2ae0ee7dbf11eccf50df89b5ae3a87a71a7d69022091154d5886790b2510ad86

Analysis

max time kernel
127s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
27/03/2025, 14:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_89cf381e29f7a07a46372231f7259e4c.doc
Size

11KB
MD5

89cf381e29f7a07a46372231f7259e4c
SHA1

e292a81fc5ea9c46fada2242b8fe8fe75b1de7c2
SHA256

2ae0ee7dbf11eccf50df89b5ae3a87a71a7d69022091154d5886790b2510ad86
SHA512

df192d1658903ea6784ae7ea2933851ddf59a26cb82bf222bc4fc5afb359ad54d7d64d6e0b979bc54dd25aaf4769a11fa44393167cafb71471d662ab60a2be59
SSDEEP

48:rzllllz2N9FGxVGECvat0wqcWxO5b0UvdgX0Sf1:z2N9SnCNhcmoI0Sf1

Score

8^/10

macro macro_on_action

Malware Config

Signatures

Office macro that triggers on suspicious action 1 IoCs

Office document macro which triggers in special circumstances - often malicious.

macro macro_on_action

resource	yara_rule
behavioral2/files/0x0017000000023dfc-376.dat	office_macro_on_action

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	WINWORD.EXE

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	WINWORD.EXE

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	WINWORD.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	WINWORD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	WINWORD.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\MRUListEx = 00000000ffffffff	WINWORD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	WINWORD.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0\MRUListEx = ffffffff	WINWORD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	WINWORD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	WINWORD.EXE
Key created	\REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0	WINWORD.EXE
Key created	\REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg	WINWORD.EXE
Key created	\REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\1\0\0	WINWORD.EXE
Key created	\REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}	WINWORD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Mode = "4"	WINWORD.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	WINWORD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1"	WINWORD.EXE
Key created	\REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\1\0	WINWORD.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\1\0\0 = 4e003100000000007b5a5570100054656d7000003a0009000400efbe6e5a50337b5a59702e00000070e101000000010000000000000000000000000000001accd500540065006d007000000014000000	WINWORD.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Generic"	WINWORD.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000	WINWORD.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0 = 50003100000000006e5a7c40100041646d696e003c0009000400efbe6e5a50337b5a54702e00000051e1010000000100000000000000000000000000000021f53600410064006d0069006e00000014000000	WINWORD.EXE
Key created	\REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0	WINWORD.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\MRUListEx = 00000000ffffffff	WINWORD.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\MRUListEx = 00000000ffffffff	WINWORD.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	WINWORD.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	WINWORD.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Documents"	WINWORD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupView = "0"	WINWORD.EXE
Key created	\REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	WINWORD.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\1\0 = 50003100000000006e5a713f10004c6f63616c003c0009000400efbe6e5a50337b5a54702e0000006fe1010000000100000000000000000000000000000014d81e004c006f00630061006c00000014000000	WINWORD.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	WINWORD.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0 = 78003100000000006e5a50331100557365727300640009000400efbe874f77487b5a54702e000000c70500000000010000000000000000003a0000000000185a3e0055007300650072007300000040007300680065006c006c00330032002e0064006c006c002c002d0032003100380031003300000014000000	WINWORD.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = 00000000ffffffff	WINWORD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:PID = "0"	WINWORD.EXE
Key created	\REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell	WINWORD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	WINWORD.EXE
Key created	\REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0	WINWORD.EXE
Key created	\REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\1	WINWORD.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202	WINWORD.EXE
Key created	\REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2	WINWORD.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0 = 78003100000000007b5a5c701000435553544f4d7e310000600009000400efbe7b5a5c707b5a5c702e000000aae6010000000600000000000000000000000000000076f59e0043007500730074006f006d0020004f00660066006900630065002000540065006d0070006c006100740065007300000018000000	WINWORD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0\NodeSlot = "1"	WINWORD.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\1 = 56003100000000006e5a503312004170704461746100400009000400efbe6e5a50337b5a55702e0000005ce10100000001000000000000000000000000000000030d30004100700070004400610074006100000016000000	WINWORD.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\1\MRUListEx = 00000000ffffffff	WINWORD.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\1\0\MRUListEx = 00000000ffffffff	WINWORD.EXE
Key created	\REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg	WINWORD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	WINWORD.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0 = 84003100000000006e5a5b3f1100444f43554d457e3100006c0009000400efbe6e5a50336e5a5b3f2e0000005ae10100000001000000000000000000420000000000d968060044006f00630075006d0065006e0074007300000040007300680065006c006c00330032002e0064006c006c002c002d0032003100370037003000000018000000	WINWORD.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	WINWORD.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	WINWORD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\1\0\0\NodeSlot = "2"	WINWORD.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\1\0\0\MRUListEx = ffffffff	WINWORD.EXE
Key created	\REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	WINWORD.EXE
Key created	\REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0	WINWORD.EXE
Key created	\REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell	WINWORD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\LogicalViewMode = "1"	WINWORD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1092616257"	WINWORD.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\MRUListEx = 0100000000000000ffffffff	WINWORD.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff	WINWORD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	WINWORD.EXE
Key created	\REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	WINWORD.EXE
Key created	\REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1	WINWORD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\IconSize = "16"	WINWORD.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	WINWORD.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	WINWORD.EXE

Suspicious behavior: AddClipboardFormatListener 2 IoCs

pid	Process
5596	WINWORD.EXE
5596	WINWORD.EXE

Suspicious use of SetWindowsHookEx 16 IoCs

pid	Process
5596	WINWORD.EXE
5596	WINWORD.EXE
5596	WINWORD.EXE
5596	WINWORD.EXE
5596	WINWORD.EXE
5596	WINWORD.EXE
5596	WINWORD.EXE
5596	WINWORD.EXE
5596	WINWORD.EXE
5596	WINWORD.EXE
5596	WINWORD.EXE
5596	WINWORD.EXE
5596	WINWORD.EXE
5596	WINWORD.EXE
5596	WINWORD.EXE
5596	WINWORD.EXE

C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_89cf381e29f7a07a46372231f7259e4c.doc" /o ""
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:5596

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_89cf381e29f7a07a46372231f7259e4c.dot

Filesize
33KB

MD5
1ca02e965609cc908f15c62a70f4b7af

SHA1
d7fdd0fd121adea901a3ea6519079a67b10a4b6c

SHA256
9307ef993e8f6d5447c63c07dd7ee32f3f4f0b540e86f1702e30dfa913750342

SHA512
1e6d3d423be259b59545be9b872988c197b7cbb6de0c0127737bbdbc4a2919f0109bcb5c8943abe0941cc776237ea9fda42307c2b2c9da65d7c9cef8ac7dd670

Download Submit
C:\Users\Admin\AppData\Local\Temp\TCD35B9.tmp\sist02.xsl

Filesize
245KB

MD5
f883b260a8d67082ea895c14bf56dd56

SHA1
7954565c1f243d46ad3b1e2f1baf3281451fc14b

SHA256
ef4835db41a485b56c2ef0ff7094bc2350460573a686182bc45fd6613480e353

SHA512
d95924a499f32d9b4d9a7d298502181f9e9048c21dbe0496fa3c3279b263d6f7d594b859111a99b1a53bd248ee69b867d7b1768c42e1e40934e0b990f0ce051e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\UProof\CUSTOM.DIC

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms

Filesize
1KB

MD5
a29618dc5b0ac4da62f4b992488e218e

SHA1
742135eb841e6b40c3d1136aac16da24318c4301

SHA256
2c6293260b58836636b0d32747efeafde27adc015d6f93714b0aad77be165bd7

SHA512
ae6f7e167437a518249f22f06576af0730ea0d4c7be9633176e4e035bfd4a7c29523de60f3d64fd704bb7da5d1b8a55de93d00bce5897a95a4da4c05cf0abb60

Download Submit
memory/5596-5-0x00007FFF87C70000-0x00007FFF87E65000-memory.dmp

Filesize
2.0MB

Download
memory/5596-13-0x00007FFF453C0000-0x00007FFF453D0000-memory.dmp

Filesize
64KB

Download
memory/5596-8-0x00007FFF87C70000-0x00007FFF87E65000-memory.dmp

Filesize
2.0MB

Download
memory/5596-3-0x00007FFF87D0D000-0x00007FFF87D0E000-memory.dmp

Filesize
4KB

Download
memory/5596-4-0x00007FFF47CF0000-0x00007FFF47D00000-memory.dmp

Filesize
64KB

Download
memory/5596-9-0x00007FFF87C70000-0x00007FFF87E65000-memory.dmp

Filesize
2.0MB

Download
memory/5596-11-0x00007FFF87C70000-0x00007FFF87E65000-memory.dmp

Filesize
2.0MB

Download
memory/5596-10-0x00007FFF87C70000-0x00007FFF87E65000-memory.dmp

Filesize
2.0MB

Download
memory/5596-12-0x00007FFF453C0000-0x00007FFF453D0000-memory.dmp

Filesize
64KB

Download
memory/5596-14-0x00007FFF87C70000-0x00007FFF87E65000-memory.dmp

Filesize
2.0MB

Download
memory/5596-15-0x00007FFF87C70000-0x00007FFF87E65000-memory.dmp

Filesize
2.0MB

Download
memory/5596-6-0x00007FFF87C70000-0x00007FFF87E65000-memory.dmp

Filesize
2.0MB

Download
memory/5596-30-0x00007FFF87C70000-0x00007FFF87E65000-memory.dmp

Filesize
2.0MB

Download
memory/5596-31-0x00007FFF87C70000-0x00007FFF87E65000-memory.dmp

Filesize
2.0MB

Download
memory/5596-38-0x00007FFF87C70000-0x00007FFF87E65000-memory.dmp

Filesize
2.0MB

Download
memory/5596-7-0x00007FFF47CF0000-0x00007FFF47D00000-memory.dmp

Filesize
64KB

Download
memory/5596-0-0x00007FFF47CF0000-0x00007FFF47D00000-memory.dmp

Filesize
64KB

Download
memory/5596-1-0x00007FFF47CF0000-0x00007FFF47D00000-memory.dmp

Filesize
64KB

Download
memory/5596-2-0x00007FFF47CF0000-0x00007FFF47D00000-memory.dmp

Filesize
64KB

Download
memory/5596-392-0x00007FFF47CF0000-0x00007FFF47D00000-memory.dmp

Filesize
64KB

Download
memory/5596-391-0x00007FFF47CF0000-0x00007FFF47D00000-memory.dmp

Filesize
64KB

Download
memory/5596-394-0x00007FFF47CF0000-0x00007FFF47D00000-memory.dmp

Filesize
64KB

Download
memory/5596-393-0x00007FFF47CF0000-0x00007FFF47D00000-memory.dmp

Filesize
64KB

Download
memory/5596-395-0x00007FFF87C70000-0x00007FFF87E65000-memory.dmp

Filesize
2.0MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads