e2bb4a19cbb031a01ce5b97fe3398dcad225263e496fe8cea877c1e8ccacdeda

Analysis

max time kernel
93s
max time network
102s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
06/07/2024, 13:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

286125dc0918fc98066b4b04c40f8729_JaffaCakes118.exe
Size

151KB
MD5

286125dc0918fc98066b4b04c40f8729
SHA1

95fe192d2711b313d008cb9a9e9f37ed4613fad7
SHA256

e2bb4a19cbb031a01ce5b97fe3398dcad225263e496fe8cea877c1e8ccacdeda
SHA512

eae0924adf5ee1c2326a02f980294f7e59854dcdf13cfc64d6c861abd20b6f02000b203edebad8adb29cd159f7785367ef7ec906dc247df52e312f5ef11cdaa9
SSDEEP

3072:ygodDmJ2tYd6levEBHBOT3mmIvzeg0NUubWQwg2wEqfshsFCT1/Tzo91rgUHgFKr:5iDmJKiO3JWUubX92Uqaq/TzoTPAEr

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 3 IoCs

pid	Process
1296	e.exe
3420	ig.exe
1660	msngserv.exe

Loads dropped DLL 3 IoCs

pid	Process
2476	286125dc0918fc98066b4b04c40f8729_JaffaCakes118.exe
3420	ig.exe
3420	ig.exe

Drops file in Program Files directory 16 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Winks Instalador\mswinsck.ocx	286125dc0918fc98066b4b04c40f8729_JaffaCakes118.exe
File created	C:\Program Files (x86)\Winks Instalador\mswinsck.ocx	286125dc0918fc98066b4b04c40f8729_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Winks Instalador\Licencia.txt	286125dc0918fc98066b4b04c40f8729_JaffaCakes118.exe
File created	C:\Program Files (x86)\Winks Instalador\msngserv.exe	286125dc0918fc98066b4b04c40f8729_JaffaCakes118.exe
File created	C:\Program Files (x86)\Winks Instalador\e.exe	286125dc0918fc98066b4b04c40f8729_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Winks Instalador\ig.exe	286125dc0918fc98066b4b04c40f8729_JaffaCakes118.exe
File created	C:\Program Files (x86)\Winks Instalador\Licencia.txt	286125dc0918fc98066b4b04c40f8729_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Winks Instalador\1.mco	286125dc0918fc98066b4b04c40f8729_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Winks Instalador\e.exe	286125dc0918fc98066b4b04c40f8729_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Winks Instalador\Thumbs.db	286125dc0918fc98066b4b04c40f8729_JaffaCakes118.exe
File created	C:\Program Files (x86)\Winks Instalador\Thumbs.db	286125dc0918fc98066b4b04c40f8729_JaffaCakes118.exe
File created	C:\Program Files (x86)\Winks Instalador\ig.exe	286125dc0918fc98066b4b04c40f8729_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Winks Instalador\msngserv.exe	286125dc0918fc98066b4b04c40f8729_JaffaCakes118.exe
File created	C:\Program Files (x86)\Winks Instalador\MSNContentCA.cer	286125dc0918fc98066b4b04c40f8729_JaffaCakes118.exe
File created	C:\Program Files (x86)\Winks Instalador\1.mco	286125dc0918fc98066b4b04c40f8729_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Winks Instalador\MSNContentCA.cer	286125dc0918fc98066b4b04c40f8729_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Software\Microsoft\Internet Explorer\Main	msngserv.exe

Modifies Internet Explorer start page 1 TTPs 1 IoCs

stealer

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page = "about-blank.bz"	msngserv.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{248DD893-BB45-11CF-9ABC-0080C7E7B78D}	ig.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{248DD893-BB45-11CF-9ABC-0080C7E7B78D}\TypeLib\ = "{248DD890-BB45-11CF-9ABC-0080C7E7B78D}"	ig.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{248DD896-BB45-11CF-9ABC-0080C7E7B78D}\MiscStatus\1	ig.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{248DD896-BB45-11CF-9ABC-0080C7E7B78D}\ToolboxBitmap32\ = "C:\\PROGRA~2\\WINKSI~1\\MSWINSCK.OCX, 1"	ig.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{248DD892-BB45-11CF-9ABC-0080C7E7B78D}\TypeLib\Version = "1.0"	ig.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{248DD892-BB45-11CF-9ABC-0080C7E7B78D}\TypeLib\Version = "1.0"	ig.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{248DD896-BB45-11CF-9ABC-0080C7E7B78D}\InprocServer32	ig.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MSWinsock.Winsock\CurVer	ig.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{248DD896-BB45-11CF-9ABC-0080C7E7B78D}\MiscStatus	ig.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{248DD890-BB45-11CF-9ABC-0080C7E7B78D}\1.0\0	ig.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{248DD892-BB45-11CF-9ABC-0080C7E7B78D}\ = "IMSWinsockControl"	ig.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{248DD892-BB45-11CF-9ABC-0080C7E7B78D}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	ig.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{248DD893-BB45-11CF-9ABC-0080C7E7B78D}\ = "DMSWinsockControlEvents"	ig.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{248DD893-BB45-11CF-9ABC-0080C7E7B78D}\TypeLib\Version = "1.0"	ig.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{248DD896-BB45-11CF-9ABC-0080C7E7B78D}\Control	ig.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{248DD896-BB45-11CF-9ABC-0080C7E7B78D}\MiscStatus\1\ = "132497"	ig.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{248DD890-BB45-11CF-9ABC-0080C7E7B78D}\1.0\FLAGS	ig.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{248DD896-BB45-11CF-9ABC-0080C7E7B78D}\Version	ig.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{248DD896-BB45-11CF-9ABC-0080C7E7B78D}\Implemented Categories\{40FC6ED4-2438-11CF-A3DB-080036F12502}	ig.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{248DD896-BB45-11CF-9ABC-0080C7E7B78D}\Implemented Categories\{0DE86A53-2BAA-11CF-A229-00AA003D7352}	ig.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{248DD892-BB45-11CF-9ABC-0080C7E7B78D}\ = "IMSWinsockControl"	ig.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{248DD896-BB45-11CF-9ABC-0080C7E7B78D}	ig.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{248DD896-BB45-11CF-9ABC-0080C7E7B78D}\InprocServer32\ = "C:\\PROGRA~2\\WINKSI~1\\MSWINSCK.OCX"	ig.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{248DD896-BB45-11CF-9ABC-0080C7E7B78D}\VersionIndependentProgID	ig.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{248DD893-BB45-11CF-9ABC-0080C7E7B78D}\ProxyStubClsid32	ig.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{248DD893-BB45-11CF-9ABC-0080C7E7B78D}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}"	ig.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{248DD896-BB45-11CF-9ABC-0080C7E7B78D}\ToolboxBitmap32	ig.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{248DD897-BB45-11CF-9ABC-0080C7E7B78D}	ig.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{248DD897-BB45-11CF-9ABC-0080C7E7B78D}\InprocServer32	ig.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{248DD890-BB45-11CF-9ABC-0080C7E7B78D}	ig.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{248DD892-BB45-11CF-9ABC-0080C7E7B78D}\TypeLib	ig.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{248DD893-BB45-11CF-9ABC-0080C7E7B78D}\TypeLib\Version = "1.0"	ig.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{248DD896-BB45-11CF-9ABC-0080C7E7B78D}\ = "Microsoft WinSock Control, version 6.0"	ig.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MSWinsock.Winsock	ig.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{248DD897-BB45-11CF-9ABC-0080C7E7B78D}\InprocServer32\ = "C:\\PROGRA~2\\WINKSI~1\\MSWINSCK.OCX"	ig.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{248DD892-BB45-11CF-9ABC-0080C7E7B78D}\TypeLib\ = "{248DD890-BB45-11CF-9ABC-0080C7E7B78D}"	ig.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{248DD896-BB45-11CF-9ABC-0080C7E7B78D}\Programmable	ig.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{248DD890-BB45-11CF-9ABC-0080C7E7B78D}\1.0\HELPDIR	ig.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{248DD892-BB45-11CF-9ABC-0080C7E7B78D}\TypeLib	ig.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{248DD892-BB45-11CF-9ABC-0080C7E7B78D}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	ig.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{248DD893-BB45-11CF-9ABC-0080C7E7B78D}\ProxyStubClsid32	ig.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{248DD896-BB45-11CF-9ABC-0080C7E7B78D}	ig.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{248DD896-BB45-11CF-9ABC-0080C7E7B78D}\InprocServer32\ThreadingModel = "Apartment"	ig.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{248DD896-BB45-11CF-9ABC-0080C7E7B78D}\Implemented Categories	ig.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{248DD893-BB45-11CF-9ABC-0080C7E7B78D}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}"	ig.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{248DD893-BB45-11CF-9ABC-0080C7E7B78D}\TypeLib\ = "{248DD890-BB45-11CF-9ABC-0080C7E7B78D}"	ig.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{248DD890-BB45-11CF-9ABC-0080C7E7B78D}\1.0\HELPDIR\	ig.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{248DD893-BB45-11CF-9ABC-0080C7E7B78D}	ig.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{248DD893-BB45-11CF-9ABC-0080C7E7B78D}\ = "DMSWinsockControlEvents"	ig.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{248DD897-BB45-11CF-9ABC-0080C7E7B78D}\ = "Winsock General Property Page Object"	ig.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{248DD892-BB45-11CF-9ABC-0080C7E7B78D}\TypeLib\ = "{248DD890-BB45-11CF-9ABC-0080C7E7B78D}"	ig.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{248DD896-BB45-11CF-9ABC-0080C7E7B78D}\ProgID	ig.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{248DD896-BB45-11CF-9ABC-0080C7E7B78D}\ProgID\ = "MSWinsock.Winsock.1"	ig.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{248DD896-BB45-11CF-9ABC-0080C7E7B78D}\TypeLib	ig.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MSWinsock.Winsock\CLSID	ig.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{248DD890-BB45-11CF-9ABC-0080C7E7B78D}\1.0\FLAGS\ = "2"	ig.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{248DD892-BB45-11CF-9ABC-0080C7E7B78D}	ig.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{248DD893-BB45-11CF-9ABC-0080C7E7B78D}\TypeLib	ig.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MSWinsock.Winsock\ = "Microsoft WinSock Control, version 6.0"	ig.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MSWinsock.Winsock.1	ig.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{248DD890-BB45-11CF-9ABC-0080C7E7B78D}\1.0\0\win32	ig.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{248DD896-BB45-11CF-9ABC-0080C7E7B78D}\Implemented Categories\{0DE86A57-2BAA-11CF-A229-00AA003D7352}	ig.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{248DD897-BB45-11CF-9ABC-0080C7E7B78D}	ig.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{248DD890-BB45-11CF-9ABC-0080C7E7B78D}\1.0\0\win32\ = "C:\\PROGRA~2\\WINKSI~1\\MSWINSCK.OCX"	ig.exe

Modifies registry key 1 TTPs 1 IoCs

Modify Registry

T1112

pid	Process
3624	reg.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
1296	e.exe
3420	ig.exe
1660	msngserv.exe

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 2476 wrote to memory of 1296	2476	286125dc0918fc98066b4b04c40f8729_JaffaCakes118.exe	85
PID 2476 wrote to memory of 1296	2476	286125dc0918fc98066b4b04c40f8729_JaffaCakes118.exe	85
PID 2476 wrote to memory of 1296	2476	286125dc0918fc98066b4b04c40f8729_JaffaCakes118.exe	85
PID 1296 wrote to memory of 3420	1296	e.exe	86
PID 1296 wrote to memory of 3420	1296	e.exe	86
PID 1296 wrote to memory of 3420	1296	e.exe	86
PID 2476 wrote to memory of 1660	2476	286125dc0918fc98066b4b04c40f8729_JaffaCakes118.exe	87
PID 2476 wrote to memory of 1660	2476	286125dc0918fc98066b4b04c40f8729_JaffaCakes118.exe	87
PID 2476 wrote to memory of 1660	2476	286125dc0918fc98066b4b04c40f8729_JaffaCakes118.exe	87
PID 1660 wrote to memory of 3624	1660	msngserv.exe	88
PID 1660 wrote to memory of 3624	1660	msngserv.exe	88
PID 1660 wrote to memory of 3624	1660	msngserv.exe	88

C:\Users\Admin\AppData\Local\Temp\286125dc0918fc98066b4b04c40f8729_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\286125dc0918fc98066b4b04c40f8729_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:2476
- C:\PROGRA~2\WINKSI~1\e.exe
  C:\PROGRA~2\WINKSI~1\e.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1296
- - C:\PROGRA~2\WINKSI~1\ig.exe
    ig.exe 1.MCO
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Modifies registry class
    - Suspicious use of SetWindowsHookEx
    PID:3420
- C:\PROGRA~2\WINKSI~1\msngserv.exe
  C:\PROGRA~2\WINKSI~1\msngserv.exe
  2⤵
  - Executes dropped EXE
  - Modifies Internet Explorer settings
  - Modifies Internet Explorer start page
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1660
- - C:\Windows\SysWOW64\reg.exe
    reg add hklm\software\microsoft\windows\currentversion\run /v wa /t reg_sz /d
    3⤵
    - Modifies registry key
    PID:3624

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\PROGRA~2\WINKSI~1\MSWINSCK.OCX

Filesize
105KB

MD5
9484c04258830aa3c2f2a70eb041414c

SHA1
b242a4fb0e9dcf14cb51dc36027baff9a79cb823

SHA256
bf7e47c16d7e1c0e88534f4ef95e09d0fd821ed1a06b0d95a389b35364b63ff5

SHA512
9d0e9f0d88594746ba41ea4a61a53498619eda596e12d8ec37d01cfe8ceb08be13e3727c83d630a6d9e6d03066f62444bb94ea5a0d2ed9d21a270e612db532a0

Download Submit
C:\Program Files (x86)\Winks Instalador\1.MCO

Filesize
30KB

MD5
d51eba3dc6b4318abbccd13bea0b8962

SHA1
9f1faa9634fcc12acd9c97c917f713619623bbc5

SHA256
831274e49ad03340f82d043c3f40deb1f69b260d3c86f785dd4b3545ee14f09a

SHA512
f00e90304dc6e77012c3083faacfe79a0db11bc2998e73bb6dc55bf4456019f70612ae8e5139e89023a3af45a24b4dcc551cc578e57005b0f112c07b01a0bd5d

Download Submit
C:\Program Files (x86)\Winks Instalador\e.exe

Filesize
16KB

MD5
8b0e9fb3431dcbc2309e1dbe7b1737f4

SHA1
31a3d7641051933a1143e3bd095fd11568a620dc

SHA256
73b79f515a91101f591dc904907f91c2e44182d71a25a13d54690f84827978e8

SHA512
54761c2f4fe93bdaf86478dc2621c95f0dc937f85ff32b20d51d623e61518d9309c395b8d8679dd0567e6c5032f8a48369f84d74dafbd5c257e1844401d34407

Download Submit
C:\Program Files (x86)\Winks Instalador\ig.exe

Filesize
24KB

MD5
0190c58a916bb76d2812f34477caabb8

SHA1
828eb139937fb0f5603ffb97df000f81eaa4bd7d

SHA256
32ed43ad8f9fe2c853a6670c02b689538e05ee85e19293113fc29005a72c0f10

SHA512
427be1d9d65f2d79544777b2ba4a697c7d1c71e52edf78175bcd7f7de1e84145f2bede7de522e43911aa3465cd26bb5ea35f2771b0b042b41ae569b406425b92

Download Submit
C:\Program Files (x86)\Winks Instalador\msngserv.exe

Filesize
48KB

MD5
e395d2d01c40b7ac57f67e35076664c8

SHA1
e668f66d970d74de0e5b06ccd974bc83ceef05ea

SHA256
1c329f22760c950e717760b2f88895317c59d3097cc6787e28ca1216a20d0724

SHA512
3413b0c374790f081a821f274647735ce409d7571e53b3d745ce619d4f40f8c3741f09f61f6c6419af60464f164354482fb65b7c160f0839db6d49e2113bd476

Download Submit
C:\ginstall.dll

Filesize
55KB

MD5
242089d713b2ac02b1f81ae0e8faa25d

SHA1
916bb90b3e56baea585d81c3716c601283a1bde4

SHA256
5c8143f72a8b83c01c2f17e981cd1756ef8223c92c0be47a06bfcd28a0ec1479

SHA512
d978d6ed6dec843d4266c6f6707798311c72391a0e10164d38d391befc3e54e2ddf1097ef9d5d590adcfe76bb21cebf80da62d2a6a46087c38c606015b41cc3b

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads