651dbcca5436b159a5fb1fcff4f769a91280e194bd091b8bb6e284db94858814

Analysis

max time kernel
148s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
28/06/2024, 00:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

182860c0c418baa8f0d94b68459ae384_JaffaCakes118.exe
Size

268KB
MD5

182860c0c418baa8f0d94b68459ae384
SHA1

ada260ac8ce34358527c05e91c1029b7f55aa737
SHA256

651dbcca5436b159a5fb1fcff4f769a91280e194bd091b8bb6e284db94858814
SHA512

9c64290fd43c8ffc7a720b01b0715b23d924625171216b96855b3b5034b57ace8f9cadb037d2552128eccff1175f03c4d78384d72902ced26182e2f7a5388b84
SSDEEP

6144:amwd6zy40hYcUQ9gVLPxOzHu7HyZpmCFY3QFkp7Vxt:at6zoDqVLwbuzy3Y3fp7F

Score

10^/10

evasion upx

Malware Config

Signatures

Modifies firewall policy service 3 TTPs 10 IoCs

evasion

Modify Registry

T1112

Windows Service

T1543.003

Disable or Modify System Firewall

T1562.004

description	ioc	Process
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List	reg.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\Users\Admin\AppData\Roaming\svchost.exe = "C:\\Users\\Admin\\AppData\\Roaming\\svchost.exe:*:Enabled:Windows Messanger"	reg.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List	reg.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\Users\Admin\AppData\Roaming\svhost.exe = "C:\\Users\\Admin\\AppData\\Roaming\\svhost.exe:*:Enabled:Windows Messanger"	reg.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile	reg.exe
Set value (int)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\DoNotAllowExceptions = "0"	reg.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile	reg.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications	reg.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile	reg.exe
Set value (int)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\DoNotAllowExceptions = "0"	reg.exe

Drops startup file 2 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\182860c0c418baa8f0d94b68459ae384_JaffaCakes118.exe	182860c0c418baa8f0d94b68459ae384_JaffaCakes118.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\182860c0c418baa8f0d94b68459ae384_JaffaCakes118.exe	182860c0c418baa8f0d94b68459ae384_JaffaCakes118.exe

Executes dropped EXE 1 IoCs

pid	Process
1916	svchost.exe

UPX packed file 20 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1916-20-0x0000000000400000-0x000000000045C000-memory.dmp	upx
behavioral2/memory/1916-26-0x0000000000400000-0x000000000045C000-memory.dmp	upx
behavioral2/memory/1916-25-0x0000000000400000-0x000000000045C000-memory.dmp	upx
behavioral2/memory/1916-33-0x0000000000400000-0x000000000045C000-memory.dmp	upx
behavioral2/memory/1916-32-0x0000000000400000-0x000000000045C000-memory.dmp	upx
behavioral2/memory/1916-35-0x0000000000400000-0x000000000045C000-memory.dmp	upx
behavioral2/memory/1916-36-0x0000000000400000-0x000000000045C000-memory.dmp	upx
behavioral2/memory/1916-41-0x0000000000400000-0x000000000045C000-memory.dmp	upx
behavioral2/memory/1916-45-0x0000000000400000-0x000000000045C000-memory.dmp	upx
behavioral2/memory/1916-48-0x0000000000400000-0x000000000045C000-memory.dmp	upx
behavioral2/memory/1916-51-0x0000000000400000-0x000000000045C000-memory.dmp	upx
behavioral2/memory/1916-54-0x0000000000400000-0x000000000045C000-memory.dmp	upx
behavioral2/memory/1916-57-0x0000000000400000-0x000000000045C000-memory.dmp	upx
behavioral2/memory/1916-60-0x0000000000400000-0x000000000045C000-memory.dmp	upx
behavioral2/memory/1916-63-0x0000000000400000-0x000000000045C000-memory.dmp	upx
behavioral2/memory/1916-66-0x0000000000400000-0x000000000045C000-memory.dmp	upx
behavioral2/memory/1916-69-0x0000000000400000-0x000000000045C000-memory.dmp	upx
behavioral2/memory/1916-72-0x0000000000400000-0x000000000045C000-memory.dmp	upx
behavioral2/memory/1916-75-0x0000000000400000-0x000000000045C000-memory.dmp	upx
behavioral2/memory/1916-78-0x0000000000400000-0x000000000045C000-memory.dmp	upx

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2484 set thread context of 1916	2484	182860c0c418baa8f0d94b68459ae384_JaffaCakes118.exe	86

Modifies registry key 1 TTPs 4 IoCs

Modify Registry

T1112

pid	Process
4764	reg.exe
3956	reg.exe
4868	reg.exe
1028	reg.exe

Suspicious use of AdjustPrivilegeToken 36 IoCs

description	pid	Process
Token: 1	1916	svchost.exe
Token: SeCreateTokenPrivilege	1916	svchost.exe
Token: SeAssignPrimaryTokenPrivilege	1916	svchost.exe
Token: SeLockMemoryPrivilege	1916	svchost.exe
Token: SeIncreaseQuotaPrivilege	1916	svchost.exe
Token: SeMachineAccountPrivilege	1916	svchost.exe
Token: SeTcbPrivilege	1916	svchost.exe
Token: SeSecurityPrivilege	1916	svchost.exe
Token: SeTakeOwnershipPrivilege	1916	svchost.exe
Token: SeLoadDriverPrivilege	1916	svchost.exe
Token: SeSystemProfilePrivilege	1916	svchost.exe
Token: SeSystemtimePrivilege	1916	svchost.exe
Token: SeProfSingleProcessPrivilege	1916	svchost.exe
Token: SeIncBasePriorityPrivilege	1916	svchost.exe
Token: SeCreatePagefilePrivilege	1916	svchost.exe
Token: SeCreatePermanentPrivilege	1916	svchost.exe
Token: SeBackupPrivilege	1916	svchost.exe
Token: SeRestorePrivilege	1916	svchost.exe
Token: SeShutdownPrivilege	1916	svchost.exe
Token: SeDebugPrivilege	1916	svchost.exe
Token: SeAuditPrivilege	1916	svchost.exe
Token: SeSystemEnvironmentPrivilege	1916	svchost.exe
Token: SeChangeNotifyPrivilege	1916	svchost.exe
Token: SeRemoteShutdownPrivilege	1916	svchost.exe
Token: SeUndockPrivilege	1916	svchost.exe
Token: SeSyncAgentPrivilege	1916	svchost.exe
Token: SeEnableDelegationPrivilege	1916	svchost.exe
Token: SeManageVolumePrivilege	1916	svchost.exe
Token: SeImpersonatePrivilege	1916	svchost.exe
Token: SeCreateGlobalPrivilege	1916	svchost.exe
Token: 31	1916	svchost.exe
Token: 32	1916	svchost.exe
Token: 33	1916	svchost.exe
Token: 34	1916	svchost.exe
Token: 35	1916	svchost.exe
Token: SeDebugPrivilege	1916	svchost.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
1916	svchost.exe
1916	svchost.exe
1916	svchost.exe

Suspicious use of WriteProcessMemory 38 IoCs

description	pid	Process	procid_target
PID 2484 wrote to memory of 4184	2484	182860c0c418baa8f0d94b68459ae384_JaffaCakes118.exe	82
PID 2484 wrote to memory of 4184	2484	182860c0c418baa8f0d94b68459ae384_JaffaCakes118.exe	82
PID 2484 wrote to memory of 4184	2484	182860c0c418baa8f0d94b68459ae384_JaffaCakes118.exe	82
PID 4184 wrote to memory of 2384	4184	csc.exe	85
PID 4184 wrote to memory of 2384	4184	csc.exe	85
PID 4184 wrote to memory of 2384	4184	csc.exe	85
PID 2484 wrote to memory of 1916	2484	182860c0c418baa8f0d94b68459ae384_JaffaCakes118.exe	86
PID 2484 wrote to memory of 1916	2484	182860c0c418baa8f0d94b68459ae384_JaffaCakes118.exe	86
PID 2484 wrote to memory of 1916	2484	182860c0c418baa8f0d94b68459ae384_JaffaCakes118.exe	86
PID 2484 wrote to memory of 1916	2484	182860c0c418baa8f0d94b68459ae384_JaffaCakes118.exe	86
PID 2484 wrote to memory of 1916	2484	182860c0c418baa8f0d94b68459ae384_JaffaCakes118.exe	86
PID 2484 wrote to memory of 1916	2484	182860c0c418baa8f0d94b68459ae384_JaffaCakes118.exe	86
PID 2484 wrote to memory of 1916	2484	182860c0c418baa8f0d94b68459ae384_JaffaCakes118.exe	86
PID 2484 wrote to memory of 1916	2484	182860c0c418baa8f0d94b68459ae384_JaffaCakes118.exe	86
PID 1916 wrote to memory of 464	1916	svchost.exe	88
PID 1916 wrote to memory of 464	1916	svchost.exe	88
PID 1916 wrote to memory of 464	1916	svchost.exe	88
PID 1916 wrote to memory of 4828	1916	svchost.exe	89
PID 1916 wrote to memory of 4828	1916	svchost.exe	89
PID 1916 wrote to memory of 4828	1916	svchost.exe	89
PID 1916 wrote to memory of 2148	1916	svchost.exe	90
PID 1916 wrote to memory of 2148	1916	svchost.exe	90
PID 1916 wrote to memory of 2148	1916	svchost.exe	90
PID 1916 wrote to memory of 5000	1916	svchost.exe	91
PID 1916 wrote to memory of 5000	1916	svchost.exe	91
PID 1916 wrote to memory of 5000	1916	svchost.exe	91
PID 2148 wrote to memory of 1028	2148	cmd.exe	96
PID 2148 wrote to memory of 1028	2148	cmd.exe	96
PID 2148 wrote to memory of 1028	2148	cmd.exe	96
PID 4828 wrote to memory of 4764	4828	cmd.exe	97
PID 4828 wrote to memory of 4764	4828	cmd.exe	97
PID 4828 wrote to memory of 4764	4828	cmd.exe	97
PID 5000 wrote to memory of 3956	5000	cmd.exe	98
PID 5000 wrote to memory of 3956	5000	cmd.exe	98
PID 5000 wrote to memory of 3956	5000	cmd.exe	98
PID 464 wrote to memory of 4868	464	cmd.exe	99
PID 464 wrote to memory of 4868	464	cmd.exe	99
PID 464 wrote to memory of 4868	464	cmd.exe	99

C:\Users\Admin\AppData\Local\Temp\182860c0c418baa8f0d94b68459ae384_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\182860c0c418baa8f0d94b68459ae384_JaffaCakes118.exe"
1⤵
- Drops startup file
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2484
- C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe
  "C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\ilapjfaq.cmdline"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4184
- - C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
    C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES3CAC.tmp" "c:\Users\Admin\AppData\Local\Temp\CSC3CAB.tmp"
    3⤵
    PID:2384
- C:\Users\Admin\AppData\Roaming\svchost.exe
  C:\Users\Admin\AppData\Roaming\svchost.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1916
- - C:\Windows\SysWOW64\cmd.exe
    cmd /c REG ADD HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile /v "DoNotAllowExceptions" /t REG_DWORD /d "0" /f
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:464
  - - C:\Windows\SysWOW64\reg.exe
      REG ADD HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile /v "DoNotAllowExceptions" /t REG_DWORD /d "0" /f
      4⤵
      Modifies firewall policy service
      Modifies registry key
      PID:4868
- - C:\Windows\SysWOW64\cmd.exe
    cmd /c REG ADD HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List /v "C:\Users\Admin\AppData\Roaming\svchost.exe" /t REG_SZ /d "C:\Users\Admin\AppData\Roaming\svchost.exe:*:Enabled:Windows Messanger" /f
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:4828
  - - C:\Windows\SysWOW64\reg.exe
      REG ADD HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List /v "C:\Users\Admin\AppData\Roaming\svchost.exe" /t REG_SZ /d "C:\Users\Admin\AppData\Roaming\svchost.exe:*:Enabled:Windows Messanger" /f
      4⤵
      Modifies firewall policy service
      Modifies registry key
      PID:4764
- - C:\Windows\SysWOW64\cmd.exe
    cmd /c REG ADD HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile /v "DoNotAllowExceptions" /t REG_DWORD /d "0" /f
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:2148
  - - C:\Windows\SysWOW64\reg.exe
      REG ADD HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile /v "DoNotAllowExceptions" /t REG_DWORD /d "0" /f
      4⤵
      Modifies firewall policy service
      Modifies registry key
      PID:1028
- - C:\Windows\SysWOW64\cmd.exe
    cmd /c REG ADD HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List /v "C:\Users\Admin\AppData\Roaming\svhost.exe" /t REG_SZ /d "C:\Users\Admin\AppData\Roaming\svhost.exe:*:Enabled:Windows Messanger" /f
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:5000
  - - C:\Windows\SysWOW64\reg.exe
      REG ADD HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List /v "C:\Users\Admin\AppData\Roaming\svhost.exe" /t REG_SZ /d "C:\Users\Admin\AppData\Roaming\svhost.exe:*:Enabled:Windows Messanger" /f
      4⤵
      Modifies firewall policy service
      Modifies registry key
      PID:3956

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

T1543

Windows Service

T1543.003

Privilege Escalation

Create or Modify System Process

T1543

Windows Service

T1543.003

Defense Evasion

Impair Defenses

T1562

Disable or Modify System Firewall

T1562.004

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\RES3CAC.tmp

Filesize
1KB

MD5
58302dcdbac2fd8cc35f02382c09afb8

SHA1
16cdf84e5dd26290a3b88a783613ddcd39a465c3

SHA256
a5197172a03ef3f8e83c61048ff859373b6f11e4d92aefb9017d2bd2f9817246

SHA512
00fd3419ec66868b131118069ac6a80c0e0ac2a2a151e5b822c2598113517d06907865061f99b5b9151f1f4fd59b19213e8c88aeef1425f508de4a0c9db2f097

Download Submit
C:\Users\Admin\AppData\Local\Temp\ilapjfaq.dll

Filesize
5KB

MD5
48c7153dd0d7d1149d5e70b2ac3f64b7

SHA1
d1ca4af5b6a02bb4c38070c1c0303263aae2ce13

SHA256
0f7ca58c34e05c699747f9f6ee0a37e429ff6af9cc3742c6395c18bd8550153f

SHA512
9ed35adb575fb362e67f63ac3f3ca842a6af52095aad9af208182b96b7885b6045b745318ca0b1d06d4e2335e7a33da54926fde01fbd0335dc48e81557a12192

Download Submit
C:\Users\Admin\AppData\Roaming\svchost.exe

Filesize
12KB

MD5
e2a4c443e3afda26f532f978f5b4d031

SHA1
59348c67332d1dd5a16a79f89151b42f94869928

SHA256
15a36c3a7a2e53441919ed584719211df9fc3bb76725274ef1ea120b1564602a

SHA512
0d0821e7b407aeaa0b2f2aff8df96756d3e279937d2d1cee8a64cc360dbbfa2f7e5add8477de58fe5bd4b8778492dbecd6d3bb68405b34c1596369c38ab663ab

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\CSC3CAB.tmp

Filesize
652B

MD5
7612360f817c80cc259e9430052091d5

SHA1
82c5139fad33e1c64cf4652f8c90316d00a38504

SHA256
35049915e3c71de8eee67961948751f86ef489bf865eb120249069aaa1de44ff

SHA512
938dd3c2a48ac02e664bdaae827ffe1b81cd9fb53d5f3ff9b7711759dee4b7feb9cea5c24ef6a42e7e0073add126dbe8954ac0e3aeb3d97b76658944e0b5a8e5

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\ilapjfaq.0.cs

Filesize
4KB

MD5
2216d197bc442e875016eba15c07a937

SHA1
37528e21ea3271b85d276c6bd003e6c60c81545d

SHA256
2e9e3da7bfa1334706550bb4d6269bf3e64cbbc09fa349af52eb22f32aebb4af

SHA512
7d7bdc3bf83ac0a29e917ead899dcaa1b47ee2660f405fe4883ca2a2546f7924265e1d75a2ea02c0e34fac4d2bb82bbaaa88d06c240afad4e9fd49337cd04d3f

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\ilapjfaq.cmdline

Filesize
206B

MD5
caf7b9ca15e9ba4a5a8ea8cca843a5c6

SHA1
813459187f34032ff18ea02ad0ee8b8733596509

SHA256
cb354ecdd2d39e4fd01970587be7069a3713f7553f3476cd19fc1153f359dd84

SHA512
52b873bfb6cf4bcf161b50a648e860d47aed7d78f5a0b65b216368aa86ce36c8764acd3b9a6c00dcf6ecb53d3dc2bc21f691b8ef5eab7e756fbc7b4f51b21bdf

Download Submit
memory/1916-54-0x0000000000400000-0x000000000045C000-memory.dmp

Filesize
368KB

Download
memory/1916-57-0x0000000000400000-0x000000000045C000-memory.dmp

Filesize
368KB

Download
memory/1916-78-0x0000000000400000-0x000000000045C000-memory.dmp

Filesize
368KB

Download
memory/1916-75-0x0000000000400000-0x000000000045C000-memory.dmp

Filesize
368KB

Download
memory/1916-72-0x0000000000400000-0x000000000045C000-memory.dmp

Filesize
368KB

Download
memory/1916-20-0x0000000000400000-0x000000000045C000-memory.dmp

Filesize
368KB

Download
memory/1916-26-0x0000000000400000-0x000000000045C000-memory.dmp

Filesize
368KB

Download
memory/1916-25-0x0000000000400000-0x000000000045C000-memory.dmp

Filesize
368KB

Download
memory/1916-33-0x0000000000400000-0x000000000045C000-memory.dmp

Filesize
368KB

Download
memory/1916-32-0x0000000000400000-0x000000000045C000-memory.dmp

Filesize
368KB

Download
memory/1916-35-0x0000000000400000-0x000000000045C000-memory.dmp

Filesize
368KB

Download
memory/1916-36-0x0000000000400000-0x000000000045C000-memory.dmp

Filesize
368KB

Download
memory/1916-69-0x0000000000400000-0x000000000045C000-memory.dmp

Filesize
368KB

Download
memory/1916-66-0x0000000000400000-0x000000000045C000-memory.dmp

Filesize
368KB

Download
memory/1916-41-0x0000000000400000-0x000000000045C000-memory.dmp

Filesize
368KB

Download
memory/1916-45-0x0000000000400000-0x000000000045C000-memory.dmp

Filesize
368KB

Download
memory/1916-48-0x0000000000400000-0x000000000045C000-memory.dmp

Filesize
368KB

Download
memory/1916-51-0x0000000000400000-0x000000000045C000-memory.dmp

Filesize
368KB

Download
memory/1916-63-0x0000000000400000-0x000000000045C000-memory.dmp

Filesize
368KB

Download
memory/1916-60-0x0000000000400000-0x000000000045C000-memory.dmp

Filesize
368KB

Download
memory/2484-0-0x0000000075392000-0x0000000075393000-memory.dmp

Filesize
4KB

Download
memory/2484-40-0x0000000075390000-0x0000000075941000-memory.dmp

Filesize
5.7MB

Download
memory/2484-39-0x0000000075392000-0x0000000075393000-memory.dmp

Filesize
4KB

Download
memory/2484-1-0x0000000075390000-0x0000000075941000-memory.dmp

Filesize
5.7MB

Download
memory/2484-2-0x0000000075390000-0x0000000075941000-memory.dmp

Filesize
5.7MB

Download
memory/4184-9-0x0000000075390000-0x0000000075941000-memory.dmp

Filesize
5.7MB

Download
memory/4184-16-0x0000000075390000-0x0000000075941000-memory.dmp

Filesize
5.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads