e716a8c72a6ecbf85b8c35dc55a1b1602b2f4967a7bc98d4d5670bf92d17343d

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
01-10-2024 23:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

07cf3950c965e8472bddaeb31f31cb13_JaffaCakes118.exe
Size

558KB
MD5

07cf3950c965e8472bddaeb31f31cb13
SHA1

c0709c654f5cb752a2dd1a292e4aa9887e190c8f
SHA256

e716a8c72a6ecbf85b8c35dc55a1b1602b2f4967a7bc98d4d5670bf92d17343d
SHA512

54368031b0a3184d839d83a3126fcb86d322322611ced569bf69351a1c23cf9e48dbf8a4151cddc51247bb7fb0b3d5fe2d91a456b91cdbd1f359331f3d2a1d16
SSDEEP

12288:R9OUjNAOKYeyH9I3v6v0Q9m+zjOZ3inEB1/FrHTee:m+RKYtio0Qc+zCFs6/t

Score

7^/10

adware discovery persistence stealer

Malware Config

Signatures

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\Control Panel\International\Geo\Nation	07cf3950c965e8472bddaeb31f31cb13_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\Control Panel\International\Geo\Nation	rinst.exe

Executes dropped EXE 3 IoCs

pid	Process
2528	rinst.exe
876	priviteCAshHACK.exe
2268	BPK.exe

Loads dropped DLL 5 IoCs

pid	Process
2268	BPK.exe
876	priviteCAshHACK.exe
2268	BPK.exe
2268	BPK.exe
4088	07cf3950c965e8472bddaeb31f31cb13_JaffaCakes118.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\BPK = "C:\\WINDOWS\\BPK.exe"	BPK.exe

Installs/modifies Browser Helper Object 2 TTPs 2 IoCs

BHOs are DLL modules which act as plugins for Internet Explorer.

stealer adware

Modify Registry

T1112

Browser Extensions

T1176

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1E1B2879-88FF-11D3-8D96-D7ACAC95951A}	BPK.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1E1B2879-88FF-11D3-8D96-D7ACAC95951A}\ = "PK IE Plugin"	BPK.exe

Drops file in Windows directory 7 IoCs

description	ioc	Process
File created	C:\WINDOWS\pk.bin	rinst.exe
File created	C:\WINDOWS\BPK.exe	rinst.exe
File created	C:\WINDOWS\BPKhk.dll	rinst.exe
File created	C:\WINDOWS\BPKwb.dll	rinst.exe
File created	C:\WINDOWS\inst.dat	rinst.exe
File created	C:\WINDOWS\rinst.exe	rinst.exe
File opened for modification	C:\WINDOWS\pk.bin	BPK.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	priviteCAshHACK.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BPK.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	07cf3950c965e8472bddaeb31f31cb13_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rinst.exe

Modifies registry class 46 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1E1B2879-88FF-11D3-8D96-D7ACAC95951A}\ = "IE Plugin Class"	BPK.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{1E1B286C-88FF-11D3-8D96-D7ACAC95951A}\1.0	BPK.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1E1B2878-88FF-11D3-8D96-D7ACAC95951A}\ = "IViewSource"	BPK.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1E1B2878-88FF-11D3-8D96-D7ACAC95951A}\TypeLib	BPK.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1E1B2878-88FF-11D3-8D96-D7ACAC95951A}\TypeLib\Version = "1.0"	BPK.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\PK.IE.1\CLSID	BPK.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\PK.IE\CurVer\ = "PK.IE.1"	BPK.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1E1B2879-88FF-11D3-8D96-D7ACAC95951A}\VersionIndependentProgID\ = "PK.IE"	BPK.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{1E1B286C-88FF-11D3-8D96-D7ACAC95951A}\1.0\ = "BPK IE Plugin Type Library"	BPK.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{1E1B286C-88FF-11D3-8D96-D7ACAC95951A}\1.0\0\win32\ = "C:\\WINDOWS\\BPKwb.dll"	BPK.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{1E1B286C-88FF-11D3-8D96-D7ACAC95951A}\1.0\HELPDIR	BPK.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\PK.IE\CLSID	BPK.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1E1B2879-88FF-11D3-8D96-D7ACAC95951A}\ProgID\ = "PK.IE.1"	BPK.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{1E1B286C-88FF-11D3-8D96-D7ACAC95951A}\1.0\FLAGS\ = "0"	BPK.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1E1B2878-88FF-11D3-8D96-D7ACAC95951A}\TypeLib\ = "{1E1B286C-88FF-11D3-8D96-D7ACAC95951A}"	BPK.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\PK.IE\CLSID\ = "{1E1B2879-88FF-11D3-8D96-D7ACAC95951A}"	BPK.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\PK.IE\CurVer	BPK.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1E1B2879-88FF-11D3-8D96-D7ACAC95951A}	BPK.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1E1B2879-88FF-11D3-8D96-D7ACAC95951A}\VersionIndependentProgID	BPK.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{1E1B286C-88FF-11D3-8D96-D7ACAC95951A}\1.0\HELPDIR\ = "C:\\WINDOWS\\"	BPK.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1E1B2878-88FF-11D3-8D96-D7ACAC95951A}\ = "IViewSource"	BPK.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1E1B2878-88FF-11D3-8D96-D7ACAC95951A}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	BPK.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1E1B2878-88FF-11D3-8D96-D7ACAC95951A}\TypeLib	BPK.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\PK.IE	BPK.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1E1B2879-88FF-11D3-8D96-D7ACAC95951A}\ProgID	BPK.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1E1B2879-88FF-11D3-8D96-D7ACAC95951A}\InprocServer32	BPK.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1E1B2879-88FF-11D3-8D96-D7ACAC95951A}\InprocServer32\ = "C:\\WINDOWS\\BPKwb.dll"	BPK.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1E1B2879-88FF-11D3-8D96-D7ACAC95951A}\TypeLib\ = "{1E1B286C-88FF-11D3-8D96-D7ACAC95951A}"	BPK.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{1E1B286C-88FF-11D3-8D96-D7ACAC95951A}	BPK.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{1E1B286C-88FF-11D3-8D96-D7ACAC95951A}\1.0\FLAGS	BPK.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1E1B2878-88FF-11D3-8D96-D7ACAC95951A}\TypeLib\ = "{1E1B286C-88FF-11D3-8D96-D7ACAC95951A}"	BPK.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1E1B2878-88FF-11D3-8D96-D7ACAC95951A}\ProxyStubClsid32	BPK.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1E1B2878-88FF-11D3-8D96-D7ACAC95951A}\ProxyStubClsid32	BPK.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\PK.IE.1	BPK.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\PK.IE.1\ = "IE Plugin Class"	BPK.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\PK.IE.1\CLSID\ = "{1E1B2879-88FF-11D3-8D96-D7ACAC95951A}"	BPK.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\PK.IE\ = "IE Class"	BPK.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1E1B2879-88FF-11D3-8D96-D7ACAC95951A}\TypeLib	BPK.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1E1B2878-88FF-11D3-8D96-D7ACAC95951A}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	BPK.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1E1B2878-88FF-11D3-8D96-D7ACAC95951A}\TypeLib\Version = "1.0"	BPK.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1E1B2879-88FF-11D3-8D96-D7ACAC95951A}\Programmable	BPK.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1E1B2879-88FF-11D3-8D96-D7ACAC95951A}\InprocServer32\ThreadingModel = "Apartment"	BPK.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{1E1B286C-88FF-11D3-8D96-D7ACAC95951A}\1.0\0	BPK.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{1E1B286C-88FF-11D3-8D96-D7ACAC95951A}\1.0\0\win32	BPK.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1E1B2878-88FF-11D3-8D96-D7ACAC95951A}	BPK.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1E1B2878-88FF-11D3-8D96-D7ACAC95951A}	BPK.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2268	BPK.exe

Suspicious use of SendNotifyMessage 1 IoCs

pid	Process
2268	BPK.exe

Suspicious use of SetWindowsHookEx 9 IoCs

pid	Process
2268	BPK.exe
2268	BPK.exe
2268	BPK.exe
2268	BPK.exe
2268	BPK.exe
2268	BPK.exe
2268	BPK.exe
2268	BPK.exe
2268	BPK.exe

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 4088 wrote to memory of 2528	4088	07cf3950c965e8472bddaeb31f31cb13_JaffaCakes118.exe	84
PID 4088 wrote to memory of 2528	4088	07cf3950c965e8472bddaeb31f31cb13_JaffaCakes118.exe	84
PID 4088 wrote to memory of 2528	4088	07cf3950c965e8472bddaeb31f31cb13_JaffaCakes118.exe	84
PID 2528 wrote to memory of 876	2528	rinst.exe	86
PID 2528 wrote to memory of 876	2528	rinst.exe	86
PID 2528 wrote to memory of 876	2528	rinst.exe	86
PID 2528 wrote to memory of 2268	2528	rinst.exe	87
PID 2528 wrote to memory of 2268	2528	rinst.exe	87
PID 2528 wrote to memory of 2268	2528	rinst.exe	87

C:\Users\Admin\AppData\Local\Temp\07cf3950c965e8472bddaeb31f31cb13_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\07cf3950c965e8472bddaeb31f31cb13_JaffaCakes118.exe"
1⤵
- Checks computer location settings
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:4088
- C:\Users\Admin\AppData\Local\Temp\RarSFX0\rinst.exe
  "C:\Users\Admin\AppData\Local\Temp\RarSFX0\rinst.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Drops file in Windows directory
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:2528
- - C:\Users\Admin\AppData\Local\Temp\RarSFX0\priviteCAshHACK.exe
    "C:\Users\Admin\AppData\Local\Temp\RarSFX0\priviteCAshHACK.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    PID:876
- - C:\WINDOWS\BPK.exe
    C:\WINDOWS\BPK.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Adds Run key to start application
    - Installs/modifies Browser Helper Object
    - Drops file in Windows directory
    - System Location Discovery: System Language Discovery
    - Modifies registry class
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of SetWindowsHookEx
    PID:2268

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Browser Extensions

T1176

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\RarSFX0\BPK.exe

Filesize
388KB

MD5
384417d4f5579e9356d6138f7634929b

SHA1
0217e89f30294857dc1763fe6861f2f4ee80d52e

SHA256
304656d641b14520d877751c2abeefad123ad1486cf90f34b48c2b8a383cc1b2

SHA512
edab9d7ce8ad327b240c6afb7a94f4c5cd5a07954c4c967b0cd065258d313df326db1239f55a1a6415620945b66f26d760566fdb91ddd0db7fb643a14032dea8

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\BPKhk.dll

Filesize
8KB

MD5
c49b074d9f50c47cbf09f37b55c66d77

SHA1
bbecb62523e94980f9c2c0ed801ff39f3cb80f71

SHA256
ecbfca7e8157d9b619d61394a3fe164f05bbe981e16519e48bfd86d154e179b9

SHA512
d990754de57028d071369938cbbcf4b49dd7efa8993998d62a95a36a91dd9cca11609bec31325bad724df47ac4b0cf39885f458cd034e31b1b6bf93e62dbeebb

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\BPKwb.dll

Filesize
40KB

MD5
c7977eaf44b8edca4cc706aa9be5b73d

SHA1
f69d8e858a9be17962f39258b5ab509b0d483820

SHA256
fff1f5e5a668857664ca045ba6d33cc602e67bde393d567cb1c9b0262fb14caa

SHA512
6901eaa0f6443b86428886fe9c4364d83828805d029b01f208324393ae8fa15cb421bc517686029eb8a709430fa2d4ea82e0c10e0379ca4d111b153acf3cf7c0

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\inst.dat

Filesize
996B

MD5
34c9c463fb82e2ca4ecef53b9ee9c4ef

SHA1
08e7cc93086f52f7a4017d11c95084b1b27b8a81

SHA256
0665e6ef16fc799e3af452811c09e27341d2716d22b7c3eb17fa26f6e111935b

SHA512
e2b6046b5b27bc3b67aa3a4e46b6df7f0f84e595cbcfd59c8d55e56456e4d0c2e61e31c468cc8c077391fcf76d7f4c3b9e6542c227f376f479568f2323b47efe

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\pk.bin

Filesize
3KB

MD5
6c0b4a8ab11651e55aa718451719161a

SHA1
3a5d8e629feef67a2784692f1545cc4c268d1e7b

SHA256
f51dd01a9b5bd5d225c345e4f8986855f1327cc897c16722c93891e0f0c3dcd5

SHA512
4af90701328d98db4c3459d28dbedaec514d410d140e3086b79334c7bf7cd008e8911d227bfcf754d737a250c669bd0079cf94760e305d515d7516342f2791e3

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\priviteCAshHACK.exe

Filesize
793KB

MD5
bce816307fd96931d9ea6c40c7f9adb9

SHA1
029776c33ce06e4e2f97d0a820cd3c7c9a578a8d

SHA256
e3ac0d45f92fe2c854cd58704dd4e6aa61add20a985f561ec6517d753261b615

SHA512
97088465d37a010d4ef75b68ac25c22ba83833cdfd8c9628c16ba8f1262ff975a354d158000a6034ebb680185f637c7023a76fb4bca392947ea43378d45d073e

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\rinst.exe

Filesize
7KB

MD5
c2945ee5c57f33f8bbb6a4f6d539180b

SHA1
64c958603de6a1db225752e9abb87222faf24c68

SHA256
b6c83639513169d01356a02db1631e8f28320c8ed0cd9f485d5433d13616f349

SHA512
8bdd657d45ed8720c92dad611f5c41c0e8e6602444232ce23b0258a8a8c1b194b1ad6498f25292c29ed7b8deb42b220245130a87f54b34d49dd250fb31f149d4

Download Submit
C:\WINDOWS\BPKhk.dll

Filesize
8KB

MD5
a9bce1d47adb3f7779809adc1c04726d

SHA1
265b2cd93ba894477c6a9d45b0c9ab65ea88d3b4

SHA256
8f70fee209f1ff4fde13b865618751e3c8cdfb454bb1b964f07c9af90e69be94

SHA512
ea6b0d8f2c0768c6e1e147c132c24a085c4174fb7ec565d23c774bffebae28c53a2ab60d3d279879a42f904cabb4e5268e767a44773eac648721335817fdacdb

Download Submit
C:\WINDOWS\BPKwb.dll

Filesize
40KB

MD5
b2d6308dbe0a484185436a6b4e02051c

SHA1
667f13b9d6d584c14d20d5d9a43292f05d84e8b5

SHA256
d8faa101adaaa0667b753009852d6a91011284e65f4578f897efb36994dd1e69

SHA512
77db9362b7fe01dbb5ae40438a66c9a046e034ddba545bde69c49ddd56da92cb9effbbf593fea5115152ed2d851c879f76adb7a40857c8e15c86534433f7f293

Download Submit
C:\WINDOWS\pk.bin

Filesize
3KB

MD5
aabeaacbbfb19b898e830b47bc70eb3a

SHA1
2fe59216d1755b7a8d19e1ffe48f7784e838e3ef

SHA256
54e1ffba3c0a3b21431aaa2ad0acf0f60e60b7487c7078b5b5f3914737cf38cd

SHA512
5e4998c04837f1d9eb4e4a55c0f3416daf6fa5751e98b9bf6ba87ac4fc3e3936b9d72bb6139259b14ccc24e9b152752c59fd72076d43aaf2244fd36845f597c8

Download Submit
C:\Windows\BPK.exe

Filesize
388KB

MD5
6450aecf298a80d659009d8f4f7ea8b4

SHA1
c9f4e1bebfbfb0b7bc1ef97342689a26fff8e0d7

SHA256
fe41e341066d8cdc60bb563b6621745e9441b06c723c23347a2a15f3b8b17ba5

SHA512
fd2e7775e3679d8be83642f4d8db8c7b7df8b24c661e8d5ce7e7d357ea7bf7ccaf53622e1ac0c889fe802c2c9d433756871a690314856355284947f3402689e7

Download Submit
memory/876-50-0x0000000000400000-0x00000000004CC000-memory.dmp

Filesize
816KB

Download
memory/876-56-0x0000000000400000-0x00000000004CC000-memory.dmp

Filesize
816KB

Download
memory/876-51-0x0000000000400000-0x00000000004CC000-memory.dmp

Filesize
816KB

Download
memory/876-52-0x0000000000400000-0x00000000004CC000-memory.dmp

Filesize
816KB

Download
memory/876-53-0x0000000000400000-0x00000000004CC000-memory.dmp

Filesize
816KB

Download
memory/876-54-0x0000000000400000-0x00000000004CC000-memory.dmp

Filesize
816KB

Download
memory/876-55-0x0000000000400000-0x00000000004CC000-memory.dmp

Filesize
816KB

Download
memory/876-63-0x0000000000400000-0x00000000004CC000-memory.dmp

Filesize
816KB

Download
memory/876-57-0x0000000000400000-0x00000000004CC000-memory.dmp

Filesize
816KB

Download
memory/876-58-0x0000000000400000-0x00000000004CC000-memory.dmp

Filesize
816KB

Download
memory/876-59-0x0000000000400000-0x00000000004CC000-memory.dmp

Filesize
816KB

Download
memory/876-60-0x0000000000400000-0x00000000004CC000-memory.dmp

Filesize
816KB

Download
memory/876-61-0x0000000000400000-0x00000000004CC000-memory.dmp

Filesize
816KB

Download
memory/876-62-0x0000000000400000-0x00000000004CC000-memory.dmp

Filesize
816KB

Download
memory/4088-49-0x0000000000400000-0x0000000000412000-memory.dmp

Filesize
72KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads