41cd725357f8b828ad838b2d8aca193c157509d44e2aca133ce0f5eb95434212

Analysis

max time kernel
144s
max time network
150s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
19-04-2024 09:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fa019d8a7139062f4636767fbcce8915_JaffaCakes118.exe
Size

49KB
MD5

fa019d8a7139062f4636767fbcce8915
SHA1

1dd1da89e75c3ed1f35ea4129f215548834ece29
SHA256

41cd725357f8b828ad838b2d8aca193c157509d44e2aca133ce0f5eb95434212
SHA512

c5f7f5742624fd806dba46d41e062655ee879aee53a909321d143cbe6c4b25a988cb71f336b6c69eeb53af7a5887da0124fc9b319f94bca9a7aa72986c569ff9
SSDEEP

768:I8RS0QW1/vJrgI7nLq/diPRtDLGdzHEZSlFKq7IqFQXAF2C2bTGPYu4f:mAZfa/QDLGeAlB7pFgbbWG

Score

7^/10

persistence upx

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1704	iexplorer.exe

Loads dropped DLL 2 IoCs

pid	Process
2332	fa019d8a7139062f4636767fbcce8915_JaffaCakes118.exe
2332	fa019d8a7139062f4636767fbcce8915_JaffaCakes118.exe

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2332-0-0x0000000000400000-0x000000000042F000-memory.dmp	upx
behavioral1/files/0x000b00000001227d-5.dat	upx
behavioral1/memory/1704-13-0x0000000000400000-0x000000000042F000-memory.dmp	upx
behavioral1/memory/2332-16-0x0000000000400000-0x000000000042F000-memory.dmp	upx
behavioral1/memory/1704-18-0x0000000000400000-0x000000000042F000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\msnexplorer = "c:\\windows\\system32\\iexplorer.exe"	iexplorer.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File opened for modification	\??\c:\windows\SysWOW64\iexplorer.exe	fa019d8a7139062f4636767fbcce8915_JaffaCakes118.exe
File created	\??\c:\windows\SysWOW64\iexplorer.exe	fa019d8a7139062f4636767fbcce8915_JaffaCakes118.exe

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "419680789"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{3523E941-FE2F-11EE-A73C-EAAAC4CFEF2E} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d94d2d3723739f48802cd6414eea5c7e000000000200000000001066000000010000200000008119d36581a46ae078a9b4dbbddeacab690b836a9518c477d207a650420075f0000000000e8000000002000020000000ab076dcf41ff77ba35c8f0ffaecfef36231cf2fee18173eb0739d0139b126c6f9000000049b880d85315cbb7986d8f3e0930fe43e5afb1b5f2cfab17e70e947502660a02e2f442a255de07b1c66f127cf35020c928e10c9edd6a992d927f1f7e6ddfc5e17651235c151605e143a3b02a9dba0d4396c0f5ff3c6a264f7adce89c90a4c1942a4da87f276c4e2dc5ce1cb8361f8a8c6eb6283d008a9b7280ed8b8a1b70e530a2b1d64fbefd138e8681f1cebb201a17400000005ca690126c0980710fc6e4a5027b321cee1b939cd53b38fcd58dd1f197c0b6650a1181a8412f1c659dbf8d5372c2dcf65766335b7b8448add8e162362c4f73a5	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 60843a0e3c92da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d94d2d3723739f48802cd6414eea5c7e000000000200000000001066000000010000200000008d5f78d4f9f79f7cf13ebda3577390fe566324d55c26490cbc9e92bfe5598004000000000e8000000002000020000000ea3a3737cb5acee9443033527f749f1d76368b108973f7a1089d0de694dea208200000001101ab049cd770c2eb044814f314ad3de87ab14faa823877bbfde06d9033e492400000007fc16e845330d99394d5f56d96870b248cf92d1751bd4af58e4f3cc7ebdff92af10f88e902e983407aaad76f3ce924f6eebe44fac7afd7a6b6e9ba866e366151	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2548	iexplore.exe

Suspicious use of SetWindowsHookEx 8 IoCs

pid	Process
2332	fa019d8a7139062f4636767fbcce8915_JaffaCakes118.exe
1704	iexplorer.exe
2548	iexplore.exe
2548	iexplore.exe
2544	IEXPLORE.EXE
2544	IEXPLORE.EXE
2544	IEXPLORE.EXE
2544	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 2332 wrote to memory of 1704	2332	fa019d8a7139062f4636767fbcce8915_JaffaCakes118.exe	28
PID 2332 wrote to memory of 1704	2332	fa019d8a7139062f4636767fbcce8915_JaffaCakes118.exe	28
PID 2332 wrote to memory of 1704	2332	fa019d8a7139062f4636767fbcce8915_JaffaCakes118.exe	28
PID 2332 wrote to memory of 1704	2332	fa019d8a7139062f4636767fbcce8915_JaffaCakes118.exe	28
PID 1704 wrote to memory of 2548	1704	iexplorer.exe	29
PID 1704 wrote to memory of 2548	1704	iexplorer.exe	29
PID 1704 wrote to memory of 2548	1704	iexplorer.exe	29
PID 1704 wrote to memory of 2548	1704	iexplorer.exe	29
PID 2548 wrote to memory of 2544	2548	iexplore.exe	30
PID 2548 wrote to memory of 2544	2548	iexplore.exe	30
PID 2548 wrote to memory of 2544	2548	iexplore.exe	30
PID 2548 wrote to memory of 2544	2548	iexplore.exe	30

C:\Users\Admin\AppData\Local\Temp\fa019d8a7139062f4636767fbcce8915_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\fa019d8a7139062f4636767fbcce8915_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2332
- \??\c:\windows\SysWOW64\iexplorer.exe
  c:\windows\system32\iexplorer.exe
  2⤵
  - Executes dropped EXE
  - Adds Run key to start application
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1704
- - C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" http://charges.uol.com.br/charges/20061210som.swf
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2548
  - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2548 CREDAT:275457 /prefetch:2
      4⤵
      Modifies Internet Explorer settings
      Suspicious use of SetWindowsHookEx
      PID:2544

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

Filesize
1KB

MD5
55540a230bdab55187a841cfe1aa1545

SHA1
363e4734f757bdeb89868efe94907774a327695e

SHA256
d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

SHA512
c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
7464aa5b77e9690a91a48bddb0f13d83

SHA1
5162a2ed7abd15d38e964101bb0d5a7f3bdd846d

SHA256
609a3916e62846bcd3a6232a8daaaf66c25e5a374cede8a0c97dc74f9b87fa61

SHA512
e97f59058a92ae88cbca91af46fb91ae9e64dfcf5d8dbd55640ae7827f851b7cac90173e8ae1345acaa7b01c73aabfc772c412404e363501508eb061c1a37a5e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1adee46f7fc8ed37094189e90bcca50e

SHA1
d0fb9999ec7fe7e781d8c73300a01aa204e21b31

SHA256
3a333b0e87c063284e34fc684db3b0e3ade346737d0dc24d0fe541802d0386f0

SHA512
dbba2084336d4f3edac0d540e103ce324e6d7c9d485e6047437ecb9d1f285ed6ece7ce66822c790f6f4120d94eee21d14f8dea5309805d4fa36420eeda8ab4ab

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d346e1907ba32e21022fe8ee292dd04c

SHA1
b1f14fa1514e5d6f36fce81591e11fccd0797c14

SHA256
81421ba8b00fcca39da7e443e2207e0535c6d442396c7b1eda0dc8fa90056a69

SHA512
90d27b0e65a88d942c764d5c6576a9806b36dccf6afc17be7f516db42e52616ef29d64918a05c87f41521520b8f153b42ecdfcb7cf748507624bc10ac5a54641

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
66dfc49b481933f2dce43876e7bc0538

SHA1
8d1b2dd23340bff08f8a25ebbe770a5b7353fe38

SHA256
0cb501a35c2d2c427aba87ed643c0ffe33503431e5f4f4628dd1b309cfd0a2fb

SHA512
7fa06de796d1e7928a8d3ce72bac5a92490a5b0dca4bf4e3d8d621282111db204f0db32a0e4766804e94dd54ec9a42611233fbe123723b077febf7204b60df91

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d1c2d84394e51a103d2dac63f8c065b1

SHA1
8c66dcf746b584e0c5833186a4d6dd3c9d1e5f1e

SHA256
3a33c3f63c9ff6b9bf8dc1b0dea103d03981f9801925149fdec11a4214f4ab43

SHA512
fcda4d35040188eea53d6a2ede2b9f37df0e632ef6d2ca3804190ab94a5a05f08a036ca838da4f294f3b7257d288deb280c9e8ce209d45991bbe256d602b9cd0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
64fae251ba54fc5b375182892d97681f

SHA1
c285c048c15ff8236961064f3316bdc4ceb7ee0b

SHA256
47ae33740514ad69d152862503d11fb27f137ef82c170f53843194e44629f35d

SHA512
338ac04dfacb4cf370d5996cc322ebecf96e5082d9a2a0fabeb8f8e9061fc095646493a6211703cc33ed362c0896437a9e52ca1d233530b511b7d68eef93beba

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ad54ae3251672b8ef276615a17c91ff6

SHA1
b145b313c2b2b13479e13747f9b0403975f0a12b

SHA256
73fcb0bd1d26aada4b860f655aeee6b08864927a2b69344dbb9fa338328137ee

SHA512
a3b659d45de714654d64d43e5b0393c10981e9fc2ca5d19edd0a8c7df6517af75fc3d6a5ae67683302db525fa47505f0ec63613286afa44289fde5079f8ef326

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
87402603e61a818f6bb9acac8e80d52e

SHA1
129dc5b12744ac21295ef59fd5bdb104b05b5763

SHA256
5d89e41c0a4b0f90687c4bf69f56cfcf25a9594607d67cc9cea09951b3587d5b

SHA512
98400c19d330442103e5094f37f3c8f3adfd446cda31a3553a9eab774ce32b1e2e4e896e7d21b490a7773517cccb6cfa1e0f85ee36d805526a25d14af2bb2a49

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a3abc4fad51f1d191fc9bbceaf5e189a

SHA1
5cc7378f0ca56be5168795ec55c9a48e7d7de00c

SHA256
288b22641a6b53543e4524903af2e5417f11bf2a6fdcc3225f911847d3d1504a

SHA512
ad9c5285e2b0af3d8f0f8b570975afc30d9d9ee4691e5dea6f663ff6d9f6636ae5dd15453e8c2a1bf0069d92cd918c256eed9efaf56337fda88054ecb1a1dd57

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
da61a1ca1d3c71e500eb88f7f42ddf29

SHA1
52545674d44a51b50f62e1e6c0b36ad5fa55dccb

SHA256
cb2bd2843a72acde1a3bdcc2dd0b24287187df65f4ad8db888f388b014721de6

SHA512
f738a1c7d402a85189f9aae458494cc3ef58069d808c87a65c049d97d26ccf281960a0f1aa2511026095326899b7175a87e2ba72647d621aa37b9cd5b4af6292

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a2bc578b7e808966e8fd49cc0597cf5d

SHA1
3172ef91dedf95ba64a682d1d3320b8ad9b50cbc

SHA256
5e89d1639aa7740730ac19bc449df0aa1c5f2deea0b123e9bfa532463801e9bb

SHA512
1ca374ff5063024bc19ab65d30d5548caf3dd20d9314b2bdf07dd92054ad2af13ce50db7e0f59c6190494045ba13ebe890ed187d1ce82fcf87a7880fb14604f4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
29b6899442124452f5540768708f1686

SHA1
be2c52e718e874e47e0fe73f19ffccd9851ce5ec

SHA256
7f0a19af3fcd33c19e5106ae829d868c4186eabaf60f2893308804d85125beaa

SHA512
5bf1f85dcedd2b4e28cb36ae4ec9e1f96ae27c703c16ddb6e336b62bbe9262f14a0512d49286b7874bf2552641157798361ba9e70b89fc755ced034f2ffdedd9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
14b672ce86a681ec83a11b2c3c13bf59

SHA1
9f69adbe34b2baf662550a8e45c55f01223dcb57

SHA256
bd3e75ed40ee20ae899a952001f1bb195e4b08743b62b7312f0201ef54008611

SHA512
e94f8269222e5a27838cd62794b30231df599099c5dfc8e51cfb4c9ed7a10f5013a5133fea0ce856220fae36e6643b0ef050a0120171207f4a047c2e85292e78

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
479bca9dce96459ab74a67d0de3ce4c3

SHA1
977fb2666416343a4b4219a14e9ab4d44579982b

SHA256
bf4ebd7655ee84a34a7e0cfa943377055b036545a90f9362e20104a0a33d118d

SHA512
bd19940a93aad88097b74bec4d4af37f1cc4a451a886b9275bdd34506ba15934221f7cd94a331844855983890a1294004009e69f4818dd72649ca8305972bd34

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4ea35f4e0dd1165d32a011a1bd35539a

SHA1
0006fc342cb51be32a2a18cdbdc73f3f1d740e1f

SHA256
031c481e37319c609707e346f9b4cf20b19b220d63ee7136146372a8ec4052be

SHA512
ff492d1a338653f0d8d784ce7f0eb28be91ebcff60da22bd1058fcefdffa8cdd3c53cf92f07bc16f62eee715e80107b8b7ebf22f74d17ebb1eeb4ca94e59e649

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
43f2f150857c5d444d1cffc5b0dd2787

SHA1
5e2b49e3bc445c915d0c84a9cfa256b3f573dbd5

SHA256
61773cd1b3d1613cbedd2e8ba8af7e7af681d24723c903b292d8cc49579f1a70

SHA512
199442938bd366b15b1a477e64b025e98b303856cdfe0317b4942d706c5f303830a37c9cf7d7594f3a9211ee72351e4759f15a2557a6ac3b2996e5d04c382c55

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
26462b87a50eb16879094c4cc5eb52cd

SHA1
cf6d498e6c2f6eed4d97f535c0267458adaa0e6c

SHA256
95f49afd9fa19c3314fd2b8fa159378fc610d3489b571bd89b0a5fed1beec760

SHA512
029647296dc591f9c408b53dad05845780631d3e656aa866cd2bebe19b39e689f438aaef8ce60a6ca8bafd00d1b7a6674adf8646fef8f0c4c29ba6ce62bebeb9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
78cf596a8a48f904b07ae7bb97bb4c7f

SHA1
46e6242183c5f30ac4a45efe49ee64cd60f9baaf

SHA256
a985ed2664677ea16c309051406fbeef960f4a9ff61350b41a856008ce6e48a7

SHA512
3f43525fe5d296f188e189c69ad543d70e9a6d423cc224411033a0d6a61c0b4830479b489dacaa5b200e599c1f780ac40f7d597f4a6cd5a1eab8afe910142483

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
416cd76a706eb080996fbed20f0bf0ae

SHA1
6bff28aaaa75da77058e9c40ebfb1f653be571cb

SHA256
7e2473039025407de844142b99918646aeb8974a030ef9924465fd295fc62d6f

SHA512
90b6f95554fc543fc59915c50fbdc2864a035b259483dc0acde4903c7e7a008343bae10761f899c78a7c890913a51115df4f06263e9ef995ce389c4def4f56ed

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
53dc71e15b13be98ea23aed10dfef87e

SHA1
7fa8cad291d3ac6d88672d826c06d73b919bb454

SHA256
0c9ef54b48fd4b3945f792ecc664403a81be034c7e12097b63f16d4949e5dd1d

SHA512
90f459fbcc22c8f5c5e844e7c6f95fae028b6c13bec5d0ea9df5ac4ce739dd8488f9f1290f5b2a282a74184e856ceb67761bcf3e8f23cd3088234a6d848b412e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
27a726e7aba6d0d2421be78fcc38259c

SHA1
41b8051524b2e1de6b534e1c556b218857d7ca52

SHA256
c71eebc3c68831d87664f0e3f5764460368c8c93210d2499b8dff7bcdc35ef04

SHA512
1fb9caf8b7f92ea9bd634edb8a794bbe113327a7289c5a18bfc78571b0d969508037db466cc0010bc4f9895dbec450f96669fc7344c6dad66ff27ccff13f25dc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1c90b5cf9c6865b3d1f57c5558592e87

SHA1
7b63cdc64f8222139988a4f110d9770f0b473ba5

SHA256
fcc2905c6e44f9dff9b2560e078d39057a7d19354b58f63f47fc14d68a0b8cd9

SHA512
1edf0985a66d570506bbbdf5ace7c70f12bac85868b1ae13a843ff7e247c02f3109c1926783839567e44dd10ffd510ea092a627af74056586163aeada062e9eb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7ec119cc21f1d4f967d5f13023e912b8

SHA1
bf10d031df5bcbd8f3054c35563d3514f3c2c9be

SHA256
8f70f8956ff795f8add9848ec369c83715a51870a14053b2f452bc4b5221fa24

SHA512
55a6bb506a9baa2333028757760bea2d9b9f19e9f1953bf8d8560d01ebd06457b5edc9abc1eba0dd3271a789746c0a173d181f80f317948b32430ea47195334a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
67a9951212b014882076cf22b5403cc0

SHA1
b95d553325b66a28e33c14dc5f90de0f97073810

SHA256
ef51b690655d44a996ff6726efca0c8c96419baaf01b3373734badfcf93a5d56

SHA512
4100a6542d575e0b38555ff9d887e80a1fbbcfd50f4366860381ab0c4dad883d2b288138af9035598e91b1242e4faa0b934f23476e7677b1043df121f43a2ba0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4cca2144217f417a9c44b244076a0ad9

SHA1
857aee6c173002a8b253cfd4e02e97aa024a2fe3

SHA256
c69d866e096cebac81bf7262072e206c2cf153ed062fd0d71066a3db307fe3a9

SHA512
aff1d7991826390a2954f92e901c273fd0cf1efb63d5905b6a786a6c23e36894889d5599a736c22c7f924b7728a9bce63a4cd6226e2d1366aa097e993b431f56

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
51da74687c844c208ac8a319c5478a18

SHA1
8fb2e7f899a21c733c1b1bff423e65b3f8818aab

SHA256
d4d28ef1ef725b219d9a7e02d90e6f09d97053dfc816dc0c174aabdadc216ba9

SHA512
0530a3f12910ad6b290c9e3dd36873ef988566e5feb27e1de8dd6c120b12bac73738738da187f472d85e2b404975865062a66edab5c799abe4d524068a34885b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ec52aabefc3d566b95e2a6621296008b

SHA1
31dfa96fa8f51f8061f951c941850c84a1c09bf0

SHA256
bfbf7941eeda69d139aebe7eee826fb4608e5a26a0074826c4db697afc60edd4

SHA512
96b40a04a6ff95612ac294bcbad259a55a263ae227e203790e71390f3cce0f18dd11a8fed91bfb07744b0c6249e7505be7eb6bc7bdbfd2cb40d09ab751155416

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ce875fa377ad8792abf92c8425c3bebd

SHA1
b19f95d162209e772e911dd4142979ac3ea92e16

SHA256
d2396cf5b987dc7df3f1ffd093f8c15a68389a842e0bc8e74c3d4f14d8a1f689

SHA512
c09060a4a4313169ffed03265565a494d22ebaf75448584003433a42a31b7dc5e39533d1575099aa3a4370260ddd08bbaf75223fe0089bf7d2e064a2e9833d25

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ecd3202f9e43d00845d510fdcb48bed3

SHA1
85c385607c7ddacde63fbd6e7cb1629143fcd0ba

SHA256
9682eb3ecc4418a52c401d39db3c870fad01f3a5658d17a19267e301dfb646b5

SHA512
2b40b75eb738340c884fd9b85ba89145fb9c59b35c363841e42cef3522d85037a0dec3858313ea7001a04f89bcaad167d67e945f0cb840b4d8f7d0ff3f6d2321

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
c7bf9713869abcf857f33bab2f9c89de

SHA1
917bd163afde1c83702b3d919ac4f307d21133d3

SHA256
36012763775133e42646aca439cbe3e2d2814125f9836f859ddb4725b62b50e5

SHA512
3e3d802bf84772296060dc4b97b87455e2b7bcccb5eb46de122b2903925ab5b4c40efa2a7b1903c050a6cd80a376e8298a58c40a98e7d8ffa6f7b98493d72948

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab6116.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar6207.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit
\Windows\SysWOW64\iexplorer.exe

Filesize
49KB

MD5
fa019d8a7139062f4636767fbcce8915

SHA1
1dd1da89e75c3ed1f35ea4129f215548834ece29

SHA256
41cd725357f8b828ad838b2d8aca193c157509d44e2aca133ce0f5eb95434212

SHA512
c5f7f5742624fd806dba46d41e062655ee879aee53a909321d143cbe6c4b25a988cb71f336b6c69eeb53af7a5887da0124fc9b319f94bca9a7aa72986c569ff9

Download Submit
memory/1704-18-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/1704-17-0x00000000037D0000-0x000000000428A000-memory.dmp

Filesize
10.7MB

Download
memory/1704-13-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/2332-0-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/2332-16-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/2332-10-0x0000000000540000-0x000000000056F000-memory.dmp

Filesize
188KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads