135bafe31f2f5aa08061b3226013c2d6e6847282c8d73f4a8a763f536be8acce

Analysis

max time kernel
751s
max time network
474s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
26/07/2024, 19:12

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

Photoshop_Set-Up.exe
Size

3.2MB
MD5

6500b745d47c887ab6e5b7a67548cc8e
SHA1

a9e1e57db0554788c1e2cd2e88909d459da0443d
SHA256

135bafe31f2f5aa08061b3226013c2d6e6847282c8d73f4a8a763f536be8acce
SHA512

ae9282a294662260c64c3b636b8f34c4706cd6e4519b0b3089d47a080d206e7a84a9a2e0f61367bd0a15de03eb27098941df1f1aba51d34f8dcc397432622ba6
SSDEEP

49152:zm7wIIjaSOV+THnJY4fsC1EBG0fRGtxbZdxajwbrS79F5/wcr6QqbD2K:K8IsaSOolY4fsCmbIBSw09D/KTOK

Score

7^/10

discovery upx

Malware Config

Signatures

UPX packed file 8 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2964-0-0x0000000000C00000-0x000000000161F000-memory.dmp	upx
behavioral1/memory/2964-31-0x0000000000C00000-0x000000000161F000-memory.dmp	upx
behavioral1/memory/2900-32-0x0000000000C00000-0x000000000161F000-memory.dmp	upx
behavioral1/memory/2900-65-0x0000000000C00000-0x000000000161F000-memory.dmp	upx
behavioral1/memory/4544-67-0x0000000000C00000-0x000000000161F000-memory.dmp	upx
behavioral1/memory/4544-96-0x0000000000C00000-0x000000000161F000-memory.dmp	upx
behavioral1/memory/4804-97-0x0000000000C00000-0x000000000161F000-memory.dmp	upx
behavioral1/memory/4804-127-0x0000000000C00000-0x000000000161F000-memory.dmp	upx

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 4 IoCs

pid	pid_target	Process	procid_target
3020	2964	WerFault.exe	83
1196	2900	WerFault.exe	118
1976	4544	WerFault.exe	124
4780	4804	WerFault.exe	127

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Photoshop_Set-Up.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Photoshop_Set-Up.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Photoshop_Set-Up.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Photoshop_Set-Up.exe

Checks processor information in registry 2 TTPs 12 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	Photoshop_Set-Up.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	Photoshop_Set-Up.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	Photoshop_Set-Up.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	Photoshop_Set-Up.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	Photoshop_Set-Up.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	Photoshop_Set-Up.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	Photoshop_Set-Up.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	Photoshop_Set-Up.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	Photoshop_Set-Up.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	Photoshop_Set-Up.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	Photoshop_Set-Up.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	Photoshop_Set-Up.exe

Enumerates system info in registry 2 TTPs 16 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	Photoshop_Set-Up.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	Photoshop_Set-Up.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	Photoshop_Set-Up.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	Photoshop_Set-Up.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	Photoshop_Set-Up.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	Photoshop_Set-Up.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	Photoshop_Set-Up.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	Photoshop_Set-Up.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	Photoshop_Set-Up.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	Photoshop_Set-Up.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	Photoshop_Set-Up.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	Photoshop_Set-Up.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	Photoshop_Set-Up.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	Photoshop_Set-Up.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	Photoshop_Set-Up.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	Photoshop_Set-Up.exe

Modifies Internet Explorer settings 1 TTPs 5 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	Photoshop_Set-Up.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\Photoshop_Set-Up.exe = "11001"	Photoshop_Set-Up.exe
Key created	\REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	Photoshop_Set-Up.exe
Key created	\REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	Photoshop_Set-Up.exe
Key created	\REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	Photoshop_Set-Up.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
392	NOTEPAD.EXE

Suspicious use of SetWindowsHookEx 8 IoCs

pid	Process
2964	Photoshop_Set-Up.exe
2964	Photoshop_Set-Up.exe
2900	Photoshop_Set-Up.exe
2900	Photoshop_Set-Up.exe
4544	Photoshop_Set-Up.exe
4544	Photoshop_Set-Up.exe
4804	Photoshop_Set-Up.exe
4804	Photoshop_Set-Up.exe

C:\Users\Admin\AppData\Local\Temp\Photoshop_Set-Up.exe
"C:\Users\Admin\AppData\Local\Temp\Photoshop_Set-Up.exe"
1⤵
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Enumerates system info in registry
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2964
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2964 -s 1796
  2⤵
  - Program crash
  PID:3020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2964 -ip 2964
1⤵
PID:4716

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2912

C:\Users\Admin\AppData\Local\Temp\Photoshop_Set-Up.exe
"C:\Users\Admin\AppData\Local\Temp\Photoshop_Set-Up.exe"
1⤵
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Enumerates system info in registry
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2900
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2900 -s 1832
  2⤵
  - Program crash
  PID:1196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 2900 -ip 2900
1⤵
PID:3860

C:\Users\Admin\AppData\Local\Temp\Photoshop_Set-Up.exe
"C:\Users\Admin\AppData\Local\Temp\Photoshop_Set-Up.exe"
1⤵
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Enumerates system info in registry
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:4544
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4544 -s 1340
  2⤵
  - Program crash
  PID:1976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 4544 -ip 4544
1⤵
PID:3360

C:\Users\Admin\AppData\Local\Temp\Photoshop_Set-Up.exe
"C:\Users\Admin\AppData\Local\Temp\Photoshop_Set-Up.exe"
1⤵
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Enumerates system info in registry
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:4804
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4804 -s 1580
  2⤵
  - Program crash
  PID:4780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 4804 -ip 4804
1⤵
PID:4152

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\CreativeCloud\ACC\WAM.log
1⤵
- Opens file in notepad (likely ransom note)
PID:392

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Adobe\OOBE\temp_lbs_wid

Filesize
38B

MD5
f687adfcb1b5e25174dc6064afa7d57b

SHA1
a9be363fedd48c3c0c33d8770c64a23cb251b1db

SHA256
0473eddb47e095cafb2cb932f2ea325b48739b697cbbca04c441239b641646ce

SHA512
ea7128ccc2a290de0abdab791cf81c8c4036e889ed0a272258fc36de44856ca9024f7b9dd2de665aa9790662fceb489a96543a3a5f2d419fcb7e04a04e57549f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Adobe\com.adobe.dunamis\dunamis-2024-07-26_19-16-56.log

Filesize
39KB

MD5
a8bec66fbb27fa1ea57b194d551c52bb

SHA1
cc7623ba6e66f1036fd087ac11eeaa57f19e714c

SHA256
086af03b5a6149432e1aaf62aabd6e2573161aa137614fe987925f1eee0febe8

SHA512
97144e13167d6600789a7be6d808056b9b64ef919445c2b44dc94593687513f0463219d3fb64d1be9ca4fc451eb8fab68c2a2fd79903036e5af85404ea0c3672

Download Submit
C:\Users\Admin\AppData\Local\Temp\Adobe\com.adobe.dunamis\dunamis-2024-07-26_19-23-56.log

Filesize
40KB

MD5
89cdaab0f5009342641731f9207ea9c4

SHA1
e87b8620ea4ccc5eda416271773fa0c2149e5d5f

SHA256
2bfc3745bb33376485680c5d09724d6e1cd8a92195040fc59d53d58240c08240

SHA512
6c26414cb09a32ceb6379713af0f6cd096ae24f8f59cf7db8237b54b41d08cc897ded0992b25543c05da7bf354da2bfc3272df9bcd60a80d4c447cc3d5111fac

Download Submit
C:\Users\Admin\AppData\Local\Temp\Adobe\com.adobe.dunamis\dunamis-2024-07-26_19-24-15.log

Filesize
40KB

MD5
b27e569c3030ef34b0d52afba61b0f0c

SHA1
e4848dce0d7aba7f851d339c9044e12efcf6f194

SHA256
6187555dbcfae7ce578a85b8e43f936e96f413f0e3caaa13f68a623b76adbead

SHA512
f16169f8ea194efef789aeb2d548b33f2eeba6f70b81a8d41f053520f4106482d1808f36f88634eeb1b7ff555fbfe4edb91303eca44760403b27d001c58abfc6

Download Submit
C:\Users\Admin\AppData\Local\Temp\CreativeCloud\ACC\WAM.log

Filesize
17KB

MD5
27911e506ced25111bf6cacdc86e2556

SHA1
d4092bef9d8e3e5f695ed58ddff0689e1a97a0ef

SHA256
a1794e503fb2fce418ef7c6d613a89de6a6fcb4b3ac28d9904900a537bb93ecc

SHA512
5a34916bee2f574a25cb7bbad065c5fc275bcadaa8f948235df090f6f4531e00a7271b200cd3736018f03f87731735ca98f465639ee16852fdcc7b7f2dd40151

Download Submit
C:\Users\Admin\AppData\Local\Temp\CreativeCloud\ACC\WAM.log

Filesize
5KB

MD5
b4670a2c8cf6d9a419eb618f26f9595d

SHA1
b716dee944d3ea966b6f16a0c9d4d9caab65e997

SHA256
9fc725d721ad5eb8e9d2f38c6a3955e698d72987c38fe72d4ca756a068189370

SHA512
d2766501f825f0b09ae53dc0232c02606e718e23f408781fe2816dbb35bfa96a112686bcae9311804a4093de84c3360b0401c1c3bca6cb0e469b1d2c9c57d37e

Download Submit
C:\Users\Admin\AppData\Local\Temp\CreativeCloud\ACC\WAM.log

Filesize
9KB

MD5
3ae03fa4a06f3afcc4c8261ff900b26a

SHA1
dde1ffae1ae9fb9e2a8944f1af7b2181d463f12c

SHA256
0e3013212175cda2b0dc90e6d381741bdd288168aa292f789d3d978c9053adb2

SHA512
441cbe6f595609257426e574205879211a55cd833681fd94b86e9ec4842e5f833e9c46f22f7e035057ae0f9f24785fb5e7dd40bde4d44c83417817e95c12d5a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\CreativeCloud\ACC\WAM.log

Filesize
12KB

MD5
02631677daf80b3fdb16e25c4436da18

SHA1
566bffcf7a25797890509d4646a1fdc24d0563d1

SHA256
8c2471dc8ebcf2d2c6a0661769b509c2b0900c1021f02044ea75231c2af64fa6

SHA512
11e703ccc9632b9fc4f85e7bf57b955a5f69f9acaaa05bf2f5be88aae7613289f6df0dada667d01cdecd4ad041408ce68e1ad8ce4c003ef001baa8a2e860ab57

Download Submit
C:\Users\Admin\AppData\Local\Temp\dat9577.tmp

Filesize
103KB

MD5
fa794ec12d353c26805ff53821331fc2

SHA1
cbc6658badeda2ad9b0d2e03a0a35ff7fbba542a

SHA256
cfdbd8a2aa463c11e483dc10c480acd274e9786632f5571a3970e8a20a2d8237

SHA512
1161afdbf6fc9b74421031fe6e139587f291ffaec03cae4aa76c1a86e10a69c7b1602ecbfbf60287ce8ed926377ad159992cde605ba98e75b212e971b7e14f18

Download Submit
C:\Users\Admin\AppData\Local\Temp\dat95B7.tmp

Filesize
140KB

MD5
d070306a9062178afdfa98fcc06d2525

SHA1
ba299b83eb0a3499820fddcf305af0ddbda3e5d0

SHA256
8f5ccdfd3da9185d4ad262ec386ebb64b3eb6c0521ec5bd1662cec04e1e0f895

SHA512
7c69e576b01642ecd7dd5fe9531f90608fa9ade9d98a364bcc81ccd0da4daef55fd0babc6cb35bff2963274d09ef0cd2f9bce8839040776577b4e6a86eb5add5

Download Submit
C:\Users\Admin\AppData\Local\Temp\datDD7F.tmp

Filesize
140KB

MD5
e204643042591aeec2043c5eae255099

SHA1
ba5f2f94740400f540befc89f1c4d022a26faa84

SHA256
7f58f56a7a353f8fc78ec2757394a7c7f28165e6bbf2a37d6a6e48e845874f3e

SHA512
7196c5b8e88100a08eb296be7570df4d045268ad6bab1c45ebaa9063aa9b46b8896886e24a9f861e322b167dd95e18d5a18abb76f1bb01c8bc85c36bead855ef

Download Submit
C:\Users\Admin\AppData\Local\Temp\datDD90.tmp

Filesize
139KB

MD5
dfce51814cf6d2f42375f948602cd99d

SHA1
766e162ff305343010b67fbaa28b36af277c5b34

SHA256
7a8a945586a1d21d2922cb4aed9e28d872129f6c396ac69f47ef3e32ea972ba0

SHA512
2c9489c18719ad29928e86a9e631e080b024c882a77a582f40f4f86f625de9b08ad3c09710d5ee32b5cae5284fd960f412f05290bdb3b4709f097b269b99ce21

Download Submit
C:\Users\Admin\AppData\Local\Temp\{0B79BEDD-9C67-4A07-AF5E-5BD96FD41ACC}\index.css

Filesize
917KB

MD5
714e04a1f8fb3331bbafa9e43d6def10

SHA1
0091f5fc5cb5df898499c8078a9ad3aa5a7d2db5

SHA256
86281e1af2459d957e514edda85b86797beaa231cfaa55e877a6a10f5506f5a1

SHA512
990aa9eb87a62cee43499bda0d9cc2060c223493ff9b565c323f54aaec97ad8a935ebcd3868003f90d17518af28159cc435d94d4a2e441d399110f53a13589e5

Download Submit
C:\Users\Admin\AppData\Local\Temp\{2B7AE71C-B02D-4DEF-ACB9-A280F74BADB5}\CCDInstaller.js

Filesize
1.3MB

MD5
4b02242ed1b6281db19b4f60c127cc5d

SHA1
69ea4924a273dbb03f31d3c7d6d2cfd2270cad1c

SHA256
9fbf9ff720e09c16da2066b8bab9879a4c83682f687ebe806c5ea78e1eb9467b

SHA512
dd44025147f63e307636424d80405f14a02ad2cc4ad4f80878537b21df7981f546115348711fff6e13483fe6fb04684c079309af28c8ebf43ef83ffe9b49fc1f

Download Submit
C:\Users\Admin\AppData\Local\Temp\{2B7AE71C-B02D-4DEF-ACB9-A280F74BADB5}\index.html

Filesize
426B

MD5
a28ab17b18ff254173dfeef03245efd0

SHA1
c6ce20924565644601d4e0dd0fba9dde8dea5c77

SHA256
886c0ab69e6e9d9d5b5909451640ea587accfcdf11b8369cad8542d1626ac375

SHA512
9371a699921b028bd93c35f9f2896d9997b906c8aba90dd4279abba0ae1909a8808a43bf829584e552ccfe534b2c991a5a7e3e3de7618343f50b1c47cff269d6

Download Submit
C:\Users\Admin\AppData\Roaming\com.adobe.dunamis\f65a88c9-12b3-4201-a633-87cf11b91fa8\v1\0\anon_events\aa9b9880-8ca6-49ab-a3b5-496198fe05dc

Filesize
10.0MB

MD5
d08da7205c6d5a88301df19d15e32364

SHA1
0ac96527e82e0228f2cafefba5e2c68899801b22

SHA256
b7c8abc31c96d469555f273f1ca74f548efe460b1e1b5e0635ee57e7399f263f

SHA512
c9dc82ab41babd0d8194d403bd265f847399e01d6558498ff9f118b2a793dccbebcb5c711541a73c9da478686135f4198052326e53f19bdb99f665c3b9f1b5ee

Download Submit
C:\Users\Admin\AppData\Roaming\com.adobe.dunamis\f65a88c9-12b3-4201-a633-87cf11b91fa8\v1\0\anon_events\aa9b9880-8ca6-49ab-a3b5-496198fe05dc

Filesize
10.0MB

MD5
c2311d7c1c234a5bc1d563d612f99f03

SHA1
0121e4154daf1887c3ddb7f20250f8b971187fe9

SHA256
49d24b37a36d59bb72946cb96854053e813cf0c3f7668f004d6952b16278c2bd

SHA512
ff4dd4da31dfc05d1708c2dcb4a2663f4cb91dbb8d224ceda4601e2a1388d3d174b46a27ac02d32bcd5b4c241d7b7ba916592834b38e6a21566743872036b611

Download Submit
C:\Users\Admin\AppData\Roaming\com.adobe.dunamis\f65a88c9-12b3-4201-a633-87cf11b91fa8\v1\0\anon_events\aa9b9880-8ca6-49ab-a3b5-496198fe05dc

Filesize
10.0MB

MD5
9ee495061c74668bf15a16fcf58679b8

SHA1
7bc84a23c54233805ea9b42dc08bbbb20b5ae8b7

SHA256
13c83341bbeb1fe026f69d6935b25c187d056e1efd7a32b811ab7160e3029ecf

SHA512
920118d8eb12b301e98d24ca873bb75fd31ffb1af5facb85d828390bd00bbab2b3f1d2e67313d612193f9b34adb5d68f064ae8d9dc19a5ff16cae657777397a2

Download Submit
C:\Users\Admin\AppData\Roaming\com.adobe.dunamis\f65a88c9-12b3-4201-a633-87cf11b91fa8\v1\0\anon_events\manifest

Filesize
224B

MD5
995b4ae673ec37c97189b61f8f5105bf

SHA1
e705ed93c44a71d25be9a334ffcdb675daefba8b

SHA256
24f7674888a0b21bab7b410eddec36955c56a98145d8c078f63a56cc1a6dcd96

SHA512
b85554d54035c2710e4ace8e5aea0fa9cc888afe7e74c97b06b5648c4d949a53faf626d5aac880bcd55b4504861124e90610f18916c8a364c28f2744f439c51d

Download Submit
C:\Users\Admin\AppData\Roaming\com.adobe.dunamis\f65a88c9-12b3-4201-a633-87cf11b91fa8\v1\0\meta_events\e440149f-32b1-4d91-8401-ee624b9bd1c9

Filesize
10.0MB

MD5
e97799042c3451c3059a3b5238460bf5

SHA1
385c0be2c9b4b2f56fea25149ff61612d1f0af57

SHA256
6e7de64430aada48c573bf7e5e58ecca66ec6d8ef4d8c646d4132e99a2d234e3

SHA512
772758ed84178bb4c6142df7694577bd96d589ce8a361afde465a438b953fd6ae37d4772f5186e15205b9ff032cf91ed1d1042304619c28999425cc30db54758

Download Submit
C:\Users\Admin\AppData\Roaming\com.adobe.dunamis\f65a88c9-12b3-4201-a633-87cf11b91fa8\v1\0\meta_events\e440149f-32b1-4d91-8401-ee624b9bd1c9

Filesize
10.0MB

MD5
295992b4bdec310d336efc04504e93ed

SHA1
26f748385ee286150cd21fe84ef5f513fe5b2a89

SHA256
09fe114558b4e491321ee320d03db7d66b0819e49a06141d7bc35e4c7f2deaad

SHA512
f70acf9eb7d25413606297d8ddfbe5c4d309dc62e15243a05c9371d01e90952d2f59a23d895cc4a52436d590c97c2b219a8499b481e1be9259cf15c762dde222

Download Submit
C:\Users\Admin\AppData\Roaming\com.adobe.dunamis\f65a88c9-12b3-4201-a633-87cf11b91fa8\v1\0\meta_events\e440149f-32b1-4d91-8401-ee624b9bd1c9

Filesize
10.0MB

MD5
5f0d12c3a81fe144348a099e7921e2ab

SHA1
8882559dacdb907f7f9c1cdbf73ed139c352224e

SHA256
8e8113e7858cef9fd003d8654f672d32586aaa27ad66319647e32b237227854f

SHA512
2577df7faf043268b07a4b34547c4c3ba34427bef12d41a3f50246c60da053385211d2a3f0784d571f2461b1f0025b33dd2d899c617838055e59cd386e74913a

Download Submit
C:\Users\Admin\AppData\Roaming\com.adobe.dunamis\f65a88c9-12b3-4201-a633-87cf11b91fa8\v1\0\meta_events\manifest

Filesize
224B

MD5
4387959a1b761602e26b593c05120bac

SHA1
3c96daa5f00fbeb4f9f8c72f80cd96487346fba3

SHA256
a4468ed2d27af80d957c3ef59990ff9c85c91f0f0b21ae187d542b3340d58221

SHA512
08a61b6f4770372786048e804c93c1984fe45d7d53dd8012459e715ded10b44dded28b2d6081b64c4b7e2777c7910ece947f79f93b46ebef755bf6339224c6e5

Download Submit
memory/2900-65-0x0000000000C00000-0x000000000161F000-memory.dmp

Filesize
10.1MB

Download
memory/2900-32-0x0000000000C00000-0x000000000161F000-memory.dmp

Filesize
10.1MB

Download
memory/2964-0-0x0000000000C00000-0x000000000161F000-memory.dmp

Filesize
10.1MB

Download
memory/2964-31-0x0000000000C00000-0x000000000161F000-memory.dmp

Filesize
10.1MB

Download
memory/2964-26-0x0000000007890000-0x00000000078B0000-memory.dmp

Filesize
128KB

Download
memory/4544-67-0x0000000000C00000-0x000000000161F000-memory.dmp

Filesize
10.1MB

Download
memory/4544-96-0x0000000000C00000-0x000000000161F000-memory.dmp

Filesize
10.1MB

Download
memory/4804-97-0x0000000000C00000-0x000000000161F000-memory.dmp

Filesize
10.1MB

Download
memory/4804-127-0x0000000000C00000-0x000000000161F000-memory.dmp

Filesize
10.1MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads