a3650da7407ff30c64c0de626f71c0d2e39860bc84d888d8ccdec32f7c3713ac

Analysis

max time kernel
3s
max time network
19s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
07/05/2024, 15:42

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

20f5682f65f00f055506307ebfd1d303_JaffaCakes118.exe
Size

9.4MB
MD5

20f5682f65f00f055506307ebfd1d303
SHA1

f5682ed3b3a6a82a0c47662c8d415b53821a79d7
SHA256

a3650da7407ff30c64c0de626f71c0d2e39860bc84d888d8ccdec32f7c3713ac
SHA512

dab2c1fc48c2d26fc01e14c4afb93d3f9b68547ff1ec9279f149e32e085867fe220510e56e557044d1fa75eb08cd6f13c5b1eed60a09a8415dd3d1d5253d78bb
SSDEEP

196608:pi7n3Su5gTe3p2VLyM0/f7Pnj57ymavlb+zZhXWjTlh1RSa3yt:IbJmTe52VGM2/j57ym2b+zXWPlg

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
3024	lzma.exe
2708	lzma.exe

Loads dropped DLL 4 IoCs

pid	Process
3048	20f5682f65f00f055506307ebfd1d303_JaffaCakes118.exe
3048	20f5682f65f00f055506307ebfd1d303_JaffaCakes118.exe
3048	20f5682f65f00f055506307ebfd1d303_JaffaCakes118.exe
3048	20f5682f65f00f055506307ebfd1d303_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 3048 wrote to memory of 3024	3048	20f5682f65f00f055506307ebfd1d303_JaffaCakes118.exe	28
PID 3048 wrote to memory of 3024	3048	20f5682f65f00f055506307ebfd1d303_JaffaCakes118.exe	28
PID 3048 wrote to memory of 3024	3048	20f5682f65f00f055506307ebfd1d303_JaffaCakes118.exe	28
PID 3048 wrote to memory of 3024	3048	20f5682f65f00f055506307ebfd1d303_JaffaCakes118.exe	28
PID 3048 wrote to memory of 2708	3048	20f5682f65f00f055506307ebfd1d303_JaffaCakes118.exe	29
PID 3048 wrote to memory of 2708	3048	20f5682f65f00f055506307ebfd1d303_JaffaCakes118.exe	29
PID 3048 wrote to memory of 2708	3048	20f5682f65f00f055506307ebfd1d303_JaffaCakes118.exe	29
PID 3048 wrote to memory of 2708	3048	20f5682f65f00f055506307ebfd1d303_JaffaCakes118.exe	29

C:\Users\Admin\AppData\Local\Temp\20f5682f65f00f055506307ebfd1d303_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\20f5682f65f00f055506307ebfd1d303_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:3048
- C:\Users\Admin\AppData\Roaming\JWrapper-SimpleHelp Technician\JWrapperTemp-1715096576-0-app\lzma.exe
  "C:\Users\Admin\AppData\Roaming\JWrapper-SimpleHelp Technician\JWrapperTemp-1715096576-0-app\lzma.exe" "d" "C:\Users\Admin\AppData\Roaming\JWrapper-SimpleHelp Technician\JWrapperTemp-1715096576-0-app\verpatch.exe.l2" "C:\Users\Admin\AppData\Roaming\JWrapper-SimpleHelp Technician\JWrapperTemp-1715096576-0-app\verpatch.exe"
  2⤵
  - Executes dropped EXE
  PID:3024
- C:\Users\Admin\AppData\Roaming\JWrapper-SimpleHelp Technician\JWrapperTemp-1715096576-0-app\lzma.exe
  "C:\Users\Admin\AppData\Roaming\JWrapper-SimpleHelp Technician\JWrapperTemp-1715096576-0-app\lzma.exe" "d" "C:\Users\Admin\AppData\Roaming\JWrapper-SimpleHelp Technician\JWrapperTemp-1715096576-0-app\JWrapper-JWrapper-00022776666-archive.p2.l2" "C:\Users\Admin\AppData\Roaming\JWrapper-SimpleHelp Technician\JWrapperTemp-1715096576-0-app\JWrapper-JWrapper-00022776666-archive.p2"
  2⤵
  - Executes dropped EXE
  PID:2708
- C:\Users\Admin\AppData\Roaming\JWrapper-SimpleHelp Technician\JWrapper-JWrapper-00022776666-complete\lzma.exe
  "C:\Users\Admin\AppData\Roaming\JWrapper-SimpleHelp Technician\JWrapper-JWrapper-00022776666-complete\lzma.exe" "d" "C:\Users\Admin\AppData\Roaming\JWrapper-SimpleHelp Technician\JWrapperTemp-1715096582-0-app\JWrapper-Windows64JRE-00018576699-archive.p2.l2" "C:\Users\Admin\AppData\Roaming\JWrapper-SimpleHelp Technician\JWrapperTemp-1715096582-0-app\JWrapper-Windows64JRE-00018576699-archive.p2"
  2⤵
  PID:2100
- C:\Users\Admin\AppData\Roaming\JWrapper-SimpleHelp Technician\JWrapperTemp-1715096582-0-app\bin\unpack200.exe
  "C:\Users\Admin\AppData\Roaming\JWrapper-SimpleHelp Technician\JWrapperTemp-1715096582-0-app\bin\unpack200.exe" "C:\Users\Admin\AppData\Roaming\JWrapper-SimpleHelp Technician\JWrapperTemp-1715096582-0-app\lib\ext\sunpkcs11.jar.p2" "C:\Users\Admin\AppData\Roaming\JWrapper-SimpleHelp Technician\JWrapperTemp-1715096582-0-app\lib\ext\sunpkcs11.jar"
  2⤵
  PID:2992
- C:\Users\Admin\AppData\Roaming\JWrapper-SimpleHelp Technician\JWrapperTemp-1715096582-0-app\bin\unpack200.exe
  "C:\Users\Admin\AppData\Roaming\JWrapper-SimpleHelp Technician\JWrapperTemp-1715096582-0-app\bin\unpack200.exe" "C:\Users\Admin\AppData\Roaming\JWrapper-SimpleHelp Technician\JWrapperTemp-1715096582-0-app\lib\jsse.jar.p2" "C:\Users\Admin\AppData\Roaming\JWrapper-SimpleHelp Technician\JWrapperTemp-1715096582-0-app\lib\jsse.jar"
  2⤵
  PID:1052
- C:\Users\Admin\AppData\Roaming\JWrapper-SimpleHelp Technician\JWrapperTemp-1715096582-0-app\bin\unpack200.exe
  "C:\Users\Admin\AppData\Roaming\JWrapper-SimpleHelp Technician\JWrapperTemp-1715096582-0-app\bin\unpack200.exe" "C:\Users\Admin\AppData\Roaming\JWrapper-SimpleHelp Technician\JWrapperTemp-1715096582-0-app\lib\rt.jar.p2" "C:\Users\Admin\AppData\Roaming\JWrapper-SimpleHelp Technician\JWrapperTemp-1715096582-0-app\lib\rt.jar"
  2⤵
  PID:1748
- C:\Users\Admin\AppData\Roaming\JWrapper-SimpleHelp Technician\JWrapperTemp-1715096582-0-app\bin\javaw.exe
  "C:\Users\Admin\AppData\Roaming\JWrapper-SimpleHelp Technician\JWrapperTemp-1715096582-0-app\bin\javaw.exe" "-Xshare:dump"
  2⤵
  PID:1400
- C:\Users\Admin\AppData\Roaming\JWrapper-SimpleHelp Technician\JWrapper-JWrapper-00022776666-complete\lzma.exe
  "C:\Users\Admin\AppData\Roaming\JWrapper-SimpleHelp Technician\JWrapper-JWrapper-00022776666-complete\lzma.exe" "d" "C:\Users\Admin\AppData\Roaming\JWrapper-SimpleHelp Technician\JWrapperTemp-1715096576-0-app\JWrapper-SimpleHelp Technician-00022776762-archive.p2.l2" "C:\Users\Admin\AppData\Roaming\JWrapper-SimpleHelp Technician\JWrapperTemp-1715096576-0-app\JWrapper-SimpleHelp Technician-00022776762-archive.p2"
  2⤵
  PID:2600

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\JWrapper-SimpleHelp Technician\JWrapperTemp-1715096576-0-app\JWrapper-JWrapper-00022776666-archive.p2

Filesize
1.2MB

MD5
d759570dace6ecf69db866c2d279d7b8

SHA1
69c79bf233473d24825a6aea2168c8c7db26b6c1

SHA256
4190a00547e79f5e53555d1eb408cee3856df85e491541395d1d9532d3b472aa

SHA512
c9a8a3f4da0f3d182c172c3f4940e27d3d6e4682a4a93788b7168039c04584341a5b571e868c600c27278dd02f7696f883f90d0d7d54ab580e9f97c7557f184b

Download Submit
C:\Users\Admin\AppData\Roaming\JWrapper-SimpleHelp Technician\JWrapperTemp-1715096576-0-app\JWrapper-JWrapper-00022776666-archive.p2.l2

Filesize
416KB

MD5
14ee15fd7ab5c9de865a19bc452fd1ec

SHA1
7ff6ad4a4f6f79ff6cff9d5801ab7734a45ebd40

SHA256
e497fba740d93a83840be3025cf384975b7f75d56119200cec3a165b167f6153

SHA512
f144b66b8723ee5b94e34e4e84ad647786ef664c6119116f12aacb4c95d4c4d482e7fb1c989b24dbd983d86a4a6fa0564430da11918d02177e2c547273309db5

Download Submit
C:\Users\Admin\AppData\Roaming\JWrapper-SimpleHelp Technician\JWrapperTemp-1715096576-0-app\JWrapper-SimpleHelp Technician-00022776762-archive.p2

Filesize
563KB

MD5
5275e9c3a42f44d6292c3b9612b32539

SHA1
9a830409213c05e7b06d010d7a01c4cef03ed16d

SHA256
330cc886932756c4358bc8abcc0781df24a34e1ce200dd465245f28e2437f25e

SHA512
753634ca8d60ab2345082271bad9fb5c0f7bf8b94cd6699c0d5f11c905abba8167f83057f54e3b4126435e8b06c4c2af6f1b8f7307d83761c625997acabe4134

Download Submit
C:\Users\Admin\AppData\Roaming\JWrapper-SimpleHelp Technician\JWrapperTemp-1715096576-0-app\JWrapper-SimpleHelp Technician-00022776762-archive.p2.l2

Filesize
1.3MB

MD5
c40fe8e6f31f66cae037d60fc14079b7

SHA1
177e8c09e349cc956f12a3df3916a210c450bb7c

SHA256
0116be367dc65aa5f63b3e3d731285cb60aafe1947d60e2214c9b110f7b2fe33

SHA512
06fda04023978cce233ee75980e2e932c06cfc76fd328ea07482f6e15c655fbc979561a0342a1fa5c5f1ae1ba34f75c1a8ef455601582b37663b593af68132b5

Download Submit
C:\Users\Admin\AppData\Roaming\JWrapper-SimpleHelp Technician\JWrapperTemp-1715096576-0-app\lzma.exe

Filesize
71KB

MD5
e59aa0e52e93c781dcdab8ad7cc4054c

SHA1
1be9c2d8b48d6e0c8a7cab6013cc36ea42ec421e

SHA256
410bfdaddee3767151296fe4f16052c39546151916f05bbe4ae1c6b698b18f0f

SHA512
d0be3580640bb2cca0c097ec2154132eeefd2b2b4b0e45027cc303c47a42f5c545d5f50182c70a69b5d1673112d24f8ae320d097d7034e810dbc0a5128b09050

Download Submit
C:\Users\Admin\AppData\Roaming\JWrapper-SimpleHelp Technician\JWrapperTemp-1715096576-0-app\verpatch.exe.l2

Filesize
64KB

MD5
a7d480c0e73710e1ba852992d639013c

SHA1
e5c28fe817cdc938357d4ffbbaf0a84b53a9a2f0

SHA256
bd08cd90152ea5b2bdfbaa4dfa4f34329293a3214a8f392b06aa76ea7549f38c

SHA512
a93afe8efa673a8897d88b2c213ff502e103f67feb9f2600b83190f8fb4bda86a09f80cabdf029b7c3481d3ef555fd72633279bf8c8813fc85748628159bbddb

Download Submit
C:\Users\Admin\AppData\Roaming\JWrapper-SimpleHelp Technician\JWrapperTemp-1715096582-0-app\JWrapper-Windows64JRE-00018576699-archive.p2

Filesize
5.8MB

MD5
cc6cfa8387e4c56659d3104e597ce46c

SHA1
a52854f35cb3708e1075646b129b713ba4a116fd

SHA256
390d5f22193559f36fd840f625b4d589737da373d365eed89dd83a2f1477d199

SHA512
1856768fc1f4e696fa7881d7c8a5e9ff0e64789c3b3a73eb6be895a31d4e1e2672e1841462433d831ae80db337a1021e9efed2a41d27920e3591b46cd771d47d

Download Submit
C:\Users\Admin\AppData\Roaming\JWrapper-SimpleHelp Technician\JWrapperTemp-1715096582-0-app\JWrapper-Windows64JRE-00018576699-archive.p2.l2

Filesize
6.0MB

MD5
a939e212256a5ee3864f8660f4dadf8d

SHA1
c0442ae26df16c4522e951ef3a881308887b36fc

SHA256
435f7d0e79d888e988cc760e368c7520b8f68f3be358f07a09cae959cca09c9d

SHA512
9255614014975e2f76fc5946d8b7b8b88bf7d10fa3722126294b733db0100c7e9a6f5e57d9754e2fd1a8fc561abb3b5fbb7e5b1c2d710dd498e463deefc1ad1f

Download Submit
C:\Users\Admin\AppData\Roaming\JWrapper-SimpleHelp Technician\JWrapperTemp-1715096582-0-app\bin\client\classes.jsa

Filesize
1.5MB

MD5
a1968a0f41ff1340fec5b77daaa877be

SHA1
525999819cb82400e3a53ba3c7d1801658c70f94

SHA256
56aca1fe7382241f988c3a90728b7054273ee283d1a960f162719dc0df61648b

SHA512
99acec8426309e3304eae8f126676e0b160c290dccdf0d96e1ee703e0bafaf9de593915dcf0b990f72280a0406c203d4edc028baf176c04b2cf730cb3738dc74

Download Submit
C:\Users\Admin\AppData\Roaming\JWrapper-SimpleHelp Technician\JWrapperTemp-1715096582-0-app\bin\client\jvm.dll

Filesize
1.6MB

MD5
c9c4c710990b34b3c851e76a56360fc9

SHA1
a1d7bbf2e6f198b2af725eb469b6d41d6ac979c1

SHA256
b6ed5d2218569e924930dd2a84536001ef34f89698b6c65140f05b1873266434

SHA512
d03f1827b5f3ad687a7f0664c537a8dfe090d97cce67f3d7970780777497b4fd1cbbfe893fbed1d3d4e39ed71a27b547c388685ea8d1c6fdbd673ecd87dad8b6

Download Submit
C:\Users\Admin\AppData\Roaming\JWrapper-SimpleHelp Technician\JWrapperTemp-1715096582-0-app\bin\unpack200.exe

Filesize
124KB

MD5
0ac355d4114bcd53ad9aa4a01055c44f

SHA1
3a7c3c936a73de1c414b08391b37fe9c106990da

SHA256
80b00b9c76c491322779d0c2ef3fb0bb6d9609b7a73eb85e1bb08ebb76c049aa

SHA512
f18886f522c226e379166a7dd9cae600f000b696aa31ac9c7e54e76b7a74de226127637eb7cd8de3bb454883a0b82cb1b6236f8180296e6dc42d8a228e6933b4

Download Submit
C:\Users\Admin\AppData\Roaming\JWrapper-SimpleHelp Technician\JWrapperTemp-1715096582-0-app\lib\classlist

Filesize
76KB

MD5
ef2f77d23cd37746737f2f34f953b27c

SHA1
d3fc136fcf5421f31bf379a57f55fdb76450461d

SHA256
c5f11846410444f7eba84742a71d0693f4e25439af58e1ce7db41e21b7806e77

SHA512
66a1729bddc5a8dc8bc47c00c9a59f1d99f282c42dc177d58f11d283437209764e795168aaac03b2c00aff013d1329163faa6406cca8b08cfb6a8679a57e4bb5

Download Submit
C:\Users\Admin\AppData\Roaming\JWrapper-SimpleHelp Technician\JWrapperTemp-1715096582-0-app\lib\ext\sunpkcs11.jar

Filesize
166KB

MD5
25edf09d6b9a5fd1fecce20e16cd955c

SHA1
425cb995e9fbe57ee915ffd53a2457cde46f496d

SHA256
0cd8fdfbab6d535c5caec7f70d5dd425d6a7ef6bf953b44e81db7220b8cfcffd

SHA512
02b1f9a4e76257d913ce4280e28c3ef6677e118e329b08cd60c34f28dd57ee99f7a85ec0879ee0cdab36926447dd81771b7c142882fb650d5ed5a5cc407f2f3d

Download Submit
C:\Users\Admin\AppData\Roaming\JWrapper-SimpleHelp Technician\JWrapperTemp-1715096582-0-app\lib\ext\sunpkcs11.jar.p2

Filesize
120KB

MD5
1e3aae27c091733c0df95b1762ed5a92

SHA1
d8d865d9c26ff76651cd81d2e253d50a67ff6718

SHA256
dec4fac179d022add2f72f08286ea74687180e3b26f1c79e2c54aa3e815f4636

SHA512
123d55ceb49d93312af5b28e04b9ba6ce24e635e230ca0e6798ab3048f883c58f03c4236d675a56e3163b06825063bd5a0affca35b620e69ba23db5a2c27ac6d

Download Submit
C:\Users\Admin\AppData\Roaming\JWrapper-SimpleHelp Technician\JWrapperTemp-1715096582-0-app\lib\i386\jvm.cfg

Filesize
695B

MD5
8d52e756ca8cbe07741e1640b38a0f87

SHA1
bde0eca45c0d1b0be7250245eaa55487384c8bd3

SHA256
db32e24f9ab72c2a30e2cd2f80300b3640b8f04d2cf7dcd86fb15261ba46983c

SHA512
f1faa89f350da7d656d80aa8642e773af4cc5481719b627f3b2d313b03845a78b4700c77e25583e4157fda599745e2f4a06dd71adfb64d7294bfb9ef6e2865c6

Download Submit
C:\Users\Admin\AppData\Roaming\JWrapper-SimpleHelp Technician\JWrapperTemp-1715096582-0-app\lib\jce.jar

Filesize
80KB

MD5
8bfb4f2b5a7db5c2f66029cebcda61af

SHA1
544317c36b07e20b091ed1c276a1fba20719a696

SHA256
8c18142a4f95801050b8bddb632fa46b6c77f8937733b1b352ae71fde0d5f0ea

SHA512
06fc3734cfd6778b1f389fb111079ffd959798cfffcf799c563f228c70280373f7e412d2258f0abeeffe0979b3a4295ed123c0992e9fe724c5e6505e14db096b

Download Submit
C:\Users\Admin\AppData\Roaming\JWrapper-SimpleHelp Technician\JWrapperTemp-1715096582-0-app\lib\jsse.jar

Filesize
474KB

MD5
3902fa042a832f116c4bbdb8ac260396

SHA1
bbf56369190cd403dffc6114121bc93ef1f8bd94

SHA256
87d8858ed9ba36a65a71410816d041f878d61732be37c00a5521596d5d729b4d

SHA512
f79c93b40d109525d65b008d495751aa85ca9b43e32697028979da597c9ea5d265fd7b23b4979d1e874555768e375e56ada9cdafce776a2acfcb934e94be9706

Download Submit
C:\Users\Admin\AppData\Roaming\JWrapper-SimpleHelp Technician\JWrapperTemp-1715096582-0-app\lib\jsse.jar.p2

Filesize
115KB

MD5
41789f3bfea0465b6b5dfdbe133fe342

SHA1
0061d61370170afdc3984d2e0016c5b8d10b3946

SHA256
3f1931393c34b8828c37668bb34891cabce89a4caad9d2a1e8ad07b0c2f205c6

SHA512
2f6f8d579d9806d8b8a6c2e582e065a889c02347f8141e79c02ba238d100a11e2a491f1f915fc95bb297b0be498a2e3c2267bc78d10b9578c40c11f53f166735

Download Submit
C:\Users\Admin\AppData\Roaming\JWrapper-SimpleHelp Technician\JWrapperTemp-1715096582-0-app\lib\rt.jar

Filesize
2.8MB

MD5
38db8e660630b857b241dbebe7e8b3af

SHA1
ca124f70d8b86ac20693143f997261b4bf483c09

SHA256
7d33de8d9a845a77048e1a53da2c1dfc0484f7d16273b52c617c2891485d8217

SHA512
c5448fd174158406e0595a745b75bf741b14c04fac8c9cb1c8d3731568f8f16c6294cf50dffb14f60924a7897c35f0918dbda1a9a8d35fa22797d815e45caf0b

Download Submit
C:\Users\Admin\AppData\Roaming\JWrapper-SimpleHelp Technician\JWrapperTemp-1715096582-0-app\lib\rt.jar.p2

Filesize
5.5MB

MD5
a807e0923e8414643466abcf932d52a2

SHA1
486592ea614720d400d952fa8d0910759b0a561a

SHA256
529ac0eb91901fa2512f7019c241e58933ad4e5f30e7ac3957e0e24c8ca4d10c

SHA512
889087970871bfc6bf8485714e1e75d5a44ca41b2c455f32e6b78a8cd47fa0313b16672d1e32b08cc3ac6bc18d8e10e5532becbc8b2188b657dc1a6b275259b2

Download Submit
C:\Users\Admin\AppData\Roaming\JWrapper-SimpleHelp Technician\JWrapperTemp-1715096582-0-app\lib\zi\GMT

Filesize
27B

MD5
7da9aa0de33b521b3399a4ffd4078bdb

SHA1
f188a712f77103d544d4acf91d13dbc664c67034

SHA256
0a526439ed04845ce94f7e9ae55c689ad01e1493f3b30c5c2b434a31fa33a43d

SHA512
9d2170571a58aed23f29fc465c2b14db3511e88907e017c010d452ecdf7a77299020d71f8b621a86e94dd2774a5418612d381e39335f92e287a4f451ee90cfb6

Download Submit
\Users\Admin\AppData\Roaming\JWrapper-SimpleHelp Technician\JWrapperTemp-1715096582-0-app\bin\hpi.dll

Filesize
32KB

MD5
7f4f5d189ec48566d9d8c2ebaed68c74

SHA1
8ba4ab69b6a453640708ba8337e53d01ce041834

SHA256
ad9a3a3949742995b9b2b302e99b9a15a5c0211acccbdf4d6a9f86a69a3f305a

SHA512
52b461a23c4377974494a1b57f49e8c32e072e933be59f36900290f518504f7d42189e22aab7a51dcda128d0606bcd9c0a85404340313ac322e39db36828da13

Download Submit
\Users\Admin\AppData\Roaming\JWrapper-SimpleHelp Technician\JWrapperTemp-1715096582-0-app\bin\java.dll

Filesize
116KB

MD5
3b3613ae9a31e5099ff803b8c858a86d

SHA1
5cc6c08550cd2f4ef6d37d521c7891051413f16d

SHA256
5a5e216f287cbcaf7a4ba8ccb8fcb3dae0b05378d89ba6a70f1d50b394306796

SHA512
ed360d73fcc2362129ff4e2c52f8fdf84970598f49be081740e7ed23d23fa8cdf7a01d13cbe2b8cff3fa0d2ecc7455487f98e827eabc2c0d76037e1d4afef365

Download Submit
\Users\Admin\AppData\Roaming\JWrapper-SimpleHelp Technician\JWrapperTemp-1715096582-0-app\bin\javaw.exe

Filesize
52KB

MD5
141c0ddc4b7aa9287d1dea52c9525445

SHA1
b01e93615748020869be5f7dc73be6803ac18619

SHA256
9dee589ab11824cf051afbf5ba0d30e38a464571d23edb14f0ea9b6bdf9fc57c

SHA512
c5d7c14e11ea613b1c4b2a796254142136112b5682fccb1ebafbbc014601e5b103f8ab7a5d3a9d4b319a379741fb0bbffa6a214a142931e4f17aecdd54112a54

Download Submit
\Users\Admin\AppData\Roaming\JWrapper-SimpleHelp Technician\JWrapperTemp-1715096582-0-app\bin\verify.dll

Filesize
48KB

MD5
95c10f3184ed7aa45709f7cd70b49589

SHA1
1096dc0c79d201b7bd77e0399c6b8d86bc1f8a6f

SHA256
e6f4b6e25a2bc7fc03a73032c60138410b30ac528c7d10da87ea612e52a7b736

SHA512
211c522ccdeee5145cf1cddc9806c79915d16ac1d2614c3bcf75d776d61c314c66ebef53f90aae5218ad472c15fba12f0ad0d19f0dfbb022fd36462e480de637

Download Submit
\Users\Admin\AppData\Roaming\JWrapper-SimpleHelp Technician\JWrapperTemp-1715096582-0-app\bin\zip.dll

Filesize
60KB

MD5
19984073548bc33fc67c04aa277cdd44

SHA1
64189f2f71e40ae2794dcfb2df53056a82aa33c2

SHA256
f450c1a55a143d35b8b330c7538c22b8781d729aa947e27cbc2afc4e19434686

SHA512
b08ac43a0c6f12301339c30717908989ffe8bc3cf3889bcd347e83dbdc6fb21150d715da8525edd800015122c417da0870d08affbf35b5496410e36b913c5022

Download Submit
memory/1400-638-0x0000000001C40000-0x0000000001C70000-memory.dmp

Filesize
192KB

Download
memory/1400-641-0x0000000001C40000-0x0000000001C70000-memory.dmp

Filesize
192KB

Download
memory/2100-48-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads