2e828f76e18f12f9205068a15505d742a517b503032e4c89889991d3029760bc

Analysis

max time kernel
117s
max time network
129s
platform
windows7_x64
resource
win7-20250207-en
resource tags

arch:x64arch:x86image:win7-20250207-enlocale:en-usos:windows7-x64system
submitted
28/03/2025, 13:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_8ab03ab3f19388e0783671d990d271fc.exe
Size

102KB
MD5

8ab03ab3f19388e0783671d990d271fc
SHA1

40f9551d376a650dbff0c0c16436d1ae9a4aca89
SHA256

2e828f76e18f12f9205068a15505d742a517b503032e4c89889991d3029760bc
SHA512

4b5a8a8c3b678a249c8cfc9eb0bc5855869725db5c74e3170351d56a0c82ba10cd0c27c8d72d880e56aec46fed16026c5bb7959ddd25521292030891982bb614
SSDEEP

3072:830EyeLSq9888OP487vRZ3Wwrl6qXxVFi9X3kuc:8EEyeLSq9kYhvhrcqhgu

Score

10^/10

adware defense_evasion discovery stealer trojan

Malware Config

Signatures

Windows security bypass 2 TTPs 3 IoCs

defense_evasion trojan

Disable or Modify Tools

T1562.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\FirewallDisableNotify = "1"	JaffaCakes118_8ab03ab3f19388e0783671d990d271fc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\AntiVirusDisableNotify = "1"	JaffaCakes118_8ab03ab3f19388e0783671d990d271fc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\UpdatesDisableNotify = "1"	JaffaCakes118_8ab03ab3f19388e0783671d990d271fc.exe

Deletes itself 1 IoCs

pid	Process
944	cmd.exe

Windows security modification 2 TTPs 3 IoCs

defense_evasion trojan

Disable or Modify Tools

T1562.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\AntiVirusDisableNotify = "1"	JaffaCakes118_8ab03ab3f19388e0783671d990d271fc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\UpdatesDisableNotify = "1"	JaffaCakes118_8ab03ab3f19388e0783671d990d271fc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\FirewallDisableNotify = "1"	JaffaCakes118_8ab03ab3f19388e0783671d990d271fc.exe

Installs/modifies Browser Helper Object 2 TTPs 2 IoCs

BHOs are DLL modules which act as plugins for Internet Explorer.

stealer adware

Modify Registry

T1112

Browser Extensions

T1176

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{39fc2065-c9c7-49cd-8942-44cc2dedc844}	regsvr32.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{39fc2065-c9c7-49cd-8942-44cc2dedc844}\NoExplorer = "1"	regsvr32.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File created	C:\Windows\ieocx.dll	JaffaCakes118_8ab03ab3f19388e0783671d990d271fc.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 6 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_8ab03ab3f19388e0783671d990d271fc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regsvr32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	net.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	net1.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe

Modifies Control Panel 3 IoCs

defense_evasion

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-677481364-2238709445-1347953534-1000\Control Panel\don't load\scui.cpl = "No"	JaffaCakes118_8ab03ab3f19388e0783671d990d271fc.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-677481364-2238709445-1347953534-1000\Control Panel\don't load\wscui.cpl = "No"	JaffaCakes118_8ab03ab3f19388e0783671d990d271fc.exe
Key created	\REGISTRY\USER\S-1-5-21-677481364-2238709445-1347953534-1000\Control Panel\don't load	JaffaCakes118_8ab03ab3f19388e0783671d990d271fc.exe

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-677481364-2238709445-1347953534-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-677481364-2238709445-1347953534-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-677481364-2238709445-1347953534-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-677481364-2238709445-1347953534-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-677481364-2238709445-1347953534-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-677481364-2238709445-1347953534-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000596298383b88f045b768ac3737055a04000000000200000000001066000000010000200000004abcf0f43b26d9521c16eaace902a3b3fed4c76d7dcc4f64efc4b7720f881ed9000000000e80000000020000200000009a5bca88086953386aa5d3a73418c5f3b8599cb6bb7a869368f8df195874fe01200000001c20cf74bc3bda1b472e5e54236e63ef6cf2a10a5183aec1ada1563f725441d040000000b2ff6da142c659adad0a2b0864c2372557b951e801fbda90d922f78e18eb103f41e74d494e834fda8eab1cf1ad93a621c2d04b75fb76685ba9c26813c5dee0fc	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-677481364-2238709445-1347953534-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000596298383b88f045b768ac3737055a04000000000200000000001066000000010000200000003887363dd4899143f7124363a9fbe183ccd6d89ba3c5cd7477f20dfec4accbea000000000e8000000002000020000000429166ff1ddb6f6543bf6dc33b4874ade2e31e95c2236f622577e1ae6116624890000000120185bfb28297151f32bbddc402e119b277d94e87c468db212d407a79f28a119f7a8870a4351c94ca0d02c68caaebb19f1be34066ff87c520bba92cbe1b306a93e9a92f4cdd1f0bd3cb381a13720f33fe532aa59038f718cafa4140d72401a7e37f6ba3347e3ba374a263d0d6698ba5f52adda46a63ba40836a593f8350beee8936c5d545b46e817475e844c6d3ae8c400000004f5239766dc567163bf01adba09a33ec87fe0185918a78fa8307aeb3785e6ecb9a1d9e23c1686e87c5be844cf69c837999f08b361a5881dd5c4b6f6b0bc34ba1	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-677481364-2238709445-1347953534-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-677481364-2238709445-1347953534-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-677481364-2238709445-1347953534-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-677481364-2238709445-1347953534-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-677481364-2238709445-1347953534-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-677481364-2238709445-1347953534-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-677481364-2238709445-1347953534-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-677481364-2238709445-1347953534-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f0176100e29fdb01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-677481364-2238709445-1347953534-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-677481364-2238709445-1347953534-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-677481364-2238709445-1347953534-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-677481364-2238709445-1347953534-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-677481364-2238709445-1347953534-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-677481364-2238709445-1347953534-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-677481364-2238709445-1347953534-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-677481364-2238709445-1347953534-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-677481364-2238709445-1347953534-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-677481364-2238709445-1347953534-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-677481364-2238709445-1347953534-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-677481364-2238709445-1347953534-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-677481364-2238709445-1347953534-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-677481364-2238709445-1347953534-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-677481364-2238709445-1347953534-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-677481364-2238709445-1347953534-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{2A1BCD11-0BD5-11F0-9B3C-D6021EABB102} = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-677481364-2238709445-1347953534-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000000000001000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-677481364-2238709445-1347953534-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-677481364-2238709445-1347953534-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "449328929"	iexplore.exe

Modifies registry class 60 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinInetApp.WinInet	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{4B66E1DF-4DE3-4CDA-83B5-11673EADAB0B}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{4B66E1DF-4DE3-4CDA-83B5-11673EADAB0B}\ = "_IBhoAppEvents"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}\TypeLib	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{39fc2065-c9c7-49cd-8942-44cc2dedc844}\VersionIndependentProgID	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{4B66E1DF-4DE3-4CDA-83B5-11673EADAB0B}\TypeLib\ = "{B360243E-09E8-402F-8721-00B6798089AD}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WinInetApp.WinInet\ = "WinInet Class"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{39fc2065-c9c7-49cd-8942-44cc2dedc844}\ProgID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{39fc2065-c9c7-49cd-8942-44cc2dedc844}\InprocServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4B66E1DF-4DE3-4CDA-83B5-11673EADAB0B}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}\TypeLib\ = "{B360243E-09E8-402F-8721-00B6798089AD}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{39fc2065-c9c7-49cd-8942-44cc2dedc844}\InprocServer32\ThreadingModel = "Apartment"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WinInetApp.WinInet.1\ = "WinInet Class"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{B360243E-09E8-402F-8721-00B6798089AD}\1.0\0\win32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{39fc2065-c9c7-49cd-8942-44cc2dedc844}\ProgID\ = "WinInetApp.WinInet.1"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{B360243E-09E8-402F-8721-00B6798089AD}\1.0\HELPDIR\ = "C:\\Windows"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WinInetApp.WinInet.1\CLSID\ = "{39fc2065-c9c7-49cd-8942-44cc2dedc844}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{B360243E-09E8-402F-8721-00B6798089AD}\1.0\HELPDIR	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{4B66E1DF-4DE3-4CDA-83B5-11673EADAB0B}\ProxyStubClsid32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}\ProxyStubClsid32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}\TypeLib\ = "{B360243E-09E8-402F-8721-00B6798089AD}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinInetApp.WinInet.1\CLSID	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WinInetApp.WinInet\CLSID\ = "{39fc2065-c9c7-49cd-8942-44cc2dedc844}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4B66E1DF-4DE3-4CDA-83B5-11673EADAB0B}\ProxyStubClsid32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinInetApp.WinInet\CurVer	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{39fc2065-c9c7-49cd-8942-44cc2dedc844}\TypeLib\ = "{b360243e-09e8-402f-8721-00b6798089ad}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4B66E1DF-4DE3-4CDA-83B5-11673EADAB0B}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}\TypeLib\Version = "1.0"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{B360243E-09E8-402F-8721-00B6798089AD}\1.0\FLAGS	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{B360243E-09E8-402F-8721-00B6798089AD}\1.0\FLAGS\ = "0"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{4B66E1DF-4DE3-4CDA-83B5-11673EADAB0B}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{4B66E1DF-4DE3-4CDA-83B5-11673EADAB0B}\TypeLib\Version = "1.0"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{39fc2065-c9c7-49cd-8942-44cc2dedc844}\ = "WinInet Class"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{B360243E-09E8-402F-8721-00B6798089AD}\1.0\ = "WinInet 1.0 Type Library"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{B360243E-09E8-402F-8721-00B6798089AD}\1.0\0\win32\ = "C:\\Windows\\ieocx.dll"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}\ = "IBhoApp"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}\ProxyStubClsid32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinInetApp.WinInet\CLSID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{4B66E1DF-4DE3-4CDA-83B5-11673EADAB0B}\TypeLib	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4B66E1DF-4DE3-4CDA-83B5-11673EADAB0B}\TypeLib	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4B66E1DF-4DE3-4CDA-83B5-11673EADAB0B}\TypeLib\Version = "1.0"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}\ = "IBhoApp"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{B360243E-09E8-402F-8721-00B6798089AD}\1.0\0	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinInetApp.WinInet.1	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WinInetApp.WinInet\CurVer\ = "WinInetApp.WinInet.1"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{39fc2065-c9c7-49cd-8942-44cc2dedc844}\Programmable	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{39fc2065-c9c7-49cd-8942-44cc2dedc844}\TypeLib	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4B66E1DF-4DE3-4CDA-83B5-11673EADAB0B}\TypeLib\ = "{B360243E-09E8-402F-8721-00B6798089AD}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{39fc2065-c9c7-49cd-8942-44cc2dedc844}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{39fc2065-c9c7-49cd-8942-44cc2dedc844}\VersionIndependentProgID\ = "WinInetApp.WinInet"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{39fc2065-c9c7-49cd-8942-44cc2dedc844}\InprocServer32\ = "C:\\Windows\\ieocx.dll"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{B360243E-09E8-402F-8721-00B6798089AD}\1.0	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4B66E1DF-4DE3-4CDA-83B5-11673EADAB0B}\ = "_IBhoAppEvents"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}\TypeLib	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}\TypeLib\Version = "1.0"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{B360243E-09E8-402F-8721-00B6798089AD}	regsvr32.exe

Runs net.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
304	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
304	iexplore.exe
304	iexplore.exe
2824	IEXPLORE.EXE
2824	IEXPLORE.EXE
2824	IEXPLORE.EXE
2824	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 27 IoCs

description	pid	Process	procid_target
PID 2924 wrote to memory of 2536	2924	JaffaCakes118_8ab03ab3f19388e0783671d990d271fc.exe	30
PID 2924 wrote to memory of 2536	2924	JaffaCakes118_8ab03ab3f19388e0783671d990d271fc.exe	30
PID 2924 wrote to memory of 2536	2924	JaffaCakes118_8ab03ab3f19388e0783671d990d271fc.exe	30
PID 2924 wrote to memory of 2536	2924	JaffaCakes118_8ab03ab3f19388e0783671d990d271fc.exe	30
PID 2924 wrote to memory of 2536	2924	JaffaCakes118_8ab03ab3f19388e0783671d990d271fc.exe	30
PID 2924 wrote to memory of 2536	2924	JaffaCakes118_8ab03ab3f19388e0783671d990d271fc.exe	30
PID 2924 wrote to memory of 2536	2924	JaffaCakes118_8ab03ab3f19388e0783671d990d271fc.exe	30
PID 2924 wrote to memory of 804	2924	JaffaCakes118_8ab03ab3f19388e0783671d990d271fc.exe	31
PID 2924 wrote to memory of 804	2924	JaffaCakes118_8ab03ab3f19388e0783671d990d271fc.exe	31
PID 2924 wrote to memory of 804	2924	JaffaCakes118_8ab03ab3f19388e0783671d990d271fc.exe	31
PID 2924 wrote to memory of 804	2924	JaffaCakes118_8ab03ab3f19388e0783671d990d271fc.exe	31
PID 804 wrote to memory of 2364	804	net.exe	33
PID 804 wrote to memory of 2364	804	net.exe	33
PID 804 wrote to memory of 2364	804	net.exe	33
PID 804 wrote to memory of 2364	804	net.exe	33
PID 2924 wrote to memory of 304	2924	JaffaCakes118_8ab03ab3f19388e0783671d990d271fc.exe	34
PID 2924 wrote to memory of 304	2924	JaffaCakes118_8ab03ab3f19388e0783671d990d271fc.exe	34
PID 2924 wrote to memory of 304	2924	JaffaCakes118_8ab03ab3f19388e0783671d990d271fc.exe	34
PID 2924 wrote to memory of 304	2924	JaffaCakes118_8ab03ab3f19388e0783671d990d271fc.exe	34
PID 304 wrote to memory of 2824	304	iexplore.exe	36
PID 304 wrote to memory of 2824	304	iexplore.exe	36
PID 304 wrote to memory of 2824	304	iexplore.exe	36
PID 304 wrote to memory of 2824	304	iexplore.exe	36
PID 2924 wrote to memory of 944	2924	JaffaCakes118_8ab03ab3f19388e0783671d990d271fc.exe	38
PID 2924 wrote to memory of 944	2924	JaffaCakes118_8ab03ab3f19388e0783671d990d271fc.exe	38
PID 2924 wrote to memory of 944	2924	JaffaCakes118_8ab03ab3f19388e0783671d990d271fc.exe	38
PID 2924 wrote to memory of 944	2924	JaffaCakes118_8ab03ab3f19388e0783671d990d271fc.exe	38

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8ab03ab3f19388e0783671d990d271fc.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8ab03ab3f19388e0783671d990d271fc.exe"
1⤵
- Windows security bypass
- Windows security modification
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies Control Panel
- Suspicious use of WriteProcessMemory
PID:2924
- C:\Windows\SysWOW64\regsvr32.exe
  C:\Windows\system32\regsvr32.exe /s C:\Windows\ieocx.dll
  2⤵
  - Installs/modifies Browser Helper Object
  - System Location Discovery: System Language Discovery
  - Modifies registry class
  PID:2536
- C:\Windows\SysWOW64\net.exe
  C:\Windows\system32\net.exe stop "Security Center"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:804
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 stop "Security Center"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2364
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe" http://truepornvideo.com/videosz.php
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:304
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:304 CREDAT:275457 /prefetch:2
    3⤵
    - System Location Discovery: System Language Discovery
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:2824
- C:\Windows\SysWOW64\cmd.exe
  cmd /c ""C:\Users\Admin\AppData\Roaming\bhs.bat" "
  2⤵
  - Deletes itself
  - System Location Discovery: System Language Discovery
  PID:944

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Browser Extensions

T1176

Privilege Escalation

Defense Evasion

Impair Defenses

T1562

Disable or Modify Tools

T1562.001

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
71KB

MD5
83142242e97b8953c386f988aa694e4a

SHA1
833ed12fc15b356136dcdd27c61a50f59c5c7d50

SHA256
d72761e1a334a754ce8250e3af7ea4bf25301040929fd88cf9e50b4a9197d755

SHA512
bb6da177bd16d163f377d9b4c63f6d535804137887684c113cc2f643ceab4f34338c06b5a29213c23d375e95d22ef417eac928822dfb3688ce9e2de9d5242d10

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e3c4bfbbbedced90a39febf38d3cff7b

SHA1
4e9a1e7d2057ebd66b4c13ade5d349341d3290f0

SHA256
631e21512781a636374b11152e1d9055d164bcb1152660d9a2b3eabf86b58381

SHA512
21a8f0cb83464a2602a22ed1c8d39dc975c5ea471e877a0f9a2b5825e2f808bb695fbaec138f04b4cb80f943fcc4bfb7ee65b35731f49d428857a24fb0162d96

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c8e3b06fe2f86879a1bafdb1d4805f5c

SHA1
6625c0e0a0fcf53f3a9ab8029df4b7faa4fce2b1

SHA256
604937aa53a8ac788a10c0d0d6d27dcc278d9470c967eb6ddaf1fb0972f4d164

SHA512
29c8108be4cb6ff55f9eae72134c2a62d1004098764a350de8a9097f1d2c8b44d38bfbc71a2dcffffafb45d684fd28bc161bd742b3aeb41157599e9ec9201142

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6570bde274f676f8d26c36c0c7d7d06a

SHA1
f8847b6e10116ffa889a0748d01e188bc7d9a11f

SHA256
f04be47ce0b182baa2abe719ec653e875d0e25a005bd50d3ff82191566464ff4

SHA512
2bd0572f5f3fa2a89a2fbd60bef08a5f08ac79d0cfc112856f0e28d983d817527b33eb4111be10e361a2307ee26d110d77cbdcc0e5f23d78b07ec22d67f9927b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
63e456d6feb0da14b0ff315163bf5831

SHA1
995eadc0839bbb4868e520c3f127667d4ecdca9c

SHA256
742701835deba1dcad33c4695bec902b100da71e90d21b303bf35b9d9c25cf9f

SHA512
bad56d2049078c712a44c9920bb5c0893526ae882b1e9382ba910ba4c9408ddc64928bf0beda4e0728ad2109df3954222c681cbdd2604885feab427ae6481182

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b017fd7a35f83fde43b3aa0768474d83

SHA1
dffac9cc5a8cf051723116e52ae2545da074cf5f

SHA256
faa206a1798b2f9f6350a4cee108c4617ddee95a968e7a083c4aa8c451605e69

SHA512
bae9fcb489b3b1b71039abf76ce91cd5ffccd74b3e82045b7c68022b966e18be15266101c0f805e2445c222a847a3059b753add5fea4dc447aa209d9105216dd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
964a182051178f41a1b5bba918c2d8c3

SHA1
c784f46b69432fa35384d588750ffa623407929a

SHA256
11a08af57d5fd4247aea30aca1f49d86cd98dc505b5744ff0757d977216545b9

SHA512
074fd4a8b14cb413a46a440da0916bbda2cfec030ed5dd83b53cc50ae378d415d1393f2fe11d5010a51e305a3269100e629b61bf982f1fcbc0aff83f3812362a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a17aa54664aba95874bca62eaafaa183

SHA1
a127948649a4e65f8e69b521f66032ad3d539829

SHA256
7918893fee320b74b40724d6694fc8a9a7d95af9dfa7c3fcddf1863854815094

SHA512
781eb7ff96dbc1e6778bf2b4076e5383843bd376b190dbfa0afa43055cf995bad521956d46dbd389d3a78b00b37b510e653b61d70adcb262e2517595d96f878c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
488fa656a5649acdb2e757c28b822446

SHA1
3a88e15813834c8eeda73e73402211c35acf5c91

SHA256
e46a9e06fdd86fc5c8d2ba0de4274834497ca10f3ac9bdede7217dad1397709f

SHA512
895f9e4bdef0e9a25e1e161c745656f0a2c9670e39dc1e9fb1357e207ba8566e641c6470f931e77e59b5195be3082b1bb40f9ef07fa05e77318c10c68f2b26b0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e53ae89a83ac8b0063b5f846afcb87a9

SHA1
d5aece06fd02ebe8d134aef95fb9f5ffa2d069ce

SHA256
2a6cf15a33e76872d2e83a0af3f5810eccae7394b6460ccb8a2fdeb6c145562a

SHA512
6bd6bd3db362c7659e340d62e8889c36ca5561ada6bc571ee5b3b9676287c018dc1579d47c41eba5b96969e38e0636ca9273af05f52384e3683ac582609ab2f5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9f0fef1a2dc4c6e603348914f3ba9b5e

SHA1
1b30246e8810e62762337bc9479e7eb02a1a3b19

SHA256
8e2e27b9808e5887cdb4886af85ff8ac16c10faf938769a0079e3a98ec7748e9

SHA512
34eed8094f00963f77eae7d6051ea2b0414bb50f38e362ec98e4299a0699feb360a873495df3b0895474900d65e159fb2a1f14eb69fe24845c67b074ffaecb7b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f97c6319f8c97a33d2ffcda64bef958c

SHA1
7cc8e9f18974cbf1380aa7786874f6693498dcdf

SHA256
640908210959ab5446673c7bac0510f1e61350966bfcbe5e833ddfcc7d97f3ac

SHA512
1e8e8383fc7a3048790046a401ed9b30680aaebbf70aebe84be3999a407877c4bff9543c72554ebaa004ff10dc35738e6d064864e6ffa34700069034acb24aaf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2c350aedfd9d421c7b55f3b63966b479

SHA1
4d4c9dafd49e382bf7fc723f57930601e5ce9d11

SHA256
ac2bc3b5d0ee4073d0f43caaa29a2be375f1cdd0fe67f63583665236e79a0ae5

SHA512
4f91f75bfe4fa941468812a39e04155ddf802e7ade54e473b145dd2df623453a03b84b6a47ffaf14443186dcce88d7d1ea66dd0b357e3afbdc218a7d8f1485e6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a626bf2b2e8bdf453ab9087ec088b9b5

SHA1
a01c4329236278a3eb006e802f17294fb0be77e9

SHA256
3f6bd45f5f0bc1a9e73906ee950d97b9a5d6024071138648cce6ce2366a5c110

SHA512
afc4b7e4f495e7d3d4a6f04bcde6e150df8a6971f7ea5bb2eeed855a09f62993fb3ec9cf2a189457e4ae384dc87c0e1039e7e410ab4cd79a2a63491a37ad5d91

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c344dc24fb5850be4821b5794a42d497

SHA1
257850514ad8aa74292ff2f8d1192997510464e9

SHA256
ead20d558ed24286ab3833aa3a6d6283d470824f6b4c6da95d2ff0c872f4c139

SHA512
58ddcb51ee02711b83124998ad288ffa8d3fd286d85a6f245e6ca92154e7d2abc107e7b299781c5a3d13067fc751275d42315996a91231660c9027bcd273b06c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8194bfece81de671d13a7e1990a73f44

SHA1
a77183296d2f1c720bcb8f6168b83ffbd2f77819

SHA256
698b0e654baf8fa1bcf133e8f62dd35629dbbbf61a5f4e487a3afa6cbd177858

SHA512
a0f122507fc1dc87de0e82bcfa7446f81eeda0961d728256476b2d9c1a9f9ea7544d2a1160152b21269953b4238a7b61f1e1d854bfdf123628e2cd7862fbf737

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5d6d72b512e84b68fc6e62551518c5c8

SHA1
7ec0aeb14c7f79a481bd6872933264e8291e6402

SHA256
72127bc882d1a8e4bde916b88ca002b45cc6c5a4b30bc4d8385c1d02894652b0

SHA512
710a3af2c0f76870d630a987df878eb4a48dda0feee9d1ed5f2de5a21153ff4878dfce4db6914a7ec52c761801a9ba17d4c1e1d3a34087c195abb63cb545dec8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f5df4bd5f471d05d6ba073ac7fb890b6

SHA1
25e64b5a32efaa0a71e9f580e36f0bc423b22ac9

SHA256
97e8ba8662d225642f1ef7c0190fcb6d2a3b3d245fdcf3bd62124668757ac351

SHA512
bac7fb476e1c0e74a61a286f5aed68eb8979826164ca4c867b042478678e8fd91c73c379ef8bfece3df61f957c80502fea15fa601a340bc4f7d11cf9adbe744f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5e1cf365d80710788c3f9e6e22a6301c

SHA1
893cbc6d9ebfa70172dac58be56888f6926a267b

SHA256
6844437eb5423304bdf508eccabcba95e0c82ff785f0d3f2a4f8f451680e93b7

SHA512
b0795e097a2e53e1de46727e7f0f50f219571de338e89494fd33c32402d08a9d733bf0f2f6c1e856df8bc4613c951e6937129f6739e687f89a86e8158eb3ecc1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
05674b5132502a9570017196bf2f6032

SHA1
0dfd1562029e1cbdf1dac16f665041d336972f38

SHA256
e98c2b219c5a986151362f291b58e8ca45ceb96ac16a0475631eb10683c81d64

SHA512
7cbe424f5d3975155adf3f0b4df6dd6b72e26b97e6ac1cacf58d43335ebf2ea501df906f498a59ed65ddc3d76c63127966895d47e23f2a426cb97a7aad427faf

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabEF71.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarF071.tmp

Filesize
183KB

MD5
109cab5505f5e065b63d01361467a83b

SHA1
4ed78955b9272a9ed689b51bf2bf4a86a25e53fc

SHA256
ea6b7f51e85835c09259d9475a7d246c3e764ad67c449673f9dc97172c351673

SHA512
753a6da5d6889dd52f40208e37f2b8c185805ef81148682b269fff5aa84a46d710fe0ebfe05bce625da2e801e1c26745998a41266fa36bf47bc088a224d730cc

Download Submit
C:\Users\Admin\AppData\Roaming\bhs.bat

Filesize
256B

MD5
ad51d6c2c1ec038e611ba4a13b036b73

SHA1
950df309da65c36d0a60c265605cd6fe452b3847

SHA256
4c85cd8e5b7988793ec6f84b1fef347f94cf043ca8b613e3c23c52c17d616e6b

SHA512
9af02e7ec70d58cea621c9f6145c0a06aef76cb5a90a449e59b0b7ca5b0aca0288301069b6a9a9e14d6b227199830143bfc69f5837414eed4a48577401600082

Download Submit
C:\Windows\ieocx.dll

Filesize
28KB

MD5
e1a315b8a09786aa198df203bf4e9d1e

SHA1
94c23a22163ef7cc34b1edd203f409aec0b0e219

SHA256
84110fdc8678dd45fce8f5ccbdd1e9432b086d438fc2d441d74547e2f0a3c559

SHA512
bb11c829f23c0c9672b97543c76ddb394e88ca45fc022fbdf44fc445b5499bfdc046e84279457713f86ce6279586c4e0aa21ff7bd3f39ce8da01e82444299b32

Download Submit
memory/2536-9-0x00000000001C0000-0x00000000001C6000-memory.dmp

Filesize
24KB

Download
memory/2536-7-0x0000000010002000-0x0000000010004000-memory.dmp

Filesize
8KB

Download
memory/2536-8-0x0000000010000000-0x000000001000A000-memory.dmp

Filesize
40KB

Download
memory/2536-6-0x00000000001C0000-0x00000000001C6000-memory.dmp

Filesize
24KB

Download
memory/2536-5-0x0000000010000000-0x000000001000A000-memory.dmp

Filesize
40KB

Download
memory/2924-499-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2924-15-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2924-10-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2924-0-0x0000000000401000-0x0000000000415000-memory.dmp

Filesize
80KB

Download
memory/2924-2-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2924-1-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads