berbew | 6b1700a3961f46120afdf3c5e027556682badcae0015503d533c9f808f214ddc

Analysis

max time kernel
30s
max time network
34s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
19-09-2024 12:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

magic.exe
Size

36.7MB
MD5

f921e16ca321bbe2e490f036f8b99c74
SHA1

6e25638b340ba77f3e467bbbdc27c48209e193af
SHA256

6b1700a3961f46120afdf3c5e027556682badcae0015503d533c9f808f214ddc
SHA512

04492839ccaeeddc9090b7f6c6458294540bb3e2589108a3c459ae87a11c6cabe6548d80805f37b8bd43616d3645afdabe8b95b9f37c85c06f5c87b137a10274
SSDEEP

786432:pjE3Qtst8rW8WZ2YwUlJAdQ/2j6+s7LWB75zuXVgM3MGYS2fAMJLjvZ:a3QtIoWlZ2mlq62qHWB75ilZMGJ24MRN

Score

10^/10

berbew metasploit mydoom sality backdoor trojan upx worm

Malware Config

Extracted

Family

berbew

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

http://crutop.nu/index.php

http://devx.nm.ru/index.php

http://ros-neftbank.ru/index.php

http://master-x.com/index.php

http://www.redline.ru/index.php

http://cvv.ru/index.php

http://hackers.lv/index.php

http://fethard.biz/index.php

http://crutop.ru/index.php

http://kaspersky.ru/index.php

http://color-bank.ru/index.php

http://adult-empire.com/index.php

http://virus-list.com/index.php

http://trojan.ru/index.php

http://xware.cjb.net/index.htm

http://konfiskat.org/index.htm

http://parex-bank.ru/index.htm

http://fethard.biz/index.htm

Extracted

Family

sality

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

http://www.klkjwre9fqwieluoi.info/

http://kukutrustnet777888.info/

Extracted

Family

metasploit

Version

encoder/shikata_ga_nai

Signatures

Berbew
Berbew is a backdoor written in C++.
backdoor berbew

Detects MyDoom family 2 IoCs

resource	yara_rule
behavioral1/memory/5384-1240-0x0000000000500000-0x0000000000510200-memory.dmp	family_mydoom
behavioral1/memory/5580-1222-0x0000000000500000-0x0000000000510200-memory.dmp	family_mydoom

MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
trojan backdoor metasploit
MyDoom
MyDoom is a Worm that is written in C++.
worm mydoom
Sality
Sality is backdoor written in C++, first discovered in 2003.
backdoor sality

Loads dropped DLL 44 IoCs

pid	Process
5344	magic.exe
5344	magic.exe
5344	magic.exe
5344	magic.exe
5344	magic.exe
5344	magic.exe
5344	magic.exe
5344	magic.exe
5344	magic.exe
5344	magic.exe
5344	magic.exe
5344	magic.exe
5344	magic.exe
5344	magic.exe
5344	magic.exe
5344	magic.exe
5344	magic.exe
5344	magic.exe
5344	magic.exe
5344	magic.exe
5344	magic.exe
5344	magic.exe
5344	magic.exe
5344	magic.exe
5344	magic.exe
5344	magic.exe
5344	magic.exe
5344	magic.exe
5344	magic.exe
5344	magic.exe
5344	magic.exe
5344	magic.exe
5344	magic.exe
5344	magic.exe
5344	magic.exe
5344	magic.exe
5344	magic.exe
5344	magic.exe
5344	magic.exe
5344	magic.exe
5344	magic.exe
5344	magic.exe
5344	magic.exe
5344	magic.exe

UPX packed file 17 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/3452-1517-0x0000000002180000-0x000000000320E000-memory.dmp	upx
behavioral1/memory/3452-1518-0x0000000002180000-0x000000000320E000-memory.dmp	upx
behavioral1/memory/3452-1520-0x0000000002180000-0x000000000320E000-memory.dmp	upx
behavioral1/memory/3452-1522-0x0000000002180000-0x000000000320E000-memory.dmp	upx
behavioral1/memory/3452-1525-0x0000000002180000-0x000000000320E000-memory.dmp	upx
behavioral1/memory/3452-1523-0x0000000002180000-0x000000000320E000-memory.dmp	upx
behavioral1/memory/3452-1510-0x0000000002180000-0x000000000320E000-memory.dmp	upx
behavioral1/memory/3452-1502-0x0000000002180000-0x000000000320E000-memory.dmp	upx
behavioral1/memory/3452-1500-0x0000000002180000-0x000000000320E000-memory.dmp	upx
behavioral1/memory/2324-1349-0x0000000000400000-0x00000000004CB000-memory.dmp	upx
behavioral1/memory/5808-1346-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral1/memory/4336-1245-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral1/memory/5384-1240-0x0000000000500000-0x0000000000510200-memory.dmp	upx
behavioral1/memory/5580-1222-0x0000000000500000-0x0000000000510200-memory.dmp	upx
behavioral1/files/0x0007000000023905-1130.dat	upx
behavioral1/memory/4336-1079-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral1/memory/5384-1070-0x0000000000500000-0x0000000000510200-memory.dmp	upx

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
16	discord.com
17	discord.com
18	discord.com

Program crash 1 IoCs

pid	pid_target	Process	procid_target
6808	3116	WerFault.exe	143

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 4548 wrote to memory of 5344	4548	magic.exe	87
PID 4548 wrote to memory of 5344	4548	magic.exe	87
PID 5344 wrote to memory of 4416	5344	magic.exe	89
PID 5344 wrote to memory of 4416	5344	magic.exe	89
PID 5344 wrote to memory of 2736	5344	magic.exe	91
PID 5344 wrote to memory of 2736	5344	magic.exe	91

C:\Users\Admin\AppData\Local\Temp\magic.exe
"C:\Users\Admin\AppData\Local\Temp\magic.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4548
- C:\Users\Admin\AppData\Local\Temp\magic.exe
  "C:\Users\Admin\AppData\Local\Temp\magic.exe"
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:5344
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "ver"
    3⤵
    PID:4416
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:2736
- - C:\Users\Admin\Downloads\240919-pzvd3sygka_35fec8ebef2fe5d3fb932f4be938eb0937e2b278337218baf7c7155190f6f62cN.exe
    C:\Users\Admin\Downloads\240919-pzvd3sygka_35fec8ebef2fe5d3fb932f4be938eb0937e2b278337218baf7c7155190f6f62cN.exe
    3⤵
    PID:5384
  - - C:\Windows\services.exe
      "C:\Windows\services.exe"
      4⤵
      PID:4336
- - C:\Users\Admin\Downloads\240919-pzdrbsyfqh_eb5cdc1929285eb740166ef4733dc5f0_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-pzdrbsyfqh_eb5cdc1929285eb740166ef4733dc5f0_JaffaCakes118.exe
    3⤵
    PID:5732
  - - C:\Users\Admin\vrxiox.exe
      C:\Users\Admin\vrxiox.exe
      4⤵
      PID:3228
- - C:\Users\Admin\Downloads\240919-pznljaygjd_33c4ccf892f2a3a896cc04efdef2bd20f4d3d53b88212319b76ebddbaaa13278N.exe
    C:\Users\Admin\Downloads\240919-pznljaygjd_33c4ccf892f2a3a896cc04efdef2bd20f4d3d53b88212319b76ebddbaaa13278N.exe
    3⤵
    PID:4504
- - C:\Users\Admin\Downloads\240919-px1hbazblk_0e75ee9ef94eeb429fcb8a5ecb456dcfc259ae6de4ea7a034c41d8abc2305581N.exe
    C:\Users\Admin\Downloads\240919-px1hbazblk_0e75ee9ef94eeb429fcb8a5ecb456dcfc259ae6de4ea7a034c41d8abc2305581N.exe
    3⤵
    PID:1672
  - - C:\Windows\SysWOW64\Fehccp32.exe
      C:\Windows\system32\Fehccp32.exe
      4⤵
      PID:1664
    - - C:\Windows\SysWOW64\Gfkpho32.exe
        
        C:\Windows\system32\Gfkpho32.exe
        5⤵
        
        PID:3212
      - C:\Windows\SysWOW64\Gcopbclh.exe
        
        C:\Windows\system32\Gcopbclh.exe
        6⤵
        
        PID:768
- - C:\Users\Admin\Downloads\240919-pycgwayfnc_613f4789a7d0fe032c43bf56ef351e750a13bf5ccdf9f9064822839a7a8f14ecN.exe
    C:\Users\Admin\Downloads\240919-pycgwayfnc_613f4789a7d0fe032c43bf56ef351e750a13bf5ccdf9f9064822839a7a8f14ecN.exe
    3⤵
    PID:1232
  - - C:\Windows\SysWOW64\Fkcoeg32.exe
      C:\Windows\system32\Fkcoeg32.exe
      4⤵
      PID:1724
    - - C:\Windows\SysWOW64\Fdkcnlel.exe
        
        C:\Windows\system32\Fdkcnlel.exe
        5⤵
        
        PID:2460
      - C:\Windows\SysWOW64\Ghildk32.exe
        
        C:\Windows\system32\Ghildk32.exe
        6⤵
        
        PID:3480
        
        C:\Windows\SysWOW64\Ghlijjjp.exe
        
        C:\Windows\system32\Ghlijjjp.exe
        7⤵
        
        PID:4872
        
        C:\Windows\SysWOW64\Gkakge32.exe
        
        C:\Windows\system32\Gkakge32.exe
        8⤵
        
        PID:4380
        
        C:\Windows\SysWOW64\Hbdfjnbn.exe
        
        C:\Windows\system32\Hbdfjnbn.exe
        9⤵
        
        PID:1604
        
        C:\Windows\SysWOW64\Imodbenn.exe
        
        C:\Windows\system32\Imodbenn.exe
        10⤵
        
        PID:5048
        
        C:\Windows\SysWOW64\Iflbfkpi.exe
        
        C:\Windows\system32\Iflbfkpi.exe
        11⤵
        
        PID:5740
        
        C:\Windows\SysWOW64\Jcfhpnik.exe
        
        C:\Windows\system32\Jcfhpnik.exe
        12⤵
        
        PID:1824
        
        C:\Windows\SysWOW64\Kckbkm32.exe
        
        C:\Windows\system32\Kckbkm32.exe
        13⤵
        
        PID:5504
        
        C:\Windows\SysWOW64\Lmofpaai.exe
        
        C:\Windows\system32\Lmofpaai.exe
        14⤵
        
        PID:628
- - C:\Users\Admin\Downloads\240919-pyhc5azbnl_806cd24fa66b07ec7bc6deda153a3b155938cd4e88bbdd5ce59f18e7936d751dN.exe
    C:\Users\Admin\Downloads\240919-pyhc5azbnl_806cd24fa66b07ec7bc6deda153a3b155938cd4e88bbdd5ce59f18e7936d751dN.exe
    3⤵
    PID:3088
  - - C:\Windows\SysWOW64\Gdpmil32.exe
      C:\Windows\system32\Gdpmil32.exe
      4⤵
      PID:452
    - - C:\Windows\SysWOW64\Ghboki32.exe
        
        C:\Windows\system32\Ghboki32.exe
        5⤵
        
        PID:1584
      - C:\Windows\SysWOW64\Imlgmf32.exe
        
        C:\Windows\system32\Imlgmf32.exe
        6⤵
        
        PID:3612
        
        C:\Windows\SysWOW64\Imcmme32.exe
        
        C:\Windows\system32\Imcmme32.exe
        7⤵
        
        PID:3672
        
        C:\Windows\SysWOW64\Jcfhpnik.exe
        
        C:\Windows\system32\Jcfhpnik.exe
        8⤵
        
        PID:2980
        
        C:\Windows\SysWOW64\Keahnd32.exe
        
        C:\Windows\system32\Keahnd32.exe
        9⤵
        
        PID:1548
- - C:\Users\Admin\Downloads\240919-px3bxazblm_aa203c83db967a922275eae0a8d652e627986d3674c635d1de76e2ad994fd3b2N.exe
    C:\Users\Admin\Downloads\240919-px3bxazblm_aa203c83db967a922275eae0a8d652e627986d3674c635d1de76e2ad994fd3b2N.exe
    3⤵
    PID:3324
  - - C:\Windows\SysWOW64\Glgeki32.exe
      C:\Windows\system32\Glgeki32.exe
      4⤵
      PID:1504
    - - C:\Windows\SysWOW64\Gomggcke.exe
        
        C:\Windows\system32\Gomggcke.exe
        5⤵
        
        PID:5540
- - C:\Users\Admin\Downloads\240919-pxr6yazbkk_Backdoor.Win32.Berbew.pz-20587c7622ed58ad24a75d1483aee3f5237118333e2fce8569c66d46d67a2850N
    C:\Users\Admin\Downloads\240919-pxr6yazbkk_Backdoor.Win32.Berbew.pz-20587c7622ed58ad24a75d1483aee3f5237118333e2fce8569c66d46d67a2850N
    3⤵
    PID:764
  - - C:\Windows\SysWOW64\Gkjeffic.exe
      C:\Windows\system32\Gkjeffic.exe
      4⤵
      PID:4420
    - - C:\Windows\SysWOW64\Hhelpiae.exe
        
        C:\Windows\system32\Hhelpiae.exe
        5⤵
        
        PID:4148
      - C:\Windows\SysWOW64\Hhjekh32.exe
        
        C:\Windows\system32\Hhjekh32.exe
        6⤵
        
        PID:4280
        
        C:\Windows\SysWOW64\Hfpbjljg.exe
        
        C:\Windows\system32\Hfpbjljg.exe
        7⤵
        
        PID:432
        
        C:\Windows\SysWOW64\Ipajiq32.exe
        
        C:\Windows\system32\Ipajiq32.exe
        8⤵
        
        PID:5744
- - C:\Users\Admin\Downloads\240919-pxp2ksyfkh_8437b2506fea965a643090ee0b2ec6f2b191fb20aa51534a4a1a775edbdc660aN.exe
    C:\Users\Admin\Downloads\240919-pxp2ksyfkh_8437b2506fea965a643090ee0b2ec6f2b191fb20aa51534a4a1a775edbdc660aN.exe
    3⤵
    PID:3516
  - - C:\Windows\SysWOW64\Gcamgcif.exe
      C:\Windows\system32\Gcamgcif.exe
      4⤵
      PID:4364
    - - C:\Windows\SysWOW64\Hkchldai.exe
        
        C:\Windows\system32\Hkchldai.exe
        5⤵
        
        PID:2716
      - C:\Windows\SysWOW64\Hdcbfi32.exe
        
        C:\Windows\system32\Hdcbfi32.exe
        6⤵
        
        PID:5840
        
        C:\Windows\SysWOW64\Iompnamb.exe
        
        C:\Windows\system32\Iompnamb.exe
        7⤵
        
        PID:1180
        
        C:\Windows\SysWOW64\Iijnbfom.exe
        
        C:\Windows\system32\Iijnbfom.exe
        8⤵
        
        PID:5652
- - C:\Users\Admin\Downloads\240919-pvzs1azamq_eb5a490a775a99d7859fbb486d518740_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-pvzs1azamq_eb5a490a775a99d7859fbb486d518740_JaffaCakes118.exe
    3⤵
    PID:2936
  - - \??\c:\Documents and Settings\Admin\Application Data\Microsoft\vcna.exe
      "c:\Documents and Settings\Admin\Application Data\Microsoft\vcna.exe" 240919-pvzs1azamq_eb5a490a775a99d7859fbb486d518740_JaffaCakes118
      4⤵
      PID:3592
- - C:\Users\Admin\Downloads\240919-pw3w2syeqh_639ea11e0c3ecdd5a47f03ed59e02d0a541121f27cde59306a57cffad09a72e0N.exe
    C:\Users\Admin\Downloads\240919-pw3w2syeqh_639ea11e0c3ecdd5a47f03ed59e02d0a541121f27cde59306a57cffad09a72e0N.exe
    3⤵
    PID:5464
  - - C:\Windows\SysWOW64\Ghnepjhm.exe
      C:\Windows\system32\Ghnepjhm.exe
      4⤵
      PID:5548
    - - C:\Windows\SysWOW64\Hdllej32.exe
        
        C:\Windows\system32\Hdllej32.exe
        5⤵
        
        PID:2408
- - C:\Users\Admin\Downloads\240919-pwr5jsyepe_0e8e3f6c88ec43a5ffc8603e3c0961ecff94fb7224ea0914893155a90f0fb968N.exe
    C:\Users\Admin\Downloads\240919-pwr5jsyepe_0e8e3f6c88ec43a5ffc8603e3c0961ecff94fb7224ea0914893155a90f0fb968N.exe
    3⤵
    PID:3064
  - - C:\Windows\SysWOW64\Gdbjok32.exe
      C:\Windows\system32\Gdbjok32.exe
      4⤵
      PID:5168
    - - C:\Windows\SysWOW64\Hoodmc32.exe
        
        C:\Windows\system32\Hoodmc32.exe
        5⤵
        
        PID:5948
      - C:\Windows\SysWOW64\Hkhagd32.exe
        
        C:\Windows\system32\Hkhagd32.exe
        6⤵
        
        PID:6108
        
        C:\Windows\SysWOW64\Ifghkk32.exe
        
        C:\Windows\system32\Ifghkk32.exe
        7⤵
        
        PID:4560
        
        C:\Windows\SysWOW64\Ikhjnaoa.exe
        
        C:\Windows\system32\Ikhjnaoa.exe
        8⤵
        
        PID:3224
        
        C:\Windows\SysWOW64\Jpklpo32.exe
        
        C:\Windows\system32\Jpklpo32.exe
        9⤵
        
        PID:2760
        
        C:\Windows\SysWOW64\Kijgic32.exe
        
        C:\Windows\system32\Kijgic32.exe
        10⤵
        
        PID:3580
        
        C:\Windows\SysWOW64\Kinboffn.exe
        
        C:\Windows\system32\Kinboffn.exe
        11⤵
        
        PID:6860
- - C:\Users\Admin\Downloads\240919-psq33sydlf_1630f55ec7f51e877e7a317af55912e8546312bd154e076e3462f32387f95a16N.exe
    C:\Users\Admin\Downloads\240919-psq33sydlf_1630f55ec7f51e877e7a317af55912e8546312bd154e076e3462f32387f95a16N.exe
    3⤵
    PID:5580
  - - C:\Users\Admin\AppData\Local\Temp\services.exe
      "C:\Users\Admin\AppData\Local\Temp\services.exe"
      4⤵
      PID:5808
- - C:\Users\Admin\Downloads\240919-px46hayfmc_c509517113bafdd47e35ba311f40533791dcfa57d38315ff41edb26c8ece84bcN.exe
    C:\Users\Admin\Downloads\240919-px46hayfmc_c509517113bafdd47e35ba311f40533791dcfa57d38315ff41edb26c8ece84bcN.exe
    3⤵
    PID:5460
  - - C:\Users\Admin\AppData\Roaming\omsecor.exe
      C:\Users\Admin\AppData\Roaming\omsecor.exe
      4⤵
      PID:2484
- - C:\Users\Admin\Downloads\240919-pxtd1azbkm_eb5b89ca20208c3ef69d8b6990f4a02b_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-pxtd1azbkm_eb5b89ca20208c3ef69d8b6990f4a02b_JaffaCakes118.exe
    3⤵
    PID:5156
- - C:\Users\Admin\Downloads\240919-pxr6yayflc_2264-22-0x0000000000400000-0x000000000042F000-memory.dmp
    C:\Users\Admin\Downloads\240919-pxr6yayflc_2264-22-0x0000000000400000-0x000000000042F000-memory.dmp
    3⤵
    PID:4396
- - C:\Users\Admin\Downloads\240919-pynvxayfpc_eb5c5395b89a24626340ac864e56e6ce_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-pynvxayfpc_eb5c5395b89a24626340ac864e56e6ce_JaffaCakes118.exe
    3⤵
    PID:2324
  - - C:\Documents and Settings\tazebama.dl_
      "C:\Documents and Settings\tazebama.dl_"
      4⤵
      PID:3116
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3116 -s 940
        5⤵
        Program crash
        
        PID:6808
- - C:\Users\Admin\Downloads\240919-pxpe2szbjr_eb5b7b6899b853b5903830697ff86ace_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-pxpe2szbjr_eb5b7b6899b853b5903830697ff86ace_JaffaCakes118.exe
    3⤵
    PID:3452
- - C:\Users\Admin\Downloads\240919-pwjs6syenb_eb5aaf9f5bb23b2d72bc823a39c904f8_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-pwjs6syenb_eb5aaf9f5bb23b2d72bc823a39c904f8_JaffaCakes118.exe
    3⤵
    PID:2608
- - C:\Users\Admin\Downloads\240919-ptxl9ayhqk_Backdoor.Win32.Berbew.AA.MTB-3d059422e990a2f465442636f0884b52620c9e3beb626b42d46e660458aae7e4N
    C:\Users\Admin\Downloads\240919-ptxl9ayhqk_Backdoor.Win32.Berbew.AA.MTB-3d059422e990a2f465442636f0884b52620c9e3beb626b42d46e660458aae7e4N
    3⤵
    PID:5000
  - - C:\Windows\SysWOW64\Kbehgi32.exe
      C:\Windows\system32\Kbehgi32.exe
      4⤵
      PID:2232
    - - C:\Windows\SysWOW64\Liffebgm.exe
        
        C:\Windows\system32\Liffebgm.exe
        5⤵
        
        PID:5832
- - C:\Users\Admin\Downloads\240919-pryrjaygqj_eb581de89b19fc1429482bc501a6b935_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-pryrjaygqj_eb581de89b19fc1429482bc501a6b935_JaffaCakes118.exe
    3⤵
    PID:3368
- - C:\Users\Admin\Downloads\240919-pr49baycrg_eb583ccf1753294e7660d26e433fd6eb_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-pr49baycrg_eb583ccf1753294e7660d26e433fd6eb_JaffaCakes118.exe
    3⤵
    PID:2676
- - C:\Users\Admin\Downloads\240919-psckpayhjn_eb586fb27c1340840b93eada3a4e640d_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-psckpayhjn_eb586fb27c1340840b93eada3a4e640d_JaffaCakes118.exe
    3⤵
    PID:1476
- - C:\Users\Admin\Downloads\240919-pr3eqaygrk_b334bb664f4fd751d66b03f528e16746b25e6799f8dd25605689c1542e9ca1f6N.exe
    C:\Users\Admin\Downloads\240919-pr3eqaygrk_b334bb664f4fd751d66b03f528e16746b25e6799f8dd25605689c1542e9ca1f6N.exe
    3⤵
    PID:3016
  - - C:\Windows\SysWOW64\Klnmpnli.exe
      C:\Windows\system32\Klnmpnli.exe
      4⤵
      PID:6000
- - C:\Users\Admin\Downloads\240919-ptx8saydra_8aea267d26fa51fc94d8ac61f063cd6c9a9e83dcfd068c6518d5bca4289dd471.exe
    C:\Users\Admin\Downloads\240919-ptx8saydra_8aea267d26fa51fc94d8ac61f063cd6c9a9e83dcfd068c6518d5bca4289dd471.exe
    3⤵
    PID:2724
- - C:\Users\Admin\Downloads\240919-pveg3ayejh_eb59d3564b9ded0a43173f27236a8339_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-pveg3ayejh_eb59d3564b9ded0a43173f27236a8339_JaffaCakes118.exe
    3⤵
    PID:2996
- - C:\Users\Admin\Downloads\240919-ptljzsyhnq_a2e81419ead7bab7d3eb56ba49aa57fbc2607d56565483c6323e977a0468d6a8.exe
    C:\Users\Admin\Downloads\240919-ptljzsyhnq_a2e81419ead7bab7d3eb56ba49aa57fbc2607d56565483c6323e977a0468d6a8.exe
    3⤵
    PID:5656
- - C:\Users\Admin\Downloads\240919-pyzbmszbqk_eb5c919afd904cf62615161c2c83720f_JaffaCakes118.exe
    C:\Users\Admin\Downloads\240919-pyzbmszbqk_eb5c919afd904cf62615161c2c83720f_JaffaCakes118.exe
    3⤵
    PID:6912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 2408 -ip 2408
1⤵
PID:3092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 5156 -ip 5156
1⤵
PID:1184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 3116 -ip 3116
1⤵
PID:3756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 488 -p 2724 -ip 2724
1⤵
PID:3240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 500 -p 5656 -ip 5656
1⤵
PID:4936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 5656 -ip 5656
1⤵
PID:4216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 2724 -ip 2724
1⤵
PID:6928

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI45482\VCRUNTIME140.dll

Filesize
96KB

MD5
f12681a472b9dd04a812e16096514974

SHA1
6fd102eb3e0b0e6eef08118d71f28702d1a9067c

SHA256
d66c3b47091ceb3f8d3cc165a43d285ae919211a0c0fcb74491ee574d8d464f8

SHA512
7d3accbf84de73fb0c5c0de812a9ed600d39cd7ed0f99527ca86a57ce63f48765a370e913e3a46ffc2ccd48ee07d823dafdd157710eef9e7cc1eb7505dc323a2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45482\VCRUNTIME140_1.dll

Filesize
37KB

MD5
75e78e4bf561031d39f86143753400ff

SHA1
324c2a99e39f8992459495182677e91656a05206

SHA256
1758085a61527b427c4380f0c976d29a8bee889f2ac480c356a3f166433bf70e

SHA512
ce4daf46bce44a89d21308c63e2de8b757a23be2630360209c4a25eb13f1f66a04fbb0a124761a33bbf34496f2f2a02b8df159b4b62f1b6241e1dbfb0e5d9756

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45482\_asyncio.pyd

Filesize
62KB

MD5
2859c39887921dad2ff41feda44fe174

SHA1
fae62faf96223ce7a3e6f7389a9b14b890c24789

SHA256
aebc378db08617ea81a0a3a3bc044bcc7e6303e314630392dd51bab12f879bd9

SHA512
790be0c95c81eb6d410e53fe8018e2ca5efd1838dc60539ebb011911c36c8478333ee95989cfd1ddaf4f892b537ae8305eb4cd893906930deae59c8965cf2fbb

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45482\_bz2.pyd

Filesize
81KB

MD5
4101128e19134a4733028cfaafc2f3bb

SHA1
66c18b0406201c3cfbba6e239ab9ee3dbb3be07d

SHA256
5843872d5e2b08f138a71fe9ba94813afee59c8b48166d4a8eb0f606107a7e80

SHA512
4f2fc415026d7fd71c5018bc2ffdf37a5b835a417b9e5017261849e36d65375715bae148ce8f9649f9d807a63ac09d0fb270e4abae83dfa371d129953a5422ca

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45482\_cffi_backend.cp311-win_amd64.pyd

Filesize
174KB

MD5
739d352bd982ed3957d376a9237c9248

SHA1
961cf42f0c1bb9d29d2f1985f68250de9d83894d

SHA256
9aee90cf7980c8ff694bb3ffe06c71f87eb6a613033f73e3174a732648d39980

SHA512
585a5143519ed9b38bb53f912cea60c87f7ce8ba159a1011cf666f390c2e3cc149e0ac601b008e039a0a78eaf876d7a3f64fff612f5de04c822c6e214bc2efde

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45482\_ctypes.pyd

Filesize
120KB

MD5
6a9ca97c039d9bbb7abf40b53c851198

SHA1
01bcbd134a76ccd4f3badb5f4056abedcff60734

SHA256
e662d2b35bb48c5f3432bde79c0d20313238af800968ba0faa6ea7e7e5ef4535

SHA512
dedf7f98afc0a94a248f12e4c4ca01b412da45b926da3f9c4cbc1d2cbb98c8899f43f5884b1bf1f0b941edaeef65612ea17438e67745962ff13761300910960d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45482\_decimal.pyd

Filesize
245KB

MD5
d47e6acf09ead5774d5b471ab3ab96ff

SHA1
64ce9b5d5f07395935df95d4a0f06760319224a2

SHA256
d0df57988a74acd50b2d261e8b5f2c25da7b940ec2aafbee444c277552421e6e

SHA512
52e132ce94f21fa253fed4cf1f67e8d4423d8c30224f961296ee9f64e2c9f4f7064d4c8405cd3bb67d3cf880fe4c21ab202fa8cf677e3b4dad1be6929dbda4e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45482\_hashlib.pyd

Filesize
62KB

MD5
de4d104ea13b70c093b07219d2eff6cb

SHA1
83daf591c049f977879e5114c5fea9bbbfa0ad7b

SHA256
39bc615842a176db72d4e0558f3cdcae23ab0623ad132f815d21dcfbfd4b110e

SHA512
567f703c2e45f13c6107d767597dba762dc5caa86024c87e7b28df2d6c77cd06d3f1f97eed45e6ef127d5346679fea89ac4dc2c453ce366b6233c0fa68d82692

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45482\_lzma.pyd

Filesize
154KB

MD5
337b0e65a856568778e25660f77bc80a

SHA1
4d9e921feaee5fa70181eba99054ffa7b6c9bb3f

SHA256
613de58e4a9a80eff8f8bc45c350a6eaebf89f85ffd2d7e3b0b266bf0888a60a

SHA512
19e6da02d9d25ccef06c843b9f429e6b598667270631febe99a0d12fc12d5da4fb242973a8351d3bf169f60d2e17fe821ad692038c793ce69dfb66a42211398e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45482\_multiprocessing.pyd

Filesize
32KB

MD5
1386dbc6dcc5e0be6fef05722ae572ec

SHA1
470f2715fafd5cafa79e8f3b0a5434a6da78a1ba

SHA256
0ae3bf383ff998886f97576c55d6bf0a076c24395cf6fcd2265316e9a6e8c007

SHA512
ca6e5c33273f460c951cb8ec1d74ce61c0025e2ead6d517c18a6b0365341a0fd334e8976006cd62b72eb5620ccc42cfdd5196e8b10691b8f19f69f851a440293

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45482\_overlapped.pyd

Filesize
48KB

MD5
01ad7ca8bc27f92355fd2895fc474157

SHA1
15948cd5a601907ff773d0b48e493adf0d38a1a6

SHA256
a083e83f609ed7a2fc18a95d44d8f91c9dc74842f33e19e91988e84db94c3b5b

SHA512
8fe6ac8430f8dde45c74f45575365753042642dc9fa9defbcf25ae1832baf6abb1ea1ad6d087e4ece5d0590e36cee1beea99845aef6182c1eec4bafdf9557604

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45482\_queue.pyd

Filesize
30KB

MD5
ff8300999335c939fcce94f2e7f039c0

SHA1
4ff3a7a9d9ca005b5659b55d8cd064d2eb708b1a

SHA256
2f71046891ba279b00b70eb031fe90b379dbe84559cf49ce5d1297ea6bf47a78

SHA512
f29b1fd6f52130d69c8bd21a72a71841bf67d54b216febcd4e526e81b499b9b48831bb7cdff0bff6878aab542ca05d6326b8a293f2fb4dd95058461c0fd14017

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45482\_socket.pyd

Filesize
76KB

MD5
8140bdc5803a4893509f0e39b67158ce

SHA1
653cc1c82ba6240b0186623724aec3287e9bc232

SHA256
39715ef8d043354f0ab15f62878530a38518fb6192bc48da6a098498e8d35769

SHA512
d0878fee92e555b15e9f01ce39cfdc3d6122b41ce00ec3a4a7f0f661619f83ec520dca41e35a1e15650fb34ad238974fe8019577c42ca460dde76e3891b0e826

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45482\_ssl.pyd

Filesize
155KB

MD5
069bccc9f31f57616e88c92650589bdd

SHA1
050fc5ccd92af4fbb3047be40202d062f9958e57

SHA256
cb42e8598e3fa53eeebf63f2af1730b9ec64614bda276ab2cd1f1c196b3d7e32

SHA512
0e5513fbe42987c658dba13da737c547ff0b8006aecf538c2f5cf731c54de83e26889be62e5c8a10d2c91d5ada4d64015b640dab13130039a5a8a5ab33a723dc

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45482\_tcl_data\encoding\cp1252.enc

Filesize
1KB

MD5
e9117326c06fee02c478027cb625c7d8

SHA1
2ed4092d573289925a5b71625cf43cc82b901daf

SHA256
741859cf238c3a63bbb20ec6ed51e46451372bb221cfff438297d261d0561c2e

SHA512
d0a39bc41adc32f2f20b1a0ebad33bf48dfa6ed5cc1d8f92700cdd431db6c794c09d9f08bb5709b394acf54116c3a1e060e2abcc6b503e1501f8364d3eebcd52

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45482\_tkinter.pyd

Filesize
61KB

MD5
442304ce4ad2d40e0d85a89b52b6d272

SHA1
5b5add527dd6fea47d4caa923694eee8d741b488

SHA256
6ff6cc788f1ab19de383810ddbd15ecd5fc8216faf5e1e406bbf9a608fbb9991

SHA512
df5a47780a6642c310417c2d2e8c439eb2a324d9318ef1ea5af36c5657cc34a8aa950edbe5f91869bf0d50cccebcb7a08447dbcfdc75e29acc8c72327f231e43

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45482\base_library.zip

Filesize
1.4MB

MD5
481da210e644d6b317cafb5ddf09e1a5

SHA1
00fe8e1656e065d5cf897986c12ffb683f3a2422

SHA256
3242ea7a6c4c712f10108a619bf5213878146547838f7e2c1e80d2778eb0aaa0

SHA512
74d177794f0d7e67f64a4f0c9da4c3fd25a4d90eb909e942e42e5651cc1930b8a99eef6d40107aa8756e75ffbcc93284b916862e24262df897aaac97c5072210

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45482\certifi\cacert.pem

Filesize
292KB

MD5
50ea156b773e8803f6c1fe712f746cba

SHA1
2c68212e96605210eddf740291862bdf59398aef

SHA256
94edeb66e91774fcae93a05650914e29096259a5c7e871a1f65d461ab5201b47

SHA512
01ed2e7177a99e6cb3fbef815321b6fa036ad14a3f93499f2cb5b0dae5b713fd2e6955aa05f6bda11d80e9e0275040005e5b7d616959b28efc62abb43a3238f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45482\charset_normalizer\md.cp311-win_amd64.pyd

Filesize
10KB

MD5
723ec2e1404ae1047c3ef860b9840c29

SHA1
8fc869b92863fb6d2758019dd01edbef2a9a100a

SHA256
790a11aa270523c2efa6021ce4f994c3c5a67e8eaaaf02074d5308420b68bd94

SHA512
2e323ae5b816adde7aaa14398f1fdb3efe15a19df3735a604a7db6cadc22b753046eab242e0f1fbcd3310a8fbb59ff49865827d242baf21f44fd994c3ac9a878

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45482\charset_normalizer\md__mypyc.cp311-win_amd64.pyd

Filesize
116KB

MD5
9ea8098d31adb0f9d928759bdca39819

SHA1
e309c85c1c8e6ce049eea1f39bee654b9f98d7c5

SHA256
3d9893aa79efd13d81fcd614e9ef5fb6aad90569beeded5112de5ed5ac3cf753

SHA512
86af770f61c94dfbf074bcc4b11932bba2511caa83c223780112bda4ffb7986270dc2649d4d3ea78614dbce6f7468c8983a34966fc3f2de53055ac6b5059a707

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45482\libcrypto-1_1.dll

Filesize
3.3MB

MD5
6f4b8eb45a965372156086201207c81f

SHA1
8278f9539463f0a45009287f0516098cb7a15406

SHA256
976ce72efd0a8aeeb6e21ad441aa9138434314ea07f777432205947cdb149541

SHA512
2c5c54842aba9c82fb9e7594ae9e264ac3cbdc2cc1cd22263e9d77479b93636799d0f28235ac79937070e40b04a097c3ea3b7e0cd4376a95ed8ca90245b7891f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45482\libffi-8.dll

Filesize
34KB

MD5
32d36d2b0719db2b739af803c5e1c2f5

SHA1
023c4f1159a2a05420f68daf939b9ac2b04ab082

SHA256
128a583e821e52b595eb4b3dda17697d3ca456ee72945f7ecce48ededad0e93c

SHA512
a0a68cfc2f96cb1afd29db185c940e9838b6d097d2591b0a2e66830dd500e8b9538d170125a00ee8c22b8251181b73518b73de94beeedd421d3e888564a111c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45482\libssl-1_1.dll

Filesize
686KB

MD5
8769adafca3a6fc6ef26f01fd31afa84

SHA1
38baef74bdd2e941ccd321f91bfd49dacc6a3cb6

SHA256
2aebb73530d21a2273692a5a3d57235b770daf1c35f60c74e01754a5dac05071

SHA512
fac22f1a2ffbfb4789bdeed476c8daf42547d40efe3e11b41fadbc4445bb7ca77675a31b5337df55fdeb4d2739e0fb2cbcac2feabfd4cd48201f8ae50a9bd90b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45482\numpy\core\_multiarray_umath.cp311-win_amd64.pyd

Filesize
2.7MB

MD5
ea2e696dd221290a44fc7f095c4f185b

SHA1
dd5ae42ae6d2678d65b003ba4ca8286a80586869

SHA256
c76d812fa5131fe21c8bf9ffbd910f27df80856f910fa61698f23f60cfd9d13e

SHA512
7a811681652fb53d2da2ec0042b73a6b75b95defc9b47422df0148832a71079832a10d45ac6e457d26a708a30544ad45f08a87e61426c1f3c8252e48c6374b27

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45482\pyexpat.pyd

Filesize
193KB

MD5
1c0a578249b658f5dcd4b539eea9a329

SHA1
efe6fa11a09dedac8964735f87877ba477bec341

SHA256
d97f3e27130c267e7d3287d1b159f65559e84ead9090d02a01b4c7dc663cd509

SHA512
7b21dcd7b64eeba13ba8a618960190d1a272fa4805dedcf8f9e1168aebfe890b0ced991435ecbd353467a046fc0e8307f9a9be1021742d7d93aa124c52cc49e6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45482\python3.DLL

Filesize
64KB

MD5
34e49bb1dfddf6037f0001d9aefe7d61

SHA1
a25a39dca11cdc195c9ecd49e95657a3e4fe3215

SHA256
4055d1b9e553b78c244143ab6b48151604003b39a9bf54879dee9175455c1281

SHA512
edb715654baaf499cf788bcacd5657adcf9f20b37b02671abe71bda334629344415ed3a7e95cb51164e66a7aa3ed4bf84acb05649ccd55e3f64036f3178b7856

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45482\python311.dll

Filesize
5.5MB

MD5
9a24c8c35e4ac4b1597124c1dcbebe0f

SHA1
f59782a4923a30118b97e01a7f8db69b92d8382a

SHA256
a0cf640e756875c25c12b4a38ba5f2772e8e512036e2ac59eb8567bf05ffbfb7

SHA512
9d9336bf1f0d3bc9ce4a636a5f4e52c5f9487f51f00614fc4a34854a315ce7ea8be328153812dbd67c45c75001818fa63317eba15a6c9a024fa9f2cab163165b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45482\pywin32_system32\pythoncom311.dll

Filesize
654KB

MD5
f98264f2dacfc8e299391ed1180ab493

SHA1
849551b6d9142bf983e816fef4c05e639d2c1018

SHA256
0fe49ec1143a0efe168809c9d48fe3e857e2ac39b19db3fd8718c56a4056696b

SHA512
6bb3dbd9f4d3e6b7bd294f3cb8b2ef4c29b9eff85c0cfd5e2d2465be909014a7b2ecd3dc06265b1b58196892bb04d3e6b0aa4b2ccbf3a716e0ff950eb28db11c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45482\pywin32_system32\pywintypes311.dll

Filesize
131KB

MD5
90b786dc6795d8ad0870e290349b5b52

SHA1
592c54e67cf5d2d884339e7a8d7a21e003e6482f

SHA256
89f2a5c6be1e70b3d895318fdd618506b8c0e9a63b6a1a4055dff4abdc89f18a

SHA512
c6e1dbf25d260c723a26c88ec027d40d47f5e28fc9eb2dbc72a88813a1d05c7f75616b31836b68b87df45c65eef6f3eaed2a9f9767f9e2f12c45f672c2116e72

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45482\select.pyd

Filesize
28KB

MD5
97ee623f1217a7b4b7de5769b7b665d6

SHA1
95b918f3f4c057fb9c878c8cc5e502c0bd9e54c0

SHA256
0046eb32f873cde62cf29af02687b1dd43154e9fd10e0aa3d8353d3debb38790

SHA512
20edc7eae5c0709af5c792f04a8a633d416da5a38fc69bd0409afe40b7fb1afa526de6fe25d8543ece9ea44fd6baa04a9d316ac71212ae9638bdef768e661e0f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45482\tcl86t.dll

Filesize
1.8MB

MD5
ac6cd2fb2cd91780db186b8d6e447b7c

SHA1
b387b9b6ca5f0a2b70028ab2147789c4fe24ef7a

SHA256
a91781fe13548b89817462b00058a75fb0b607ec8ce99d265719ced573ade7b6

SHA512
45b24ca07a44d8d90e5efeded2697a37f000b39d305fe63a67292fdd237de3f8efd5e85b139b5702faa695f9f27f12f24ac497e005e2f3c24c141d7cd85305b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45482\tk86t.dll

Filesize
1.5MB

MD5
499fa3dea045af56ee5356c0ce7d6ce2

SHA1
0444b7d4ecd25491245824c17b84916ee5b39f74

SHA256
20139f4c327711baf18289584fa0c8112f7bb3ba55475bded21f3d107672ed94

SHA512
d776749effa241ba1415b28d2fcff1d64ed903569a8c4e56dfddd672a53b2f44119734b1959b72a9b3f4060bb2c67b7dea959cc2d4a8e9f781f17009c6840fc1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45482\unicodedata.pyd

Filesize
1.1MB

MD5
bc58eb17a9c2e48e97a12174818d969d

SHA1
11949ebc05d24ab39d86193b6b6fcff3e4733cfd

SHA256
ecf7836aa0d36b5880eb6f799ec402b1f2e999f78bfff6fb9a942d1d8d0b9baa

SHA512
4aa2b2ce3eb47503b48f6a888162a527834a6c04d3b49c562983b4d5aad9b7363d57aef2e17fe6412b89a9a3b37fb62a4ade4afc90016e2759638a17b1deae6c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45482\win32\win32api.pyd

Filesize
130KB

MD5
1d6762b494dc9e60ca95f7238ae1fb14

SHA1
aa0397d96a0ed41b2f03352049dafe040d59ad5d

SHA256
fae5323e2119a8f678055f4244177b5806c7b6b171b1945168f685631b913664

SHA512
0b561f651161a34c37ff8d115f154c52202f573d049681f8cdd7bba2e966bb8203780c19ba824b4a693ef12ef1eeef6aeeef96eb369e4b6129f1deb6b26aaa00

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45482\zstandard\backend_c.cp311-win_amd64.pyd

Filesize
512KB

MD5
dc08f04c9e03452764b4e228fc38c60b

SHA1
317bcc3f9c81e2fc81c86d5a24c59269a77e3824

SHA256
b990efbda8a50c49cd7fde5894f3c8f3715cb850f8cc4c10bc03fd92e310260f

SHA512
fbc24dd36af658cece54be14c1118af5fda4e7c5b99d22f99690a1fd625cc0e8aa41fd9accd1c74bb4b03d494b6c3571b24f2ee423aaae9a5ad50adc583c52f7

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\vcna.exe

Filesize
76KB

MD5
58e1cac304966817b3e1403fe22be76d

SHA1
a814e76b74d4a9b2f1f7709507892d7f0709a59b

SHA256
ec397fce9b0fe02480a6512f1dc9a1dbacae7658354326d2499dd6bf76797977

SHA512
1068a64701eb5de036d36ab7d3fb5c6cf8a2097b61112872183d222e61f58a077f87f2bfbf423f775be5236ac608440881c84d02cca0c47e9fd79d71585f9f76

Download Submit
C:\Users\Admin\Downloads\240919-psq33sydlf_1630f55ec7f51e877e7a317af55912e8546312bd154e076e3462f32387f95a16N.exe

Filesize
41KB

MD5
ae384090205e1227dedab98854488980

SHA1
73af89c4d6345235f22a52ec833569ddf966b284

SHA256
1630f55ec7f51e877e7a317af55912e8546312bd154e076e3462f32387f95a16

SHA512
6a427e0a5ccb6b681fcb670dd5cddc9ebdbe7ca99feaab84008d7789855f93370ed1499a2a16b825c7f4b8cdfd5089ee54cb7864e03a8ca0f83bb0c5ad62e158

Download Submit
C:\Users\Admin\vrxiox.exe

Filesize
112KB

MD5
8f1e2259c625414e9c3dc97156a7e816

SHA1
66f9e43acc1b7904cef3e3bb8062255d14328fba

SHA256
b5298dd5f344618694b7b93569c6144edfee23b488130a4eca8955457bbb70a5

SHA512
9baa7464b6a54b02682512249d72866b7b621fe256f00f8b1ca2161dae55fab2b33a9a4449b8ae734f30b41abf18f5ad169caa6fe72558a9a69b42dec2d7d7ab

Download Submit
C:\Windows\SysWOW64\Bboaof32.dll

Filesize
7KB

MD5
d10520b9f2453ec182f3eb6010665102

SHA1
22b57a82302887eea1f3948ac2796ffcd6f9f266

SHA256
5c83330e91de7e110346f033ed8f8f82bad7b82033a34e3058e88a5d60c1a89e

SHA512
60ae63ab8053979b6f49dbcfad9d81d17efe619135fbe72b8bac4a98d79c0cbcb567342c45ea778123fea62481dbec61006109e90436d9a919ea80121e61998e

Download Submit
C:\Windows\SysWOW64\Dhkmlk32.dll

Filesize
7KB

MD5
77942a801becc95c7875f02fd683df8c

SHA1
842eb66bf6ee249f977da1237a838de4d4b8ff10

SHA256
1bff81f571657e21a3d04ab320d25a6c31152c14999b348430ae2422fc565f42

SHA512
d860903ff18d8e7ab37231b07efa62a3efadec4cca012b466f794d164e7624d3f83da16852cd0014dc492c781936186a4e04befe1ae0ad6bc091e162cc659566

Download Submit
C:\Windows\SysWOW64\Jcfhpnik.exe

Filesize
80KB

MD5
42ce6598306ba7175c0457905ee9a6fb

SHA1
40ec34decc35f58c2ed375a445349f9794038aad

SHA256
5749c442f9b45b8243aa0d992b69a909b636fa7b0611000a9428ce26d1630d51

SHA512
8609ac3690d85563d129643890217862bd05ba5bd483c2de3996dedfe1bd4d4324fe3453e69e71db99d9146dfa55f29477e8a544edff027a67bf100abe6625a4

Download Submit
C:\autorun.inf

Filesize
126B

MD5
163e20cbccefcdd42f46e43a94173c46

SHA1
4c7b5048e8608e2a75799e00ecf1bbb4773279ae

SHA256
7780bee9df142a17e0457f3dcb2788b50fc2792370089335597d33719126fb7e

SHA512
e5ac0ff6b087857799ab70f68067c9dc73eeb93ccfcad87047052380b95ade3e6eb2a7d01a0f850d548a39f4b1ebb60e299d603dbe25c31b9a3585b34a0c65a8

Download Submit
C:\zPharaoh.exe

Filesize
151KB

MD5
a329e9ae7ea8c6f94bab9b4dd1807dad

SHA1
0048819284e02735df69f7401a3dac17100c318d

SHA256
87664f9a95eee1bc785b7ef302cf44ef43b1e65aead24078b3da055d0f49bc92

SHA512
ad69b6413d6634c9e7c2ff86af95d4b13f3a4f42ba2992adc5e520524767e7ee56a301ba9c4d6e1f5d2eda57e71c4fa135879c5bcfe55c061c96e999324148a5

Download Submit
F:\zPharaoh.exe

Filesize
152KB

MD5
302e25e81b90f440757936c16f826930

SHA1
f82619630f2d9cd11b60adb41196c248381d6736

SHA256
6aa9dcfd476b2695fb7b5986c9724d1b2d4f2252de6f7272aa4c25366f8a0ad9

SHA512
0cd1a64feb670c2d505e2b8f62351cf9f57f163b8d6fa8310af3b587d1884c77a049188151e25615aee9cb72fd07b103fa9e580e209e124b485e93908966dc69

Download Submit
memory/432-1344-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/452-1576-0x00000000005E0000-0x00000000005E1000-memory.dmp

Filesize
4KB

Download
memory/452-1239-0x0000000000400000-0x0000000000439000-memory.dmp

Filesize
228KB

Download
memory/628-1511-0x0000000000400000-0x0000000000439000-memory.dmp

Filesize
228KB

Download
memory/764-1549-0x00000000021A0000-0x00000000021A1000-memory.dmp

Filesize
4KB

Download
memory/764-1568-0x0000000000450000-0x0000000000452000-memory.dmp

Filesize
8KB

Download
memory/764-1182-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/768-1223-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download
memory/768-1411-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download
memory/1180-1382-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/1232-1092-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/1232-1539-0x0000000000480000-0x0000000000481000-memory.dmp

Filesize
4KB

Download
memory/1232-1563-0x0000000000470000-0x0000000000472000-memory.dmp

Filesize
8KB

Download
memory/1476-1488-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/1504-1230-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/1548-1699-0x0000000000400000-0x0000000000439000-memory.dmp

Filesize
228KB

Download
memory/1584-1482-0x0000000000400000-0x0000000000439000-memory.dmp

Filesize
228KB

Download
memory/1584-1241-0x0000000000400000-0x0000000000439000-memory.dmp

Filesize
228KB

Download
memory/1604-1345-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/1664-1115-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download
memory/1672-1537-0x0000000002090000-0x0000000002091000-memory.dmp

Filesize
4KB

Download
memory/1672-1269-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download
memory/1672-1090-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download
memory/1672-1562-0x0000000000560000-0x0000000000562000-memory.dmp

Filesize
8KB

Download
memory/1724-1114-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/1724-1541-0x0000000000550000-0x0000000000551000-memory.dmp

Filesize
4KB

Download
memory/1724-1564-0x0000000000540000-0x0000000000542000-memory.dmp

Filesize
8KB

Download
memory/1824-1420-0x0000000000400000-0x0000000000439000-memory.dmp

Filesize
228KB

Download
memory/2232-1514-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/2324-1349-0x0000000000400000-0x00000000004CB000-memory.dmp

Filesize
812KB

Download
memory/2408-1273-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/2460-1565-0x0000000000590000-0x0000000000592000-memory.dmp

Filesize
8KB

Download
memory/2460-1543-0x00000000005A0000-0x00000000005A1000-memory.dmp

Filesize
4KB

Download
memory/2460-1138-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/2676-1487-0x0000000000400000-0x00000000004C2000-memory.dmp

Filesize
776KB

Download
memory/2716-1271-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/2724-1508-0x0000000000400000-0x00000000006EF83B-memory.dmp

Filesize
2.9MB

Download
memory/2760-1486-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2936-1570-0x0000000001F00000-0x0000000001F02000-memory.dmp

Filesize
8KB

Download
memory/2936-1553-0x00000000027B0000-0x00000000027B1000-memory.dmp

Filesize
4KB

Download
memory/2980-1436-0x0000000000400000-0x0000000000439000-memory.dmp

Filesize
228KB

Download
memory/3016-1489-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/3064-1557-0x00000000005F0000-0x00000000005F1000-memory.dmp

Filesize
4KB

Download
memory/3064-1572-0x0000000000590000-0x0000000000592000-memory.dmp

Filesize
8KB

Download
memory/3064-1221-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3088-1566-0x00000000005C0000-0x00000000005C2000-memory.dmp

Filesize
8KB

Download
memory/3088-1179-0x0000000000400000-0x0000000000439000-memory.dmp

Filesize
228KB

Download
memory/3088-1545-0x00000000007F0000-0x00000000007F1000-memory.dmp

Filesize
4KB

Download
memory/3116-1386-0x0000000000400000-0x0000000000416000-memory.dmp

Filesize
88KB

Download
memory/3212-1139-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download
memory/3224-1410-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3324-1181-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/3368-1485-0x0000000000400000-0x0000000000425000-memory.dmp

Filesize
148KB

Download
memory/3452-1510-0x0000000002180000-0x000000000320E000-memory.dmp

Filesize
16.6MB

Download
memory/3452-1525-0x0000000002180000-0x000000000320E000-memory.dmp

Filesize
16.6MB

Download
memory/3452-1483-0x0000000000400000-0x0000000000413000-memory.dmp

Filesize
76KB

Download
memory/3452-1518-0x0000000002180000-0x000000000320E000-memory.dmp

Filesize
16.6MB

Download
memory/3452-1522-0x0000000002180000-0x000000000320E000-memory.dmp

Filesize
16.6MB

Download
memory/3452-1523-0x0000000002180000-0x000000000320E000-memory.dmp

Filesize
16.6MB

Download
memory/3452-1517-0x0000000002180000-0x000000000320E000-memory.dmp

Filesize
16.6MB

Download
memory/3452-1500-0x0000000002180000-0x000000000320E000-memory.dmp

Filesize
16.6MB

Download
memory/3452-1502-0x0000000002180000-0x000000000320E000-memory.dmp

Filesize
16.6MB

Download
memory/3452-1520-0x0000000002180000-0x000000000320E000-memory.dmp

Filesize
16.6MB

Download
memory/3480-1180-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/3480-1547-0x00000000005E0000-0x00000000005E1000-memory.dmp

Filesize
4KB

Download
memory/3480-1567-0x0000000000590000-0x0000000000592000-memory.dmp

Filesize
8KB

Download
memory/3516-1551-0x0000000000530000-0x0000000000531000-memory.dmp

Filesize
4KB

Download
memory/3516-1569-0x0000000000490000-0x0000000000492000-memory.dmp

Filesize
8KB

Download
memory/3516-1183-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/3580-1516-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3612-1350-0x0000000000400000-0x0000000000439000-memory.dmp

Filesize
228KB

Download
memory/3672-1407-0x0000000000400000-0x0000000000439000-memory.dmp

Filesize
228KB

Download
memory/4148-1270-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/4280-1306-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/4336-1561-0x0000000002FA0000-0x0000000002FA2000-memory.dmp

Filesize
8KB

Download
memory/4336-1245-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/4336-1535-0x00000000030F0000-0x00000000030F1000-memory.dmp

Filesize
4KB

Download
memory/4336-1079-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/4364-1232-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/4380-1243-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/4420-1231-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/4504-1560-0x00000000005C0000-0x00000000005C2000-memory.dmp

Filesize
8KB

Download
memory/4504-1533-0x0000000000910000-0x0000000000911000-memory.dmp

Filesize
4KB

Download
memory/4560-1383-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4872-1578-0x00000000004C0000-0x00000000004C1000-memory.dmp

Filesize
4KB

Download
memory/4872-1224-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/5000-1484-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/5048-1381-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/5168-1233-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/5384-1528-0x00000000004F0000-0x00000000004F1000-memory.dmp

Filesize
4KB

Download
memory/5384-1070-0x0000000000500000-0x0000000000510200-memory.dmp

Filesize
64KB

Download
memory/5384-1240-0x0000000000500000-0x0000000000510200-memory.dmp

Filesize
64KB

Download
memory/5384-1527-0x00000000004E0000-0x00000000004E2000-memory.dmp

Filesize
8KB

Download
memory/5384-1529-0x00000000004E0000-0x00000000004E2000-memory.dmp

Filesize
8KB

Download
memory/5464-1571-0x0000000000480000-0x0000000000482000-memory.dmp

Filesize
8KB

Download
memory/5464-1184-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/5464-1555-0x0000000000490000-0x0000000000491000-memory.dmp

Filesize
4KB

Download
memory/5504-1513-0x0000000000400000-0x0000000000439000-memory.dmp

Filesize
228KB

Download
memory/5540-1304-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/5540-1246-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/5548-1235-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/5580-1573-0x0000000002CD0000-0x0000000002CD2000-memory.dmp

Filesize
8KB

Download
memory/5580-1222-0x0000000000500000-0x0000000000510200-memory.dmp

Filesize
64KB

Download
memory/5580-1574-0x0000000002E20000-0x0000000002E21000-memory.dmp

Filesize
4KB

Download
memory/5652-1409-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/5656-1509-0x0000000000400000-0x00000000006F883B-memory.dmp

Filesize
3.0MB

Download
memory/5732-1531-0x0000000002100000-0x0000000002101000-memory.dmp

Filesize
4KB

Download
memory/5732-1559-0x00000000020B0000-0x00000000020B2000-memory.dmp

Filesize
8KB

Download
memory/5740-1415-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/5744-1408-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/5808-1346-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/5832-1512-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/5840-1348-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/5948-1272-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/6000-1515-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/6108-1347-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download

Analysis

Sharing

General

Malware Config

Extracted

Extracted

Extracted

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads