78dea6ce89d0ef782aaeddc45abbf492f6b272e8804d9f1528e3fea7aa81b6c6

Resubmissions

26/07/2024, 17:17

240726-vt4y8ascmp 7

Analysis

max time kernel
119s
max time network
125s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
26/07/2024, 17:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Patch JB 2023.x.x.exe
Size

9.8MB
MD5

2225a9180e142415ae27486fc2631809
SHA1

e55621177d23583d5cfb1d0a012c06e73a7c1331
SHA256

78dea6ce89d0ef782aaeddc45abbf492f6b272e8804d9f1528e3fea7aa81b6c6
SHA512

4501aa9878f88ad2665f272c63b46781fc8e6ee64f6406aceeb309399dcbce9aafdf724d6c6d3a9b4c0a6ead89ee49aa148cae710b2c68815ba07e6a1bc72251
SSDEEP

196608:zfYJw5b8ev5zAp9uwi//sSsTUTIZjnX3uAx3N3rgiq3VzO6s3rr7jC:zwJXnp9ul/0UMRnu+3OFFzO13rrfC

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2408	7z2201.exe

Loads dropped DLL 1 IoCs

pid	Process
2408	7z2201.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Enumerates processes with tasklist 1 TTPs 1 IoCs

discovery

Process Discovery

T1057

pid	Process
2236	tasklist.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\7-Zip\Lang\be.txt	7z2201.exe
File created	C:\Program Files (x86)\7-Zip\Lang\ka.txt	7z2201.exe
File created	C:\Program Files (x86)\7-Zip\Lang\nn.txt	7z2201.exe
File created	C:\Program Files (x86)\7-Zip\Lang\pa-in.txt	7z2201.exe
File opened for modification	C:\Program Files (x86)\7-Zip\readme.txt	7z2201.exe
File opened for modification	C:\Program Files (x86)\7-Zip\Lang\eo.txt	7z2201.exe
File created	C:\Program Files (x86)\7-Zip\Lang\sv.txt	7z2201.exe
File created	C:\Program Files (x86)\7-Zip\Lang\el.txt	7z2201.exe
File opened for modification	C:\Program Files (x86)\7-Zip\Lang\lv.txt	7z2201.exe
File opened for modification	C:\Program Files (x86)\7-Zip\Lang\sq.txt	7z2201.exe
File created	C:\Program Files (x86)\7-Zip\License.txt	7z2201.exe
File created	C:\Program Files (x86)\7-Zip\Lang\bg.txt	7z2201.exe
File opened for modification	C:\Program Files (x86)\7-Zip\Lang\en.ttt	7z2201.exe
File created	C:\Program Files (x86)\7-Zip\Lang\hr.txt	7z2201.exe
File opened for modification	C:\Program Files (x86)\7-Zip\Lang\sa.txt	7z2201.exe
File opened for modification	C:\Program Files (x86)\7-Zip\7z.sfx	7z2201.exe
File opened for modification	C:\Program Files (x86)\7-Zip\Lang\zh-tw.txt	7z2201.exe
File opened for modification	C:\Program Files (x86)\7-Zip\Lang\ba.txt	7z2201.exe
File created	C:\Program Files (x86)\7-Zip\Lang\sk.txt	7z2201.exe
File opened for modification	C:\Program Files (x86)\7-Zip\Lang\de.txt	7z2201.exe
File opened for modification	C:\Program Files (x86)\7-Zip\Lang\gl.txt	7z2201.exe
File created	C:\Program Files (x86)\7-Zip\Lang\mng2.txt	7z2201.exe
File created	C:\Program Files (x86)\7-Zip\Lang\ca.txt	7z2201.exe
File created	C:\Program Files (x86)\7-Zip\Lang\es.txt	7z2201.exe
File created	C:\Program Files (x86)\7-Zip\Lang\fy.txt	7z2201.exe
File opened for modification	C:\Program Files (x86)\7-Zip\Lang\ko.txt	7z2201.exe
File opened for modification	C:\Program Files (x86)\7-Zip\Lang\sk.txt	7z2201.exe
File created	C:\Program Files (x86)\7-Zip\7z.sfx	7z2201.exe
File created	C:\Program Files (x86)\7-Zip\Lang\af.txt	7z2201.exe
File opened for modification	C:\Program Files (x86)\7-Zip\Lang\da.txt	7z2201.exe
File opened for modification	C:\Program Files (x86)\7-Zip\Lang\fur.txt	7z2201.exe
File created	C:\Program Files (x86)\7-Zip\Lang\ta.txt	7z2201.exe
File created	C:\Program Files (x86)\7-Zip\Lang\va.txt	7z2201.exe
File created	C:\Program Files (x86)\7-Zip\Lang\et.txt	7z2201.exe
File created	C:\Program Files (x86)\7-Zip\Lang\ru.txt	7z2201.exe
File opened for modification	C:\Program Files (x86)\7-Zip\Lang\ug.txt	7z2201.exe
File created	C:\Program Files (x86)\7-Zip\Lang\uz-cyrl.txt	7z2201.exe
File created	C:\Program Files (x86)\7-Zip\Lang\uk.txt	7z2201.exe
File opened for modification	C:\Program Files (x86)\7-Zip\Lang\uz-cyrl.txt	7z2201.exe
File opened for modification	C:\Program Files (x86)\7-Zip\Lang\kk.txt	7z2201.exe
File created	C:\Program Files (x86)\7-Zip\Lang\nb.txt	7z2201.exe
File opened for modification	C:\Program Files (x86)\7-Zip\Lang\io.txt	7z2201.exe
File created	C:\Program Files (x86)\7-Zip\Lang\lij.txt	7z2201.exe
File created	C:\Program Files (x86)\7-Zip\Lang\ug.txt	7z2201.exe
File opened for modification	C:\Program Files (x86)\7-Zip\Lang\mng2.txt	7z2201.exe
File opened for modification	C:\Program Files (x86)\7-Zip\Lang\yo.txt	7z2201.exe
File opened for modification	C:\Program Files (x86)\7-Zip\Lang\ar.txt	7z2201.exe
File created	C:\Program Files (x86)\7-Zip\Lang\si.txt	7z2201.exe
File created	C:\Program Files (x86)\7-Zip\Lang\sl.txt	7z2201.exe
File created	C:\Program Files (x86)\7-Zip\Lang\sw.txt	7z2201.exe
File created	C:\Program Files (x86)\7-Zip\Lang\uz.txt	7z2201.exe
File opened for modification	C:\Program Files (x86)\7-Zip\7zFM.exe	7z2201.exe
File created	C:\Program Files (x86)\7-Zip\Lang\br.txt	7z2201.exe
File opened for modification	C:\Program Files (x86)\7-Zip\Lang\cy.txt	7z2201.exe
File opened for modification	C:\Program Files (x86)\7-Zip\Lang\hi.txt	7z2201.exe
File opened for modification	C:\Program Files (x86)\7-Zip\Lang\ps.txt	7z2201.exe
File created	C:\Program Files (x86)\7-Zip\Lang\de.txt	7z2201.exe
File created	C:\Program Files (x86)\7-Zip\Lang\sa.txt	7z2201.exe
File created	C:\Program Files (x86)\7-Zip\Lang\tk.txt	7z2201.exe
File opened for modification	C:\Program Files (x86)\7-Zip\Lang\pt-br.txt	7z2201.exe
File opened for modification	C:\Program Files (x86)\7-Zip\Lang\ru.txt	7z2201.exe
File created	C:\Program Files (x86)\7-Zip\Lang\ba.txt	7z2201.exe
File created	C:\Program Files (x86)\7-Zip\Lang\cy.txt	7z2201.exe
File opened for modification	C:\Program Files (x86)\7-Zip\Lang\gu.txt	7z2201.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7z2201.exe

Modifies registry class 15 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32	7z2201.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip	7z2201.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\ShellEx\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2201.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip	7z2201.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2201.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\7-Zip	7z2201.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2201.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\ = "7-Zip Shell Extension"	7z2201.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ThreadingModel = "Apartment"	7z2201.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2201.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2201.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}	7z2201.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\Program Files (x86)\\7-Zip\\7-zip.dll"	7z2201.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\7-Zip	7z2201.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\7-Zip	7z2201.exe

Suspicious behavior: CmdExeWriteProcessMemorySpam 1 IoCs

pid	Process
2408	7z2201.exe

Suspicious use of AdjustPrivilegeToken 41 IoCs

description	pid	Process
Token: SeIncreaseQuotaPrivilege	2572	WMIC.exe
Token: SeSecurityPrivilege	2572	WMIC.exe
Token: SeTakeOwnershipPrivilege	2572	WMIC.exe
Token: SeLoadDriverPrivilege	2572	WMIC.exe
Token: SeSystemProfilePrivilege	2572	WMIC.exe
Token: SeSystemtimePrivilege	2572	WMIC.exe
Token: SeProfSingleProcessPrivilege	2572	WMIC.exe
Token: SeIncBasePriorityPrivilege	2572	WMIC.exe
Token: SeCreatePagefilePrivilege	2572	WMIC.exe
Token: SeBackupPrivilege	2572	WMIC.exe
Token: SeRestorePrivilege	2572	WMIC.exe
Token: SeShutdownPrivilege	2572	WMIC.exe
Token: SeDebugPrivilege	2572	WMIC.exe
Token: SeSystemEnvironmentPrivilege	2572	WMIC.exe
Token: SeRemoteShutdownPrivilege	2572	WMIC.exe
Token: SeUndockPrivilege	2572	WMIC.exe
Token: SeManageVolumePrivilege	2572	WMIC.exe
Token: 33	2572	WMIC.exe
Token: 34	2572	WMIC.exe
Token: 35	2572	WMIC.exe
Token: SeIncreaseQuotaPrivilege	2572	WMIC.exe
Token: SeSecurityPrivilege	2572	WMIC.exe
Token: SeTakeOwnershipPrivilege	2572	WMIC.exe
Token: SeLoadDriverPrivilege	2572	WMIC.exe
Token: SeSystemProfilePrivilege	2572	WMIC.exe
Token: SeSystemtimePrivilege	2572	WMIC.exe
Token: SeProfSingleProcessPrivilege	2572	WMIC.exe
Token: SeIncBasePriorityPrivilege	2572	WMIC.exe
Token: SeCreatePagefilePrivilege	2572	WMIC.exe
Token: SeBackupPrivilege	2572	WMIC.exe
Token: SeRestorePrivilege	2572	WMIC.exe
Token: SeShutdownPrivilege	2572	WMIC.exe
Token: SeDebugPrivilege	2572	WMIC.exe
Token: SeSystemEnvironmentPrivilege	2572	WMIC.exe
Token: SeRemoteShutdownPrivilege	2572	WMIC.exe
Token: SeUndockPrivilege	2572	WMIC.exe
Token: SeManageVolumePrivilege	2572	WMIC.exe
Token: 33	2572	WMIC.exe
Token: 34	2572	WMIC.exe
Token: 35	2572	WMIC.exe
Token: SeDebugPrivilege	2236	tasklist.exe

Suspicious use of WriteProcessMemory 46 IoCs

description	pid	Process	procid_target
PID 1828 wrote to memory of 2396	1828	Patch JB 2023.x.x.exe	30
PID 1828 wrote to memory of 2396	1828	Patch JB 2023.x.x.exe	30
PID 1828 wrote to memory of 2396	1828	Patch JB 2023.x.x.exe	30
PID 2396 wrote to memory of 2408	2396	cmd.exe	32
PID 2396 wrote to memory of 2408	2396	cmd.exe	32
PID 2396 wrote to memory of 2408	2396	cmd.exe	32
PID 2396 wrote to memory of 2408	2396	cmd.exe	32
PID 2396 wrote to memory of 2408	2396	cmd.exe	32
PID 2396 wrote to memory of 2408	2396	cmd.exe	32
PID 2396 wrote to memory of 2408	2396	cmd.exe	32
PID 2396 wrote to memory of 1200	2396	cmd.exe	34
PID 2396 wrote to memory of 1200	2396	cmd.exe	34
PID 2396 wrote to memory of 1200	2396	cmd.exe	34
PID 2396 wrote to memory of 2564	2396	cmd.exe	35
PID 2396 wrote to memory of 2564	2396	cmd.exe	35
PID 2396 wrote to memory of 2564	2396	cmd.exe	35
PID 2396 wrote to memory of 1912	2396	cmd.exe	36
PID 2396 wrote to memory of 1912	2396	cmd.exe	36
PID 2396 wrote to memory of 1912	2396	cmd.exe	36
PID 1912 wrote to memory of 2572	1912	cmd.exe	37
PID 1912 wrote to memory of 2572	1912	cmd.exe	37
PID 1912 wrote to memory of 2572	1912	cmd.exe	37
PID 2396 wrote to memory of 300	2396	cmd.exe	39
PID 2396 wrote to memory of 300	2396	cmd.exe	39
PID 2396 wrote to memory of 300	2396	cmd.exe	39
PID 300 wrote to memory of 2236	300	cmd.exe	40
PID 300 wrote to memory of 2236	300	cmd.exe	40
PID 300 wrote to memory of 2236	300	cmd.exe	40
PID 2396 wrote to memory of 2192	2396	cmd.exe	41
PID 2396 wrote to memory of 2192	2396	cmd.exe	41
PID 2396 wrote to memory of 2192	2396	cmd.exe	41
PID 2396 wrote to memory of 3000	2396	cmd.exe	42
PID 2396 wrote to memory of 3000	2396	cmd.exe	42
PID 2396 wrote to memory of 3000	2396	cmd.exe	42
PID 2396 wrote to memory of 1744	2396	cmd.exe	43
PID 2396 wrote to memory of 1744	2396	cmd.exe	43
PID 2396 wrote to memory of 1744	2396	cmd.exe	43
PID 1744 wrote to memory of 2244	1744	cmd.exe	44
PID 1744 wrote to memory of 2244	1744	cmd.exe	44
PID 1744 wrote to memory of 2244	1744	cmd.exe	44
PID 2396 wrote to memory of 304	2396	cmd.exe	45
PID 2396 wrote to memory of 304	2396	cmd.exe	45
PID 2396 wrote to memory of 304	2396	cmd.exe	45
PID 304 wrote to memory of 1076	304	cmd.exe	46
PID 304 wrote to memory of 1076	304	cmd.exe	46
PID 304 wrote to memory of 1076	304	cmd.exe	46

C:\Users\Admin\AppData\Local\Temp\Patch JB 2023.x.x.exe
"C:\Users\Admin\AppData\Local\Temp\Patch JB 2023.x.x.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1828
- C:\Windows\system32\cmd.exe
  cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\40TY7PRO.bat" "C:\Users\Admin\AppData\Local\Temp\Patch JB 2023.x.x.exe""
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2396
- - C:\Users\Admin\AppData\Local\Temp\qbF76CC15.02\7z2201.exe
    "C:\Users\Admin\AppData\Local\Temp\qbF76CC15.02\7z2201.exe" /S
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Drops file in Program Files directory
    - System Location Discovery: System Language Discovery
    - Modifies registry class
    - Suspicious behavior: CmdExeWriteProcessMemorySpam
    PID:2408
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /S /D /c" echo Program successfully licensed! "
    3⤵
    PID:1200
- - C:\Windows\system32\msg.exe
    msg *
    3⤵
    PID:2564
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic path win32_LocalTime Get Day,Month,Year /value
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:1912
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic path win32_LocalTime Get Day,Month,Year /value
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:2572
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq SbieSvc.exe" /fo csv /nh
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:300
  - - C:\Windows\system32\tasklist.exe
      tasklist /fi "imagename eq SbieSvc.exe" /fo csv /nh
      4⤵
      Enumerates processes with tasklist
      Suspicious use of AdjustPrivilegeToken
      PID:2236
- - C:\Windows\system32\reg.exe
    reg query "HKLM\SOFTWARE\Microsoft\Alu" /s /reg:32
    3⤵
    PID:2192
- - C:\Windows\system32\reg.exe
    reg Add "HKLM\SOFTWARE\Microsoft\Alu" /f /reg:32
    3⤵
    PID:3000
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SystemInformation" /v "SystemProductName"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:1744
  - - C:\Windows\system32\reg.exe
      reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SystemInformation" /v "SystemProductName"
      4⤵
      PID:2244
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c reg query "HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\Current" /v "SystemProductName"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:304
  - - C:\Windows\system32\reg.exe
      reg query "HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\Current" /v "SystemProductName"
      4⤵
      PID:1076

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Process Discovery

T1057

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\40TY7PRO.bat

Filesize
52KB

MD5
dc730f24799df72d573c61fbe2cfe19f

SHA1
ed32a6451d826210590cd935c059db207d2c89ae

SHA256
3ad7d102e167a040188c725dfcb789e31e11d11acfd6f395246275744497e320

SHA512
7c880e148507b83bba6f4d2fcd787715e20ce36f974c1f02a2725a7e411df0b541b38dce9c19ae9837bfebb3f28f0a533efac4eb5604dfa3ebb3ecc910db6cba

Download Submit
C:\Users\Admin\AppData\Local\Temp\qbF76CC15.02\7z2201.exe

Filesize
1.2MB

MD5
734e95cdbe04f53fe7c28eeaaaad7327

SHA1
e49a4d750f83bc81d79f1c4c3f3648a817c7d3da

SHA256
8c8fbcf80f0484b48a07bd20e512b103969992dbf81b6588832b08205e3a1b43

SHA512
16b02001c35248f18095ba341b08523db327d7aa93a55bcee95aebb22235a71eae21a5a8d19019b10cac3e7764a59d78cf730110bae80acc2ff249bbc7861ad7

Download Submit
C:\Users\Admin\AppData\Local\Temp\qbF76CC15.02\cnf

Filesize
50B

MD5
35e1bb2031151679c925845801adefbe

SHA1
c07e1003257cf02ca7b672ac0db075489531729c

SHA256
5f62ef0df8a6b126356145b88954c150e2d56c4ee2312de011a36949719a9849

SHA512
630f69f51b09f1b33adb88154c5da63f7d4b7f3f7b714a4adac23b0db3e8d66bb4ba1df68b6324ccc8b9498275fe224155d77a9c5e85a7a4c2ae5b33f013d4c5

Download Submit
C:\Users\Admin\AppData\Local\Temp\qbF76CC15.02\jb.7z

Filesize
67KB

MD5
3056453b2ea9a7987180a0f7c6e0601d

SHA1
069178ea6b242cd326a2ca2b983816c412ea9307

SHA256
b572e1b4af12863e3444049875bc5fdfcf5b126f29938d4d1a46d3a473554c49

SHA512
8f86ec1ac4f6190c057816914648a448531f402a7b91dc956ec975a951bc95e52f3228984a5d3b1f609924f40fabe8d8f55f4ecf58db44f0ef94f42e95b0b425

Download Submit
C:\Users\Admin\AppData\Local\Temp\qbF76CC15.02\jbk.7z

Filesize
7KB

MD5
e4e67d6f10c69cb29c4815a2ecda209f

SHA1
92eef38f4e992bc00df9d15ad13b244e8c0c407e

SHA256
52b7e3123089a575490bbd81342a10ad6aba22fc54c2a7d5e6d1fc421e99f60d

SHA512
92f08578a0998370f974ee90925f4f943eb7c039cf4d9ee7c9474a52ee9b1deebd3a8c792de1228f667b0b0cb13871dcfe19a81fa227e60d6efff788330a2d54

Download Submit
C:\Users\Admin\AppData\Local\Temp\qbF76CC15.02\jbl.7z

Filesize
8.0MB

MD5
65a51eeedd7c1924e035b74347b4e484

SHA1
3a5afa74bd5eaddb19e6b48b892a91f2fd7665ea

SHA256
f5e5de757f9009921df4d15f692ce4331787c276e48999fa09d367829621e43e

SHA512
ad41cf2c8a06efb858826191bf8e4ae66d6ea67d7ba7ebeba9f3db13d2999127692640a94357b5a1bc35814e107d306c4d73752d2a999a447fa15455304eef21

Download Submit
\Program Files (x86)\7-Zip\7zFM.exe

Filesize
574KB

MD5
bbb2667d9b2fd922e52883a63e8cd948

SHA1
d4238ac5e2eb3ec7236e5e098ee3b31d26efebee

SHA256
69392e292a0e7195e0c96bbbfe989949d044b63dbce2e5324f1bb99aa2560e3f

SHA512
2f801ae372ca3fc4cd858b6d1783977c8357e5616f45311ffff70b3eee20490f2c6e34a12139a6c0b9faaaf6e59985fabc1cae22510e6b632bae425a58793681

Download Submit
memory/1828-252-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/2396-132-0x0000000002310000-0x0000000002311000-memory.dmp

Filesize
4KB

Download

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads