8f643a5f4ef8c250d8b0047629672e660d69ae1b2414e30d2633cf483a0e2889

Analysis

max time kernel
136s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
17/08/2024, 11:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a255e623a782ddccdbcba4e79da5e7ef_JaffaCakes118.exe
Size

163KB
MD5

a255e623a782ddccdbcba4e79da5e7ef
SHA1

20553c96df543c10e007a655f31f7b6923d96fd8
SHA256

8f643a5f4ef8c250d8b0047629672e660d69ae1b2414e30d2633cf483a0e2889
SHA512

f5e00c96a43fafc4fb54f6434f1eeb4b9e5dff3e4a55dbb5ee783819c0a26a99d50c13fdd40fc4b677dd4bca2be56dd33878d281d12226fcb79d56528fa7e586
SSDEEP

3072:PUgmcYpOqQWts5oXpT3uob27b1j3K7tkGaA45McajwuLR5aGdt1:PUgmc2vKoZT+ob0VIxazjmhLH1

Score

7^/10

discovery persistence

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000\Control Panel\International\Geo\Nation	a255e623a782ddccdbcba4e79da5e7ef_JaffaCakes118.exe

Executes dropped EXE 1 IoCs

pid	Process
2548	hotwetlove.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HotWetLove = "c:\\program files\\dialers\\hotwetlove\\hotwetlove.exe /noconnect"	a255e623a782ddccdbcba4e79da5e7ef_JaffaCakes118.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\HotWetLove-uninstall.exe	a255e623a782ddccdbcba4e79da5e7ef_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\HotWetLove-uninstall.exe	a255e623a782ddccdbcba4e79da5e7ef_JaffaCakes118.exe

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File opened for modification	\??\c:\program files\dialers\hotwetlove\hotwetlove.exe	a255e623a782ddccdbcba4e79da5e7ef_JaffaCakes118.exe
File created	\??\c:\program files\dialers\hotwetlove\hotwetlove.exe	a255e623a782ddccdbcba4e79da5e7ef_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	hotwetlove.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ielowutil.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a255e623a782ddccdbcba4e79da5e7ef_JaffaCakes118.exe

Modifies Internet Explorer settings 1 TTPs 38 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000\Software\Microsoft\Internet Explorer\VersionManager	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31125655"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31125655"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31125655"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "3544785304"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 30f114d897f0da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000\SOFTWARE\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 40540bd897f0da01	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "430658727"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000\Software\Microsoft\Internet Explorer\VersionManager	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "3542128816"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003f945ed72d44d3489ac9a36be9e2e8b1000000000200000000001066000000010000200000006e37b285016e259cc26973db161297ec4b0e26bef352aee493ef226e51cde268000000000e8000000002000020000000341b1070bb4d9d597f8ecdff967b401f47c92344da5580a877300489658069c6200000009fc3daea1d6257ebc448e0d28828ea8debaf6d1b01f0c6401f14de2bc3043ca5400000002e2a38f8064de390bfe9ddb3c1a84ea0207853614b671139728182bc7105c30cdab22b9f8c4a8a86078da44e705c94d72f71827b776a16ea875d3adad2b48d12	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003f945ed72d44d3489ac9a36be9e2e8b10000000002000000000010660000000100002000000089b39f874b9dcfcb5cd1366b0a7489645576b5b573a503a82fcc6e11cc73c030000000000e8000000002000020000000f75ac2b4bc3edfc2eda90940c29adacabdd3aaffa2e5f96dd8de5de59d46737b20000000dc68f5a51a305a071dcaf5ddf565993f86204416e9d36e3555d2dd8a22922a60400000000c533e6fe6a2a2edce3c2e39b490cc5a30f9e8f48743349d399957ecb84435e56e30fa9c4bda8acac2ebfc66cad83506ceb7bf3a0dffeeec8fede4d12d39a6fe	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{FEC7BDE9-5C8A-11EF-9A03-6ADB259EA846} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\""	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "3542128816"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe

Modifies data under HKEY_USERS 12 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\software	hotwetlove.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\netscape\netscape navigator\viewers	hotwetlove.exe
Key created	\REGISTRY\USER\.default\software\netscape\netscape navigator\suffixes	hotwetlove.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\netscape\netscape navigator\suffixes\application/x-HWTLV = "HWTLV"	hotwetlove.exe
Key created	\REGISTRY\USER\.default	hotwetlove.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\netscape	hotwetlove.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\netscape\netscape navigator	hotwetlove.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\netscape\netscape navigator\viewers\application/x-HWTLV = "c:\\program files\\dialers\\hotwetlove\\hotwetlove.exe %1"	hotwetlove.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\netscape\netscape navigator\viewers\TYPE1 = "application/x-HWTLV"	hotwetlove.exe
Key created	\REGISTRY\USER\.default\software\netscape\netscape navigator\user trusted external applications	hotwetlove.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\netscape\netscape navigator\user trusted external applications\c:\program files\dialers\hotwetlove\hotwetlove.exe = "yes"	hotwetlove.exe
Key created	\REGISTRY\USER\.default\software\netscape\netscape navigator\viewers	hotwetlove.exe

Modifies registry class 13 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.HWTLV	hotwetlove.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\mime\database\content type\application/x-HWTLV	hotwetlove.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\HWTLV File\shell	hotwetlove.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.HWTLV\Content Type = "application/x-HWTLV"	hotwetlove.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.HWTLV\ = "HWTLV File"	hotwetlove.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\HWTLV File	hotwetlove.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\HWTLV File\shell\open	hotwetlove.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\HWTLV File\shell\open\command	hotwetlove.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\HWTLV File\shell\open\command\ = "c:\\program files\\dialers\\hotwetlove\\hotwetlove.exe %1"	hotwetlove.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\HWTLV File\shell\ = "open"	hotwetlove.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\HWTLV File\ = "HWTLV Data"	hotwetlove.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\HWTLV File\EditFlags = 00000100	hotwetlove.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-HWTLV\Extension = ".HWTLV"	hotwetlove.exe

Suspicious behavior: LoadsDriver 30 IoCs

pid	Process
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
676	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
2548	hotwetlove.exe
2824	iexplore.exe

Suspicious use of SendNotifyMessage 1 IoCs

pid	Process
2548	hotwetlove.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2824	iexplore.exe
2824	iexplore.exe
1652	IEXPLORE.EXE
1652	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 4996 wrote to memory of 2548	4996	a255e623a782ddccdbcba4e79da5e7ef_JaffaCakes118.exe	93
PID 4996 wrote to memory of 2548	4996	a255e623a782ddccdbcba4e79da5e7ef_JaffaCakes118.exe	93
PID 4996 wrote to memory of 2548	4996	a255e623a782ddccdbcba4e79da5e7ef_JaffaCakes118.exe	93
PID 2824 wrote to memory of 1652	2824	iexplore.exe	106
PID 2824 wrote to memory of 1652	2824	iexplore.exe	106
PID 2824 wrote to memory of 1652	2824	iexplore.exe	106

C:\Users\Admin\AppData\Local\Temp\a255e623a782ddccdbcba4e79da5e7ef_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\a255e623a782ddccdbcba4e79da5e7ef_JaffaCakes118.exe"
1⤵
- Checks computer location settings
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:4996
- C:\program files\dialers\hotwetlove\hotwetlove.exe
  "C:\program files\dialers\hotwetlove\hotwetlove.exe" -kill c:\users\admin\appdata\local\temp\a255e623a782ddccdbcba4e79da5e7ef_jaffacakes118.exe /install
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Modifies data under HKEY_USERS
  - Modifies registry class
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:2548

C:\Program Files (x86)\Internet Explorer\ielowutil.exe
"C:\Program Files (x86)\Internet Explorer\ielowutil.exe" -CLSID:{0002DF01-0000-0000-C000-000000000046} -Embedding
1⤵
- System Location Discovery: System Language Discovery
PID:3604

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2824
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2824 CREDAT:17410 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1652

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\dialers\hotwetlove\hotwetlove.exe

Filesize
163KB

MD5
a255e623a782ddccdbcba4e79da5e7ef

SHA1
20553c96df543c10e007a655f31f7b6923d96fd8

SHA256
8f643a5f4ef8c250d8b0047629672e660d69ae1b2414e30d2633cf483a0e2889

SHA512
f5e00c96a43fafc4fb54f6434f1eeb4b9e5dff3e4a55dbb5ee783819c0a26a99d50c13fdd40fc4b677dd4bca2be56dd33878d281d12226fcb79d56528fa7e586

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\BOIFDBOU\suggestions[1].en-US

Filesize
17KB

MD5
5a34cb996293fde2cb7a4ac89587393a

SHA1
3c96c993500690d1a77873cd62bc639b3a10653f

SHA256
c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

SHA512
e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\HotWetLove.lnk

Filesize
984B

MD5
b2261724f79c6ceae9273db103587d5f

SHA1
2ae007ff305a8b7e18c963eb357e100100bf4344

SHA256
9214aca7454d131187c089f5d8084e7a8612130bddd2017848059feab76e3b59

SHA512
cc48090ea203caba92eb5aab602522fa718a0545358e315ba5dc92f57739b53f2d7eca054def1b76c8a895e12d7991117088150b881ca2cdff96c1ccaecc59a5

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HotWetLove.lnk

Filesize
990B

MD5
f9dfe456818c63930033b30108fe9db0

SHA1
1fae629bab2c00a2dcd53f3a5650703090cc8d34

SHA256
449ed8b71352527154d287cb46b0ee5f5b9b965b9a1bb16c3138af440d79b399

SHA512
8f97094adfc0711f9e820e5b6f78c7bf15e56552b1d1f8a86264684521fa0b6a436e7568640c46aab4f8af9597215fb3fcaf74c9ce778ad8adf6bf4604a00b07

Download Submit
C:\Users\Admin\Desktop\HotWetLove.lnk

Filesize
960B

MD5
4b84f99456c8480734dc401612ea09c4

SHA1
dd18dee15172bc3d7d895af780f32e7a733a32b0

SHA256
5dc9b86dd4eab238973f7129017a83124982f774422dbeef065716239b152b31

SHA512
02b76660387b897bfe88e8e3db29cd70c2880d8c5e8ad3cdedb0c421749edffafb483517f6e5113d0e66c967952361c7123eaeb128cd9967bd10c1c430db732d

Download Submit
memory/2548-37-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/4996-0-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/4996-36-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads