aff2a000551ab04032fd567ec4c3530956401f7cea977854daf6a58f5e07669a

Analysis

max time kernel
150s
max time network
147s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
29/02/2024, 08:24

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

HEUR-Trojan.Win32.Pasta.exe
Size

1.1MB
MD5

0437f180d29d8bd43040fb91890ded33
SHA1

30fa1bd195df0099f516b366e086a0c8a36bc0cd
SHA256

aff2a000551ab04032fd567ec4c3530956401f7cea977854daf6a58f5e07669a
SHA512

f47164c439f51eb74c0a7d1cfcf21ef464856fbace833118ad72366877e6733c2dd7e52031620d282aa97ef8ae06183249ed67c5bd7c347dba1a7d30dd54b6c5
SSDEEP

12288:nsM+aTA3c+FK1vrlVYBVignBtZnfVq4cz1i5pP9kPQS:sV4W8hqBYgnBLfVqx1Wjk/

Score

7^/10

discovery

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
1920	cmd.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 44 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\{A48878C5-9784-46F2-B7B5-335311228CEE}	HEUR-Trojan.Win32.Pasta.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\	HEUR-Trojan.Win32.Pasta.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\{A48878C5-9784-46F2-B7B5-335311228CEE}\URL = "http://search.searchyff.com/s?source=googledisplay&uid=2a8989cb-2964-41aa-9510-7e4d4ff17300&uc=20180131&ap=appfocus5&i_id=forms__1.30&query={searchTerms}"	HEUR-Trojan.Win32.Pasta.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\searchyff.com	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\searchyff.com\NumberOfSubdomains = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e861098c19b4244d8627ee4664a9606900000000020000000000106600000001000020000000e632e4b40e5e04c2235b308ab352393d6f2eb54a66644328df25af64bea7d854000000000e8000000002000020000000acb4b228b4ad28007b4947c988e894688f943bc696bfee8628f538f0363603d4900000005ea73ce3ce07bf515a5bf3483f2a07d26f5d7826c4346ff490a8542ee9013513dde9207c092ba348508aa11504353cfce22845846de5747e477615a5027923618e1a1c1bafe0c3df020520ca83d3e0a378f31568cc91a4d433229bd9ac00fddcb1ea20a72b7587e9a4d5a837634d1fc3686fc3cc5cd3eb41024ec07916f5fa9ce068d208497fd0d924133a7814f5845a40000000404cef342ffe3925360f722811c972105b8ca091659499d332baad8bc6eb991b868d02a46690ec2a6f4a284f98e87a13a34a46fd34e0fd37db876b4ba6dab6a6	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\{A48878C5-9784-46F2-B7B5-335311228CEE}\DisplayName = "Search"	HEUR-Trojan.Win32.Pasta.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\{A48878C5-9784-46F2-B7B5-335311228CEE}\SuggestionsURL = "https://ie.search.yahoo.com/os?appid=ie8&command={searchTerms}"	HEUR-Trojan.Win32.Pasta.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{F12A01E1-D6DB-11EE-B4B5-5E73522EB9B5} = "0"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e861098c19b4244d8627ee4664a9606900000000020000000000106600000001000020000000f8d23f7a082df231d68eeaf22ab2e8cd54669024591ee58877c623da3278890f000000000e800000000200002000000042d2da397a36009fa083b3b0ded0cc925902da66811fadc9077ac4065829330720000000d8e02d72cc49fa2f8c3a2edd5e8e8ca06e45ae0fae591a142033d68cac5fb6e340000000e1cde1df934c34d7f6ad91950782122b5f671d51cbf395b6c50989feb6c5e4c423bb36cf0a90bc61e252e4cd5509721e90eba4b512f3ab315c438224a010d1b5	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 200396d0e86ada01	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "415356932"	IEXPLORE.EXE

Modifies Internet Explorer start page 1 TTPs 1 IoCs

stealer

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Start Page = "http://search.searchyff.com/?source=googledisplay&uid=2a8989cb-2964-41aa-9510-7e4d4ff17300&uc=20180131&ap=appfocus5&i_id=forms__1.30"	HEUR-Trojan.Win32.Pasta.exe

Runs ping.exe 1 TTPs 1 IoCs

Remote System Discovery

T1018

pid	Process
2092	PING.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2744	IEXPLORE.EXE

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2744	IEXPLORE.EXE
2744	IEXPLORE.EXE
2420	IEXPLORE.EXE
2420	IEXPLORE.EXE
2420	IEXPLORE.EXE
2420	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 16 IoCs

description	pid	Process	procid_target
PID 2924 wrote to memory of 2744	2924	HEUR-Trojan.Win32.Pasta.exe	28
PID 2924 wrote to memory of 2744	2924	HEUR-Trojan.Win32.Pasta.exe	28
PID 2924 wrote to memory of 2744	2924	HEUR-Trojan.Win32.Pasta.exe	28
PID 2924 wrote to memory of 2744	2924	HEUR-Trojan.Win32.Pasta.exe	28
PID 2744 wrote to memory of 2420	2744	IEXPLORE.EXE	29
PID 2744 wrote to memory of 2420	2744	IEXPLORE.EXE	29
PID 2744 wrote to memory of 2420	2744	IEXPLORE.EXE	29
PID 2744 wrote to memory of 2420	2744	IEXPLORE.EXE	29
PID 2924 wrote to memory of 1920	2924	HEUR-Trojan.Win32.Pasta.exe	31
PID 2924 wrote to memory of 1920	2924	HEUR-Trojan.Win32.Pasta.exe	31
PID 2924 wrote to memory of 1920	2924	HEUR-Trojan.Win32.Pasta.exe	31
PID 2924 wrote to memory of 1920	2924	HEUR-Trojan.Win32.Pasta.exe	31
PID 1920 wrote to memory of 2092	1920	cmd.exe	33
PID 1920 wrote to memory of 2092	1920	cmd.exe	33
PID 1920 wrote to memory of 2092	1920	cmd.exe	33
PID 1920 wrote to memory of 2092	1920	cmd.exe	33

C:\Users\Admin\AppData\Local\Temp\HEUR-Trojan.Win32.Pasta.exe
"C:\Users\Admin\AppData\Local\Temp\HEUR-Trojan.Win32.Pasta.exe"
1⤵
- Modifies Internet Explorer settings
- Modifies Internet Explorer start page
- Suspicious use of WriteProcessMemory
PID:2924
- C:\Program Files\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://search.searchyff.com/?source=googledisplay&uid=2a8989cb-2964-41aa-9510-7e4d4ff17300&uc=20180131&ap=appfocus5&i_id=forms__1.30
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2744
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2744 CREDAT:275457 /prefetch:2
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:2420
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\system32\cmd.exe" /c FOR /L %V IN (1,1,10) DO del /F "C:\Users\Admin\AppData\Local\Temp\HEUR-Trojan.Win32.Pasta.exe" >> NUL & PING 1.1.1.1 -n 1 -w 1000 > NUL & IF NOT EXIST "C:\Users\Admin\AppData\Local\Temp\HEUR-Trojan.Win32.Pasta.exe" EXIT
  2⤵
  - Deletes itself
  - Suspicious use of WriteProcessMemory
  PID:1920
- - C:\Windows\SysWOW64\PING.EXE
    PING 1.1.1.1 -n 1 -w 1000
    3⤵
    - Runs ping.exe
    PID:2092

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

Remote System Discovery

T1018

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
67KB

MD5
753df6889fd7410a2e9fe333da83a429

SHA1
3c425f16e8267186061dd48ac1c77c122962456e

SHA256
b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

SHA512
9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\D03E46CD585BBE111C712E6577BC5F07_B82D647113A63312F289CB1E910A9CB3

Filesize
471B

MD5
4235ef37ed009fdb4ec6aee9b78c6982

SHA1
b4b26167227b76734cbb2b7d8509e99f7e4c51e7

SHA256
acd5d0ff5ab3c48a97c687472febc8eb266c2daa8f4dd1227abf1c624d5617dc

SHA512
39269f23a7c2ce7062fc02f42dbae9defa7102392e52bd418a66e724c5025f190c414fbe2b4ce39996472c91bd94f4cd94090646b3ae54c028a32ef6673ba5ee

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
999ee5c5f52d05cfc4d3e6bb6f6aa978

SHA1
f680783606fe1129f8ed3c4a6dc05c7a92e6ab3f

SHA256
b3a26348c882ce4c65231a0e8ae1c7dd3bff91456c5c56cf548ac10ced5966a8

SHA512
01be2436a71de65d1fb6596f96d7c35d0dee21e43c36e931c1a93dc4feed58188ecd906206fb041e878fc8c43285ee6ad76fa23a131c471cde3d44183078a764

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
96e6b9e4511dc03c5d684f0d5245821e

SHA1
3aa7b3206313d3c1846a84d01df3e8d6292d6d37

SHA256
910b0ffedcb29bd4a5a3a279ba205711c4ebb5550f3df0722648179dd15c0cb5

SHA512
c831c62ddd68397a24a188f9fd32a6f83821b558d084fe88799514cdd9b09835a9b783f689b73878e4a290cbb4461423e6c2eaa624e40c858f093dac67f8fb2e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6aa7b685237e9fa3d2b3cde5768d3c2a

SHA1
c6569f29bc855c960c62c10fa56638114bcaf92c

SHA256
b05448584f2627f8cd0302779eda1f69f6cb39de94aeb5e6f6bd0b0813ad9248

SHA512
61df728ba3ecc6edaeb1637273515b118bab0d48865affc2a01a4abc978fcba03289d258037cbce5c5f1f1f4f7aae0f9a343a371bc20257e33e5f1327fc5840f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c29f74f4ea5925987119923b35939100

SHA1
5b96334e5823218d453d5c5a7e7a68fb85db0fa6

SHA256
f37ffe266fe908f1c24f5e641bc31cfee7176f9cba44586cccb85c4b102289a1

SHA512
3c3943487424ddc9bfcf338bc221fbd335282ebf02fc2cce9c3505defaf73f57854e0d8abb2b1d9538c582db39394c3432ac7b02e5d5476c01bbd6c36f4ac03f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2890ebff71bb1ba4a02d173a3052413b

SHA1
6cecbb18859b89c14adaa780806e7317cd3185eb

SHA256
ccff0ed668e021940fa38c466827ae4e8c6626daaf3e1eee565ac5ce25de2f5c

SHA512
5a4f40f1b886013716949e45ab4dc8ef986c59600cd4151d3363ddd83f1bc13e54a08fedc976375f99b69df67d3f4a84b1dbb2448dcad35605988539aa9f433f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2c41f638c4691907d1efbe9e6439ad89

SHA1
6333f1dda6f1972c1c7385589a4e408b7ab9ad55

SHA256
836027c557a97126db63e376b5b10f33e5637083c7b02040e6c321599f710514

SHA512
6a8640e0e641bbcee56dc344d53a1a16798e20e336d76e522761d72b96cd781bcf803b1fe8da628ea7d943eb79b2fbb71a6ba597e4bc728157209a0f9017b5e6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7acfadc120e31caf149a857c1bc506ce

SHA1
34a976cf9cecc68b9a899fecf7f4fe4509de683a

SHA256
cd03579bcfa217137bfe7429f83560a1bbfcff6844f73606d40dd4ba2013f612

SHA512
962aaa6f78d7dce0162338fb7ffb120be87e6ff06c7659bf48011254acecfce92b3175b36b52acbf843900ff09b436714dcae421a90d77a6b348f7038befb167

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ddb1f1068f8874ae0d3c2c648b401475

SHA1
49ac0ae6d54994d40776aea79beccdf990019d87

SHA256
91e1286ffacc42611be875912efa4d6913f57eb82f0639fe3989453050c7a7f6

SHA512
1404f2d057c55e88bb4cad140eae44b6140f03f5a361227fef2a1f782a809e7705c7cba105489c9ee8cdcbc03c8a286877fc9273441a1027b9ee5546b1989bc1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
52142bcdc14a2ef27b526d25106c673b

SHA1
573c420af72d06cad895b0f1eddea6cad68a40e0

SHA256
6ab21be51c94f559f67b549ff6686c64a8db1ca0bfa66d9120e32466b2644ea9

SHA512
04f6becea810fbb0af866f64cc5d7169d78d8c9b4701a9fcdabd47de3cdca09ae8ba9183ba5eefe3e1a6581c4c9af2113f5cf08a28bea6d9e73ad647864bf839

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cc60342323d617fa8459850deffa8c4c

SHA1
a14a5884db9f07dfe7dc3eed1de9e242faaf4290

SHA256
aa911c3d04c814ae654d42a0fe9d27c4e208722fcaf4c22da8c20c4816ac3a43

SHA512
1bea26111340b66ce28433493423ac467fcfb6adec326da57786e16bb62299025b799d55dbfbec4a6f6de02d51f2e03ba35141974c4ea459122c705ac74b2aa2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a5c3821eee08edf0cf9a9770a280a74d

SHA1
633d3366920e8b535a553f9f62953eb82695620b

SHA256
453f23cf81c35c420a0a0ae9d85d2e6825ef150360d51123757b3600d92a1766

SHA512
eb9337c7e0e609e5be366ace54fb93d15d0d62d09c626d2d642e5c304c4532263b0ad9a2b81364700003e0cd620df7021fc663483fcbb365c3f5db6b00237cbe

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6fbf6f6c6c5c5634d5cb01898139bb0f

SHA1
85f74d4adaa01eb905b9110f95cdf2660e77006e

SHA256
add8c292e3eb25b9cb8a2de639463eeb14f4ea7bb7521e29ff4b95a21b7937cc

SHA512
1a54f8a6d4fd4fafcbaa1314f6a1875e54dbbf8b1e574fdcca5cdc4e62a9dbbcfb4ab535b683c87b58ef9c703840f225640f620d1c5abcdc9844900d4c9b08df

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ade2cf232474b1df84c210a7adbb9a2a

SHA1
0900ad34e1aa701bf9edb5ae22c34c514518bc50

SHA256
6195ffc6a7dfc93948d3351e57ef5d44fc1f688fd0a0b1c64adb63e88081195e

SHA512
fc445444cccd5cf5c2474bcd302b594afd782dbf4c797c669d7a72ecbd2c9172302cda48d3d952a887e3b56a4991df12fd23b37b11141184d3c0dd582d619eda

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
49e60db02af3d6b358e0db9d7abedc90

SHA1
282bbc1c2124502b03e520e10ba221c1e5f3cf9f

SHA256
4ed1ed8c9ea96c270c53c02b9e5f64cae492aa2d62420b91eecb4db4a25cf1df

SHA512
1786edb73493eab4b4c527bab3544c4e653cbb67e6f3744fe3454ea63f7b1d1dfc6e0011366c45b98d6ef626548e579b8400a3b60ea5e73d4323d9c24caa5832

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b147b991b2e6f745fc8dd3e146064e8e

SHA1
a5b8d636e14995a7260d4266da1b3b74cada801b

SHA256
c076ad9c1b1e0db0139177ab088d32ec5ec2908997bd70b8ac900af23035c674

SHA512
a7fccfd1af3742d4d89af27de15842e6b7da8dfdfdd919ccbe4f0ff0b6cd83fcdde8e25b9b011065e4d6e5b3eeb0574a74c5371c25e12014174d7c18ed836673

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
51825039d4d0773e776ca41add7647cf

SHA1
8a768ed53a9012b03ee5dc7173a6651aba0f1ac1

SHA256
8ab49e9b77e26000ec8d48fcaf7326b7616745d350c37adcf733f70de0c9ca81

SHA512
7e36252a97c025f753f829b8fb3caaf9ff25c6ba6956346033bf726510d01cda19335e68696b6ca89c8eab948b8901958ca4a2474a7b3855492e02eea9bc5bf2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
afe11a8c88fa5a06dad9c0312297a481

SHA1
9088479cb1f4dfd584fa0ff890d2d4edf4f8ddc7

SHA256
ebf472e9eedc52971bc479e669a694178bedb80164afd7f900b4e99c74aaf7bc

SHA512
58d56191b30320ccb2b6908500d216a430b65c3476fe0e0beeac01604ebde1ab6aa387d22a14c7d4627b725ba53457e02e863544d4c19187018f760fbcfa6180

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d90dcae405a397ba9758089fc015ea44

SHA1
8cfc806de4f84c40dd7a73739786e9fdbf4c0acb

SHA256
f2c92d1cc131f65c9a5798e30bc3a9b6024559cc95431e2e25b1c197feb64106

SHA512
6f57834a740125498cef0742f67f5d7f3dfc373914a69bdef3914c7ea55597e0c415f9424dd1dcd3dbf68a2a6a6f6b832918af254725eb94ec0c7a5773fd9f5e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7af1f9d5413ad8aaceaf7113e00d6acc

SHA1
192ed7970d8a8e1edb670f8841327e9ec6910916

SHA256
da6a7c642538b3ba9ad6c122a6b2accad323e2fcc1becd91dc3a6590bb4460ff

SHA512
06caeafde9f7474197da7abcf2c2793904a6d5035834e48e7fc81a202c9419fd9170ab7878211eff37b5f6fc223b0907033e09b75ba89a8b8824ae1fd4837dba

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bccd7703d9fa1077d5cd09e4d9796552

SHA1
8787ebbe4a430c6554bb15c2c0a4e99e93b73408

SHA256
b00be94ebf50cb71faa3bfa3ad86d915cfb4d31224de749bfcef7b982fea6639

SHA512
1285944b28b8a356d45757ca0c85c26c58e30f929a2b64c7f8d4b68e7b6922af678121a59079163dc17196ca53a28ec847c55a412cff15991564887cb57f8b97

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
803a39818e2eb909af2f99de5e2f621e

SHA1
68910cc16c0d2f17ac59609e41495264dd6959ca

SHA256
04625638b64fe4ef05ad79ccd59dcb37212df0a3a4cca39897d7f0504b218165

SHA512
9a3ab32e7be3ab5288c8515e4ae3f05c471876698cdf83af3ae830d8c7b9482a8b44b8f32c3ac872ec94f29b0322a06c7609256314a298bafdb496d761879233

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d69b411c3cd462c985fb85fb94f14e04

SHA1
bed7f8d7117c945e74102a39844ba46530153e9c

SHA256
17e7bcb6d6aa2dc02c89e9da5dacd9f49f315c11ff01999b9942ad8445f8c790

SHA512
d3970c44e9072563ba545a49cbeb8ebd2b286bad3d25a462ce7f852049ed8f88454cf300a22cd4ae05c0fe042caed73f7870eac3ba5f381b5653c9c80593a050

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
521a1e2c5c1940fbf31848177cc7a33a

SHA1
261aa1288bc69deca723473e2c33bd00b04c796d

SHA256
21aad3254a290ee6e6b52f29289ef6477d0c0793dbe3e068b2c2755a191b3309

SHA512
e4372cebf704ba77cb4b2a877bbdd57fce809ceeaf301376cb86385a3f79797b6c0c462236071d5dafe76787b73bf19afb362aaf8514cc21bc58d9047170fa8a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5a1bd799fd4bb462b1ccd4494a805ccd

SHA1
b89f3452722f27f054d66fbaadfdcf58ba040696

SHA256
17f6bccda3f7949c3fe64f832cba14d6f8b2640162b28c88d068c25ef4b48110

SHA512
428f876b5328df045a86597b96cad0058f5adccb2c36a1e57a9b7ce245e840300b22544d63ada5e092f997655a0c954e21a117ec2d1113aefe8ec90c86102be0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\sxsuh4u\imagestore.dat

Filesize
110KB

MD5
ea9e11a77610b15337fa453dd599d898

SHA1
07bd313a7928cb30c91fa4d259075128d88170ee

SHA256
5178c31abe28db32d00d9f032b05f5bd9a3a08c24130ccf83a40eb36de382e61

SHA512
94d94bc53392a00a0ab4eb665950fd47f392ab31c67860e3d2c18eebaa8f2c1c1c575eb9580ec12bcaf3952612a6bfe3d6988683d3229bcf96bca46c0f6d4a9e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5OCCPTL4\js[1].js

Filesize
180KB

MD5
f975c796696f37696ae6c873177f8d33

SHA1
a38bf47f9d1f11568252d472a5b0e63d39235005

SHA256
3719f3a2baefa3e07007ed66fec1ed9acff2dd782a609a7de61b43ebe98e51a5

SHA512
6a2edaf0f7930c0505bba80efc391bde01bbc5622bbb8c1302b7c0b68dd381f43e5838b6393adff092872c4b192e1e4dff684241cb6aeeb918160d3c4b265e32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B1014REI\analytics[1].js

Filesize
51KB

MD5
575b5480531da4d14e7453e2016fe0bc

SHA1
e5c5f3134fe29e60b591c87ea85951f0aea36ee1

SHA256
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

SHA512
174e48f4fb2a7e7a0be1e16564f9ed2d0bbcc8b4af18cb89ad49cf42b1c3894c8f8e29ce673bc5d9bc8552f88d1d47294ee0e216402566a3f446f04aca24857a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EDQW9R5V\favicon[1].ico

Filesize
109KB

MD5
504432c83a7a355782213f5aa620b13f

SHA1
faba34469d9f116310c066caf098ecf9441147f1

SHA256
df4276e18285a076a1a8060047fbb08e1066db2b9180863ec14a055a0c8e33f1

SHA512
314bb976aea202324fcb2769fdd12711501423170d4c19cd9e45a1d12ccb20e5d288bb19e2d9e8fd876916e799839d0bd51df9955d40a0ca07a2b47c2dbefa9c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar2746.tmp

Filesize
175KB

MD5
dd73cead4b93366cf3465c8cd32e2796

SHA1
74546226dfe9ceb8184651e920d1dbfb432b314e

SHA256
a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22

SHA512
ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads