hxxp://constancia-rfc[.]info

Resubmissions

12-01-2024 20:36

240112-zdjqkaehem 1

12-01-2024 19:25

240112-x5akvsegb5 1

12-01-2024 17:37

240112-v7njdsdca3 1

12-01-2024 17:33

240112-v481xsdbc6 1

Analysis

max time kernel
54s
max time network
267s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
12-01-2024 17:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://constancia-rfc.info

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies Internet Explorer settings 1 TTPs 24 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{853313D1-B171-11EE-8575-62DD1C0ECF51} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2180	chrome.exe
2180	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2180	chrome.exe
Token: SeShutdownPrivilege	2180	chrome.exe
Token: SeShutdownPrivilege	2180	chrome.exe
Token: SeShutdownPrivilege	2180	chrome.exe
Token: SeShutdownPrivilege	2180	chrome.exe
Token: SeShutdownPrivilege	2180	chrome.exe
Token: SeShutdownPrivilege	2180	chrome.exe
Token: SeShutdownPrivilege	2180	chrome.exe
Token: SeShutdownPrivilege	2180	chrome.exe
Token: SeShutdownPrivilege	2180	chrome.exe
Token: SeShutdownPrivilege	2180	chrome.exe
Token: SeShutdownPrivilege	2180	chrome.exe
Token: SeShutdownPrivilege	2180	chrome.exe
Token: SeShutdownPrivilege	2180	chrome.exe
Token: SeShutdownPrivilege	2180	chrome.exe
Token: SeShutdownPrivilege	2180	chrome.exe
Token: SeShutdownPrivilege	2180	chrome.exe
Token: SeShutdownPrivilege	2180	chrome.exe
Token: SeShutdownPrivilege	2180	chrome.exe
Token: SeShutdownPrivilege	2180	chrome.exe
Token: SeShutdownPrivilege	2180	chrome.exe
Token: SeShutdownPrivilege	2180	chrome.exe
Token: SeShutdownPrivilege	2180	chrome.exe
Token: SeShutdownPrivilege	2180	chrome.exe
Token: SeShutdownPrivilege	2180	chrome.exe
Token: SeShutdownPrivilege	2180	chrome.exe
Token: SeShutdownPrivilege	2180	chrome.exe
Token: SeShutdownPrivilege	2180	chrome.exe
Token: SeShutdownPrivilege	2180	chrome.exe
Token: SeShutdownPrivilege	2180	chrome.exe
Token: SeShutdownPrivilege	2180	chrome.exe
Token: SeShutdownPrivilege	2180	chrome.exe
Token: SeShutdownPrivilege	2180	chrome.exe
Token: SeShutdownPrivilege	2180	chrome.exe
Token: SeShutdownPrivilege	2180	chrome.exe
Token: SeShutdownPrivilege	2180	chrome.exe
Token: SeShutdownPrivilege	2180	chrome.exe
Token: SeShutdownPrivilege	2180	chrome.exe
Token: SeShutdownPrivilege	2180	chrome.exe
Token: SeShutdownPrivilege	2180	chrome.exe
Token: SeShutdownPrivilege	2180	chrome.exe
Token: SeShutdownPrivilege	2180	chrome.exe
Token: SeShutdownPrivilege	2180	chrome.exe
Token: SeShutdownPrivilege	2180	chrome.exe
Token: SeShutdownPrivilege	2180	chrome.exe
Token: SeShutdownPrivilege	2180	chrome.exe
Token: SeShutdownPrivilege	2180	chrome.exe
Token: SeShutdownPrivilege	2180	chrome.exe
Token: SeShutdownPrivilege	2180	chrome.exe
Token: SeShutdownPrivilege	2180	chrome.exe
Token: SeShutdownPrivilege	2180	chrome.exe
Token: SeShutdownPrivilege	2180	chrome.exe
Token: SeShutdownPrivilege	2180	chrome.exe
Token: SeShutdownPrivilege	2180	chrome.exe
Token: SeShutdownPrivilege	2180	chrome.exe
Token: SeShutdownPrivilege	2180	chrome.exe
Token: SeShutdownPrivilege	2180	chrome.exe
Token: SeShutdownPrivilege	2180	chrome.exe
Token: SeShutdownPrivilege	2180	chrome.exe
Token: SeShutdownPrivilege	2180	chrome.exe
Token: SeShutdownPrivilege	2180	chrome.exe
Token: SeShutdownPrivilege	2180	chrome.exe
Token: SeShutdownPrivilege	2180	chrome.exe
Token: SeShutdownPrivilege	2180	chrome.exe

Suspicious use of FindShellTrayWindow 35 IoCs

pid	Process
2140	iexplore.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2140	iexplore.exe
2140	iexplore.exe
2772	IEXPLORE.EXE
2772	IEXPLORE.EXE
2772	IEXPLORE.EXE
2772	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2140 wrote to memory of 2772	2140	iexplore.exe	28
PID 2140 wrote to memory of 2772	2140	iexplore.exe	28
PID 2140 wrote to memory of 2772	2140	iexplore.exe	28
PID 2140 wrote to memory of 2772	2140	iexplore.exe	28
PID 2180 wrote to memory of 2688	2180	chrome.exe	30
PID 2180 wrote to memory of 2688	2180	chrome.exe	30
PID 2180 wrote to memory of 2688	2180	chrome.exe	30
PID 2180 wrote to memory of 952	2180	chrome.exe	32
PID 2180 wrote to memory of 952	2180	chrome.exe	32
PID 2180 wrote to memory of 952	2180	chrome.exe	32
PID 2180 wrote to memory of 952	2180	chrome.exe	32
PID 2180 wrote to memory of 952	2180	chrome.exe	32
PID 2180 wrote to memory of 952	2180	chrome.exe	32
PID 2180 wrote to memory of 952	2180	chrome.exe	32
PID 2180 wrote to memory of 952	2180	chrome.exe	32
PID 2180 wrote to memory of 952	2180	chrome.exe	32
PID 2180 wrote to memory of 952	2180	chrome.exe	32
PID 2180 wrote to memory of 952	2180	chrome.exe	32
PID 2180 wrote to memory of 952	2180	chrome.exe	32
PID 2180 wrote to memory of 952	2180	chrome.exe	32
PID 2180 wrote to memory of 952	2180	chrome.exe	32
PID 2180 wrote to memory of 952	2180	chrome.exe	32
PID 2180 wrote to memory of 952	2180	chrome.exe	32
PID 2180 wrote to memory of 952	2180	chrome.exe	32
PID 2180 wrote to memory of 952	2180	chrome.exe	32
PID 2180 wrote to memory of 952	2180	chrome.exe	32
PID 2180 wrote to memory of 952	2180	chrome.exe	32
PID 2180 wrote to memory of 952	2180	chrome.exe	32
PID 2180 wrote to memory of 952	2180	chrome.exe	32
PID 2180 wrote to memory of 952	2180	chrome.exe	32
PID 2180 wrote to memory of 952	2180	chrome.exe	32
PID 2180 wrote to memory of 952	2180	chrome.exe	32
PID 2180 wrote to memory of 952	2180	chrome.exe	32
PID 2180 wrote to memory of 952	2180	chrome.exe	32
PID 2180 wrote to memory of 952	2180	chrome.exe	32
PID 2180 wrote to memory of 952	2180	chrome.exe	32
PID 2180 wrote to memory of 952	2180	chrome.exe	32
PID 2180 wrote to memory of 952	2180	chrome.exe	32
PID 2180 wrote to memory of 952	2180	chrome.exe	32
PID 2180 wrote to memory of 952	2180	chrome.exe	32
PID 2180 wrote to memory of 952	2180	chrome.exe	32
PID 2180 wrote to memory of 952	2180	chrome.exe	32
PID 2180 wrote to memory of 952	2180	chrome.exe	32
PID 2180 wrote to memory of 952	2180	chrome.exe	32
PID 2180 wrote to memory of 952	2180	chrome.exe	32
PID 2180 wrote to memory of 952	2180	chrome.exe	32
PID 2180 wrote to memory of 348	2180	chrome.exe	33
PID 2180 wrote to memory of 348	2180	chrome.exe	33
PID 2180 wrote to memory of 348	2180	chrome.exe	33
PID 2180 wrote to memory of 2884	2180	chrome.exe	34
PID 2180 wrote to memory of 2884	2180	chrome.exe	34
PID 2180 wrote to memory of 2884	2180	chrome.exe	34
PID 2180 wrote to memory of 2884	2180	chrome.exe	34
PID 2180 wrote to memory of 2884	2180	chrome.exe	34
PID 2180 wrote to memory of 2884	2180	chrome.exe	34
PID 2180 wrote to memory of 2884	2180	chrome.exe	34
PID 2180 wrote to memory of 2884	2180	chrome.exe	34
PID 2180 wrote to memory of 2884	2180	chrome.exe	34
PID 2180 wrote to memory of 2884	2180	chrome.exe	34
PID 2180 wrote to memory of 2884	2180	chrome.exe	34
PID 2180 wrote to memory of 2884	2180	chrome.exe	34
PID 2180 wrote to memory of 2884	2180	chrome.exe	34
PID 2180 wrote to memory of 2884	2180	chrome.exe	34
PID 2180 wrote to memory of 2884	2180	chrome.exe	34

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" http://constancia-rfc.info
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2140
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2140 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2772

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef65c9758,0x7fef65c9768,0x7fef65c9778
  2⤵
  PID:2688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1144 --field-trial-handle=1400,i,4498775866341388175,11066769144286545725,131072 /prefetch:2
  2⤵
  PID:952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1440 --field-trial-handle=1400,i,4498775866341388175,11066769144286545725,131072 /prefetch:8
  2⤵
  PID:348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1636 --field-trial-handle=1400,i,4498775866341388175,11066769144286545725,131072 /prefetch:8
  2⤵
  PID:2884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2296 --field-trial-handle=1400,i,4498775866341388175,11066769144286545725,131072 /prefetch:1
  2⤵
  PID:1264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=1200 --field-trial-handle=1400,i,4498775866341388175,11066769144286545725,131072 /prefetch:1
  2⤵
  PID:844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1496 --field-trial-handle=1400,i,4498775866341388175,11066769144286545725,131072 /prefetch:2
  2⤵
  PID:1684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1268 --field-trial-handle=1400,i,4498775866341388175,11066769144286545725,131072 /prefetch:1
  2⤵
  PID:2976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3368 --field-trial-handle=1400,i,4498775866341388175,11066769144286545725,131072 /prefetch:8
  2⤵
  PID:2004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2292 --field-trial-handle=1400,i,4498775866341388175,11066769144286545725,131072 /prefetch:8
  2⤵
  PID:1452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3892 --field-trial-handle=1400,i,4498775866341388175,11066769144286545725,131072 /prefetch:8
  2⤵
  PID:2248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=580 --field-trial-handle=1400,i,4498775866341388175,11066769144286545725,131072 /prefetch:1
  2⤵
  PID:2624

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1868

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
71443eb08ba4eeb7f3ffab99f4bab5b9

SHA1
023cc3efd83c3749dcd9885ad2ee931e79716809

SHA256
f99a450dd451a8fc68bddabad7b773fc599d8434adf053fb054ff598a125e047

SHA512
82cb1d04e40e2171cf278fc8f208aa9de5a08404256f8a7c2074a8577616ea89f7871475c759736977dd21fafcfce2ed2255a5b2f74f3530f7a31ddb7b1ac9c1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f946ef435b089ef8d9671e8a04e20cf5

SHA1
d5bf8abec796d211a29f135508c355666597a041

SHA256
11f9a2591870ed525bd711dfaea341f6252a3b8a488501e6e1c64951884c931d

SHA512
27543a17e55feb589d7765b32881b7610196e226d0bf37032f0e275b0e13bdb6fd9d0eaee3f6aa34c48fb271b56cde7604301941c45cd1340062adf1083d3b28

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c1b2f0b9f120a9141b66a56d0480843a

SHA1
0016629e2bc49a249a216e48a22b31ff42e0e8f1

SHA256
f75f130f59d8c74d597fb57bb25ec8f8fa6fe26b5a259ac68c60541b2f1bdcb1

SHA512
70f26e1b2c6b9c96c491164756a51110289fb044abf5e656df55d7d46b4f0317c075b5f1496085f0572f66af4986c1277314549fb72b77eba4defd3f88fa3888

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
211381c9832c52ae959329f004526905

SHA1
f5bce80644d301f263cf3dc2c6f9ddce8ae6349e

SHA256
b83eb95bddb3d58dd4d22b0ffc4277186390e8afa01ba9c42d291f84eda1ef5a

SHA512
dfbcfd82485a8e7d5c895a31f17484221fd358f28b1a9ac96a98de118033fdba84d202bf098d486c65ef326ad960dd9b769d12ffb3c862c49696d1f7b8882e06

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f64f284e587ef9c90a033387f2d9a49c

SHA1
16211c176931e392926d7e3c03018d26d6b9354c

SHA256
861d6e0db7ab0049c1b9b1ed8ec1ab77ebc2617b56e4a883ec7e0e62fe41d976

SHA512
68ec7871f0df6e30a0bd54cde44dc5b76f2d02b093b293804a98f4519eb8447fcf49f6e4fe64520bfc947063cee27ed2945c8165f750141d99448da6c0cfbf69

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cc2fd037ce0a8a5fa62b75f917eb8905

SHA1
bf30b25f5beb4aee6f3be650bc4e88587da1ff3e

SHA256
22452b7b5241bb9fb8871129cf7f56e30a3274cb90e08654b742d5e0b94ba61b

SHA512
a17fffa17526a4832146cd7b214d59f344bf6d2ee7620f33bb77b9c84f9f9930fd35e6fdbec28ece78fef4c2c13e5c63625f16493ae08c6a5be00ade5897928a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b14fa4d8c0210a6168cf22d01194678a

SHA1
19cf8bee83fc646fc7f22d9888826cb89a800eef

SHA256
5fa299ca0d4606185a8f2341fba99185cfc893b6ea76ed1346cfe9447bc385dc

SHA512
2a940fab1f925765810e0b0bbbbc670a7c2ffd055dec6c044782e9c853366ad558e9c8c81afbf5fd64b5e9d1bb165950b13e1097a5470882dc3918e1770362d8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
567558a619c7b4f22db8e6d425797ecd

SHA1
05bff5164c98d01bd8be8663052c7a604374ecdf

SHA256
f2daf29d019d798f50d7611940ab0f8e75379f650bdfd40409c4cfc95e94d89a

SHA512
fe5135f285783af5cd99bbf06bcd40a05877e6a2400005ece1a931c581abf5f0871c53aa38de89e6ca87015a9e1a131394c8e3e6d2f089ec089ac2d1529ce9cd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8795545116cf7dfa33ecbc64a148432e

SHA1
efb74b4db035b05c45780d54fe2a1ccf3517739d

SHA256
d94ab8a826fdfbc1842f86340ae27b802483164d1463f82cf48d481efc2721ce

SHA512
2dfab2bd9357d65ec77776e6c62cf5e491f101f1af8c21960d88fed79bf864e53fa2dd1a36dbe849a98a723c4629537a49bdddb35af4738832751b317b3ef3a6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bb39aac45095853b6778da05424f6779

SHA1
2a67db870edcfd42e6a5f9ab1f755698cb9c14da

SHA256
7ad2c92ad2e8cdba461c7724515ac6980f0d936ecbecf44b0e1616dbe340f52d

SHA512
aa771881b77707877a6ab7c997e24b02ee287cb9e74de569d53b26defca0871599ca128f2344682e12b1feb745607dc8224f4d50a9dd635a6ea454127961bfc4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cf5e6b616e6fb2889c28f2e58ab27572

SHA1
64489bdad3894029568dbbbbecd673d0affbe3fe

SHA256
b86dbc4dc5bd4d9ef782994c1f54c3b6ec621d4c2686c24d553b68c9d275359b

SHA512
357b5ab6e8623ae65324224c30c45712eeaefb86b775e2e73f3fcc602ad2d6637f3ae7f04d518ebb6d56ab955365e6f34313c3ecc9c694ed0cd32b59bec3d2a4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7056dfd13ff9bfd2eb3fe8c3fd525a74

SHA1
e297319b37187c7461c89916facb0f06ef9813f0

SHA256
465d8210691420849e36b71caabf419eb7ad21e8fb58ad30f65bac44528b4359

SHA512
7469c4fc8818fe6b3831adb98b29c8f3e7d04c7d5f7a40f869c6d3ade8ab33c31c8733f25fdf5fd85d0cd2d9eb819ad085103b57da745cd547e9ea854c008ac2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0228da8b6fb8747df1a1f0a0b6f15d43

SHA1
dec70f343e87b7f73aeafd61d5cd64edcce573ae

SHA256
2517131e00fae8844ab0feb7b2ccaae8cf8f1bc8ba3ebd2989a26000ebf1a4b4

SHA512
df74c29a567d447868778a8a15dd9cc8535f2c60f92ac739ec69bacd133cb29fdea74636e30a85d3570c5159c71855d9a15ecb554ab5f37c0c150a56e4f01fa1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a

Filesize
40KB

MD5
d61bfe9b56c13ecff5313ee3abb45e8b

SHA1
ecb7caed8f169c4ae226d85b82cfec19fc50d4ac

SHA256
43730866612149a27f49159d7c4f19185c8694bb91bf41abc884a6fe1346e96e

SHA512
6c7da4178de1ec09a600c3d7a6a5e7587128172fb88411e4fd850cd843f0085b2001f30e1ed4abd133e40634b72b877a4430088346adc1be2d3feca68bf00ef1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b

Filesize
17KB

MD5
67046ea250d57883c8508731b0bb7270

SHA1
1e350031093e0549e7c208ce0e363778a7e7aad3

SHA256
3a4b03a6c128b46647ca81421d1b1db2577751a66b09c13677c8d753cac18c7a

SHA512
8b386f0c81c5e1fb61204f709a34612deaa64d4cdbc0216a4b1a917a889157d28a9167a77411a157ed8bace53fd929d90696feaff2aae0893cab7f66dd6d857e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c

Filesize
137KB

MD5
04aca1f4cd3ec3c05a75a879f3be75a3

SHA1
675fcf28f9fbf37139d3b2c0b676f96f601a4203

SHA256
7928b5ab63c6e89ee0ee26f5ef201a58c72baf91abb688580a1aa26eb57b3c11

SHA512
890415fa75ed065992dd7883aed98bfbdfd9fa26eec7e62ea30263238adca4eecd6204f37d33a214d9b4f645ad7d9cc407d7d0e93c0e55cf251555a8a05b83ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000d

Filesize
84KB

MD5
a09e13ee94d51c524b7e2a728c7d4039

SHA1
0dc32db4aa9c5f03f3b38c47d883dbd4fed13aae

SHA256
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef

SHA512
f8da8f95b6ed33542a88af19028e18ae3d9ce25350a06bfc3fbf433ed2b38fefa5e639cddfdac703fc6caa7f3313d974b92a3168276b3a016ceb28f27db0714a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000e

Filesize
34KB

MD5
4240946598b525f3bb169204e0af3804

SHA1
d6c6afcdc029470a25eb470852ebe5ab1fa35e09

SHA256
4e7a719dfe32c966734934b106bd53cab15317dca5824d8cf6c71e7a8bdf1896

SHA512
052c9c09a09fe3d281b36f5d62366c9ede33f45b5fbf98f580c96e72a3b390ca393327a3299024fa9226e4068ad508f39eb986f7d4d665b8da1ebf428f3ecfba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000f

Filesize
76KB

MD5
91cc40989e5e96e8d6bddc0f19598441

SHA1
77b5378a2b4bfc120e52782dd869aeab7efe2fd4

SHA256
6b6b686ecaa56e02ec5aced95541a03f922f599b31f1b4cd429ceca824a6e669

SHA512
90750a22634147d99cc10d6ee1120bb6c889982eaee77f5b82445aa5f1ab6f05db90fc5f6a9933017bdd1a7ad3bb76e518d5c73c25f4925ae513bcc0661afe8c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000010

Filesize
207KB

MD5
50a98c751c19ae5ea4fc42b2ba2da89b

SHA1
56368d3745a9fb9e81628db25dd5995bc3c31add

SHA256
3290ad3b8a579ef3bc11c67daadde34b8c60537e337ac6249885d85d13566363

SHA512
692244e33afba158ac6bede41a3632eebf5ae0800fd9f5e7126727586e6a0431c4ed1136bd12544fc6e9a6984f5f12f7e449c8f12997cf0eefe9c9c3909793e8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011

Filesize
39KB

MD5
1fa1d2f3e680f9d13ecd8c62a882dcbc

SHA1
76c1e326201f58cf8bce494ddc7652d49c6a5963

SHA256
389481d11d68ebd0de4d2f7edf8a886c6971969d6ebe3e6cb048353d14194f9b

SHA512
fef2e161a65722802f683f1301f1d9779f8cbdb24efcc436164cba2374f0fc64dfb006951a5de543370ec8824fbd7d399d1cd76e1e9293d7d718ccce556d72dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000012

Filesize
21KB

MD5
bae2a7765764ab428182117fb8760bb4

SHA1
443969dfaea7348348873e49801441c8c905034d

SHA256
c643505bc3f28e300f461f1e7bf2824a906381e5cab831bb7e010d9a1807ac14

SHA512
567e05bf5405d24aa637df4be88795d9c8d88bc670587678cb8dc42f62363b2060d5e893625c38527d9a3b8501ced3d5f005c573e15ae61888e493b4be68d3de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001a

Filesize
28KB

MD5
9c326116ef35392d7138ef4495ca4691

SHA1
436b2b9b88bd5ce950c479c718d63750d96f5ff0

SHA256
09318b7d6c3379645f0876f55777ff362989ca610159f45eae6f788c8af2a30f

SHA512
13fea2e94543bbebfc8cb01b7f04a1661cc7136816ff27636c28d37f323e901cdb2b59ffe488dc4596422aef2655a47cae1657c85661256bd9d14c66cb1b6fab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
83db04a4e41b7946a257316b5a45b1ad

SHA1
6f72718247ede2cfe848e7f7c512998ce7cf8ce4

SHA256
22191e26deed5b9646d4781979725a5e28cd157d65d2c982a5a1e9570d397b54

SHA512
1fd7c9471ea2a398cc5468f79d2bda668cf8218baa9cea609ed77715aef2bb24e3ba950fe1b0ef78afa1f8366c7fd4cdd0fde432c226ab4535bfe15252dbef4f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
992ebce97034da68ea7a1f8b26cb5150

SHA1
b32ecc124fffcc13c49ae86a1a02af1fcfd17d1e

SHA256
ab4e5aa4f810f1adc6f993f851a6792cbf090363542f62ff8d8c04b1e1f95923

SHA512
b11b7abde44552c77c93c25f1e7fa4613a6c83bdd940085e3f8a417903541cde9d58b409d370d05845cdbfb38f953608ab0b39fb1657db78bc9dd54cc899ac93

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
df462363099fa7863e1e2f6c82e0b1fe

SHA1
9eacc20067eb986935727552cdc6afcec515ae6b

SHA256
f44c26c7ecfdd3cb6500ec6965adc1bd44de4e25b4f551e300177886fa436171

SHA512
427f85a2c1eec61fb39cdfdea4dc7c1bd4f9670067d585af3bee43f47d5c252d7b4dc50d756f029d19f002f955ffecefb6b8a9c31ddc54e7c85e86119eea9be8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
46de628939978c25c9f7646f3a4604d4

SHA1
cd9380cde327c28a65c23ea88f1730469a4502b6

SHA256
90a03cecb69020c3cb3f6a9ba891b6440c81bb5f51c224fbb25641dfeca2533c

SHA512
556143993150c80153278a47ab371405b72b414671ca75289b507c68aa8467e417568581d55a39b6a3869f76570ecb808cadf86dd32b8650718051c67e2e02e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
725870cb559726b265cfdc9c48db0d5d

SHA1
4d4b06360b1c01fb7f741a714e97c4c59cd6a30b

SHA256
bdab89b026c4aa86ee8fb1277ad830d436f78af79133de75b26d20a42a7a1260

SHA512
5fe86a410480d6f37baa370bdd7d1985e690c87149f3edf77a866282b233cb818ddaec2891ca785af82e2bc740a5af18e4e21dc809a29b89ff6bc49a32686b4d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
42fd491ae7cf5fdbd9ac30bcd868b2f3

SHA1
3a778222e9793c1a9e260824d706ca18f8ad216c

SHA256
47c55099fc2a06448367e07d76cde54c35c75de47dcf45b2c79def603402cadc

SHA512
d6e6c6ba74d19530a083fa734474ed3dc2af6ef470775e09b881211a1dedf3f8b209f917c0c633eb8f7dfca1f4c146bd5080c2cbd44c8a5804a9bece7ba14bbc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
0d5a122ef595796591a0614f57d165be

SHA1
4479763cdd63f9b79b6dc8d99b6c81879a7c7221

SHA256
cfb552d779afa96a567b0b19732ca593f0742071613cc59ca41ec809beffd468

SHA512
d98eda82d5f1f22a5951c02ea6eaf49d7b639667a244d06a71315cf580ff97ca08915ffac1f8c95d24a8fd4beb7299150acdee95d07069f1a4e77ca4468fead9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
0f02609d508c3de3aec9064ab4b7492c

SHA1
408a57848bff62e8cc1b0ec71561fc0664b862d5

SHA256
d2bf6cce5ce807134d6e9a4bb300b9c34a0b8ab60266dd0b3d2283842d178ff8

SHA512
77db5dfb86253f6194caf62f6875f4e35246a02decfe9b487ee88f33fc390e6bdd73538164f6e3545c2168f7d062771ff0b8fc80f1915a7b6cea6cbdd6e4077f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\d151rer\imagestore.dat

Filesize
17KB

MD5
a849db878bcb0f1bf845c0a31abc5bdd

SHA1
0699e6d61bf6b24a16e4c238f52dc59f5bb93044

SHA256
1bcb93f90b03badfb72706fa323b75ec6fce6c24d67ca11631d81bb39d54cb0a

SHA512
5c27bd633b58257c9953087b997e1fb27f19d42254d6b69a6d4f9452512fb52ef28516965d27ca2b0a2a1c2c9edcb1c8832ecf78a801905446b7548b9aeb3024

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CTTGCPI6\android-icon-192x192[1].png

Filesize
17KB

MD5
95db553abc3ad39bef60db82928ed637

SHA1
974881bded1151d299f056c3d5d1136775fe8dd3

SHA256
c6029b8cb47bff656bcf4d57929f49a7ca9e49b08fefbad0b0432d4f5f64a3df

SHA512
baf114db037742a737d035bad399c6e64e890c52a96244d88adab880127ebbd7570537d4318153a01d15ad629c65c0c8204aa35febac01d1eeee5e4d7036f145

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab55E0.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar569E.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit