de7c2dd3cfda2034d4e4e45734fa0beffa3168e1896718cb832c1e866aba6056

Analysis

max time kernel
149s
max time network
132s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
03/06/2024, 03:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9064b5fac77ea932107b56cf3c2bc5bb_JaffaCakes118.exe
Size

1.1MB
MD5

9064b5fac77ea932107b56cf3c2bc5bb
SHA1

0b88cd8b2a45a0c740d440bafeccbd8eaa35de1b
SHA256

de7c2dd3cfda2034d4e4e45734fa0beffa3168e1896718cb832c1e866aba6056
SHA512

7b29a337939618af26f5bdc4aeaba66d7a3a72616ac026b124fea81d8e226b5f6a39027082cb7a1b1a39d138e7f7f61171a6f09ba43bcf7fbf4f0a170553e6a1
SSDEEP

12288:usM+aTA3c+FK1vrlVYBVignBtZnfVq4cz1i5pP9kPQj:lV4W8hqBYgnBLfVqx1Wjke

Score

7^/10

discovery

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
1640	cmd.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 44 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{19E2F161-2159-11EF-873B-52ADCDCA366E} = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\searchgmfs1.com	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\{27F8DFC5-9ECE-4FB3-B679-B60CD08B7196}\DisplayName = "Search"	9064b5fac77ea932107b56cf3c2bc5bb_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\{27F8DFC5-9ECE-4FB3-B679-B60CD08B7196}	9064b5fac77ea932107b56cf3c2bc5bb_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\searchgmfs1.com\NumberOfSubdomains = "1"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\{27F8DFC5-9ECE-4FB3-B679-B60CD08B7196}\SuggestionsURL = "https://ie.search.yahoo.com/os?appid=ie8&command={searchTerms}"	9064b5fac77ea932107b56cf3c2bc5bb_JaffaCakes118.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 5002c4f165b5da01	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\	9064b5fac77ea932107b56cf3c2bc5bb_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\{27F8DFC5-9ECE-4FB3-B679-B60CD08B7196}\URL = "http://search.searchgmfs1.com/s?uid=e18b5111-7012-436c-8437-2853aa8cb13e&i_id=maps__1.30&ap=appfocus29&uc=20180427&source=Bing-bb9&query={searchTerms}"	9064b5fac77ea932107b56cf3c2bc5bb_JaffaCakes118.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000021177a0cd467894c8ba5e58eb3b7c6dc00000000020000000000106600000001000020000000ad0edc3d307d68a7067b06ed147c53bb837ca551ee6cdcc779ea81000c706edb000000000e8000000002000020000000769a08c81f18924c129abf684e38fd8cacb77f570fbcb78b3c085a98575ef941200000000ffde7ae33a3a211ce52a2e661bea9f2312888c631e5d124a92778395826d5bc40000000fbb6d49f02081a61b795a108938df4baf3094756063bb97dbbc82b4f174c4b40994768933876b872ce872be9f326ba26b599d75b18124b39963a27dd6ae38b26	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000021177a0cd467894c8ba5e58eb3b7c6dc00000000020000000000106600000001000020000000106d057ee10aa381baf9d2a0538a0a6912de76b8f046a1e0013dff035f546ec5000000000e8000000002000020000000cab427fab555e7a13fd5f6dfd81b6fd5a78ce8676a9f2ffbf7eecfc75b72233e900000006370998efc147d4f16ee12915b03cb6e5bc5077c733381db69fff70ea6ec6009560f9696e35e4578b754884fbfa105e21e270075c41943d9e43c3a14f86db4762e0e9bb055bb395ee9425c104c024a0614f63519a39ed3d8d068482e07cdd2b862a40a1edf0a7d8341e254b6655194a33a29b8f1e3ed8d00de68137bb9c5ce8b8cb6ad8b454d6ff0ecc2fcd1d963705d400000007a33e97841a3299962b39b352f00c60210b52015dbd5fcfd19412764c61a78143f166fb399ec93caa6c350ae52ae724727573b59108675dcc0663404edd2a5d1	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423547073"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	IEXPLORE.EXE

Modifies Internet Explorer start page 1 TTPs 1 IoCs

stealer

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Start Page = "http://search.searchgmfs1.com/?uid=e18b5111-7012-436c-8437-2853aa8cb13e&i_id=maps__1.30&ap=appfocus29&uc=20180427&source=Bing-bb9"	9064b5fac77ea932107b56cf3c2bc5bb_JaffaCakes118.exe

Runs ping.exe 1 TTPs 1 IoCs

Remote System Discovery

T1018

pid	Process
2900	PING.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2560	IEXPLORE.EXE

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2560	IEXPLORE.EXE
2560	IEXPLORE.EXE
2616	IEXPLORE.EXE
2616	IEXPLORE.EXE
2616	IEXPLORE.EXE
2616	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 16 IoCs

description	pid	Process	procid_target
PID 3048 wrote to memory of 2560	3048	9064b5fac77ea932107b56cf3c2bc5bb_JaffaCakes118.exe	28
PID 3048 wrote to memory of 2560	3048	9064b5fac77ea932107b56cf3c2bc5bb_JaffaCakes118.exe	28
PID 3048 wrote to memory of 2560	3048	9064b5fac77ea932107b56cf3c2bc5bb_JaffaCakes118.exe	28
PID 3048 wrote to memory of 2560	3048	9064b5fac77ea932107b56cf3c2bc5bb_JaffaCakes118.exe	28
PID 2560 wrote to memory of 2616	2560	IEXPLORE.EXE	29
PID 2560 wrote to memory of 2616	2560	IEXPLORE.EXE	29
PID 2560 wrote to memory of 2616	2560	IEXPLORE.EXE	29
PID 2560 wrote to memory of 2616	2560	IEXPLORE.EXE	29
PID 3048 wrote to memory of 1640	3048	9064b5fac77ea932107b56cf3c2bc5bb_JaffaCakes118.exe	31
PID 3048 wrote to memory of 1640	3048	9064b5fac77ea932107b56cf3c2bc5bb_JaffaCakes118.exe	31
PID 3048 wrote to memory of 1640	3048	9064b5fac77ea932107b56cf3c2bc5bb_JaffaCakes118.exe	31
PID 3048 wrote to memory of 1640	3048	9064b5fac77ea932107b56cf3c2bc5bb_JaffaCakes118.exe	31
PID 1640 wrote to memory of 2900	1640	cmd.exe	33
PID 1640 wrote to memory of 2900	1640	cmd.exe	33
PID 1640 wrote to memory of 2900	1640	cmd.exe	33
PID 1640 wrote to memory of 2900	1640	cmd.exe	33

C:\Users\Admin\AppData\Local\Temp\9064b5fac77ea932107b56cf3c2bc5bb_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\9064b5fac77ea932107b56cf3c2bc5bb_JaffaCakes118.exe"
1⤵
- Modifies Internet Explorer settings
- Modifies Internet Explorer start page
- Suspicious use of WriteProcessMemory
PID:3048
- C:\Program Files\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://search.searchgmfs1.com/?uid=e18b5111-7012-436c-8437-2853aa8cb13e&i_id=maps__1.30&ap=appfocus29&uc=20180427&source=Bing-bb9
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2560
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2560 CREDAT:275457 /prefetch:2
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:2616
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\system32\cmd.exe" /c FOR /L %V IN (1,1,10) DO del /F "C:\Users\Admin\AppData\Local\Temp\9064b5fac77ea932107b56cf3c2bc5bb_JaffaCakes118.exe" >> NUL & PING 1.1.1.1 -n 1 -w 1000 > NUL & IF NOT EXIST "C:\Users\Admin\AppData\Local\Temp\9064b5fac77ea932107b56cf3c2bc5bb_JaffaCakes118.exe" EXIT
  2⤵
  - Deletes itself
  - Suspicious use of WriteProcessMemory
  PID:1640
- - C:\Windows\SysWOW64\PING.EXE
    PING 1.1.1.1 -n 1 -w 1000
    3⤵
    - Runs ping.exe
    PID:2900

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

Remote System Discovery

T1018

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_9487BC0D4381A7CDEB9A8CC43F66D27C

Filesize
471B

MD5
64649413a104a68f24215b1453c0f483

SHA1
812e473c6a3401854b708a7ebdc4783d978f4936

SHA256
f9bfd29e008268f67e214e8cfa7e9e421ec2d46a058fd7d521f064e91b3c38ad

SHA512
fb748a37d9c8ff5070c9df4a5890d612a2be23f3242889d7e423d793a018a8701ec14042aa0d7fe9ac690766dab9a11e2107b9f96dcc38802a5a7ffb67a08c6e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
c936f06a204d992780f58b51c5977eba

SHA1
12c141f71dd27ded3e2c8b2666df86e7ba81d3ca

SHA256
74bc4c2e87fd6bc1d1b255c18d8b9c719a7427e7428921e0b2c9dd97e446988a

SHA512
6fecb3de7d93ce268442569f74303fa6d0e8b909da6e3c9d5e0bd9ff59c9d2a1d6e975ab713a218f019e29ca4c8420d3f38dfa957b6adc46cbbe1fa2b55ba779

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
5f8c89c8ef595f681e122b9c7742f071

SHA1
1d6d6fc53d414831675f18795b2b0402321f4744

SHA256
3fe7d056310e173348fd2850fd63144202f88e42b707958f1291b2d4518a396e

SHA512
583f92565d5511808ba0a572b174257d5ef171725c9544fec34fe08cf39950f5cbab30a7d6d619c566a64b9889ca02b8bdae9e7637a9c1e9101bfca94f33ef4f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
613296dabcf3efc2aa0d8da476b58787

SHA1
1b1690920a84a88ca777d6a5d6b336cda1393fb1

SHA256
0509a0eb86bd2cf42ace3a1ed241b7ee2d50c572e60343d90ecd20bc9ce7df5f

SHA512
cd10aaa47eb7c28f6988f6f78b682481a6d349a4723392bb31106b19f59d1699a999f1dc51f7ca0ead563382dfa86c61be579c422e5040a2d590523eb80d0814

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
89bb24948260b0d26bea6aafa1282df2

SHA1
496f27d9d2e39ccda4b805bed9370cddf13e6932

SHA256
4dc07c75b76221b74c560ca50406a84dbf3e4bf9638eb026a1bd88c9f1fa30c1

SHA512
65cc460713ebc3da66b8930ca3f8145c43fe63aa60ff4a60200c9c649b87f8e16dc3e1d316f394642471c4f801607820dcf6c1d041e30736f6f15d5424013965

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cb6644dcab9674e9baa9de72864b1498

SHA1
560bb19acc921657173c21d3d3ca227097a34311

SHA256
c56b97421b474be890150e07aef8abc84608ca3f74fe0e445905545b0dcb95ee

SHA512
5543bd5e8527c897ad7edf0c513c7d91e8313ae031dfd6b24b21c6dfa4397db55340b3e66854adf8fd374275155f2c7e629ff428eb4e4d378cbd911a2dd3505d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9d23fbcc6fd5c93905a6c0c3032a40c6

SHA1
71c0e0a9ac54afdd1f4a283ae07a6b3d00016a6d

SHA256
f4689ad72f5c9647e72d97137beee5d636447e45f05ab13ca0bbcfb107b71fc7

SHA512
d47b202f72125bc13a47146b94d56323261717d3442bb83c2963a7b56e62e5b6ddeb5056cde4a19dc806d067ca3205805b2c9414e737f44efe58a2b61bf7ecf2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c5d206c89a95c20935143b7388696f2d

SHA1
aba7f5ab5293415c1db934c808e318dffd380cbf

SHA256
d93e9555fde8a79e6e6e3528f1f56af25412068fbaee849618596510b6dc38b8

SHA512
6cc45656d41fd3f3654d048594b91d3839cd198a4fcf7abca177f26c5977e1cd719b599d18c69978cf959b76cfca5d582f35fe82ff28eedf979e5dacce0107d1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ed1175752c009c2b7e3db7715ab2c190

SHA1
d447c2ff8f4421d40829114ea9c8148b9117a69a

SHA256
d2c353adec7e43d0e2ed795a714a0e1421ff707a667e64d2b410e438387637db

SHA512
78fd5f3673e53ebab0c93f319d8ae84f7089f439342b203dc80aeaa1a7a36f5bf5d5bcd3665ec0fdc21652ac5fd1487be762c4b512bf765b465753a2b3dbac32

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cfcb932a8fd0dabaa8a7def3288525cc

SHA1
56a75df4ebd706c18336946fc1beef09167c6bab

SHA256
0c85f6b4713e99f09fdd5dd38faa305fa306e876612fbaf5b011aa52fe77c5a6

SHA512
8f101aaeb6a525de60345cccc2f0563db91eec21d761d25e4d0ea59571d8fc523afc08b9f9c9e2b03bbc77e2bdaeb6626fd7762285b3b4cd57c2b96aa451fdbc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0cc05bb1e252515e88000b1e686a967d

SHA1
80f02965fb9c577fa12b01263b29dc9ebb1f6d70

SHA256
799a6009afba1194c46c6086a37c73f5384e3661f1462d94c56f6af3a39b245a

SHA512
5e4e96063e8a1087f3dd35a8f641101cce7a735420bbc2081958310ae26c43702522e4b514b26800f4d28839fbfa51a4d80cb37f7897b380170934f454c85358

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fc5443a11c8bfd71edc3addf2f78f3da

SHA1
47d5a599fd7c84157f7e3def4bf616b25f3996c1

SHA256
2b674f13135cbde5784556f5bfb44414ffae6a02a7855e3db78da587374ffba6

SHA512
6a550b45bfc6708626965f3960633d365c5a65f1c46876eea90f18f05cdff084227ede14279a163d8782adfaff20866d54174781498b8dc1eab06a3ce67411ae

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4b989f28ee1030259cd5a8574f5e4fa5

SHA1
f4791267c65bb124c56702f336881be596ed0d9e

SHA256
b6142da104cef5c29769657362d9bb025bd49d126078631d2be7b458c3882277

SHA512
9445c957696b21587b730bf409c90ca4d9fea30854605b3372529adf32cc97b93c06986fafc34da7601eab46a7c888e85b305d8868c26effc4076c1221616a5b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
138b36b9a8a84c5f52f6bf55d57f6e1f

SHA1
ab0973309261c563e81692f1f800d2b60d6802c4

SHA256
16461ecffc73a85b26c23f80e8552d93d6e8000530b4f829932f14d8cc7425b0

SHA512
2efc872d09cefd43f22f5d3aee601aa079da897f5bb3bdb305215f2a1ef0afb6c457fd73651c7007f39db3319a01cd5c2baf6e184a2504e940742696e27a9e21

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9c4e5c4f6e0b2b944562e6e7861e3d8a

SHA1
6349ca5ebd0e67f5ac0cb625a6a9c8b494e33028

SHA256
53fb7b655bcfd8ac4c4188873fadec88bd7cc52ab5559d99d7e572d28396f8ab

SHA512
4c1b21ff054a60321819e1f463e9b5562d1df34063f6a8a33d62554315fcb03c72b32a47ad3abb1e5afa64ba944fa04e42070de8da99d17a135329e17f9b8946

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ab353c191dac4325c1b5f791a34b6d5b

SHA1
015d0feda38ac11d3faa82c71f5f25c42e66f21e

SHA256
cfc3341f4d941349e5c5ea5a55d4be79ee7ed64028ee42444a6ad861c991deba

SHA512
db18f432e275c89094862b110ecc043a637cadf04a2f5713df573c20806eb4b883347004a2b999333c209551ebde01046c70f95257d331ca4f8fc38ed301cd34

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
368d0d1d8eaddd9f495d1445fa85695a

SHA1
84067d28eab1f8853861dfff3349f447912de19f

SHA256
a3159d07ff84fa8fb6bee178e37ee59d8fe9addc8ed6c675fc9f12a186c531b1

SHA512
306c407e738a09d5d8055d0c3de0ad8a4a4d8ea2edf1b06d2d35a7d69dbdb3d6367ff5de1760df8e1b5aa9f10bc603fcf69fdd036eab0a7ea7ea87ff22dce971

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
04ba6f79baa8b2285c0231f808e8f0fe

SHA1
0f0f87493483f25b6093770a7528af531476cc1c

SHA256
b30cb0c850ce17907d57ad699b2be69ca3e02a80bf2344a8449701144bc8b83e

SHA512
764f26718c4504c84935bba2d690f04aaf9fd2e62370dbaf8c608419125a42e8229a6abe6c8a018df161f27d4549d1740dd026d59785e0c426764ce8dab8d9ed

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e105a1da797c4900c77214b98310837c

SHA1
7011ac398be6126099b33e734f786317fcd912b9

SHA256
7bc08152d3a8188dfb40a335114720dc1a9db6e6869a3ed71d4e4483ab12034b

SHA512
9991525028fefa17f685f63f0181ac1eac66305b4899cd37ba5d0b3154f3f8e602dab0c5098fcf3cbe87170faeec5ea40883827b8db33c888ba0a1b9bf4586ef

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8328203057608f3d02ab6e0193345293

SHA1
9e7cd56f546e18c4be3ce47e79221d52c9f8d271

SHA256
020f7ae506eaf61b7a2114199389b08b176731ea5497f801cf8e5b63594e638b

SHA512
d81f6e8b895425daba5e521a7eb482de2beef708480459dc6a8adb92082a5b6fa86cf41f9695cc6519162c4d6af9008a83c31642c45c7352d9cc80502afedc52

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
98219b4fef711a9c86eb185ac4e90753

SHA1
cd5723bd3faf55ed92a9e7659b681169aaff3090

SHA256
e9a1aeba85cb073497a47308761038fc95bc6b1f48338f489da03a1993f2facc

SHA512
ee2ba8ad2597b713b568b28ff5f95e5505953bd860b62a28391af74e9971c0cf48d4cbf443444cec6ad903235790c3a37183b82469c668f3c4d4cdb24fc71ebb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
aff303245ad6c3162ea6d8931912f5df

SHA1
895418a35a1df2aefa7eb375a8c4642b380c5e3c

SHA256
eeb50d67979c83aabb23749e7b558a0e275cf5eb84f30d161c6569b37f16b9c8

SHA512
bd1f9e949949dbfbdf81816d7f33cc9e9225db69c852151580f5aa997a2c842acf0e1da57fdaf43c22315f53ee90f7fa56fc30379c68e9c9fcec0909c704f268

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9a4c180154db45df37cf2ac83a38c42f

SHA1
6aa6078b45866e7415844141d7e75c25bf7d0956

SHA256
874aad79ff7c2ffad20e8260bad3547df2b305897b2a632907aa61872721abd4

SHA512
b91da0695df5817e1dffbf9facca6ce9e8b918ab5268449ae4a8ce47a0388274e3f912d975705bb28146492aadf407a49ae785ff042435f4ad0e4cdef4d0d7da

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c14628b03e33318d1076b33583eca24e

SHA1
6cd6cd522625f3bdbcc91fec3fa41a38404064fc

SHA256
8b060f76b11f7cc9810e51c755ab3beb521747ad268065cf66185cdee2046ebf

SHA512
f2a59284d72dc9db6347ff8180151c0e871df89b9e0b5e3488748f1849f9c2105e33c981f71e27469fd6dd52ce753a536270a31a0782314f57051a66a62a4d8b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3071a82c93732ca0ce22d4859f8b8a55

SHA1
5a9274b519cc66e1a16fe3a02812413062f39177

SHA256
8767ff33317783eeeaee67df748c6bc13a8d6f4da51da44ea3f5098c4ca1ce04

SHA512
64d7383b8fd8708fee9d9b054fedfdf02476d7b3d9a1eac0de904d20103e480ea364054a8fc763305f505546a34c793237e3e021b31670fbac961259c4dea01b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
840f69ef3384f38c1e526ddfb552240a

SHA1
60013de709c17ba1070ede301f15452a6f75cf10

SHA256
641b3a3e5827858a5fba35ca41d55dd7fbaacb1a5de084d3c029f7f97e0a6471

SHA512
48390b029e0034cd3715d22df98122bb3cbf78e8030f10bc251f8f30f1687f5b3826396867ad0633c02d8c1788507b30e4be9779218118883d7e405c5614849a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b5f69cdc2bbaeb84c0e7f6dda6e08c1a

SHA1
4573bb33e11601db8a3da3f9e46a6669bfe49c81

SHA256
972c3a3ade76df088f55a6c3d03d2b59c154f983410315feb6c446b6a079d7c4

SHA512
f946b58cd614a5ace3b26f0748f1b695f2859b128d418f4973dd7a7b4d5356531531e5618a15159a5442a2e9a64fd10d934c33a6c0db5ad4b835052b0c5bcf7b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7b0b5ab8e72d334f919a8c1f2066f3bb

SHA1
9b51147a26dc2ef82669945772bf32116621d28c

SHA256
7d6a2a3786ed465c9e71ba3dbf84e11e6076d8e80246842278d69ac05ac1127d

SHA512
d5f328f79859a059634823326acbe2e92b901debb914ea9fe3111743b88bafea7164496c0ca6fdafe2652abfa275ab624e96c162d85d0bec8075cd395efd05d4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
91321db04dafffeb7301f01c6e1fcc86

SHA1
83cceb85df551d9547b68c98fc155ff1f0a3532d

SHA256
87f1472c199af8c8c38f035b084026c16aee9c7d2acceca2f0088ab3e5030b23

SHA512
8c018e79bea00c7dbec5279386624b42b115b1acae5408272dde4b186c9b3f5b22d192cf9e6fb0a31ac7338dc6b21f111d0150b5c689390ef0717db124819abe

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d15f95ff831f68995a303e19d659598d

SHA1
e6703c74bff39593d2750d9a33bfbbb6ec4c4382

SHA256
c50cc3be58024dab197cd7ff65de9e938ed6fe5b8e8d6ca61ae02ffc69727c90

SHA512
2141c570ea36cf522631a5194e15a0b3bb1e49ab674f0e9a63d025a3fde8b382a0eb54502fe456ebe28b972d403bd8209cde5f52f29646724bcbf35794780e96

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
fd609469c818c84ca53b7028d3216c4a

SHA1
f0d5d25f596dc06a07b3626fc192699e2c6c861b

SHA256
98ccf3adbb5f967610eafa17dac36f0636fd59adaab385d208fa1c36bf8400c9

SHA512
68fad467f67a0bd1c3048324f7d70c06bebad5ec6b073f9c2028f6de5e41301f73ccc8fcca3a9a317e35f67873965356c6e48c3fe259166f8c39c2805cb1c5fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\3pl5scb\imagestore.dat

Filesize
110KB

MD5
eda2f8cc7a4aa5f409d3ad2c783822c6

SHA1
0ccd4f07f5988ad34e6c116faabadeffd2727c0f

SHA256
69aa74f2933cc0af56436992ea6ff6dcefdadd9cabef9b3b54b950073aafd542

SHA512
7713d060859363ed2c88c94961f8e89f2c77be734f1ba5bd00f392810dbdbbbb6ec03a2d29f045b02a71faa92024fd7cda4c22982b4e1a6bbc564480f9716806

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9ZQLLOZN\js[3].js

Filesize
192KB

MD5
40b010d9ac52fd3544dff2a68b6595e1

SHA1
cfe04cdfe4d6ddfda9ce398db80f8e55090f506f

SHA256
bbb671a51c0207585e601a41fcb69aac6bc64b13e14558a84d44ba98b704c157

SHA512
71e7628fe98bc89808600fc7c6b93ea52f01a1555c86dd5330cf048011ebdcf8bb516a7ec95f046526a96204bebe3d5dbb072fd828f99629bd592a72e4c95f55

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OORQXHVT\favicon[1].ico

Filesize
109KB

MD5
504432c83a7a355782213f5aa620b13f

SHA1
faba34469d9f116310c066caf098ecf9441147f1

SHA256
df4276e18285a076a1a8060047fbb08e1066db2b9180863ec14a055a0c8e33f1

SHA512
314bb976aea202324fcb2769fdd12711501423170d4c19cd9e45a1d12ccb20e5d288bb19e2d9e8fd876916e799839d0bd51df9955d40a0ca07a2b47c2dbefa9c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar25C0.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\FZT3F70D.txt

Filesize
693B

MD5
0ac15fc244c1c93357c9998b89adfd82

SHA1
5b04cd245163bba134d57eb86066895268f16c99

SHA256
27e96cbbf26167032859c0c538e3d9526272f0a137c1554e8f3a5a9f70656350

SHA512
dfd1a36011825cd076aa82a0ddfa98f07d16f88b48147d2326e23bdb9dbfac264e46e25fe9395ee9ac872fc0ce8497815810432ccab5c1ecc074df0c80eff2ae

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads