cd4aa11bb7f8684f626b0262fe5e18427d6796d1d05c41e69b76885aa4c684da

Analysis

max time kernel
149s
max time network
143s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 04:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

66105d6f64ebc6144752dd631e7e80f3_JaffaCakes118.exe
Size

1.1MB
MD5

66105d6f64ebc6144752dd631e7e80f3
SHA1

c1099fea7a3c359b16f3768f90e04b34e6f9fcba
SHA256

cd4aa11bb7f8684f626b0262fe5e18427d6796d1d05c41e69b76885aa4c684da
SHA512

af15eddb0455334f45891902d4b62657e09060a9b6c2c27dfda0c1b3c6435e9564e4df0b98d9c8a65f4c726176d7cfa29207926a9c51094744fa7488e201d3a8
SSDEEP

12288:vsM+aTA3c+FK1vrlVYBVignBtZnfVq4cz1i5pP9kPQK7:UV4W8hqBYgnBLfVqx1Wjk3

Score

7^/10

discovery

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
1968	cmd.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 46 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9F3F8C28-4C94-48BF-AEC7-746F484F63E3}\SuggestionsURL = "https://ie.search.yahoo.com/os?appid=ie8&command={searchTerms}"	66105d6f64ebc6144752dd631e7e80f3_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IntelliForms	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Zoom	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\searchwtii.com	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000074d3b57fbae57a49a4921f2e03f2a7570000000002000000000010660000000100002000000065ed455e456ee1ac64a5d7388c768b20b9d9058ef2472bb58a8e7643717dc09d000000000e8000000002000020000000916dfca7e9c53741687d16f47bb06bbb196d92931378c840d50c9bbc22aca4da20000000ca57373983ae3d00636aec92f0b2e5231c333ec8cb4c4675f7d801e98453800340000000af7a537e132c9cf6f20329534bb2cb499019c8ac15501181b746e127b244aae54c10a40d5393799e64630a02f0ad903bfef0ebf43ef64d4a10fe1700b30d7a65	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9F3F8C28-4C94-48BF-AEC7-746F484F63E3}\DisplayName = "Search"	66105d6f64ebc6144752dd631e7e80f3_JaffaCakes118.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422515500"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\PageSetup	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9F3F8C28-4C94-48BF-AEC7-746F484F63E3}\URL = "http://search.searchwtii.com/s?source=1&uid=26f92b69-fdb7-492c-a6d5-5c60bf054da6&uc=20180110&ap=appfocus35&i_id=tv__1.30&query={searchTerms}"	66105d6f64ebc6144752dd631e7e80f3_JaffaCakes118.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000074d3b57fbae57a49a4921f2e03f2a7570000000002000000000010660000000100002000000057bdaddd1e2e721aa3fe022fbde81b9b5d7b0e89a6a5b923109912132fcf8f08000000000e8000000002000020000000db049862f798944549fe4959b4646bf525d765b0f7d16e12bb16c1ddb2f1e26e90000000fa5eb48d138240aaa54001881fa9a0d6aa493605b800096bf3e16c97401be11f2c0619a4fe40d64f6e0c07bb39132fce193f336cd2a39db858524e2a974095e228063914eebe4c314b745f2ce8acb96a5cf92e28e3ddad74a7b1d18b6e589e0e47935a0a3e92e41fb94a44285513129e58648a0d422121a49ba2551f1c7c6fc40a98f600713df9de255daf701528f3db400000007985dda2612ec252e5ea9f8115580518eb50ea8dea964b9cc6714df24daed8abf95bb9d0e3c7cef874fa19da908726b68ae06e88beefc255cc0ce16efd5b228c	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\InternetRegistry	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{49B57B31-17F7-11EF-AA09-E6B549E8BD88} = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconPath = "C:\\Users\\Admin\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\	66105d6f64ebc6144752dd631e7e80f3_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\searchwtii.com\NumberOfSubdomains = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 7061942104acda01	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9F3F8C28-4C94-48BF-AEC7-746F484F63E3}	66105d6f64ebc6144752dd631e7e80f3_JaffaCakes118.exe

Modifies Internet Explorer start page 1 TTPs 1 IoCs

stealer

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\Start Page = "http://search.searchwtii.com/?source=1&uid=26f92b69-fdb7-492c-a6d5-5c60bf054da6&uc=20180110&ap=appfocus35&i_id=tv__1.30"	66105d6f64ebc6144752dd631e7e80f3_JaffaCakes118.exe

Runs ping.exe 1 TTPs 1 IoCs

Remote System Discovery

T1018

pid	Process
1552	PING.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2956	IEXPLORE.EXE

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2956	IEXPLORE.EXE
2956	IEXPLORE.EXE
2616	IEXPLORE.EXE
2616	IEXPLORE.EXE
2616	IEXPLORE.EXE
2616	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 16 IoCs

description	pid	Process	procid_target
PID 2392 wrote to memory of 2956	2392	66105d6f64ebc6144752dd631e7e80f3_JaffaCakes118.exe	28
PID 2392 wrote to memory of 2956	2392	66105d6f64ebc6144752dd631e7e80f3_JaffaCakes118.exe	28
PID 2392 wrote to memory of 2956	2392	66105d6f64ebc6144752dd631e7e80f3_JaffaCakes118.exe	28
PID 2392 wrote to memory of 2956	2392	66105d6f64ebc6144752dd631e7e80f3_JaffaCakes118.exe	28
PID 2956 wrote to memory of 2616	2956	IEXPLORE.EXE	29
PID 2956 wrote to memory of 2616	2956	IEXPLORE.EXE	29
PID 2956 wrote to memory of 2616	2956	IEXPLORE.EXE	29
PID 2956 wrote to memory of 2616	2956	IEXPLORE.EXE	29
PID 2392 wrote to memory of 1968	2392	66105d6f64ebc6144752dd631e7e80f3_JaffaCakes118.exe	31
PID 2392 wrote to memory of 1968	2392	66105d6f64ebc6144752dd631e7e80f3_JaffaCakes118.exe	31
PID 2392 wrote to memory of 1968	2392	66105d6f64ebc6144752dd631e7e80f3_JaffaCakes118.exe	31
PID 2392 wrote to memory of 1968	2392	66105d6f64ebc6144752dd631e7e80f3_JaffaCakes118.exe	31
PID 1968 wrote to memory of 1552	1968	cmd.exe	33
PID 1968 wrote to memory of 1552	1968	cmd.exe	33
PID 1968 wrote to memory of 1552	1968	cmd.exe	33
PID 1968 wrote to memory of 1552	1968	cmd.exe	33

C:\Users\Admin\AppData\Local\Temp\66105d6f64ebc6144752dd631e7e80f3_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\66105d6f64ebc6144752dd631e7e80f3_JaffaCakes118.exe"
1⤵
- Modifies Internet Explorer settings
- Modifies Internet Explorer start page
- Suspicious use of WriteProcessMemory
PID:2392
- C:\Program Files\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://search.searchwtii.com/?source=1&uid=26f92b69-fdb7-492c-a6d5-5c60bf054da6&uc=20180110&ap=appfocus35&i_id=tv__1.30
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2956
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2956 CREDAT:275457 /prefetch:2
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:2616
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\system32\cmd.exe" /c FOR /L %V IN (1,1,10) DO del /F "C:\Users\Admin\AppData\Local\Temp\66105d6f64ebc6144752dd631e7e80f3_JaffaCakes118.exe" >> NUL & PING 1.1.1.1 -n 1 -w 1000 > NUL & IF NOT EXIST "C:\Users\Admin\AppData\Local\Temp\66105d6f64ebc6144752dd631e7e80f3_JaffaCakes118.exe" EXIT
  2⤵
  - Deletes itself
  - Suspicious use of WriteProcessMemory
  PID:1968
- - C:\Windows\SysWOW64\PING.EXE
    PING 1.1.1.1 -n 1 -w 1000
    3⤵
    - Runs ping.exe
    PID:1552

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

Remote System Discovery

T1018

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\1801A0BFF52C676E5F51CA71C5350277

Filesize
947B

MD5
79e4a9840d7d3a96d7c04fe2434c892e

SHA1
a8985d3a65e5e5c4b2d7d66d40c6dd2fb19c5436

SHA256
4348a0e9444c78cb265e058d5e8944b4d84f9662bd26db257f8934a443c70161

SHA512
53b444e565183201a61eeb461209b2dc30895eeca487238d15a026735f229a819e5b19cbd7e2fa2768ab2a64f6ebcd9d1e721341c9ed5dd09fc0d5e43d68bca7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\4A9377E7E528F7E56B69A81C500ABC24

Filesize
889B

MD5
3e455215095192e1b75d379fb187298a

SHA1
b1bc968bd4f49d622aa89a81f2150152a41d829c

SHA256
ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c99

SHA512
54ba004d5435e8b10531431c392ed99776120d363808137de7eb59030463f863cadd02bdf918f596b6d20964b31725c2363cd7601799caa9360a1c36fe819fbd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_9487BC0D4381A7CDEB9A8CC43F66D27C

Filesize
471B

MD5
0eac59bb9858f01624f5c9b019ee1304

SHA1
874d815e7993fefe6604a2ddb987ba561435fbfa

SHA256
31fe0ee005b9d77aa6058111f1998ea449de5fcc841d7fd6b586ee165842aae1

SHA512
42b24df68cae3ff676709b83ee95cd2cf55c9b04a827dfcfb1e1c8c73aa41f23d085bc667bb71e3c0afbd87871a7f18ff1269c377a29e19d8c060889c2dd90d9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\1801A0BFF52C676E5F51CA71C5350277

Filesize
252B

MD5
160565f459505e038f14c950b4cac849

SHA1
02f51e2068ef362890e65df61a3e9e4438eabb73

SHA256
3ae34dd5bb2c0536ace345b846f53f70c1ea3edfdde705ebb577e6c2f7b8fe2f

SHA512
cfd501e34b965f517b2bbb335ffa1a02dfbade663776b9a7916a5467dca0fd600e3980de9e81f46be4c601749e224414a210e19f6fbc233d9089109fec699ce7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
353d4a2ef2d89d4470bd19ff7d9456f4

SHA1
a32bdda266ff663e784e86b60be556318477a7d6

SHA256
f71c87e8f48255abc0003fac15e123564ddac1f3b3bbde5ea4fb44ebd3776550

SHA512
345650fd4f9375d46fe08a2b28232775f264a8885edec34541ef63e1cd4741670117bb808ef4b9f0cf4a8c5fd69abf728489c6d7e772d575d896c080c2ca537d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
e0f7dff430df563a3b6f003bef430dec

SHA1
82fd55f886388ff2ceaec62a7839d694ba7ec377

SHA256
0e8b9ba4e1e5c6c225130fbd9c43f35d914dff44f3f2ac6d1c8e133f351921be

SHA512
a08422e36a987d531137cbe5df90382ce2e42f3225d3ee99f6c16b29fc524683eaa8e4258999958417bd9c6bdc8ab8e520926517977c0d2946ecf146e318b5eb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\4A9377E7E528F7E56B69A81C500ABC24

Filesize
176B

MD5
8ea9f7d1679258eba7cd24edd3973da6

SHA1
e1ed02ca7a189e0dbbb1037d08eea9f73920ab1a

SHA256
f03e971bc1c2cbdc897984ecb92d35ef7e7326f882a7d9ca192c5a9c5a220d14

SHA512
6670b19f7b0b2d8db753b3488afa8ecf6712516052c705619fb5969a7cef9046eb7625f097a2ef6b8db38973408fe17b8b456e5b35839ae014b387a2668eb179

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1896dedac808e9b36a7cfa578dc39f3e

SHA1
f03c150f47d259c028a05af5c6ff65e1e6c53127

SHA256
8631e14da18fedeb205628cdf66bcefac8b5a93f69f94efa7cb1dff0c28e120d

SHA512
1aae3d912c18d60c6b1456499f5daea2038f47ef9f6c21e46bc4a854e7f464e0369df5087fd338b2fab03a266b6b78fe5bd84eec13a377f9a3167af20ca55f85

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
648a6f72c207dba73185b487edf9f7f9

SHA1
e9a3d35ebff634ebe6352bf9de09003b939c4775

SHA256
b79f4648707ab429f8d975bc2f923ef4bd86540180aa184ddd3939306b65a3a0

SHA512
9ab5ac0adc466e5df8d2afb299dfaa2e23ab1728efe730e13563c08f555c858d05365411707172576a3b572f3510bdba2239b9313ed5924e847b9f23087acf6d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
27a2f5e4a18181173f6913b27139c0b3

SHA1
7f30c78e1e4858c69857654ba55b796738c76cea

SHA256
d16caa7500bda7e70c0998291ff0eeb0a3ba12f6a3654aafdafa921368ae2d2d

SHA512
d24dc4555bd0a2a72bc744abf0636bfbc3d0b694d960a1adadbb499f67f9339f8457ab49dac5053adc6320c424e2fef25fe13090c95ff53f781d9c99dd3114ac

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
75337e26e4740df57829c554020783ed

SHA1
af449a0d08054f8e3304caef5487f74051d2b973

SHA256
42ea14b47165965e933a541357effc56a393b87e6c7e4c4fbccd9d3de4264736

SHA512
210256646c25dbff8bc3dc581908e3832b568dc0689e8a2ce688443f1f4a6b262bf1e4d69cdd0f993a9c6b199fa1948c3964bfc68bab53de54b6eb56da1e05ed

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
03f27a6e2f75ba40cbfdecf683bd0010

SHA1
effcaf92674dd59d183a00ce3f5056117bf14f61

SHA256
99c0dddff92a163bcd40a9a01a431ee8e0c6d82c0f05080dd491f5429bf09acc

SHA512
7f76e756c8152f770590c3382ac99eece3faa0b2a2ce69a46a53e6fdca0a7d55572267a93aea4b3e7c5c92cd01463cbc299f1cbe9b62e767e72b7cd5c930c2e6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9214e19234ea6f0abd2ea23ac288a170

SHA1
817c5474e6cc698c3cc491700559aa2994f37185

SHA256
186b8ee2c596658abf3302fa537acf679e2367fd3e7767cb47602a62a5895d42

SHA512
9f701f5b0658afd4db239b365cea0bcae87df90e57c5ae392a1344b02f14e3eeb30cdc4d9ce839291c3251d936de92797b2a27e7e222efc1b55fd3402a14fd2f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
57893017ed4470d8f9dc6a4839975098

SHA1
424623c4f55f6a9870d33c7eaa764c6e2687d6d4

SHA256
325e2896454a7ba66ab65fd941517e0c5abafa63c38258b1fbebff5319859553

SHA512
8a099eb0d04168e0d596b8350ae0ba4884197a14ab037f5f27f90df21c3e17325a9ae2301744a188f063f5651a67651a5ceb4bdc110d63dc2dd1b8b35c73c1eb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cc918729871e6e1a7259cc8e82564ab5

SHA1
099018e0bccdb446ce8930ac1a76c23838d0b26a

SHA256
48574be32d560f3cb36cd0ab811cf324f775a4211eb6f04d29c88b458cdc8f99

SHA512
3fecf2db309eb7d0ed8efc29604b80801813664e2ac0583b3eec07105086d53c6b42be9032be137e5e58743879d1a0b617029beef55a9e9c6b8dcdac956f18f3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5e26c4d026b3c964761ec4ed21220550

SHA1
7832a42af375af65d21b2735526ce7168428c43a

SHA256
3b2e3c3839f638ec2c46682c83f298906d95cdf4132476ac695b6d9cc41f6700

SHA512
8c6feca95db9ff08797315ce5f954cfb099cebc3c11e5082b1b27887964a579e19db3a4102ec8e61c610085a5bf22fccaf17e854096762cd299fe678c3688b0c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b503ec0d14185411ff75d19a71bb92ed

SHA1
7c66ffbafa51060c195b8fb80b29c8a68dcd8ca4

SHA256
4cf812712bc81c61e74d19a4d2192df68bf4c63e6fc30e30fd154bd99fa6cdd6

SHA512
de4d49b56e14cf76e0ac982e560ce471794d78c7866f2efae31727037514196f85350243ad7588dcb9f89a0c480fba969d925214eded3eb817e968d02023fe91

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
08ca87392b85122157c7f4125938241d

SHA1
aa8e66704df9b8e5cf3cf7c6ea9599c99dd03b2e

SHA256
3c6e75037a4636988efe8bbd483bdbfee4fccc56168f6ce7b4f05b0cdf107e7a

SHA512
4035871e097e6ceac78f7b1db3d99531a65a6b9093d67f9755659e981e208e7b17fc91a3ca1a6b4830c2b8af8dd99b81e80cab1ca149b71178c214a126a49b11

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ae32e30aa1a3a276a987da89b924286e

SHA1
55c5fcf8872cd9c53793cbce67464347c2c8f92d

SHA256
37550b28b028811992dddb06b3f6f2ea40379b4c1bcc6f91f349dc6d3017a850

SHA512
ae6fe4bf9d04095f465c7b06392ddc5abc6e16f11622dc31e6bc6927a6bc564130b7797352b4e5f80bc211bc61618ae0cbef3f8150c1f0747b722a91dd72d87b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
921f1510ed777356f210af0efc6c069b

SHA1
48905d25ba41f9d72c27cd004c078a63586be15c

SHA256
46a95da4a33b4cba3465737e87cbb06a953d97e4e71a1921761a006ecadc52e4

SHA512
5796ca4f3fafda32959aad059ffd4164bf1acc76320db5a84b98e7b3df45e1611de08fc812c0bace33ec14751548ec4ea7076cf73ebb690b1d70ea532a34de24

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b7eee54783a9a3118a9f58f2c034d117

SHA1
c0bdf221dbbaf4672bad12f1ab6d5d5ab57fc442

SHA256
10ee6c8f099cab6171b0eaf1e5ca53ea7056935b8c384d4fc33de81408634e14

SHA512
18bde545510c50c98492f6bf19323b9a9389afcdf95274f548a870a474b929a1a50a763872a17c0914223d0fe79d6642d8495b3291cf5351f9ac722e834185d7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
299a5cfc36813a3d88daf1ecdc2cd3bc

SHA1
cfe33196185959d230a754e6c2fdf77441928647

SHA256
d803966caefcbe78fe82344dfbc4a0b4a4b48c0bfaef0afb6c0fa17b54640151

SHA512
5c51d3db45ef816aada93278ffdbcde7e445331a688e7e458fd59bbb163424a980bcacc481ddea35ba29fda978d58c1e36ea7233f1d8243fb91c1fd8c49d2d2e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
57b6685cca3eb2b502a4156ad07bf020

SHA1
c26c3cfae403fb9a423a017b98c9efc2f2c4ddce

SHA256
e6aea95bce07f28012d655e96b1d3711ad92a7b74cd08edae45bff344f7c79ee

SHA512
96a4a5c8925589ab10b6da07ad109168f4f16c3fed3104dbfde679e72c18a66e511a8634e2cc121a2ef6516525694de606f547024813c334dad5660713d06717

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9c3dce22b8155ed7365c0338d0d21dde

SHA1
7f5af0cbab6bff791992d2304e0615020f39ad8d

SHA256
d4f2f372da7085cc23aba01ce9f467ef381deae15488f944e1421c4f42bda481

SHA512
17c063a3d282a18400b8592a3393141e1977075082b9d370f404a6d0782365fae2045cc8eaead4b9e3da8e8e00b31a64a3257758f2f37b539ff7490490f0998b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
01f9d1b3a81198351d85f6faf13b3af6

SHA1
ff99c066697cda59ccc5aa91f815f6d65b3b913d

SHA256
8740ff771c65a8497809d8a2483421f81d084ce4b211a9e24ccad7671d148523

SHA512
128b28aff11bbe402087e2fd04bb28b4bcdddcc42c947fbed8c919f2bb5d144d1ff08099f45668cbed4dd5c610a26689bca37362cf96c64035b0c68d5eceb52e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ccc5fe2c737d33c4d5158c1a9ff3712e

SHA1
82b38fe14a1a5bca78cbb973a416c3b58f3b2053

SHA256
be44f5b089c8bccc453c0d808788d7fe69ccea3df7b466ea6a73a0e14386a917

SHA512
8dc3c6dee51c1c72c36d61b02b2a7c875095b63fae587598af3542f1c5e8687ee55e5f9c94003ce1eefe562a687ff59ad55b801493f3313ea2d777a39c53079c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1c64becbad61e89c9d24a43e66ae1456

SHA1
8ef60b440fc8a80b3227ca9bd7429cdebe994d11

SHA256
480bf4e5d09b77af3eec6282b3a69bc7eab23caf4bb0869c3f6cf86e9a421c75

SHA512
f654aa9d796a2d9584ddd9aa9de74f221a7743dc6f166f0f7777f3d535660b057b9ef7068209e9d76c1bdeacae88f779ca18bab25efe3a00c2ad60884c1da0fe

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4f2fc2cc49057866598935faacbd1869

SHA1
026cf151e28792ef8c3d953c7c176f0cb1f82843

SHA256
2c9a25d244dbd1a7071600414ad23509195dbd09978ca1dc32fcffdb75f89f59

SHA512
3d38bd0b3229b1bbb37eea5c5ced28e4164251f14f168fd5cc9fe36341d36f31661365a78c6d690bcea4eec5360ea3ba4e87dcf5a66dad5543de1699b963b4f9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b16181f56ee279322e572a7f660bd053

SHA1
bba279f262215893b7869467e681b45118b6bd9c

SHA256
98b33f3391957f3900dc843472d69ad64dfd9dcb37639cc898e926cd94b261d4

SHA512
ff0efb1dbf6a25c35e07e891767f7c2be2cf8a6ad72186daaf144cb82fe0dd87eba489077ecf5f9346af2767c4c44d78eb75cf99beaf8c65cb2ce8bc69f5740c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5db8e48addce94c0f0705b11dd12d12e

SHA1
6ff4f7a8c023004e2ba98d172f14d34554528030

SHA256
da600cdf69ea265f0674b6bca9510b77a5e1674180d0e468c763310195b7caed

SHA512
ae352a7da350116ac94f4598f9bbaaf081a7341aa217c15a391d87a2cc6cfa43b8506ee9526dbb27ae93beba67eae4656cff47b3d996d30cc5bec2e8be7d265d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b67e6d27a0b01986c118e4b3132efab4

SHA1
c8b9c55cd011032bc9c2036832df3138c8e68b6c

SHA256
7162ab40d2eb9b74a41d093a6ed22dc2d8c3d9c8c7d5dc904d7613423c4245dd

SHA512
d4879316183b482b5c3981a7068e5c119b3160ba7d5a1db9966280224d02a6333315f6b6561db8375102fcdcfb4cbb108241372fba7f719db37ed6bf80f6fc42

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
031989cc91f6c0e7da0855f9a7e99cf4

SHA1
c5b037b7b0954889905772fd842d38360a48f7d7

SHA256
9ab739d822a37bbfe649d1af2bd65482463d423756b4669c195a0c3193462149

SHA512
f17d83a193e71adc4c34df01c1c263f7ac6291002580d102ef4b17b5f0a393a63308b8ecbe37245cf091d5f48956f94506ab94bf5deaf71715006eab56aedee2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
16bc5936f677369313a6884e2ed4978b

SHA1
e8ea1249c181489d4c5b28783bd6e7eefa8570b0

SHA256
2d54a78aeb4ba308187dfffb0851eaac2e90f5355ce84e490ef8f0ecff43690e

SHA512
b8d601592d8d1781e65f54cf01981fc29fce65a028b6e906c5d487224dabe9f58eb7406f6cf26668a33b10e09ccc4b0c67d3d98acf7f2573c8666219822fbcff

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
29714d6db431836b3b425a431d991e87

SHA1
f16c59200e40c9b9123725318b8da9f94ca0e8a5

SHA256
f1dc96b23d39f0b9d260372fa893814c88ca35343a789a7dc6b5e502109f6929

SHA512
f62e2d0fa2a970adde77797ea8b8ff6b9f143b48c23136805bca2bd915b91ba27ceae888447bbbfcbc6895e4f65dc09d7cc4c55f5151a177fa82c529fdd6725c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_9487BC0D4381A7CDEB9A8CC43F66D27C

Filesize
408B

MD5
57bb85fb6411c8695d15b64f110766a6

SHA1
d24f542cc87f041433d0ec41c5a35a1152c188d4

SHA256
4bd8ed7f0a79d2b54353d50ba4edcad8f4ce7892ac6bb9634f9182a135d6ab85

SHA512
91f62b0d4a2bfa84ad52b7e991948fa41de01c43c7ea47af195a299dc28d159e9199a688e105eb1f0f992aafe43f5bd8079328cd554f8249e86cfb0f2dc62cb5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
8ced46355be4b0faafd1c7cbf0803096

SHA1
c0fa4ba51706478f3a420c327793aad1b83a1ae0

SHA256
fcbb7d498281018f8316537b04ca7fff18d58c3a9bcf42d37af7f3f3c202c203

SHA512
fadf92b5af05cb2e17246e0c7d9f0e32a003157a4b7070bb4576c84477d9c290ad58eb90621991677a15eededb92d9e4592d2fc876fe8e074d5f2e8882d38e50

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico

Filesize
4KB

MD5
da597791be3b6e732f0bc8b20e38ee62

SHA1
1125c45d285c360542027d7554a5c442288974de

SHA256
5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07

SHA512
d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\s8rbov0\imagestore.dat

Filesize
110KB

MD5
3bbe346b20fc1567ef04f5a142fc51f3

SHA1
9d42eed9b73761224f6bfedc0f8d2ebaf9c5ca4b

SHA256
b2d30e7f18ce2de36ee375128eba81f9242978eea4c9affa17d1098c248872e5

SHA512
c161110266cab7eac93331a6e23f0223067a47caac5f3ce7d27a775dfe9ab1e557af905ebd1df920ca6b7610173a57e0a529e00fb3faea6cd35651138a68dfda

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R48VIXDS\favicon[1].ico

Filesize
109KB

MD5
504432c83a7a355782213f5aa620b13f

SHA1
faba34469d9f116310c066caf098ecf9441147f1

SHA256
df4276e18285a076a1a8060047fbb08e1066db2b9180863ec14a055a0c8e33f1

SHA512
314bb976aea202324fcb2769fdd12711501423170d4c19cd9e45a1d12ccb20e5d288bb19e2d9e8fd876916e799839d0bd51df9955d40a0ca07a2b47c2dbefa9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R48VIXDS\js[1].js

Filesize
191KB

MD5
8e62fabb6959f297df6ee3294e0c5156

SHA1
3493197db22753c210b1081cecd3587b8e8255a7

SHA256
c5166c5ee915b64a0390169f2c11ad0dc6a57a5663b413e2c794b92f92c07058

SHA512
092679accb3d582e677d35053a923cc8ec5ecb23b369a3b93d1b68476facd6fcdcd0ed053229c3e94882e0d8b53968d63bd873e8e1dc69e8b99091dd49233351

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar7E2.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\WFLFDJFU.txt

Filesize
682B

MD5
2e57edd45d5796d712cf7c9439889b88

SHA1
9650bfbfee1e8094991e16d2413f934f200aa592

SHA256
95c490ab8e38ae7cbdcd68ce89dc9e5e050655b501532d9ae3e403183eb34c1f

SHA512
99eb1938139861d99433fad527c09b7553a0000d930b534cd992932948b65e69d1f76c3e7931ccef9e95fdeff0ad6c2337d4038d59b8fb7f0e284eda0e04a073

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads