0d7542ed723304f33fe4263adc5c430c16bbda16b804a74c5f6bff97060e1570

Analysis

max time kernel
150s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
17/08/2024, 07:59

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

a1c16280bb9eae87f7e124706d32fd2c_JaffaCakes118.exe
Size

1.3MB
MD5

a1c16280bb9eae87f7e124706d32fd2c
SHA1

171170d4edb29ef390052a89e063ab866217c244
SHA256

0d7542ed723304f33fe4263adc5c430c16bbda16b804a74c5f6bff97060e1570
SHA512

e9fc9068fc88ff1cde15613f0c36c98a41b190a5717de65ee4d6688973b05e0dcd4248e61d5c0b9c149f733b9c0e8842eca4baf38d96bd4f4a590d2242684ef6
SSDEEP

24576:v+sDdU+YdDpOAQxiY9Z/sQuzZOh5jkTZ3Qu8NEYUym5:fdknQxi4yHzQhhCZ3QuZ

Score

8^/10

discovery persistence

Malware Config

Signatures

Drops file in Drivers directory 1 IoCs

description	ioc	Process
File created	C:\Windows\System32\drivers\KAPFA.sys	KASetup.exe

Executes dropped EXE 5 IoCs

pid	Process
3308	KAgentSilent.exe
5080	KASetup.exe
684	KaUsrTsk.exe
3552	AgentMon.exe
4960	AgentMon.exe

Loads dropped DLL 3 IoCs

pid	Process
4960	AgentMon.exe
4960	AgentMon.exe
4960	AgentMon.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\KASHVRTPCX82039399054846 = "\"C:\\Program Files (x86)\\Kaseya\\VRTPCX82039399054846\\KaUsrTsk.exe\""	KASetup.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in System32 directory 1 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\KaseyaSP.dll	KASetup.exe

Drops file in Program Files directory 31 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Kaseya\VRTPCX82039399054846\LogParser.dll	KASetup.exe
File created	C:\Program Files (x86)\Kaseya\VRTPCX82039399054846\KasStats.log	KASetup.exe
File created	C:\Program Files (x86)\Kaseya\VRTPCX82039399054846\Package.xml	KASetup.exe
File created	C:\Program Files (x86)\Kaseya\VRTPCX82039399054846\AgentMon.exe	KASetup.exe
File created	C:\Program Files (x86)\Kaseya\VRTPCX82039399054846\KEventLog.dll	KASetup.exe
File created	C:\Program Files (x86)\Kaseya\VRTPCX82039399054846\kGetELMg64.exe	KASetup.exe
File created	C:\Program Files (x86)\Kaseya\VRTPCX82039399054846\KAgentExt.dll	KASetup.exe
File created	C:\Program Files (x86)\Kaseya\VRTPCX82039399054846\custom\noremote.ico	a1c16280bb9eae87f7e124706d32fd2c_JaffaCakes118.exe
File created	C:\Program Files (x86)\Kaseya\VRTPCX82039399054846\KASetup.exe	KASetup.exe
File created	C:\Program Files (x86)\Kaseya\VRTPCX82039399054846\KaUsrTsk.exe	KASetup.exe
File created	C:\Program Files (x86)\Kaseya\VRTPCX82039399054846\drivers\KAPFA.sys	KASetup.exe
File created	C:\Program Files (x86)\Kaseya\VRTPCX82039399054846\KaseyaD.ini	KASetup.exe
File created	C:\Program Files (x86)\Kaseya\VRTPCX82039399054846\KasAgent.log	KASetup.exe
File created	C:\Program Files (x86)\Kaseya\VRTPCX82039399054846\KasError.log	KASetup.exe
File created	C:\Program Files (x86)\Kaseya\VRTPCX82039399054846\custom\online.ico	a1c16280bb9eae87f7e124706d32fd2c_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Kaseya\VRTPCX82039399054846\lastChk.txt	AgentMon.exe
File opened for modification	C:\Program Files (x86)\Kaseya\VRTPCX82039399054846\KASetup.exe	KASetup.exe
File created	C:\Program Files (x86)\Kaseya\VRTPCX82039399054846\sporder.dll	KASetup.exe
File opened for modification	C:\Program Files (x86)\Kaseya\VRTPCX82039399054846\AgentMon.log	AgentMon.exe
File opened for modification	C:\Program Files (x86)\Kaseya\VRTPCX82039399054846\KasError.log	AgentMon.exe
File created	C:\Program Files (x86)\Kaseya\VRTPCX82039399054846\lastChk.txt	AgentMon.exe
File created	C:\Program Files (x86)\Kaseya\VRTPCX82039399054846\drivers\KaseyaD.VXD	KASetup.exe
File created	C:\Program Files (x86)\Kaseya\VRTPCX82039399054846\drivers\KaseyaSP.dll	KASetup.exe
File opened for modification	C:\Program Files (x86)\Kaseya\VRTPCX82039399054846\AgentMon.log	AgentMon.exe
File created	C:\Program Files (x86)\Kaseya\VRTPCX82039399054846\KPrtPng.exe	KASetup.exe
File created	C:\Program Files (x86)\Kaseya\VRTPCX82039399054846\custom\blink.ico	a1c16280bb9eae87f7e124706d32fd2c_JaffaCakes118.exe
File created	C:\Program Files (x86)\Kaseya\VRTPCX82039399054846\KasFirewall.log	KASetup.exe
File opened for modification	C:\Program Files (x86)\Kaseya\VRTPCX82039399054846\KaseyaD.ini	a1c16280bb9eae87f7e124706d32fd2c_JaffaCakes118.exe
File created	C:\Program Files (x86)\Kaseya\VRTPCX82039399054846\custom\offline.ico	a1c16280bb9eae87f7e124706d32fd2c_JaffaCakes118.exe
File created	C:\Program Files (x86)\Kaseya\VRTPCX82039399054846\drivers\KAPFA64.sys	KASetup.exe
File created	C:\Program Files (x86)\Kaseya\VRTPCX82039399054846\KaseyaFW.ini	KASetup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 6 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a1c16280bb9eae87f7e124706d32fd2c_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	KAgentSilent.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	KASetup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AgentMon.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	KaUsrTsk.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AgentMon.exe

Suspicious behavior: LoadsDriver 1 IoCs

pid	Process
656	Process not Found

Suspicious use of FindShellTrayWindow 5 IoCs

pid	Process
684	KaUsrTsk.exe
684	KaUsrTsk.exe
684	KaUsrTsk.exe
684	KaUsrTsk.exe
684	KaUsrTsk.exe

Suspicious use of SendNotifyMessage 5 IoCs

pid	Process
684	KaUsrTsk.exe
684	KaUsrTsk.exe
684	KaUsrTsk.exe
684	KaUsrTsk.exe
684	KaUsrTsk.exe

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 1292 wrote to memory of 3308	1292	a1c16280bb9eae87f7e124706d32fd2c_JaffaCakes118.exe	84
PID 1292 wrote to memory of 3308	1292	a1c16280bb9eae87f7e124706d32fd2c_JaffaCakes118.exe	84
PID 1292 wrote to memory of 3308	1292	a1c16280bb9eae87f7e124706d32fd2c_JaffaCakes118.exe	84
PID 3308 wrote to memory of 5080	3308	KAgentSilent.exe	85
PID 3308 wrote to memory of 5080	3308	KAgentSilent.exe	85
PID 3308 wrote to memory of 5080	3308	KAgentSilent.exe	85
PID 1292 wrote to memory of 684	1292	a1c16280bb9eae87f7e124706d32fd2c_JaffaCakes118.exe	95
PID 1292 wrote to memory of 684	1292	a1c16280bb9eae87f7e124706d32fd2c_JaffaCakes118.exe	95
PID 1292 wrote to memory of 684	1292	a1c16280bb9eae87f7e124706d32fd2c_JaffaCakes118.exe	95
PID 1292 wrote to memory of 3552	1292	a1c16280bb9eae87f7e124706d32fd2c_JaffaCakes118.exe	96
PID 1292 wrote to memory of 3552	1292	a1c16280bb9eae87f7e124706d32fd2c_JaffaCakes118.exe	96
PID 1292 wrote to memory of 3552	1292	a1c16280bb9eae87f7e124706d32fd2c_JaffaCakes118.exe	96

C:\Users\Admin\AppData\Local\Temp\a1c16280bb9eae87f7e124706d32fd2c_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\a1c16280bb9eae87f7e124706d32fd2c_JaffaCakes118.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:1292
- C:\Users\Admin\AppData\Local\Temp\KAgentSilent.exe
  KAgentSilent.exe /s /a /k /g VRTPCX82039399054846 /l "C:\Users\Admin\AppData\Local\Temp\KASetup.log" /v "1"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:3308
- - C:\Users\Admin\AppData\Local\Temp\pft99E0.tmp\KASetup.exe
    "C:\Users\Admin\AppData\Local\Temp\pft99E0.tmp\KASetup.exe" /k /g VRTPCX82039399054846 /l "C:\Users\Admin\AppData\Local\Temp\KASetup.log" /v "1" /s
    3⤵
    - Drops file in Drivers directory
    - Executes dropped EXE
    - Adds Run key to start application
    - Drops file in System32 directory
    - Drops file in Program Files directory
    - System Location Discovery: System Language Discovery
    PID:5080
- C:\Program Files (x86)\Kaseya\VRTPCX82039399054846\KaUsrTsk.exe
  KaUsrTsk.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:684
- C:\Program Files (x86)\Kaseya\VRTPCX82039399054846\AgentMon.exe
  agentmon.exe
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  PID:3552

C:\Program Files (x86)\Kaseya\VRTPCX82039399054846\AgentMon.exe
"C:\Program Files (x86)\Kaseya\VRTPCX82039399054846\AgentMon.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:4960

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Kaseya\VRTPCX82039399054846\AgentMon.log

Filesize
266B

MD5
f838f21e0c8ef437cbca74292e7e0865

SHA1
c966d145c2a13c08fdd1b24120c6d115ce397da8

SHA256
1c77b0c9f6c2bd4630029bd917cb89e0eb427f87c21f46fbcb4d47c14b743ba2

SHA512
011d970cb343384ab357bff4a8f162af8c3895ce68d85018b6b121156575da526e6aa4b80f8a6b9a001bcc5bb30e42306de0b601352976690b7275c337631a97

Download Submit
C:\Program Files (x86)\Kaseya\VRTPCX82039399054846\KaseyaD.ini

Filesize
2KB

MD5
e0bd1effffbced89c21e15d5034a4693

SHA1
749e73a5eeffba08d5100d81e3a3d51b5525680c

SHA256
2c7acabfc4872c11525fbb9f531efdb337f8ccf2c975bdc41aac387b135ca535

SHA512
c888975dbe0a61e90d93268c6aafc5d2f06739aef4f9b9d25720061203137ccf986a82985cc6fdcd5acc194cc564c98d64926590f4f6cb6eb7ab1a355c01d1f4

Download Submit
C:\Program Files (x86)\Kaseya\VRTPCX82039399054846\Package.xml

Filesize
130B

MD5
6fdce69101e646e37f74d15f76bba599

SHA1
5b20fd165624e7b89ca6afe441d70f5a062e761e

SHA256
0d2487a369e419361d5644522f781461f88608329d8c7a713f07f6a652617c09

SHA512
d60c7dd408f0a7e56b00c0ee4feb00fbee08560a726e9b75c04d6a58454a429c9637fccbf3d52f7ee32abac730b476d36f3bdaa8036d3f1f67158d77c0531a12

Download Submit
C:\Program Files (x86)\Kaseya\VRTPCX82039399054846\custom\offline.ico

Filesize
2KB

MD5
b3e73f0d0278520f1b3dda926789d6cd

SHA1
de105b5c07b37fbcf026288df363fba7fe88f05c

SHA256
d11b25c674bd74806191d50d26da19447249f00dcd76e5cdd79905ad934c611a

SHA512
2f86e804cb5aa10cc989288341a9c65a4abeae4df094fde0e0835b72273dca71146ce852dde5bf30b339f9d606988bb32e94d11f784caa540c24d5b2d6ef3173

Download Submit
C:\Program Files (x86)\Kaseya\VRTPCX82039399054846\custom\online.ico

Filesize
2KB

MD5
47a9e5c5d0ee052ee82010687b40a37a

SHA1
602e9ad4234bb138ea6c55d3dea2a2b1d3c04241

SHA256
0bd058377752a660f5d9cb7a3f4eafd498bf24ccc9d52c1cd6bc8900dd0dcb9f

SHA512
4c68c1084ce5d6d0c824342664ee2f03323186c442e4ccbdc18dae1f63788ce265ac7ea234c9dbf929e9d0e7152340e992c9d5587a48b7b49ad81476c03f6dfe

Download Submit
C:\Program Files (x86)\Kaseya\VRTPCX82039399054846\drivers\KAPFA64.sys

Filesize
30KB

MD5
f2f32fa75cfee77419c0ad6291afc7c0

SHA1
7f64472a9c24877a2273bc93ce7c09370362679b

SHA256
7433be0487867dc60329fbe73d62cb7cc86856e9fb62f14749e0898586718e9c

SHA512
d0e97e90081212bf335054941e6282b8d84b44089183443add2353c927c1295d256d29909c582ac94a625b9214877af5b7f2dec5dc6cdfbf1346e6a7418d785f

Download Submit
C:\Program Files (x86)\Kaseya\VRTPCX82039399054846\drivers\KaseyaSP.dll

Filesize
132KB

MD5
897a17111258513e8d762b47cdf67cf5

SHA1
2a306c4937f9bd417a711ab9e183f33bb717f5a5

SHA256
c1e73a9892311cbf08914a96ac5862ecde37cdf8d131a77f87c39f3e6d7fbe13

SHA512
ca48493c0ffde64e87dbe627ff1058c94683de8b983c6b23194f173d585f7b0c7b82d3a9bf3cce8f280c60c232293a62a9f467c5eb4d0afc4a2d6a711d617bdd

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaseya\Kaseya Agent.lnk

Filesize
1KB

MD5
707bd26739c6af938d6ef372378e1196

SHA1
8112e7c69b219385c0dae7edb05a7aeb9a2618b1

SHA256
36f1697102134b9571f49fab4263494170b8d9feb0df6ce0ad3da04083b1b1c6

SHA512
d32ad88dc81b7542e07b475721505d0261c44d1a936c4a392a27f691a19107962a33c6c6b79b489dee8fbe215c0c8e382feecc29f844a42d6e67301cfd7c6f6b

Download Submit
C:\Users\Admin\AppData\Local\Temp\KASetup.log

Filesize
6KB

MD5
3cead11f7267e760747c90b2fcce1e67

SHA1
116c10a0cb65b3c1b77bb9b6b81501799b462756

SHA256
154451537d7c4800fe68431281221115fda5c59c449b584b8e97f480294edac9

SHA512
81e9e6df3107f8944be693834e714994a77507cb41ac0da217b06fc6725b90c07dd9208bb0a87ad8863d7ad20e8816c84ce9c2e5422f2ad02f4f9c67e80f5b0c

Download Submit
C:\Users\Admin\AppData\Local\Temp\KASetup.log

Filesize
10KB

MD5
05c26bbd150817ff82cce68a01f10111

SHA1
2dd9d5d5c1f67578c2c7492627c9bec6b1658a47

SHA256
25ecf74b688731ba5b6ea4deecb2436b64b8c98fc3b9755735a75fd7c42f7343

SHA512
a6921dcc08c7eeb49d20254f36947ea17b70c73c777354fbde938903425e4ac2ca29bdd0137becaa0279726915ffcd7be26993a61eed7285475ebba6b8d36372

Download Submit
C:\Users\Admin\AppData\Local\Temp\KASetup.log

Filesize
2KB

MD5
b790cb94807d395b1c3e9b8010cdf63d

SHA1
0bafc8336703af7f20fb3503e98eced2de6bcf9b

SHA256
70f5acafbb1f4e5a83edd3d3e906aa5aebceab4bb07d57e16c476235140da359

SHA512
38c89ecc48c85a23a69c9bb199e2bb67ca254e76b7d3c479a76da9accf195e1069a12bd809131d69e2377b2be5f6d3e499179732216a759d953d925383757977

Download Submit
C:\Users\Admin\AppData\Local\Temp\KASetup.log

Filesize
3KB

MD5
f1c901eaecbcdc268ba34a6eb0a848cc

SHA1
dbdef8c521495a393ae055fd1ea2d78db12922b5

SHA256
3fed7fde77d7a0064a6146209b671a167c88c7294d5a971df5bd7a0632d80bc5

SHA512
d622cc9fb28f9dff603407f69df497d772267af8bac0f12e3f0dd70ba535b76a8fd7093bc62dbfa9f7f3cf4f69c7576ae6f67522e98ecbcc05d1a913368416fc

Download Submit
C:\Users\Admin\AppData\Local\Temp\KAgentSilent.exe

Filesize
1.2MB

MD5
a8bd35ec8612cd28fa5cfce2bc8e8de5

SHA1
b46ef7189bcf28ec3fe8c652d23cc47dde276005

SHA256
b21438c1af6b35e00a2b02cf34bc214c2bb4ff52c2cef4deb56e74ff6964e16f

SHA512
feb524b91d7379cef67a21f3f17ad0d957445ed99aa26fa655f5eb72e7a1587c0290e87c01e17e47ed0c5a0031e4b88bcfe44641e8886b8fcd1200a0d5348aec

Download Submit
C:\Users\Admin\AppData\Local\Temp\pft99E0.tmp\AgentMon.exe

Filesize
788KB

MD5
bf7dcff200293bbc4b3eb9f41a96135a

SHA1
522e5176b39107dff6dc8e27d327db80263c848d

SHA256
540d2870045880731bb27331bed3d77ac399203a6b213a36ae5b2a18cbc19db3

SHA512
6d3eb1ec516e1e3c9d818d059156aeeb96f61f85fdae57492253e5d1031417122ceb35600b7e1dcdef1303784b9f9d39323d05cfbda8daa7233eb57ad9420e0d

Download Submit
C:\Users\Admin\AppData\Local\Temp\pft99E0.tmp\KAPFA.sys

Filesize
13KB

MD5
9c3abc6d9cc915056f0918469f567975

SHA1
d0a992b0e4a2f48bade0a58bd17a5ca4cf59b067

SHA256
623029374fc651371657f7513928b86266428ab3063ebcb5a08eb7bc774ecb9c

SHA512
7def2205dd23603f45c7d344ef2b93bc43cc6e12165b098f40147393bbe7e68d72100041ae3d58213c2219a5301ee8f51b21bbf4f4a3c48d745ae4b401f9ef92

Download Submit
C:\Users\Admin\AppData\Local\Temp\pft99E0.tmp\KASetup.exe

Filesize
160KB

MD5
7f4ac2a4ff774b018960bb4435b82d26

SHA1
a7f176c263f12ae2e62a91153eb5fb1c298cacd0

SHA256
4b58b6c4cfecabd0ee7aa76244d1a398780903dcc130e0d33de26dd5760eb8f3

SHA512
3b23d3d4504b52b6a4a79c455ed3b55213a4ae559c40e4163411a3768aa924c73d37a0b4a158ffc29584fcc3e5e72375f6d30c060501e8543f9f997d66c098cb

Download Submit
C:\Users\Admin\AppData\Local\Temp\pft99E0.tmp\KAgentExt.dll

Filesize
76KB

MD5
991a25a0ef12e3bfe97f52b601a226cb

SHA1
89f51021aa9f01198542adabc39efb868dc3caaf

SHA256
a8cef71c78870cad05d82ade86ae7f8fb449c478670f8c9feaad5adc59ea0fef

SHA512
11952b2d3181a2b0c305e163383fa5e1f6e62bfa86a635ee4ff294e24bb202ef65062f2de0af0a31eac061541127b09fc0ae69f669d3039ec623deae27503704

Download Submit
C:\Users\Admin\AppData\Local\Temp\pft99E0.tmp\KEventLog.dll

Filesize
128KB

MD5
89c41a5e16f6ff6943c60a46a3e8b616

SHA1
180fee12b85c299e40b35d862c6cd4b3ea64912d

SHA256
c32b639858e84d1443c002b94e26607b4d8129d8fa47cd04a4ce98001d3ba64b

SHA512
1807c3b4aac54b1851714e4ae3d72392ec2be38313939159f3efe3249c3de1fd2ec158535867540a52c2e5f299ac155a221f27e9e7d88834c2312182d142c5a6

Download Submit
C:\Users\Admin\AppData\Local\Temp\pft99E0.tmp\KPrtPng.exe

Filesize
104KB

MD5
92b1394dd0de06e28fb5d7c1ed039076

SHA1
9985e69c32807c66081d4da594ed26556147cfff

SHA256
d5e2eda7a8c2b18faa5e2c22ce2a44bbead55e03ad58c25fbb167cf4e0e8fca2

SHA512
40403d69e91d95fd47b80508a3479b2aeacffe5f7857b252d6d5725642a12f8b3946bc2c73ae5256a87a8796a430733f011249805083b0b035bd6bd385644499

Download Submit
C:\Users\Admin\AppData\Local\Temp\pft99E0.tmp\KaUsrTsk.exe

Filesize
312KB

MD5
dc943974d018699d8584fc0326043c01

SHA1
0b1fd0beceea2a509fc4dbf433373b991d2c6992

SHA256
d86dcd4e4280e524d1e0bd15ac97797683fa5b756734c531f52e2f4824518ca7

SHA512
4a0d9d7cbcd512873c7534a264a17347807d6ce15afd73b17433c2f287dd19458d58a39c0006f0a2ec80ff96a89bf5e1700b56a59372716195d40951838d4e65

Download Submit
C:\Users\Admin\AppData\Local\Temp\pft99E0.tmp\KaseyaD.VXD

Filesize
30KB

MD5
2bdd2b147075c82b1f802f2c503fad22

SHA1
db1472b622e391c931b7f23d828c167023818edd

SHA256
82762843c454aee6002264f1074ac4108a8f4e53b2862fa463cc7ba7345e9949

SHA512
25d722253cf3724afa0b9baba4b8ec67ab4505b27420f3aed65999f5fe33a0bf2091a19ad9d6c4f8e9cfb857b06db0794cb4e90b1786a000cda38d0e9cf3f448

Download Submit
C:\Users\Admin\AppData\Local\Temp\pft99E0.tmp\KaseyaD.ini

Filesize
2KB

MD5
3d8b610262459277622c3a3386a1c02b

SHA1
040550af4cbfe39c82fea4ba99ed011b69e478cf

SHA256
1529153a7259c1f855c932a487b809e357accee33ff5516b9c9b837f3dd5ecb5

SHA512
d13689e3380dea2b21deda5fcbedaf3bbd366d37e0885b6c37fffdf217ecb0176ee225136bf06a0c07550fd2ddc511c49fe85612245d2eb037a47588dc646079

Download Submit
C:\Users\Admin\AppData\Local\Temp\pft99E0.tmp\KaseyaFW.ini

Filesize
2KB

MD5
110bcfd4a9b3ace873e40d41ad039b72

SHA1
5f652ecfb90311a8a2e5a52424d333cc6234f0e0

SHA256
04e0218852ef83d415f1497c56088ec001e3fb72af3b487dbe171be13c636c04

SHA512
fe9f8c2062f4c2280fd6aaab244d97047e53989ba5817911580744d86177fd42f812a402a740c346e891bdd2b95d2086de19b9822239da025860dfd263616f6a

Download Submit
C:\Users\Admin\AppData\Local\Temp\pft99E0.tmp\LogParser.dll

Filesize
132KB

MD5
b5722f2b92962e36044660516645e15b

SHA1
b8166fbc9ccb2495a3d837b5386e2d689ef50d50

SHA256
f02a1b375bedf328e8034022e1cd6ea5f3a97e48c823584386a3a35426fe6b08

SHA512
dee3c5ce22a8153d00938618478494fe314acd30ef00a2c594ba22dd4147378866edb814b48735b86e874d80ce32687dabeeefb65cded29b3138abfe886c7e41

Download Submit
C:\Users\Admin\AppData\Local\Temp\pft99E0.tmp\kGetELMg64.exe

Filesize
94KB

MD5
07a4918403b3b96d9fdeba51ab3cc224

SHA1
268df049b2b19fbf2e2aae2085c85bd67c8dbc27

SHA256
b4acf11dac17dcc26c23f0f148491727056a29f0c22308478be92a8d04278fd5

SHA512
26c7b000984fd4b06b25b8554b4694c52d75a3c77a074509df6444c89befe40013b181262ea56bf3a8d1c7a8d08529c12ca7a13fb3cc36ba891958c589c242fe

Download Submit
C:\Users\Admin\AppData\Local\Temp\pft99E0.tmp\pftw1.pkg

Filesize
916KB

MD5
eb8318ce9a78bd02971ef304a49335f6

SHA1
2fdb8deb511b3ac9c649633a5862562d423abf94

SHA256
6a102e31a7d5575d5643eff76aa74b38064803f2737ecd5ce01cc9c6de0ee862

SHA512
bd679099730e1ea7ebafc14e95ec2d94b3a2ab26bd35cf7961f75a1eb6b481e1cd0cc97b5558f57ce351ff6833ea156f4613c8c765f868d84e5911ae9f023a16

Download Submit
C:\Users\Admin\AppData\Local\Temp\pft99E0.tmp\sporder.dll

Filesize
9KB

MD5
e2050130c7c0ec056a44237bbb8feb43

SHA1
8aab6d37d7b9663896c47b6fcc7fbf89781599df

SHA256
aa06892b2869b24218e21f87070abab39e177f0edfedc30fd9ae169e8faf23f9

SHA512
70507ef106ee91d5970c8ac351c060e329236f4920c96612a160b0db827e0354d5c5aaa096c2b77c301294b9ce680aadd5ade56ce345ad46779bd73901c581a4

Download Submit
memory/4960-256-0x0000000000920000-0x0000000000943000-memory.dmp

Filesize
140KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads