hxxp://gg[.]gg/1b4o02

Analysis

max time kernel
118s
max time network
118s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
14-06-2024 19:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://gg.gg/1b4o02

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer Phishing Filter 1 TTPs 2 IoCs

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\PhishingFilter	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\PhishingFilter\ClientSupported_MigrationTime = 0824b00290beda01	iexplore.exe

Modifies Internet Explorer settings 1 TTPs 43 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006fb3d087c4ee9c4bb22550fd83a03905000000000200000000001066000000010000200000004a60f7642ab3ac4019bb6899da97f66b9f193379dab55e5c6c61e73cc45a9a3f000000000e800000000200002000000029b14934723a3c5c06b85d94011e176ea2708edac1b0a5cf54d7dd4a0e9ccf19900000009d1a48a38bbaf32a45a3c6db892de5f0d26bfb7a0973ddae5419f819ecfeaa4c967b90d97bfe1d42218f9b7bcad62f363254e56142685ae06b23dfa039447ef0cc86ef9bb40c6aafb12d604a530cc09a2dc03c061605db08855b8196d52d36643e480377c2dc6d64dd1749208f8d07b84d0191893a9933e79276ff460175f98a94b654080f2834a1aad6c6e23b254e1440000000c01f42cec04d60245fe097070b56aa808f58a0c619d6722a3e1e4a0bff31fe201667cfcdcb617d42bbffde142dfd9d889752fed54ae7c8747202d2b748327fb5	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{3956A9F1-2A83-11EF-A490-4A2B752F9250} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006fb3d087c4ee9c4bb22550fd83a03905000000000200000000001066000000010000200000002729029a85640e356a2df50206125ca075ccd0638fca6493b39f6947bba9cf85000000000e80000000020000200000005806a1da11f924860e984711fa1bd84628f2fcd8e1f34afa510829df31e91069200000009e5b59c46fbb90049adf4b863ed9ef2fd86893fa87541ac4c99e533794acce1f40000000efbdb7a688a6aa059bfd5969b1b1866a9a89115b74763b3d8ac3f7624738b9932a5fe35fef3434f5900e5ee68d0c892fdef73d49a615da3b149da1bfeae75975	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 60be321090beda01	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\DownloadWindowPlacement = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Cache = b104000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000_Classes\Local Settings	rundll32.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
2688	NOTEPAD.EXE

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2336	rundll32.exe

Suspicious use of FindShellTrayWindow 3 IoCs

pid	Process
2108	iexplore.exe
2108	iexplore.exe
2688	NOTEPAD.EXE

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2108	iexplore.exe
2108	iexplore.exe
2304	IEXPLORE.EXE
2304	IEXPLORE.EXE
2304	IEXPLORE.EXE
2304	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2108 wrote to memory of 2304	2108	iexplore.exe	28
PID 2108 wrote to memory of 2304	2108	iexplore.exe	28
PID 2108 wrote to memory of 2304	2108	iexplore.exe	28
PID 2108 wrote to memory of 2304	2108	iexplore.exe	28
PID 2336 wrote to memory of 2688	2336	rundll32.exe	35
PID 2336 wrote to memory of 2688	2336	rundll32.exe	35
PID 2336 wrote to memory of 2688	2336	rundll32.exe	35

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" http://gg.gg/1b4o02
1⤵
- Modifies Internet Explorer Phishing Filter
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2108
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2108 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2304

C:\Users\Admin\Desktop\loader.exe
"C:\Users\Admin\Desktop\loader.exe"
1⤵
PID:2172

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\Desktop\dope.dll
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of WriteProcessMemory
PID:2336
- C:\Windows\system32\NOTEPAD.EXE
  "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\dope.dll
  2⤵
  - Opens file in notepad (likely ransom note)
  - Suspicious use of FindShellTrayWindow
  PID:2688

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
0905580629d85fb977cf48d4681e5086

SHA1
3c7bf678bedbaf83ca720ab00fa9e84884ba8009

SHA256
72fd834aa73e1523e40a415313d7766832dd6497ac0a5d4cec9d36e852b248cd

SHA512
db9ae7da2801083074e54d499ef7741f7120b9a8abdd87c13e2ceb35520cd7290a4f06b6cc9c0c1060f01fe2cc0bd95b8d362029e0df90a68c17f197a50b02f4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
724B

MD5
ac89a852c2aaa3d389b2d2dd312ad367

SHA1
8f421dd6493c61dbda6b839e2debb7b50a20c930

SHA256
0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45

SHA512
c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F59A01A8B782D93EA6991BC172CEFFB1

Filesize
867B

MD5
c5dfb849ca051355ee2dba1ac33eb028

SHA1
d69b561148f01c77c54578c10926df5b856976ad

SHA256
cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b

SHA512
88289cdd2c2dd1f5f4c13ab2cf9bc601fc634b5945309bedf9fc5b96bf21697b4cd6da2f383497825e02272816befbac4f44955282ffbbd4dd0ddc52281082da

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
a4b012d9d9cd107abb140c7969894e0f

SHA1
38f2272c6be76a5006535fc6fbd7ef99e4ab9a28

SHA256
d405be588cac037be1c2c45a8b059e1d850f4237f490cae5e7a73f705cca1d66

SHA512
a5318c071efc77af94bd03d395a390d77768384d3dde2865569b2c73e6f130edfca44fca9d9c642b3327a6d0354b8f057d0dd196b034062d5076678c61969b7b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
d8f1dfa0ae3a45b7071d84d399c2de5b

SHA1
7c4d3c803d11aea82f31e6bfe59e28f89a6467fa

SHA256
493527a509f3a4ff3ade5e704bcd7919bd284959581bda93be772e1db7770742

SHA512
3e68245314baf07e42363e59d4deac65919d2def19334016d0c70a410ecca41b6e2aa6574e2fe97e8f7e72900b80dbf6c078dc3c50a4a0c7e8398f647227bde2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7258831a3785d2f677a20d4f02ab8a2b

SHA1
5f31c9c2fd83c6aa83e80954d41ab37c6677ce4a

SHA256
bd8173c5e9d41807635ae6226da5064558a6aaf0f50cead4e4d29d8b7080bb69

SHA512
952aaae58fc95922f8f3bad82a0b678f66a1d8273ce042a99c00120643ec0cfaedf433b87275f392f68cadb68542ef9994835a42e5f44246ebb99a8d5b97e3ab

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
47ac9b73edeb06338b727b96d0579ca4

SHA1
2c61aa39b22aec604b48c2757c89e97a3e67aa3e

SHA256
40b7d86b642d25728685ae0a210071e7c53156f10a1ede401d73cd780a79078c

SHA512
b802e01d8fce7f9ef2a77f7ded20067321eec2053a3034984260dc2698744d578eb6891f69d7beb8076b80e2919bb3cd60464dfdaa4d04cf99513125e71e7211

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
85c2ce6a10cc81e2a73013201732b071

SHA1
75d8e8db6af50cfd66417c467f704a7062ce08df

SHA256
dd79ab915a7c38e31180b56e447708af661b14c459acf5c56279a50e08915f4f

SHA512
fee3870d77546153043ca1da97164af109ed922ddabc495fb2d75ec6057421331636d3a6e05e2653d986d1ff6db5604eab5406d75f386cff8a217173fd138a65

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a128bc7b3f0dd62ac1931e0f153654b4

SHA1
ad58d2c8346d8e7e12d663774ae6c61be1748769

SHA256
ba08b0ccc995b93baefc783fce3945b1bfbce69b711b7e75f54f6cd1eabe1e40

SHA512
68ff0ebe16963a6ae9eaee350ec53990b98f2e3e813569f494eeb884e04d4b9047353e8e357d5a50f5426ccc716241da0fb00fea163f8898ffdfb9748b51ec53

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
deaa415b6378ffec2550b813ff783693

SHA1
a4df5db1396fabe9194438e8bb4081c13572fbac

SHA256
d068067abf05d1adcf8f877a1945c768af3ddb2252d9bfefc0d6d4de39aab399

SHA512
65690ea90364c88fa1980a169e94f60823f71946fdf0c6c4de0f26b315da272a6637e728e7b62733eee5ea272474aab276c7f462a1e25f663d1e8f1d1a3c6e4e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d0c85eb22fb6d6ea87d53a7c6dca3b89

SHA1
3845fd8ae37ab9ec93ca2d7b2ba2ed5f803e6ba6

SHA256
354a678698e85fa64e833463d6363b9bfafd0cc0db4ce77a4cf76dec1455a3ee

SHA512
01aa7e49d2d7f334d9b9e0c82ea539ae276d9a1be562c8136cee75324e4162f4320520c5be5e909a195b80c28ac38091dfdc868307db6f7213c03f1267686347

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ec67f6be9fd352cdcde2f186f4ea4d42

SHA1
dee3905a408311b319eabfb49a9807e2ea2402dc

SHA256
6578af9e62975acdf80c40889348db0239251578b9ec35f6a876ceaf8e2fbc9b

SHA512
83bfb6827c574b3bd3aa8b610ac8f6d251c17d701a896a7e1a2f4310e7e500d5d03526bc085e4813e90793fa25191e25d0a33ad93d1702b968ec6dcbc2e913cc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
faaef25daeac9e09cedf4dde3e908b6d

SHA1
870810e0032e82e71ce721c7c9d0607a85e808c3

SHA256
a1c8d2997e8d91020e12a8dfd84be21199216ec23493d4660807a5bbde5eb92a

SHA512
da8800f38381c695462d6474d67d3b8a9989700dc507131f1e3101bddc64a29a8d83f1835f0759e1bbdfe179e9312f0fcdb44f1de1b01cc2f8e7daa3a3d01f02

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d1fcf27c9601b04fdc69e10fc63c376e

SHA1
2cfc30c3133623d75b83cfc2fa80fe429c990e5e

SHA256
464581f24f54dcf797cd69ef93ae2f778c40d76d2d84219c487ffa6e3b5c7d14

SHA512
011b79f9dfe088ce68a6484a09125d40867af2b3862de08c4f92fb69a6ff2a36889bc3bb2d4db9802c909af31f58970e4b71c87055274d166f3dc1b1d73ad66b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
abbc20814eea875b02ab26aaa72ff81f

SHA1
4063992aacce39fce5503177a2dc3c68d88bc0f7

SHA256
47a6b25ba1369f9fabb29f5f47891c5590074427aaf657581421df48a03cb606

SHA512
55cf39920ad9d58590bfaa48f92238a47272e864a6cc062817771ba7826bb1946d59ec98eac5a57dd1013394f4a3806fea5f994ece7ebccc2f6c4d98d10d3ff5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fa69340cd2dd2942071798e76f763f32

SHA1
fbd51efc2d8676392ebfc70847d3c4f1ec39089f

SHA256
9bf38374155e7c08e4a848416e678b2b819d90369bb99bc18b08b7cbe9089f55

SHA512
2511340e4a8a2fd4dd67221a6646aff0a9b1653e322b7fcb94d006572e3d35fe7fff07cd7989e4db3f821c1a32e062daa9c5d67165b825c1831e0b65850c0bdd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
da08f3a91ca8d45c99693452cbd41ad5

SHA1
5583aadd5508a0291e1c8fcb60a788979101d9e1

SHA256
1129494a4b8cb053f68aed6c2ecc1ba65b2a19212e4ce91c60ce9cdf0a3d8786

SHA512
09b576c6c35780b7a4f71785b342ca2af7fbdc5749d4deec93a7845e83db3154d60d997755a8130a4ff534e257140755e8f348ca75cb8f4f6a2e1c76129dd1c7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8c4a87f74c71c4e5910d8debc6620429

SHA1
7bdc65440c43a61dfd073d8abf496513360421e0

SHA256
8fc815a9741ae10602603aa6b1861cfc5e229da0f25baa365b52b1cd3cf2714b

SHA512
a6be8ee90b18fbb4fb5983300b8c2146cd22d8284b4b5abb6bd659fbdfc08d3b469aabdaa529fc132872024c35689d7dd8e57b4a0eb7d8df1067434101b83639

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
18ae91afe5f96e6c00ec9a0ca93cd303

SHA1
2cb3587699aee1792ad53fd3a8d3c9ae7cb627e0

SHA256
ace6ab0388541043eb43661de21fac498f46c4d2a41b9bf3c7d100daa60ac6ad

SHA512
a075a4c8f4568303e32602653b1ec9ef2ddb6ff552b4d66541b034b9ae7cfe916c6bd807414f9e3b92fcdcff112aed24efa2c561b68301a2b3e306fd435c612a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1a44bef47ab578d73970dd90420997a9

SHA1
938ea896fd5d801e957b6abb26095d745e451102

SHA256
aac01eca441a8dd36522414a42b66dcc78d999268d26cbd113afc53f5fb962f7

SHA512
9ee91932dae73399975509e9c3fa50d389791754349bd044cef4d9a18f0b76eee564054ba9ced0ecfff2de1b822fd6fb1aa2c1517200440d24b58dc2c3668895

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0b14f09774a6c984e54b81f206432efc

SHA1
95452f1524bc3e6cb20d24827daa16f780636769

SHA256
3ea6dedf13d7293c1ddabf0652ac8aefeeb09196ed309ebd10a39833c90af303

SHA512
401439c172e5c08d8f70839f8b2d1b6d159044ea86f079938993508924a85cb1d2ef409f53828569327cf674dabe3c6bedaee6aacacaee8c86edc88efffdb146

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
412a195e7860cdff223ae689484314e7

SHA1
41318a41029858ceab9a06aa79cdb42c52572792

SHA256
9af6cb7cd11dc88b2548d4e6df58536528595ec7c237c615073ecd0edba8ba4d

SHA512
89bc857522df94116f3ecbd8693864e728d9689188e65b0d10b48b83262a4aa8221e47713a35267656c46c7653721824cdeba2ab23684df526269cc432466608

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
70dc15c8614e0c190c74f9f7d0fae7bc

SHA1
0a02d229910b30d9eb42e5915f8b2245a4fc1b62

SHA256
1e5fa9ceb4121c72c3217fd6da59102c25f1375f313c6e10ef6307ac3b519e56

SHA512
39d9c524a426c63c3c3e70c2219daacb085de7ed0b503f16909a9b0ccbd7466544855812e713043519ad27959278d0a1e6f6e0bd3504c8a83f40fa5f234cc2a5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0e7c463f928b5b622e2a51cf53f0cca8

SHA1
8938e1fc603dbdf2109841917e9fc2742560d1fc

SHA256
c74e72b4b8c5e238002e598932a3746e6127abe30fd2c19f2b8555f9fd5722ac

SHA512
32076089a68cb5ef39915d72964daa0597fe311fb60bfcbfdfb95578a75e7aae627be2c369bd267dd2513d36b21824a3e9f43d4ceeff44896bc33e5468d9b979

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c2029f08c1fd8cc4db866d93aa1c3fdb

SHA1
c1170d354e90c854a682499604d6807ccfe19b11

SHA256
3961aec7af850c4fe6b41af3901132a53527e8b50667a3733ae19dbd2eec439f

SHA512
70be9d85e217dfbf1adffce7b5bc9f055e7fb35c850c2e34a24b6989c264402f4b8edd4aebb64d229b1ad821410f9569a36efeea0827c41a5a9e257ecdc87ca9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2f7ceb5b89d0eced2b5cd37a52d9d6d2

SHA1
547ab80d3f6d02c2edfbec46cc5a7ced0b436f8a

SHA256
308f62a9e19db1d93a7c6eb91f03f1f1c101faecdde5aa4bd719b6b3243e9d8a

SHA512
6a620cd85fc06bd2e96adc0a62272618cf601b526fc88c9a71a41d5e40a3a0d242827c21eef22da6442f4e8e7e38c1e6e6ca7b049afe52416e8c54b8907d429c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8d1e1c749a6daa09a3872c8a7ce0f640

SHA1
946731a5f4a598d66544e52d996be2f5b529c1e4

SHA256
14e2ba568e9a477b47393da0aa7b5da4400f5a8520a9b4101b75529ff8a1ff6f

SHA512
3cfd807255bb8e41e02c458a1c6a4e8b29a0ca88577036bc790fb7d76b3b1723c8538367976572dd331a7ea3a8b1ef1a148e3eb7b6adeb2acc3a0859f5b3dead

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f50c1f9e9c16d878031e7225aca0e0be

SHA1
8e550bed94963cf4088b582c48bf020ec18363e8

SHA256
f7d258a61fef5bd4e9ce618f3117ab6fbb8f829a3765c585c741efd4822df3aa

SHA512
d7e961014ba5824eca64ba286c7634a67e7126e4ffa5c175b1e115084beec534c9749e90d6b2cd9de6db1d392a2d890bf38021683624bac566ecc7ba86fa4dbc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ac3ef04e3f78d3b6a986ed6e3cf9ac13

SHA1
3c698c1b28fc9e0055f54c08181cadeb7382f2d3

SHA256
5b2387c382f2aaf4c34c07dba2b1f1fdf79694fa5bcc6a1a2c8e32e1feb6a1b2

SHA512
460fc42e09286a27b2ed381ccc6f831eace9831009153d7c0ac355b9ff52fbd9ec0852ebf8a24171d9b36a7a5092f8c643e7e70a701d3e68eddf32eba149ddda

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ef3d656d9b2d2ec63b3bd789f7de9b9f

SHA1
e5907ed73a7d0e3a5ac5ff142f0f97baf9ed927a

SHA256
e6c27a7dbe99e516930ce381c2e69ad4f7b9ccc16d2d01b349815b33e7acc518

SHA512
19caa8fbb8953428d0c9755f3d7dda7b0817b1d990f5f465e93641e160b6edfcf1657004ee93428c1b3f24fb7fe9302b4dfe21ebe20c80638653fc100c6111a7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e08a075517400c44980054b43d999e03

SHA1
df14c56defffa63b31e27ff1662dfab48aa459e7

SHA256
5abd44c816d239d2b7186f93e3fcfd47668181266263d9bdafc1657c4b6f2f89

SHA512
1800791b7bfec9b358a85ab789933affa3a7b00049920f7704f1b88ef8ebccd968d9d4918fab7d07ad7475a5334af478406c66ae5d24345b879da2f8b9dcd2a5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d5b3f1e4f620908ee4086f21594a33a6

SHA1
22d6ac8f4aaac324fc50e5593f5772e996946a6c

SHA256
98934658de00e4f70e32b3a8281b1ed9de970afe1d4cef2b27b67c24b63dceba

SHA512
b68ef856f1849afcd69cf7d613b43dbb80bf54e17c91a899f07370249d9d2efcf53a50dd95ca758ba8108a7bf19a528c62805f10c891c1d79576e19766857491

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
59e4e3a554126cb205e58add2396c6ed

SHA1
d979dae5a5bc11166c503648a3354388eb034944

SHA256
91d5961880f149d5cb96e679a8dc6d9866b4b9ce6bb1f6d71f5ab60665dfb8b1

SHA512
ee53b86eeadaa3b7f666f9d6f73a27303f166a217ac0aaf99c5f0842ddc3e00bfd6f47e771e9d4826dc9b4e8f45167bb804080509bdbd351c34d7c049758afa9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1fa7b7a5c957a6867c17d4f2db55deb2

SHA1
1c6dc48ccd80f114a5a9fcece9ae62821c8ea135

SHA256
cb25e563f5a53bc4f84b916c19f9b44881686397dea28391792735bb0893759f

SHA512
4d56b3f032cfef258f5f2013aa6978eaaeab03d3ae63d0cd9d10dc56ad921d156312256500e5884f806a32faf5e92613cd50ad7b9c5438286d3bc7fb6e8a235a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a6832aa0667b572f5931cdd90f1f42cf

SHA1
869dc67cbc4d6dae3eb7e466d7f5d76ee71f2e82

SHA256
6dbf78ff01ec5a320e15f11b73e90f2d87a0b734ca5b87dbb549fcfc5af3c9c7

SHA512
7625a96978ac9e96f44942449998a1cf42bdd13cc3003291ceaf441747394139d2e94bb84b3dbda8b4c4401cc944aa0c71682c7b8029524272641cd31997aea4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
600e9bf004e4aa19eb09c0885555c763

SHA1
49cd1ed803fad7fb1eaa7e4b6c2a631cccfa7048

SHA256
d72cb0e144792ceefdf2aac7284fec21fab23b7ac26fa8671e5f3e07b7ebb890

SHA512
bcc049801e2834b94c82ba816412237ded965f3a7481c2c24ecf0e1ffd4843ff9e8fe077a2a24718559eabba352e008b71ecd892fc7a938bf77872738e28645a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1de34fe657468d6f6dbb6f56d098f5ca

SHA1
fa865de97b130e4c454c389f896617668ad0e7dd

SHA256
b913c366900af28ddaf968cc82c0fc88ef2b4181834059b856ce5498e1f3fdc3

SHA512
f96235531c3775b99ce46eaa7218c9935f511eb8cbafbcab8c0f66847c0a2e01048077c947408c5e9e684c2648c8875738c99e979fae37b51acbc5854fa55bb3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3d9c1631017c7fcd488f862bd7566f09

SHA1
3ea504c06876e4c0c88f690b478e1601b857b3d7

SHA256
105693b5d5a8105caf0b7bcfb4d25cb02169550890fa969201f8035d8dcabb0e

SHA512
1557998ab9306c504eb7271401c8e32dd3d35f223033bc40549cf2b31e5e2d410b2dfcadc2250e15e04d0760ad3725a045da8e9ab36e89e359d3953bb117b874

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
392B

MD5
0e27b1a0a6511379c174ee765bdf82ed

SHA1
76acf40ae8435bd555494948965a6d8f36a87025

SHA256
cba6c7c47de1d1196dff5730fcba7bf356bbf3371bca652cdf32d4f12d0b0627

SHA512
0a0cb250f61039f1a3eab15b81b4f0db5eb23d1939e3e0441117065692e63f50db7db477727ba243480a4a3efd0ff97f16c4e3eeea8797c388d2113dd391119c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
392B

MD5
0602ec8bebdfc059ad31090fd62ca535

SHA1
083395d78b59ae59ed9d24b11072f60db7f33be8

SHA256
9abf826ecbdcb9969a79d3457ad0d3a7f438b6298ff6732e9f41bb38941349c5

SHA512
d9e7936f97612493a7cc2c77c68aeab6b6995b586e79d839cc1d79c7af7cd34a6325b94b1a14cdb490d115dec908b3af1f66123566d375df7ffcb57794caee9d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_0E84AD23AC2E74B30DEF739614C7EB94

Filesize
406B

MD5
b3506ee662d4bcd2da4019a237645c9b

SHA1
1e40b9cc208c215aed5b155b73a789c4e3d0ef21

SHA256
d5618fdb978feea778a917054d12cb7253adec85bfda6b137384741f2151b675

SHA512
818db6d68412a8fd483269c86552b3c17bbf2c2854df3f6a5628a77454b5becfa86985e25fc59d2224ad585da40e0102c6b573f0c47ba03a7947dbbd37a179ee

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F59A01A8B782D93EA6991BC172CEFFB1

Filesize
242B

MD5
4a7e484acc192149836303fc0e4e1bc8

SHA1
51c7646c2dd470bd311adf897efab1102052e87c

SHA256
19e39a17831fc388d998a5ad316d121d7319a995580b665d39ec24683e3ef387

SHA512
ba4354a296489a9cd0d1b7da4bbcdea522636993b5011533cbb732c39b0e7ce1d0d251d796339d810ae80b24727a3401fe702b7e01a28b8b01b385fc75b7ebe7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\9yhbznx\imagestore.dat

Filesize
53KB

MD5
df9154d78b21381375f0d8dedf7e5dfc

SHA1
80fb34a184d325eafe66699a131bef3c4a1efb7e

SHA256
0a7729016dba00ce9284a8165c01d7bc6227654dd89a041687269ef0f2feab33

SHA512
bffd99824833144069968153d9931180613dfdefd804cfb7754e1eff86f3c1484277ef3fa6bb2afd24dcc7fd8ebcb610cd0ed63641b8d981a501baa139d91ac2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DODQ7AEY\dope[1].zip

Filesize
976KB

MD5
1c29500962bc8f17d74e06a4ad5c3d25

SHA1
4f8bd41e53bb2f786aed8bbd3dec170f438b6ed4

SHA256
c48a7f82a37b9e5cce890c4739c645e128c97501139364d97e5c233327ab98c6

SHA512
88ae8bc1e1ae539452010ad4bf8bbb474003484e78a3bd1b68526472ba1c6eca7728a346a2b195d0b999ccf99a5649465e5283cca1355559db349be4018a20d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M0DW1CQS\favicon[1].png

Filesize
52KB

MD5
a35207cda1f01ccb858b83768f0d79c0

SHA1
7e9f2d045ffc1a4d01aa8c86c964cebf9fcd525f

SHA256
d9d303525544feeaa2c7d18bbe3abe7455cb7d8974a620b8bd6ed6e315e3c900

SHA512
e470c3a1bd3f21a1707ad96ccad46bd4b976e579be77eaa116d8ca52f2e79aacef4834501bf677b08414cb41b17d97ce4c51f8a88410a71695fe59782034bca2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab1048.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar10C8.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Users\Admin\AppData\Local\Temp\~DF4E3652E31123560E.TMP

Filesize
16KB

MD5
c41d1a36afc261923c90e9d1b66ffd8a

SHA1
da82dbb85c5409016c827df808448c044e38f49c

SHA256
1e2018e22195011d8b5fe77f04f9be175e351e384ad2f4734b8b012496bf0f72

SHA512
c68c475861c793313b6f6e535bba111152eb045d29951da4b651f057fbf65132a805bd3387be11bdb2a69717a955b3a7d94588c461e2c86f90961450070120ce

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads