64c3c93450990c6b2403bf90429f5c48b3b00e029fd7fb0169a19a8f93477bdb

Analysis

max time kernel
122s
max time network
134s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
07/09/2024, 10:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d1b7d7132349ba5b3018f570e41de474_JaffaCakes118.exe
Size

1.3MB
MD5

d1b7d7132349ba5b3018f570e41de474
SHA1

b7f7a6c8957795e42d29de2d9b075922f6126744
SHA256

64c3c93450990c6b2403bf90429f5c48b3b00e029fd7fb0169a19a8f93477bdb
SHA512

b2bc4d004831e7be98b2d8e033061e9b39738f4b28eeff1d4c2468b9d166ece977b914970236ee50125854ae02665bd7b38b407188e0deb94f9a8c2a97300f0e
SSDEEP

24576:KxLZ5pxWAVq34v8ozK9jt7rHKjsbHL5YxyJwr8RDUFjlH58GbRIgytJS7I8FMf+r:KxV5XZAX5lr0Cr5YxyLDUFR58Gb3yiss

Score

7^/10

adware discovery persistence stealer upx

Malware Config

Signatures

Executes dropped EXE 3 IoCs

pid	Process
2688	rinst.exe
2776	game.exe
2532	bpk.exe

Loads dropped DLL 11 IoCs

pid	Process
2628	d1b7d7132349ba5b3018f570e41de474_JaffaCakes118.exe
2628	d1b7d7132349ba5b3018f570e41de474_JaffaCakes118.exe
2628	d1b7d7132349ba5b3018f570e41de474_JaffaCakes118.exe
2628	d1b7d7132349ba5b3018f570e41de474_JaffaCakes118.exe
2688	rinst.exe
2688	rinst.exe
2688	rinst.exe
2688	rinst.exe
2532	bpk.exe
2532	bpk.exe
2628	d1b7d7132349ba5b3018f570e41de474_JaffaCakes118.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x0008000000015d9e-29.dat	upx
behavioral1/memory/2688-53-0x0000000002C80000-0x0000000003DCB000-memory.dmp	upx
behavioral1/memory/2776-61-0x0000000000400000-0x000000000154B000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\bpk = "C:\\Windows\\SysWOW64\\bpk.exe"	bpk.exe

Installs/modifies Browser Helper Object 2 TTPs 2 IoCs

BHOs are DLL modules which act as plugins for Internet Explorer.

stealer adware

Modify Registry

T1112

Browser Extensions

T1176

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{1E1B2879-88FF-11D3-8D96-D7ACAC95951A}	bpk.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{1E1B2879-88FF-11D3-8D96-D7ACAC95951A}\ = "PK IE Plugin"	bpk.exe

Drops file in System32 directory 7 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\bpk.exe	rinst.exe
File created	C:\Windows\SysWOW64\bpkhk.dll	rinst.exe
File created	C:\Windows\SysWOW64\bpkwb.dll	rinst.exe
File created	C:\Windows\SysWOW64\inst.dat	rinst.exe
File created	C:\Windows\SysWOW64\rinst.exe	rinst.exe
File opened for modification	C:\Windows\SysWOW64\pk.bin	bpk.exe
File created	C:\Windows\SysWOW64\pk.bin	rinst.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	d1b7d7132349ba5b3018f570e41de474_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rinst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	bpk.exe

Modifies registry class 46 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1E1B2878-88FF-11D3-8D96-D7ACAC95951A}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	bpk.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1E1B2878-88FF-11D3-8D96-D7ACAC95951A}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	bpk.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1E1B2878-88FF-11D3-8D96-D7ACAC95951A}\TypeLib	bpk.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\PK.IE.1\CLSID\ = "{1E1B2879-88FF-11D3-8D96-D7ACAC95951A}"	bpk.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\PK.IE\ = "IE Class"	bpk.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1E1B2879-88FF-11D3-8D96-D7ACAC95951A}\InprocServer32	bpk.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1E1B2879-88FF-11D3-8D96-D7ACAC95951A}\TypeLib\ = "{1E1B286C-88FF-11D3-8D96-D7ACAC95951A}"	bpk.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{1E1B286C-88FF-11D3-8D96-D7ACAC95951A}\1.0\ = "BPK IE Plugin Type Library"	bpk.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1E1B2878-88FF-11D3-8D96-D7ACAC95951A}\ProxyStubClsid32	bpk.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\PK.IE.1\ = "IE Plugin Class"	bpk.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\PK.IE	bpk.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\PK.IE\CLSID	bpk.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1E1B2879-88FF-11D3-8D96-D7ACAC95951A}\ = "IE Plugin Class"	bpk.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1E1B2878-88FF-11D3-8D96-D7ACAC95951A}\TypeLib\Version = "1.0"	bpk.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{1E1B286C-88FF-11D3-8D96-D7ACAC95951A}\1.0	bpk.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{1E1B286C-88FF-11D3-8D96-D7ACAC95951A}\1.0\0\win32	bpk.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\PK.IE\CurVer\ = "PK.IE.1"	bpk.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1E1B2879-88FF-11D3-8D96-D7ACAC95951A}	bpk.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1E1B2879-88FF-11D3-8D96-D7ACAC95951A}\ProgID\ = "PK.IE.1"	bpk.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1E1B2878-88FF-11D3-8D96-D7ACAC95951A}\TypeLib\ = "{1E1B286C-88FF-11D3-8D96-D7ACAC95951A}"	bpk.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1E1B2878-88FF-11D3-8D96-D7ACAC95951A}\TypeLib\ = "{1E1B286C-88FF-11D3-8D96-D7ACAC95951A}"	bpk.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{1E1B286C-88FF-11D3-8D96-D7ACAC95951A}\1.0\0	bpk.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1E1B2878-88FF-11D3-8D96-D7ACAC95951A}	bpk.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1E1B2878-88FF-11D3-8D96-D7ACAC95951A}\TypeLib	bpk.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\PK.IE.1\CLSID	bpk.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\PK.IE\CLSID\ = "{1E1B2879-88FF-11D3-8D96-D7ACAC95951A}"	bpk.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1E1B2879-88FF-11D3-8D96-D7ACAC95951A}\VersionIndependentProgID\ = "PK.IE"	bpk.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1E1B2879-88FF-11D3-8D96-D7ACAC95951A}\Programmable	bpk.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{1E1B286C-88FF-11D3-8D96-D7ACAC95951A}\1.0\FLAGS	bpk.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1E1B2878-88FF-11D3-8D96-D7ACAC95951A}	bpk.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1E1B2878-88FF-11D3-8D96-D7ACAC95951A}\TypeLib\Version = "1.0"	bpk.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1E1B2879-88FF-11D3-8D96-D7ACAC95951A}\InprocServer32\ThreadingModel = "Apartment"	bpk.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1E1B2879-88FF-11D3-8D96-D7ACAC95951A}\TypeLib	bpk.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{1E1B286C-88FF-11D3-8D96-D7ACAC95951A}\1.0\FLAGS\ = "0"	bpk.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1E1B2878-88FF-11D3-8D96-D7ACAC95951A}\ = "IViewSource"	bpk.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{1E1B286C-88FF-11D3-8D96-D7ACAC95951A}\1.0\HELPDIR\ = "C:\\Windows\\SysWOW64\\"	bpk.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1E1B2878-88FF-11D3-8D96-D7ACAC95951A}\ = "IViewSource"	bpk.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\PK.IE.1	bpk.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\PK.IE\CurVer	bpk.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1E1B2879-88FF-11D3-8D96-D7ACAC95951A}\ProgID	bpk.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1E1B2879-88FF-11D3-8D96-D7ACAC95951A}\InprocServer32\ = "C:\\Windows\\SysWOW64\\bpkwb.dll"	bpk.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{1E1B286C-88FF-11D3-8D96-D7ACAC95951A}	bpk.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1E1B2879-88FF-11D3-8D96-D7ACAC95951A}\VersionIndependentProgID	bpk.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{1E1B286C-88FF-11D3-8D96-D7ACAC95951A}\1.0\0\win32\ = "C:\\Windows\\SysWOW64\\bpkwb.dll"	bpk.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{1E1B286C-88FF-11D3-8D96-D7ACAC95951A}\1.0\HELPDIR	bpk.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1E1B2878-88FF-11D3-8D96-D7ACAC95951A}\ProxyStubClsid32	bpk.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
2532	bpk.exe
2532	bpk.exe

Suspicious use of SendNotifyMessage 2 IoCs

pid	Process
2532	bpk.exe
2532	bpk.exe

Suspicious use of SetWindowsHookEx 7 IoCs

pid	Process
2532	bpk.exe
2532	bpk.exe
2532	bpk.exe
2532	bpk.exe
2532	bpk.exe
2532	bpk.exe
2532	bpk.exe

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 2628 wrote to memory of 2688	2628	d1b7d7132349ba5b3018f570e41de474_JaffaCakes118.exe	31
PID 2628 wrote to memory of 2688	2628	d1b7d7132349ba5b3018f570e41de474_JaffaCakes118.exe	31
PID 2628 wrote to memory of 2688	2628	d1b7d7132349ba5b3018f570e41de474_JaffaCakes118.exe	31
PID 2628 wrote to memory of 2688	2628	d1b7d7132349ba5b3018f570e41de474_JaffaCakes118.exe	31
PID 2688 wrote to memory of 2776	2688	rinst.exe	32
PID 2688 wrote to memory of 2776	2688	rinst.exe	32
PID 2688 wrote to memory of 2776	2688	rinst.exe	32
PID 2688 wrote to memory of 2776	2688	rinst.exe	32
PID 2688 wrote to memory of 2532	2688	rinst.exe	33
PID 2688 wrote to memory of 2532	2688	rinst.exe	33
PID 2688 wrote to memory of 2532	2688	rinst.exe	33
PID 2688 wrote to memory of 2532	2688	rinst.exe	33

C:\Users\Admin\AppData\Local\Temp\d1b7d7132349ba5b3018f570e41de474_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\d1b7d7132349ba5b3018f570e41de474_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2628
- C:\Users\Admin\AppData\Local\Temp\RarSFX0\rinst.exe
  "C:\Users\Admin\AppData\Local\Temp\RarSFX0\rinst.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in System32 directory
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:2688
- - C:\Users\Admin\AppData\Local\Temp\RarSFX0\game.exe
    "C:\Users\Admin\AppData\Local\Temp\RarSFX0\game.exe"
    3⤵
    - Executes dropped EXE
    PID:2776
- - C:\Windows\SysWOW64\bpk.exe
    C:\Windows\system32\bpk.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Adds Run key to start application
    - Installs/modifies Browser Helper Object
    - Drops file in System32 directory
    - System Location Discovery: System Language Discovery
    - Modifies registry class
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of SetWindowsHookEx
    PID:2532

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Browser Extensions

T1176

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\RarSFX0\bpk.exe

Filesize
388KB

MD5
14710dc0e63a083975e964e87c36cb5a

SHA1
d0771a7bd9cf3c1a420d69d490e6c410f90fa72d

SHA256
cd224539fb75a85550b4bbfb0389eafb86260e174a51c147746102ff8205c8f8

SHA512
974f798398a62dd4e4aa84e4028f89d3e2d2a4876c6ed1ac3928d59267d46581361e28c58292ec094d33190537d108e46660013fd1a3c9d223e361ab79beaa3d

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\bpkhk.dll

Filesize
8KB

MD5
0854acf2f157b22db94efe59ae472792

SHA1
37e50c8294bfff580bc1a7de492081705a6cab50

SHA256
04147a1c8041e50dab15cd6c9b9097c6d6d5c70945236d3408a0f0a7bbc623ab

SHA512
c7d5b209e6a69ab0373264c14204bc21b8593dd2cf687f089c42e7f09cc2866427507d432c6c813ed50cc49cd6d9e30a9c3cc26e8354ea68cfd753d230f5736b

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\bpkwb.dll

Filesize
40KB

MD5
5a85dbe4e18809fb3c471eb484c98a58

SHA1
bd2e166efd99d3b6cf057d8973aa449fcb528e45

SHA256
6ad73927fd2ddea53d960ffb0e8f0d85a6340748d29a50283c8804f5a2344524

SHA512
39d0c358e4b711b8f6e19562a9f52c6aaaff35cc7d1df9e2500978672999929ce6480ca2aaa4ed0dc5856db4fdb59a3f6f341d0d192521b3549e3f64b10188c7

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\game.exe

Filesize
1.0MB

MD5
869d31697b16bfa7cc05971744de8ac8

SHA1
edcdd54844a00910bef903b59be6e0124bdd3274

SHA256
a2dc3a4993c93f06debabe1c54f949f8e002e05c50b54845726f617d7fe583f8

SHA512
484e651f950c79c3e9f3fae5008dfb454b376794acee01700e51bfc97b077dccbf58dc8d7b15c438c7d24a8a4cfa4203fc68d686e15036f72f50635d360196ae

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\inst.dat

Filesize
996B

MD5
3ec9de83bf3da61def9ef8cb16930c12

SHA1
e370967c6ee2af4a1dea95a8a49fcfae1631c3b4

SHA256
d93da23731571e36e39b13930f9f4c306d97dff2b157a4248f63778ad9f031a7

SHA512
c6845881f5ef471fb9d7c86a3dfa41491371f90a3c4f68ee583bc389cead23b1471ea80bd9e1238d100126db181d0e7a3a4832f2130c20438c2ec0821d8f6dc4

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\pk.bin

Filesize
3KB

MD5
f1f2320a52e0530e4b99e4f020319b42

SHA1
883ceead9d181e872352b50c99cde063310e82a2

SHA256
cb35c6038c6b899145d27f9eaa08fa21eedfff5d90c6ec4b4e562c67e8ab2f0b

SHA512
e5ebb5ee0f32f2e6efb52d86a71c0243201fdee209ac4f0f9cbcf5c82b216cd46318e1843f06467b7ccceb49f2c8f8b566ec04fd77cbece0363f3fd9c0f32483

Download Submit
C:\Windows\SysWOW64\pk.bin

Filesize
3KB

MD5
55e719bf915719b4eb9c17ebcf2a5168

SHA1
5fd4b1e9543715441bab4edd84d0ccdafeaeb4fe

SHA256
b36d70c4756a7a653fc31c31fdf37332e7b00a0a6101492fcc009b6b47f737f1

SHA512
24f81a9ae5cd831fa8f917bf9cf13ead3cc6ab10c223de25fe0796c3f459fd1f7ec833843f513be8be568c775e84fbde65c362740cd95b6e83fa85c23e6141c8

Download Submit
\Users\Admin\AppData\Local\Temp\RarSFX0\rinst.exe

Filesize
7KB

MD5
c2945ee5c57f33f8bbb6a4f6d539180b

SHA1
64c958603de6a1db225752e9abb87222faf24c68

SHA256
b6c83639513169d01356a02db1631e8f28320c8ed0cd9f485d5433d13616f349

SHA512
8bdd657d45ed8720c92dad611f5c41c0e8e6602444232ce23b0258a8a8c1b194b1ad6498f25292c29ed7b8deb42b220245130a87f54b34d49dd250fb31f149d4

Download Submit
\Windows\SysWOW64\bpk.exe

Filesize
388KB

MD5
65b87ab2238f38344f5b0604c32d7f32

SHA1
7b04e46572ac9c90c8e49d053c327edc015b1e18

SHA256
2c89b18e3285f064a709b9e0a31148c4701c8c96c83636266f3b351731021a22

SHA512
2d8012a495e85621f31bbdaad3ead45b5358b271fd311c7050bb840536b33b77e9f63cece3ccbf3dd229feb669ac66437eed59c05d6ac8f68fb5fd2e33df95ab

Download Submit
\Windows\SysWOW64\bpkhk.dll

Filesize
8KB

MD5
a9bce1d47adb3f7779809adc1c04726d

SHA1
265b2cd93ba894477c6a9d45b0c9ab65ea88d3b4

SHA256
8f70fee209f1ff4fde13b865618751e3c8cdfb454bb1b964f07c9af90e69be94

SHA512
ea6b0d8f2c0768c6e1e147c132c24a085c4174fb7ec565d23c774bffebae28c53a2ab60d3d279879a42f904cabb4e5268e767a44773eac648721335817fdacdb

Download Submit
\Windows\SysWOW64\bpkwb.dll

Filesize
40KB

MD5
f5cd91b683eed55da373d54fac54d52d

SHA1
83665074e3ee67dae8d0d8010a1bb07d3a6c7ef0

SHA256
815f893e764eb040fa19e35b66cbc04c469144575039817de0f8548f39f8327d

SHA512
57f74a66057472c1ebb28f666e1478797a8fb1a3b37596ba9d99930e6b6bfb98e2bb30329c31d691f75043d286db2b6d77145b6e9f42801f0719aab77712c0d9

Download Submit
memory/2628-64-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/2688-53-0x0000000002C80000-0x0000000003DCB000-memory.dmp

Filesize
17.3MB

Download
memory/2776-61-0x0000000000400000-0x000000000154B000-memory.dmp

Filesize
17.3MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads