574c2bb4096fc5dde20f8971d227e6c0e1646505d2665732043b0800ea8a0546

Analysis

max time kernel
149s
max time network
144s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
21-05-2024 03:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

61e90a23a98620f59c10ff878d070964_JaffaCakes118.exe
Size

1.3MB
MD5

61e90a23a98620f59c10ff878d070964
SHA1

7a398850ecdcc2f4963670fa0dfd55a5f60ca206
SHA256

574c2bb4096fc5dde20f8971d227e6c0e1646505d2665732043b0800ea8a0546
SHA512

0fb7cf9fe548731b4bfff5c5429c184b6dc95e3051513e68b58af906b07291ffe81a013325a1099b14b98b13664ffd791a3d01cad066e3bc9c792d59846f44ef
SSDEEP

12288:ciLJ5i7sJXx0douBjhCCAYi8c1i6oaeNSoeDlHsg+2Vasj0eqqde:RspfjxAf8c46oaKeD5l+25j0tqde

Score

7^/10

discovery

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2120	cmd.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 44 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000587104b0d2f7da409208cf3ae9e77a2300000000020000000000106600000001000020000000b1817056ec4e2e031403f765a2e58d26ec3581772c1feae2d99e5334d4fc9d35000000000e80000000020000200000001880a2442e6f2b8cdb82572d1aad8031aef63444a97ae2fb92d1ebb4fcf7358d2000000039c128527348a59642aa6ff879d5768457d6ace627f418150a614b9a6922945b40000000a557697e02a971763ea1262660db0d292355ddf72a66cbbc0f39606b3ebb2e5207fc0b5735d4d22c4c4b02cf1f6bc18ed4a418a3b444806dfea34529a4ee3c05	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\SearchScopes\{B71E4BEE-7819-4888-A049-30B49230FB30}\SuggestionsURL = "https://ie.search.yahoo.com/os?appid=ie8&command={searchTerms}"	61e90a23a98620f59c10ff878d070964_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IntelliForms	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DOMStorage\searchffr.com	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Zoom	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000587104b0d2f7da409208cf3ae9e77a2300000000020000000000106600000001000020000000f19bf94c2652cc4e2a058856f1e3e29063989daea034a2f8a7cc6a989d613774000000000e8000000002000020000000093ddd516dda8cfeadc2f4ac8f5d1e419aff19cee03bcc64e2ed192fcb06521590000000a07f97e9bfb637ef24a5230bb90d4292e6a66a2671a85fb8659a1cc8f387b3a96f52fc25b9ea3bd638db307d25ae5a67783d77c2b6ae4ffc7e351db24522b597963292739c67d0787d4c79a220063b2adc0b670166fe3f832f6948bfca48960d8178ad160cbd12ea351c5d9cd5c45a12b2263c186b0883f5c0a2dfbc7805de2481444e842ab656da8e14fa5a09457c194000000099ec8a5c2a7eb67285151f59435a74a78eb8d3c5db061d0b1de1985f9ba6bec4b5aebd472b37405d5cbee9a9405a008edbabd008b234aa7d35d3faca81358031	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\InternetRegistry	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f063427030abda01	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\SearchScopes\{B71E4BEE-7819-4888-A049-30B49230FB30}	61e90a23a98620f59c10ff878d070964_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\	61e90a23a98620f59c10ff878d070964_JaffaCakes118.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\SearchScopes\{B71E4BEE-7819-4888-A049-30B49230FB30}\URL = "http://search.searchffr.com/s?uid=cf1f351d-69e8-4f8f-85d6-84659825acb2&i_id=recipes__1.30&source=bing-bb8&uc=20180831&ap=appfocus63&query={searchTerms}"	61e90a23a98620f59c10ff878d070964_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DOMStorage	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422424583"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\SearchScopes\{B71E4BEE-7819-4888-A049-30B49230FB30}\DisplayName = "Search"	61e90a23a98620f59c10ff878d070964_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\PageSetup	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{9AB81C11-1723-11EF-B023-6200E4292AD7} = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DOMStorage\searchffr.com\NumberOfSubdomains = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\SearchScopes	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	IEXPLORE.EXE

Modifies Internet Explorer start page 1 TTPs 1 IoCs

stealer

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\Start Page = "http://search.searchffr.com/?uid=cf1f351d-69e8-4f8f-85d6-84659825acb2&i_id=recipes__1.30&source=bing-bb8&uc=20180831&ap=appfocus63"	61e90a23a98620f59c10ff878d070964_JaffaCakes118.exe

Runs ping.exe 1 TTPs 1 IoCs

Remote System Discovery

T1018

pid	Process
1780	PING.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2828	IEXPLORE.EXE

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2828	IEXPLORE.EXE
2828	IEXPLORE.EXE
2584	IEXPLORE.EXE
2584	IEXPLORE.EXE
2584	IEXPLORE.EXE
2584	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 16 IoCs

description	pid	Process	procid_target
PID 1920 wrote to memory of 2828	1920	61e90a23a98620f59c10ff878d070964_JaffaCakes118.exe	28
PID 1920 wrote to memory of 2828	1920	61e90a23a98620f59c10ff878d070964_JaffaCakes118.exe	28
PID 1920 wrote to memory of 2828	1920	61e90a23a98620f59c10ff878d070964_JaffaCakes118.exe	28
PID 1920 wrote to memory of 2828	1920	61e90a23a98620f59c10ff878d070964_JaffaCakes118.exe	28
PID 2828 wrote to memory of 2584	2828	IEXPLORE.EXE	29
PID 2828 wrote to memory of 2584	2828	IEXPLORE.EXE	29
PID 2828 wrote to memory of 2584	2828	IEXPLORE.EXE	29
PID 2828 wrote to memory of 2584	2828	IEXPLORE.EXE	29
PID 1920 wrote to memory of 2120	1920	61e90a23a98620f59c10ff878d070964_JaffaCakes118.exe	31
PID 1920 wrote to memory of 2120	1920	61e90a23a98620f59c10ff878d070964_JaffaCakes118.exe	31
PID 1920 wrote to memory of 2120	1920	61e90a23a98620f59c10ff878d070964_JaffaCakes118.exe	31
PID 1920 wrote to memory of 2120	1920	61e90a23a98620f59c10ff878d070964_JaffaCakes118.exe	31
PID 2120 wrote to memory of 1780	2120	cmd.exe	33
PID 2120 wrote to memory of 1780	2120	cmd.exe	33
PID 2120 wrote to memory of 1780	2120	cmd.exe	33
PID 2120 wrote to memory of 1780	2120	cmd.exe	33

C:\Users\Admin\AppData\Local\Temp\61e90a23a98620f59c10ff878d070964_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\61e90a23a98620f59c10ff878d070964_JaffaCakes118.exe"
1⤵
- Modifies Internet Explorer settings
- Modifies Internet Explorer start page
- Suspicious use of WriteProcessMemory
PID:1920
- C:\Program Files\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://search.searchffr.com/?uid=cf1f351d-69e8-4f8f-85d6-84659825acb2&i_id=recipes__1.30&source=bing-bb8&uc=20180831&ap=appfocus63
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2828
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2828 CREDAT:275457 /prefetch:2
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:2584
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\system32\cmd.exe" /c FOR /L %V IN (1,1,10) DO del /F "C:\Users\Admin\AppData\Local\Temp\61e90a23a98620f59c10ff878d070964_JaffaCakes118.exe" >> NUL & PING 1.1.1.1 -n 1 -w 1000 > NUL & IF NOT EXIST "C:\Users\Admin\AppData\Local\Temp\61e90a23a98620f59c10ff878d070964_JaffaCakes118.exe" EXIT
  2⤵
  - Deletes itself
  - Suspicious use of WriteProcessMemory
  PID:2120
- - C:\Windows\SysWOW64\PING.EXE
    PING 1.1.1.1 -n 1 -w 1000
    3⤵
    - Runs ping.exe
    PID:1780

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

Remote System Discovery

T1018

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

Filesize
1KB

MD5
55540a230bdab55187a841cfe1aa1545

SHA1
363e4734f757bdeb89868efe94907774a327695e

SHA256
d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

SHA512
c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

Filesize
230B

MD5
01a3df8e18671fd00df77c26739a7d78

SHA1
3f7f550c370ef56ae713ee07ebe4876d19551645

SHA256
ca8b3124a19f57287cab83cf0dcd676b9c3e9369cea3e7ea59f8e838c153cd14

SHA512
67af7921d645e899646aed9296584a6e0427c9225dec1d9659420cf3df8b8e659fe1cdaf3d202e8b7d1eb42cbbb4d3633fc93c9014c5a74fba8d902a66681a0e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
80e646f52eb84e47f436d563ba9686a5

SHA1
dea2a3f546c449d176cb99137a9c0bd555615f96

SHA256
18e361d37e62d4b6c154a2a14d227c157745ffc6353c815b1a5773c4a90c86e7

SHA512
00502c742c6f340d5049a17376dbe6af66a8409890d06dcb90491b77ad9e36cf0aa4e23816decac12d36bbaceaa9b5df432d706f8de05da9ab11299b0f405cb9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
43fc5433aaca1b96ff2da0ee07ac3208

SHA1
b2fe8178187fc50ba756ef97606b77d15f303242

SHA256
0b778a29e1cef7198f4a78f8df17ed09d7026ea80d848f8343c3ca18a9da00d4

SHA512
b59d142d98df3cb2a4e031490e39cf124c967ea8c0b5e40f5afc179fc9dad352fecd748ed1b2e4dba38eaf7a40b37884a2257a574f6e1e3f63987ac15d64f38e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
07748e004e47f6f0c5788e1a519f15ad

SHA1
521cb19937bf56678238b9ccd70a9591504c722e

SHA256
fc625063dcec74b2a9cce8bcf31e314c1588ee082d1c9288899142021ae7e67e

SHA512
3a847109b8a9a915ebf34975fee8367612128ece9d342a409daa8db756dfe3e132af2f8cc218d69efe0f26bdd8f2c1247172e00bfab9e225b631c739eb7967fe

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ee776eb9229f3f4340921c6959e7a4aa

SHA1
6bd5cb298f15db2f7b822f602ccb8e2fe5814145

SHA256
3b0a0a63b5cd701e12f08e0ec648a25cfed53d6c130d6e2ef52863c0d98f6dc7

SHA512
e4582ec40306394581f882fdc4377def12de899ee99f7bac54bf4004070e469a0b7426eed764d9c8bfa03a548c5deee2cf4533263c46ec44411f48beca3bc45d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cf510d74868966b526a47c29076d120e

SHA1
4137ae1c6e88051e20ccf50f6a88f1e44720b219

SHA256
5d295cf0113a144209868ce27b810c7797127a2e105266a66d42f46cc04f7bee

SHA512
38d075b2d9739d0cfcdd355f6e54a60d0d4da688caaeef7b96bcc5833b01ede85ad6442d626fb4eb9851fe0454aa993a085b3b8a02aa3518e5e6489221e55acc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d2d84271f29e204c2b988fbafa186556

SHA1
2f26761efe260bb4384c2f9a31c44ab27f2d6b10

SHA256
886591de534abd6a5df086b429f118babf6a152c91da932b0158174219ed6c00

SHA512
b7e1cfe2712d86bfd6cff73ef0421488f1402070150cfc49ea2b0c86074e3f27af7a3dcd2f14ebfd74ab408f68fae44ce8a6156a118e0693f395251ad131bcf1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
97df6b09d11c753ee1e81cee8257f634

SHA1
41e1c0bf5a8c697299941ebd427e27859fdc0e8b

SHA256
174120819b7015b8c0c4642a8917b4abf9a73f98e5180912fa4e7e7875a87f2c

SHA512
b48aa7099ddf427a9ee81e8d9804a9a67386b4119de917be7a4c54a140b89c90be4f79dbc69448ea1ca42c9b9ffa4be1e5120338190980b9a1f818fe98ccc9f2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
05b775efa1d637ab34c5afa1b9465bcd

SHA1
ee73784c8f4c500115c33a58dc296a9acc5f4d13

SHA256
853976e2ab4a599b2a3f1b7bc5cc95b52e9cb7a4350d14fff4e16fde7a141139

SHA512
588330faf0517da4c3a62bb7921856563b981cb3b1d489a66b690f5eeae5a5ccf4eb2ce06b1facf91715b07d1ad2932fc66aace811d1b1ace86ca2506f429b88

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
09b385277c07fdcaccc23c54d91b8dc6

SHA1
eadf669bf6ff547d1af18392bafd9b538cc53d7d

SHA256
d47cc3cad10db58f82c32b704c8441379f7a09ac9a069c18990c4606c62bed4e

SHA512
2e149d5047755542528d26a441d98a4e2ea887e7ae015e28f78dbfcc196fdb44bbe59c59a6f48c611e9093ba589d08103d33cf0c058f8482da226fc9ffd68c94

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
800cd93e35048e6a11e3cfb37429f866

SHA1
a0d68d85e309ad0110dcbfe52d84a4dd35c13a3b

SHA256
d96f5482c4c581a508378ab0d131d625da0e28feb9f20ca69606ca4342ebad17

SHA512
ef7f63c6b78aae515f2f0ad020f0a3db62fc1b5a774f9ed4f287e4affc3341826e252f23ec33c7ff814dd3a2c49078ba74d4c5373c66d2e4fa9bee07f5f5ae7a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fdfdfbaeb10145e4ab34d8f16131427d

SHA1
2bdd9b96c1fbc4c758ac2e56ca9b74d4b3ddb023

SHA256
b4f986e53b805b6ecfd50c5ea7f5b9f428f20db61dffd1d456847df449604889

SHA512
bde885a99fad0672a4659f79ec89135ca143dacd033cdeddd8d73a963c99c1bc8eaf2ee4f84722e4b5d093d0c76550ca44505fcd8d5934b20bb4d7dbaf56da15

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9429e15b15d9a675dbea193cf1869d31

SHA1
c6b1a3edcf68877b11b0bc90bf948fdd6d0344c9

SHA256
4bc42773ad21b8a3a312d6117f2084a320ec604c4b38dba6ba823998b387b66d

SHA512
57afa7ccbcbbf4f35d2d7d7effb2f35ce101c36c8809da4e290f64c1007cd847c02a74f4c143b030e00ea7e92eb246ab46b67b39295688f9d67118f0d642a2d4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c5e9a513e662a8f83f08ff22cc2b785a

SHA1
42d2061601410202e7f9612e7bd6e2b8a85b45ef

SHA256
21e8cc0703ac1d31d4b129f76860c3e91e9bd385d0f370b548a2a34176d5edee

SHA512
1df4a72e28ae232e925030dda703c1c97e99965385859d93d0e7d62137a87c24c5b1f9417ee4df1a6f6b6d45d30f58fc61c01d21b3cb6ff5103a86d420a43c50

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c849fad818d4cef7f044b5a4dab67a68

SHA1
b2556f7633e8ff701f20807607019b16977446be

SHA256
ad451613b7bcdc832b309c3ed4de7e732e62dfc03b52b2842d5d0fe5b5756d19

SHA512
06bf1bc0e1997a8852a558639931d05ea9acb87d5b9b1d018b7773feee0870759b2cfe9b89d3bfe43dc08e24a644d2f1fd0eb29b4caf2a78586815961aacf137

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
61e82ae8b4d24525235452c3b2081956

SHA1
4217dfab50579f2253b61c3c5e0439ae3e8d53de

SHA256
903c741190744ba22aa5c5cacdd68759f5232af1c20e833c1fe643b65331d3a5

SHA512
1f6e082b9326fce599183d73ca85741ab31ac63a25796b838629e812ebefac1daeaac798ffdea88f05c73ca643c17a8c79b3c94e1412143a0bd5cd450561cff3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
28ac3fdef2d54fe3c8c65b529e67ede6

SHA1
edb2cca9cd5b07f67e35cc934bcc840da4506270

SHA256
0f08d12862adfd57d0adb17a4155c29d554abf8a511d6b70f7b51a3698a80013

SHA512
19c6e8f3492a54d19dcf3f96766e5f3c1544f16c63ec464c7b7f78796ebeea8056aedc50b6f9d2dac49e8efd1bb5c85317b4a568cb14d5ee9265037ef8bcc5fd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d87ff11be1b97d68de52a50ebef34f69

SHA1
6e7fe37dc56ee0b9610d30194ba47ee8ab174b34

SHA256
24c0c369d8865922421d712003038719b2f9c2f3f00f1bc4fc28f69fee5641ac

SHA512
8abaf80be25040d7ba3f134f12f2097069fd9e635943cfdfe6baee970d5cf7df0a1eadc08b2adb1024767f81839e93dadd07eef39c2a3fdaed90e43bd2a559d3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
448f6d2c93aae3983f6b111751482469

SHA1
d815c056e1c6ce3309a74f1a3bc366bd3be2d6cd

SHA256
4fcc60c73ee4366cd31b6be98964152a310e93f51160650c228986b290a9d94e

SHA512
f6453fd4b71515255e07e8b013a446b85da498c2e3160bf7e3cd2bc446a1dcfb5e59a8bbd9959762cd467b0cdfd0e7a019fd2bcc286edb5a8efeaef0364b89bb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
842defb6672014fee7b3f59e4f6a600a

SHA1
160acc0adbaa0d0cd2f189a88675d20baafd705c

SHA256
bfc8711fef435b481ed5fbc53e5f721e243eb407bbac004ddffa3860fb82499a

SHA512
f76a39d7294fd2ceda2680de82f777d439af91eaf671bb19ad45240db8d8d2bee077b72f70e5279617ecb8376a1181a0144a77f70835b4c1662de204407203c5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0024cbc20397b9cbe552a5b70f495733

SHA1
50a1482860d2c75e92b3ca327cf4867393f4e55b

SHA256
97b8b9ab7a5d9f0e00a869c12c3f44574d33bb5fcfe16b521e13c31c38a84ebc

SHA512
5d3f251d2b67872817ec39f8427576f1c94a0e02dbf7aef413bb11479d2a7a56b70561a941cce2917be227ea52c3488e1c8ff5e93d48e0c7980b2e033304d991

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
49a9a5c56e2698b9de22ef85a907610d

SHA1
653b1523bd945aeb8404fb5e86c0d3bcfd1144e6

SHA256
3705e2d7d86745c414c8597d2b2417333857afecb290308d9fba4478f2aa82c9

SHA512
ec6ea1a6303fc6190152cd32744fb71554bf01bc3233dfe3c0a0c18714c2bbdce986f873645a5235be3f62e2d1e4caaa68a15f75896de81b7934018483860d69

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
00bd32580c7008e551a11e4e2364eb9a

SHA1
90cb0eefbb5b0dedb4f383376b79f1c7275c4102

SHA256
7f9de64d945e19546824f8b96407d08dd167ffcd972794af1c2a64fd287ab035

SHA512
bba2135c548a20fb4aa15ce25c386cc91ecfed82807a31e109fda44371c829c4f0f297695e03eed1882ed9860be3fa8c35b84b51cfff1b7dc4914335ca469e81

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5cccaec34717536842dd3c31f135e67a

SHA1
906ddd78c1510da839fccc8dbd52116f52ea8632

SHA256
9746f2e87cdb4e9c8eb90760994f6a777e33a1fb94f874d058f89e5adcf61045

SHA512
589e025e1356e756e14aee46ba348dd089375d2ec82b9d47abc8a7e4a0dd0e01d9ae168cb9319a3e7335172f14f11d050fcd7ed8e618ac66eaa5b218d53da22d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f471d8342a00d61229dd51e926cd320c

SHA1
d58a967712ca7defdeef54c3afc718843aee4bc6

SHA256
88934818ced485d49e9a50d4bf45a084e34c736ab5a1ac1c623985b59f8ed162

SHA512
98994050a16efe0dac3eee7951c55e1ef0b0fcb2ca4127361fda69c3619757c44ff99d23745d550b708336c1903fcda3eb9a329ce9cd878f1b46a2b5718adabb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9cfe9aaebf37e29ec962547924c2471f

SHA1
7bc77418a437c7f85d58bd7c2f7e6e9b87966ed0

SHA256
57200be451bd88c5fc4075f287aca2582558f9f6f70a2c3b3fa9860a9a2ff9e9

SHA512
71d603954caf5ee9f9cd7e3e826b2c0f8cad8923a51ff6d98a26fbff212e018e6752cff6393116a4bc676ed6de6ec04057031257aaa13cc5924cb46e455ded66

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d3cf831538ee5fa3fbfc0f950c350294

SHA1
14a44f0996ed5959f731ac290b57600e314810fd

SHA256
8be7d4dd1c80333067f78fa947a4961627c4bf42323e6a2a767804de1cd9d705

SHA512
717c2e0e3c37cb3f101fdd73000dcdf3b0e8e5be696899cba7d7e97a878887b5b944974c422dd443c757f1959f2595a2e1608e12851d6b747677668cb06de1fb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c58e99596fc540b3312358072e1f1860

SHA1
3dad1a41664cac87c2c9e18c279e7c7fb5be8604

SHA256
e0696c09ed6c62466f576a0232dc9d19e100b9d11e59d835e25e2eff2f83fefb

SHA512
8c54b04f03c74709dfad403299519f4553357fb981b6726792f5f91934374085761a3452d2a273b8657ba84c334ddf9816900717805a36dc787b8edb06c9597b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
525b956e5627b4325343bb0429a2072b

SHA1
c8a91cfe56cd04bdbcfc7380abb1efe26b11e918

SHA256
fa17cbc00abdeb017cb742ebc998b744110e35aad318aef72473236fa47f8e9a

SHA512
2a9e65b741a9d168ada4385b5972583d1b8a79e9f19dd24d6c700871bb2e619214e033c6e17fd8f538826a483aabb60a847fe79d2c2141e78b3c65b8bc618bec

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2a46ea1346d7e9cde50aacd2f125cc33

SHA1
b86b44815fc9d5757ce308c500ea976fa94955b8

SHA256
f0b27d8e130a1fbe96b5fdea37957351ae25639b18e43f4c9b8784f5306f4ad6

SHA512
d91395f69189fd3556e78612125161af4b58fbe963fe30bc6e11c367a90b782bb9ea8ce556d60de478b50cfd7a39e6cf7dd649678509a49174d02250b1bd114a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
313b79fca7f68ece1579ecd339d5c5bf

SHA1
59c12f2b668e1585145f0de7f2b71dc58a347109

SHA256
134a887d10b5b7e18d4b9b81d16d52dfd993bc984614f0d897490092832e41f2

SHA512
b702f03c926cbdc52c012917dab2a6242aa505135f8d481656626a92b94a462e8c6b0e09ba9e41166d1b9736c3f8b33bb734619431a9a516946da906334c1054

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
246f757b5158956e84d2008303458790

SHA1
4c11b589fba52afae6dc0685fbb45dda591ae0cd

SHA256
f7323450a88c2ad424dab79d960b0d544d590f84d076a14d9ddfb52d5728e538

SHA512
3ade82517e8eb480eae40925b7df7c04f9aecc3975c4b4041372f1345580f864b30de890ef34042074396c4be454209567054d1dfc52fef4c2c5c332bda09ee6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a3dbe7ea4c40044700ad7df649bb6100

SHA1
305f050db0ca1b64ff0411018d49264be3f119db

SHA256
f11ae3da2f9241879760498d4bdc05daac67376956d116bdbbe0a88f5d369f9b

SHA512
8e48c9e31fb2f16fcfaef16e5fba6a6e3d16fdd4f38c0e7acad3a27274e31212f4f0814dccf173b5394eb84083233a6dcc7c84c5d151b8f1e9c657ab218c180a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8b7e9a68efe706f0c30eef85b51cb5e8

SHA1
c5862f7a0fc7686da1431418ab7af4d9c51a9147

SHA256
43bbfc39da8006989f4fa58b77f7a29c2ca89cdbba9177cfd87623c84f69c016

SHA512
79fe88479b044a559a5af720355d01ad873485ff15cbe78f0c166d5c6b70ae6355586047990392e0684664e7d0ab28eb37d21ccc5d292973b4f9dbeaca58dca4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b2593d1696b46842e31faa104c143c35

SHA1
13e4b408eefff706549d89d0b615043dfc8506a8

SHA256
431cf079ac3fec849bbc396915e2cf611ca8bf965bb70bff4cf8dc6cd571fc44

SHA512
b9f5b6b2b7e5ed44363c2daa6b453a674c349b88799b422477bdf77559c1b552857706cb550f53001af5786d1f3c8355802424df3c81b1cbecaef5c8a67680e2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
818d717a03437f579a6964de951a68fb

SHA1
883c6ab52da05c5513599636fbf1d02b4fd79691

SHA256
866b41a858bdbb27771b149987cfbc6519033d57de7769511df255980c9b8329

SHA512
59980089b612c1c317866bb64efcb9f2153d1b2cade92af20188c1337e631e9f7f9b100c97d6c0632ff390c920f65a9a986ea7d1b12208fb6f5513eb36695348

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894

Filesize
432B

MD5
731d101f6cc02bec712f28d5ad22acf0

SHA1
53f9969e6cd97b62e07cd4bd5ce7fb4da1c083f5

SHA256
4dd7d1d4737ef18efb4800ace28d38aba7316453cb93a219678d36cb6a62be9b

SHA512
51d05b9f1343dd536d4f03babd6c4f7c338c813aec37ab7d2ec5f3c89c103086f392794592298966775a40260864c8d7d76d71c0e9d978a9e6a95fb1ad5bc65a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F07644E38ED7C9F37D11EEC6D4335E02_C23811B47FBB3622EDD1969B2F2E15B9

Filesize
402B

MD5
1c58cb728e9c7591e029ea6483843741

SHA1
76489565eb2299e1ade787f734dd841341489789

SHA256
8327f82cc2c3e9adf02e07da1dea6bcb40df6dda66cf49e26b35e8d762a82f83

SHA512
86006b5cbd7904a0e56f86786b480ad1edf95044137dfe5872199f3c0b1c012a21291c0e26731020302488e7c48743baeb0839ade0318e69b354affbb3c11b05

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\6y0a2v0\imagestore.dat

Filesize
110KB

MD5
05872dbaf1fa7755272d4db2cead3df8

SHA1
ae2a299930d5770a1c42294cf794617ef791a1f2

SHA256
9114710a515f59afec3919837b4391b6baa5dbe3f9f46638a50b56e08f3319f1

SHA512
25e2fbfd9b472a44360d7f95c9cae7575b94c037e2e2a1901c18d6e42ee57ca77d16aa1c9d4b948355c3cea152afb6cb9bb804f1d0da5bf03cec05e57909d727

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2XHJXO3H\favicon[1].ico

Filesize
109KB

MD5
504432c83a7a355782213f5aa620b13f

SHA1
faba34469d9f116310c066caf098ecf9441147f1

SHA256
df4276e18285a076a1a8060047fbb08e1066db2b9180863ec14a055a0c8e33f1

SHA512
314bb976aea202324fcb2769fdd12711501423170d4c19cd9e45a1d12ccb20e5d288bb19e2d9e8fd876916e799839d0bd51df9955d40a0ca07a2b47c2dbefa9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NVDR4C1U\js[1].js

Filesize
191KB

MD5
3db280cbd018dceedbd5d0800cf8bd33

SHA1
90d58f52ad9183990a1314cdc7bf3ab3b2f2a1d8

SHA256
d1d5bfd9f464818f7f7f199be96d267a3869c76754ccc6126000cbb730ddc325

SHA512
f850398d7720e5d04e1913d9f54f0c83f1f9ae5093619fa822f0e67c276584bec402342085f22856affe6d76f5fdc25bb33eaf76b3a07b47458f4ae65fe2777e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab1622.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar1644.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads