0d97ed4e92ab67c725b45d9f21d7d0fecb7d08cbe91ca6164bf9166c017dd592

Analysis

max time kernel
150s
max time network
152s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
08/07/2024, 08:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2bad061f136a08d82ac9f1ebdd60f3ed_JaffaCakes118.exe
Size

28KB
MD5

2bad061f136a08d82ac9f1ebdd60f3ed
SHA1

c04e4ade66f27b06a10be3fd41df09a9545f72a6
SHA256

0d97ed4e92ab67c725b45d9f21d7d0fecb7d08cbe91ca6164bf9166c017dd592
SHA512

f0bbe5977f26e5cc4f06b9ff6643eb87bda563bf288e0b5fdda2393f8960cef8d16c37598fcaf6a2f68b64075626bc1367806d791ef8bd7264784b95345c099c
SSDEEP

384:1vxBbK26lj5Id8SpHx9jLhsznnVxA1WmP5w7GGCJlqqwMyN8B0:Dv8IRRdsxq1DjJcqfNC

Score

7^/10

persistence upx

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1960	services.exe

UPX packed file 29 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2348-2-0x0000000000500000-0x0000000000510000-memory.dmp	upx
behavioral1/files/0x000f000000015d8b-6.dat	upx
behavioral1/memory/1960-11-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral1/memory/2348-17-0x0000000000500000-0x0000000000510000-memory.dmp	upx
behavioral1/memory/1960-18-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral1/memory/1960-23-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral1/memory/2348-24-0x00000000002A0000-0x00000000002A8000-memory.dmp	upx
behavioral1/memory/1960-30-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral1/memory/2348-31-0x0000000000500000-0x0000000000510000-memory.dmp	upx
behavioral1/memory/1960-32-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral1/memory/1960-37-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral1/files/0x002e000000015d72-42.dat	upx
behavioral1/memory/2348-57-0x0000000000500000-0x0000000000510000-memory.dmp	upx
behavioral1/memory/1960-58-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral1/memory/2348-59-0x0000000000500000-0x0000000000510000-memory.dmp	upx
behavioral1/memory/1960-60-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral1/memory/2348-64-0x0000000000500000-0x0000000000510000-memory.dmp	upx
behavioral1/memory/1960-65-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral1/memory/1960-70-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral1/memory/2348-71-0x0000000000500000-0x0000000000510000-memory.dmp	upx
behavioral1/memory/1960-72-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral1/memory/2348-76-0x0000000000500000-0x0000000000510000-memory.dmp	upx
behavioral1/memory/1960-77-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral1/memory/2348-81-0x0000000000500000-0x0000000000510000-memory.dmp	upx
behavioral1/memory/1960-82-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral1/memory/2348-307-0x0000000000500000-0x0000000000510000-memory.dmp	upx
behavioral1/memory/1960-308-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral1/memory/2348-367-0x0000000000500000-0x0000000000510000-memory.dmp	upx
behavioral1/memory/1960-368-0x0000000000400000-0x0000000000408000-memory.dmp	upx

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\JavaVM = "C:\\Windows\\java.exe"	2bad061f136a08d82ac9f1ebdd60f3ed_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Services = "C:\\Windows\\services.exe"	services.exe

Drops file in Windows directory 3 IoCs

description	ioc	Process
File created	C:\Windows\services.exe	2bad061f136a08d82ac9f1ebdd60f3ed_JaffaCakes118.exe
File opened for modification	C:\Windows\java.exe	2bad061f136a08d82ac9f1ebdd60f3ed_JaffaCakes118.exe
File created	C:\Windows\java.exe	2bad061f136a08d82ac9f1ebdd60f3ed_JaffaCakes118.exe

Modifies system certificate store 2 TTPs 4 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8	2bad061f136a08d82ac9f1ebdd60f3ed_JaffaCakes118.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	2bad061f136a08d82ac9f1ebdd60f3ed_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25	2bad061f136a08d82ac9f1ebdd60f3ed_JaffaCakes118.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703085300000001000000230000003021301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25190000000100000010000000ba4f3972e7aed9dccdc210db59da13c92000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	2bad061f136a08d82ac9f1ebdd60f3ed_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2348 wrote to memory of 1960	2348	2bad061f136a08d82ac9f1ebdd60f3ed_JaffaCakes118.exe	30
PID 2348 wrote to memory of 1960	2348	2bad061f136a08d82ac9f1ebdd60f3ed_JaffaCakes118.exe	30
PID 2348 wrote to memory of 1960	2348	2bad061f136a08d82ac9f1ebdd60f3ed_JaffaCakes118.exe	30
PID 2348 wrote to memory of 1960	2348	2bad061f136a08d82ac9f1ebdd60f3ed_JaffaCakes118.exe	30

C:\Users\Admin\AppData\Local\Temp\2bad061f136a08d82ac9f1ebdd60f3ed_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\2bad061f136a08d82ac9f1ebdd60f3ed_JaffaCakes118.exe"
1⤵
- Adds Run key to start application
- Drops file in Windows directory
- Modifies system certificate store
- Suspicious use of WriteProcessMemory
PID:2348
- C:\Windows\services.exe
  "C:\Windows\services.exe"
  2⤵
  - Executes dropped EXE
  - Adds Run key to start application
  PID:1960

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d6ada5473e476a9b0fc0602917420c48

SHA1
392b2fb0f40caca2e58591da54c7d64914df8d0d

SHA256
7bafb17cdd95224c779acb2239e7e096e07324096878330f76d915e9cb1b9b4d

SHA512
82fbccba8e8ff53f021792a42cd373d5e054b69d87bbe55f8fb8a249d6d9a3bfa6b71f7ce7e901c187fdc3f4ba9ab8da3695ac7796d907ae9a230bdaf51290b1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5005564c2e6e2989986aae598548fda8

SHA1
f05035053a17944363502c772e9d1124367aa6e5

SHA256
25ce649c24cdec144e0deac88239cb5fee5c747923ec503fcdcb0ccda25fecc7

SHA512
63f54a6b276e5353cd497319124e405af47e946323feba514c04387ad64727d48a7ec307c60913ac4f4a0350e95bf38dae3bc04df2f12e01d1165be631db362c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JQ7VMQEC\CCXCQUBE.htm

Filesize
175KB

MD5
e82fee788f1fc3b0564728990483c6b8

SHA1
5a9b26a7ad8782bb242bba3b3a5bf2bf06d632b1

SHA256
88b8d108b3be91714a680c2e9fda0b693e3afbb67ec8a25fd0f6ea0dee159eea

SHA512
9a3e4fadc82847de9b9260fd0bd93a4da5b6fc13aa9be3e17bcbd2d77641ed18f9262c0955a1ddba6d0bc5225fbf41efce56d4fdcaa1a986db395f1c28fe545a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SPRIFH8L\search[3].htm

Filesize
129KB

MD5
6a1360cff47e3f10d48642ee6da3f137

SHA1
b5005e9fd0ef7e3adb1c6fa3a8f64250bcc4857e

SHA256
c2da898524fa4db4d9fea8a5ba3d2564fd0e2eb309c6c6eee87239dba29d909d

SHA512
8111fa1c95743ca722ae10ef3171f67fa9d0db547616b7b4dd9d6c59118e6d7bd85d909cb06ef628400c8ffbe0eaf9d7ae17a54757668fa0ecb29f521f2de9a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WK27LCMU\search[1].htm

Filesize
130KB

MD5
e95381a8bc44508d6a1454ecdab1fc86

SHA1
57b153268ed38d366c92a5f4f12a0a57a25c3e00

SHA256
424e051bbbd8bc3d717a3db0d6330762f98446fccb777d190edd229577095029

SHA512
d552c85ccd694ce6698166cdcfce7b0dee31c020c23983cd466c21ae641226d79998b0a95fe3b41f76c6bf34cd632a397c0ee6d42222aa293043bec7e2d908e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WK27LCMU\search[3].htm

Filesize
25B

MD5
8ba61a16b71609a08bfa35bc213fce49

SHA1
8374dddcc6b2ede14b0ea00a5870a11b57ced33f

SHA256
6aa63394c1f5e705b1e89c55ff19eed71957e735c3831a845ff62f74824e13f1

SHA512
5855f5b2a78877f7a27ff92eaaa900d81d02486e6e2ea81d80b6f6cf1fe254350444980017e00cdeecdd3c67b86e7acc90cd2d77f06210bdd1d7b1a71d262df1

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabFC70.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarFD1F.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpF94D.tmp

Filesize
28KB

MD5
34ed4c85775a7b29bde2a216dc1f5cde

SHA1
c20b6f0ad57ecfed1fa71963766b3f1244d75391

SHA256
93024c2b77be44eb99d3ed145fb1c7141731f4a5d00fff746dba8339b3daab9b

SHA512
2fc988d55cbbf3a0fa5c511fa44cd976a0f03917f0dd092440370d6a41714803c363fbb403a51bed8d3277319747193be20c64e85dd8d902f0ce9b37ec65610f

Download Submit
C:\Users\Admin\AppData\Local\Temp\zincite.log

Filesize
1KB

MD5
045a0dde04da462b3d8d2ac5ff6679d0

SHA1
eb30eb38f31cdf02c060f6ada86d79a634b63315

SHA256
e79236de8b4b07885381c387b7af1a4600641a30a9312401601be4dae27ce0e5

SHA512
629b19bcc3ea869d0fa7b77ee8f5e96ff4210f068d5b8e7d44ad93e2d408b3083f3c93979c1009054fbcb1e2855403ae1f711c67879a0cc8e7e9a1586e62efbc

Download Submit
C:\Users\Admin\AppData\Local\Temp\zincite.log

Filesize
1KB

MD5
b4831ecbe85a9447fd4a5884392974cd

SHA1
44bfe91edf7e619b70b8edb3630e2bd7649d20ea

SHA256
c3dfe414948f2c20be45a22fd4a54cbf3ed75711beaa1078f95e784dec3daa2c

SHA512
22bcb02b2bc7d8094a87309f36732f8c425a65c8226e99d8a6b914ca5b29a7341bd3bb87a4f9d831e3d8f1249a4b580b8de2a2177d9620cc139e602827414b9e

Download Submit
C:\Windows\services.exe

Filesize
8KB

MD5
b0fe74719b1b647e2056641931907f4a

SHA1
e858c206d2d1542a79936cb00d85da853bfc95e2

SHA256
bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c

SHA512
9c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2

Download Submit
memory/1960-60-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/1960-37-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/1960-32-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/1960-368-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/1960-11-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/1960-58-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/1960-308-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/1960-18-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/1960-23-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/1960-65-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/1960-70-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/1960-30-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/1960-72-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/1960-82-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/1960-77-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2348-81-0x0000000000500000-0x0000000000510000-memory.dmp

Filesize
64KB

Download
memory/2348-17-0x0000000000500000-0x0000000000510000-memory.dmp

Filesize
64KB

Download
memory/2348-71-0x0000000000500000-0x0000000000510000-memory.dmp

Filesize
64KB

Download
memory/2348-25-0x00000000002A0000-0x00000000002A8000-memory.dmp

Filesize
32KB

Download
memory/2348-24-0x00000000002A0000-0x00000000002A8000-memory.dmp

Filesize
32KB

Download
memory/2348-64-0x0000000000500000-0x0000000000510000-memory.dmp

Filesize
64KB

Download
memory/2348-2-0x0000000000500000-0x0000000000510000-memory.dmp

Filesize
64KB

Download
memory/2348-76-0x0000000000500000-0x0000000000510000-memory.dmp

Filesize
64KB

Download
memory/2348-9-0x00000000002A0000-0x00000000002A8000-memory.dmp

Filesize
32KB

Download
memory/2348-10-0x00000000002A0000-0x00000000002A8000-memory.dmp

Filesize
32KB

Download
memory/2348-307-0x0000000000500000-0x0000000000510000-memory.dmp

Filesize
64KB

Download
memory/2348-59-0x0000000000500000-0x0000000000510000-memory.dmp

Filesize
64KB

Download
memory/2348-57-0x0000000000500000-0x0000000000510000-memory.dmp

Filesize
64KB

Download
memory/2348-367-0x0000000000500000-0x0000000000510000-memory.dmp

Filesize
64KB

Download
memory/2348-31-0x0000000000500000-0x0000000000510000-memory.dmp

Filesize
64KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads