afa1d58f346a4f95b4d1df362985cb7f92bf5b206ab91de32bd5a2209ad6ddaf

Analysis

max time kernel
118s
max time network
120s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
10/03/2024, 00:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

afa1d58f346a4f95b4d1df362985cb7f92bf5b206ab91de32bd5a2209ad6ddaf.exe
Size

373KB
MD5

522ef090c914d8e16e0e0df9cba009fd
SHA1

cff39657468027ea8abb6bcfba7d583855af8e12
SHA256

afa1d58f346a4f95b4d1df362985cb7f92bf5b206ab91de32bd5a2209ad6ddaf
SHA512

8e193df4d02bcd9a3ae7f8ccef3705e0da2c88531844eca705346d3fb2634bdc8a94dd3ec32236ca8706781485cdfd0b2e6d2b3bd0c25050a5e3ea9e55d62c9b
SSDEEP

6144:dJuXtXxog5E+FWPNfrf6yGEssQxNpbMe4HMKoh:X8XNE+FuNfrSyGEssQJ4R

Score

9^/10

ransomware

Malware Config

Signatures

Detects executables built or packed with MPress PE compressor 9 IoCs

resource	yara_rule
behavioral1/memory/2992-0-0x0000000000400000-0x0000000000470000-memory.dmp	INDICATOR_EXE_Packed_MPress
behavioral1/files/0x0007000000015c86-33.dat	INDICATOR_EXE_Packed_MPress
behavioral1/files/0x00050000000121ec-235.dat	INDICATOR_EXE_Packed_MPress
behavioral1/files/0x00060000000121fc-282.dat	INDICATOR_EXE_Packed_MPress
behavioral1/memory/2992-600-0x0000000000400000-0x0000000000470000-memory.dmp	INDICATOR_EXE_Packed_MPress
behavioral1/files/0x0007000000016c2e-195.dat	INDICATOR_EXE_Packed_MPress
behavioral1/files/0x0009000000016c26-138.dat	INDICATOR_EXE_Packed_MPress
behavioral1/files/0x0002000000011c9e-32.dat	INDICATOR_EXE_Packed_MPress
behavioral1/files/0x0003000000011c9b-25.dat	INDICATOR_EXE_Packed_MPress

Enumerates connected drives 3 TTPs 10 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\E:	afa1d58f346a4f95b4d1df362985cb7f92bf5b206ab91de32bd5a2209ad6ddaf.exe
File opened (read-only)	\??\J:	afa1d58f346a4f95b4d1df362985cb7f92bf5b206ab91de32bd5a2209ad6ddaf.exe
File opened (read-only)	\??\K:	afa1d58f346a4f95b4d1df362985cb7f92bf5b206ab91de32bd5a2209ad6ddaf.exe
File opened (read-only)	\??\M:	afa1d58f346a4f95b4d1df362985cb7f92bf5b206ab91de32bd5a2209ad6ddaf.exe
File opened (read-only)	\??\O:	afa1d58f346a4f95b4d1df362985cb7f92bf5b206ab91de32bd5a2209ad6ddaf.exe
File opened (read-only)	\??\G:	afa1d58f346a4f95b4d1df362985cb7f92bf5b206ab91de32bd5a2209ad6ddaf.exe
File opened (read-only)	\??\H:	afa1d58f346a4f95b4d1df362985cb7f92bf5b206ab91de32bd5a2209ad6ddaf.exe
File opened (read-only)	\??\I:	afa1d58f346a4f95b4d1df362985cb7f92bf5b206ab91de32bd5a2209ad6ddaf.exe
File opened (read-only)	\??\L:	afa1d58f346a4f95b4d1df362985cb7f92bf5b206ab91de32bd5a2209ad6ddaf.exe
File opened (read-only)	\??\N:	afa1d58f346a4f95b4d1df362985cb7f92bf5b206ab91de32bd5a2209ad6ddaf.exe

Sets desktop wallpaper using registry 2 TTPs 1 IoCs

ransomware

Defacement

T1491

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\TranscodedWallpaper.jpg"	afa1d58f346a4f95b4d1df362985cb7f92bf5b206ab91de32bd5a2209ad6ddaf.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Internet Explorer\iediagcmd.exe	afa1d58f346a4f95b4d1df362985cb7f92bf5b206ab91de32bd5a2209ad6ddaf.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\apt.cab	afa1d58f346a4f95b4d1df362985cb7f92bf5b206ab91de32bd5a2209ad6ddaf.exe
File opened for modification	C:\Program Files\Microsoft Office\Office14\MSOHTMED.EXE	afa1d58f346a4f95b4d1df362985cb7f92bf5b206ab91de32bd5a2209ad6ddaf.exe
File created	C:\Program Files\Windows Defender\MpCmdRun.exe	afa1d58f346a4f95b4d1df362985cb7f92bf5b206ab91de32bd5a2209ad6ddaf.exe
File opened for modification	C:\Program Files\Windows Journal\Journal.cab	afa1d58f346a4f95b4d1df362985cb7f92bf5b206ab91de32bd5a2209ad6ddaf.exe
File created	C:\Program Files\7-Zip\7z.exe	afa1d58f346a4f95b4d1df362985cb7f92bf5b206ab91de32bd5a2209ad6ddaf.exe
File opened for modification	C:\Program Files\7-Zip\RCX16DC.tmp	afa1d58f346a4f95b4d1df362985cb7f92bf5b206ab91de32bd5a2209ad6ddaf.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE	afa1d58f346a4f95b4d1df362985cb7f92bf5b206ab91de32bd5a2209ad6ddaf.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\appletviewer.exe	afa1d58f346a4f95b4d1df362985cb7f92bf5b206ab91de32bd5a2209ad6ddaf.exe
File created	C:\Program Files\Windows Mail\wabmig.exe	afa1d58f346a4f95b4d1df362985cb7f92bf5b206ab91de32bd5a2209ad6ddaf.exe
File opened for modification	C:\Program Files\Windows Media Player\wmprph.cab	afa1d58f346a4f95b4d1df362985cb7f92bf5b206ab91de32bd5a2209ad6ddaf.exe
File opened for modification	C:\Program Files\DVD Maker\DVDMaker.cab	afa1d58f346a4f95b4d1df362985cb7f92bf5b206ab91de32bd5a2209ad6ddaf.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.cab	afa1d58f346a4f95b4d1df362985cb7f92bf5b206ab91de32bd5a2209ad6ddaf.exe
File opened for modification	C:\Program Files\Windows Defender\MSASCui.cab	afa1d58f346a4f95b4d1df362985cb7f92bf5b206ab91de32bd5a2209ad6ddaf.exe
File opened for modification	C:\Program Files\7-Zip\RCX16DB.tmp	afa1d58f346a4f95b4d1df362985cb7f92bf5b206ab91de32bd5a2209ad6ddaf.exe
File created	C:\Program Files\Windows Defender\MSASCui.exe	afa1d58f346a4f95b4d1df362985cb7f92bf5b206ab91de32bd5a2209ad6ddaf.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\RCX1755.tmp	afa1d58f346a4f95b4d1df362985cb7f92bf5b206ab91de32bd5a2209ad6ddaf.exe
File opened for modification	C:\Program Files\Microsoft Games\Chess\RCX1800.tmp	afa1d58f346a4f95b4d1df362985cb7f92bf5b206ab91de32bd5a2209ad6ddaf.exe
File opened for modification	C:\Program Files\7-Zip\7z.cab	afa1d58f346a4f95b4d1df362985cb7f92bf5b206ab91de32bd5a2209ad6ddaf.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe	afa1d58f346a4f95b4d1df362985cb7f92bf5b206ab91de32bd5a2209ad6ddaf.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\RCX177F.tmp	afa1d58f346a4f95b4d1df362985cb7f92bf5b206ab91de32bd5a2209ad6ddaf.exe
File created	C:\Program Files\Internet Explorer\iexplore.exe	afa1d58f346a4f95b4d1df362985cb7f92bf5b206ab91de32bd5a2209ad6ddaf.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\InkWatson.exe	afa1d58f346a4f95b4d1df362985cb7f92bf5b206ab91de32bd5a2209ad6ddaf.exe
File created	C:\Program Files\Windows Media Player\setup_wm.cab	afa1d58f346a4f95b4d1df362985cb7f92bf5b206ab91de32bd5a2209ad6ddaf.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\chrome.cab	afa1d58f346a4f95b4d1df362985cb7f92bf5b206ab91de32bd5a2209ad6ddaf.exe
File created	C:\Program Files\Java\jre7\bin\jabswitch.exe	afa1d58f346a4f95b4d1df362985cb7f92bf5b206ab91de32bd5a2209ad6ddaf.exe
File opened for modification	C:\Program Files\Windows Media Player\wmpnscfg.cab	afa1d58f346a4f95b4d1df362985cb7f92bf5b206ab91de32bd5a2209ad6ddaf.exe
File opened for modification	C:\Program Files\Microsoft Games\Chess\Chess.cab	afa1d58f346a4f95b4d1df362985cb7f92bf5b206ab91de32bd5a2209ad6ddaf.exe
File opened for modification	C:\Program Files\Mozilla Firefox\crashreporter.exe	afa1d58f346a4f95b4d1df362985cb7f92bf5b206ab91de32bd5a2209ad6ddaf.exe
File created	C:\Program Files\Windows Defender\MSASCui.cab	afa1d58f346a4f95b4d1df362985cb7f92bf5b206ab91de32bd5a2209ad6ddaf.exe
File created	C:\Program Files\Windows Mail\wabmig.cab	afa1d58f346a4f95b4d1df362985cb7f92bf5b206ab91de32bd5a2209ad6ddaf.exe
File opened for modification	C:\Program Files\Windows Media Player\wmpenc.cab	afa1d58f346a4f95b4d1df362985cb7f92bf5b206ab91de32bd5a2209ad6ddaf.exe
File created	C:\Program Files\Windows NT\Accessories\wordpad.cab	afa1d58f346a4f95b4d1df362985cb7f92bf5b206ab91de32bd5a2209ad6ddaf.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.cab	afa1d58f346a4f95b4d1df362985cb7f92bf5b206ab91de32bd5a2209ad6ddaf.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe	afa1d58f346a4f95b4d1df362985cb7f92bf5b206ab91de32bd5a2209ad6ddaf.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe	afa1d58f346a4f95b4d1df362985cb7f92bf5b206ab91de32bd5a2209ad6ddaf.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\apt.exe	afa1d58f346a4f95b4d1df362985cb7f92bf5b206ab91de32bd5a2209ad6ddaf.exe
File opened for modification	C:\Program Files\Mozilla Firefox\RCX1814.tmp	afa1d58f346a4f95b4d1df362985cb7f92bf5b206ab91de32bd5a2209ad6ddaf.exe
File created	C:\Program Files\Windows Media Player\wmpnetwk.cab	afa1d58f346a4f95b4d1df362985cb7f92bf5b206ab91de32bd5a2209ad6ddaf.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\RCX1730.tmp	afa1d58f346a4f95b4d1df362985cb7f92bf5b206ab91de32bd5a2209ad6ddaf.exe
File created	C:\Program Files\Internet Explorer\ielowutil.cab	afa1d58f346a4f95b4d1df362985cb7f92bf5b206ab91de32bd5a2209ad6ddaf.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\chrome_proxy.cab	afa1d58f346a4f95b4d1df362985cb7f92bf5b206ab91de32bd5a2209ad6ddaf.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\RCX17C8.tmp	afa1d58f346a4f95b4d1df362985cb7f92bf5b206ab91de32bd5a2209ad6ddaf.exe
File created	C:\Program Files\Microsoft Office\Office14\MSOHTMED.cab	afa1d58f346a4f95b4d1df362985cb7f92bf5b206ab91de32bd5a2209ad6ddaf.exe
File created	C:\Program Files\Mozilla Firefox\default-browser-agent.exe	afa1d58f346a4f95b4d1df362985cb7f92bf5b206ab91de32bd5a2209ad6ddaf.exe
File created	C:\Program Files\Windows Media Player\WMPDMC.cab	afa1d58f346a4f95b4d1df362985cb7f92bf5b206ab91de32bd5a2209ad6ddaf.exe
File opened for modification	C:\Program Files\7-Zip\RCX16EE.tmp	afa1d58f346a4f95b4d1df362985cb7f92bf5b206ab91de32bd5a2209ad6ddaf.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.cab	afa1d58f346a4f95b4d1df362985cb7f92bf5b206ab91de32bd5a2209ad6ddaf.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe	afa1d58f346a4f95b4d1df362985cb7f92bf5b206ab91de32bd5a2209ad6ddaf.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\RCX17A4.tmp	afa1d58f346a4f95b4d1df362985cb7f92bf5b206ab91de32bd5a2209ad6ddaf.exe
File opened for modification	C:\Program Files\Mozilla Firefox\uninstall\RCX1849.tmp	afa1d58f346a4f95b4d1df362985cb7f92bf5b206ab91de32bd5a2209ad6ddaf.exe
File opened for modification	C:\Program Files\Windows NT\Accessories\wordpad.cab	afa1d58f346a4f95b4d1df362985cb7f92bf5b206ab91de32bd5a2209ad6ddaf.exe
File created	C:\Program Files\VideoLAN\VLC\uninstall.exe	afa1d58f346a4f95b4d1df362985cb7f92bf5b206ab91de32bd5a2209ad6ddaf.exe
File created	C:\Program Files\Windows Journal\Journal.cab	afa1d58f346a4f95b4d1df362985cb7f92bf5b206ab91de32bd5a2209ad6ddaf.exe
File opened for modification	C:\Program Files\7-Zip\7zFM.cab	afa1d58f346a4f95b4d1df362985cb7f92bf5b206ab91de32bd5a2209ad6ddaf.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\ink\FlickLearningWizard.cab	afa1d58f346a4f95b4d1df362985cb7f92bf5b206ab91de32bd5a2209ad6ddaf.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\RCX1766.tmp	afa1d58f346a4f95b4d1df362985cb7f92bf5b206ab91de32bd5a2209ad6ddaf.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\RCX17A5.tmp	afa1d58f346a4f95b4d1df362985cb7f92bf5b206ab91de32bd5a2209ad6ddaf.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\RCX17C9.tmp	afa1d58f346a4f95b4d1df362985cb7f92bf5b206ab91de32bd5a2209ad6ddaf.exe
File created	C:\Program Files\Mozilla Firefox\crashreporter.exe	afa1d58f346a4f95b4d1df362985cb7f92bf5b206ab91de32bd5a2209ad6ddaf.exe
File opened for modification	C:\Program Files\Windows Sidebar\sidebar.cab	afa1d58f346a4f95b4d1df362985cb7f92bf5b206ab91de32bd5a2209ad6ddaf.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.cab	afa1d58f346a4f95b4d1df362985cb7f92bf5b206ab91de32bd5a2209ad6ddaf.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.cab	afa1d58f346a4f95b4d1df362985cb7f92bf5b206ab91de32bd5a2209ad6ddaf.exe
File created	C:\Program Files\Internet Explorer\iediagcmd.cab	afa1d58f346a4f95b4d1df362985cb7f92bf5b206ab91de32bd5a2209ad6ddaf.exe

Drops file in Windows directory 2 IoCs

description	ioc	Process
File created	C:\windows\WallPapers.jpg	afa1d58f346a4f95b4d1df362985cb7f92bf5b206ab91de32bd5a2209ad6ddaf.exe
File created	C:\windows\readme.1xt	afa1d58f346a4f95b4d1df362985cb7f92bf5b206ab91de32bd5a2209ad6ddaf.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Desktop\General	afa1d58f346a4f95b4d1df362985cb7f92bf5b206ab91de32bd5a2209ad6ddaf.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Desktop\General\WallpaperSource = "C:\\windows\\WallPapers.jpg"	afa1d58f346a4f95b4d1df362985cb7f92bf5b206ab91de32bd5a2209ad6ddaf.exe

C:\Users\Admin\AppData\Local\Temp\afa1d58f346a4f95b4d1df362985cb7f92bf5b206ab91de32bd5a2209ad6ddaf.exe
"C:\Users\Admin\AppData\Local\Temp\afa1d58f346a4f95b4d1df362985cb7f92bf5b206ab91de32bd5a2209ad6ddaf.exe"
1⤵
- Enumerates connected drives
- Sets desktop wallpaper using registry
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies Internet Explorer settings
PID:2992

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Defacement

T1491

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7z.cab

Filesize
507KB

MD5
9f3d2d507fa95a48de7beb3d1098cef6

SHA1
430e36e4ee78a4841d1964f99b8357ace13f9515

SHA256
02dc26b6e147b592460dd4e08e5b739e2f12460da82f4de05f1158fe9b0befaf

SHA512
17fe7d029bf6a8502c9b5d385406974606434836a6bc463eadc20fb472a0ca3fe1f19b28ff2c0ff256926b8abcfb9cd7646e1d59abc7edf55147e0dacfa068a7

Download Submit
C:\Program Files\7-Zip\7z.exe

Filesize
226KB

MD5
46823ecb5175f610d47a939b0149a9a6

SHA1
3c97a279054c6956c582ec93ecc637018b2814d3

SHA256
a0d72449043c86664cb377e8ba9562338afa0eb00ffae9c96d1c273bbfe1234d

SHA512
72679c740ebc3d6fc1f0e05aa184d0bde1ce0e641ae806d9d9d95f8770d19f2096129ce648769f262609e3c1b1a0d8db687713bc47e1bdff6d491f2952862328

Download Submit
C:\Program Files\7-Zip\7zFM.cab

Filesize
41KB

MD5
0d4c2e0349ed21e5288ac499c6f168ac

SHA1
33b32aeacb0407c22ea608298dfdb08f2c4cf350

SHA256
17f1295e15ad40d9abdbd5a099f4630383ca3e96b76cfe5983d54a540965347f

SHA512
1f799a6111f74148c39faac233e034ba585c4a620a8ed58d4769e9279f29c94f899871a7a3035d95384c2944d09164df6ab8df54b1240e188ace32c65967d78f

Download Submit
C:\Program Files\7-Zip\7zFM.exe

Filesize
279KB

MD5
f68758c7051d7fc4141792861bf42708

SHA1
cced6a944f5867b192595df31aa93b4ecfc87a04

SHA256
3abca25779f857c93064f5fd0c2ee3eb231a100ea5829c40648b790647b0ca28

SHA512
099cbb026ccbae9a873ff08411d9ca3661bbd353fcdf13d2fa9a3102e2751d453a2a7d2f888816bdadf18500bf32ee561a5dfa56b24b2e90679572b744f9f89c

Download Submit
C:\Program Files\7-Zip\RCX16DD.tmp

Filesize
47KB

MD5
af0cb10e98341be3b9bf94ff565036d9

SHA1
e1f48f106e77cc2c9ede3f70563f5645551c1ee3

SHA256
25671b0e640084c36f5c3bfec9d01eea32784961152fdba37f41326bfbf6c486

SHA512
24978c10ca0f84739636ea3533e197a59666ba867449da38e4418b06e363b7ae5cc65efe8c089d25f66e91008179af3aa7ab81d482ec50b5f1bb2d7eeb22a314

Download Submit
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.cab

Filesize
26KB

MD5
139849667000809dd0f5ad1aff35543c

SHA1
06fc14e294e03fd3db8204b729583fc3f4544075

SHA256
f74afe67036010526c37467da7a05967ee0dc774ecc3a4d53f54625d1c012659

SHA512
c4c050067be80685ce3f246265b22c0674f150ac89f03496ab41fed73ff3fe2c8d1ef3f3cf1a47d711c66570825f483fd5812d6ccc6a989fe2e828be5e3e164b

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.cab

Filesize
431KB

MD5
d314a92fb7f163644e80692d00aca39e

SHA1
927fc6028cac392e6a929d9758c55b9b05bb3458

SHA256
6f94e3803f1907cf4f53d33f0c7223ef877410476fcf5f01c851c060e29e450a

SHA512
13a448e030c6fc050c64b13a537cbc39f82c2ac26858d562a3fc75c53dbb21ad688ca8f92ae2a36323fb9cd1708988448a73cee3fec8e38c41fbd1793318585a

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe

Filesize
93KB

MD5
72f907d145527eaaf9c5e6340ac4be7e

SHA1
8bdb0e9a01c6c0e2eba5b87fadb5cee20930e93f

SHA256
a48cc37317226bb891d48a9de4889809894804286f95533086b6fdd1c86a7cf6

SHA512
18ff6b7de75623117e514e32fa07f033a6a114b094da3a1c83174d1770158cea8bfab7210be3c940e76edcbcd0e9f71b4b04366e38f6b03467571596218a7186

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.cab

Filesize
285KB

MD5
9ad2ab9b8f5abb3e1b8ed7d1a52e40e1

SHA1
d1d0481c1ae6bd6b897311546db3a78a6f990c04

SHA256
b0f36ef120508bf07b0d9a1e56ab8a55aac4ee5d7831d0bd99b4fe25e9de80a3

SHA512
56dc45ffdf2f1dcd432c368226c85e56ba6ad027b5253a7f2969918c94bec70ca4651761539fcf88d044f5244423bc9420f8e56fb963850aba3dd3d986079428

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.cab

Filesize
211KB

MD5
f71a96a6b3735c86a09a468e64834760

SHA1
306c26682dad7e5e141274e5d9e02c7bc9e33f09

SHA256
100b6ca92d95b97f893b5b5cc796903dbf611a5bdac4569bdd2a86a835a7a0b4

SHA512
0bed2de1c414cfed6df39242488a220ce8752e284d137f725fdb9140413a8d5af458201e50ac625addc229d9ac8e17dc7e2faf3f944f0500f53130ab833ff5bf

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

Filesize
136KB

MD5
87e52df2ec28a5ad4f6eb009aab50720

SHA1
441f645cb1915712a3f364dd456fc400147a022f

SHA256
838bb984121ee96251cccac440a34a2cffce5487c911747a7d12939d9b0bbbf0

SHA512
8c3d8725fe6a4e59bc2e127c2a5f2064ea5b7df089dbd0f54c1ebc71a3da52673e7ec5589af760deb981cef72046674aed797c759f85f17f0e728c4e5ee18629

Download Submit
C:\Program Files\Google\Chrome\Application\chrome.cab

Filesize
86KB

MD5
74209bd43fba70d19ad879500fa2c8e2

SHA1
bd9f392eeeba0f7b23ce091b6fb155908ea28d6d

SHA256
a38e423ccf179be51712613967f1f21ff342937ea5c614ed6b2401f195187539

SHA512
8708193f153b245f179095c25dafb6d7ca302075daa94a02ca709db34a4157e12b16e628f3bc8d1ebd3c49580c276c3ace69f36e420dde902732b82517450694

Download Submit
C:\Program Files\Google\Chrome\Application\chrome.exe

Filesize
398KB

MD5
516e9bcb53df3173da3c6ca7c3676ba0

SHA1
6512b66a79636eab5d6b146d9431beec79278f47

SHA256
acc88da986bc4932b3c1c8017c72c167ae7ff785dc13fec130419f9d9b0f9900

SHA512
8281a492b586d0d210af1a5c26073f9cded3d1e2493754fd94e2961bdbb8eefe6665764574d8aad69925f2199e003f635c4cc5382bde6e713d3a09f15eb13efb

Download Submit
C:\Program Files\Google\Chrome\Application\chrome_proxy.cab

Filesize
376KB

MD5
66fec3f88666e1f54d50cef62b3adc28

SHA1
42d0bf0634b8053283fede69158813c52adb6177

SHA256
e475904bfa0998a03fb6c9b7fe63117736e91b5f49b7554d93f7e4602be49ab9

SHA512
85f521d248cefe5b4168c40505f9b94c0ea6e0db2298cd5fa84a2ede1b72824898087c1f8aae4c1c4acf8530f888d51348c8eb93f1a346bb779d3a3181d5caf8

Download Submit
C:\Program Files\Google\Chrome\Application\chrome_proxy.exe

Filesize
287KB

MD5
77bff379a1bc2d00496ae1335b93a2b2

SHA1
0d0e62b5cbd6c0b87671b3dc8c9cb1b39222b686

SHA256
52a7446943b148a0f3df77ba3dec0a2359f4f15b80f31cfe3379da6844d75284

SHA512
b2052c68cefe9fcc9bbd7b0f40c9d5ef1edf4083ff27b4758ade317aa8159bc52d648ae563ad3b355823d4fcc6dcc24a0a9f61bc537d2753b0b9891e11e74bcd

Download Submit
C:\Program Files\Java\jdk1.7.0_80\bin\appletviewer.cab

Filesize
15KB

MD5
c9aaf1247944e0928d6a7eae35e8cdc4

SHA1
af91d57336d495bb220d8f72dcf59f34f5998fd3

SHA256
05b153ba07dc1a262fb1013d42bfc24d9000ce607f07d227593c975cdf0bb25b

SHA512
bf3bc64135810948626105a8f76dc4439e68ee531f20d901c3082ae2155f2ea35f34d408de44b46ede61ded832fcc61ac1cb9719e432f0f07b49479c95847e51

Download Submit
C:\Program Files\Java\jdk1.7.0_80\bin\apt.cab

Filesize
15KB

MD5
407d2d7dab36cdea871d4c6b9c62b258

SHA1
86cd158ad810c6772c22a5799c7acf4b9d7c9f57

SHA256
3c040679ea4be0cc5ca20c9f24caf6c13d3002560347e7446dc963b611523bd9

SHA512
dcdb53a3ca2a3637216a9d8133d1dbda336a6d3a98c6b956af42f94adbc136dc5a0245e87512d0314f23dbf3cab4900bc40ac13c79ee93a677d93a89e0cd9e17

Download Submit
C:\Program Files\Java\jre7\bin\jabswitch.cab

Filesize
11KB

MD5
527beb8560d192cc95d6bfddc5d1a4a9

SHA1
b7b44bd43473ea7b47f88dea7566e8a186ebdda3

SHA256
384add660c57b8bf51fee5aa3892619a1667e95278cf4a086bdc3818f5016c8d

SHA512
14b692292ccd9c31dab776b9377d5826339c82319195fef1c8eaa0e4d7ae517bf700d31c557dc9c5cd04a75e89b04f15dca2b5c82db590e5a8d95f47541d2f11

Download Submit
C:\Program Files\Microsoft Games\Chess\Chess.cab

Filesize
85KB

MD5
dfd221b04b07f17ac4a7e9db32f18440

SHA1
3bc0364e3f2639fbe228d38b349fc9d4f6380bb1

SHA256
bc095ebb2894df9e063c332298332186ae10fe0c4f9ed6e6e547c25ca89ae584

SHA512
80a50cea404cd46e97e127aba470f2af4e344259d28284f7806ac883eb9fb776073bb3f22bbb2362fc30e9ba7462d16e9e2e1fb9652271535bfeef3f9b828fe3

Download Submit
C:\Program Files\Microsoft Office\Office14\MSOHTMED.cab

Filesize
1KB

MD5
26b52e5d634c87f699bc31cff57cd5f0

SHA1
83229c2329ced9a9bfa4182181f18ea2d12e7b0c

SHA256
e900f2080f3d02864ba3830a5ca3eb497dd540c65dee93f7e482edf9da6d7623

SHA512
9644a64c5f945470b655d95704ae3cdd8bed5f65b1017f7a8ca4943d2e522879a8d09fafa8b546aee9bc6fcfdac2dcc18b79bdf71cf9657d8912189c56b628b6

Download Submit
C:\Program Files\Mozilla Firefox\crashreporter.cab

Filesize
92KB

MD5
4a477ec7027364e4a068b86cdd31e6fd

SHA1
df49d952f7e621cc6c7050d29ea4358bc68ddf8f

SHA256
e6e77542739a9453ba29ca5e0d30e81062d6d342ed8a74c30907064f28ea06b8

SHA512
671eb1e3b31ae3cc7899d9345bd659a7e9b897c97d0906903aa9e961009c44fc9a4b679e8fcb8bd90f3a0f4e7cee9b35af262492269a4e5c6a16010390e1e464

Download Submit
C:\Program Files\Mozilla Firefox\default-browser-agent.cab

Filesize
2KB

MD5
feeb6ece8d6c4a69a439651a3bdf4a0f

SHA1
3fe3ac3fd77bb39d02e7a08c5ce7d7a8612d960b

SHA256
2246e57c92dd34fed45c6a9810bd3f748e9b653c2e99b9d0e77cc54f2ec3a00e

SHA512
32222dd792888d9c93f8412062f9cffd23f5c90a35e47351bef16d14886fa910b4335984c7597ed8c44f1d587ab820d018fbe2903e94921f547f1f73a2573f39

Download Submit
C:\Program Files\Mozilla Firefox\uninstall\helper.cab

Filesize
46KB

MD5
0d83d4db105b0d9b5bb4977b646e9b31

SHA1
20e85b22b9296b1defee0d4e8668dcc7aff32095

SHA256
8a9afaba4d20f19c23a0462f0f1fa4f62e8060156621eecce830d1871c509c2a

SHA512
d54b0e8624ff15d0e4fed863df434e5e8cca5d5bb32fad33b9abb972b991b8ab91ab8f858c39874fba0bb06a13fb4ef22e92cac7885a00a6d7745752a3f2d151

Download Submit
C:\Program Files\VideoLAN\VLC\uninstall.cab

Filesize
34KB

MD5
df680f1801c13b2a4dc9224d31f5df5e

SHA1
5580ed92ef4e9035fa64f33d6a9bd9d8c823182a

SHA256
b310545066536233225f63f43ed65774aa3f03d9b839d011ca78f8eb548c4458

SHA512
68ce4256419cc75aa5f07896693207dbe50a4d91b93b74529bca0c54b5f92a75409eb1dc46025df2b3a573433a3f78290bbc79f9e1977b73419f80ea1bed90a8

Download Submit
C:\Program Files\VideoLAN\VLC\vlc-cache-gen.cab

Filesize
40KB

MD5
ff13cb4ffae21a58f590c9b7f915b5ae

SHA1
29c26ccbd9e026471b5a25accfa2e50277f8a247

SHA256
330aec9f5ab1c595cfd63c3509490d3a66970ca18b4de943ffd8e110e3e4020e

SHA512
2388fcadd53ca5885c389ef2edc87363801f0a482b217f409cbdd844d7be01a0a045c2c96c0117e91323c5e076282fb37695b1cd47fb28c9485c81bd1bd5f65c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg

Filesize
82KB

MD5
520fd0dbff5170d4b3a421d9381fa0ad

SHA1
838525b556ad0c2f64b269e0f691983cf05a19d0

SHA256
7714f93a11f50ae0c820a44dfa4fba4f3afd82378d76a35b396e2d8a94e6c9e4

SHA512
120f038183c701aefd9fb757cbdec176de8852314b4ddc84ee25c97b0914d46b4b67e77f1672f5395360496099bffdcb18b521b08319a2798cc9611eac36a70b

Download Submit
memory/2992-600-0x0000000000400000-0x0000000000470000-memory.dmp

Filesize
448KB

Download
memory/2992-0-0x0000000000400000-0x0000000000470000-memory.dmp

Filesize
448KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads