8f57260f3c543e6f642eaa24b31b8ab56021c98bce1fb16c0590b579ce3545cc

Analysis

max time kernel
23s
max time network
80s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
02/06/2023, 06:45

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

451247 _Wire Remittance Advice.html
Size

2KB
MD5

0514a3f59379a4f1930c3e87f4c66413
SHA1

95e1b2baec51370a74a0c00681afde1f6c5f2979
SHA256

8f57260f3c543e6f642eaa24b31b8ab56021c98bce1fb16c0590b579ce3545cc
SHA512

2dfbcbbebb2dacc84a1639880e0a21874be1da9c141c2e8d146202d36f123445ad6eb51cc79ee7ff80e505db9a1db1072c0ba7ca9e521348f5c481fbed141a7f

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies Internet Explorer settings 1 TTPs 27 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{DF18D841-0121-11EE-9D84-FAEC88B9DA95} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1316	chrome.exe
1316	chrome.exe

Suspicious use of AdjustPrivilegeToken 12 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1316	chrome.exe
Token: SeShutdownPrivilege	1316	chrome.exe
Token: SeShutdownPrivilege	1316	chrome.exe
Token: SeShutdownPrivilege	1316	chrome.exe
Token: SeShutdownPrivilege	1316	chrome.exe
Token: SeShutdownPrivilege	1316	chrome.exe
Token: SeShutdownPrivilege	1316	chrome.exe
Token: SeShutdownPrivilege	1316	chrome.exe
Token: SeShutdownPrivilege	1316	chrome.exe
Token: SeShutdownPrivilege	1316	chrome.exe
Token: SeShutdownPrivilege	1316	chrome.exe
Token: SeShutdownPrivilege	1316	chrome.exe

Suspicious use of FindShellTrayWindow 35 IoCs

pid	Process
924	iexplore.exe
1316	chrome.exe
1316	chrome.exe
1316	chrome.exe
1316	chrome.exe
1316	chrome.exe
1316	chrome.exe
1316	chrome.exe
1316	chrome.exe
1316	chrome.exe
1316	chrome.exe
1316	chrome.exe
1316	chrome.exe
1316	chrome.exe
1316	chrome.exe
1316	chrome.exe
1316	chrome.exe
1316	chrome.exe
1316	chrome.exe
1316	chrome.exe
1316	chrome.exe
1316	chrome.exe
1316	chrome.exe
1316	chrome.exe
1316	chrome.exe
1316	chrome.exe
1316	chrome.exe
1316	chrome.exe
1316	chrome.exe
1316	chrome.exe
1316	chrome.exe
1316	chrome.exe
1316	chrome.exe
1316	chrome.exe
1316	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
1316	chrome.exe
1316	chrome.exe
1316	chrome.exe
1316	chrome.exe
1316	chrome.exe
1316	chrome.exe
1316	chrome.exe
1316	chrome.exe
1316	chrome.exe
1316	chrome.exe
1316	chrome.exe
1316	chrome.exe
1316	chrome.exe
1316	chrome.exe
1316	chrome.exe
1316	chrome.exe
1316	chrome.exe
1316	chrome.exe
1316	chrome.exe
1316	chrome.exe
1316	chrome.exe
1316	chrome.exe
1316	chrome.exe
1316	chrome.exe
1316	chrome.exe
1316	chrome.exe
1316	chrome.exe
1316	chrome.exe
1316	chrome.exe
1316	chrome.exe
1316	chrome.exe
1316	chrome.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
924	iexplore.exe
924	iexplore.exe
1712	IEXPLORE.EXE
1712	IEXPLORE.EXE
1712	IEXPLORE.EXE
1712	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 924 wrote to memory of 1712	924	iexplore.exe	29
PID 924 wrote to memory of 1712	924	iexplore.exe	29
PID 924 wrote to memory of 1712	924	iexplore.exe	29
PID 924 wrote to memory of 1712	924	iexplore.exe	29
PID 1316 wrote to memory of 1668	1316	chrome.exe	31
PID 1316 wrote to memory of 1668	1316	chrome.exe	31
PID 1316 wrote to memory of 1668	1316	chrome.exe	31
PID 1316 wrote to memory of 1940	1316	chrome.exe	33
PID 1316 wrote to memory of 1940	1316	chrome.exe	33
PID 1316 wrote to memory of 1940	1316	chrome.exe	33
PID 1316 wrote to memory of 1940	1316	chrome.exe	33
PID 1316 wrote to memory of 1940	1316	chrome.exe	33
PID 1316 wrote to memory of 1940	1316	chrome.exe	33
PID 1316 wrote to memory of 1940	1316	chrome.exe	33
PID 1316 wrote to memory of 1940	1316	chrome.exe	33
PID 1316 wrote to memory of 1940	1316	chrome.exe	33
PID 1316 wrote to memory of 1940	1316	chrome.exe	33
PID 1316 wrote to memory of 1940	1316	chrome.exe	33
PID 1316 wrote to memory of 1940	1316	chrome.exe	33
PID 1316 wrote to memory of 1940	1316	chrome.exe	33
PID 1316 wrote to memory of 1940	1316	chrome.exe	33
PID 1316 wrote to memory of 1940	1316	chrome.exe	33
PID 1316 wrote to memory of 1940	1316	chrome.exe	33
PID 1316 wrote to memory of 1940	1316	chrome.exe	33
PID 1316 wrote to memory of 1940	1316	chrome.exe	33
PID 1316 wrote to memory of 1940	1316	chrome.exe	33
PID 1316 wrote to memory of 1940	1316	chrome.exe	33
PID 1316 wrote to memory of 1940	1316	chrome.exe	33
PID 1316 wrote to memory of 1940	1316	chrome.exe	33
PID 1316 wrote to memory of 1940	1316	chrome.exe	33
PID 1316 wrote to memory of 1940	1316	chrome.exe	33
PID 1316 wrote to memory of 1940	1316	chrome.exe	33
PID 1316 wrote to memory of 1940	1316	chrome.exe	33
PID 1316 wrote to memory of 1940	1316	chrome.exe	33
PID 1316 wrote to memory of 1940	1316	chrome.exe	33
PID 1316 wrote to memory of 1940	1316	chrome.exe	33
PID 1316 wrote to memory of 1940	1316	chrome.exe	33
PID 1316 wrote to memory of 1940	1316	chrome.exe	33
PID 1316 wrote to memory of 1940	1316	chrome.exe	33
PID 1316 wrote to memory of 1940	1316	chrome.exe	33
PID 1316 wrote to memory of 1940	1316	chrome.exe	33
PID 1316 wrote to memory of 1940	1316	chrome.exe	33
PID 1316 wrote to memory of 1940	1316	chrome.exe	33
PID 1316 wrote to memory of 1940	1316	chrome.exe	33
PID 1316 wrote to memory of 1940	1316	chrome.exe	33
PID 1316 wrote to memory of 1940	1316	chrome.exe	33
PID 1316 wrote to memory of 1144	1316	chrome.exe	34
PID 1316 wrote to memory of 1144	1316	chrome.exe	34
PID 1316 wrote to memory of 1144	1316	chrome.exe	34
PID 1316 wrote to memory of 1420	1316	chrome.exe	35
PID 1316 wrote to memory of 1420	1316	chrome.exe	35
PID 1316 wrote to memory of 1420	1316	chrome.exe	35
PID 1316 wrote to memory of 1420	1316	chrome.exe	35
PID 1316 wrote to memory of 1420	1316	chrome.exe	35
PID 1316 wrote to memory of 1420	1316	chrome.exe	35
PID 1316 wrote to memory of 1420	1316	chrome.exe	35
PID 1316 wrote to memory of 1420	1316	chrome.exe	35
PID 1316 wrote to memory of 1420	1316	chrome.exe	35
PID 1316 wrote to memory of 1420	1316	chrome.exe	35
PID 1316 wrote to memory of 1420	1316	chrome.exe	35
PID 1316 wrote to memory of 1420	1316	chrome.exe	35
PID 1316 wrote to memory of 1420	1316	chrome.exe	35
PID 1316 wrote to memory of 1420	1316	chrome.exe	35
PID 1316 wrote to memory of 1420	1316	chrome.exe	35

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" "C:\Users\Admin\AppData\Local\Temp\451247 _Wire Remittance Advice.html"
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:924
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:924 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1712

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef7019758,0x7fef7019768,0x7fef7019778
  2⤵
  PID:1668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1192 --field-trial-handle=1344,i,11819953378117599682,14890345147505151057,131072 /prefetch:2
  2⤵
  PID:1940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1552 --field-trial-handle=1344,i,11819953378117599682,14890345147505151057,131072 /prefetch:8
  2⤵
  PID:1144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1640 --field-trial-handle=1344,i,11819953378117599682,14890345147505151057,131072 /prefetch:8
  2⤵
  PID:1420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2208 --field-trial-handle=1344,i,11819953378117599682,14890345147505151057,131072 /prefetch:1
  2⤵
  PID:2096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2228 --field-trial-handle=1344,i,11819953378117599682,14890345147505151057,131072 /prefetch:1
  2⤵
  PID:2108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1428 --field-trial-handle=1344,i,11819953378117599682,14890345147505151057,131072 /prefetch:2
  2⤵
  PID:2872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1372 --field-trial-handle=1344,i,11819953378117599682,14890345147505151057,131072 /prefetch:1
  2⤵
  PID:2984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3988 --field-trial-handle=1344,i,11819953378117599682,14890345147505151057,131072 /prefetch:8
  2⤵
  PID:1052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3964 --field-trial-handle=1344,i,11819953378117599682,14890345147505151057,131072 /prefetch:8
  2⤵
  PID:3020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4088 --field-trial-handle=1344,i,11819953378117599682,14890345147505151057,131072 /prefetch:1
  2⤵
  PID:2192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=2808 --field-trial-handle=1344,i,11819953378117599682,14890345147505151057,131072 /prefetch:1
  2⤵
  PID:2460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4000 --field-trial-handle=1344,i,11819953378117599682,14890345147505151057,131072 /prefetch:1
  2⤵
  PID:2596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4216 --field-trial-handle=1344,i,11819953378117599682,14890345147505151057,131072 /prefetch:1
  2⤵
  PID:2712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4204 --field-trial-handle=1344,i,11819953378117599682,14890345147505151057,131072 /prefetch:1
  2⤵
  PID:876

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2144

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Web Service

T1102

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
62KB

MD5
3ac860860707baaf32469fa7cc7c0192

SHA1
c33c2acdaba0e6fa41fd2f00f186804722477639

SHA256
d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904

SHA512
d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
b57713951cc429f87b366d08cced6bd5

SHA1
5cf7507551d52e83fa48741425e946a05b37fa46

SHA256
002d067988a84de772d7745af684b77c892be6202b99c1b3a69f814943a8586f

SHA512
7153adbd4d18e8dfa1de204a54327af047e682dac32306f7f889569c33f0c1c873ae335db897d13d74fdda7bfe4fba0a2247e56ad700f91de1523c5abc63b1ca

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
8e303b9fb343462331a6349a50b152c5

SHA1
eeebedb0d2a8666da2ace575f46ac5c38876af6a

SHA256
a8dadae8d80f49dfe20b6c931aeda2f3c6e3d48c5c8c8b22aa3ab1e19c4b7ac7

SHA512
021456c2213cb28a0d0ab5d7f80ece30b68fbcc871e6694607fee1476b6c35f65bda75ec51ce3ebcbde1881559eb8ca12bf71c6982d40178433ed069d9f2bdd4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
2d6176f862bb4071a83d10f88304cc57

SHA1
9deb80218e204b342c07bbcf4628ce52b570b363

SHA256
9e47e48b15987812ca15e799bd218fa3a218bccd35fe7515733b1627e54ba943

SHA512
ab525babac89299e68ca9123d7c1cd98221138dc1d9c3dcde742eac17bb752b6108cc45f1392ed4d99dad0af4496c5bc1f0eaf10d5b41e09fd7346a519601d9f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
f77a2c22c8c401391c0e458e102e07eb

SHA1
2cd2cef6835d97e6c0c50e8dbeab8109d90307b3

SHA256
749d98d46ec623bd1b59c7ef732e4039036e3ba4dfefd49aaa873e444ad308f3

SHA512
c8e96366ce77847ffa2a4784d54f4343d57e917758ebfc2661ded865381a8c943ac77ffbb86151b363e45065537fd9c6fd276663de73f480996a2d642fa901ff

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
18e634638ab1729ac1a18d3759c4315e

SHA1
1b39d0fd9e15737e0d6c27515f22e3a2985c0248

SHA256
6ea0ce44a830509b9525c85d74688ab250f3a9336f4f3502c229d8b8f1f76ca4

SHA512
b97ca5bc441eeb4730dd4c9a017ea2204b5fdcb1b6d713cb36f5638f7be3f8903dfb2a157d3f1a2ce17006162c25d021520f2644656183466cda27ae21ff5d56

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
2ba60434e3eea5f3d706ff9ded01e428

SHA1
a75ea9330ed733f54bc789ec76b7e47ca2909846

SHA256
7fd5033114db2c569429b0f3b162ec55a6920dc1c755243bd11e3fa81bd6908b

SHA512
1a09507d0aa1b0eba2689038cf8e8c73f060f3ff323365b5e37fa10bc39143ece152a0bb2eedb52147a1126042975f84ee004864f796af1902e76286a54fb976

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\90efc067-781c-4a7c-941b-de6d02fc70b5.tmp

Filesize
4KB

MD5
7b1b8bbac3222c957f71b475cd4daf35

SHA1
894c89090beb874b3ac34ec5ed7a63a7236b2921

SHA256
7904ea88a134f62a97225429a25469c64d563454febc79a8e1187046a906a6bc

SHA512
0f5b34c7c3a5a17d3fe2e1ac1a3f1a7c3a8bba9303f2a8a71f74d186827e748eec42667f4878cb4d94ac2d313f0340ae5ef420dfbf1495b253c0dcf2c480e938

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
5d04f1bf4ef90a101bee2dffb73c614a

SHA1
924496f6bde4f6f7d2ec154f6d94c955db2bc20d

SHA256
3223bdc056c1b6de1b43ccebde085141b9f5ac7f2b9456b40927340990043015

SHA512
4007254771a0dac2cfb8b9c1bc9ebc104922328dab1e7c8a80e1a3c231f50da5124634dbff32f71a20c6f9ac966b53c9ee36054bc092eb06d7fc60255446430e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000004.dbtmp

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S7FIT0B8\suggestions[1].en-US

Filesize
17KB

MD5
5a34cb996293fde2cb7a4ac89587393a

SHA1
3c96c993500690d1a77873cd62bc639b3a10653f

SHA256
c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

SHA512
e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab4E90.tmp

Filesize
61KB

MD5
fc4666cbca561e864e7fdf883a9e6661

SHA1
2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5

SHA256
10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b

SHA512
c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar4FE0.tmp

Filesize
164KB

MD5
4ff65ad929cd9a367680e0e5b1c08166

SHA1
c0af0d4396bd1f15c45f39d3b849ba444233b3a2

SHA256
c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6

SHA512
f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\ZDEC3Z5U.txt

Filesize
602B

MD5
431b22474f61788510a8fdab20f6228d

SHA1
db80b9e90c4a0f654b0285ab5bd91216179ebbe8

SHA256
ae7f8dba03126459ecad12f2ae398f1d99c43eda0b78e719ac2b29e85d93d90f

SHA512
e561e5144f2b4b01cee1578ce96dd7628bee73d6fef60bf118be2e40506d415fb967055373325bcfcb89a23a1bb5db2e2b6f55b15c984c5faf233f8e7fc51f20

Download Submit