Analysis

  • max time kernel
    118s
  • max time network
    134s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    19-07-2024 02:59

General

  • Target

    5a33e9b9c627ea6bce5e8d0ca829176e_JaffaCakes118.exe

  • Size

    3.9MB

  • MD5

    5a33e9b9c627ea6bce5e8d0ca829176e

  • SHA1

    013051e396b1a1e785d22e5527efdee96e60b05d

  • SHA256

    6064b9d452f32cf09e464f17381b9f04fe929c8ed35f43772def8556eadec550

  • SHA512

    982ee4b6a05f2a9c38d4722c5eba5fb14260dd3bcd7f6626a050c2a9fd48f10c693901e8c021bc12367ef60f8ad4899e4fb3f10d7f2aa5706d1e822b0ee79576

  • SSDEEP

    98304:DkwBHjSM12JtDpJX2c+4uXzwcMSdT23sEeKGSxzEceeVTUg:DkbM12JVrXL+4umSV23+WIgVTUg

Malware Config

Signatures

  • DcRat

    DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

  • DCRat payload 3 IoCs

    Detects payload of DCRat, commonly dropped by NSIS installers.

  • Executes dropped EXE 4 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 5 IoCs
  • Drops file in Program Files directory 6 IoCs
  • Drops file in Windows directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 62 IoCs
  • Scheduled Task/Job: Scheduled Task 1 TTPs 5 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 46 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

Processes

  • C:\Users\Admin\AppData\Local\Temp\5a33e9b9c627ea6bce5e8d0ca829176e_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\5a33e9b9c627ea6bce5e8d0ca829176e_JaffaCakes118.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2540
    • C:\Users\Admin\AppData\Local\Temp\skinchanger_csgo_08.02.2021.exe
      "C:\Users\Admin\AppData\Local\Temp\skinchanger_csgo_08.02.2021.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious use of WriteProcessMemory
      PID:2036
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://java.com/download
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2028
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2028 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:1988
    • C:\Users\Admin\AppData\Local\Temp\DCrmiZ.exe
      "C:\Users\Admin\AppData\Local\Temp\DCrmiZ.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious use of WriteProcessMemory
      PID:2060
      • C:\Windows\SysWOW64\WScript.exe
        "C:\Windows\System32\WScript.exe" "C:\dhcpbroker\LboxPbvRMQFdTG327MfoAXtGOluFbW.vbe"
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:2740
        • C:\Windows\SysWOW64\cmd.exe
          cmd /c ""C:\dhcpbroker\KTNvVUs7rCbjeE6SfbcNAGzeGA6bfl.bat" "
          4⤵
          • Loads dropped DLL
          • Suspicious use of WriteProcessMemory
          PID:1944
          • C:\dhcpbroker\intocrt.exe
            "C:\dhcpbroker\intocrt.exe"
            5⤵
            • Executes dropped EXE
            • Adds Run key to start application
            • Drops file in Program Files directory
            • Drops file in Windows directory
            • Suspicious behavior: EnumeratesProcesses
            • Suspicious use of AdjustPrivilegeToken
            • Suspicious use of WriteProcessMemory
            PID:2752
            • C:\Windows\system32\schtasks.exe
              "schtasks" /create /tn "explorer" /sc ONLOGON /tr "'C:\Users\All Users\Adobe\Updater6\explorer.exe'" /rl HIGHEST /f
              6⤵
              • Scheduled Task/Job: Scheduled Task
              PID:824
            • C:\Windows\system32\schtasks.exe
              "schtasks" /create /tn "csrss" /sc ONLOGON /tr "'C:\Recovery\777f1042-3af1-11ef-b4bd-d2f1755c8afd\csrss.exe'" /rl HIGHEST /f
              6⤵
              • Scheduled Task/Job: Scheduled Task
              PID:884
            • C:\Windows\system32\schtasks.exe
              "schtasks" /create /tn "dwm" /sc ONLOGON /tr "'C:\Program Files\Windows Defender\de-DE\dwm.exe'" /rl HIGHEST /f
              6⤵
              • Scheduled Task/Job: Scheduled Task
              PID:1940
            • C:\Windows\system32\schtasks.exe
              "schtasks" /create /tn "WMIADAP" /sc ONLOGON /tr "'C:\Program Files\Windows Media Player\it-IT\WMIADAP.exe'" /rl HIGHEST /f
              6⤵
              • Scheduled Task/Job: Scheduled Task
              PID:2472
            • C:\Windows\system32\schtasks.exe
              "schtasks" /create /tn "wininit" /sc ONLOGON /tr "'C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\wininit.exe'" /rl HIGHEST /f
              6⤵
              • Scheduled Task/Job: Scheduled Task
              PID:2108
            • C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\wininit.exe
              "C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\wininit.exe"
              6⤵
              • Executes dropped EXE
              • Suspicious behavior: EnumeratesProcesses
              • Suspicious use of AdjustPrivilegeToken
              PID:2480

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    ee2f05ffac4813e1fe3c43cb7bb2b884

    SHA1

    2a11fd19ea1ea4126a2fb77d7e8eb33d1abab70a

    SHA256

    290b0e43b5eda653aa427999f8ea9ff7bffc4f38230fe1a911714d92db8bc67a

    SHA512

    a5ddab0a3eaa26d798640bfe770bc7fd2353ef594ef85a33de985bd5d02e04525a32db8666d899c0f694c6a60ebfd3dde38c39412d0eb31d7699aa264f7359fe

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    8fb00789721552c180668acb0fb0bc7f

    SHA1

    dd5da9b8cf336533ac4567a43a8c0bffd7f51264

    SHA256

    f3db672d279926ef1bfb62cdb8d98976a1398826e9e42f09030b7b50621cc65e

    SHA512

    0e8053910ffe6326bc6fe9d399ff23e94927f954e939959162c604b75ecfa3369077aed65bbd3eda2475f1a907e44e9ab3b7aade64acaaa07bef515c14f653a8

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    7d0262bfd6f416f7c80bde1b72b3169c

    SHA1

    5a7349062f1f34a756cf24a1eea444fd9dfb48b1

    SHA256

    0347087249bf6e0b1a40384070dcaca7e26d28eadce63a1be5415b4a72f276e9

    SHA512

    8196a16f91415cba670d93683bd1d9b1813cc93ace2b9299ac30832315d88a368315d8c9439da4dfe144b487a9a11301648e535468eff135f123a752118908e9

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    2c7fb611c46dbb206da04251895eefb7

    SHA1

    5898c2d65da76f67c432c341e6398c2fcb08808f

    SHA256

    ff211c2563f7ed316f4519c4ee6e16ccb8e236d3706da80f23e57a094527d0c1

    SHA512

    dc6e9ea2f9e51ca5642d2b70253291d619016af379481f19072022efd2b496d81f31491289db9fd4990126de10b2b32d27dbfa699b0ca9ff17e3b965bea3f705

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    7922bf71ff11fa35a10eea616af062db

    SHA1

    24e52e0992a7e3513e38d566c770872417d80793

    SHA256

    9c36cfa5f1e4004a92b28e27fdd212dbebd350c7c141ded3185028d347e91060

    SHA512

    75ade3beab9decf5013b876a8366be75e99b5b5cb7010b9e05c97d3fc97a2fc344b43b9e0b575623b057f219b1cca44291ac5cee42268639532d423985ce86ca

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    fd5a808c92cc7e129d56c41843a94285

    SHA1

    6559ae1f8d873245d0f88e9beeeb2e44391e7a5c

    SHA256

    879fd0f3c0aa6b01675e2c594a46d28edc3992d66b7084c825f669423a31a007

    SHA512

    bfa206a5b14313d7cf87b508aab7f352a49b6253209473c52bd9ba44e71088c30950a009e680fd1df1bd65c281fb4c7e49197d8a5956fbc1eb2092c393a84a84

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    35ce9d51c2ead47fdb2ab8c9b98a66f7

    SHA1

    e623e05a16db49db5ad8334ffb7269f9785f5523

    SHA256

    6b56096d32650133a800453b76beb24e61c74e33f126c5bfa1af87efb67a9db2

    SHA512

    ff098d8bc521cc0bd8cc6c73b22ab67b668628821990f3e9d93e122b5b97069f490140e3ccd1e013b2ac33d46f556da55e9460a9ae4d171d52641376282d2917

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    a7bdf10e4794663f9ca36750c61b8177

    SHA1

    6b4ac055ddebee251cc1a46b659b8951181e1934

    SHA256

    62182df761a28b11173d2c4cede7ca8f0eabdcb86d45be7f5e26318e0be102db

    SHA512

    2896ee06df9b43c596818ee4accdb9e6a145ca508ff2cca9c0c13dfdf593bab8173ebd633e691942c39c8197efd76289d062719dd701e6f910220660e240dc5a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    614a676a0b79c2b9b1d229b10973d0f5

    SHA1

    98744d7c06669ae4e80c003dad157751d9f8a154

    SHA256

    a1007a4574266b7b17d5a0960efe2d3d655e9417785d507ceeb237a83cce9f5a

    SHA512

    c0d2598ac2d36d502ae6a918d67ef0a936dfe43c07214db58db07d0826566946e46559d78bb0e82f9dcd1f0d9c697a96290b9b9fd804c4ac460f2d825c60d859

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    f2d668d485ddd3d330f112a787e17b77

    SHA1

    ef6b110dd571afe1effdf795bb4a184f1bde70c0

    SHA256

    6ace8f4ffd94e40c4a6200867cf7228d5e1618c9f274a75b52a27fbdf52d8f2e

    SHA512

    a4b278874d6e0a16223da3f290e817f81dbab9675a58fcec3992bdbed04383e9f8787727aebf161ee9c2a11153cccbf02f5d709a2c915d49fd08bd166c1ffb2d

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    402c9795775d198be9b393b78fb5c301

    SHA1

    e82a69a12d8c3193a3c887f68053ea6e5286d068

    SHA256

    a534a5197abaea893646da10fce9c5906fb0a26d60827d9deff8f05f9cf457f9

    SHA512

    b010070cdb7d331493aa7c097c3171092cf4ba967ef7462fadd898683aa5189051726435674ce2cb6701e6891a43316e70c83f600e8ef33661e323049cdd3093

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    179721a7c1fb074e97325d61bd178d9c

    SHA1

    bc4102cdf02f17677d86b30d50e9bcc98e33bf25

    SHA256

    360d8cc96016eb54b1cc1768c60f6b0e3e0df294369d18bf179c8226f4963517

    SHA512

    c191e11b5866863cb3fb36608e7bb2e0eb3f836b8f059cf1901412f8a97a89b6cad89e01efba103d8b82337ce1b941dde38cccdfbed245f5255179196cc80730

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    be2af73e165e7f0d0a20326ae06452e4

    SHA1

    2fa1d039ff8631e13c91236008d31315b7d7e4fa

    SHA256

    c94cc05867428940c70c5ca3da5b244a552f03392ce94d9bcc7c4dcae9aaa3bb

    SHA512

    036a01f3ebf16f1a3da0dc9e68edf7258cb9a2f8fa37d8ca80fdbaceef05370fdb1bfcb10c4ca3f32f424573430f250ebd2062b2f68bb692ab0609f83add9b64

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    eaa7a4a48d4b98f753321edb220a87eb

    SHA1

    6015044c2f8db52c0d91aea8b4de5c8037adb6eb

    SHA256

    6a7dce2dff0f388dfd8a1a5875f041592d3d41beb14ecc1c29d7f01dd924fe63

    SHA512

    83c907c382ff359aa7d192f07e983e3cd0b15478872136fcf926f23897ec0c886e5259eab4f475c01ee9fb4bcedc516e9bc9e1b6805d997288e208b75e309570

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    c88606d7dd5d3121a69c34ab1da4705c

    SHA1

    26386808b872507ec5b0446cbb273f46c618875a

    SHA256

    bf1f006d1feca6327f786a42437c1cd969d11db96a25420436207b87485e593a

    SHA512

    9cfaf1db4e8e0d91248b59989ed52ca40cefbc9fec33e6de7a11480227f3958219640dc52050c1c7f6e1040ac0f4834dfed85e63086ed220305d4e683d4f4b3a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    ebd4c092b1d088860db7e425be0f6a90

    SHA1

    4258654cd1e8db399db70e3cb284d87cf32c7ca1

    SHA256

    e3918ca3e27f9af1decbd87c166ec44e4590a7ebb36e041e066f289c38527af7

    SHA512

    e52fb1327ed2959a3eb18c310d67c365f66749391a97726df3e2b1bed0c425f21949e8bc71f79ac1ae312745f6772f04389f88981a724f9d1ebd70ac1e20644d

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    ec0747369562efb8d8959fd23f8ac051

    SHA1

    fb6258aac9b14060b47c65bb638bcf8068fe39fe

    SHA256

    128faf5ff41b8d7a7fc16e5594ae41cca23ba47d590e27ac624d5af24388852b

    SHA512

    e1d125933f29297f4ce073fe6e4d8ff59aefaf118ee41b77fc665f6f7d45073b0151e008da12013aac0e8075236a23044e25891839c6a64c3ad3aa584c4e88db

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    8a5e55e175ee8118eb9e8d5498371042

    SHA1

    5a602857aae91a492980b27eb74bb4f5832dc8c8

    SHA256

    ec804455635e210b9fc6ddeb801b92e258f002063034ace1ddee953306df301a

    SHA512

    66b478f065e8ee83322650ad748bc5f7d1ff60e39b9a17e0a857d5aa72b11e4f441642e9ef96bb7387147dd0fd00f7659dabb022bae290d4eb7abd6baa7f8392

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    1125843e8c702a04fd9fa41536933721

    SHA1

    9576c8965431bb430a49c138b4b76b623431c2ac

    SHA256

    fdc3b7d38a606b921b372e33b29a44c7972bda2f25ee84f88eab7feb76652df5

    SHA512

    65075268f75b2d8bf6f57b0df8f9e1848843dc122067a3f7b5d2cdaaf3f7ed0db548676cb5340f621e80cec58d54c8c4628edf7a819aa8369d0f8dfa5fe396e0

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\KBVHB2Z1\www.java[1].xml

    Filesize

    398B

    MD5

    1986531c07cb31fdd5b21f2b6152336b

    SHA1

    19ced48b63e5fb5b20707349f2d6688a02caac56

    SHA256

    f0dcdfa3eb2ed159cef34f6716ffaf4cd8f8f17b0fce5bfcd54b31b6e03371f0

    SHA512

    45c8102a62e651bb548f63aeff583b72ba38c25567b06612959509d791dbba8064e8f36db383e77e0bc49745e8366ba8cd06845882c8ae48deb11969c7197b64

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\KBVHB2Z1\www.java[1].xml

    Filesize

    13B

    MD5

    c1ddea3ef6bbef3e7060a1a9ad89e4c5

    SHA1

    35e3224fcbd3e1af306f2b6a2c6bbea9b0867966

    SHA256

    b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db

    SHA512

    6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\hqw8ypt\imagestore.dat

    Filesize

    1KB

    MD5

    8a8b57e816e9d652bd96849f8e64a753

    SHA1

    78a81ae72bc1e7f7ba0d42661d7e2d96e9cc5069

    SHA256

    32b20fbffdcff95e0db99983ab73d2b96a9b7518a569e28a14c1420013b50d43

    SHA512

    45e672278867dff27c9f6667b70ab2950652897735a789cd3d5b982ee6b5356928421e0f81d086ef877b643470c7d9296a9dad59969f78b9f45ed6c587f5a68d

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M7GT0RRO\favicon[1].ico

    Filesize

    1KB

    MD5

    8e39f067cc4f41898ef342843171d58a

    SHA1

    ab19e81ce8ccb35b81bf2600d85c659e78e5c880

    SHA256

    872bad18b566b0833d6b496477daab46763cf8bdec342d34ac310c3ac045cefd

    SHA512

    47cd7f4ce8fcf0fc56b6ffe50450c8c5f71e3c379ecfcfd488d904d85ed90b4a8dafa335d0e9ca92e85b02b7111c9d75205d12073253eed681868e2a46c64890

  • C:\Users\Admin\AppData\Local\Temp\CabDF0C.tmp

    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

  • C:\Users\Admin\AppData\Local\Temp\DCrmiZ.exe

    Filesize

    444KB

    MD5

    38e6a371b9b49ac702d736ce075720cf

    SHA1

    fc45fe7359a82b3dac083d7e7db8a81f8d4f3d43

    SHA256

    a043fa5ebafa40a931a1efcb3addf8e9a6e15c964d5fb3621a19640305e46e9c

    SHA512

    f4f37c236059ca103177a7afc896a9753a416d0cf9b1f47874aa25a2beafbf7a2b359091cac29fa33588532f2ca809b8d1c78ce6532cf7516ad23501520d0fd4

  • C:\Users\Admin\AppData\Local\Temp\TarDF0B.tmp

    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

  • C:\Users\Admin\AppData\Local\Temp\skinchanger_csgo_08.02.2021.exe

    Filesize

    4.0MB

    MD5

    d1f66e48b6142bc32afbb7c3643f95cf

    SHA1

    d25c69dfb6636dec0b3785e976d95abee5dbd75d

    SHA256

    f30235dde35a1e71d2885f6f84adaa6a16214692e984211c64d1ad7b5adc10a8

    SHA512

    9a2be6d06914c9f02f40581e65246ea80dbacbafca8bc9343bf5c09f5544c1024d39a3af91ff0cad898d0217b0fdf993fa25db1e781a0a05aa1f469791552b17

  • C:\dhcpbroker\KTNvVUs7rCbjeE6SfbcNAGzeGA6bfl.bat

    Filesize

    27B

    MD5

    b6d7b2fd5e3c8f474280e1ba4204842e

    SHA1

    2d4a6cf418bbbaaa62b1e1aaa83a093046a925cb

    SHA256

    f26d4068d07f5b1b1f49c33611cbc27a7faba8936e71b6c90911e160d5489c11

    SHA512

    e3cbd02b67d6de805e3083492fbf4339537b9f164f10bbfea24b29f2e527eb486992d56f53d111dc07f9ac68f343b90617f985d3462b4845511cab1f9fc1131e

  • C:\dhcpbroker\LboxPbvRMQFdTG327MfoAXtGOluFbW.vbe

    Filesize

    222B

    MD5

    08dc32b1d4cdcf5a2f704fc5ceabe2b7

    SHA1

    d166caaed25c6f0660bcadb4d914d2ca37338bd3

    SHA256

    afded55b6d7bd3c7971283d1483a1f678f9898744ce8de8d2e2338a52042cf9d

    SHA512

    8f5588dc392d9b23a7306a8196727364ddcece8f8df6ebf77a3230796119f0be4957d724936f589ec95a41e2ce5c3f596d6191bcac1c7ac84e3afa5b6aca5051

  • C:\dhcpbroker\intocrt.exe

    Filesize

    444KB

    MD5

    be47c79de361e8b5c036c6a025c5244b

    SHA1

    d68fa5f0de905e6ec474e7232da445bcdefc7c2c

    SHA256

    7775fde3daf8cf53361e33c23addc126dc1f3e9ddd9c4cf587a0e755e680086c

    SHA512

    aead9390e3ed14315cbd5d27022f3c4f9a396da3a1547db598f6258f62377c5836bb0f93d970c25a075950904732f753797856981baf52cf901e4c26c8c9afcf

  • memory/2036-33-0x0000000000400000-0x0000000000413000-memory.dmp

    Filesize

    76KB

  • memory/2480-166-0x00000000009C0000-0x0000000000A36000-memory.dmp

    Filesize

    472KB

  • memory/2540-1-0x0000000000B00000-0x0000000000EF8000-memory.dmp

    Filesize

    4.0MB

  • memory/2540-0-0x000007FEF5953000-0x000007FEF5954000-memory.dmp

    Filesize

    4KB

  • memory/2540-2-0x000007FEF5950000-0x000007FEF633C000-memory.dmp

    Filesize

    9.9MB

  • memory/2540-17-0x000007FEF5950000-0x000007FEF633C000-memory.dmp

    Filesize

    9.9MB

  • memory/2752-32-0x0000000000B00000-0x0000000000B76000-memory.dmp

    Filesize

    472KB