72f426df6eaa87efab4b6e319640370aec68bcf3fe6494a856d3c11d01f9542e

Analysis

max time kernel
150s
max time network
146s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
12-05-2024 11:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

39d7e8a917724689db5bdc60dc529191_JaffaCakes118.exe
Size

1.1MB
MD5

39d7e8a917724689db5bdc60dc529191
SHA1

3fb453b810a547b12421a6be005b6a12b40d994c
SHA256

72f426df6eaa87efab4b6e319640370aec68bcf3fe6494a856d3c11d01f9542e
SHA512

dfee6fb77deb9efabab6a6986e2740ed756438996b69e2c272badfd42162aa682ff43505a136fc23324720880a09d94e468d23e78ed3c1bf333672a76d6315f0
SSDEEP

12288:XsM+aTA3c+FK1vrlVYBVignBtZnfVq4cz1i5pP9kPQi:8V4W8hqBYgnBLfVqx1Wjkv

Score

7^/10

discovery

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2404	cmd.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 49 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{1343E4D1-1052-11EF-92E0-EA483E0BCDAF} = "0"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\{2B423F4D-9E2D-451A-B2DA-9EB21F33CFE8}\DisplayName = "Search"	39d7e8a917724689db5bdc60dc529191_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c07be5ea5ea4da01	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\{2B423F4D-9E2D-451A-B2DA-9EB21F33CFE8}	39d7e8a917724689db5bdc60dc529191_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e861098c19b4244d8627ee4664a9606900000000020000000000106600000001000020000000217d94ef1c2f3fd9495ca51c7d7c4c128085e3153a3d93b1d424f42bb8f79f84000000000e80000000020000200000004cc19b3f9dc2f8d531155e5b19ae7a6bf61129d9491b52009745288412b851a4200000007a14a76e6c73a2a94a9113f62f386e21165fc0bf9b51a1ff33e5b7f176f2ad544000000022e4942fc418af2b8d6539790f8762390ec00a713734cc33c7dfa00d311b8ffa0bb1c6d950dba65f4621bfd6231be9be894b986fc7dc2f67c146f774f9a71276	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\heasycouponsaccess.com\NumberOfSubdomains = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e861098c19b4244d8627ee4664a9606900000000020000000000106600000001000020000000d6542d2e59589aefe73a26ac18a9ffe57251bd94221b58e360779b0a02250fa2000000000e80000000020000200000003c05317a31857332cab4cf3a005965e390976b15e755bef647e5bb1404be8d8190000000e8c06735ee75b25f0e830c0129c5e22df0b533cf5c31a2608a71a2a641b2711ced6687557b025fba85a0612662395a7ca6b24c290b18046059b70c4f1ed483644f47b4b66fe085222d108606bdb47b70e3116d94543a5c7fcd8394cd7ae9cabe1c39a799a5ad0b0e9e6f9dae5d01ef04632e7b603c4ff983d138469ba55dc305d31fee2225e90e7dd1c0b4e3b15be04340000000c3ecedeac576eba5e664c6183cdd0a1e7bc5b940b4413add219d0bade2fa41e33c74a573e520df9b3fd430ee9c9eee1ce9517d74f1fea7cb1c51a5e210dfcf94	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "421674884"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\{2B423F4D-9E2D-451A-B2DA-9EB21F33CFE8}\SuggestionsURL = "https://ie.search.yahoo.com/os?appid=ie8&command={searchTerms}"	39d7e8a917724689db5bdc60dc529191_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\{2B423F4D-9E2D-451A-B2DA-9EB21F33CFE8}\URL = "http://search.heasycouponsaccess.com/s?source=_v1-bb8&uid=ccad57c8-c444-4909-8aac-dac23a074c71&uc=20180120&ap=appfocus368&i_id=coupons__1.30&query={searchTerms}"	39d7e8a917724689db5bdc60dc529191_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\search.heasycouponsaccess.com	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\heasycouponsaccess.com\Total = "21"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "21"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\heasycouponsaccess.com	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\search.heasycouponsaccess.com\ = "21"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\	39d7e8a917724689db5bdc60dc529191_JaffaCakes118.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	IEXPLORE.EXE

Modifies Internet Explorer start page 1 TTPs 1 IoCs

stealer

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Start Page = "http://search.heasycouponsaccess.com/?source=_v1-bb8&uid=ccad57c8-c444-4909-8aac-dac23a074c71&uc=20180120&ap=appfocus368&i_id=coupons__1.30"	39d7e8a917724689db5bdc60dc529191_JaffaCakes118.exe

Runs ping.exe 1 TTPs 1 IoCs

Remote System Discovery

T1018

pid	Process
2340	PING.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2936	IEXPLORE.EXE

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2936	IEXPLORE.EXE
2936	IEXPLORE.EXE
2528	IEXPLORE.EXE
2528	IEXPLORE.EXE
2528	IEXPLORE.EXE
2528	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 16 IoCs

description	pid	Process	procid_target
PID 1740 wrote to memory of 2936	1740	39d7e8a917724689db5bdc60dc529191_JaffaCakes118.exe	28
PID 1740 wrote to memory of 2936	1740	39d7e8a917724689db5bdc60dc529191_JaffaCakes118.exe	28
PID 1740 wrote to memory of 2936	1740	39d7e8a917724689db5bdc60dc529191_JaffaCakes118.exe	28
PID 1740 wrote to memory of 2936	1740	39d7e8a917724689db5bdc60dc529191_JaffaCakes118.exe	28
PID 2936 wrote to memory of 2528	2936	IEXPLORE.EXE	29
PID 2936 wrote to memory of 2528	2936	IEXPLORE.EXE	29
PID 2936 wrote to memory of 2528	2936	IEXPLORE.EXE	29
PID 2936 wrote to memory of 2528	2936	IEXPLORE.EXE	29
PID 1740 wrote to memory of 2404	1740	39d7e8a917724689db5bdc60dc529191_JaffaCakes118.exe	31
PID 1740 wrote to memory of 2404	1740	39d7e8a917724689db5bdc60dc529191_JaffaCakes118.exe	31
PID 1740 wrote to memory of 2404	1740	39d7e8a917724689db5bdc60dc529191_JaffaCakes118.exe	31
PID 1740 wrote to memory of 2404	1740	39d7e8a917724689db5bdc60dc529191_JaffaCakes118.exe	31
PID 2404 wrote to memory of 2340	2404	cmd.exe	33
PID 2404 wrote to memory of 2340	2404	cmd.exe	33
PID 2404 wrote to memory of 2340	2404	cmd.exe	33
PID 2404 wrote to memory of 2340	2404	cmd.exe	33

C:\Users\Admin\AppData\Local\Temp\39d7e8a917724689db5bdc60dc529191_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\39d7e8a917724689db5bdc60dc529191_JaffaCakes118.exe"
1⤵
- Modifies Internet Explorer settings
- Modifies Internet Explorer start page
- Suspicious use of WriteProcessMemory
PID:1740
- C:\Program Files\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://search.heasycouponsaccess.com/?source=_v1-bb8&uid=ccad57c8-c444-4909-8aac-dac23a074c71&uc=20180120&ap=appfocus368&i_id=coupons__1.30
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2936
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2936 CREDAT:275457 /prefetch:2
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:2528
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\system32\cmd.exe" /c FOR /L %V IN (1,1,10) DO del /F "C:\Users\Admin\AppData\Local\Temp\39d7e8a917724689db5bdc60dc529191_JaffaCakes118.exe" >> NUL & PING 1.1.1.1 -n 1 -w 1000 > NUL & IF NOT EXIST "C:\Users\Admin\AppData\Local\Temp\39d7e8a917724689db5bdc60dc529191_JaffaCakes118.exe" EXIT
  2⤵
  - Deletes itself
  - Suspicious use of WriteProcessMemory
  PID:2404
- - C:\Windows\SysWOW64\PING.EXE
    PING 1.1.1.1 -n 1 -w 1000
    3⤵
    - Runs ping.exe
    PID:2340

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

Remote System Discovery

T1018

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_9487BC0D4381A7CDEB9A8CC43F66D27C

Filesize
471B

MD5
ce83241f27e801f4e90af688001e0545

SHA1
45a24733aa1690afaaffe342977a2fdf2e3a0d5c

SHA256
890c16cf0c667fd78862d29ff1a171c56ba469166f10227b4eac7a883cbb9e59

SHA512
55b4121b599a090935337b077f5d2c12569369e3aabd622cc1559d87ae31677108ea37e47ea81425662dbb947e9e5ceb0afb20e2488120840859158189ccf082

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_4CE3955EB81328E9364A4F6718E46680

Filesize
406B

MD5
8814605bdc9582d7928ed227188529ab

SHA1
6403915e907ddbf16636d80d7c52a98d0c478fec

SHA256
a9ab3e6b2ec6cde29030b576d9e89da70d1e1cdc9d545525189f67651f731126

SHA512
fdc32e664a30fbf64faed32db2f7c5f3a4af198dccb7595566f0372da21a7dbfe6a18cfbba2198cc60d5840a21b0f27343e33de5126df5560507cd6efc9d7fbb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
bf525c36e99be5e498ac16b3954eedde

SHA1
b7067af7c4cee8e51253dddc4108f1e73de448e6

SHA256
42f739921689fccaef6d7f930e3e2a27f1e05a933e5bd58cb31dd8755d19588e

SHA512
3f9360d6ff10d599e994deec887d009135119ff81ee0525b0ea1ef431a7d0148084102fa2c4e845bd75bff232b1270ac92165ce36561963533cc1ce7ec77de43

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6dd4006ff23549f32702c601d200e775

SHA1
d2ef383c7dd727d80ce60bab099692ebfea059c5

SHA256
be2af0a50b6cc2e7a53de3f46c13a135017d93c25a8b5f59867b4f65c0ac4e84

SHA512
f16d0e169546afd2b73fc7f2d302c5aeab34f29ecd0bca35060e91fa31deb2c46a38ce7f9f951897a919fcffeff7de9c6e2ecd41e58d4f4f41a7b4d2c928c634

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c190706fd9d8c79480cfcaf053410c16

SHA1
9771e4f1c28c20f105a512cfc40ace2064f2fd58

SHA256
571a54416c2b91a2b34341c98f15d6a2b5397a6b640943ec4c608fb433a271ea

SHA512
2df8adf665517c056738c42cfe6884c0ff0b18cc7e0187a5ef773fef9f306049615596abdd3dbacefaf2bf734d2ec5a6937ff69434b5bd4d84820967d72b379f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d03dc476a9a7f6158c649315cee4a9c1

SHA1
03678caee0652c5770a78dedc94eb7922ea82c9c

SHA256
cb55877402b22b25a2d6d04e51f160d027f81e2c8de1e8a7ec33f916f012301f

SHA512
2b5ef4c86fdf4421de87a4bab5dcbb33ce4bc96d1276aab2bc3165b4f417333bc06e5280d3756ad617fe386ad72168b65eec416eaf41936fc03d2ccf09c3167c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
06421a08950615af0499da79a300e40a

SHA1
6907eaa6653c3eddec1efaa6205b7ada2575081a

SHA256
279b7a72f9e3f1f19b6a4b4af2e6f114ae12f60e92738f1cde6f324d45583c87

SHA512
e217102f1d47b495ee4d159d8fedd7d5644936a33982a5f595e708e2a2caf2e585767d4bcdd083aa5eaa05d8cb0fffce388c9c169612cbcd7727cf68b08257a8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
64465bf46792eb3d1cb71732a4cc2e39

SHA1
46a8a758be85a86ca6a30d9b8d7e279ec154fb3f

SHA256
664687d4259a9712fcba7f853de86822e125066238bdc7ddd5d6626538c6350e

SHA512
d0c7ce443b5354ab3977c47c9e9ff52fefc0e451a8bbcef92e88c3c7c2f894c08a979beb3d37a19c6efc6651cf6565f5b9bf5d96496778fa0fa396e479958a9b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
42ee9a5f1f30da2544032a27b6dc8e90

SHA1
ca0bef73f3cda636b20352df489078ab857e8c89

SHA256
b61d5e502b4aebcb020cd63f50f6bbfe2e726b313396a1f7a2c1668cb2755adf

SHA512
31e59dcfbaf84c5ddaf52241e26c26bc1a6c4333b568916a0d662aa62741b19e22c6e9e8eaed908f572fa876f3e77e2be8b43a39ab424e8c4da4ac26b50a7b01

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
56e3647bdb130391160817f952f512de

SHA1
64ba62646f4cfca60f99be7a5c3c18c972c5babe

SHA256
e07561135281a08d94bbb4ef9c0c0007056c984ab542685846f6a3b4e4dc549c

SHA512
e0a6fa6ea272869e63f003880cc5e8daf08fc1ba052527f311e77992336a237d607822c9ec8bb68fc372554a0e43f154a5c6bd7276e57e386a3a55dc04f1c7ac

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c7f7609625901735e2700f640f41fa3f

SHA1
ec978af793e880321463263d954c85580d0e3466

SHA256
423ba6023fc93faa88beee16be496b417787612843621ca8662c062dfd63ed63

SHA512
58c27edf4f89a62e819855784ec8f9943dba8643b889114531796d1e6920bcd3f29df58c2b5c00bb79f3c352280584c086a2af57084a12851b716404fc750983

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
039ace95d34ffdc885bbd7a94706e6f3

SHA1
8ccbdd1edcb23f995585076fb2ef148366b0d08d

SHA256
47fdf053b314018967a9cded24551467e73210169141d80c0e955a1abe0857e2

SHA512
49a914ee895aaf6e7f64f56a7513d5f4c3fd8c8d559c9644e95115929ffac90f59d922aa8443f302815a0c5c3e09ffafb748fe1ffabfcef37c64e11502a4ad2e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
010a7d4dfedf4b6e9fc8b0fab3fbd70c

SHA1
bb0ab987f9cbc9ea1ee19130e014d1d9d45da2b5

SHA256
bc2b2077e0e0b56c658908d2449f23cbf8b5cbff84d8339ed1631c838168fb87

SHA512
54faac40701d2026d027a500ba2ccde159ad8a0bf8235430f0f64eb0d4dfc77793dbc33c4a2fb1277d9513238906eabeae9ccd95b4e7c509c57f178c9eddbfba

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4a0a05c4c7c34dcd62a220e498d0abc0

SHA1
cd65a4a74e714ab3686609cc00ed0b40d3e35cb5

SHA256
42c46df608522c7349898ff272cb7e1b96d10fb75fd3c75e2e4156fb787ae471

SHA512
6bf29fa6a319052586b8dea165e063c244c908cbcb29081a7d2cbc5ce8a6983e53cd613daa6873fb242a42367416c946cc1a2b424d9514255e97959e7a4b2271

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d0af43fcf80a0adffae324e19dab72c1

SHA1
3e57d8cb390303c70592e5b6d80a12ee097b5170

SHA256
52abbf4981021b249d0ef8bfb36e71dfde5d5dc6157378bd2a6ecdf109809904

SHA512
6007928951817136715f66a5ddc657bc3030036a8494a691f9f05b0cd9ca619c1ac6951cede395f5ad83027dbc4be40627b7033f92435b72225f357425cf4e5b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c91a03f3637d3de23bb1729df63f48a8

SHA1
35956e3ec6f9a90f9df3c2df0a9e41b4669c0250

SHA256
a65a09b37ba88a19b96bcce7cbf4a0dd0277f302cd59ef7c57000a64c18d7694

SHA512
c5206634721b78485b44a67dbabd973c0a914a91f67c7e29f49e5d470c4a5d2d967bf819a8f82f2e3f0df8299b41f9b8abaca910ac5e4f7caef893779345f88d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d90485708cb44e44722fc8722c034904

SHA1
6467f1f205e97fcc8fbd9ffe46b1e7b6fb6e6142

SHA256
d6960aeb059faaa0033259c73283b8f9a17c05cf6c80cab988c4d3ae0ec9bc4b

SHA512
b2772138cadc3d70607b739baa3222de9e5b0a75081c49bce8837c54b545b41aed5cf1c02c9917e9513d0e02a7b0e2ec1a1d443067befa0134fd246aebf5082a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ebbacdfc8dc525c02fe719529df6d3d9

SHA1
ed057c0863f9a6c49c1fd61ccd632b8628a226e6

SHA256
db43c76339b8e58935f442a96ed512633d6192f604c55653af41fac7f9096896

SHA512
c9a34112226e39306a288d4865c92e6f2bd018f5af0577e34ffa00f5c38ba2750321e17679d8fa1037ef3949bca78e71d04bf0953d76a50fd6bb4c424861bd45

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0481331fb989eb62f515b7bfc6528cc0

SHA1
ab162d0a92d268948bf033d947a51934613387f4

SHA256
8173f610eb7a3414d678723c6b67f4c7592c1ee1eb8168b8093f932fcc1f405e

SHA512
333d9635e2b817cf4e6e4e64fce75991e7a88a302d40cec14fa37a0d112fcb0e43be0eda155cf9087b9303c1add11ea36ef09cd4c4bdbe5f8d0c651e9916fa05

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
82ce22d267156ca942b55e521e1fb602

SHA1
64b38ab250cd5cf797e898ae3131569944189ced

SHA256
77976d8c664d088a04417fd2b4ae4d62e6a07f53aa2e67816651f07be0b09bf9

SHA512
d85000ea4f7547ee5bb19dbc6d781b993a9b711bb891fc1655a9319420e524d3e88a67d29319fe048e8b87a990dcf9e2739d4d264ede08aca9d17203620a05db

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
243f8336de2cc6bc86f6290a4c631df5

SHA1
c965538c2ea6933107765ed821908e8da444eb75

SHA256
42dc6d7ee237cfed1c267d97e87b55ca44bd1ef2f556382902e62fd3170b8f57

SHA512
e42f96c71b75b58f05451942c3285457a3213168a84469ad7f68f44dac4d82fd56b145d8e6bbe76f64c22bf24e619e1f92d815bcfffc0643ea1fe212a90ab0f4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b8da9faa1ce47c216140c355f9b0a159

SHA1
abe2af2290487978558d80930eb7b5ff8c183373

SHA256
0fcd42c53fbdacb759c56827e1ea405833282fd4e4ba917e6042f45006a72002

SHA512
08338355954f817d11c10960f566ea56120760b9667941b270c9c34fcdfef7d67a30e9c34d37cc524a90be9f2375310728b45ae55ca344b7503a82d6b6990b48

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8925f949b53e225b6a0ecb361586c16b

SHA1
23c9c6e60c6cfd19e974bb876e7ead75c288256b

SHA256
6095db02aba29f4a7a0b894bd43c3286e43bb6283100c9488fe275c2db5ac180

SHA512
0e70549ab7dd4ea8916e6351b6f941c6d91e010bb4b75a85f358c5754d3965d6ce7810e4727816f06e977719767e2f0c268d4fcf09161d2d3fba4a5c1d68978f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2926396d5a68bd4d153358b19bb3164e

SHA1
c53246b77ac0267a731fd119ddc18e22aaebdef8

SHA256
635999c6ebead3414cc98190c7fb6afc0c7d81e76931be0e5af81142c8de73d7

SHA512
187d818714b8fffc1ca7a1fcc6a88a5b0e171eb99ff31a3fb24df556f81b64a07b649abe3cf9c1021f808c73b33ef51dcc6ed66a1bcba1311a21a62aa554ad22

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
be53662bf2a2e355be2893c25141ef78

SHA1
059813c546b2576fcbf84a26cd9d3c47ace70bbb

SHA256
d00195bbc91e6262ac239f7d03981c338723c6f8ef46bc9a74f34f97a5f2bb94

SHA512
0f6699c176fe1bdebca3d1d5c5e972db0788e31d61db34f8528f3edfb5188e91f96e481c9d7870bc803f968926f98749341cf665537c1de3d62c38bbfc2625c0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c47cee68ba05b613a3f27d0818e7c6b8

SHA1
87d3da0f5f1de82d5f58eac05130f57b11b813c7

SHA256
0f459e126c29bf2b06f570a0bd9987080bc795117208a92ce8fff463c77a4e0b

SHA512
fec64cb1ba0ce6bd82c6378c6e338f02134169a9e89c01a6ddbe1514ad7505483cac481017445f18eebd757209e6a201bec29d820b2095b361b7d09d6790bdce

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f06b3b8afce8e461db5c15c30e98e808

SHA1
98fc1907ad0274cacd7b49f7b003d2e656381532

SHA256
94467dc264c5c395affdaa6c44aeb1120419bed84958561342292e20a5478dec

SHA512
ba53b180b5b2d718591c1628a5fc72108f4f3c153b1dcbf3432d2848d3fbc13a45fef23f2443025f5afbc93df6da68f38af99429ba321dd70dad2041294b36e5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0a0200cf0a71fa716eb63191c7d37e37

SHA1
49e1c72afc89e54a431654843675f1c70a449d1f

SHA256
455e3595ef7476af1514227f03b4b01aebf9f4a050c95b731122386a76d11c2f

SHA512
801254599e9391aced0f1c9b626ea28d5079a90f5721826ce880cfdd5d4fca4ec736aacfcdac582ce34e7ff956134bf6c2ed946ecf279bcf51f6669143bcf04a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2b09a3d3675bcaec080d1c8b677fd291

SHA1
9ed7c59ae242721e230c93c13a61578cb0c756dc

SHA256
008c602324df2ceda9a28e6a4926f5cb85c71a2c5bd9285bc871d114d610d48a

SHA512
ee2f5dbc4706aba71b04d3b9512f774e96cf4d9244d2ad5df5dd9d4ae523dce9dfee11383b79baae5822a81ffe17be92128ed83b628591aa2443e9ef20841a6b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
354848b845cfaf1a4d247425eb7ee2db

SHA1
588fc46d4d5821f003891753597e43fa042d6d50

SHA256
b4a393a313c6e3df8d056201816efd312db1d85e10d84276746f38cc5dec7fe0

SHA512
22a1870b4ef627253ab329224d6c4bc3a3b3c751f236a6485dd316469f3d523186dfe1fb4f6e8421ae2fe8c32b62a9ff5a80fbe03c074c38ebe07c67ebc3e0cd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b405bdad10faf9f1ffd726eb8ad9d105

SHA1
2bb273fe42f6ce6fe6152861879bc898ceda1ebc

SHA256
81ba1d5042176bf7e271a5b53cd207d5b2d960d5a2f61a0d39be3e58564a0d85

SHA512
1cded2d91d8d1e3077c390a60d0f9eeca47b1207060ad1e70074c8fe825c5cb16a1bad9b0bad2e5967b9875896454193132ffce7d84176b80cf5068fdcbea14c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_9487BC0D4381A7CDEB9A8CC43F66D27C

Filesize
408B

MD5
6a5414969eb5bb773b97d9567b325b48

SHA1
da7a88b675576a2a6b12047fc6c6702c73fd6cd1

SHA256
0bf42d5bab525e54fa6ea548684127b7cab160c2fbbdf5f2a6db04c118c39d0d

SHA512
a305d403ef75acab3810c93b61e1c0efdf33e6501c0b6611ce253f2b88c62268722a2434842cd31de852a87475353aea41c0886fab7e46c5bc80f8a4817ece89

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
4ce97bec28f487693e19523430aaf812

SHA1
cd72f7316fefd54c016973f2efe9c3a84cc35e6b

SHA256
8a8b8fac659b4ab622c13152087595efb5ef843daf15cd01a90c3f3087636c82

SHA512
8b7e709f1ad84bd51830834872ac6c7c77601b0c71e306695fc47dc3dcb75df6cc9172f5abed6ee791cd82141639d0eeed047efa4475dd012445cb30813396ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\sxsuh4u\imagestore.dat

Filesize
110KB

MD5
851b75e6770ed48563d0761b4ba368dd

SHA1
d677aa6f2ee067c39d65e73fdcfa40fc1f1aed56

SHA256
47175767ae4e354eba951abb554b7b95dc0916dbeae1159ba1e8374670bb7920

SHA512
8fe46bad0cfa3f4769ad0103583a8a941b7e580ad7ecea158eb20ef6d663c20d95d362ffee0f50f064719da9cadd251ba182d4eab1f6612fb2e26d3e1f29fc9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3NPBB818\js[2].js

Filesize
190KB

MD5
3c4169defff8e7ecd3902171032eac88

SHA1
26f36bc56c54a169a41dfea09fd2fdf62010020d

SHA256
9fc02b40734393e3fcfe5e0d67a2eefb57710e3b2fa8769e140ca141fd533b72

SHA512
95b37c7e222eb8c2bb7553f4193999c3f212629caaeb5a366288e7095dd0bfe86aae5fa9abda2daf9c383bef69b1e59d8d2da958ef046d730e1091362fd7812b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B1014REI\favicon[1].ico

Filesize
109KB

MD5
504432c83a7a355782213f5aa620b13f

SHA1
faba34469d9f116310c066caf098ecf9441147f1

SHA256
df4276e18285a076a1a8060047fbb08e1066db2b9180863ec14a055a0c8e33f1

SHA512
314bb976aea202324fcb2769fdd12711501423170d4c19cd9e45a1d12ccb20e5d288bb19e2d9e8fd876916e799839d0bd51df9955d40a0ca07a2b47c2dbefa9c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar14A1.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\62KFEJKW.txt

Filesize
742B

MD5
5541e8a8b3de48f8a633fbae7c0cee88

SHA1
e22f18b1ab9208ca5bc4b1672561a72abf112657

SHA256
ec13f5b52eb36025ec5f47e684c5c73cc8575c31d1dfbc0b4be77454825be76e

SHA512
134e481760a5e011a7e74e1f3d7a7d5ed20c12a3dfb4197320291227be5bb7cda7f5f40c7d3b7a4d6b8dc8d063fddda7c3deeee296b720794c9b972513d9da28

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads