeSecurityPrivilege 1108 2024-03-13_ac6a7885e55155b6025f45bf90d5af64_darkside.exe Token: SeBackupPrivilege 1108 2024-03-13_ac6a7885e55155b6025f45bf90d5af64_darkside.exe Token: SeBackupPrivilege 1108 2024-03-13_ac6a7885e55155b6025f45bf90d5af64_darkside.exe Token: SeSecurityPrivilege 1108 2024-03-13_ac6a7885e55155b6025f45bf90d5af64_darkside.exe Token: SeSecurityPrivilege 1108 2024-03-13_ac6a7885e55155b6025f45bf90d5af64_darkside.exe -
Suspicious use of SetWindowsHookEx 13 IoCs
Processes:
ONENOTE.EXEpid process 1048 ONENOTE.EXE 1048 ONENOTE.EXE 1048 ONENOTE.EXE 1048 ONENOTE.EXE 1048 ONENOTE.EXE 1048 ONENOTE.EXE 1048 ONENOTE.EXE 1048 ONENOTE.EXE 1048 ONENOTE.EXE 1048 ONENOTE.EXE 1048 ONENOTE.EXE 1048 ONENOTE.EXE 1048 ONENOTE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
2024-03-13_ac6a7885e55155b6025f45bf90d5af64_darkside.exeprintfilterpipelinesvc.exedescription pid process target process PID 1108 wrote to memory of 2948 1108 2024-03-13_ac6a7885e55155b6025f45bf90d5af64_darkside.exe splwow64.exe PID 1108 wrote to memory of 2948 1108 2024-03-13_ac6a7885e55155b6025f45bf90d5af64_darkside.exe splwow64.exe PID 4252 wrote to memory of 1048 4252 printfilterpipelinesvc.exe ONENOTE.EXE PID 4252 wrote to memory of 1048 4252 printfilterpipelinesvc.exe ONENOTE.EXE
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-03-13_ac6a7885e55155b6025f45bf90d5af64_darkside.exe"C:\Users\Admin\AppData\Local\Temp\2024-03-13_ac6a7885e55155b6025f45bf90d5af64_darkside.exe"1⤵
- Drops desktop.ini file(s)
- Sets desktop wallpaper using registry
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Modifies Control Panel
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1108 -
C:\Windows\splwow64.exeC:\Windows\splwow64.exe 122882⤵
- Drops file in System32 directory
PID:2948
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k PrintWorkflow -s PrintWorkflowUserSvc1⤵PID:3272
-
C:\Windows\system32\printfilterpipelinesvc.exeC:\Windows\system32\printfilterpipelinesvc.exe -Embedding1⤵
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:4252 -
C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE/insertdoc "C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\{290AD492-DB90-4FA3-9582-EC21237DAD10}.xps" 1335484279181300002⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious use of SetWindowsHookEx
PID:1048
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
129B
MD533408ff3550ad710a974b8c35a9c04c8
SHA133604eb69a40f012c36f6c8606864dd7ff1db9f8
SHA25679bd02183197d044351acee855cdb2f37d8d1c8a6e6593c3b571f68dd88f5c78
SHA512e16e29fadfc387c19a8c52bb3950ca1edaad93c745abe1178cf648e03d68ad2380acef404380f0a6b54b4557639597ea7e23fcfdfc4dfd2ddb99ce24b24dc3ac
-
Filesize
2KB
MD549d7a5d1df53ecdd8a0833b0534e994b
SHA1109f6d182d4fa2088abc77ce6829096dd6e3d5b2
SHA256377bb9d6e9786b2ea9f2f974fb152ff65d372a452667d0c958fe2f440cbf9250
SHA512cca2532c96d56fa82dc54daa903e657da779a706a966bdbc68ea8da60f3bb8b1599d96aa9da7fbd0b35342d2f2cb24688ce66cd31f89b459d38b23c48481101a
-
Filesize
4KB
MD57e93612b4d1adfbd1fa90ae2625d449b
SHA14f19e0d8cc970551739cdaef10f25e00117e0d92
SHA256e398e8ff25c5b42f58dc56c2c3d93f4aea1b112740047861d2963735a06202c3
SHA5120a1f82631c9d1c21a1a2d9ad6d7f95989ab424efdbeba6d1a8d8d57fb75bb4c467a97b37153ac6885e8d5430e93113e443236a91d15b335fddaeb078a62b2556
-
Filesize
4KB
MD5a6fbd0f128db88ecc5c097f8c4180476
SHA1d552e892f0c601df674b1a34152a1d3d1555418d
SHA256992a1c17e128f72b332d8b41828c80a5c67f9e371ce036d3e4e266c2c4414869
SHA5121a4dbd976a3998a37b26d3364c899ac2fe6fb387d90ac7b2fe04a8a63a4cc59107791d7aced8411879af3666f59bb6f65d37eaec0a9f7952d00f8038c178f897
-
Filesize
129B
MD58c0354f8db4dd3e2574c60e319bb5d75
SHA104781be452bdf7ea2529fb0b42c15acbcaa7de5e
SHA25613fce3dfc580cb743f530ab32b02ef94edaa30eec74a6b5356e6e954f0882d8e
SHA512f402294858d7e36f49a752ec55fd96fb1e981f091a6afebb9e87a9dbeda206a01ed716b04dc285f5748fec178dcbf53182cd8ca2aa8aaaaa8bf164381d1ce166