c85ac1cd2cd5d00dd21d6a08c88bb2f4fd92ceb31c8a324788200dc956ab46f8

Analysis

max time kernel
121s
max time network
135s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
23/08/2024, 11:45

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

bb97c65a7356aebabd0305888eeb8699_JaffaCakes118.exe
Size

510KB
MD5

bb97c65a7356aebabd0305888eeb8699
SHA1

2d966f8c24e22cae7d6c52d7606e191158367e84
SHA256

c85ac1cd2cd5d00dd21d6a08c88bb2f4fd92ceb31c8a324788200dc956ab46f8
SHA512

6d9042b1a1c67b601cf2e42f1ddc04e2a42187a960ab4c5515168848e855b152f952399b475dd513e071360a94577ce2013b131b79b07a6cb69572fd681b9eed
SSDEEP

12288:fAvDVy8y/0gJ5eklzgtgVmhm0cFJNMIPyr2p:AVy8y/0gJDlzgnVe8mP

Score

7^/10

discovery evasion

Malware Config

Signatures

Identifies Wine through registry keys 2 TTPs 2 IoCs

Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
Key opened	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Wine	bb97c65a7356aebabd0305888eeb8699_JaffaCakes118.exe
Key opened	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Wine	bb97c65a7356aebabd0305888eeb8699_JaffaCakes118.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2476 set thread context of 2592	2476	bb97c65a7356aebabd0305888eeb8699_JaffaCakes118.exe	31

Drops file in Windows directory 2 IoCs

description	ioc	Process
File created	C:\Windows\system32:clfmon.exe	bb97c65a7356aebabd0305888eeb8699_JaffaCakes118.exe
File opened for modification	C:\Windows\system32:clfmon.exe	bb97c65a7356aebabd0305888eeb8699_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	bb97c65a7356aebabd0305888eeb8699_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	bb97c65a7356aebabd0305888eeb8699_JaffaCakes118.exe

Modifies Internet Explorer settings 1 TTPs 28 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{26DBA7F1-6145-11EF-ACB8-4605CC5911A3} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "430575378"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe

NTFS ADS 2 IoCs

description	ioc	Process
File created	C:\Windows\system32:clfmon.exe	bb97c65a7356aebabd0305888eeb8699_JaffaCakes118.exe
File opened for modification	C:\Windows\system32:clfmon.exe	bb97c65a7356aebabd0305888eeb8699_JaffaCakes118.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeIncBasePriorityPrivilege	2864	bb97c65a7356aebabd0305888eeb8699_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	2476	bb97c65a7356aebabd0305888eeb8699_JaffaCakes118.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2592	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2592	iexplore.exe
2592	iexplore.exe
2420	IEXPLORE.EXE
2420	IEXPLORE.EXE
2420	IEXPLORE.EXE
2420	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 13 IoCs

description	pid	Process	procid_target
PID 2864 wrote to memory of 2476	2864	bb97c65a7356aebabd0305888eeb8699_JaffaCakes118.exe	30
PID 2864 wrote to memory of 2476	2864	bb97c65a7356aebabd0305888eeb8699_JaffaCakes118.exe	30
PID 2864 wrote to memory of 2476	2864	bb97c65a7356aebabd0305888eeb8699_JaffaCakes118.exe	30
PID 2864 wrote to memory of 2476	2864	bb97c65a7356aebabd0305888eeb8699_JaffaCakes118.exe	30
PID 2476 wrote to memory of 2592	2476	bb97c65a7356aebabd0305888eeb8699_JaffaCakes118.exe	31
PID 2476 wrote to memory of 2592	2476	bb97c65a7356aebabd0305888eeb8699_JaffaCakes118.exe	31
PID 2476 wrote to memory of 2592	2476	bb97c65a7356aebabd0305888eeb8699_JaffaCakes118.exe	31
PID 2476 wrote to memory of 2592	2476	bb97c65a7356aebabd0305888eeb8699_JaffaCakes118.exe	31
PID 2476 wrote to memory of 2592	2476	bb97c65a7356aebabd0305888eeb8699_JaffaCakes118.exe	31
PID 2592 wrote to memory of 2420	2592	iexplore.exe	32
PID 2592 wrote to memory of 2420	2592	iexplore.exe	32
PID 2592 wrote to memory of 2420	2592	iexplore.exe	32
PID 2592 wrote to memory of 2420	2592	iexplore.exe	32

C:\Users\Admin\AppData\Local\Temp\bb97c65a7356aebabd0305888eeb8699_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\bb97c65a7356aebabd0305888eeb8699_JaffaCakes118.exe"
1⤵
- Identifies Wine through registry keys
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2864
- C:\Users\Admin\AppData\Local\Temp\bb97c65a7356aebabd0305888eeb8699_JaffaCakes118.exe
  "C:\Users\Admin\AppData\Local\Temp\bb97c65a7356aebabd0305888eeb8699_JaffaCakes118.exe" -s
  2⤵
  - Identifies Wine through registry keys
  - Suspicious use of SetThreadContext
  - Drops file in Windows directory
  - System Location Discovery: System Language Discovery
  - NTFS ADS
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:2476
- - C:\Program Files\Internet Explorer\iexplore.exe
    C:\Users\Admin\AppData\Local\Temp\bb97c65a7356aebabd0305888eeb8699_JaffaCakes118.exe
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2592
  - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2592 CREDAT:275457 /prefetch:2
      4⤵
      System Location Discovery: System Language Discovery
      Modifies Internet Explorer settings
      Suspicious use of SetWindowsHookEx
      PID:2420

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
0c77305b3247a841dddfa8d1cec81667

SHA1
27cae616637161034b04a6a5808bd30edc51ca21

SHA256
717af1c60455aa43067f2770b56c90e3a6fcacf2768cbf6d19b909e8307ee74f

SHA512
c079c4b9c00b9d80c1668d6b6bf0cd3b6bedfc0589fe78d0e0555ea7b86ccf1e013ad9fbe6905ceecfa42d587fb93afa2ec59ca53115d7d893b616b120a2caeb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
42b7e8fe91d83eb5ff9a52480514bcd2

SHA1
403e7906c842ba6c1a988f72fb1ca5c4ef6ecff2

SHA256
c28274b30093ea77e920f08e4f316407f89eb426eacb36a69031229d70f68c1e

SHA512
b6a364ffb74a2f91402f850b3356fb3f3fa6dedc376c06b4fbf25be351fe6c14173501a270ce27afd1f6d308ff8af73a642daed4c9bb235b3fd6e4420cedbc50

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
384bc810656800cfd22587245c70f9c9

SHA1
0e7ea2d79441e612be31934b668970d2470e0562

SHA256
9a2322751a396cbe949d5ca2391bf959e7f9f702348f8301d2676e9e1b1ecc9d

SHA512
66920f20cad58d1f88d7f2e62b928bfce28c6fdc4ec55de619c13b720b1aeca3f4d60fc15803488ae0da5b766542946d29addede7f50535aa789ce0aef91f642

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
7c689fd2fcd3897937bd9c7b162e8445

SHA1
c448579f72a55db7222ed690ab16ed4a47ba50a9

SHA256
961373dd2b563ee29f59d0f16043a2e6f5209ec007e1ebbce2e81421961e9e91

SHA512
7a0e14f134d6043217e0526e08fda1588b3f05609c751edb549d992e6f509477731ee03a8e2631e8fdbe202ddb45951f39d824bf7dd6a228486c0574d346ede0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
0d95f13ac6e28688f56f2502ede65a7d

SHA1
83c367fe9ba88a62ccd12842689631675c31408e

SHA256
d7a4e9f22e012a03f2123936bd2747bfac0ecb9b53509a7d8dd00a728b322111

SHA512
df703876f40db7b2161ca6b8ecf736cd72f976eea60e717f05d53cd132e4320712765eaa52f81369bd8bc1d89b8500a07dba2a9911f724f7c4ecf4383155b033

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
0d2ff14ab9b976f82925dc3922de5e6a

SHA1
b181385ec12a9ad7c624059d4cd7dfbb47a72567

SHA256
93692f82bb272816a058d92dee32243fcd90ef91e372ae8e42a599df2771b6e9

SHA512
6c46ed146ffb3f8f84812613d462eedc4a91e1b63f1c7373f5988de84aafa1776ab7ce07ed3c98fded9f97fd738b1911b9fac3885e36fb81f83817dff17411df

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
1134cfaba307b6ad1662a93b8263b290

SHA1
40cc33f6dbe3f69dd30cc33c45624a3082246e91

SHA256
6f54566fb9ee70a89153f30e05c69f31d441d1b395d2923f8cddc7c42d41c783

SHA512
0730a4243e3c9485759d0aeb3cc8ad5220a04c4680b1177e83a6fb0e0c990a5950c83eba30aaf9f3f764954fae54239a4a18fd941c89923df9b04030b5a0e8ac

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
26794d22063bc430b8afeb292849345a

SHA1
cd14c78dfc15a63e3b79d6ca875356f75f08f367

SHA256
9567933acc3d2a0be8ceef23abd5e9ab6b76412ff3894d3da43e941b0ea3b58b

SHA512
e0a1737dcf053cb7f21081ef195a733421f90fc1c1518e34bd51c9593a10a5789bedf615e91a5ab98b03df7817988ddf22fb8200a8c9aaafd9d3260c25b33c6a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
0b9f0c3577f4e8a74806b835b4618c7b

SHA1
ec1abd308e59161d7c8360eec9ebf6af7177b090

SHA256
b31c29b990bb1bb44e40bd4291a79725e7e585ec61abc4dc429ac8fca3a199cf

SHA512
bc3a59a3cd9a351e92b643eb5b1d8f8c6dda152173afe58321a93516a14f59f9094819a7f43b530611fc599d0f549e20958ad1231dd436ad140a94fef5a90c02

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
8c6699022cac3d98a845f89b274830ce

SHA1
a2ab302f0b4579c752e743fac5af71bc3697594d

SHA256
494e47e6d4e8c4bc5963e9f0be39ba735949707fbccf0b072a0f67c273569df1

SHA512
c0a84bd7560534533b0a039e050a105a83432a693622edb3203a87a78132e2818fc15316c1b4cd8649ff49324821cdde80e38a83e2ddb0dbbc346234b8cc931e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
a2da1344f298242cfb4efe5b5250ec4c

SHA1
1d526bc27187bd17b76a5c1e6c6a85c3cdfd77f1

SHA256
e82251f3f9065d34d5aea23fe662361452942aa03e5200915fda50991a0a6b62

SHA512
70c165e26b8ce3329b7eb4f9f4bda4c71f23c06bcc0b022ef06ba171ddd3e8b0f99f46321e96d493becd4e418bfb8c7a6aa2981c987d4c8c1bf5f320533bbff6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
a8f84de0210e8cf3c321adbf93aeb40e

SHA1
0b63064b9ada48149832017b979263b08c2995ac

SHA256
9a0c44f55e31c71dc85700a38aec30ce6ae4530c915ed8b8448ae52de48c8c36

SHA512
99b44b0a24162b9037d3e2dbf19a791389ed1d632b2d8ab9b8a64a3d783d16d2b262b73b2d44e25fa8a09393bdb8ee24af93d257bed4ada3e5465723ba6cbffb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
c194bccd6c686ba0cd361d5f5b218702

SHA1
427ac2ef5788f82d3d43fd5cd419c00ae1b3c85e

SHA256
273313e1bcbe73577635a813e86db071e8a900f15e16eb126eb6d0f51f1ff165

SHA512
627d749ee7ff87a6fadbf11cf5e4e30d98ff23677f1f7374691f16d862510a5257a2361ec188c4f9e49bf3e0d93b991ef8a37c9a3c0209640178a149e503eb0f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
680ef480a44854b8145ec42fa583c9f8

SHA1
e704afdca49019421d3d817981dc232e273000ea

SHA256
52e0b0c48be1038c7f91c293ba6f3c5b27eb5fee7baf25b36e6ce6b7ad266660

SHA512
6a655d60c94613857f341caf9d0b7693613b3f59c02ebf0e1ab43ea03975714008ffd2adab62cc559da108919a4f70a5a325b7f84523e92b0eb69cb9162197c0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
b2f146222a383050fb1b18c6eea7894f

SHA1
bfa8f43d7c1928306f2bf7606fa65a15d38c588a

SHA256
9badbdbf61ec45f0227843e5b5622ad929e2f9f849a586985254f482b43e8304

SHA512
d54a1d0ab571afbdf19e5aabb76fdd972359fe8071db1004b46b781596a567a4285c9ef078121c6fed5187732ec373fa5cb796d6fd3ea0e4f31a21e2bad03c5d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
352daebeaf93a3a88f01535e27f96e91

SHA1
2c2aba62e244fdb2a78f6531960044ee908f0c6a

SHA256
e99a014e81fed3c05aeee6866af35e3d5ed90c9d10daf8e721d83d73c29f1bdc

SHA512
3b41f25bc4c16b5d8026bf28e5b63f15a847b26f5591381dbdc2e816954cc15be73c694e3a909c50fa0d6d4bbb688cc4bc38354bc3bb22bf23c6d5d4b6e27b6d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
31e57694091e9f6412772d39c7bec103

SHA1
f59f26a461127697b85378fc2fefb9542405a1b0

SHA256
9015e7689f847aaf6606c7837e87d121e0330f741373297066a8a67fca84f537

SHA512
9ca3ff495ce134182878f3596174fc2afdb98fefb678c6569cce2aacfd7ad1591e94ab1268a2f65f16cdcb8f5e24ad7aeb09cc51b2e82330148e34be02f4a5ad

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabB2AF.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarB37D.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
memory/2476-4-0x0000000030000000-0x000000003008D000-memory.dmp

Filesize
564KB

Download
memory/2476-3-0x0000000030000000-0x000000003008D000-memory.dmp

Filesize
564KB

Download
memory/2476-8-0x0000000030000000-0x000000003008D000-memory.dmp

Filesize
564KB

Download
memory/2864-0-0x0000000030000000-0x000000003008D000-memory.dmp

Filesize
564KB

Download
memory/2864-1-0x0000000030001000-0x0000000030006000-memory.dmp

Filesize
20KB

Download
memory/2864-2-0x0000000030000000-0x000000003008D000-memory.dmp

Filesize
564KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads