Analysis

  • max time kernel
    150s
  • max time network
    156s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240412-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
  • submitted
    16-04-2024 21:33

General

  • Target

    da.exe

  • Size

    74KB

  • MD5

    34d549036b65d2b2c0fbb7f32c09f23f

  • SHA1

    092881db1bff62c1a38342dd9e7810dcdd57dfda

  • SHA256

    429cd5a05d36ca2339d2868a35154b5c5d402906ef0110cce91e9feb064a484f

  • SHA512

    1b3db64224ff125940e3a131e590ca47dfb523e3965d27083a6832e7907ee05854d26beaa4c1205b1397d4fd13e9f141d26b64ed5fbc45b463743e738135742e

  • SSDEEP

    1536:CUd8cxMcpCn6PMVx5hmOwIXc1bX/FC9c39QzcGLVclN:CUecxMmw6PMV3hhc1bXtI49QfBY

Score
10/10

Malware Config

Extracted

Family

asyncrat

Version

Venom RAT + HVNC + Stealer + Grabber v6.0.3

Botnet

Default

C2

66.66.146.74:9511

Mutex

kisomdocpgpwpanh

Attributes
  • delay

    1

  • install

    true

  • install_file

    Win32.exe

  • install_folder

    %AppData%

aes.plain

Signatures

  • AsyncRat

    AsyncRAT is designed to remotely monitor and control other computers written in C#.

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Modifies registry class 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 33 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\da.exe
    "C:\Users\Admin\AppData\Local\Temp\da.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:212
  • C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
    1⤵
      PID:2096
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe"
      1⤵
      • Enumerates system info in registry
      • Modifies data under HKEY_USERS
      • Modifies registry class
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of WriteProcessMemory
      PID:3772
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0x104,0x128,0x7ff8857aab58,0x7ff8857aab68,0x7ff8857aab78
        2⤵
          PID:1716
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1724 --field-trial-handle=1700,i,685148326461182424,17017574187152532492,131072 /prefetch:2
          2⤵
            PID:4156
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2112 --field-trial-handle=1700,i,685148326461182424,17017574187152532492,131072 /prefetch:8
            2⤵
              PID:3480
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2304 --field-trial-handle=1700,i,685148326461182424,17017574187152532492,131072 /prefetch:8
              2⤵
                PID:1260
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2992 --field-trial-handle=1700,i,685148326461182424,17017574187152532492,131072 /prefetch:1
                2⤵
                  PID:4372
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3000 --field-trial-handle=1700,i,685148326461182424,17017574187152532492,131072 /prefetch:1
                  2⤵
                    PID:2244
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4420 --field-trial-handle=1700,i,685148326461182424,17017574187152532492,131072 /prefetch:1
                    2⤵
                      PID:1856
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4128 --field-trial-handle=1700,i,685148326461182424,17017574187152532492,131072 /prefetch:8
                      2⤵
                        PID:3084
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4164 --field-trial-handle=1700,i,685148326461182424,17017574187152532492,131072 /prefetch:8
                        2⤵
                          PID:1440
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4784 --field-trial-handle=1700,i,685148326461182424,17017574187152532492,131072 /prefetch:8
                          2⤵
                            PID:3752
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4952 --field-trial-handle=1700,i,685148326461182424,17017574187152532492,131072 /prefetch:8
                            2⤵
                              PID:2856
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3640 --field-trial-handle=1700,i,685148326461182424,17017574187152532492,131072 /prefetch:8
                              2⤵
                                PID:4868
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4960 --field-trial-handle=1700,i,685148326461182424,17017574187152532492,131072 /prefetch:1
                                2⤵
                                  PID:4848
                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4328 --field-trial-handle=1700,i,685148326461182424,17017574187152532492,131072 /prefetch:1
                                  2⤵
                                    PID:4704
                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3488 --field-trial-handle=1700,i,685148326461182424,17017574187152532492,131072 /prefetch:1
                                    2⤵
                                      PID:4776
                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3060 --field-trial-handle=1700,i,685148326461182424,17017574187152532492,131072 /prefetch:8
                                      2⤵
                                        PID:3428
                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5168 --field-trial-handle=1700,i,685148326461182424,17017574187152532492,131072 /prefetch:8
                                        2⤵
                                          PID:1564
                                      • C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
                                        "C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
                                        1⤵
                                          PID:4428

                                        Network

                                        MITRE ATT&CK Enterprise v15

                                        Replay Monitor

                                        Loading Replay Monitor...

                                        Downloads

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                          Filesize

                                          576B

                                          MD5

                                          0fc2ab5e026737163dc2913d39edc630

                                          SHA1

                                          b28340d2a0832a75b9d1ddd79e34e57ffcb7c721

                                          SHA256

                                          52b9a23d0b7d2dbfeb6cafdaab11b87fb95dcce2e7090c52548fe2c9cf9f8dc9

                                          SHA512

                                          2225260db3a6d703832ae1eb95e2de4868d48898e17db683f84a31885b1898af3fe26ff7c88a4c005b57e0043110292360c39b2063ac4ba581c2957db6c26d7e

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                          Filesize

                                          4KB

                                          MD5

                                          752f7c8b49740310a8fda3d085243ea2

                                          SHA1

                                          26fdc51157c6b6f614c673741510adcf64e45aab

                                          SHA256

                                          8ab7afa825b31907811a95e8d4fd760e01f2bc451aed113598290081be8cbf38

                                          SHA512

                                          08c4e71d1812c80938bbcd823698a84cbe0c7e84af0a35459ccc21da72dec12b32d867f6fbf3f5a4b54a4a59bf11c990679041f21e8f209c12837fa19ad1a270

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

                                          Filesize

                                          2B

                                          MD5

                                          d751713988987e9331980363e24189ce

                                          SHA1

                                          97d170e1550eee4afc0af065b78cda302a97674c

                                          SHA256

                                          4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                          SHA512

                                          b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                          Filesize

                                          354B

                                          MD5

                                          c160463ca2297c2f82102e4cf7000d27

                                          SHA1

                                          676da9774a42697b25938097404fa01a4e1b6989

                                          SHA256

                                          0e103ae641f94e781a52b67bc3f434986677e52206de746305e4c1fb6021947b

                                          SHA512

                                          dce2845c2b7fe0641ba2a4b15eb74b83d601595749a7892daf931fe178772c1ead564d1ead20340b1b473f2d78e91e1bf08e6f4ac4ec84769d0b70edf05bd3c4

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                          Filesize

                                          522B

                                          MD5

                                          82fb0fb23acf757c8c86897dd737520a

                                          SHA1

                                          249f3261d4a4239db0dde3db67da26d132dd82d0

                                          SHA256

                                          2cf46155a12c7715f57061257b278758ae5eb21c780eaebcb0288c55b7f93dd5

                                          SHA512

                                          51a07a8958caa9e9b21c307e825603311af245cdef5b920fd5224c00b1e609bf8a6186f2b55a225b7276e5d6fd2231a0ceafab1004d353ebe7ddf738b0ce1ebc

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                          Filesize

                                          1KB

                                          MD5

                                          6ac488d29a52c048149b2868c2185160

                                          SHA1

                                          b33b01749230c6bcc1697c0ddee7e4d7654f4578

                                          SHA256

                                          3cb3c4a93b35c7f2cb43861d6d87a103fc2cf9448b0409376a80376d3b1bfaab

                                          SHA512

                                          e2fac5dc8b3f61c3d78066c31ea355d0bf9cabb5b8acbc058521d0bbfcabeb6116aa77a13fff6730191d4430ee10ff922127ac26915511509d17cf9d6e7f734c

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                          Filesize

                                          522B

                                          MD5

                                          490bb378a9ccfa33ff8bb7a412718e5d

                                          SHA1

                                          b1a27066e6fcde084334b05e25d30e12dddc25fd

                                          SHA256

                                          7106f0423f5ba47aa6cdbcb7121680d500846f3b5074e75e36a1fdc871a22617

                                          SHA512

                                          da0ca763bae95459b0c084dce30e043e56bf901c872fb15068782f95f09df4a95a751acf3745cf001418bc08a1e6fd057667a09edf5bfd22812a45f51943f31e

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                          Filesize

                                          1KB

                                          MD5

                                          2107311f0230afd23584c40ac25d3945

                                          SHA1

                                          f1da6bcbd0d17ca77e113b460c7c7cc4d4f0b47d

                                          SHA256

                                          37bb7404b4b54753c3022bfd577cda9314975957ed9ca748d43b93cd9dfe412e

                                          SHA512

                                          fe704a223365b4e36265483dd0b07ed956034f178d61f2f40e2764e897e7f3be5d5bebe0373dd96830e993e0f8a09fdafebff51964664091c931ac0cbdef0bd7

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\a61b6b94-da13-490a-8bb7-f1a66956a5e6.tmp

                                          Filesize

                                          522B

                                          MD5

                                          4a1b28c7099cf801b368530e2579c190

                                          SHA1

                                          4b093ee7304a47208325c68644ed88a74f19125d

                                          SHA256

                                          834db4fc016530fbae27f02d2536feb16e240eb8d1579ea0e69446dbd159d461

                                          SHA512

                                          698e4ace25aa2055f66a5a5e5aa525869cfa5e6e014c7b8184e41cb910ea8919af78011f048e9add2e5ad77a6e4f6645ef22fa222a4be81523fa686bd8d71a31

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                          Filesize

                                          6KB

                                          MD5

                                          71f43b9995dc556f040c03becfc4cfe0

                                          SHA1

                                          e91786141342f7d375bcf6db5bffb9c055dd5f8e

                                          SHA256

                                          dc5ada1f749dadcd5d23159352341880c745af0054018bdf162dfa1e4944b5d8

                                          SHA512

                                          bafbc36cf0ccb390adf9a28661c357b26cddac697e499f86287577b9d6c88a81052b06b71f276d410830de7fd0276278691d39692a230ceb46035e618397e041

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                          Filesize

                                          7KB

                                          MD5

                                          52a58bf3ac35d6a5f5355e7ae02ae2e5

                                          SHA1

                                          3e413ce2e79b91087b4a728e27d945dcc74fc136

                                          SHA256

                                          2e079405efa1aa6f359b67c8a3a7a647d79170b2da746372002506d756769fe4

                                          SHA512

                                          660627b10d9af893ee9417bf1d577b1adcf5008b8710087a35acc4040a6b809bbbebb144b1cd683bb48f10f9bf3aa70e6ac6b85e278f662314ffd9487f3d2dc8

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                          Filesize

                                          7KB

                                          MD5

                                          2e18be2f5bbd95b1d1ed21cb5a92c57a

                                          SHA1

                                          12df6f03c2f260ec6ed83990e78f2bca36ed84e9

                                          SHA256

                                          598932a1cbd513005c0f4094465df90aa87a82c570e5a8043f7a8e0846a06a4e

                                          SHA512

                                          939e6c87e01e2f5a7f88e22682d120b4064f966accd5f7171afca177d262a7f796329d96a6d9c0ac1d371b729c9c76d87935997196f9e0be7df90e9e05795e0c

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                          Filesize

                                          7KB

                                          MD5

                                          5827fa4489be87f9c4179b773e648c9e

                                          SHA1

                                          65ca4656dfe473a578c9c87bb917212b50b73941

                                          SHA256

                                          aa416c62e3fa64be59718c8a9d8038288abf654ea721116067a1f48ec5d40471

                                          SHA512

                                          2164cdc93cc5e11c3b07f58299ba4992fb5891e8c63df05fdc06d1e69e295429abff1b986e0844e33e0e2768aff1c6e0a6593302110f4cabcebf9324d47a8f8e

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

                                          Filesize

                                          16KB

                                          MD5

                                          cfb743665f1317f1520838d7e5cfc4dc

                                          SHA1

                                          1cb5d71fec376e04718df50f5a98f693c9d56c8d

                                          SHA256

                                          50964b15f78a30e689d567d94f0bc49d1b3f67c39a08b440b0f82433e5904dcb

                                          SHA512

                                          8147aaa8e7af284a572006b1c8281abde2e9fa1d15a8fcf754cc322ed8d841339ae0c10e3691a925a12b8450ee55f1f9bd9e8db4a84cb91ca34d58a57532c359

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

                                          Filesize

                                          56B

                                          MD5

                                          ae1bccd6831ebfe5ad03b482ee266e4f

                                          SHA1

                                          01f4179f48f1af383b275d7ee338dd160b6f558a

                                          SHA256

                                          1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649

                                          SHA512

                                          baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe58b5de.TMP

                                          Filesize

                                          120B

                                          MD5

                                          e5a414dfb58ad487222303e097b6bb6d

                                          SHA1

                                          73f977d7e9e7c312e82e47001098b39fd7363064

                                          SHA256

                                          ce64b9378c327134ef118a49e6892f020af9d238850d4985988188977c8fadf9

                                          SHA512

                                          0c487229826f1d8bb1b87df769f468acbd464c4bef27de683926830ce4317a61f08385da3f677f0e5e656ad3a84d00586e1219ad6a9613e0ce44925f3a4b7367

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                          Filesize

                                          251KB

                                          MD5

                                          4d0eebb5f1990ba77aec566b2ec61bd5

                                          SHA1

                                          5947ec0dfd772727b4d3bc633561c9b828351e6f

                                          SHA256

                                          8bd11ddadeb19ecd5ab080566e18ec6b8098af7d26b555bd1ca2c1b15971f625

                                          SHA512

                                          2946ff82578894e641780ff95d0c4f29bdecd72c51c6a6791981167780a5a801a23df28dad3e1b5d5178d98e62a2b5afb50f0131bf4b38ab0e0289118ef5d540

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

                                          Filesize

                                          97KB

                                          MD5

                                          23f7d12ddf941e816d13bea1642d1cff

                                          SHA1

                                          672f4bfa0cf85225b9604a76896cf8274cdbbc40

                                          SHA256

                                          c589ce499c68b7639e35f6203f4d9a93c8458d26969f52fa45eecbb4138c857c

                                          SHA512

                                          c65b365afc5d0b04678bd980e98daf34f4159789a612adde9f88d6290879f8d063eeda2fdfce44a425d7e7395ed46066db365d88ba6178c9103ae8d3ed3b523e

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe59912a.TMP

                                          Filesize

                                          89KB

                                          MD5

                                          7581aeb3935731ef761fedf7081aed58

                                          SHA1

                                          b2e3c0d4f49b6abea6c327ca8c785debcd0a13fb

                                          SHA256

                                          4d6ab2316de730b4d946845215e8b3b8eda33107d4f6d511fb74b60b947e203c

                                          SHA512

                                          a2a039c6a6b0d39a57b862be203ab33c7801eac5727bc8812aff18a1a0bc7d2c3711ce5b4e386aa922ffc7362fc1d30e58105d82c237aad3171c2b6ecf7ccbed

                                        • C:\Users\Admin\Downloads\Ransomware.WannaCry.zip

                                          Filesize

                                          3.3MB

                                          MD5

                                          efe76bf09daba2c594d2bc173d9b5cf0

                                          SHA1

                                          ba5de52939cb809eae10fdbb7fac47095a9599a7

                                          SHA256

                                          707a9f323556179571bc832e34fa592066b1d5f2cac4a7426fe163597e3e618a

                                          SHA512

                                          4a1df71925cf2eb49c38f07c6a95bea17752b025f0114c6fd81bc0841c1d1f2965b5dda1469e454b9e8207c2e0dfd3df0959e57166620ccff86eeeb5cf855029

                                        • memory/212-3-0x000000001B520000-0x000000001B530000-memory.dmp

                                          Filesize

                                          64KB

                                        • memory/212-4-0x00007FF87BCE0000-0x00007FF87C7A1000-memory.dmp

                                          Filesize

                                          10.8MB

                                        • memory/212-2-0x00007FF87BCE0000-0x00007FF87C7A1000-memory.dmp

                                          Filesize

                                          10.8MB

                                        • memory/212-0-0x00000000006D0000-0x00000000006E8000-memory.dmp

                                          Filesize

                                          96KB