7cbdd2815fc4fed4858c04c087382347af39e71d9091c3f59e30818271e83ac9

Analysis

max time kernel
149s
max time network
147s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
08/05/2024, 13:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

25216030ce6c601f529d8a8d65fbcc5f_JaffaCakes118.exe
Size

1.1MB
MD5

25216030ce6c601f529d8a8d65fbcc5f
SHA1

b26661ea3c1429d5a3c3dfbdfe71f343fd0fae16
SHA256

7cbdd2815fc4fed4858c04c087382347af39e71d9091c3f59e30818271e83ac9
SHA512

b5b2c99dbba37392148779c82100c1b51016c1806adf69277b8ff082349da4994dd71c23e3991309b14167211994249cb91223326885f2bf8a460799e5bed137
SSDEEP

12288:3sM+aTA3c+FK1vrlVYBVignBtZnfVq4cz1i5pP9kPQC:cV4W8hqBYgnBLfVqx1WjkP

Score

7^/10

discovery

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
1252	cmd.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 44 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes\{D35A3CC3-2DFA-4F36-A480-C25EB19E3C4F}	25216030ce6c601f529d8a8d65fbcc5f_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes\{D35A3CC3-2DFA-4F36-A480-C25EB19E3C4F}\URL = "http://search.weatherradarforecast.co/s?source=GoogleDisplay-bb8&uid=74c78323-43af-484e-b9d2-2c84d750fb37&uc=20180111&ap=appfocus154&i_id=weather__1.30&query={searchTerms}"	25216030ce6c601f529d8a8d65fbcc5f_JaffaCakes118.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000abb8596cc50c0546bfda6658dcffc2330000000002000000000010660000000100002000000048cb05ecddfee9dbad08a2d652c253e009f1b29fc5adcb4491eab5fb62552584000000000e80000000020000200000004a51de620ae1baa5bf6e288fd740dd5c9e64478b9a5cb23a52f60eb4d83abbd1200000003672b1f000f8285e58e36d508de7221cf78b524156c798bee003d7fc501db64e40000000ec35aa44c8bb4b7d4bdebe8d179994a31f8b8281c28c5a6046312a4b5a8266e26b2d6fe177538d5bb0dfd27a0c23c45545edb65d2759188815e5a9f83004a7b5	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DOMStorage\weatherradarforecast.co\NumberOfSubdomains = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "421337981"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000abb8596cc50c0546bfda6658dcffc23300000000020000000000106600000001000020000000aaa91c0df117f75753aceed4e3991cae72e1047c4a20d31aa2db39f32ef09820000000000e8000000002000020000000525858d5b81d0d814211931971e729a074713ff4f463e206fff1a0d434f2d147900000004f79d26fbf3e96f33768f6dd5cae94334908be9b6fb48ec9bc540f45364010c491acf9f3a5e105191ff4af5c74ae1f76f599a09811fb3d7ed7d8293c3d4742bc4b4945cacd9b24b68fb50741ec983926661965e65c5596977ff1e5c72c0a6fd4d3ba68f18ca62bef0c5431c723c1e14edc83f57fb3f2f695f80882d9d92267048bbf7ec2eb3f324be31996659e8916fa4000000044f1b114fb0457cf58e095bc24a91f3eb6c015917f56602b95b402f257c4a6fb8865b483130d2e671dda137fafae978e9aca7a44d6effec7a6669e20b44678f1	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{A97F24A1-0D41-11EF-A1AD-46837A41B3D6} = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\	25216030ce6c601f529d8a8d65fbcc5f_JaffaCakes118.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes\{D35A3CC3-2DFA-4F36-A480-C25EB19E3C4F}\SuggestionsURL = "https://ie.search.yahoo.com/os?appid=ie8&command={searchTerms}"	25216030ce6c601f529d8a8d65fbcc5f_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DOMStorage	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes\{D35A3CC3-2DFA-4F36-A480-C25EB19E3C4F}\DisplayName = "Search"	25216030ce6c601f529d8a8d65fbcc5f_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 405f00804ea1da01	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DOMStorage\weatherradarforecast.co	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes	IEXPLORE.EXE

Modifies Internet Explorer start page 1 TTPs 1 IoCs

stealer

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Start Page = "http://search.weatherradarforecast.co/?source=GoogleDisplay-bb8&uid=74c78323-43af-484e-b9d2-2c84d750fb37&uc=20180111&ap=appfocus154&i_id=weather__1.30"	25216030ce6c601f529d8a8d65fbcc5f_JaffaCakes118.exe

Runs ping.exe 1 TTPs 1 IoCs

Remote System Discovery

T1018

pid	Process
1720	PING.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2564	IEXPLORE.EXE

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2564	IEXPLORE.EXE
2564	IEXPLORE.EXE
2600	IEXPLORE.EXE
2600	IEXPLORE.EXE
2600	IEXPLORE.EXE
2600	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 16 IoCs

description	pid	Process	procid_target
PID 2060 wrote to memory of 2564	2060	25216030ce6c601f529d8a8d65fbcc5f_JaffaCakes118.exe	28
PID 2060 wrote to memory of 2564	2060	25216030ce6c601f529d8a8d65fbcc5f_JaffaCakes118.exe	28
PID 2060 wrote to memory of 2564	2060	25216030ce6c601f529d8a8d65fbcc5f_JaffaCakes118.exe	28
PID 2060 wrote to memory of 2564	2060	25216030ce6c601f529d8a8d65fbcc5f_JaffaCakes118.exe	28
PID 2564 wrote to memory of 2600	2564	IEXPLORE.EXE	29
PID 2564 wrote to memory of 2600	2564	IEXPLORE.EXE	29
PID 2564 wrote to memory of 2600	2564	IEXPLORE.EXE	29
PID 2564 wrote to memory of 2600	2564	IEXPLORE.EXE	29
PID 2060 wrote to memory of 1252	2060	25216030ce6c601f529d8a8d65fbcc5f_JaffaCakes118.exe	31
PID 2060 wrote to memory of 1252	2060	25216030ce6c601f529d8a8d65fbcc5f_JaffaCakes118.exe	31
PID 2060 wrote to memory of 1252	2060	25216030ce6c601f529d8a8d65fbcc5f_JaffaCakes118.exe	31
PID 2060 wrote to memory of 1252	2060	25216030ce6c601f529d8a8d65fbcc5f_JaffaCakes118.exe	31
PID 1252 wrote to memory of 1720	1252	cmd.exe	33
PID 1252 wrote to memory of 1720	1252	cmd.exe	33
PID 1252 wrote to memory of 1720	1252	cmd.exe	33
PID 1252 wrote to memory of 1720	1252	cmd.exe	33

C:\Users\Admin\AppData\Local\Temp\25216030ce6c601f529d8a8d65fbcc5f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\25216030ce6c601f529d8a8d65fbcc5f_JaffaCakes118.exe"
1⤵
- Modifies Internet Explorer settings
- Modifies Internet Explorer start page
- Suspicious use of WriteProcessMemory
PID:2060
- C:\Program Files\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://search.weatherradarforecast.co/?source=GoogleDisplay-bb8&uid=74c78323-43af-484e-b9d2-2c84d750fb37&uc=20180111&ap=appfocus154&i_id=weather__1.30
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2564
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2564 CREDAT:275457 /prefetch:2
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:2600
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\system32\cmd.exe" /c FOR /L %V IN (1,1,10) DO del /F "C:\Users\Admin\AppData\Local\Temp\25216030ce6c601f529d8a8d65fbcc5f_JaffaCakes118.exe" >> NUL & PING 1.1.1.1 -n 1 -w 1000 > NUL & IF NOT EXIST "C:\Users\Admin\AppData\Local\Temp\25216030ce6c601f529d8a8d65fbcc5f_JaffaCakes118.exe" EXIT
  2⤵
  - Deletes itself
  - Suspicious use of WriteProcessMemory
  PID:1252
- - C:\Windows\SysWOW64\PING.EXE
    PING 1.1.1.1 -n 1 -w 1000
    3⤵
    - Runs ping.exe
    PID:1720

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

Remote System Discovery

T1018

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

Filesize
1KB

MD5
55540a230bdab55187a841cfe1aa1545

SHA1
363e4734f757bdeb89868efe94907774a327695e

SHA256
d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

SHA512
c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_9487BC0D4381A7CDEB9A8CC43F66D27C

Filesize
471B

MD5
13685499e62b8c4c933d30a81f5e0657

SHA1
32ad3f5c789be7ef3fa24f4f750670a0f09e781d

SHA256
b1b70184b16c7f441bd5a630ba72117e22689b67739f8c0bed5e0ef7a06d536c

SHA512
cba34b431102ac30edaf7f148fdb597ae53045b4d49d5d0c30a85282da96c0dc9fb85fd4bc244e0b026d1b8c86ef1bc059da7c73cad900f5dd238233dea5dfe5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_4CE3955EB81328E9364A4F6718E46680

Filesize
406B

MD5
f6d56672a552e21e25dd93d63b046192

SHA1
58bf0051b939e6073cf7e89465b06c7e2620016a

SHA256
31db3cf0f5dee666cc24a3cf87e73356baaa298f96987b07bb276936f9e1c9bb

SHA512
2974965f30698e8caac30fb25b7aa82ce56dfa1c0cd7e8b1d1226bc2bd755ecdd1f088f1a4ff047a8f1306214ce38d1fc0429bc09dc4a21d8103fb65dd896cf4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
63ef648e919bb760b5c6b19dae05c5f8

SHA1
f9baacbd970ecfd8d90c4293d15f4cba01e9aecb

SHA256
013c1f3a8923649ab2af50e94b646337263477617d0fc0cd9e2f4533d956f7b4

SHA512
e4e98a9c72aec259bd3bf4f94ae05919ac9dd5ece58b5181a161f8eb1634aa3f6cce616a88b0e7a91d99a5c31270b03cf261eacede833000980be912a4433910

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a38ef25aea37c2fea40b52231401f865

SHA1
a50622f627610ac7e78ee2f7b04bb25f79411e67

SHA256
2f442e8c6ca9b1b7b9ff4534a80549c344e3bcb1a96978d716e3d28d6946231d

SHA512
f099b114d2b39524676a4ad28d6e9eaf44f6c186ca1c8e5fbec1b293f4211cb36ed1d961caf565727ddd9a2aa1a388cd6b1a8e55a24950914e1a3df38aa49419

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b9dda73a18e596ca9508e25ad38ec3b8

SHA1
1b41d2e027be549351ee33747d01d30d9a23d381

SHA256
bf5b804677a3b2dd689588741ad993ad0220f6de43cf704955f976d05235ad3a

SHA512
b397a72eba768e8ca6c011fbe7efa14693b9e2428d4085fb9a45a3d5ce9e241f3e0d0c02990094a2a303d4cf9a56a00a0c3e1300d73925901c978f1509699484

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0e85af76f8f2ad54c666fb8c11c2cbaf

SHA1
fcc9e9aad4cf8743c987ca9d828c069039739d7b

SHA256
2c8374d036a3de7945df1719f2ed19913fa9a06004aa2b1dd2161e3ea87ab4d9

SHA512
1b6ff5fc8788f9e5b00994fccbb9d955cfb6d731b629fa4c0d2b57198ab8f42e4db39ad9167061176159bd6cd15f3c5506101cbfb7f59b949ea33c413fcc319e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b86c923a709ee162315fbdb7740d17ef

SHA1
3392e4d8c810868d5ddde52fb8c33d6318318b71

SHA256
f5dcf4a597494c4f9102f9f900a88717e63472761925e3020ede943ee7f2b9f5

SHA512
a363df32d693c0eb1abe294f7339f621338728c5010d4e4178a8ee030bf0ccf9f06ff6535a27099ef248333f52fc43b2cd8ab37ca0963561c2a62f2856fce8e1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
64947309e3f50d807f3509e4f2b05ff5

SHA1
6d90a79aa3cc86b63ff339345fa198856a8b1e98

SHA256
3c259f434aa33a7e083b8e81902fc0bd557bfc46392e28a84a55617c34b57d66

SHA512
583528a86523e57c1cf65c361f8ffb2b59279c2cbf9e1b3877181eac86aa3dc4a985538eb5391935c93c2b3bac12fa60940ca9ad80c85fe1e7aab6230669360d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
af7cdfbda8099ca3bbcad5d76c49ad93

SHA1
3bc44ec00fc6a4c511bd6ec570f31f9bede52d41

SHA256
1ce0cc5933243e4c89da376797299b3295292cbedb03e3f6addb1a0ad5104f5a

SHA512
a3adbaa326b60c98fa2e0a0703544aa0880b93aaa9039569184f791b8740fd90dcaf8f3bb51fb6d9ddd3cf0a408126c125fe446e6ee8663cdb04937157e2deaa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
efae813d8c815ccbd68b6d162ae0c84d

SHA1
ca686ed331c888f00f776699c0154299992aa431

SHA256
f0b616a52477fdd895113936fb334752883d49bfc1a2e69042a17e8c1e1e12b8

SHA512
aa23fb9d43589aab18b98ee4fb39235cd81a232839bdbb30daa73e980c5f1e0dd5a567202862173cb940544a40a7986f2ac1ca274524bc953038ca4fb689ec9d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2c23a6f6aa27f9584bcb88f3de299f17

SHA1
01af04d95184c75738bf3cb184b32f54ef57db8f

SHA256
8292ac5fabf192dd6d96babc32cf9533f98a94771fdb8d78050617f4832bb73f

SHA512
d44621eb4a6dd5707682887391c391276c83d23823f679a5b34b316c9e0173e03f0f689bafbda9fd6bd7e7bfe7e49818f716916c1a2c09e3b41c2e02543b9bd7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
200fdf580b8e580238ffe2f72d845887

SHA1
72ff677ea604eaa26e006e252681e4e8ffa4d549

SHA256
e320b861aec61cef1671560dd0246bf2b316efce193b2cadd67391d470a476bf

SHA512
9ea2c2cd86eda0218e81336261501892b143c51ebf7188d9bacf1a10ede4becd617b3640f81ec9781bdf0415da1d429f73b6944645ac6d052f8b94b73b6d358a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
17c257e143cb683f1a76d42f1c89545e

SHA1
935826b3ad44811efae1f8810054d5070e2c5ed7

SHA256
907224fb1e8e1bbc8d7d8b633589780d7c694544b02e19e42726e2f811b97da7

SHA512
cfe39adf4cf83ebd6313335efbbf14af04a9c3027e16a0b82a56f5623f1cb361ad546803bfac49115d2f7ea3d4b546ff98e37164bf3f9bd79427765172a3b447

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f85147e7c54f6746f29e677d5c9efa42

SHA1
4c066fbd884e2827bd7ea7622236e17a2140330c

SHA256
b4de793f81476d3a112f1c02fd79d5e2d4de01926aff362d92e97d815c92a443

SHA512
e783a6113c51e2e15a965307baebe39793c58afa643db32a691bf0cf6ca3e8d00652f5a2e1e2b532e2c3f97bf9076022f5b872b63dff2a84456f7bca6e904ddd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
32366eb30af88df2ad80495346b005b7

SHA1
debedf144503beaf9da491d93b9fdc5ef9dcfcda

SHA256
e6b1dd4d3c8ff5b023e54b95e7da7d11cdd711837879e71154ebb14d9e3f1d48

SHA512
0151b926c07c03ee78cb20b2ff03ac5e4f51aae3347f4f71781ea5aeb1e70f0fb0f65741d1fed7bd3a52ab6d76972e74870bba5a2cc38cabdea0d5b9214a9bb5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
408b018a781b64e22f52696d5ad4c2e6

SHA1
92886e844da95a40bc0e2aa8ef98b46781b33a7f

SHA256
eb182d15cfeb8fea5a72a5a980e5b7ce97eab1eaca773d86633c829d48b43d28

SHA512
87f420345309a91488951486d4a16c40b403f407f0783bb358d2526be6056cd336a1b6a596e6d8f8d9c04b6103b02c5cb467d8871a00658a9690b950a27e82bb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b66a16f0c195156d1c4fface692d81a1

SHA1
958b2656f3562e9e8b57211cff7c0a59f43b5959

SHA256
323bf3200651718403440721f1c6cbf17efdc7c0a1b19e81bb03179bf55ced7d

SHA512
cdbbbf85b98a8bfce131688ffee0d99e67ff7c8dc304e38e7385837e63ea21e668cccfa618ada932934e4647a1b0a5fa6b0071ffbc0176fcd1b9b3317343d955

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f65826feb2101147c35e9081f916f48f

SHA1
87217157cfad483d3272e1abaf0a9f84185d3593

SHA256
c6e35165210928f81eccf19e75aa28e2ac510b691f27e6f3f6cb869759bc2b2d

SHA512
b333e7cf8298dffde7d9dfe351305da45508cf72fa03ae71139fe09960865515d7a8ec2fadcc4286e9fb581c43092f540445044f3fab8de8b1985589bcc075b3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7f587c8f796c4fdd891a18101e850ad2

SHA1
02d741a13b044ae6675e4b1eb10d0dd5281487fc

SHA256
59aae5fc001231ce91b8fffc97d3ef38377366c724a564c621233beee10e3a69

SHA512
46e999b397b04f9bf674743a5c08c15d7a648faa8d7fbc2f9384c4654450e1a4c948ed80cc4d4a6cfc1a80a65c285f029008b48df63a43f35c0cd16b89160810

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bd0a0f20729c558e199d5ae0c8eee86a

SHA1
c900bd8026917b55a79edba1949cb1eee50e2db2

SHA256
e6b3c9439d54e82904af9c4268284fb1da8b732978daeb2dbd13bec3b1b731d6

SHA512
832d8191eb3288d38cdd9ef73dca779ac1ec48cff8ce61d4b16ee24466e021f1d57f535faffded250569c9dfc099ac8cd7b24ea400192296889cb103d0f54c81

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bd84f0b8213fa8ae254d4b5f2a16eada

SHA1
f868df5e6eea03a0998d6df51630e68aef340a39

SHA256
71c023b8e9846c8a170bf7e682895836919afaac7cc7214b57230a68f24eeeeb

SHA512
f7a5322b37b34f2d4c6a1f288392f4dc5ef27b4fbf68504eb9a60ed29ddb00de21cd90daac9bf91478ec13f810b3b70a7281bad808855c3c2b241117f4c763d8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fbaebfd6aa2bc225ad32e9a7b22ad46d

SHA1
7fb960492108a6abcfa545f138dd52d8677613a8

SHA256
850a5671ac0864cc9dc7dec342f0c72fee519a9eaf68110ddba38678f722fe43

SHA512
2975148afc4af5a8bb1ab369c97a55b74d35d81c2fd9cdc942571631e1b6e171712ce561e6eef637760a065148b471fc93f4f9124587f20ea704c76037758a19

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f2d791d2a2c6921c8eb2080c4797e4ee

SHA1
714b73cfe0ade1d73031c202bf8fb79793637975

SHA256
53d2f1e40e8d653fad597fa8adb48de3ab1033a61fb4c16a66eeb041f27d4de1

SHA512
465ae5902d160304bb9e5ac8629c7cc2f5b4bde72b458d7e15e1eafd0ef75952b44c52a65b35dab2c1890aee3fc86c7326a9e7b4832b159962eff1ca6e9983b1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7a0ac1ae49a775bf57d5594675aa9354

SHA1
e0b4a265e9325e82844a1e185e78d9e9ccef597b

SHA256
b7d5d4be942118f9cb52071c6ce9ff6e3e09b271dc731809a433879a8defdc0d

SHA512
4962bd937d419a2e828ab5928178aeb697d933b613f7d3519744484fac558646914955270346aca9e036ea17f5e32603502006dc79866592f5f6d604ba8772df

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a92f1389badc26f16bf1b6f44b23d7bd

SHA1
f04dac7eca2831f44a0e715d527d72da89f30e24

SHA256
10ece8ef35958385eab62ac2ef60f202a39c808a28c3f76c874bc0e0ca306ad7

SHA512
c669dbca19fd75b48febe21f2aa73a904ae770ebbab5eabac09b134d4714cfb5840916fa655aa016999059ff0ed19a5f68bc0d2c12896b10b7136d99d501a333

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d1a8bc48a79c2e1f5de84693974b9835

SHA1
00bafd036d4f58b66baa5aacd6e8bfbc34db1be9

SHA256
ac4840ab1347b696df3e28d1fc3d5139f07c92006f33f6b2c8bbe6d8e094eed7

SHA512
f91d5157fc28b965029b0b755cef3b97b2b4fe31c1cbbe1986932126093bb0e3cf8ff897a86cc5c278e59c8df04cd07fb0b54c34106cac469933bbf00ab44912

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bd9c1122571ee4be5ad238a5c95ecd1e

SHA1
e3fe34c6cd83423b9957f54a5e40b0d407d467f0

SHA256
f2a3e3ea57fb1f96d37464224cf365e3f85bfa907a9e4dcbe6168fe2ec1d4dc4

SHA512
edb6b5f6df9aaaa462b69dc0e79e27e9887644732c3d9c6f34a610c272c52c1dcc34e23a92b575071bfac76bd992aeae1331008e7308f96c5a51b7b103a73236

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1e779a292f513e0a0c9f5ea18c311888

SHA1
9d277462c426f6529f67ff47669814bf5448bd4c

SHA256
6f3c4538d674b440e12325f9e195f836e72200ff3b93991caa6104d21a3e3f4f

SHA512
e7c956e99fddf2fd14574d3d6c5c0ae489dae9288ce4af19e2c46a62d89a5b164c4aed2afa0dcaa37556d6de831b3439e8fcf0820a4660320cfc0e5e7ec3f53a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
706f88dc9d6ddac7eed15d6ae05d9c84

SHA1
53d5bc3ea79f720d84f2210cb9c2fddd39f74167

SHA256
4388813428c146787336f5559f55cee41048739aa54ee4a4ce68e014cff6411c

SHA512
4f9b4c106bb7d3fef1951d006c181da3edb4416f076f2db83527af11bd27f7a31007f0932b0857eb353de8fa4b354141d692975b3c226b93839e4d3f5124f699

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4ece1ef9c3499746f92cfb4596c93a8d

SHA1
612e7ebbcd730f42be3dd8c3ff6d54ed2efe61c8

SHA256
d01153aa09ec2ba9f36dd7e235c6770bb1bdee787571d385b82dd93d54853bd8

SHA512
079f797762e2577b6b2508876336270d4ae90074d9cc2198e00360b5d912eb9328e917e27c2418b7645cdb290ced66c7a60b706c942ef98cd565ab68288e92bd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
dbe3c8f588348dd61f1b57bf4c7f91f6

SHA1
693026baa96128ddf881a4f719d16bf834d9f3e9

SHA256
88e4579212a2324cda8c3e97563958e36c1ab45361f73a15c1d94698ff365545

SHA512
64c76e8d9651523c34e1d0f2c36b49dd325366162a9ddfab928b4d2c0630d1f6334c0782dd59d1f86af0fd4a6566f1c4a8d3253d92896109d055b5783dffd86b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5c51eaa5d5a2638e6944e8f81af61da0

SHA1
72d674fd8a6b1f3c22b619f165430839b8e0a529

SHA256
8c7f3a7a4b1a709b96d3e6394792f0f6e2ce10729cca8a06275219956f2f6c51

SHA512
f3584a3ea719fc4af15ed0bac62f1b006102786f492f4a280bb65df04d9f849d5015cfb727e397074c366578720b5bbf1700169548c8de0329e7b64c05f6e33d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
57108a086298cd83203abdd50cb892aa

SHA1
c57f9619b19e46cfb4fe8cbe081b73face9cb560

SHA256
9006ed54d85156a0e2fb82efd808c52fbad49c93636da3eb749a34635bba5a37

SHA512
885ad2d3535793d83300fe1f120792c306a01d3156968ec6ab00b68ae6232a27562fbe40cbfc5a245fbecc93a04550651d74e336dca6f40afc65bb4bcbc1ac8d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
9a64a7d84d2dacde9d260d5fe3d37bab

SHA1
8698b49ee5afa6927d06d0dee0641f1982f32fd4

SHA256
dab91e229f38de50c4a3efd772a082c8d514ac8a93aa495c63fe52a40244fe03

SHA512
6dd21b941d6ef69d3c93199c5404df994c3065d7f373d2df21e1976ada3553874efb401d32f4e15e0a9fd08f99e368b887067f7c9c6cdca6efbcd6397d1d4c0b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\jw2rl61\imagestore.dat

Filesize
110KB

MD5
e4a20566808e10d853f3dc1e95d21ec5

SHA1
688a42b1a6a3fd18aab5a514a28518588c566573

SHA256
961a380390ed00c2e9c79ea92b79c24f0b130e16664bb4bb0e72d8193324d01d

SHA512
dd022bb1aaa9d96ae6ed136effda9ded5ac718a5ba4926a12da572c69deeafe7d1a95b52375fbbdb3781d2b1aadadf6fc55d883f06c317f8f45936992f5134cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RYNL6UIN\favicon[1].ico

Filesize
109KB

MD5
504432c83a7a355782213f5aa620b13f

SHA1
faba34469d9f116310c066caf098ecf9441147f1

SHA256
df4276e18285a076a1a8060047fbb08e1066db2b9180863ec14a055a0c8e33f1

SHA512
314bb976aea202324fcb2769fdd12711501423170d4c19cd9e45a1d12ccb20e5d288bb19e2d9e8fd876916e799839d0bd51df9955d40a0ca07a2b47c2dbefa9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RYNL6UIN\js[4].js

Filesize
190KB

MD5
1e0033b133bd453d0a9b562ed6a5a51c

SHA1
47aeb348f0bac4d9c6265568c31cf4c6855e881f

SHA256
2c9e3add8e264c7304db6486bbcf60ea24ca6badb1d4e5f7110113e397da29bf

SHA512
4f0837cfc18d5080b2321f2b2564a1a3d405712ddbd797799a9c48b1b8e28b4ab12ff39c7f54a273fdf9b1481b6dd1f12d6db3c5f93fb7813a4ba795a6afc25b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarD22.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\852YUPIX.txt

Filesize
755B

MD5
79e329ae1294e6a3636055fa19d4f479

SHA1
4b6cd5c3d4e0b2465d8a3a9b6d5b120c1609a4d2

SHA256
9593555257b3a1711681ca8ad106a7a5397380348c7b0f5bdd18edc4ae7aacde

SHA512
a2c2b258f9ddee9efc3e484dae2eee4e9db5861c2f8cc62adccb70cae6e042135da5edbf47f5ffd771e2596d10f6f7b75f0c1a4e6466b0dc7822c45ad34dd505

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads