b9d6789722f327dcf8d466888aac18c70f693452cb708306937d9d7f09a87fa1

Analysis

max time kernel
149s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
20-10-2024 20:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

641ba3b46d3175bb6587c9838cf75eda_JaffaCakes118.exe
Size

15.3MB
MD5

641ba3b46d3175bb6587c9838cf75eda
SHA1

d352a16c14ee64976cca78ae2e6f5a8daf16dee9
SHA256

b9d6789722f327dcf8d466888aac18c70f693452cb708306937d9d7f09a87fa1
SHA512

e2405525efa3fe9232c0dfbb5ccfdb4efb9910220e3a5c8cca2b177e94f9f859c5cd0d561d44cd3bfd7eef99a4cc13804c54f7dac9f4632a419f042eb8c740a5
SSDEEP

393216:7fk34EjfYob8H+KzpyruFDJgb26WC0jhWli:7BQY48HCuFDJW2fCooi

Score

7^/10

discovery persistence

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation	641ba3b46d3175bb6587c9838cf75eda_JaffaCakes118.exe

Executes dropped EXE 1 IoCs

pid	Process
2520	srasport.exe

Loads dropped DLL 3 IoCs

pid	Process
716	641ba3b46d3175bb6587c9838cf75eda_JaffaCakes118.exe
716	641ba3b46d3175bb6587c9838cf75eda_JaffaCakes118.exe
716	641ba3b46d3175bb6587c9838cf75eda_JaffaCakes118.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\NetKeeper2.5 = "C:\\Program Files (x86)\\ChinaNetSn\\bin\\NetKeeper.exe"	641ba3b46d3175bb6587c9838cf75eda_JaffaCakes118.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in System32 directory 1 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\npptools.dll	641ba3b46d3175bb6587c9838cf75eda_JaffaCakes118.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\ChinaNetSn\plugin\EDC\Face\10405.gif	641ba3b46d3175bb6587c9838cf75eda_JaffaCakes118.exe
File created	C:\Program Files (x86)\ChinaNetSn\plugin\EDC\SKIN\school\dialkey_btn.bmp	641ba3b46d3175bb6587c9838cf75eda_JaffaCakes118.exe
File created	C:\Program Files (x86)\ChinaNetSn\plugin\EDC\dconf\SKIN\dialog-box_28.BMP	641ba3b46d3175bb6587c9838cf75eda_JaffaCakes118.exe
File created	C:\Program Files (x86)\ChinaNetSn\plugin\EDC\dconf\SKIN\Emotions\95.gif	641ba3b46d3175bb6587c9838cf75eda_JaffaCakes118.exe
File created	C:\Program Files (x86)\ChinaNetSn\plugin\EDC\Face\10057.gif	641ba3b46d3175bb6587c9838cf75eda_JaffaCakes118.exe
File created	C:\Program Files (x86)\ChinaNetSn\plugin\EDC\Face\10325.gif	641ba3b46d3175bb6587c9838cf75eda_JaffaCakes118.exe
File created	C:\Program Files (x86)\ChinaNetSn\plugin\EDC\SKIN\system\lsjl_9.BMP	641ba3b46d3175bb6587c9838cf75eda_JaffaCakes118.exe
File created	C:\Program Files (x86)\ChinaNetSn\plugin\EDC\dconf\SKIN\SKIN\Emotions\81.gif	641ba3b46d3175bb6587c9838cf75eda_JaffaCakes118.exe
File created	C:\Program Files (x86)\ChinaNetSn\plugin\EDC\Face\10322.gif	641ba3b46d3175bb6587c9838cf75eda_JaffaCakes118.exe
File created	C:\Program Files (x86)\ChinaNetSn\plugin\EDC\SKIN\school\control.xml	641ba3b46d3175bb6587c9838cf75eda_JaffaCakes118.exe
File created	C:\Program Files (x86)\ChinaNetSn\plugin\EDC\SKIN\school\left-3.bmp	641ba3b46d3175bb6587c9838cf75eda_JaffaCakes118.exe
File created	C:\Program Files (x86)\ChinaNetSn\plugin\EDC\dconf\SKIN\SKIN\Emotions\87.gif	641ba3b46d3175bb6587c9838cf75eda_JaffaCakes118.exe
File created	C:\Program Files (x86)\ChinaNetSn\bin\xinlientry98.dll	641ba3b46d3175bb6587c9838cf75eda_JaffaCakes118.exe
File created	C:\Program Files (x86)\ChinaNetSn\plugin\EDC\RTCS_Log.dll	641ba3b46d3175bb6587c9838cf75eda_JaffaCakes118.exe
File created	C:\Program Files (x86)\ChinaNetSn\plugin\EDC\SKIN\button_enter.bmp	641ba3b46d3175bb6587c9838cf75eda_JaffaCakes118.exe
File created	C:\Program Files (x86)\ChinaNetSn\plugin\EDC\SKIN\system\dialog-box-button_fsdx.BMP	641ba3b46d3175bb6587c9838cf75eda_JaffaCakes118.exe
File created	C:\Program Files (x86)\ChinaNetSn\plugin\EDC\SKIN\default\dialog-box_37.BMP	641ba3b46d3175bb6587c9838cf75eda_JaffaCakes118.exe
File created	C:\Program Files (x86)\ChinaNetSn\plugin\EDC\SKIN\school\linkmandlg_move_L.bmp	641ba3b46d3175bb6587c9838cf75eda_JaffaCakes118.exe
File created	C:\Program Files (x86)\ChinaNetSn\plugin\EDC\SKIN\system\bitmap_select.bmp	641ba3b46d3175bb6587c9838cf75eda_JaffaCakes118.exe
File created	C:\Program Files (x86)\ChinaNetSn\plugin\EDC\SKIN\system\im_fst.bmp	641ba3b46d3175bb6587c9838cf75eda_JaffaCakes118.exe
File created	C:\Program Files (x86)\ChinaNetSn\plugin\EDC\SKIN\system\lk_w.bmp	641ba3b46d3175bb6587c9838cf75eda_JaffaCakes118.exe
File created	C:\Program Files (x86)\ChinaNetSn\plugin\EDC\SKIN\system\lsjl_14.BMP	641ba3b46d3175bb6587c9838cf75eda_JaffaCakes118.exe
File created	C:\Program Files (x86)\ChinaNetSn\plugin\EDC\dconf\SKIN\3 4.bmp	641ba3b46d3175bb6587c9838cf75eda_JaffaCakes118.exe
File created	C:\Program Files (x86)\ChinaNetSn\plugin\EDC\dconf\SKIN\dx_back.bmp	641ba3b46d3175bb6587c9838cf75eda_JaffaCakes118.exe
File created	C:\Program Files (x86)\ChinaNetSn\plugin\EDC\dconf\SKIN\SKIN\dialog-box_12.BMP	641ba3b46d3175bb6587c9838cf75eda_JaffaCakes118.exe
File created	C:\Program Files (x86)\ChinaNetSn\plugin\EDC\Face\10106.gif	641ba3b46d3175bb6587c9838cf75eda_JaffaCakes118.exe
File created	C:\Program Files (x86)\ChinaNetSn\plugin\EDC\Face\10123.gif	641ba3b46d3175bb6587c9838cf75eda_JaffaCakes118.exe
File created	C:\Program Files (x86)\ChinaNetSn\plugin\EDC\dconf\SKIN\Emotions\25.gif	641ba3b46d3175bb6587c9838cf75eda_JaffaCakes118.exe
File created	C:\Program Files (x86)\ChinaNetSn\plugin\EDC\dconf\SKIN\SKIN\dialog-box_10.BMP	641ba3b46d3175bb6587c9838cf75eda_JaffaCakes118.exe
File created	C:\Program Files (x86)\ChinaNetSn\plugin\EDC\Ring\Alert.wav	641ba3b46d3175bb6587c9838cf75eda_JaffaCakes118.exe
File created	C:\Program Files (x86)\ChinaNetSn\plugin\EDC\SKIN\default\lxr_23.BMP	641ba3b46d3175bb6587c9838cf75eda_JaffaCakes118.exe
File created	C:\Program Files (x86)\ChinaNetSn\plugin\EDC\SKIN\school\addlinkman.bmp	641ba3b46d3175bb6587c9838cf75eda_JaffaCakes118.exe
File created	C:\Program Files (x86)\ChinaNetSn\plugin\EDC\SKIN\school\base_info.bmp	641ba3b46d3175bb6587c9838cf75eda_JaffaCakes118.exe
File created	C:\Program Files (x86)\ChinaNetSn\plugin\EDC\SKIN\school\green.bmp	641ba3b46d3175bb6587c9838cf75eda_JaffaCakes118.exe
File created	C:\Program Files (x86)\ChinaNetSn\plugin\EDC\SKIN\school\shortcut_background.bmp	641ba3b46d3175bb6587c9838cf75eda_JaffaCakes118.exe
File created	C:\Program Files (x86)\ChinaNetSn\plugin\EDC\dconf\SKIN\bk02_h.JPG	641ba3b46d3175bb6587c9838cf75eda_JaffaCakes118.exe
File created	C:\Program Files (x86)\ChinaNetSn\plugin\EDC\dconf\SKIN\Emotions\24.gif	641ba3b46d3175bb6587c9838cf75eda_JaffaCakes118.exe
File created	C:\Program Files (x86)\ChinaNetSn\plugin\EDC\Face\10315.gif	641ba3b46d3175bb6587c9838cf75eda_JaffaCakes118.exe
File created	C:\Program Files (x86)\ChinaNetSn\plugin\EDC\SKIN\school\user_blank.bmp	641ba3b46d3175bb6587c9838cf75eda_JaffaCakes118.exe
File created	C:\Program Files (x86)\ChinaNetSn\plugin\EDC\dconf\SKIN\lsjl_10.BMP	641ba3b46d3175bb6587c9838cf75eda_JaffaCakes118.exe
File created	C:\Program Files (x86)\ChinaNetSn\plugin\EDC\dconf\SKIN\SKIN\Emotions\65.gif	641ba3b46d3175bb6587c9838cf75eda_JaffaCakes118.exe
File created	C:\Program Files (x86)\ChinaNetSn\plugin\EDC\dconf\SKIN\SKIN\Emotions\78.gif	641ba3b46d3175bb6587c9838cf75eda_JaffaCakes118.exe
File created	C:\Program Files (x86)\ChinaNetSn\plugin\EDC\SKIN\school\Thumbs.db	641ba3b46d3175bb6587c9838cf75eda_JaffaCakes118.exe
File created	C:\Program Files (x86)\ChinaNetSn\plugin\EDC\SKIN\school\dialkey_call.bmp	641ba3b46d3175bb6587c9838cf75eda_JaffaCakes118.exe
File created	C:\Program Files (x86)\ChinaNetSn\plugin\EDC\SKIN\system\th_b.bmp	641ba3b46d3175bb6587c9838cf75eda_JaffaCakes118.exe
File created	C:\Program Files (x86)\ChinaNetSn\plugin\EDC\SKIN\school\down.bmp	641ba3b46d3175bb6587c9838cf75eda_JaffaCakes118.exe
File created	C:\Program Files (x86)\ChinaNetSn\plugin\EDC\SKIN\school\fax_notify.bmp	641ba3b46d3175bb6587c9838cf75eda_JaffaCakes118.exe
File created	C:\Program Files (x86)\ChinaNetSn\plugin\EDC\SKIN\system\ml_w.bmp	641ba3b46d3175bb6587c9838cf75eda_JaffaCakes118.exe
File created	C:\Program Files (x86)\ChinaNetSn\plugin\EDC\dconf\SKIN\rarrow.bmp	641ba3b46d3175bb6587c9838cf75eda_JaffaCakes118.exe
File created	C:\Program Files (x86)\ChinaNetSn\plugin\EDC\Face\10212.gif	641ba3b46d3175bb6587c9838cf75eda_JaffaCakes118.exe
File created	C:\Program Files (x86)\ChinaNetSn\plugin\EDC\Face\10245.gif	641ba3b46d3175bb6587c9838cf75eda_JaffaCakes118.exe
File created	C:\Program Files (x86)\ChinaNetSn\plugin\EDC\SKIN\school\login_L.bmp	641ba3b46d3175bb6587c9838cf75eda_JaffaCakes118.exe
File created	C:\Program Files (x86)\ChinaNetSn\plugin\EDC\dconf\SKIN\Emotions\57.gif	641ba3b46d3175bb6587c9838cf75eda_JaffaCakes118.exe
File created	C:\Program Files (x86)\ChinaNetSn\plugin\EDC\SKIN\system\MeetingNotify_4.bmp	641ba3b46d3175bb6587c9838cf75eda_JaffaCakes118.exe
File created	C:\Program Files (x86)\ChinaNetSn\plugin\EDC\SKIN\system\lx_wm.bmp	641ba3b46d3175bb6587c9838cf75eda_JaffaCakes118.exe
File created	C:\Program Files (x86)\ChinaNetSn\plugin\EDC\dconf\SKIN\record.bmp	641ba3b46d3175bb6587c9838cf75eda_JaffaCakes118.exe
File created	C:\Program Files (x86)\ChinaNetSn\plugin\EDC\dconf\SKIN\SKIN\CtrlPanel_SLIDER_VOLUME_CHANNEL.bmp	641ba3b46d3175bb6587c9838cf75eda_JaffaCakes118.exe
File created	C:\Program Files (x86)\ChinaNetSn\plugin\EDC\dconf\SKIN\SKIN\calling_01.BMP	641ba3b46d3175bb6587c9838cf75eda_JaffaCakes118.exe
File created	C:\Program Files (x86)\ChinaNetSn\plugin\EDC\dconf\SKIN\SKIN\tabpress.JPG	641ba3b46d3175bb6587c9838cf75eda_JaffaCakes118.exe
File created	C:\Program Files (x86)\ChinaNetSn\plugin\EDC\dconf\SKIN\SKIN\Emotions\40.gif	641ba3b46d3175bb6587c9838cf75eda_JaffaCakes118.exe
File created	C:\Program Files (x86)\ChinaNetSn\plugin\EDC\dconf\SKIN\SKIN\Emotions\48.gif	641ba3b46d3175bb6587c9838cf75eda_JaffaCakes118.exe
File created	C:\Program Files (x86)\ChinaNetSn\plugin\EDC\dconf\SKIN\SKIN\IECoop\IEToolBack.bmp	641ba3b46d3175bb6587c9838cf75eda_JaffaCakes118.exe
File created	C:\Program Files (x86)\ChinaNetSn\plugin\EDC\Face\10319.gif	641ba3b46d3175bb6587c9838cf75eda_JaffaCakes118.exe
File created	C:\Program Files (x86)\ChinaNetSn\plugin\EDC\SKIN\school\bindphone.bmp	641ba3b46d3175bb6587c9838cf75eda_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	641ba3b46d3175bb6587c9838cf75eda_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	srasport.exe

Suspicious behavior: LoadsDriver 6 IoCs

pid	Process
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
648	Process not Found

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 716 wrote to memory of 2520	716	641ba3b46d3175bb6587c9838cf75eda_JaffaCakes118.exe	101
PID 716 wrote to memory of 2520	716	641ba3b46d3175bb6587c9838cf75eda_JaffaCakes118.exe	101
PID 716 wrote to memory of 2520	716	641ba3b46d3175bb6587c9838cf75eda_JaffaCakes118.exe	101

C:\Users\Admin\AppData\Local\Temp\641ba3b46d3175bb6587c9838cf75eda_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\641ba3b46d3175bb6587c9838cf75eda_JaffaCakes118.exe"
1⤵
- Checks computer location settings
- Loads dropped DLL
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:716
- C:\Program Files (x86)\ChinaNetSn\bin\srasport.exe
  "C:\Program Files (x86)\ChinaNetSn\bin\srasport.exe" anxiaohui
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:2520

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\ChinaNetSn\bin\NetKeeper.exe

Filesize
430KB

MD5
1e427f695e7bbd16d97592964e5fcd3f

SHA1
6f940546cbc74e00b8428579e3ae911f95e04241

SHA256
9a6740315aeaf9e7f5b3fa3b036fca73e1c4e1b895d3dde7a47ef5148116b418

SHA512
80b4b7cd1d2dde0c0ed7921bdbc6033473b51fda7ea86cf0d70d2d2822e15e70626b2107bf88b214417189e8e6869811fa9de47247042c2a5641de5317e33246

Download Submit
C:\Program Files (x86)\ChinaNetSn\bin\srasport.exe

Filesize
28KB

MD5
6d05bf5ebc761bff42890e231b4554d6

SHA1
f7053600daffa0f143d91562516335e03b1974d7

SHA256
6240d2dbfe65901f2483b36dc34e220cddbffb5f68b89233b847a232c46f9f4a

SHA512
8bd01f1e03c337727953c2c2cfceee1fbe5d0c41ef79335e4c23a542a2dd9206a9f171753b05501e0d77709229f89ea4d2971460adb25af3b960972fdfc6a6ea

Download Submit
C:\Program Files (x86)\ChinaNetSn\plugin\EDC\SKIN\school\MSSCCPRJ.SCC

Filesize
483B

MD5
0cf6771381dd14893497a24d7427af1a

SHA1
14cba86b8b85bc9abe7f567ab98334d1a19a3758

SHA256
3558c2a61fc57b54f80eb03e0873196125d37e6f079cac807602736b19b312ad

SHA512
6cfecf0e0fdaec5624d5b539571ce41e45d335a3b9c9755cf49c7b1383b6b1b8499ac23800bdeeed6c7540a9090902344d759dcd401788f7adcc5f69a51b1f41

Download Submit
C:\Program Files (x86)\ChinaNetSn\plugin\EDC\SKIN\system\button_enter.bmp

Filesize
12KB

MD5
72aa5131841566021c4125b5060b5d03

SHA1
75066bc5a5c36d6350515e075c71a546d387ea53

SHA256
33bb9ca96efa1c7712187208c9d489c504e869a5d646c78c3b5722e456d32a3a

SHA512
dfac9f08c61a0fadf4c742255f468b555c5308d2358e99a8265cd75246e873c3c3e371eae6380af29c4c2d36f69dd5759c632f05d6abeb18a2467c4bdbdf92bf

Download Submit
C:\Program Files (x86)\ChinaNetSn\plugin\EDC\dconf\SKIN\AddMeetingUser_0.bmp

Filesize
94B

MD5
b4a210ce3a46d183b47b711840c5274a

SHA1
985bc4815fdcbe43a36e8ada247ece660bbffbcb

SHA256
349f6cfb44127451b5fcbfdbb5e24daf659ca61e6eb8bf87d449b0487fb3b4ed

SHA512
1e0c541417a41922402bb906d62e88cbd61d33d0e02a25b931bbb3ea2a6354bb6458bc769efe9e66b44a74442bd8b5965a929a44a5d4d79d744f30687bdaadf2

Download Submit
C:\Program Files (x86)\ChinaNetSn\plugin\EDC\dconf\SKIN\AddMeetingUser_2.bmp

Filesize
94B

MD5
e65808d2d1286615722ef257d64572a3

SHA1
1bd7e8ebd8718bca7f3d89b9afd5d98c0f33bc5f

SHA256
17f5afcd124ce1b013c4ed380d05790025136c10ceefc8b7cbc7675ab4623f36

SHA512
f548139063a3482f0dc9d0749061f9ee10aa60cbd06669d93e92e3d4f79dc618ab68f005c29ab0d4044abfeb39a50a70a5b68b13fd618e37eda8e28e1154202d

Download Submit
C:\Program Files (x86)\ChinaNetSn\plugin\EDC\dconf\SKIN\calling_04.BMP

Filesize
3KB

MD5
2ec91d1ce2b3c7bf8b0bea1e5dfd76d2

SHA1
fc1985054309d788e2a7acee4114797f4dda4d9a

SHA256
c89bb067d982388e97e6908a6090caf9f390876b414cd9a4d03848ba2146cc15

SHA512
0598c7e2024b5bcaacbbb28d2b63ab90f6717691ac5f54c87a7df2ac706a3258346ee6c7099f5bda89efefa92a0900f762a5d23aca866fcaa11b021936dc6a9d

Download Submit
C:\Program Files (x86)\ChinaNetSn\plugin\EDC\dconf\SKIN\dialog-box_slidebar.BMP

Filesize
1KB

MD5
1509d4607def60f35d69ff55098d5c01

SHA1
911d6aa1a8267f6f48cbb58682794e6743c0a307

SHA256
d993062bcd4a4fded4123a805f2c494b5e67e7013168021fce4e53afabf526f4

SHA512
673eb9a657f2ec7c7b4b24bc790c4e157aa21e8b411d647e54bf69978576cc748ee5d61788c77eecd64baf5b8965c1996d3d93f6ec17dd7018b56dfde6f9a295

Download Submit
C:\Program Files (x86)\ChinaNetSn\plugin\EDC\dconf\SKIN\tab_09.bmp

Filesize
5KB

MD5
6118ea0ff98fbb784ea87c6e870becbd

SHA1
f7edfd4c1c2c3127d45a4ab40d8e70d58f133b4b

SHA256
8fa69f2403c04d1ae412798b6bb7efd1639ff4569943b7a1ce2c8dc6e8999523

SHA512
62a9223e965492c7afe526f0a04632f7725ab2f31428b6a48372f2aa6f9d7a7c2396739dbbbdf83e179e3657a731a1cd012b4ae217e62db345613b72ddf2c6d8

Download Submit
C:\Users\Admin\AppData\Local\Temp\nss8D4D.tmp\InstallOptions.dll

Filesize
12KB

MD5
1e8f2fefe3ce893b117b26948b8978cb

SHA1
59cfc6c3f5716e91609e54ca80ae8b06c93ef8ab

SHA256
8203ae1589a50e6ff012e5d27bdd4f8ed7506077ca9b052827f5e90aaeb98519

SHA512
b3c36e1aa5d3ee5f482f4175a7d6fe10cf2bf3bd3423ab4266d11c4181cfbc7e3f66a30855034a8ec026a4d5987598f0116e98519b7445d9e5687bcbab2c0e5c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nss8D4D.tmp\System.dll

Filesize
10KB

MD5
10c44246d99a1c2e5f5e6b52b111a63d

SHA1
0f41da79c3e789f4ae38738e3a5d73c538f8af4f

SHA256
7a24883bdbf08ce90938094b6ab6f09a842af10b18b8ae4d70da2e6b806490b8

SHA512
e5b0fa27cd02a67be5eb9c63646621d3e9ccfada98659c50dee8310a58ce12e1a6a059788b85f0f440067ed7e281a0e1a526b9403993b9000f91a51bfbb50da3

Download Submit
C:\Users\Admin\AppData\Local\Temp\nss8D4D.tmp\ioSpecial.ini

Filesize
577B

MD5
7c0957311070ba9ffab89a67a564cb7d

SHA1
b45112829c9f40bd3489dfd31b0ba11439729960

SHA256
e29a76c07756a4f727a0af7e3ccc4b1678de73f6fa5e4e0d38d6ddf5fd92bc0c

SHA512
abe439c6518acffa3483515ac492b331db0519cc5f556a0281a41b9654610b3c96327b68640e0b16a0867fa067e2726776c01a644bcd39c8a58bfe4c63468424

Download Submit
C:\Users\Admin\AppData\Local\Temp\nss8D4D.tmp\ioSpecial.ini

Filesize
806B

MD5
4374cb49230af71572c7d40bd23bb504

SHA1
940d51a762888b4778de0bf1e626240e5c26c664

SHA256
bc99b0ef767e59e340ccdbdefeab84430e20dbbf991972778684865e892cb683

SHA512
dcc39a56a33df552f6af19475d78e9ac43f7fd6cc47d610f3cfb38a6ed684c5bd1a2fb78d84830aeb1b5f02e8a657a251f40172efc4c96629c709b7a5416a146

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads