f7ad1bbb7a6e2d9a7af4727457fa727c105f3f3391f3720f5f8c33bbabee2c27

Analysis

max time kernel
148s
max time network
105s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
23/08/2024, 22:41

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

bd73dab3f6dcc0aaa555c18759d224db_JaffaCakes118.exe
Size

1.6MB
MD5

bd73dab3f6dcc0aaa555c18759d224db
SHA1

02f66a1776e91727c2a865482a934f64831d67c5
SHA256

f7ad1bbb7a6e2d9a7af4727457fa727c105f3f3391f3720f5f8c33bbabee2c27
SHA512

88d2e7fa73836ecf4251b0e836abd120f5160d059f88ef5026ad7c4232f7013193639e82b629d184da797e0413baa14bb148312b6dec1a0c973ed66b40b04ebc
SSDEEP

49152:Q86xqVcnTfDeH7knkfPL94kIF2TGS/pgdSQ8v8c/x:J+lnTfDeww5GS/pgdSQE

Score

8^/10

discovery persistence

Malware Config

Signatures

Sets service image path in registry 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\WinVNC4\ImagePath = "\"$Program Files$\\RealVNC\\VNC4\\WinVNC4.exe\" -service"	Real_Silent.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\WinVNC4\ImagePath = "\"C:\\Program Files (x86)\\RealVNC\\VNC4\\WinVNC4.exe\" -service"	Real_Silent.exe

Executes dropped EXE 5 IoCs

pid	Process
2220	ShExecuteEx.exe
4908	kix32.exe
3964	Real_Silent.exe
2108	winvnc4.exe
3440	winvnc4.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 16 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\RealVNC	Real_Silent.exe
File opened for modification	C:\Program Files (x86)\RealVNC\VNC4\unins000.exe	Real_Silent.exe
File opened for modification	C:\Program Files (x86)\RealVNC\VNC4\vncviewer.exe	Real_Silent.exe
File created	C:\Program Files (x86)\RealVNC\VNC4\winvnc4.exe	Real_Silent.exe
File opened for modification	C:\Program Files (x86)\RealVNC\VNC4\winvnc4.exe	Real_Silent.exe
File created	C:\Program Files (x86)\RealVNC\VNC4\unins000.exe	Real_Silent.exe
File opened for modification	C:\Program Files (x86)\RealVNC\VNC4\vncconfig.exe	Real_Silent.exe
File created	C:\Program Files (x86)\RealVNC\VNC4\vncviewer.exe	Real_Silent.exe
File created	C:\Program Files (x86)\RealVNC\VNC4\logmessages.dll	Real_Silent.exe
File opened for modification	C:\Program Files (x86)\RealVNC\VNC4\logmessages.dll	Real_Silent.exe
File opened for modification	C:\Program Files (x86)\RealVNC\VNC4\unins000.dat	Real_Silent.exe
File created	C:\Program Files (x86)\RealVNC\VNC4\wm_hooks.dll	Real_Silent.exe
File opened for modification	C:\Program Files (x86)\RealVNC\VNC4\wm_hooks.dll	Real_Silent.exe
File opened for modification	C:\Program Files (x86)\RealVNC\VNC4	Real_Silent.exe
File created	C:\Program Files (x86)\RealVNC\VNC4\unins000.dat	Real_Silent.exe
File created	C:\Program Files (x86)\RealVNC\VNC4\vncconfig.exe	Real_Silent.exe

Drops file in Windows directory 8 IoCs

description	ioc	Process
File created	C:\Windows\Prefetch\WINVNC4.EXE-12B3527D.pf	Real_Silent.exe
File opened for modification	C:\Windows\Prefetch\WINVNC4.EXE-12B3527D.pf	Real_Silent.exe
File created	C:\Windows\Prefetch\IS-O03AD.TMP-0D36D9D6.pf	Real_Silent.exe
File opened for modification	C:\Windows\Prefetch\IS-O03AD.TMP-0D36D9D6.pf	Real_Silent.exe
File created	C:\Windows\Prefetch\REALVNC_SILENT.EXE-112CBCA1.pf	Real_Silent.exe
File opened for modification	C:\Windows\Prefetch\REALVNC_SILENT.EXE-112CBCA1.pf	Real_Silent.exe
File created	C:\Windows\Prefetch\VNCCONFIG.EXE-0F7DCF7A.pf	Real_Silent.exe
File opened for modification	C:\Windows\Prefetch\VNCCONFIG.EXE-0F7DCF7A.pf	Real_Silent.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 17 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	net.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Real_Silent.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	net1.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ShExecuteEx.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	net1.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regedit.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	kix32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	winvnc4.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	bd73dab3f6dcc0aaa555c18759d224db_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	net.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	net.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	net1.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	winvnc4.exe

Modifies registry class 12 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\VNC.ConnectionInfo\shell\open\command	Real_Silent.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.vnc\ = "VNC.ConnectionInfo"	Real_Silent.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\VNC.ConnectionInfo	Real_Silent.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\VNC.ConnectionInfo\DefaultIcon	Real_Silent.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\VNC.ConnectionInfo\DefaultIcon\ = "C:\\Program Files (x86)\\RealVNC\\VNC4\\vncviewer.exe,0"	Real_Silent.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\VNC.ConnectionInfo\shell	Real_Silent.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\VNC.ConnectionInfo\ = "VNC Connection Info"	Real_Silent.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.vnc	Real_Silent.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\VNC.ConnectionInfo\DefaultIcon\ = "$Program Files$\\RealVNC\\VNC4\\vncviewer.exe,0"	Real_Silent.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\VNC.ConnectionInfo\shell\open	Real_Silent.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\VNC.ConnectionInfo\shell\open\command\ = "\"$Program Files$\\RealVNC\\VNC4\\vncviewer.exe\" -config \"%1\""	Real_Silent.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\VNC.ConnectionInfo\shell\open\command\ = "\"C:\\Program Files (x86)\\RealVNC\\VNC4\\vncviewer.exe\" -config \"%1\""	Real_Silent.exe

Runs .reg file with regedit 1 IoCs

pid	Process
1876	regedit.exe

Runs net.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeBackupPrivilege	3964	Real_Silent.exe
Token: SeRestorePrivilege	3964	Real_Silent.exe
Token: SeSecurityPrivilege	3964	Real_Silent.exe
Token: SeTakeOwnershipPrivilege	3964	Real_Silent.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2556	bd73dab3f6dcc0aaa555c18759d224db_JaffaCakes118.exe
3964	Real_Silent.exe
3440	winvnc4.exe
3440	winvnc4.exe
2556	bd73dab3f6dcc0aaa555c18759d224db_JaffaCakes118.exe
3440	winvnc4.exe
3440	winvnc4.exe
3440	winvnc4.exe
3440	winvnc4.exe
3440	winvnc4.exe
3440	winvnc4.exe
3440	winvnc4.exe
3440	winvnc4.exe
3440	winvnc4.exe
3440	winvnc4.exe
3440	winvnc4.exe
3440	winvnc4.exe
3440	winvnc4.exe
3440	winvnc4.exe
3440	winvnc4.exe
3440	winvnc4.exe
3440	winvnc4.exe
3440	winvnc4.exe
3440	winvnc4.exe
3440	winvnc4.exe
3440	winvnc4.exe
3440	winvnc4.exe
3440	winvnc4.exe
3440	winvnc4.exe
3440	winvnc4.exe
3440	winvnc4.exe
3440	winvnc4.exe
3440	winvnc4.exe
3440	winvnc4.exe
3440	winvnc4.exe
3440	winvnc4.exe
3440	winvnc4.exe
3440	winvnc4.exe
3440	winvnc4.exe
3440	winvnc4.exe
3440	winvnc4.exe
3440	winvnc4.exe
3440	winvnc4.exe
3440	winvnc4.exe
3440	winvnc4.exe
3440	winvnc4.exe
3440	winvnc4.exe
3440	winvnc4.exe
3440	winvnc4.exe
3440	winvnc4.exe
3440	winvnc4.exe
3440	winvnc4.exe
3440	winvnc4.exe
3440	winvnc4.exe
3440	winvnc4.exe
3440	winvnc4.exe
3440	winvnc4.exe
3440	winvnc4.exe
3440	winvnc4.exe
3440	winvnc4.exe
3440	winvnc4.exe
3440	winvnc4.exe
3440	winvnc4.exe
3440	winvnc4.exe

Suspicious use of SendNotifyMessage 2 IoCs

pid	Process
2556	bd73dab3f6dcc0aaa555c18759d224db_JaffaCakes118.exe
2556	bd73dab3f6dcc0aaa555c18759d224db_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
3964	Real_Silent.exe
3964	Real_Silent.exe

Suspicious use of WriteProcessMemory 45 IoCs

description	pid	Process	procid_target
PID 2556 wrote to memory of 2220	2556	bd73dab3f6dcc0aaa555c18759d224db_JaffaCakes118.exe	84
PID 2556 wrote to memory of 2220	2556	bd73dab3f6dcc0aaa555c18759d224db_JaffaCakes118.exe	84
PID 2556 wrote to memory of 2220	2556	bd73dab3f6dcc0aaa555c18759d224db_JaffaCakes118.exe	84
PID 2220 wrote to memory of 4908	2220	ShExecuteEx.exe	85
PID 2220 wrote to memory of 4908	2220	ShExecuteEx.exe	85
PID 2220 wrote to memory of 4908	2220	ShExecuteEx.exe	85
PID 4908 wrote to memory of 1036	4908	kix32.exe	89
PID 4908 wrote to memory of 1036	4908	kix32.exe	89
PID 4908 wrote to memory of 1036	4908	kix32.exe	89
PID 1036 wrote to memory of 3676	1036	cmd.exe	90
PID 1036 wrote to memory of 3676	1036	cmd.exe	90
PID 1036 wrote to memory of 3676	1036	cmd.exe	90
PID 3676 wrote to memory of 4240	3676	net.exe	91
PID 3676 wrote to memory of 4240	3676	net.exe	91
PID 3676 wrote to memory of 4240	3676	net.exe	91
PID 4908 wrote to memory of 2288	4908	kix32.exe	92
PID 4908 wrote to memory of 2288	4908	kix32.exe	92
PID 4908 wrote to memory of 2288	4908	kix32.exe	92
PID 2288 wrote to memory of 2560	2288	cmd.exe	93
PID 2288 wrote to memory of 2560	2288	cmd.exe	93
PID 2288 wrote to memory of 2560	2288	cmd.exe	93
PID 2560 wrote to memory of 3228	2560	net.exe	94
PID 2560 wrote to memory of 3228	2560	net.exe	94
PID 2560 wrote to memory of 3228	2560	net.exe	94
PID 4908 wrote to memory of 3964	4908	kix32.exe	96
PID 4908 wrote to memory of 3964	4908	kix32.exe	96
PID 4908 wrote to memory of 3964	4908	kix32.exe	96
PID 4908 wrote to memory of 1252	4908	kix32.exe	98
PID 4908 wrote to memory of 1252	4908	kix32.exe	98
PID 4908 wrote to memory of 1252	4908	kix32.exe	98
PID 1252 wrote to memory of 1876	1252	cmd.exe	99
PID 1252 wrote to memory of 1876	1252	cmd.exe	99
PID 1252 wrote to memory of 1876	1252	cmd.exe	99
PID 4908 wrote to memory of 2108	4908	kix32.exe	100
PID 4908 wrote to memory of 2108	4908	kix32.exe	100
PID 4908 wrote to memory of 2108	4908	kix32.exe	100
PID 4908 wrote to memory of 1644	4908	kix32.exe	103
PID 4908 wrote to memory of 1644	4908	kix32.exe	103
PID 4908 wrote to memory of 1644	4908	kix32.exe	103
PID 1644 wrote to memory of 4212	1644	cmd.exe	104
PID 1644 wrote to memory of 4212	1644	cmd.exe	104
PID 1644 wrote to memory of 4212	1644	cmd.exe	104
PID 4212 wrote to memory of 4080	4212	net.exe	105
PID 4212 wrote to memory of 4080	4212	net.exe	105
PID 4212 wrote to memory of 4080	4212	net.exe	105

C:\Users\Admin\AppData\Local\Temp\bd73dab3f6dcc0aaa555c18759d224db_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\bd73dab3f6dcc0aaa555c18759d224db_JaffaCakes118.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2556
- C:\Users\Admin\AppData\Local\Temp\240617500\ShExecuteEx.exe
  "C:\Users\Admin\AppData\Local\Temp\240617500\ShExecuteEx.exe" /ShIni:"kix32.exe.ini"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:2220
- - C:\Users\Admin\AppData\Local\Temp\240617500\Scripts\kix32.exe
    "Scripts\kix32.exe" "RealSilent.kix"
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of WriteProcessMemory
    PID:4908
  - - C:\Windows\SysWOW64\cmd.exe
      cmd /c net stop winvnc4
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious use of WriteProcessMemory
      PID:1036
    - - C:\Windows\SysWOW64\net.exe
        
        net stop winvnc4
        5⤵
        System Location Discovery: System Language Discovery
        Suspicious use of WriteProcessMemory
        
        PID:3676
      - C:\Windows\SysWOW64\net1.exe
        
        C:\Windows\system32\net1 stop winvnc4
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4240
  - - C:\Windows\SysWOW64\cmd.exe
      cmd /c net stop winvnc
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious use of WriteProcessMemory
      PID:2288
    - - C:\Windows\SysWOW64\net.exe
        
        net stop winvnc
        5⤵
        System Location Discovery: System Language Discovery
        Suspicious use of WriteProcessMemory
        
        PID:2560
      - C:\Windows\SysWOW64\net1.exe
        
        C:\Windows\system32\net1 stop winvnc
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3228
  - - C:\Users\Admin\AppData\Local\Temp\240617500\Scripts\Real_Silent.exe
      "C:\Users\Admin\AppData\Local\Temp\240617500\Scripts\Real_Silent.exe"
      4⤵
      Sets service image path in registry
      Executes dropped EXE
      Drops file in Program Files directory
      Drops file in Windows directory
      System Location Discovery: System Language Discovery
      Modifies registry class
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of FindShellTrayWindow
      Suspicious use of SetWindowsHookEx
      PID:3964
  - - C:\Windows\SysWOW64\cmd.exe
      cmd /C regedit /s "C:\Users\Admin\AppData\Local\Temp\\vnc.reg"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious use of WriteProcessMemory
      PID:1252
    - - C:\Windows\SysWOW64\regedit.exe
        
        regedit /s "C:\Users\Admin\AppData\Local\Temp\\vnc.reg"
        5⤵
        System Location Discovery: System Language Discovery
        Runs .reg file with regedit
        
        PID:1876
  - - C:\Program Files (x86)\RealVNC\VNC4\winvnc4.exe
      "C:\Program Files (x86)\RealVNC\VNC4\winvnc4.exe" -register
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      PID:2108
  - - C:\Windows\SysWOW64\cmd.exe
      cmd /C net start winvnc4
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious use of WriteProcessMemory
      PID:1644
    - - C:\Windows\SysWOW64\net.exe
        
        net start winvnc4
        5⤵
        System Location Discovery: System Language Discovery
        Suspicious use of WriteProcessMemory
        
        PID:4212
      - C:\Windows\SysWOW64\net1.exe
        
        C:\Windows\system32\net1 start winvnc4
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4080

C:\Program Files (x86)\RealVNC\VNC4\winvnc4.exe
"C:\Program Files (x86)\RealVNC\VNC4\winvnc4.exe" -service
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of FindShellTrayWindow
PID:3440

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\RealVNC\VNC4\winvnc4.exe

Filesize
428KB

MD5
bda11f9ab8629313950cef60ec1dbe1d

SHA1
be12db7480655f64f7759bcf26f7a25d9e301b8e

SHA256
c868a24f712f7e5d04878b6fb109ee2b62d7d6ead1ba5d804f47b6a8977492a6

SHA512
67e074c9a789c537deaf4710b0b6593181ba9c4a656d676c135ea2ee8ae932272255ff8ab5e4b000338350ad4bcfe2e75e5e76709ecd3356398cb1641cabc30c

Download Submit
C:\Users\Admin\AppData\Local\Temp\240617500\Scripts\RealSilent.kix

Filesize
2KB

MD5
5604b76dcba1472227018330d8fa7592

SHA1
cb856732993eaabd93abc0803ae37fd056d16f80

SHA256
87dd1006832becf9ad715fd9dc29b9945a0a45af339102442b8951f9e9712e4e

SHA512
a88fa5dacfce79f290a632267522688050a4b51606b7e14adc8e495ad39fc0ea62a47ceade745ec67538b6eeb989dd3b5acdf354548e0707d4ab2c63db253b51

Download Submit
C:\Users\Admin\AppData\Local\Temp\240617500\Scripts\Real_silent.exe

Filesize
2.0MB

MD5
e8e76dcacc1a8bf4a45a7cd153daa283

SHA1
638a5d2fa6a54b489b95b3a0eba4ebf05391ec08

SHA256
4774e5c870ca40b24710a3b07116962888d2609495d245faeacf2b72d0bfbfc9

SHA512
b74b5047553b3aef03b8434b823215c4aef3f925433ea8d2e846973c16b2148ffeb32bb337826d92710984e0c78aa00ff1eee2eb94c01a1bc87aef7059ab894e

Download Submit
C:\Users\Admin\AppData\Local\Temp\240617500\Scripts\kix32.exe

Filesize
240KB

MD5
3e6af9eb16d8f5b70d8a57d04ac6047b

SHA1
2070f4ed298f48c23fa91a9b79bccfd5761eabc3

SHA256
0db649eca771ae280dcc363ef5940a39e9cc0d2521786956d9c8d39addc0212b

SHA512
0f0cb5642c79837d6650c8e906baf2abdb78ddebb483fac2deba5139e400e5c1f25d4c95facfe72b275fbd8628b908d00a139922c30c3b450e90b152a7d2499d

Download Submit
C:\Users\Admin\AppData\Local\Temp\240617500\ShExecuteEx.exe

Filesize
68KB

MD5
b2ba2ce0203793dc3603b597ec75c4f9

SHA1
55fca9b71413dc10018ec37bb10d0fc16900643b

SHA256
2eb6fcf7add6df792e1d5c5d6d24a8fa67fc975d7ce6b89fd3730c869b8031a3

SHA512
70dabcb718dbf38f8cf8dab6debde4eb5c00adbcc671f606e1f162e81002505627eab8c1d289f265ff8c0eb2145169c26172d34a1d0ccd5c617d7f03c4582295

Download Submit
C:\Users\Admin\AppData\Local\Temp\240617500\kix32.exe.ini

Filesize
450B

MD5
e59492e3a371d9003f43b9f25b3c1ff1

SHA1
7935761935f90fe9c02756f42ee16e562a3733ae

SHA256
e59706cefb093ecb7bd6f4075e38ff3bf64926c1c4eea0a0950294998744be7c

SHA512
56e45d0a77147b5f3a61d39d48d31d587e1d3d88b2a9616b3211b6294c18df3c2984cf6ca03ea8a16c634baf0f584652aa6f79f122d9f99a5cf32d26d45a9dfa

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads