8883cc13e0f391979e828931e59168cd8bdb1814598323622a51f85ab302f3f8

max time kernel
120s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
01/04/2024, 07:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

08456d53df6abf9812cf4549b3b582ea_JaffaCakes118.exe
Size

131KB
MD5

08456d53df6abf9812cf4549b3b582ea
SHA1

500c86eb1e89469dd226f3d664e860f7676a9225
SHA256

8883cc13e0f391979e828931e59168cd8bdb1814598323622a51f85ab302f3f8
SHA512

40125b077f5485be87e6cfb1339651baae342046dc34ed9a5b97541486006511c959ebe89651a0264dd761167886843c6cc597b359cb8384675696999ff3c52b
SSDEEP

1536:BL+O/U7OBmKGS6CBK0t/ZCXPGuxgDM5YKBGNc/xf6KWcs8+SUkIcekqY1o/uImzk:BLxUyjp3xCTyDMsUWyw+Ubx7NR

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Windows\CurrentVersion\Run\6miepsjveu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\08456d53df6abf9812cf4549b3b582ea_JaffaCakes118.exe"	08456d53df6abf9812cf4549b3b582ea_JaffaCakes118.exe

Uses Tor communications 1 TTPs
Malware can proxy its traffic through Tor for more anonymity.

Proxy
T1090

Drops file in System32 directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\taskschd.msc	mmc.exe

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\MINIE	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f0a505c70584da01	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002dcc56832ee45b40af0f973e997a3e3e00000000020000000000106600000001000020000000956d6f1f0e2c046290b363813dc214555459ccfed499fc3037474173324e6892000000000e8000000002000020000000b9afaee154d728c93122dfda13f23239c2e93e592cf9753db794c391ea43a502900000001b7e2121fa92e89043e98d718ab0de694bd159d607d59214dbdbabc9b03febb4669b8210418a87daec0c2038574969096ee6d07bbb277dd8f4d064915b7f1ecad2e2cb7600a49a2cb4b55dde5f7cea068c9a86e94809770a26f5629bce2ab8eb633bb80e5d30e265f7d8ce763a66dd8138965cace84c75eed5e998da8cafd5f85a6cc562167ffbc4e41889953f2dbc2b400000004a5296e7528e38c756a44e4a47218295a0c789de031c41e31efe53b65104059f9bf26ed318805ba7c19b444b67395ebe3c47c344d748451b609a5c12e0b4bb4c	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{F2A38291-EFF8-11EE-B1D1-D2EFD46A7D0E} = "0"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002dcc56832ee45b40af0f973e997a3e3e00000000020000000000106600000001000020000000a0ac5e56fcf7d4de7075bdd21ca9b1368c0ee25671f963f12954956ec6fe2e28000000000e8000000002000020000000cafd385fee43a6a9a19d0816cf2af27219717913aa8faa293307b5a0e3094eda20000000001465ca4b9ac511a5910a96f9c5c903cd13bf1e8152f7c40b190a6b394a43104000000077315cfd6a5fc61a7bdc80bfd6d3c5b46252a83ad9c1d95514e87aad3c331f2c08963b356c3908835df4173c9ae088d22462b440c5d540a2b62359b54ce52252	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE

Suspicious use of AdjustPrivilegeToken 58 IoCs

description	pid	Process
Token: 33	2104	mmc.exe
Token: SeIncBasePriorityPrivilege	2104	mmc.exe
Token: 33	2104	mmc.exe
Token: SeIncBasePriorityPrivilege	2104	mmc.exe
Token: 33	2104	mmc.exe
Token: SeIncBasePriorityPrivilege	2104	mmc.exe
Token: 33	2104	mmc.exe
Token: SeIncBasePriorityPrivilege	2104	mmc.exe
Token: 33	2104	mmc.exe
Token: SeIncBasePriorityPrivilege	2104	mmc.exe
Token: 33	2104	mmc.exe
Token: SeIncBasePriorityPrivilege	2104	mmc.exe
Token: 33	2104	mmc.exe
Token: SeIncBasePriorityPrivilege	2104	mmc.exe
Token: 33	2104	mmc.exe
Token: SeIncBasePriorityPrivilege	2104	mmc.exe
Token: 33	2104	mmc.exe
Token: SeIncBasePriorityPrivilege	2104	mmc.exe
Token: 33	2104	mmc.exe
Token: SeIncBasePriorityPrivilege	2104	mmc.exe
Token: 33	2104	mmc.exe
Token: SeIncBasePriorityPrivilege	2104	mmc.exe
Token: 33	2104	mmc.exe
Token: SeIncBasePriorityPrivilege	2104	mmc.exe
Token: 33	2104	mmc.exe
Token: SeIncBasePriorityPrivilege	2104	mmc.exe
Token: 33	2104	mmc.exe
Token: SeIncBasePriorityPrivilege	2104	mmc.exe
Token: 33	2104	mmc.exe
Token: SeIncBasePriorityPrivilege	2104	mmc.exe
Token: 33	2104	mmc.exe
Token: SeIncBasePriorityPrivilege	2104	mmc.exe
Token: 33	2104	mmc.exe
Token: SeIncBasePriorityPrivilege	2104	mmc.exe
Token: 33	2104	mmc.exe
Token: SeIncBasePriorityPrivilege	2104	mmc.exe
Token: 33	2104	mmc.exe
Token: SeIncBasePriorityPrivilege	2104	mmc.exe
Token: 33	2104	mmc.exe
Token: SeIncBasePriorityPrivilege	2104	mmc.exe
Token: 33	2104	mmc.exe
Token: SeIncBasePriorityPrivilege	2104	mmc.exe
Token: 33	2104	mmc.exe
Token: SeIncBasePriorityPrivilege	2104	mmc.exe
Token: 33	2104	mmc.exe
Token: SeIncBasePriorityPrivilege	2104	mmc.exe
Token: 33	2104	mmc.exe
Token: SeIncBasePriorityPrivilege	2104	mmc.exe
Token: 33	2104	mmc.exe
Token: SeIncBasePriorityPrivilege	2104	mmc.exe
Token: 33	2104	mmc.exe
Token: SeIncBasePriorityPrivilege	2104	mmc.exe
Token: 33	2104	mmc.exe
Token: SeIncBasePriorityPrivilege	2104	mmc.exe
Token: 33	2104	mmc.exe
Token: SeIncBasePriorityPrivilege	2104	mmc.exe
Token: 33	2104	mmc.exe
Token: SeIncBasePriorityPrivilege	2104	mmc.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2004	IEXPLORE.EXE

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2004	IEXPLORE.EXE
2004	IEXPLORE.EXE
2844	IEXPLORE.EXE
2844	IEXPLORE.EXE
2104	mmc.exe
2104	mmc.exe

Suspicious use of WriteProcessMemory 15 IoCs

description	pid	Process	procid_target
PID 3000 wrote to memory of 1712	3000	MSOXMLED.EXE	35
PID 3000 wrote to memory of 1712	3000	MSOXMLED.EXE	35
PID 3000 wrote to memory of 1712	3000	MSOXMLED.EXE	35
PID 3000 wrote to memory of 1712	3000	MSOXMLED.EXE	35
PID 1712 wrote to memory of 2004	1712	iexplore.exe	36
PID 1712 wrote to memory of 2004	1712	iexplore.exe	36
PID 1712 wrote to memory of 2004	1712	iexplore.exe	36
PID 1712 wrote to memory of 2004	1712	iexplore.exe	36
PID 2004 wrote to memory of 2844	2004	IEXPLORE.EXE	37
PID 2004 wrote to memory of 2844	2004	IEXPLORE.EXE	37
PID 2004 wrote to memory of 2844	2004	IEXPLORE.EXE	37
PID 2004 wrote to memory of 2844	2004	IEXPLORE.EXE	37
PID 2104 wrote to memory of 1568	2104	mmc.exe	40
PID 2104 wrote to memory of 1568	2104	mmc.exe	40
PID 2104 wrote to memory of 1568	2104	mmc.exe	40

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\08456d53df6abf9812cf4549b3b582ea_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\08456d53df6abf9812cf4549b3b582ea_JaffaCakes118.exe"
1⤵
- Adds Run key to start application
PID:756

C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE
"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE" /verb open "C:\Users\Admin\Desktop\StopConvertTo.xml"
1⤵
- Suspicious use of WriteProcessMemory
PID:3000
- C:\Program Files (x86)\Internet Explorer\iexplore.exe
  "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1712
- - C:\Program Files\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2004
  - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2004 CREDAT:275457 /prefetch:2
      4⤵
      Modifies Internet Explorer settings
      Suspicious use of SetWindowsHookEx
      PID:2844

C:\Windows\system32\mmc.exe
"C:\Windows\system32\mmc.exe" "C:\Windows\system32\taskschd.msc" /s
1⤵
- Drops file in System32 directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2104
- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exe
  dw20.exe -x -s 1136
  2⤵
  PID:1568

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

Lateral Movement

Collection

Command and Control

Proxy

T1090

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7b333ed9d7955dddb89921e4a22bf0b7

SHA1
560f9b3a07bae7cf83b50c558b2bcd390db3eb5d

SHA256
779058e6979bf2bed9795a1f8d9cdf0b82cbd3862da3e9965f99442e6b6d2778

SHA512
f6a029525d469a0f345cbd1b352b8b44e5032d8d616aadcca3f1121d83e9ce88791942b1c33cff08caf1ecdca07db6c96baf29da9461d0d6f0205137d9f89330

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0ce116f43f5f5f7b0334fb5d1c2a2327

SHA1
d7cee42dd1cfc10e80d6b60aea2fa7d21e738eed

SHA256
718ee3d5e6f86112c34ab50df99a27707e372c06b979f8ca3a7f59905a8fd2d0

SHA512
3cf5fc85a3dfc1c4b216c81c2c05c0db40fda855b9472fa037d185b406ad802fca0a3df95698448723856549d992a9568758055dfdb38831f108dfbc080c8a38

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9ce12e57fb326cc64fc3b6faee223e3e

SHA1
d35ab4b27497a9edfc171d37e511df7a59cb5a36

SHA256
3533d325c769fe630fbb81c4d652f1a7aaf920fa7413bdc1cc00d94349602869

SHA512
65fe863e3e10731b6cbf189d8bcd509f3efdde15399d7990b195974aa9d62aa782efb5bf11e0d0da6cef485f436fcbacf9fdff4f02f8bdfbb5503be1b860a80d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7ea6bce6d5c68ffc03868b1968a939c1

SHA1
688b1c650090969ce4345177c22e0c6448892c66

SHA256
f0741fd0a99c132d62335ffafd7a3754a2cdb98cc8d784b1c056823f836f3593

SHA512
88ff2e25578434b92a393025fd43e914b7ccf009e70a8474a36eef474e2e8d53ec363bc98e95c230ae79e40ee353f272d80bf628c05281dbefe2f440c2f35a76

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
543b4957692ea5dcb3e65c5b3879bbb9

SHA1
78cd971b01f09232837c09ff5473593832fa2d32

SHA256
6930ce10d286b71c13078624e56b19e94213808a8a7f5f7c5eff35c5163e5ac8

SHA512
cab7c8ea9b7e067591b7bed4cea3de1ab0bb622816cff6d1988bd9c06d228c3303355ca3822d0cd4f7b6ac7a0a22d50c4773b5c0bdca800bbf2d174edb045d5b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b7f1680fda8580798d77d04434070472

SHA1
7e06f68614d05b1d7516ce2ed3ccaa4f682ade0f

SHA256
6c39e49266657a8b4ecab2aab161f1b9284ba17fe9a424eaa59432ae6f2d6a3c

SHA512
072f2b39929bf675c39bd812dd1d74ff1981f2ed6062fc135f609aebd9d67f25727e51f3886fee5854c6db08771f56e6f997be3636144bcfac8c7c9e45d90d29

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fea245569bcb8ded3dbf46319dfea590

SHA1
f7beb722964ffa63d19999b09460b9018577eeb5

SHA256
34947949d2e54e0ff00d102e34cfe7cb5eeb840cba1e40c5a499c122272037fd

SHA512
c537ccc60ad9500e8ee042170bf365ca22a0e8879002241c92e4066b825b92987604b7523b5163b3cac98ca53e6a51924e0f7efe10c97f20990087c44e4a5a98

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6c5b67c850860a57eccc42de0c06370b

SHA1
a154d8c4982f4da07776daa1f1bfa5ca3c4e7475

SHA256
5a6ba51bba3226456bf2937ead78cf5bcd27c7cb9a88a7600e8b64590df0b0d0

SHA512
b04dc357e06e548d8521dbfbf4a9670f177e66a648c0fecff8d8742839495b220ef5becde9d1c39fa399b92aa6834d019720425ec7549c2fc2797e7fd6cb31c9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c386ffedca59b655589dd779a8dc1cc7

SHA1
f3109685b4f04e28d8277157780ca5cb0fca313e

SHA256
b86e7c6f3a7bd29b0a90909110a036da8acfb4f3e52f20fac9d173e799160c95

SHA512
4ddeeb430fa8f2c5eae6d3c2613a7dd23bfcb507796cbb832d48fbb2907cfa810f0e56307dd7d6ed3d6d488a5a60adae85fac3ea9d5447e84c5d479b1ac79d11

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabCB1.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarD92.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit
memory/1568-499-0x0000000001E20000-0x0000000001E21000-memory.dmp

Filesize
4KB

Download
memory/2104-487-0x000007FEF4780000-0x000007FEF511D000-memory.dmp

Filesize
9.6MB

Download
memory/2104-495-0x0000000004730000-0x00000000047B0000-memory.dmp

Filesize
512KB

Download
memory/2104-488-0x0000000004730000-0x00000000047B0000-memory.dmp

Filesize
512KB

Download
memory/2104-489-0x000007FEF4780000-0x000007FEF511D000-memory.dmp

Filesize
9.6MB

Download
memory/2104-490-0x0000000004730000-0x00000000047B0000-memory.dmp

Filesize
512KB

Download
memory/2104-491-0x000000001D510000-0x000000001D856000-memory.dmp

Filesize
3.3MB

Download
memory/2104-492-0x0000000004730000-0x00000000047B0000-memory.dmp

Filesize
512KB

Download
memory/2104-497-0x000007FFFFF00000-0x000007FFFFF10000-memory.dmp

Filesize
64KB

Download
memory/2104-496-0x0000000004730000-0x00000000047B0000-memory.dmp

Filesize
512KB

Download
memory/2104-486-0x0000000002800000-0x000000000281E000-memory.dmp

Filesize
120KB

Download
memory/2104-494-0x0000000004730000-0x00000000047B0000-memory.dmp

Filesize
512KB

Download
memory/2104-493-0x0000000004730000-0x00000000047B0000-memory.dmp

Filesize
512KB

Download
memory/2104-498-0x0000000004730000-0x00000000047B0000-memory.dmp

Filesize
512KB

Download
memory/2104-485-0x0000000002110000-0x0000000002111000-memory.dmp

Filesize
4KB

Download
memory/2104-500-0x0000000002110000-0x0000000002111000-memory.dmp

Filesize
4KB

Download
memory/2104-501-0x000007FEF4780000-0x000007FEF511D000-memory.dmp

Filesize
9.6MB

Download
memory/2104-502-0x000007FEF4780000-0x000007FEF511D000-memory.dmp

Filesize
9.6MB

Download

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads