2554356b4b6182a5913d2d776d02ee00dee34ed7a0107e92ae22aeb2e8b1ec1f

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
13-07-2024 17:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

429b29f07e5206148a61c3056f0ffea5_JaffaCakes118.exe
Size

76KB
MD5

429b29f07e5206148a61c3056f0ffea5
SHA1

1d685d47876049da7cc46b0a9fa186aeb285115d
SHA256

2554356b4b6182a5913d2d776d02ee00dee34ed7a0107e92ae22aeb2e8b1ec1f
SHA512

8a10e471c23d3e532b3f636f64768a19a3548dca821f21ba634c4bf07930854b4b33271adf66c38e4b325ce7f780db0763274765eeebdcb8970ddb151ae8dc06
SSDEEP

1536:6640QtgHMHANNG4oa1QndbKGqwLPKiuYBQ10pjVrs2ryrd1vUQuq6:6qdsz450db2yKmBG0Hs2qo

Score

4^/10

Malware Config

Signatures

Drops file in Program Files directory 41 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\mobile_view.html	429b29f07e5206148a61c3056f0ffea5_JaffaCakes118.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\hrbhlxhb.exe	429b29f07e5206148a61c3056f0ffea5_JaffaCakes118.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\view.html	429b29f07e5206148a61c3056f0ffea5_JaffaCakes118.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\vlm_export.html	429b29f07e5206148a61c3056f0ffea5_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\1033\README.HTM	429b29f07e5206148a61c3056f0ffea5_JaffaCakes118.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\nxqsxhql.exe	429b29f07e5206148a61c3056f0ffea5_JaffaCakes118.exe
File opened for modification	C:\Program Files\UndoConvert.xhtml	429b29f07e5206148a61c3056f0ffea5_JaffaCakes118.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\dialogs\error_window.html	429b29f07e5206148a61c3056f0ffea5_JaffaCakes118.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\bkbbtzlb.exe	429b29f07e5206148a61c3056f0ffea5_JaffaCakes118.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\mobile_equalizer.html	429b29f07e5206148a61c3056f0ffea5_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_x64__8wekyb3d8bbwe\msapp-error.html	429b29f07e5206148a61c3056f0ffea5_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\Welcome.html	429b29f07e5206148a61c3056f0ffea5_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\chllsvtv.exe	429b29f07e5206148a61c3056f0ffea5_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Smart Tag\1033\MCABOUT.HTM	429b29f07e5206148a61c3056f0ffea5_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Smart Tag\1033\rvhrjtnt.exe	429b29f07e5206148a61c3056f0ffea5_JaffaCakes118.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\dialogs\create_stream.html	429b29f07e5206148a61c3056f0ffea5_JaffaCakes118.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\index.html	429b29f07e5206148a61c3056f0ffea5_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_x64__8wekyb3d8bbwe\Microsoft.Advertising\vpaid.html	429b29f07e5206148a61c3056f0ffea5_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\README.html	429b29f07e5206148a61c3056f0ffea5_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\PersonaSpy\tsbknceh.exe	429b29f07e5206148a61c3056f0ffea5_JaffaCakes118.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\dialogs\offset_window.html	429b29f07e5206148a61c3056f0ffea5_JaffaCakes118.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\mobile.html	429b29f07e5206148a61c3056f0ffea5_JaffaCakes118.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\mobile_browse.html	429b29f07e5206148a61c3056f0ffea5_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_x64__8wekyb3d8bbwe\vbthsrel.exe	429b29f07e5206148a61c3056f0ffea5_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\revhnlhn.exe	429b29f07e5206148a61c3056f0ffea5_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jre-1.8\Welcome.html	429b29f07e5206148a61c3056f0ffea5_JaffaCakes118.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\dialogs\stream_window.html	429b29f07e5206148a61c3056f0ffea5_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\PersonaSpy\PersonaSpy.html	429b29f07e5206148a61c3056f0ffea5_JaffaCakes118.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\dialogs\batch_window.html	429b29f07e5206148a61c3056f0ffea5_JaffaCakes118.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\dialogs\equalizer_window.html	429b29f07e5206148a61c3056f0ffea5_JaffaCakes118.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\vlm.html	429b29f07e5206148a61c3056f0ffea5_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1808.3.0_x64__8wekyb3d8bbwe\Microsoft.Advertising\bootstrap.html	429b29f07e5206148a61c3056f0ffea5_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jre-1.8\hcjzqenb.exe	429b29f07e5206148a61c3056f0ffea5_JaffaCakes118.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\dialogs\browse_window.html	429b29f07e5206148a61c3056f0ffea5_JaffaCakes118.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\dialogs\stream_config_window.html	429b29f07e5206148a61c3056f0ffea5_JaffaCakes118.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\kznjrtew.exe	429b29f07e5206148a61c3056f0ffea5_JaffaCakes118.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\vlbvwvhv.exe	429b29f07e5206148a61c3056f0ffea5_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1808.3.0_x64__8wekyb3d8bbwe\Microsoft.Advertising\vpaid.html	429b29f07e5206148a61c3056f0ffea5_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_x64__8wekyb3d8bbwe\Microsoft.Advertising\bootstrap.html	429b29f07e5206148a61c3056f0ffea5_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\Office16\OSPP.HTM	429b29f07e5206148a61c3056f0ffea5_JaffaCakes118.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\dialogs\mosaic_window.html	429b29f07e5206148a61c3056f0ffea5_JaffaCakes118.exe

Modifies registry class 48 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D72C442F-6EA9-BFAF-2703-0F262F8765FD}	429b29f07e5206148a61c3056f0ffea5_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{AC84F518-2B78-BCFB-E876-EDAE640549C3}\LocalServer32\ = "C:\\Program Files\\Java\\jre-1.8\\hcjzqenb.exe"	429b29f07e5206148a61c3056f0ffea5_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{7A1F8B4D-AC79-4B22-67EA-E30560A5BF1C}	429b29f07e5206148a61c3056f0ffea5_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{7A1F8B4D-AC79-4B22-67EA-E30560A5BF1C}\LocalServer32	429b29f07e5206148a61c3056f0ffea5_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{62B77361-C052-178D-5313-7AF2D2475E12}\LocalServer32	429b29f07e5206148a61c3056f0ffea5_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8308FF82-554C-D53A-FE36-8DDED83673EF}\LocalServer32	429b29f07e5206148a61c3056f0ffea5_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{71C0B885-A895-A996-0100-43C13A5EFD0A}\LocalServer32\ = "C:\\Program Files\\WindowsApps\\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_x64__8wekyb3d8bbwe\\vbthsrel.exe"	429b29f07e5206148a61c3056f0ffea5_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{776A6529-D15B-2019-C8B2-8193E0AD553C}\LocalServer32	429b29f07e5206148a61c3056f0ffea5_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{776A6529-D15B-2019-C8B2-8193E0AD553C}\LocalServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\429b29f07e5206148a61c3056f0ffea5_JaffaCakes118.exe"	429b29f07e5206148a61c3056f0ffea5_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{AC84F518-2B78-BCFB-E876-EDAE640549C3}	429b29f07e5206148a61c3056f0ffea5_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D9E5B2A0-6DA4-8211-3F09-7196AABBE564}\LocalServer32\ = "C:\\Program Files\\Microsoft Office\\root\\Office16\\PersonaSpy\\tsbknceh.exe"	429b29f07e5206148a61c3056f0ffea5_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4DA7BCA8-2512-8FCE-67B5-F36442F4E210}\ = "lnlhzbssbnnlblbc"	429b29f07e5206148a61c3056f0ffea5_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{62B77361-C052-178D-5313-7AF2D2475E12}	429b29f07e5206148a61c3056f0ffea5_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EB4470BE-3A35-A218-C7F6-4398C8694892}	429b29f07e5206148a61c3056f0ffea5_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{7A1F8B4D-AC79-4B22-67EA-E30560A5BF1C}\ = "qwknbcekjejrbrex"	429b29f07e5206148a61c3056f0ffea5_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{71C0B885-A895-A996-0100-43C13A5EFD0A}	429b29f07e5206148a61c3056f0ffea5_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{776A6529-D15B-2019-C8B2-8193E0AD553C}\ = "rjcrkbqjtettkljj"	429b29f07e5206148a61c3056f0ffea5_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5DA7E191-3518-8C5E-DAD0-E316016B7509}\LocalServer32\ = "C:\\Program Files\\Java\\jdk-1.8\\jre\\revhnlhn.exe"	429b29f07e5206148a61c3056f0ffea5_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EB4470BE-3A35-A218-C7F6-4398C8694892}\ = "blncleslhhjhqhtt"	429b29f07e5206148a61c3056f0ffea5_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EB4470BE-3A35-A218-C7F6-4398C8694892}\LocalServer32	429b29f07e5206148a61c3056f0ffea5_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{7A1F8B4D-AC79-4B22-67EA-E30560A5BF1C}\LocalServer32\ = "C:\\Program Files\\VideoLAN\\VLC\\lua\\http\\bkbbtzlb.exe"	429b29f07e5206148a61c3056f0ffea5_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5BFAF607-9DDA-565E-A528-64082B45FA4C}\ = "stknjrkjxjznkjkw"	429b29f07e5206148a61c3056f0ffea5_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4DA7BCA8-2512-8FCE-67B5-F36442F4E210}\LocalServer32\ = "C:\\Program Files\\VideoLAN\\VLC\\lua\\http\\vlbvwvhv.exe"	429b29f07e5206148a61c3056f0ffea5_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8308FF82-554C-D53A-FE36-8DDED83673EF}\ = "rkbbrzsrreqewkxq"	429b29f07e5206148a61c3056f0ffea5_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{776A6529-D15B-2019-C8B2-8193E0AD553C}	429b29f07e5206148a61c3056f0ffea5_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5DA7E191-3518-8C5E-DAD0-E316016B7509}	429b29f07e5206148a61c3056f0ffea5_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5DA7E191-3518-8C5E-DAD0-E316016B7509}\LocalServer32	429b29f07e5206148a61c3056f0ffea5_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{AC84F518-2B78-BCFB-E876-EDAE640549C3}\ = "lwklntbtrqbtestk"	429b29f07e5206148a61c3056f0ffea5_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D9E5B2A0-6DA4-8211-3F09-7196AABBE564}	429b29f07e5206148a61c3056f0ffea5_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D9E5B2A0-6DA4-8211-3F09-7196AABBE564}\ = "ejexnzvklleqsbbt"	429b29f07e5206148a61c3056f0ffea5_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5BFAF607-9DDA-565E-A528-64082B45FA4C}\LocalServer32\ = "C:\\Program Files\\VideoLAN\\VLC\\lua\\http\\kznjrtew.exe"	429b29f07e5206148a61c3056f0ffea5_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4DA7BCA8-2512-8FCE-67B5-F36442F4E210}\LocalServer32	429b29f07e5206148a61c3056f0ffea5_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{62B77361-C052-178D-5313-7AF2D2475E12}\LocalServer32\ = "C:\\Program Files\\VideoLAN\\VLC\\lua\\http\\nxqsxhql.exe"	429b29f07e5206148a61c3056f0ffea5_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{71C0B885-A895-A996-0100-43C13A5EFD0A}\ = "bhvexjntkbeekrkr"	429b29f07e5206148a61c3056f0ffea5_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5DA7E191-3518-8C5E-DAD0-E316016B7509}\ = "hbhkjhshkwbkllnt"	429b29f07e5206148a61c3056f0ffea5_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D72C442F-6EA9-BFAF-2703-0F262F8765FD}\ = "vnwklbxwehnrtwss"	429b29f07e5206148a61c3056f0ffea5_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D72C442F-6EA9-BFAF-2703-0F262F8765FD}\LocalServer32	429b29f07e5206148a61c3056f0ffea5_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{AC84F518-2B78-BCFB-E876-EDAE640549C3}\LocalServer32	429b29f07e5206148a61c3056f0ffea5_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D9E5B2A0-6DA4-8211-3F09-7196AABBE564}\LocalServer32	429b29f07e5206148a61c3056f0ffea5_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D72C442F-6EA9-BFAF-2703-0F262F8765FD}\LocalServer32\ = "C:\\Program Files\\Java\\jdk-1.8\\chllsvtv.exe"	429b29f07e5206148a61c3056f0ffea5_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EB4470BE-3A35-A218-C7F6-4398C8694892}\LocalServer32\ = "C:\\Program Files\\Microsoft Office\\root\\vfs\\ProgramFilesCommonX64\\Microsoft Shared\\Smart Tag\\1033\\rvhrjtnt.exe"	429b29f07e5206148a61c3056f0ffea5_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5BFAF607-9DDA-565E-A528-64082B45FA4C}	429b29f07e5206148a61c3056f0ffea5_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5BFAF607-9DDA-565E-A528-64082B45FA4C}\LocalServer32	429b29f07e5206148a61c3056f0ffea5_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4DA7BCA8-2512-8FCE-67B5-F36442F4E210}	429b29f07e5206148a61c3056f0ffea5_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{62B77361-C052-178D-5313-7AF2D2475E12}\ = "helcnjshzslqevqn"	429b29f07e5206148a61c3056f0ffea5_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8308FF82-554C-D53A-FE36-8DDED83673EF}\LocalServer32\ = "C:\\Program Files\\VideoLAN\\VLC\\lua\\http\\hrbhlxhb.exe"	429b29f07e5206148a61c3056f0ffea5_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{71C0B885-A895-A996-0100-43C13A5EFD0A}\LocalServer32	429b29f07e5206148a61c3056f0ffea5_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8308FF82-554C-D53A-FE36-8DDED83673EF}	429b29f07e5206148a61c3056f0ffea5_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\429b29f07e5206148a61c3056f0ffea5_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\429b29f07e5206148a61c3056f0ffea5_JaffaCakes118.exe"
1⤵
- Drops file in Program Files directory
- Modifies registry class
PID:2920

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2920-0-0x0000000000400000-0x0000000000425000-memory.dmp

Filesize
148KB

Download
memory/2920-1-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/2920-2-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/2920-8-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/2920-7-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/2920-6-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/2920-9-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/2920-10-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/2920-11-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/2920-12-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/2920-13-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/2920-14-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/2920-15-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/2920-16-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/2920-17-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/2920-18-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/2920-19-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/2920-20-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/2920-21-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/2920-22-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/2920-23-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/2920-24-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/2920-25-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/2920-26-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/2920-27-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/2920-28-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/2920-29-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/2920-30-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/2920-31-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/2920-32-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/2920-33-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/2920-34-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/2920-35-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/2920-36-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/2920-37-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/2920-38-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/2920-39-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/2920-40-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/2920-41-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/2920-42-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/2920-43-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/2920-44-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/2920-45-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/2920-46-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/2920-47-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/2920-48-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/2920-49-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/2920-50-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/2920-51-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/2920-52-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/2920-53-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/2920-54-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/2920-55-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/2920-56-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/2920-57-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/2920-58-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/2920-59-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/2920-60-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/2920-61-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/2920-62-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/2920-63-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/2920-64-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/2920-65-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/2920-1386-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads