cea2f1e3b982a1d3e01b921083827880e41c651e7e6dc9eafe183ed738ed9b1a

Analysis

max time kernel
149s
max time network
138s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
31-05-2024 02:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

85b9d3cdbdb7f5c3b749df715f405133_JaffaCakes118.exe
Size

1.1MB
MD5

85b9d3cdbdb7f5c3b749df715f405133
SHA1

012a7cacf57b6d952c5b6c524ad6f52d018aa726
SHA256

cea2f1e3b982a1d3e01b921083827880e41c651e7e6dc9eafe183ed738ed9b1a
SHA512

278c911cc587d7e03554dd6f0d85147ebf40c73ce057db823fe6eb3a6761e2414e6509489e3a9ca252751c47eb181baee71e54ccc0e2c89ddd197741dccb7650
SSDEEP

12288:usM+aTA3c+FK1vrlVYBVignBtZnfVq4cz1i5pP9kPQjQ:lV4W8hqBYgnBLfVqx1WjkeQ

Score

7^/10

discovery

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
1744	cmd.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 44 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes\{5D08CC57-94D0-4C06-92DB-75FF4CA721AD}\URL = "http://search.searchddn.com/s?uc=20180502&i_id=maps__1.30&source=-bb8&ap=appfocus84&uid=1d488ab4-7a9f-4bf6-879d-e5473d717de8&query={searchTerms}"	85b9d3cdbdb7f5c3b749df715f405133_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DOMStorage\searchddn.com	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423283983"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DOMStorage\searchddn.com\NumberOfSubdomains = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 10895e6301b3da01	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000ffefb009e9b62148a96acd72a2507e0e0000000002000000000010660000000100002000000033973be9b727e8ec5a4e435107b6d3535719bef5788dd8afcc0d553fefb83254000000000e8000000002000020000000b6890008cf285d018ee308156227acfacefe771fc88f27d74f0ab95146329810900000002cfb4e8f4f7e609f79fbe71d6306da8d9f1d021cbfbcef09aaf0aab01f1303a5ba3f5bda7a7b5ea078c38c62ee3fdeb34f5acaa4124ba74650d39df2b8890879627282005b62ee509c0fb58e0104e20c48c09e6fa00444b083bcc59d92ecb4c97febb3f6b6231b9c3b7f43d11e6e92c5bd826b92551b4905331248a77ae04dafb8f51cc253d520eed1f8ee545a8825b240000000658f29470c1b5807157ff69a0ddd2aff6333eef6efccaaaaff31e2f8384e9e45b7b4cb3a4a19f4f0d17e50ad5265d547bcff1548053fad383ace9edbfd89c282	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\	85b9d3cdbdb7f5c3b749df715f405133_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IntelliForms	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000ffefb009e9b62148a96acd72a2507e0e000000000200000000001066000000010000200000000d5d309e78e57f299369b5de4097c592fba9dbff5bc9ae7d0e4222004b91e101000000000e800000000200002000000085f926da571be6b7e1d444de9da20412509043fa27f69b9786e1b13b7f16c76f20000000d2151967432af5fce95e65166b30edf15e8e5f254b2786920134c8f5d1dd8c3540000000ff83b42cd4e70f2533f01a5ea16e3d119b49190c22cc1f7df3f02dea6da1e2b1f7eebd053b6faee8072bdde56cc57dc4366f10d46118f13d5b69315db31b9d42	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes\{5D08CC57-94D0-4C06-92DB-75FF4CA721AD}\SuggestionsURL = "https://ie.search.yahoo.com/os?appid=ie8&command={searchTerms}"	85b9d3cdbdb7f5c3b749df715f405133_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\InternetRegistry	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{8CB16C11-1EF4-11EF-A339-D22A4FF6EED8} = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes\{5D08CC57-94D0-4C06-92DB-75FF4CA721AD}	85b9d3cdbdb7f5c3b749df715f405133_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\PageSetup	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DOMStorage	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes\{5D08CC57-94D0-4C06-92DB-75FF4CA721AD}\DisplayName = "Search"	85b9d3cdbdb7f5c3b749df715f405133_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Zoom	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE

Modifies Internet Explorer start page 1 TTPs 1 IoCs

stealer

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\Start Page = "http://search.searchddn.com/?uc=20180502&i_id=maps__1.30&source=-bb8&ap=appfocus84&uid=1d488ab4-7a9f-4bf6-879d-e5473d717de8"	85b9d3cdbdb7f5c3b749df715f405133_JaffaCakes118.exe

Runs ping.exe 1 TTPs 1 IoCs

Remote System Discovery

T1018

pid	Process
1472	PING.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2436	IEXPLORE.EXE

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2436	IEXPLORE.EXE
2436	IEXPLORE.EXE
2200	IEXPLORE.EXE
2200	IEXPLORE.EXE
2200	IEXPLORE.EXE
2200	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 16 IoCs

description	pid	Process	procid_target
PID 2484 wrote to memory of 2436	2484	85b9d3cdbdb7f5c3b749df715f405133_JaffaCakes118.exe	28
PID 2484 wrote to memory of 2436	2484	85b9d3cdbdb7f5c3b749df715f405133_JaffaCakes118.exe	28
PID 2484 wrote to memory of 2436	2484	85b9d3cdbdb7f5c3b749df715f405133_JaffaCakes118.exe	28
PID 2484 wrote to memory of 2436	2484	85b9d3cdbdb7f5c3b749df715f405133_JaffaCakes118.exe	28
PID 2436 wrote to memory of 2200	2436	IEXPLORE.EXE	29
PID 2436 wrote to memory of 2200	2436	IEXPLORE.EXE	29
PID 2436 wrote to memory of 2200	2436	IEXPLORE.EXE	29
PID 2436 wrote to memory of 2200	2436	IEXPLORE.EXE	29
PID 2484 wrote to memory of 1744	2484	85b9d3cdbdb7f5c3b749df715f405133_JaffaCakes118.exe	31
PID 2484 wrote to memory of 1744	2484	85b9d3cdbdb7f5c3b749df715f405133_JaffaCakes118.exe	31
PID 2484 wrote to memory of 1744	2484	85b9d3cdbdb7f5c3b749df715f405133_JaffaCakes118.exe	31
PID 2484 wrote to memory of 1744	2484	85b9d3cdbdb7f5c3b749df715f405133_JaffaCakes118.exe	31
PID 1744 wrote to memory of 1472	1744	cmd.exe	33
PID 1744 wrote to memory of 1472	1744	cmd.exe	33
PID 1744 wrote to memory of 1472	1744	cmd.exe	33
PID 1744 wrote to memory of 1472	1744	cmd.exe	33

C:\Users\Admin\AppData\Local\Temp\85b9d3cdbdb7f5c3b749df715f405133_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\85b9d3cdbdb7f5c3b749df715f405133_JaffaCakes118.exe"
1⤵
- Modifies Internet Explorer settings
- Modifies Internet Explorer start page
- Suspicious use of WriteProcessMemory
PID:2484
- C:\Program Files\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://search.searchddn.com/?uc=20180502&i_id=maps__1.30&source=-bb8&ap=appfocus84&uid=1d488ab4-7a9f-4bf6-879d-e5473d717de8
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2436
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2436 CREDAT:275457 /prefetch:2
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:2200
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\system32\cmd.exe" /c FOR /L %V IN (1,1,10) DO del /F "C:\Users\Admin\AppData\Local\Temp\85b9d3cdbdb7f5c3b749df715f405133_JaffaCakes118.exe" >> NUL & PING 1.1.1.1 -n 1 -w 1000 > NUL & IF NOT EXIST "C:\Users\Admin\AppData\Local\Temp\85b9d3cdbdb7f5c3b749df715f405133_JaffaCakes118.exe" EXIT
  2⤵
  - Deletes itself
  - Suspicious use of WriteProcessMemory
  PID:1744
- - C:\Windows\SysWOW64\PING.EXE
    PING 1.1.1.1 -n 1 -w 1000
    3⤵
    - Runs ping.exe
    PID:1472

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

Remote System Discovery

T1018

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
feadb230e9ac66f091a503f419b30f58

SHA1
34d3332e16828531ea6dcf6b88480c9a970288a1

SHA256
1ef64145f6a00f65a0ed8c77a64619c572d60b958ec3959ec935c97ac9291f6f

SHA512
4f2cf067cd63337a58e89b2b40b6a9e06552a400daaadf8720e318daccef4a33c54bf297b05f2280d7b87252131357d21c7e21e94ff1db686883f8d21cc1d6fc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
a7c5d1d63d8fd3c7361a75867a63b4b0

SHA1
6683f8767f22fea0e4c7d51dc5b3ac51ffae0e7c

SHA256
3335ae0675e929d7132ddb630def35015d965bae8898963dc7345d8f5fb179ee

SHA512
0f7e175a2a43a9f9c6a9fb470d2a6b8fc21c16668b87bf7510bdb510dbccdd6d824707dbc46225fb15299b5d56cc5e23a8a16abba5a86702dceadb765caf5db5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
015f4a905cc00fe10e6c284e59bd10c3

SHA1
5c3981208b34eb3721d267bb93b832aaf36bbc75

SHA256
3adf59f9e1a7f3ed052bf7210dcbb0d7f8222920b2de6b6a10da3b70ff3a5467

SHA512
d3f7781fcca73e8a43bf9ddcf7bc91303e999184697ab1960c06e874f784f4c25ebd1415a34294faa17b633046eaebe54911e7b2019feba025baabcdba7d8dff

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a25d825fddca9ecb46ab0062318fe72b

SHA1
1c9ffa59070f3ad189735f33c59cb8db666fe001

SHA256
522c87bd7b07c2cc504b908c3da6bcd537adb9789ac01dda6c11d1a370c27287

SHA512
798f375c3638e62148945f40236c3bb72e47ecccccba7dc2df7d33c72df1248bc7713d68e27384744ab950a71cffd46104ccd5872ab541387191cbcca6754865

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2ddc6604d52d9e04a7bcb9e0e7c02d0a

SHA1
12155f4024f9f20aa76b242df5e256a923677914

SHA256
6e3760437411bda6bc460cee1eaca6a9de11b0289c75d735315c3427440598b7

SHA512
42d1fa18a8dc184df8bdde4b7f5bc0cef0f3901ea430ee16c4ec3788c4635514cd1e90e19f70dc2dc653f6a0abd32f44d35fc41bf9788c494fdb2cd723406a7b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ad9b79cc11fba9830fd035d55be0c243

SHA1
41da15dfb00e9980343bab241bec410133dc5843

SHA256
90c97c543409e330c6caea206ee0320da27ce12fa1c5813ba4edab4af80d228d

SHA512
41166cc3e23f8e423afd30853929100b5c811df72313f865b93313d0c7bb0732357eaaa4d62b6cd3f97baeddf4eccf03b2a4fcc445e649eddc140c9ccce17645

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
74fe96a2f9c120f703faecd16776712c

SHA1
5162659bcb416d9f062eb0f89a238c5f26041c5f

SHA256
8fb1f5576964a09fe5d16026ff06901229060d8da078e0163fb24fee92659246

SHA512
337466f2241927835827d461d5de2c5502d20636a038a0da87fd2b1992d0e7de8809bec0828d9af9f0f9088dc33c578c46ca0e20ad42c3995bf4add1e5de1713

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
69d49d1bae9eca9147aa30e5a31a1c28

SHA1
363d5e2b12e675deb8e11d1efad0dbd7fa301065

SHA256
d73dd4fb46a428384e51190cde531d2f0f2ee24d3a21236d034bfbd986c8b724

SHA512
8a9745189884420ce435f7fa87443e6c4d935be4a55604f888c7996391216547be16ba3d59736ea16830f235c2b7fa758cabec4f06c536ffe43cfc550c5bf2b0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
161a0d64875d34aaed6ca40a1d727219

SHA1
e493b9f60a1fb68fc4c99420ad155e1d1fd7200b

SHA256
8ed187776f2bf4cda87e139c3a744e61138e209a4d7661065fee98a21b8b9a86

SHA512
294e0747b941daf6447061b2926640367751899a7b0f1b08cb1ff75f09860a537647ae40d6beec693ed74e28ddf596fb1191893ec124094c402df8150b403516

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0892f8fab93890656c3f8d843775374d

SHA1
9d4d683db9e87e8a18b2aff03962a5be8b9eb46e

SHA256
193f6ce6c42b22a243a31a29065ea17e5f92d1237310df1b27944de6854d17b7

SHA512
b0de4f0fd906f5745323c602aabf1b32356a10832b366899524b017f2e917af97f7ab75387163a03ac7634bff6d3bc8139fe836560945a2cded801855066e0c7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b4d24760a0f9194a0b94c480b55c9a59

SHA1
8750a5bde31215288905dd4abb064d7d08354224

SHA256
1820be6359e62e9444fb127e192e1f3176d0891b8cf696a8a94c3793fce08735

SHA512
d66cb3e9ca5a72b1aa50825418abf4b0da4f40b1542133a57ce03079737a898c9382797acff8737668e6a0719c449ce89f72e287c1b0b68f4cb3bc9c23c803c1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
21a9a8a1b6859c49709d23aa433e931b

SHA1
10ceb53ede94a75a9d9f2f0449ca9a6c573dec47

SHA256
05fb501824de48798d6d721e696f33ee66418117a3c73a287686147692579f8e

SHA512
e945993db64eaa36f8ce17ce2ee719012d50e772083e7a7237981c29110f95f8943ec086c33086c0e31756818532c90b2dda49d8789985afc20f628b5a352a2b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
972854d68833ea2386d044f95767afb9

SHA1
a59e8d4c4148a090c79bc4c8b58edf2416339c48

SHA256
753c034995294a85d47aa95444359432b57d390a194c102c339c4781e70cb99a

SHA512
dec20611bee94c2caa6230d88c54854fd9734eeb28b96e8f7366970b04715978f2dad2d37e08707bcb495cc73b7d6be93b7cfe3a868627732ce2330525d4e420

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
68a059ac33a3b6462f15339abeacf682

SHA1
cc8897727ee3e7daa11ee4fcab62019381b94eeb

SHA256
bc7f80f83de3a1b72abf44f9fd437909071a1260bcdce16ee68aba1542bc184a

SHA512
69495d7a7676755f03e2542a78c356f5fe84f122a30c658dc6e62e0175f797c49afcb55f3fdab0f8c90f9a8cd0f77694b70d8457f1839973dbc05f94917c5535

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
913dcb08c0a87e39d0296d1751b759ef

SHA1
44a087e82565a67fbb58a734942c88b082c72010

SHA256
8762f37713c147e87948e84c555b22855abdfc49354044bdabf1eec77b3cf9e0

SHA512
24e9ef982710227660b512d8ccda3a1a553a49537d7359411937493cad53a38d92afbef27a0a81c1261f4e6206c9fcb594c8922cad8367e7969e5b5e15282ab7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8c2164c03a7902a3fb91588e2b21f138

SHA1
f1e10881465ee0c8f5d15ddd8bc34aac6ff770b5

SHA256
4d7d08fe6a28ffffe27a48975b1aa78f43349932cc11bf19794dbca3b41c010f

SHA512
9d2e29f3f363d0bf841eb9b9d28bfbb4afd9daa65b1cc45d46208d7eb3675fd3236babf5210a4c1c61d39600870fa6d34e9e80b5654bee83f762d8ab34cf4971

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b18751bb830d4af124c12234a34c030a

SHA1
5bac1ab2589e80a9e797d3461cc0bb399c1e84da

SHA256
cba9e6d9db2b29ae88851c806886caf45173853e20b1e490f6eae4ca50e87d56

SHA512
35ff0e6b2ecd745659f2f7847b6aa50d5d0712af5f30dad624ac02910bf2f37f67f56dbc50e36edac986dabc9982a7f0899096abfe96559f8c09ebcde51abf8d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bf436c78b34a27ecba6d464f817c05ec

SHA1
a48f5787252d77129fab24212ac64f0dfc224de6

SHA256
c5897a8ce85708f9e56e857f0f1a8d47604d50ee82f85107e9cd5d0a43e9d852

SHA512
8849e5a62f2dcc1723182b7fd2379ee5edc276d480fbd8e3e349b6f1615e45151cd1e3fcc2e7a612de5c3309d763dc2e25ec84ae50a72df082e26327cc3adb68

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
719646648a2f84d08529d3dbc82a2023

SHA1
75f661c8cb6f3f4211e2445c10e61d9b4e79c822

SHA256
30968a113443eac65228377fe3bf008ac857d0f54c94a90fcbe989bdf40448cc

SHA512
fb12244621e482e55686f49b308a9ebce619845cf53872b13353ab6aa32f9732049d3dd31be29d8e741bfa92771b172519835103bcaa9df225ca1e8a6c802fc7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9b4c01b54f4515aa9ff2e701933b931b

SHA1
a71234b618fc353d4c53dea6b53ee102df40a3b1

SHA256
0a7facb487d00a08ffc289e9d3a4da3e4159a20b64026a992572503f7ac6b5aa

SHA512
713e2d00d572773e38eaa35159f77ba9156fc9ab17517bb3ca672881b9ab567c8d441a8157d060f1874e33cd9713de15083564a3d1942fc3966a4720cbde4b21

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9646b52d1040248a01b489bb71a27487

SHA1
c8d6a13d52b4812c90f7e460dfebfe45b42b6c13

SHA256
68741a86efdab926568a230fe75d35566c14974305c7fe7bb1bca0038fb4c2e3

SHA512
01f11be5ed7e7e7a9a23e81d8a55d13ac554d751dc1a5af5e739ca6b88a2c952ffec933253f4a1a90c03d2e9286afadb2f990c23c05e04e5eb03e470ee651d5c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
96fdbc55ee8d63f7ee22415b7e59107f

SHA1
ac811d322e3bb34eecf053e452c3aa960133fc80

SHA256
34974846d71527a9315936d43155d6a1bb044cca2ad2e8b1e0265b806952f93c

SHA512
510ce9fe2024b5691f27a561605d3764123c343e1b28cf78174866c49250602d71780e72f302ebf73aa8df91e7240b574dd2e88d8eb7706d2c8fc47980ef47df

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d43441577767005e0ec965851d57ed6e

SHA1
6de1e3e6449b8d32961855de841a35f25f556783

SHA256
97a8c0d6ed8dd69e8edd184b3fe4c5a403158f4258f2b9ccfe3b156760fbe2b2

SHA512
ef0f5af4cf9d75413edeadb334b12966a4e258caf1106ba4e4edf0e6fb4dae37232d4c7ca498a04006a1bd83ba0394b597aacb82de918ec142168ccc34e46292

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
03eb2c7614666d86c7c77862fdf20b29

SHA1
b6390bcff10ebf4bc76a736a9acff7042cffbc75

SHA256
cab6143ce02843e5ebd1de47bab08e38dad77e84cbd79f51b885afafa7d1573d

SHA512
f47c9db85f7eb10ac6b785ff7c3232b30eeb6030e36fd7089cef4d18ea37175af1a0b1e069d98da2292e962f94697e81312012092dac87a9a4643d88c109de66

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4d5fa86dc6cddab829af4320f599cf09

SHA1
4b242b3d8bd1e98481174a745f76022543842a54

SHA256
c15b2f329afa038fd7755d0dd9622b873cb472b0fd5609be65c0a8dd50ddd879

SHA512
9982669ed51da21e82faae4ed23963a5d726328b3ca01bbdb9fb7ae81e32293a487fd535d97427eb2969d16db59ddd670e79c00630cacd81dcff43e7685cfc7c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
31c4cf6e037d75b4920ccb44bd993373

SHA1
92ed0ce1a667a5a4cb356bc6e8e4237afbc3e186

SHA256
b803d6e8ffb423205e4013d699f5c3e4ee07e7afd26465ccf4d685bef43b6256

SHA512
47a2c33c234aca872a467b9ca9799f428c3d84829ddef7b20345d45cd422cbed813288fc885bfaa20a33c645bc1211a92be9c54d4c2f4f9080c374c05f8fde3e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bcd4614c9e20b6af6bddd7ed0d22e2ae

SHA1
9e49e35db102bc83b91988751ea9c923d3ad6d4e

SHA256
510791748aeb5d115d53700da0c790c657d0431ea048d4f89f0d83d5c7e61539

SHA512
b899b1dc673280d55eaf53462ea1b036b7f8b02df10b0ca55556b7cd58eba6995c6ec65726b607b7a13ff20ab9bf17c2a4858d527082b026517a14a1b1276d79

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
ff0c2c77c58c48964a35fbfac9e41076

SHA1
db07b5dfaffc811ddcb52975fe0374502b3a2ead

SHA256
230f21c7902151ec0efd44b41d6b862c154b8b94c5c00f9e3de2f95cbde5aac3

SHA512
fd91ec50527d3edcb2a20f53f44e1da279f4c451b1a196f2ade58b950e4b788b12b7ad86e3d4f3d354022ac806de6a8f7f921476201598dac012b03a9df95ebf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\92bocja\imagestore.dat

Filesize
110KB

MD5
1ec7aaccf1f9e63a7c95c758d377a9c8

SHA1
6b1b3fb43c94b925e020547dcb8f3c1a6980f3f3

SHA256
fd834cf78dd0576aa1c4a571a2b4d0875b050dba27e0c8b135b03497adec8813

SHA512
2de5793251ef2ac988c7d96d991ffe6d3323736dd6ab66a83fd3d9d658c902ebeda79dc5339ee45781390dbf52cec515401b0aca1d7c1acd651cfa2bfb2ed22a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\902LKC6A\js[2].js

Filesize
192KB

MD5
350875eee41d3aae910ec1be68292ec7

SHA1
dd8ea29996f560b7a587da355da3488701b948a9

SHA256
c99f72e7a8d9b0412212cb2a8277edf19b498f9544809d5fd2dbb1cfdfdc4c64

SHA512
547da32dcd85a81a106e8cab7dddcaa52fd20717932571e4db2e3501c8c3d7b9866918aa76befaabcbaea72ccb7611de92b8c1c858cdb357a8a7ae26efede000

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OOWQLMJV\favicon[1].ico

Filesize
109KB

MD5
504432c83a7a355782213f5aa620b13f

SHA1
faba34469d9f116310c066caf098ecf9441147f1

SHA256
df4276e18285a076a1a8060047fbb08e1066db2b9180863ec14a055a0c8e33f1

SHA512
314bb976aea202324fcb2769fdd12711501423170d4c19cd9e45a1d12ccb20e5d288bb19e2d9e8fd876916e799839d0bd51df9955d40a0ca07a2b47c2dbefa9c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar1D57.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\A7MWW95A.txt

Filesize
761B

MD5
36c58a0af7e9014b8e8df2ab1e653c6e

SHA1
529da592d38d7c8816cab788761c1515f20036e5

SHA256
a64eb81dcb86535f970c9f79dbbdf94481225447d0df79c038f1ba925b1b0977

SHA512
3b52c975864cd199be2f161d12eb5a52c4f88a22028e5964c2f4cc12db2bcbb4598e99750a210f8a9df7a02d1082028a84f35543519d2dfac155535dacf6212b

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads