558805791cafc0c1a6c3fe36abba203bafc04772a9974fb0d17de1e04d4060c9

Analysis

max time kernel
122s
max time network
130s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
18/08/2024, 02:34

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

a50e56d1ff7b41a7a9fd1102ac83e666_JaffaCakes118.exe
Size

243KB
MD5

a50e56d1ff7b41a7a9fd1102ac83e666
SHA1

3dc939fe11eb303ffe00f4432649ed7cd6b6fadc
SHA256

558805791cafc0c1a6c3fe36abba203bafc04772a9974fb0d17de1e04d4060c9
SHA512

3ca99254f01814eeee9e3f7dba899a00749ad66fdf438be7ee9d9d1112062fbe06f038accdf0b23d30e44a586f2291d6a6ee972dc94af1174a88a67e7a342967
SSDEEP

6144:+qTOc8IKTiQPywsKtNBbqUBExSFYEeBs5qZRWsul:+qTOnWMjBNBcSFfeBYaRWs

Score

7^/10

discovery persistence

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2444	lZHCEA5.exe

Loads dropped DLL 3 IoCs

pid	Process
1648	a50e56d1ff7b41a7a9fd1102ac83e666_JaffaCakes118.exe
1648	a50e56d1ff7b41a7a9fd1102ac83e666_JaffaCakes118.exe
2444	lZHCEA5.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Windows\CurrentVersion\Run\MSSMSGS = "rundll32.exe wingvp32.rom,HOzpDtKK"	lZHCEA5.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\wingvp32.rom	lZHCEA5.exe
File opened for modification	C:\Windows\SysWOW64\wingvp32.rom	lZHCEA5.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2744	1648	WerFault.exe	30

System Location Discovery: System Language Discovery 1 TTPs 6 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a50e56d1ff7b41a7a9fd1102ac83e666_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	lZHCEA5.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe

Modifies Internet Explorer settings 1 TTPs 25 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{74775B11-5D0A-11EF-AF94-46A49AEEEEC8} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "430110366"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2804	iexplore.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2804	iexplore.exe
2804	iexplore.exe
2924	IEXPLORE.EXE
2924	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 30 IoCs

description	pid	Process	procid_target
PID 1648 wrote to memory of 2444	1648	a50e56d1ff7b41a7a9fd1102ac83e666_JaffaCakes118.exe	31
PID 1648 wrote to memory of 2444	1648	a50e56d1ff7b41a7a9fd1102ac83e666_JaffaCakes118.exe	31
PID 1648 wrote to memory of 2444	1648	a50e56d1ff7b41a7a9fd1102ac83e666_JaffaCakes118.exe	31
PID 1648 wrote to memory of 2444	1648	a50e56d1ff7b41a7a9fd1102ac83e666_JaffaCakes118.exe	31
PID 2444 wrote to memory of 1720	2444	lZHCEA5.exe	32
PID 2444 wrote to memory of 1720	2444	lZHCEA5.exe	32
PID 2444 wrote to memory of 1720	2444	lZHCEA5.exe	32
PID 2444 wrote to memory of 1720	2444	lZHCEA5.exe	32
PID 1720 wrote to memory of 2804	1720	cmd.exe	34
PID 1720 wrote to memory of 2804	1720	cmd.exe	34
PID 1720 wrote to memory of 2804	1720	cmd.exe	34
PID 1720 wrote to memory of 2804	1720	cmd.exe	34
PID 2804 wrote to memory of 2924	2804	iexplore.exe	35
PID 2804 wrote to memory of 2924	2804	iexplore.exe	35
PID 2804 wrote to memory of 2924	2804	iexplore.exe	35
PID 2804 wrote to memory of 2924	2804	iexplore.exe	35
PID 2444 wrote to memory of 2804	2444	lZHCEA5.exe	34
PID 2444 wrote to memory of 2804	2444	lZHCEA5.exe	34
PID 2444 wrote to memory of 2672	2444	lZHCEA5.exe	36
PID 2444 wrote to memory of 2672	2444	lZHCEA5.exe	36
PID 2444 wrote to memory of 2672	2444	lZHCEA5.exe	36
PID 2444 wrote to memory of 2672	2444	lZHCEA5.exe	36
PID 2444 wrote to memory of 2676	2444	lZHCEA5.exe	38
PID 2444 wrote to memory of 2676	2444	lZHCEA5.exe	38
PID 2444 wrote to memory of 2676	2444	lZHCEA5.exe	38
PID 2444 wrote to memory of 2676	2444	lZHCEA5.exe	38
PID 1648 wrote to memory of 2744	1648	a50e56d1ff7b41a7a9fd1102ac83e666_JaffaCakes118.exe	39
PID 1648 wrote to memory of 2744	1648	a50e56d1ff7b41a7a9fd1102ac83e666_JaffaCakes118.exe	39
PID 1648 wrote to memory of 2744	1648	a50e56d1ff7b41a7a9fd1102ac83e666_JaffaCakes118.exe	39
PID 1648 wrote to memory of 2744	1648	a50e56d1ff7b41a7a9fd1102ac83e666_JaffaCakes118.exe	39

C:\Users\Admin\AppData\Local\Temp\a50e56d1ff7b41a7a9fd1102ac83e666_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\a50e56d1ff7b41a7a9fd1102ac83e666_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:1648
- C:\Users\Admin\AppData\Local\Temp\lZHCEA5.exe
  C:\Users\Admin\AppData\Local\Temp\lZHCEA5.exe SH0hKA2HPzCIO4woWHGP
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Adds Run key to start application
  - Drops file in System32 directory
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:2444
- - C:\Windows\SysWOW64\cmd.exe
    cmd /c start iexplore -embedding
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious use of WriteProcessMemory
    PID:1720
  - - C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -embedding
      4⤵
      Modifies Internet Explorer settings
      Suspicious use of FindShellTrayWindow
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2804
    - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2804 CREDAT:275457 /prefetch:2
        5⤵
        System Location Discovery: System Language Discovery
        Modifies Internet Explorer settings
        Suspicious use of SetWindowsHookEx
        
        PID:2924
- - C:\Windows\SysWOW64\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\oveCF31.bat"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2672
- - C:\Windows\SysWOW64\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\lZHCEA5.bat"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2676
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1648 -s 88
  2⤵
  - Program crash
  PID:2744

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
56bd204603c07a1a2303db52d353292a

SHA1
0902daf67c538637f7fa9882e0e543b83e414d75

SHA256
42e275bcd1400c6c20cc81d3eadec4b1e9d0df23c0a97f50ead2dc740f240d46

SHA512
19d32813daece2baf71b04d443547f0b963e799e43a9d6b62a1bee7f6beeb96e8f3adef3c7c25dde5d0f6e43b3c12317dc3a66ddb309b82a967bfdfdb3088aef

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2479c5b5590c43e8333ef9531b277e5f

SHA1
e74968479aef97664e75bb4750f77bb5e6331ad2

SHA256
ed8fff4a9aadd9a79f97fa4df525beeebd4de2ced13eda5c407ca1c38c143b5b

SHA512
9b55ba2da2b84d73326f90c59899c7d211a70c3ebc77be329beee2f40ab781f82688bd166e390b37cc9fdefe8a340f8383c857f2632be40d3f80f58c9e247a5f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8f69b444354a52ec04763ca621d8433e

SHA1
622587d554d57ff1d025a89a520ad754eaa96cf0

SHA256
57930d36425105164aec0b2d0d44a6c5305f47a02c3afc24024edfe565ab0b97

SHA512
503eac80b89fa4051c622d89f149660f570aab29030cfbe2922be6201ce015cfeb27a614f6f7a05ca2354288f6dd0115e91d66a693774bb1897d33414a4f3b00

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5de0f146ea3822b59df14b7d8927296d

SHA1
65d4047d28abe606d1315bf67742fc0061990d67

SHA256
ea1f1c165f3b49bab49a336ac18bea29d05d5d18bac5e55f128aa23dee0d77b4

SHA512
6fcee10d44b067cc780b3244848992cafd9411c5d02c1facf647203482af06399227224ebef1c1a8a5bc22c58dfdaccef586f626dece7f60b989d58188676cbc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
63673af7a8233b4a55d52102d21ccb5f

SHA1
941068a75c541e331fc135e8112dca58bbee9d93

SHA256
168869785b00de9ac7983df54bf4bf04b06a77b3d9ea06d6a3f0cf2a5406a646

SHA512
f2de7dd8641839e928f264c923287388bc9370cc90a3fd34180a08b5316d232ee4dcb9feaa226ddadfa69a06d21118c10317695163bd8c8f28a6e8135aa8e0e9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f0b6f3b1b2c7678359a81f2bd34fdee4

SHA1
ea80b6b506ed9a1bb13f1c44992ac406a570422a

SHA256
cecf4bff464686c112770037f24f75608bd2d5b7ec424186c325117e3dd90ece

SHA512
c4069e69fe37472ec2836b2e946c56a6f822deb8de5985ba7a82e1ef5a9708db76c1f1aca1b7f9d69a3449dbd8119795027d1a0b8fb83ac5da4284419353b2fc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ca4e15b2a21fcd018c4885752a522f8a

SHA1
c56c325aac0b3a91a94793a18ec39f1d8908daf5

SHA256
042a71709dbd5c396befb9fd179ccfd7861e504773b1e23bb3ddc91292d2f826

SHA512
91e359e6fad31818b0370dcb260a46af607ad83304607cc43c5bc59dde878538cb61ed716114b643b5a0fd59912bf7be713d6cd2e622a388817b2a58386724e1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f3f5635faef34fb903d2181a42dd0adc

SHA1
c73230cf8625bc651c264dc89271a98501007b91

SHA256
40a8177fefeb2b04d570d3374f8ce0f864ecb0dd7a279c2e2b97d2252b8c2b2a

SHA512
f037cccd18d177f3b53b563c08583d764be9cc606d49ac10db614abf1e4d3a0d86a2fcd6620ffa6588cddf853bc5bae481dcf31a6cb59aed56fbfc50cdcf6611

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
62b6fbd5f59eaad783afc8a85ca7f5cb

SHA1
e9bac1e9fd96f3dfe23b86423398ae0b35917ccb

SHA256
b04e4ff8b77e8730aeaa722f787b9b8e75db599cf5ff4c9fb07c77be3505beca

SHA512
582fcd3d569158b31a9f854e45dde7064b01d8d6598e103f1cd603ef97e3ef1892364f0e31e396390dff4933edacc1a7a3a5f45ee6b12c3c19367ba42d8b6615

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4cad8dbb8abd7e0d4cfc2b4a4b214c64

SHA1
c69e59eb1c273c776a347074e0058c299fac64d4

SHA256
d8cc84a5f78d90061beed8f4b47bd95f74a3d34b70145bd47c94ca5cd95f0d98

SHA512
264f4664f3e5ebc74b9f974301f655cd9895985068f32fbc31b031560d3d3fb89c895685c80cb7cfadfa6ac7fe08389b5f676bcc24188ca6623a6b0f5c7449ba

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
424695139264f68725821e74671f592f

SHA1
106f55d6f007780b0f56b1ed0d7df308121e42de

SHA256
e272691dc841e286d35d62e3e9277b06de5e5dda6cb976e52677e9c1696e84fa

SHA512
e6f741de507ffc5db1370df079baa1ac1e97c5a05ee1bce220d7380e268573609a92e13239c1a4aa253445d1890289ddbb08a2ff952fa23bec75008053ebaf25

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabD99F.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarDA3E.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Users\Admin\AppData\Local\Temp\lZHCEA5.bat

Filesize
188B

MD5
0b29498b9aef4a03ea93d9316a490814

SHA1
ad1dca9339886f24630674cb0f48a0d5e4ac8e56

SHA256
5804552a8f62f891868bdede1ea7a72c82d54eedf90d45e8f5f46fc756154447

SHA512
f518fd3871391f677f2f8befe7d23224209554fe6d55a098aa7f8d3796457ed9f2c73360da7e1a443690728d074edbebd7baacb2f1f58f7f6a5766e7ea603e32

Download Submit
C:\Users\Admin\AppData\Local\Temp\oveCF31.bat

Filesize
188B

MD5
c58f6852fa4a8c31c5431850c6aecc1e

SHA1
9b5f77f9c4ed508d2abd98883bf6d1af201a8918

SHA256
1310aabe178ff4c92f456cd2621d0ec547aaf6f1b94db22c87761b2ccef26eb9

SHA512
bbc439ddac23291feb8bb731536eb3adf68dbe2a9cef0447f5015ccac27ffafa88a9127d9ad9262a533049aa5d2ebf551ee83912db8413bcbc0ce005f1967d06

Download Submit
C:\Windows\SysWOW64\wingvp32.rom

Filesize
104KB

MD5
eac3a853a02827653c3bf047be6ab14c

SHA1
e84c3f8b81d5cdaa8b1d640a89c40c57c3257e79

SHA256
cc60d73ba91dc6bc05d2bdf04541629260ddde5f00988cd94a1cdc56f998c452

SHA512
1b385009711ce73d1bb28f092dc6627949e07b252f5c723e0bdb550114c49326bf63ecc72e89232ed7c6745ac2059b945807788fd3681fbd1eab76912f8510f6

Download Submit
\Users\Admin\AppData\Local\Temp\lZHCEA5.exe

Filesize
173KB

MD5
58bb15ca8f88c2fe53c55809d2aaf1eb

SHA1
eb76d531a097876c806bfd1807128a365f202e0a

SHA256
527385425df03f0768331f6e78edafa04182efaf20043002860f173b24f5bba2

SHA512
a91299042520ba8e2760afaaaba89372fd6512844a3c042173591d35661d00e0354175d0134d2c9c8f207b461cbde3d7c867affc9622f1db1f2c486f1f5e1974

Download Submit
memory/1648-3-0x00000000001B0000-0x00000000001E0000-memory.dmp

Filesize
192KB

Download
memory/1648-483-0x00000000001B0000-0x00000000001E0000-memory.dmp

Filesize
192KB

Download
memory/2444-50-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download
memory/2444-10-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download
memory/2444-11-0x0000000000020000-0x0000000000022000-memory.dmp

Filesize
8KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads