b680531487a0b57b2007d5a267edd3319227b56c7b43683d1f6a445f16ce3b9c

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
22/07/2024, 11:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

63203ae85df9137abd546f4e8020c663_JaffaCakes118.exe
Size

229KB
MD5

63203ae85df9137abd546f4e8020c663
SHA1

d2b56bf943725656c3f70762597b5326c9555c7d
SHA256

b680531487a0b57b2007d5a267edd3319227b56c7b43683d1f6a445f16ce3b9c
SHA512

fd1380a6ad1264e064a918c25f951d2bdfef53a1c688f43c2b0e011ed734bb12a20a861080f6d2a869e313eb3d6b6161db2f4fb98a3240669f0278cede93fb7d
SSDEEP

6144:SY94Nr1JnShSEk7SgEOH9YnrnGftMTkXkS6HMsWbPRpS:R9OZJnS83uDGft4kXv6ssIJpS

Score

7^/10

adware persistence stealer

Malware Config

Signatures

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation	63203ae85df9137abd546f4e8020c663_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation	rinst.exe

Executes dropped EXE 2 IoCs

pid	Process
4908	rinst.exe
540	bpk.exe

Loads dropped DLL 4 IoCs

pid	Process
540	bpk.exe
540	bpk.exe
540	bpk.exe
644	63203ae85df9137abd546f4e8020c663_JaffaCakes118.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bpk = "C:\\Windows\\SysWOW64\\bpk.exe"	bpk.exe

Installs/modifies Browser Helper Object 2 TTPs 2 IoCs

BHOs are DLL modules which act as plugins for Internet Explorer.

stealer adware

Modify Registry

T1112

Browser Extensions

T1176

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1E1B2879-88FF-11D3-8D96-D7ACAC95951A}	bpk.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1E1B2879-88FF-11D3-8D96-D7ACAC95951A}\ = "PK IE Plugin"	bpk.exe

Drops file in System32 directory 8 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\bpkwb.dll	rinst.exe
File created	C:\Windows\SysWOW64\inst.dat	rinst.exe
File created	C:\Windows\SysWOW64\rinst.exe	rinst.exe
File opened for modification	C:\Windows\SysWOW64\pk.bin	bpk.exe
File created	C:\Windows\SysWOW64\pk.bin	rinst.exe
File created	C:\Windows\SysWOW64\bpk.exe	rinst.exe
File created	C:\Windows\SysWOW64\bpkhk.dll	rinst.exe
File created	C:\Windows\SysWOW64\mc.dat	rinst.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 46 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\PK.IE.1\CLSID	bpk.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1E1B2879-88FF-11D3-8D96-D7ACAC95951A}\VersionIndependentProgID	bpk.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1E1B2879-88FF-11D3-8D96-D7ACAC95951A}\Programmable	bpk.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1E1B2879-88FF-11D3-8D96-D7ACAC95951A}\InprocServer32	bpk.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1E1B2879-88FF-11D3-8D96-D7ACAC95951A}\InprocServer32\ = "C:\\Windows\\SysWow64\\bpkwb.dll"	bpk.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{1E1B286C-88FF-11D3-8D96-D7ACAC95951A}\1.0\0\win32	bpk.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1E1B2878-88FF-11D3-8D96-D7ACAC95951A}\TypeLib\Version = "1.0"	bpk.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1E1B2878-88FF-11D3-8D96-D7ACAC95951A}\TypeLib	bpk.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\PK.IE.1	bpk.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\PK.IE.1\ = "IE Plugin Class"	bpk.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{1E1B286C-88FF-11D3-8D96-D7ACAC95951A}\1.0\HELPDIR	bpk.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1E1B2878-88FF-11D3-8D96-D7ACAC95951A}\ = "IViewSource"	bpk.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1E1B2878-88FF-11D3-8D96-D7ACAC95951A}\ProxyStubClsid32	bpk.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1E1B2878-88FF-11D3-8D96-D7ACAC95951A}	bpk.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1E1B2878-88FF-11D3-8D96-D7ACAC95951A}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	bpk.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\PK.IE.1\CLSID\ = "{1E1B2879-88FF-11D3-8D96-D7ACAC95951A}"	bpk.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\PK.IE\CurVer\ = "PK.IE.1"	bpk.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1E1B2878-88FF-11D3-8D96-D7ACAC95951A}	bpk.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1E1B2878-88FF-11D3-8D96-D7ACAC95951A}\TypeLib	bpk.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1E1B2878-88FF-11D3-8D96-D7ACAC95951A}\TypeLib\Version = "1.0"	bpk.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\PK.IE\CurVer	bpk.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1E1B2879-88FF-11D3-8D96-D7ACAC95951A}\ProgID\ = "PK.IE.1"	bpk.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{1E1B286C-88FF-11D3-8D96-D7ACAC95951A}\1.0\0\win32\ = "C:\\Windows\\SysWow64\\bpkwb.dll"	bpk.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1E1B2878-88FF-11D3-8D96-D7ACAC95951A}\ = "IViewSource"	bpk.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1E1B2878-88FF-11D3-8D96-D7ACAC95951A}\TypeLib\ = "{1E1B286C-88FF-11D3-8D96-D7ACAC95951A}"	bpk.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{1E1B286C-88FF-11D3-8D96-D7ACAC95951A}\1.0\FLAGS\ = "0"	bpk.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\PK.IE	bpk.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\PK.IE\ = "IE Class"	bpk.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\PK.IE\CLSID	bpk.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1E1B2879-88FF-11D3-8D96-D7ACAC95951A}\ProgID	bpk.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1E1B2879-88FF-11D3-8D96-D7ACAC95951A}\VersionIndependentProgID\ = "PK.IE"	bpk.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{1E1B286C-88FF-11D3-8D96-D7ACAC95951A}	bpk.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{1E1B286C-88FF-11D3-8D96-D7ACAC95951A}\1.0\ = "BPK IE Plugin Type Library"	bpk.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1E1B2879-88FF-11D3-8D96-D7ACAC95951A}	bpk.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1E1B2879-88FF-11D3-8D96-D7ACAC95951A}\TypeLib	bpk.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1E1B2879-88FF-11D3-8D96-D7ACAC95951A}\TypeLib\ = "{1E1B286C-88FF-11D3-8D96-D7ACAC95951A}"	bpk.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{1E1B286C-88FF-11D3-8D96-D7ACAC95951A}\1.0\FLAGS	bpk.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{1E1B286C-88FF-11D3-8D96-D7ACAC95951A}\1.0\HELPDIR\ = "C:\\Windows\\SysWow64\\"	bpk.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1E1B2878-88FF-11D3-8D96-D7ACAC95951A}\ProxyStubClsid32	bpk.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\PK.IE\CLSID\ = "{1E1B2879-88FF-11D3-8D96-D7ACAC95951A}"	bpk.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1E1B2879-88FF-11D3-8D96-D7ACAC95951A}\ = "IE Plugin Class"	bpk.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1E1B2879-88FF-11D3-8D96-D7ACAC95951A}\InprocServer32\ThreadingModel = "Apartment"	bpk.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{1E1B286C-88FF-11D3-8D96-D7ACAC95951A}\1.0	bpk.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{1E1B286C-88FF-11D3-8D96-D7ACAC95951A}\1.0\0	bpk.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1E1B2878-88FF-11D3-8D96-D7ACAC95951A}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	bpk.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1E1B2878-88FF-11D3-8D96-D7ACAC95951A}\TypeLib\ = "{1E1B286C-88FF-11D3-8D96-D7ACAC95951A}"	bpk.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
540	bpk.exe
540	bpk.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
540	bpk.exe
540	bpk.exe
540	bpk.exe
540	bpk.exe
540	bpk.exe
540	bpk.exe
540	bpk.exe
540	bpk.exe
540	bpk.exe
540	bpk.exe
540	bpk.exe
540	bpk.exe
540	bpk.exe
540	bpk.exe
540	bpk.exe
540	bpk.exe
540	bpk.exe
540	bpk.exe
540	bpk.exe
540	bpk.exe
540	bpk.exe
540	bpk.exe
540	bpk.exe
540	bpk.exe
540	bpk.exe
540	bpk.exe
540	bpk.exe
540	bpk.exe
540	bpk.exe
540	bpk.exe
540	bpk.exe
540	bpk.exe
540	bpk.exe
540	bpk.exe
540	bpk.exe
540	bpk.exe
540	bpk.exe
540	bpk.exe
540	bpk.exe
540	bpk.exe
540	bpk.exe
540	bpk.exe
540	bpk.exe
540	bpk.exe
540	bpk.exe
540	bpk.exe
540	bpk.exe
540	bpk.exe
540	bpk.exe
540	bpk.exe
540	bpk.exe
540	bpk.exe
540	bpk.exe
540	bpk.exe
540	bpk.exe
540	bpk.exe
540	bpk.exe
540	bpk.exe
540	bpk.exe
540	bpk.exe
540	bpk.exe
540	bpk.exe
540	bpk.exe
540	bpk.exe

Suspicious use of SetWindowsHookEx 8 IoCs

pid	Process
540	bpk.exe
540	bpk.exe
540	bpk.exe
540	bpk.exe
540	bpk.exe
540	bpk.exe
540	bpk.exe
540	bpk.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 644 wrote to memory of 4908	644	63203ae85df9137abd546f4e8020c663_JaffaCakes118.exe	86
PID 644 wrote to memory of 4908	644	63203ae85df9137abd546f4e8020c663_JaffaCakes118.exe	86
PID 644 wrote to memory of 4908	644	63203ae85df9137abd546f4e8020c663_JaffaCakes118.exe	86
PID 4908 wrote to memory of 540	4908	rinst.exe	89
PID 4908 wrote to memory of 540	4908	rinst.exe	89
PID 4908 wrote to memory of 540	4908	rinst.exe	89

C:\Users\Admin\AppData\Local\Temp\63203ae85df9137abd546f4e8020c663_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\63203ae85df9137abd546f4e8020c663_JaffaCakes118.exe"
1⤵
- Checks computer location settings
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:644
- C:\Users\Admin\AppData\Local\Temp\RarSFX0\rinst.exe
  "C:\Users\Admin\AppData\Local\Temp\RarSFX0\rinst.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Drops file in System32 directory
  - Suspicious use of WriteProcessMemory
  PID:4908
- - C:\Windows\SysWOW64\bpk.exe
    C:\Windows\system32\bpk.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Adds Run key to start application
    - Installs/modifies Browser Helper Object
    - Drops file in System32 directory
    - Modifies registry class
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of SetWindowsHookEx
    PID:540

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Browser Extensions

T1176

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\RarSFX0\bpk.exe

Filesize
400KB

MD5
c3f13df421ad9d47ca3a1ca1440a5627

SHA1
98645e54423175ef4035fd390125cec58314884b

SHA256
8a6e3333b4de1a3c6dad9b1763331324a49f22bf22a075a16da734faa6611548

SHA512
147559ed11efc6cd9dab1c516e54793a235b34b10150965b0aa1b3eadea45bc21a6d5bb07bd6306184295b60281698f66986527054513f789dd022980fbdbe40

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\bpkhk.dll

Filesize
24KB

MD5
1626cfe5d00530eaf7aef8e98ee0db49

SHA1
0019880240275868ed3c59370913e9dbffcc48b3

SHA256
dc0515cf0f3cbfa3af51f1d7c906e56bae497465defc00c95a938cee195232ab

SHA512
fc53b1d7513996619099819abd5897cc93a42d0f79c15fcc803f0d24dca49ce1f5dd02ce0dc14e6dca4298f748df9c0ef3af18c706ed0829d3dfbf3c6de7ad9e

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\bpkwb.dll

Filesize
40KB

MD5
9d03ba8ea5bb7c2ece779e01924c4f36

SHA1
9e48cb4ad76bde4c3b3328b0e26e0ec09d6299b7

SHA256
e5351dc04a285c7275cc7c7e136d996463bae626bd1a2330c9441dead63df75c

SHA512
d2629b964ba2a17654f4ce82c0ae932e020ce841ef755f9ea0fc34c6f0e1997eeef180010576e79112f015a0d6f0592c2cca2bfc35aace67b894d3c5941b87f7

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\inst.dat

Filesize
996B

MD5
9024a1e9b6bf2af7362ba08f69196ee9

SHA1
b2ebede8827f74f187082d06f13508d695907135

SHA256
4562b4184e546fc0d167ab904d162c48b4dff469b90b1d42bf0dedcfe6423cda

SHA512
3bacad6cbbb40bdb6b199f12f8e06ceb1106d1fb31581961ccd78e4ecda56eee3b719dc3ced84acca7b5a6860013738556e88f5596f7927a59012822eb287aca

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\mc.dat

Filesize
28B

MD5
19a62a5fe2ff593e78844ba683483813

SHA1
842acaf05e7b7ed24a1d535b76602045fd0ecb09

SHA256
0c7b05723a389eea3653037601e70779e8357cfeed3df47db9101d2e33ffcacf

SHA512
c1aad87670889a49cba94e1ebc0ce081e50ce2cd424f9e0caa5bbcba651c43b353a89dcd485dd7603db2594390145192540f8af703f21032cbe32b1cf76a48f2

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\pk.bin

Filesize
3KB

MD5
d5c12c96a9c8094d1053ed572d0280bc

SHA1
499303577d5ff628bd9d5f78bd8e589352a14728

SHA256
ea191a8d37fdd94d5fbba968c7390f51c6f11d6d4befe85a9bc569859771061d

SHA512
b3eb840b504deb285f7ab86210fc67ce1adca568dd296059fe0a8bc8c20b689c289eb8aaf60523fb25308114d848c54c66367df7f5d7c4191bf30b2742f16e3b

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\rinst.exe

Filesize
7KB

MD5
fbe4bab53f74d3049ef4b306d4cd8742

SHA1
6504b63908997a71a65997fa31eda4ae4de013e7

SHA256
446658dd5af649857fff445c600f26cdc1d0c19c86a080f312b89b1890182092

SHA512
d458ab806a3ed3d1494a13ad8a75df874a0b227cb4f337996cb82df3c4a26dc9c4fe48a664b53b052a4af123ea8d89911d9d9493870e6b5992d5621a32260c2f

Download Submit
C:\Windows\SysWOW64\bpk.exe

Filesize
400KB

MD5
341c7d495813a8e38bc5f4b1e4070341

SHA1
65c7e0623df72470850f3a8dc9acddae9d680406

SHA256
cbc8cf389f07bdcc20f04a4b9134bae894081ffac27555afb0dd1f6d7aa57450

SHA512
b8bab11cd602d8b45f42b3775b86df5faa4f0596ed3ca4e20b77be0040ca32eea5f14f95ef704230238ec56d6a818b66f400b9e9066bb5e854b01bf181571f7c

Download Submit
C:\Windows\SysWOW64\bpkhk.dll

Filesize
24KB

MD5
d3d919fd95dbcffd0d9658dc24f80ba6

SHA1
9cdde1f9fce4c575c1a3f8ef7845ad7dbeec6205

SHA256
cfb1a5165cfb64dc8e33f2e265ffc41a62b18539582ac1d3c2dcc55f5b40719c

SHA512
9c04aeddac457c818d4ab92f7e8cf2e17ba3fc251b534edf2a31d49a5411bd1fda910345775b57b5afc3c4ff5bf9cba5003e68ffd69fd058b26e1b17f885a852

Download Submit
C:\Windows\SysWOW64\bpkwb.dll

Filesize
40KB

MD5
21d4e01f38b5efd64ad6816fa0b44677

SHA1
5242d2c5b450c773b9fa3ad014a8aba9b7bb206a

SHA256
3285df0c25d4b9b6d5ccbe166a3ce3d04f5cb3a0d61c8bf29bf5f953e51b0977

SHA512
77dae941676a56664da89c7670d29ed5402032c8040df1cc231986733c78f0dc56c41f7a276ec9ea8336e3fa2bfc68d3121048e9585bf0d8a98917d799f669b8

Download Submit
C:\Windows\SysWOW64\mc.dat

Filesize
28B

MD5
2daad9654e0fbe773241243378959d76

SHA1
30708fd9ca8c238b8f45a294e315ef9b88c2a9d8

SHA256
efb03ffe711a5418167e01123cea0af688869f97006f261781283f7d2d00b36f

SHA512
28b9627d6fcee14e6bb389599844145e57c2c12a524bce98f5f70690e9317d63bccbf9072e55c3f569eb3723c761c4a8efd3fa7864ab3a45460f48ce4c982615

Download Submit
C:\Windows\SysWOW64\pk.bin

Filesize
3KB

MD5
64e9cfa5ef6f114cca031bfbd0ec04c1

SHA1
074411fcf8b07563900d8488ff0912066275e1c5

SHA256
4e14db371f18702936f564cf805676b11403ff45addac2d0cf422e66611f0ece

SHA512
74360380bad2104104744a017e33e946c8f7a94fa55aff9e1d13a91df1826da9be554ae8479b9614fe5f867085d482fdffc8bd9af6d1a564440b3e3049649633

Download Submit
memory/644-52-0x0000000000400000-0x0000000000412000-memory.dmp

Filesize
72KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads