26fede729834ee64c5bbe0cfa5516e72fb5dc361ace426c3cac2d8cc3c51ec0c

Analysis

max time kernel
149s
max time network
126s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
27/06/2024, 12:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

16175ed53b3962d8c14c1ffd5f2482c7_JaffaCakes118.exe
Size

204KB
MD5

16175ed53b3962d8c14c1ffd5f2482c7
SHA1

1c76ef23b41bae50dc700c0ee5cbbf9a1d05e7a7
SHA256

26fede729834ee64c5bbe0cfa5516e72fb5dc361ace426c3cac2d8cc3c51ec0c
SHA512

e289106343394ef5f884398cca66a05bfeb75f01e02c46d91a4e481164dcf2e4576c41aa5d8648a5cb8a16c4a4a76bbd61b8bb7c9ed1a695dd26a17e88621275
SSDEEP

3072:1TqqZBXj3pZgjxp8HRfW+Ida220gN4JsBi40BuWNVYrcLwcYieNRrhomiyTfXIKg:1muxDpZgdORfWTmiDBuhTIaxu+7qT

Score

10^/10

evasion persistence

Malware Config

Signatures

Modifies visiblity of hidden/system files in Explorer 2 TTPs 1 IoCs

evasion

Hidden Files and Directories

T1564.001

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden = "0"	saogaa.exe

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation	16175ed53b3962d8c14c1ffd5f2482c7_JaffaCakes118.exe

Executes dropped EXE 1 IoCs

pid	Process
1648	saogaa.exe

Adds Run key to start application 2 TTPs 50 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\saogaa = "C:\\Users\\Admin\\saogaa.exe /g"	saogaa.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\saogaa = "C:\\Users\\Admin\\saogaa.exe /I"	saogaa.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\saogaa = "C:\\Users\\Admin\\saogaa.exe /p"	saogaa.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\saogaa = "C:\\Users\\Admin\\saogaa.exe /t"	saogaa.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\saogaa = "C:\\Users\\Admin\\saogaa.exe /Q"	saogaa.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\saogaa = "C:\\Users\\Admin\\saogaa.exe /v"	saogaa.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\saogaa = "C:\\Users\\Admin\\saogaa.exe /s"	saogaa.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\saogaa = "C:\\Users\\Admin\\saogaa.exe /i"	saogaa.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\saogaa = "C:\\Users\\Admin\\saogaa.exe /C"	saogaa.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\saogaa = "C:\\Users\\Admin\\saogaa.exe /X"	saogaa.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\saogaa = "C:\\Users\\Admin\\saogaa.exe /Z"	saogaa.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\saogaa = "C:\\Users\\Admin\\saogaa.exe /n"	saogaa.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\saogaa = "C:\\Users\\Admin\\saogaa.exe /a"	saogaa.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\saogaa = "C:\\Users\\Admin\\saogaa.exe /O"	saogaa.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\saogaa = "C:\\Users\\Admin\\saogaa.exe /w"	saogaa.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\saogaa = "C:\\Users\\Admin\\saogaa.exe /f"	saogaa.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\saogaa = "C:\\Users\\Admin\\saogaa.exe /b"	saogaa.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\saogaa = "C:\\Users\\Admin\\saogaa.exe /N"	saogaa.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\saogaa = "C:\\Users\\Admin\\saogaa.exe /D"	saogaa.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\saogaa = "C:\\Users\\Admin\\saogaa.exe /e"	saogaa.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\saogaa = "C:\\Users\\Admin\\saogaa.exe /z"	saogaa.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\saogaa = "C:\\Users\\Admin\\saogaa.exe /T"	saogaa.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\saogaa = "C:\\Users\\Admin\\saogaa.exe /A"	saogaa.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\saogaa = "C:\\Users\\Admin\\saogaa.exe /F"	saogaa.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\saogaa = "C:\\Users\\Admin\\saogaa.exe /K"	saogaa.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\saogaa = "C:\\Users\\Admin\\saogaa.exe /H"	saogaa.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\saogaa = "C:\\Users\\Admin\\saogaa.exe /x"	saogaa.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\saogaa = "C:\\Users\\Admin\\saogaa.exe /P"	saogaa.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\saogaa = "C:\\Users\\Admin\\saogaa.exe /B"	saogaa.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\saogaa = "C:\\Users\\Admin\\saogaa.exe /Y"	saogaa.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\saogaa = "C:\\Users\\Admin\\saogaa.exe /L"	saogaa.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\saogaa = "C:\\Users\\Admin\\saogaa.exe /u"	saogaa.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\saogaa = "C:\\Users\\Admin\\saogaa.exe /c"	saogaa.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\saogaa = "C:\\Users\\Admin\\saogaa.exe /j"	saogaa.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\saogaa = "C:\\Users\\Admin\\saogaa.exe /y"	saogaa.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\saogaa = "C:\\Users\\Admin\\saogaa.exe /l"	saogaa.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\saogaa = "C:\\Users\\Admin\\saogaa.exe /M"	saogaa.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\saogaa = "C:\\Users\\Admin\\saogaa.exe /q"	saogaa.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\saogaa = "C:\\Users\\Admin\\saogaa.exe /r"	saogaa.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\saogaa = "C:\\Users\\Admin\\saogaa.exe /o"	saogaa.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\saogaa = "C:\\Users\\Admin\\saogaa.exe /W"	saogaa.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\saogaa = "C:\\Users\\Admin\\saogaa.exe /S"	saogaa.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\saogaa = "C:\\Users\\Admin\\saogaa.exe /h"	saogaa.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\saogaa = "C:\\Users\\Admin\\saogaa.exe /m"	saogaa.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\saogaa = "C:\\Users\\Admin\\saogaa.exe /k"	saogaa.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\saogaa = "C:\\Users\\Admin\\saogaa.exe /U"	saogaa.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\saogaa = "C:\\Users\\Admin\\saogaa.exe /V"	saogaa.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\saogaa = "C:\\Users\\Admin\\saogaa.exe /J"	saogaa.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\saogaa = "C:\\Users\\Admin\\saogaa.exe /d"	saogaa.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\saogaa = "C:\\Users\\Admin\\saogaa.exe /R"	saogaa.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1648	saogaa.exe
1648	saogaa.exe
1648	saogaa.exe
1648	saogaa.exe
1648	saogaa.exe
1648	saogaa.exe
1648	saogaa.exe
1648	saogaa.exe
1648	saogaa.exe
1648	saogaa.exe
1648	saogaa.exe
1648	saogaa.exe
1648	saogaa.exe
1648	saogaa.exe
1648	saogaa.exe
1648	saogaa.exe
1648	saogaa.exe
1648	saogaa.exe
1648	saogaa.exe
1648	saogaa.exe
1648	saogaa.exe
1648	saogaa.exe
1648	saogaa.exe
1648	saogaa.exe
1648	saogaa.exe
1648	saogaa.exe
1648	saogaa.exe
1648	saogaa.exe
1648	saogaa.exe
1648	saogaa.exe
1648	saogaa.exe
1648	saogaa.exe
1648	saogaa.exe
1648	saogaa.exe
1648	saogaa.exe
1648	saogaa.exe
1648	saogaa.exe
1648	saogaa.exe
1648	saogaa.exe
1648	saogaa.exe
1648	saogaa.exe
1648	saogaa.exe
1648	saogaa.exe
1648	saogaa.exe
1648	saogaa.exe
1648	saogaa.exe
1648	saogaa.exe
1648	saogaa.exe
1648	saogaa.exe
1648	saogaa.exe
1648	saogaa.exe
1648	saogaa.exe
1648	saogaa.exe
1648	saogaa.exe
1648	saogaa.exe
1648	saogaa.exe
1648	saogaa.exe
1648	saogaa.exe
1648	saogaa.exe
1648	saogaa.exe
1648	saogaa.exe
1648	saogaa.exe
1648	saogaa.exe
1648	saogaa.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2988	16175ed53b3962d8c14c1ffd5f2482c7_JaffaCakes118.exe
1648	saogaa.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2988 wrote to memory of 1648	2988	16175ed53b3962d8c14c1ffd5f2482c7_JaffaCakes118.exe	88
PID 2988 wrote to memory of 1648	2988	16175ed53b3962d8c14c1ffd5f2482c7_JaffaCakes118.exe	88
PID 2988 wrote to memory of 1648	2988	16175ed53b3962d8c14c1ffd5f2482c7_JaffaCakes118.exe	88
PID 1648 wrote to memory of 2988	1648	saogaa.exe	87
PID 1648 wrote to memory of 2988	1648	saogaa.exe	87
PID 1648 wrote to memory of 2988	1648	saogaa.exe	87
PID 1648 wrote to memory of 2988	1648	saogaa.exe	87
PID 1648 wrote to memory of 2988	1648	saogaa.exe	87
PID 1648 wrote to memory of 2988	1648	saogaa.exe	87
PID 1648 wrote to memory of 2988	1648	saogaa.exe	87
PID 1648 wrote to memory of 2988	1648	saogaa.exe	87
PID 1648 wrote to memory of 2988	1648	saogaa.exe	87
PID 1648 wrote to memory of 2988	1648	saogaa.exe	87
PID 1648 wrote to memory of 2988	1648	saogaa.exe	87
PID 1648 wrote to memory of 2988	1648	saogaa.exe	87
PID 1648 wrote to memory of 2988	1648	saogaa.exe	87
PID 1648 wrote to memory of 2988	1648	saogaa.exe	87
PID 1648 wrote to memory of 2988	1648	saogaa.exe	87
PID 1648 wrote to memory of 2988	1648	saogaa.exe	87
PID 1648 wrote to memory of 2988	1648	saogaa.exe	87
PID 1648 wrote to memory of 2988	1648	saogaa.exe	87
PID 1648 wrote to memory of 2988	1648	saogaa.exe	87
PID 1648 wrote to memory of 2988	1648	saogaa.exe	87
PID 1648 wrote to memory of 2988	1648	saogaa.exe	87
PID 1648 wrote to memory of 2988	1648	saogaa.exe	87
PID 1648 wrote to memory of 2988	1648	saogaa.exe	87
PID 1648 wrote to memory of 2988	1648	saogaa.exe	87
PID 1648 wrote to memory of 2988	1648	saogaa.exe	87
PID 1648 wrote to memory of 2988	1648	saogaa.exe	87
PID 1648 wrote to memory of 2988	1648	saogaa.exe	87
PID 1648 wrote to memory of 2988	1648	saogaa.exe	87
PID 1648 wrote to memory of 2988	1648	saogaa.exe	87
PID 1648 wrote to memory of 2988	1648	saogaa.exe	87
PID 1648 wrote to memory of 2988	1648	saogaa.exe	87
PID 1648 wrote to memory of 2988	1648	saogaa.exe	87
PID 1648 wrote to memory of 2988	1648	saogaa.exe	87
PID 1648 wrote to memory of 2988	1648	saogaa.exe	87
PID 1648 wrote to memory of 2988	1648	saogaa.exe	87
PID 1648 wrote to memory of 2988	1648	saogaa.exe	87
PID 1648 wrote to memory of 2988	1648	saogaa.exe	87
PID 1648 wrote to memory of 2988	1648	saogaa.exe	87
PID 1648 wrote to memory of 2988	1648	saogaa.exe	87
PID 1648 wrote to memory of 2988	1648	saogaa.exe	87
PID 1648 wrote to memory of 2988	1648	saogaa.exe	87
PID 1648 wrote to memory of 2988	1648	saogaa.exe	87
PID 1648 wrote to memory of 2988	1648	saogaa.exe	87
PID 1648 wrote to memory of 2988	1648	saogaa.exe	87
PID 1648 wrote to memory of 2988	1648	saogaa.exe	87
PID 1648 wrote to memory of 2988	1648	saogaa.exe	87
PID 1648 wrote to memory of 2988	1648	saogaa.exe	87
PID 1648 wrote to memory of 2988	1648	saogaa.exe	87
PID 1648 wrote to memory of 2988	1648	saogaa.exe	87
PID 1648 wrote to memory of 2988	1648	saogaa.exe	87
PID 1648 wrote to memory of 2988	1648	saogaa.exe	87
PID 1648 wrote to memory of 2988	1648	saogaa.exe	87
PID 1648 wrote to memory of 2988	1648	saogaa.exe	87
PID 1648 wrote to memory of 2988	1648	saogaa.exe	87
PID 1648 wrote to memory of 2988	1648	saogaa.exe	87
PID 1648 wrote to memory of 2988	1648	saogaa.exe	87
PID 1648 wrote to memory of 2988	1648	saogaa.exe	87
PID 1648 wrote to memory of 2988	1648	saogaa.exe	87
PID 1648 wrote to memory of 2988	1648	saogaa.exe	87
PID 1648 wrote to memory of 2988	1648	saogaa.exe	87
PID 1648 wrote to memory of 2988	1648	saogaa.exe	87

C:\Users\Admin\AppData\Local\Temp\16175ed53b3962d8c14c1ffd5f2482c7_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\16175ed53b3962d8c14c1ffd5f2482c7_JaffaCakes118.exe"
1⤵
- Checks computer location settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2988
- C:\Users\Admin\saogaa.exe
  "C:\Users\Admin\saogaa.exe"
  2⤵
  - Modifies visiblity of hidden/system files in Explorer
  - Executes dropped EXE
  - Adds Run key to start application
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1648

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4500,i,9746875443948590908,1444894342962555245,262144 --variations-seed-version --mojo-platform-channel-handle=4180 /prefetch:8
1⤵
PID:3924

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Hide Artifacts

T1564

Hidden Files and Directories

T1564.001

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\saogaa.exe

Filesize
204KB

MD5
97a40e08cbef39b60c130f7ae93e0ab5

SHA1
8cc7acedf92a964c5e05aced45c870a1c91ef35d

SHA256
da368302f38429c540e50b5d95109ce0ecf5893ef0abbf55a51b408a99154dae

SHA512
1afab58ba24cbb0c2f0b093472f1f4e2785cc1dd3eb33245e5cde5974f308cb59730998524e8b9e84bd99541fa20c4b2e84c4df36c735cebe96a630b04ec1b63

Download Submit