a488f4ba2d9c7ac99c59dd503d4e53f6b50e78ef11aebad71d62e0d5821e6bb4

Analysis

max time kernel
149s
max time network
122s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
22/07/2024, 17:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

641a918d87d25c9a4cd3c49ea7d42b3a_JaffaCakes118.dll
Size

15KB
MD5

641a918d87d25c9a4cd3c49ea7d42b3a
SHA1

39b6976e6897fbd0e9449073d3fc6a78e5105c03
SHA256

a488f4ba2d9c7ac99c59dd503d4e53f6b50e78ef11aebad71d62e0d5821e6bb4
SHA512

3b46e6995056ae03a5a136ef406fc9570567d793bc57e9806e0ce24f3377a3f203f30c4f6cfa8ae64a8a20df7dc80963f5e344b23b16a7019dd7ea7b38caa81a
SSDEEP

192:R+jOaONXcf9XwYneW04i1wnrGgHFSCFhqojUyPWwTvHqzfk5/RINNqyKzbB063cV:QeAzeWQuXFSCS3y/jKgKNdCbBo

Score

10^/10

persistence

Malware Config

Signatures

Adds autorun key to be loaded by Explorer.exe on startup 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	rundll32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\641a918d87d25c9a4cd3c49ea7d42b3a_JaffaCakes118 = "{2199d04e-b8cd-4bda-9491-e8ccef592a4a}"	rundll32.exe

Modifies Internet Explorer settings 1 TTPs 40 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000000000001000000ffffffffffffffffffffffffffffffff3200000032000000b804000097020000	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000000000001000000ffffffffffffffffffffffffffffffff6f00000019000000f50400007e020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000000000001000000ffffffffffffffffffffffffffffffff5600000000000000dc04000065020000	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000000000001000000ffffffffffffffffffffffffffffffff00000000000000008604000065020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000000000001000000ffffffffffffffffffffffffffffffff3d0000003d000000c3040000a2020000	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000000000001000000ffffffffffffffffffffffffffffffff4b00000000000000d104000065020000	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000000000001000000ffffffffffffffffffffffffffffffff6400000019000000ea0400007e020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000000000001000000ffffffffffffffffffffffffffffffff19000000190000009f0400007e020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{B15BC361-484F-11EF-83F9-EE33E2B06AA8} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "427831129"	iexplore.exe

Modifies registry class 5 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2199d04e-b8cd-4bda-9491-e8ccef592a4a}\InProcServer32	rundll32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node	rundll32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID	rundll32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2199d04e-b8cd-4bda-9491-e8ccef592a4a}	rundll32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2199d04e-b8cd-4bda-9491-e8ccef592a4a}\InProcServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\641a918d87d25c9a4cd3c49ea7d42b3a_JaffaCakes118.dll"	rundll32.exe

Suspicious use of FindShellTrayWindow 10 IoCs

pid	Process
1324	iexplore.exe
1324	iexplore.exe
1324	iexplore.exe
1324	iexplore.exe
1324	iexplore.exe
1324	iexplore.exe
1324	iexplore.exe
1324	iexplore.exe
1324	iexplore.exe
1324	iexplore.exe

Suspicious use of SetWindowsHookEx 40 IoCs

pid	Process
1324	iexplore.exe
1324	iexplore.exe
2396	IEXPLORE.EXE
2396	IEXPLORE.EXE
1324	iexplore.exe
1324	iexplore.exe
2672	IEXPLORE.EXE
2672	IEXPLORE.EXE
1324	iexplore.exe
1324	iexplore.exe
2988	IEXPLORE.EXE
2988	IEXPLORE.EXE
1324	iexplore.exe
1324	iexplore.exe
2696	IEXPLORE.EXE
2696	IEXPLORE.EXE
1324	iexplore.exe
1324	iexplore.exe
2396	IEXPLORE.EXE
2396	IEXPLORE.EXE
1324	iexplore.exe
1324	iexplore.exe
3056	IEXPLORE.EXE
3056	IEXPLORE.EXE
1324	iexplore.exe
1324	iexplore.exe
2672	IEXPLORE.EXE
2672	IEXPLORE.EXE
1324	iexplore.exe
1324	iexplore.exe
1568	IEXPLORE.EXE
1568	IEXPLORE.EXE
1324	iexplore.exe
1324	iexplore.exe
2988	IEXPLORE.EXE
2988	IEXPLORE.EXE
1324	iexplore.exe
1324	iexplore.exe
2396	IEXPLORE.EXE
2396	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 31 IoCs

description	pid	Process	procid_target
PID 292 wrote to memory of 2140	292	rundll32.exe	30
PID 292 wrote to memory of 2140	292	rundll32.exe	30
PID 292 wrote to memory of 2140	292	rundll32.exe	30
PID 292 wrote to memory of 2140	292	rundll32.exe	30
PID 292 wrote to memory of 2140	292	rundll32.exe	30
PID 292 wrote to memory of 2140	292	rundll32.exe	30
PID 292 wrote to memory of 2140	292	rundll32.exe	30
PID 1324 wrote to memory of 2396	1324	iexplore.exe	32
PID 1324 wrote to memory of 2396	1324	iexplore.exe	32
PID 1324 wrote to memory of 2396	1324	iexplore.exe	32
PID 1324 wrote to memory of 2396	1324	iexplore.exe	32
PID 1324 wrote to memory of 2672	1324	iexplore.exe	33
PID 1324 wrote to memory of 2672	1324	iexplore.exe	33
PID 1324 wrote to memory of 2672	1324	iexplore.exe	33
PID 1324 wrote to memory of 2672	1324	iexplore.exe	33
PID 1324 wrote to memory of 2988	1324	iexplore.exe	34
PID 1324 wrote to memory of 2988	1324	iexplore.exe	34
PID 1324 wrote to memory of 2988	1324	iexplore.exe	34
PID 1324 wrote to memory of 2988	1324	iexplore.exe	34
PID 1324 wrote to memory of 2696	1324	iexplore.exe	35
PID 1324 wrote to memory of 2696	1324	iexplore.exe	35
PID 1324 wrote to memory of 2696	1324	iexplore.exe	35
PID 1324 wrote to memory of 2696	1324	iexplore.exe	35
PID 1324 wrote to memory of 3056	1324	iexplore.exe	37
PID 1324 wrote to memory of 3056	1324	iexplore.exe	37
PID 1324 wrote to memory of 3056	1324	iexplore.exe	37
PID 1324 wrote to memory of 3056	1324	iexplore.exe	37
PID 1324 wrote to memory of 1568	1324	iexplore.exe	38
PID 1324 wrote to memory of 1568	1324	iexplore.exe	38
PID 1324 wrote to memory of 1568	1324	iexplore.exe	38
PID 1324 wrote to memory of 1568	1324	iexplore.exe	38

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\641a918d87d25c9a4cd3c49ea7d42b3a_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:292
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\641a918d87d25c9a4cd3c49ea7d42b3a_JaffaCakes118.dll,#1
  2⤵
  - Adds autorun key to be loaded by Explorer.exe on startup
  - Modifies registry class
  PID:2140

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1324
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1324 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2396
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1324 CREDAT:275462 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2672
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1324 CREDAT:537608 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2988
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1324 CREDAT:865289 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2696
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1324 CREDAT:930834 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:3056
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1324 CREDAT:996374 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1568

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b5a8de7b35bf1c012ac8438be4fe85b4

SHA1
e63b8670e57692f2f9cb150895e265e8345de257

SHA256
c53d280528f766cb594e8ddcaf6b576e39cf4322ee4cfe98fcccfaf92f85176b

SHA512
9e51711e817c628be0db26223b30c3436796fc2fdf662f0a995e514f0c0511b92d7f3b3e83ff22bc05a70a5bfb5a469a582bd0b7d4c5646d9333effe42327f24

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4d03b190309eab4b90845c3661b22207

SHA1
f02fa1a250644f52a6e18d379a9602ffe5411c5b

SHA256
205de23d178db688d5b20cb5688b28054c10964c5e5a1e41767b63b58fa69aac

SHA512
b4e4ad8976e7dfbb8a51a544bb78486d1df6154a8effb4b1bd34aa70cfe050eef871d413984da1c09d2e0891ac7afc2a90cb9773196efc10c930f9e49c630fef

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2534cb0f00bf97404a45f5155d894dd9

SHA1
0cdd74747cbf079b8692c210f4b0f465709e18c9

SHA256
27079eef9ee52e9cf5f6268450076a164d82d7ee2ea6f61773082cbfe849bce2

SHA512
34f6772c0ce53067078b7226741addd0f8a94657f27f0c3bfb0e642391b43759537cb9a3388799bba3794b814d83135179c4794e3fef579a75eaa561d1faba2c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
dcfaf3ec42031c3e2c12a092c710c775

SHA1
6b097e99c074e31ad48796dea2e69aa4dc58bfec

SHA256
d6e3ae4d2b71eec4c520ddd21e89624c2731265da77df8d1b39356306854cdf8

SHA512
108f55b9a291ffeb2b2c97556bfd6487c4e7c8855fa3b072aba8f1293501d8ef741778e702841d3c2f462278618132ce0dab85ebdae48cfd55674ecac312ba9e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
83bda33eab674fdbf1c45931b874245b

SHA1
b24fdf3b0bbbe7075899b8ce4350d7dc591bcc8e

SHA256
523bb9227db0d404134016e61ab04a9f62c10c27fb1308deb55e2c54ffd1909e

SHA512
71c356f3dccefa3408d09b297e8b592c45b608bbc0e3efffe53726fa2e0d6464bbc968e9e4ca1fc56df4cbf9d8c2f02389b3d55ee66c6cf182e871b2cad42b18

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
aaf22ff80d91830d86684cd0f2910dc0

SHA1
52be44d18cfb0949ef66f56275d4607122858d9a

SHA256
721afcd7cf3b9868d92abafcd8b27ea01d8908c8ab151e5f3ae60deabc7c8321

SHA512
1b627474f9cdcd4c484b3667aa42ac0b8a8a8be7b2ba5ea19af7fee118eaea16fa5a0e9df0fdd9d79de9e48f776cd1ca839e29e1c3cb493a5713f2327f0b741b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
59d81e0a2124e947760a3dc9864c0f92

SHA1
e2e6ba4fbe2a9a99396301ea44b3a7145bb18670

SHA256
e852a4e3031a96782437566fdd23414e4f73a0146f7016e1ba5145ef1547ce1f

SHA512
9deaf83bf7bdf782328429f7836c548b6d658fdeddc3bf24dc417a6dfe55f179534280846be15e923f1c9e0b37afca9616cacc3e59331b74835a25268f386956

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f918becba9b0175bec9900becac5491d

SHA1
d508cfed5d00c3badc223a36f5f700f4644755da

SHA256
8a158c25c3d0f83439bbdc3cb0626a99ceaf9e218676ee371e7633e922af648d

SHA512
d1a41836667677ea32dc32760a7d69d3fd96024a688292ad3b9933213449cba452b721038360ed9e1963c7aea2cf90be8426d3202c883c0f8f6339033779aa89

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6f66e48252916b9df67dd28f4ea94736

SHA1
c9d419c1cb4a628beb94edcc00f2829d0534ef33

SHA256
6c6cb63e775f6f1a00a052089c4d9281295c8f316b58413fcb890ea6c6982951

SHA512
5f31738e8c56e6af26254211dab4d91b97b78e2019bbbdf9ab178e2a04a1d6d950772134bb1c712941367fe1ce3f45fdaba65c273b9242834d50ee0ad0bb4629

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab9CDD.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar9D4E.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Users\Admin\AppData\Local\Temp\~DF6413E59587E9B6DC.TMP

Filesize
16KB

MD5
46cb2417402a668e9d241b4c5f66141e

SHA1
6b5cf75c5d1a1dafbcb3128f66a15ecf655f41f2

SHA256
20b167a30eb7dcc2b129918a409c370f62c9dafcdb478063ed6eb7ef80744e7d

SHA512
ad126b4fa43ef74e927647d587d26bd69b9d324cb236d6407421df909adf61311c7dfe51f8433dcbd2c6fd353a9422a295e25b8fba6e913b885c81a0afef60f2

Download Submit
memory/2140-1-0x0000000010009000-0x000000001000A000-memory.dmp

Filesize
4KB

Download
memory/2140-3-0x0000000010000000-0x000000001000B000-memory.dmp

Filesize
44KB

Download
memory/2140-2-0x0000000000170000-0x0000000000172000-memory.dmp

Filesize
8KB

Download
memory/2140-0-0x0000000010000000-0x000000001000B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads