njrat | c6af10736db72c425555f5e62b2b954fceb9d541aa8dd593bb0f1ca91c9a9b52

Analysis

max time kernel
121s
max time network
146s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
20-04-2024 14:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fcfc0891e383dd78bea0b738b2771643_JaffaCakes118.exe
Size

1.6MB
MD5

fcfc0891e383dd78bea0b738b2771643
SHA1

2d6e58beac2275d8f23d5cdcec08af3b82123376
SHA256

c6af10736db72c425555f5e62b2b954fceb9d541aa8dd593bb0f1ca91c9a9b52
SHA512

6c617c3c519580ca79841139ba85864d0a8339251cf8b75654effc71dbbc2ac42be76df8fe809ff8f52a65254495b6a69f157b7a5029192c53d034973e89dbcc
SSDEEP

49152:ch+ZkldoPKi2a9D5SOgTjjhKQVHoF/uY:N2cPKi15SThPVIF

Score

10^/10

njrat soft trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

soft

googlyoutuob.ddns.net:1177

Mutex

5e9d00b3a9bfb0f9311b1d29c32b918a

Attributes

reg_key
5e9d00b3a9bfb0f9311b1d29c32b918a
splitter
|'|'|

Signatures

njRAT/Bladabindi
Widely used RAT written in .NET.
trojan njrat

AutoIT Executable 4 IoCs

AutoIT scripts compiled to PE executables.

Processes:

resource	yara_rule
behavioral1/memory/400-4-0x0000000000080000-0x0000000000161000-memory.dmp	autoit_exe
behavioral1/memory/400-6-0x0000000000080000-0x0000000000161000-memory.dmp	autoit_exe
behavioral1/memory/400-7-0x0000000000080000-0x0000000000161000-memory.dmp	autoit_exe
behavioral1/memory/400-14-0x0000000000080000-0x0000000000161000-memory.dmp	autoit_exe

Suspicious use of SetThreadContext 2 IoCs

Processes:

fcfc0891e383dd78bea0b738b2771643_JaffaCakes118.exefcfc0891e383dd78bea0b738b2771643_JaffaCakes118.exe

description	pid	process	target process
PID 2072 set thread context of 400	2072	fcfc0891e383dd78bea0b738b2771643_JaffaCakes118.exe	fcfc0891e383dd78bea0b738b2771643_JaffaCakes118.exe
PID 400 set thread context of 3044	400	fcfc0891e383dd78bea0b738b2771643_JaffaCakes118.exe	fcfc0891e383dd78bea0b738b2771643_JaffaCakes118.exe

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000009b106788dea7af4d98683a8983feb7c600000000020000000000106600000001000020000000671ed26cd831a4730ef8dc8d53901700735db639d4a73e2b7a7d5fe73b14877a000000000e8000000002000020000000682b4dfac823c7f4499ce6f4046061cfbee8f90fa715d50b1d474f4a1273b7c02000000024c12b7d4460dfc1062ee9f015bc4853bd370f32a1af233e86318e518247309c400000005ec85e80147c4deeec09301eba43e2a5121dbb2ed83fce17de7a4e115d519ab8e58b62cf6c2d19c2724e2f811cf15e5070fe78f7a2d04e43d201710f55c30ba4	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e0fc51723093da01	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000009b106788dea7af4d98683a8983feb7c600000000020000000000106600000001000020000000d5bb85698a3636f148c39474ec138e4d63234067f77a15397079e898ac567d1f000000000e80000000020000200000005379cb53e5d052f233916758b031d4718f0699b16606ba69c6af978a6ef5da0a90000000a2e9488a4936d6b93b190334a4b7e991ef5e4a41f2846a0e7f7249d87afdd19d35e5d473b832e2015960802922097dffd9b7e6443ad65868829bb2f25425eb6afe29eae624d0497caa7b715bdb56f7b533c3fcd7d51628ab7c30f2f84879ee76bb648e0b7e1ac2acfdc59f773b3ad952f945d7d3f76757fa1635e8625b655fdd0794bc83b420b3a2a3402c4653433a6e400000009342ab34cbff83898dd11f453a20766aac4959a2dbefde6e84b2d9960f0f726c6074d4f6bb3eb34cc81b70aae99ca25c80835acb14dd968b87db457b2cc5f571	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "419785761"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{9B340541-FF23-11EE-A1A5-568B85A61596} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

2552 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

2552 iexplore.exe
2552 iexplore.exe
2180 IEXPLORE.EXE
2180 IEXPLORE.EXE
2180 IEXPLORE.EXE
2180 IEXPLORE.EXE

pid	process
2552	iexplore.exe

pid	process
2552	iexplore.exe
2552	iexplore.exe
2180	IEXPLORE.EXE
2180	IEXPLORE.EXE
2180	IEXPLORE.EXE
2180	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 20 IoCs

Processes:

fcfc0891e383dd78bea0b738b2771643_JaffaCakes118.exefcfc0891e383dd78bea0b738b2771643_JaffaCakes118.exefcfc0891e383dd78bea0b738b2771643_JaffaCakes118.exeiexplore.exe

C:\Users\Admin\AppData\Local\Temp\fcfc0891e383dd78bea0b738b2771643_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\fcfc0891e383dd78bea0b738b2771643_JaffaCakes118.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2072

C:\Users\Admin\AppData\Local\Temp\fcfc0891e383dd78bea0b738b2771643_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\fcfc0891e383dd78bea0b738b2771643_JaffaCakes118.exe"
2⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:400

C:\Users\Admin\AppData\Local\Temp\fcfc0891e383dd78bea0b738b2771643_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\fcfc0891e383dd78bea0b738b2771643_JaffaCakes118.exe"
3⤵
- Suspicious use of WriteProcessMemory
PID:3044

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=fcfc0891e383dd78bea0b738b2771643_JaffaCakes118.exe&platform=0009&osver=5&isServer=0&shimver=4.0.30319.0
4⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2552

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2552 CREDAT:275457 /prefetch:2
5⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2180

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6B2043001D270792DFFD725518EAFE2C
Filesize
579B

MD5
f55da450a5fb287e1e0f0dcc965756ca

SHA1
7e04de896a3e666d00e687d33ffad93be83d349e

SHA256
31ad6648f8104138c738f39ea4320133393e3a18cc02296ef97c2ac9ef6731d0

SHA512
19bd9a319dfdaad7c13a6b085e51c67c0f9cb1eb4babc4c2b5cdf921c13002ca324e62dfa05f344e340d0d100aa4d6fac0683552162ccc7c0321a8d146da0630

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6B2043001D270792DFFD725518EAFE2C
Filesize
252B

MD5
c01a7d5bf135d5978b1c99ec2e99613f

SHA1
2c5f5ae902e8fc40e7dc2027735322a6f5a9741b

SHA256
3787077c4d95f8c2e0a8904bdc78528af73df49eb03badb9a478dc6e1e6775b7

SHA512
7a4512d7dec4b08fc5192ab9cbd6e883d05581e6a1eb4903a8bb9d2b2b00493fca36a9aa5163c66141cab633808eb20e4a6ede0ecc75cde5ef784f32fef822b7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
7086f55552bd840934fddf80566c737f

SHA1
f74263009e7f6219054856e87f6adcb9fc410f59

SHA256
dab5fac5ab588d0a3105d4862239d2777228532e9949745f4ba36591d0cbb02f

SHA512
e402076afa8ff8c849218295a014265af636a6622d408cc9c876bb2819d2697b3fd884de9896bd2433c320f52403043b752ad6961ddda58cfae1b21bae8b3c02

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
89b305a99d6050dd8d39d75a97381fbd

SHA1
e7f8d42c8845a49f0715974e813d7c79d876e1dd

SHA256
7b394c2fa91740733b9de549ca383ca1ee15bbc2de63f1e3a8b57ed9f938018a

SHA512
5d0729eafb64531a6fc2fa76856ac0cdf76516080d10628ea2d7e4bc53dec64eecb9cccee2db733b053f55be6223947f212d1f6d1c139d6b4caba91a49248909

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
8960f08b72e7990ebcba9033c4871559

SHA1
6507c8cb5795ab727272fd2d3984ebe996e2e899

SHA256
35ceb4e755575b1809b8dea06ab48969424c3d43eb983b2053697edba02f8ba0

SHA512
de2fecb70d62f59ae6b72748d51c4b2f23800233ba5e8de39c28e02e803771d30757fc2d521c229c62f68067c96ca089a59f3d9f288212d2cab6bfc7f4c514e1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
59fe5f34dba6d0ff3811db1d2e0cf8fb

SHA1
f33561d4a07312d3d0f54bfc500d87129d049762

SHA256
214e1108eb8128eb966590aaea376948c524b4936592759aa47803e407f4cc4e

SHA512
7d4735c96ff8dcbf771d5c62dcde92fed51df48f1615dcea08c61e80f19c32d1a2ab4e2a0aaedc0e3c0787e8126e92e6f43c25534c482be7697d948ca2e60bbc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
fe123d7c76fb88e1c56d19b7eec36b79

SHA1
9d0df5b175f180c93bf260d2f6a96ce82f6e8561

SHA256
24099166cf3866a14d1b8b607a0ce7092241b65a2bd10b902af847ab435864d1

SHA512
5ee278c3a36bf19bb15ec92e8de801ba3870bbc284b6c5550e0f0ce37bc0298ab5450ff43750089cac42e88e073eca9ec15455941e9aa1620151103067454f64

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
99533b520de54e7fe2868d1670890abe

SHA1
6d2cc1e189da52bf7f0d838b0dfadb590c88ec7c

SHA256
36e63e0777d53cd15f86c245bbc4bf3aaa6e21fea58f0d4a23f8f38b0a6f09bf

SHA512
9a7243fab5e7b08dd660363c17ffc704cb11f8646d22b4bfc7febb93cf7cd1c9a541e26528a3cfae9a61cb2539d6fee439e7e024693967ed70753da65fc0a8db

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
7713fe0db37c76d084fca8e60f32e4da

SHA1
f34915232a1fea981da226cd9eb9de6529cecb0a

SHA256
6f3fd1a91fd72683f240075981e1766de938042538863db6abc8e96118af65d3

SHA512
c78179976c87e756767e505a5787eca6017a30d85ce26b5154a7f46541e923a25ba5b1261885ae167057408b25ac0f48fafed1b4cada910a2afbe33a72066368

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
08e155adae7317885099ff1de8fc9e96

SHA1
cc0a6e9ab699c6851ad497aac2141b83ebd0faaa

SHA256
8323f6fd3a25e7c9b3d4f769409d370ba3cc7e91569a51c4d99ba2be92570077

SHA512
76acb7670b9ec4c107f261dfe14c22bedac93c901130f7d66a86a9ae4f263901c31b7b3b7916c73115db7d7ac712516fe20a031bb13021cf16042fb5cea41f26

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
2ccb94229f69be82ac1813300fe3b219

SHA1
6b8ceb88bf5e3038e5dac9b16e998e2092243c78

SHA256
6c28abd48b85321276bf83c38aaf82d43d6d3bea014481bd94cb2ed5acc8d447

SHA512
7147cb87ddc7d4b0a78918869622aac2483e384d885d693b76472ca0dbdef5908a8363351490d484a5bf1addae938f21099d28bbfc79421251ac44284840f27a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
de2659798e3ed121a5010b3c7202af38

SHA1
f3b5653a2f2a92af07bca31d98e3afff1b19505f

SHA256
e632244ce0aea7214f3b04020825b881cb2a37cd695b9b345ac3cf5bfad655ad

SHA512
1142ccf9dfd98cb3c2c9819b96e48419ad71831437abe0fd2f9496e5eea37b60405eb37aa477493dfb6fdec8cde697665cd2dd7a2a260ccae972439984d32cba

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
0c28faa40e8f02ec5de32768694ff208

SHA1
237ad33558d61d762f28bab529ac3244631be069

SHA256
d225575d0b7fcc1734557c1bcb982f2c9e7a6e5884d3c8d6e97573d440169817

SHA512
2ce54b3e507b03a5e50002c2a92199a7bb313a21cc814ec916c203c3daaeae4cdb769c5b5e2da369b057be447cfb2c3531a1656fd2f5def513d7842e3ced295a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
74f180d8ac6a54b3dff6fe045c3d70b6

SHA1
3e434c07ab1d12cef6e65805709d57a859b96fa1

SHA256
f3a2a6c46f503377ec0494de3ee212d956d7cbe65efb33c00c5d3a78add3c05a

SHA512
4bd9851f2b0f93b9fdebc012e3112aa852e9e284ff6d296d88801559304d08b21fd05f950704ac5aa0fb66eee791351a02bca22530c99cd3b5aabcb39b2338fb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
d42075bca7a1dad57a0bb48df1f202a9

SHA1
486e25bab9d4855666a70d0a0816c6e3b2543992

SHA256
b88552e69c91fc3b403cd741ca036629eb730626f7a66c2a9bbd30fec7e6d5ac

SHA512
0bf358568a2856bd84fad2d7f80f1a450763d9d91b63c3626c727680ed07a4ffd264dfd88b127fe2a4cfddb8df38238296b2bd29760d876a89298950afdcfa0b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
c7b9f48a5e12e1c00190d25852befb90

SHA1
d21bb9b9b2b1d24fb89c93a9d6630b7e8c276dc1

SHA256
757a85dcaef1ab1127872a920551e83e7c7e38ab875a5461764169aada6f8122

SHA512
83f03a25e1fe15088e31612d35d3e000caabcfc7e681699528d2b66016b5f31737cd2371bc39acd64574044536eae503c088f355df2db444ffd3a10ef0ee2d8c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
60b09504ed9173f2883466a4b45ccb9e

SHA1
d7bf020c259dad7016bff15e6aaa0f64c2e870cb

SHA256
253595f29654f3a66d67862b644ff4f3500a4895eb0b3c3e68f44860f86bb6fa

SHA512
8fe6148e38f741971904ce3eccd37c5c7ae59ad3b1f99fd95fe16ab18f8128963fd6b5a9dfb3867c9853057117ad26e166d8720e0f959a9c00e24dddde003574

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
0fe7b61f0ec8f5200963d24dce489e69

SHA1
e885ae366b102155c0d30b04e6c1909824c31dc4

SHA256
43f952e51de77b9029f208b32084227c8ad5eadad3b6ff76c123bf9a4094f4a7

SHA512
1ec2bf24cdfa8bfb27ca1e7da2b263d252712ceef28917b3ea8c6ad4ac2eb9535f538dc41c398924cac5e0e2b2ae0e467fee075ec16d9af8b4d123cbc72f2673

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
de78e46623d067ec5cfbb013346d9181

SHA1
01c445dc659d98542c983d2fec47a557854fc0cb

SHA256
4a984e7e52b2e6a3d8ff9cfec58fac619a1b54f81731701bb33f263274087e11

SHA512
50f929d5dd05db02cd02621240e8954bcbb6a58dd9ac9fef1a5a8e4bf50e955b8e75f52c1fbb207b4225cbcc7b53e88371f0a6a6a53190665e0264e6b82f7f3d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
4d5867b90a76eb59452ac0678976a7a7

SHA1
089b521ab37276198b6b28c5f8db7c0a53175221

SHA256
e422c3f06f0ef183dff91e028845d539a5e374c0bd39afed371fc9ccc1490c5c

SHA512
c388ddb97dd19ebd8c88477ffbdc05d93a3aa1c99374022bb776248eb4308b6b93b525c8d6ec2a9c8109fa244ecd66e99fb0c837235b6724f7443c8af56c8127

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
5a53c9f9faba89ef2629182b1576554c

SHA1
97d0a4b1e9bcf130fced687b3e655681871fec5a

SHA256
e7dd9c970a924127126ae05bb4cf3edbc50f88f4a6ebbd70199e2f477b5a9939

SHA512
c1498cd9024cf14bc5b43ef716d29813fba1c7dd3db87f58325b2b6b990347d3912e0ddc225c3c580e86eda815ffb7a9573f11dbfb5c63bd0481019c7a704f78

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
44e77b6fcdc4d3cd98ee3c7dd7d91ae3

SHA1
79f3f32bdb130dd8fd62bc21eede9063c76d21dd

SHA256
906e75a0cc87a4e8b458df6bc175609e8ab1ceba639e30fbf55ef0f0ce31fdf4

SHA512
af165ea82fd2aebbf169428a9629b631291e5a749931f52ca72b29a5f83ed66526f3da46a138e6b2b8930f8fe71ce36a1ef1939fc08785fccc9706f94d23546e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
de37f165ffa3289b7fb4030a332c4f37

SHA1
77cb4d41abbb467c3795449834e46d9ad924e3dc

SHA256
5ff0b7a74d1b365c88e810a66dd92e8ecf4b256588b777f2f4d34aca558f7b91

SHA512
3f01d779a4731c6b8d1e27e2b269b0a68f91f156ca633992f8ac59a16a11c4790eceabfaac6cfc5c721b7acc391b4cd13f0fd6de0781a89fa818a5cc5aaa0ef4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
b3cc26396e89815f5cd5378f31607c2c

SHA1
9fb12adca4e4edc63161fc3a0099c9bc91914fd5

SHA256
39573192e07b12cb3f47cb4399e50104502b58eb91ee7a3d5a5e67c74a1c8b43

SHA512
7a763ca8f8e4a3c110d9a346383b6ad39897ed483af8f7db2731312ed49b5798dc52fc61e2503c18f72960f40e9aa03b93c304f47d1e92a2367f051fcbf67479

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
373bf34744ef4c956c21c675cdbf167d

SHA1
d798bd21cf47d8efed3d415330a6a40ef6f13bf4

SHA256
f4f4fbdb25c8adc914487e21b613b5eb68505eb12f5a85fbb2083eb5b9e756a7

SHA512
a51f50f7876aa986ea8eb8470f401d23662fd191d9ef01eb0492d38d9145af02724b9c8d03394560f30702ecf3afa09a104b90286504f3137d9978e9bbb921c5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar5596.tmp
Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit
memory/400-7-0x0000000000080000-0x0000000000161000-memory.dmp

Filesize
900KB

Download
memory/400-14-0x0000000000080000-0x0000000000161000-memory.dmp

Filesize
900KB

Download
memory/400-2-0x00000000FFFDE000-0x00000000FFFDF000-memory.dmp

Filesize
4KB

Download
memory/400-0-0x0000000000080000-0x0000000000161000-memory.dmp

Filesize
900KB

Download
memory/400-4-0x0000000000080000-0x0000000000161000-memory.dmp

Filesize
900KB

Download
memory/400-6-0x0000000000080000-0x0000000000161000-memory.dmp

Filesize
900KB

Download
memory/3044-15-0x0000000000080000-0x000000000008C000-memory.dmp

Filesize
48KB

Download
memory/3044-8-0x0000000000080000-0x000000000008C000-memory.dmp

Filesize
48KB

Download
memory/3044-12-0x0000000000080000-0x000000000008C000-memory.dmp

Filesize
48KB

Download
memory/3044-17-0x0000000000080000-0x000000000008C000-memory.dmp

Filesize
48KB

Download

description	pid	process	target process
PID 2072 wrote to memory of 400	2072	fcfc0891e383dd78bea0b738b2771643_JaffaCakes118.exe	fcfc0891e383dd78bea0b738b2771643_JaffaCakes118.exe
PID 2072 wrote to memory of 400	2072	fcfc0891e383dd78bea0b738b2771643_JaffaCakes118.exe	fcfc0891e383dd78bea0b738b2771643_JaffaCakes118.exe
PID 2072 wrote to memory of 400	2072	fcfc0891e383dd78bea0b738b2771643_JaffaCakes118.exe	fcfc0891e383dd78bea0b738b2771643_JaffaCakes118.exe
PID 2072 wrote to memory of 400	2072	fcfc0891e383dd78bea0b738b2771643_JaffaCakes118.exe	fcfc0891e383dd78bea0b738b2771643_JaffaCakes118.exe
PID 2072 wrote to memory of 400	2072	fcfc0891e383dd78bea0b738b2771643_JaffaCakes118.exe	fcfc0891e383dd78bea0b738b2771643_JaffaCakes118.exe
PID 2072 wrote to memory of 400	2072	fcfc0891e383dd78bea0b738b2771643_JaffaCakes118.exe	fcfc0891e383dd78bea0b738b2771643_JaffaCakes118.exe
PID 400 wrote to memory of 3044	400	fcfc0891e383dd78bea0b738b2771643_JaffaCakes118.exe	fcfc0891e383dd78bea0b738b2771643_JaffaCakes118.exe
PID 400 wrote to memory of 3044	400	fcfc0891e383dd78bea0b738b2771643_JaffaCakes118.exe	fcfc0891e383dd78bea0b738b2771643_JaffaCakes118.exe
PID 400 wrote to memory of 3044	400	fcfc0891e383dd78bea0b738b2771643_JaffaCakes118.exe	fcfc0891e383dd78bea0b738b2771643_JaffaCakes118.exe
PID 400 wrote to memory of 3044	400	fcfc0891e383dd78bea0b738b2771643_JaffaCakes118.exe	fcfc0891e383dd78bea0b738b2771643_JaffaCakes118.exe
PID 400 wrote to memory of 3044	400	fcfc0891e383dd78bea0b738b2771643_JaffaCakes118.exe	fcfc0891e383dd78bea0b738b2771643_JaffaCakes118.exe
PID 400 wrote to memory of 3044	400	fcfc0891e383dd78bea0b738b2771643_JaffaCakes118.exe	fcfc0891e383dd78bea0b738b2771643_JaffaCakes118.exe
PID 3044 wrote to memory of 2552	3044	fcfc0891e383dd78bea0b738b2771643_JaffaCakes118.exe	iexplore.exe
PID 3044 wrote to memory of 2552	3044	fcfc0891e383dd78bea0b738b2771643_JaffaCakes118.exe	iexplore.exe
PID 3044 wrote to memory of 2552	3044	fcfc0891e383dd78bea0b738b2771643_JaffaCakes118.exe	iexplore.exe
PID 3044 wrote to memory of 2552	3044	fcfc0891e383dd78bea0b738b2771643_JaffaCakes118.exe	iexplore.exe
PID 2552 wrote to memory of 2180	2552	iexplore.exe	IEXPLORE.EXE
PID 2552 wrote to memory of 2180	2552	iexplore.exe	IEXPLORE.EXE
PID 2552 wrote to memory of 2180	2552	iexplore.exe	IEXPLORE.EXE
PID 2552 wrote to memory of 2180	2552	iexplore.exe	IEXPLORE.EXE