0d0bafc8f1c3a563f60ad72972b9e2c01fd40286920a1be6dce381999d9db9a7

Analysis

max time kernel
34s
max time network
100s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
28/06/2024, 09:44

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

code.vbs
Size

1KB
MD5

c8db0910ef325367970ff1c2b5130701
SHA1

2b0ca564f0103ad0b6bfb52d2c9a1a8965171fc3
SHA256

0d0bafc8f1c3a563f60ad72972b9e2c01fd40286920a1be6dce381999d9db9a7
SHA512

7777856eb1e83c6f1ef3f72e6e9707502aef013cca449ed6e831999ed6cafe31adf6f8e59012ed097867275dff49b619f81baf0dfd7365e5952b873db2642c1f

Score

7^/10

persistence privilege_escalation

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation	WScript.exe

Drops startup file 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\kill.bat	WScript.exe

Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
persistence privilege_escalation

Component Object Model Hijacking
T1546.015

Modifies system executable filetype association 2 TTPs 47 IoCs

persistence

Modify Registry

T1112

Change Default File Association

T1546.001

description	ioc	Process
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\comfile\shellex\DropHandler	reg.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\comfile\shellex	reg.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex\ContextMenuHandlers\PintoStartScreen	reg.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell	reg.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex\DropHandler	reg.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\batfile\shell\edit\command	reg.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\batfile\shell\open	reg.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\batfile\shell\runas	reg.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell\open\command	reg.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell\runas\command	reg.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\CLSID	reg.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\{00021401-0000-0000-C000-000000000046}	reg.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\piffile\shell\open	reg.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\batfile\shell\open\command	reg.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\batfile\shell\print	reg.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\batfile\shellex\ContextMenuHandlers\Compatibility	reg.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\batfile\shellex\DropHandler	reg.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\batfile\shellex\{8895b1c6-b41f-4c1c-a562-0d564250836f}	reg.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\OpenContainingFolderMenu	reg.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\DropHandler	reg.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\batfile\DefaultIcon	reg.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\batfile\shell\runasuser\command	reg.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\batfile\shellex\ContextMenuHandlers	reg.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\exefile\DefaultIcon	reg.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell\runas	reg.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\piffile\shell	reg.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\batfile\shell\edit	reg.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\batfile\shell\runasuser	reg.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\batfile\shell	reg.exe
Key deleted	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\lnkfile\shellex\ContextMenuHandlers	reg.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\piffile\shell\open\command	reg.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex\ContextMenuHandlers\Compatibility	reg.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\tabsets	reg.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\piffile\shellex\IconHandler	reg.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\batfile\shell\print\command	reg.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\batfile\shell\runas\command	reg.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\comfile\shell\open\command	reg.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell\open	reg.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell\runasuser\command	reg.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\comfile\shell	reg.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\IconHandler	reg.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\piffile\shellex\DropHandler	reg.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\comfile\DefaultIcon	reg.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\comfile\shell\open	reg.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell\runasuser	reg.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex\ContextMenuHandlers	reg.exe
Key deleted	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\lnkfile\shellex\ContextMenuHandlers\ FileSyncEx	reg.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 64 IoCs

description	ioc	Process
Key deleted	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\AppX0jr688mrddhm2gsn5y1q8jpx5tfsxk7s	reg.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Record\{18C327E4-E4BA-3C3C-9942-274272626278}	reg.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WMP11.AssocProtocol.DLNA-PLAYSINGLE\shell	reg.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\wordxmlfile\DefaultIcon	reg.exe
Key deleted	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBB}\InprocServer32	reg.exe
Key deleted	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBB}\InprocServer32	reg.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7964B769-234A-4BB1-A5F4-90454C8AD07E}\ProxyStubClsid32	reg.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\Directory.Audio\shellex\ContextMenuHandlers	reg.exe
Key deleted	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0200-ABCDEFFEDCBB}\InprocServer32	reg.exe
Key deleted	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\CLSID\{CAFEEFAC-0018-0000-0119-ABCDEFFEDCBA}	reg.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{305106CA-98B5-11CF-BB82-00AA00BDCE0B}	reg.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EC231970-6AFD-4215-A72E-97242BB08680}\InProcServer32	reg.exe
Key deleted	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Extensions\ContractId\Windows.BackgroundTasks\PackageId\MicrosoftWindows.Client.CBS_120.2212.3920.0_x64__cw5n1h2txyewy\ActivatableClassId\InputApp.AppXn13vw841fjq94wg9r9zev7nkh4fzvrqr.mc	reg.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\AppUserModelId\Windows.SystemToast.Messaging.SystemAlertNotification	reg.exe
Key deleted	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\CLSID\{CAFEEFAC-0018-0000-0221-ABCDEFFEDCBA}\InprocServer32	reg.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9CA277DB-FE42-53B1-AE3B-098E51FA6A9B}	reg.exe
Key deleted	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\AppX3cx04417ybaf9kz7fem54fc937697n6k\DefaultIcon	reg.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.VS.VC_RuntimeAdditionalVSU_x86,v11\Dependents	reg.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Record\{C6A5ADB2-C1A4-3E03-841E-5594B7B046F1}\15.0.0.0	reg.exe
Key deleted	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0035-ABCDEFFEDCBA}	reg.exe
Key deleted	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBB}\InprocServer32	reg.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{00000023-0000-0010-8000-00AA006D2EA4}\TypeLib	reg.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{00020948-0000-0000-C000-000000000046}	reg.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{aa4a8700-9943-59a3-8647-d373fd5e0e2b}\ProxyStubClsid32	reg.exe
Key deleted	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Extensions\ContractId\Windows.BackgroundTasks\PackageId\Microsoft.LockApp_10.0.19041.1023_neutral__cw5n1h2txyewy\ActivatableClassId\Windows.Networking.BackgroundTransfer.Internal.Network	reg.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F2B60A10-DED5-46FB-A914-3C6F4EBB6451}	reg.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\VLC.flac\shell\PlayWithVLC\command	reg.exe
Key deleted	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\ActivatableClasses\Package\Microsoft.Windows.CallingShellApp_1000.19041.1023.0_neutral_neutral_cw5n1h2txyewy	reg.exe
Key deleted	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0020-ABCDEFFEDCBB}\InprocServer32	reg.exe
Key deleted	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC}	reg.exe
Key deleted	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0216-ABCDEFFEDCBB}	reg.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Charset\Big5	reg.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\VLC.s3m\shell\AddToPlaylistVLC	reg.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\.drf\ShellEx\{e357fccd-a995-4576-b01f-234630154e96}	reg.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{787A2D6B-EF66-488D-A303-513C9C75C344}\Version	reg.exe
Key deleted	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0053-ABCDEFFEDCBB}	reg.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Excel.Sheet.12\shell	reg.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{000209FE-0000-0000-C000-000000000046}\VersionIndependentProgID	reg.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\.cur\PersistentHandler	reg.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3D0FD779-0C2D-4708-A9BA-62F7458A5A53}	reg.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.sldx	reg.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{EA544A21-C82D-11D1-A3E4-00A0C90AEA82}\6.0	reg.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00020907-0000-0000-C000-000000000046}\DataFormats\GetSet	reg.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B722BCC7-4E68-101B-A2BC-00AA00404770}\ProxyStubClsid32	reg.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\odc.table\CurVer	reg.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{000C03CD-0000-0000-C000-000000000046}\ProxyStubClsid32	reg.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{112756A1-3F04-4CCD-BFD6-ACB4BCA614C9}\ProxyStubClsid32	reg.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5B5EEC44-51AA-4210-B84F-1938B8576D8D}	reg.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\mp3file\shellex	reg.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\VLC.ogv\shell\AddToPlaylistVLC	reg.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Record\{2332F625-5996-3534-94B7-8CDA760A3314}	reg.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\.symlink\shellex\IconHandler	reg.exe
Key deleted	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0161-ABCDEFFEDCBC}	reg.exe
Key deleted	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\CLSID\{CAFEEFAC-0018-0000-0209-ABCDEFFEDCBB}\InprocServer32	reg.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\.inl	reg.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\.sr2\ShellEx\{e357fccd-a995-4576-b01f-234630154e96}	reg.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\AdobeAcrobat.OpenDocuments.3	reg.exe
Key deleted	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0078-ABCDEFFEDCBA}	reg.exe
Key deleted	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}	reg.exe
Key deleted	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0203-ABCDEFFEDCBA}	reg.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F88D07EA-D815-4DD1-A234-4520CE4604A4}	reg.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\msstylesfile	reg.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Record\{458C4ACC-B973-3A1A-8E72-F3361D5D9F55}\15.0.0.0	reg.exe
Key deleted	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0033-ABCDEFFEDCBA}	reg.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
3700	NOTEPAD.EXE

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 632 wrote to memory of 3700	632	WScript.exe	83
PID 632 wrote to memory of 3700	632	WScript.exe	83
PID 632 wrote to memory of 4012	632	WScript.exe	90
PID 632 wrote to memory of 4012	632	WScript.exe	90
PID 4028 wrote to memory of 228	4028	cmd.exe	97
PID 4028 wrote to memory of 228	4028	cmd.exe	97

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\code.vbs"
1⤵
- Checks computer location settings
- Drops startup file
- Suspicious use of WriteProcessMemory
PID:632
- C:\Windows\system32\NOTEPAD.EXE
  "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\NOTEHERE.txt
  2⤵
  - Opens file in notepad (likely ransom note)
  PID:3700
- C:\Windows\explorer.exe
  "C:\Windows\explorer.exe"
  2⤵
  PID:4012

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2540

C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\kill.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:4028
- C:\Windows\system32\reg.exe
  reg delete HKCR /f
  2⤵
  - Modifies system executable filetype association
  - Modifies registry class
  PID:228

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Change Default File Association

T1546.001

Component Object Model Hijacking

T1546.015

Privilege Escalation

Event Triggered Execution

T1546

Change Default File Association

T1546.001

Component Object Model Hijacking

T1546.015

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\kill.bat

Filesize
20B

MD5
9c3ef676bdaa506989278258d04b9bce

SHA1
bd8db4701f777e0b78aa2173d4a1270baa6e543f

SHA256
b9cba898cb7c03476da4b0eab23ee0540cea35cdad2a4469adfacc6d0c5bbebd

SHA512
34eabd625b9d11b10c1b55e42312e5ea10cc4ae292df9bc4b87c8f5740c5fe019b826f335c4a7934540610be95169a00ad338cfcccda6b8f263ce47bdf5dc527

Download Submit
C:\Users\Admin\Desktop\NOTEHERE.txt

Filesize
44B

MD5
9e7cd7c706e24d89a098713bda2ff52b

SHA1
ae5129be07fa9677b3e4c061cd9b1f13bc845920

SHA256
b6f67920cfcefee9c4d113cc74e3d111a48fbe2f8643fbe42f67a16c077a3be8

SHA512
588a23bc60e8dc0cdc4e07ac4cd5c1932b079b548a8e2561a3ab778423234cb4ec310c5a3cd11742e78837d653d51effaad89ea473cd3bccfbc7384e43cd23ae

Download Submit
C:\Users\Admin\Desktop\desktop.enc

Filesize
51B

MD5
485e50795d7a48d060b4f5a17a467278

SHA1
c38adc10ce5699e212cffb4f719d9c489073ec1a

SHA256
a74f37ca88daf16d63ae8e06a15fc4b7433a2e388e418290c6dbdc121c7ba91c

SHA512
e6bc3ce356e77aac3872e5dc501db6ae255019e0a70f8bf6cb557983b3e5d2f37d1ced3facdf7839802f6f765cdb0b22c969139b5d4df22503053a7fe3f0ced3

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads