b81326b4036b634fc4fa871d25cfb11ac9c80b010d521c6bf4e1c0cff0468fe2

Analysis

max time kernel
150s
max time network
151s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
02-05-2024 13:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0e9a8e8bfb73406e5cbc3e18520bd6af_JaffaCakes118.exe
Size

40KB
MD5

0e9a8e8bfb73406e5cbc3e18520bd6af
SHA1

f6888782e9ef509563e54292b9b50c46c934b263
SHA256

b81326b4036b634fc4fa871d25cfb11ac9c80b010d521c6bf4e1c0cff0468fe2
SHA512

359898dbd4acfe91a81019f264d5b8f33a14aabaf4ee67fda1fb14580e618eb332fe97d9e426bca933beb4028a3f1abe1af36e5615df55cc0755fbb1beea4ed8
SSDEEP

768:aq9m/ZsybSg2ts4L3RLc/qjhsKmHbk1+qJ0UtHpqpu:aqk/Zdic/qjh8w19JDH9

Score

7^/10

persistence upx

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1708	services.exe

UPX packed file 16 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1708-11-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral1/files/0x001500000001471d-10.dat	upx
behavioral1/memory/1708-17-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral1/memory/1708-21-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral1/memory/1708-27-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral1/memory/1708-28-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral1/memory/1708-32-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral1/memory/1708-36-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral1/memory/1708-37-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral1/memory/1708-57-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral1/memory/1708-61-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral1/memory/1708-62-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral1/memory/1708-66-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral1/memory/1708-70-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral1/memory/1708-71-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral1/memory/1708-462-0x0000000000400000-0x0000000000408000-memory.dmp	upx

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\JavaVM = "C:\\Windows\\java.exe"	0e9a8e8bfb73406e5cbc3e18520bd6af_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Services = "C:\\Windows\\services.exe"	services.exe

Drops file in Windows directory 3 IoCs

description	ioc	Process
File created	C:\Windows\services.exe	0e9a8e8bfb73406e5cbc3e18520bd6af_JaffaCakes118.exe
File opened for modification	C:\Windows\java.exe	0e9a8e8bfb73406e5cbc3e18520bd6af_JaffaCakes118.exe
File created	C:\Windows\java.exe	0e9a8e8bfb73406e5cbc3e18520bd6af_JaffaCakes118.exe

Modifies system certificate store 2 TTPs 10 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 040000000100000010000000410352dc0ff7501b16f0028eba6f45c50f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d0b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b66053030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c131900000001000000100000006cf252fec3e8f20996de5d4dd9aef42420000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510	0e9a8e8bfb73406e5cbc3e18520bd6af_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25	0e9a8e8bfb73406e5cbc3e18520bd6af_JaffaCakes118.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703085300000001000000230000003021301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc252000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	0e9a8e8bfb73406e5cbc3e18520bd6af_JaffaCakes118.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc35300000001000000230000003021301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a82000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	0e9a8e8bfb73406e5cbc3e18520bd6af_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8	0e9a8e8bfb73406e5cbc3e18520bd6af_JaffaCakes118.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	0e9a8e8bfb73406e5cbc3e18520bd6af_JaffaCakes118.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 0f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d0b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b66053030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c1320000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510	0e9a8e8bfb73406e5cbc3e18520bd6af_JaffaCakes118.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 1900000001000000100000006cf252fec3e8f20996de5d4dd9aef424030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c131d00000001000000100000004558d512eecb27464920897de7b66053140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc41560858910090000000100000016000000301406082b0601050507030406082b060105050703010b000000010000001e000000440053005400200052006f006f00740020004300410020005800330000000f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d20000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510	0e9a8e8bfb73406e5cbc3e18520bd6af_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13	0e9a8e8bfb73406e5cbc3e18520bd6af_JaffaCakes118.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703085300000001000000230000003021301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25190000000100000010000000ba4f3972e7aed9dccdc210db59da13c92000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	0e9a8e8bfb73406e5cbc3e18520bd6af_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2512 wrote to memory of 1708	2512	0e9a8e8bfb73406e5cbc3e18520bd6af_JaffaCakes118.exe	28
PID 2512 wrote to memory of 1708	2512	0e9a8e8bfb73406e5cbc3e18520bd6af_JaffaCakes118.exe	28
PID 2512 wrote to memory of 1708	2512	0e9a8e8bfb73406e5cbc3e18520bd6af_JaffaCakes118.exe	28
PID 2512 wrote to memory of 1708	2512	0e9a8e8bfb73406e5cbc3e18520bd6af_JaffaCakes118.exe	28

C:\Users\Admin\AppData\Local\Temp\0e9a8e8bfb73406e5cbc3e18520bd6af_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\0e9a8e8bfb73406e5cbc3e18520bd6af_JaffaCakes118.exe"
1⤵
- Adds Run key to start application
- Drops file in Windows directory
- Modifies system certificate store
- Suspicious use of WriteProcessMemory
PID:2512
- C:\Windows\services.exe
  "C:\Windows\services.exe"
  2⤵
  - Executes dropped EXE
  - Adds Run key to start application
  PID:1708

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
446f793d4ea6745b2a523a19a950fbb6

SHA1
ce8754b80de598d2c3e7283a037763af82c75910

SHA256
289a23591a541164c3d291c1452980f5008776f84009277cc2cef8cd6fc9232b

SHA512
0bd06bff8472fe727a3d2c89223efeb28d2592a936ecb2f5b00efc7446c9ddc618855d804509826ed3f67bbe24c4758fb4c5174f34b60da9fe65485994588fac

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d80d9da9ff96937657511e6ad10c6ed4

SHA1
8237710d03a2d441a5492de40decb78dfad259f2

SHA256
12533d3dae451138fbcd496aeebc6993c2c695fa3cd11a007b8dbf2ac4e378a0

SHA512
db11672cce7135eac8c4764f3ff7ca4f19e74fb2c409c61222ec3a32fbacafe09c131efcb6ff3564acf85fbc3239d5c56730c8476234391cceea0b617f044c09

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6f5a4cc78d22e1853677b9f7bde41cd0

SHA1
b477d9faeeccb7a3dd3c8e6bbf0529fd227db698

SHA256
1435e1529a05b0843ca163859006e94e3d8d9146860abe828799e3e4bc150d1f

SHA512
7f814f15bfbb9abb319c4f94ba1f9f2097b4f50c14afcf97279bcd57ecbb58bd38bd4e66814159e51749a5ec49aac364c3d3f718d53ee0cd5d38a13b30b7b704

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
71c3533c368449ab258195d0746df7ae

SHA1
f41bb4ebdfb8149e34cee27ccd4c60f8129d19da

SHA256
4afeb7eda390ce90491c3e702667631bffef060d486020d7e0c21078e74f342e

SHA512
028dae968ffe4611826da0a3cea7f8ef06f6a5270cd771ca0ad05d9aa40a99bfca5fa38d7f185fa877d742d995549697fa767f121732e9a19d30022d861544ba

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8c3cc984b3ba9206c058006f49dc957d

SHA1
53550eb693bb87fb715926a9d4304908488f4164

SHA256
23cd7ef646ebbea8b58a6495c03aab3f05b8defa4f84578f77ac0f3bedecf67d

SHA512
f2bdce55cc2ce6d7b31fd5ac7069704f5ad3354f88c770fbe9a2cfa11ad49dd7e428f306a3cca5f938083607fe4da797d71570d7691ff50708ff0f5a467849dc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
33ca91d871455588e05673337dfd2fa5

SHA1
fe4823f9f95f461b8325c677a7694978cf3ff502

SHA256
4b79a68d8fbc5ccba8be1f46cfc8f21f9ee1ba577457d0a17f94461376ac5b02

SHA512
4a30367e2db936b39447c1bae64bdc4df47ce681fabe878754398345d7d27ad57e0cc2fda9e47e0787810570bcfd43680c93e85ae35ed97274ac4ecdc7ded20f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
da1dd4794304b28ead3f345b7b963a66

SHA1
aee9ecf984e2bbfaf61317acad346e82315addf0

SHA256
48fef1b0b5e64dc300f2696c2dfa608f9fd87c785bb92dcafc7fa9146b61ec9d

SHA512
016f932dd7a11a82adb5611e50bd5dc79ac90d63d0715ec8b52f0f3fc78f66d83d4ea748b9be42dd29f1b8f4129692eafa0a6f960ff7ca52be38f5a699893017

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cc44cab787fc4242236c05ab58a74ca2

SHA1
ef811f9437d80fe792ca0066cbf38558461be772

SHA256
9b004421f71fc43876ce8d10aa33e1a98e573aae96128f25a4275cfc29495a03

SHA512
47597812097277f66350d4fda23d05a107002a5652cbe89e22d592e01a5144e58ce31ecceeba3df1b3d47869dbdb0625aa72c9a5debcae2d9ae0edc051fe0bab

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bcd68ed4afb0c426b02b1fab3582ebe9

SHA1
ff23b1d6516fbd97b498fb3261cd3ecdf23438c4

SHA256
951bc96e4ec476545be45e94c0f09f6b53696872208c6eb9d20a5c89976bc31a

SHA512
4bc076dd503cab2ec9b51ad4c31c1251117aec8c0421694d97aef93bc85020cf6737961383d064fa4daed2d7785a19b2f4d9a4eae6b64903fbc96fd533bc1923

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f964d160e219e0d64723996cf4d47974

SHA1
51e4373711f619acdeb0908773c9ca34914af0e0

SHA256
f90792d5f4e13ba78410c4e3e39a3c618ff6469e1035734bed91be710a8642c7

SHA512
11c0b8d17c48c2f760a1c8aa527ffaf12d8fd3c0784bf516edf7f2b5f1ddd5e238bfdb4d700823ef04c39c5c6bf018a341bceb6946a490a70d2115363287e7f2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6de840a8c9596c03c6b2029cb2898d7f

SHA1
9ef2cd355b6e3c3b8e8ada2d17e5f117f2ffffa8

SHA256
df57cca790942660bd45aacf9610d4a4e85f3d58dfd0b76a3c94cf4c5401a964

SHA512
79d0922f4216253d9de5e381e0c6aac4e8fb3bfcc6ef1a8a108d5b587bd70785fdd477d150dca0e8af064a041043bc21999c241b40d52d65a21d6fd46aab5fda

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
499ecf70604deb0f506e19191dec6806

SHA1
259a10c47d892a8918d83a4f24b2a56088f8b9a3

SHA256
6bc9f6c965efdd6eb471fa3a4062cba84ab6671363682e480657fcafa83f26dd

SHA512
0ca50a1becd41d9e88b023efe066a469d4957970423256ee98eccaef275f0189d6656cb16cc71d14060eac2659d516f221df34882a76269e03823f821ac82f7a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a32f73bb78d7db8d84364e8f1ef64f67

SHA1
bbdd54c59a8ac20fc4b532ea4f5bf0d65b94bcba

SHA256
75b7dee4c61af98d5c98e9db10b5752001aebfaf696f2418f626c8dab650540c

SHA512
d3906946ce57330689ba1819398e6a780d16e77274b8fe732bc3e791cc5bee9e7401aebbf5d3201e252efeea1eb09f4e49c827da4bd23eee0661fbcdfce801fd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2364c45a41d8cdb713a809e2bf2c0e70

SHA1
e6cea8e6a207301cbc77eb312aa4003feafe1ef7

SHA256
699bc7f8e643babf76c64266d7ca1198690dec6a8a60d6f42090baa2e5c265a7

SHA512
78eb5702e2f1a53914cb0a58baa845737ce54bd3b0a4b00d6fe092459d024b38cd5a0703c951d73e5824d6da626b80fbb1e8785557dbc4fa3a776a8eaadd4c2e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
db2c2365ed8b6cd032a7bfbe5a938a96

SHA1
dbe545721ca072c178d089587c97125dd2cae4a3

SHA256
51a0ebe86ff0d5e1641cb3af629771e07accec90f28724a3f855fc0018b450b8

SHA512
b0f3d48171d18616c9fec9d7ee66ff6bab1c686a254ee5e599de9c8e5cb5b0290a3249db70f0dcb19a49869e26f6f4304011aa7ffe577fdda64889f13cf06c15

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f53937c689518116e9db0e065aa78388

SHA1
27f2cfaacf146e4f6640ddc0d95cc97f439861ff

SHA256
389e91245d21cb8a7919e1d2be92f3891d5d1cdd175106722468464cac83792b

SHA512
20fe8d392ca484f9a894bd31a77702f1ee57face2aed720193b5adf42bffbcacdeb30b0b296eb828ce3adc0e8b896f6cfcd3eacf30b8941387d2c7a0c8a4e81a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1495da273134240029e25f01c166f52a

SHA1
34677329ac862de7358d4aa987357b2eb160687a

SHA256
3553a05eaa7b1d2c5f603e070e10ccb3a748e47124812f753072d6eb1b9ffe6a

SHA512
be27909e8439c1fd61b010227846369e14ce6de26d8ebe2fc9ee5ede979bca228b11f146f85b3104816055537fa75a80f1a0153469a9d7834dbf734523a3631a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
17117298df655c2aee3ce406eee685d3

SHA1
4f12608de7ddc110e5d2f06fae47c90559b86644

SHA256
8621be6644bccdf92bb8d96775d97f503492b1cc16756090b514895bc8780a0b

SHA512
5e08d9f372bf12f9169967f47dab84e4d1f46ac492359c92a7136b230254181adfc1f70199c9d4eeb803f19c7878d738d6d6bca23f630e7143192491db2a5ef1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4JZQ5QLK\search[3].htm

Filesize
25B

MD5
8ba61a16b71609a08bfa35bc213fce49

SHA1
8374dddcc6b2ede14b0ea00a5870a11b57ced33f

SHA256
6aa63394c1f5e705b1e89c55ff19eed71957e735c3831a845ff62f74824e13f1

SHA512
5855f5b2a78877f7a27ff92eaaa900d81d02486e6e2ea81d80b6f6cf1fe254350444980017e00cdeecdd3c67b86e7acc90cd2d77f06210bdd1d7b1a71d262df1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8ADCJI8Z\search[1].htm

Filesize
172KB

MD5
145b46c613d913e4803d5f383f64ae6c

SHA1
6c1a4ddbbf546fc1c5facd11666966ed48cd9a9b

SHA256
2765d19831d510b912c5dd9638facb92874cb8a46ecd303a0832d7109f6da960

SHA512
7aa72ee854ccbbb5ab322080b003e672b4155a5f1b402f722fd4114d115d54f031f27e2675317833f7e92272566f4200ce0bd1f5e3c87a91c526c4acc503c07d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9ZQLLOZN\C87OTXZS.htm

Filesize
175KB

MD5
ab1bdb0b235d9c5484e2acc4afe6680f

SHA1
d72274b13f650955ef564d7aefcd81da4f0ce307

SHA256
b446b6ea655e4ad091f9d75db6ada8f6828e4353b43cae31a6f5dff8e548bbe2

SHA512
5af48df31f38bcabb7a9ef8d7c166c077732df4904212f454a800dec626471f733a38d20b5e793955db7ec21a0a5b7cb48c53916b53c338242104574142a561f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9ZQLLOZN\results[4].htm

Filesize
1KB

MD5
ee4aed56584bf64c08683064e422b722

SHA1
45e5ba33f57c6848e84b66e7e856a6b60af6c4a8

SHA256
a4e6ba8c1fe3df423e6f17fcbeeaa7e90e2bd2fffe8f98ff4b3e6ed970e32c61

SHA512
058f023cb934a00c8f1c689001438c9bdd067d923ddcbe7a951f54d3ca82218803e0e81fbc9af5c56375ff7961deed0359af1ffa7335d41379ee97d01a76ded6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar3A23.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp3E4A.tmp

Filesize
40KB

MD5
ccdd2bf9f465d304313aef66a5ec5ffa

SHA1
bc09f0594bcd316547cd1cc6ef75fe47f9de98e8

SHA256
526beea22209ba8fe73d3f381e77249169042ce862a993da14fa82f18222ebed

SHA512
56f7faafecf1699ad38f6c02cf37c08a73e61946e3c3e829834b2a57dbc513ebff5b4cd5c4c1cc919b6dd00cc645c8e61fce3d42ef81fa4f7853049e540397f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\zincite.log

Filesize
1KB

MD5
b1893a2c858ec6a9bec1a67446d496f3

SHA1
29437a127e5382901f7e74b40b738225f4c37828

SHA256
5fdde8692402d6df659d134ceb0d318ae3eb9acf64e38ae561120d3a18141b10

SHA512
45b02e658ac5f8aad25ebf54c52138a218eda573aecc36fb502bd3e0ffbda9b12eef4ccdded90355efc216f027abe4dc7b822b13daf6abf121a502dba30145b4

Download Submit
C:\Users\Admin\AppData\Local\Temp\zincite.log

Filesize
1KB

MD5
808757d7b3b61c28f2780876f801fdaf

SHA1
28d94a03bbea382dd0ee8d925c0c46891425c595

SHA256
e312ab17c24c785d57277afc5a69e99be1b28079761afc3b4a89b835304b4e00

SHA512
0143a918246b04fa7e105754084cfccd279c39f404e0f6abec35e88e55d27b77955fc2e7919c59cbc0e3f54e5d079b99990e56f3ab486024f69b803c9be976e2

Download Submit
C:\Windows\services.exe

Filesize
8KB

MD5
b0fe74719b1b647e2056641931907f4a

SHA1
e858c206d2d1542a79936cb00d85da853bfc95e2

SHA256
bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c

SHA512
9c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2

Download Submit
memory/1708-71-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/1708-66-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/1708-17-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/1708-462-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/1708-11-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/1708-37-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/1708-57-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/1708-61-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/1708-27-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/1708-28-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/1708-32-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/1708-36-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/1708-70-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/1708-21-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/1708-62-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2512-0-0x0000000000500000-0x000000000050D000-memory.dmp

Filesize
52KB

Download
memory/2512-7-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2512-22-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2512-23-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2512-9-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads