Analysis
-
max time kernel
149s -
max time network
136s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system -
submitted
09/07/2024, 23:29
Static task
static1
Behavioral task
behavioral1
Sample
326d134ec6b03468d36ff959274a7def_JaffaCakes118.exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
326d134ec6b03468d36ff959274a7def_JaffaCakes118.exe
Resource
win10v2004-20240709-en
General
-
Target
326d134ec6b03468d36ff959274a7def_JaffaCakes118.exe
-
Size
14KB
-
MD5
326d134ec6b03468d36ff959274a7def
-
SHA1
6cad46e83698a9ab73623c9f4a2d7f4b96552cdd
-
SHA256
c436011fedc34d6aaab42c772fd8cb69404f578ad0d214973923616797556cc3
-
SHA512
df81d24990b48dfc0fbc24e7f919297ac0d20826f88dd2e9867efe2dd1ba10a53b6352728aed9b8ed0d4f014057a426890c3f6cfebf3b19a0aa47594518969af
-
SSDEEP
384:3f+hYmYcatcT61zgUiTB6+jMz0+UY0ecNQxU3:v+vDal1z+HjMw+GPf
Malware Config
Signatures
-
Drops file in System32 directory 3 IoCs
description ioc Process File created C:\WINDOWS\SysWOW64\imglog.exe 326d134ec6b03468d36ff959274a7def_JaffaCakes118.exe File created C:\WINDOWS\SysWOW64\msne.exe 326d134ec6b03468d36ff959274a7def_JaffaCakes118.exe File created C:\WINDOWS\SysWOW64\process.exe 326d134ec6b03468d36ff959274a7def_JaffaCakes118.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Program crash 17 IoCs
pid pid_target Process procid_target 4920 3512 WerFault.exe 80 3576 3512 WerFault.exe 80 3288 3512 WerFault.exe 80 2116 3512 WerFault.exe 80 2152 3512 WerFault.exe 80 4700 3512 WerFault.exe 80 3656 3512 WerFault.exe 80 1264 3512 WerFault.exe 80 764 3512 WerFault.exe 80 3684 3512 WerFault.exe 80 2860 3512 WerFault.exe 80 2344 3512 WerFault.exe 80 3692 3512 WerFault.exe 80 2740 3512 WerFault.exe 80 2332 3512 WerFault.exe 80 2176 3512 WerFault.exe 80 4720 3512 WerFault.exe 80 -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 3696 msedge.exe 3696 msedge.exe 3556 msedge.exe 3556 msedge.exe 4408 identity_helper.exe 4408 identity_helper.exe 3328 msedge.exe 3328 msedge.exe 3328 msedge.exe 3328 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs
pid Process 3556 msedge.exe 3556 msedge.exe 3556 msedge.exe 3556 msedge.exe 3556 msedge.exe 3556 msedge.exe 3556 msedge.exe 3556 msedge.exe 3556 msedge.exe 3556 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 3556 msedge.exe 3556 msedge.exe 3556 msedge.exe 3556 msedge.exe 3556 msedge.exe 3556 msedge.exe 3556 msedge.exe 3556 msedge.exe 3556 msedge.exe 3556 msedge.exe 3556 msedge.exe 3556 msedge.exe 3556 msedge.exe 3556 msedge.exe 3556 msedge.exe 3556 msedge.exe 3556 msedge.exe 3556 msedge.exe 3556 msedge.exe 3556 msedge.exe 3556 msedge.exe 3556 msedge.exe 3556 msedge.exe 3556 msedge.exe 3556 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3556 msedge.exe 3556 msedge.exe 3556 msedge.exe 3556 msedge.exe 3556 msedge.exe 3556 msedge.exe 3556 msedge.exe 3556 msedge.exe 3556 msedge.exe 3556 msedge.exe 3556 msedge.exe 3556 msedge.exe 3556 msedge.exe 3556 msedge.exe 3556 msedge.exe 3556 msedge.exe 3556 msedge.exe 3556 msedge.exe 3556 msedge.exe 3556 msedge.exe 3556 msedge.exe 3556 msedge.exe 3556 msedge.exe 3556 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3512 wrote to memory of 3556 3512 326d134ec6b03468d36ff959274a7def_JaffaCakes118.exe 101 PID 3512 wrote to memory of 3556 3512 326d134ec6b03468d36ff959274a7def_JaffaCakes118.exe 101 PID 3556 wrote to memory of 2744 3556 msedge.exe 103 PID 3556 wrote to memory of 2744 3556 msedge.exe 103 PID 3556 wrote to memory of 1624 3556 msedge.exe 105 PID 3556 wrote to memory of 1624 3556 msedge.exe 105 PID 3556 wrote to memory of 1624 3556 msedge.exe 105 PID 3556 wrote to memory of 1624 3556 msedge.exe 105 PID 3556 wrote to memory of 1624 3556 msedge.exe 105 PID 3556 wrote to memory of 1624 3556 msedge.exe 105 PID 3556 wrote to memory of 1624 3556 msedge.exe 105 PID 3556 wrote to memory of 1624 3556 msedge.exe 105 PID 3556 wrote to memory of 1624 3556 msedge.exe 105 PID 3556 wrote to memory of 1624 3556 msedge.exe 105 PID 3556 wrote to memory of 1624 3556 msedge.exe 105 PID 3556 wrote to memory of 1624 3556 msedge.exe 105 PID 3556 wrote to memory of 1624 3556 msedge.exe 105 PID 3556 wrote to memory of 1624 3556 msedge.exe 105 PID 3556 wrote to memory of 1624 3556 msedge.exe 105 PID 3556 wrote to memory of 1624 3556 msedge.exe 105 PID 3556 wrote to memory of 1624 3556 msedge.exe 105 PID 3556 wrote to memory of 1624 3556 msedge.exe 105 PID 3556 wrote to memory of 1624 3556 msedge.exe 105 PID 3556 wrote to memory of 1624 3556 msedge.exe 105 PID 3556 wrote to memory of 1624 3556 msedge.exe 105 PID 3556 wrote to memory of 1624 3556 msedge.exe 105 PID 3556 wrote to memory of 1624 3556 msedge.exe 105 PID 3556 wrote to memory of 1624 3556 msedge.exe 105 PID 3556 wrote to memory of 1624 3556 msedge.exe 105 PID 3556 wrote to memory of 1624 3556 msedge.exe 105 PID 3556 wrote to memory of 1624 3556 msedge.exe 105 PID 3556 wrote to memory of 1624 3556 msedge.exe 105 PID 3556 wrote to memory of 1624 3556 msedge.exe 105 PID 3556 wrote to memory of 1624 3556 msedge.exe 105 PID 3556 wrote to memory of 1624 3556 msedge.exe 105 PID 3556 wrote to memory of 1624 3556 msedge.exe 105 PID 3556 wrote to memory of 1624 3556 msedge.exe 105 PID 3556 wrote to memory of 1624 3556 msedge.exe 105 PID 3556 wrote to memory of 1624 3556 msedge.exe 105 PID 3556 wrote to memory of 1624 3556 msedge.exe 105 PID 3556 wrote to memory of 1624 3556 msedge.exe 105 PID 3556 wrote to memory of 1624 3556 msedge.exe 105 PID 3556 wrote to memory of 1624 3556 msedge.exe 105 PID 3556 wrote to memory of 1624 3556 msedge.exe 105 PID 3556 wrote to memory of 3696 3556 msedge.exe 106 PID 3556 wrote to memory of 3696 3556 msedge.exe 106 PID 3556 wrote to memory of 2952 3556 msedge.exe 107 PID 3556 wrote to memory of 2952 3556 msedge.exe 107 PID 3556 wrote to memory of 2952 3556 msedge.exe 107 PID 3556 wrote to memory of 2952 3556 msedge.exe 107 PID 3556 wrote to memory of 2952 3556 msedge.exe 107 PID 3556 wrote to memory of 2952 3556 msedge.exe 107 PID 3556 wrote to memory of 2952 3556 msedge.exe 107 PID 3556 wrote to memory of 2952 3556 msedge.exe 107 PID 3556 wrote to memory of 2952 3556 msedge.exe 107 PID 3556 wrote to memory of 2952 3556 msedge.exe 107 PID 3556 wrote to memory of 2952 3556 msedge.exe 107 PID 3556 wrote to memory of 2952 3556 msedge.exe 107 PID 3556 wrote to memory of 2952 3556 msedge.exe 107 PID 3556 wrote to memory of 2952 3556 msedge.exe 107 PID 3556 wrote to memory of 2952 3556 msedge.exe 107 PID 3556 wrote to memory of 2952 3556 msedge.exe 107 PID 3556 wrote to memory of 2952 3556 msedge.exe 107 PID 3556 wrote to memory of 2952 3556 msedge.exe 107
Processes
-
C:\Users\Admin\AppData\Local\Temp\326d134ec6b03468d36ff959274a7def_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\326d134ec6b03468d36ff959274a7def_JaffaCakes118.exe"1⤵
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:3512 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3512 -s 6682⤵
- Program crash
PID:4920
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3512 -s 8722⤵
- Program crash
PID:3576
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3512 -s 8802⤵
- Program crash
PID:3288
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3512 -s 9082⤵
- Program crash
PID:2116
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3512 -s 10082⤵
- Program crash
PID:2152
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3512 -s 11962⤵
- Program crash
PID:4700
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3512 -s 12202⤵
- Program crash
PID:3656
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3512 -s 12162⤵
- Program crash
PID:1264
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.windowslive.com.br/index_msn.html2⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3556 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x110,0x114,0x118,0xec,0x11c,0x7ffcd4fa46f8,0x7ffcd4fa4708,0x7ffcd4fa47183⤵PID:2744
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2224,10551405946881867471,10821401136294960709,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2236 /prefetch:23⤵PID:1624
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2224,10551405946881867471,10821401136294960709,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2288 /prefetch:33⤵
- Suspicious behavior: EnumeratesProcesses
PID:3696
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2224,10551405946881867471,10821401136294960709,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2788 /prefetch:83⤵PID:2952
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,10551405946881867471,10821401136294960709,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:13⤵PID:2616
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,10551405946881867471,10821401136294960709,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:13⤵PID:1384
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2224,10551405946881867471,10821401136294960709,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4892 /prefetch:83⤵PID:3120
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2224,10551405946881867471,10821401136294960709,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4892 /prefetch:83⤵
- Suspicious behavior: EnumeratesProcesses
PID:4408
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,10551405946881867471,10821401136294960709,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5300 /prefetch:13⤵PID:2024
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,10551405946881867471,10821401136294960709,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5244 /prefetch:13⤵PID:2324
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,10551405946881867471,10821401136294960709,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5668 /prefetch:13⤵PID:1904
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,10551405946881867471,10821401136294960709,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5696 /prefetch:13⤵PID:2860
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,10551405946881867471,10821401136294960709,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6136 /prefetch:13⤵PID:2176
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,10551405946881867471,10821401136294960709,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3480 /prefetch:13⤵PID:5100
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,10551405946881867471,10821401136294960709,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4364 /prefetch:13⤵PID:1876
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,10551405946881867471,10821401136294960709,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6092 /prefetch:13⤵PID:4364
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2224,10551405946881867471,10821401136294960709,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3552 /prefetch:23⤵
- Suspicious behavior: EnumeratesProcesses
PID:3328
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3512 -s 8122⤵
- Program crash
PID:764
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3512 -s 11082⤵
- Program crash
PID:3684
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3512 -s 16882⤵
- Program crash
PID:2860
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3512 -s 16922⤵
- Program crash
PID:2344
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3512 -s 17602⤵
- Program crash
PID:3692
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3512 -s 17042⤵
- Program crash
PID:2740
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3512 -s 19922⤵
- Program crash
PID:2332
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3512 -s 17042⤵
- Program crash
PID:2176
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3512 -s 1402⤵
- Program crash
PID:4720
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3512 -ip 35121⤵PID:3544
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 3512 -ip 35121⤵PID:3828
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 3512 -ip 35121⤵PID:3200
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 3512 -ip 35121⤵PID:1476
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 3512 -ip 35121⤵PID:4744
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 3512 -ip 35121⤵PID:3152
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 3512 -ip 35121⤵PID:1832
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 3512 -ip 35121⤵PID:4424
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 3512 -ip 35121⤵PID:2432
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3232
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 3512 -ip 35121⤵PID:3744
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4336
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 3512 -ip 35121⤵PID:1692
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 3512 -ip 35121⤵PID:5104
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 3512 -ip 35121⤵PID:860
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 3512 -ip 35121⤵PID:2756
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 3512 -ip 35121⤵PID:4448
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 3512 -ip 35121⤵PID:2200
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 3512 -ip 35121⤵PID:4892
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD52f842025e22e522658c640cfc7edc529
SHA14c2b24b02709acdd159f1b9bbeb396e52af27033
SHA2561191573f2a7c12f0b9b8460e06dc36ca5386305eb8c883ebbbc8eb15f4d8e23e
SHA5126e4393fd43984722229020ef662fc5981f253de31f13f30fadd6660bbc9ededcbfd163f132f6adaf42d435873322a5d0d3eea60060cf0e7f2e256262632c5d05
-
Filesize
152B
MD554aadd2d8ec66e446f1edb466b99ba8d
SHA1a94f02b035dc918d8d9a46e6886413f15be5bff0
SHA2561971045943002ef01930add9ba1a96a92ddc10d6c581ce29e33c38c2120b130e
SHA5127e077f903463da60b5587aed4f5352060df400ebda713b602b88c15cb2f91076531ea07546a9352df772656065e0bf27bd285905a60f036a5c5951076d35e994
-
Filesize
6KB
MD50f1f7265bf6874ad6ace9c45a7a57ad0
SHA15b23018b0476bc25b4e934b92a8cd1ee86d595b2
SHA256eef26d932ce23c9787e244cf31452a2db6f128246f41e343be9116e764a08a11
SHA512913bde247e93591a53e23a5b07d89be4b48d7ef7de91ac4eaa29b9b4fccdf16ba416d24eb07fc87270b29ccb7921204ce09b06be415626c07b4372b092662d56
-
Filesize
6KB
MD59af0f8b6e385852a828ee808a2e85a83
SHA1ca5f36018edcc4725fef516cce55899f6a5ab14b
SHA256333062153258cdf68e6f111bbd65f8ee3ed80321499488535283a3105d73041c
SHA512719ab5b4db2019012a9c00e7c3b6d6e0ad5525ef75cd5678eec59b51b26ae422748dd303bf72a701b41426787051c7ca78f4b4eba3a71ea9709aaef378443ee5
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5dd2cd4fdc50e8e3279f91f4a3ff80f29
SHA1d2390e276a0b24b68c377bf71cbd512a6ca54a6e
SHA256f6a987fc225dcbf23b6c79f18fe161b48d89187c89e853e174b8e93eaca73524
SHA5128aadb132272dc7437c81ee8cc9ef21a523190d211ad14770ead9316859ef0a619f8eaf2248e58837475b6f459bfa27feaa7f7946eca65004dca127a825302d76
-
Filesize
90KB
MD5a6dcc39e3d10cfe83a3730047fdf041a
SHA182f850a40fe998ec3d1c4f643e1c9a982365f1a9
SHA256908cd17b306b14f21ced19c98e0d5922ddbb0f46ac51e8bc1b8206313bb95574
SHA512c0fdc9e17386c3d05e4d5cbebcddef985cb304f8c98ce1e9b7bc4969efa049b5a59ce8277c1c3a6f9d6800eb398bb945831830efcafc8ef70f9dbacc6ded7813