c2e08878b9e2df906c2032b5609cb40b01e14fc6a4e8973cab0553d71dcaf1fb

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
18/09/2024, 21:04

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

e9f7be53f96c90fecbf83c04a1814ea7_JaffaCakes118.exe
Size

88KB
MD5

e9f7be53f96c90fecbf83c04a1814ea7
SHA1

50539cf4998804a27acfda224d8e6c6273ff06f5
SHA256

c2e08878b9e2df906c2032b5609cb40b01e14fc6a4e8973cab0553d71dcaf1fb
SHA512

b4127dda0719e609550946a77b15e9223f222c81995215b0581acec6dbf086984644af25288b3d84d432da0d734764ea353d7b5cdf643d2985b73349edf53a09
SSDEEP

1536:ObwRc4N1gQOwm4B4PJh6VB9o9lcY/3t2eVgxWz5FsuWBVlTik9bu382iF60+:gwR5g46PJh+jgSO5gxWzzsuumIuM2E+

Score

8^/10

discovery evasion

Malware Config

Signatures

Drops file in Drivers directory 2 IoCs

description	ioc	Process
File opened for modification	C:\WINDOWS\system32\drivers\etc\hosts	cmd.exe
File opened for modification	C:\Windows\SYSTEM32\drivers\etc\hosts	cmd.exe

Sets file to hidden 1 TTPs 1 IoCs

Modifies file attributes to stop it showing in Explorer etc.

evasion

Hidden Files and Directories

T1564.001

pid	Process
2684	attrib.exe

Executes dropped EXE 2 IoCs

pid	Process
2396	dnfº£Ñý0610×îÐÂÎÈ¶¨°æ.exe
2704	hosts.exe

Loads dropped DLL 11 IoCs

pid	Process
1304	e9f7be53f96c90fecbf83c04a1814ea7_JaffaCakes118.exe
1304	e9f7be53f96c90fecbf83c04a1814ea7_JaffaCakes118.exe
1304	e9f7be53f96c90fecbf83c04a1814ea7_JaffaCakes118.exe
2396	dnfº£Ñý0610×îÐÂÎÈ¶¨°æ.exe
2396	dnfº£Ñý0610×îÐÂÎÈ¶¨°æ.exe
2396	dnfº£Ñý0610×îÐÂÎÈ¶¨°æ.exe
1304	e9f7be53f96c90fecbf83c04a1814ea7_JaffaCakes118.exe
1304	e9f7be53f96c90fecbf83c04a1814ea7_JaffaCakes118.exe
2704	hosts.exe
2704	hosts.exe
2704	hosts.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 12 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	e9f7be53f96c90fecbf83c04a1814ea7_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	dnfº£Ñý0610×îÐÂÎÈ¶¨°æ.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cacls.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	attrib.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	PING.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	hosts.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cacls.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	attrib.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	attrib.exe

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 1 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
2760	PING.EXE

Modifies Internet Explorer settings 1 TTPs 3 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	dnfº£Ñý0610×îÐÂÎÈ¶¨°æ.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main	dnfº£Ñý0610×îÐÂÎÈ¶¨°æ.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	dnfº£Ñý0610×îÐÂÎÈ¶¨°æ.exe

Runs ping.exe 1 TTPs 1 IoCs

Remote System Discovery

T1018

pid	Process
2760	PING.EXE

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2396	dnfº£Ñý0610×îÐÂÎÈ¶¨°æ.exe
2396	dnfº£Ñý0610×îÐÂÎÈ¶¨°æ.exe
2396	dnfº£Ñý0610×îÐÂÎÈ¶¨°æ.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1304 wrote to memory of 2396	1304	e9f7be53f96c90fecbf83c04a1814ea7_JaffaCakes118.exe	30
PID 1304 wrote to memory of 2396	1304	e9f7be53f96c90fecbf83c04a1814ea7_JaffaCakes118.exe	30
PID 1304 wrote to memory of 2396	1304	e9f7be53f96c90fecbf83c04a1814ea7_JaffaCakes118.exe	30
PID 1304 wrote to memory of 2396	1304	e9f7be53f96c90fecbf83c04a1814ea7_JaffaCakes118.exe	30
PID 1304 wrote to memory of 2396	1304	e9f7be53f96c90fecbf83c04a1814ea7_JaffaCakes118.exe	30
PID 1304 wrote to memory of 2396	1304	e9f7be53f96c90fecbf83c04a1814ea7_JaffaCakes118.exe	30
PID 1304 wrote to memory of 2396	1304	e9f7be53f96c90fecbf83c04a1814ea7_JaffaCakes118.exe	30
PID 1304 wrote to memory of 2704	1304	e9f7be53f96c90fecbf83c04a1814ea7_JaffaCakes118.exe	31
PID 1304 wrote to memory of 2704	1304	e9f7be53f96c90fecbf83c04a1814ea7_JaffaCakes118.exe	31
PID 1304 wrote to memory of 2704	1304	e9f7be53f96c90fecbf83c04a1814ea7_JaffaCakes118.exe	31
PID 1304 wrote to memory of 2704	1304	e9f7be53f96c90fecbf83c04a1814ea7_JaffaCakes118.exe	31
PID 1304 wrote to memory of 2704	1304	e9f7be53f96c90fecbf83c04a1814ea7_JaffaCakes118.exe	31
PID 1304 wrote to memory of 2704	1304	e9f7be53f96c90fecbf83c04a1814ea7_JaffaCakes118.exe	31
PID 1304 wrote to memory of 2704	1304	e9f7be53f96c90fecbf83c04a1814ea7_JaffaCakes118.exe	31
PID 2704 wrote to memory of 2332	2704	hosts.exe	32
PID 2704 wrote to memory of 2332	2704	hosts.exe	32
PID 2704 wrote to memory of 2332	2704	hosts.exe	32
PID 2704 wrote to memory of 2332	2704	hosts.exe	32
PID 2704 wrote to memory of 2332	2704	hosts.exe	32
PID 2704 wrote to memory of 2332	2704	hosts.exe	32
PID 2704 wrote to memory of 2332	2704	hosts.exe	32
PID 2332 wrote to memory of 2920	2332	cmd.exe	34
PID 2332 wrote to memory of 2920	2332	cmd.exe	34
PID 2332 wrote to memory of 2920	2332	cmd.exe	34
PID 2332 wrote to memory of 2920	2332	cmd.exe	34
PID 2332 wrote to memory of 2920	2332	cmd.exe	34
PID 2332 wrote to memory of 2920	2332	cmd.exe	34
PID 2332 wrote to memory of 2920	2332	cmd.exe	34
PID 2332 wrote to memory of 2840	2332	cmd.exe	35
PID 2332 wrote to memory of 2840	2332	cmd.exe	35
PID 2332 wrote to memory of 2840	2332	cmd.exe	35
PID 2332 wrote to memory of 2840	2332	cmd.exe	35
PID 2332 wrote to memory of 2840	2332	cmd.exe	35
PID 2332 wrote to memory of 2840	2332	cmd.exe	35
PID 2332 wrote to memory of 2840	2332	cmd.exe	35
PID 2332 wrote to memory of 2856	2332	cmd.exe	36
PID 2332 wrote to memory of 2856	2332	cmd.exe	36
PID 2332 wrote to memory of 2856	2332	cmd.exe	36
PID 2332 wrote to memory of 2856	2332	cmd.exe	36
PID 2332 wrote to memory of 2856	2332	cmd.exe	36
PID 2332 wrote to memory of 2856	2332	cmd.exe	36
PID 2332 wrote to memory of 2856	2332	cmd.exe	36
PID 2332 wrote to memory of 2760	2332	cmd.exe	37
PID 2332 wrote to memory of 2760	2332	cmd.exe	37
PID 2332 wrote to memory of 2760	2332	cmd.exe	37
PID 2332 wrote to memory of 2760	2332	cmd.exe	37
PID 2332 wrote to memory of 2760	2332	cmd.exe	37
PID 2332 wrote to memory of 2760	2332	cmd.exe	37
PID 2332 wrote to memory of 2760	2332	cmd.exe	37
PID 2332 wrote to memory of 2648	2332	cmd.exe	38
PID 2332 wrote to memory of 2648	2332	cmd.exe	38
PID 2332 wrote to memory of 2648	2332	cmd.exe	38
PID 2332 wrote to memory of 2648	2332	cmd.exe	38
PID 2332 wrote to memory of 2648	2332	cmd.exe	38
PID 2332 wrote to memory of 2648	2332	cmd.exe	38
PID 2332 wrote to memory of 2648	2332	cmd.exe	38
PID 2332 wrote to memory of 2124	2332	cmd.exe	39
PID 2332 wrote to memory of 2124	2332	cmd.exe	39
PID 2332 wrote to memory of 2124	2332	cmd.exe	39
PID 2332 wrote to memory of 2124	2332	cmd.exe	39
PID 2332 wrote to memory of 2124	2332	cmd.exe	39
PID 2332 wrote to memory of 2124	2332	cmd.exe	39
PID 2332 wrote to memory of 2124	2332	cmd.exe	39
PID 2332 wrote to memory of 3032	2332	cmd.exe	40

Views/modifies file attributes 1 TTPs 3 IoCs

evasion

Hidden Files and Directories

T1564.001

pid	Process
3032	attrib.exe
2684	attrib.exe
2856	attrib.exe

C:\Users\Admin\AppData\Local\Temp\e9f7be53f96c90fecbf83c04a1814ea7_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\e9f7be53f96c90fecbf83c04a1814ea7_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:1304
- C:\Users\Admin\AppData\Local\Temp\dnfº£Ñý0610×îÐÂÎÈ¶¨°æ.exe
  "C:\Users\Admin\AppData\Local\Temp\dnfº£Ñý0610×îÐÂÎÈ¶¨°æ.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2396
- C:\Users\Admin\AppData\Local\Temp\hosts.exe
  "C:\Users\Admin\AppData\Local\Temp\hosts.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:2704
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~87C6.bat "C:\Users\Admin\AppData\Local\Temp\hosts.exe"
    3⤵
    - Drops file in Drivers directory
    - System Location Discovery: System Language Discovery
    - Suspicious use of WriteProcessMemory
    PID:2332
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /S /D /c" echo y"
      4⤵
      System Location Discovery: System Language Discovery
      PID:2920
  - - C:\Windows\SysWOW64\cacls.exe
      cacls C:\Windows\system32\drivers\etc\hosts /g everyone:f
      4⤵
      System Location Discovery: System Language Discovery
      PID:2840
  - - C:\Windows\SysWOW64\attrib.exe
      attrib -r -a -s -h C:\Windows\system32\drivers\etc\hosts
      4⤵
      System Location Discovery: System Language Discovery
      Views/modifies file attributes
      PID:2856
  - - C:\Windows\SysWOW64\PING.EXE
      ping -n 3 127.1
      4⤵
      System Location Discovery: System Language Discovery
      System Network Configuration Discovery: Internet Connection Discovery
      Runs ping.exe
      PID:2760
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /S /D /c" echo y"
      4⤵
      System Location Discovery: System Language Discovery
      PID:2648
  - - C:\Windows\SysWOW64\cacls.exe
      cacls C:\Windows\system32\drivers\etc\hosts /g everyone:f
      4⤵
      System Location Discovery: System Language Discovery
      PID:2124
  - - C:\Windows\SysWOW64\attrib.exe
      attrib -r -a -s -h C:\Windows\system32\drivers\etc\hosts
      4⤵
      System Location Discovery: System Language Discovery
      Views/modifies file attributes
      PID:3032
  - - C:\Windows\SysWOW64\attrib.exe
      attrib +r +a +s +h C:\Windows\system32\drivers\etc\hosts
      4⤵
      Sets file to hidden
      System Location Discovery: System Language Discovery
      Views/modifies file attributes
      PID:2684

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

T1564

Hidden Files and Directories

T1564.001

Modify Registry

T1112

Credential Access

Discovery

Remote System Discovery

T1018

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\~87C6.bat

Filesize
12KB

MD5
4fda9a3535997f3b33c2cf4d9c7b6909

SHA1
5410e35ed23431b27222200b80f662a9d07d5c10

SHA256
edb385700a67b2f5d724f6323b91589cf061b01f4b7af2cd1966b3208f0346cd

SHA512
5b26f7f6c488cb3fe7ce2199b43ef830734c2ce1923ce8cfe2d529088585826a4efef8a02413544e87fb01cfc5dbaaa9e5ba347f3260057745380fa20756b212

Download Submit
C:\Windows\System32\drivers\etc\hosts

Filesize
2KB

MD5
feb52e7201fc810e26babfb803f9b092

SHA1
8ea07e5c75abd67212cf1c377e3370e86d0b8fee

SHA256
578d50402722c96fae2485c54e7cc8eb96d7ecd5f2ec683ee01c05c4b99a13e6

SHA512
cf6675d68faceaa51f2b6d51bd3e607e21faececf800bb45444a5be4cd9dfa21938ec60134626fc192cfa5e814ecd553b35929186c55c7382700770346daa219

Download Submit
C:\Windows\System32\drivers\etc\hosts

Filesize
2KB

MD5
d3a51bb6365320a4191905d30a9f9641

SHA1
e7686137ee4a41e9ae56ba248662262e5a5c65e1

SHA256
4aace44a07904d0211368b0de3c74eef544657c2525a75db5ef8872e0cf1f0f9

SHA512
65ecd34f5bdb3ae7d286b9957220d5a1d7364481c24c63cdc7d3344202bd5b3d5d78f63ac91801dd08d355f2cecc59eeaf994dc93282379a5d039f3aead962fb

Download Submit
C:\Windows\System32\drivers\etc\hosts

Filesize
2KB

MD5
d725901c4e4f1f429f85a9a61e76686b

SHA1
d26b373e146f61b9bb30ea1121ce5f356e82f03e

SHA256
93b540fc52341735e42e53b409ed6a7d6c7017519f8a07d8fca4c8944c17b58f

SHA512
3fd4df601612190ea613f15118f4afeb47e7c3dc660dddf50f616b4eea4bfe02ba265ce4d528142ff52d61307594a06c797a557efcbdd2d742e41786033f969a

Download Submit
C:\Windows\System32\drivers\etc\hosts

Filesize
3KB

MD5
0ef5fbb023a6e49bfc70783968fe6070

SHA1
9077e6a9d16fb30e65dc0e89542fe384c9b6d24f

SHA256
6084f2a2b5aef96febc6440177a90678862df1d66bc70c1ebafb5f4ebb3f8ee6

SHA512
430382d2eedc175867fbd4eba424f0c22f280699fdbcef4e90010fb2ce742bffa6407b87fc04a508f01307656bfec6c0ebc2b28a3a8f9f3c4a0fcabe55c429a6

Download Submit
C:\Windows\System32\drivers\etc\hosts

Filesize
4KB

MD5
e1e3b9615f6a9dc637324b2842f7c1c3

SHA1
50565cb4de422db0b24e935411551d1eb51642f2

SHA256
195ed645b88e3ceaca15f8af3f7d1be39cf62c11cad76dd4a6eba257eaa373f6

SHA512
6ef1476e3c94628c1bca7623aa9cb95fc42fe360af5713e8032be3a4075db6904fa789ac7f0d9614b65a185a14aa92b1a7202ca6069258ad33e716c64294a764

Download Submit
C:\Windows\System32\drivers\etc\hosts

Filesize
444B

MD5
e6e3bd654f7e13cafa0bb72b3d454b76

SHA1
5a7718db548e340d9392d7fb9c3c2caf1d775a87

SHA256
c12fa5c0fc76fe47fde7e48417afdafb95d253568314d859d4cbb29b0c95ca43

SHA512
fc87990c0126c353dc4d70a08636678137fecf646421f8f5188ee672736c5b85f859d532d2151ceccdc6bf019ac7deb822bd4ad557c5c3fc5938910549f904d1

Download Submit
C:\Windows\System32\drivers\etc\hosts

Filesize
643B

MD5
3c63f47751b8fd84cd5e4955400fc819

SHA1
96cb8f6a390753de233db6001b259a076e513353

SHA256
5060c650cc440bf3532b8ece2c94a408c45cdacb2c2bcd6fcef76dc4eb3ab172

SHA512
bab1d8a51076961856c83f90da8243e97ea33cb8b220cc23beb38685196cd9bb3f04ad8136bdb7f01ece59919df4fa1f437c4a0ca9a02f1224d4412e04cb25e7

Download Submit
C:\Windows\System32\drivers\etc\hosts

Filesize
1022B

MD5
dd30402c0fa41d032ca221a40c083644

SHA1
020ab56b2c8a2436e455c28d0fc57c84539c8965

SHA256
8942aa1daaa831854d1afb45f9776fe5d6708e7c3ffd3fccfd2890fe57c3d721

SHA512
77b3f3c6d0fa8f06abb050b3b07824732242543a4108599d7847360aca686f8089dfa9d9930b772bad1c93fc5671670ed9693a8b0555d5a2c770124f215d52e5

Download Submit
C:\Windows\System32\drivers\etc\hosts

Filesize
1KB

MD5
3f734df878610cc51786eeb53fe1aff4

SHA1
545e944005ba3d8f2efe4d3144aa1842ded813db

SHA256
0a8f9cc923d926419033d9eb77045e17d0ccd499e166c15fe625ace0ed670238

SHA512
d38adf2216eddb1f6e645448eb6815febcbd2feb2f748879d6b6d126b10883c234a7a2b36eba85ff924d851756df832cef457191525a0279b08400a21e9f08db

Download Submit
C:\Windows\System32\drivers\etc\hosts

Filesize
1KB

MD5
825cc55528453ed88e9c0612136ed62e

SHA1
3c7ea06fee8cbb91be2d4cc8e85a9ff597ed46fa

SHA256
539e46e2d1e9c2ab774ebe0cfd4d8b6e0503205bcc16c509afae8ce5c11ebdff

SHA512
c42c94d0c244b2646b2cb3e88f148451f2d85edc7404d3de334107cfb9fe4475f4930704cb50411288ebf4d16b6229514fa927c6ed1f5dc2b78f412619afa769

Download Submit
C:\Windows\system32\drivers\etc\hosts

Filesize
24B

MD5
893da8918c2ffb3792509fd7a9e38d82

SHA1
7a0fa30babed453d62cf5bb31ab9da01407f4ac2

SHA256
ae84e50c4049a78e8300a60721ae92ef67ab35259648ec41747e7e1858ba5522

SHA512
7718b2b459978a8a4a0a4b1a1bf219efea29c3e795304b324b32bb5b618e03aa8bd159d54bd867dedc6e0cfe243f0466bfd46c8daf6beed6333cc113d8ab5198

Download Submit
\Users\Admin\AppData\Local\Temp\dnfº£Ñý0610×îÐÂÎÈ¶¨°æ.exe

Filesize
56KB

MD5
28ce3dfb446d2fca4a8a803f94ab7429

SHA1
e7bc21e198458a20ac7bc270a0228e468c21238a

SHA256
651f6ab1bbba3b204224459b13653c5dd3db6fba7fae6b6e988ad97f36928ad5

SHA512
a318148e11790532e8c75df2839494873b39e3d4d5db462eb0a3d3c05cfb20bc7da14fdae098875fb679e8c87855581184099fa37cb52a4e707beb9d843f17dd

Download Submit
\Users\Admin\AppData\Local\Temp\hosts.exe

Filesize
60KB

MD5
fe89f41edbcd1c0ef19d8eed1dbd52c2

SHA1
b499f049be280011e2541a0dee8703d0f164673c

SHA256
0fc98a742bdceb92f9999b6ae0fa55133519638d44d227bc49a1446da80dd148

SHA512
19c27a66c5b6168cea9251b867fc3a67d5f56d1df29b190c955d61410c53b6b3c480331eba8f11daba9e8c838291c7bb73ddc5a0b46862832f80403554fc8a0f

Download Submit
\Users\Admin\AppData\Local\Temp\nsd8566.tmp\System.dll

Filesize
10KB

MD5
0c8ea8e6637bbf8408104e672d78ba45

SHA1
c231c7acaf9abb7da93f28e1b71bed164d57103e

SHA256
509a93177a7ae130bc3b6b5ec3236c7aa0811b8b86f8ab3442c65fdf8ff85b1f

SHA512
ee763a3cdbbba3b28e6a903ac942c7228bd8e54b19de21d6187e481f2916d833d9b9800e5ac2998f4aa26274cdfb20a8bfdd10f00f2a15d37bcc529b617e1f28

Download Submit
memory/2704-210-0x0000000000400000-0x0000000000416000-memory.dmp

Filesize
88KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads