d4e75da57f0edb7266cab6cd3f210fc534d34d3c7ebe727a38d56c6d1da27689

Analysis

max time kernel
121s
max time network
137s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
01-10-2024 01:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

03e6901fce5014bd60d53a7ef9e727f0_JaffaCakes118.exe
Size

255KB
MD5

03e6901fce5014bd60d53a7ef9e727f0
SHA1

a26e136c73cbf44e043be87abee3672b56937c43
SHA256

d4e75da57f0edb7266cab6cd3f210fc534d34d3c7ebe727a38d56c6d1da27689
SHA512

f712334b185987899033f0e54d48c134e599f1b99892419e7feff04f6085849bb2c559319a174f2b04e134fcb5cffa4e093bcb712cad0a3793cb8b8928d16925
SSDEEP

6144:SY94NGfX6vOIUbAlW1qAwfD8g1ZuI7hBfVTtNDORn:R9OGfXASbZVwfDrJhbT3DORn

Score

7^/10

adware discovery persistence stealer

Malware Config

Signatures

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Control Panel\International\Geo\Nation	03e6901fce5014bd60d53a7ef9e727f0_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Control Panel\International\Geo\Nation	rinst.exe

Executes dropped EXE 3 IoCs

pid	Process
4784	rinst.exe
2644	AIM.exe
3520	bpk.exe

Loads dropped DLL 5 IoCs

pid	Process
3520	bpk.exe
2644	AIM.exe
3520	bpk.exe
3520	bpk.exe
1036	03e6901fce5014bd60d53a7ef9e727f0_JaffaCakes118.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\bpk = "C:\\Windows\\SysWOW64\\bpk.exe"	bpk.exe

Installs/modifies Browser Helper Object 2 TTPs 2 IoCs

BHOs are DLL modules which act as plugins for Internet Explorer.

stealer adware

Modify Registry

T1112

Browser Extensions

T1176

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1E1B2879-88FF-11D3-8D96-D7ACAC95951A}	bpk.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1E1B2879-88FF-11D3-8D96-D7ACAC95951A}\ = "PK IE Plugin"	bpk.exe

Drops file in System32 directory 7 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\inst.dat	rinst.exe
File created	C:\Windows\SysWOW64\rinst.exe	rinst.exe
File opened for modification	C:\Windows\SysWOW64\pk.bin	bpk.exe
File created	C:\Windows\SysWOW64\pk.bin	rinst.exe
File created	C:\Windows\SysWOW64\bpk.exe	rinst.exe
File created	C:\Windows\SysWOW64\bpkhk.dll	rinst.exe
File created	C:\Windows\SysWOW64\bpkwb.dll	rinst.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	03e6901fce5014bd60d53a7ef9e727f0_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rinst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AIM.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	bpk.exe

Modifies registry class 46 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\PK.IE\CLSID\ = "{1E1B2879-88FF-11D3-8D96-D7ACAC95951A}"	bpk.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1E1B2879-88FF-11D3-8D96-D7ACAC95951A}\VersionIndependentProgID	bpk.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{1E1B286C-88FF-11D3-8D96-D7ACAC95951A}\1.0\FLAGS\ = "0"	bpk.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{1E1B286C-88FF-11D3-8D96-D7ACAC95951A}\1.0\0\win32	bpk.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{1E1B286C-88FF-11D3-8D96-D7ACAC95951A}\1.0\0\win32\ = "C:\\Windows\\SysWow64\\bpkwb.dll"	bpk.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1E1B2878-88FF-11D3-8D96-D7ACAC95951A}	bpk.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1E1B2878-88FF-11D3-8D96-D7ACAC95951A}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	bpk.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\PK.IE\CurVer	bpk.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1E1B2879-88FF-11D3-8D96-D7ACAC95951A}\Programmable	bpk.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1E1B2879-88FF-11D3-8D96-D7ACAC95951A}\InprocServer32\ThreadingModel = "Apartment"	bpk.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{1E1B286C-88FF-11D3-8D96-D7ACAC95951A}\1.0\0	bpk.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1E1B2878-88FF-11D3-8D96-D7ACAC95951A}\TypeLib	bpk.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\PK.IE\ = "IE Class"	bpk.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\PK.IE\CurVer\ = "PK.IE.1"	bpk.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{1E1B286C-88FF-11D3-8D96-D7ACAC95951A}\1.0\FLAGS	bpk.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\PK.IE.1\ = "IE Plugin Class"	bpk.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\PK.IE.1\CLSID\ = "{1E1B2879-88FF-11D3-8D96-D7ACAC95951A}"	bpk.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1E1B2879-88FF-11D3-8D96-D7ACAC95951A}\ProgID\ = "PK.IE.1"	bpk.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{1E1B286C-88FF-11D3-8D96-D7ACAC95951A}\1.0\HELPDIR\ = "C:\\Windows\\SysWow64\\"	bpk.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1E1B2878-88FF-11D3-8D96-D7ACAC95951A}\TypeLib	bpk.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1E1B2878-88FF-11D3-8D96-D7ACAC95951A}\TypeLib\ = "{1E1B286C-88FF-11D3-8D96-D7ACAC95951A}"	bpk.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\PK.IE.1	bpk.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1E1B2879-88FF-11D3-8D96-D7ACAC95951A}	bpk.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1E1B2879-88FF-11D3-8D96-D7ACAC95951A}\InprocServer32\ = "C:\\Windows\\SysWow64\\bpkwb.dll"	bpk.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{1E1B286C-88FF-11D3-8D96-D7ACAC95951A}\1.0\HELPDIR	bpk.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1E1B2878-88FF-11D3-8D96-D7ACAC95951A}	bpk.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1E1B2878-88FF-11D3-8D96-D7ACAC95951A}\ProxyStubClsid32	bpk.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\PK.IE	bpk.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\PK.IE\CLSID	bpk.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1E1B2879-88FF-11D3-8D96-D7ACAC95951A}\ = "IE Plugin Class"	bpk.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1E1B2879-88FF-11D3-8D96-D7ACAC95951A}\ProgID	bpk.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1E1B2879-88FF-11D3-8D96-D7ACAC95951A}\VersionIndependentProgID\ = "PK.IE"	bpk.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{1E1B286C-88FF-11D3-8D96-D7ACAC95951A}\1.0\ = "BPK IE Plugin Type Library"	bpk.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1E1B2878-88FF-11D3-8D96-D7ACAC95951A}\ = "IViewSource"	bpk.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\PK.IE.1\CLSID	bpk.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1E1B2879-88FF-11D3-8D96-D7ACAC95951A}\InprocServer32	bpk.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1E1B2879-88FF-11D3-8D96-D7ACAC95951A}\TypeLib\ = "{1E1B286C-88FF-11D3-8D96-D7ACAC95951A}"	bpk.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{1E1B286C-88FF-11D3-8D96-D7ACAC95951A}	bpk.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{1E1B286C-88FF-11D3-8D96-D7ACAC95951A}\1.0	bpk.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1E1B2878-88FF-11D3-8D96-D7ACAC95951A}\ProxyStubClsid32	bpk.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1E1B2878-88FF-11D3-8D96-D7ACAC95951A}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	bpk.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1E1B2879-88FF-11D3-8D96-D7ACAC95951A}\TypeLib	bpk.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1E1B2878-88FF-11D3-8D96-D7ACAC95951A}\TypeLib\Version = "1.0"	bpk.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1E1B2878-88FF-11D3-8D96-D7ACAC95951A}\ = "IViewSource"	bpk.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1E1B2878-88FF-11D3-8D96-D7ACAC95951A}\TypeLib\ = "{1E1B286C-88FF-11D3-8D96-D7ACAC95951A}"	bpk.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1E1B2878-88FF-11D3-8D96-D7ACAC95951A}\TypeLib\Version = "1.0"	bpk.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
3520	bpk.exe

Suspicious use of SendNotifyMessage 1 IoCs

pid	Process
3520	bpk.exe

Suspicious use of SetWindowsHookEx 8 IoCs

pid	Process
3520	bpk.exe
3520	bpk.exe
3520	bpk.exe
3520	bpk.exe
3520	bpk.exe
3520	bpk.exe
3520	bpk.exe
3520	bpk.exe

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 1036 wrote to memory of 4784	1036	03e6901fce5014bd60d53a7ef9e727f0_JaffaCakes118.exe	82
PID 1036 wrote to memory of 4784	1036	03e6901fce5014bd60d53a7ef9e727f0_JaffaCakes118.exe	82
PID 1036 wrote to memory of 4784	1036	03e6901fce5014bd60d53a7ef9e727f0_JaffaCakes118.exe	82
PID 4784 wrote to memory of 2644	4784	rinst.exe	84
PID 4784 wrote to memory of 2644	4784	rinst.exe	84
PID 4784 wrote to memory of 2644	4784	rinst.exe	84
PID 4784 wrote to memory of 3520	4784	rinst.exe	85
PID 4784 wrote to memory of 3520	4784	rinst.exe	85
PID 4784 wrote to memory of 3520	4784	rinst.exe	85

C:\Users\Admin\AppData\Local\Temp\03e6901fce5014bd60d53a7ef9e727f0_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\03e6901fce5014bd60d53a7ef9e727f0_JaffaCakes118.exe"
1⤵
- Checks computer location settings
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:1036
- C:\Users\Admin\AppData\Local\Temp\RarSFX0\rinst.exe
  "C:\Users\Admin\AppData\Local\Temp\RarSFX0\rinst.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Drops file in System32 directory
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:4784
- - C:\Users\Admin\AppData\Local\Temp\RarSFX0\AIM.exe
    "C:\Users\Admin\AppData\Local\Temp\RarSFX0\AIM.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    PID:2644
- - C:\Windows\SysWOW64\bpk.exe
    C:\Windows\system32\bpk.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Adds Run key to start application
    - Installs/modifies Browser Helper Object
    - Drops file in System32 directory
    - System Location Discovery: System Language Discovery
    - Modifies registry class
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of SetWindowsHookEx
    PID:3520

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Browser Extensions

T1176

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\RarSFX0\AIM.exe

Filesize
80KB

MD5
1d42d2cd149bd9b08e4a9d5f34dc0692

SHA1
d596b9c1cde8ebb4329915f23ffff112472bbe02

SHA256
3a8aeb1398e62334082ce3f6c3b41f046b5c80db0c4bbd433ba1b18cb4735ec0

SHA512
597ab01eb5ff9f92f8a82d80aaa4d5f09f8109fee7b762957cf55dae2b63d2143b702377f7633c9951ab685f91f81f8488b921caa1af409245c2a8efe35df6c8

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\bpk.exe

Filesize
388KB

MD5
9d03a4105193ec986a903cd65db0bc78

SHA1
a3f898063f41e826efcca962c98d0e9201d2a5d2

SHA256
799e1e931d025b20a3779319796bc497a00ad0ec1f9a62baa765310e5f5b058b

SHA512
b1fe3a4b94d518ee1a5ae7d2505a9d58184067d916d5396e5d13082df9983553a4ccf6c0ed5a053d1a43029fd726cc8220086e8dc7f8958431d2620d42b405a2

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\bpkhk.dll

Filesize
8KB

MD5
ffbc2b442e559e33cdc9980d172c1670

SHA1
5adcd43abd716c3fc024a24aee3f9e6a28749a54

SHA256
3163409bfdfd6ff41f486f72845a19f58ec42d2120d622f6897e2bfbcd17adce

SHA512
fc87e8af02274d0211999e972204f7676dfb4637a79f37ffc237c24ab1d8525258672097dcd65639417231edcb6e77979f42c2925d808deab3f1efab5f430506

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\bpkwb.dll

Filesize
40KB

MD5
85474ae4123031f9f1371ad20ba86fdb

SHA1
e438a302bc572b26f654216f45662e73fa60fe4f

SHA256
0bdec97abcb2d64386d169fc0c43ad059931fe8fdfb2547f7d3163d75f5f864c

SHA512
20430a52fc763bac88531dd8981cff3555413dc5cdd834a5a628304ec7bc5bdb7fda267494336c634cea5602cf174aed1d1a47133fed524dde7e8a395b7742d2

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\inst.dat

Filesize
996B

MD5
7e2b856f6ce62e622f7ac41428458551

SHA1
e7e13e62fb1fe744e38d51bd96b692b371dc2078

SHA256
4fc375e3fb844ddf61e9a08fb91fd702d3b99b4b5e45fab266c780dba7bb35f6

SHA512
12dfcae38d983877f48f49cea234f24f460c5cf22dde23a0c299386cd1a10c120b9bd0f87cb59dc6d080c5351548f51aef6aa39920e609688adf6cf06a73c930

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\pk.bin

Filesize
3KB

MD5
c7c09b13afe409dd5c9547a767102344

SHA1
7c9135f85ead3ba99cb252a9ffa2d6a430932775

SHA256
4c29c2adc0a707d63fa726650ee1c7a8c9ad44f68b2d2d6b867b5587bfb5c502

SHA512
d647a0c468c5a96577506a3a01f2610cefee914bcf36d252577733646c34b0d8b23b7bdf79d52bff862ae763e07581c0fa05acf8b0a1f6ad4b68b8e19b433922

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\rinst.exe

Filesize
7KB

MD5
c2945ee5c57f33f8bbb6a4f6d539180b

SHA1
64c958603de6a1db225752e9abb87222faf24c68

SHA256
b6c83639513169d01356a02db1631e8f28320c8ed0cd9f485d5433d13616f349

SHA512
8bdd657d45ed8720c92dad611f5c41c0e8e6602444232ce23b0258a8a8c1b194b1ad6498f25292c29ed7b8deb42b220245130a87f54b34d49dd250fb31f149d4

Download Submit
C:\Windows\SysWOW64\bpk.exe

Filesize
388KB

MD5
0579a3ade48160490f11e7fd76ac979f

SHA1
f50361131af2b98c8e03c5fec0d5e72f4be5ff65

SHA256
449d479776f1e6b1cb88fdc81eb88b2dde423e53c648ad19a17d27d82717512d

SHA512
a97ef3f04ed4207e369ced8e9f21e31c33051555279736ade7b76494b8177ae13c91942e83e0d58e52b663625bd666897e97b23fe8ef61964e042b7a8d831de7

Download Submit
C:\Windows\SysWOW64\bpkhk.dll

Filesize
8KB

MD5
a9bce1d47adb3f7779809adc1c04726d

SHA1
265b2cd93ba894477c6a9d45b0c9ab65ea88d3b4

SHA256
8f70fee209f1ff4fde13b865618751e3c8cdfb454bb1b964f07c9af90e69be94

SHA512
ea6b0d8f2c0768c6e1e147c132c24a085c4174fb7ec565d23c774bffebae28c53a2ab60d3d279879a42f904cabb4e5268e767a44773eac648721335817fdacdb

Download Submit
C:\Windows\SysWOW64\bpkwb.dll

Filesize
40KB

MD5
f5cd91b683eed55da373d54fac54d52d

SHA1
83665074e3ee67dae8d0d8010a1bb07d3a6c7ef0

SHA256
815f893e764eb040fa19e35b66cbc04c469144575039817de0f8548f39f8327d

SHA512
57f74a66057472c1ebb28f666e1478797a8fb1a3b37596ba9d99930e6b6bfb98e2bb30329c31d691f75043d286db2b6d77145b6e9f42801f0719aab77712c0d9

Download Submit
C:\Windows\SysWOW64\pk.bin

Filesize
3KB

MD5
604e5fc856ac774c3533a84939ae379d

SHA1
889b88dadc11410c2c9b6447d59a0c1364df03a3

SHA256
43d3410aa1299e715a6fd7a17d23dbdc34b8a6be267f576b0d95707f166daceb

SHA512
a9b8d15ec58281d89e8f6bfb7c07911e94f2f89d5897971354f02095e6db63bfac0a62fad50cca5d5df30e63c4bfcf7533e67c85817d1bf45e4fe7fa55575cf2

Download Submit
memory/1036-50-0x0000000000400000-0x0000000000412000-memory.dmp

Filesize
72KB

Download
memory/2644-39-0x0000000000510000-0x0000000000520000-memory.dmp

Filesize
64KB

Download
memory/2644-51-0x0000000000510000-0x0000000000520000-memory.dmp

Filesize
64KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads