bb5c6472c24b306edf107bd3d4b82b10d62d25cb68c3aaca9a3a8f2e529b26d5

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
11-05-2024 18:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

35fe8f7a8ea9c3ad4d7b8a9fbe0f5298_JaffaCakes118.exe
Size

1.3MB
MD5

35fe8f7a8ea9c3ad4d7b8a9fbe0f5298
SHA1

6fe65299bec8909d33971175db0e1e0538ded52a
SHA256

bb5c6472c24b306edf107bd3d4b82b10d62d25cb68c3aaca9a3a8f2e529b26d5
SHA512

84b3183b9c7e015fdc18f9a4e4713d001cb02688777071d35ac9f13e796e12e4764a710260b232bef4dad7cef5e6b4cdea48aab44b3df6d7ae33782e84a18a3f
SSDEEP

24576:f2O/GlI65CBqT921zTOc+pmwxKpQtOiG3Au3lTm+kbdA7gh8/pIHO:CYm921nm0wxKeUiLu3lTmVpAW8/p8O

Score

7^/10

persistence

Malware Config

Signatures

Executes dropped EXE 2 IoCs

Processes:

jhw.exejhw.exe

pid process

1904 jhw.exe
1812 jhw.exe

pid	process
1904	jhw.exe
1812	jhw.exe

Loads dropped DLL 5 IoCs

Processes:

35fe8f7a8ea9c3ad4d7b8a9fbe0f5298_JaffaCakes118.exejhw.exe

pid	process
992	35fe8f7a8ea9c3ad4d7b8a9fbe0f5298_JaffaCakes118.exe
992	35fe8f7a8ea9c3ad4d7b8a9fbe0f5298_JaffaCakes118.exe
992	35fe8f7a8ea9c3ad4d7b8a9fbe0f5298_JaffaCakes118.exe
992	35fe8f7a8ea9c3ad4d7b8a9fbe0f5298_JaffaCakes118.exe
1904	jhw.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

jhw.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\kgjfkdlld.exe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\10485384\\jhw.exe C:\\Users\\Admin\\AppData\\Local\\Temp\\10485384\\JIQ_NU~1"	jhw.exe

Suspicious use of SetThreadContext 1 IoCs

Processes:

jhw.exe

description pid process target process

PID 1812 set thread context of 304 1812 jhw.exe RegSvcs.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082
Suspicious behavior: EnumeratesProcesses 1 IoCs

Processes:

jhw.exe

pid process

1904 jhw.exe

description	pid	process	target process
PID 1812 set thread context of 304	1812	jhw.exe	RegSvcs.exe

pid	process
1904	jhw.exe

Suspicious use of WriteProcessMemory 22 IoCs

Processes:

35fe8f7a8ea9c3ad4d7b8a9fbe0f5298_JaffaCakes118.exejhw.exejhw.exe

description	pid	process	target process
PID 992 wrote to memory of 1904	992	35fe8f7a8ea9c3ad4d7b8a9fbe0f5298_JaffaCakes118.exe	jhw.exe
PID 992 wrote to memory of 1904	992	35fe8f7a8ea9c3ad4d7b8a9fbe0f5298_JaffaCakes118.exe	jhw.exe
PID 992 wrote to memory of 1904	992	35fe8f7a8ea9c3ad4d7b8a9fbe0f5298_JaffaCakes118.exe	jhw.exe
PID 992 wrote to memory of 1904	992	35fe8f7a8ea9c3ad4d7b8a9fbe0f5298_JaffaCakes118.exe	jhw.exe
PID 992 wrote to memory of 1904	992	35fe8f7a8ea9c3ad4d7b8a9fbe0f5298_JaffaCakes118.exe	jhw.exe
PID 992 wrote to memory of 1904	992	35fe8f7a8ea9c3ad4d7b8a9fbe0f5298_JaffaCakes118.exe	jhw.exe
PID 992 wrote to memory of 1904	992	35fe8f7a8ea9c3ad4d7b8a9fbe0f5298_JaffaCakes118.exe	jhw.exe
PID 1904 wrote to memory of 1812	1904	jhw.exe	jhw.exe
PID 1904 wrote to memory of 1812	1904	jhw.exe	jhw.exe
PID 1904 wrote to memory of 1812	1904	jhw.exe	jhw.exe
PID 1904 wrote to memory of 1812	1904	jhw.exe	jhw.exe
PID 1904 wrote to memory of 1812	1904	jhw.exe	jhw.exe
PID 1904 wrote to memory of 1812	1904	jhw.exe	jhw.exe
PID 1904 wrote to memory of 1812	1904	jhw.exe	jhw.exe
PID 1812 wrote to memory of 304	1812	jhw.exe	RegSvcs.exe
PID 1812 wrote to memory of 304	1812	jhw.exe	RegSvcs.exe
PID 1812 wrote to memory of 304	1812	jhw.exe	RegSvcs.exe
PID 1812 wrote to memory of 304	1812	jhw.exe	RegSvcs.exe
PID 1812 wrote to memory of 304	1812	jhw.exe	RegSvcs.exe
PID 1812 wrote to memory of 304	1812	jhw.exe	RegSvcs.exe
PID 1812 wrote to memory of 304	1812	jhw.exe	RegSvcs.exe
PID 1812 wrote to memory of 304	1812	jhw.exe	RegSvcs.exe

C:\Users\Admin\AppData\Local\Temp\35fe8f7a8ea9c3ad4d7b8a9fbe0f5298_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\35fe8f7a8ea9c3ad4d7b8a9fbe0f5298_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:992

C:\Users\Admin\AppData\Local\Temp\10485384\jhw.exe
"C:\Users\Admin\AppData\Local\Temp\10485384\jhw.exe" jiq=nus
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1904

C:\Users\Admin\AppData\Local\Temp\10485384\jhw.exe
C:\Users\Admin\AppData\Local\Temp\10485384\jhw.exe C:\Users\Admin\AppData\Local\Temp\10485384\UKFUV
3⤵
- Executes dropped EXE
- Adds Run key to start application
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:1812

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"
4⤵
PID:304

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\10485384\UKFUV
Filesize
86KB

MD5
e392efb0506abff8071f7ba13b9ea213

SHA1
a89e4c6abc31d7e95d9e4f69fb1039ea9006b3d5

SHA256
035e1933f8692e8e4bb9279b922ebf895bc17f1f0882a358b370e763022ffcc2

SHA512
e4b6bb71f53b851d43994b082d5e301aad4bba9bbb4b1c21bd0eab706b025c83b49131379a8822319a4107c3ba3d21e9a146875d5d9ac8f41a8c8a6dd6325f27

Download Submit
C:\Users\Admin\AppData\Local\Temp\10485384\asu.txt
Filesize
643B

MD5
b3ac3f89c0d3d848639efa9e10270b2e

SHA1
9d581888b661b79146b9d6467e2ffef0e3503d63

SHA256
7e6bfc04d9d896d3b2e3f97b60344500d6adcb1fd0a673090fa02225aad4423a

SHA512
4260f79b356e87f051a966ca9b8196b4769782abdf90ecd4a7f94eeb9bdeee6586149e385e7e3f7f9e4a82241f3e5297aa26338839cc9246dec356444e3ba380

Download Submit
C:\Users\Admin\AppData\Local\Temp\10485384\bfo.icm
Filesize
541B

MD5
309ef252e2d5282563bdd87c9697a5d2

SHA1
2c95e21122dbd9c95458694b94218915221dddf1

SHA256
7dcbf0d4e11a11bab9fdae4f9b80f295e7ca6c00db0727ea214b1f1e50fc88dc

SHA512
22d58c94b43afd9fd1c1115f9b13ca3aa467d0ec3311892fd9d2021408a9c635bbc674eae20ecb4dad5c536b390ecdc1120ebfd21a167a72cd60199d8a4aa82f

Download Submit
C:\Users\Admin\AppData\Local\Temp\10485384\brc.bmp
Filesize
643B

MD5
dd76d29266d38ce79c490520aac360f1

SHA1
e1bc621805a82afdc8f9de0651167e5b254a5e49

SHA256
e7d762e2feb77c326c55e346f2b158902531b34aeb96ced353d85c3b690a84b5

SHA512
bda03a8bc02ee0801f7cab940b9371b8fcd31537202c8d59fec08a93f1de66114b97f6e20a2985bbb42a7e6e4a18c737e4d93f43f87ae863f11255bc1a6c2782

Download Submit
C:\Users\Admin\AppData\Local\Temp\10485384\buw.icm
Filesize
543B

MD5
d695608ba5d1d41dff38b24db8ac5e75

SHA1
b745799bc05e69d7f7c668a512bd53af2e5d2cbb

SHA256
05a0f46a7c245e47bbf7574e7afce15b25e19728da3fca81904f6ce663b670ba

SHA512
63ffa63d5bfa56bfd288bd0b40e5b998694d735aa8c27e423b27805adcaf42aae546a0f67c95590308c6f4833a919b1e4216271b669a47571b037b08786d2484

Download Submit
C:\Users\Admin\AppData\Local\Temp\10485384\bvh.mp3
Filesize
545B

MD5
c05b9563d6500dd2350190e8b3186290

SHA1
fbe6a361b56f4003a41d5825143ebf29d6d1dd90

SHA256
48ef32cc7858d9024595dd9dd9f0f466a5a67244df90868bff67ffd78d3866c3

SHA512
5ffd26843174ca152be4f7845230b92615673d21170c28c1bdeaad597b79d95a10d56ca34a1c2e3b0c093b413a7f0ce38186bde4f795275c0592e7a689395c0f

Download Submit
C:\Users\Admin\AppData\Local\Temp\10485384\cwi.xl
Filesize
526B

MD5
9cceb456062b2464f50fc2a113e10152

SHA1
dbc8fbce5b2bc70b5afd5549577f567e18f6a56c

SHA256
ec73aa34b7011c79609dd85c12891059830882f141891d2090cd685afbe1f1d5

SHA512
32d0af8c504eafdf8bb60983b6c869605ade0fb12baa37249c6ae101410e5ec1be97139652a89cab5f5d4f0311ce2d3cdca5a1373a5f506d42c29549793bfb30

Download Submit
C:\Users\Admin\AppData\Local\Temp\10485384\cwx.mp3
Filesize
573B

MD5
2c42f4bd5e04132e7e403f1ec5f4ffad

SHA1
db777e2f85a77bdab1774ae8930ca30b4cad8c57

SHA256
48e7e2b99cabc523309acea6f4875538655418d8897bc2913e35990e0321358e

SHA512
3711696281fe43e9c68060906867b5bde9576146c52fefa2fc4b1b8197ef5730a40f7f1641bc30f816655fc93b78a4908edb0e866f75064f894216ee4198d1fb

Download Submit
C:\Users\Admin\AppData\Local\Temp\10485384\dfj.icm
Filesize
576B

MD5
599c7397e0d58e7deac0acb7fcc2a9fe

SHA1
4caa0ff6aa0530cf396af98a355cf8b655f1c094

SHA256
32627ba9126579851c32984c9d39ec1611e80b6198188a573235b5232f87fdc6

SHA512
f658630cac02741938c2b54df9be5589ce0ff957222c590be599fdae24fc55803e3174d0c2379fb00bd8d74e9cfea31d8cc12721befbbca908782a292bba5812

Download Submit
C:\Users\Admin\AppData\Local\Temp\10485384\dmr.xl
Filesize
564B

MD5
611dc9538594565e1e249f90e4d16084

SHA1
fe5ae1e540e9c0e5983e105e105f42d3e45344cf

SHA256
efffd78042f0e4bbeafd7dddf5fc5a38892826adcefe0d2afc30507bccf74610

SHA512
fce814860e9cb4c56ea396b7741c5482d2bf16d2d76ed6aed8825d6f63087777b97a8e098a675b9d22dc19fc03e6296676859d03a2452ab4985a243a792a0636

Download Submit
C:\Users\Admin\AppData\Local\Temp\10485384\eth.dat
Filesize
558B

MD5
0158630f9ec01c5b4c7d178135a92c28

SHA1
ad3cf3b0edcbd07cd2e6c0378b54dd62c84be5a2

SHA256
7af667639acffd9baf4ddfd8fa29c1bfccd032cef2947f418686acbd348612a3

SHA512
9fd6699b27e1752fa261629c359e08be3eb12c8ec1b537d5328ae3454bb649af79a36f1f4e3c46420240372472f737b852cf30541faa7abdadc3352c5a965e26

Download Submit
C:\Users\Admin\AppData\Local\Temp\10485384\evx.icm
Filesize
539B

MD5
9c691037d8465160ebf62dc810697dda

SHA1
3b74683729f1042cc66ef8ff46f93093721fe66c

SHA256
d62171af5471b7972ae9ee98b2c4986f816c8f22f32ea96d876f23fbae2a1137

SHA512
25b66fcd45086254a83f87a46fb4e1f84568249bc6219600eee9df9ce5522dead7b21097bfb66a8b6d6de1b06587e71946d9889181129e87ebcefa0053c753b5

Download Submit
C:\Users\Admin\AppData\Local\Temp\10485384\fwd.xl
Filesize
549B

MD5
f30d864889e04f316beb0b73f6769677

SHA1
6d7285a3f43639c90c44ba867a5c137f2d150c0c

SHA256
07f671b89a145500abadba605bdc071abe188f5c5307bd0cbf877837bdfbdb8f

SHA512
bd9e0ec21cfc39259eaff6274fea22c6a60d516fac849094a407b57db7a16205c83f69def5471e1483765db2f17b8737c7fe11a994b4ecdd1efc1ece260a7d09

Download Submit
C:\Users\Admin\AppData\Local\Temp\10485384\gqb.pdf
Filesize
591B

MD5
0921f3de56c350684bba0c1b1fb19280

SHA1
372003c474464067864c641dc29236415713d6b8

SHA256
48018e9b880d781a2664feae544617267561f6c7efbbbebd31f40094da5117f6

SHA512
36c4e8b65073fb0a07c746725d60c5812ed0cc598228b908e6208760cdc5d79b86e0ea62da395cd94c90f5b3e48b100ce5a0771e588f70ce7d5ec0831f665723

Download Submit
C:\Users\Admin\AppData\Local\Temp\10485384\iqx.pdf
Filesize
590B

MD5
cc3966e3b84b22a9504b97426286c047

SHA1
2d65a8367f8a49ec0da2f22fd42216d25c751eda

SHA256
13b78118a3bfcf130d06b88e1bf0b1b7eccb9e9779ed385ec3c41e11e8048a3e

SHA512
5036c5dbf8807e720cf74e63873b8b757135fb9e8aac24cb6874f8aff7d63beb335a78aac1ca0bc8e8037f4eebbc804b6a7603aadd30da2f749b9f491aefdfd5

Download Submit
C:\Users\Admin\AppData\Local\Temp\10485384\irj.icm
Filesize
507B

MD5
d6865ee8dde79f1a3d796946cbdddac9

SHA1
d9c8b24b6e20f13910f9b76935f95e6a06d51b75

SHA256
296ef98200b1ad157bc4ccd1c05c5be530a5f5911f2289a90ea4202bd01ecd64

SHA512
1d013564b15b5e7787f521050a64abea35b679753a6f0a3b1b8df4a56849c92c8272436a90092f8f593466e91c686789d692e0dc661485c943ec0bc600409af3

Download Submit
C:\Users\Admin\AppData\Local\Temp\10485384\jiq=nus
Filesize
202KB

MD5
897180943c2079e7450e6d7a5b78dc6c

SHA1
ece5eb004b6ce455105d3ea369a1d5b3b49b3b68

SHA256
239f4af905ba26c6437bd117a6d7a8378ac44aa9b143c16b78a9ac17da3c1ea1

SHA512
96d9c9271f9b75f818fc6532badaaf4c28c343f739859834489dad0bf1e8899514ca36c8b4277ed5ddd3389b7982e0fe7c04a447fc35338608df2da4de0ab52a

Download Submit
C:\Users\Admin\AppData\Local\Temp\10485384\khr.dat
Filesize
584B

MD5
07441535531eb1f831d02809f6196060

SHA1
3bfb7f4d3fe3aeea49ec58832f6b5de9c4e490a9

SHA256
f1ae933935816606ec90258635e6e434dbe4bbf3a3f8fc03b54c7f69ba8d8ea9

SHA512
d6eb672438a972d13796d18b81895d7d833ac3e97476efca5de72e00d9e74cc60425e9289ca0363d46a9d30fa978a79ddd8e4f1a22c48551871f2fdbcc068f8d

Download Submit
C:\Users\Admin\AppData\Local\Temp\10485384\lca.ppt
Filesize
573B

MD5
414083c170ad3869811f32dcd3034723

SHA1
c2af6ea612dd017b0a740b7fccaf6d374c7998f4

SHA256
388a3a746abe9fdbbb787daa3b79fb3b452503a6dfaec76701f494fae1fead1d

SHA512
b107f8689a2fb8135a84ab10c098d01672a8ec462b298423243a2daee3b6612359e004e592f666c4bf324b44b0f7dda8b9d070a53cc8de65b9eb4f7982a27ea0

Download Submit
C:\Users\Admin\AppData\Local\Temp\10485384\lcw.dat
Filesize
573B

MD5
b27b52f034d5e5772085f7b3eb83c875

SHA1
ac3428397b9556f524d1497df62eb66bc1972c54

SHA256
5a5d9a902076a44187ff7a4360939c868185c53ec37fc27620f6656c62524a0b

SHA512
9e3d99d58b401de7ae32661c4ad8d516ca8a010e4502e34f9810e808c1f185386c01c2833733e41d6f6d27c791fda121759412af426dac72726fa9ee7ae5c5e6

Download Submit
C:\Users\Admin\AppData\Local\Temp\10485384\lwp.docx
Filesize
584B

MD5
c57895ac5311bdf731a161fb5c80b21b

SHA1
6890ee1026ae21e0d879a09b75e7ad236d508a86

SHA256
b1497a1ef061dc1bd4f253db83c1e9e6cf3c2ddfc4bd5b9c9cf852936f002e1e

SHA512
2785cf70b1746c04fcf1729df8dc264603b162abae36ec9219d402803f0ad5fa9e73ff107bf36c857f5d4c5e1af36a249448e8a3ad1a64753f963de193efaefe

Download Submit
C:\Users\Admin\AppData\Local\Temp\10485384\mlv.ico
Filesize
523B

MD5
35e4011854e24895f01270e706afb0a2

SHA1
8911da01dfa271b03ff9d0c1fd82bf2904eb5c6f

SHA256
516bb436aeb6acb9d150fa7c46c20a10a94b8db1697333d28657581b3a633f4b

SHA512
377036fbd5028552e60774c6fb47b738b97bcae95ab32896a40f3d815cf030a797f9eded332f4a4d888214ea2616ca36eeac820deab07c1c9b73079ba24b4618

Download Submit
C:\Users\Admin\AppData\Local\Temp\10485384\msq.pdf
Filesize
508B

MD5
d15b4a243f3474aff6d6c866899a1abd

SHA1
3133267de7a1b0c7c221cf3dfd740c193ac6715f

SHA256
be5125d00d31d2fe8a8332797434a1e49c9d8dd027dc5bb1f3eae7ac0364f5db

SHA512
c65e9d4bc01217fa232654c9f03572842241c3ade0dd07371760debfb630b90fbde74b35c9354a5a03223bce23f50ecb24b084edb1fe481285a5e4a12b7d6edb

Download Submit
C:\Users\Admin\AppData\Local\Temp\10485384\nds.bmp
Filesize
513B

MD5
3a06786ce32eb390640a390688498fcd

SHA1
193adeee16fb3f71292600c3b2648b9fe1c4cb0f

SHA256
40735bb86906e8a5f50f441326ee4d18f51f59c9daf946d6e9f53e8aa20a2512

SHA512
7157d3046156495bc8eb43e04c7f432ac4782311fc53fbc78c57f377dccdbffdc62f803409b54820cef82e8c605d069a752ae26147ef797c2c7b4bfb62476982

Download Submit
C:\Users\Admin\AppData\Local\Temp\10485384\nvj.dat
Filesize
564B

MD5
a5d7f3b2efbc94e564a9ebaecb863453

SHA1
b2ca2787cf4c734fa2af9b86259f954ae927aadc

SHA256
30581befc140a5ead4ff75714e903f1db1387db8ffeb1655a41f4c6e35e547a8

SHA512
af29efc4eb6940017e1f2242b8f09b85567b6f8312dd44ad4201bbe63c2f36b62d9fb8a0ddc8bbe7c0b89f3174bf484b50fe4895476f55a6b562fc1b53a5ce72

Download Submit
C:\Users\Admin\AppData\Local\Temp\10485384\nvj.txt
Filesize
549B

MD5
30599b489c05a0f21760342c11076487

SHA1
8ad227e9cdc6a77df110966b46bab50219da8535

SHA256
25a51ca7e299e54da6a184e6ffe7068927973cc5379e0cdd6c9528f0eebe219f

SHA512
81f7dc859c0e5b48ce2e610f1ba00bfbc251de09d73e412841640bc7665106b9ac176bcb695164e6aa4292c68b347dbc00c613c2e781eae61f928d33bc32cb2c

Download Submit
C:\Users\Admin\AppData\Local\Temp\10485384\obm.ppt
Filesize
574B

MD5
5575f6ccb6e0e1331477ee83096cc237

SHA1
e8eb05fefd1b9f3cfa7dbd38f0edce8caea38537

SHA256
71f867878ffba892836cca93b056f4560fcabfe9201e56b63ff3336a6c941b49

SHA512
b3a4b047bdb5b11eb4be3228f2963efac1cff6613169c5ef61dbf9ffa01383abc774cb294271e87fc3b67aaaf41191b62eded40d4346fd43fb9909f9f35641f3

Download Submit
C:\Users\Admin\AppData\Local\Temp\10485384\ohq.xl
Filesize
555B

MD5
0afb5dcc7385cbc6c885dcdbf649cf3c

SHA1
e2af2fd56c5fdd2561525e58bb4e4578f14c007e

SHA256
b4f9ae3eec7ce65a4c9860d931dda69e7a7ef3d4b11412327f43d4a743f0c95a

SHA512
c4d9e0c2defb9726b473da7f2576ed636dca69bb09201bf0b214ac4532a67947da7105d7461f8d134da8dceca893867a19f063225ec892125ccc2393beb5ddc5

Download Submit
C:\Users\Admin\AppData\Local\Temp\10485384\owf.dat
Filesize
562B

MD5
2db3104c9a0637b1846df688c0e2ea52

SHA1
069795a7b3be2a3725b6089a8a7f02578fc6fde4

SHA256
0f617a8f8f19d137df0aed4916fd9288143ed12b241a1a8df8a204d6e6a5da35

SHA512
c19a1a1e749bc64bc5e38dc75d97d2c67dbc3d785e8a249d7c808030f55cbbe7f0794d619555a941bbc91a2527ae3aac8e656b47ff88f88f3acc6ec15a06d392

Download Submit
C:\Users\Admin\AppData\Local\Temp\10485384\pgj.mp4
Filesize
508B

MD5
aaaf0b35d6f5d4f2c66c477653ef08a5

SHA1
e87ddfde38eac4a14f8e4818b70d1597f6743d31

SHA256
cad89a44d98c13632bcc750bab3c28fa1cbcbf72b08a294cdc07384f4a35051b

SHA512
cb58968f250fb0656972e7a3055755699214ae79586276d40eba1be21cf4c5e03045526b3a33ac485f59ffd1a1dec93535a351984c6b6f0c3f6d39d1c116aade

Download Submit
C:\Users\Admin\AppData\Local\Temp\10485384\pxq.xl
Filesize
532B

MD5
c464386b348ffe4f4cfb429c42fe8792

SHA1
b19c0116b47fc25ca2d16ef4439127b2acd763d8

SHA256
6009b771cbd49bfa9fed0466fa7a646ecf5ea28e1ad242426fbaaa29f39de65e

SHA512
d482ac8bfff3725b228614a5dd110e34fee2ac237911fc40a106ba7a4e6b223ff3e0beee013f01530bda5138ed03c67a5f5c47cb3f704eddea86117c7dc308d6

Download Submit
C:\Users\Admin\AppData\Local\Temp\10485384\rim.mp4
Filesize
577B

MD5
2d7a785846aa6b1be37c1afc4339bd0d

SHA1
8a47f9c4e43f49ab9fe5b813dcee263d4b7f239e

SHA256
af5fee79d256738e12ddd74f104c0334955692a4ba1b52f0170d39835d61f639

SHA512
d0e1a7308bb9b467f96dbc468f27e23b03776e6dc40fb4296131e63cc4871f62e3278b532c7d175004c6c68973baa426716511e8663d04154a458ce49b5dc40d

Download Submit
C:\Users\Admin\AppData\Local\Temp\10485384\rqu.ppt
Filesize
568B

MD5
eee62134bd61202d685986066d15ab86

SHA1
6a223bfa97c32cc216390a2ceee3ea11a8a3d3b9

SHA256
8001d8bdb4fb0e5b2b1e6027f528890a086ad1969737e1aab5ba45717a6f17ab

SHA512
66b40fea4f24acc6dcfa9db4bab869f2b6feefdd74ba37fa63ab3906b4769e5bcc0e79310a49656190f670ab01d6d62ba983d0531011f4aa737188013d2dff3d

Download Submit
C:\Users\Admin\AppData\Local\Temp\10485384\tbw.pdf
Filesize
558B

MD5
ae9019ab7dcfda0a3698480a56f70c22

SHA1
93db4c3ce4a55001f0143f1042e93ebddea11302

SHA256
7f7c3d43ae2d6910371e226f277ee067e8cf2cb21fee302dd0f9e88ff40b17fe

SHA512
faa8daad3afac2ab933e6d85e8cadfb9f0917db02c82c5c1ccacdb636239771133f478d7ee1caa21f6a7452b07762be30bdebc0dda9c7c76ed8bbeeb7f7d7fde

Download Submit
C:\Users\Admin\AppData\Local\Temp\10485384\tct.pdf
Filesize
615B

MD5
b3372919c851526e7356422a98c6bfb0

SHA1
b4a2082f74b5f946ccbac52bebc1baa0cd9d74d7

SHA256
2953a3a02f04c70e5ae8e60eac2b9a1d9de7185e60104cbe9aaa3917ba7e9cd5

SHA512
359cdde58f3833e8675cd9c58d8390e85ab8d53cc14a609850ad9fd82d5f3859ac81ae21858cd431a7c52b9512a10d89e4f664611145e8139a449aa0e927d6c5

Download Submit
C:\Users\Admin\AppData\Local\Temp\10485384\tej.bmp
Filesize
1.5MB

MD5
98a5807e73994274f2b48b1eec59d401

SHA1
738b2eb58af56e82bd79e4e9978f13741ccb80c1

SHA256
bd85860aacdbd5858ca3219644839407108031448e150fbc1b36f116bbe91e7d

SHA512
a455aefa5227d94b82b6872204b01ca92ef1552a352e89401d20814fae9150832a7af285e7be89fe1fe1fb026da11fedf022cc71af10563ee33bdebb8324c46c

Download Submit
C:\Users\Admin\AppData\Local\Temp\10485384\udw.dat
Filesize
562B

MD5
0e9a02c2a4e269f3f49ef23056ec4508

SHA1
cfb37defd6caacb5c9bd1245bb92edde0ef9a1e7

SHA256
7ebe683c5c0f18644605bf1fe34fdf7756281468fb5dfbae02ec4cf07d586a8f

SHA512
4194f892bf68f6479f9080d2a99aad09a59b5e5ef1b938abe15ae50e1b76a8a51a8b35e0e985492b77f61f4189837caa804216f8e25848f0db418d1e0acfc606

Download Submit
C:\Users\Admin\AppData\Local\Temp\10485384\ueg.jpg
Filesize
565B

MD5
e8bd4715d1bf2cfc2e12294d74a486bb

SHA1
726f6480e2452d6665c9852c49defbac38dc1bd2

SHA256
3ab216ebc133be842e6b2a7e65e7803d6d5b2d94f426ca8deead6e6ba7d45aac

SHA512
f529b6d5fb4f86c3cc98f232647ba4448d7f9c63ea3b0fe69bcd92400b9ee70124e04113dcc8145081f54698a56522dc585c29277fd8f066472c9cd9d5a207cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\10485384\vah.jpg
Filesize
562B

MD5
d294c471f26483248a29624cf66c6c5d

SHA1
9a61b3e1b007a2cd408183794fcadc89445f84bc

SHA256
bd51e187b701f5e2b0e648e355334b20a226747270411fc8a82dbed88b0c43bb

SHA512
405b1a07efc84528d8fd83f0d5c9c557f5e384b2556a4f2950b180b93105516856b3903af3b227381e0f5edcbe5186154621fd812f441b4386308cc236d51978

Download Submit
C:\Users\Admin\AppData\Local\Temp\10485384\vtj.jpg
Filesize
516B

MD5
0256ed700c2bb6f4db76ed39d0d03e64

SHA1
c97b62fdcd460cd21d5af5950483e8c99c3f9adb

SHA256
71b7926533bdd21a18f8ad78f30c547ead2eb6928a95087535fa765f40b011c1

SHA512
a3df8d7dcea7fe2834e4285998f7a09d5f11a4ed35c8a3bf7dd89c0c5d8a09a258b4dff78b177374b376aea3adfc0500112d2767d307838391b7a67865db51cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\10485384\whd.ico
Filesize
543B

MD5
5b38573104d309730288f8c80869d3fd

SHA1
ead5046eb1a50989209b02e174b3e4e7d9a30236

SHA256
4b276d88d361d14396db09f2369d058a2672344251f1c9a09f18f04a9cb91b89

SHA512
9d13a4fa50565910860258b36a5819f27b201b3c610b3e726511024451be3b0a22db6120090f3edabb8245054eb083e54df355d650a937efb56bcc4e7d022f6c

Download Submit
C:\Users\Admin\AppData\Local\Temp\10485384\xat.bmp
Filesize
516B

MD5
fbb2b7f008b1072823cef187a6789e2b

SHA1
0690934ce8ad135cd7fa693142fa947261e5e041

SHA256
a063c17764bcddc94ef90dab88c8cd72565bb447a602e882151f25521fb3082a

SHA512
4dab482fada46a4c44252f9dce91d8018b8974989a34cde4b32569bf09306a8ef61f19f80806a1153dcc8c9c1d3219dc03fb4498e4de7c8549676ff268690238

Download Submit
C:\Users\Admin\AppData\Local\Temp\10485384\xnn.docx
Filesize
554B

MD5
97eef28d5ed4f74ee9fbafe701981cd9

SHA1
dbdb5a9f4e4968cf7f1101f66a67f2db0455e757

SHA256
1e869ded3546b7eb9663ca5291b2a8fcd523ca5e63749547ca119e4750b15d7f

SHA512
627749a4220f2ad6a7f63c3e34b9d072867bc9903f2e68fe814f9643fb6f94b56e42eb35b56ba8a3ce54b00ce3b5cbfcf976f06df8387bbe37a9844512078768

Download Submit
C:\Users\Admin\AppData\Local\Temp\10485384\xnw.mp3
Filesize
531B

MD5
27eb3dc0f2f33dd4c7dbff86ecb913b3

SHA1
538d2bb20e2de0a9ef44c065f1945efa3df71e1c

SHA256
57f3ac43625bd80c6392c8167f175f4ea96cae1296418fd08cc9b1711eba6261

SHA512
4a91eb4d613de64e62ea8132ecccaa22d27752fd0b43fea49300bab04cb4f3de533caacf506a36caf3250b67da3f7b9dcbecc8408d353b9620e8502d0ae6750a

Download Submit
C:\Users\Admin\AppData\Local\Temp\10485384\xqe.mp4
Filesize
641B

MD5
8a1065cbc342675a4a756409cd7a04ae

SHA1
66e6e4b137407f788f2ead670bee5112def722b3

SHA256
09bdbfe702f1d9f48b001e76f3ee95152ac37467dcb7e43bfa8d94810f65532c

SHA512
23902698965cd0d36275aefd39effdfa5d249b5e57ce4e8733015b68f9bd440df8637eb3d0aa82342563f26633ffd65a4c705e74cb3b977ff7c446b61c748fb8

Download Submit
C:\Users\Admin\AppData\Local\Temp\10485384\xrd.pdf
Filesize
663B

MD5
0fbc1bcfe7ff7e813a7b13e0939e2182

SHA1
0ea99e8f0df2a03f651b430fc5f173bef2dd539e

SHA256
8f311d93c196ca09c09bcc4d6cb29fc3f07f17cc4ae20308a2526c48b3a54b95

SHA512
05a3cc4b5b5bd89172c32db39ea104301e28226c0d04601f55a053e6192d6bffc78b2fa8493bae01a3a4f4c0f78144ff691169c9f91f44704168481794ffb0d9

Download Submit
\Users\Admin\AppData\Local\Temp\10485384\jhw.exe
Filesize
732KB

MD5
71d8f6d5dc35517275bc38ebcc815f9f

SHA1
cae4e8c730de5a01d30aabeb3e5cb2136090ed8d

SHA256
fb73a819b37523126c7708a1d06f3b8825fa60c926154ab2d511ba668f49dc4b

SHA512
4826f45000ea50d9044e3ef11e83426281fbd5f3f5a25f9786c2e487b4cf26b04f6f900ca6e70440644c9d75f700a4c908ab6f398f59c65ee1bff85dfef4ce59

Download Submit
memory/304-155-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads