0366d74762bc8ea97bd2ad45a5156194d9fcee32cc3f3a3d09a38afcf445fea5

Analysis

max time kernel
149s
max time network
127s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
10/04/2024, 07:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ea8b29643ddac9165f10183a47c01212_JaffaCakes118.exe
Size

85KB
MD5

ea8b29643ddac9165f10183a47c01212
SHA1

8b4eaa88396b126f9c75f43e93c7b3c2d7817a33
SHA256

0366d74762bc8ea97bd2ad45a5156194d9fcee32cc3f3a3d09a38afcf445fea5
SHA512

6b3170c778c5a15c86359ad920ddc0d1ea000feefd9b92ab5d4b9b84f182a34cc7e7ec0c3a10331cb37f295a61ac9b470bb619246247ca4e0c737f244258e08d
SSDEEP

1536:KqAVVLZ+6kGi7mzn1Pc3sHh1Bwy3dgwE71T7bKmgtLi0rvMnErdwoXK8Htf0DpiP:KqADFIq+sB0yJC1TdgtLtLCE95qi8Bn4

Score

10^/10

evasion persistence upx

Malware Config

Signatures

Modifies WinLogon for persistence 2 TTPs 1 IoCs

persistence

Winlogon Helper DLL

T1547.004

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit = "userinit.exe,C:\\Windows\\SysWOW64\\uoyzsydz.exe,"	uoyzsydz.exe

Disables Task Manager via registry modification
evasion

Executes dropped EXE 1 IoCs

pid	Process
2144	uoyzsydz.exe

Loads dropped DLL 2 IoCs

pid	Process
1724	ea8b29643ddac9165f10183a47c01212_JaffaCakes118.exe
1724	ea8b29643ddac9165f10183a47c01212_JaffaCakes118.exe

UPX packed file 19 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1724-0-0x0000000000400000-0x0000000000623000-memory.dmp	upx
behavioral1/files/0x000c00000001232e-7.dat	upx
behavioral1/memory/1724-9-0x0000000003B00000-0x0000000003D23000-memory.dmp	upx
behavioral1/memory/1724-18-0x0000000000400000-0x0000000000623000-memory.dmp	upx
behavioral1/memory/2144-17-0x0000000000400000-0x0000000000623000-memory.dmp	upx
behavioral1/memory/2144-380-0x0000000000400000-0x0000000000623000-memory.dmp	upx
behavioral1/memory/2144-501-0x0000000000400000-0x0000000000623000-memory.dmp	upx
behavioral1/memory/2144-502-0x0000000000400000-0x0000000000623000-memory.dmp	upx
behavioral1/memory/2144-503-0x0000000000400000-0x0000000000623000-memory.dmp	upx
behavioral1/memory/2144-504-0x0000000000400000-0x0000000000623000-memory.dmp	upx
behavioral1/memory/2144-505-0x0000000000400000-0x0000000000623000-memory.dmp	upx
behavioral1/memory/2144-986-0x0000000000400000-0x0000000000623000-memory.dmp	upx
behavioral1/memory/2144-987-0x0000000000400000-0x0000000000623000-memory.dmp	upx
behavioral1/memory/2144-988-0x0000000000400000-0x0000000000623000-memory.dmp	upx
behavioral1/memory/2144-989-0x0000000000400000-0x0000000000623000-memory.dmp	upx
behavioral1/memory/2144-990-0x0000000000400000-0x0000000000623000-memory.dmp	upx
behavioral1/memory/2144-991-0x0000000000400000-0x0000000000623000-memory.dmp	upx
behavioral1/memory/2144-992-0x0000000000400000-0x0000000000623000-memory.dmp	upx
behavioral1/memory/2144-993-0x0000000000400000-0x0000000000623000-memory.dmp	upx

Drops file in System32 directory 4 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\uoyzsydz.exe	ea8b29643ddac9165f10183a47c01212_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\uoyzsydz.exe	ea8b29643ddac9165f10183a47c01212_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\hljwugsf.bin	ea8b29643ddac9165f10183a47c01212_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\uoyzsydz.exe	uoyzsydz.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{00C37331-F70B-11EE-8554-DE288D05BF47} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000abb8596cc50c0546bfda6658dcffc2330000000002000000000010660000000100002000000001690537400d062bbada662890fba22d8715be2b1e2d4abebf7e7034c7f2ea93000000000e8000000002000020000000140d3827c068275930a6d37528af82be66d2d0bae09a31c00bb200743dce0aab90000000a80969c6e93b56f29baee4ea70f5011e0d637d195125e27660d31b6502e761285a7c162ebb0ef5fd70a77ddc58086b99b4f48b1a465a6eca7b40ce40e77f42d607370e16bbc08d452eee2bc4d57fcf4d5ff900a9d367e2cc488806988f648a91393966e0e8791cda456a9d50d5ae10cc106c5d799eb389c5a83e6b82583ed2ebb10c98f50f218863747a6a6655aa594b40000000eaa9f493725343f70f066c9bff8c05fba55c83b41d3112921d1f98625f17439404614d3dec0ef742beccca9661118b14c9c2a32723f9b3239229a3749508c885	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000abb8596cc50c0546bfda6658dcffc23300000000020000000000106600000001000020000000864cceb2dab3deb931509cbf239246e856575943d029c184156006cec7c59398000000000e8000000002000020000000a9f683cbbfba93511d9b17b63024fed67ee542d38999410ab66cc8aa5cc0818d20000000e3c263ff7a9a08b5e0889a0cc1d9ed3c011e90cc75037a4c0c01adf5ab4272b940000000b80238bab407380d647f510cf20d76b5c4ec10cae42f1b4dcac1a91c802cc9ff23e8f88de5ab1496b2f91e3c4edd6138d9861edd7e056bc5be14b5f738bc9562	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 809821d8178bda01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "418895580"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2492	iexplore.exe

Suspicious use of SetWindowsHookEx 8 IoCs

pid	Process
1724	ea8b29643ddac9165f10183a47c01212_JaffaCakes118.exe
2144	uoyzsydz.exe
2492	iexplore.exe
2492	iexplore.exe
2660	IEXPLORE.EXE
2660	IEXPLORE.EXE
2660	IEXPLORE.EXE
2660	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 1724 wrote to memory of 2144	1724	ea8b29643ddac9165f10183a47c01212_JaffaCakes118.exe	28
PID 1724 wrote to memory of 2144	1724	ea8b29643ddac9165f10183a47c01212_JaffaCakes118.exe	28
PID 1724 wrote to memory of 2144	1724	ea8b29643ddac9165f10183a47c01212_JaffaCakes118.exe	28
PID 1724 wrote to memory of 2144	1724	ea8b29643ddac9165f10183a47c01212_JaffaCakes118.exe	28
PID 1724 wrote to memory of 2492	1724	ea8b29643ddac9165f10183a47c01212_JaffaCakes118.exe	29
PID 1724 wrote to memory of 2492	1724	ea8b29643ddac9165f10183a47c01212_JaffaCakes118.exe	29
PID 1724 wrote to memory of 2492	1724	ea8b29643ddac9165f10183a47c01212_JaffaCakes118.exe	29
PID 1724 wrote to memory of 2492	1724	ea8b29643ddac9165f10183a47c01212_JaffaCakes118.exe	29
PID 2492 wrote to memory of 2660	2492	iexplore.exe	30
PID 2492 wrote to memory of 2660	2492	iexplore.exe	30
PID 2492 wrote to memory of 2660	2492	iexplore.exe	30
PID 2492 wrote to memory of 2660	2492	iexplore.exe	30

System policy modification 1 TTPs 2 IoCs

evasion

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System	uoyzsydz.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr = "1"	uoyzsydz.exe

C:\Users\Admin\AppData\Local\Temp\ea8b29643ddac9165f10183a47c01212_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\ea8b29643ddac9165f10183a47c01212_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1724
- C:\Windows\SysWOW64\uoyzsydz.exe
  "C:\Windows\system32\uoyzsydz.exe" start
  2⤵
  - Modifies WinLogon for persistence
  - Executes dropped EXE
  - Drops file in System32 directory
  - Suspicious use of SetWindowsHookEx
  - System policy modification
  PID:2144
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe" http://mycashloads.com/newuser.php?saff=
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2492
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2492 CREDAT:275457 /prefetch:2
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:2660

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Winlogon Helper DLL

T1547.004

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Winlogon Helper DLL

T1547.004

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1ca8e9aa33c1eb4546945df91000dc4b

SHA1
baecbeeaf6cc42d894bdafe988d2db67ebd450c4

SHA256
89c5fa1cc174dc46729ba7d82de833c7174b45dc9a45a18c645a390474de487b

SHA512
9237562a3dcf073ca3eeb9f1a81eb88f63fe58a4ca4d4dec2c90a24d6ccf3bb62443dfcc7faefc6b69f2de4dca66942f681eabeaeae08e29a78194ff503bb7ac

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7e559a9259b62a6097ce075fdd0eed38

SHA1
8027d1f7f4842a059471f473e87992a3021571d6

SHA256
aa3f9dfe8c550e822d78f70752cd2edc1bf2c4a4f98c05037dd20e9918e41bef

SHA512
d05260f40ff89649e17f6795ca93800c039a92ddc21b7326bbbf272be29022bb68b8995d2b80ebd9382e7008c722ad0c577761e635e5f6b3ce7dae7f09c2ea83

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7736275cd1e0c99fc7f29c8d83b2aeaa

SHA1
40c948c9f486ded43ed46cbc1ccf6afbd4b6d507

SHA256
c1a010711c723536619f0957332e4bcc149502e9eb2452a758a2d336b5784717

SHA512
e5e8a8e01fd2d5c98dcd5b270bbd130db9998f9478a77803ea79936fcb25640c709936ecbdf584d58450ec82690faf143d860631c1749583cdc58fe36c2ddace

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4b1c4bba1ecc7fc17094ea745e7204fb

SHA1
e527573eb0da3a04abd2f57b6ba55f33029f99f0

SHA256
d2c1630d8481fcdf500802523e95a6a6ddcf95c39aba58cec7216b01abe72235

SHA512
4e57c0c25ec6e5bfcc51da39ea7933793a554ba0fb929a70f927fa5ee1fb675197a1df026bd807bb9ad6747a3a1308b0c49e281ad346d9734cc5f9c7167cec2c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
32b8c01188bf50cb9756a544e2e3a584

SHA1
55c6dd1e500102047adeb22365bea911cc5d5346

SHA256
1c34344fc85f876b75582b03b224d03b11f02ac61b7161f04eadf8d62cad2c35

SHA512
8a3964eedce3df4dd6ecb90ab7d01506bd22b025f80374c01c177bc2639821dce68a51f8e4cb6953b205e08e8e4931cd87f9f6850f898134d7b79943eb69199c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7858df1ef0722ed9706525fdf21d30fd

SHA1
c2aa9e5075eca5ddb304aa9c0f94682c985cf5a1

SHA256
678530aa6df3897d49c04ed90fb076aeb030d3562b00198b31fd449d4a316b18

SHA512
28ef38714acee4481a65b7c0942be1c515011ddb371d5b456121147aaa69c53c72116ee781ac553c64987dbd2274b47b593086b9aa6504d02114ec63927d9ee7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5be9774b88ed35e5a7e839ac1de93880

SHA1
8d94d8cb84853660dec22f0c9985c2a4f31df671

SHA256
ed0d0424e628291e828cb1be2bc66c960c5863b4f6b20620975a1ebfadd66439

SHA512
3e41849c477e22d656436d96be83af5e9f9f329d96f76b971383007c7f31e1aff3dee84bf731054d157fea167292cc6ae86a59120197e518f5ebb4adca9e194d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a4baeb8d55b4b57651dfa362dc1a6427

SHA1
fd6dd5070f8664abd61b53e08c1033490733f1bf

SHA256
4fb23c42afc0b4c5f455481b0c50f7918a74c2a50a117da3eebc7bdaf9375db4

SHA512
17c92260d2b7c5a79c0b6429ec8f00cd857841ccea26cd1b22cd2c026b89e2b8dc4ce64e26a465419d2518214a3ffa97a00f6f02631f91923b00a5f8a8a5ee18

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f980db299f86f3d36ab3753b56f391aa

SHA1
69584995e6f667028fa3d1ce68c0a1a3edf59879

SHA256
c40f841e661e7a730797c69fbcfcbaafccd2c04378c080267a937fe47c20fbf6

SHA512
d056832df3fcf32bbfbcfb5de58146397ef2b11559ff2f2606a4d03ee1adfefc43dda59ec0ed191a89e49bceed360c0efac3d23329e316a17abb03241a909c5f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
32b360221bc6efea90776d198d76c39b

SHA1
3e9f7898f20f44edfd0496ed64bed58a94a7f079

SHA256
f8e7e45ac9f0b00ab800d6dfb35f9a123a79017d3e37be46497adf83a40857de

SHA512
d3fbde992ddf2ed5e818e9663444cd387e0d1cf4d7d71caa7721be43e8470843545bbf6429548519bfcb010b2b01e6bedcb721ddb8ce0ca9af91212783e031b2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c17f01f35e99807494c6b0c847113757

SHA1
53861446609803a4ee426fc46b0eb932f66b04f7

SHA256
98f6afcc5fff74efbd401bd427a418a4301770f02f850ca5bd692251f1480d27

SHA512
94af39d7ce00d2c4ff52107466a76984dba2e0d94a6a60b905faff0108c1bc02b3f8b7ddc09fb4e7d40d59b92fa1bdff82e2e2cb4c2f4ea7569721045c93e600

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a39527b2618a7cbe0935d957ca3d2aa3

SHA1
74fcfa261b2af8c40068d1a806cc36f492e19867

SHA256
ecfe8a6e196be1dacad339995bb76e216a75e6da10bd811940bb3ef18863be4f

SHA512
afe27ff5a013acbb9072c7b893a81597ae963f171b8d37d9ad0e2da3bbb9a65de095b5a54323e9b22568ed17aa12dd11c1e7e699d7c7294e29079595cb4d8c61

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e7d374b32b86168db872436ac7e2032b

SHA1
c3123a0dccbb33b35094ddb2d20148b2b5c99c6c

SHA256
4ab694d431ac9df8c9f9f17964331d39d3776a1405c46b8689c8de9d136677a9

SHA512
d97367e8442842b103180cd5bcab6132c98eab1c3cf3d07a29a2019bf3294803feedf7b7237c4874782d01b2a7d01120e4a181329430b33cf8e206cd4745914c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
622b960e79adc718c48040ff4b9a683c

SHA1
a42e5a689aa661e3e80da87034bab79f098b631e

SHA256
e2638da669575497ac3ca8b169af3996788251786675eb6dd6984e9dcf86ca44

SHA512
d9d94ee33dda87e787ff14092123156714a2b04cee42c9a49e976a66175c0ed35e94508f50ca6e73be64a67add3334b27c167d1bcfcfd1afb7ccc7d33edac630

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a436154672631c478ebe73625a835afe

SHA1
db221df057e6a9fce831c247f0945987eb2b68fd

SHA256
be12be8dd6c07218e21b47da71c0db8c171407ff62e3ceb0ba819975ad65b41b

SHA512
30a906b398c8178c9b43176dcccbd75bbdd88ba98a2010fc24a7f54a0d1759e6a3a43a7f94684020fed7106d8a1af16db82f3213c72677441fa5081e9a0147c2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3d55ed2751752c6276ecf064a48fd639

SHA1
1bb9b9f21dedb4803036bb30bb3f08806c073fee

SHA256
bc5c55813f0bd577cab28c9e824bf50b2c8efee65b353079f7cea4ed2e58e04d

SHA512
0b17dba6a5bbf66085d34952457850d3bf68eb9f1d10407f5b9953b05a993e716368241dc92593010601ea6362e3e0787301e7601c3663e927f6dd5982cc2c21

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ffdb2f76cc2b1ff1cd7f1a3f119a9361

SHA1
a22873f52e91c4fefddf11010c594636e3d7cc06

SHA256
34a2689260a0aeacae9bfe272e85952f344cfcf685049a02f13adbc45afb1f38

SHA512
0d7d623c005b9cc9397056b115f56362d18f628dc03aa6dafeae4b8a783a7ce647881984e12a0ed28eed9b459d7181899f1907aa1d4fcfb5a13afe47e9237d9c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6a061de77c928fd1b29149ffb611ea15

SHA1
c58d00627d6e321bbfef861a2ca533e4b1506902

SHA256
b885111f4c16f6d5805c8f1b66da41ab3836242ee09e5a348780e01f39e627be

SHA512
79f028b6e3d957c0255f654130f5b86a47e33754fd97eaa665b540aada9aefc7ca536c41d850112fa26e881057922392f8a9b68e7e3a973bc1d0a1ef58e16814

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4a42cc033d0271b526ac45d9142adab1

SHA1
d0172cf54fecca9eddc45c09a31ae0dcd157a0e6

SHA256
aabcacb2f19a6db32de9306f4d2cff2a618cbc62f3228b2d4407bbdc8b725df2

SHA512
f575768f51d69b0da612ca48864e43c56629fa44c8c52037eb95b106af256a0fc8c54a39e3c31897a1ad4d69db5aee431c9bbbc6d072c69dee5d727630e44727

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0b9f489f85a3390d22f6cc35410eb272

SHA1
e576a503c23075ecd15b751237fa7eff494c77be

SHA256
931a5e71724fe18971b9821c49b01491626a31cab0dfd175d3fc4c5b12310b37

SHA512
490250047eec1375be1c3ab8906b963aea7af01f4ab5c34cb21fdb65ea9105c33e7c3f59067d0436dcb623c39d6d34337eac450f34aff6a289336464765e6ff2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9c9813edeac7172f862a5b11a5c9aaf5

SHA1
e2029d5c6ec76256000b9b5ba1ceedad37c9971f

SHA256
97e0bfa278a0d0cba60bdb80347280d5bda04923c6c93d56e41e2e82c2f69729

SHA512
cd10b1e9d61bdd5524f1d7b4ea1b9b0c645af20f83e37262af3d5068abe47b240d83a4ee7eb50a7dc04811638e4947c664311b8c479afbeef54aa70be1e07460

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab33C0.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar34B1.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit
\Windows\SysWOW64\uoyzsydz.exe

Filesize
85KB

MD5
ea8b29643ddac9165f10183a47c01212

SHA1
8b4eaa88396b126f9c75f43e93c7b3c2d7817a33

SHA256
0366d74762bc8ea97bd2ad45a5156194d9fcee32cc3f3a3d09a38afcf445fea5

SHA512
6b3170c778c5a15c86359ad920ddc0d1ea000feefd9b92ab5d4b9b84f182a34cc7e7ec0c3a10331cb37f295a61ac9b470bb619246247ca4e0c737f244258e08d

Download Submit
memory/1724-8-0x00000000026A0000-0x00000000026B0000-memory.dmp

Filesize
64KB

Download
memory/1724-18-0x0000000000400000-0x0000000000623000-memory.dmp

Filesize
2.1MB

Download
memory/1724-0-0x0000000000400000-0x0000000000623000-memory.dmp

Filesize
2.1MB

Download
memory/1724-9-0x0000000003B00000-0x0000000003D23000-memory.dmp

Filesize
2.1MB

Download
memory/2144-504-0x0000000000400000-0x0000000000623000-memory.dmp

Filesize
2.1MB

Download
memory/2144-986-0x0000000000400000-0x0000000000623000-memory.dmp

Filesize
2.1MB

Download
memory/2144-505-0x0000000000400000-0x0000000000623000-memory.dmp

Filesize
2.1MB

Download
memory/2144-502-0x0000000000400000-0x0000000000623000-memory.dmp

Filesize
2.1MB

Download
memory/2144-501-0x0000000000400000-0x0000000000623000-memory.dmp

Filesize
2.1MB

Download
memory/2144-380-0x0000000000400000-0x0000000000623000-memory.dmp

Filesize
2.1MB

Download
memory/2144-503-0x0000000000400000-0x0000000000623000-memory.dmp

Filesize
2.1MB

Download
memory/2144-17-0x0000000000400000-0x0000000000623000-memory.dmp

Filesize
2.1MB

Download
memory/2144-987-0x0000000000400000-0x0000000000623000-memory.dmp

Filesize
2.1MB

Download
memory/2144-988-0x0000000000400000-0x0000000000623000-memory.dmp

Filesize
2.1MB

Download
memory/2144-989-0x0000000000400000-0x0000000000623000-memory.dmp

Filesize
2.1MB

Download
memory/2144-990-0x0000000000400000-0x0000000000623000-memory.dmp

Filesize
2.1MB

Download
memory/2144-991-0x0000000000400000-0x0000000000623000-memory.dmp

Filesize
2.1MB

Download
memory/2144-992-0x0000000000400000-0x0000000000623000-memory.dmp

Filesize
2.1MB

Download
memory/2144-993-0x0000000000400000-0x0000000000623000-memory.dmp

Filesize
2.1MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads