fbd51170e9a25fa9064a08ee6091026ce9fb1e916e564f3623cca9c611745bcd

Analysis

max time kernel
149s
max time network
136s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
10/05/2024, 06:51

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

2de1069ad8e0ed160fa0c51bd0253f26_JaffaCakes118.exe
Size

1.1MB
MD5

2de1069ad8e0ed160fa0c51bd0253f26
SHA1

5a834dc93f79fb5692be88478eb5b68943d7ad5a
SHA256

fbd51170e9a25fa9064a08ee6091026ce9fb1e916e564f3623cca9c611745bcd
SHA512

40f66df2fdc498ffa1f2d5facb6b9cf9381538b922b67683d4b3b7b592e0d54435feabfe49fdbfe261b291e9f88ea7e63fc450a1eeda3b3025772eb5731b6d70
SSDEEP

12288:nsM+aTA3c+FK1vrlVYBVignBtZnfVq4cz1i5pP9kPQS:sV4W8hqBYgnBLfVqx1Wjk/

Score

7^/10

discovery

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2268	cmd.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 44 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Zoom	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000760f6fb6d7365248881a38bcea68cf8b00000000020000000000106600000001000020000000f390cd258c84454bdf8889a05b94151b93da8fbf5bfed3b0ccebf1d9eff70cbb000000000e8000000002000020000000f4fe4c64ef6b2e1ad66550b30c5d203dbb7b67bb64730ab39133aa6ab5489998200000008bf9eaca4398593e13663b52093c3a11420b9b165924458e52ad7c9c883d974440000000b972973dbbe99e742a0f693d714d49375030d8b72ea6bfd4607cdf595bdbcddc3c6f49a52c1c11ef474d8fdbbe8b151bb449cc280e19394eac85eba87ed7b757	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DOMStorage\searchyff.com	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000760f6fb6d7365248881a38bcea68cf8b0000000002000000000010660000000100002000000070e439e93205402eaf42f2858cea463b2326711e7334e8a3422d889cc77ada10000000000e8000000002000020000000e35d8b3adca6eecf0f061358e9fd30c63e325377c9a3c238ac9ea08a5708b7f7900000002bd75a8a32a5e938732dbb2fc933bfe63af16c90003bcadcfa26072feb8ff02999d775c29f47c44cf4bb8d4757eb4304337034bf249a058ed2fc2049a1e346e0a4c7710e42cb40679f161939986ba757c10223875359eeda64bee3dedecccf1d7c9bce67b417062b79dd552fd650d86b0661c6a41c090cbbdb545a73ffdb08909694278cd43310060c86c42deb5e900c400000007353fe4517c2c4ca78c7df54275b76a777dd0fda6b9da522c755f70abaf43ee1da69b161b533ccab4a8b1044e5424a72f5f815f5aee110484bcdddb2c8101b93	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\SearchScopes\{A3966515-058A-4CE6-B786-F2749D4584AB}\SuggestionsURL = "https://ie.search.yahoo.com/os?appid=ie8&command={searchTerms}"	2de1069ad8e0ed160fa0c51bd0253f26_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\InternetRegistry	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{BF00B331-0E99-11EF-9BF1-5630532AF2EE} = "0"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DOMStorage\searchyff.com\NumberOfSubdomains = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\PageSetup	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e08cd399a6a2da01	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\SearchScopes\{A3966515-058A-4CE6-B786-F2749D4584AB}	2de1069ad8e0ed160fa0c51bd0253f26_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IntelliForms	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\SearchScopes\{A3966515-058A-4CE6-B786-F2749D4584AB}\DisplayName = "Search"	2de1069ad8e0ed160fa0c51bd0253f26_JaffaCakes118.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\SearchScopes\{A3966515-058A-4CE6-B786-F2749D4584AB}\URL = "http://search.searchyff.com/s?source=googledisplay-bb8&uid=7389c196-d65a-4fdd-8993-e3821aae2351&uc=20180115&ap=appfocus5&i_id=forms__1.30&query={searchTerms}"	2de1069ad8e0ed160fa0c51bd0253f26_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DOMStorage	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "421485767"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\	2de1069ad8e0ed160fa0c51bd0253f26_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\SearchScopes	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE

Modifies Internet Explorer start page 1 TTPs 1 IoCs

stealer

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\Start Page = "http://search.searchyff.com/?source=googledisplay-bb8&uid=7389c196-d65a-4fdd-8993-e3821aae2351&uc=20180115&ap=appfocus5&i_id=forms__1.30"	2de1069ad8e0ed160fa0c51bd0253f26_JaffaCakes118.exe

Runs ping.exe 1 TTPs 1 IoCs

Remote System Discovery

T1018

pid	Process
2900	PING.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2608	IEXPLORE.EXE

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2608	IEXPLORE.EXE
2608	IEXPLORE.EXE
2764	IEXPLORE.EXE
2764	IEXPLORE.EXE
2764	IEXPLORE.EXE
2764	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 16 IoCs

description	pid	Process	procid_target
PID 492 wrote to memory of 2608	492	2de1069ad8e0ed160fa0c51bd0253f26_JaffaCakes118.exe	29
PID 492 wrote to memory of 2608	492	2de1069ad8e0ed160fa0c51bd0253f26_JaffaCakes118.exe	29
PID 492 wrote to memory of 2608	492	2de1069ad8e0ed160fa0c51bd0253f26_JaffaCakes118.exe	29
PID 492 wrote to memory of 2608	492	2de1069ad8e0ed160fa0c51bd0253f26_JaffaCakes118.exe	29
PID 2608 wrote to memory of 2764	2608	IEXPLORE.EXE	30
PID 2608 wrote to memory of 2764	2608	IEXPLORE.EXE	30
PID 2608 wrote to memory of 2764	2608	IEXPLORE.EXE	30
PID 2608 wrote to memory of 2764	2608	IEXPLORE.EXE	30
PID 492 wrote to memory of 2268	492	2de1069ad8e0ed160fa0c51bd0253f26_JaffaCakes118.exe	32
PID 492 wrote to memory of 2268	492	2de1069ad8e0ed160fa0c51bd0253f26_JaffaCakes118.exe	32
PID 492 wrote to memory of 2268	492	2de1069ad8e0ed160fa0c51bd0253f26_JaffaCakes118.exe	32
PID 492 wrote to memory of 2268	492	2de1069ad8e0ed160fa0c51bd0253f26_JaffaCakes118.exe	32
PID 2268 wrote to memory of 2900	2268	cmd.exe	34
PID 2268 wrote to memory of 2900	2268	cmd.exe	34
PID 2268 wrote to memory of 2900	2268	cmd.exe	34
PID 2268 wrote to memory of 2900	2268	cmd.exe	34

C:\Users\Admin\AppData\Local\Temp\2de1069ad8e0ed160fa0c51bd0253f26_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\2de1069ad8e0ed160fa0c51bd0253f26_JaffaCakes118.exe"
1⤵
- Modifies Internet Explorer settings
- Modifies Internet Explorer start page
- Suspicious use of WriteProcessMemory
PID:492
- C:\Program Files\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://search.searchyff.com/?source=googledisplay-bb8&uid=7389c196-d65a-4fdd-8993-e3821aae2351&uc=20180115&ap=appfocus5&i_id=forms__1.30
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2608
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2608 CREDAT:275457 /prefetch:2
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:2764
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\system32\cmd.exe" /c FOR /L %V IN (1,1,10) DO del /F "C:\Users\Admin\AppData\Local\Temp\2de1069ad8e0ed160fa0c51bd0253f26_JaffaCakes118.exe" >> NUL & PING 1.1.1.1 -n 1 -w 1000 > NUL & IF NOT EXIST "C:\Users\Admin\AppData\Local\Temp\2de1069ad8e0ed160fa0c51bd0253f26_JaffaCakes118.exe" EXIT
  2⤵
  - Deletes itself
  - Suspicious use of WriteProcessMemory
  PID:2268
- - C:\Windows\SysWOW64\PING.EXE
    PING 1.1.1.1 -n 1 -w 1000
    3⤵
    - Runs ping.exe
    PID:2900

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

Remote System Discovery

T1018

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_4CE3955EB81328E9364A4F6718E46680

Filesize
471B

MD5
48f1fe76c57242ea9ac761eb6af4b36d

SHA1
8623c814393b22cd3be5e18b8c4bc8a3667ac1fa

SHA256
c254c0edf04e008447c4e7f4a046896fe3d054a1ccf330702cce8954d8265863

SHA512
fbf7df93465326bb4ebd42fd45dd7d55ea3ac897f11c35c1cdfbb38f9e75abaef9289695f57340e2211a11cf7d76d10a7bee5f9d2a4efb343819a3c7b43a6366

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_9487BC0D4381A7CDEB9A8CC43F66D27C

Filesize
471B

MD5
0f6daae151729fce727fbab0b591fcfe

SHA1
4b3d23c05fe2224659f49ac91abe20b05cdf3eba

SHA256
8bd28cb17beefc5538e6185c07d36ec2950cbcf835ceafd14c9654793411656c

SHA512
a8e99478910ac15b46940c53433c95be51fe1f1eabbdad3346e92e2dce4f82bec262c8fd5358fe5e6959cd7ddec5c42ed4f61dbf9053b25619c8a1fa3853c8b2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
3e97d94039789f400e0d6a91d19b0d7e

SHA1
996b8881cc455100793810603933c2d2d77defae

SHA256
bd4ed5944754c9d7df63890ce85fa2b2d4c6a0c530e0b28e14c8c58ca6a825d3

SHA512
3c7b31da726698d98a05dcfd023ba0a9bc73b45d119447163c79830bd57ae9e3c68949ba28be8fa4703fac2b3235259ac7396a3e63fb016d2760f322a83b853b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_4CE3955EB81328E9364A4F6718E46680

Filesize
406B

MD5
1e83fbc024aa5c0bd1f6005461fa3275

SHA1
2bb8f528b1d14d5b7b6592887cc58ff1a9897864

SHA256
b55ebd93bb87e18981bd10d607ce2e92be9613df29f9a4ba4c255c4ca6e6454a

SHA512
67904dcb2a40e8855c23588234d5aec0a2f20ea1a62e6535b1916f6d043f9ff2dd3d48b475b1d06a17e85f79413795ec0f830c61c7e7c2049270a2689666d687

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
69a34b82af58ecf1053d3af96d4a692f

SHA1
5d5a30829c30bce3ffdf011d1715069795e02f78

SHA256
37505d1aa42c276c17d259c24d2c924ada7833fe193f74f4dad94d5963437f4c

SHA512
977808cc97e98109d6819255d99566982d060137b2a99adf8f33da6abb4bde6e2e73f69939ec1224059f70117e0c27668ac0454a84ad52ba43d7274d70f5bd78

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b6a3ce11cdb3093af146811c8e8bbf6a

SHA1
a92012e1bda968c017fb542194bd8ce78f7b43cc

SHA256
721ae388218870be21af5fcfd020916a298a7bd6976f8d062045e9e99b50e9ec

SHA512
369a7650f7995dbd5cb933da8b4ae4468dc6083eaa37f488bb0652effdcc9df14b613131f711058bbaa019dcc8869f8736e20112e355d1bbf66fc10073dfd574

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5ce2b211cd21f7c0af6c16d0563d928b

SHA1
7ec59f6b252eed46099aa815dc63cbc18d0fd140

SHA256
6d2690fe692195cb6eb9533d2d2206edd7bdbdceb8557c09096aa0f0af50faa4

SHA512
d0980673dbe77e42f1a04b44900f020e3fb61718dfbc517f9088f856845eca093d3ec52c38e94f361bc3c3523ff890f868fc6d996c3d449ef8dee44d1859ca56

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
298231f8aa51ffd49e27149a87027231

SHA1
77afc0987971d849d2e118a5191812dba002c826

SHA256
5a9ca90fb5ca90b88cea9d6aefa105514df48ff18e9c3930a721d1b6f284b049

SHA512
ecfaddc9a02e198088c4ce5dd2378aae79bf12ad539ab3c358863438330fb2ea14b89d3c2d408d148f388f16176f3381a47a3f71a88728f50868c2ff92dadd12

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
05849578788399525c08de7cb3ce42ea

SHA1
7b3ebd3d16f44f5b06bcf4903879a1ee881e53eb

SHA256
88e4464132cda6b427d4e56e1a914182612c4f49ccc5bdfbe44ebc29ff4b3469

SHA512
c93da5c58d47908302647e668f60841a47ce869d73c016fad5120cc9b4a0eabf18210e830a8abc93e9fff0af2360cc2568b20f89474465578aa48f4eead1be7c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b063bc182b4abb76861db49d4797ec91

SHA1
570bcac690205400bbcbce328b4dc350ca678394

SHA256
b62867b7ee94be094e82699b745988975e637aec191bc1e1ce1ad64514136ad9

SHA512
14bb3945273fa8e8ed3b8dabdcbcba6ce4076e082c8f67406c4c3f84ee2420805477960c0099663cc4dceb25d61639bf3479a0903f3b5f1fe9385e6570a60976

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
dcec7181196c8d9a3a74e15df3496e03

SHA1
37d318bca6b4b67097cb67ff64d2d8635036e050

SHA256
8d0ef8ebc7d20e63835665adc141bf0bd636a838f422fca8b985a5bc18a6b758

SHA512
06330518c0e71309cd189d271970b5ad4e72f63896c3f9e21f6e24983e6039cfa35cf978ac1d9430437afc72b383167aec0c29dcfd6a3d2d55a53ea66f672e11

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9135e7f9070e209393783cacad26b038

SHA1
54e123687922998425b22ac8c37cb23faf02c2fb

SHA256
1ff811a9ca638accc72777c5004651dddf41184a5096df93cfec1ae71d48196f

SHA512
d3fdfe4d1e956697cd7bdc60e9bf8aadb1f20bbf301dae9166e3eb371240b2c0ee684fb54658bd4c76f2da00687a1295e069dc6093c04a51ab63db77d98a772f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d302e94641b4fef0422ae5e8550ed802

SHA1
2baa478959916b0174c6be89dc693f1276fb0323

SHA256
d27297b402bf1ade040ba73e2836328d1c26ca6ce580136ecd6e974705b33c81

SHA512
8d7f1dfd7ec367022e3f290a08ec81d6d7c793e20a4f3b20eefc3c9cb4a703c96c9ba2e2ec3ba1396543422fe3fd1c33b2e27baccc2a9642390c3c76f2c874b2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fae0d7f18b5142aee4dbf2a1952b1060

SHA1
13aa4f4704c370042dcb73df285ff5aa993b3e23

SHA256
dae6f88f5bf1a9dd4fa2599d28259d557b7b8b2e8e1a4eb95194a969d4750090

SHA512
8a6945de383fa6ea30def66c914e49b40a11cb3fccd041c859f10ac0d2475bbf02e42d2e28d90f0a17a204fcea79697fbe54d3cfa84c2387321dee418b0ba841

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d493e254b96e8f172d1dd3e96827a6c9

SHA1
0de0f60cf02bbfbe6599e8f0081a4924c291935f

SHA256
3948f87435aa8e0f6b1cdcac479a5bc999aa1e8c080488dd77676abcdec687ee

SHA512
30345cc2a0b4e860e0ba701402266823d869964eab078cbfc61553778924f128e4aa4b48b3c793c08c42d0d33c7a8260e39ac5e43deb643a726b28df99b59fe9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
47ee3fddf7237808f5b72de4891a09a4

SHA1
16323e5b50fe49b1173d779a5889c4a6e590d754

SHA256
738b3ff1d299c0237f397e3e3a8a20bf22c366035c635e5faecce12d7b9d7686

SHA512
9a642446ce4d3c5c72f822dffae08cefb869907e7200687bd0b707ccab2bf07882fc3c7fa9058a577500ead1f31eb0a61d71ad78ff76e13438d6ecba6e973486

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d544d4a38f3d46cfeea93d1172a63f78

SHA1
16d4090e169f5601b225526852e85741a0ea6337

SHA256
76e4ed8cb6fa1b52c75c0986bd21c8bbf0438b44a6cf4ab5d7634802d316a9f0

SHA512
fd8301c35d23c678c005a51bc27ad5962cab100308af3f84a0d2feba1d5a2718c8549e56f304b86b346db2f6f54416df0480199450fbaa5381a91141987e770c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
692c176b67af5eaf61951aeb30ce2092

SHA1
486efba5547c34f46ce52c3468fa0f8217ebfc66

SHA256
0f377f417dd34d64c2c1e6d83d2e0269428abf668512953efed8959805d20c4a

SHA512
81300de7c4bbe86ed9c44d7d66035093e7c94c0974b5ba0965d9de33f21df45c2c9fc506606b440ea10119f6b81619214d76757c8ee42c771de4367221cfe7f3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
129e4c9fe6462f8f539496799f56f7a2

SHA1
e36a40b51e4be2bdb08b9f2877c0bf3748a531d1

SHA256
52ba04acf6584e81d876e8319c754bda807f25b4c1e3782d468434d9813338ca

SHA512
9cb50c27fd2799b2081c81c66192a58f78ba8cf45cf5f8f9e1da9314d7c070fec28aee77d1a060f881b3ac409b0d8ea8dba3450d134c26d1362677938e2fdeff

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
eae3a4cd4fe42f4c86d2e63dc1165392

SHA1
7494a79301d92e57188014f2ac28035fedf15999

SHA256
5cbd4c39c7e696461c6a877a73a84ed26ea2d7f17102116205357b71a7dfa819

SHA512
baae67a46270f98a8e73c14291a0eaa901278244d4cfc4072732523b2dda364b52bb6df57a67bbaea5700d418b62ab57334dce97388440c2e1f71e8c27444d47

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4b6a3e32febcccf32e844f0c1c45a0b9

SHA1
9137b2f74effe90fe4633c42215e8e0a55f5a77c

SHA256
0512cbb7e052f9dfb6315b7222a293d04e6807f22f4d03f6f164044e0d3d67dc

SHA512
1c0bcc298cb53b8b7c2d18203ebd01dea3256a6cf2c4e398b1279f71422f4cf914b277c12bcb370b9583042914548c30a8cea8f4f65223493573b76803370ffe

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2acebc70ded92901cc3a3d00060afcbd

SHA1
1c75f53f7e0f0be9445d76b84d7a46bc480822c2

SHA256
0f58d7325a7fc87d9d22f7c7613ca5b506eba1de011a44f90f6ed88787b3d445

SHA512
3fcb656abd9daa896920c60f7205e781549f891121baf28806450a2ab4279084a928e1a9bbfaded9c0c810081e0770f046a4715de2df85244be0964bb898e66d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9dfd14a63435fd5195fd3440f17d20e6

SHA1
4c26eda2cb149e4c7c2d9dbffcae0c4b17d9ee38

SHA256
204b019854eb3ceccad5f9ea80f6bd96c6a8587152a639abe87d04b8ac6d2c02

SHA512
3ec00f4887d947d11aa1cc0fe39d64ee9a7f1ee7f349733220dee8e285473021a935f5fce985fd99527fbf1267f56692cd3eb58d726490f5a5ac1f49b096b051

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
099c2ed36c5be452ca6fb934b25f5425

SHA1
97bd456760bfa23bda9d9bf65bad80908097ec91

SHA256
2af0eb2694df4317af4b63eb798a0166037d5578d21a8c45ed115c8795fbd4a3

SHA512
5fed785b65fabb2405b82809131f7b5c3b5e82782b31d5123610c2c90a66a2fe59e7f456831bb2789a51b4ba78a666f24a9108eceb4b8bace39baa5394319492

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
09baf08074a90f83da1e1d21cecd5b29

SHA1
1c7d1ffc9801272bce62b583347e107951000dff

SHA256
4b404026bbb577193e2f0ad6bb619534e56aac499fd503e66c3196be82253098

SHA512
e1e6a01ff020635046ef00899a65d60633ce6ea2be42ca766df3eee76c6fbd6b15406c5828592ad24c1b3fdcd6f73d47469945e6fb2da076b43f18433ccaba99

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
716a50d49354fe99c4c828bf134da15d

SHA1
b2899e54687c39171e3aa43ac37af02d2cead565

SHA256
1f7af5f76eabb7f346b7a90712c31eb632be770bc034714becdaeac27dece235

SHA512
0fdb8cdd3742636ff40a211dbfb15b45d768af7c934647bfdfc6f0b76276a14ea26715b9e73f7c5e2ad75be80d3d5295fc2ce5f0eb6186d3fd3143b065bb9a5c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ddd7249a800141e0db9a2a15fb922b85

SHA1
bf880e65da11ebcfe788ba51ac924f0df53a79ce

SHA256
df42ad4c3d6acdb25f3fc8a1258742c7ad344c5e3cef2f68715c5a33667d9e4c

SHA512
f2cfae8c50aebd471c907036fff61385444a48dbafcb170274b2f474e262ff909f4c07ad8e4c770cd522f5f08d571ead784430051c052cc5897ea3abae34eb72

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
22a47c376bcc99caba25e7ed124aab34

SHA1
809ee7ee4fa16c15b683f35d2f0d9ffcd921756b

SHA256
0bbddf3afc0d27a22c48193f8aa7e6a9b7ee3d6055ae9d695a54e63c35027dd2

SHA512
703ced9e2bc29f0ecaee8a4f486b6b680404b9909f6e539ec379043c7d1332113642c0797015fa0b07a8136a25328cc476248cd1706cf68d7554fc51400f1aa2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
be1f5a646ba32380ef454a9e2a5adddf

SHA1
cf0068795fd2525aa8e3430c6775fc2cb5cbdf6e

SHA256
3255093230bb4e7f010fc8c0abc3f12b44dfa53b8a73b16dc71c136de60e9a2a

SHA512
25e1ff4a351c06ac78422e3a6231fb7a7f4b778b676eabb4adfc5664f588598206c6b4ce8f5446fe79c06e9b23e7e3ab0815fa7e282d66ff1a5bfef44d3367d1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
51e20956030d6cd4edfd49d713415289

SHA1
b0937764784cbe00f302733ba74a1fed76b98ba3

SHA256
b9fef36ecb00d12f286c8c9f11d33f2d034ee155bd27c4239559ec03c4448524

SHA512
a1e7933fbd1c1845a84c7136bd9a74c69e5c2d7729849b0827fdb383978c797c48d0faeea39b583e0f88b120e2ca18b0b898e9960edee08d39a6684d63fc9a5f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_685A755F9E99B4D751E9D861DE8DDD77

Filesize
402B

MD5
f0cae21077851ba18cbfcf37d58dae3d

SHA1
bd5995c609faafc852549a7075066fe94864d626

SHA256
0609353f623278b61c9f728627c63cc9e6f98d706b42043c9317b97931d8480b

SHA512
9ab9547d0a15fbd7f600a7b76749f9ee2ecf131d2f3af461966b4590bbbd17e59911b12e3d682ab3398f109dbb9cb28fa8d5e97bf5f6442f2d21e19d9dd2523a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_9487BC0D4381A7CDEB9A8CC43F66D27C

Filesize
408B

MD5
77ee51bbc39a1d7c820b161fff6934a4

SHA1
e0a732f40c299c7cab953e555ec362b363843c00

SHA256
9af5ca5181794eaa226024aa5e964f5adfff03ea69a84014355c5b4d49a53f5a

SHA512
ab21a9790c0f135aa5938bd7a215f343d482ed8541a12c20974ec4dd0eae58d413b4506dd5e292250158cc4a484b3e15a33174148a2a222fcd2fd9b907df8b30

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\q7my5tn\imagestore.dat

Filesize
110KB

MD5
48f7ccdb0275776865db6d2080c70c5e

SHA1
910c633ad9d4f86dbddb658f7b862066633e2135

SHA256
75243430de74b1b323dbab913cccad7d22667ce9b920145e8e553e94e394c371

SHA512
5e697d7ae384c08d810c9378c0ec4368a3853acb9c0dfe6474f64726b83f31c68069009bf649eb6def8a1d5924c666f71f29f773efd6244e9735b80302243242

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IO0LJX84\favicon[1].ico

Filesize
109KB

MD5
504432c83a7a355782213f5aa620b13f

SHA1
faba34469d9f116310c066caf098ecf9441147f1

SHA256
df4276e18285a076a1a8060047fbb08e1066db2b9180863ec14a055a0c8e33f1

SHA512
314bb976aea202324fcb2769fdd12711501423170d4c19cd9e45a1d12ccb20e5d288bb19e2d9e8fd876916e799839d0bd51df9955d40a0ca07a2b47c2dbefa9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SVBQZB4R\js[1].js

Filesize
190KB

MD5
25952f43d22e4ebd569aa16ef5d3992f

SHA1
5b3103442c09d8c7165785a9e1e4f124515f775f

SHA256
b6a014a897b22fb4c1ca93ff63966df4d598fe543b06d6add2bfcc8491e2b166

SHA512
41bef7f83dd54856dae37da788747c281440fcab56fd6f9691cad0dff4b9b1c08b4b0d0831e22a8e074dbf6cf880d7d10bd5abd94911e97cc0db52c027ecb935

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab16EC.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar172E.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads