6b5315d5569d448773a9d4c334f22475bf820132f65c824b733a5a9fefa4f845

General

Target

3f65a714f4db1d2f7d585abc7d60656d_JaffaCakes118.exe
Size

168KB
MD5

3f65a714f4db1d2f7d585abc7d60656d
SHA1

cb96a4d2eddde21a89e3d8ae98fc82fcbd5a1bdc
SHA256

6b5315d5569d448773a9d4c334f22475bf820132f65c824b733a5a9fefa4f845
SHA512

e64ad49d79fc59d98734766cf731d5c431635e960b023f288e2c3cd5214d13d54d303296eb0cf0f7d8c41da66e963293082ba7c261cd112f0260d19c9d474497
SSDEEP

3072:8B/yfWqIm2ToinfY86s+g0Sfh2WYhdH2eluFkVZH7SLmRYqC:8ofU3tfpj0gRUdH2etB+L

Score

7^/10

persistence

Malware Config

Signatures

Executes dropped EXE 3 IoCs

Processes:

Wczjzf.exeWczjzf.exeWczjzf.exe

pid process

4828 Wczjzf.exe
2028 Wczjzf.exe
4556 Wczjzf.exe
Loads dropped DLL 2 IoCs

Processes:

3f65a714f4db1d2f7d585abc7d60656d_JaffaCakes118.exeWczjzf.exe

pid process

1008 3f65a714f4db1d2f7d585abc7d60656d_JaffaCakes118.exe
4828 Wczjzf.exe

pid	process
4828	Wczjzf.exe
2028	Wczjzf.exe
4556	Wczjzf.exe

pid	process
1008	3f65a714f4db1d2f7d585abc7d60656d_JaffaCakes118.exe
4828	Wczjzf.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

3f65a714f4db1d2f7d585abc7d60656d_JaffaCakes118.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-2990742725-2267136959-192470804-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Wczjzf = "C:\\Users\\Admin\\AppData\\Roaming\\Wczjzf.exe"	3f65a714f4db1d2f7d585abc7d60656d_JaffaCakes118.exe

Suspicious use of SetThreadContext 4 IoCs

Processes:

3f65a714f4db1d2f7d585abc7d60656d_JaffaCakes118.exe3f65a714f4db1d2f7d585abc7d60656d_JaffaCakes118.exeWczjzf.exeWczjzf.exe

description	pid	process	target process
PID 1008 set thread context of 4236	1008	3f65a714f4db1d2f7d585abc7d60656d_JaffaCakes118.exe	3f65a714f4db1d2f7d585abc7d60656d_JaffaCakes118.exe
PID 4236 set thread context of 1572	4236	3f65a714f4db1d2f7d585abc7d60656d_JaffaCakes118.exe	3f65a714f4db1d2f7d585abc7d60656d_JaffaCakes118.exe
PID 4828 set thread context of 2028	4828	Wczjzf.exe	Wczjzf.exe
PID 2028 set thread context of 4556	2028	Wczjzf.exe	Wczjzf.exe

Modifies Internet Explorer settings 1 TTPs 30 IoCs

adware spyware

Modify Registry

T1112

Processes:

IEXPLORE.EXEIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2990742725-2267136959-192470804-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2990742725-2267136959-192470804-1000\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2990742725-2267136959-192470804-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31118519"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2990742725-2267136959-192470804-1000\Software\Microsoft\Internet Explorer\VersionManager	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2990742725-2267136959-192470804-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2990742725-2267136959-192470804-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "2787686939"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2990742725-2267136959-192470804-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2990742725-2267136959-192470804-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "2787686939"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2990742725-2267136959-192470804-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31118519"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2990742725-2267136959-192470804-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2990742725-2267136959-192470804-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2990742725-2267136959-192470804-1000\Software\Microsoft\Internet Explorer\VersionManager	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2990742725-2267136959-192470804-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2990742725-2267136959-192470804-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\""	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2990742725-2267136959-192470804-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31118519"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2990742725-2267136959-192470804-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2990742725-2267136959-192470804-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2990742725-2267136959-192470804-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2990742725-2267136959-192470804-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2990742725-2267136959-192470804-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2990742725-2267136959-192470804-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2990742725-2267136959-192470804-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2990742725-2267136959-192470804-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2990742725-2267136959-192470804-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "2790655293"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2990742725-2267136959-192470804-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2990742725-2267136959-192470804-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2990742725-2267136959-192470804-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2990742725-2267136959-192470804-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2990742725-2267136959-192470804-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "427593762"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2990742725-2267136959-192470804-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{D1D4A2BF-40AA-11EF-B355-4A319C7DE533} = "0"	IEXPLORE.EXE

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

3f65a714f4db1d2f7d585abc7d60656d_JaffaCakes118.exe

pid process

1572 3f65a714f4db1d2f7d585abc7d60656d_JaffaCakes118.exe
1572 3f65a714f4db1d2f7d585abc7d60656d_JaffaCakes118.exe
Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes:

Wczjzf.exeIEXPLORE.EXE

description pid process

Token: SeDebugPrivilege 4556 Wczjzf.exe
Token: SeDebugPrivilege 4312 IEXPLORE.EXE
Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

IEXPLORE.EXE

pid process

1484 IEXPLORE.EXE
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

IEXPLORE.EXEIEXPLORE.EXE

pid process

1484 IEXPLORE.EXE
1484 IEXPLORE.EXE
4312 IEXPLORE.EXE
4312 IEXPLORE.EXE
4312 IEXPLORE.EXE
4312 IEXPLORE.EXE

pid	process
1572	3f65a714f4db1d2f7d585abc7d60656d_JaffaCakes118.exe
1572	3f65a714f4db1d2f7d585abc7d60656d_JaffaCakes118.exe

description	pid	process
Token: SeDebugPrivilege	4556	Wczjzf.exe
Token: SeDebugPrivilege	4312	IEXPLORE.EXE

pid	process
1484	IEXPLORE.EXE

pid	process
1484	IEXPLORE.EXE
1484	IEXPLORE.EXE
4312	IEXPLORE.EXE
4312	IEXPLORE.EXE
4312	IEXPLORE.EXE
4312	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 49 IoCs

Processes:

3f65a714f4db1d2f7d585abc7d60656d_JaffaCakes118.exe3f65a714f4db1d2f7d585abc7d60656d_JaffaCakes118.exe3f65a714f4db1d2f7d585abc7d60656d_JaffaCakes118.exeWczjzf.exeWczjzf.exeWczjzf.exeiexplore.exeIEXPLORE.EXE

description	pid	process	target process
PID 1008 wrote to memory of 4236	1008	3f65a714f4db1d2f7d585abc7d60656d_JaffaCakes118.exe	3f65a714f4db1d2f7d585abc7d60656d_JaffaCakes118.exe
PID 1008 wrote to memory of 4236	1008	3f65a714f4db1d2f7d585abc7d60656d_JaffaCakes118.exe	3f65a714f4db1d2f7d585abc7d60656d_JaffaCakes118.exe
PID 1008 wrote to memory of 4236	1008	3f65a714f4db1d2f7d585abc7d60656d_JaffaCakes118.exe	3f65a714f4db1d2f7d585abc7d60656d_JaffaCakes118.exe
PID 1008 wrote to memory of 4236	1008	3f65a714f4db1d2f7d585abc7d60656d_JaffaCakes118.exe	3f65a714f4db1d2f7d585abc7d60656d_JaffaCakes118.exe
PID 1008 wrote to memory of 4236	1008	3f65a714f4db1d2f7d585abc7d60656d_JaffaCakes118.exe	3f65a714f4db1d2f7d585abc7d60656d_JaffaCakes118.exe
PID 1008 wrote to memory of 4236	1008	3f65a714f4db1d2f7d585abc7d60656d_JaffaCakes118.exe	3f65a714f4db1d2f7d585abc7d60656d_JaffaCakes118.exe
PID 1008 wrote to memory of 4236	1008	3f65a714f4db1d2f7d585abc7d60656d_JaffaCakes118.exe	3f65a714f4db1d2f7d585abc7d60656d_JaffaCakes118.exe
PID 1008 wrote to memory of 4236	1008	3f65a714f4db1d2f7d585abc7d60656d_JaffaCakes118.exe	3f65a714f4db1d2f7d585abc7d60656d_JaffaCakes118.exe
PID 1008 wrote to memory of 4236	1008	3f65a714f4db1d2f7d585abc7d60656d_JaffaCakes118.exe	3f65a714f4db1d2f7d585abc7d60656d_JaffaCakes118.exe
PID 4236 wrote to memory of 1572	4236	3f65a714f4db1d2f7d585abc7d60656d_JaffaCakes118.exe	3f65a714f4db1d2f7d585abc7d60656d_JaffaCakes118.exe
PID 4236 wrote to memory of 1572	4236	3f65a714f4db1d2f7d585abc7d60656d_JaffaCakes118.exe	3f65a714f4db1d2f7d585abc7d60656d_JaffaCakes118.exe
PID 4236 wrote to memory of 1572	4236	3f65a714f4db1d2f7d585abc7d60656d_JaffaCakes118.exe	3f65a714f4db1d2f7d585abc7d60656d_JaffaCakes118.exe
PID 4236 wrote to memory of 1572	4236	3f65a714f4db1d2f7d585abc7d60656d_JaffaCakes118.exe	3f65a714f4db1d2f7d585abc7d60656d_JaffaCakes118.exe
PID 4236 wrote to memory of 1572	4236	3f65a714f4db1d2f7d585abc7d60656d_JaffaCakes118.exe	3f65a714f4db1d2f7d585abc7d60656d_JaffaCakes118.exe
PID 4236 wrote to memory of 1572	4236	3f65a714f4db1d2f7d585abc7d60656d_JaffaCakes118.exe	3f65a714f4db1d2f7d585abc7d60656d_JaffaCakes118.exe
PID 4236 wrote to memory of 1572	4236	3f65a714f4db1d2f7d585abc7d60656d_JaffaCakes118.exe	3f65a714f4db1d2f7d585abc7d60656d_JaffaCakes118.exe
PID 4236 wrote to memory of 1572	4236	3f65a714f4db1d2f7d585abc7d60656d_JaffaCakes118.exe	3f65a714f4db1d2f7d585abc7d60656d_JaffaCakes118.exe
PID 4236 wrote to memory of 1572	4236	3f65a714f4db1d2f7d585abc7d60656d_JaffaCakes118.exe	3f65a714f4db1d2f7d585abc7d60656d_JaffaCakes118.exe
PID 1572 wrote to memory of 4828	1572	3f65a714f4db1d2f7d585abc7d60656d_JaffaCakes118.exe	Wczjzf.exe
PID 1572 wrote to memory of 4828	1572	3f65a714f4db1d2f7d585abc7d60656d_JaffaCakes118.exe	Wczjzf.exe
PID 1572 wrote to memory of 4828	1572	3f65a714f4db1d2f7d585abc7d60656d_JaffaCakes118.exe	Wczjzf.exe
PID 4828 wrote to memory of 2028	4828	Wczjzf.exe	Wczjzf.exe
PID 4828 wrote to memory of 2028	4828	Wczjzf.exe	Wczjzf.exe
PID 4828 wrote to memory of 2028	4828	Wczjzf.exe	Wczjzf.exe
PID 4828 wrote to memory of 2028	4828	Wczjzf.exe	Wczjzf.exe
PID 4828 wrote to memory of 2028	4828	Wczjzf.exe	Wczjzf.exe
PID 4828 wrote to memory of 2028	4828	Wczjzf.exe	Wczjzf.exe
PID 4828 wrote to memory of 2028	4828	Wczjzf.exe	Wczjzf.exe
PID 4828 wrote to memory of 2028	4828	Wczjzf.exe	Wczjzf.exe
PID 4828 wrote to memory of 2028	4828	Wczjzf.exe	Wczjzf.exe
PID 2028 wrote to memory of 4556	2028	Wczjzf.exe	Wczjzf.exe
PID 2028 wrote to memory of 4556	2028	Wczjzf.exe	Wczjzf.exe
PID 2028 wrote to memory of 4556	2028	Wczjzf.exe	Wczjzf.exe
PID 2028 wrote to memory of 4556	2028	Wczjzf.exe	Wczjzf.exe
PID 2028 wrote to memory of 4556	2028	Wczjzf.exe	Wczjzf.exe
PID 2028 wrote to memory of 4556	2028	Wczjzf.exe	Wczjzf.exe
PID 2028 wrote to memory of 4556	2028	Wczjzf.exe	Wczjzf.exe
PID 2028 wrote to memory of 4556	2028	Wczjzf.exe	Wczjzf.exe
PID 2028 wrote to memory of 4556	2028	Wczjzf.exe	Wczjzf.exe
PID 4556 wrote to memory of 428	4556	Wczjzf.exe	iexplore.exe
PID 4556 wrote to memory of 428	4556	Wczjzf.exe	iexplore.exe
PID 4556 wrote to memory of 428	4556	Wczjzf.exe	iexplore.exe
PID 428 wrote to memory of 1484	428	iexplore.exe	IEXPLORE.EXE
PID 428 wrote to memory of 1484	428	iexplore.exe	IEXPLORE.EXE
PID 1484 wrote to memory of 4312	1484	IEXPLORE.EXE	IEXPLORE.EXE
PID 1484 wrote to memory of 4312	1484	IEXPLORE.EXE	IEXPLORE.EXE
PID 1484 wrote to memory of 4312	1484	IEXPLORE.EXE	IEXPLORE.EXE
PID 4556 wrote to memory of 4312	4556	Wczjzf.exe	IEXPLORE.EXE
PID 4556 wrote to memory of 4312	4556	Wczjzf.exe	IEXPLORE.EXE

C:\Users\Admin\AppData\Local\Temp\3f65a714f4db1d2f7d585abc7d60656d_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3f65a714f4db1d2f7d585abc7d60656d_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:1008
- C:\Users\Admin\AppData\Local\Temp\3f65a714f4db1d2f7d585abc7d60656d_JaffaCakes118.exe
  "C:\Users\Admin\AppData\Local\Temp\3f65a714f4db1d2f7d585abc7d60656d_JaffaCakes118.exe"
  2⤵
  - Suspicious use of SetThreadContext
  - Suspicious use of WriteProcessMemory
  PID:4236
- - C:\Users\Admin\AppData\Local\Temp\3f65a714f4db1d2f7d585abc7d60656d_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\3f65a714f4db1d2f7d585abc7d60656d_JaffaCakes118.exe"
    3⤵
    - Adds Run key to start application
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1572
  - - C:\Users\Admin\AppData\Roaming\Wczjzf.exe
      "C:\Users\Admin\AppData\Roaming\Wczjzf.exe"
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetThreadContext
      Suspicious use of WriteProcessMemory
      PID:4828
    - - C:\Users\Admin\AppData\Roaming\Wczjzf.exe
        
        "C:\Users\Admin\AppData\Roaming\Wczjzf.exe"
        5⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        Suspicious use of WriteProcessMemory
        
        PID:2028
      - C:\Users\Admin\AppData\Roaming\Wczjzf.exe
        
        "C:\Users\Admin\AppData\Roaming\Wczjzf.exe"
        6⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:4556
        
        C:\Program Files (x86)\Internet Explorer\iexplore.exe
        
        "C:\Program Files (x86)\Internet Explorer\iexplore.exe"
        7⤵
        Suspicious use of WriteProcessMemory
        
        PID:428
        
        C:\Program Files\Internet Explorer\IEXPLORE.EXE
        
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
        8⤵
        Modifies Internet Explorer settings
        Suspicious use of FindShellTrayWindow
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:1484
        
        C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1484 CREDAT:17410 /prefetch:2
        9⤵
        Modifies Internet Explorer settings
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of SetWindowsHookEx
        
        PID:4312

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1

T1547

Registry Run Keys / Startup Folder

1

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1

T1547

Registry Run Keys / Startup Folder

1

T1547.001

Defense Evasion

Modify Registry

2

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\MQYRE6E5\suggestions[1].en-US

Filesize
17KB

MD5
5a34cb996293fde2cb7a4ac89587393a

SHA1
3c96c993500690d1a77873cd62bc639b3a10653f

SHA256
c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

SHA512
e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\s17g1ob91sdv56h9.tmp

Filesize
3KB

MD5
95f62965058baacadb83c2da94ca47de

SHA1
b3115c8b56105e1eae02fda8b3536b3bf38436ca

SHA256
d76b2bde3f59d34dbf1bba5917bfd17470703801b17984ad90b6cebcf914deb9

SHA512
9fbd110938f1c0a97b1f2742c8233e28a7e2802477f9222d3e0db95c1959ed3a1183b57ca1c92f006e6dbdf3ab03297cba0c6e06e2e2778a6dfa1e4ac2d7cb77

Download Submit
C:\Users\Admin\AppData\Roaming\Wczjzf.exe

Filesize
168KB

MD5
3f65a714f4db1d2f7d585abc7d60656d

SHA1
cb96a4d2eddde21a89e3d8ae98fc82fcbd5a1bdc

SHA256
6b5315d5569d448773a9d4c334f22475bf820132f65c824b733a5a9fefa4f845

SHA512
e64ad49d79fc59d98734766cf731d5c431635e960b023f288e2c3cd5214d13d54d303296eb0cf0f7d8c41da66e963293082ba7c261cd112f0260d19c9d474497

Download Submit
memory/1572-8-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/1572-10-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/1572-11-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/1572-23-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/4236-4-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4236-6-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4236-7-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4556-36-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/4556-40-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads