d517a8a91955875c02912f932392d7acb1a815a6c6be779d68430704da31be7d

Analysis

max time kernel
150s
max time network
153s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
14-06-2024 11:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a952d241f5301b3e5bcd642cf64bfc63_JaffaCakes118.exe
Size

1.3MB
MD5

a952d241f5301b3e5bcd642cf64bfc63
SHA1

72fdd0da7498f53c49b008332cfee0a406c2d4e4
SHA256

d517a8a91955875c02912f932392d7acb1a815a6c6be779d68430704da31be7d
SHA512

89e386246eaf10d45e26d546ff3ccc7ebf287bc997092be41667220ea2320a305b7d7035267beeeae4666970686e2d824c441d802fba00935e0bb88c42ea4539
SSDEEP

12288:7iLJ5i7sJXx0douBjhCCAYi8c1i6oaeNSoeDlHsg+2Vasj0eqt:mspfjxAf8c46oaKeD5l+25j0tt

Score

7^/10

discovery

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
1080	cmd.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 44 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\	a952d241f5301b3e5bcd642cf64bfc63_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\{FFC5885C-BD08-4337-9755-38A3E81FFD01}\SuggestionsURL = "https://ie.search.yahoo.com/os?appid=ie8&command={searchTerms}"	a952d241f5301b3e5bcd642cf64bfc63_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\searchffr.com	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\searchffr.com\NumberOfSubdomains = "1"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\{FFC5885C-BD08-4337-9755-38A3E81FFD01}\DisplayName = "Search"	a952d241f5301b3e5bcd642cf64bfc63_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a80760000000002000000000010660000000100002000000025ede9f05ae04425aba4a793d03f462d74f82fe1c61a66edd1a05da60f3eff02000000000e8000000002000020000000171c4c747530b49dbf2d4bb66ac908ad78848a0e5cc9593e21f5ba17b4e1ba712000000033daac728c48af99964011e5afdfc0a3f9a13da9e78caf596ac83177e0a7c30b40000000edc2b5bedb1604e230e72f371fc602d17b668558f895566a8f62e7da9f839bb3ada92ee54bba23d0e1756c263248dc5db62338eb719806735616faab2d5a69c2	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424524723"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\{FFC5885C-BD08-4337-9755-38A3E81FFD01}\URL = "http://search.searchffr.com/s?source=bing-bb8&ap=appfocus63&i_id=recipes__1.30&uc=20180620&uid=cf1f351d-69e8-4f8f-85d6-84659825acb2&query={searchTerms}"	a952d241f5301b3e5bcd642cf64bfc63_JaffaCakes118.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a807600000000020000000000106600000001000020000000ff57a1f672712eda050717d3fb2b22438be960debeff9c67c0f94b9bf172c37b000000000e80000000020000200000001da9d6d1fdf5e71beeec71ea184a934a9f32ec058f3174e216dd0ef1afd0790d90000000ddbc00039b24d85e7ea54e3783c754410b052adfb304418c246fc4db65d70f5a910e3d5e6218395cb893329f52ac945a6459a47fc47a12c0c243e81b950b6189f1666eaf3a6342ab37c75e761554349b08465b6b63448a03bf042a0d9fef7695b2c3de9cf7a811af929a3eb3a084c5954dc16e84992669226b084da68042a3a1e6920950e774372394d58638d4831f7440000000c0a2aa38571eec9a0c8fa5b11c2b98261b443ce175c976f76e2512c5ca86f25b9e62b9ecf6cea4f333176c9adc8badffc5497d5fadbd0918e45c3ce9b8d7146e	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{5EE6B3E1-2A3D-11EF-8B35-D2952450F783} = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\{FFC5885C-BD08-4337-9755-38A3E81FFD01}	a952d241f5301b3e5bcd642cf64bfc63_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 108b44364abeda01	IEXPLORE.EXE

Modifies Internet Explorer start page 1 TTPs 1 IoCs

stealer

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Start Page = "http://search.searchffr.com/?source=bing-bb8&ap=appfocus63&i_id=recipes__1.30&uc=20180620&uid=cf1f351d-69e8-4f8f-85d6-84659825acb2"	a952d241f5301b3e5bcd642cf64bfc63_JaffaCakes118.exe

Runs ping.exe 1 TTPs 1 IoCs

Remote System Discovery

T1018

pid	Process
2028	PING.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2584	IEXPLORE.EXE

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2584	IEXPLORE.EXE
2584	IEXPLORE.EXE
2636	IEXPLORE.EXE
2636	IEXPLORE.EXE
2636	IEXPLORE.EXE
2636	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 16 IoCs

description	pid	Process	procid_target
PID 2208 wrote to memory of 2584	2208	a952d241f5301b3e5bcd642cf64bfc63_JaffaCakes118.exe	28
PID 2208 wrote to memory of 2584	2208	a952d241f5301b3e5bcd642cf64bfc63_JaffaCakes118.exe	28
PID 2208 wrote to memory of 2584	2208	a952d241f5301b3e5bcd642cf64bfc63_JaffaCakes118.exe	28
PID 2208 wrote to memory of 2584	2208	a952d241f5301b3e5bcd642cf64bfc63_JaffaCakes118.exe	28
PID 2584 wrote to memory of 2636	2584	IEXPLORE.EXE	29
PID 2584 wrote to memory of 2636	2584	IEXPLORE.EXE	29
PID 2584 wrote to memory of 2636	2584	IEXPLORE.EXE	29
PID 2584 wrote to memory of 2636	2584	IEXPLORE.EXE	29
PID 2208 wrote to memory of 1080	2208	a952d241f5301b3e5bcd642cf64bfc63_JaffaCakes118.exe	31
PID 2208 wrote to memory of 1080	2208	a952d241f5301b3e5bcd642cf64bfc63_JaffaCakes118.exe	31
PID 2208 wrote to memory of 1080	2208	a952d241f5301b3e5bcd642cf64bfc63_JaffaCakes118.exe	31
PID 2208 wrote to memory of 1080	2208	a952d241f5301b3e5bcd642cf64bfc63_JaffaCakes118.exe	31
PID 1080 wrote to memory of 2028	1080	cmd.exe	33
PID 1080 wrote to memory of 2028	1080	cmd.exe	33
PID 1080 wrote to memory of 2028	1080	cmd.exe	33
PID 1080 wrote to memory of 2028	1080	cmd.exe	33

C:\Users\Admin\AppData\Local\Temp\a952d241f5301b3e5bcd642cf64bfc63_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\a952d241f5301b3e5bcd642cf64bfc63_JaffaCakes118.exe"
1⤵
- Modifies Internet Explorer settings
- Modifies Internet Explorer start page
- Suspicious use of WriteProcessMemory
PID:2208
- C:\Program Files\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://search.searchffr.com/?source=bing-bb8&ap=appfocus63&i_id=recipes__1.30&uc=20180620&uid=cf1f351d-69e8-4f8f-85d6-84659825acb2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2584
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2584 CREDAT:275457 /prefetch:2
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:2636
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\system32\cmd.exe" /c FOR /L %V IN (1,1,10) DO del /F "C:\Users\Admin\AppData\Local\Temp\a952d241f5301b3e5bcd642cf64bfc63_JaffaCakes118.exe" >> NUL & PING 1.1.1.1 -n 1 -w 1000 > NUL & IF NOT EXIST "C:\Users\Admin\AppData\Local\Temp\a952d241f5301b3e5bcd642cf64bfc63_JaffaCakes118.exe" EXIT
  2⤵
  - Deletes itself
  - Suspicious use of WriteProcessMemory
  PID:1080
- - C:\Windows\SysWOW64\PING.EXE
    PING 1.1.1.1 -n 1 -w 1000
    3⤵
    - Runs ping.exe
    PID:2028

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

Remote System Discovery

T1018

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

Filesize
1KB

MD5
55540a230bdab55187a841cfe1aa1545

SHA1
363e4734f757bdeb89868efe94907774a327695e

SHA256
d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

SHA512
c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

Filesize
230B

MD5
a97ba0c553a479ee8199e5f73e736478

SHA1
718b2cd7a7091db5384529760267a3acc9a3b74a

SHA256
b26d858b6ab4a67eb7358953c4a6699a4afc37fe7764660f38c80a82c7b51c1e

SHA512
a9e1ada42e8eb54597b77db0036e001fd535e60d3b3f7d464aa2743c57d81a667e4e17281f743e562febea2e7a8ac08f24af007e78dfabf0b6c08e1568beb8b1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\75CA58072B9926F763A91F0CC2798706_B5D3A17E5BEDD2EDA793611A0A74E1E8

Filesize
438B

MD5
bc1070d17f18df48594e1ebabf7bd448

SHA1
f43f7d63703362510bd47209bcc58fb769dba762

SHA256
d302c28963c56d8af2215ba06cf2f188e48019328631b58d2f5c896e6c567696

SHA512
d7ea0eb29ec317e37063245f4014431a2ba2dc4d186a421e927ae0b884247f0e5c4065a8b530e85f85637c4c2dcf920a08af8a23d0c1430c4632756a206e7d92

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
32c8e177add0f92e6015de071b23b05e

SHA1
3f02b2c352834cf22a9fd8a0c3f76e11c206be45

SHA256
16d410bbd5c639c1244ea10538efbec350b2143a5cb41719d45a84f821befbf0

SHA512
ac7c5825c75211d7e837f99bd0e1bf08ade8b40c8a19677e3e2bb67fc65357a6f171efe88a81947ac6107833f7aee3f0d2375cc9ec9fba055d9196438281bc8e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
faf3b0b7d33e5455925fa354a52c30b5

SHA1
da4100043039ed6778ee62f03ee9cac5cd1025e9

SHA256
f09a6f01e87916ae99d785437c20ce9c51c05e59443b8cf830663a532cfc58e7

SHA512
82da39c3d042c4a89d31f3e57cbf371dc6af831b64512d726f586f18387f68833dbe7889ba01621c548e8b2a0ca28e2824afe6e12dbf7cbf5f8594458d71013c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
32cfcfa639ffdbab90e69f3a631d2513

SHA1
76ddeaf97b1fb7b59cf355e73e9fba44ee0aaf19

SHA256
da2d112313cb344c31d52919dcbe151c6080a2d85fbb554994d09ff0ed86a9a1

SHA512
3919acb5c285acf37ec5239886d6ecb703a851269f6a76086efc458a610082382d1d2d9bb015f107894f8121d7732b7ab17084a9c09e395e4810d32142a9ec7e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
332acc6e848f3cbd2431d74380490373

SHA1
bc5b08a8edffad254b5d9883b73de170c7e59db7

SHA256
a375e73b157f6f531718434aa68f492a71940553d973e8cf99183004d18e4cd7

SHA512
6e03d2783ff32862e13dd02e0b786c5bf51ff3a67b09967aa1f719ac9ac6e69288ba3ca367b7d7a33482b7ef510e5a0efb9430ccf02a36bb3556387f4682f22c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
87410b93c9244c233cac820badbe304c

SHA1
3b671d7ff639963a902c8535d95e9d87b4ce5273

SHA256
367465c872eed86968e5fbcc8f51bcb4f525663b3ec77dbac2bc0e1d0277e13f

SHA512
e019084548fc86667ddab9548f3c56a4a5fca4d040e5b71e17845b75478ff4c0d7004214f2d6cc39be45fda21159387009334a9c50fb6c365d85ad98d053fde1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
023360b181a64db689070c56b5d3da68

SHA1
1032b33c17298e24e63d309c4481e128bb8949df

SHA256
3e491519ff7ce8115d4358cb47b67f93db3ac7b7180c6f97c32f80a45583f67d

SHA512
e371fe79263535d73d02b4ad4c2d0b0732e64f79de344ea81c2fac1e67ef30dc26fdca2974f2b672cbfa5541a34557bd90e6871c96e5cf78f17c2b125828bc45

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
32b92e81bc039c976c8b983d150eb7bf

SHA1
a89910f4b50cc4762677aeb09a23748043e4b03d

SHA256
5c6db98b29eb79b83a84b1ec2f2ede9fc51a26bfe518ec2a8f17e691ef1d35d8

SHA512
9f7156bbce6d0b599b2c6b8329f6a9f9ac476f7be011a97f854bd4637e06fe7c583f1ebd43e8240d2b55e6051d32f2be22a69f4d3e9f0bc52d4450cf0e9c141c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c47e539105bdb07ce064bea1023082d7

SHA1
ff4f57219731f9ded9d87d808530c26384fe11a9

SHA256
50e6093690874013b816ed342c1df9f97a3b63a4c5d18713856a9914f1661370

SHA512
2ad3d498346b24c49b63f45d2a336dcd0027476a66c6e73109106d86f79245d808b33ca27abf3b753b133413b11874475bffd6d2199009ba9adf4cd5eccc7fd2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
34151332a840470aaeac1353ce838921

SHA1
cb26e46addebf94224a6e2c0160bd1c78e31ed5a

SHA256
0449ed343532ba74b3794a64cc9d89764993cb8aefc7ff3c454c18b327eb2a85

SHA512
0efc37f49a2f714b0b13fffbddd7065271acdd24ccd33b9e46ef1ad2ac4f8089572316b13f5bd5c5595b4d6b51bb8c09bedf360e2a831a277361fbe2030616d3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ca6918695bbb09dccae7b48ca52ced05

SHA1
1dc827aaea3d6e3eeefa66aa6bf6d2f6f7aeeeef

SHA256
561f76c29ef6d6c5365bd0c65a851734c5aaa51ad43170ade5bd82f6115f3e5b

SHA512
dcc18e8b4ff61c9450b54ec41d36a078ca2056f2d1c81a8c68591f5d02614fd7a4a4d71770762936dbf51ed38dc4e9ad757e36eeb7c0595f7f6538d443f999bf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
353996f4e4d5eeffa1115b3bcc91957d

SHA1
cafc052007e172d40b43540b40ea819f9dd07c86

SHA256
49e750b32cdec2903b8a5d19740c92dbab517b2019fb026e3cb63ac15ee9bd58

SHA512
7b1cc9b014999c56c7dbf3d6c341f508bb634a01747906105c93c89b32aca21346bd59f01c72c1cbd6596e25e5dd211818cb7687ecfe120a08db3b7e2c1c4834

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b92e4d5248ce14ffba13b0d9c2003172

SHA1
2d069b7fb5782f342277dfa06a1fde327d5b6666

SHA256
6dd093f1c988df2cbb73d6ebddfa79b24d4f0ff53b4692373a874eba9ced4424

SHA512
6204226d56c9281410c7fd6a1a2f5721853b24e5f697dab10efd3f9f764db0001602f29bccb5db4072ac5f1ae234d29b969d8a7fef8f4e29be076ace4952ae2a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
653594e8a3cf507b41b68d8358dafe8b

SHA1
f505c16ba2b3f86a44a12717fbde5c42531deaa2

SHA256
d4be66d78c687c3183c76477d4be68fd25e66ae066b4923b99708db0184a575e

SHA512
f169a0ea786ef6fc00c7fbf688be981d2e13b152c316194a939849c1c903c7b1daac92f7362d5db0b67f72489cd4103b84f8fff51d47716c83368873ebadc8ca

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
286558c5d9c015e4228b20151fe54eff

SHA1
aa4f75fb81b6df80fcee6ef97fdaf0b9812875a5

SHA256
ca128d8160e79e5cbac6cac3b14ce01002df8ff67ff89e61fa4e9bf74f4a2a3b

SHA512
6a9cc3ad699ac85400428f84262bfa69645c899ff188b859555587abd4b6ae97ef793fc44f591641d2b25c6c03cf52cc89c3eead0b05149059bc61525a0caf7c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c8d8a8618b3a8df0346bdc50ef513070

SHA1
4f8ac6e2a04c19b67842af66158a3ce4dfc22688

SHA256
14cb1725aace68b4053f391cdc4930f752ff00ba5f6d7846d410aed162429059

SHA512
644b7b156f92570086b3bbdaf7c9197ecb00f93306c9684485543c5e18a1341bd5f1afbdaaee522590ffa4b94ef2dd4be4a917d6d972763ab55c5e0b93a7d545

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d09959b4f88d6b166604fff56de57018

SHA1
a5538bc3bb0b93208f56434aae71fb1706635039

SHA256
2209db4e4b0ff370604512b0f09b01b2e69c7842c80f6e8d918dcf2e52fd4135

SHA512
647860bb6f672cc703d845b6f7f7a9daefb79663b213a5de1587c1b689dffc4c968552117b0befc2f4f8a5bb5b9fb1d4046ed9569f9b384bea63718f206fd860

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
110f3f6d3e4878a45f531b146088f163

SHA1
4f095c31bea7f7a545335e0b191849a4862f1341

SHA256
a0732cd6808baa173d1d8b7eef3fce2e9a90caa0ed99515a9e6264225fe5b0a6

SHA512
dc72af9b93d51e355e9f27316e0a4d528fb2aa082ac78c5f1d43d53cbe99c3c778d4ec407b2f52f7b99a4ad87f8c8745301a0c25012fa3e6d30a84ed0c4d8308

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
49d269aad5be416e5ee9c62cd75dfb1d

SHA1
f741fd8b3ce42c476e7581836a2fd79d40f27ba0

SHA256
c9e18ff55d60f421938d833b3bf25dcc6f87975ed3c663000a8607eb92a4de4c

SHA512
fa57015c5c665cf8a0ebb53e23a4e877544c30973c64a829b45f72158d1335809ca13d7480d3d7379c02d5fe50dd52243cc587a0096e44ae0be9455630d2e3a6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1a697554ce82dfc98059e872d41d93a7

SHA1
08ed18a9e3e54e6c52e8e5fd7e70f7538ac6acbe

SHA256
e4517ace240c8d812c5de9bf34bd312975166b797192e536f0be1917f2011446

SHA512
b9cbe922f39d3595ace2306bd12956693fb271d251d2c02d2ab697cbe3cc256b663d903948cca7fd0083c581b3db3e0d17d58d94c0fdc73a9e297bfeaf26f6cf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
64897e57d523128dd0f0250e382e55f3

SHA1
d5d2beb0fb42251f6ed983402f9b389c0e338421

SHA256
f347f287455dd4f3b4afaf06a66308a97ace7eb595e42d9d8ae5d33f9f656f65

SHA512
134512da540dc564c5e8e5c6ac7b57c96e5da93595a13773fcb879c5db72d94dacc5cf42ffdb25467640998d1a96ad032401dd43b12f29f962f4fbec00ee7ed4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
df2e447f30eda3d2098a028ad719d8c7

SHA1
ade16ad3b9f01b894730867bd7ddcc1b4efd8258

SHA256
9a2d24efac5d60a3446c3c8f318b7821ed1c4a835b4df64a473513e6e6d8259e

SHA512
55ccf74188a7fc9114af1b36f27d5292031f9c15f9af0ee54fe3c7b8b506a8fa1ac0c5d5b1bafc3f80b50ead2cb3751d0e5315c2f0cffb92536bb8f4735731d6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fb9db43f7ccf8329087a652a112d79fa

SHA1
ddc06bff74ca9f84ca2b58d3aa0db7e695b6913c

SHA256
49d29440cfd22f9d59b970f56ebe710054940134cb328a56245fcb15bb653236

SHA512
82574353e662ad14876e2fb94b53096661d02ae556ec9efc5c974d48c58375d7bf635a9efe722682130a278ce40b70bfaf2ed5c374a52dd54195e50e762e56d8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d86ab87561ca14c28a3f9f6a28dd6cbe

SHA1
41bcba79bc5dd1e2763d656f879f7c90e4a139b4

SHA256
a984c6f7194e37cdcce81a21feb31879e0678e77e36b2d953c839f63fe96ea97

SHA512
22fe3997acafbc3d88ab616dea7fe799ae8f9d650d86b741820616e61232b8dd6a9289249e56c9990f95f92e885efda6aa901978c495724d5ab307cc6ada3a20

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
39f31a14c79f17f6b835aba9626d7af9

SHA1
0461cd80f13a3214d2ac08ac466b1184b6a75d52

SHA256
b367363dcf82b5859c170c95aec5651dbfb6578622fe3ec7ed18a73d6c54d1d7

SHA512
e4e3902c95a3544c14176741e8443dbb0e98f1dd2a29303a55c94c7aed0a09208e1bf49496609f03cba7de3fc9986e5ff0b8e90014029c668917113ec2bb8dc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e8b3b103715a4bb4f849f7e7a17db755

SHA1
903724bbe84bc7af83a3ce7585fbed6960c7cd40

SHA256
49ad127f97720d53128f3cdfc6a7a7092a7df9d3a1741cc4211847b1f5dad10e

SHA512
56afe234b22c0b1b62f330b2daaf7cfd168d62425237a9633583880cc318d09105a373bd5beed9f13328adf452ffe7eb55ab97f4458c5a3c08da34ee687626a2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b609424a6b58079ea6afd73ac587b4d3

SHA1
14a3df14eb9394febb0100118de33b184cd6c6cb

SHA256
8daf74106eaf02fc81681703d95589a3eae66ef5ce05142652a67f24aff568e7

SHA512
071298d1c0294c6e2969bc9a7200c4d5b5470b2b9f94dce45970fb4306784d4b29fe4a90127593bd6a7b793752648522714271df6c4db1533c76a1b570015217

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d7966358dde75a3eaceef67128a856a3

SHA1
300c7143d9055e99bf0a6ab4979586c9fc7030b5

SHA256
c0d8a3b141a0ff0a4d5752f7ca5cb78071712217647e5da04386b7f18e3007eb

SHA512
cbc2ab5d146fee4812c050b09448b03f9c244901a75eef542d5861fc5d5fd5fce556ae270a7a875ae5d50ad19d0bef8558e58f061ea761b1763fba6006e2d143

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f23174ee588f4db12f52b9a022568cc5

SHA1
0515f747c1cd403d24453f3dc001d1dec78fe359

SHA256
e6d36f6a76a29e47d9731ee12b85407a4d759e72ce46ee45f604a6984201a6d5

SHA512
a91d313eaa53a2b2344304186298140d520f56cd0c8df65e9871a4a234be67a00736e6218e7c6e17584e3299b4a7e1787bbfa81900f830c3701a7ed296aa9bdb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e9829878173eb06ef120dd44785191b3

SHA1
5c65fdd1b6562c65be0d2d9b9b953ceebc376085

SHA256
c677cf70dc227ce198e65e386f9b23da34fbc1d3c66d6c7bf590fa1566a32cc6

SHA512
0a08d7a7276827cab4fce3ec9f5dabd5b14b10760a1b89a3a83c93816a05498c501483e024cc4de0fa018c2dfda3913155fba04c0d69ca2b040064df8d763363

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F2DDCD2B5F37625B82E81F4976CEE400_7B6B0766585C28B689143E993A052643

Filesize
402B

MD5
f7ba0349e7163e6e21a4c2c6b10be224

SHA1
109e87c8045ffc3c717ce78123a3063625876cd9

SHA256
222e296c2f154586f93b4b3cf479ce80591aef3b257fe03e0d8b94daf76b7fb7

SHA512
90a37744dd09bfdc630792992f275a382825f026db03b2ba8288790a9d91944e9e141a174e2070527edffe58f529af31b69062276f5e06f7c118636b7599180b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\c70czm7\imagestore.dat

Filesize
110KB

MD5
3aedab68d9006fe88f32571cb675e979

SHA1
08546a31dc7d969b6e6e9999cd08a9fa0e2be52a

SHA256
1c72cc465f96bc2898eba59dd3eb67e40deeb11961a5badbde2cf7e7107d1b79

SHA512
5cc81c6a10a5c5c6266461ad942bc67776a08f4f52a25bc8136ea8f8d9036115cb92363776daaf59c07cb24a82e6e27839ebd4da69152ad226edc877a007c5df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A8DU897P\favicon[1].ico

Filesize
109KB

MD5
504432c83a7a355782213f5aa620b13f

SHA1
faba34469d9f116310c066caf098ecf9441147f1

SHA256
df4276e18285a076a1a8060047fbb08e1066db2b9180863ec14a055a0c8e33f1

SHA512
314bb976aea202324fcb2769fdd12711501423170d4c19cd9e45a1d12ccb20e5d288bb19e2d9e8fd876916e799839d0bd51df9955d40a0ca07a2b47c2dbefa9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A8DU897P\js[1].js

Filesize
194KB

MD5
c0bf16bb800a44391dd44307cecd653f

SHA1
2b56fb3eb72ffc480a3ac4a24aad61434f0e96ce

SHA256
2dbe0ea2964a72ed7900c9d44ca049df76cc14253e2577c600d1f2f5ed2dded4

SHA512
6c055ee23c9b4fcb02ad7b855c1ac8988b5a585266aee77649078ef974f67a35d0be7e6abdbcfed9d35cc9bd351e7c11ea9fdc82a4863be1e4888782c0a4fd25

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab7199.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar7258.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads