86c311f7a2e56d5deedad7dfafab3eb0a16f10444934968ed658636ae39d4694

Analysis

max time kernel
150s
max time network
147s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
18/04/2024, 03:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f7222343e109d46c692332fb621102c7_JaffaCakes118.exe
Size

757KB
MD5

f7222343e109d46c692332fb621102c7
SHA1

b00f5c095bd426e6b9134a050bacc682ab155191
SHA256

86c311f7a2e56d5deedad7dfafab3eb0a16f10444934968ed658636ae39d4694
SHA512

e06157baca323dffeeded40ce7b225012cc973947656dc962e9c364aaba1167d61f65080b129db2921ff1163b01c17e16780ff36455823c3d00d13604716cc9c
SSDEEP

12288:gWDLGQnzIaLBuuzmhP4N/r9KRpGj3aBqpKWmsZIqKKR+v3z3ykZcjEZbce4K0037:pLGQncaLYmmZ4Nj9KRpRoUWmmKKR+Pzp

Score

7^/10

discovery persistence

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2840	msnmsgr.exe

Loads dropped DLL 64 IoCs

pid	Process
2980	f7222343e109d46c692332fb621102c7_JaffaCakes118.exe
2980	f7222343e109d46c692332fb621102c7_JaffaCakes118.exe
2840	msnmsgr.exe
2840	msnmsgr.exe
2840	msnmsgr.exe
2840	msnmsgr.exe
2840	msnmsgr.exe
2840	msnmsgr.exe
2840	msnmsgr.exe
2840	msnmsgr.exe
2840	msnmsgr.exe
2840	msnmsgr.exe
2840	msnmsgr.exe
2840	msnmsgr.exe
2840	msnmsgr.exe
2840	msnmsgr.exe
2840	msnmsgr.exe
2840	msnmsgr.exe
2840	msnmsgr.exe
2840	msnmsgr.exe
2840	msnmsgr.exe
2840	msnmsgr.exe
2840	msnmsgr.exe
2840	msnmsgr.exe
2840	msnmsgr.exe
2840	msnmsgr.exe
2840	msnmsgr.exe
2840	msnmsgr.exe
2840	msnmsgr.exe
2840	msnmsgr.exe
2840	msnmsgr.exe
2840	msnmsgr.exe
2840	msnmsgr.exe
2840	msnmsgr.exe
2840	msnmsgr.exe
2840	msnmsgr.exe
2840	msnmsgr.exe
2840	msnmsgr.exe
2840	msnmsgr.exe
2840	msnmsgr.exe
2840	msnmsgr.exe
2840	msnmsgr.exe
2840	msnmsgr.exe
2840	msnmsgr.exe
2840	msnmsgr.exe
2840	msnmsgr.exe
2840	msnmsgr.exe
2840	msnmsgr.exe
2840	msnmsgr.exe
2840	msnmsgr.exe
2840	msnmsgr.exe
2840	msnmsgr.exe
2840	msnmsgr.exe
2840	msnmsgr.exe
2840	msnmsgr.exe
2840	msnmsgr.exe
2840	msnmsgr.exe
2840	msnmsgr.exe
2840	msnmsgr.exe
2840	msnmsgr.exe
2840	msnmsgr.exe
2840	msnmsgr.exe
2840	msnmsgr.exe
2840	msnmsgr.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\WMsnMsgr = "msnmsgr.exe"	regedit.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\WMsnMsgr = "msnmsgr.exe"	regedit.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in System32 directory 36 IoCs

description	ioc	Process
File opened for modification	C:\WINDOWS\SysWOW64\server.dll	f7222343e109d46c692332fb621102c7_JaffaCakes118.exe
File opened for modification	C:\WINDOWS\SysWOW64\mirc.ini	msnmsgr.exe
File created	C:\WINDOWS\SysWOW64\demo.xt	f7222343e109d46c692332fb621102c7_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\server.dll	f7222343e109d46c692332fb621102c7_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\nHTMLn_2.95.dll	f7222343e109d46c692332fb621102c7_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\Chans.dll	f7222343e109d46c692332fb621102c7_JaffaCakes118.exe
File opened for modification	C:\WINDOWS\SysWOW64\control.ini	f7222343e109d46c692332fb621102c7_JaffaCakes118.exe
File opened for modification	C:\WINDOWS\SysWOW64\mIRC.ini	f7222343e109d46c692332fb621102c7_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\355.reg	msnmsgr.exe
File opened for modification	C:\WINDOWS\SysWOW64\Chans.dll	f7222343e109d46c692332fb621102c7_JaffaCakes118.exe
File opened for modification	C:\WINDOWS\SysWOW64\fucker.jpg	f7222343e109d46c692332fb621102c7_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\fucker.jpg	f7222343e109d46c692332fb621102c7_JaffaCakes118.exe
File opened for modification	C:\WINDOWS\SysWOW64\nHTMLn_2.95.dll	f7222343e109d46c692332fb621102c7_JaffaCakes118.exe
File opened for modification	C:\WINDOWS\SysWOW64\sysingB32.dll	f7222343e109d46c692332fb621102c7_JaffaCakes118.exe
File opened for modification	C:\WINDOWS\SysWOW64\control.ini	msnmsgr.exe
File opened for modification	C:\WINDOWS\SysWOW64\fucker.jpg	msnmsgr.exe
File opened for modification	C:\WINDOWS\SysWOW64\demo.xt	f7222343e109d46c692332fb621102c7_JaffaCakes118.exe
File opened for modification	C:\WINDOWS\SysWOW64\email.txt	f7222343e109d46c692332fb621102c7_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\1633.reg	msnmsgr.exe
File opened for modification	C:\WINDOWS\SysWOW64\1633.reg	msnmsgr.exe
File created	C:\WINDOWS\SysWOW64\win.ini	f7222343e109d46c692332fb621102c7_JaffaCakes118.exe
File opened for modification	C:\WINDOWS\SysWOW64\win.ini	f7222343e109d46c692332fb621102c7_JaffaCakes118.exe
File opened for modification	C:\WINDOWS\SysWOW64\fn.xt	f7222343e109d46c692332fb621102c7_JaffaCakes118.exe
File opened for modification	C:\WINDOWS\SysWOW64\504.reg	msnmsgr.exe
File created	C:\WINDOWS\SysWOW64\control.ini	f7222343e109d46c692332fb621102c7_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\fn.xt	f7222343e109d46c692332fb621102c7_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\Sfwwin32.dll	f7222343e109d46c692332fb621102c7_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\msnmsgr.exe	f7222343e109d46c692332fb621102c7_JaffaCakes118.exe
File opened for modification	C:\WINDOWS\SysWOW64\sysingB32.dll	msnmsgr.exe
File created	C:\WINDOWS\SysWOW64\504.reg	msnmsgr.exe
File created	C:\WINDOWS\SysWOW64\email.txt	f7222343e109d46c692332fb621102c7_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\mIRC.ini	f7222343e109d46c692332fb621102c7_JaffaCakes118.exe
File opened for modification	C:\WINDOWS\SysWOW64\msnmsgr.exe	f7222343e109d46c692332fb621102c7_JaffaCakes118.exe
File opened for modification	C:\WINDOWS\SysWOW64\355.reg	msnmsgr.exe
File opened for modification	C:\WINDOWS\SysWOW64\Sfwwin32.dll	f7222343e109d46c692332fb621102c7_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\sysingB32.dll	f7222343e109d46c692332fb621102c7_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main	regedit.exe

Modifies Internet Explorer start page 1 TTPs 1 IoCs

stealer

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\Start Page = "Http://www.startravestiler.com"	regedit.exe

Modifies registry class 40 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ChatFile\Shell\open\ddeexec\ = "%1"	msnmsgr.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ChatFile\Shell\open\ddeexec\Application	msnmsgr.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ChatFile\Shell\open\ddeexec\ifexec	msnmsgr.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.chat	msnmsgr.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ChatFile\DefaultIcon\ = "\"C:\\WINDOWS\\SysWOW64\\msnmsgr.exe\""	msnmsgr.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ChatFile\Shell	msnmsgr.exe
Key created	\REGISTRY\MACHINE\Software\Classes\irc\Shell\open\ddeexec\Application	msnmsgr.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.chat\ = "ChatFile"	msnmsgr.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ChatFile\Shell\open	msnmsgr.exe
Key created	\REGISTRY\MACHINE\Software\Classes\irc\Shell\open\ddeexec	msnmsgr.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\irc\ = "URL:IRC Protocol"	msnmsgr.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\irc\EditFlags = 02000000	msnmsgr.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ChatFile\Shell\open\command	msnmsgr.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ChatFile\Shell\open\ddeexec\ifexec\ = "%1"	msnmsgr.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ChatFile\Shell\open\ddeexec\Topic\ = "Connect"	msnmsgr.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ChatFile	msnmsgr.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ChatFile\Shell\open\command\ = "\"C:\\WINDOWS\\SysWOW64\\msnmsgr.exe\" -noconnect"	msnmsgr.exe
Key created	\REGISTRY\MACHINE\Software\Classes\irc	msnmsgr.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ChatFile\ = "Chat File"	msnmsgr.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\irc\Shell\open\command\ = "\"C:\\WINDOWS\\SysWOW64\\msnmsgr.exe\" -noconnect"	msnmsgr.exe
Key created	\REGISTRY\MACHINE\Software\Classes\irc\Shell\open\command	msnmsgr.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\irc	msnmsgr.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\irc\Shell\open	msnmsgr.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\irc\Shell\open\command	msnmsgr.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\irc\Shell\open\ddeexec\Application\ = "ms32"	msnmsgr.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.cha\ = "ChatFile"	msnmsgr.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ChatFile\Shell\open\ddeexec\Application\ = "ms32"	msnmsgr.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ChatFile\Shell\open\ddeexec\Topic	msnmsgr.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\irc\Shell\open\ddeexec\ifexec\ = "%1"	msnmsgr.exe
Key created	\REGISTRY\MACHINE\Software\Classes\irc\Shell\open\ddeexec\Topic	msnmsgr.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.cha	msnmsgr.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ChatFile\Shell\open\ddeexec	msnmsgr.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\irc\Shell\open\ddeexec\ = "%1"	msnmsgr.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\irc\DefaultIcon\ = "\"C:\\WINDOWS\\SysWOW64\\msnmsgr.exe\""	msnmsgr.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\irc\Shell	msnmsgr.exe
Key created	\REGISTRY\MACHINE\Software\Classes\irc\Shell\open\ddeexec\ifexec	msnmsgr.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\irc\Shell\open\ddeexec\Topic\ = "Connect"	msnmsgr.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ChatFile\DefaultIcon	msnmsgr.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\irc\URL Protocol	msnmsgr.exe
Key created	\REGISTRY\MACHINE\Software\Classes\irc\DefaultIcon	msnmsgr.exe

Runs .reg file with regedit 3 IoCs

pid	Process
1728	regedit.exe
2028	regedit.exe
668	regedit.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2840	msnmsgr.exe
2840	msnmsgr.exe

Suspicious use of WriteProcessMemory 28 IoCs

description	pid	Process	procid_target
PID 2980 wrote to memory of 2840	2980	f7222343e109d46c692332fb621102c7_JaffaCakes118.exe	28
PID 2980 wrote to memory of 2840	2980	f7222343e109d46c692332fb621102c7_JaffaCakes118.exe	28
PID 2980 wrote to memory of 2840	2980	f7222343e109d46c692332fb621102c7_JaffaCakes118.exe	28
PID 2980 wrote to memory of 2840	2980	f7222343e109d46c692332fb621102c7_JaffaCakes118.exe	28
PID 2980 wrote to memory of 2840	2980	f7222343e109d46c692332fb621102c7_JaffaCakes118.exe	28
PID 2980 wrote to memory of 2840	2980	f7222343e109d46c692332fb621102c7_JaffaCakes118.exe	28
PID 2980 wrote to memory of 2840	2980	f7222343e109d46c692332fb621102c7_JaffaCakes118.exe	28
PID 2840 wrote to memory of 1728	2840	msnmsgr.exe	29
PID 2840 wrote to memory of 1728	2840	msnmsgr.exe	29
PID 2840 wrote to memory of 1728	2840	msnmsgr.exe	29
PID 2840 wrote to memory of 1728	2840	msnmsgr.exe	29
PID 2840 wrote to memory of 1728	2840	msnmsgr.exe	29
PID 2840 wrote to memory of 1728	2840	msnmsgr.exe	29
PID 2840 wrote to memory of 1728	2840	msnmsgr.exe	29
PID 2840 wrote to memory of 2028	2840	msnmsgr.exe	30
PID 2840 wrote to memory of 2028	2840	msnmsgr.exe	30
PID 2840 wrote to memory of 2028	2840	msnmsgr.exe	30
PID 2840 wrote to memory of 2028	2840	msnmsgr.exe	30
PID 2840 wrote to memory of 2028	2840	msnmsgr.exe	30
PID 2840 wrote to memory of 2028	2840	msnmsgr.exe	30
PID 2840 wrote to memory of 2028	2840	msnmsgr.exe	30
PID 2840 wrote to memory of 668	2840	msnmsgr.exe	31
PID 2840 wrote to memory of 668	2840	msnmsgr.exe	31
PID 2840 wrote to memory of 668	2840	msnmsgr.exe	31
PID 2840 wrote to memory of 668	2840	msnmsgr.exe	31
PID 2840 wrote to memory of 668	2840	msnmsgr.exe	31
PID 2840 wrote to memory of 668	2840	msnmsgr.exe	31
PID 2840 wrote to memory of 668	2840	msnmsgr.exe	31

C:\Users\Admin\AppData\Local\Temp\f7222343e109d46c692332fb621102c7_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\f7222343e109d46c692332fb621102c7_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:2980
- C:\WINDOWS\SysWOW64\msnmsgr.exe
  "C:\WINDOWS\system32\msnmsgr.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in System32 directory
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2840
- - C:\Windows\SysWOW64\regedit.exe
    "C:\Windows\SysWOW64\regedit.exe" /s 504.reg
    3⤵
    - Adds Run key to start application
    - Runs .reg file with regedit
    PID:1728
- - C:\Windows\SysWOW64\regedit.exe
    "C:\Windows\SysWOW64\regedit.exe" /s 1633.reg
    3⤵
    - Adds Run key to start application
    - Runs .reg file with regedit
    PID:2028
- - C:\Windows\SysWOW64\regedit.exe
    "C:\Windows\SysWOW64\regedit.exe" /s 355.reg
    3⤵
    - Modifies Internet Explorer settings
    - Modifies Internet Explorer start page
    - Runs .reg file with regedit
    PID:668

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\WINDOWS\SysWOW64\Sfwwin32.dll

Filesize
40KB

MD5
a85a6f809b5500adf9f163f60cbd9b25

SHA1
9b81d20e5ffbf9bae4bb95595579b29a282dab0f

SHA256
c67eaf1e75d7ba92ed2031010601774e02b0b2823042d7ea43d8ea582b46dd59

SHA512
032ea5e84b4690ad00c68fe85994496c149caab822ffc3cd00391a64e7e68d17df897010a1065db7dd804fc97a24058382345a15aea90941921ac035b2c1ce0d

Download Submit
C:\WINDOWS\SysWOW64\control.ini

Filesize
182B

MD5
41021fe4f3e28ddfe38a745665013fb8

SHA1
db53f6959b2211accde83a83e078219fa9c634bd

SHA256
cf306028f30ccee400a626850641755d565aba499caf0c2259c214fdcaf1770d

SHA512
e6a4b5ce390788011f8c8ec32ee455e2a979f125c460354c94c106a68ce1a10e165914914ed5280d2dfd2df57c0a7d9949227d4fe2b2fd33837d2b9529e724fc

Download Submit
C:\WINDOWS\SysWOW64\fn.xt

Filesize
16KB

MD5
d97951c75b1bdc6b4e9c934b5f3ab633

SHA1
ef07e34cf657f61e4ff97990c1f81c847c917c93

SHA256
42a21fc014d1abed68d0a9f3f303c7eea7a8029a2265245fb63f95d0e4d4e6bc

SHA512
dbe5bb142fedd61821cb21b72084a34cd49b5a2aa4f4a052e343c56271d1b7b240c1d203b605a0727708c62ad8b7c48c4d571f29d1414d9b8bd1ee1976649e9c

Download Submit
C:\WINDOWS\SysWOW64\fucker.jpg

Filesize
30KB

MD5
8133d21f449e680e9c621fbd30f61d4a

SHA1
a38b710d6548992c430f3275f024c7b507ad00cc

SHA256
2bc5fc82ce55988324739040b5904e54deddd71c7775a10412e296f554739565

SHA512
6391eb26edc00b38ab0745a3ee40f5ae2cacad7d2712dfca90aebf73ad719c875a450d841ee0be5dbe0eaec48851cfa1b328a2491c894f34d33278f24b86bc8b

Download Submit
C:\WINDOWS\SysWOW64\mirc.ini

Filesize
4KB

MD5
3dd94250b0d0a7958d698a662c584a99

SHA1
0124afbd708fa0bc8db364d28393bf0e8e690f60

SHA256
99ffff0ec3356893fbca7d655ab6b14174e7e12b1e32cfd811cc71894abee3d1

SHA512
ba91b499fb20547aad4f2f5a461f60fe1eebce5d6640b27d2a87c6b9fa3a5b394037032b648ff754f2d32936a3c561faa0c0c698f86489aa48bade151dbe2c69

Download Submit
C:\WINDOWS\SysWOW64\sysingB32.dll

Filesize
252B

MD5
8482d4e78fe1fe10bc0b223e50c13e35

SHA1
fc23e2ed0096492d97a44bb7dd73f4890f089473

SHA256
e237af5308217e9c7ffd26aee3b1e6c7eb318f1420480be7e22bed1df680c235

SHA512
b46c33bb9444b0a8217340e9b660554fc6b794807f852f29d239da96f5e04c583923eb8ba1b4d3883e169c87bf50957159f0b1dcbfd926404b48b7d2a4b374a8

Download Submit
C:\Windows\SysWOW64\1633.reg

Filesize
104B

MD5
ecfb3df6517a6c72e7c69a20c078aa23

SHA1
c58d4e6985972a54415fa020da99ef6dd5f906fd

SHA256
4bf0534c951000e6523f65f62d4b22fd82b3ccdfe2e6c96712981c48d2c05b87

SHA512
24dd795705756e3a0f1ceb60b76a3dd5bf59df7a3c7c57d23debbec3096b47403146d1b90e8f37f0a977e17b1107c2f610802d2a8d3befc12a4a96b28f019d86

Download Submit
C:\Windows\SysWOW64\355.reg

Filesize
120B

MD5
af72950ed6eba3c502add78de989740d

SHA1
1c7a67a84ee1f04fa4d72fa971e9872c0506bbaa

SHA256
e919574075ab1d1cc4548d81daebed59f13c94054ba822baad9fd837f0abd7f7

SHA512
976ef8a6271eae3db3c55d27c352f9554eb1ed41bcc1ec0b9f4a672b7be59e86570ef4f1c19bc182860019ae43087c4bfb3e5cc3856e30deaa5eec0d71b4cda8

Download Submit
C:\Windows\SysWOW64\mIRC.ini

Filesize
4KB

MD5
55c48c87ecfdb35f6995cf32c160c299

SHA1
5b687399267f56f369b7c553b64bc557e2c8cd5b

SHA256
36fc2f6fe30793ee8a58dd931e5577c0287ce37070d5255fecdb5639788974bb

SHA512
afcd1bab99822830038d5e952472ad05499d180a120a3c1be1849cf57ba24d305cc86764938165d35063993de2783280b154bea913e2acb7a497140afd3d2f55

Download Submit
C:\Windows\SysWOW64\mIRC.ini

Filesize
4KB

MD5
612ea199805d5c484fddacc5f1f4fbf2

SHA1
e61ad7726e35bbedd5648cce4269a96b16c3b3a9

SHA256
fa8938423f1788b35393f2cd32813b8cf98baf4fd4954157d9d632181e0263c9

SHA512
7570d21321c16c409d98d066c2c209e3825bb4e114afc036a7ba6eb39c2a716ce7f573ab490d32b25fb18cba5f4648a4a0555077362116ab248911c8ea5ae27e

Download Submit
C:\Windows\SysWOW64\mIRC.ini

Filesize
4KB

MD5
c2428de706379ac63748da928361b5da

SHA1
ffed84ce4a5e1e4633e9ee74377fa307b3a096eb

SHA256
e52bcb095627a0d08e11ee5da263a16552deceb3fa897731eed2a6b90de9e715

SHA512
bfe0a035949f91301a9e59d390b6630f16a584ed274e0d58a39b357b434f32883ddf632ba5e9aaaa0f838967e2e42625f4d5c5cd376b7cd52e7893d1a94dcb1e

Download Submit
\Windows\SysWOW64\msnmsgr.exe

Filesize
1.7MB

MD5
a35434c25fb2ed3ba36a016c03cb636c

SHA1
b4e8103b52abcc8dcd9d2b058e9ef105efe508cc

SHA256
ab82804245f39b3e57674c48cc0cbb2ef2dac657fc60b258e63a46193eb66312

SHA512
8173a914186f36067a7eeeaabba2f6311889b945cae13fac70e0151abcd141b47e3d74bf6f2b653efa93b1cb208018a22d239ca7452fe5b848a666a5c30c69d8

Download Submit
memory/2840-238-0x0000000000400000-0x00000000005CE000-memory.dmp

Filesize
1.8MB

Download
memory/2840-286-0x0000000000400000-0x00000000005CE000-memory.dmp

Filesize
1.8MB

Download
memory/2840-317-0x0000000000400000-0x00000000005CE000-memory.dmp

Filesize
1.8MB

Download
memory/2840-253-0x0000000000400000-0x00000000005CE000-memory.dmp

Filesize
1.8MB

Download
memory/2840-262-0x0000000000400000-0x00000000005CE000-memory.dmp

Filesize
1.8MB

Download
memory/2840-270-0x0000000000400000-0x00000000005CE000-memory.dmp

Filesize
1.8MB

Download
memory/2840-277-0x0000000000400000-0x00000000005CE000-memory.dmp

Filesize
1.8MB

Download
memory/2840-246-0x0000000000400000-0x00000000005CE000-memory.dmp

Filesize
1.8MB

Download
memory/2840-294-0x0000000000400000-0x00000000005CE000-memory.dmp

Filesize
1.8MB

Download
memory/2840-300-0x0000000000400000-0x00000000005CE000-memory.dmp

Filesize
1.8MB

Download
memory/2840-305-0x0000000000400000-0x00000000005CE000-memory.dmp

Filesize
1.8MB

Download
memory/2840-308-0x0000000000400000-0x00000000005CE000-memory.dmp

Filesize
1.8MB

Download
memory/2840-311-0x0000000000400000-0x00000000005CE000-memory.dmp

Filesize
1.8MB

Download
memory/2840-314-0x0000000000400000-0x00000000005CE000-memory.dmp

Filesize
1.8MB

Download
memory/2980-34-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads