5dba6027ff58b8eabf3bbe753663441313682b397a49955e576ff6536d993bfd

Analysis

max time kernel
134s
max time network
131s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
12/10/2023, 01:31

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

2023-08-26_3eca011d61067d899c814d0aba1cf97c_mafia_virut_JC.exe
Size

1.3MB
MD5

3eca011d61067d899c814d0aba1cf97c
SHA1

3c735f1bc83e5d63306db101439bf04f3a27a1c6
SHA256

5dba6027ff58b8eabf3bbe753663441313682b397a49955e576ff6536d993bfd
SHA512

590a6b51d4f355c4956c55efa6be97af6b54655e2a688444da8f9e61d73a1073f3168b30aa051c280fa3b1e72d1dea9ce4a21c0bcdf145a95ec3e3bc41a08c99
SSDEEP

12288:iuKogsSPBlzb2WOBk/BaCXwzeKt2CwDseTIhIo:8maBlzb2WOOYCXwqRCQ3TIOo

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Windows\CurrentVersion\Run\Serverx = "C:\\Windows\\system32\\Serverx.exe"	2023-08-26_3eca011d61067d899c814d0aba1cf97c_mafia_virut_JC.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\Serverx.exe	2023-08-26_3eca011d61067d899c814d0aba1cf97c_mafia_virut_JC.exe
File opened for modification	C:\Windows\SysWOW64\Serverx.exe	2023-08-26_3eca011d61067d899c814d0aba1cf97c_mafia_virut_JC.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1544	3064	WerFault.exe	28

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "403322995"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{4050FCA1-6969-11EE-AA7F-F2498EDA0870} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 200a171576fdd901	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000f908080c5c8cf442941c5db076e34ac20000000002000000000010660000000100002000000024cb80033392bd21bbb52f6c3967e748780264394bc7b7addf2b1e3905e5a8cf000000000e800000000200002000000050cfba8b9180f768f34976f6728897fc3eb4aa5cd239299fa064d60852f21184200000004e138c5cb8acc6b0cd1a612b5173a78483d711c90cb06d986212912d60f5d3f6400000009804506536b9ede4bed462139b49476b17f0297ac5feeb0cbcf19945994bfe56b5fd3476fa677e6cb7593721c542ed49cb4f5329e26e3677a413174d3bcea680	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000f908080c5c8cf442941c5db076e34ac2000000000200000000001066000000010000200000006f7b0a77fdc0e9edd9ac63706504728bacf0306a7de3e59e0696b900c3026365000000000e8000000002000020000000213de5745f8ac38c845a60fe110eda832416e8fd1ba1cc47d9fa4c0f0e4e939e90000000ac44f9cbe77ed005e9c4c05cf5aff8e4ae64afbf4dbbdaa4fd3b414b73b86bdda5be7f69d7a01d7e874f8a8ae5d8bebf9ccc6ea29a263c5459b88cd1e12415106d5948d0dae21f8324bfba88818b5450ec92446798619ed50065f8237756a133d756fc5421560d44d1339a4013f3173f059dfd93705fc56406de69c95aa245b8db7cbf2a7946dfb355ff4adcfb76b09e400000005cb5192812d8d9bf3b786a97b04c833382d73646b6d21c5e24a31f66ad8042d2db45fad39af5bb789d56a948e0ff7666667566a497593984e485e2550aee3044	iexplore.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1544	WerFault.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2760	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2760	iexplore.exe
2760	iexplore.exe
2632	IEXPLORE.EXE
2632	IEXPLORE.EXE
2632	IEXPLORE.EXE
2632	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 18 IoCs

description	pid	Process	procid_target
PID 2576 wrote to memory of 3064	2576	2023-08-26_3eca011d61067d899c814d0aba1cf97c_mafia_virut_JC.exe	28
PID 2576 wrote to memory of 3064	2576	2023-08-26_3eca011d61067d899c814d0aba1cf97c_mafia_virut_JC.exe	28
PID 2576 wrote to memory of 3064	2576	2023-08-26_3eca011d61067d899c814d0aba1cf97c_mafia_virut_JC.exe	28
PID 2576 wrote to memory of 3064	2576	2023-08-26_3eca011d61067d899c814d0aba1cf97c_mafia_virut_JC.exe	28
PID 3064 wrote to memory of 1544	3064	2023-08-26_3eca011d61067d899c814d0aba1cf97c_mafia_virut_JC.exe	29
PID 3064 wrote to memory of 1544	3064	2023-08-26_3eca011d61067d899c814d0aba1cf97c_mafia_virut_JC.exe	29
PID 3064 wrote to memory of 1544	3064	2023-08-26_3eca011d61067d899c814d0aba1cf97c_mafia_virut_JC.exe	29
PID 3064 wrote to memory of 1544	3064	2023-08-26_3eca011d61067d899c814d0aba1cf97c_mafia_virut_JC.exe	29
PID 2576 wrote to memory of 1544	2576	2023-08-26_3eca011d61067d899c814d0aba1cf97c_mafia_virut_JC.exe	29
PID 2576 wrote to memory of 1544	2576	2023-08-26_3eca011d61067d899c814d0aba1cf97c_mafia_virut_JC.exe	29
PID 2576 wrote to memory of 2760	2576	2023-08-26_3eca011d61067d899c814d0aba1cf97c_mafia_virut_JC.exe	32
PID 2576 wrote to memory of 2760	2576	2023-08-26_3eca011d61067d899c814d0aba1cf97c_mafia_virut_JC.exe	32
PID 2576 wrote to memory of 2760	2576	2023-08-26_3eca011d61067d899c814d0aba1cf97c_mafia_virut_JC.exe	32
PID 2576 wrote to memory of 2760	2576	2023-08-26_3eca011d61067d899c814d0aba1cf97c_mafia_virut_JC.exe	32
PID 2760 wrote to memory of 2632	2760	iexplore.exe	34
PID 2760 wrote to memory of 2632	2760	iexplore.exe	34
PID 2760 wrote to memory of 2632	2760	iexplore.exe	34
PID 2760 wrote to memory of 2632	2760	iexplore.exe	34

C:\Users\Admin\AppData\Local\Temp\2023-08-26_3eca011d61067d899c814d0aba1cf97c_mafia_virut_JC.exe
"C:\Users\Admin\AppData\Local\Temp\2023-08-26_3eca011d61067d899c814d0aba1cf97c_mafia_virut_JC.exe"
1⤵
- Adds Run key to start application
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:2576
- C:\Users\Admin\AppData\Local\Temp\2023-08-26_3eca011d61067d899c814d0aba1cf97c_mafia_virut_JC.exe
  "C:\Users\Admin\AppData\Local\Temp\2023-08-26_3eca011d61067d899c814d0aba1cf97c_mafia_virut_JC.exe"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3064
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3064 -s 212
    3⤵
    - Program crash
    - Suspicious behavior: GetForegroundWindowSpam
    PID:1544
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe" http://vguarder.91i.net/user.htm
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2760
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2760 CREDAT:275457 /prefetch:2
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:2632

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cf5939c40e09163bdeece6870c6ff294

SHA1
e9abddb9985de202ef520ea2a40987c7415efaf6

SHA256
85223d965243f94d0bb6a68341a0f37aa32aeaaa32aee09f1d5fcb1706cc59b8

SHA512
f856bec11ccbb70fe815d14d4696d3581be0042ffdca2ed4886271130dba75a98ca7a9121645d14dd32535fca851d846ece57791ddcc40a56e7c57711f3fd7b3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c740d7f530ed3a9dab62307273252533

SHA1
3d87edca7e651a857cb605f5955fc5682b89ebc9

SHA256
7539ef868d9eb56f401a39cc7529dcfaa35c9275f4112464be4e92923737811a

SHA512
d77f8abaab22da99022b192aaea526f52d923877cddef2689e5ff4a7b73ede5c2846124cebab32a9fa5980e48fc460a4ce8be962314f7b28a9c2aaea6a48ed7c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7ce15b12c7e627bf2f3e938864578523

SHA1
52c800ce3476458ceb598c3adf90c93ce10d142d

SHA256
31d61ccca0d96406c04c0210d127b2582eb4ff713ce740a51d19acffb7c18928

SHA512
9897df6dc9723bbd73bf4c3c44022453eb20db7b1b1e2b5039d6a9efdc96132cc164ef7f53f7bdde0fc882d290257a2fbed8bd433259791e7f05a535d27cd7c8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6811011fe3e5a8e9f5495ec6194b752a

SHA1
996a42bab9d799a1f1fbeb69e49c71622c19a7f9

SHA256
938b27655515df28930b2f4558fb8edf67d95da9282b65f6a1155124289477bf

SHA512
56f9b522ab004f3b6c50912f50dbfb2927715e2b857cb1b0912ff4367121a1acf451f14477e552a4631ec46abce631ebad3a471476191da339909a0b0b589059

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2fd364950ad257536b4c62db9331b62c

SHA1
f3815f0f3d5c861fd2ed9d6b6864d0d0624d82d2

SHA256
66589a5f0ec5dda736ec75315c9aa57828a5d41079d05fbaa41ffd3282e0c3b3

SHA512
80ebe7e285acc8f3e053bdd0fdad145a007c18e140b932d32b99a7735f8e65b0877937a818dbba9f50688941818a349572622e8f9a5bdabea2865557651e3752

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1830382fd899c984ce43b4fedd0a67f1

SHA1
0f1659325a29a74451271ac93e19aeed3403640c

SHA256
56d56cbb1ef1f96c9078004ffb852024d264b437da1b5ce97799be9cf6ef0950

SHA512
72578520bda4e9e848b512a2f240603351dd44d6236db3a2bd733bb650a3350c4ff389cd1364bf4d6ac824e9ec685483928aaa38107d310db113fdfdd9855ef2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b651e95755d23cf7ff3525d4469ffd85

SHA1
499e9acede7d9eede4c11ae096fa0635e955cacc

SHA256
d93ec5e3f570dd34ae19b17b602a82161bca53d042028eda7eb33a4281ac4722

SHA512
abd206c1bca5c451316c7abb3cf6457a5697d7f46f159734f06144431d4e14afa72a41f34804eead95fedbbdadb10a6476466074067e2b6b655dd9c8c3ef2c1d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cbc4840135878abba72d1658f31dbfaa

SHA1
6b39e9108ee68f5bc272ff5f2a371302fef6577a

SHA256
0a41f4230539554b3a388f4c8eb3d993cef9a70f97b02e371c87557a12fea783

SHA512
9983f0af84ede6e5bbc2a83e47793b0fd3941784e7de44f6bc2bc7eb9e444543758569457a00904e33dd7ef8544c93f5b56b0207c15f9b4bae87c68fa7db9d2f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ee9ed56292c2e58a2c5187b8cf3d32c9

SHA1
093c4e4dcc33fc7c216dedb150010fb00779b423

SHA256
b66ca4bb06a64d24f2706ef76b292227ccf5d6c01a864b9a1ae502b85a931a62

SHA512
0bedf15118441a489f0554b24efa1f421d7b30bb47de1b52eefc448a7b60e444ad35752f094f8b1d2d802e3bedccdf42bef7d76f3c2c0021070bbb5074c5f67e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b2b40b09b34eff6f191ed6c74eb806dc

SHA1
0c60f65d3be0ad665266e0e678cd60c089494371

SHA256
ee2c7cd3ac4991cd012929c00a10324005afcdf79bdb94a0429949cbe0f2e2ff

SHA512
18e94f7ddc0d513c7af1e92da624572c7a23d0ab5ad508bb65216f7f29d0a6c009562d4c03b1e8f5ae5037e63fc8374ab79a1b15f0245032dbfee0db7132300d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b6b1090d06f41010c4d5b52e8f40ab9b

SHA1
6380cddcc06d880226b7865b7022802503791d18

SHA256
c098c04ae9926996f5bf612e37cc318a35abf071df27ccd3fcbc82e50138e582

SHA512
12114fd61642d118bf9e0e6eedb5203297e523813ff3d9ab277fc2250b23decf91ec16aa0d792636ac791717b7bc933bd10f3f10c2c880ff6f8169726cca452b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b004bbbbb5cacdd71a9e4f7d737c9011

SHA1
e1ffb12b9c1d9751dc701589eec88b848f11dee5

SHA256
36855990695ae280af0ea3e80996ab29ca29c6aec003e2a632e51229ed27d8d4

SHA512
9593e12a8790547f9d4e06107203699fe319ad0c812dac6693c3d17842f347eb24e8f9d111720bcf921e56449da5768051e2818a0c2cb1dd6ccedc34b4d6dae2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8a5813e50cd9db9ebf111c3d98d67043

SHA1
3166a08c021fd8b5d6c20ea441625af7888f0c82

SHA256
fc39b0b8c8e229bcac62eb0c41d859da7ec3d8679aadaf68c4a79f0fb71abfab

SHA512
916a3003e59b4cba58c373eb7e7bb65053082f2fb16df471a0bcde23cab1bbd65e4a3032ff2e386935a85f52475912cd4a8a9a8679fdc971ed1ed588d3153120

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0e8b4745be6d8e99cf034d5c8cfeade9

SHA1
edc680b8b9e44c8cb8e1a0c7efbc5f7cbb41859e

SHA256
cb2ad7821c6f64dfe45b4eb0a66d1ed5cfb22b564b2e40a1f30443daccf327bd

SHA512
811556fbf867300bc2e3eec59be37df5ed7bf517af0f945e14dd4bb729e2d65f3babb7d29519f33a3ac6c526d545c9ab729c13a30ce80976c1175978866e02f7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
883aa1839b42a1852c906ba95edb80f6

SHA1
2e61d9a9e3521dbaea2741f1274b8b257591a67d

SHA256
765e0f2cf658fe451d3235dce86fe21dd3089508ffe570a0c6d030052fff3b0e

SHA512
b6a88ebc548777a2b157a025397fec784774c3d79b28685c009b9f9aaf3b31dd990b505fbc001d09569e91a6f71f1dcbf17eccc55c25c8c439c47cb4ab49e3fd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
837972e3e921cd87fe397e1fab07a881

SHA1
bc029742c3a98c8cc6b60589d10ba4514601baf8

SHA256
473ece58a2756516666e575e498a7b9da597e8468bf3c1b96b3312cac594b566

SHA512
a4df6c59690f853f76887f6eb6bc1348fe2f0e9e0f7ef4e56d59c8af5c33b419316ae632fe5c07abf8bf6ee602cbb5536aaf7ba5c701613ab4793e3967318406

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f9489268973cc6be601671a901294ec1

SHA1
082fda0f805f5dd48c0ef034ad7e14a7ec64ee66

SHA256
0e970c69dcbc64227987491891f226cd318c69f16224a4ca597de75d68ee4a23

SHA512
7387982dd9fc24450d037658ba8e44a32da12b3c0a48790010a8473509075c9667b885f5f53187ad6271f58f141abdb3e7a458ae72857a2cfc9322739a0c241b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7f345c56c7b8067eaef4fa9b04f336e0

SHA1
cd78df75bf3b4c3fb9f116dd37115b992326bfc5

SHA256
c4fb6e9ddc346506954e7270f24f782b39e5cae71e834f2be5dcbcba8fb43e48

SHA512
a28e4bfa6bc4847d1cdb1805172a1b317b6ebe2af4409d3a8404ced8b058a3eaef03b178bfc4a1292dedd66c5cfd18c8ae66d6dd5ecedca1fd469df173c4127d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
904afeea2b49483c1827c5c1e059b99f

SHA1
1f363eee5dbf4372a9fceb75d9db00bdccabc8ce

SHA256
4ea5dfa2579d6d8a0bd5198137b9971842f113ac17d4ce9881e923209d8f49f1

SHA512
1089762a54a87197efcd8e4ae9dd8e7f875538e33650c392d62865c7657289e3cd7c43b0e9f5b3ecec1d291f4bf97433426264639320f087bca05c2d96114f7b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ebf26d705497c5113c9ef62203401d6d

SHA1
91cb8e7233f0f3e00d30fa8e29cc2910dad81a26

SHA256
4b62d377a8d315f5813ee2b396804401d8a7bb6981a5c60bbf140e77cb4b6876

SHA512
84fb0095d1ab20cbe77b57c31bc7585296088049240d9a92bef15a5ab281484c2cf24ea00fd854f5281f0082792d3cc3d5452608a37882327aa5b2fcf998b060

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e1dcddc56ef4910a4147c72f7dce1d54

SHA1
ff9afe680f10727a1de5d3dc06d5de04e569466d

SHA256
6dcff527ae7ed121bd9879893e07dbf1a7582a7f3219f3b516b4c786d9a3e432

SHA512
0ed48f44b81da450c039d4a89da63d21981b7cfdfabbdc6b8ba7aefacb35403f3d7fd518073b9221c5a5796883bb58ebd1262e60d7e18c9f723cde071fde79e4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0361f698aaee8f36e57119defd02ea7e

SHA1
c76fcd60b7782a93d19b9bde3707f4467af1a91a

SHA256
2789e0c8dfd9fff326c0e8a0c4de9acdd305938612c0af14231491d53d1ba5ed

SHA512
8a0d86259bcce4f7e582a2cb73d06ba8d81233c99f5bd17765f5cd7eade6a15700bcf5b934c577c7b6895413d069e265cdc6e4392cc28f6b2e4276bd9f27c5d0

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabF818.tmp

Filesize
61KB

MD5
f3441b8572aae8801c04f3060b550443

SHA1
4ef0a35436125d6821831ef36c28ffaf196cda15

SHA256
6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf

SHA512
5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarF943.tmp

Filesize
163KB

MD5
9441737383d21192400eca82fda910ec

SHA1
725e0d606a4fc9ba44aa8ffde65bed15e65367e4

SHA256
bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5

SHA512
7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf

Download Submit
memory/1544-6-0x00000000007A0000-0x00000000007A1000-memory.dmp

Filesize
4KB

Download
memory/1544-5-0x00000000007A0000-0x00000000007A1000-memory.dmp

Filesize
4KB

Download
memory/1544-4-0x00000000007A0000-0x00000000007A1000-memory.dmp

Filesize
4KB

Download
memory/2576-0-0x0000000000BF0000-0x0000000000D361E0-memory.dmp

Filesize
1.3MB

Download
memory/2576-1-0x0000000000970000-0x0000000000AB7000-memory.dmp

Filesize
1.3MB

Download
memory/2576-440-0x0000000000970000-0x0000000000AB7000-memory.dmp

Filesize
1.3MB

Download
memory/2576-439-0x0000000000BF0000-0x0000000000D361E0-memory.dmp

Filesize
1.3MB

Download
memory/3064-2-0x0000000000BF0000-0x0000000000D361E0-memory.dmp

Filesize
1.3MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads