da3ef9a9cabeee12047d529f9d466063d76664fda217b485a43ee694effbaf2c

Analysis

max time kernel
121s
max time network
130s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
15/07/2024, 01:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

47a1771df05d55c826363c9db67d3fdd_JaffaCakes118.exe
Size

129KB
MD5

47a1771df05d55c826363c9db67d3fdd
SHA1

58f9f218768f5b79cf56ab43cdc49e5eaac0d40a
SHA256

da3ef9a9cabeee12047d529f9d466063d76664fda217b485a43ee694effbaf2c
SHA512

cde2f2d47e121faa003e064d19a023b7caea2af44bb4161918018bc05e436baeebbc8ddeeb5aede169e27ca77c393d83c1f29f2b7ccaed3e5bee9d135a4e2a6a
SSDEEP

3072:pKcpuHvsgW9KzKAcntvkVcXHLkiX/LYuIi9X3ku5:pXgWkzKFtOcXLZXjYu7X

Score

10^/10

adware evasion stealer trojan

Malware Config

Signatures

Windows security bypass 2 TTPs 3 IoCs

evasion trojan

Disable or Modify Tools

T1562.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\FirewallDisableNotify = "1"	47a1771df05d55c826363c9db67d3fdd_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\AntiVirusDisableNotify = "1"	47a1771df05d55c826363c9db67d3fdd_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\UpdatesDisableNotify = "1"	47a1771df05d55c826363c9db67d3fdd_JaffaCakes118.exe

Deletes itself 1 IoCs

pid	Process
1240	cmd.exe

Windows security modification 2 TTPs 3 IoCs

evasion trojan

Disable or Modify Tools

T1562.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\FirewallDisableNotify = "1"	47a1771df05d55c826363c9db67d3fdd_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\AntiVirusDisableNotify = "1"	47a1771df05d55c826363c9db67d3fdd_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\UpdatesDisableNotify = "1"	47a1771df05d55c826363c9db67d3fdd_JaffaCakes118.exe

Installs/modifies Browser Helper Object 2 TTPs 2 IoCs

BHOs are DLL modules which act as plugins for Internet Explorer.

stealer adware

Modify Registry

T1112

Browser Extensions

T1176

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{06ec6572-7280-485a-a712-c380526bc048}	regsvr32.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{06ec6572-7280-485a-a712-c380526bc048}\NoExplorer = "1"	regsvr32.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File created	C:\Windows\ieocx.dll	47a1771df05d55c826363c9db67d3fdd_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Control Panel 3 IoCs

evasion

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Control Panel\don't load	47a1771df05d55c826363c9db67d3fdd_JaffaCakes118.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Control Panel\don't load\scui.cpl = "No"	47a1771df05d55c826363c9db67d3fdd_JaffaCakes118.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Control Panel\don't load\wscui.cpl = "No"	47a1771df05d55c826363c9db67d3fdd_JaffaCakes118.exe

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "427168442"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a3d5a058b71c4645a1a6b8b9d2c7fb470000000002000000000010660000000100002000000070b2ad2d759e1e6b1e2369ffb7d6a3436c3710642a7738a0a8358c62b188d6f8000000000e800000000200002000000013977e204a57c7c7bec6f9b7d36bd1abab1010ba8e403cb1f28144d6af7115fc900000007bbb23c8f862f3812f20e6eb52204fb884648c7d444d3432b99957af341a07c753d97e652160988c2cd271211253d1856971aa35aa3cbb6b530d85997b9923a089913c051f6dce0da1e5b87fa4e12b6bfaeb136c5e4f476c7337ac40202b17aee120813a6a16b50a19f30f6d30ca39587ea40105876d33aa3e3beddf11ac85ea0127d9dc2f39f60c67c73ca7f6b5684c40000000c35b424b9271ef36a7d0007203a67484092f0f603c5f50a65239c1153d99a6b724e0bd30dcf07e3bc8b2839e8bde08f9a7087a83635bce02f7c2e44012f0105e	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a3d5a058b71c4645a1a6b8b9d2c7fb470000000002000000000010660000000100002000000066d8c317b6c3a1a2db215c8e26541539de405aa8c515636ed64459184bf39e69000000000e80000000020000200000007c23d42aed529e3aec2fb47c1c55df0e7aa9dd9df690bcda545b2b9fc2bd1680200000002f2d27e865b7424340e8591debbfe951c143923d8997cbde9c0e333bdbfa5ddf40000000c3b3d9a0cf270596e71ef79ff3c5b3e0f8f3ca8b873d1a0e9400ff367b649d716a58e33089814af134244628fa262f48b7ee167301beb21bc499bc74778938a6	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{C32E0BA1-4248-11EF-8334-424588269AE0} = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000000000001000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 70f8019c55d6da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe

Modifies registry class 60 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4B66E1DF-4DE3-4CDA-83B5-11673EADAB0B}\TypeLib\Version = "1.0"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\IEocxApp.IEocx.1\CLSID\ = "{06ec6572-7280-485a-a712-c380526bc048}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{B360243E-09E8-402F-8721-00B6798089AD}\1.0\ = "DHCP 1.0 Type Library"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4B66E1DF-4DE3-4CDA-83B5-11673EADAB0B}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}\ = "IBhoApp"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\IEocxApp.IEocx.1	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{06ec6572-7280-485a-a712-c380526bc048}\InprocServer32\ThreadingModel = "Apartment"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4B66E1DF-4DE3-4CDA-83B5-11673EADAB0B}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\IEocxApp.IEocx\CLSID	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\IEocxApp.IEocx\CurVer\ = "IEocxApp.IEocx.1"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4B66E1DF-4DE3-4CDA-83B5-11673EADAB0B}\ = "_IBhoAppEvents"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\IEocxApp.IEocx\CurVer	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{B360243E-09E8-402F-8721-00B6798089AD}\1.0\HELPDIR	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}\ProxyStubClsid32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{B360243E-09E8-402F-8721-00B6798089AD}\1.0	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{06ec6572-7280-485a-a712-c380526bc048}\TypeLib	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}\ProxyStubClsid32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}\ = "IBhoApp"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{06ec6572-7280-485a-a712-c380526bc048}\Programmable	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{06ec6572-7280-485a-a712-c380526bc048}\InprocServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{B360243E-09E8-402F-8721-00B6798089AD}\1.0\0\win32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4B66E1DF-4DE3-4CDA-83B5-11673EADAB0B}\TypeLib	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4B66E1DF-4DE3-4CDA-83B5-11673EADAB0B}\TypeLib\ = "{B360243E-09E8-402F-8721-00B6798089AD}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}\TypeLib	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\IEocxApp.IEocx.1\CLSID	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\IEocxApp.IEocx\ = "IEocx Class"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\IEocxApp.IEocx.1\ = "IEocx Class"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{4B66E1DF-4DE3-4CDA-83B5-11673EADAB0B}\ = "_IBhoAppEvents"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{4B66E1DF-4DE3-4CDA-83B5-11673EADAB0B}\ProxyStubClsid32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{4B66E1DF-4DE3-4CDA-83B5-11673EADAB0B}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\IEocxApp.IEocx	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{B360243E-09E8-402F-8721-00B6798089AD}\1.0\0	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{4B66E1DF-4DE3-4CDA-83B5-11673EADAB0B}\TypeLib\ = "{B360243E-09E8-402F-8721-00B6798089AD}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}\TypeLib\ = "{B360243E-09E8-402F-8721-00B6798089AD}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}\TypeLib\Version = "1.0"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}\TypeLib\Version = "1.0"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{06ec6572-7280-485a-a712-c380526bc048}\ProgID	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{06ec6572-7280-485a-a712-c380526bc048}\VersionIndependentProgID\ = "IEocxApp.IEocx"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{4B66E1DF-4DE3-4CDA-83B5-11673EADAB0B}\TypeLib\Version = "1.0"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{06ec6572-7280-485a-a712-c380526bc048}\ = "IEocx Class"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{06ec6572-7280-485a-a712-c380526bc048}\ProgID\ = "IEocxApp.IEocx.1"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{06ec6572-7280-485a-a712-c380526bc048}\TypeLib\ = "{b360243e-09e8-402f-8721-00b6798089ad}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{B360243E-09E8-402F-8721-00B6798089AD}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{B360243E-09E8-402F-8721-00B6798089AD}\1.0\FLAGS\ = "0"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4B66E1DF-4DE3-4CDA-83B5-11673EADAB0B}\ProxyStubClsid32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\IEocxApp.IEocx\CLSID\ = "{06ec6572-7280-485a-a712-c380526bc048}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}\TypeLib	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{06ec6572-7280-485a-a712-c380526bc048}\VersionIndependentProgID	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{06ec6572-7280-485a-a712-c380526bc048}\InprocServer32\ = "C:\\Windows\\ieocx.dll"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{B360243E-09E8-402F-8721-00B6798089AD}\1.0\FLAGS	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{B360243E-09E8-402F-8721-00B6798089AD}\1.0\0\win32\ = "C:\\Windows\\ieocx.dll"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{4B66E1DF-4DE3-4CDA-83B5-11673EADAB0B}\TypeLib	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}\TypeLib\ = "{B360243E-09E8-402F-8721-00B6798089AD}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{06ec6572-7280-485a-a712-c380526bc048}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{4B66E1DF-4DE3-4CDA-83B5-11673EADAB0B}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{B360243E-09E8-402F-8721-00B6798089AD}\1.0\HELPDIR\ = "C:\\Windows"	regsvr32.exe

Runs net.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2356	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2356	iexplore.exe
2356	iexplore.exe
2708	IEXPLORE.EXE
2708	IEXPLORE.EXE
2708	IEXPLORE.EXE
2708	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 27 IoCs

description	pid	Process	procid_target
PID 2316 wrote to memory of 2632	2316	47a1771df05d55c826363c9db67d3fdd_JaffaCakes118.exe	30
PID 2316 wrote to memory of 2632	2316	47a1771df05d55c826363c9db67d3fdd_JaffaCakes118.exe	30
PID 2316 wrote to memory of 2632	2316	47a1771df05d55c826363c9db67d3fdd_JaffaCakes118.exe	30
PID 2316 wrote to memory of 2632	2316	47a1771df05d55c826363c9db67d3fdd_JaffaCakes118.exe	30
PID 2316 wrote to memory of 2632	2316	47a1771df05d55c826363c9db67d3fdd_JaffaCakes118.exe	30
PID 2316 wrote to memory of 2632	2316	47a1771df05d55c826363c9db67d3fdd_JaffaCakes118.exe	30
PID 2316 wrote to memory of 2632	2316	47a1771df05d55c826363c9db67d3fdd_JaffaCakes118.exe	30
PID 2316 wrote to memory of 348	2316	47a1771df05d55c826363c9db67d3fdd_JaffaCakes118.exe	31
PID 2316 wrote to memory of 348	2316	47a1771df05d55c826363c9db67d3fdd_JaffaCakes118.exe	31
PID 2316 wrote to memory of 348	2316	47a1771df05d55c826363c9db67d3fdd_JaffaCakes118.exe	31
PID 2316 wrote to memory of 348	2316	47a1771df05d55c826363c9db67d3fdd_JaffaCakes118.exe	31
PID 348 wrote to memory of 1056	348	net.exe	33
PID 348 wrote to memory of 1056	348	net.exe	33
PID 348 wrote to memory of 1056	348	net.exe	33
PID 348 wrote to memory of 1056	348	net.exe	33
PID 2316 wrote to memory of 2356	2316	47a1771df05d55c826363c9db67d3fdd_JaffaCakes118.exe	34
PID 2316 wrote to memory of 2356	2316	47a1771df05d55c826363c9db67d3fdd_JaffaCakes118.exe	34
PID 2316 wrote to memory of 2356	2316	47a1771df05d55c826363c9db67d3fdd_JaffaCakes118.exe	34
PID 2316 wrote to memory of 2356	2316	47a1771df05d55c826363c9db67d3fdd_JaffaCakes118.exe	34
PID 2356 wrote to memory of 2708	2356	iexplore.exe	35
PID 2356 wrote to memory of 2708	2356	iexplore.exe	35
PID 2356 wrote to memory of 2708	2356	iexplore.exe	35
PID 2356 wrote to memory of 2708	2356	iexplore.exe	35
PID 2316 wrote to memory of 1240	2316	47a1771df05d55c826363c9db67d3fdd_JaffaCakes118.exe	38
PID 2316 wrote to memory of 1240	2316	47a1771df05d55c826363c9db67d3fdd_JaffaCakes118.exe	38
PID 2316 wrote to memory of 1240	2316	47a1771df05d55c826363c9db67d3fdd_JaffaCakes118.exe	38
PID 2316 wrote to memory of 1240	2316	47a1771df05d55c826363c9db67d3fdd_JaffaCakes118.exe	38

C:\Users\Admin\AppData\Local\Temp\47a1771df05d55c826363c9db67d3fdd_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\47a1771df05d55c826363c9db67d3fdd_JaffaCakes118.exe"
1⤵
- Windows security bypass
- Windows security modification
- Drops file in Windows directory
- Modifies Control Panel
- Suspicious use of WriteProcessMemory
PID:2316
- C:\Windows\SysWOW64\regsvr32.exe
  C:\Windows\system32\regsvr32.exe /s C:\Windows\ieocx.dll
  2⤵
  - Installs/modifies Browser Helper Object
  - Modifies registry class
  PID:2632
- C:\Windows\SysWOW64\net.exe
  C:\Windows\system32\net.exe stop "Security Center"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:348
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 stop "Security Center"
    3⤵
    PID:1056
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe" http://tubeloyaln.com/videosz.php
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2356
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2356 CREDAT:275457 /prefetch:2
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:2708
- C:\Windows\SysWOW64\cmd.exe
  cmd /c ""C:\Users\Admin\AppData\Roaming\asd.bat" "
  2⤵
  - Deletes itself
  PID:1240

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Browser Extensions

T1176

Privilege Escalation

Defense Evasion

Impair Defenses

T1562

Disable or Modify Tools

T1562.001

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a7b94d53d6a1d8165015178ead4bfd0b

SHA1
c4217ff58e341df6db37b71c4a0bc6b5bafc3857

SHA256
a180afbf31a70555b2198d39964d797a0635e1e64cb1c81060758ea3f5a9335e

SHA512
8a51f5216e5369e852896d47a7311fdf39d94a6cec330bfa6a2252932f7122b994b53fd22ad7edad7301620754b25d6e74cbe428244e27403815790c43b34861

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c8608b2b713e858fbfd8043d87f266d4

SHA1
a7516bc10fcb78dfbd375616f972b1b0d16a65bb

SHA256
a3d92c977827cc891d8179f6d2da6c05da766d99504ddbcaca7406177a6f1f32

SHA512
b4e57c09938eaebdf8955ef921ad755c589f37abfed0276b00ac2077e75bc2ab8375a6e92f3caa9031be80ed8ad58a6220b1847c754be2a1dcb2961c68538fc8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3b1394282a82930bad20ca363f1b046e

SHA1
7b5c0d74f9c02574d654d6b94e777353052197e9

SHA256
d8e8eab83afa9d9679a54f3b4b7d9c62be7668a591bdc7ece4afc20e2090f17b

SHA512
94fc739752c2ad4dc3131fe941196865ec214d5bcc00889ae08b89a465316c6c9622ecc3de625981d1840c84cfc99be18fadf76f80950eb173df9e4f41bc18d2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2b7bb4b9050c5dbdc9dcaf8d98db6a68

SHA1
774699acb71f125031e9178acf8b1b0b723803c9

SHA256
b60c15f4e15d0026ee1335568c5b3b02ba169a5304661c6f1009c57743710831

SHA512
cee415604fa87bad132968bfb80449200bc71ac27e321ecdeae340d1a5e6f40aba657ab0572eeab1b8c7aa73326f8906d501ab84845cc6440f4b6c8a9c1a85c7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3677d990108d5dc02a7965df1160a8de

SHA1
e29e134dac22bee63984001ab909bdbc27723e24

SHA256
641f5260facd7b529429ec36999e3eb957c7ae07b3e7ff5a71ea7eeea1a00581

SHA512
d9c04c2ba817317f9b2f3bb4097c1ab715dc9d9539d1af715cb169c1dea2ca0fa92af305b0d74294622e8105d6bd59031b94454c098651b7845e9dd81854a573

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
217577ce8203ccf1f5677a80591916f5

SHA1
141d6ad04ddb8a993f05638cc1e9a2f30a5e4299

SHA256
55e0eae13a65fbb30398a7f212acdc1095cb4acb6e3971da31cc515124f80bc0

SHA512
e60ca7be01f65c05385547fa21a4fdaee9be9abf36ec56e55c63be584567f943124ca6112666af502ff5e8ab5f8207cb636276b1187c040c982d0da84bc9f292

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
aeccb713ed5e06615d0346b64f15bd2c

SHA1
60c71134285618cd7fe5c8d0768f64ba896c46c9

SHA256
4d45670337f3cd4faf934ec81c0142e8c80005eafe3421014de63071cd6c7285

SHA512
8eb8a54cc5a4ef959e19e072211b57e126b7b6236a092c58caa2e2fecb8f6e2860811a29a356106da09370d945275a10d1e03560417c4fb0eaa361cabeb12fcb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9fd56b3b389a35b6a122cd5f5cf6462e

SHA1
6160578d079d5372d423968d6a39c66af6da1d8c

SHA256
c50100413b6e0c513870dccc3c58d98d4a33e6db2f09d3ef8f63bc18edbef937

SHA512
b1bd71ebfc726b5cbb4664826a13f1bd167e90ec587a72a40b9442110212f5a8b6abd9326abe93eb059119ac0f62acbaa510e28273b1f0c2cb5393f182399f74

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
993e2400ff5534db0a100c461bcaf547

SHA1
152fcdd8e0f71f89561e3464e1676ff9ad9c4830

SHA256
f7a1572143adb02cf248baacbc9137090d4787be75d7cbb9313ff2681f90808c

SHA512
d43ba84b88f056e57e111f7d1ee4ee19a0115e844d52e0758c1cd4c5fbdb400e08d03f66c1c8a8cebd2409f8a37d1d1d30b67344007c3d2b57296a692a0a2de5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f78cf32eb0a30a347721ddbfb0229fbd

SHA1
c72e222e8d2861b9718da375acfc74682a1a4610

SHA256
15f15f5525a503ddea3a9c166dba6629ffb24ca5c0cd8def9be5925053f70059

SHA512
9bb9da4f9eaf72fdf8f7f5261f0ed5abde60265718a643c4b1105a9c73417496fce717298bc6b80d3d9e308643a4e4d28c54c492653b71edaecfd3a776da022a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c4ab5c50ff57ae870d471dd9214ebd50

SHA1
4ac3e7f0ffbf00a42f4a44ec03488c9e02f2fec8

SHA256
bc1105e5beafe3dd133efe5fc8e9247eb91b3944c2f60e2b03f88993a942dec9

SHA512
1c382b0622da372ebf409a2445d3d738625a5f703919cf02fe88693bd0099c278db15e7ec13cbe0b6500b3843677e46719015181c1b3f3036826116d0fbe7a6b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d2ace41d8305c3bbccca81cd4166ee59

SHA1
310415b27a8d303d0f56c67ee377b893fcb195f4

SHA256
5a47a97c6aa18c8cdfcc3b4df87d9c2423de6c03cba16aef3c9a654c052618fd

SHA512
6b379575fe2d9ecfcf4f4abf410311ad878a183f73eee5b5b94602cc11bb21804ffba03f5f7c619734e6280077b6a187b5b46f4d8a008cb79f5b1246bc77e6ea

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
160189a82aca7fc74e767b226e352b45

SHA1
fcf410f4ec18edd0239a8bed1761a7353339bad8

SHA256
0096379217b695c2f0201cab4b5364bc21e17c0a7e131bb792b8a5523d35f0e7

SHA512
e5b9dc102f4f7edae7633800f2fc0f4ca530dee6c503118fb0d60ebdc2d174061c07ed56706188b5652144147951285a06eab4bf9d38a9776bf8d263199b9081

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f8cf86dd3173bd4f315e545fb336978f

SHA1
212e1abf8f8c00e80379af5c23dfdbbf777adcf6

SHA256
1457de4a4ab7f4f53b17dcefbad6eab8c934ede71e95fee1dc3aef2bfe06fd2d

SHA512
3a31f2bc320082bf84b52acf7cce8ee1e6c6158468cbf1cfb386255053ed2d0fcf9c22a254fd40719b99e6e5accf23370ec1f5923fa22066a198d8b29bac43b8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
09418ee5d23e1a68e027f5c0ef1326ce

SHA1
50977cbf0b4afbb34483b0b870e855584e102cf6

SHA256
09977ad490edcf1145c428c5ff778ae73596c38a7a81fdeeb7467fcf2d5553b1

SHA512
f5536453b551f156c8e3439e694265fc4a2ec35aa5f4aea8aa459835ad552d029f62b8bf5003e7981c076900a0fdacc9ab64c95739676856799161f657eadcc7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
929f1bdae3519957debf9ae0f18c2ce2

SHA1
63584ab7b97490cd7a2895f14daf7a1c06d56fd6

SHA256
47103097a71069eea4a95964a7f4ac5a908dd1082ea8a34fc4efa613d908e8f0

SHA512
8a454d6c184846323d9c9adf1ab6430bb2374797acc804dd2368a8d2e92cc0fe8fe11f260501480f65ba61093ff0c890d1d74cb5c68fe4f9e80378beeb61fe36

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
28dccf988664336ff75b49fe435c39c6

SHA1
e8c27bc0bc7ef33d4ffc4f36f480f5af92eaa87a

SHA256
ae138bb89811d065aed929ecb8f1155ac782872ce60829d1e37a9c7d00921b27

SHA512
553613bbb14891a38c34b9d7ff7dca3ffa5353ce70ef999f44bf542d16d3ecf6b9d4692e5987f09e58ad81123d79ec324f702ab4601429234068156ca810a829

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
dd38269ace04dbe1b74d9bbf4c5a5552

SHA1
fb2feaa5b3d51d4bf4b717620f2ce2b4fa1c2cc6

SHA256
d3425e10b76f70b5cfb2548060b29453f82b6293d5745c0450e78f0b7fe143c8

SHA512
02bffed0a4973f6cc9337ea68102176c1ae4f738acf25e94c07f847e4d0344cb29cad78a54c6ff5d35b1073e58b458c7a2b079de292c3b7b0867e7f2a6487841

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
683ced63c92daab871a969a5b24f856c

SHA1
ff39ada10a1c5f712bb12ea6c8fbf6a955b04346

SHA256
c5c054ffc59a6694ec6241ebb3232c3a3af76be78d97221cdc61ed76d4a260f7

SHA512
a758e92273fa3d2d6d044fa02ab939471287a1f0c86d2df90700dade675ffdb9c9b00cbbc7bbb599e5e1ea5688e360cc717498ea4ddbb7d30a678e06e78bd0cb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
417054b13d052d2070f80fbeccc61f4a

SHA1
26499f24d4f6b05eb3d4341b7b2900b8d13b7a19

SHA256
8e342488b08c91a496049b6a1cd3a32f59d5e5007ded971b833ea8f96c9376db

SHA512
90baa1a8f41033ced8160877546f1ef59a9ed27696ec36268fd3686e0c304f341d0cf92d01c7011db5309e3ad75ede58b5b5b02574d2cc5ffc72c4561390bc23

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabF4CB.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarF57C.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Users\Admin\AppData\Roaming\asd.bat

Filesize
256B

MD5
9e2a95fad12d4377d4308241c09357d8

SHA1
f9479bb0f899aeae8932a41a72ee5fc6101e9f9a

SHA256
d20aac7f228f04ec6617ff8f72cdba373e73d9adda78904fca46d0d8c10c2fc3

SHA512
2ec9f3eea000950830a8d012d30427414709673f40fd055ae91054fc91867e792eb76a2e0ce25a466f3c70bfa68dc76b8ccda88690101c84e7c4d5b5e2c6d1bb

Download Submit
C:\Windows\ieocx.dll

Filesize
26KB

MD5
34460c143c2ae3cf9b4ceb706f49f61d

SHA1
914a1f1fbc0780e82c83e6e6fb9abb6f39ded0e1

SHA256
c92442bc20934871d65309a987b610636d7f19621b297385b4ff0a3eb8333f2f

SHA512
632108e40b868bc785890d74053979c574f7f5d82be2dfad518edc778017f17f39e64d9828b82cbe00a5d140f6bea37ee79d7ca98b7c67a1f48f6724d2069dba

Download Submit
memory/2316-3-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/2316-4-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/2316-455-0x0000000000401000-0x000000000040A000-memory.dmp

Filesize
36KB

Download
memory/2316-1-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/2316-17-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/2316-8-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/2316-7-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/2316-6-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/2316-5-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/2316-0-0x0000000000401000-0x000000000040A000-memory.dmp

Filesize
36KB

Download
memory/2316-456-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/2316-2-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/2632-12-0x0000000010000000-0x000000001000A000-memory.dmp

Filesize
40KB

Download
memory/2632-11-0x00000000001B0000-0x00000000001B6000-memory.dmp

Filesize
24KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads