6063d1b23c871ede126233f8a9a975a7254286c29efb32bfada334289e5981f2

Analysis

max time kernel
119s
max time network
150s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
13/06/2024, 22:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a6d06abbf62a7c3997724adcb1f6ade8_JaffaCakes118.exe
Size

1.3MB
MD5

a6d06abbf62a7c3997724adcb1f6ade8
SHA1

6e14f216d49d911eff440a761d36dd4b6b8b08e2
SHA256

6063d1b23c871ede126233f8a9a975a7254286c29efb32bfada334289e5981f2
SHA512

1765e68fb80bf6b3f488180efb1c43e146c364067386fc73531b39d7d4355c6a098156f7655b307d12f0f35b147b7682d002569a6cc9b64f081f9d61c3c2b95d
SSDEEP

12288:siLJ5i7sJXx0douBjhCCAYi8c1i6oaeNSoeDlHsg+2Vasj0eq6:hspfjxAf8c46oaKeD5l+25j0t6

Score

7^/10

discovery

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2104	cmd.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 44 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\hyourfastemailnow.com	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\hyourfastemailnow.com\NumberOfSubdomains = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\{35BCB235-50E6-456B-87DD-AF6DF06341D2}\URL = "http://search.hyourfastemailnow.com/s?ap=appfocus340&i_id=email__1.30&uid=b4d016ef-30a9-4b65-886d-156922d1fe25&uc=20180617&source=11043_v1-bb8&query={searchTerms}"	a6d06abbf62a7c3997724adcb1f6ade8_JaffaCakes118.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\{35BCB235-50E6-456B-87DD-AF6DF06341D2}\SuggestionsURL = "https://ie.search.yahoo.com/os?appid=ie8&command={searchTerms}"	a6d06abbf62a7c3997724adcb1f6ade8_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\	a6d06abbf62a7c3997724adcb1f6ade8_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a807600000000020000000000106600000001000020000000168dc83fcfcbe2aa929075efccd0ec2c8e703648dc7b72f50e67dc9ef0f62e6b000000000e80000000020000200000003fb1085195876108e31d0bc00a8b0944b12adb4f27d6c84e3fd5ac5fd7c69228900000001351bd3a1c5c48b653702408419009d13f1d243acb4ad763aa14b2fcdf84df88794ab5f3bd0d74649fec2645bbe4476ca4e066f1efef4ea04d4a597baeaddc2bb9a77183660cfeeeaed2251cc426ef4ee7adfa41b620091e710169df820cda32183f0128054fe4834e07566c141a801730194078112b0f1125dd29243dd3d9bff3f4f267fa818ee8c2eda9f6d57c215b40000000ad2b7030d9b6bb20c3b3d3815a397cecb63a6b9a5264d566ca8e5c6463e0fec6f7c158f80d14dfb0dc6cdf93875566266360e41887d2d7c01bbe077d574a6e99	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b0a1857ddebdda01	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\{35BCB235-50E6-456B-87DD-AF6DF06341D2}	a6d06abbf62a7c3997724adcb1f6ade8_JaffaCakes118.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\{35BCB235-50E6-456B-87DD-AF6DF06341D2}\DisplayName = "Search"	a6d06abbf62a7c3997724adcb1f6ade8_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424478425"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{9263FA01-29D1-11EF-B489-E681C831DA43} = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a807600000000020000000000106600000001000020000000c1b6361e05b63204a5020a6ef467c1ed60ee0a1ea8993b3da798cff2e37ca2b0000000000e80000000020000200000008c58ec063f7ec0b338bda2c32c8abbe594c09bae607332ce84bc6fb8449fe0b220000000e9622bb9aee65de527796456a115d85866f10b526e034a2337d854c30986c1f840000000cd4683c3fceebe3e9e307159657927a34db6f4d7c3c1e32b8456e29e424e2c420fdb17fdad715ed2f89cf80b176cc2b25f5cbc86c0553dd08e06c13f7ea0f044	IEXPLORE.EXE

Modifies Internet Explorer start page 1 TTPs 1 IoCs

stealer

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Start Page = "http://search.hyourfastemailnow.com/?ap=appfocus340&i_id=email__1.30&uid=b4d016ef-30a9-4b65-886d-156922d1fe25&uc=20180617&source=11043_v1-bb8"	a6d06abbf62a7c3997724adcb1f6ade8_JaffaCakes118.exe

Runs ping.exe 1 TTPs 1 IoCs

Remote System Discovery

T1018

pid	Process
764	PING.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2716	IEXPLORE.EXE

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2716	IEXPLORE.EXE
2716	IEXPLORE.EXE
2700	IEXPLORE.EXE
2700	IEXPLORE.EXE
2700	IEXPLORE.EXE
2700	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 16 IoCs

description	pid	Process	procid_target
PID 2268 wrote to memory of 2716	2268	a6d06abbf62a7c3997724adcb1f6ade8_JaffaCakes118.exe	28
PID 2268 wrote to memory of 2716	2268	a6d06abbf62a7c3997724adcb1f6ade8_JaffaCakes118.exe	28
PID 2268 wrote to memory of 2716	2268	a6d06abbf62a7c3997724adcb1f6ade8_JaffaCakes118.exe	28
PID 2268 wrote to memory of 2716	2268	a6d06abbf62a7c3997724adcb1f6ade8_JaffaCakes118.exe	28
PID 2716 wrote to memory of 2700	2716	IEXPLORE.EXE	29
PID 2716 wrote to memory of 2700	2716	IEXPLORE.EXE	29
PID 2716 wrote to memory of 2700	2716	IEXPLORE.EXE	29
PID 2716 wrote to memory of 2700	2716	IEXPLORE.EXE	29
PID 2268 wrote to memory of 2104	2268	a6d06abbf62a7c3997724adcb1f6ade8_JaffaCakes118.exe	31
PID 2268 wrote to memory of 2104	2268	a6d06abbf62a7c3997724adcb1f6ade8_JaffaCakes118.exe	31
PID 2268 wrote to memory of 2104	2268	a6d06abbf62a7c3997724adcb1f6ade8_JaffaCakes118.exe	31
PID 2268 wrote to memory of 2104	2268	a6d06abbf62a7c3997724adcb1f6ade8_JaffaCakes118.exe	31
PID 2104 wrote to memory of 764	2104	cmd.exe	33
PID 2104 wrote to memory of 764	2104	cmd.exe	33
PID 2104 wrote to memory of 764	2104	cmd.exe	33
PID 2104 wrote to memory of 764	2104	cmd.exe	33

C:\Users\Admin\AppData\Local\Temp\a6d06abbf62a7c3997724adcb1f6ade8_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\a6d06abbf62a7c3997724adcb1f6ade8_JaffaCakes118.exe"
1⤵
- Modifies Internet Explorer settings
- Modifies Internet Explorer start page
- Suspicious use of WriteProcessMemory
PID:2268
- C:\Program Files\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://search.hyourfastemailnow.com/?ap=appfocus340&i_id=email__1.30&uid=b4d016ef-30a9-4b65-886d-156922d1fe25&uc=20180617&source=11043_v1-bb8
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2716
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2716 CREDAT:275457 /prefetch:2
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:2700
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\system32\cmd.exe" /c FOR /L %V IN (1,1,10) DO del /F "C:\Users\Admin\AppData\Local\Temp\a6d06abbf62a7c3997724adcb1f6ade8_JaffaCakes118.exe" >> NUL & PING 1.1.1.1 -n 1 -w 1000 > NUL & IF NOT EXIST "C:\Users\Admin\AppData\Local\Temp\a6d06abbf62a7c3997724adcb1f6ade8_JaffaCakes118.exe" EXIT
  2⤵
  - Deletes itself
  - Suspicious use of WriteProcessMemory
  PID:2104
- - C:\Windows\SysWOW64\PING.EXE
    PING 1.1.1.1 -n 1 -w 1000
    3⤵
    - Runs ping.exe
    PID:764

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

Remote System Discovery

T1018

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5586224f3d8e43f612e7b702a03581d5

SHA1
d8320647ddcf84bb02cc087eacbeaff9bac09517

SHA256
1f86760c95ff80d8631e0d976f8e9a09d14b78a8ddc8b251bba9ccf2ee6d2f42

SHA512
8878404a8d2361bdd514293fa8f597aeb19ae599dcf9e3c48e3e8407a5cda6e0e33918aba5be6ab9295a06053586a1edcd6bcacd1dc8d99c9338ea25ce0dfc02

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
565bf5952c068c5aff28f5247e2b2426

SHA1
256e2ffada9f24f437623a5a46ec67a1d195c29c

SHA256
45f4ed91f54cb22602a9d9d4002ac9d40669195ccd4540a99d489f1625568eea

SHA512
d0c20ac14405972eed40868567486911097d5b594007792f2da7f95c15c49641d072b9152d556caa9d40123413ba982a85ad0356777019b511ad3b082dc2f9b4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4fd533e8dcee6035a70b1d5e3cea910d

SHA1
4aa6d394ccd5b2f84922103b1f12bf728b407c4c

SHA256
863fffa2bbe944109a3ac54f3b292f84ef1fa495e063b8a3388f9ebcab58aebd

SHA512
0e929979b323d4fbf862b501966cff3f4687326d0efeec163a06901bd6fd8bb58863cc56b4d1174a6c657f0b32d4779edb05febb251cdaf95b9cedce5737d849

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fdd053799298b146e120d440f31d5af8

SHA1
5a50a3da00541f6567d5825efab8a51676dd5dfc

SHA256
eedf132ea0ec3a2018bc13c9143294d267669d43ff2e43fb8d27762c0c1a7f98

SHA512
638aa02e2780dc5be6e45811eac7fe5c6c3bd7b4eb6c04e55bc5571b6def74d7e3be9ce130c572aa566e5cff07ab5adf58ede46924d19a5541eec25e42cad708

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c7cb3c2b3d3353afe5fec5df0cc770f1

SHA1
cd6f6aac720eb9c711c0b0fdf26ee938d13d209b

SHA256
b6ca8d34acaf80b45868bce01e51fe7caf721359a5e57edbc647f7f1c0a82464

SHA512
8129841f990442cc10b7d1656408039c9c4bc4dafbbe0ad717d3eb1e2b29814ab243b1bb4278bc75a2368ee49abc4c5fc0ef4a9c13da9ff43679fa43e6db7100

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9615b95718472e669bfcbbd5e7e54fd2

SHA1
e0ca6a236ee248a58c001b900402b4da6c5759a5

SHA256
4330c94cf1c1ce0beec76d0f9e0853e1002d59f3d090c104f9c0a188fff406a4

SHA512
48b7634b93ea2abedca392bbd1c0b1f61d8dad0e92ea70cb14cdebc25da2d2323494fdcd93d920e8fcf8fccabe29c7f4af777288803aa96b1c3beadc2200e250

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ad1e3a9a7b1b3a0e1a80a543ecc4e832

SHA1
a97c8f36aecffd04986ea6ecb0837cfc301b36e5

SHA256
0ea3d3b1b11a27143f9e900431a7d0b5c9c7c3c8b727715b66be59e19c98753b

SHA512
e3e89484fc3dc8749ab336648e9a92c8bcd4418b87f161643d9ff81056315e156efe4def45f913856eac6e5c30d2cc4461a9b2f4da5417b6cc33f9372ba1e3a3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0b9b0e740cab5715fb8312b787bd960f

SHA1
2f5f04baeff3cc5863c2ffde5244b5f86bed7d74

SHA256
067ae5d26913d3318b208d9992f3ff44bee8fe4c1287777396767e9327a7e012

SHA512
92dc9f713898eea3ae90cbab3c18866c9e9037d26ae6709279f2cdda4253713632acc3ddcfe0e24c7a9e5e607a924fa7fdb11be67c8a2ecd205db46d87334258

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e1a979fb63c9a1966bfb60e3516863a2

SHA1
d759dfb9e0baaf5bfe344060e0c153e3b65d7e54

SHA256
d4d10cc5f4820836284bf71bb487982de8218fa5326fe4f67b20d37da91f2d60

SHA512
6b2454549c5f9843b59773987661f8b51f4849221b18d1025c974c26586d1682bfabd8b3dd326012b514bc097fa0a4ac016f7f00930b2053f1222173ca917e45

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f97745855ee66b2ec7da7e5c5cd7bbe9

SHA1
22513b269dd808d03db18d0c10989c5af990d2e8

SHA256
13ab8320bcc6dd0409273f063e0847c62015241c7a81a6ded575708458237705

SHA512
5de972db13852ba65a8e6e81c6bc3c08eadc61b88c84f25e34346dbb226bae1e1bce607a70aa786ab5cf54b2d139a754fb8233c716f9648c12895c2625c66835

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fcc4ef0cfb0b488697098b03463ee7a1

SHA1
c3f83a9a6fd3ad93643b9655596dc28c745887b4

SHA256
bb87b6f9f2e3fd16b1b399f84d623a68fa7559dfba6cc5e945cac587c28f4a3c

SHA512
5d0809ce7ca715d15bdc32d3c9e10d2f191cfdeb93f4303449760acb853ad9d35e190c8f1b4155abce646d0865272cfcd389d8555ba9464b3afff9f851929885

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
62f80e7beb23807781e6a96f205f4ed8

SHA1
f561b53cc3460665bc74c60ceabc1506ce4baf7c

SHA256
0cb8f634a6c8d07a092c6aac95de2f47a4c285836aa48c1147a86d5d29cb1aab

SHA512
18f455befe154cb918456a2ae3c4174c5026ca75a1a5d18ead5cb0d41056dae8fe16cd732f63142b3df545c96401cf4356686d6119634909cdbd55e7f76214e2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c96809effb021306166bc02fb86ddcc2

SHA1
d83ac68c04ab27da76edeac270434b40def5e1cf

SHA256
78f141fbbaf4d1fe11b8944806c90846366badd7b7c56e8d9ed4a686186148b5

SHA512
8b91d0346743aa63bf8beedc800800cb8eaf1cf4977063803488684962eb41f19c56663c670fb9b1813a64f050ad1f6b5e62d97377b162975d69c5b3f5597acf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
21b7b259666531a4c2d1ff98958038a9

SHA1
363f0b0dc196e229a3f8cf1a5bc5c8dbe2d3ef3c

SHA256
5448da27f88e65813059d3af6ffcb3718c1768887e82dd36242870996578ebfb

SHA512
dfef0fe0dcb1efe14a6e2bd688ce7a801ef39e514121414542cbec0555028701083417d6ccd1acd86f7ea868b33a07fb66a96bc85fb1898dc51f11bf77989557

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3c58bc2116390777c6e0ff55d2a0ec7a

SHA1
a4f921e0c0b2477e0290b616a81ed095686e383d

SHA256
d67544c0a4838124774445052d3c87436d638c3d331f7a321df6ebea08cf2ebe

SHA512
2a25f1f74d461b7293f4ca6072f8fb33768b1b5f5edcf5cd8b82ee0dd677cdf7c1a26aea197ca402ca17d84ac294090d75907d987054bb7befec0651d83394e1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b67c14b76c40c23a1df33a08e0643e69

SHA1
3259241c7bfbc19304bc98e8825b9415ceb14d14

SHA256
a81fd39f5c8fff1e3b937ed1d2f481ab505f64de2f362d5ad32113b918eb6c8b

SHA512
037a58eb5de6061dd953f6047837b737ef50e245783afa57feb45b2acadd8a2b426d2d8f64db14ffdacb303311f64b2e85939db54713eb4c57e72e286998cead

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
34202fd13e089bfcf6d3a52a543eb130

SHA1
2a0d0a6250836b2e1ed45c36a3049f276edf0707

SHA256
a1112e4a7b6675da51e0708818f5898febf65be803134fdf917c1ac8fe0b3b48

SHA512
954efd71924e4dff4f143a2549e9c01f9bddfcf5756a9cdeede359bc880f7cfec16d5822aa77dfb6255b2cb1472251cf74af6d58c0a15f4f0ac5e59d2f0b2dbe

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
75549efde9a16ff491a522b4d1f51253

SHA1
db964a17ffee3f78fe5227896e8599a308913cf9

SHA256
590e9d4f4449d28f6485d450dc2f76fe64a71c4970e58aa78000553924fd9e36

SHA512
4aa42dfaf785fd8168103db128420c7f8130135f7bf01651bfff8c3fbf287babaab9bf87aa29e5310c2f24f9dfe096740346e75a6631eda581ca630f8ca88f05

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9c57225fc2c54043bc150d27bf3f9b36

SHA1
d4171d4278c62a0136bf40ff17151be841fb609e

SHA256
02b70d3777c3003f9b0de95ada6ee60de3dc7bc941f36b54fe7377428c48f233

SHA512
6a24a6f5bd1dc748789d7a16b070191a0f4bd4320838cbe19dd2ecbadf66bda63c9854d0514c59780a28bf8ccac480a8b478fc66bfd22cba03cf6488d344616f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
648b3a1a481331c014bcf04d8ab71a1f

SHA1
f38f3d6caaf11d24385f02d39bcc707b1fcdebf8

SHA256
92d1ad038bda381ac37836c5e9fd47938ca6f9570050efb345be847aedb23b90

SHA512
3ef0b5ae41d2cdbc328553f17639edd4357bb9cc74d10b2423c163e0ed527df91acefa6ca9064abf97d32a4cb9d9ce96c108d5feb69426d8101d16143e4402c8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e86662d96dd88f4b64797db53a94bd9c

SHA1
b1fb2f99f098dcec28ab2d3d4b8b454ba5c55e9c

SHA256
9cb15f53a4f1fbd38d4fff04847b100a81a87e9102fbb047c7a8fdae128fc3eb

SHA512
43900757cba20d85eee2b92d3a1a918869a70c7dc5c77357d475269ba87070c328fe5712108fcfa17e26f5e32cbdca09ea4eece20a58147969a14bd04eaeecd2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
df6851c8a4562c5d9143f307acff77c3

SHA1
0e8a502c27a414b3f31b5bea592b99bc3cac0af6

SHA256
10c77d7e842bb7cb719c37d219d7fb44c5400193e06a3cf87ca76abcaded372b

SHA512
08e9861739ea487ff2062c64dc5232f8381857f51e623a6abbcd302353dd1d7471d3005fe44b3903f0cfb9642ccb1b5a885f46558562daccb5bd9baac9261d71

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6a34fd0addbd5237f4103606998c33c5

SHA1
7eb6488980c3cee9bf621c6a3fa12f91fa1da6d6

SHA256
473d0e786448da663d3299a4eb3c24a73dc545221000d0c9f4a1921cfb6062ab

SHA512
2630f94d656aeacd2817c112befe39d51f8d85fa0f39bc227fb96cc12db56a8ef89f1d102b42ca150b470189814a758755f5019b60b8a9085d7b1a566e60b4cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\c70czm7\imagestore.dat

Filesize
110KB

MD5
5131c968bc187a1fd063c950f1605f7f

SHA1
9c339c10795b8bdbac0b43146b0482cc36a25343

SHA256
44978a9114ad01bade097232b4c91456999273ce6bc673493a2a11d0733d61a7

SHA512
5aa142ec8273ece242473cb19d528fc5577610e66dab529696ab6eb13b42b3876a7afd66bf991e926fa1762729f3626e2937997f33c72e36ce5fae7c71ee6e29

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R3JK00ZJ\js[2].js

Filesize
194KB

MD5
b7ed99dede3373378e0856de9c7b9c63

SHA1
f5863e209fb62dbdb8a8b201b44cc93d2b6ca255

SHA256
90aeb92d2c2391905e2956f7ff1b8df281011e91b6eb8001ee775cf457d7382a

SHA512
f4201cfc8b1ed90b60e0e82108cb7c32ce0ae2b5b00b9dc8748e1c2f50db8faea8283eef184b4b24c057707aa1cef6772a4edc4c72f05df53df637635e1ab881

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z5LT06Y3\favicon[1].ico

Filesize
109KB

MD5
504432c83a7a355782213f5aa620b13f

SHA1
faba34469d9f116310c066caf098ecf9441147f1

SHA256
df4276e18285a076a1a8060047fbb08e1066db2b9180863ec14a055a0c8e33f1

SHA512
314bb976aea202324fcb2769fdd12711501423170d4c19cd9e45a1d12ccb20e5d288bb19e2d9e8fd876916e799839d0bd51df9955d40a0ca07a2b47c2dbefa9c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab8410.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar8442.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads