459faa1bb8b33b0e291faa0c4808fab173ca1f297c05d9d31114524521d453dc

Analysis

max time kernel
51s
max time network
54s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
03/03/2023, 17:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

OverwolfLauncher.exe
Size

1.7MB
MD5

37452599c2345057d89827c6bab1439e
SHA1

fe964ea2e5289aec6884d9fffd269aedee8dbd59
SHA256

459faa1bb8b33b0e291faa0c4808fab173ca1f297c05d9d31114524521d453dc
SHA512

16b38a294652c4f52f9b52ae3cc002c7c34aad30aa94395d18dc6a137484d454f6c9ae3f9da9020a880c17e86b888b4a7308d51700df1dc71ac7f58fe0b8ffef
SSDEEP

49152:JPxm7ifNuSNg45qAmWEusLy5ouc8szGoimhBkzONk7:JPuAeoqAmu6wc8ss

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000fba6cfbdd4578d48a4e75475bed73c6a000000000200000000001066000000010000200000007405e9615401fd551b106a4dec8cd853474dd7744c48ee50442c68bb8fc5a0cf000000000e800000000200002000000083815b000e563e4e1e9fff297fdd81b9c02156f2489e71695523a5be844da3c6200000000743d8cf0622929d3d7094e1b2467c3d7160af9669f169d4b2e67676207cee0c400000006386f872e470ee1b9b3d9d5c428efce980b304c1f67d20619ca9c92a77a83ade79836bdb8aeabfd626f5e1a0b2de677331106105fdbdf3415597c517cb8ea41b	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c00000002000000030000000083ffff0083ffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000fba6cfbdd4578d48a4e75475bed73c6a0000000002000000000010660000000100002000000065c9544b39e4f05ea54fe21e12117590bb0a3207538e1c58f3ff9080531a0837000000000e80000000020000200000000fedc803259bf47920c8b07514ccea74ee1e3a8f02ebfc62376fb1a1321e4773900000003ba46b76b8fa1498274c100e0c5955cdf9b2bc3a93ffdd05fd83eae32d246e604a2995f5462446dd7cadbe92c1b3485ed84be8b7ff9f936c7ed25517e517bb875fe821f9914a5b5a42103984f318fada08efbd8ebd923ec3bf0eac9b45bd99fa7f54f111453b8d02fdf47c2ac2a980f5158ef6b0712e0c98c5232a04e70297914ffc993dbb1bf0bbc4bff6c38938264e4000000014f85e6140524c14ef18f03f87221361fa96b4f48f7283de85cab543df8c2e2fb458b8a93487d052a71c95e8c93b68d4a3e3a6bc9e40a385cdb1a222526920ba	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{186D3321-B9F1-11ED-9682-E6255E64A624} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a03229f6fd4dd901	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe

Modifies system certificate store 2 TTPs 4 IoCs

evasion spyware trojan

Install Root Certificate

T1130

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6	OverwolfLauncher.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 0f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a953000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f0067006900650073000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e41d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca62000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd	OverwolfLauncher.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 19000000010000001000000044ba5fd9039fc9b56fd8aadccd597ca6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca61d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e4090000000100000016000000301406082b0601050507030406082b060105050703010b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f006700690065007300000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a92000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd	OverwolfLauncher.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 040000000100000010000000a923759bba49366e31c2dbf2e766ba870f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a953000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f0067006900650073000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e41d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca619000000010000001000000044ba5fd9039fc9b56fd8aadccd597ca62000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd	OverwolfLauncher.exe

Script User-Agent 3 IoCs

Uses user-agent string associated with script host/environment.

description	flow	ioc
HTTP User-Agent header	2	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP User-Agent header	3	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP User-Agent header	9	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: 33	1664	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1664	AUDIODG.EXE
Token: 33	1664	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1664	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1604	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1604	iexplore.exe
1604	iexplore.exe
1868	IEXPLORE.EXE
1868	IEXPLORE.EXE
1868	IEXPLORE.EXE
1868	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2036 wrote to memory of 1604	2036	OverwolfLauncher.exe	28
PID 2036 wrote to memory of 1604	2036	OverwolfLauncher.exe	28
PID 2036 wrote to memory of 1604	2036	OverwolfLauncher.exe	28
PID 1604 wrote to memory of 1868	1604	iexplore.exe	30
PID 1604 wrote to memory of 1868	1604	iexplore.exe	30
PID 1604 wrote to memory of 1868	1604	iexplore.exe	30
PID 1604 wrote to memory of 1868	1604	iexplore.exe	30

C:\Users\Admin\AppData\Local\Temp\OverwolfLauncher.exe
"C:\Users\Admin\AppData\Local\Temp\OverwolfLauncher.exe"
1⤵
- Modifies system certificate store
- Suspicious use of WriteProcessMemory
PID:2036
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe" https://dotnet.microsoft.com/download/dotnet-framework/thank-you/net48-web-installer
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1604
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1604 CREDAT:275457 /prefetch:2
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:1868

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:1544

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x564
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1664

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

T1130

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
61KB

MD5
e71c8443ae0bc2e282c73faead0a6dd3

SHA1
0c110c1b01e68edfacaeae64781a37b1995fa94b

SHA256
95b0a5acc5bf70d3abdfd091d0c9f9063aa4fde65bd34dbf16786082e1992e72

SHA512
b38458c7fa2825afb72794f374827403d5946b1132e136a0ce075dfd351277cf7d957c88dc8a1e4adc3bcae1fa8010dae3831e268e910d517691de24326391a6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
61KB

MD5
e71c8443ae0bc2e282c73faead0a6dd3

SHA1
0c110c1b01e68edfacaeae64781a37b1995fa94b

SHA256
95b0a5acc5bf70d3abdfd091d0c9f9063aa4fde65bd34dbf16786082e1992e72

SHA512
b38458c7fa2825afb72794f374827403d5946b1132e136a0ce075dfd351277cf7d957c88dc8a1e4adc3bcae1fa8010dae3831e268e910d517691de24326391a6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8c14b48f90342ef428a6121a886697f6

SHA1
876c91cb77fc5902ea37fe07c28217b505b85329

SHA256
51ef3e5f30e34bf67b672987de6e96898ff209d317be6a1c035e805d150ff376

SHA512
34870b915683d20a8cb7c64bc5a2fa1204167d3d9db736190e60f87d668ca3b87b5cc913693e2adadc1e80fd61315f46a844e20562c5eb86bab1db449b33d255

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9b8abc9d4d73de81ab860e043f94b02b

SHA1
5f914003723196c718b63dffa72984f5d194a260

SHA256
064d9d67546b5af4fd56b32d8c9f7bdf6abc953d5a13d2b501ede6495ba60555

SHA512
4fc51ebe0da742b28878c615085c380664c17b549cd4a9d92e2de999264085aa4babf52b29ae3071170a3ca6c9e6d545fbb9653b2623b9ca0cd3fb4ce8bcc1f0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f6b49f7311f2cc008a3bf1a4b973b39b

SHA1
dbc110f4d79ddba7df0b6027f5d45819d8cd8a38

SHA256
8c92984a847244faac0db04858b24e1f50c330d557035a96446047c439debcc8

SHA512
b46a4ca6e5f0dc7ab04c7865905396ba9ebe4df9e2ca66b767cb074763555c1e86254437d3053d5e5ee229f07638cd337619fd15569f3c79ef38906a7c30d2d5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3010d1df3e19b3bc4a620d80c901a5a8

SHA1
bc76fff0f9b2ed5762dc686f4c23befd48a12e4c

SHA256
acecbb9608f576227d05e6f27ee0e1250c9aaaf24dff81f1eb051d1f0b25e06f

SHA512
f37eadcf6f1094725fd78afb732a2a9fe7b2b7bfa4b3b245c7aa8cef166531c21c7573b3c1d769d3bf47d83f8dd59d22d3ebcd510d53d237c4e9dd883e9f01e0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1fbd32099fdd2b1d53d22d616ba1f825

SHA1
8a8b08b78633e5336d78d14d883e16735e7c1c32

SHA256
c77073a5424ee2f4136e9c26ea9986a6b0dd8c673de05384886caf4c5601011d

SHA512
b1799023348351d3bc747b4f5acd07811bdfe13768d211a59c3e56be33bee6ca1c5a12c4589bdbaf43c6b7f477c08f2ba26b25ff7a8ddcc6385530c2b6946ccd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b481a995824ad309ae2d35f09c49e947

SHA1
e24b7285cca02e39940bfb5ac6f2c06483d04e84

SHA256
a62043d9350716359986f3757dbefa5bd8e78d7d2c6b6a9aa3f0263929498da4

SHA512
81c5834269734603316c7ac299ae8398c8d32f78cd217e41d9186375b824654ebeaf08c18e5a35285e756baba6081cac65db83bbae3397af6dd7a140319f045c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
df3e1a8c4bc09bbdf93e3775da008cfd

SHA1
d1236f728bf54ebaabadb2330b946c3cc4898511

SHA256
02c9732f176ac5984b475a5c262920fe8e93cddf4a2334655e6d418f87922084

SHA512
fd531f206e8896bb3b3f190d7fe7ddea0031aeb4562b7a7a395e3d5cf2b0c91f2ea79487ce51836c1bb9efb9d9643e1f883d7cbe9f4a0b1be83da8dfb127b71d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f399513b96da2dbf0d32f3de61b4c847

SHA1
aa9131d6c10bbc4e77985ef9d3ecdc2332569cf9

SHA256
4c1dfde61789e1fd1e206d78db4679aa10c5a44e7101d547d4e7f3fd7f3ac51a

SHA512
b5ff91b2659848953f4438ac9c2b718d954e97d82c1e68fe2c545e07aa50733b8a05c39a6b6f068914d6404b7ef90721ceb0def7d4742cd963afe8758a31aa0f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2973e6565a4fc50a18467d6b210f9b75

SHA1
8e73172d57166c4f05eab06b97e18eaf29a927da

SHA256
27ab85ebe2327e8ba9b2deac6b251425f99792ad6b0676dc07d866380e98dc55

SHA512
7f5c7bfe3377de783051376c3fca6eb0cf2ebbca85bbb6d18243af54b15a2f9346fc7dbc895bfa214334f40885d49d24b683e99f2df8f32696f98c25dc4cf1e0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
973d99abd0c39075d7876bddec8b576e

SHA1
b5a69a09dc6bb976361972056cdd262669625e59

SHA256
f9987a575f85424763fca6c1601d25d26b29b2d244e0165ff1635c78fbd467ae

SHA512
3384a3c012a1ad29ca28c103305dce64a4fda32750268b98c391076d9a1cf981e74205ba7430bd27fe543c298efdecff06f853e32407e864ec83d8bbc1dc122d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d5f8e6bbeac2bf000b1c66caa07747f0

SHA1
5c8d0f10f2eeb20043bcb75f176a870febafc74d

SHA256
2795597affa6c57bc349b4cb69f9ff1006484ff889b7c6c69620818053c2cea3

SHA512
9faf300817cadb8325b1585ff269410a40ea4d910c27da43df854e41dc4aa1420cd697a3ccb65850f6151c3ad5baca32c617af7093b3b19ee75a2a10ba023751

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3220bfe0f4c7c61527ced276c07c2b40

SHA1
4c31c3b38c97d2b0399739f3c0675075be99ce32

SHA256
86e2bddb01774fbb3421046a522928acdf66c8839cbf31ddceeed746edca3bb1

SHA512
dfda01de8370b235a3d710efadf1a990219deebac46a841a3a7ec860e821b52bd7f78a7dd076afa0e1ec2803bac69729a30a024a2c9fa2d4113defa6653225eb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a2cacd666ef7d3ad5b2b12e1398faa99

SHA1
5e9ec18ac337bde7b435530b20384d1b2d3430c3

SHA256
c81cd399dea025349d750fd71fbb5b6715b118bf680b15a766db6f735fc17463

SHA512
86fbb69be4fb7196fdcb32560d103a4539f2f5cb4485f3b0c7875f85bdbf0d1681af36ac23315cf0bae9529011eaffc9adab736ee84096dfe16ff2f314678b36

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b961ebf0e7f2cabbeb46727b9db802d6

SHA1
240b3681ad093dee2b8630d3ad8df4ff96ef5753

SHA256
3c1fa5c9fa2d6bbf3ad52287c99b50e4b946da1b8d9a8ec8280e8035a7a1f97b

SHA512
9041ebfed773618c971d9eae614143f4a76fc6615232bc4060021993fff76325e2dead9794ae513d4c8c08fed8b262f6c1fcb46de020ebf8e789b3e80a324460

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e6ea9bb7efe66fa130ee9cafef36c72d

SHA1
ea44887fe891103eda2db22be63393506d2868f8

SHA256
1f97316dabbda15e8d3fa2eedc4bfb18356e35f9c37219218e8fefa00061b192

SHA512
f9a87549dc4aa1573a4c6e13b880ce61c985b50edf9ba503423c150d2ec53930b0abf8ca706f3a3596be6c33f9e385ed441bdd451c21046c11bb1a11e65179fe

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
684866cae7350007e03a904657aed364

SHA1
fe1aaf3be8b8803259d173078c4faf23699402b0

SHA256
518a543f926ffa6fc082380d8e3dba2ae064fab79aaac2c76ab236ee1be5aed6

SHA512
65bdf5b5f0481bea2121fa27f24779010f57e04a6c507031c1a3a0381ef93ac6632a5f38afe98d4a2c6a83b88d7cce1061af487c9d403d1db9a039b03aaa195d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4f75e9dab8a60d5d8ba08417f07d0157

SHA1
d12b06a27af56a3c82ad1a76def673d3f3e8a773

SHA256
7e41cb0031dbaa40fa74c2f8ce5420efe1f7aede29c17a8391287ac94aac965a

SHA512
4599fe4651550d620e04c0f96e9cce58fdf8f6a2a5615cf4a2ff039c81bb42a5fd9fce80be6ab57f10ced4f1d0f2baa02e09cafcfcf572fe1e5696c7022184ea

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar5B3.tmp

Filesize
161KB

MD5
be2bec6e8c5653136d3e72fe53c98aa3

SHA1
a8182d6db17c14671c3d5766c72e58d87c0810de

SHA256
1919aab2a820642490169bdc4e88bd1189e22f83e7498bf8ebdfb62ec7d843fd

SHA512
0d1424ccdf0d53faf3f4e13d534e12f22388648aa4c23edbc503801e3c96b7f73c7999b760b5bef4b5e9dd923dffe21a21889b1ce836dd428420bf0f4f5327ff

Download Submit
C:\Users\Admin\AppData\Local\Temp\~DFD47618CFE18CACEB.TMP

Filesize
16KB

MD5
d5202c2305a6f414b638028189329f11

SHA1
18b318b39469660f5a65824e1a63a31596f00d38

SHA256
634c74a2421e7e482a9bc21bf4cf3b3448e40329ee6c8de001fb84515644f595

SHA512
0ede8e8825d89c1211d36dd1383fbba39d5c7d23c7e51ba7dbb5da8fa36c5d2850c0a979112f5029c87bfae478eac05712b7b8d33ea5cbfb318f72c2caa9473b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\UY75V75J.txt

Filesize
531B

MD5
5789ca466c29170e7e1a1cff10eeff98

SHA1
ad87877b44dd5ebfb36a4917ca62fea1cddd0a11

SHA256
5d8a6d5c21a446d4b419598be8f28b4e9bba38a8e45797bd914ef306b2c13dab

SHA512
fe5804bc4b516e416c3908fd28aa3553b5944a899cce31ed9fce4d4870f055d733d7fbc0d56ecae66e04625fcbaf9b45f80da1241b88779f0945d37c3b20d300

Download Submit
memory/1604-175-0x0000000002DC0000-0x0000000002DD0000-memory.dmp

Filesize
64KB

Download
memory/1868-176-0x00000000024C0000-0x00000000024C2000-memory.dmp

Filesize
8KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads