c26d41187b0f10951935e32a11c0a46c98354b495714d01f57a9d2574534f51c

Analysis

max time kernel
121s
max time network
132s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
06/04/2024, 10:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e256a27a14192e9fea00194e31804243_JaffaCakes118.exe
Size

136KB
MD5

e256a27a14192e9fea00194e31804243
SHA1

9ec9df721ecd19dab81ff332233e284aff07904b
SHA256

c26d41187b0f10951935e32a11c0a46c98354b495714d01f57a9d2574534f51c
SHA512

90965a6bdfd72a2accd2531f03c8a65426832ec3864c5b07d5df5d29c1790f17b09c783215ed7a5385d107304053f19a3715d2c72799f04d9ffb9d7302f63278
SSDEEP

3072:3CdUjHcdA8miE/7/kuZHxAiFFdRCTPvqYP8mj7el:37jH0mf7/kuZHWqFuzvqYkmX

Score

7^/10

aspackv2 persistence

Malware Config

Signatures

ASPack v2.12-2.42 1 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

resource	yara_rule
behavioral1/memory/2420-0-0x0000000000400000-0x0000000000478000-memory.dmp	aspack_v212_v242

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Run\wmplayer = "C:\\MessengerPlus\\mplayer2.exe"	e256a27a14192e9fea00194e31804243_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 39 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Download\RunInvalidSignatures = "00000001"	e256a27a14192e9fea00194e31804243_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e861098c19b4244d8627ee4664a9606900000000020000000000106600000001000020000000d42643047c24ce1971bc6e201fd025cd34c4e7c90a25409c53c12090f500852b000000000e800000000200002000000047a22e14e5615926c23a453f7cf56cb9a45c95485df0acbfed10377c625ec74920000000c981b4964c0c8f2a3411ba67ec510fd7cabae9c1cfc4cb3bca05779cd962551d40000000c7e5100e87b52555dded90be93110b8c9a57bae82396795b44ae2f864bbcc9f6e9bc14f12bc8412b992bf0c6d1321156380070fb98d7821c02ab4b200148a404	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Download\CheckExeSignatures = "no"	e256a27a14192e9fea00194e31804243_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b0efe0e40d88da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Download	e256a27a14192e9fea00194e31804243_JaffaCakes118.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{0F5C83D1-F401-11EE-9034-729E5AF85804} = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "418561456"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e861098c19b4244d8627ee4664a9606900000000020000000000106600000001000020000000b0a440d08756db679ca48d3f702f9e49cd2e70770675fd28336448be15fe82d9000000000e80000000020000200000002bf253374bc66a3ec73cdd930a8176bc0f9e2a21617c6fe7db0cb372b455ca6b900000001816dcdb17a5b8473ee1fe06cd0bbb56b5a0ecd2c126a924011add15523a2c51f720cb4b98dcca7e9c54071a3afbcefd05be15c281d8c8acb8b99cb7cd2c443ce27d668dee5b5e5765627618ff1fdd07a7a87710c47c42b97106fae8c8c212c12b9b5a6b52f35720e643932ac774a9c28ce0de8b8cfaa535d2ce8add9feda6428533e3a19161eb877f5bfa3d86f33ec240000000ef8e8a0d7bd27fee011bcb0f45cc3c2215dfb3d73fb415f1c33c0632e4d24dc4cfefb95e6b06946319b2b82ffaa621eae60487bf666bfc8bfa667263b884be20	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1788	iexplore.exe

Suspicious use of SetWindowsHookEx 7 IoCs

pid	Process
2420	e256a27a14192e9fea00194e31804243_JaffaCakes118.exe
1788	iexplore.exe
1788	iexplore.exe
2564	IEXPLORE.EXE
2564	IEXPLORE.EXE
2564	IEXPLORE.EXE
2564	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2420 wrote to memory of 1788	2420	e256a27a14192e9fea00194e31804243_JaffaCakes118.exe	28
PID 2420 wrote to memory of 1788	2420	e256a27a14192e9fea00194e31804243_JaffaCakes118.exe	28
PID 2420 wrote to memory of 1788	2420	e256a27a14192e9fea00194e31804243_JaffaCakes118.exe	28
PID 2420 wrote to memory of 1788	2420	e256a27a14192e9fea00194e31804243_JaffaCakes118.exe	28
PID 1788 wrote to memory of 2564	1788	iexplore.exe	29
PID 1788 wrote to memory of 2564	1788	iexplore.exe	29
PID 1788 wrote to memory of 2564	1788	iexplore.exe	29
PID 1788 wrote to memory of 2564	1788	iexplore.exe	29

C:\Users\Admin\AppData\Local\Temp\e256a27a14192e9fea00194e31804243_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\e256a27a14192e9fea00194e31804243_JaffaCakes118.exe"
1⤵
- Adds Run key to start application
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2420
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe" http://www.youtube.com/watch?v=gOO_UqzEc5Y
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1788
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1788 CREDAT:275457 /prefetch:2
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:2564

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
06b1fbc1066d964d150a1cf0c37eefac

SHA1
7f2cd110215edbd738ed1e4da85ac0537fa9a6d9

SHA256
17f65f0ceee24613c35a8ac9c35e0c76fbb4bbc15c0d000a30b8b794b2416ab7

SHA512
2c84289a585888c21d61ff967c003b01e8d37b6c51d407bed7af1db7d06a1c2a14afab612a1e52c28d52c4e14f753b6b4243409b25e541ac6152a38b2354b286

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0a6538c5bd0b5eda5e634ebd1596fef2

SHA1
457f356a385da24458fa354ae15228a2108c33c0

SHA256
738aa462999f78bbf6efb04cdd912eb18287660cf78ac5c0334cee0d945de0b0

SHA512
ac6e443ec1d3445aed5b7d86ab78dd140f15ddec197657af3852a07450d1bf760f69a05fc579d1621b8b7f68e86f5b595464e236909b2d3a8bdad4c13fbedb40

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
99464bd2a4cb30772b2a78890097b1a1

SHA1
02bd3a967a22b444f487d03b1abcd87b4129f398

SHA256
c533a50bb02e33e27ef6839bdf5d84a23760eeee3b28ab2775cbc3362781ab8f

SHA512
3a99e5bffe532072840ebd6ecb65e6567e6c523b68e7fb06a1f68820121ccf72ab8d40dbf689e2b6cb0c64fff4081983bba37a1c3545aecb5bf065b0fe0d92d4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
610000ba9fca8fd123373054b7df06fe

SHA1
89b7f737a428a19a6ae2c0156b37daeae4636424

SHA256
f3df11f995c982dc437fb1506db51db3a8a1ac23cc2ce22558315a8f0525112f

SHA512
60c236d23f688f1bc6245987f1dd337d11456447d1eeed230bad1856e37bcdd51f02892119c47c10acc52738b9e4c17e26ab95f00f0f85f9030cc03b01414d8a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4ec8fe3a24673110362b88696aa5ccd0

SHA1
1144b2c7e1f7925636ef44d9f4915e58e8090853

SHA256
c93234ac644808ecacc47d7b858eb9c87bd67de974d9ac6a292a7dd662bdaa41

SHA512
59b6c215ab68b472e01691f3680236266f8b47ca011201b3eb881dcdf8551bc1ee509bf88378583ccf221d043967342887393a5129f587834981a7fb760136f3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0b6f313825e29f56bb6b33d63991326b

SHA1
9ae203272b48ff79d987c0f97de705635d2ab088

SHA256
3fa1a1ad82f229faf6fda076955e237cc29e7a1acfe49040ef3588e2d9f6532e

SHA512
1f0fe87004338b864f34d99cd380387d6c7b1940a848442a44cd44450044ae3b48420cad91ef7c980f640b8d9aef1f77668b16905e63b92f6e2721b2c595097e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3da3b27e3d08f9278321ae69a29e4af0

SHA1
0ad902a3864822bf728f9782c4f6930fed5198dc

SHA256
55d2902145bf0877fe1cd2d46baab653344fdb23463e6a482c5d2950923591ba

SHA512
1183a432930c9e0d2af319d333040027c4c8415ecca5cf6f4b4f1d794d30df83b441d5700e97f675e8e29984cb428af9f2589372b3cdf9f26227ddccdd3f9309

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
338ee2c20a2c746d1ee0ff2dc9f70df5

SHA1
ae33d37594be9398011aee695b504c9b984eb118

SHA256
9fdc1ae2191fb20afc3d53619ecc4e22accca86d7aa743de9e4e6ea1d0989ce3

SHA512
f8d8dd7fd8479bbd764f6d3a01e2bd4d888bbd4b7055a11c2a9c72c9bf858d541a91ea370b023c36f0762d7320aeb73dd764fb6fef7bc0c44d810b5a16b86692

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
732c8510e9f36e59d00beeabaf07a13e

SHA1
1c0924fc41f692ac456e3c7986508f3421fa1368

SHA256
cf62ae5877190e330c9aabc830f6933c049a5d94ac8d103e29d62ac7c7395609

SHA512
7b9f7c6b028f88ceccb0773c1096267d81b92fc1c0a2abb2aaecf68e695cf01ba979965dee4b31c15f299999ee8acada6c11a32fb371efacbaf4535e8d715a43

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7fc987c78a0f5c6fb13bf3e75ceda063

SHA1
5a9bb59678d6f4af178756e2d1a4bb6878acc0d0

SHA256
eb959b8ef308dc5e2f548fe4abbde2280d2c66f133eafd66ed3190351fdd84c9

SHA512
9fe2e492768c962378b588550dc714553403fb042785df7a7488bcf8a428512b9e4db0ebae867fc26f74c5394e8ebba86ffc92e536887000b01373e61e97b692

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8042b492fb887b35bbf1a4356ce5b9b3

SHA1
8a59645803bff8cfbc8f581df547dcaec2637a68

SHA256
975b07ef0d02afa6b467895fdd461578b59496fc95c1b0ae3915a4450fab4264

SHA512
5a0663f96c645f680883431682b3b23c15b579c828f435d524a8b1fbd901e8808985011b796ce74ee4ef77e098e96bed77bb2836a50d817c229954aecce10d1d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
87ce8cefeb47b4b3061f6ebf6fa5d0d7

SHA1
425f9a2004a0db02526889fb3040204f96746f48

SHA256
a6b40921681a7002803b2c4692e8ab26302aa1f4eca25aaeaf5a7ba22fd9ec1e

SHA512
9fb578d99b9bbf779634d6b9177233308a8b3b0b293360d6954e6885b0980d6d1b13f1801b2afb2d26d26621851cb6ea2b318129c7379ccc68cf9a51b28981ed

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8cd268d7837ce51e40eb04aa777f3bb5

SHA1
0ab807ce01738d50a76f9cf589e46b78efca0629

SHA256
c8aed8edfa2f869524aa52110361e9e188d7dc3af3c750a8438058eed8807e3f

SHA512
97dc16ed855e78a05cc9776e14943e80547b957dbc2dfe4cbd90628d45970d449ab9ffe6d6937fc47723bee8693a1b66ee84c7d63d7b0919b6b424fc61b5c4a3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cad5b1e4076d3807436064357ef89943

SHA1
a70f39a2fafec26b40cca96671e369fd9b9e2c5f

SHA256
f2b23551d1a37aaece7806a9accf8fff54f768e56f8e5b95dbcc70c2ed4cbc54

SHA512
fa1b88bbe1d0b81a71f3a399eb08955295a3f6b9ee5efc5570795117e28c187afa08214460abdc5d07df4399791b6d7358f2826cd9ebb0806a7457deb62bfb0a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f3f2c730910f52d1929b1ce1b87d4754

SHA1
148485d4171ef5c628b3d379a811c093c61dc055

SHA256
37b2bf4465e3f44c7b78d0c3ddcd73daf018c6c091f3a139b5a4c5d55b0c6a45

SHA512
bd451cfe654d2213300521cae23ba543876533675dd99742b582eb538ba8d5ab89955fb1578a37030ab889289c71d7ac75c9a0ba9392a13f38a814c6d75acf89

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b06d941558c96b32384a546f6d2c04f2

SHA1
1b2ff910fc66c29ff60950d0f169ba14aec2f52b

SHA256
82decec7e36c32d8fe7c92c1c3db2423e298b7245918f9626f01417693239316

SHA512
f5248f0a7911cce09d879e1e0a4879178380ccd2f783b7ad7f12c332b6a1045002e598a5075adb25ac7efddc7d9098d119596eb008dad9ab694339f20a0aa749

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a8801bcb5061b0b93e8007c30d450c44

SHA1
6eac24ab61ed4f5d13a203ae16fd9d47d1f0154f

SHA256
75474dd662e4fa8af36bc205e91bf2343fa5b10570e23b24ca4316a3d10835dc

SHA512
cb58743b86eb4a6a6454a7d2cae00d365e919426181e886a31fc18b016deec0e85238456bf44951629642427f10ec66e620cd41212ca5caa835f641a94317f3c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ebc325fc2bceba7917bfbb9c1ad1541b

SHA1
ed37cb3c1734a62cb2ec20027f36842dabcd54ab

SHA256
b3a87213d24e212b826d1280fbbd1feed7f818f9f264d5e2b97604550aaa55e7

SHA512
15117d874d2b54543863f039d146b3facc18546a6898956e079f51db5a24d61f231eb4f28db7ee1e4eaaadad80ea320c32affa130fd6cb526d2874a01345d569

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3927a3c608e381d855f7e92a0ec28ef8

SHA1
71d91ab0140e6da351736b2fb39b292d1a64c633

SHA256
059601f0a3d9e3b379b92c644fc993d2bcc04c85a717327f104ac297456ce335

SHA512
733df9a704801daaac427de3776c83054f33469df03baa20ad544442dab461454fbbba67a649d2c995efa88d8b977b96a14ab7767fc1e0fb5658d1cfad6eb01d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a25629d89d59e730157f81194ccc64ad

SHA1
0ad97fe7d0f97e62ffd80d74795b3fd1cb58eb11

SHA256
5a115995660777ee7c580e1b369a70ab68f82d20bb2e0e669f7271ff8f2ab635

SHA512
1f9d173e686ec0ca46c56fcd0075d517b3d4f567b4ab038338acc6c9861f8cfd009503e959652e88098516f3615d8fd5fb56e874e7149fd5a494901923f56b92

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
9fe878915aa92f9d75d2c82ac348c0ae

SHA1
6be48d8a9d3626053be87ca5e4a2b742d1ed8618

SHA256
db602cc132ce74b7594ab606756709ef172c2ac6208419445b7da18c85ecb1f7

SHA512
eadadaf02415302bdff1998d2734d5825db5598a642d1970cfd34a122a94c35db210e30acd3b3112957f8a76dc68d7884105593c5d1a0bc915d3a7764986314b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\sxsuh4u\imagestore.dat

Filesize
1KB

MD5
b9c0aa4d3993d33888d286b25251eb49

SHA1
95a06e5ab9afebf83d55b6675d19b93c30169f05

SHA256
aca3eefd4284aefeb7e3b7cc2b29db6fbc3891fe9a3b9e9a38ea6be63f8f1aa9

SHA512
219d8ee47112f39fc72824466c6b11fd0f04fa0bb71472d3b16130a1b20752cf2c0eac0186c9a4c684972955f6d9d964f04b52196fdf51f1fbc24eae6ec29aab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B1014REI\favicon[1].ico

Filesize
1KB

MD5
f2a495d85735b9a0ac65deb19c129985

SHA1
f2e22853e5da3e1017d5e1e319eeefe4f622e8c8

SHA256
8bb1d0fa43a17436d59dd546f6f74c76dc44735def7522c22d8031166db8911d

SHA512
6ca6a89de3fa98ca1efcf0b19b8a80420e023f38ed00f4496dc0f821cea23d24fb0992cee58c6d089f093fdefca42b60bb3a0a0b16c97b9862d75b269ae8463b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab4155.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar4157.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar4248.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit
memory/2420-0-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/2420-6-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/2420-7-0x0000000000270000-0x00000000002B6000-memory.dmp

Filesize
280KB

Download
memory/2420-3-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/2420-2-0x0000000000270000-0x00000000002B6000-memory.dmp

Filesize
280KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads