xmrig | bd294ba97df1e8c9247c9ea32e86597830b1439aad232bc1d6235aa28dcece7d

Analysis

max time kernel
60s
max time network
62s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
26/04/2024, 08:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

006443de5a2f603575da9b84b28082c6_JaffaCakes118.exe
Size

2.3MB
MD5

006443de5a2f603575da9b84b28082c6
SHA1

d1fd71f0dde93e8ff8d112864f9fe3d8bddabd3e
SHA256

bd294ba97df1e8c9247c9ea32e86597830b1439aad232bc1d6235aa28dcece7d
SHA512

ac7dac468c003cd02a04f61101be4aeed02a738ef6d5f80cae5f30cb141c3396e03df1ddd87a22f585d75b8037939d4f516c425ad331a77f00ba7e7cf0bb2041
SSDEEP

49152:Lz071uv4BPMkibTIA5lCx7kvRWa4pCkc30JqMopiqEH:NABz

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 10 IoCs

miner

resource	yara_rule
behavioral1/memory/2548-13-0x000000013FAC0000-0x000000013FEB2000-memory.dmp	xmrig
behavioral1/memory/2636-239-0x000000013FD10000-0x0000000140102000-memory.dmp	xmrig
behavioral1/memory/2568-244-0x000000013F1C0000-0x000000013F5B2000-memory.dmp	xmrig
behavioral1/memory/2952-246-0x000000013F8A0000-0x000000013FC92000-memory.dmp	xmrig
behavioral1/memory/2436-247-0x000000013F500000-0x000000013F8F2000-memory.dmp	xmrig
behavioral1/memory/2660-251-0x000000013F4E0000-0x000000013F8D2000-memory.dmp	xmrig
behavioral1/memory/2440-254-0x000000013F440000-0x000000013F832000-memory.dmp	xmrig
behavioral1/memory/2956-256-0x000000013F330000-0x000000013F722000-memory.dmp	xmrig
behavioral1/memory/2508-262-0x000000013F2F0000-0x000000013F6E2000-memory.dmp	xmrig
behavioral1/memory/1784-268-0x000000013FF30000-0x0000000140322000-memory.dmp	xmrig

UPX packed file 38 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x000a00000001418d-3.dat	upx
behavioral1/memory/1968-2-0x000000013FE60000-0x0000000140252000-memory.dmp	upx
behavioral1/memory/2548-13-0x000000013FAC0000-0x000000013FEB2000-memory.dmp	upx
behavioral1/files/0x001400000000549e-22.dat	upx
behavioral1/files/0x0008000000016c7a-23.dat	upx
behavioral1/files/0x0007000000016cc9-30.dat	upx
behavioral1/files/0x0009000000016ced-39.dat	upx
behavioral1/files/0x0006000000017060-50.dat	upx
behavioral1/files/0x0007000000016cab-35.dat	upx
behavioral1/files/0x0006000000017384-60.dat	upx
behavioral1/files/0x0006000000017185-64.dat	upx
behavioral1/files/0x0007000000016cf5-42.dat	upx
behavioral1/files/0x0031000000018649-88.dat	upx
behavioral1/files/0x0005000000019260-133.dat	upx
behavioral1/files/0x0009000000018648-156.dat	upx
behavioral1/files/0x000500000001938d-165.dat	upx
behavioral1/files/0x0005000000019316-164.dat	upx
behavioral1/files/0x0005000000019250-163.dat	upx
behavioral1/files/0x000500000001922d-162.dat	upx
behavioral1/files/0x000500000001876e-161.dat	upx
behavioral1/files/0x0005000000018756-160.dat	upx
behavioral1/files/0x00050000000186dd-159.dat	upx
behavioral1/files/0x00050000000186c4-158.dat	upx
behavioral1/files/0x000500000001865b-157.dat	upx
behavioral1/files/0x00050000000193a1-145.dat	upx
behavioral1/files/0x0005000000019383-139.dat	upx
behavioral1/files/0x0006000000017474-153.dat	upx
behavioral1/files/0x0006000000017458-151.dat	upx
behavioral1/files/0x00050000000193e7-148.dat	upx
behavioral1/memory/2636-239-0x000000013FD10000-0x0000000140102000-memory.dmp	upx
behavioral1/memory/2568-244-0x000000013F1C0000-0x000000013F5B2000-memory.dmp	upx
behavioral1/memory/2952-246-0x000000013F8A0000-0x000000013FC92000-memory.dmp	upx
behavioral1/memory/2436-247-0x000000013F500000-0x000000013F8F2000-memory.dmp	upx
behavioral1/memory/2660-251-0x000000013F4E0000-0x000000013F8D2000-memory.dmp	upx
behavioral1/memory/2440-254-0x000000013F440000-0x000000013F832000-memory.dmp	upx
behavioral1/memory/2956-256-0x000000013F330000-0x000000013F722000-memory.dmp	upx
behavioral1/memory/2508-262-0x000000013F2F0000-0x000000013F6E2000-memory.dmp	upx
behavioral1/memory/1784-268-0x000000013FF30000-0x0000000140322000-memory.dmp	upx

C:\Users\Admin\AppData\Local\Temp\006443de5a2f603575da9b84b28082c6_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\006443de5a2f603575da9b84b28082c6_JaffaCakes118.exe"
1⤵
PID:1968
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  PID:2980
- C:\Windows\System\ZNnWGoE.exe
  C:\Windows\System\ZNnWGoE.exe
  2⤵
  PID:2548
- C:\Windows\System\KJQRXBO.exe
  C:\Windows\System\KJQRXBO.exe
  2⤵
  PID:2636
- C:\Windows\System\HejfZdI.exe
  C:\Windows\System\HejfZdI.exe
  2⤵
  PID:2568
- C:\Windows\System\FsnWrRW.exe
  C:\Windows\System\FsnWrRW.exe
  2⤵
  PID:2440
- C:\Windows\System\uTekraz.exe
  C:\Windows\System\uTekraz.exe
  2⤵
  PID:2992
- C:\Windows\System\qwfMDaD.exe
  C:\Windows\System\qwfMDaD.exe
  2⤵
  PID:2956
- C:\Windows\System\jTPyGed.exe
  C:\Windows\System\jTPyGed.exe
  2⤵
  PID:1784
- C:\Windows\System\cIrHhVU.exe
  C:\Windows\System\cIrHhVU.exe
  2⤵
  PID:2508
- C:\Windows\System\hhhrUwX.exe
  C:\Windows\System\hhhrUwX.exe
  2⤵
  PID:1468
- C:\Windows\System\leGOfEj.exe
  C:\Windows\System\leGOfEj.exe
  2⤵
  PID:780
- C:\Windows\System\klIXwmJ.exe
  C:\Windows\System\klIXwmJ.exe
  2⤵
  PID:820
- C:\Windows\System\qrCadkn.exe
  C:\Windows\System\qrCadkn.exe
  2⤵
  PID:280
- C:\Windows\System\BDAOWmw.exe
  C:\Windows\System\BDAOWmw.exe
  2⤵
  PID:1224
- C:\Windows\System\GrlOXhx.exe
  C:\Windows\System\GrlOXhx.exe
  2⤵
  PID:2132
- C:\Windows\System\tVCbRlk.exe
  C:\Windows\System\tVCbRlk.exe
  2⤵
  PID:1476
- C:\Windows\System\iQniihu.exe
  C:\Windows\System\iQniihu.exe
  2⤵
  PID:2936
- C:\Windows\System\EZSShdR.exe
  C:\Windows\System\EZSShdR.exe
  2⤵
  PID:2820
- C:\Windows\System\eghbvkj.exe
  C:\Windows\System\eghbvkj.exe
  2⤵
  PID:1544
- C:\Windows\System\yqRABYc.exe
  C:\Windows\System\yqRABYc.exe
  2⤵
  PID:2500
- C:\Windows\System\EVzRKUM.exe
  C:\Windows\System\EVzRKUM.exe
  2⤵
  PID:2560
- C:\Windows\System\QlHMmMm.exe
  C:\Windows\System\QlHMmMm.exe
  2⤵
  PID:2580
- C:\Windows\System\hyjSLAS.exe
  C:\Windows\System\hyjSLAS.exe
  2⤵
  PID:2520
- C:\Windows\System\EGDHCdO.exe
  C:\Windows\System\EGDHCdO.exe
  2⤵
  PID:2428
- C:\Windows\System\WosPvWP.exe
  C:\Windows\System\WosPvWP.exe
  2⤵
  PID:2704
- C:\Windows\System\NHstaUV.exe
  C:\Windows\System\NHstaUV.exe
  2⤵
  PID:1872
- C:\Windows\System\KkovdYi.exe
  C:\Windows\System\KkovdYi.exe
  2⤵
  PID:4124
- C:\Windows\System\SOEECkL.exe
  C:\Windows\System\SOEECkL.exe
  2⤵
  PID:4140
- C:\Windows\System\uwkDRXm.exe
  C:\Windows\System\uwkDRXm.exe
  2⤵
  PID:4160
- C:\Windows\System\drvCmbo.exe
  C:\Windows\System\drvCmbo.exe
  2⤵
  PID:4176
- C:\Windows\System\cCIfWdT.exe
  C:\Windows\System\cCIfWdT.exe
  2⤵
  PID:4192
- C:\Windows\System\EzIyxWD.exe
  C:\Windows\System\EzIyxWD.exe
  2⤵
  PID:4208
- C:\Windows\System\GhSRyNV.exe
  C:\Windows\System\GhSRyNV.exe
  2⤵
  PID:4224
- C:\Windows\System\UYgriiw.exe
  C:\Windows\System\UYgriiw.exe
  2⤵
  PID:4240
- C:\Windows\System\ELvIECX.exe
  C:\Windows\System\ELvIECX.exe
  2⤵
  PID:4256
- C:\Windows\System\jxXMyQw.exe
  C:\Windows\System\jxXMyQw.exe
  2⤵
  PID:4272
- C:\Windows\System\NlFWYdH.exe
  C:\Windows\System\NlFWYdH.exe
  2⤵
  PID:4660
- C:\Windows\System\WbPFJbD.exe
  C:\Windows\System\WbPFJbD.exe
  2⤵
  PID:3600
- C:\Windows\System\UDligGO.exe
  C:\Windows\System\UDligGO.exe
  2⤵
  PID:3696
- C:\Windows\System\NLjevvM.exe
  C:\Windows\System\NLjevvM.exe
  2⤵
  PID:3860
- C:\Windows\System\UJcqCet.exe
  C:\Windows\System\UJcqCet.exe
  2⤵
  PID:584
- C:\Windows\System\oiWlvOv.exe
  C:\Windows\System\oiWlvOv.exe
  2⤵
  PID:4512
- C:\Windows\System\ARNOzpo.exe
  C:\Windows\System\ARNOzpo.exe
  2⤵
  PID:4528
- C:\Windows\System\nGgRHpq.exe
  C:\Windows\System\nGgRHpq.exe
  2⤵
  PID:4872
- C:\Windows\System\PIZqwhH.exe
  C:\Windows\System\PIZqwhH.exe
  2⤵
  PID:4996
- C:\Windows\System\ycwtBiO.exe
  C:\Windows\System\ycwtBiO.exe
  2⤵
  PID:5092
- C:\Windows\System\VzAfrWp.exe
  C:\Windows\System\VzAfrWp.exe
  2⤵
  PID:3500
- C:\Windows\System\dTIHgrf.exe
  C:\Windows\System\dTIHgrf.exe
  2⤵
  PID:4708
- C:\Windows\System\gWFDedt.exe
  C:\Windows\System\gWFDedt.exe
  2⤵
  PID:4360
- C:\Windows\System\tScpxht.exe
  C:\Windows\System\tScpxht.exe
  2⤵
  PID:4412
- C:\Windows\System\SaMFJtb.exe
  C:\Windows\System\SaMFJtb.exe
  2⤵
  PID:4536
- C:\Windows\System\APghqeo.exe
  C:\Windows\System\APghqeo.exe
  2⤵
  PID:4592
- C:\Windows\System\LSLELVC.exe
  C:\Windows\System\LSLELVC.exe
  2⤵
  PID:4644
- C:\Windows\System\HfdrLPy.exe
  C:\Windows\System\HfdrLPy.exe
  2⤵
  PID:2532
- C:\Windows\System\sQqVykp.exe
  C:\Windows\System\sQqVykp.exe
  2⤵
  PID:3584
- C:\Windows\System\tysKeOJ.exe
  C:\Windows\System\tysKeOJ.exe
  2⤵
  PID:3568
- C:\Windows\System\QcwdcjV.exe
  C:\Windows\System\QcwdcjV.exe
  2⤵
  PID:5920
- C:\Windows\System\ETguTMB.exe
  C:\Windows\System\ETguTMB.exe
  2⤵
  PID:5936
- C:\Windows\System\FQelvyE.exe
  C:\Windows\System\FQelvyE.exe
  2⤵
  PID:6020
- C:\Windows\System\XGtOzrG.exe
  C:\Windows\System\XGtOzrG.exe
  2⤵
  PID:5340
- C:\Windows\System\oOcgSfC.exe
  C:\Windows\System\oOcgSfC.exe
  2⤵
  PID:4564
- C:\Windows\System\spNfzZG.exe
  C:\Windows\System\spNfzZG.exe
  2⤵
  PID:5768
- C:\Windows\System\PHUfQeC.exe
  C:\Windows\System\PHUfQeC.exe
  2⤵
  PID:5564
- C:\Windows\System\wMutcFs.exe
  C:\Windows\System\wMutcFs.exe
  2⤵
  PID:5996
- C:\Windows\System\VZoxGFj.exe
  C:\Windows\System\VZoxGFj.exe
  2⤵
  PID:6000
- C:\Windows\System\jzufmYs.exe
  C:\Windows\System\jzufmYs.exe
  2⤵
  PID:6064
- C:\Windows\System\RlNIVRG.exe
  C:\Windows\System\RlNIVRG.exe
  2⤵
  PID:6128
- C:\Windows\System\pcnaBkE.exe
  C:\Windows\System\pcnaBkE.exe
  2⤵
  PID:5204
- C:\Windows\System\OsbwbRi.exe
  C:\Windows\System\OsbwbRi.exe
  2⤵
  PID:5836
- C:\Windows\System\FSAwlNx.exe
  C:\Windows\System\FSAwlNx.exe
  2⤵
  PID:5944
- C:\Windows\System\tRhuhsn.exe
  C:\Windows\System\tRhuhsn.exe
  2⤵
  PID:5740
- C:\Windows\System\NPSnHjW.exe
  C:\Windows\System\NPSnHjW.exe
  2⤵
  PID:5500
- C:\Windows\System\DZTHZCs.exe
  C:\Windows\System\DZTHZCs.exe
  2⤵
  PID:5880
- C:\Windows\System\whJMGQo.exe
  C:\Windows\System\whJMGQo.exe
  2⤵
  PID:4932
- C:\Windows\System\kWsxvCu.exe
  C:\Windows\System\kWsxvCu.exe
  2⤵
  PID:5156
- C:\Windows\System\bHhovIl.exe
  C:\Windows\System\bHhovIl.exe
  2⤵
  PID:5896
- C:\Windows\System\OjgSUDe.exe
  C:\Windows\System\OjgSUDe.exe
  2⤵
  PID:6380
- C:\Windows\System\iVlOeEs.exe
  C:\Windows\System\iVlOeEs.exe
  2⤵
  PID:6396
- C:\Windows\System\wdHAJlU.exe
  C:\Windows\System\wdHAJlU.exe
  2⤵
  PID:6788
- C:\Windows\System\CVTPKnM.exe
  C:\Windows\System\CVTPKnM.exe
  2⤵
  PID:7260
- C:\Windows\System\zvUnJNZ.exe
  C:\Windows\System\zvUnJNZ.exe
  2⤵
  PID:7584
- C:\Windows\System\UfvFqUl.exe
  C:\Windows\System\UfvFqUl.exe
  2⤵
  PID:7600
- C:\Windows\System\JYUwIlq.exe
  C:\Windows\System\JYUwIlq.exe
  2⤵
  PID:7940
- C:\Windows\System\kZUVkkw.exe
  C:\Windows\System\kZUVkkw.exe
  2⤵
  PID:6472
- C:\Windows\System\PWOMZzQ.exe
  C:\Windows\System\PWOMZzQ.exe
  2⤵
  PID:6704
- C:\Windows\System\ILMBoeZ.exe
  C:\Windows\System\ILMBoeZ.exe
  2⤵
  PID:7192
- C:\Windows\System\SQkxRiH.exe
  C:\Windows\System\SQkxRiH.exe
  2⤵
  PID:8180
- C:\Windows\System\JmPkFNg.exe
  C:\Windows\System\JmPkFNg.exe
  2⤵
  PID:6908
- C:\Windows\System\pGUmBfF.exe
  C:\Windows\System\pGUmBfF.exe
  2⤵
  PID:2700
- C:\Windows\System\RXkgmSZ.exe
  C:\Windows\System\RXkgmSZ.exe
  2⤵
  PID:7756
- C:\Windows\System\JKJUFdk.exe
  C:\Windows\System\JKJUFdk.exe
  2⤵
  PID:8760
- C:\Windows\System\DGueDbR.exe
  C:\Windows\System\DGueDbR.exe
  2⤵
  PID:9068
- C:\Windows\System\ZVeqgJr.exe
  C:\Windows\System\ZVeqgJr.exe
  2⤵
  PID:9084
- C:\Windows\System\xJdIrYo.exe
  C:\Windows\System\xJdIrYo.exe
  2⤵
  PID:9100
- C:\Windows\System\wJVrSYa.exe
  C:\Windows\System\wJVrSYa.exe
  2⤵
  PID:8396
- C:\Windows\System\CervRQM.exe
  C:\Windows\System\CervRQM.exe
  2⤵
  PID:8460
- C:\Windows\System\YhfnnZX.exe
  C:\Windows\System\YhfnnZX.exe
  2⤵
  PID:9048
- C:\Windows\System\taAjPUy.exe
  C:\Windows\System\taAjPUy.exe
  2⤵
  PID:8528
- C:\Windows\System\gqhNHKN.exe
  C:\Windows\System\gqhNHKN.exe
  2⤵
  PID:10116
- C:\Windows\System\xGAUvHz.exe
  C:\Windows\System\xGAUvHz.exe
  2⤵
  PID:11188
- C:\Windows\System\WkbxgLj.exe
  C:\Windows\System\WkbxgLj.exe
  2⤵
  PID:11204
- C:\Windows\System\JnzlMOF.exe
  C:\Windows\System\JnzlMOF.exe
  2⤵
  PID:10840
- C:\Windows\System\rllsOob.exe
  C:\Windows\System\rllsOob.exe
  2⤵
  PID:11100
- C:\Windows\System\yCsJvnU.exe
  C:\Windows\System\yCsJvnU.exe
  2⤵
  PID:9876
- C:\Windows\System\OlSGXfD.exe
  C:\Windows\System\OlSGXfD.exe
  2⤵
  PID:10244
- C:\Windows\System\TKBvMei.exe
  C:\Windows\System\TKBvMei.exe
  2⤵
  PID:9780
- C:\Windows\System\fGwWpkq.exe
  C:\Windows\System\fGwWpkq.exe
  2⤵
  PID:9988
- C:\Windows\System\hjWbuYW.exe
  C:\Windows\System\hjWbuYW.exe
  2⤵
  PID:7744
- C:\Windows\System\mNkkXfJ.exe
  C:\Windows\System\mNkkXfJ.exe
  2⤵
  PID:12392
- C:\Windows\System\DcuOPbe.exe
  C:\Windows\System\DcuOPbe.exe
  2⤵
  PID:13152
- C:\Windows\System\dQEYwbv.exe
  C:\Windows\System\dQEYwbv.exe
  2⤵
  PID:13308
- C:\Windows\System\SJuaJwQ.exe
  C:\Windows\System\SJuaJwQ.exe
  2⤵
  PID:13400
- C:\Windows\System\BFtOPRI.exe
  C:\Windows\System\BFtOPRI.exe
  2⤵
  PID:13684
- C:\Windows\System\uXPuKVw.exe
  C:\Windows\System\uXPuKVw.exe
  2⤵
  PID:14168
- C:\Windows\System\bhXExiK.exe
  C:\Windows\System\bhXExiK.exe
  2⤵
  PID:14184

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\CBjSJaY.exe

Filesize
2.3MB

MD5
7201f63e6b27b6dedcbcbef6778eccb5

SHA1
7957393c8254a115fa83ff47f217288458470ede

SHA256
0c2f82e52e41205f4bcf95fa624a478dba2ec5a3a1131457abaec803a378a6c3

SHA512
5fa4879e4b6926ad7cdb43975fe95f8696754a42c7e8605795f7b741933da6dafb67da15cb04eb1f1e2f4a2c6d95980c57993b16a7a51460a2c2c041723367ab

Download Submit
C:\Windows\system\EqeUiuB.exe

Filesize
2.3MB

MD5
cd426d9c7e85e6afa671ac406245bd37

SHA1
14da5fbbede400843a18799826cc62bd28159e65

SHA256
e857ee8b926ee119ebfc2d475db620b3e08e9ba900a501eb82fed1c352ee7fdf

SHA512
e78883ed11a63b7b3f201cac9bfa7bc02cbd217fcc79f293b46a8a0b593fac578d023832564e21119729d21990df3d78f6496072bac2207aab985c33d8681667

Download Submit
C:\Windows\system\FcOhgba.exe

Filesize
2.3MB

MD5
d794491bdb74e06dbf0e63b4f8bfe5c9

SHA1
b05c819b4f5b94b96992ea529d8a5add5c85c465

SHA256
09fd18c4db1c07066b0d6ef3a76b0b748fcf71d7bef3ba0f529b59094e84b8cb

SHA512
3211dd5b2fbf1b754d6e08ceae5b18a064c308afa340f2ef81803c8d55211bf355b3c691b263c64c11f3541bb7864b20ed9b313ffa43e829be34b8b586cf99c5

Download Submit
C:\Windows\system\HejfZdI.exe

Filesize
2.3MB

MD5
43d8ec4e4befe8a2dc85fe69d713abdd

SHA1
b3a4b2f69345e57333bf166f6ba0402a31123171

SHA256
370bdb6fbac091646ef6a4e5fbe727b1e78f851fe60d040f057042412e1cf071

SHA512
92130c598a2974a37b8b2129af35170fbdf5d5edd32f838b074d823a266c4551568b4eee6b67a117ae291a6d72d07bf49da1f2a8d3cbe87ab0813c60e010e5d9

Download Submit
C:\Windows\system\HvygBUF.exe

Filesize
2.3MB

MD5
95760e865e9019a2fb83746db35220c9

SHA1
6729ed12e297da437abf13efa896dd5a8cba2196

SHA256
c4bf9d4f744c784717121bdf89c7530a3b40b6cf3dee536ebb76f15036e7676c

SHA512
93ad0d6614bf7501e6dd44846c70d8860c7d7e6a082bc859cc5c9febaff555c0bd540aecc021ef042a191d0f5e07d18dc1a866c87cb2bd462dd47ff9605bee05

Download Submit
C:\Windows\system\UTUjNjj.exe

Filesize
2.3MB

MD5
deab621d39e12c4a4dc9bcc1d45e4eee

SHA1
aab643d075efc6d657f6aa51a69fa7c2d5661b30

SHA256
43a183951af1598a9fac45d6abc9b4722d984e0865abdd65b5a3b0436025741e

SHA512
80a2381870ede30f876769e23513657fa2313095b652ed9cd9eab4160a05b569230d40f46e8e9ada2d7bf11cc8203122fd78d207a2db87a8e5c461e78566711f

Download Submit
C:\Windows\system\hhhrUwX.exe

Filesize
2.3MB

MD5
9b407c35617247337e52aaf38e060977

SHA1
71c563261eba0318441e9a4dae61af8387102a1b

SHA256
4f6f4275454529922e4b396c3a883b156bcbc0ed6a3518f8e5ba311fffdd895b

SHA512
2bd4b645db53c1372eeb71874d0d9f1fd812fa12a4f00905b629bd6ad17687ab2db5640b48fa09c01d09e58f733cf755fa99f4e12d80b0da76aff62d05799088

Download Submit
C:\Windows\system\iHUSBTP.exe

Filesize
2.3MB

MD5
3d72236cfb5dd46baf99bae17a40212c

SHA1
0386c4321418cce7e926c1d62ffd178d4a780319

SHA256
b8c3600b22424372a775e2cf7f242c7b4c0a4fd006e161701678d62bd1e83540

SHA512
c33463172bb0e9f05c8dcd5570a5ecd625018fe9c5a67acc5a52bfc14fd30964cb9c3cc5f4b63d6420c21f56e5cbb0a69ae1059efddb6a417d095e77a0f94547

Download Submit
C:\Windows\system\jQWfGjK.exe

Filesize
2.3MB

MD5
7d6f00b88a763830bd5f0a73088a3273

SHA1
a6ee034d73b540544d4f19d9445aac555774fd7f

SHA256
f1f36f752ec852a4d620e4be93fc585a92b6d55b906fe3980db3dc1795c383a0

SHA512
10a390b115bb7ee67089fd54f8bc1e4ba12c44314ef5c5e9381109e9179ebac0beb911594952a74cd7aa86e959a4ab1c07c45fb3a717e705880a2ba358387701

Download Submit
C:\Windows\system\jTPyGed.exe

Filesize
2.3MB

MD5
c5e8a28dad8e53ce274558a2b28003c8

SHA1
51a2f69d28bde599ad25f10c2b7ce732ab9f2f62

SHA256
872afaa79e78245634b38e733987eb5c7cad00cccb7b183d0245541fe320f939

SHA512
14d90142330147d16a965f602f23f5f514050bd07e76caed1edf68936af637fcba3d81d7753455ca63a264c076200a87e4b22fca7cb58ba9f5d830328d6adf13

Download Submit
C:\Windows\system\qlCjJtn.exe

Filesize
2.3MB

MD5
ac5cdffefa408a1281db66f2551c3daa

SHA1
0ed02c6ff4358b33ce41a733a1405624dd17c63a

SHA256
2dbae7ae3485d8d6515c3818bb1c700cfa38324e852a018e642db4149ab6f305

SHA512
f83fd8b25a31eb7910ea129cee0f2a3cc713dcf3ac180912d1639b96a2fb1ab52ce6a0ee5b34978ff383daaeaa9cc6eafe69d90472bd4f79b453c08e363071b1

Download Submit
C:\Windows\system\qwfMDaD.exe

Filesize
2.3MB

MD5
b088a3fb3491488ab9bdce61cac3fbc5

SHA1
14ac6bda9fe85cf65995e406353fa932c97cfcfd

SHA256
941ba15c37cae05a9e2299ab09c024bce1408894c95c7e4f49e1cd3ffb32be26

SHA512
9112ab8e3cb9d9123a013e5daa9915218dd516aab16b726243d1c0c5533ab6aa77fd8530758afccb4ac7dde4db48fd3b1c46e1bfc288bc76403c0c08ba4db5ff

Download Submit
C:\Windows\system\qyvAiHC.exe

Filesize
2.3MB

MD5
7c4e5dff4ceda708df4e90c1cd571726

SHA1
49e7ef25978062168fd6b3af4d1a4ee3496e7de5

SHA256
8958410570995a1c8624209bf00f286d31181160dbfe3a51154c71d199e1edf7

SHA512
d3f16a61c0322a53a9352e71b845e7bb6ac7bf6b6f573bcd4eb6abd5f326639aac0fd3bffa7b1bf2f457657a9d31941e977c945f04779e55e12ff9fb9d465eef

Download Submit
C:\Windows\system\raGbsKG.exe

Filesize
2.3MB

MD5
cfa122efd542cfca16ed32de3193f688

SHA1
3371c3217f8808e523719c5b30ef908710a17e57

SHA256
c1f489896932b7d53881959d4eb8aa6fa89da469253bbc526f7ba94ad85ae9ac

SHA512
49b71507099787f7be937a36adab1fda885f00038907c7c69f0bc4dc5bcd77d506bbbcfb22fd70307009403b267cc35c97ef93701b7f74a6eeb850a55f0f5efd

Download Submit
C:\Windows\system\vDhaBKT.exe

Filesize
2.3MB

MD5
1cecb5dba4d0f53b5a53ddd1fa2e4143

SHA1
4b5e508d0566bd09bdec2f28f1f767f73f0aec10

SHA256
d550863bf5f83fc7d948ffb4acabe9c11d620fb56f547b61c4777e1b6d36d8e4

SHA512
3361cb3dd0234e0ef246f61afa004d526c0cdd5b693ed959a09283f75492c03410a5043207539f0929d61eaeb8279f2e71195c2370a76fefa0a44540869b5682

Download Submit
C:\Windows\system\xZIigun.exe

Filesize
2.3MB

MD5
133bc668fdc61f3a9fa479579466e47c

SHA1
cd5a1b2007374c431c441319e6e3d29cac79b664

SHA256
d6144f0f7d434c1e4d475c1d7bca639536b81f27542153c5d09057f9e58b7359

SHA512
5b1537a27b333b78ece012aa8ea50fbc956e6d75ea45470d5696f0506494f48dcae7e15d896790c4ea9c3d115d01988f9722b46d047f4305a56fe533a6efe9f8

Download Submit
\Windows\system\FsnWrRW.exe

Filesize
2.3MB

MD5
f3320a52eb2b28ed41df896d58357786

SHA1
156df82a6395ebad6cbe7f478b8800ed19349618

SHA256
11431d76661434c6f0a5749d38b67ddcb9ede6c8d3b7fcb2028620a653036775

SHA512
54583cd46b9b79c514a68d794d71fea42bc146cac48055a35fc7abd2b22da24335e85265d069b0bc744f2c31f838ca68c794294503f5e1ad2182b95c03e4549d

Download Submit
\Windows\system\KpEvcUP.exe

Filesize
2.3MB

MD5
4ed0c3092e0db5e3cc6aff5d6f9c4821

SHA1
e019469e6b69b7b43c67df95c0977ab29f070758

SHA256
54ea7103c1811e34c96f2b831abc6e7983404e752b06ffdb89d419b27b2a6e4d

SHA512
929864922ec1e80487ac6e34cf97bdbc19fb79d43033b0728a3a27c833084cf798078493a4c09b1c9ee99af2e8817177455ababb0524b917c82a1f5e13c82c7d

Download Submit
\Windows\system\MnmeSzP.exe

Filesize
2.3MB

MD5
4a938fad5985a7ff5a9ba891faf2c097

SHA1
00e5dfb0a77653f585adc0f0b8d75efbe63115c0

SHA256
e7e982a404965b5584ed4677e59dee5fd3f807a11eda0148d451c573d954e236

SHA512
d13869d251d720d660e00b2408af7b91372c7762c2e6b0a5bb767228437569c4dddec8e92347ba5eb5a038672225a6b40a016ae56dff8d688341a6ac27e950d3

Download Submit
\Windows\system\PgIBLNT.exe

Filesize
2.3MB

MD5
a3441562ce05832ee2c67d1e3e32d853

SHA1
18b008a455440e9db2d7387069adb8481940f78c

SHA256
501e8c41087aa9a193781f72e4e10d7a0ff4629a1d6e7ff631c1d30e1c7f44bf

SHA512
5581989144e63cd93dde0e174bff527d53581b06d53ae81f1d5ab2cc9d733fdfdb28817e7176517a0c376811de54675f6828eb48861ba2b77d8a444db1815d51

Download Submit
\Windows\system\XMndqhr.exe

Filesize
2.3MB

MD5
e1b63019a75bf4d83551009ffebedfe4

SHA1
186e53f14d9e537294ffa20595a4afd65cf55a3c

SHA256
9b5e8b4875d2958d2de948e5981a7713e024f520a932c68e3fbaa5da67d5317f

SHA512
e545e2600cc98dde79be478ab715c67625e0f7530ab9252e63fce5e3b3ce53181a952c04296f6ac7e0d12ab113ac450b169235ece22ce21affb57c39b94bff18

Download Submit
\Windows\system\YSGpedw.exe

Filesize
2.3MB

MD5
c431e4247339c596d2f1b9cbc3233e99

SHA1
85f87f7ece5475145862f66cbfb92733b5c1ec86

SHA256
b22f12f4de79ef44990f76ef54499608ffc8407f6bbc74f0802b17bd59c38878

SHA512
e947124c44a16b8077bf0f83ce779962beff2da8d1d23c3b6f7db4baacf3bb83b75609d434e4b8f8c6378577760a57e918d7e3f54a5fdd908e23a5a0ada211a0

Download Submit
\Windows\system\ZNnWGoE.exe

Filesize
2.3MB

MD5
e516db4661db8ae3dd6cf96991640c8d

SHA1
86e2e9e7dd8d0709c224ed6517329d56d3b4da4d

SHA256
f81b10012701ed2b070cddddd06ef27e289efbe3b43472c7fe4f137e30ff1118

SHA512
bc79c32dfdd26d841de47650b7b2c24653148bc386b16376c736c83d97f6b5543f21edd5ca9061606264be8f57664fd429342231a75eb02388447e50ed32d701

Download Submit
\Windows\system\cIrHhVU.exe

Filesize
2.3MB

MD5
88d453bcc6fe6d924c00489dd5176f6e

SHA1
6690faa3cadcef9a97139a0e8cd0a35f3e37c1e9

SHA256
d3dd3e73cc2e6839c604bed1dcf65a1cf192899dc64e800371a4236b723b5088

SHA512
f8a608928bf4d6704234e40f2223eb3e24c3a3bb9434a553447ff835fc7a50ccb21b647693cc834433db9b82dd3e79c3c146621171cc712d416e564b47e3aaef

Download Submit
\Windows\system\nSKsLey.exe

Filesize
2.3MB

MD5
0d4ff2053d07e08eb9af10e26eb2f051

SHA1
341a45c80fe9bd7cb975ba78de748ed427cc27e0

SHA256
8391047c47e93f08f79d5de71bafb34d3726050d69490ec71897e800839657fe

SHA512
c7a5d5f583effb4edf89b385db20a651f0eef572da633ab589bb925a192ab8c417bff956ce099d5a5416e94e0057d44c5d372e5e4cb3a0832a9dbfa0861992e1

Download Submit
\Windows\system\nlxHpdz.exe

Filesize
2.3MB

MD5
ebcd865ff7a77ec78963687d04d39609

SHA1
a4c4cecf6ad7c3d8c764821717de85515adc239f

SHA256
1fc08af2dfc36b902016b64df084ea8aaf0411d08c6a70e0dedeb65894a63c36

SHA512
15e9ea1bf647ac1e92a1443e523bbf7272097f99a2898b7134a20b3495421ca7d619b3415f7fb34fa2062c2873ed839caa06dddd6d7c64e731784838c50d1fc1

Download Submit
\Windows\system\uTekraz.exe

Filesize
2.3MB

MD5
e737f077ca9744a3b21bdb64fa699da5

SHA1
bf6d9224c6ac9fbe1dece898189b0bc5b01861a4

SHA256
92471c6e3d18b02057583b5ad683efd1687f1222b4ef97d2750c52ed5222ab9b

SHA512
c3fda08983686e254b2896b76c7701c77bf743fa07c06d99d2cbcc5ae6f21579d9f2bde7e9a7d28a509f5646b0dafabcb0bba699f396101b92245939dabf7e63

Download Submit
memory/1784-268-0x000000013FF30000-0x0000000140322000-memory.dmp

Filesize
3.9MB

Download
memory/1968-12-0x0000000002F00000-0x00000000032F2000-memory.dmp

Filesize
3.9MB

Download
memory/1968-241-0x000000013F1C0000-0x000000013F5B2000-memory.dmp

Filesize
3.9MB

Download
memory/1968-248-0x000000013F440000-0x000000013F832000-memory.dmp

Filesize
3.9MB

Download
memory/1968-639-0x00000000033A0000-0x0000000003792000-memory.dmp

Filesize
3.9MB

Download
memory/1968-257-0x00000000033A0000-0x0000000003792000-memory.dmp

Filesize
3.9MB

Download
memory/1968-608-0x000000013FA00000-0x000000013FDF2000-memory.dmp

Filesize
3.9MB

Download
memory/1968-465-0x00000000033A0000-0x0000000003792000-memory.dmp

Filesize
3.9MB

Download
memory/1968-250-0x000000013F330000-0x000000013F722000-memory.dmp

Filesize
3.9MB

Download
memory/1968-249-0x000000013F5C0000-0x000000013F9B2000-memory.dmp

Filesize
3.9MB

Download
memory/1968-2-0x000000013FE60000-0x0000000140252000-memory.dmp

Filesize
3.9MB

Download
memory/1968-261-0x000000013F2F0000-0x000000013F6E2000-memory.dmp

Filesize
3.9MB

Download
memory/1968-0-0x0000000000100000-0x0000000000110000-memory.dmp

Filesize
64KB

Download
memory/2436-247-0x000000013F500000-0x000000013F8F2000-memory.dmp

Filesize
3.9MB

Download
memory/2440-254-0x000000013F440000-0x000000013F832000-memory.dmp

Filesize
3.9MB

Download
memory/2508-262-0x000000013F2F0000-0x000000013F6E2000-memory.dmp

Filesize
3.9MB

Download
memory/2548-13-0x000000013FAC0000-0x000000013FEB2000-memory.dmp

Filesize
3.9MB

Download
memory/2568-244-0x000000013F1C0000-0x000000013F5B2000-memory.dmp

Filesize
3.9MB

Download
memory/2636-239-0x000000013FD10000-0x0000000140102000-memory.dmp

Filesize
3.9MB

Download
memory/2660-251-0x000000013F4E0000-0x000000013F8D2000-memory.dmp

Filesize
3.9MB

Download
memory/2952-246-0x000000013F8A0000-0x000000013FC92000-memory.dmp

Filesize
3.9MB

Download
memory/2956-256-0x000000013F330000-0x000000013F722000-memory.dmp

Filesize
3.9MB

Download
memory/2980-240-0x0000000002B5B000-0x0000000002BC2000-memory.dmp

Filesize
412KB

Download
memory/2980-237-0x0000000002B54000-0x0000000002B57000-memory.dmp

Filesize
12KB

Download
memory/2980-236-0x000007FEF53B0000-0x000007FEF5D4D000-memory.dmp

Filesize
9.6MB

Download
memory/2980-32-0x000000001B6A0000-0x000000001B982000-memory.dmp

Filesize
2.9MB

Download
memory/2980-54-0x00000000021A0000-0x00000000021A8000-memory.dmp

Filesize
32KB

Download
memory/2980-14-0x0000000002B50000-0x0000000002BD0000-memory.dmp

Filesize
512KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads