22d50cb5ac049f9bac8f0ec69d8bee2aa2d22f1fb3bc74fcc88dce12dec3c51a

Analysis

max time kernel
109s
max time network
143s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
29/03/2025, 17:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_8c120943add288cf7ef47f8ced808a6d.doc
Size

7KB
MD5

8c120943add288cf7ef47f8ced808a6d
SHA1

d3e7420aa7e732e4cc312ce5bdb0f92f02d60187
SHA256

22d50cb5ac049f9bac8f0ec69d8bee2aa2d22f1fb3bc74fcc88dce12dec3c51a
SHA512

72a0671b5cf870aaeebc1ef405dee339cc3561881a3f0fa3b8e6314c069b43d3b0adff7cbbbae0bb067030e57307344be919e11abe366425939dc97d4ccb085c
SSDEEP

96:hjhdT141k1p1UUpEO9PMvbVxxYEcf6djgdZ6C:RdUYff+OhIVxxWfkjKZv

Score

8^/10

macro macro_on_action

Malware Config

Signatures

Office macro that triggers on suspicious action 1 IoCs

Office document macro which triggers in special circumstances - often malicious.

macro macro_on_action

resource	yara_rule
behavioral2/files/0x0017000000023f6b-240.dat	office_macro_on_action

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	WINWORD.EXE

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	WINWORD.EXE

Modifies registry class 64 IoCs

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\1\0\0\MRUListEx = ffffffff	WINWORD.EXE
Key created	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0	WINWORD.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Documents"	WINWORD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1"	WINWORD.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\1\0\0 = 4e003100000000007d5a7a8e100054656d7000003a0009000400efbe6e5a4f337d5a7a8e2e00000082e101000000010000000000000000000000000000005e6d1500540065006d007000000014000000	WINWORD.EXE
Key created	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\1\0\0	WINWORD.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\1\0\MRUListEx = 00000000ffffffff	WINWORD.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0 = 78003100000000006e5a4e331100557365727300640009000400efbe874f77487d5a768e2e000000c70500000000010000000000000000003a00000000006037020055007300650072007300000040007300680065006c006c00330032002e0064006c006c002c002d0032003100380031003300000014000000	WINWORD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	WINWORD.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	WINWORD.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	WINWORD.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\1 = 56003100000000006e5a4f3312004170704461746100400009000400efbe6e5a4f337d5a768e2e0000006ee10100000001000000000000000000000000000000221625014100700070004400610074006100000016000000	WINWORD.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	WINWORD.EXE
Key created	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg	WINWORD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	WINWORD.EXE
Key created	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell	WINWORD.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	WINWORD.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Generic"	WINWORD.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 19002f433a5c000000000000000000000000000000000000000000	WINWORD.EXE
Key created	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0	WINWORD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1092616257"	WINWORD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:PID = "0"	WINWORD.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202	WINWORD.EXE
Key created	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0	WINWORD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0\NodeSlot = "1"	WINWORD.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff	WINWORD.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = 00000000ffffffff	WINWORD.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0 = 50003100000000006e5ac03a100041646d696e003c0009000400efbe6e5a4e337d5a768e2e00000063e1010000000100000000000000000000000000000047886d00410064006d0069006e00000014000000	WINWORD.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\MRUListEx = 00000000ffffffff	WINWORD.EXE
Key created	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	WINWORD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	WINWORD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	WINWORD.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	WINWORD.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000	WINWORD.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0\MRUListEx = ffffffff	WINWORD.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	WINWORD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	WINWORD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByDirection = "1"	WINWORD.EXE
Key created	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2	WINWORD.EXE
Key created	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	WINWORD.EXE
Key created	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	WINWORD.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0 = 84003100000000006e5a213a1100444f43554d457e3100006c0009000400efbe6e5a4f336e5a213a2e0000006ce101000000010000000000000000004200000000009108290044006f00630075006d0065006e0074007300000040007300680065006c006c00330032002e0064006c006c002c002d0032003100370037003000000018000000	WINWORD.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	WINWORD.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	WINWORD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	WINWORD.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\MRUListEx = 00000000ffffffff	WINWORD.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0 = 78003100000000007d5a7d8e1000435553544f4d7e310000600009000400efbe7d5a7d8e7d5a7d8e2e000000e0420200000007000000000000000000000000000000e1931c0043007500730074006f006d0020004f00660066006900630065002000540065006d0070006c006100740065007300000018000000	WINWORD.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\MRUListEx = 00000000ffffffff	WINWORD.EXE
Key created	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell	WINWORD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\IconSize = "16"	WINWORD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\1\0\0\NodeSlot = "2"	WINWORD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	WINWORD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Mode = "4"	WINWORD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\LogicalViewMode = "1"	WINWORD.EXE
Key created	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\1	WINWORD.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\1\0 = 50003100000000006e5a523a10004c6f63616c003c0009000400efbe6e5a4f337d5a768e2e00000081e10100000001000000000000000000000000000000c1159c004c006f00630061006c00000014000000	WINWORD.EXE
Key created	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\1\0	WINWORD.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	WINWORD.EXE
Key created	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0	WINWORD.EXE
Key created	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1	WINWORD.EXE
Key created	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg	WINWORD.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	WINWORD.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\MRUListEx = 0100000000000000ffffffff	WINWORD.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\1\MRUListEx = 00000000ffffffff	WINWORD.EXE

Suspicious behavior: AddClipboardFormatListener 2 IoCs

pid	Process
5964	WINWORD.EXE
5964	WINWORD.EXE

Suspicious use of SetWindowsHookEx 16 IoCs

pid	Process
5964	WINWORD.EXE
5964	WINWORD.EXE
5964	WINWORD.EXE
5964	WINWORD.EXE
5964	WINWORD.EXE
5964	WINWORD.EXE
5964	WINWORD.EXE
5964	WINWORD.EXE
5964	WINWORD.EXE
5964	WINWORD.EXE
5964	WINWORD.EXE
5964	WINWORD.EXE
5964	WINWORD.EXE
5964	WINWORD.EXE
5964	WINWORD.EXE
5964	WINWORD.EXE

C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8c120943add288cf7ef47f8ced808a6d.doc" /o ""
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:5964

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8c120943add288cf7ef47f8ced808a6d.dot

Filesize
47KB

MD5
7a98d43df6413c43a29761c58e152e1c

SHA1
ddc06217da2a76ee20ffa01322a02b8541109783

SHA256
836572836916fe0b7c69c0172845800e532395be231be4c108b651f3e8677beb

SHA512
8e4c3d445d719c5e52e6dab02f27ae59f8944553d9586e763a2edce2efa087356b38aeb63a6bd1c13f43eb6b9feccc5b34dd70fe711877452e06500c01f5302b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TCD659F.tmp\gb.xsl

Filesize
262KB

MD5
51d32ee5bc7ab811041f799652d26e04

SHA1
412193006aa3ef19e0a57e16acf86b830993024a

SHA256
6230814bf5b2d554397580613e20681752240ab87fd354ececf188c1eabe0e97

SHA512
5fc5d889b0c8e5ef464b76f0c4c9e61bda59b2d1205ac9417cc74d6e9f989fb73d78b4eb3044a1a1e1f2c00ce1ca1bd6d4d07eeadc4108c7b124867711c31810

Download Submit
C:\Users\Admin\AppData\Local\Temp\VB8491.tmp

Filesize
1KB

MD5
858ab85c0ef02983f74327244dbf0df9

SHA1
004cb0e65399bea7ac4c70605ba71192a0e464ef

SHA256
2c9967130ef336a16bf5200d4505eef4dc66db05c92aef087f9918eee180254c

SHA512
ad14675785d97d57680f4390f7e68bf163bc41833c55041c3096d3fc94e6aba0dfb8854ff60db8bda3978cb998c910dd6d24c92b3d23521fbccf1464d656858f

Download Submit
C:\Users\Admin\AppData\Local\Temp\VB8494.tmp

Filesize
124B

MD5
7be15b54fc6572576aff113d9abb5286

SHA1
6b7a700b01d2962b31f28375a5279c86ae3e6913

SHA256
ed17fc5ea9be31212a8c010caad36e72c44a0d1d08ca3e7795e459fa21fea682

SHA512
7701bc86898aa959671d671646b2dc9f1b8c6103a5f624d310641123694e776c6a843c5b6de844f9ca04521f4094f6576aa10c6f6e939f3493ca513304a5ce82

Download Submit
C:\Users\Admin\AppData\Local\Temp\VB84A7.tmp

Filesize
125B

MD5
f318e46e369dee86f22b67e80dcd3ecc

SHA1
0a314ce51d2e8d448cd3950f6916d23f780b46ef

SHA256
db2c390946beb03ab7edf5bb6cf4badadd56a211ec3f506d88f9ef14eb52e15a

SHA512
c5fe311caf88306f25451709088e96f76d10591c9e5af9d89a94673c2e07f7c2845874c71e6ad0342db1ab509664f1e3177bd279bcb38988efb9823cae25af14

Download Submit
C:\Users\Admin\AppData\Local\Temp\VB84AA.tmp

Filesize
916B

MD5
a408e4a620f0d233e97ec8d51aea5cf3

SHA1
b303d265de5a32c93b7c3010191e4aa92477644e

SHA256
ea541820a10e963493c26c491fa3d61aac409505368099fea2bd9a60fc4436b3

SHA512
2f319aba3d1a7b47c1c3d4181acef7a7e309ddc2c9a2db0dc982bc23bcf2b8324df8e24597619c62b00b28ff075cf49f107d9b45ef2b11e3fbde034142ff160a

Download Submit
C:\Users\Admin\AppData\Local\Temp\VB84AD.tmp

Filesize
635B

MD5
b8cb72d41144f3cd09a118779980cec9

SHA1
60fe6d0c403ff9a16e94355c7b9adafd1edf84d4

SHA256
1083f8de357106a26810edcbdce45d40bad58e373f05c2afa2b0cda501827aea

SHA512
484e6ead2cae2b01dc88bed1457477833883d2506e2962a64d48f3326ecad944bb9463c61be0db5b69afdeea737eeb5531ba8bf1b63935759c7b641b6cc18fa7

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Templates\~WRD0001.tmp

Filesize
24KB

MD5
ef78a213f7621a3d0038c8f3601d1f7a

SHA1
a2a096aaa74da79417ebedf52fcaa6b23fc51dec

SHA256
445cc1cc4d886ec3f58634d4ba55c4c66fe5e12dff0c4e1a89491e87ee2feb1e

SHA512
a98409944b13ac3b3869911d98d4cdd2794ee736719010d79f3c8c5564e4b0d39cf7c746aa945ecf6ba3a8f04823dd3523e90fcf10fadabc317c725e5f3112f3

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\UProof\CUSTOM.DIC

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms

Filesize
675B

MD5
1f0cf6d42f6543db61cb899f8b30af80

SHA1
7f7c20b38aa74324168570eee3657eeb302b22b8

SHA256
13278dc3314c14dc2f2e61a15ab0afa3ca88ad16361f8cefb58f15fee3c6d4d7

SHA512
62c8f8013be62b45fc8fc0360adc2a60d9ddb9a31d37c09d5908c2aaab8c3647b92cdee4590d7303f1019233ec4192af8d8c4f1b736dfa5d220eec3ce245feeb

Download Submit
memory/5964-13-0x00007FFCA4E10000-0x00007FFCA5005000-memory.dmp

Filesize
2.0MB

Download
memory/5964-7-0x00007FFCA4E10000-0x00007FFCA5005000-memory.dmp

Filesize
2.0MB

Download
memory/5964-14-0x00007FFCA4E10000-0x00007FFCA5005000-memory.dmp

Filesize
2.0MB

Download
memory/5964-15-0x00007FFCA4E10000-0x00007FFCA5005000-memory.dmp

Filesize
2.0MB

Download
memory/5964-12-0x00007FFCA4E10000-0x00007FFCA5005000-memory.dmp

Filesize
2.0MB

Download
memory/5964-11-0x00007FFC62C00000-0x00007FFC62C10000-memory.dmp

Filesize
64KB

Download
memory/5964-17-0x00007FFCA4E10000-0x00007FFCA5005000-memory.dmp

Filesize
2.0MB

Download
memory/5964-18-0x00007FFCA4E10000-0x00007FFCA5005000-memory.dmp

Filesize
2.0MB

Download
memory/5964-20-0x00007FFCA4E10000-0x00007FFCA5005000-memory.dmp

Filesize
2.0MB

Download
memory/5964-21-0x00007FFCA4E10000-0x00007FFCA5005000-memory.dmp

Filesize
2.0MB

Download
memory/5964-19-0x00007FFCA4E10000-0x00007FFCA5005000-memory.dmp

Filesize
2.0MB

Download
memory/5964-16-0x00007FFC62C00000-0x00007FFC62C10000-memory.dmp

Filesize
64KB

Download
memory/5964-35-0x00007FFCA4E10000-0x00007FFCA5005000-memory.dmp

Filesize
2.0MB

Download
memory/5964-37-0x00007FFCA4EAD000-0x00007FFCA4EAE000-memory.dmp

Filesize
4KB

Download
memory/5964-9-0x00007FFCA4E10000-0x00007FFCA5005000-memory.dmp

Filesize
2.0MB

Download
memory/5964-10-0x00007FFCA4E10000-0x00007FFCA5005000-memory.dmp

Filesize
2.0MB

Download
memory/5964-3-0x00007FFC64E90000-0x00007FFC64EA0000-memory.dmp

Filesize
64KB

Download
memory/5964-1-0x00007FFC64E90000-0x00007FFC64EA0000-memory.dmp

Filesize
64KB

Download
memory/5964-8-0x00007FFCA4E10000-0x00007FFCA5005000-memory.dmp

Filesize
2.0MB

Download
memory/5964-75-0x00007FFCA4E10000-0x00007FFCA5005000-memory.dmp

Filesize
2.0MB

Download
memory/5964-76-0x00007FFCA4E10000-0x00007FFCA5005000-memory.dmp

Filesize
2.0MB

Download
memory/5964-80-0x00007FFCA4E10000-0x00007FFCA5005000-memory.dmp

Filesize
2.0MB

Download
memory/5964-81-0x00007FFCA4E10000-0x00007FFCA5005000-memory.dmp

Filesize
2.0MB

Download
memory/5964-6-0x00007FFC64E90000-0x00007FFC64EA0000-memory.dmp

Filesize
64KB

Download
memory/5964-5-0x00007FFCA4E10000-0x00007FFCA5005000-memory.dmp

Filesize
2.0MB

Download
memory/5964-4-0x00007FFC64E90000-0x00007FFC64EA0000-memory.dmp

Filesize
64KB

Download
memory/5964-2-0x00007FFC64E90000-0x00007FFC64EA0000-memory.dmp

Filesize
64KB

Download
memory/5964-0-0x00007FFCA4EAD000-0x00007FFCA4EAE000-memory.dmp

Filesize
4KB

Download
memory/5964-245-0x00007FFCA4E10000-0x00007FFCA5005000-memory.dmp

Filesize
2.0MB

Download
memory/5964-244-0x00007FFCA4E10000-0x00007FFCA5005000-memory.dmp

Filesize
2.0MB

Download
memory/5964-261-0x00007FFC64E90000-0x00007FFC64EA0000-memory.dmp

Filesize
64KB

Download
memory/5964-262-0x00007FFC64E90000-0x00007FFC64EA0000-memory.dmp

Filesize
64KB

Download
memory/5964-263-0x00007FFC64E90000-0x00007FFC64EA0000-memory.dmp

Filesize
64KB

Download
memory/5964-264-0x00007FFC64E90000-0x00007FFC64EA0000-memory.dmp

Filesize
64KB

Download
memory/5964-265-0x00007FFCA4E10000-0x00007FFCA5005000-memory.dmp

Filesize
2.0MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads