Analysis
-
max time kernel
144s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20241010-en -
resource tags
arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system -
submitted
29-10-2024 02:30
Static task
static1
Behavioral task
behavioral1
Sample
7b824e5d964fc615c9d499d3df4cb7fa_JaffaCakes118.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
7b824e5d964fc615c9d499d3df4cb7fa_JaffaCakes118.exe
Resource
win10v2004-20241007-en
General
-
Target
7b824e5d964fc615c9d499d3df4cb7fa_JaffaCakes118.exe
-
Size
155KB
-
MD5
7b824e5d964fc615c9d499d3df4cb7fa
-
SHA1
ffa0e0b22ba2a76473cb07a7d2e2b8e5559a49c5
-
SHA256
eec58cff377da4fe37b2338f82921d19f157aa88fd7cbe547ae51e75d690121f
-
SHA512
4a87db8f9d0fdc9d556b9470f900328b5565fe771aee2152ce73d7aaffa4fb71da0f51d96dd3d5b51898277b04c5ce879b99dc84be57f6c0330816c11a00d8c1
-
SSDEEP
3072:6BQAX4A71Gx3nr5aI+xk4UytHGyqXD0n8HbB3:6zGVnr5X+bHiXgns
Malware Config
Extracted
latentbot
established.zapto.org
Signatures
-
Latentbot family
-
Executes dropped EXE 2 IoCs
pid Process 2604 services.exe 1232 services.EXE -
Loads dropped DLL 3 IoCs
pid Process 2832 7b824e5d964fc615c9d499d3df4cb7fa_JaffaCakes118.EXE 2832 7b824e5d964fc615c9d499d3df4cb7fa_JaffaCakes118.EXE 2604 services.exe -
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Windows\CurrentVersion\Run\SunJavaUpdateSched = "C:\\Users\\Admin\\AppData\\Roaming\\services.exe" 7b824e5d964fc615c9d499d3df4cb7fa_JaffaCakes118.EXE -
Enumerates connected drives 3 TTPs 21 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
description ioc Process File opened (read-only) \??\n: 7b824e5d964fc615c9d499d3df4cb7fa_JaffaCakes118.EXE File opened (read-only) \??\g: 7b824e5d964fc615c9d499d3df4cb7fa_JaffaCakes118.EXE File opened (read-only) \??\z: 7b824e5d964fc615c9d499d3df4cb7fa_JaffaCakes118.EXE File opened (read-only) \??\s: 7b824e5d964fc615c9d499d3df4cb7fa_JaffaCakes118.EXE File opened (read-only) \??\p: 7b824e5d964fc615c9d499d3df4cb7fa_JaffaCakes118.EXE File opened (read-only) \??\o: 7b824e5d964fc615c9d499d3df4cb7fa_JaffaCakes118.EXE File opened (read-only) \??\m: 7b824e5d964fc615c9d499d3df4cb7fa_JaffaCakes118.EXE File opened (read-only) \??\k: 7b824e5d964fc615c9d499d3df4cb7fa_JaffaCakes118.EXE File opened (read-only) \??\i: 7b824e5d964fc615c9d499d3df4cb7fa_JaffaCakes118.EXE File opened (read-only) \??\e: 7b824e5d964fc615c9d499d3df4cb7fa_JaffaCakes118.EXE File opened (read-only) \??\v: 7b824e5d964fc615c9d499d3df4cb7fa_JaffaCakes118.EXE File opened (read-only) \??\t: 7b824e5d964fc615c9d499d3df4cb7fa_JaffaCakes118.EXE File opened (read-only) \??\r: 7b824e5d964fc615c9d499d3df4cb7fa_JaffaCakes118.EXE File opened (read-only) \??\u: 7b824e5d964fc615c9d499d3df4cb7fa_JaffaCakes118.EXE File opened (read-only) \??\q: 7b824e5d964fc615c9d499d3df4cb7fa_JaffaCakes118.EXE File opened (read-only) \??\l: 7b824e5d964fc615c9d499d3df4cb7fa_JaffaCakes118.EXE File opened (read-only) \??\j: 7b824e5d964fc615c9d499d3df4cb7fa_JaffaCakes118.EXE File opened (read-only) \??\h: 7b824e5d964fc615c9d499d3df4cb7fa_JaffaCakes118.EXE File opened (read-only) \??\y: 7b824e5d964fc615c9d499d3df4cb7fa_JaffaCakes118.EXE File opened (read-only) \??\x: 7b824e5d964fc615c9d499d3df4cb7fa_JaffaCakes118.EXE File opened (read-only) \??\w: 7b824e5d964fc615c9d499d3df4cb7fa_JaffaCakes118.EXE -
Suspicious use of SetThreadContext 2 IoCs
description pid Process procid_target PID 2760 set thread context of 2832 2760 7b824e5d964fc615c9d499d3df4cb7fa_JaffaCakes118.exe 30 PID 2604 set thread context of 1232 2604 services.exe 32 -
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files (x86)\edonkey2000\incoming\WinRAR-3 91 Full + Keymaker.exe 7b824e5d964fc615c9d499d3df4cb7fa_JaffaCakes118.EXE File created C:\Program Files (x86)\emule\incoming\Babylon 8 - Instant translation tool.exe 7b824e5d964fc615c9d499d3df4cb7fa_JaffaCakes118.EXE File created C:\Program Files (x86)\limewire\shared\Microsoft Windows Home Server 2010 Build 7360.exe 7b824e5d964fc615c9d499d3df4cb7fa_JaffaCakes118.EXE File created C:\Program Files (x86)\tesla\files\Garmin mobile xt keygen.exe 7b824e5d964fc615c9d499d3df4cb7fa_JaffaCakes118.EXE File created C:\Program Files (x86)\tesla\files\Autorun Virus Remover v2 3 1022-Lz0.exe 7b824e5d964fc615c9d499d3df4cb7fa_JaffaCakes118.EXE File created C:\Program Files (x86)\bearshare\shared\Sony Vegas Pro 9.0 Full.exe 7b824e5d964fc615c9d499d3df4cb7fa_JaffaCakes118.EXE File created C:\Program Files (x86)\grokster\my grokster\Setup OneCare for Windows 7.exe 7b824e5d964fc615c9d499d3df4cb7fa_JaffaCakes118.EXE File created C:\Program Files (x86)\kazaa\my shared folder\LimeWire.Pro.v5.4.6.1.Multilingual.Retail-ZWT.exe 7b824e5d964fc615c9d499d3df4cb7fa_JaffaCakes118.EXE File created C:\Program Files (x86)\kazaa lite\my shared folder\Xilisoft AVI MPEG Converter v5 1 26 1030 Keyg.exe 7b824e5d964fc615c9d499d3df4cb7fa_JaffaCakes118.EXE File created C:\Program Files (x86)\kazaa lite\my shared folder\RuneScape 2010 - Newest Exploits.exe 7b824e5d964fc615c9d499d3df4cb7fa_JaffaCakes118.EXE File created C:\Program Files (x86)\icq\shared folder\Sony Vegas Pro 9.0 Full.exe 7b824e5d964fc615c9d499d3df4cb7fa_JaffaCakes118.EXE File created C:\Program Files (x86)\bearshare\shared\Microsoft Office Accounting Professional 2009.exe 7b824e5d964fc615c9d499d3df4cb7fa_JaffaCakes118.EXE File created C:\Program Files (x86)\bearshare\shared\LimeWire.Pro.v5.4.6.1.Multilingual.Retail-ZWT.exe 7b824e5d964fc615c9d499d3df4cb7fa_JaffaCakes118.EXE File created C:\Program Files (x86)\edonkey2000\incoming\facebook for dummies.exe 7b824e5d964fc615c9d499d3df4cb7fa_JaffaCakes118.EXE File created C:\Program Files (x86)\edonkey2000\incoming\Microsoft Office Accounting Professional 2009.exe 7b824e5d964fc615c9d499d3df4cb7fa_JaffaCakes118.EXE File created C:\Program Files (x86)\kazaa\my shared folder\Trojan Killer 2.0.6.4 Patch.exe 7b824e5d964fc615c9d499d3df4cb7fa_JaffaCakes118.EXE File created C:\Program Files (x86)\tesla\files\Windows 2008 Server KeyGen.exe 7b824e5d964fc615c9d499d3df4cb7fa_JaffaCakes118.EXE File created C:\Program Files (x86)\morpheus\my shared folder\Sony Vegas Pro 9.0 Full.exe 7b824e5d964fc615c9d499d3df4cb7fa_JaffaCakes118.EXE File created C:\Program Files (x86)\kazaa lite k++\my shared folder\facebook for dummies.exe 7b824e5d964fc615c9d499d3df4cb7fa_JaffaCakes118.EXE File created C:\Program Files (x86)\kazaa lite k++\my shared folder\DesktopCalendar.exe 7b824e5d964fc615c9d499d3df4cb7fa_JaffaCakes118.EXE File created C:\Program Files (x86)\kazaa lite k++\my shared folder\Xilisoft Apple TV Video Converter v5 1 26 1030 Inc.exe 7b824e5d964fc615c9d499d3df4cb7fa_JaffaCakes118.EXE File created C:\Program Files (x86)\kazaa lite k++\my shared folder\DiceRoller2 0.exe 7b824e5d964fc615c9d499d3df4cb7fa_JaffaCakes118.EXE File created C:\Program Files (x86)\kazaa lite k++\my shared folder\Recover Keys v3 0 3 7-MAZE.exe 7b824e5d964fc615c9d499d3df4cb7fa_JaffaCakes118.EXE File created C:\Program Files (x86)\icq\shared folder\Uniture Memory Booster v6 1 0 5158-MESMERiZE.exe 7b824e5d964fc615c9d499d3df4cb7fa_JaffaCakes118.EXE File created C:\Program Files (x86)\edonkey2000\incoming\Trojan Killer 2.0.6.4 Patch.exe 7b824e5d964fc615c9d499d3df4cb7fa_JaffaCakes118.EXE File created C:\Program Files (x86)\kazaa\my shared folder\Autorun Virus Remover v2 3 1022-Lz0.exe 7b824e5d964fc615c9d499d3df4cb7fa_JaffaCakes118.EXE File created C:\Program Files (x86)\limewire\shared\Xilisoft Burn Pro v1 0 64 0112 Keygen.exe 7b824e5d964fc615c9d499d3df4cb7fa_JaffaCakes118.EXE File created C:\Program Files (x86)\winmx\shared\Diskeeper 2010 Pro Premier v14 0 900.exe 7b824e5d964fc615c9d499d3df4cb7fa_JaffaCakes118.EXE File created C:\Program Files (x86)\limewire\shared\Trojan Killer 2.0.6.4 Patch.exe 7b824e5d964fc615c9d499d3df4cb7fa_JaffaCakes118.EXE File created C:\Program Files (x86)\kazaa\my shared folder\Microsoft Windows Home Server 2010 Build 7360.exe 7b824e5d964fc615c9d499d3df4cb7fa_JaffaCakes118.EXE File created C:\Program Files (x86)\edonkey2000\incoming\DesktopCalendar.exe 7b824e5d964fc615c9d499d3df4cb7fa_JaffaCakes118.EXE File created C:\Program Files (x86)\emule\incoming\Microsoft Windows Home Server 2010 Build 7360.exe 7b824e5d964fc615c9d499d3df4cb7fa_JaffaCakes118.EXE File created C:\Program Files (x86)\limewire\shared\LimeWire.Pro.v5.4.6.1.Multilingual.Retail-ZWT.exe 7b824e5d964fc615c9d499d3df4cb7fa_JaffaCakes118.EXE File created C:\Program Files (x86)\tesla\files\WinZip PRO v12.1 + Serials.exe 7b824e5d964fc615c9d499d3df4cb7fa_JaffaCakes118.EXE File created C:\Program Files (x86)\kazaa\my shared folder\Web Dumper 3.1.1 Keygen.exe 7b824e5d964fc615c9d499d3df4cb7fa_JaffaCakes118.EXE File created C:\Program Files (x86)\icq\shared folder\Adobe Photoshop CS4 KeyGen.exe 7b824e5d964fc615c9d499d3df4cb7fa_JaffaCakes118.EXE File created C:\Program Files (x86)\emule\incoming\paypal hack 2010.exe 7b824e5d964fc615c9d499d3df4cb7fa_JaffaCakes118.EXE File created C:\Program Files (x86)\tesla\files\Recover Keys v3 0 3 7-MAZE.exe 7b824e5d964fc615c9d499d3df4cb7fa_JaffaCakes118.EXE File created C:\Program Files (x86)\kazaa\my shared folder\WinZip PRO v12.1 + Serials.exe 7b824e5d964fc615c9d499d3df4cb7fa_JaffaCakes118.EXE File created C:\Program Files (x86)\kazaa lite\my shared folder\Error Repair Professional 4 1 3 AT4RE DM999.exe 7b824e5d964fc615c9d499d3df4cb7fa_JaffaCakes118.EXE File created C:\Program Files (x86)\bearshare\shared\LimeWire Pro.exe 7b824e5d964fc615c9d499d3df4cb7fa_JaffaCakes118.EXE File created C:\Program Files (x86)\emule\incoming\Adobe Photoshop CS3 patch.exe 7b824e5d964fc615c9d499d3df4cb7fa_JaffaCakes118.EXE File created C:\Program Files (x86)\emule\incoming\Microsoft Office 2010 Enterprise Corporate Edition.exe 7b824e5d964fc615c9d499d3df4cb7fa_JaffaCakes118.EXE File created C:\Program Files (x86)\emule\incoming\Adobe Dreamweaver CS4 Keygen.exe 7b824e5d964fc615c9d499d3df4cb7fa_JaffaCakes118.EXE File created C:\Program Files (x86)\emule\incoming\RuneScape 2010 - Newest Exploits.exe 7b824e5d964fc615c9d499d3df4cb7fa_JaffaCakes118.EXE File created C:\Program Files (x86)\tesla\files\cute dogs screensaver.exe 7b824e5d964fc615c9d499d3df4cb7fa_JaffaCakes118.EXE File created C:\Program Files (x86)\kazaa lite\my shared folder\DesktopCalendar.exe 7b824e5d964fc615c9d499d3df4cb7fa_JaffaCakes118.EXE File created C:\Program Files (x86)\icq\shared folder\Xilisoft Burn Pro v1 0 64 0112 Keygen.exe 7b824e5d964fc615c9d499d3df4cb7fa_JaffaCakes118.EXE File created C:\Program Files (x86)\bearshare\shared\facebook for dummies.exe 7b824e5d964fc615c9d499d3df4cb7fa_JaffaCakes118.EXE File created C:\Program Files (x86)\edonkey2000\incoming\Xilisoft CD Ripper v1 0 47 0904 Keygen.exe 7b824e5d964fc615c9d499d3df4cb7fa_JaffaCakes118.EXE File created C:\Program Files (x86)\morpheus\my shared folder\RAR Password Recovery Magic v6 1 1 172-BEAN.exe 7b824e5d964fc615c9d499d3df4cb7fa_JaffaCakes118.EXE File created C:\Program Files (x86)\morpheus\my shared folder\Atomix Virtual DJ v6.0.2 FINAL Professional.exe 7b824e5d964fc615c9d499d3df4cb7fa_JaffaCakes118.EXE File created C:\Program Files (x86)\morpheus\my shared folder\YouTube Downloader all Access.exe 7b824e5d964fc615c9d499d3df4cb7fa_JaffaCakes118.EXE File created C:\Program Files (x86)\tesla\files\Dr Web AntiVirus v5 0 10 11260 R-EAT.exe 7b824e5d964fc615c9d499d3df4cb7fa_JaffaCakes118.EXE File created C:\Program Files (x86)\kazaa lite k++\my shared folder\Xilisoft CD Ripper v1 0 47 0904 Keygen.exe 7b824e5d964fc615c9d499d3df4cb7fa_JaffaCakes118.EXE File created C:\Program Files (x86)\kazaa\my shared folder\Atomix Virtual DJ v6.0.2 FINAL Professional.exe 7b824e5d964fc615c9d499d3df4cb7fa_JaffaCakes118.EXE File created C:\Program Files (x86)\kazaa lite\my shared folder\Yamicsoft Windows 7 Manager v1 1 8 x64.exe 7b824e5d964fc615c9d499d3df4cb7fa_JaffaCakes118.EXE File created C:\Program Files (x86)\bearshare\shared\Microsoft Office 2010 Enterprise Corporate Edition.exe 7b824e5d964fc615c9d499d3df4cb7fa_JaffaCakes118.EXE File created C:\Program Files (x86)\limewire\shared\Windows 7 Toolkit v1.8 activations+full suite.exe 7b824e5d964fc615c9d499d3df4cb7fa_JaffaCakes118.EXE File created C:\Program Files (x86)\winmx\shared\Xilisoft 3GP Video Converter v5 1 26 1231 Key.exe 7b824e5d964fc615c9d499d3df4cb7fa_JaffaCakes118.EXE File created C:\Program Files (x86)\kazaa\my shared folder\Microsoft Office Accounting Professional 2009.exe 7b824e5d964fc615c9d499d3df4cb7fa_JaffaCakes118.EXE File created C:\Program Files (x86)\grokster\my grokster\Windows 7 Toolkit v1.8 activations+full suite.exe 7b824e5d964fc615c9d499d3df4cb7fa_JaffaCakes118.EXE File created C:\Program Files (x86)\bearshare\shared\MS Office 2007 Activation KeyGen.exe 7b824e5d964fc615c9d499d3df4cb7fa_JaffaCakes118.EXE File created C:\Program Files (x86)\emule\incoming\Driver Genius Professional 2009 9.0.0 Build 186.exe 7b824e5d964fc615c9d499d3df4cb7fa_JaffaCakes118.EXE -
System Location Discovery: System Language Discovery 1 TTPs 4 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 7b824e5d964fc615c9d499d3df4cb7fa_JaffaCakes118.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 7b824e5d964fc615c9d499d3df4cb7fa_JaffaCakes118.EXE Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language services.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language services.EXE -
Suspicious behavior: EnumeratesProcesses 24 IoCs
pid Process 2832 7b824e5d964fc615c9d499d3df4cb7fa_JaffaCakes118.EXE 2832 7b824e5d964fc615c9d499d3df4cb7fa_JaffaCakes118.EXE 2832 7b824e5d964fc615c9d499d3df4cb7fa_JaffaCakes118.EXE 2832 7b824e5d964fc615c9d499d3df4cb7fa_JaffaCakes118.EXE 2832 7b824e5d964fc615c9d499d3df4cb7fa_JaffaCakes118.EXE 2832 7b824e5d964fc615c9d499d3df4cb7fa_JaffaCakes118.EXE 2832 7b824e5d964fc615c9d499d3df4cb7fa_JaffaCakes118.EXE 2832 7b824e5d964fc615c9d499d3df4cb7fa_JaffaCakes118.EXE 2832 7b824e5d964fc615c9d499d3df4cb7fa_JaffaCakes118.EXE 2832 7b824e5d964fc615c9d499d3df4cb7fa_JaffaCakes118.EXE 2832 7b824e5d964fc615c9d499d3df4cb7fa_JaffaCakes118.EXE 2832 7b824e5d964fc615c9d499d3df4cb7fa_JaffaCakes118.EXE 1232 services.EXE 1232 services.EXE 1232 services.EXE 1232 services.EXE 1232 services.EXE 1232 services.EXE 1232 services.EXE 1232 services.EXE 1232 services.EXE 1232 services.EXE 1232 services.EXE 1232 services.EXE -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 2760 7b824e5d964fc615c9d499d3df4cb7fa_JaffaCakes118.exe 2604 services.exe -
Suspicious use of WriteProcessMemory 24 IoCs
description pid Process procid_target PID 2760 wrote to memory of 2832 2760 7b824e5d964fc615c9d499d3df4cb7fa_JaffaCakes118.exe 30 PID 2760 wrote to memory of 2832 2760 7b824e5d964fc615c9d499d3df4cb7fa_JaffaCakes118.exe 30 PID 2760 wrote to memory of 2832 2760 7b824e5d964fc615c9d499d3df4cb7fa_JaffaCakes118.exe 30 PID 2760 wrote to memory of 2832 2760 7b824e5d964fc615c9d499d3df4cb7fa_JaffaCakes118.exe 30 PID 2760 wrote to memory of 2832 2760 7b824e5d964fc615c9d499d3df4cb7fa_JaffaCakes118.exe 30 PID 2760 wrote to memory of 2832 2760 7b824e5d964fc615c9d499d3df4cb7fa_JaffaCakes118.exe 30 PID 2760 wrote to memory of 2832 2760 7b824e5d964fc615c9d499d3df4cb7fa_JaffaCakes118.exe 30 PID 2760 wrote to memory of 2832 2760 7b824e5d964fc615c9d499d3df4cb7fa_JaffaCakes118.exe 30 PID 2760 wrote to memory of 2832 2760 7b824e5d964fc615c9d499d3df4cb7fa_JaffaCakes118.exe 30 PID 2760 wrote to memory of 2832 2760 7b824e5d964fc615c9d499d3df4cb7fa_JaffaCakes118.exe 30 PID 2832 wrote to memory of 2604 2832 7b824e5d964fc615c9d499d3df4cb7fa_JaffaCakes118.EXE 31 PID 2832 wrote to memory of 2604 2832 7b824e5d964fc615c9d499d3df4cb7fa_JaffaCakes118.EXE 31 PID 2832 wrote to memory of 2604 2832 7b824e5d964fc615c9d499d3df4cb7fa_JaffaCakes118.EXE 31 PID 2832 wrote to memory of 2604 2832 7b824e5d964fc615c9d499d3df4cb7fa_JaffaCakes118.EXE 31 PID 2604 wrote to memory of 1232 2604 services.exe 32 PID 2604 wrote to memory of 1232 2604 services.exe 32 PID 2604 wrote to memory of 1232 2604 services.exe 32 PID 2604 wrote to memory of 1232 2604 services.exe 32 PID 2604 wrote to memory of 1232 2604 services.exe 32 PID 2604 wrote to memory of 1232 2604 services.exe 32 PID 2604 wrote to memory of 1232 2604 services.exe 32 PID 2604 wrote to memory of 1232 2604 services.exe 32 PID 2604 wrote to memory of 1232 2604 services.exe 32 PID 2604 wrote to memory of 1232 2604 services.exe 32
Processes
-
C:\Users\Admin\AppData\Local\Temp\7b824e5d964fc615c9d499d3df4cb7fa_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\7b824e5d964fc615c9d499d3df4cb7fa_JaffaCakes118.exe"1⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2760 -
C:\Users\Admin\AppData\Local\Temp\7b824e5d964fc615c9d499d3df4cb7fa_JaffaCakes118.EXEC:\Users\Admin\AppData\Local\Temp\7b824e5d964fc615c9d499d3df4cb7fa_JaffaCakes118.EXE2⤵
- Loads dropped DLL
- Adds Run key to start application
- Enumerates connected drives
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2832 -
C:\Users\Admin\AppData\Roaming\services.exe"C:\Users\Admin\AppData\Roaming\services.exe"3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2604 -
C:\Users\Admin\AppData\Roaming\services.EXEC:\Users\Admin\AppData\Roaming\services.EXE4⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
PID:1232
-
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
155KB
MD57b824e5d964fc615c9d499d3df4cb7fa
SHA1ffa0e0b22ba2a76473cb07a7d2e2b8e5559a49c5
SHA256eec58cff377da4fe37b2338f82921d19f157aa88fd7cbe547ae51e75d690121f
SHA5124a87db8f9d0fdc9d556b9470f900328b5565fe771aee2152ce73d7aaffa4fb71da0f51d96dd3d5b51898277b04c5ce879b99dc84be57f6c0330816c11a00d8c1