d6ba6b40217431d396a0e358660d5dd0686cc21bf302b32c0ceb14c322d74644

Analysis

max time kernel
121s
max time network
126s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
20/03/2024, 01:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d6ba6b40217431d396a0e358660d5dd0686cc21bf302b32c0ceb14c322d74644.exe
Size

420KB
MD5

15a6b92e095e4a76f4e31982a6e02e74
SHA1

954a6ca66dba1db748df836532138dfc1ebeef71
SHA256

d6ba6b40217431d396a0e358660d5dd0686cc21bf302b32c0ceb14c322d74644
SHA512

dc14b0d041917bc95672f9a5ac7065df23124114e28766891cd23ef42c1ba82fc4ab2164cfadf20379c7b747e7b074765d1ce3bf404d72390541fbea2901cb3d
SSDEEP

3072:tmyvMnbtGXRvjxCb5NgXDY7uSK4aqTB3RtPgmQ+LgmQD:bzlKgzeYqTKmQ/mQ

Score

6^/10

ransomware

Malware Config

Signatures

Enumerates connected drives 3 TTPs 10 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\E:	d6ba6b40217431d396a0e358660d5dd0686cc21bf302b32c0ceb14c322d74644.exe
File opened (read-only)	\??\G:	d6ba6b40217431d396a0e358660d5dd0686cc21bf302b32c0ceb14c322d74644.exe
File opened (read-only)	\??\H:	d6ba6b40217431d396a0e358660d5dd0686cc21bf302b32c0ceb14c322d74644.exe
File opened (read-only)	\??\J:	d6ba6b40217431d396a0e358660d5dd0686cc21bf302b32c0ceb14c322d74644.exe
File opened (read-only)	\??\L:	d6ba6b40217431d396a0e358660d5dd0686cc21bf302b32c0ceb14c322d74644.exe
File opened (read-only)	\??\N:	d6ba6b40217431d396a0e358660d5dd0686cc21bf302b32c0ceb14c322d74644.exe
File opened (read-only)	\??\I:	d6ba6b40217431d396a0e358660d5dd0686cc21bf302b32c0ceb14c322d74644.exe
File opened (read-only)	\??\K:	d6ba6b40217431d396a0e358660d5dd0686cc21bf302b32c0ceb14c322d74644.exe
File opened (read-only)	\??\M:	d6ba6b40217431d396a0e358660d5dd0686cc21bf302b32c0ceb14c322d74644.exe
File opened (read-only)	\??\O:	d6ba6b40217431d396a0e358660d5dd0686cc21bf302b32c0ceb14c322d74644.exe

Sets desktop wallpaper using registry 2 TTPs 1 IoCs

ransomware

Defacement

T1491

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\TranscodedWallpaper.jpg"	d6ba6b40217431d396a0e358660d5dd0686cc21bf302b32c0ceb14c322d74644.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Mozilla Firefox\uninstall\helper.exe	d6ba6b40217431d396a0e358660d5dd0686cc21bf302b32c0ceb14c322d74644.exe
File opened for modification	C:\Program Files\Windows Mail\wab.cab	d6ba6b40217431d396a0e358660d5dd0686cc21bf302b32c0ceb14c322d74644.exe
File opened for modification	C:\Program Files\Windows Media Player\WMPDMC.cab	d6ba6b40217431d396a0e358660d5dd0686cc21bf302b32c0ceb14c322d74644.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\RCX5175.tmp	d6ba6b40217431d396a0e358660d5dd0686cc21bf302b32c0ceb14c322d74644.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\appletviewer.exe	d6ba6b40217431d396a0e358660d5dd0686cc21bf302b32c0ceb14c322d74644.exe
File opened for modification	C:\Program Files\Internet Explorer\ieinstal.cab	d6ba6b40217431d396a0e358660d5dd0686cc21bf302b32c0ceb14c322d74644.exe
File opened for modification	C:\Program Files\Windows Defender\MpCmdRun.cab	d6ba6b40217431d396a0e358660d5dd0686cc21bf302b32c0ceb14c322d74644.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\FlickLearningWizard.cab	d6ba6b40217431d396a0e358660d5dd0686cc21bf302b32c0ceb14c322d74644.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\chrome_proxy.exe	d6ba6b40217431d396a0e358660d5dd0686cc21bf302b32c0ceb14c322d74644.exe
File opened for modification	C:\Program Files\Microsoft Office\Office14\MSOHTMED.cab	d6ba6b40217431d396a0e358660d5dd0686cc21bf302b32c0ceb14c322d74644.exe
File created	C:\Program Files\Windows Media Player\wmlaunch.cab	d6ba6b40217431d396a0e358660d5dd0686cc21bf302b32c0ceb14c322d74644.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\RCX5185.tmp	d6ba6b40217431d396a0e358660d5dd0686cc21bf302b32c0ceb14c322d74644.exe
File created	C:\Program Files\Java\jre7\bin\jabswitch.cab	d6ba6b40217431d396a0e358660d5dd0686cc21bf302b32c0ceb14c322d74644.exe
File created	C:\Program Files\Windows Mail\WinMail.cab	d6ba6b40217431d396a0e358660d5dd0686cc21bf302b32c0ceb14c322d74644.exe
File opened for modification	C:\Program Files\Windows Media Player\wmpconfig.cab	d6ba6b40217431d396a0e358660d5dd0686cc21bf302b32c0ceb14c322d74644.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe	d6ba6b40217431d396a0e358660d5dd0686cc21bf302b32c0ceb14c322d74644.exe
File created	C:\Program Files\Windows Journal\Journal.cab	d6ba6b40217431d396a0e358660d5dd0686cc21bf302b32c0ceb14c322d74644.exe
File created	C:\Program Files\Windows Mail\wab.exe	d6ba6b40217431d396a0e358660d5dd0686cc21bf302b32c0ceb14c322d74644.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\RCX4FFC.tmp	d6ba6b40217431d396a0e358660d5dd0686cc21bf302b32c0ceb14c322d74644.exe
File created	C:\Program Files\Windows Defender\MpCmdRun.cab	d6ba6b40217431d396a0e358660d5dd0686cc21bf302b32c0ceb14c322d74644.exe
File opened for modification	C:\Program Files\Mozilla Firefox\uninstall\RCX55D4.tmp	d6ba6b40217431d396a0e358660d5dd0686cc21bf302b32c0ceb14c322d74644.exe
File opened for modification	C:\Program Files\Mozilla Firefox\uninstall\helper.exe	d6ba6b40217431d396a0e358660d5dd0686cc21bf302b32c0ceb14c322d74644.exe
File created	C:\Program Files\Windows Media Player\wmpenc.exe	d6ba6b40217431d396a0e358660d5dd0686cc21bf302b32c0ceb14c322d74644.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.cab	d6ba6b40217431d396a0e358660d5dd0686cc21bf302b32c0ceb14c322d74644.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE	d6ba6b40217431d396a0e358660d5dd0686cc21bf302b32c0ceb14c322d74644.exe
File created	C:\Program Files\Windows Journal\PDIALOG.cab	d6ba6b40217431d396a0e358660d5dd0686cc21bf302b32c0ceb14c322d74644.exe
File created	C:\Program Files\Windows Media Player\wmpnscfg.exe	d6ba6b40217431d396a0e358660d5dd0686cc21bf302b32c0ceb14c322d74644.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe	d6ba6b40217431d396a0e358660d5dd0686cc21bf302b32c0ceb14c322d74644.exe
File opened for modification	C:\Program Files\Mozilla Firefox\default-browser-agent.exe	d6ba6b40217431d396a0e358660d5dd0686cc21bf302b32c0ceb14c322d74644.exe
File opened for modification	C:\Program Files\Internet Explorer\iediagcmd.cab	d6ba6b40217431d396a0e358660d5dd0686cc21bf302b32c0ceb14c322d74644.exe
File created	C:\Program Files\Windows Defender\MSASCui.exe	d6ba6b40217431d396a0e358660d5dd0686cc21bf302b32c0ceb14c322d74644.exe
File created	C:\Program Files\Google\Chrome\Application\chrome.cab	d6ba6b40217431d396a0e358660d5dd0686cc21bf302b32c0ceb14c322d74644.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\RCX51A6.tmp	d6ba6b40217431d396a0e358660d5dd0686cc21bf302b32c0ceb14c322d74644.exe
File created	C:\Program Files\VideoLAN\VLC\uninstall.exe	d6ba6b40217431d396a0e358660d5dd0686cc21bf302b32c0ceb14c322d74644.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\vlc-cache-gen.cab	d6ba6b40217431d396a0e358660d5dd0686cc21bf302b32c0ceb14c322d74644.exe
File opened for modification	C:\Program Files\7-Zip\RCX4EDF.tmp	d6ba6b40217431d396a0e358660d5dd0686cc21bf302b32c0ceb14c322d74644.exe
File opened for modification	C:\Program Files\Mozilla Firefox\RCX5562.tmp	d6ba6b40217431d396a0e358660d5dd0686cc21bf302b32c0ceb14c322d74644.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\uninstall.exe	d6ba6b40217431d396a0e358660d5dd0686cc21bf302b32c0ceb14c322d74644.exe
File created	C:\Program Files\Windows Media Player\wmlaunch.exe	d6ba6b40217431d396a0e358660d5dd0686cc21bf302b32c0ceb14c322d74644.exe
File created	C:\Program Files\Windows Media Player\setup_wm.cab	d6ba6b40217431d396a0e358660d5dd0686cc21bf302b32c0ceb14c322d74644.exe
File opened for modification	C:\Program Files\Windows Media Player\wmlaunch.cab	d6ba6b40217431d396a0e358660d5dd0686cc21bf302b32c0ceb14c322d74644.exe
File created	C:\Program Files\Internet Explorer\iediagcmd.exe	d6ba6b40217431d396a0e358660d5dd0686cc21bf302b32c0ceb14c322d74644.exe
File opened for modification	C:\Program Files\Java\jre7\bin\jabswitch.cab	d6ba6b40217431d396a0e358660d5dd0686cc21bf302b32c0ceb14c322d74644.exe
File created	C:\Program Files\Microsoft Games\Chess\Chess.cab	d6ba6b40217431d396a0e358660d5dd0686cc21bf302b32c0ceb14c322d74644.exe
File created	C:\Program Files\Windows Media Player\WMPDMC.cab	d6ba6b40217431d396a0e358660d5dd0686cc21bf302b32c0ceb14c322d74644.exe
File created	C:\Program Files\7-Zip\7zFM.exe	d6ba6b40217431d396a0e358660d5dd0686cc21bf302b32c0ceb14c322d74644.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\RCX5154.tmp	d6ba6b40217431d396a0e358660d5dd0686cc21bf302b32c0ceb14c322d74644.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\RCX508A.tmp	d6ba6b40217431d396a0e358660d5dd0686cc21bf302b32c0ceb14c322d74644.exe
File opened for modification	C:\Program Files\Mozilla Firefox\uninstall\helper.cab	d6ba6b40217431d396a0e358660d5dd0686cc21bf302b32c0ceb14c322d74644.exe
File opened for modification	C:\Program Files\Windows Mail\WinMail.cab	d6ba6b40217431d396a0e358660d5dd0686cc21bf302b32c0ceb14c322d74644.exe
File created	C:\Program Files\Windows Media Player\wmprph.exe	d6ba6b40217431d396a0e358660d5dd0686cc21bf302b32c0ceb14c322d74644.exe
File opened for modification	C:\Program Files\7-Zip\RCX4EF0.tmp	d6ba6b40217431d396a0e358660d5dd0686cc21bf302b32c0ceb14c322d74644.exe
File created	C:\Program Files\DVD Maker\DVDMaker.exe	d6ba6b40217431d396a0e358660d5dd0686cc21bf302b32c0ceb14c322d74644.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.cab	d6ba6b40217431d396a0e358660d5dd0686cc21bf302b32c0ceb14c322d74644.exe
File created	C:\Program Files\Windows Media Player\wmpnetwk.cab	d6ba6b40217431d396a0e358660d5dd0686cc21bf302b32c0ceb14c322d74644.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\RCX4FEA.tmp	d6ba6b40217431d396a0e358660d5dd0686cc21bf302b32c0ceb14c322d74644.exe
File opened for modification	C:\Program Files\DVD Maker\DVDMaker.cab	d6ba6b40217431d396a0e358660d5dd0686cc21bf302b32c0ceb14c322d74644.exe
File created	C:\Program Files\Windows Photo Viewer\ImagingDevices.cab	d6ba6b40217431d396a0e358660d5dd0686cc21bf302b32c0ceb14c322d74644.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.cab	d6ba6b40217431d396a0e358660d5dd0686cc21bf302b32c0ceb14c322d74644.exe
File opened for modification	C:\Program Files\Internet Explorer\ielowutil.cab	d6ba6b40217431d396a0e358660d5dd0686cc21bf302b32c0ceb14c322d74644.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\InkWatson.exe	d6ba6b40217431d396a0e358660d5dd0686cc21bf302b32c0ceb14c322d74644.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\ink\mip.cab	d6ba6b40217431d396a0e358660d5dd0686cc21bf302b32c0ceb14c322d74644.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\RCX5654.tmp	d6ba6b40217431d396a0e358660d5dd0686cc21bf302b32c0ceb14c322d74644.exe
File opened for modification	C:\Program Files\Java\jre7\bin\RCX549F.tmp	d6ba6b40217431d396a0e358660d5dd0686cc21bf302b32c0ceb14c322d74644.exe

Drops file in Windows directory 2 IoCs

description	ioc	Process
File created	C:\windows\WallPapers.jpg	d6ba6b40217431d396a0e358660d5dd0686cc21bf302b32c0ceb14c322d74644.exe
File created	C:\windows\readme.1xt	d6ba6b40217431d396a0e358660d5dd0686cc21bf302b32c0ceb14c322d74644.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Desktop\General\WallpaperSource = "C:\\windows\\WallPapers.jpg"	d6ba6b40217431d396a0e358660d5dd0686cc21bf302b32c0ceb14c322d74644.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Desktop\General	d6ba6b40217431d396a0e358660d5dd0686cc21bf302b32c0ceb14c322d74644.exe

C:\Users\Admin\AppData\Local\Temp\d6ba6b40217431d396a0e358660d5dd0686cc21bf302b32c0ceb14c322d74644.exe
"C:\Users\Admin\AppData\Local\Temp\d6ba6b40217431d396a0e358660d5dd0686cc21bf302b32c0ceb14c322d74644.exe"
1⤵
- Enumerates connected drives
- Sets desktop wallpaper using registry
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies Internet Explorer settings
PID:2240

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Defacement

T1491

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7z.cab

Filesize
544KB

MD5
9a1dd1d96481d61934dcc2d568971d06

SHA1
f136ef9bf8bd2fc753292fb5b7cf173a22675fb3

SHA256
8cebb25e240db3b6986fcaed6bc0b900fa09dad763a56fb71273529266c5c525

SHA512
7ac1581f8a29e778ba1a1220670796c47fa5b838417f8f635e2cb1998a01515cff3ee57045dacb78a8ec70d43754b970743aba600379fe6d9481958d32d8a5aa

Download Submit
C:\Program Files\7-Zip\7z.exe

Filesize
465KB

MD5
8675b820bdb1cde60dc3f777b38e09a5

SHA1
94f2f93ce715aeecb600d0584c7a0f62f8624833

SHA256
5f53fd4dd0f2ba06b12894f111d470c2d4a0f69447213832d92cb644095f3fa7

SHA512
3adb06475551448aea2b990ae6d047c7e1af2a8f1efc81d505e0ff261122a66bfe0f2f20bdb106deb180f0ba559a2e00088221e84070fa7c4486e3dd70e5abbb

Download Submit
C:\Program Files\7-Zip\7zFM.cab

Filesize
930KB

MD5
30ac0b832d75598fb3ec37b6f2a8c86a

SHA1
6f47dbfd6ff36df7ba581a4cef024da527dc3046

SHA256
1ea0839c8dc95ad2c060af7d042c40c0daed58ce8e4524c0fba12fd73e4afb74

SHA512
505870601a4389b7ed2c8fecf85835adfd2944cbc10801f74bc4e08f5a0d6ecc9a52052fc37e216304cd1655129021862294a698ed36b3b43d428698f7263057

Download Submit
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.cab

Filesize
118KB

MD5
f45a7db6aec433fd579774dfdb3eaa89

SHA1
2f8773cc2b720143776a0909d19b98c4954b39cc

SHA256
2bc2372cfabd26933bc4012046e66a5d2efc9554c0835d1a0aa012d3bd1a6f9a

SHA512
03a4b7c53373ff6308a0292bb84981dc1566923e93669bbb11cb03d9f58a8d477a1a2399aac5059f477bbf1cf14b17817d208bc7c496b8675ece83cdabec5662

Download Submit
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\RCX4FEA.tmp

Filesize
236KB

MD5
86200feee126a11b190b5a7456c67673

SHA1
765378ea348efa19447f9c8a7bffba9e30e865be

SHA256
db2cc2e413a168bdb24e3c69343cc6ebdb3efcdc2d2ad58231af05dea50cb732

SHA512
781179eb92f45551da9f9990e73afa26b9546d6630a606db0f3075f106c1c070ba54ab9fb1cc6ab0e92d06aecf8e743cccf07dceb41611399788ce171bfc3e2d

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.cab

Filesize
336KB

MD5
485524d03b9b72f940e3e607a1b546f4

SHA1
2b9b021f3ae510a9190bfa65efd281832910ea50

SHA256
732e00bb26c63339a2223e0dc41fe203126bc96a6e2e2e91005421c15ce307b9

SHA512
9c09d35ad8560706a3a33c4ea0a80e9749e25c6befd46459f687397612343d6173d73e0a393596050cef04a558d4a61ae08021efc87c01f36e17d1324d352a1c

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.cab

Filesize
603KB

MD5
96825c6196cc856fefccc638a9bceeb7

SHA1
4b559b444ba61b09d5409bbd56b102a8177ba595

SHA256
378e0134d483c26abb11660b97423dd9239fb5fe536fe7d308ad8df1186cb089

SHA512
712e9e791f25c4a2c6a8b79304045ca2220a6148365fc765cc636401514c1ed2087f6b23c6967ee7279835cd3458b175c52143ee1028608110529271e9dec40c

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.cab

Filesize
469KB

MD5
b9414855bac1058ad6eda9cfa2258ab4

SHA1
6fe5c48c2c456551cc1cc48d9be60c6c947b50e0

SHA256
bec60b164779d488e47bc6136d3ab5183ca4285626960f3067cec61dd1d207a8

SHA512
1a71cbe1e772b94ffbae43627b7f77076059f5b970d52ebf58156dc66b9468122fc2719f58e9cf0dc0cc63ee152ab4aaeff6884251958a226d189bf23874bf0a

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

Filesize
590KB

MD5
9e8e20bebed7fc9c8dc3cffbf776546b

SHA1
af9908aa9e624775742bc056f93e8160f54cb54a

SHA256
6853776178f369b866af2dee1c72fd3a2888f48353f01b331a604a330fcdd71d

SHA512
0a8765a41957ddd783f962cda771763282d9ce9b8bac97eb1f2f5a23da577f3fba3f9bbbdf2e28e435349189fbf3e4293201465484150adef130cc584dca2ef5

Download Submit
C:\Program Files\Google\Chrome\Application\chrome.cab

Filesize
679KB

MD5
79d5cca9dce1d9df7845eab8fb79ebf2

SHA1
d97d5311629066dbe243875a09a0eb4eb8049a38

SHA256
5815957483bdd6cfee928c7b04601ae47ded5dfccc499a004b9226f8d5000094

SHA512
575cab3ebf4ed8e64e21d5bb15b0adb1ebe48e6dfa34a7ed1215794a4b743cdaf1459ba71d9822fc9a1c972672e67ed6fae113d20f813fc2c2fc220b5231a24a

Download Submit
C:\Program Files\Google\Chrome\Application\chrome.exe

Filesize
609KB

MD5
f5a17ab610ea37f16f734d8f0a81c8a1

SHA1
35121031dc74b298b0b7ae756e1426bcc90e3d17

SHA256
e2bbb87d62ad82b8f5e7650c5e983549928f6b940e715fe1f68f05e1fc49035a

SHA512
3bb362c61e27b9cd34a5e05ca58bfca7cb5ee2b03de61b1dade933aee0982f1d734c9f3dff231af8eca86c520909f11f9fe2c0e6ea9278d3b3ea9f4f3bd1c5b0

Download Submit
C:\Program Files\Google\Chrome\Application\chrome_proxy.cab

Filesize
480KB

MD5
94913b91f056c8e00edf3d5a43314130

SHA1
0bbc85c741bf326cd9433226367269f5ea9edd76

SHA256
2e0095cd394d501a50bdee57c07aa504ed9c6519196bda4622d90210a30f94b3

SHA512
f387e2ed57c8bce273672800b5d9e7f05b0ca3b3ecacbb855f7945fee66bcf2760cc6ce689a5dbd935bdaa7e456370ae5b04981af5c192e5c445809832f17514

Download Submit
C:\Program Files\Java\jdk1.7.0_80\bin\appletviewer.cab

Filesize
15KB

MD5
c9aaf1247944e0928d6a7eae35e8cdc4

SHA1
af91d57336d495bb220d8f72dcf59f34f5998fd3

SHA256
05b153ba07dc1a262fb1013d42bfc24d9000ce607f07d227593c975cdf0bb25b

SHA512
bf3bc64135810948626105a8f76dc4439e68ee531f20d901c3082ae2155f2ea35f34d408de44b46ede61ded832fcc61ac1cb9719e432f0f07b49479c95847e51

Download Submit
C:\Program Files\Java\jdk1.7.0_80\bin\apt.cab

Filesize
15KB

MD5
407d2d7dab36cdea871d4c6b9c62b258

SHA1
86cd158ad810c6772c22a5799c7acf4b9d7c9f57

SHA256
3c040679ea4be0cc5ca20c9f24caf6c13d3002560347e7446dc963b611523bd9

SHA512
dcdb53a3ca2a3637216a9d8133d1dbda336a6d3a98c6b956af42f94adbc136dc5a0245e87512d0314f23dbf3cab4900bc40ac13c79ee93a677d93a89e0cd9e17

Download Submit
C:\Program Files\Java\jdk1.7.0_80\bin\apt.exe

Filesize
103KB

MD5
8885bc44656c5d008618fca0b3a26df2

SHA1
73d1fb8d33e03bb271365cf5db0b78ea3dcec28c

SHA256
6c826a915f306e0c676fd085e777e77a28cb630ca60ab518a9d85695a4e3a34e

SHA512
3ea2b014759507ff8ab794acc654706c0deb5b084ffce615d19c80f8013351d821d843e622ecdada5464b10fa4a26e501cffa9cdaa0b3c9c8f58d32db4af321c

Download Submit
C:\Program Files\Java\jre7\bin\jabswitch.cab

Filesize
54KB

MD5
e795eb03297dd66d2efac2c33920a69f

SHA1
bf41799164d6ab2690c39afa458122ed82f2d0a8

SHA256
133afb441f29c697a5232752483ef2eecc297446f6db941bd68af7ed056cecf1

SHA512
6a334a07afadcd5c29c30add22142392bdc70d8ae0f36140f2ba7c9b4e70a9efd87b7fbd8b3ef862cea7aebdddfd18bb0521308d9a69070ae4a84432f522c4ef

Download Submit
C:\Program Files\Java\jre7\bin\java-rmi.cab

Filesize
15KB

MD5
d3827115574d8b0ecbaeb03528c6d1a4

SHA1
2733607537ffc00e038039af7eba24601db6fbeb

SHA256
6ad5b065b3f612d89127b89033aaaff995942187f917144dbe28e656c3ba348f

SHA512
2a1f131960f452d1012a43597f2ac9df0edc22b6aa68fd52eabf4a4249d86c7776d625e00e7c5dbd4f35add9e31cbc02674be40714f9aa5f3a2f458419303c18

Download Submit
C:\Program Files\Microsoft Games\Chess\Chess.cab

Filesize
14KB

MD5
90d34d806bb7a4aba2260125cdce66c0

SHA1
50eb1f6c6d963f67b8dced33066401643e6216fc

SHA256
6dec8068b5200468af3fcd096dea9536c58f9bf1258d46a41060f78f5c36128f

SHA512
49c5eaacd00ac5631ed549ce0fe1ab900c8bf6c21d706a494b846772b8f7c1ba72e57e69bb7ff75416f5c3d4d11c711b2646ef2ed058bcbb4c8ce0b2e6ccfaa9

Download Submit
C:\Program Files\Microsoft Office\Office14\MSOHTMED.cab

Filesize
18KB

MD5
c076e122f9e6d992ab5c979144af34c2

SHA1
72d449082884a4ee4509bd902288f5f927a21565

SHA256
2779c41133b2fce54e393042a8c30db0a11f4e1cd99cf86698e188a93d13b8f8

SHA512
ffc866e512e8d08a290701cf6682c218eb97daaff9d4cc793cd37dd99341be2bcee19059065c274dea4ec2d572d1496f61bf0cd823227170a31852e95aea6611

Download Submit
C:\Program Files\Mozilla Firefox\crashreporter.cab

Filesize
262KB

MD5
73603c36b4d1522c3402d67ecf657312

SHA1
6a964ae5d681455c320ea0f8611b79a99a35b283

SHA256
7fb934da4bebc1cb81c3e9f5be4dbb3e43aa8098b6e63f5e0b97b3cc105830b4

SHA512
5fdc5f8ab72bd05ebea6068c896a7805211a9bdccf0167f48ac456a1e4283b59001e588d7349e34f8511fa297f98af8d5140c883e6d4a192af8d350a433c0238

Download Submit
C:\Program Files\Mozilla Firefox\default-browser-agent.cab

Filesize
697KB

MD5
3fa2910cbd44b17be47ff26ef27c5157

SHA1
d8a2bbcd3c88671b48478db293c61268fc24accf

SHA256
d448206c75c51f8a44a1c7fd5dabb8b0505f670ecb2e5d2adf55791b9cef1b0c

SHA512
16b70c679db2ba74a98f99956984fa044e96c821ccd5521b4882134c705b823674891d0521dc49c2391d5c184bbbd0c6d68890df65aad1972113aeda4f3b944a

Download Submit
C:\Program Files\Mozilla Firefox\uninstall\helper.cab

Filesize
901KB

MD5
a4ae954571cf186347d792c8fd2f64b0

SHA1
f54a124727f01954f3d186fb94c2cb4be1ee0771

SHA256
7f60960e190f35bfd05b98d17da8e3a98d9e1cf00d8c4b97e7ce3aaaace44e52

SHA512
e1713cce92788f224df637318ff3ace06c7e52ef01ac2c9b1a0cd92b1f2e5657b26e5a52d2cd284893e6a5b9c32280032b28c7e4970156eee3991555cdafc5b1

Download Submit
C:\Program Files\VideoLAN\VLC\uninstall.cab

Filesize
228KB

MD5
5ba8b6e3a9d08a4fd4f71eed8cc56275

SHA1
5bfd77c8ddbca1dd2d4e6a9e08a0d89b50a654d0

SHA256
e202657abb97ac953185c97f0d4e3d3133fe760d8b8c4e97a2c53d94bb8d58e2

SHA512
e8242d974ff4c103cc1af4d44e55070abca619dfbae0fe450fb2dbe165a0af629c5e010bc0cbc5d7a8d40a2c420aacb3857f4d410f65235da8099379458fe419

Download Submit
C:\Program Files\VideoLAN\VLC\vlc-cache-gen.cab

Filesize
137KB

MD5
b2bf2621b184914d48bb147d38f64392

SHA1
b733404cf4231a069d47ca68b88118ddf05b18e0

SHA256
276c5e546732a7b5585670943c84fe4ea782a601ad54ad4248605ad4ee916210

SHA512
2966c8222af45c16c38a8341036ee58f65463d9874cc871639760b395cd8a3252e962b347e4b27c3aaf5735caeb5fc3154a29092d686642b66b49682662a168a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg

Filesize
135KB

MD5
e55a6b3e8e165e589d1d00af488242d1

SHA1
fcdc9016b22f06b5232af1cc1c0cdf95424a3405

SHA256
177dd9114b30dcbc2628a50de5b700dca77a5059b78d513a0adf4b0dafcd9d92

SHA512
b303783193b04587de8d6d58b678416b66efcc9bfef1a4857d3c6d105c4709c65ffc37313cff2ed1a0ebdc2fa050ea826955b8053e311a11a05c2b319990a1a3

Download Submit
memory/2240-1-0x0000000000400000-0x0000000000461000-memory.dmp

Filesize
388KB

Download
memory/2240-605-0x0000000000400000-0x0000000000461000-memory.dmp

Filesize
388KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads