5c49f6b37bdf7569b1f19a9653a923d132d5deef56698b6499e99bf99749558c

Analysis

max time kernel
150s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
09/04/2024, 14:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ea2637027829799647435b3893f21f3a_JaffaCakes118.exe
Size

744KB
MD5

ea2637027829799647435b3893f21f3a
SHA1

b3b34845ec8c4d0b65ccaa9beba9740735ac0949
SHA256

5c49f6b37bdf7569b1f19a9653a923d132d5deef56698b6499e99bf99749558c
SHA512

091ddcc241138e21ce51679eb5985a2ef08f1a063c7ade408659cecbd7f28be290b03feb825eb4c990464b045737978b76a170d31bfcc08ff6b2fdd2456e912d
SSDEEP

12288:N9OvHiWYJde4ZCCiJ4GbtwAtKFmriAPqt6yXmkYriDw74ClpOoIkqSfGw3i6+3Qi:SvH/Yne4ZJGbaAtKFmrw6yYCwblpOoIX

Score

7^/10

adware persistence stealer

Malware Config

Signatures

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-513485977-2495024337-1260977654-1000\Control Panel\International\Geo\Nation	ea2637027829799647435b3893f21f3a_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-513485977-2495024337-1260977654-1000\Control Panel\International\Geo\Nation	rinst.exe

Executes dropped EXE 3 IoCs

pid	Process
1016	rinst.exe
4640	ChipF2 7.0.exe
2432	windows.exe

Loads dropped DLL 5 IoCs

pid	Process
2432	windows.exe
4640	ChipF2 7.0.exe
2432	windows.exe
2432	windows.exe
548	ea2637027829799647435b3893f21f3a_JaffaCakes118.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\windows = "C:\\Windows\\SysWOW64\\windows.exe"	windows.exe

Installs/modifies Browser Helper Object 2 TTPs 2 IoCs

BHOs are DLL modules which act as plugins for Internet Explorer.

stealer adware

Modify Registry

T1112

Browser Extensions

T1176

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1E1B2879-88FF-11D3-8D96-D7ACAC95951A}	windows.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1E1B2879-88FF-11D3-8D96-D7ACAC95951A}\ = "PK IE Plugin"	windows.exe

Drops file in System32 directory 7 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\windowswb.dll	rinst.exe
File created	C:\Windows\SysWOW64\inst.dat	rinst.exe
File created	C:\Windows\SysWOW64\rinst.exe	rinst.exe
File opened for modification	C:\Windows\SysWOW64\pk.bin	windows.exe
File created	C:\Windows\SysWOW64\pk.bin	rinst.exe
File created	C:\Windows\SysWOW64\windows.exe	rinst.exe
File created	C:\Windows\SysWOW64\windowshk.dll	rinst.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 46 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{1E1B286C-88FF-11D3-8D96-D7ACAC95951A}\1.0\0	windows.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1E1B2878-88FF-11D3-8D96-D7ACAC95951A}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	windows.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1E1B2878-88FF-11D3-8D96-D7ACAC95951A}\TypeLib\ = "{1E1B286C-88FF-11D3-8D96-D7ACAC95951A}"	windows.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1E1B2878-88FF-11D3-8D96-D7ACAC95951A}\TypeLib\Version = "1.0"	windows.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\PK.IE\ = "IE Class"	windows.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1E1B2879-88FF-11D3-8D96-D7ACAC95951A}	windows.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1E1B2879-88FF-11D3-8D96-D7ACAC95951A}\VersionIndependentProgID\ = "PK.IE"	windows.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1E1B2879-88FF-11D3-8D96-D7ACAC95951A}\TypeLib	windows.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{1E1B286C-88FF-11D3-8D96-D7ACAC95951A}\1.0	windows.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1E1B2878-88FF-11D3-8D96-D7ACAC95951A}\ = "IViewSource"	windows.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\PK.IE.1\CLSID\ = "{1E1B2879-88FF-11D3-8D96-D7ACAC95951A}"	windows.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1E1B2879-88FF-11D3-8D96-D7ACAC95951A}\ProgID	windows.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1E1B2879-88FF-11D3-8D96-D7ACAC95951A}\InprocServer32\ = "C:\\Windows\\SysWow64\\windowswb.dll"	windows.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1E1B2879-88FF-11D3-8D96-D7ACAC95951A}\TypeLib\ = "{1E1B286C-88FF-11D3-8D96-D7ACAC95951A}"	windows.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{1E1B286C-88FF-11D3-8D96-D7ACAC95951A}\1.0\0\win32	windows.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1E1B2878-88FF-11D3-8D96-D7ACAC95951A}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	windows.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\PK.IE	windows.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\PK.IE\CLSID	windows.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1E1B2879-88FF-11D3-8D96-D7ACAC95951A}\InprocServer32	windows.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{1E1B286C-88FF-11D3-8D96-D7ACAC95951A}\1.0\FLAGS\ = "0"	windows.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\PK.IE.1	windows.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\PK.IE.1\ = "IE Plugin Class"	windows.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1E1B2879-88FF-11D3-8D96-D7ACAC95951A}\ProgID\ = "PK.IE.1"	windows.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{1E1B286C-88FF-11D3-8D96-D7ACAC95951A}\1.0\FLAGS	windows.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1E1B2878-88FF-11D3-8D96-D7ACAC95951A}\ = "IViewSource"	windows.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1E1B2878-88FF-11D3-8D96-D7ACAC95951A}\TypeLib\ = "{1E1B286C-88FF-11D3-8D96-D7ACAC95951A}"	windows.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1E1B2878-88FF-11D3-8D96-D7ACAC95951A}\TypeLib\Version = "1.0"	windows.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\PK.IE\CurVer\ = "PK.IE.1"	windows.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1E1B2879-88FF-11D3-8D96-D7ACAC95951A}\ = "IE Plugin Class"	windows.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{1E1B286C-88FF-11D3-8D96-D7ACAC95951A}\1.0\HELPDIR\ = "C:\\Windows\\SysWow64\\"	windows.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1E1B2878-88FF-11D3-8D96-D7ACAC95951A}	windows.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1E1B2878-88FF-11D3-8D96-D7ACAC95951A}	windows.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1E1B2878-88FF-11D3-8D96-D7ACAC95951A}\ProxyStubClsid32	windows.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\PK.IE\CLSID\ = "{1E1B2879-88FF-11D3-8D96-D7ACAC95951A}"	windows.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\PK.IE\CurVer	windows.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1E1B2879-88FF-11D3-8D96-D7ACAC95951A}\VersionIndependentProgID	windows.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1E1B2879-88FF-11D3-8D96-D7ACAC95951A}\InprocServer32\ThreadingModel = "Apartment"	windows.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{1E1B286C-88FF-11D3-8D96-D7ACAC95951A}	windows.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{1E1B286C-88FF-11D3-8D96-D7ACAC95951A}\1.0\0\win32\ = "C:\\Windows\\SysWow64\\windowswb.dll"	windows.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1E1B2878-88FF-11D3-8D96-D7ACAC95951A}\TypeLib	windows.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\PK.IE.1\CLSID	windows.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1E1B2879-88FF-11D3-8D96-D7ACAC95951A}\Programmable	windows.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{1E1B286C-88FF-11D3-8D96-D7ACAC95951A}\1.0\ = "BPK IE Plugin Type Library"	windows.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{1E1B286C-88FF-11D3-8D96-D7ACAC95951A}\1.0\HELPDIR	windows.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1E1B2878-88FF-11D3-8D96-D7ACAC95951A}\ProxyStubClsid32	windows.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1E1B2878-88FF-11D3-8D96-D7ACAC95951A}\TypeLib	windows.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2432	windows.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
2432	windows.exe
2432	windows.exe
2432	windows.exe
2432	windows.exe
2432	windows.exe
2432	windows.exe
2432	windows.exe
2432	windows.exe
2432	windows.exe
2432	windows.exe
2432	windows.exe
2432	windows.exe
2432	windows.exe
2432	windows.exe
2432	windows.exe
2432	windows.exe
2432	windows.exe
2432	windows.exe
2432	windows.exe
2432	windows.exe
2432	windows.exe
2432	windows.exe
2432	windows.exe
2432	windows.exe
2432	windows.exe
2432	windows.exe
2432	windows.exe
2432	windows.exe
2432	windows.exe
2432	windows.exe
2432	windows.exe
2432	windows.exe
2432	windows.exe
2432	windows.exe
2432	windows.exe
2432	windows.exe
2432	windows.exe
2432	windows.exe
2432	windows.exe
2432	windows.exe
2432	windows.exe
2432	windows.exe
2432	windows.exe
2432	windows.exe
2432	windows.exe
2432	windows.exe
2432	windows.exe
2432	windows.exe
2432	windows.exe
2432	windows.exe
2432	windows.exe
2432	windows.exe
2432	windows.exe
2432	windows.exe
2432	windows.exe
2432	windows.exe
2432	windows.exe
2432	windows.exe
2432	windows.exe
2432	windows.exe
2432	windows.exe
2432	windows.exe
2432	windows.exe
2432	windows.exe

Suspicious use of SetWindowsHookEx 9 IoCs

pid	Process
2432	windows.exe
2432	windows.exe
2432	windows.exe
2432	windows.exe
2432	windows.exe
2432	windows.exe
2432	windows.exe
2432	windows.exe
2432	windows.exe

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 548 wrote to memory of 1016	548	ea2637027829799647435b3893f21f3a_JaffaCakes118.exe	87
PID 548 wrote to memory of 1016	548	ea2637027829799647435b3893f21f3a_JaffaCakes118.exe	87
PID 548 wrote to memory of 1016	548	ea2637027829799647435b3893f21f3a_JaffaCakes118.exe	87
PID 1016 wrote to memory of 4640	1016	rinst.exe	89
PID 1016 wrote to memory of 4640	1016	rinst.exe	89
PID 1016 wrote to memory of 4640	1016	rinst.exe	89
PID 1016 wrote to memory of 2432	1016	rinst.exe	90
PID 1016 wrote to memory of 2432	1016	rinst.exe	90
PID 1016 wrote to memory of 2432	1016	rinst.exe	90

C:\Users\Admin\AppData\Local\Temp\ea2637027829799647435b3893f21f3a_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\ea2637027829799647435b3893f21f3a_JaffaCakes118.exe"
1⤵
- Checks computer location settings
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:548
- C:\Users\Admin\AppData\Local\Temp\RarSFX0\rinst.exe
  "C:\Users\Admin\AppData\Local\Temp\RarSFX0\rinst.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Drops file in System32 directory
  - Suspicious use of WriteProcessMemory
  PID:1016
- - C:\Users\Admin\AppData\Local\Temp\RarSFX0\ChipF2 7.0.exe
    "C:\Users\Admin\AppData\Local\Temp\RarSFX0\ChipF2 7.0.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:4640
- - C:\Windows\SysWOW64\windows.exe
    C:\Windows\system32\windows.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Adds Run key to start application
    - Installs/modifies Browser Helper Object
    - Drops file in System32 directory
    - Modifies registry class
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of SetWindowsHookEx
    PID:2432

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Browser Extensions

T1176

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\RarSFX0\ChipF2 7.0.exe

Filesize
550KB

MD5
b4216357a95047821202f652526ff243

SHA1
d76919fa0901a3f25c7ba7d7bd46f6e4de8ff687

SHA256
d5baa033bb99b4e3cf83f2eddbf734277e0284b2ec508312d36fba1d19c125be

SHA512
160b27a3906842bc0d3025a8725a16975de10a25613a7797b861513106fdfc5a343a0df9d3f0062388902f8f847730850ac7c7610439a773ff3104e1365e130b

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\inst.dat

Filesize
996B

MD5
bfa23487158db33016c8e83faa642df4

SHA1
d893b606f60a0a96f5c23c08c485c60f7d2c2727

SHA256
9d95c35294079c11e4d409a14fb9574a1c7d0285e9abb77ccaae7d99835edd6c

SHA512
16bb9e1d2cd56677926ca96bfa5de637a2a248ede527a14c48ab83219b3f414dbc0bf05732f1dd420006fbdf565b22e8627911f90310076d77c57f6d28ee672e

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\pk.bin

Filesize
4KB

MD5
e2b3126f6be358c0892390e282e7d6b0

SHA1
deaf2ef984d1ff283434fc13570c260dd441c7b9

SHA256
58b4cfaf671ab57f7d8f9bd33724eb909b38cd334885cfd077406a799e8fe89f

SHA512
6779192a82d8837598b9beb2bfee0dfcf52e1830e581c4295cd1f85cb096ae63cc65726515392cb5761576dcf215065c2cd4e395596a8be2c054fc31f91eccff

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\rinst.exe

Filesize
7KB

MD5
fbe4bab53f74d3049ef4b306d4cd8742

SHA1
6504b63908997a71a65997fa31eda4ae4de013e7

SHA256
446658dd5af649857fff445c600f26cdc1d0c19c86a080f312b89b1890182092

SHA512
d458ab806a3ed3d1494a13ad8a75df874a0b227cb4f337996cb82df3c4a26dc9c4fe48a664b53b052a4af123ea8d89911d9d9493870e6b5992d5621a32260c2f

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\windows.exe

Filesize
424KB

MD5
528c82a00330336cb4d1aaf9dbac7b1e

SHA1
fc1cc799b3aa229a97cb077781ceb1ca2971d4a6

SHA256
6b172b4a67c49f927188fb73eeead69f0c7de330bb01976dd86f89822e2a982b

SHA512
24fa5e082c65653dddfb5badd46736a5073d977067b49f30ced934492522dd450a51105318ad26d1beab9f1342c6202eaaa7b90badb2068093462f13339eb1db

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\windowshk.dll

Filesize
24KB

MD5
1890147d6115f1569f24eb6b21e482cd

SHA1
767322bce814a3cc2831e4907f6cfda1c97a3822

SHA256
c1af78b1de40a483356bb5f9d326a76fe0ca20964e413b483495ae878a64d5d8

SHA512
1cbdb43890205af3862d6a77b751c48b1b5b8f1a05133fd012408cc3d8f4c67b04a8416c201cd90354eb39d09e979d14513a49de18d7642f87872357dbf4c04b

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\windowswb.dll

Filesize
40KB

MD5
c8f8519eda854af35f03e56ef14aee6e

SHA1
dd5bd23b60b2c9f3e8d96ca1616d5d36ffaecb48

SHA256
254660543a306e520ebc2c3fd4bbbfda6775154417db8f5fc3a4cd45cb85faef

SHA512
ee77fb75a5a2f0f7bec34237466f63a81e8e4b972540fd6c49bf8a89e5cf6da92c23f605cebfd761f8d7a758c826e199f65fd4a9992122bf66936f08e31ee242

Download Submit
C:\Windows\SysWOW64\pk.bin

Filesize
4KB

MD5
68662e54184408c7ff882524077a3ab4

SHA1
41da14b2564804add5fcec1f9f0eb68834547d37

SHA256
540806b486d248979af70de8a7bd89304f3de019aa4e77255da5f73c01b403b3

SHA512
443683e01dc747dff32b4e7bd910f6a82b98118e4d7d7a561a5f283d568ba7a3e6db6a976785b5819ea392744e0e25c29342c0867e6c13354418075957bf02b7

Download Submit
C:\Windows\SysWOW64\windows.exe

Filesize
424KB

MD5
994ffae187f4e567c6efee378af66ad0

SHA1
0cc35d07e909b7f6595b9c698fe1a8b9b39c7def

SHA256
f0b707b1ab25024ba5a65f68cd4380a66ef0ce9bb880a92e1feee818854fe423

SHA512
bd5320327a24fbab8934395d272869bfa97d77a2ee44ac6eec8fa79b3ffbd4a049bf9dfeeb6b8cc946c295a07bd07ddba41d81c76d452d2c5587b4bf92559e0a

Download Submit
C:\Windows\SysWOW64\windowshk.dll

Filesize
24KB

MD5
9ac9028338d1b353a7cacb563bb91df7

SHA1
a20c5dee8f05c91686324cec2d5b092bafe58339

SHA256
93c0e7f41d5d74217189e4cc2d5cdb8f97d8e5eeef0a0dcf4cecd67e3393682c

SHA512
ac83c8f7b6fe913487015d8d7a2e430e917d230b6b2907150f6c4a73bf64c3a02320dddc29fea03db5df8ac5620d8a902fe7be80ba1b1bd1e6f5b8b1b016ddfe

Download Submit
C:\Windows\SysWOW64\windowswb.dll

Filesize
40KB

MD5
21d4e01f38b5efd64ad6816fa0b44677

SHA1
5242d2c5b450c773b9fa3ad014a8aba9b7bb206a

SHA256
3285df0c25d4b9b6d5ccbe166a3ce3d04f5cb3a0d61c8bf29bf5f953e51b0977

SHA512
77dae941676a56664da89c7670d29ed5402032c8040df1cc231986733c78f0dc56c41f7a276ec9ea8336e3fa2bfc68d3121048e9585bf0d8a98917d799f669b8

Download Submit
memory/548-68-0x0000000000400000-0x0000000000412000-memory.dmp

Filesize
72KB

Download
memory/4640-69-0x0000000000400000-0x0000000000422000-memory.dmp

Filesize
136KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads