darkcomet | 124cf9ec93d72d5556c51c6c803bc42f05ece6bf4577bbf7b487070faaf9b96f

Analysis

max time kernel
32s
max time network
32s
platform
windows7_x64
resource
win7-20241023-en
resource tags

arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
submitted
28-12-2024 03:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Mod installer.exe
Size

772KB
MD5

0962d31ce2c0b1e367785bb0dd7fa51f
SHA1

babfd019f4b6acb0fe4961f65436ce104b1ba3c6
SHA256

6b1eb6a3f71c127fab04aa1e5c0ca7b15c8f2bcb4613ed1b3d1da1e622fb470e
SHA512

c72a179986157d32f58c756efd00474a9dbdbeca7779456b1f08eb34905a51ad88d697343b01e64ee8e31a5d37eef6e98871da94432e06f8e9b25fd23ff0e611
SSDEEP

24576:vchr3REB8H+KvAdUJAfwPuYd+V6bPewJwg:vYT+w+KvAdUJAfwPuYd+V6bPewJwg

Score

10^/10

darkcomet alphadelta discovery rat trojan upx

Malware Config

Extracted

Family

darkcomet

Attributes

gencode
install
false
offline_keylogger
false
persistence
false

Extracted

Family

darkcomet

Botnet

AlphaDelta

hakes.zapto.org:1337

Mutex

DC_MUTEX-YECBH52

Attributes

gencode
dv9GrE2HB27o
install
false
offline_keylogger
true
persistence
false

Signatures

Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
trojan rat darkcomet
Darkcomet family
darkcomet
Uses the VBS compiler for execution 1 TTPs

Command and Scripting Interpreter
T1059

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2628 set thread context of 3028	2628	Mod installer.exe	33

UPX packed file 13 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/3028-49-0x0000000000400000-0x00000000004B7000-memory.dmp	upx
behavioral1/memory/3028-50-0x0000000000400000-0x00000000004B7000-memory.dmp	upx
behavioral1/memory/3028-52-0x0000000000400000-0x00000000004B7000-memory.dmp	upx
behavioral1/memory/3028-45-0x0000000000400000-0x00000000004B7000-memory.dmp	upx
behavioral1/memory/3028-43-0x0000000000400000-0x00000000004B7000-memory.dmp	upx
behavioral1/memory/3028-57-0x0000000000400000-0x00000000004B7000-memory.dmp	upx
behavioral1/memory/3028-60-0x0000000000400000-0x00000000004B7000-memory.dmp	upx
behavioral1/memory/3028-59-0x0000000000400000-0x00000000004B7000-memory.dmp	upx
behavioral1/memory/3028-58-0x0000000000400000-0x00000000004B7000-memory.dmp	upx
behavioral1/memory/3028-63-0x0000000000400000-0x00000000004B7000-memory.dmp	upx
behavioral1/memory/3028-64-0x0000000000400000-0x00000000004B7000-memory.dmp	upx
behavioral1/memory/3028-65-0x0000000000400000-0x00000000004B7000-memory.dmp	upx
behavioral1/memory/3028-66-0x0000000000400000-0x00000000004B7000-memory.dmp	upx

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Mod installer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	vbc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WScript.exe

Suspicious use of AdjustPrivilegeToken 23 IoCs

description	pid	Process
Token: SeIncreaseQuotaPrivilege	3028	vbc.exe
Token: SeSecurityPrivilege	3028	vbc.exe
Token: SeTakeOwnershipPrivilege	3028	vbc.exe
Token: SeLoadDriverPrivilege	3028	vbc.exe
Token: SeSystemProfilePrivilege	3028	vbc.exe
Token: SeSystemtimePrivilege	3028	vbc.exe
Token: SeProfSingleProcessPrivilege	3028	vbc.exe
Token: SeIncBasePriorityPrivilege	3028	vbc.exe
Token: SeCreatePagefilePrivilege	3028	vbc.exe
Token: SeBackupPrivilege	3028	vbc.exe
Token: SeRestorePrivilege	3028	vbc.exe
Token: SeShutdownPrivilege	3028	vbc.exe
Token: SeDebugPrivilege	3028	vbc.exe
Token: SeSystemEnvironmentPrivilege	3028	vbc.exe
Token: SeChangeNotifyPrivilege	3028	vbc.exe
Token: SeRemoteShutdownPrivilege	3028	vbc.exe
Token: SeUndockPrivilege	3028	vbc.exe
Token: SeManageVolumePrivilege	3028	vbc.exe
Token: SeImpersonatePrivilege	3028	vbc.exe
Token: SeCreateGlobalPrivilege	3028	vbc.exe
Token: 33	3028	vbc.exe
Token: 34	3028	vbc.exe
Token: 35	3028	vbc.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3028	vbc.exe

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 2628 wrote to memory of 3028	2628	Mod installer.exe	33
PID 2628 wrote to memory of 3028	2628	Mod installer.exe	33
PID 2628 wrote to memory of 3028	2628	Mod installer.exe	33
PID 2628 wrote to memory of 3028	2628	Mod installer.exe	33
PID 2628 wrote to memory of 3028	2628	Mod installer.exe	33
PID 2628 wrote to memory of 3028	2628	Mod installer.exe	33
PID 2628 wrote to memory of 3028	2628	Mod installer.exe	33
PID 2628 wrote to memory of 3028	2628	Mod installer.exe	33
PID 2628 wrote to memory of 2752	2628	Mod installer.exe	34
PID 2628 wrote to memory of 2752	2628	Mod installer.exe	34
PID 2628 wrote to memory of 2752	2628	Mod installer.exe	34
PID 2628 wrote to memory of 2752	2628	Mod installer.exe	34

C:\Users\Admin\AppData\Local\Temp\Mod installer.exe
"C:\Users\Admin\AppData\Local\Temp\Mod installer.exe"
1⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2628
- C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
  C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  PID:3028
- C:\Windows\SysWOW64\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Roaming\UzfRN.vbs"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:2752

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:2824

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\UzfRN.vbs

Filesize
402B

MD5
a4c32adf1c50526f00a9bc72275fb99d

SHA1
7c495c520ea86e0fac579c09365d17eda0d2ca8f

SHA256
775fa807f869a54035a3746be16c46e2e875183fb9261b271c56c1d1d5407c7c

SHA512
4542b3371bf6ac7630ac398eaa6cac77e0818582c366736387016408bbc8479e2cad304ac4429c6b0dc15b0dfd69418ca5dc6669c45ed099314d19869bc3ec72

Download Submit
C:\Users\Admin\Desktop\AddGroup.mp4

Filesize
595KB

MD5
fa97d30b89a8b07f05b00cb9a4ccc818

SHA1
8dba6684a8399e8483fd0dd85caf69bd399baafd

SHA256
2eb45e48783ebe43be82af4becc3bfb053f2100c1a428c2359378d1a3faf4ae0

SHA512
357d8ceb191854fbd4aaa8698dff0d4b260ee019ba70ec220b841a186455f67d580554d183a2b7a31e4fc6b8a50a4cc200db4f0b41281aaeda0732f4210123fc

Download Submit
C:\Users\Admin\Desktop\AssertExpand.css

Filesize
331KB

MD5
c489df8a411561772f3db822ac0950ea

SHA1
3a6e866fd511902f907a1c16e233037c34e66c11

SHA256
74fc353776a3b28d63474fbfeb33bc6e595d62611b11ff3bd00dad81d5697b6e

SHA512
46d6e9e61163734a6f156988a38db8c2d40032e02f8a53c6e339a5d029943868fdc995e8c49d6155e5b33a8cc907a61fd111cd4b281479e517d2c096bd1798b4

Download Submit
C:\Users\Admin\Desktop\ClearCheckpoint.cr2

Filesize
264KB

MD5
9b34f8e99f1019361b4326158ebeae02

SHA1
e6f13a3580847c4ee455f7240b13172d321236c7

SHA256
1845f97da5fc7edb6177579f78d9b81d5102984038946bd15079ede81836fdb2

SHA512
3db50314dbb0b154634613870145e93ae01047a7f9af9ded28c7f03b3f50e50cfaccb54c736af31900ac722b3c4d8dbb84eb5bb37f6300ac8d3f24ca864d5dad

Download Submit
C:\Users\Admin\Desktop\ClearRestore.mpeg3

Filesize
230KB

MD5
f2bb2a280d1d2744a8e985439638c238

SHA1
9053ace3e7030573047334183e7473d7fe4581fb

SHA256
decb5879b6788a47c3bed90f8663dea47dfe51b01b176856172a2fccaca684e9

SHA512
a6556e1239b01e890d8a829af72fa0f950cd7a2da9837abb3d36b353f1391bbe06bb240e5efcd761879ee44f277db25020f7310bb7f8491e2813e812dafdb880

Download Submit
C:\Users\Admin\Desktop\CloseMeasure.ADT

Filesize
275KB

MD5
3407baf7b51462cc552d64d05af0eda8

SHA1
f72eeadef7ebb2e3caea7111b5dba095b60aee3a

SHA256
8a812f7a1b17fa56879613c4317764572480d8cd93ca9bb579d799eb344975f3

SHA512
54c1ba6efcf3cf456fbeffd23cb825e6a258b293956323a6d3e996bbfddb982ee2e8981267138c63af249c31baf5e5310542662793e939c9fc989ebe6121ea0e

Download Submit
C:\Users\Admin\Desktop\CompleteFormat.mid

Filesize
241KB

MD5
f2805a5b5a2d082a89a516f9385dd8ad

SHA1
a85e5ad6f8fb1b11aa34c630514bad427466bc3d

SHA256
94de2f8c3412f55f6bee12b92e0492bd9dec94aa38090067f48c6018d29588f2

SHA512
df903d1d2ac9d832a369e98357f7e3268ae9e6731afe1030a16f6b2031a89994244170d1ceabc27124e96573afc8d917048fa8f49c24afc82ca8986b4eac2104

Download Submit
C:\Users\Admin\Desktop\ConvertFromExport.vssm

Filesize
398KB

MD5
e183afb9ded5f51d3cc22a569cc1fc36

SHA1
236b5198aef00f0635f6066121cf92b4ba884959

SHA256
8639985039cfd436c9f595c60ec8831fb099e5c2828f902b044df9db60c6f2e5

SHA512
af25cd80a2870e4235fa5f6c585f24e1643e9e3d8b04280ad5972b13caa9938d67d72f412d2e10a020408aa822298a9796a4458cdef564094974f4385c4fa689

Download Submit
C:\Users\Admin\Desktop\DisableProtect.cab

Filesize
432KB

MD5
27d2b6f81a12e41e50d5be9b70bc23ba

SHA1
ab3651338869b2bfb134cf03d2c6e38cd3b08997

SHA256
d4ab6d809f543ac6486e0724d3d9a518b27b0c5e4c80e1738a0c1fbdfc68c64a

SHA512
750f5672c69779d94b3fb2f4673ecbadb290bb41f7f7743e939eafc73c2c021e6ab696f907b416bf46da0bdc7e16eb89ff4014b30a3ec0dbc2718e2ae20071d5

Download Submit
C:\Users\Admin\Desktop\DisconnectWait.bmp

Filesize
387KB

MD5
4f31d7cd4a7b9c5f80922a586bd65997

SHA1
cc68162bc7e4e96090bfd4a2afd435557323feb6

SHA256
ec897dd53efb407093697f5ec27e5d85d75f5dff85133a0e5cbe91eb68c4668d

SHA512
939bb6fe418c339f4a05e5ebbd7c427336c5d983268b8adf9592e3b92ebeb806368e75499046154373f972dc2ef00053683607e9821a40711844ebe81af5e81a

Download Submit
C:\Users\Admin\Desktop\ExitGrant.svgz

Filesize
185KB

MD5
064e06ffd998065b2cf3e0e86c344f7a

SHA1
ea9cf5a8978f893927a7b565ca96a85a2e18fd84

SHA256
7512914dd72a0efa4eab232566a0cd732fe16275cc6f1b4cb6f4a7bf89468e76

SHA512
81668926518b1273cfeb8ce7073f586094a999676f989a758f35dc937d9ff9edcb6cf19d0f511a5d3b9ce4a1af030ed1e387e663c4d1478692d763609c139c0e

Download Submit
C:\Users\Admin\Desktop\FindRepair.vsdm

Filesize
151KB

MD5
28a44decd1c908e0d277f6fe69b1c7a5

SHA1
423985f0aaa45a22ac53b2be542e6673367eeee3

SHA256
a35ff7289bcc3431fcba117966a225b1f3f0aafaaecfaa3c0094dcb22cc8f7b8

SHA512
3c0fa7617360e9616758b7370e68502bba9ea92f1e9b5862ade560a1861d3a9c180d2090570dfc404cfb0f460ffd76644d8b9af440e26cf41ac57d6d2976d580

Download Submit
C:\Users\Admin\Desktop\HideClose.cr2

Filesize
320KB

MD5
899d6a52a9c28353088b2c215cdb483e

SHA1
3ef4cd6301889b5ac00e42fa67457eefa942ee38

SHA256
f8639c585d08b949c94cd17edb53c0c5675e53377cd1ed771ed726535d2ef69b

SHA512
28964df9df65d63b452cb6d65fd71f0d18929f5a158314c11d9fde48f3286df981c13f3917dac6b43164c2e4ce52ecb95ee9335921d5c0c0f1beae7f7c8d5ed1

Download Submit
C:\Users\Admin\Desktop\InitializeAssert.pps

Filesize
353KB

MD5
1288c4324e0aa86bfb31f5328df35e29

SHA1
2691cf114ec45dea8a2ad603b0aa12982c580b5e

SHA256
e6fccfeb72caae61fca2a7dee863f237e9492fed103074af4269e2c900ce105f

SHA512
715d74bbb1d1e62c4e1b4c44734b8b0e79a2702c812f32c82d28a15a6628738391d235dc04770bc2a5965780b8cfb8c6adb85c0f17abdb8853958c910be2d825

Download Submit
C:\Users\Admin\Desktop\InitializeResolve.mhtml

Filesize
162KB

MD5
46d3285ec2af6e3178ecbdb3795b7483

SHA1
eb9ed6969bb2ffd2b6b35fd13e01f488bdd2ca9d

SHA256
5b67b2fa1716b3c0ba99e38e9ad17895e7cf62bd357d520309a396c072d374ba

SHA512
bca7fcda8118842a251825e0f8a46876cd07ceb302cd15ec0fc6e02423e7f0783f58923ddbb4d2de6d1450c1641166be41c52342eb31e438581f6a128143ba22

Download Submit
C:\Users\Admin\Desktop\JoinAssert.xlsx

Filesize
11KB

MD5
6f4d8c818805bc90c17437192c934d13

SHA1
013ca3bfb5e4d43d9fb3f984d292a57739ff8ff4

SHA256
4b7b1a778a5fbfb9ec72c2a1272f5893071644a816d7cbf60065a87d8c38e02a

SHA512
86e32333fde9f3e808d99e80d736412b0ac459df5d274eef8e96904088f2e591849ba08e2479432f916264a5be721491bfaf2f8ce03ab6b43c1974345eeed773

Download Submit
C:\Users\Admin\Desktop\JoinRestart.nfo

Filesize
421KB

MD5
0154215b1ff9dfaadf129bdd2a29476f

SHA1
7225e902225b5f755c5490c1c23de97203e45e17

SHA256
4b910ed2d2bc957ec4a4d4f57d14ac908b45e235f8b9cb13cdd28a8ff0a592d8

SHA512
79e357ce878b4fb22b707284582f388bb7c718c5bb7c0d81b86b652450abaa2940a476b9f3c26c4ff44c564b344651486d863565e3c19454097635eef57fa8b5

Download Submit
C:\Users\Admin\Desktop\JoinSwitch.xlsx

Filesize
13KB

MD5
bc904ee75891457308e7b1d637ac4133

SHA1
6c48bdaeda976b80f340535a1937bfdd0835b049

SHA256
0542ad705c7d33e66ea6a01f0e541faedacee06a0a875a44455296e275a35f64

SHA512
083ed77cc66d7651abc61e6c34b32f4b4ec78695f8508327aa16270f4acf875b2ac9c66562ae7f90a774a5f8db29b5e7ef519e306cd91fad9a38f2e731691421

Download Submit
C:\Users\Admin\Desktop\ProtectOpen.jpeg

Filesize
309KB

MD5
7fa070d90f0c23e9e2ce025c8c472c61

SHA1
2ecfdb93da0195f6213cad9e9ae318cae9a9e5ff

SHA256
9c6dfefb6389806ea967c01a359b95ef707a77bd8242cd714711bb76f211135f

SHA512
3ee6f025921e7843f5e758bed2c304f100ff373b9d6d8d4c364c044b01a7f202ccacdf0698d9d5ef33b24d3bc29e96facfc48c53c8d811cb1850bb6a6080c8d0

Download Submit
C:\Users\Admin\Desktop\ReceiveExpand.avi

Filesize
252KB

MD5
5fc79a4f632f82afb900fb50bf592f41

SHA1
fecc2c4a878779d03f1aae6a2884b61fe0192ce8

SHA256
54d9641e43004cf43faf05fdeb8f72cbe47007480c5e7358969a984555801005

SHA512
b5fea8b75ea18d5736a8b00523b23b7d023dc8b6947ea408f37ffad81d7d621d76aa2caf8f7b933b1860e75702392d5be7acb7430f97ffb94d9a328d7f6c0328

Download Submit
C:\Users\Admin\Desktop\RemoveSet.mp2v

Filesize
365KB

MD5
54affbf26afe7ae55325ec92f719caca

SHA1
59766063dd00cd3c24b62b4a1cf169b4aea7b858

SHA256
791d53c38ebcf2d45a33d9508ee4588d0f6df9a28eea57c056be5894dc48d609

SHA512
5219568049cde81acf209b781ad4b494abb9e94ba6709fa7317a16c39512e26ec2e786a94cfb9437c4d2e29aed76edf4a6ec821bfd127b23a76a006640669e08

Download Submit
C:\Users\Admin\Desktop\ResetCopy.mpeg

Filesize
342KB

MD5
b48ecdd2768f96e017afc8727296e766

SHA1
1dc07293f5e12a674a61e3a7705a396739e8787e

SHA256
bb8818339e363090394bcdb17dd60950705262bdba6f7764bbff9e8eedc92a4d

SHA512
411fc1d12c1293b1f513ef9793685efc7cfe3367a71a037d3bfb50d0cf9f4c31ab64fac1b5579eb75b0bf5ac39d5465b93dd7f8fe3ed80bbbc90f19d9967b334

Download Submit
C:\Users\Admin\Desktop\RestoreExpand.fon

Filesize
410KB

MD5
520edaee7c0501a57d6e8aa13fcc90b4

SHA1
d504cb51a91c92f756d99509b4b4fb42ac6b055e

SHA256
36ffc894302ea9cb88e4de083fd9a2f416e365c89a803370c526af58447fb910

SHA512
d246e170a98a11900243aa981c40918832d82ca3cb701ef9e16f44a8ad4226258955f142075078dc3ca9818eb16976e2d654ebaeab82757d2ef4e5a4bfe3b1f4

Download Submit
C:\Users\Admin\Desktop\RevokeHide.vsx

Filesize
174KB

MD5
6eec575ba034c71a116dd123d1cbb056

SHA1
778b7e6babef72c658f0a1ad0586729e693ec989

SHA256
ba5977c6d5c75adba1fe9d024f65f2e9abc18fd94de5290cf45c066f3c59460d

SHA512
609a6a8316d889d00241c6385f460b52902094e7f9d7c56489429c8c993b6aa3c7beac5fd512f6006428da6f6449461ef0a38c8140fa9633f682b8d87640a413

Download Submit
C:\Users\Admin\Desktop\SendImport.docx

Filesize
15KB

MD5
08b4219581a36c2699024225f55ea58e

SHA1
ea91f311f59b8b68809036365e7f73d14b9c7948

SHA256
8e44ef5e30ddb1f738d7066c528a1e08e6cee9dd72a273c9e9ffe6d0d61a6fd5

SHA512
34e30519dd95b11a7544b061dbbe90a46cf2d326b103f2e4532b2dc9d955bdeed777dfb45997789a28d3534d588e7ead984c910fb98b58a7d1fb93951ebea70d

Download Submit
C:\Users\Admin\Desktop\ShowPush.jpg

Filesize
219KB

MD5
831ced37745e7590d41f3c0e190849d4

SHA1
3d78f4c90e2532e5751f614588f2018538cc7ce5

SHA256
ecc8fda00cc3e5e920c1062bff0ded3d8bd83e752ea0ed08bbe45620b2ad41e6

SHA512
aab32b9751f72aebf272ba26ef5a294d52e9ff44bd9d79048ce7709a5c9faf62202326b11ebcf60dc5ffaafeb703c27d0f7310a7aa16bdc8ccbb0179e7aa6b31

Download Submit
C:\Users\Admin\Desktop\ShowSync.rle

Filesize
297KB

MD5
b15419df816187f2319446485b58cf9a

SHA1
9fdabc3e4d9a5c06daf886262ffe03da7bd34e81

SHA256
cc584416042b997e2a740f323e9e1a12845a485e90244cb8298a386fc7a59c10

SHA512
0139cd219661900ce18354c6740e538b0fe067e07afb38c5e0b13b903d5e70d55986feaf32f8c1554db23e524aaa5f29068d507f79fad51e6039e5755f20aefd

Download Submit
C:\Users\Admin\Desktop\StartRemove.mpeg3

Filesize
196KB

MD5
f0d796c4fda5cc7f44177f1cb96180e3

SHA1
61178c7934e99a7f33ad0b2fd454458a4cdfdafa

SHA256
dcf7f3e783ae5a48906ccff033ab86769dc238ead4e61d6a70789dba78648e77

SHA512
f2bea8ee6b56cc923ba560bd81a055a45600f0692b64f71c1e108d6c54e9b706eefba899ecfc1a665b2a533f42ce0752b0391c22b276d1ef1ce5a581d031f854

Download Submit
C:\Users\Admin\Desktop\StepInvoke.docx

Filesize
20KB

MD5
c8184d70ac0f3a6e77ac5add6e089209

SHA1
99f45ee1fcd929719730f4acce87ae1c46ed0f28

SHA256
a82650ecdfe0488ea31a0cd70770dcfa3a703812fece379500dd754ef0a5cf6e

SHA512
af30241a58f7f7dcdbd1ade58b91f777b429fce589738e834c6f73368346b53a216d4f4ea868d8f96de1d376c4ce990d03b9783a236ac4108afbd6058c17491d

Download Submit
C:\Users\Admin\Desktop\SubmitRestore.docx

Filesize
19KB

MD5
46beaa86c1b10e6916864c48fa779796

SHA1
32b8a0253ef54d715b255435ef07f7157b5f9066

SHA256
b99455799bd21bc8b4ee0bbf2107459826062daf8759209b82718f1ae5d64aa8

SHA512
deb7decd5749245dfb335d1e4a568b48f3f1bef41731b4ae142da60ef7da3bb949d4d2b55169bc963913e827ed4ef8206bbf7fc3e463b3a658efe4c5d657ccf3

Download Submit
C:\Users\Admin\Desktop\SyncReset.docx

Filesize
20KB

MD5
abc89bc3a7fdb437d53130ff8ab456c4

SHA1
6ddd7fa7e608db0e5dd795728bd62fce7bebc7a0

SHA256
67f83aa5d77a6d72f21385686b63cb04a44203f31b3003b138d42ba41285628b

SHA512
9a0a8402128b0a519e24046769840a38c045451c832476987d7b9eb675c0097e4d0ab8c5486ed7813dd50aee369364b3d24ca1f81130b6089c274ce3f8eade9e

Download Submit
C:\Users\Admin\Desktop\TestUndo.ppt

Filesize
376KB

MD5
85ab14c53e4736a7a0e07692be734e81

SHA1
4808d10f01729a9869e6e213b657e18c5bc0f450

SHA256
c6cb74376bd15b8a88d625ff456b15ddcbb2d9e0343d38792b69df54774be283

SHA512
e54f7bc0a4e6ac64806171dbbddc5a1eed8afecaec1c28418c6e3cfb357010f04dc6084185d1f80cd8ad96bc6d543d79320f01c35bb951ad0c279c3e6b2e03da

Download Submit
C:\Users\Admin\Desktop\UnblockRestore.jtx

Filesize
286KB

MD5
670f46eb0911beabf5743f622163e233

SHA1
5461a8e286f42d568b492ff4fd5f554e51f14601

SHA256
de7a34a9bdd84480b7ad493ff8e2093a109307141fde4d8d68dbc32c5dbaea57

SHA512
0b005517c4229d129a6ec9000d80f83b334421d3e42a0234e5f12825433a8b6c84dea8b936c2e26d65c5c69422c4a2f814a96fc81eb56b260306a34650f46d2e

Download Submit
C:\Users\Admin\Desktop\WriteResolve.dib

Filesize
207KB

MD5
ad2513dba1090fbdbd13e4968f02b3b8

SHA1
0e61bba2c6d3d6ba9690bc935742f24071571e4e

SHA256
d11200454dad8e38d29675937e4da8020a903e94e8a51c033c8c1c2f2288e347

SHA512
21cad781e09172aa43f4633216cd94859650dd8aa0f7e06eba96b7972b85ddcb3517ee7995d765eea7541004e079e70420725e8539dcc54deb90365847d3165f

Download Submit
C:\Users\Public\Desktop\VLC media player.lnk

Filesize
878B

MD5
65673a0c53dcae1d42baa809831e5a52

SHA1
10e20ca22fde43c4b85c5aa77735581dd9c273fc

SHA256
8f6522f82c8f08771fd3c4725261241ce45b388778408f31a373f408ea5852a2

SHA512
a98c4f662e73fac162775f588243ff57cb20d6734dfe0087515a62cab2f20db698ca8857b3b24058786eb46cc48a32ba4484bfa93cf3eabf28c0bbf448f43b85

Download Submit
memory/2628-2-0x0000000074E60000-0x000000007540B000-memory.dmp

Filesize
5.7MB

Download
memory/2628-61-0x0000000074E60000-0x000000007540B000-memory.dmp

Filesize
5.7MB

Download
memory/2628-3-0x0000000074E60000-0x000000007540B000-memory.dmp

Filesize
5.7MB

Download
memory/2628-38-0x0000000074E60000-0x000000007540B000-memory.dmp

Filesize
5.7MB

Download
memory/2628-4-0x0000000074E60000-0x000000007540B000-memory.dmp

Filesize
5.7MB

Download
memory/2628-0-0x0000000074E61000-0x0000000074E62000-memory.dmp

Filesize
4KB

Download
memory/2628-5-0x0000000074E60000-0x000000007540B000-memory.dmp

Filesize
5.7MB

Download
memory/2628-1-0x0000000074E60000-0x000000007540B000-memory.dmp

Filesize
5.7MB

Download
memory/3028-49-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/3028-59-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/3028-45-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/3028-43-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/3028-41-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/3028-57-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/3028-60-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/3028-47-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

Filesize
4KB

Download
memory/3028-52-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/3028-58-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/3028-50-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/3028-63-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/3028-64-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/3028-65-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/3028-66-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download

Analysis

Sharing

General

Malware Config

Extracted

Extracted

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads