jigsaw | 80a6681b00056a487bba1b66c046b798dfe18bf37aa30d8a4a1be968b9add997

Analysis

max time kernel
117s
max time network
97s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
07-10-2024 21:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1e0812fbdaa20a2b9aaddf531daed935_JaffaCakes118.exe
Size

240KB
MD5

1e0812fbdaa20a2b9aaddf531daed935
SHA1

dc307a673aa5eecb5c1400f1d342e03697564f98
SHA256

80a6681b00056a487bba1b66c046b798dfe18bf37aa30d8a4a1be968b9add997
SHA512

1fbd817f829be16a1b298242d47b2621affc9ae3c73201fadc4e82314fbceef644710fe6a3c67cbce2cd3447ffe7376ca09f1949583485633a804a0e44b58f95
SSDEEP

6144:6KprPZVxYg036R2eqHzs5oP+8fgsOznWqZajzCrY4Fi/:HXxk3RHzsmP+agVznWqZa/Cr7A

Score

10^/10

jigsaw persistence ransomware spyware stealer

Malware Config

Signatures

Jigsaw Ransomware
Ransomware family first created in 2016. Named based on wallpaper set after infection in the early versions.
ransomware jigsaw
Renames multiple (3752) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\International\Geo\Nation	1e0812fbdaa20a2b9aaddf531daed935_JaffaCakes118.exe

Executes dropped EXE 1 IoCs

pid	Process
2944	drpbx.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\firefox.exe = "C:\\Users\\Admin\\AppData\\Roaming\\Frfx\\firefox.exe"	1e0812fbdaa20a2b9aaddf531daed935_JaffaCakes118.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxMailAppList.targetsize-16.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderAppList.contrast-white_targetsize-36.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_x64__8wekyb3d8bbwe\Assets\contrast-black\PeopleAppList.targetsize-20_altform-unplated.png	drpbx.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\RHP_icons_2x.png	drpbx.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_editpdf_18.svg.fun	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-white\OrientationControlConeHover.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherIcons\30x30\3.png	drpbx.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\es-es\ui-strings.js.fun	drpbx.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\images\themes\dark\cstm_brand_preview2x.png.fun	drpbx.exe
File created	C:\Program Files\Microsoft Office\root\rsod\proofing.msi.16.en-us.tree.dat.fun	drpbx.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_rename_18.svg.fun	drpbx.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_reject_18.svg	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\Glyph_0xecd0.png	drpbx.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\tools\@1x\[email protected]	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsStore_11910.1002.5.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\contrast-black\LibrarySquare71x71Logo.scale-100_contrast-black.png	drpbx.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\cs-cz\ui-strings.js.fun	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Logos\Wide310x150\PaintWideTile.scale-125.png	drpbx.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\da-dk\ui-strings.js.fun	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Assets\PhotosAppList.targetsize-36_altform-colorize.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\XboxApp.Telemetry\BIEvents.xml	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Square44x44Logo.targetsize-32.png	drpbx.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\js\nls\root\ui-strings.js.fun	drpbx.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_kor.xml	drpbx.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Garamond.xml	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\FileAttachmentPlaceholder.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\contrast-black\LargeTile.scale-100_contrast-black.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\EmptyView.scale-150.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsAppList.targetsize-64_altform-lightunplated.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\MedTile.scale-125.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\Office.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\InsiderHubStoreLogo.scale-100.png	drpbx.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\plugin.js.fun	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteSplashLogo.scale-250.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\ExchangeBadge.scale-150.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxMailAppList.targetsize-40.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-48.png	drpbx.exe
File created	C:\Program Files\Java\jre-1.8\lib\ext\sunpkcs11.jar.fun	drpbx.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\ind_prog.gif.fun	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\GenericMailSmallTile.scale-200.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_2.34.28001.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\GameBar_SplashScreen.scale-100.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\OrientationControlOuterCircleHover.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.ScreenSketch_10.1907.2471.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\ScreenSketchSquare71x71Logo.scale-125_contrast-white.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-64_contrast-white.png	drpbx.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\s_opencarat_18.svg.fun	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_x64__8wekyb3d8bbwe\Assets\contrast-white\PeopleAppList.targetsize-36_altform-lightunplated.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Car\RTL\contrast-black\MedTile.scale-125.png	drpbx.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\files_icons.png	drpbx.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\eu-es\ui-strings.js	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraAppList.targetsize-30_altform-lightunplated.png	drpbx.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.contrast-black_scale-100.png.fun	drpbx.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\OneNote\SendToOneNote-PipelineConfig.xml	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteSectionGroupLargeTile.scale-150.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-20_altform-unplated_contrast-black.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-black\LargeLogo.scale-200_contrast-black.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Services.Store.Engagement_10.0.18101.0_x86__8wekyb3d8bbwe\logo.png	drpbx.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\hu-hu\ui-strings.js.fun	drpbx.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\en-ae\ui-strings.js	drpbx.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Annotations\Stamps\ENU\Dynamic.pdf	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\ExchangeSmallTile.scale-400.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxA-Yahoo-Light.scale-125.png	drpbx.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\server_ok.gif	drpbx.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\it-it\ui-strings.js	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxA-Yahoo-Light.scale-400.png	drpbx.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\manifest.xml	drpbx.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 2460 wrote to memory of 2944	2460	1e0812fbdaa20a2b9aaddf531daed935_JaffaCakes118.exe	85
PID 2460 wrote to memory of 2944	2460	1e0812fbdaa20a2b9aaddf531daed935_JaffaCakes118.exe	85

C:\Users\Admin\AppData\Local\Temp\1e0812fbdaa20a2b9aaddf531daed935_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\1e0812fbdaa20a2b9aaddf531daed935_JaffaCakes118.exe"
1⤵
- Checks computer location settings
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
PID:2460
- C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe
  "C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe" C:\Users\Admin\AppData\Local\Temp\1e0812fbdaa20a2b9aaddf531daed935_JaffaCakes118.exe
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  PID:2944

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_remove_18.svg.fun

Filesize
720B

MD5
3c850ae7b9ab50e5e797d3e4341f4f9d

SHA1
e54074a8008b9b918bdc6fb20439968aa2a279fa

SHA256
1b17081243f71d71db1dcec4bb78722a2b002b481a539d1c3a9e848cb4acb601

SHA512
f487b32c693f47b45673d8bb47897cac320cfe437ffe668662604e89c958b673fda740d6fe18b59cdb52b652a42b441f033571eb06925b39ebba28f0dc916963

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\icons.png.fun

Filesize
7KB

MD5
534b7c9a1805e0e6180adc84758a2b4d

SHA1
caeb7c9f783cdf209eedc03b1ea8470a73b5036f

SHA256
5c0966427ac186debe9083b621d8638c9e09183c5f3d6cd4980df8cc6dc5cd7e

SHA512
07845d98327f37ac26babd261a4a5a925e0fa12bc009abfb213a71d2fd77b3ec9c5001836b69caff4b828eaf2b53a89964eb49edcccab91e9e06b2b42a531c21

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\icons_ie8.gif.fun

Filesize
7KB

MD5
ee0acfcb02cff62fcb6ec76d43c4c32b

SHA1
f29cf14b56f39cd0354e3f60a30d08ab86d99d54

SHA256
2460782b53bc19c1b041b5578ccca4a95f461ddcb0c1f3d6e42432f094711b69

SHA512
15d2e0fa1f2d6e0e57245c428335a28a33f48ac2cf98dd387ba37b861d2489333aa65e75b0963d8a4b3cb60084c9e79ee1a916481911ffdaae2358a0737e5508

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\icons_retina.png.fun

Filesize
15KB

MD5
b73eaac928d9787e2afe4a1ff3f45a30

SHA1
f4964c577bb5a4718f7da0cfde373749764441f2

SHA256
4d5b8021c13fb3e6aa7083321624e18a643d501265d803af94ee355af1ad03c1

SHA512
37ef8b0541e64542b9d12941b2905a02332cb8fdd020bf165026704f646245a01442f56ca5ef7477bbc75afccb931e388ba004e0008ae5f58e765bed569281cf

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\new_icons.png.fun

Filesize
8KB

MD5
da7bc981eda289065716f1c878e38c1a

SHA1
b2c94b060b0dae5060d76abfa86c75e2825d6c33

SHA256
5625bf2a9d7e65f31c3c161b950f88d48fd656cb7559b4f3948f704196cdb564

SHA512
781c0b526ede47a09681db35ae6da52c6bbec535a60ee907bb2058f4543fa432b9ed4f87c4bef2e27ea52ca9aabe1184b40ce36595ae70b3786c7c0c2449c0ca

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\new_icons_retina.png.fun

Filesize
17KB

MD5
7645b12d6dfc942553806c0b0e362ed5

SHA1
c2ff5bf6a56dba43eef3536705b5ab63d999bb98

SHA256
ddbecdf15a08b0e94df9393f2ad6ee44808fbdfa29170cd14bfd7471681f8a20

SHA512
dffb143435044abf504dcab22a65550a2440a7dbc22cb1fc855e2dca1164c81cefd1a6c6ff2a609d873caf86e352adf5a64e42b882c0260dee7cc6c9340e0553

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon.png.fun

Filesize
448B

MD5
d80c5f158bf8bec8eab4162c965e1679

SHA1
58f2328a0b3160304c655be876b74b4c39f2a30e

SHA256
eda4e8f5c11f2caeedf1f295bab96e139f5a3119fa0f29f1350f766c6ca30d14

SHA512
26f8448822912dc95d5e24fe01b3bc78c6ad7d75d79a874a851e44f51ab7bb6e0853dd7b781d0b25dd7fe5f81664fc1358c1bac0a5dcbdd841eb177e95d22e13

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_2x.png.fun

Filesize
624B

MD5
2d6d426534832f6eaff70d22d860477b

SHA1
e60b7960d1b900b3fe23345008f4d05e11342f8e

SHA256
0e76dd0f23a21773dd2278549efe2cfd46f4811e3b2a90c0f92cc84fa1155366

SHA512
1ee0aa251e0157c430a9a85b5ba1b20698a86b007e422e74d1a2d00d5e45969f31106c8556b40c77a2da49818268f4c7262a038f4b9330434f148239f9f868d4

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_hover.png.fun

Filesize
400B

MD5
b7a3142e2b042b1e151813636cc5449b

SHA1
de3f9676c1ee994b12cc89caca6f50ee171dbac7

SHA256
1919360f56ce55c16484c601c3a774d59c1e55498145b763d843de61aaf84135

SHA512
3dd44540cdac3b3482119c56123c4019d84698d5344c742c67ee64981132a727b16d7887420f7bba0501c816e927f8afc84a761538d26e3185171f335de0f96f

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_hover_2x.png.fun

Filesize
560B

MD5
28976c776342c1c3a10d9aad763873bc

SHA1
f82a3786f6a97dc5cd1bfcdd592b3c11f42d360a

SHA256
448cf3bdd8ebd076e49daafd07d93de6e6e96bcc2da46de80de7c1e792873fa0

SHA512
f67458e526eace17c7d4fcfdd45fa6691228408be48e699bc02b8c65fca59ceb8664af1a82185d252f8603cc1067d9d46b5284eec0d9c59539182b01d521874d

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon.png.fun

Filesize
400B

MD5
9102fa6329a127240a6328afcedeb0fa

SHA1
97a94a57d562a9fd6be239d4b7fa96964b3e7914

SHA256
49419e76d7f39303fac0f15fab4c2e9a6ee9383fafbe48f85832110b28b03c00

SHA512
673ff5985f3dae863cc0e21beee64c5d7349b482ec6634418190ef0497b87bfdef5e584cc0bca1f7f12a9ca185827ba408800171311ba8f1f4bf99f078a05dff

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png.fun

Filesize
560B

MD5
bc888d163a1e609f025bd6ca502561b5

SHA1
dfa4b57ecaa1991c2feb40707aee960ed31e73ee

SHA256
1d3f4a53c9bcee8392ec420f928b743e70d1619cf031706e42794c00ae015472

SHA512
fd44f071096db62a0bf3f675597eb162ec811f0a843def0be4208706144193c73339682bd5692d670ee03def36386efba7b21bc657ef69f9a318e167f1ed73fa

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png.fun

Filesize
400B

MD5
896ee128b4e5939d16e31ecf0fbceede

SHA1
0fd04f6fe0b93adad223ff5575e21fb760da2e7e

SHA256
961b219e72446776be44e8cf59a47db9d39c186529ba11ed7bcdf4812499b9b1

SHA512
39aa48fb1a9c92348bb26b1444b9596de60ec08233ab012f81eec6a4f2b1b15042611db5c4957f14e065a216be71a5b874d33ec234927d214987d54f606687f8

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png.fun

Filesize
560B

MD5
2df8fafef83dde3e4bc4440da277688a

SHA1
bb4d76da7ed09d7ce4475f51b1630d01b084738d

SHA256
565301d7db61e1d897573e4e9723f76fd478965522ab7a895feeddf546ad269f

SHA512
fd059578cdd8b478f878a619fae2f471fc7aadaeca85e786c08bcbfe499d454c8372501bbbb20de25628b6c777148596b4cd2811f736e51fcee6d3b41d39f5c2

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\images\example_icons.png.fun

Filesize
688B

MD5
f089fca7a848d3d554fcbeeeee5a95a6

SHA1
a3e9943ca3b24f0ad45ac1710019745b25b1f8c8

SHA256
882289c7edb355fcb2b58b6952fb519fb088684d9aed1c6f539ec67e2a643a9f

SHA512
8582b33f464159213367883f1235ac1e1f5f56d45477264c00dc0a2241a66ae01a8b2269dbd2fc659059d300dd137789cda1b5022df286566ccde81d72b53bd7

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\images\example_icons2x.png.fun

Filesize
1KB

MD5
bbcb71a011a0bfd490b0476d26a89ef9

SHA1
254205d760f1d0a7dbbb9f8590c50930dfd8ea09

SHA256
950dd46bb6627f4a68a7e14049f2ab9a932445ba08ce2ef881fe0c1d5a33ca71

SHA512
e3ac965020573235ea2235ec9c1b7e5d3be8cae8ded4901229e4d8644f7910651fe248f065722da32705b31d3a3d8976ec4afc751ad059d7f734d6f4ab66d664

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\dark\bg_pattern_RHP.png.fun

Filesize
192B

MD5
4e53828540ba4d3227328455ce76227a

SHA1
a4f9d2e44e514a1e5497899ff1e634b0fa574c0f

SHA256
2fe371f90de820f072ff0f500c4b205631a405d3836a5d093a412f35d1998fbb

SHA512
2dfd0da11ab285d0f2b7be1de5b8b08d70d778723772d77574e21c54e7beb92300d97ef06eb58579e5ecdbe0e74738ce5643854dea4578af2f1a46586b711c88

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\dark\bg_patterns_header.png.fun

Filesize
704B

MD5
40b0b4fdcc8ae4734d629196a52725fe

SHA1
b2aee05d2bff7897009439719eba91c17f56748d

SHA256
d3ef37f0006f7be8ba4a7fcdd534823a2cc284f01ed38c4c5f9939d0d416f577

SHA512
b4c5afecc6c571c5b41d20093c73bd07ede695eed8cdb249a14d051d9f72dae3c7d35e139c69f528f2d7fae4d5c8d887e5438da9a41ff5532c0e52e3a0c67f12

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\dark\illustrations.png.fun

Filesize
8KB

MD5
48fea98fbc2da0eab74bfd7e4f48855a

SHA1
ddbe3900851126bb00094287a48c9a5ef4a12ca4

SHA256
aa68531d9d64a5dbad885fe8b8fd8369a91488308e18725a676ebe5dda65a46a

SHA512
7174105ceab6eba3532c3c318cf5dfe4a9ff037416766d9553b6b174f422b8dabba1ce693ebdfcd94ea11da2d34ead0a228ebaf419579c88780cc34c033aad51

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\dark\illustrations_retina.png.fun

Filesize
19KB

MD5
d01ec8c5e9a15bfb0638a87a790d0be7

SHA1
8ff4e9368a4544b796be9bcd5430b0cac966e4f9

SHA256
4548c20c987b9a96cda8a3141ddfca557b9b277dec4db476c293ed26ab8cc1fd

SHA512
0009fd66b57676c421190c483a56c7f17eeb4a4919e458648a474dd331c59b9aa961777d217ef320e850e73dfb1e89148d16e490dd2cc8e0ea954d23955608c8

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\en-gb\ui-strings.js.fun

Filesize
832B

MD5
48c27591284004f93644dd530c1e4049

SHA1
2cd82abbceb84abf9a153a301d3a3c92c01a7e9f

SHA256
8e79d7ae1309ca75e3841d67792fd327c7d1be458ef43d93c5ee28b82f38c1f0

SHA512
fd7f148fe3f246fe9f24b23353413dd56ab6067ecbb51f1e0432a40dd4e383e6327a30ad176b3fa64f7c9b1610c7eea458c9b2b948950ff0117ee1d1cf84065b

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\ui-strings.js.fun

Filesize
1KB

MD5
e4d0679a0705f5bfd2fc82ffbc326daf

SHA1
103f733495643af3226a9cdb78bcd1ef23b1c3c4

SHA256
eb10903b4ad7089337c6d90cf0f035cc1c7a87905aa77880a526d3fc3f71e0cd

SHA512
cb26c9cc492ed6515db6e25d45d4daabd57ca79c5ac8c8b222c1af506575b56235bcfd631a8ef20ab53225351d620afcaf61dd2531e07a282ac8106146f7d0bf

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\ui-strings.js.fun

Filesize
1KB

MD5
fdb2c0ef484b172f1f6c33bee4f5eb14

SHA1
c0d6213ee655213462dc2a8113d2484d2b4b2642

SHA256
0117345163acafc8e7b6849929766295a95c672940e3d039c4f40415b0143275

SHA512
df0809af6636ffb9274c3d4ce9d59dfb7318b99ee8153eb93218c57ae71b62051547ecaaa96d22375f41e5a3d3c099dae8b420e9e2ebcdc9995c48d12a296d68

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\bun.png.fun

Filesize
2KB

MD5
ce559d8f407057f1be997f03450a5df1

SHA1
5abfd77def5d1356465fd1b33d9819da4018772d

SHA256
e252f14fcb4b1c606608aed7bdd63325ec18f894eec6d0cc390003fbe234f7bf

SHA512
310ab69a7a6e9be68ef0aae4e6d6112f5d6b18c4aca0cd9399622f52cf73304273ada785fdde2066f14788008e83f29fc829118310eb98f0fb38016ed1d9a137

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\cstm_brand_preview.png.fun

Filesize
2KB

MD5
28e106f9fc44892aa67840c95879cf2d

SHA1
5014e5e7c38b9423f8712e6020872093378c422a

SHA256
f37d4a737282a5983e5433add88d26273e2188380bc49c602bd4f41306679f2c

SHA512
3aa4cded44788c77d322a12dcd23e40003a031c342ce0674e20e4bb1cbdd74fb8b3ef538b42a47d6a39c4839b2b3aefb666407cbfa11a45b772a3633dcd810d2

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\cstm_brand_preview2x.png.fun

Filesize
4KB

MD5
be4d7f71358aeb0bbbf3da2e887327eb

SHA1
8909decb2b9e1ee4962c510bfdb965f5583be41a

SHA256
54f9cc47001b19159c7fb9cee685b90e3d74832de69d0734beb48280c3eec89f

SHA512
239671ffc2ff706cf4ee669a8cf09c932a8055270fd76f3e3ab5c538fb62791130f02a2561e58d7cc3855d0ac4ff5d9f4983cf0e4ac64a50c459b78c052b5a08

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\dd_arrow_small.png.fun

Filesize
304B

MD5
2312556b85f2fa2ff929808fd00d374c

SHA1
8ab79829b8ca16535261ab93b54f7930b0d1a9f5

SHA256
ba622a0e122ff3282cc2d754fb59f9b0f097bf5f39f2444e875a9b5d2966486f

SHA512
f390d8c6c14068b09389aff95ab7775b635d7ff2e957ef2886312969760087b38dd9b8c05806f6ed9360d71908f4975ed8712bdc17cd1125e5f9a8c1a4b6677f

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\dd_arrow_small2x.png.fun

Filesize
400B

MD5
05d5eed613a6c44f94c91e59dd91f0ca

SHA1
1c150e45b7395767a8356070bb8d88674b8b8a0c

SHA256
f9da291ef0a9fe4af726fd05ac75520179acdaf5ba0e42f239db81434100041c

SHA512
d09b0a57f5044b3bd8fa8c263db28a5a4a9a4bb0d3d3d1cfaa022925c26019eb80704fc3366215e594ce1718decf895c47ad963626ae3e3a11ad87e18ab2f963

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\nub.png.fun

Filesize
1008B

MD5
0ab8e4714a6837ead8fc3de5acb6fb75

SHA1
eb63ab926aee97d251d3bdd774d6c31e1488fab3

SHA256
7c6cae3a3f3b1b492fbed41fd3a286a8f82edf6c2ffa9513eef7f0ad06a5fa90

SHA512
cd4e7d1f3dd810ee7258b75b605780fa6e49dc9472f03942a1add946b3963110cc0d2481a303026eb54a1b9947d31bfd5e6704675e7996232429c998176248df

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\share_icons.png.fun

Filesize
1KB

MD5
24564c009c6c28b2c4eb6903c521a21e

SHA1
4821977b23851ea36ba82f104e6284ae33b37a6c

SHA256
c428f8fa80c9254365c58613776c7c158434618d09d543bf49e10dc1adfbed5f

SHA512
f64115da93e89224b82d5788235e51cc3803e78b099f2370a7d52a10b9fa6a82c54ba73e2c5c0bf5cd1cc3d4ca375bd97468acc311afd332be9d6980aecd3f4f

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\share_icons2x.png.fun

Filesize
2KB

MD5
f5b69e4b5e6c1454d403e0f71e069a5f

SHA1
072710d0b0fc22b99967066d58883004ccf5b1a5

SHA256
81fcc23b87b29335d44e0c20919960be52d7541beea2752f9ee76d785f52645b

SHA512
318e54377b3ad83c5af0c2c14515e9c809eddf76c130f485a0f7d1e3bc7f9309dfff280185e4886afb5fb0deb1aa604aa2edb8b098114d5e03c371051da13409

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\nl-nl\ui-strings.js.fun

Filesize
848B

MD5
2a905dacd837f155477c0825afd7d97c

SHA1
941901b3752cd6a6be0aee243a98a3299d4dbab0

SHA256
f2dbecc0121480571b753757542ce1a580f738c0182f335f4d46c331bb66ca92

SHA512
46fed4b283944f19d83e72459b5fb95d098d3424d84b8a54b6b40a8523a9abc89c99d1b99ea0566c91a4c3beaef0a89a4f28424f29cf99e63a4f90492f5641bb

Download Submit
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_US_POSIX.txt.fun

Filesize
32KB

MD5
9cfee6c4eb67101674cd4c136b19247e

SHA1
b5802651983ea22376d7c3e46ec396c0a24186ab

SHA256
123e9d73e51376eaf486a0a99fae496094807d725db4faa34b1da7040dd3bb40

SHA512
bf985cd10d540706597ec508d9914b889b967ca04e6efe754f2981efc4f659100ad078c9d55c97643b8dc273c2dc1c432141366d45465c838d2d858eac38a355

Download Submit
C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\invalid32x32.gif.fun

Filesize
160B

MD5
7bd31afefecc33ea1ce4d68e4747d075

SHA1
1f9a19ec5a29df36865ba77217914ed2700f8a43

SHA256
e2c4d17c1afed9177aa9b96a20769f55fa2402e3f7c0b794aa0afccbf25daba8

SHA512
c7a12dedc792ea8dc00910c43a2d4d52562098b6ef6fb20ef6d1a02f1c6a6cecef5cb38b053b292321f8aecaf0f5fe4724748e0d71ba0d0023153ef5c657fe30

Download Submit
C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe

Filesize
240KB

MD5
1e0812fbdaa20a2b9aaddf531daed935

SHA1
dc307a673aa5eecb5c1400f1d342e03697564f98

SHA256
80a6681b00056a487bba1b66c046b798dfe18bf37aa30d8a4a1be968b9add997

SHA512
1fbd817f829be16a1b298242d47b2621affc9ae3c73201fadc4e82314fbceef644710fe6a3c67cbce2cd3447ffe7376ca09f1949583485633a804a0e44b58f95

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\Settings\settings.dat.fun

Filesize
8KB

MD5
128dd6be3deae00d0316ef6b34ed8cbf

SHA1
091f89029909efa4de1e77cdecdad0d0f8728eba

SHA256
a2be57d9d357edd89219d5b13c76d250760282dbc83bdc1b401a6eb52f4ab5ca

SHA512
ce782ccf7d0cc5945b008c5df06d0bc60a2211e202e98e73fd81a509852f5e661a5b05411835459e7b70b75d025380467eaef4201d05f6511392aa3ac32a2fcf

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727656156761623.txt.fun

Filesize
77KB

MD5
75adac1f20f736a421abfec86ef99440

SHA1
68de7d6a2526f9e46dfe35dbb843c4236877ac93

SHA256
f7e7fad4427e7c7b702882d7cf8ff45b3cdcb4508c9e853e8671800487b7e359

SHA512
6fd5907e4794bea9a70cb14e5a00fd1eebb7eb6247d74285f729dfb2900bfbf81cebb0f8d74d37e58d523d551d82c80b742f7bdb3c458fc71d689f7b61a4f624

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727658166467731.txt.fun

Filesize
47KB

MD5
3ad387263c42fe15c62590a2fa1d9cb4

SHA1
1cd88137e66da3f15a45ab1216257abaddb6691d

SHA256
ec02bcfc0b0d798342f8a45c3a64c0bae2c559faefa8965728b88ecf42cdab82

SHA512
5cd04dee476c46e99769e4ef3c38e2305d3ec2ac19d5bd7ed163c47ffd786d46def91c56fbe46c328538b5e43bfb24b19fea16fa74f174778377e668f885cad5

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727664132098124.txt.fun

Filesize
65KB

MD5
dc81047674446469a19e0e2b6cca8e21

SHA1
2950fd362caab14125c632efcd4d0947a87cd017

SHA256
02709f71bd7c3c75fbb11718872c6e15cf8deea66e8e4e16360363a7b54d34d8

SHA512
3c88e019f94d9687ebd9a6899dd85bf6d4e977f4e3d866961155404207b3b6b85622ad117fb1ba979083dc069752beabd0aff52b49daf4e663a32b7dfe5487ae

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133728626213296823.txt.fun

Filesize
75KB

MD5
565d05dcd55a6d1941f806ce05b57f48

SHA1
31596f1c62b01ac3e9fa4564bcef631e4b177f19

SHA256
4ff96610fe60a2c0004a42171defd2513ea96f0902a2ca310c5789509c255317

SHA512
5e81a69442828497b998291c75b2cd903641b0d9535a09f4d9b1d1524f200cf806bab1b98021596cf79c2a85479e6e94606bf0a551564b5f3e981d9a133c4ab1

Download Submit
C:\Users\Admin\AppData\Local\Temp\{1EE1E036-D6C4-401C-B504-418413229DBE} - OProcSessId.dat.fun

Filesize
16B

MD5
bee170ea54aa2d72463f533de0c2fc71

SHA1
8eb53e2f1bbfe30326f8745d48ac2f94e85e5974

SHA256
9a8520991c071633598679cd3098f88c0789d3aa67e6114cec21033c2ab37960

SHA512
bcc05419a2f18209d57c27469ea524dade64c1fd984657fcbd2eed5368e18ea183b02323fae33f355115aeecb847e012b1d0b57cf8983751747e9ab0f8f59b4c

Download Submit
memory/2460-13-0x00007FFD4F330000-0x00007FFD4FCD1000-memory.dmp

Filesize
9.6MB

Download
memory/2460-0-0x00007FFD4F5E5000-0x00007FFD4F5E6000-memory.dmp

Filesize
4KB

Download
memory/2460-1-0x000000001B750000-0x000000001BC1E000-memory.dmp

Filesize
4.8MB

Download
memory/2460-2-0x00007FFD4F330000-0x00007FFD4FCD1000-memory.dmp

Filesize
9.6MB

Download
memory/2460-3-0x000000001B1B0000-0x000000001B24C000-memory.dmp

Filesize
624KB

Download
memory/2460-19-0x00007FFD4F330000-0x00007FFD4FCD1000-memory.dmp

Filesize
9.6MB

Download
memory/2944-18-0x00007FFD4F330000-0x00007FFD4FCD1000-memory.dmp

Filesize
9.6MB

Download
memory/2944-21-0x00007FFD4F330000-0x00007FFD4FCD1000-memory.dmp

Filesize
9.6MB

Download
memory/2944-20-0x0000000000BD0000-0x0000000000BD8000-memory.dmp

Filesize
32KB

Download
memory/2944-22-0x00007FFD4F330000-0x00007FFD4FCD1000-memory.dmp

Filesize
9.6MB

Download
memory/2944-43-0x00007FFD4F330000-0x00007FFD4FCD1000-memory.dmp

Filesize
9.6MB

Download
memory/2944-44-0x00007FFD4F330000-0x00007FFD4FCD1000-memory.dmp

Filesize
9.6MB

Download
memory/2944-45-0x00007FFD4F330000-0x00007FFD4FCD1000-memory.dmp

Filesize
9.6MB

Download
memory/2944-3783-0x00007FFD4F330000-0x00007FFD4FCD1000-memory.dmp

Filesize
9.6MB

Download
memory/2944-3784-0x00007FFD4F330000-0x00007FFD4FCD1000-memory.dmp

Filesize
9.6MB

Download
memory/2944-3787-0x00007FFD4F330000-0x00007FFD4FCD1000-memory.dmp

Filesize
9.6MB

Download
memory/2944-3788-0x00007FFD4F330000-0x00007FFD4FCD1000-memory.dmp

Filesize
9.6MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads