df4a9c78e12b11171e2521f81194e3c6960b7e50cdf1e313f2600029b6a61823

Analysis

max time kernel
150s
max time network
149s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
11/05/2024, 13:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

34cdf010f88ca7ffd5a7119f5b7c7785_JaffaCakes118.exe
Size

1.1MB
MD5

34cdf010f88ca7ffd5a7119f5b7c7785
SHA1

86d329124aa62faf0a81982d14ae989b4d2b1863
SHA256

df4a9c78e12b11171e2521f81194e3c6960b7e50cdf1e313f2600029b6a61823
SHA512

bd9c6342dda1dea1e19f11ae7b68f677e74fdb69b10f695ddc5c058fc1a496aa349e9fe63a515641c547a7c7c99faabf8b926a27230d3e71c4df32b9c373e283
SSDEEP

12288:WsM+aTA3c+FK1vrlVYBVignBtZnfVq4cz1i5pP9kPQ7:tV4W8hqBYgnBLfVqx1Wjk2

Score

7^/10

discovery

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2396	cmd.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 44 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes\{D11A5817-37E6-42D2-9734-7A602960055A}\URL = "http://search.searchwtii.com/s?uc=20180506&i_id=tv__1.30&source=1-bb8&ap=appfocus35&uid=1af65ca4-759d-42bd-b157-2c0d0a473b51&query={searchTerms}"	34cdf010f88ca7ffd5a7119f5b7c7785_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{45646BA1-0F9A-11EF-AFF6-E61A8C993A67} = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes\{D11A5817-37E6-42D2-9734-7A602960055A}\SuggestionsURL = "https://ie.search.yahoo.com/os?appid=ie8&command={searchTerms}"	34cdf010f88ca7ffd5a7119f5b7c7785_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c0f0541ea7a3da01	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000112dd71d930ff24b8b2b71a2c228122b00000000020000000000106600000001000020000000e26474cd092644bb035116e9057e9e4e0552c74eb1fa97ea3024ed318af76d11000000000e80000000020000200000007e521697d4b5270feaf7bedd99b5fd6044fa8c1e657641103b4fbffde5dc7585900000001adf8912a513a32ac85d79b766995d669342b2ec0ebee0e0cd7ba0ea1b92457d5bb5fc81b000145db2b5d73ac611125d27c257f710bf14eaf7ed4f0ebad4b6e5b9b992218d80653ea31f0c573932ae281a64b2cdc061e1f6beb2ab39ed68faeeee5ebdafa510201c0e01d1123031165fa7841181aa661ac134acaefc4efe1eb8723fc5143cc7005d334d122dc88a17dd400000009ef31f767625133b5f5aaf12c592433bd9bdcb4013187e1877afd04fb0b8ded9276a94f3113d8d02b921f50148b1d563d18aeb1ca5727a9ffac701eccd019e86	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DOMStorage	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "421595942"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\	34cdf010f88ca7ffd5a7119f5b7c7785_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DOMStorage\searchwtii.com\NumberOfSubdomains = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes\{D11A5817-37E6-42D2-9734-7A602960055A}	34cdf010f88ca7ffd5a7119f5b7c7785_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000112dd71d930ff24b8b2b71a2c228122b00000000020000000000106600000001000020000000eb5c2f600b9dac376964d70bafa39f92f21f639f9b763590a239e0a328cb93ed000000000e80000000020000200000001e96101001c4201815f6a2d13415f7fb02fd663ad9ea8e791338ec340338936420000000686d041d9c2bbd5cff586710756dd086624c40c3a21f831860e61abefa5964d94000000099a354fd08d03916ccdace7c70f6a8aff13920d34865f7345417570625e189a71a5acaec78e053ae0bd6e5ea46d8570e8b45ca00812ddddd959e0a2fa0dd6af0	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes\{D11A5817-37E6-42D2-9734-7A602960055A}\DisplayName = "Search"	34cdf010f88ca7ffd5a7119f5b7c7785_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DOMStorage\searchwtii.com	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE

Modifies Internet Explorer start page 1 TTPs 1 IoCs

stealer

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Start Page = "http://search.searchwtii.com/?uc=20180506&i_id=tv__1.30&source=1-bb8&ap=appfocus35&uid=1af65ca4-759d-42bd-b157-2c0d0a473b51"	34cdf010f88ca7ffd5a7119f5b7c7785_JaffaCakes118.exe

Runs ping.exe 1 TTPs 1 IoCs

Remote System Discovery

T1018

pid	Process
2572	PING.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2616	IEXPLORE.EXE

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2616	IEXPLORE.EXE
2616	IEXPLORE.EXE
2548	IEXPLORE.EXE
2548	IEXPLORE.EXE
2548	IEXPLORE.EXE
2548	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 16 IoCs

description	pid	Process	procid_target
PID 2292 wrote to memory of 2616	2292	34cdf010f88ca7ffd5a7119f5b7c7785_JaffaCakes118.exe	28
PID 2292 wrote to memory of 2616	2292	34cdf010f88ca7ffd5a7119f5b7c7785_JaffaCakes118.exe	28
PID 2292 wrote to memory of 2616	2292	34cdf010f88ca7ffd5a7119f5b7c7785_JaffaCakes118.exe	28
PID 2292 wrote to memory of 2616	2292	34cdf010f88ca7ffd5a7119f5b7c7785_JaffaCakes118.exe	28
PID 2616 wrote to memory of 2548	2616	IEXPLORE.EXE	29
PID 2616 wrote to memory of 2548	2616	IEXPLORE.EXE	29
PID 2616 wrote to memory of 2548	2616	IEXPLORE.EXE	29
PID 2616 wrote to memory of 2548	2616	IEXPLORE.EXE	29
PID 2292 wrote to memory of 2396	2292	34cdf010f88ca7ffd5a7119f5b7c7785_JaffaCakes118.exe	31
PID 2292 wrote to memory of 2396	2292	34cdf010f88ca7ffd5a7119f5b7c7785_JaffaCakes118.exe	31
PID 2292 wrote to memory of 2396	2292	34cdf010f88ca7ffd5a7119f5b7c7785_JaffaCakes118.exe	31
PID 2292 wrote to memory of 2396	2292	34cdf010f88ca7ffd5a7119f5b7c7785_JaffaCakes118.exe	31
PID 2396 wrote to memory of 2572	2396	cmd.exe	33
PID 2396 wrote to memory of 2572	2396	cmd.exe	33
PID 2396 wrote to memory of 2572	2396	cmd.exe	33
PID 2396 wrote to memory of 2572	2396	cmd.exe	33

C:\Users\Admin\AppData\Local\Temp\34cdf010f88ca7ffd5a7119f5b7c7785_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\34cdf010f88ca7ffd5a7119f5b7c7785_JaffaCakes118.exe"
1⤵
- Modifies Internet Explorer settings
- Modifies Internet Explorer start page
- Suspicious use of WriteProcessMemory
PID:2292
- C:\Program Files\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://search.searchwtii.com/?uc=20180506&i_id=tv__1.30&source=1-bb8&ap=appfocus35&uid=1af65ca4-759d-42bd-b157-2c0d0a473b51
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2616
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2616 CREDAT:275457 /prefetch:2
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:2548
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\system32\cmd.exe" /c FOR /L %V IN (1,1,10) DO del /F "C:\Users\Admin\AppData\Local\Temp\34cdf010f88ca7ffd5a7119f5b7c7785_JaffaCakes118.exe" >> NUL & PING 1.1.1.1 -n 1 -w 1000 > NUL & IF NOT EXIST "C:\Users\Admin\AppData\Local\Temp\34cdf010f88ca7ffd5a7119f5b7c7785_JaffaCakes118.exe" EXIT
  2⤵
  - Deletes itself
  - Suspicious use of WriteProcessMemory
  PID:2396
- - C:\Windows\SysWOW64\PING.EXE
    PING 1.1.1.1 -n 1 -w 1000
    3⤵
    - Runs ping.exe
    PID:2572

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

Remote System Discovery

T1018

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_9487BC0D4381A7CDEB9A8CC43F66D27C

Filesize
471B

MD5
ce83241f27e801f4e90af688001e0545

SHA1
45a24733aa1690afaaffe342977a2fdf2e3a0d5c

SHA256
890c16cf0c667fd78862d29ff1a171c56ba469166f10227b4eac7a883cbb9e59

SHA512
55b4121b599a090935337b077f5d2c12569369e3aabd622cc1559d87ae31677108ea37e47ea81425662dbb947e9e5ceb0afb20e2488120840859158189ccf082

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
c01849165ab398d5d4c0afd317f73071

SHA1
c19fc4bd74732e9c360f6df9048e346a2d3997c3

SHA256
266bcf35b467df0f8e91734728bd349962f2c69a876c8c604f85072a1e060605

SHA512
0c1206f6a0c97ec818d14bd36b92be037eedfda2cd125b65cc47fe98c6f3989167a81200501c770a75000c2797eaaf2d2278a5c1c966262a17ee606101b7561a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7dd62bff5255fd76bca45d2a142e49cf

SHA1
7c44e433dc47d893f146899ee7fd398940fb5ba9

SHA256
21e6efc08f9289164c8138e3e04f876cb7dbd78580aab2a8ee1f8e0d299a5330

SHA512
4af9042fc190907e4912632c954b5c34cc18bccac91abdd0859d2847f82732e5a52cd9cce7464260b9359d8ab9675e2db24f7c6a0e6efe33c738db0dd1dbc4b9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
99779c0fe65e8ce30bda6174863a3c06

SHA1
545f4eea150125ad54897efa346938b8e6188972

SHA256
fc376ea4aaa6e54bb24c0d61d54b04c76738a3e2512b65cc6b2d13d673edd7b8

SHA512
557c6266bf41bc8870a5971c10aefd9a8b67103b896891e643c971e5cb9ecffeea0c5d2154e5ef3f4363d73501ea2a494143fbde1f9b86b074f2c320fa1a0e38

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0a20450aa7af667a554fc5fdfb78bd6b

SHA1
4df46f1756326ed71d4a847b5ed4492c7a547958

SHA256
e064720c14a95f2ac9fc033e6f1bcb48a99e43c5e3b368c1f1166d2834aec816

SHA512
cc174516d53f8fc8bb8da826fee607054b5f5e7282cff8ae1a6309b2d531c904db79d4ab48e2fd7af8b609833f510420821e0befb416f2525158b3802a84eec9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9c9cee2ddf65d48ef5347e748b3d72c4

SHA1
8c7f44b7c8cc03e197a3a9ad3b222220dbd8867a

SHA256
cae533c244bf84cbdd3deeff20fabc922aa218f6a4d629200db7421cf5e0f71c

SHA512
bd1ae59242268d8c573d2a555ada579cba03d9374802c8976427c9d2cbf80fa4a62a8b5c0f7741463b2d72f06017019b9795119c72fdb4f03487fc283dbe2143

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1c217ddf8699c37a0927bd95149db4f2

SHA1
6fcf250cdcd5e7c30dff1fb7894c43d731c4491f

SHA256
9041187bad13cab702cb758a0ce29ec8a03df68612a5dde4606d5b9f99837eeb

SHA512
f5ed2c796372176a36186da5974086a1d879d88ca6f8bb5a2e7764021203c9c6ebca573faa52d69e154850ad47d1b4d755ee1043c45949ecc9b6670f4ad0b47d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
55f36e1b9b4871a23eca0042d7427241

SHA1
f7dc719e56cd4a79da0e6227cff5191c08a721e3

SHA256
85d707b096f85a680702e642cc697a23387984938c8cbee933a797b9c140baca

SHA512
ca64cda850b4c308391232e4288219f9f23244e359ae39a89089dd3495d0870726631123d223c67dc010992062a68af7f7aa0d86a6ae4bce402dbc19d4bcc777

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
31b1eca8c3cf1a699b62c1663188c6b0

SHA1
d4704173efe2a381642f2a8f56f5b34d79d75210

SHA256
e95565a9460ce953bb469cad77af5046e22ecaa37084e3db248cc6fa109704e4

SHA512
1323eb61e1720afbd51e50711d7128a26a7fb69e6c422dbdacf6d58c5d54ade92c44bacc2af9f5210d689bfe24ec748e710accdb6a7f2154ec7b4b4b6a254f4c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
df427173ee881058c71e1e8cbf571769

SHA1
e719af88329deaf7a48d9adeba4e216cb3678e84

SHA256
1619a4af0ab277536c975381042ab01411b5b77a733ddfae6d5b21a428be3713

SHA512
0787d44f1c71247069593e295a6bb475b64815de1b111a2ab146d04d07b286aa6378b99292ea8581bbf44bc195a9c3f0e142673ccb2305dd749da524724f672c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b53d690c4fa9895f790d2abbbbfd1d38

SHA1
e53d750be3ff9353ff622e42145be32b523321e0

SHA256
8ecb5341465436f1d5bf53da5d9097ecd0312d778213911843cae042f38936de

SHA512
62fcffcf0d2c4f5a936713247a3eb90ddce3993e2f72cb54243855eb3bd266ef2a5a8265abe989f2dd3b28caae07c70abbecc878de660a0137cd00890e2739c9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1106db948f332666876d162e8b9d73f9

SHA1
929706fc07d6d6660af912749f8513cda52f4510

SHA256
3c1fa56fa5a7e312c2c5e9f22a95615fafe474863bf279149901baddf67e7d2d

SHA512
c345e63175de100541866be7d350096089820f59061c7632154a644069c7205404bf20f6c67ddb9103c9bca81d89e8cc14f32d5ac1e5ac2405791a03ddd543e4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5c5ecff53ce43bf9023ac27e9acb4d0f

SHA1
da08426f1ad367dd8772574f219f0337342ef965

SHA256
23a62ff0b481a0ed8e0b12a9721dd6a8274afad783ae524269c7cd9af0393df1

SHA512
d244604ed070067cbae1c30bba5714b78cdeaa8e49fd7da94205af5b745f8287e17da9b05094e3de6939f86cb446ef5bd5475745c2c57ddbe88adc9050139735

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cfbb72da000b01c019dc41bd3782e7f4

SHA1
ea37a9e161c26a4fd47c24c07f4969bc763b4ddd

SHA256
1d61587ad2989d51577a7e13c954ff69dcc0ec26583dfb028cd4d18c771ca9d4

SHA512
f9febe5e8ee2906406645784969c3af4b8ef09cbcd4639a64a2c02a8d740c9d5bff25ac628cde2c1a9300771d6926ba9714bdf2c38db364f72c862f619d8bf3d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c91e431ce46e768a80c1866a831e16ab

SHA1
2bdff70d39f82963060aecca956c1cfddbe4fd99

SHA256
524cd66a66a1ee2ee6d1bad0ed88f94cd3ee90be2b9263883ba9b687f6b934b2

SHA512
c1b9507dc56b8feb0854014a32f82fb05f135375391822c5b8851352051bf889e1f0df06d2a4d693e3ffde4a0dff7161a91b00ebdd75bd6bc24ef15adca03821

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a428affd0c60186d1aa47547ce5e7894

SHA1
a07683821e7d7fb740c404dd3ab9255003e4f5b0

SHA256
b473e4aec2efd007a53eb07b40e6eff7bd03c7075e39210a997faafb2ad27ae6

SHA512
6a4f4ef2149c869f7865ff3ee000b69fc61cc42037a09c977887cd004e0d38cd30474413233b3df141fc5feac6853efb995215f0d2a9a310068870ff0fbdc791

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
abfc63c9e5288130322a2e0109d163ff

SHA1
8369efce0ddaa5bade1a4c223b664356af7366ba

SHA256
71080e1f06cee94a631c152ac23d6b9da638c4bce8bae5f7cc4b7ff6a3baa629

SHA512
1e21fb4a75ae9a8adabc3b2f51beaabe4682eef5c4acd2f56d41b97b2e86de9c6fb49d0226b0078b625b44fc50eee0676c28c99cd5132d8b60729e3a810b5372

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4c5067921418ff7a84f723c21de18b2d

SHA1
58a0bd0d09d15c038dd42d6d398075f1423bca67

SHA256
b681488640e41975ff93e6c7bee9ac4ad435b5dfff6529eebd3b8db3d83d2be5

SHA512
a42ad60664fa69f464bf93c6ca527e02b629dc490e6b2fabfe55397dd0eaa9d3038645432357bbddea11ec9d2a74d4890f61cd670038528b5b35bfdc15cfd845

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3b8fd9d725357694c1ece3091d8cf0ee

SHA1
05fdac016d3101d578728d8e698f1b13f98fa4c2

SHA256
c96db5cc06b488f286e4db8583f06a23c1ff370748a59ebf23ec441623170392

SHA512
0572fa4378a7c7893f6ef4a60a607142a5bf94dc1c492b8f00c59878f18e3e251a3ee987ef36fd92e1aef5914888aef42b142468216b7c1ac9476b6b8fbab998

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9e12947e8ab61f71d4d1e4300c0089b1

SHA1
0f1f8d67216be98759b8791a26952c0a09006c27

SHA256
e3e63974346d0cd6a2c20d626a4f957b23791b06bda8c5fe3876140a8a965f13

SHA512
7b0c0b4f6b364b855e4ad9cab4754ffa869323a572d8f597c24bb6706167d728fafd525f909a812fb5e1a2d7a03ab0403649409aed8a43537f63eed4e8a6e635

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
32d75248aa08a16f3b9b557c4135e236

SHA1
9a177f37ba5e30dc892eb0b2ced4c9229e17bf52

SHA256
68e98a7685a5a2d3050ddc1caabf38475a9a48280badcf5608138e5b42a91e07

SHA512
79378855fdd1ed0d980d140b4f7f5d9d6e1ff4f789d4974dc36b8ac2dd33aad6b69fd6cb1c6c5fb69c195d363aa99d870d0d802eb56e27db46f6b6c0c08463a1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e854ca7e7cfd376c4eecb659ffaddba2

SHA1
31dfed85b16e421c9f7774a7c1793f891fd58e68

SHA256
0cf0f8c264915f8bb06cb00745728f42cfd2fb89eda5337c05f9cc944ab1a637

SHA512
62bd839e1f0eea1527c1f65d3e686f021f8344038c71d22cc82bd584821c5d27fbbcaa9604c6bfd77cd3f16d46859fee662cb98dfac380425a2852fd3d8c3417

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
81e8d8537f0e00111cec34b86ffd9a03

SHA1
935b620ae9cf9356b6f435da513ed8a7a256fbb3

SHA256
ac440c7116b80fcc871bd8c21bf56054e5c3d688c59077447f3e7400adea1f8f

SHA512
8666e4211d3fdbe66174f6ea8e3881b5cae10ae42ac14c8b35f9c4601318f9fb711f254b8b181f773fcb0fb78357493eb51ef18b522ceda37f78c04e76ee85bc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
478cbc48eb0025d7d0557ec92bdd2648

SHA1
21160489d0bb3d0d557c9139a10e942d82b48968

SHA256
83bf3dd70531fc847c6ff54357ddf53ec1e312f76ade173b61722ba65ecdd6f4

SHA512
7fb183f550b4ec1fefae38b5d1399aae01d1d48f035d5a77b05dbdb42e79af3f6b538a3594b30e7755f58ec1413437bd92b39455244e852e882e35bbf67f86d6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d49d1dc2178b5bbbb7651b03bd8b55d6

SHA1
70a7c9ffc988aa477c001b90f5ccb1a58b506c97

SHA256
b925ece03482712c7c80c28fafdc93b0f435df4af1d2afcfcb906655fbf3abfa

SHA512
f7159d2a7913ab28aae9d916e8774ff66c3d9000962ab9d6a3225582bd972987d504bb8a1fbbefcf5bf075195f06366f6625c4dde8004874a2189598b87dd18d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5854819bb2e6d7d5c94498aca3faad4b

SHA1
ca33beb6cb5d6a8bfeffb3011bf853ad5496749d

SHA256
bf443de38be43e3c1dbbafa656253b26499e8c967480799986086689612b83cc

SHA512
ab101fca5369cdadc36617e439303bd148049a9af0494e70525296d8a0d32ec26c60c304eed9debe0bffd61472a20bfe209bd0f2d629a0986347ed8ccb7fc1fc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7d0cec3b2bd4c5f0767ac38c32f88d89

SHA1
9c2f65cb9c7cdbba461aa5bed89daa3d94183ddb

SHA256
0bc4ab38db72f51c9727a3ef312dbf0015c3de9889e7ab3361ff9aede96592dd

SHA512
51087f02c522e7f8a6ff0cc7099e607406ccf064f97fed4cbca3cb8ce59a3c788e39742f9a091933a5f2f9cc1c0f31dc5e90fb2d0eea86ed5d16eada9b068fee

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
80cffcb5bcc946ded5dc16bb38b2f78b

SHA1
2b37c95b22110676bcff687e7712f767982f2c41

SHA256
a74a548c649c08b5505f76e3e6259fd029beb425f79bb25edb874ad57287e315

SHA512
4f8e66afa3f5ea90c871c92b1ee821ee3e877bb3a27a32e3df3977512dcc55f26d1726177b17d94df7b271c1cdc25d1b1a97ee4627aa23199065049ec2761d07

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a14076f060f8bab042982aae9c929ad1

SHA1
340b50435f442952da298e676d35d624fc6b06c9

SHA256
c6ceeffd879bbd5be9e1115bd719a890e733e369671fe3327eced81d901eb9e5

SHA512
219eb4887eea75fa56b4a7915859dabdda5470c42279de8100efb0f7df073ed068455585d0290018c2e9fb53704e4fe04ae551a0374260f9cb9dbf9a01fcad9e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_9487BC0D4381A7CDEB9A8CC43F66D27C

Filesize
408B

MD5
05bb80b317c22c79ce4311e718299799

SHA1
a4ea1689f478f2112403c24f49e109a192405a94

SHA256
6e828848a0e67a646621432af9142d3342bfe91274d70f665323ddddad3373bf

SHA512
acd577599b9ad2ef72e652b4d1c9233f121d958bb1e6fed27f77fcf776913c1d8e9744f2e05b96c6e6b77f37b1bd1ef5d47cae799a0aee955c61d663f947559f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_9487BC0D4381A7CDEB9A8CC43F66D27C

Filesize
408B

MD5
c79e761eb7665f3e507accece0737c97

SHA1
2f0b85a81f32d6567ed0fe4fdd51104315cda8f8

SHA256
c6332ea8b3c50fb55e24fd60d8a5757da64cd82a92e1102bf70731b07f5aa149

SHA512
3aff48d9167efe7500ed59a2c4bf1699eb1349a5ceb5d0f09e1a752b40c55b08b6e532fd570de6a6ba8d27a22b9da2ba08effde7ee64ec1bb5eb0b4388ec8089

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
56e18a18c77b0187cf6a12eddf41ac6a

SHA1
df7fbd345fbae287e606f44121fe1f535c592686

SHA256
da2037ec20b16ea6fb13331ccf3f69c8c11a341ca24933b7228a7f62a92b1844

SHA512
dd2c0708482810ac11330bd6d601eae657d31d81e2f5d381a455d8730c7cc05c3d276bf702d13016b1197f75e20d3861cc400b974315d4985b02d2c231840ae6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\q905y6j\imagestore.dat

Filesize
110KB

MD5
401b3ef1203724f2698f5d96517fc3b2

SHA1
116ba35d9c682113c4c0b34c91455f8fdcaaf856

SHA256
344df4c08e832d509ca34010706c82a9967035bc0402705e05e80f98f60d7989

SHA512
15b0620400c25390cf8c2a5d052384b442ee448c7a32a04ba6dad94763f9b19e2538484ba55d907622209387d75afc49ee5aaedbce66df28e8c9f27cf39cac59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5DKX8QD5\favicon[1].ico

Filesize
109KB

MD5
504432c83a7a355782213f5aa620b13f

SHA1
faba34469d9f116310c066caf098ecf9441147f1

SHA256
df4276e18285a076a1a8060047fbb08e1066db2b9180863ec14a055a0c8e33f1

SHA512
314bb976aea202324fcb2769fdd12711501423170d4c19cd9e45a1d12ccb20e5d288bb19e2d9e8fd876916e799839d0bd51df9955d40a0ca07a2b47c2dbefa9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9M0HR0P6\js[1].js

Filesize
220KB

MD5
26281b2fd075a52f836d661c53ca4df7

SHA1
b5335b6540c27daa576ee812380a3cefd17ccaff

SHA256
868109350ff9cfecd1acf670b3ed580794e3fdb9bc997e04d5d8f041f9550caa

SHA512
9a61eed8d343ad765cb15698ff22a77d789d6dedd6777f8b3ee9d245b26076b6feafcc741e8d8a79f230dd855bbbafe96bcd18b8299ead06847a674db304bf95

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar857C.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\9SBH4ZTY.txt

Filesize
106B

MD5
65af61924fc033e0979d95b524456d07

SHA1
9d534064d19d08f88bd20026f8ae7389ba0343ed

SHA256
a65cc855f06fa2b3025efefba5fd89c00f8d45341059aeb5f06202a3b93d22c8

SHA512
3d2bd2667bb93fb2a6834ee8c1e0c846e4b4059d2bceabc88aa488f801b24fcc0ca3cc8b9e373c1d92b13cf3af99d9b3d92a5eecc8bb9ae76d19a1b3081332aa

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads