d929db0b4de9bed4c0750ad10440c81484f64e1f308689c0c56cdbe1bfe63b39

Analysis

max time kernel
130s
max time network
103s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
14-05-2024 15:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3a88637efb4cafae6238b6c3dc5b6b17b7a535e47a3f6a230dcc5cf428db3ad4.exe
Size

945KB
MD5

79a50ad43658e487f370e2efeddb8391
SHA1

755011c959efae47576d0091bb84c5b3649fa78a
SHA256

3a88637efb4cafae6238b6c3dc5b6b17b7a535e47a3f6a230dcc5cf428db3ad4
SHA512

06f3841817358434fd5ad878287f62b5ccf02c2b8b4f23b25df4eddd5afd832cf1e0ae1fd76b6881a91a729304bbdc4494d4ee05fdfcfa84762ce4a0c0760971
SSDEEP

12288:Tm7Ry90ebn/kwazqpDnNaHVBicWKJkc3Y7uRU2L1zmhYae+7YSF5jFLYnP5umJ9/:synEqpxTVikc3HRZL1mJEqLuBumJIx6

Score

8^/10

persistence

Malware Config

Signatures

Blocklisted process makes network request 1 IoCs

flow	pid	Process
10	368	cscript.exe

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\Control Panel\International\Geo\Nation	STAGInst.exe

Executes dropped EXE 2 IoCs

pid	Process
3684	7z.exe
3096	STAGInst.exe

Loads dropped DLL 3 IoCs

pid	Process
3684	7z.exe
3096	STAGInst.exe
3096	STAGInst.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\""	3a88637efb4cafae6238b6c3dc5b6b17b7a535e47a3f6a230dcc5cf428db3ad4.exe

Drops desktop.ini file(s) 2 IoCs

description	ioc	Process
File created	C:\staginstall\install3264\jre15\bin\desktop.ini	7z.exe
File opened for modification	C:\staginstall\install3264\jre15\bin\desktop.ini	7z.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082
Runs net.exe

Runs ping.exe 1 TTPs 1 IoCs

Remote System Discovery

T1018

pid	Process
2924	PING.EXE

Script User-Agent 1 IoCs

Uses user-agent string associated with script host/environment.

description	flow	ioc
HTTP User-Agent header	10	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)

Suspicious use of WriteProcessMemory 27 IoCs

description	pid	Process	procid_target
PID 2912 wrote to memory of 2068	2912	3a88637efb4cafae6238b6c3dc5b6b17b7a535e47a3f6a230dcc5cf428db3ad4.exe	83
PID 2912 wrote to memory of 2068	2912	3a88637efb4cafae6238b6c3dc5b6b17b7a535e47a3f6a230dcc5cf428db3ad4.exe	83
PID 2912 wrote to memory of 2068	2912	3a88637efb4cafae6238b6c3dc5b6b17b7a535e47a3f6a230dcc5cf428db3ad4.exe	83
PID 2068 wrote to memory of 1388	2068	cmd.exe	86
PID 2068 wrote to memory of 1388	2068	cmd.exe	86
PID 2068 wrote to memory of 1388	2068	cmd.exe	86
PID 1388 wrote to memory of 4960	1388	net.exe	87
PID 1388 wrote to memory of 4960	1388	net.exe	87
PID 1388 wrote to memory of 4960	1388	net.exe	87
PID 2068 wrote to memory of 2924	2068	cmd.exe	88
PID 2068 wrote to memory of 2924	2068	cmd.exe	88
PID 2068 wrote to memory of 2924	2068	cmd.exe	88
PID 2068 wrote to memory of 4120	2068	cmd.exe	89
PID 2068 wrote to memory of 4120	2068	cmd.exe	89
PID 2068 wrote to memory of 4120	2068	cmd.exe	89
PID 2068 wrote to memory of 368	2068	cmd.exe	90
PID 2068 wrote to memory of 368	2068	cmd.exe	90
PID 2068 wrote to memory of 368	2068	cmd.exe	90
PID 2068 wrote to memory of 3684	2068	cmd.exe	104
PID 2068 wrote to memory of 3684	2068	cmd.exe	104
PID 2068 wrote to memory of 3684	2068	cmd.exe	104
PID 2068 wrote to memory of 3096	2068	cmd.exe	105
PID 2068 wrote to memory of 3096	2068	cmd.exe	105
PID 2068 wrote to memory of 3096	2068	cmd.exe	105
PID 3096 wrote to memory of 3528	3096	STAGInst.exe	107
PID 3096 wrote to memory of 3528	3096	STAGInst.exe	107
PID 3096 wrote to memory of 3528	3096	STAGInst.exe	107

C:\Users\Admin\AppData\Local\Temp\3a88637efb4cafae6238b6c3dc5b6b17b7a535e47a3f6a230dcc5cf428db3ad4.exe
"C:\Users\Admin\AppData\Local\Temp\3a88637efb4cafae6238b6c3dc5b6b17b7a535e47a3f6a230dcc5cf428db3ad4.exe"
1⤵
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
PID:2912
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\init.cmd
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2068
- - C:\Windows\SysWOW64\net.exe
    NET SESSION
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:1388
  - - C:\Windows\SysWOW64\net1.exe
      C:\Windows\system32\net1 SESSION
      4⤵
      PID:4960
- - C:\Windows\SysWOW64\PING.EXE
    ping 8.8.8.8 -n 1
    3⤵
    - Runs ping.exe
    PID:2924
- - C:\Windows\SysWOW64\findstr.exe
    findstr /r .*8.8.8.8.*ms.TTL.*
    3⤵
    PID:4120
- - C:\Windows\SysWOW64\cscript.exe
    cscript //nologo wget.vbs "https://is-stag.zcu.cz/download?apl=installdata.dat" installdata.dat
    3⤵
    - Blocklisted process makes network request
    PID:368
- - C:\staginstall\7z.exe
    7z.exe x installdata.dat -y "-o.\" -pTajneheslo
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Drops desktop.ini file(s)
    PID:3684
- - C:\staginstall\STAGInst.exe
    STAGInst.exe
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:3096
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe" /c "copy /Y/B C:\staginstall\STAGInst.ini C:\"
      4⤵
      PID:3528

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

Remote System Discovery

T1018

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\7z.dll

Filesize
585KB

MD5
f22bdf7d66187b6517c94cf185979091

SHA1
d10fb5673a2670de6c961fe8130d5bac7a3c9099

SHA256
36f7f1e73c2950e5ca59ac25f12fb78809d8e14fc7d369a48464902a700ff064

SHA512
a6d50a88c770d0aa0f44fa9659b35677ac581f46c2270ee13da017b801d0f765e24e85eb3f3569ec164503ab500ab0d11df364c4a25a0be1fb2665e1e8f0eeae

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\7z.exe

Filesize
144KB

MD5
bab44bba05cad08fa97606e79e289f64

SHA1
845663d5226cccedd9bb81478e9a0927fedb07c5

SHA256
c32823c77e3a0992eff0cb2990a00c1a83af47e8bc540b45a207e5f4c0a61e92

SHA512
34f9522b137b0093b9a7662705ca4d3bc54e7ba3941118c965725866fa8bd90703e9241143ce2547818f05dce31747aa0746647ec9f3d3a9ce04fa9ba76d287c

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\DK.Standard.dll

Filesize
219KB

MD5
2c9877c145af4360105a2e9932ebf2b5

SHA1
3406379b95e4794c9d8ce53dca0399494c58c563

SHA256
f4cad6c58812ec84f03c912e496854ba0f47f85ab2e5f43e463405f0a1cfe264

SHA512
9b2ab6a20bf7fa29c69c4b9bbb06ef1599da63aa57966d67876f8c59d7546d35d3237c1bf580241da3657f09e0f44e0364660367bfce33f88f79b9f369b7b914

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\DK.WshRuntime.dll

Filesize
6KB

MD5
102154f5274844628d9158d486bd746d

SHA1
247e841d66f4ebc5c2f6aedf26d2325b7ef09652

SHA256
5d0bf1df92375f908c8a828096180bc7911518a407287b700b44efeebb8de89c

SHA512
435f7cc6772f40cda2702bfbcd2a108a7732fe8354611f033e115892b0745c61e0a07b3712d521d70ccad5bcec81e4e3b092234b81db4f02f89bcdce68c539ef

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INIFileParserDotNetCore.dll

Filesize
28KB

MD5
49dd5663e8474192f3727301abb8caf0

SHA1
11bedd9604643d1dd3e4a5aaae5bebb7e4184a51

SHA256
5f44d248ecc7363edf2ec427957e867d4c088ce798540ee5506871504628651f

SHA512
6dea36f0bc16f24eee872258db8c49e58108727992a4586989d1625878acbe120a8e7db40be2122a716104de2d0173bef8dc08aa8be9c7bba9f717d1ef3927dd

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Newtonsoft.Json.dll

Filesize
647KB

MD5
5afda7c7d4f7085e744c2e7599279db3

SHA1
3a833eb7c6be203f16799d7b7ccd8b8c9d439261

SHA256
f58c374ffcaae4e36d740d90fbf7fe70d0abb7328cd9af3a0a7b70803e994ba4

SHA512
7cbbbef742f56af80f1012d7da86fe5375ac05813045756fb45d0691c36ef13c069361457500ba4200157d5ee7922fd118bf4c0635e5192e3f8c6183fd580944

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\STAGInst.exe

Filesize
40KB

MD5
7f26a1499c0d87262859dbc5e59fac28

SHA1
63a377806d4365e5ca1742140a49b3e8de74efe7

SHA256
9e450fa1f2143acfc48b7a585570a653217b458556c64265e538c449dd2d6e1b

SHA512
b07cfbfb6609cdd0d4a21bcf29a193a1a9b07a181401c07b0190f0f79b26c3d7fddad7d009d9415a290f66f23ccf689e4613748e88fcbe0d9c00f8d3a9d5ebc4

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\STAGInst.ini

Filesize
4KB

MD5
ce5a3d36777687f567c2a7d694d376c4

SHA1
6a948270f6da3426d33562f672cfd07c92effe22

SHA256
29dbc4bacf2606e2f6acaf015159303544a7dad14e6a2ac7f191bd267b768cd1

SHA512
3c15ab8b477ea24a7cec79f96b8ca8e2bb977ed8730073a618096c1e7bdbe34f67c02bec63e279ff90cbf5fd6941c83dd6f7cdef1fbac5decf7221f488188a89

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\System.Buffers.dll

Filesize
27KB

MD5
b66c85efa4d6f8c698476735c1ff4ecc

SHA1
e523519ece3200133c5077993920d14d436b8484

SHA256
9444b5a41a816b193c033bec199d74cdfc8298ed8300a3c39a4e953dec137494

SHA512
7a648b004c49074c557624254bfc5072e10b8094e49102d91406bcbac30d78293c84b8bbb4e0a522ffebb873ae4d47ce2a2888c0d858d6e3e5ffd1d1066933d4

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\System.Collections.Immutable.dll

Filesize
295KB

MD5
d8203aedaabeac1e606cd0e2af397d01

SHA1
eef943e4369166a039dee90f2d81504613d49ca0

SHA256
2f05a2c489c2d30a6cca346d4ce184323d70eb4f5afa6bed34d5800274444e57

SHA512
ce09543cbb799db65c71ea9d050cef99d702d9af0cc4c7e346f97f616b091d0ab9a211197caf7fd5a53af1ba6ce913b2b121499d36cd43b499fd201376f4f3d6

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\System.Memory.dll

Filesize
145KB

MD5
89ec6e101de3a70ed140c62c2980f24e

SHA1
f5e64ed69c1845556038d70f88a081a92f7ea4a6

SHA256
63cca774a231ed2f7ca888b4b6c6d2357cb4848aa3040b2f0e67430158c21ed2

SHA512
8af03e678ca0047e481a76a383e75c11e9474b032db4adbc7e89adff62449bd0067801a8f4a0f5d47fabafbff319d69f5d5dbdaf0d0689025490e787e7138c22

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\System.Numerics.Vectors.dll

Filesize
113KB

MD5
482d88247171630099d81400dc0a1aa7

SHA1
359f9f8a3e0ee63f9eb6bc56e3bac300c731c080

SHA256
a044d77edb6e8db4053bf67cc671e7687c226c1b9b0963a81ebe359ce79dfdf7

SHA512
b14d84f24842669a09054a30e97927a02de2d113319fa80246506ec0ba9dd51d22f87a35ec7a8bbd145921acfee26a06db0006ce93fab0e108dcedff1ec3d8b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\System.Runtime.CompilerServices.Unsafe.dll

Filesize
23KB

MD5
d9e308fe5f1ac35ce823964288da1ba5

SHA1
b23c26aa1739d02ba4216cc5b80a47fd1251ab41

SHA256
1ad2dd7225d5162a0fd3a3b337a1949448520e3130a4bc8e010ec02f76097500

SHA512
22768d92838a0061435520faae7ab9a8747050776dd1aca00ff874a51be2119a89876c41c1b540dc60354b2741540e1ca88e8e447d81e555ee535a5b92f8ea06

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\cleaner.cmd

Filesize
149B

MD5
0791c4b411abbf9f49e2e994b6e4845c

SHA1
8c38d60138aa9f6c9bf8e0e05565ea01bb277dc3

SHA256
98c1e9c772e936d275f72f551f26645b9658b9d9a0b3ff64dd3c8bdecdd156c5

SHA512
f7215c38a1d70eecec43a4bdb2247b2cc2f37740abcfdc3fc3e8d21cbb8cd9b05d4f09d861e253059737af346c83a321915b5502a3554a458ed3869f633a2703

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\init.cmd

Filesize
332B

MD5
434f010b49946f344a401993cecac867

SHA1
d1c5328c27c54f1e15ade4b11353a5f2069cfb98

SHA256
ea3ef6d750bdc2b7485a2d0e5159aed452ccbe043b1c26d72bbef589f7b38fad

SHA512
0b6af04e33fc1bdae6a7c8d070bcc94cf03785f7a6c998cdb64fa9153a2bd34ee3342ddb4a0410098c3b263a8ac5d63c74f189a0506e146fe010ffdc8a1ec97b

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\msgbox.vbs

Filesize
213B

MD5
39830ea933c19d44219e190d17ffe8e8

SHA1
f11fce5823ce51851c1469482fb944316da06d61

SHA256
4ecfc10258f178fd9e702a68a90de08c99a1b71516b8bcae55b91e5a54dbea4c

SHA512
3f89873ac023dfffeefecc2001dde435353afc7206b0d793e2ec049935c635b9d1b9c1ceaf3adb5d06de5edda0a7b59334ccf43e69f758df1b983e111f4c0572

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\startmini.cmd

Filesize
5KB

MD5
814dd429b90e575c05a70e4015a8438d

SHA1
3cc1de066584d24f68491d52715b0cd3d9d6c191

SHA256
54d3f4b68fdabe647a09a236f092e13fc73279218212dcfc3c176cc6c4774e50

SHA512
dfba67b8a5d56c613c6bf201fba8426d27aa63c2628b25417e412bbf479454646004c068a6f13fac2952139b07790b29a6211f0485a71d415ea2eb5aa6c8b696

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\wget.vbs

Filesize
1KB

MD5
88107672cccbaa6d4a8e1708bf9f70b0

SHA1
2a2724de07012a3836ccaba6deed43ad27f93473

SHA256
aef2aefc3ef5e1db38634aab360330c7aac8b5ba72839a43224fa03fc2febb35

SHA512
5b629123cceea30804bfcc42ae7c30172bde4767da8c2280721f9093edca7598f2a40958a468fbb17e48306633ac212920c1530a52a36c2968b2af05c644eae6

Download Submit
C:\staginstall\ISStagInstall.log

Filesize
86KB

MD5
74e12dbd1dbce7f299e6d005f2c5893e

SHA1
9bbca600c09a6c7f758ab508ee8236ea8ad46fca

SHA256
65df520d4da9ca0c1fbe94205ee274ac21d1709adb5ae93796bc06cc8e0d7e7f

SHA512
698ff4155f993c752f0c08b9589a00d4eeaf78e746a64c98a6b1331aa823f60d56a9be57f1536e04fec8c461608c0c4c31c069e4781eac80898a2994c355d7ea

Download Submit
C:\staginstall\ISStagInstall.log

Filesize
87KB

MD5
f2e2a2e4a1507f6c07f8801dc2f857ff

SHA1
ced1b10f677a12e1c0cfaf0cc43dac25da8ab904

SHA256
5992daa3dbc26445a31f3046b4e7960ecf6a69b265e381ab867c85ab26685eb5

SHA512
c8e391b7ebdf3908eca094d627517bcd2dd8db51c57ff7c2787a4e9aa53e1ccfa70340fa5967cea84b422cf223149609588212a56c38fb92d5f18e22463cb06c

Download Submit
C:\staginstall\STAGInst.ini

Filesize
4KB

MD5
cfdfedc95145e1520460e2ff21bef983

SHA1
41199c50112ad4d9bec775597339fccf47cd8f27

SHA256
73cf72f6d511c399d9e4d51d94380425b65abdd98c925534c5f332673574a813

SHA512
42e963ab97af4f7d26e474b93db1d58528ef4058270ea87af55292dad625c4a9d7fcd66c2bd4671dfac087f85b5b1a01584e9e635ba1b0f1a7774c141672fa7b

Download Submit
C:\staginstall\install3264\jre15\lib\images\cursors\win32_LinkNoDrop32x32.gif

Filesize
153B

MD5
1e9d8f133a442da6b0c74d49bc84a341

SHA1
259edc45b4569427e8319895a444f4295d54348f

SHA256
1a1d3079d49583837662b84e11d8c0870698511d9110e710eb8e7eb20df7ae3b

SHA512
63d6f70c8cab9735f0f857f5bf99e319f6ae98238dc7829dd706b7d6855c70be206e32e3e55df884402483cf8bebad00d139283af5c0b85dc1c5bf8f253acd37

Download Submit
C:\staginstall\install3264\jre15\lib\zi\Africa\Lome

Filesize
27B

MD5
7da9aa0de33b521b3399a4ffd4078bdb

SHA1
f188a712f77103d544d4acf91d13dbc664c67034

SHA256
0a526439ed04845ce94f7e9ae55c689ad01e1493f3b30c5c2b434a31fa33a43d

SHA512
9d2170571a58aed23f29fc465c2b14db3511e88907e017c010d452ecdf7a77299020d71f8b621a86e94dd2774a5418612d381e39335f92e287a4f451ee90cfb6

Download Submit
C:\staginstall\install3264\jre15\lib\zi\Africa\Lubumbashi

Filesize
27B

MD5
6d17c604035643e786d5f741582fe460

SHA1
033416bbe6c6d0ed92b34283511d0e1f2cf661c2

SHA256
7617947371a9c512e81066347a5f99f6e2fdd504040ae327e1e2ef3af14b435f

SHA512
e12064d5e8b2fc60e7ffbc275cd15943ab51186a16cfaa5ad117f5871562ec635fbc19bf5fc34b0a9c78bb57b74c9930d4be2c6a64b0c650d40e385a4ab2e9a8

Download Submit
C:\staginstall\install3264\jre15\lib\zi\Etc\GMT+5

Filesize
27B

MD5
a2abe32f03e019dbd5c21e71cc0f0db9

SHA1
25b042eb931fff4e815adcc2ddce3636debf0ae1

SHA256
27ba8b5814833b1e8e8b5d08246b383cb8a5fb7e74e237cdbcadf320e882ab78

SHA512
197c065b9c17c6849a15f45ac69dafa68aaa0b792219fedb153d146f23997bfa4fbc4127b1d030a92a4d7103bded76a1389df715b9539ea23ea21e6a4bb65fb2

Download Submit
C:\staginstall\install3264\jre15\lib\zi\SystemV\HST10

Filesize
27B

MD5
715dc3fcec7a4b845347b628caf46c84

SHA1
1b194cdd0a0dc5560680c33f19fc2e7c09523cd1

SHA256
3144bc5353ebbd941cdccbbd9f5fb5a06f38abf5cc7b672111705c9778412d08

SHA512
72ab4b4ad0990cce0723a882652bf4f37aac09b32a8dd33b56b1fbf25ac56ae054328909efd68c8243e54e449d845fb9d53dd95f47eaaf5873762fcd55a39662

Download Submit
C:\staginstall\install3264\jre15\lib\zi\SystemV\MST7

Filesize
27B

MD5
11f8e73ad57571383afa5eaf6bc0456a

SHA1
65a736dddd8e9a3f1dd6fbe999b188910b5f7931

SHA256
0e6a7f1ab731ae6840eacc36b37cbe3277a991720a7c779e116ab488e0eeed4e

SHA512
578665a0897a2c05eda59fb6828f4a9f440fc784059a5f97c8484f164a5fcec95274159c6ff6336f4863b942129cb884110d14c9bd507a2d12d83a4e17f596d2

Download Submit
C:\staginstall\install3264\orainst\VGS60.DEI

Filesize
7KB

MD5
190ffc4708a2be73b2ce8da0ee9b144e

SHA1
ec0a60e2e78189342a666c3dc040ec3506d40ee0

SHA256
1d1e919bbccc7b87c07d1ede81230d2aadb09253b0962160a090acbb42ba2272

SHA512
5216746382575e98e291f1740d11065b47f3a5d0e31622d324bc6c3eb324c48cb5269377aedc179e6b98286f728c32794c17a4e4fdaedbab6b08b9bc91bfe1da

Download Submit
C:\staginstall\installdata.dat

Filesize
25.0MB

MD5
1358962abfd0868de2d056b96d1a2a32

SHA1
5442988d75a8d4aa79a97079ff0748f09ca152ab

SHA256
c5144fad49dbde10a74478e930d92140bd74c65bb3859111231a8e0e0e2aafd5

SHA512
8c1e7521b2de8620265c8385a032365ba97d8a79cf61453085275a80d2a06b68b2fcac287a726eed16491e5e69b5212189652aa7e83f87e6c8441b3b6c2717b4

Download Submit
memory/3096-3554-0x0000000000970000-0x0000000000980000-memory.dmp

Filesize
64KB

Download
memory/3096-3556-0x0000000005820000-0x0000000005DC4000-memory.dmp

Filesize
5.6MB

Download
memory/3096-3557-0x0000000005270000-0x0000000005302000-memory.dmp

Filesize
584KB

Download
memory/3096-3558-0x0000000005250000-0x000000000525A000-memory.dmp

Filesize
40KB

Download
memory/3096-3562-0x0000000008030000-0x000000000803E000-memory.dmp

Filesize
56KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads