9d76e784547306757ca91d82b58d6ab9dab3708de0c1c08124970f0c20429b8f

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
12/05/2024, 01:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

379847785abeea923114164226c6cf4e_JaffaCakes118.exe
Size

1.3MB
MD5

379847785abeea923114164226c6cf4e
SHA1

d2367dc56236f8032d66f7081b36aa3a1636b04f
SHA256

9d76e784547306757ca91d82b58d6ab9dab3708de0c1c08124970f0c20429b8f
SHA512

e3aea21ae7d8ab018d5dc795754947bee454cbc7bf48df2dff17e385b2b0a75a68a07c892e15bd9b4ec6b44b0e253a7515dc87245ed3aaba837dedf368b90472
SSDEEP

12288:jiLJ5i7sJXx0douBjhCCAYi8c1i6oaeNSoeDlHsg+2Vasj0eqV:OspfjxAf8c46oaKeD5l+25j0tV

Score

7^/10

discovery

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2316	cmd.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 46 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\	379847785abeea923114164226c6cf4e_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\hofficeworksuite.com	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\MINIE	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9860656A-DDBB-47C1-A595-4A0CFFA2AA0C}\SuggestionsURL = "https://ie.search.yahoo.com/os?appid=ie8&command={searchTerms}"	379847785abeea923114164226c6cf4e_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IntelliForms	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\PageSetup	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d7c7e73b934388418857a0db8be9c1d10000000002000000000010660000000100002000000012b95fad506278700c8958d92736b4487cf2c8ffc02fc0d237b40725d916e7cf000000000e800000000200002000000036a9adb25ad2c5b70dca6296b80f5ebeb4106aa991ea3ec5c50a11899687a338200000002d691c7ce72db7d7f4f7f8562fb996f6f54f5595a4ca344fe90b2e4d73fcf10840000000472927f250f6e49647c6b919d3c3cb0562df1aa766e1f89f43ab4d1a019c4b310da995372f09695e01e8f28175879084b274ac9d981bfecff446b08497c512a4	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9860656A-DDBB-47C1-A595-4A0CFFA2AA0C}\URL = "http://search.hofficeworksuite.com/s?source=d-lp0&uc=20180627&uid=d09b85a1-592c-444d-9d50-6581b45dfa7f&i_id=office__1.30&ap=appfocus1&query={searchTerms}"	379847785abeea923114164226c6cf4e_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\hofficeworksuite.com\NumberOfSubdomains = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9860656A-DDBB-47C1-A595-4A0CFFA2AA0C}	379847785abeea923114164226c6cf4e_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Zoom	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{0C68F701-1001-11EF-BBEC-C662D38FA52F} = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "421640083"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\InternetRegistry	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 70935ee20da4da01	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d7c7e73b934388418857a0db8be9c1d100000000020000000000106600000001000020000000a35b517858074eb773e64c1c4c2817ace9d2d2d1f6e20ee82832d54fa96b5464000000000e80000000020000200000005f0724f653e6b5811d864e412a193819b610798047d7f3e452840f9c6744a21390000000836878edb1606e9dfe7be7981cd81fff47d7cb3c5f47b5b569476f7660b8b56b8521213e7e3f04d7c0f3621053580011710b1c19c344e28139d9fc3edeb923b648d287b25aa3fcf7d0f29fa66f6d85198a9495a93e76377d5bc9b171d7a6547f1ad6ab4154bbba25a7331af841946699b02c8a09f07f6665bc827697666c26284b77d38aba686a5cb87359fd5cf34a7a400000008da6a2018a6572ecd475ff187ab0eb9f0e91f9e8ed80527fe875f7b14cb5bbab49f95dc94c54d52927692c55ac42166fdedd411797255f12e6a4b69cfca6d2c1	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9860656A-DDBB-47C1-A595-4A0CFFA2AA0C}\DisplayName = "Search"	379847785abeea923114164226c6cf4e_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes	IEXPLORE.EXE

Modifies Internet Explorer start page 1 TTPs 1 IoCs

stealer

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\Start Page = "http://search.hofficeworksuite.com/?source=d-lp0&uc=20180627&uid=d09b85a1-592c-444d-9d50-6581b45dfa7f&i_id=office__1.30&ap=appfocus1"	379847785abeea923114164226c6cf4e_JaffaCakes118.exe

Runs ping.exe 1 TTPs 1 IoCs

Remote System Discovery

T1018

pid	Process
1512	PING.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2272	IEXPLORE.EXE

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2272	IEXPLORE.EXE
2272	IEXPLORE.EXE
2536	IEXPLORE.EXE
2536	IEXPLORE.EXE
2536	IEXPLORE.EXE
2536	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 16 IoCs

description	pid	Process	procid_target
PID 1936 wrote to memory of 2272	1936	379847785abeea923114164226c6cf4e_JaffaCakes118.exe	28
PID 1936 wrote to memory of 2272	1936	379847785abeea923114164226c6cf4e_JaffaCakes118.exe	28
PID 1936 wrote to memory of 2272	1936	379847785abeea923114164226c6cf4e_JaffaCakes118.exe	28
PID 1936 wrote to memory of 2272	1936	379847785abeea923114164226c6cf4e_JaffaCakes118.exe	28
PID 2272 wrote to memory of 2536	2272	IEXPLORE.EXE	29
PID 2272 wrote to memory of 2536	2272	IEXPLORE.EXE	29
PID 2272 wrote to memory of 2536	2272	IEXPLORE.EXE	29
PID 2272 wrote to memory of 2536	2272	IEXPLORE.EXE	29
PID 1936 wrote to memory of 2316	1936	379847785abeea923114164226c6cf4e_JaffaCakes118.exe	31
PID 1936 wrote to memory of 2316	1936	379847785abeea923114164226c6cf4e_JaffaCakes118.exe	31
PID 1936 wrote to memory of 2316	1936	379847785abeea923114164226c6cf4e_JaffaCakes118.exe	31
PID 1936 wrote to memory of 2316	1936	379847785abeea923114164226c6cf4e_JaffaCakes118.exe	31
PID 2316 wrote to memory of 1512	2316	cmd.exe	33
PID 2316 wrote to memory of 1512	2316	cmd.exe	33
PID 2316 wrote to memory of 1512	2316	cmd.exe	33
PID 2316 wrote to memory of 1512	2316	cmd.exe	33

C:\Users\Admin\AppData\Local\Temp\379847785abeea923114164226c6cf4e_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\379847785abeea923114164226c6cf4e_JaffaCakes118.exe"
1⤵
- Modifies Internet Explorer settings
- Modifies Internet Explorer start page
- Suspicious use of WriteProcessMemory
PID:1936
- C:\Program Files\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://search.hofficeworksuite.com/?source=d-lp0&uc=20180627&uid=d09b85a1-592c-444d-9d50-6581b45dfa7f&i_id=office__1.30&ap=appfocus1
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2272
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2272 CREDAT:275457 /prefetch:2
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:2536
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\system32\cmd.exe" /c FOR /L %V IN (1,1,10) DO del /F "C:\Users\Admin\AppData\Local\Temp\379847785abeea923114164226c6cf4e_JaffaCakes118.exe" >> NUL & PING 1.1.1.1 -n 1 -w 1000 > NUL & IF NOT EXIST "C:\Users\Admin\AppData\Local\Temp\379847785abeea923114164226c6cf4e_JaffaCakes118.exe" EXIT
  2⤵
  - Deletes itself
  - Suspicious use of WriteProcessMemory
  PID:2316
- - C:\Windows\SysWOW64\PING.EXE
    PING 1.1.1.1 -n 1 -w 1000
    3⤵
    - Runs ping.exe
    PID:1512

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

Remote System Discovery

T1018

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_9487BC0D4381A7CDEB9A8CC43F66D27C

Filesize
471B

MD5
ce83241f27e801f4e90af688001e0545

SHA1
45a24733aa1690afaaffe342977a2fdf2e3a0d5c

SHA256
890c16cf0c667fd78862d29ff1a171c56ba469166f10227b4eac7a883cbb9e59

SHA512
55b4121b599a090935337b077f5d2c12569369e3aabd622cc1559d87ae31677108ea37e47ea81425662dbb947e9e5ceb0afb20e2488120840859158189ccf082

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
abddfbca38f93ca3c8fc223124bb717b

SHA1
20117f1914d17fc17e1ff6293c9f1ca4f60d9f60

SHA256
173064108d198128dc06ef8d1417056cc3ca3806aa0e923ecd1dcd0ce2e0d0b6

SHA512
66138ee71f3fdaa7acb09315fba2c88f63c68f2ea840686e807b2191cb58cdefe84db7c45b943a66dc230a1b2b416444d28b36b885772691cc938627193c9aaf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6a878fd540d0be7499772ca3a637d71f

SHA1
e8e564ee10960d9870b1a9e96cd4ce9656ea085c

SHA256
a228941306ff87c6b5776412bc50a8c317854e172af8133e8b82bd511bd157ef

SHA512
5d1c731b2786029076c5abef834784371d495c2d3499ad6335b27e6d088e0c788548cf0bbbbf7746def4f2acd6ed785e908333b1c44778f7e8f2e872c30816fd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
35aca5bde021f77f4662d94d001ec53b

SHA1
c91386e2db26bbbb323cebd1b3e8037259ab8413

SHA256
45fc46b99bb09916f8ddc637b964e87feda7f97b43ec4e605b1b1bbc7ce6db5b

SHA512
db7b0373754806e18ac0901fbd215599eab3c202c406c40fda9bd56de8e40062184d60e94a0475ef7f53d6abdb0ecb1507e5fb9d68b2a565d87bac6193f7ec96

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2c74cf306a0275a5a5c9ad4123cc7f03

SHA1
c0cceddacdeba48595ac8316bb9de833064d09f8

SHA256
f3e882b10a5315341a6435c790885434dfdc0795ee7e6b32a550c587074b2159

SHA512
c0741245e077d528d73051276a280597dacc2e66abd24722473b8409d3fab1a8bc66afae73906acad74d9684a867133a797b61c3a733405232d6fe93e7656343

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2cd9a7b0de2f799b0bde73e3afc81a27

SHA1
cb45b79eb7243a7a4434c32071809eea79af0386

SHA256
99e8015dea6091402cee5cdb39d9fa7911509d8824ed49a6185d1be62d330adc

SHA512
81f91455fa838b58c850d34dccc686210ce3f8d9d231b914bafe3cc3b230b489c6541b1741dfedb57f02853ee6421de7f22bb06d39f50ffe5a1e416a1174097b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
11730eb933a1a6bcf2c51f21df2bc1d0

SHA1
79ee147278cabbda81d1d86b95014fba107173e9

SHA256
18a403570a7efd4e8019f75dd64292ca84681b3dda97a91af1aa8c4236c3c4f3

SHA512
ad2c1f89bdd11f18df2d440975d2e3a16a7e5a5f99490393b3d26d7f0c489647379e9fa800fab1feb5e74cd4834e99bea98e817aaa721618085c44826b2b88e0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fd5122ec09fa791b551698fc8eec1858

SHA1
8bd51cc0c81d135a0e878a9d9c62181bbdc9bc0c

SHA256
00817d539f23873783860d31a445ae1e3c5139eff207c2e3fe25234cab8bfd3a

SHA512
45e191018fd5dc6298e51679c4b4b54bd9284b2e7f31f7d8c121bb814a095541d0caf84a7e9840c09089fa03e62712e674e7a8aea3cef136dcf2194447e31d1f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f2fec81c85c01b1b49cc51335cba6dd7

SHA1
85e255f859213b062814277245830bcff0e8bddc

SHA256
3e7df7af424448859f0f1ffed583bd7335d65bb68653f228f8bdba0f0995e183

SHA512
dd5b419eb421fdf1d336774790541f7a5112bad59a96e0bf96a148e9d2fd704f552332579a408ed69628b054079a0d9fb51f1783d13d2807acf49a5c83f9d2d9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fc2f140939b3517044e85cdf49132ee6

SHA1
f8ae053a0dedb3c12a8a9f390b785b200ded0ed8

SHA256
a0acd399e710791f4787b9f2867ca5ff395a3faced2a8d1f0d868d1fbd80437e

SHA512
e35e82d4681e631a669fd1f63b9a61a46dfa192997e3d879f92f2e09cba3a256bb4f183d82c45db72b940c2bfaf05a571769b535965185bd4253c763932437c8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
20e0b734463fd9e98c7df329903c05e2

SHA1
ebb5007795d1bb5194693589cc92a66255d66160

SHA256
c01a9b00a4334fffc800b28db31708118d9a2e7a7374a5e57ba99b34542a2e7f

SHA512
478c2cbce68cdb65c2cdfd3002f5cc7ad5d5dac2a91c78c6c4ddafec0c1e2139a6fc6171b1cd7b342e8cbb30139d9b5b7216400423012d7699251df8ecb1c6f6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
56d2238c62de738a8942c92440e462ce

SHA1
0ad0dc563de24ed6a1233e1cd57b1a61d52b9ac3

SHA256
4530fc90e8e8df532b36562df65829ed75574dc4174368db9698a2c0580e9ca9

SHA512
0132731066ee49145fc854ab19cd7361a0c02b88b0fff3ca339d8ded144eb5afb3bf3bd3ed543d1edee04a3a05158737a91ac536409c32a9a17ea54f11071e15

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ea0e7d0dca331b7b3aaee7d3615b4f05

SHA1
9451d164c45eb3af0bc671769fa63620ee052406

SHA256
6d1909230a9073bd50538c1ac5fc7918959df3086d75c8e3e2e41fd586c0fe3a

SHA512
4172545f29b8d6d8a10cb4f2aab054b744cfcc0f7d48159d7faa98da4e53e2df19e9b7ef81619b42e8bdc176ca225804e19ec9e7c97935bf5be860bc14cbc6be

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
341e4b2646c1dd6eb06028f86968dab2

SHA1
d133fbdb255ddebf9a6fe240298541e7988c6405

SHA256
f42084e89e26d60336e2f6e5e45e4bb426eafb5aa5b8a77a2026ed0037825398

SHA512
a171b605049d171f57092ace73affff4188ab351bda0e70bc7e23727b314752dd380912447e3757d29ab5caaf1178c364f179fadb550843f8f8aed93559009fd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3fb0dcf34cc001ac0df387f300d76a80

SHA1
e369da74c1bb6fd111d6177473e8a65210808307

SHA256
dfd42423129ae5c0ab026332a081ef97e77377766e8cf5ea57fec58d90f42a5c

SHA512
93889908804cd386ab3d3e19b64443b0d94575bae43762cf06d8db1f2f4efdff4a2de77f46981655c7bfb269eceef1a68024bb6604e28bc4582ba466f6543f46

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7cfb390bf9faed3042080579b0c66f94

SHA1
cd5926d8d93d808994b1659ec8fd2e2e89713fe3

SHA256
33f375884c7aa4be9c693ae10f5872c2e99809378398b96dee12c97fa2b61c7e

SHA512
c1cbc5d2b2e968cc3b1959786ee6a50674c6a4f9b2d724123ab5d4ff0c9aa0751b7e3c25d49bccd3152827ec4f3c1c023eb687c54c8ccb8baed486e5b1f84e50

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
dbe8ad3d486ad639a198e4ec551e07ae

SHA1
177c63bfec977f8237d34e6b7c536eded2bc0e3d

SHA256
c79cbed96bf210d7791fbf1f60173af0031a58ece8e03b3ea6585c98a101def4

SHA512
8b60021e5811ad53f1a0a6fa8a4c09381c3b61a02c9895bf1a5dbec329aedd01698341c55abbca687e626ba9e0f90e8e207ddd0daa31983cde68c8bb016a2dfd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e7ac5361cadab4f45db92a902cd7ea74

SHA1
a5133cae5e80458763e4afe633cbae71c3356c81

SHA256
f3491ba0c6dbbb73d37cdbd9dea660d4bac1fd1d73a368c4ba17eb2e43d2abf8

SHA512
d5bc973625785259dd680098eabe09234c0e064033f9c7bcdec57640537c27336b4722b27e926cb9b16214bde1b0575468555d9b45b2a4b2cdaa92dccba1230a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
79cafbe46e4c908d8e572c582dc5a658

SHA1
d8fd22cc055d88087d88c172a9cec31a8b3489f7

SHA256
251a9d28c6f542cf1e4eaa66142d76237943333413996a0d877e1dac8f4d4cc3

SHA512
c68fd5632b5e4d79cb2438fa7516fd920a14534b372dec4db8ee2b614ea7962f63fbe354830518af4cf8a9c867b372cfbd7a1e3d14cd1eecdce574ba1c8431e9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
86afc0123c8275ef5ba6b999cbb9ef04

SHA1
536a8d82689198bbddd3a70e17cdd0fdc1af94e8

SHA256
c0e352c714c11f1545b8798a3169630339869486a904c6d9507b70c95475c523

SHA512
cbe7dbe78e22cd8836ca8901143fcdaa8013436fce57dab432710a68345758c6ba7927f94e36d32db84131319b7282be9fbfac457875b5ce8d422a8f65ec932c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3382b163d3004a076cf8b7f649dc1b52

SHA1
c099f57dc4a06a18e0085dac0ff0d09f532a73ab

SHA256
ff4f401331ebe0a4a0cd52e6bd4716b81d491517245adde26dc32247efad0de2

SHA512
638f96c7219f40ee2c20c56d3318242df6cca5ea80220f3134fea4d0ef0377d5d13dddc0a8717c54363f90a6671fad193423a13b2cec499f7ee50c7b57854145

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b25580f35714c5117fed5fc5658d8617

SHA1
f7d6aaf7ce67842cccb853a99de013f40bd224e9

SHA256
8a6d4b14d744dcb7725640d977cf09aeed3c93f1a07d77bb04ef5747a4505ced

SHA512
e373d5a1132109be8303bb0435ec69041bd812dba603171eea037fbf09369da5b1f0a542cbcdf3bf69eedcd87619643f3c54f4aa5d57e4b7cedbe3a02b4daea3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3f8c1d7202740362020582c101f5c902

SHA1
a8e3ccad3fb4df961c5f9c494146f6e8072527b3

SHA256
11f61ccac33cdadfcb6a54a3cf5c3d2aa217f0a47046abd7e022256d744ea342

SHA512
7621adc78ada78ed84e6ce94d4b445b47c9a1e4472b2061120b4daa904cc4987d41ebb4917430dd60c22e686f3b407e71e27898be0299a62ebb954be67fcb9df

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6f0b73c209124f94eb6ed087569ad35f

SHA1
ecdb6e31cefce68b4c0787bf66c708f54a2e4a64

SHA256
d9306075564b916e29e2cb98b630211d2cc01dd423f09db598e79a67d43b3f20

SHA512
af7c5a06b000446753a7db9586b18b84cbaaab04517b0df06fab31920c0e6ce41e1c9ee64ad654a690fd16342b05252384555efbad2f7c953efd0a62e52fad30

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
958bed5c4a4b926926dfc3769daeb1aa

SHA1
7a5a60c7918021fa9688caecc1ee2eb66ebc0aee

SHA256
89d96aeb852e7e32e087e354123e2384ff48e2a44a099af58ed8808f15cb2d31

SHA512
c21351af2b546835c577503d1407858f7ca9cbe2372b24b0361cd3fcf75d88f88653f9b3c6920ba90f1c68561fa6d2ccfa6204dab2558f91c848c641107c8b12

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2669754c35d8ee2f5f17ca77c474754d

SHA1
c69e73b8fb1669469374638f8d8f70c3a9fa79c5

SHA256
d484bb68ace5a657d63ca366d3d66efe525f1bb40943f9e5bc06bf055bf2b7d8

SHA512
165dd80dcf572792e2437e4e9d2a416560fea904bee358bb457cc87ceea15b60fb00d31e202326b616148ee4cbb066c16879f60c5c44c23fefc05aba9eae8bfd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2185139a976d7d9acafcdaea71510d24

SHA1
533d31a9f244a665b5d2c29eec42151b8ac746e9

SHA256
b065d6dd56f3127a16875bc2c96f1ab3451da8839e0b9eaf08c7905c2d2272e0

SHA512
0685b0b78332608453cf241a3b43e5c60a0d68e8aea116033422193e1467e4128f8a0b27a67f6dd6cb001ce1206d7e2337e414ef25d521de2bf123f3e851e6a4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_9487BC0D4381A7CDEB9A8CC43F66D27C

Filesize
408B

MD5
2e2300003626389e7d4c6945be5ed076

SHA1
a7064adbc30f631326fc139f6e61f202cafff76c

SHA256
d96439a84710cbbd31ac1afd27c3185c23d8876da648fb797734fcc281e07262

SHA512
f16af955670c5473666a3947a76ad498fa6c47176f60e5995f48706c722f8ad71f9ef022f00b367590e6259ed2a76ec8487e38ef536404825e0f99fb656c7c45

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\wi962z5\imagestore.dat

Filesize
110KB

MD5
7c1675064b1a483b883efcd8122c25ce

SHA1
5492b3dbb2b981fde584b1b7e79501daaae0f57d

SHA256
2010b9f4840d595dcfb7ff167fe0356c4778057860de9c9096d3b394919740d0

SHA512
4be05c2c2cbd09737a2bcd85b60cb40fc78d0cbac98b0d2d36ee3df9360ad0a82eed9259348ea5ffa04c8d5beec8d31c1e98d026c2d7e510ade0d75e47e02fef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KRMHFE1W\favicon[1].ico

Filesize
109KB

MD5
504432c83a7a355782213f5aa620b13f

SHA1
faba34469d9f116310c066caf098ecf9441147f1

SHA256
df4276e18285a076a1a8060047fbb08e1066db2b9180863ec14a055a0c8e33f1

SHA512
314bb976aea202324fcb2769fdd12711501423170d4c19cd9e45a1d12ccb20e5d288bb19e2d9e8fd876916e799839d0bd51df9955d40a0ca07a2b47c2dbefa9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PH7CXNA3\analytics[1].js

Filesize
51KB

MD5
575b5480531da4d14e7453e2016fe0bc

SHA1
e5c5f3134fe29e60b591c87ea85951f0aea36ee1

SHA256
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

SHA512
174e48f4fb2a7e7a0be1e16564f9ed2d0bbcc8b4af18cb89ad49cf42b1c3894c8f8e29ce673bc5d9bc8552f88d1d47294ee0e216402566a3f446f04aca24857a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PH7CXNA3\js[1].js

Filesize
190KB

MD5
561d98074cb239630fa0a79786576a56

SHA1
7505cb424d7d7aeb820c8197fefed2758475c22c

SHA256
9421672fd28dd0cbc2204222b2f51a531ccbb9b424f30bdce04a28835fbf8070

SHA512
98c93e23737472db1def40f1fc02a4810b51194b5870e1048a55693ff01b8bab55c403f0e25ed5154552e7d93831a855483f6154d0d0969863675500819e07cf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab1B5F.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar1B72.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads