6b0f76c2e89c5ce7750b7f06ce1fed5e1eea5f723aaaa9068fbd5ab0d146f7fe

Analysis

max time kernel
149s
max time network
145s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
21/05/2024, 12:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

63428b3f59dfb0b2fc560515a3f54b5c_JaffaCakes118.exe
Size

1.1MB
MD5

63428b3f59dfb0b2fc560515a3f54b5c
SHA1

9a871d5c297a8159a0f60009df0543ba86b0387a
SHA256

6b0f76c2e89c5ce7750b7f06ce1fed5e1eea5f723aaaa9068fbd5ab0d146f7fe
SHA512

97ab74c419b1e0fc19be0cbb0b2e4f29c6822c6ef35ce074eb0586b3ee0a11029564dc219733739c9a6b5f0d30ed9d33040c0c517d5a2e1826b5e652675fc300
SSDEEP

12288:XsM+aTA3c+FK1vrlVYBVignBtZnfVq4cz1i5pP9kPQi:8V4W8hqBYgnBLfVqx1Wjkv

Score

7^/10

discovery

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
1012	cmd.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 44 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{F3B343B1-176B-11EF-8AAC-6EAD7206CC74} = "0"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000071c834f68b8ed044a0afda50fbc58a7000000000020000000000106600000001000020000000efd1184e6f316199ced408b91d3301de9ac61c0b3696bf8d367d1422be5896ad000000000e80000000020000200000004c5d97dbd2edcd7a01716501da21fe29cc4d5c972e602ee58e13972a3f15a2909000000043dcf6521ceefa8d4f0bc934f02261c3e863f134184cca6797135f8030b4e8269280f5e54f36474f92cbdc31259dd7b66970ea51cf2b457ae08f9e883385e698637e6a5093355ffcc98d2e4b38829a8a8f0d265591e7d99b1d4ea3547fe02d65b31f000f3d2d45392da3f1dabcd177ccd851e2fd5d8a9bb090ab438ee521f1a7ebfe4e3d8785385564cb57f0bbdedb8440000000a444ff274f91478f6818c1774c8c38df51d790b4e7f8360651ed945ccb677a99f6d51bb5a028c78e8cddb80fc68e4b7281ca717fd95b293c9ca315074f5b25a5	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes\{DF2777D9-7E90-46FB-8BBC-8C99AB8621E2}	63428b3f59dfb0b2fc560515a3f54b5c_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DOMStorage	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000071c834f68b8ed044a0afda50fbc58a7000000000020000000000106600000001000020000000abb97de4a01fc5c9fd0c5b3c22e0deebfded78b523a6ded6eb744b81c77de1e6000000000e800000000200002000000081154faf3412c818fbdf8211c0b67c87919d5b5a00c956f6f13cdb2970ffa0052000000004991e8dad01290eef135bfab75acc3d03116831325f258a771f792dd3f7bf39400000001f8757de54a7e5f3fe11822794e119663970213073b4848fec5e9ae181bc4ea768ffdeda2eae886c77a7992b20b706cd7c92384674131375870f0598b2467473	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IntelliForms	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\InternetRegistry	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\PageSetup	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\	63428b3f59dfb0b2fc560515a3f54b5c_JaffaCakes118.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes\{DF2777D9-7E90-46FB-8BBC-8C99AB8621E2}\URL = "http://search.searchvfr.com/s?source=bing&uid=0372dfc9-a96d-4a81-8e86-c7fb8bf20c2b&uc=20180115&ap=appfocus63&i_id=recipes__1.30&query={searchTerms}"	63428b3f59dfb0b2fc560515a3f54b5c_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes\{DF2777D9-7E90-46FB-8BBC-8C99AB8621E2}\DisplayName = "Search"	63428b3f59dfb0b2fc560515a3f54b5c_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DOMStorage\searchvfr.com\NumberOfSubdomains = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422455656"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DOMStorage\searchvfr.com	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 002370cb78abda01	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes\{DF2777D9-7E90-46FB-8BBC-8C99AB8621E2}\SuggestionsURL = "https://ie.search.yahoo.com/os?appid=ie8&command={searchTerms}"	63428b3f59dfb0b2fc560515a3f54b5c_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Zoom	IEXPLORE.EXE

Modifies Internet Explorer start page 1 TTPs 1 IoCs

stealer

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\Start Page = "http://search.searchvfr.com/?source=bing&uid=0372dfc9-a96d-4a81-8e86-c7fb8bf20c2b&uc=20180115&ap=appfocus63&i_id=recipes__1.30"	63428b3f59dfb0b2fc560515a3f54b5c_JaffaCakes118.exe

Runs ping.exe 1 TTPs 1 IoCs

Remote System Discovery

T1018

pid	Process
1868	PING.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2412	IEXPLORE.EXE

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2412	IEXPLORE.EXE
2412	IEXPLORE.EXE
2564	IEXPLORE.EXE
2564	IEXPLORE.EXE
2564	IEXPLORE.EXE
2564	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 16 IoCs

description	pid	Process	procid_target
PID 2848 wrote to memory of 2412	2848	63428b3f59dfb0b2fc560515a3f54b5c_JaffaCakes118.exe	28
PID 2848 wrote to memory of 2412	2848	63428b3f59dfb0b2fc560515a3f54b5c_JaffaCakes118.exe	28
PID 2848 wrote to memory of 2412	2848	63428b3f59dfb0b2fc560515a3f54b5c_JaffaCakes118.exe	28
PID 2848 wrote to memory of 2412	2848	63428b3f59dfb0b2fc560515a3f54b5c_JaffaCakes118.exe	28
PID 2412 wrote to memory of 2564	2412	IEXPLORE.EXE	29
PID 2412 wrote to memory of 2564	2412	IEXPLORE.EXE	29
PID 2412 wrote to memory of 2564	2412	IEXPLORE.EXE	29
PID 2412 wrote to memory of 2564	2412	IEXPLORE.EXE	29
PID 2848 wrote to memory of 1012	2848	63428b3f59dfb0b2fc560515a3f54b5c_JaffaCakes118.exe	31
PID 2848 wrote to memory of 1012	2848	63428b3f59dfb0b2fc560515a3f54b5c_JaffaCakes118.exe	31
PID 2848 wrote to memory of 1012	2848	63428b3f59dfb0b2fc560515a3f54b5c_JaffaCakes118.exe	31
PID 2848 wrote to memory of 1012	2848	63428b3f59dfb0b2fc560515a3f54b5c_JaffaCakes118.exe	31
PID 1012 wrote to memory of 1868	1012	cmd.exe	33
PID 1012 wrote to memory of 1868	1012	cmd.exe	33
PID 1012 wrote to memory of 1868	1012	cmd.exe	33
PID 1012 wrote to memory of 1868	1012	cmd.exe	33

C:\Users\Admin\AppData\Local\Temp\63428b3f59dfb0b2fc560515a3f54b5c_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\63428b3f59dfb0b2fc560515a3f54b5c_JaffaCakes118.exe"
1⤵
- Modifies Internet Explorer settings
- Modifies Internet Explorer start page
- Suspicious use of WriteProcessMemory
PID:2848
- C:\Program Files\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://search.searchvfr.com/?source=bing&uid=0372dfc9-a96d-4a81-8e86-c7fb8bf20c2b&uc=20180115&ap=appfocus63&i_id=recipes__1.30
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2412
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2412 CREDAT:275457 /prefetch:2
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:2564
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\system32\cmd.exe" /c FOR /L %V IN (1,1,10) DO del /F "C:\Users\Admin\AppData\Local\Temp\63428b3f59dfb0b2fc560515a3f54b5c_JaffaCakes118.exe" >> NUL & PING 1.1.1.1 -n 1 -w 1000 > NUL & IF NOT EXIST "C:\Users\Admin\AppData\Local\Temp\63428b3f59dfb0b2fc560515a3f54b5c_JaffaCakes118.exe" EXIT
  2⤵
  - Deletes itself
  - Suspicious use of WriteProcessMemory
  PID:1012
- - C:\Windows\SysWOW64\PING.EXE
    PING 1.1.1.1 -n 1 -w 1000
    3⤵
    - Runs ping.exe
    PID:1868

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

Remote System Discovery

T1018

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_9487BC0D4381A7CDEB9A8CC43F66D27C

Filesize
471B

MD5
89fdbc5347a34d607fda7c7060aaed9b

SHA1
9a3efc1b60c9a4bebb6db6d6c8d036c2680c2dd6

SHA256
fa9b916ad440e1597901737035ce8604049e43c3911d3769b88520633313d059

SHA512
762232b3660f1058067aaff4004fb4ced1e8e2399f3743046f2e0ec45ffbeb126003914988fc86b3a4d5ecbcdb2a19ee93176c44f1872ab67ac9c66471be5662

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
ed0bf2a61ea328ece4ab8f0f5955639f

SHA1
33cd7f617cf58e0ab76e64d9d5417df739d9de14

SHA256
6d0cf025ee61ecb75457fdcabc4d7212c6a6ccab5c74ebd0c91e502757f6e737

SHA512
eab3774c46a71f5885cae6a02b0bd65fb736ab7466a2ff854dfb560ca357037aa700b76168094c160a99b39a327ad90ecd16a78cc442e5421f75bf5818b224a2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
71a97303c50d4c4819296b6d57d517cf

SHA1
b6fce63079c1f3292f0b12ac0e7a110a8559b89a

SHA256
a73c9583aa2168c8c1d5d7f9e4d2221572f32768f56ff6e3f6faed65366a5b5d

SHA512
ff0c3a63dbe4e8f0732ad482d6faf65a3ed487c426b1ec09c0c4dda67c80761896259a8e7521854cfae0d186a976439fe5537ed801e0784e2534b3bc4dfed5a6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
68d503109af3a501db25415ef94afaad

SHA1
a0504a081f090c43865926e3c63fa7779e5602a7

SHA256
f0829f6ada39d570d4fa272c25f0d3cd6fb0bda29cd6f7bc1a7ad3437b2c135f

SHA512
145d0c30fc29828583029899bda79cee8a819b913a0518cccfb230b9c998cbcc25fa0aca1b66881f8dabe04f13ac6250127b06d80e9bc4b1798c94446bdbb1e2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f91f15efdabb02c47ba71f6c85b4a71e

SHA1
136ac86b4fa71ea42b4896cc458fd0ac8d90289c

SHA256
d9948db90931fd2032b6b72ec20deb92cff81005d40a8abd199bd588712314df

SHA512
99ae0dc6c7f220c2f6a81ee036ffbbdf9a72b725610b107c47ef3342b774634af79a43d7b5c2af558a2f7a2ca28c3ce5503270acd703d7605a72ea10bc43bf0b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
944e2eaeae2b55c496e189a2f193703f

SHA1
fb514de9e33ef493c1cfcbb83832b41f13c45731

SHA256
31a9961d778f2b4fa53968ccc6c82816d775891cad641d7bb50cc33a9ff34a02

SHA512
3a82592415658ab841eac7581d273340185b7bcf46069b151db2c40ef780e41e1c340a95a054622ed9da61d3eede7723867eb46d76c3453023a40570dc11327b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fc4d42d464a0c4eb2127620dada65f8f

SHA1
4f33bb6a4c12ba7d9ae37f4715674d3222619dc0

SHA256
5271ebe890bfad6ae8d89bae914d60c8cd8069884150acae721529276063d50f

SHA512
9a4f0540dc31026c165ca1615e5db5ef8c9bbb200dd5215a3f117be1c4b450424770076e93afbdd7238848497355e7b817049ebf78f11495ef3fa91609c31215

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bc0b6bb61e1e7ca14ad6298bb9d8e864

SHA1
563846e2dc5401fad3c1c0ee7789cfd7d48ed6d1

SHA256
cb30f2b7ff99e355e88c2ee30e3082e79a16fd64db8304e1ae1da2c950c0813c

SHA512
3bc6f616fd6be51db249bec3e0e58aadbd2e611be84822433a7778d1d1b9d2afada6a9e6ae885896e7ca4b1620d3f3488ae597e4cbbea78349aacd7cddeeb9d1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7dd9adc480456c9f9347345ab10126d7

SHA1
1014d7f24b6ab10f70445b43148ea1f6dd831d9a

SHA256
9511c3315c64c2f786d910fc9dd84435ea25bf68c3884a84023201d81a0abba3

SHA512
7a5f763c09280fc1768fa329030d2a3b0952dcb7057b4666577bd4a511cecada0629c4066b365e1c540835fa391ab11ef332af6647969a807da6dcfe5e70d011

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
41a9a95d20424f28bad089f019cb92c6

SHA1
cee52578949da69554096c1fc34f82c622d8682f

SHA256
8fcc0b823bce2ca14a7613fd8987a9f4789a3df28bdab3f607b17f5e21995a13

SHA512
f83d31b01caa98d4df39ac94369866bc1bae6644182d43e9c3b137b33ab6f845d18cb3bae1aa9a3103ce931558c7c16def8a6a8f1ab4b5dc9a50a81cde38da00

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
41632992813cfcb294f603bdef274558

SHA1
921c4aa61e28bb308d7cfedbae615c0673486bfb

SHA256
9363aaca5c2b7f0cecec9ca5cbdedab3ce61155d68529b046c3ee7a400d6b192

SHA512
d22b9d6aa995a59ce84fef7b7c5bc1fe7b0bc19dca7ebe5418984225549de5da920e15ed4ffc7b7a6b3289150cf8b2f9add1dc48af03644515c017961e42bb5a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c218040074241f0cb4d3d3a916012639

SHA1
7898305a2abf5c6429cc1b558b877a2cc5dd680d

SHA256
6df54c91702e6c4210fc013b8c6d8f5ec79c10dbd2e5fc42630000a0bad9ed34

SHA512
53abf490151e82132f711d465b2b0fb1d6ab563e484f6aa700e6e496bd6a3800b24dae0992a31d15b8b82d7a86ebc212a220448f30b25dd1de2dcf1044ef9650

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3ce76d5f56a27cb24144d506f2b83983

SHA1
335f85cb351fc828ddf7e339cc4cfcae65326291

SHA256
f3a9d2a7de72c4149046ce92fc67097d2ea71ce39333b67b797a27bf02a6b392

SHA512
6543a266265a1b303e8402af4f9464ab9a7ddc7038f9aa56030bdf4c39f86539c54442bc438c301bcab0791294b019aa28a7a3a902ae1ce4c95f1d09051ee16a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
369d9a38206aedd7a5efae7bebeaf6a6

SHA1
f1c6f397fd5cb69282c0b8c46c339a0e46de80bc

SHA256
e92aff90d73390794dd10c7056a24bef2f55098bdf1623db50e2b37c723c032f

SHA512
82e76615ab2c03ee68d5c96fa295b2992b5ee9604dba508de2610ce7f25811f128656d96ce908b322107f2bd79cca68f4e96193d438f4c445ecdbe08e6eb7d31

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e95fc4847304fd409df671df511b2d99

SHA1
dd476a5a6dfe84892775673301362dcbfa0b3de8

SHA256
b13026d004c08192b6cae6406e35b3c8400965818319059de860c591fd535301

SHA512
0ad26dc9b959b716ce09af0e20de1f50ab1147247f708860349cbb4e4b5c7727a7b2cddfc545ed08fd040ccea394bccb0785f80257b8c39557ee186a6e940245

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f113e52fdb9d1b4d7cac3892e827d8ac

SHA1
a773c7008c295831182ffbe8aab16a1bc0f96b34

SHA256
5ca482f30d25afa9979d5b2b376d0d28d34da11109d156144aa7e6d7d06cf47c

SHA512
ca3dd908b032e2f8bd57636c86eaff3c7a9df831e98ebe5fb8c3d659b578a0c7dcec8f2b47f33ec719cfa137a9b25c49fdb629dfa0163cd9fa531a947c128fdb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
44a40a179b133dd6bde5ebaba3a2a5e0

SHA1
2a67304e3adddcc97de0a9320242e67fe5af6c92

SHA256
abb6c7ca7a950d582eb59a07f484a10debd80d0e151f3ed9c910ead544cca9c1

SHA512
c5fbfff80963dc05196d269f8591a7c5cb8290b42b81d6e368252b8e280d6aa2f205cbd2ae0c94d90f168ce398032aa57a7fae4976242e77a7b9f57dc489b568

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f92b1b6ad30f20c633a0997c32eb386a

SHA1
cda28247879d8d57299930c5523e95524e065596

SHA256
ac81c32f856d0581dc7368a5d0d01372dddb17dceb2eafd25f5f35ff632c538a

SHA512
6003233ccebccf4a497ac77ff5bed32d81cca2ba0817ef8a3300972d33a30f1caae82d270dcaeb8b64e9cb3bff81907b1345860053d6ce79ade1419c55c3c286

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9826e07881367be24ac328e7126f4af0

SHA1
22abe0bc21c27aaef6c8f4ce48610508bef9f62f

SHA256
dcad393e6e1d6aa32185d2f15643e5d39436518d45921ca7175c01c6e0a3e5c5

SHA512
b70ffc9e2cf8ab43f49c1fdfa872a56c212227e7b548e8771bbc6f45ef11e7f1bba86588f83b9510c41dbec57e9023f803ad9cd27db6e4b558ba8dc6e0be28e0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a7d07016d7a3be1538f7cfd30c976d26

SHA1
9e2a9a1f76b74f14dbcecc92e757b255b5b5be2f

SHA256
c3929396a3d2d020794b6ad5879da19649e3dc9ad3f0bdc7e9cce5f8b7fc5d89

SHA512
d15dce988d717c51e677352a43282e0b6ee4a4033b87132dc933ec796e3b6e8f231e7ff62e9d08050b852e5fedd6011d046d7fec116e63419dd0655f892643d0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
45e468eb3a411744dbd2918728e366bf

SHA1
be0896460d521acfe6714a907553dc8f054516f4

SHA256
e5a142d4d53cfef6228120078f35f1f169aa910ac12b63070867ea962c4fe95b

SHA512
32b0bec12863731213e0f938e0a3f439f6e83867603b12b003dff555875b481e95e5bb0f51a129535255d16843cc458aae618c6d7fff774587c4420e500604a6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
168795679e024619b5c2ff9d3a486425

SHA1
bd375e1c96d42fded21ebb4f4cc32c20b32b4437

SHA256
d41230225f73669465277de7ed285b3c77ddf80c5b7ce3bd97b60a0318fd0473

SHA512
3db81cb778e01f4a05e170c696636265f6c472a218a6ad295a889365edee3f610d293bec708ec5ec1629530bcd52d5230b10f3a027722add013f82ea6ba3223e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b8febe6157aaa4eb24fae95d769f27eb

SHA1
4069bbd58ffdca703dff4bb7e6fb8f498346325b

SHA256
d74e386331c5d2c6699a01f835397974218d5be02040b929651171b4618c824e

SHA512
7e78ba4735a200831ce380d656a2332ac40d8f0664c98382054d106aa3fdab8237eeec88a089e83e6ad566353a69d489889f1fdf0247f86758e142004a7e60e3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
17dd6930867c0cefd3afc67837358510

SHA1
039d57b717955a129c25aae3d38f90258a817a05

SHA256
2f9ee652e250f3e16204989df2605b8bee74db8fca6c9846fb0404b44fc28b02

SHA512
01216bcefd3ebd073adc71835606bf6576c8617c318aa67e8f8ad389ee551524ab34c5f80b2a48456f3b16ad758ec6992330b80e452beeb13c68dd0f1d51f1d5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
46c5647a429cd9d993d24792053b3bf9

SHA1
979b9ea2e5c9f60103b480cf38b4d5aa2accaf57

SHA256
9db3ad1d526774634962000b6bac7cc0dbfd385a5918020891e51849c9b6310f

SHA512
08798109e830000789d517460dff1f5b3e21ded604be6eae37fb30d82fca499ae04d7b6b5f65b2ed0e43321ea329fa35599f10a236a96d4598e8a515a848411c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
46ff1a0076272510f666b56c4ca9345d

SHA1
f631cbfee9934515c6127d09866f77b537659514

SHA256
67c6052f638a4dd76653ed48714cbeb6b43768199ebc4d0582bc3fd71df121b7

SHA512
48298dd14055edfc94ac4630de9f0b515f843d09da8cb0730f5a5237ba9216a13adfda08f8d40f45991015e8ffef281e8b6376db3bc0a08965ab1e603f7f0bd7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
27e8f55f84aaa816ef15c39741115304

SHA1
f125f31e57358f5d4b5e9b2645f0367a202efb66

SHA256
f3072cff0bea11706605f780cf01801489c15afcc4186a7a5f53be4f7f9c800b

SHA512
e938edb122db6e53c8132b4f5b6992b6bc29542ca0f17821dec8b3c3c7dfb578aec2ffa2e4a2a1acb33537767453c67e0779342cb81984ced5bfb7230b7eb1ed

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cebb61b2a4fda0f4c4a6a34a9c9ae570

SHA1
d01188f1b82c2a5633a7b241341077875caa3497

SHA256
b71e69b03b2c7e7fca0633858f0d3cc27500582f304bab5765747ea189e51292

SHA512
a24bcb88a185614e3a4a6acb368b7b964d2312d6172c32c369c36ddb172fcfd6cdb5ef4fc577bde2a0c0d375ffda508fca9857916b239c1a6b9cf2dd977b220a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
803cae8e603ef59ea1c0a7cf60393f68

SHA1
400277d54e3e0811158f87a79ad9f2a07f9cf099

SHA256
302d1d81bc7662dba6c1d5b94100fa3370a9843ef420ac21dfe29b47a61d9b4c

SHA512
42e96e515acc6773444590bfa0ae982e18a749dfa3efe67c2f012f4995b06b5980596df181906a72d9cf1fcd62b4f0d424749e72945f9a94fed409f70e15147a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1655808e5f9b971f8374229facba294d

SHA1
bbcacd1b66b859c92ac46e14d561d60cf1b988d1

SHA256
3413cb9ecd8781642868da5aa317de292fbd3cc99ba58d618c9df0dabaf4bea4

SHA512
aa8d749da0728d82ba1479375c4341ed0046f1b4ef99bb5c8ff1b08fef86c748b7e8628522e3854f38fa571a5091dc6bf5fdd705c1aa17cd11b1bc593a576c6a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c1659296c096a26c56e4afd496505472

SHA1
01bd03aa31c03b293537801efb31f28faf3222bf

SHA256
49f276bcf6a51f4719a364348ceb7c9b2aade14ebfc70986acd6fd0e05edf37e

SHA512
006b650bf130a16f42bfdb9f2783776e66f14fd9a646907c53a3dba1d36cff5ce9abff2f96666982fe05990a4e6f54a4e6fa1ed4db275312fd3e6325799dc285

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e5575867b9dfafdbed3d7975415cc4dd

SHA1
e70f48876ee861e84110025fbc2dab9e1b8f59f7

SHA256
3410b3e70c04a8281d7337207cb4f4d8f58ec2f4f7f35a4be7799d37d253dcf6

SHA512
f176162dd5c83f61309aacacdda2f8cee6659f6a28723096a2789313c3a7a2aaec24dbcb7fd5edc15512e7a59148d50bf86748d65dc49e1363132f0ba6de6639

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
86047683c260728afaf1bb965d263d65

SHA1
eaeb31de8e187f249a9968fa87619bc76c319151

SHA256
101d7eba32b09cb49c723460a8fdd68a9c90f7ce0af3ff04c30caae7c28f5766

SHA512
f5215f6ed755ce29e6ed5b972597f827dd0baf7081f00de9fe31ab25cc9d62f83d03832945fea5bf43d8f6dcd2b28c65e8f71dcca08a564767b9248dbe002989

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\re26ad0\imagestore.dat

Filesize
110KB

MD5
3f1dc2cc1ebe2ea76e939176fc80a1b9

SHA1
43d20fe7c694944e530dda869f48b7e30ad6ca71

SHA256
dcf282666261baecf25a2b6f85066e819fd8edf6c3aed6fad060f602508c0e74

SHA512
e7d8ee53aa54b4fd479758aab43e4478f6ae1c0595ccfbbb07f81aac1b107b8bda7e52f293f2dc4da6839229dfd060d9e92c022b8f29094669fedc62edbfa49e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UA1HZF3D\js[1].js

Filesize
191KB

MD5
86f5de58fb7c97075a5cb23f3d6086ec

SHA1
a20a2b57dbe3bd70b0ad293e43eda11feecabf32

SHA256
ffd4b655308d93b5e466df2bc2e179e6147d6c7b2bb60f3802c07779886f2f13

SHA512
e3928e731a72b7fa64cfd601bccdf3c4d729a576ca19b6cf733d71a0addc7e386ae64610606383cec51df8baff0e75370bb9041811b2d284f06b02250aa8a351

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VIF0OH2A\favicon[1].ico

Filesize
109KB

MD5
504432c83a7a355782213f5aa620b13f

SHA1
faba34469d9f116310c066caf098ecf9441147f1

SHA256
df4276e18285a076a1a8060047fbb08e1066db2b9180863ec14a055a0c8e33f1

SHA512
314bb976aea202324fcb2769fdd12711501423170d4c19cd9e45a1d12ccb20e5d288bb19e2d9e8fd876916e799839d0bd51df9955d40a0ca07a2b47c2dbefa9c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar1A2C.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\NW3JBB2I.txt

Filesize
686B

MD5
299b3357a6b23ec81a552f359030a1e1

SHA1
e48aa8beb8f17d3392b702cfdbd7305fe1fb8eb5

SHA256
ad48442c1db050c1495f2018cc753b78496203248d8e91a1b70a41630ccabde4

SHA512
0e766e8f6bc1f94849f3115f5d06cc5e2beaab7dc20598f7870f81656e8eef4e0cadabeb58e556af202e492c8cad7586d2678e4e3f46f2e59594d2f5bf277a60

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads