Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system -
submitted
10/07/2024, 00:08
Static task
static1
Behavioral task
behavioral1
Sample
328c2e30080e3140df0a31fa1b9288a8_JaffaCakes118.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
328c2e30080e3140df0a31fa1b9288a8_JaffaCakes118.exe
Resource
win10v2004-20240709-en
General
-
Target
328c2e30080e3140df0a31fa1b9288a8_JaffaCakes118.exe
-
Size
14KB
-
MD5
328c2e30080e3140df0a31fa1b9288a8
-
SHA1
c9e83273ebed50d1dbc74e2df0e62b1afccd6049
-
SHA256
4b1c83fb2a853b7dcaedda7e78f0b135853fe21cba83ceeffa942db56a141c38
-
SHA512
ae54bf669111c64db31bc114840341282782c3a2d4bbb1bf79ca9e9a8631b3682ade1737c1e8ea55ce75b301a2d1229b717587b543411370530c4fab580b9193
-
SSDEEP
192:WnXROOgn+3pI5ahdoaeV4QKnyXYDDn1dueznptaq90aqNyJcNQxU3:qgn+Z9eV4NnsYP1dukCQ0ecNQxU3
Malware Config
Signatures
-
Drops file in System32 directory 3 IoCs
description ioc Process File created C:\WINDOWS\SysWOW64\imglog.exe 328c2e30080e3140df0a31fa1b9288a8_JaffaCakes118.exe File created C:\WINDOWS\SysWOW64\msne.exe 328c2e30080e3140df0a31fa1b9288a8_JaffaCakes118.exe File created C:\WINDOWS\SysWOW64\process.exe 328c2e30080e3140df0a31fa1b9288a8_JaffaCakes118.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Program crash 17 IoCs
pid pid_target Process procid_target 2920 4272 WerFault.exe 80 3624 4272 WerFault.exe 80 2768 4272 WerFault.exe 80 1612 4272 WerFault.exe 80 872 4272 WerFault.exe 80 2528 4272 WerFault.exe 80 4376 4272 WerFault.exe 80 3284 4272 WerFault.exe 80 2604 4272 WerFault.exe 80 3328 4272 WerFault.exe 80 4124 4272 WerFault.exe 80 2416 4272 WerFault.exe 80 3756 4272 WerFault.exe 80 2772 4272 WerFault.exe 80 1716 4272 WerFault.exe 80 464 4272 WerFault.exe 80 5028 4272 WerFault.exe 80 -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 636 msedge.exe 636 msedge.exe 4912 msedge.exe 4912 msedge.exe 2568 identity_helper.exe 2568 identity_helper.exe 404 msedge.exe 404 msedge.exe 404 msedge.exe 404 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs
pid Process 4912 msedge.exe 4912 msedge.exe 4912 msedge.exe 4912 msedge.exe 4912 msedge.exe 4912 msedge.exe 4912 msedge.exe 4912 msedge.exe 4912 msedge.exe 4912 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 4912 msedge.exe 4912 msedge.exe 4912 msedge.exe 4912 msedge.exe 4912 msedge.exe 4912 msedge.exe 4912 msedge.exe 4912 msedge.exe 4912 msedge.exe 4912 msedge.exe 4912 msedge.exe 4912 msedge.exe 4912 msedge.exe 4912 msedge.exe 4912 msedge.exe 4912 msedge.exe 4912 msedge.exe 4912 msedge.exe 4912 msedge.exe 4912 msedge.exe 4912 msedge.exe 4912 msedge.exe 4912 msedge.exe 4912 msedge.exe 4912 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4912 msedge.exe 4912 msedge.exe 4912 msedge.exe 4912 msedge.exe 4912 msedge.exe 4912 msedge.exe 4912 msedge.exe 4912 msedge.exe 4912 msedge.exe 4912 msedge.exe 4912 msedge.exe 4912 msedge.exe 4912 msedge.exe 4912 msedge.exe 4912 msedge.exe 4912 msedge.exe 4912 msedge.exe 4912 msedge.exe 4912 msedge.exe 4912 msedge.exe 4912 msedge.exe 4912 msedge.exe 4912 msedge.exe 4912 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4272 wrote to memory of 4912 4272 328c2e30080e3140df0a31fa1b9288a8_JaffaCakes118.exe 101 PID 4272 wrote to memory of 4912 4272 328c2e30080e3140df0a31fa1b9288a8_JaffaCakes118.exe 101 PID 4912 wrote to memory of 3356 4912 msedge.exe 103 PID 4912 wrote to memory of 3356 4912 msedge.exe 103 PID 4912 wrote to memory of 2440 4912 msedge.exe 105 PID 4912 wrote to memory of 2440 4912 msedge.exe 105 PID 4912 wrote to memory of 2440 4912 msedge.exe 105 PID 4912 wrote to memory of 2440 4912 msedge.exe 105 PID 4912 wrote to memory of 2440 4912 msedge.exe 105 PID 4912 wrote to memory of 2440 4912 msedge.exe 105 PID 4912 wrote to memory of 2440 4912 msedge.exe 105 PID 4912 wrote to memory of 2440 4912 msedge.exe 105 PID 4912 wrote to memory of 2440 4912 msedge.exe 105 PID 4912 wrote to memory of 2440 4912 msedge.exe 105 PID 4912 wrote to memory of 2440 4912 msedge.exe 105 PID 4912 wrote to memory of 2440 4912 msedge.exe 105 PID 4912 wrote to memory of 2440 4912 msedge.exe 105 PID 4912 wrote to memory of 2440 4912 msedge.exe 105 PID 4912 wrote to memory of 2440 4912 msedge.exe 105 PID 4912 wrote to memory of 2440 4912 msedge.exe 105 PID 4912 wrote to memory of 2440 4912 msedge.exe 105 PID 4912 wrote to memory of 2440 4912 msedge.exe 105 PID 4912 wrote to memory of 2440 4912 msedge.exe 105 PID 4912 wrote to memory of 2440 4912 msedge.exe 105 PID 4912 wrote to memory of 2440 4912 msedge.exe 105 PID 4912 wrote to memory of 2440 4912 msedge.exe 105 PID 4912 wrote to memory of 2440 4912 msedge.exe 105 PID 4912 wrote to memory of 2440 4912 msedge.exe 105 PID 4912 wrote to memory of 2440 4912 msedge.exe 105 PID 4912 wrote to memory of 2440 4912 msedge.exe 105 PID 4912 wrote to memory of 2440 4912 msedge.exe 105 PID 4912 wrote to memory of 2440 4912 msedge.exe 105 PID 4912 wrote to memory of 2440 4912 msedge.exe 105 PID 4912 wrote to memory of 2440 4912 msedge.exe 105 PID 4912 wrote to memory of 2440 4912 msedge.exe 105 PID 4912 wrote to memory of 2440 4912 msedge.exe 105 PID 4912 wrote to memory of 2440 4912 msedge.exe 105 PID 4912 wrote to memory of 2440 4912 msedge.exe 105 PID 4912 wrote to memory of 2440 4912 msedge.exe 105 PID 4912 wrote to memory of 2440 4912 msedge.exe 105 PID 4912 wrote to memory of 2440 4912 msedge.exe 105 PID 4912 wrote to memory of 2440 4912 msedge.exe 105 PID 4912 wrote to memory of 2440 4912 msedge.exe 105 PID 4912 wrote to memory of 2440 4912 msedge.exe 105 PID 4912 wrote to memory of 636 4912 msedge.exe 106 PID 4912 wrote to memory of 636 4912 msedge.exe 106 PID 4912 wrote to memory of 2208 4912 msedge.exe 107 PID 4912 wrote to memory of 2208 4912 msedge.exe 107 PID 4912 wrote to memory of 2208 4912 msedge.exe 107 PID 4912 wrote to memory of 2208 4912 msedge.exe 107 PID 4912 wrote to memory of 2208 4912 msedge.exe 107 PID 4912 wrote to memory of 2208 4912 msedge.exe 107 PID 4912 wrote to memory of 2208 4912 msedge.exe 107 PID 4912 wrote to memory of 2208 4912 msedge.exe 107 PID 4912 wrote to memory of 2208 4912 msedge.exe 107 PID 4912 wrote to memory of 2208 4912 msedge.exe 107 PID 4912 wrote to memory of 2208 4912 msedge.exe 107 PID 4912 wrote to memory of 2208 4912 msedge.exe 107 PID 4912 wrote to memory of 2208 4912 msedge.exe 107 PID 4912 wrote to memory of 2208 4912 msedge.exe 107 PID 4912 wrote to memory of 2208 4912 msedge.exe 107 PID 4912 wrote to memory of 2208 4912 msedge.exe 107 PID 4912 wrote to memory of 2208 4912 msedge.exe 107 PID 4912 wrote to memory of 2208 4912 msedge.exe 107
Processes
-
C:\Users\Admin\AppData\Local\Temp\328c2e30080e3140df0a31fa1b9288a8_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\328c2e30080e3140df0a31fa1b9288a8_JaffaCakes118.exe"1⤵
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:4272 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4272 -s 6682⤵
- Program crash
PID:2920
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4272 -s 8642⤵
- Program crash
PID:3624
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4272 -s 8682⤵
- Program crash
PID:2768
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4272 -s 8682⤵
- Program crash
PID:1612
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4272 -s 10042⤵
- Program crash
PID:872
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4272 -s 12082⤵
- Program crash
PID:2528
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4272 -s 12162⤵
- Program crash
PID:4376
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4272 -s 11842⤵
- Program crash
PID:3284
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.windowslive.com.br/index_msn.html2⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4912 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9730f46f8,0x7ff9730f4708,0x7ff9730f47183⤵PID:3356
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,3614702024128690704,5613984318074983896,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2080 /prefetch:23⤵PID:2440
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,3614702024128690704,5613984318074983896,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 /prefetch:33⤵
- Suspicious behavior: EnumeratesProcesses
PID:636
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2064,3614702024128690704,5613984318074983896,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2656 /prefetch:83⤵PID:2208
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,3614702024128690704,5613984318074983896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:13⤵PID:2572
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,3614702024128690704,5613984318074983896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:13⤵PID:4532
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,3614702024128690704,5613984318074983896,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4924 /prefetch:83⤵PID:844
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,3614702024128690704,5613984318074983896,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4924 /prefetch:83⤵
- Suspicious behavior: EnumeratesProcesses
PID:2568
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,3614702024128690704,5613984318074983896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4928 /prefetch:13⤵PID:4240
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,3614702024128690704,5613984318074983896,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3988 /prefetch:13⤵PID:3988
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,3614702024128690704,5613984318074983896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5608 /prefetch:13⤵PID:3260
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,3614702024128690704,5613984318074983896,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5636 /prefetch:13⤵PID:2828
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,3614702024128690704,5613984318074983896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6136 /prefetch:13⤵PID:2528
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,3614702024128690704,5613984318074983896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6132 /prefetch:13⤵PID:3668
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,3614702024128690704,5613984318074983896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4352 /prefetch:13⤵PID:1068
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,3614702024128690704,5613984318074983896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3108 /prefetch:13⤵PID:2572
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,3614702024128690704,5613984318074983896,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3676 /prefetch:23⤵
- Suspicious behavior: EnumeratesProcesses
PID:404
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4272 -s 8082⤵
- Program crash
PID:2604
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4272 -s 12842⤵
- Program crash
PID:3328
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4272 -s 17042⤵
- Program crash
PID:4124
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4272 -s 17362⤵
- Program crash
PID:2416
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4272 -s 17642⤵
- Program crash
PID:3756
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4272 -s 18242⤵
- Program crash
PID:2772
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4272 -s 17962⤵
- Program crash
PID:1716
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4272 -s 17522⤵
- Program crash
PID:464
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4272 -s 1402⤵
- Program crash
PID:5028
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 364 -p 4272 -ip 42721⤵PID:4032
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 4272 -ip 42721⤵PID:2260
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 4272 -ip 42721⤵PID:2112
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 4272 -ip 42721⤵PID:892
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 4272 -ip 42721⤵PID:864
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 4272 -ip 42721⤵PID:1184
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 4272 -ip 42721⤵PID:312
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 504 -p 4272 -ip 42721⤵PID:2928
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 4272 -ip 42721⤵PID:3544
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 484 -p 4272 -ip 42721⤵PID:2120
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1492
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:5044
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 4272 -ip 42721⤵PID:4400
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 4272 -ip 42721⤵PID:1508
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 4272 -ip 42721⤵PID:2920
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 4272 -ip 42721⤵PID:4148
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 580 -p 4272 -ip 42721⤵PID:4496
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 4272 -ip 42721⤵PID:864
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 4272 -ip 42721⤵PID:868
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5eaaad45aced1889a90a8aa4c39f92659
SHA15c0130d9e8d1a64c97924090d9a5258b8a31b83c
SHA2565e3237f26b6047f64459cd5d3a6bc3563e2642b98d75b97011c93e0a9bd26f3b
SHA5120db1c6bdb51f4e6ba5ef4dc12fc73886e599ab28f1eec5d943110bc3d856401ca31c05baa9026dd441b69f3de92307eb77d93f089ba6e2b84eea6e93982620e4
-
Filesize
152B
MD53ee50fb26a9d3f096c47ff8696c24321
SHA1a8c83e798d2a8b31fec0820560525e80dfa4fe66
SHA256d80ec29cb17280af0c7522b30a80ffa19d1e786c0b09accfe3234b967d23eb6f
SHA512479c0d2b76850aa79b58f9e0a8ba5773bd8909d915b98c2e9dc3a95c0ac18d7741b2ee571df695c0305598d89651c7aef2ff7c2fedb8b6a6aa30057ecfc872c5
-
Filesize
6KB
MD5bc4d78a9468d18dc89332221b54715f9
SHA19e239708930e64776af095518ba9d6c715ea8a03
SHA256f9446071d2a9747cebc8f6c3b46825dc6da14959452dadd17c2dd859ede245d6
SHA5127b26c8737684e44f88e1e609a81bf2264baae1721159850ba7adb1ea751c537170387a3c4e5ae217a05042ab9f90f9dca70ae1c8f2c45f4a64d0414aadf6cf78
-
Filesize
6KB
MD5f134cf96d34500de47a3e37e7d17c6c8
SHA185768e506451f9e4a0bab1915d59f2d16484baa5
SHA256dd8104bf29a6444f6050b2a7f8a98954b01021a718788c3d794e093002fd2da4
SHA512b445381d2fa22a3339e0e831aa32dfcb9b873824453083d8d37b6c596e2bd80fe70e36f60f8bfaa637afd9009fe8c25eb7063a42e2d2d9b0774653b4fa679b05
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5430ab4f817caad17709bf6dd374253d4
SHA1195f10f7c1114fa88564c8aab197b22985385e67
SHA25687fdff842e03cf10d006c304025c3b47ee16c0efeb6528fc7df8e83ae31fa1e5
SHA51283de90d98276a4a40b479e34eab6b98848b961568499b944bce46fd7d1e11e8871bf53042d0fbac467f841aca6a72693ce88ce36141ffb31c0f287dd78d57148
-
Filesize
90KB
MD5e17959f0a557d7b1b1d6f52a5b5b733d
SHA1e3ae32e4824d792b466e61df7b98c0142c9df271
SHA2561260371c67f048695bb3551a57ca530caa0a28618fc83c9c998983e66e2bced8
SHA51266e19ee2567494309a898671b86bb77f79c3192258a528a2deaf4412cd4702f55130bade0fdd9083ffb4d428c98062ff7d609eabbcb9c45ad49b25e09613f3d4