cd3388314516ab7de70cc342692503b2ae7c248fc2bdf2695aea448a3669b57a

Analysis

max time kernel
150s
max time network
128s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
26/05/2024, 08:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

74e07ced94fc01de34b5c0dc527ec11b_JaffaCakes118.exe
Size

1.1MB
MD5

74e07ced94fc01de34b5c0dc527ec11b
SHA1

29f583091b60ee33b56bc9723f2f77be5d3b66de
SHA256

cd3388314516ab7de70cc342692503b2ae7c248fc2bdf2695aea448a3669b57a
SHA512

f53ebeff83ff1a2d79dba7df759e0b2e5ee61cf7dda72c0a725d4262911f7ea06d3cb3e69d507a3753c4fb2b6182e079ed7f6d2f6b9fad0e2dc35771af4e6b31
SSDEEP

12288:XsM+aTA3c+FK1vrlVYBVignBtZnfVq4cz1i5pP9kPQi:8V4W8hqBYgnBLfVqx1Wjkv

Score

7^/10

discovery

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
1400	cmd.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 44 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 30aa574746afda01	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422873763"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\PageSetup	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Zoom	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DOMStorage\hdirectionsandmap.com	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\SearchScopes\{E11C9467-C54F-42C1-B296-84893DEB1C3E}\DisplayName = "Search"	74e07ced94fc01de34b5c0dc527ec11b_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\InternetRegistry	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IntelliForms	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000760f6fb6d7365248881a38bcea68cf8b00000000020000000000106600000001000020000000419e5c4ae4bd623ea536c0b838723911771f7fffbaded5b79309c4622870bcab000000000e80000000020000200000002e4476822f35162998d0497d3abb27d5b36d88dc937e6166700ae3c77ab4cabb20000000d2001ec55b95082a2ac570e3bcfaed82e4e41f71e71c525b2a27b1437994dc63400000004320f3086080b80f6861187d9c343c25f622601a89be80cab121b1a17a87568ff8768c7f86b1efea250873c74bf263e3abf23459f4c2221a60eaa6081fe5fbc9	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\SearchScopes\{E11C9467-C54F-42C1-B296-84893DEB1C3E}\SuggestionsURL = "https://ie.search.yahoo.com/os?appid=ie8&command={searchTerms}"	74e07ced94fc01de34b5c0dc527ec11b_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\	74e07ced94fc01de34b5c0dc527ec11b_JaffaCakes118.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DOMStorage\hdirectionsandmap.com\NumberOfSubdomains = "1"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000760f6fb6d7365248881a38bcea68cf8b0000000002000000000010660000000100002000000050e1c3789d1a6ea7e9281ce79ccd220ba70fcba2391f7a469fa63b5670f4c6b1000000000e800000000200002000000071c14c64bac761db143622396aa10858d875165feaaa08bbdee811b8381c29a890000000dbbb3c9a1d4916c33cf93480d6314e5d89f31f5d415678bfe6cd4cc40e68db7750b445125c17c8db7be346b4d31d5975dbcab06cd0f89cb8c9ae41eec15fc541663dc146ef9082de1b287b1fc68a32419f100bdd7241aeaf8232aec3ecbc2ab3e9cbf37de062aec193635d068a69a3bd207b8f7ead2d356b43ce4892752adc643286d98792ac20869cf829bc880027c340000000202c1ac034beffcb000ebe6acfec487f0ec45c67111d1e40cd9b2a0a6a8258c686523a61af780f998860e24cf9028d8ff0d6d2beae5d9b8e6dc010c8487977e0	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{6EE84B91-1B39-11EF-8962-7678A7DAE141} = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\SearchScopes\{E11C9467-C54F-42C1-B296-84893DEB1C3E}	74e07ced94fc01de34b5c0dc527ec11b_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DOMStorage	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\SearchScopes	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\SearchScopes\{E11C9467-C54F-42C1-B296-84893DEB1C3E}\URL = "http://search.hdirectionsandmap.com/s?source=g-ccc1-lp0-bb8&uid=6e295b6a-f38c-4a53-af84-218f6dab9df4&uc=20180111&ap=appfocus1&i_id=maps__1.30&query={searchTerms}"	74e07ced94fc01de34b5c0dc527ec11b_JaffaCakes118.exe

Modifies Internet Explorer start page 1 TTPs 1 IoCs

stealer

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\Start Page = "http://search.hdirectionsandmap.com/?source=g-ccc1-lp0-bb8&uid=6e295b6a-f38c-4a53-af84-218f6dab9df4&uc=20180111&ap=appfocus1&i_id=maps__1.30"	74e07ced94fc01de34b5c0dc527ec11b_JaffaCakes118.exe

Runs ping.exe 1 TTPs 1 IoCs

Remote System Discovery

T1018

pid	Process
900	PING.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2772	IEXPLORE.EXE

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2772	IEXPLORE.EXE
2772	IEXPLORE.EXE
2480	IEXPLORE.EXE
2480	IEXPLORE.EXE
2480	IEXPLORE.EXE
2480	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 16 IoCs

description	pid	Process	procid_target
PID 2756 wrote to memory of 2772	2756	74e07ced94fc01de34b5c0dc527ec11b_JaffaCakes118.exe	28
PID 2756 wrote to memory of 2772	2756	74e07ced94fc01de34b5c0dc527ec11b_JaffaCakes118.exe	28
PID 2756 wrote to memory of 2772	2756	74e07ced94fc01de34b5c0dc527ec11b_JaffaCakes118.exe	28
PID 2756 wrote to memory of 2772	2756	74e07ced94fc01de34b5c0dc527ec11b_JaffaCakes118.exe	28
PID 2772 wrote to memory of 2480	2772	IEXPLORE.EXE	29
PID 2772 wrote to memory of 2480	2772	IEXPLORE.EXE	29
PID 2772 wrote to memory of 2480	2772	IEXPLORE.EXE	29
PID 2772 wrote to memory of 2480	2772	IEXPLORE.EXE	29
PID 2756 wrote to memory of 1400	2756	74e07ced94fc01de34b5c0dc527ec11b_JaffaCakes118.exe	31
PID 2756 wrote to memory of 1400	2756	74e07ced94fc01de34b5c0dc527ec11b_JaffaCakes118.exe	31
PID 2756 wrote to memory of 1400	2756	74e07ced94fc01de34b5c0dc527ec11b_JaffaCakes118.exe	31
PID 2756 wrote to memory of 1400	2756	74e07ced94fc01de34b5c0dc527ec11b_JaffaCakes118.exe	31
PID 1400 wrote to memory of 900	1400	cmd.exe	33
PID 1400 wrote to memory of 900	1400	cmd.exe	33
PID 1400 wrote to memory of 900	1400	cmd.exe	33
PID 1400 wrote to memory of 900	1400	cmd.exe	33

C:\Users\Admin\AppData\Local\Temp\74e07ced94fc01de34b5c0dc527ec11b_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\74e07ced94fc01de34b5c0dc527ec11b_JaffaCakes118.exe"
1⤵
- Modifies Internet Explorer settings
- Modifies Internet Explorer start page
- Suspicious use of WriteProcessMemory
PID:2756
- C:\Program Files\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://search.hdirectionsandmap.com/?source=g-ccc1-lp0-bb8&uid=6e295b6a-f38c-4a53-af84-218f6dab9df4&uc=20180111&ap=appfocus1&i_id=maps__1.30
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2772
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2772 CREDAT:275457 /prefetch:2
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:2480
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\system32\cmd.exe" /c FOR /L %V IN (1,1,10) DO del /F "C:\Users\Admin\AppData\Local\Temp\74e07ced94fc01de34b5c0dc527ec11b_JaffaCakes118.exe" >> NUL & PING 1.1.1.1 -n 1 -w 1000 > NUL & IF NOT EXIST "C:\Users\Admin\AppData\Local\Temp\74e07ced94fc01de34b5c0dc527ec11b_JaffaCakes118.exe" EXIT
  2⤵
  - Deletes itself
  - Suspicious use of WriteProcessMemory
  PID:1400
- - C:\Windows\SysWOW64\PING.EXE
    PING 1.1.1.1 -n 1 -w 1000
    3⤵
    - Runs ping.exe
    PID:900

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

Remote System Discovery

T1018

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_9487BC0D4381A7CDEB9A8CC43F66D27C

Filesize
471B

MD5
cfdf6b7a7d7c7847af980a6b1e38baad

SHA1
37c4a5220a2f643d439d00c76830245a6574426c

SHA256
46fa4edbe0b86db6cde09068a39e9d0adf84d6fa3155f06072f02fa2afd22fe8

SHA512
117f0f7d122cd32753e8f08918af0a6e4ce29f7ffc55077eb801d22cfb66e10989fa96f0c77a683f62d2d520128b1f1d6f0b55977a3984004bf54cae56c45541

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
a455a1b918dc38037bd5588642c3c1a7

SHA1
d0044f2f1bf8a49198c13f4930c03d8fab331aee

SHA256
a60a20f4267b186f64beab3710adb79702900139a214dd67a9fedde87ab2b962

SHA512
1dc52cab993f2ac38a990cf46136c94c218b74d00a425596fa06ed96a1b1fdf41da6de07603630f8df1550469a988c6593d3f5e80e7157f95a70b899907f08cb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\75CA58072B9926F763A91F0CC2798706_645BC4A49DCDC40FE5917FA45C6D4517

Filesize
434B

MD5
04ece5913537448f9d0b4a4fd53e303a

SHA1
d131c9c948b5aab3a846584023c8801b85bd88f8

SHA256
1dd1bbf38a73311dbc04c4eace863d23546624cd21ea83d84e1d8c712a51b1a0

SHA512
2a8fabae761f57e4ec19fd1069a947d825304ec276f9bc2a7664a4bcdeded7da69fa70bdcd6ce4fe375786f599e2deac5ee5b0c337f559ad224f7fd627c2d258

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9ba384169729acedca27b1b921a15d55

SHA1
819b17a65b59749b273b0a9022ec78d68a4c84be

SHA256
00d40f438f44e716d06b36366b31a11148efbbcc48fc463509f8b9c449713620

SHA512
35a7a79280319df8596af014afa1eb7ab3eb9e95fb2ddd269979c32829b2fd0cf624a1b81d4af7f78e171fb4d12f2b37e72260d238cf42ff3e5ad53552781ef5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cc081a8a875861474a429ab76ad7ca0d

SHA1
99245cc9665cabeece514526d8472d20d6bbb1e3

SHA256
b5b6648c2fad5725b5c379c86dc87bf6aa801e70d9831c6fb316e008d8d7d0b4

SHA512
bd54792658b9fe22456020f7b7b0d36eb1ee8cccec3fb22e10a2a146bf74a77e6329c6857856a740f039ddef0511b2a3e51618a2e54b50e0923a45e691c670f7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e3fe52c3d9459acca84680a3c1da387d

SHA1
b59e22324207dcf5545696f2309d167d342e23f2

SHA256
8e93ae3b15ccc12e9aa00e1679daba093235d91cef21500b9650946d766e53b5

SHA512
224a58cb6499fe01eaaa5409f897f71595c4e703f1eb2d6bc4ff49abf3e70d4a2c716b6f8868e10227ab77652905a2691b1c0c5c9c326b17f1d115280af0c944

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bfbd94b6f3b3f6563dd244323dfaecd9

SHA1
81235945f321c3021e83cf69786357ae5ded6628

SHA256
5fe80b24692033f2c4b08f666cff17cef961bbfc9d1a0156ae557c4ee23b9028

SHA512
969daae96afe63bd978ea87258ca55f381bd569672eabfe8d2455fecd520633629fd1847fc75ab878d545efef7465d32b1c173235acfadfda36fcc1c4cffb259

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5cf18c942e200e95d3c1fc1871e4ddfc

SHA1
be227f541e72da2d88175f43c9397ac5eb1cf140

SHA256
08271e58d34b37819f065709a91d6263508a99bf5a77a34836477840bf04d00a

SHA512
71e216ddfd517cb4247bb034f246eea8e949c808aa8afe505bcafa8128892275e583c6db5cbd9046949f6c3ab901177a89fd38d090f766a6ec25a29735641517

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d8e21951962b1bd4ec9a7ddde70dc7dc

SHA1
413c513703e5695d74ce6a2294a07f106636d743

SHA256
1ce794fdf0f50b36388dedefa72a76392956c3532c86dcc74888feab85ad125f

SHA512
2f79d690f8abfaa04192dadaf4310ae5e5b086a2d05e3ea74c8a8201eb198d872facb41317bf8d392b8fd7796dbee86b6303d97f6d346b87eaec2040b560cae8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
82d74dde016ad084784d5b52ee8fd76c

SHA1
f34a11b116797078e0dda31107eda9713553d900

SHA256
619536f89f2e929435a5c27393fd569d70ad79eb4918b8ca7b3fb68cae246df4

SHA512
28aa7729b7a92cbf38351f89ac8204f0d9ab1b604c6872a3c21cca86608bc62e786d7f8becbc0f56308b3601632589a99495f700e52ce291a3faefb6f7c5a7c3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f3d55e06553ad78895bb4e1b259a5cb6

SHA1
2850b48d3993ea2b156c3e8d9f02bd2cf464adc4

SHA256
0d529907e5106a43678723f1fcc454b9d33744871a3050a45a0156938731b1df

SHA512
40acd19b83b949fd1e7733d957ad04e1b5af9a836d1f7263550d2c306681ccec16560317d31119daa0a4885a20862f54214453bba8f2a75e0299a79715657379

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1e63e6128e6eb327c71dc9d3dfddb083

SHA1
78c40ebf70aed62ed56962aebbdfee4eb8d70999

SHA256
1fd3a0a5ed1e5de53457f9f25f29d855763e4a6de4b4ce738b267b5c5ea04bd5

SHA512
c1347832edaa464df6f4a39975ea393b34df70f7ed9acdf50c34ae6d1c972b778fffbbf5116c4149b247a8ea04b9f08b409f63fb6107d2c98497e8020753f3b1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
31e4dd138b9f57b3ee6511f714acd00e

SHA1
e4867c23d052ef6178c4b075290a7123e9fb7df5

SHA256
37f88dbb48810b6a716766813932e4e487221a7369faf15be86c0d5a041cd993

SHA512
182f2b4ef4ceeb4acb6842466bb50cbbd8bba530b216fd3f0e556d6b4df3a7ea4e8c20e143319cfb072b4ea21261c08acea09730570a7c01e2f61ee76e1255d7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d35efd5023a13d9f63a2aa470f3cac74

SHA1
182097ca46151762d54aae7e798e38d314824fe6

SHA256
4e364f7915cdbdb68a397e761441b0c771c40d5e9c5fb83349f4d986b47cbebb

SHA512
ed27455e9b0782ebd7abfff0a751db3988e4868395d03695c96cf1fb0963eded853700a5506b2a6aa50e15888df487f0fab9b6a8c796708f3a0e325578a3a8bc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
12e18330a341e33fbe80dd90a9c40eb1

SHA1
520f97a581b34dfc00cd539e80899ae6dd2497dc

SHA256
bef879c3d050e7c418f77b2fca6784ce32aa1f41fd3389f78b313f8405f67214

SHA512
d28eb8be29a10f532faae901cbe39448f4067bc5861b5ee9f1eabe28e67ffe49ec4d17ebd5c77bd46b80e15fbc9705e6a7b814fed2f89b03a015a710772a76ee

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a0dc1d1b2e8b1bb1f851a856baed8ba8

SHA1
9aca27d1536a977ba0883ab5b3fa22c5f7ef5607

SHA256
99d7ab56bbfcbe9d14534d2dbb9f5c4b34100ab35cb4e70ed508d16b2a439fdf

SHA512
1455b8140be78009cecfd4d235929a7d962aab8fb8e6c22a0199737d393d0084bb6dadfc6b73a27ad1bee73b7cd5137edf89c79abc5e72aebb757ff3df1cab0a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ad9d3b9a838cf9e77f9384e92c3cbfa4

SHA1
3c0658e5fb4c5f346ba5491cdd9a53862b9bf057

SHA256
95155ff097943941cfe6c428647ccdb81b5ea261490bc0fb6263a35056b187b3

SHA512
9dfea1c1ff2f81faec676fd22fe24c0c0e3f6e328f3e254e7d9b9b1b8eb4f23b1779bb3b8147b490eef86f7efc4037b1ba619fe5af96be3974a3f63113a7d50f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5cbe339c4ed064d6346f413f21315c0a

SHA1
0bfe9caf0551435b89be6a0c84e2cde57cf3d884

SHA256
563dbaf694ed99d3485aa3f2e04644a8cb6921eca15f9d58b2417610b90c721d

SHA512
74b3a8d6dab014a1caa3ee6459eca2db11f3c7e0db582e5b653c2e35aee8c44073460bd07a8218d92367ea668ee47ffb8dca93060babcec62b6c59da1dd76d46

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c37035556169ae2d6a08f650f78c5f06

SHA1
cc3934194a5d1b63413fc40f07b11c1b38d3aa38

SHA256
6e641b46e5f89b049fa5d584a05f3c7141f8aa28330473b67ce8f586df377f29

SHA512
d3204d5dafb04d1e84cf9ac78d7310a0f9713b19ba5f9c87124af0447af7efb0596b83aed5aa2372cb7465b9c244191a2f7895cfff495c5adaff31dcc691f84f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2e6ad0763f0cae44b1ea529db3a14f61

SHA1
9b476d6d530693d0aefea9ed4d80d1601ea1bb9d

SHA256
249128940e469f88609ea1f9af012d72d45277acb9b8c6e025f3a092c259ca2f

SHA512
e0c3972e13b8b3a65e6f99322e5155b283d078a5281b37b977bea33dc6a43219462089ebd134a704dff9706279d21742127e52b1e2febc2e666291cda21d6e35

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f5ebb8272dd71212fd321d9ccf54e17d

SHA1
df0f9fa53ffe4b56f9eb832b6ce8a18ea8048232

SHA256
a37468a80a2f5bf4eda71fbc00c78579a1b9888662edc185041d7c7e438516c9

SHA512
2a7ced2a069b3b0fb0d0aaf76029aa56ef4786394a7b15763751975c0566d21747bc7ea43d4aa06612f4fcb75bb0d7f07608483b2d648b83b76b410f75fdd555

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b4236b2410bbe9fee1b448e0d0f8cda7

SHA1
8831f8c449a26dca974acf7ffac2c1d4fa8d1239

SHA256
d0d2ce36f16436c19a19ccbb2aa50f9d59475fa5edcfa3e0f9018cbef434d6c6

SHA512
0b99259e9f6cebfb1a15530ba9d0321234edb01c426f9ad69c8327628434ab52fda67cfd2ab92ff91433864a3236e71a9fe737e4c3763d7af49e8209752620b2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c4a8fa281b5e287dd6a2b51fe6710ae0

SHA1
529264b2a6a3080217dd30ff973f7563d82a05b2

SHA256
8bfa48f3bbd22a85812f5aadbb0628baa8d88d09507656c52b649acc62b963d7

SHA512
c8de039e79d10e56649ae6f4851f219fd03e8d32aaf6964e9de91cb26a8560715e03f9f9fd5ae3682c69292fc892076cd549a2d647ca7e2e3a62c23971297a9e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6ff327614e1843ac36de2ba80d276b3d

SHA1
bd0df5c71e3e65dfe8b8646ac16279e09ada92e0

SHA256
91c1c0b1b7ad5e473c37cca44ab79d54eeb99330d6aba38347a1bac45b9ab390

SHA512
0fa960d60465c6eed4e7892d003e734085d6ae0fed141c87fa9e4db906d4f97a857c36c3f0aa50034b9b19b84b683b56134392a7e43b4d1e2af29f1e290b5d0e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a5af52f5abdc4bfa32a711f52d32b895

SHA1
d52357328cb7d45758cd87d83fadcb1ac7c2ba5a

SHA256
1bd82d6b838bbd3d2ec8778190083306de9a7adb1661249e1295b492f9740b1b

SHA512
e37dc57a327c07c096e1b0d9ed0628c123eff8bb494365e53aefb7b93d6eee7f76536200e8c2e27f202047d86a03c32fd6bccaa454ab7ca73f869b0c6ca2c381

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a6f78d028990feb2bfa8705454066548

SHA1
da3bdc313c76c350175f78b6e0763aabf520df93

SHA256
625b8901bbd622248f182cfab5a6ea1c5be9183dd40422a1260cbbe423bced45

SHA512
6f574365ad633019033b7d5bbae70870681bf084eb6b387f563b32a5c1a98c9d9e9757838e8cd1ee8b276c72aad924cc2b8cd4df674e665e5f2a5593937a2e91

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e2345bab03fa90d00970570afe490998

SHA1
11c21b77b87c5a844f15382b0ece2902c1670c27

SHA256
f3dc3ec4f74530e269214a7c47df076827d921714107c4efc32c3132e889a899

SHA512
7aa0c7add129838273ad86db6f84936c3dc6477964428cd6e3a25157a097978ad6473514f6711e185be832a03367e61f929a327ac1083b255b4170fc6989a7be

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8e81fc411ffe380d2b2628e491cf0412

SHA1
3bea0186550c5faa9a7208ef018c82a7d79dd91f

SHA256
d4ccd61799e1abf545a839f835b55014117edf9e8234e7f7031609e284f05cca

SHA512
dac1a0f6749f7a0ba3b9ed919e834a0a5783bd1c9c02a054c9feea16ef2d22e6d42617a7b9de1afe57575e95ebb294ddf593b39f90fd73e1ac3ddf203765ef27

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2e9f8fba1e716921e4bce99cfefe4b4a

SHA1
3f390a8de469f55dbab0d485da6578db791542f8

SHA256
f01b4a06235a41830c53c3a60df1a17b5285a9d33b3059b3a8d659b2afeecdfd

SHA512
1d71b2d2c6178ec3bfd861b3392646b3856bc1afa77c31c54c52f637817545017788cc52d5898396b0a5f7eca4a8e2cbf582de7178ebb5722bf7a8dc24b5aef6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
484f1a2d5a92a1f77c7b336b9f72297d

SHA1
c5af20a0652680241062aea2c6405518fd446f4b

SHA256
a51c0a318748223eb477a32be34b063b37c57f75ffa62dc74cbcc571964d8075

SHA512
d1d2c2ea239d6ae6c7b14ccf70e516e7be0c2b25bcf2e53596522fdde93e4113f788ed83ff5e6a0d2009ab795b4cf1a9bcdfe30eca13197889ff4ab7e308e48d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\q7my5tn\imagestore.dat

Filesize
110KB

MD5
e1fd094219134f7f4384da09d010d8be

SHA1
6d7a322ac6e6ab8c39f839712a9114faa25dbec8

SHA256
b5e7fc4f0902ddeb105bb7793b68aecbb6d8a66390ddd5f162686a6d10d41222

SHA512
7ff8131c292a6d16b9e836c7fd7ee913f2ce9ffb8dc56a5871e7df298d80a26735d2ecb79236810f42e6494f52d76de970840ae52afd6c682879a0ddd4162ef8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\52G8PVLC\favicon[1].ico

Filesize
109KB

MD5
504432c83a7a355782213f5aa620b13f

SHA1
faba34469d9f116310c066caf098ecf9441147f1

SHA256
df4276e18285a076a1a8060047fbb08e1066db2b9180863ec14a055a0c8e33f1

SHA512
314bb976aea202324fcb2769fdd12711501423170d4c19cd9e45a1d12ccb20e5d288bb19e2d9e8fd876916e799839d0bd51df9955d40a0ca07a2b47c2dbefa9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IO0LJX84\js[1].js

Filesize
190KB

MD5
13fcf8f3ccf1f0c92f46d60908d45a5d

SHA1
c5e7c68c268b6a566804af8dd87edb2608bac126

SHA256
ec2e8f62d1ef343e7c6532837dc834ab9e06730ce40329bfcbf9b6cc875ff7a3

SHA512
54f3286020bd91a9a3f0e7b104845c03aa63c28b0f3304e24ae2997e79d4b9656278fc2bbbb5d39c4c1752a352627f2e522a4057a7b0f43a24905148eb1c69b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab28C7.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar2909.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads