d2e23a7d09c37ee4c637114a58d6f39e0a6df74881a496b89845fda026e4cb30

Analysis

max time kernel
143s
max time network
149s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
16/06/2024, 21:18

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

b540d42ab5eb326f448e7f1426b0d92b_JaffaCakes118.exe
Size

1.1MB
MD5

b540d42ab5eb326f448e7f1426b0d92b
SHA1

8d2ad013718c27a9fdf732ab784cccb883b8b5be
SHA256

d2e23a7d09c37ee4c637114a58d6f39e0a6df74881a496b89845fda026e4cb30
SHA512

566a60f576f4da61490b5baf8df43c21c7bc850d7e933e9aa6b9b1b8c06c3e0b622b920b03f4f8ae74031621a5d2cedccc19a84ebab6f7dbf81f5443321367ff
SSDEEP

12288:nsM+aTA3c+FK1vrlVYBVignBtZnfVq4cz1i5pP9kPQSJ:sV4W8hqBYgnBLfVqx1Wjk/J

Score

7^/10

discovery

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
1908	cmd.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 39 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6E334182-003B-410A-89AE-ED5300475935}	b540d42ab5eb326f448e7f1426b0d92b_JaffaCakes118.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6E334182-003B-410A-89AE-ED5300475935}\DisplayName = "Search"	b540d42ab5eb326f448e7f1426b0d92b_JaffaCakes118.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424734578"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6E334182-003B-410A-89AE-ED5300475935}\URL = "http://search.searchfff.com/s?source=Bing-bb8&uid=72c8ed6f-3679-4ad9-99a8-0d8a808ce2b9&uc=20180116&ap=appfocus29&i_id=forms__1.30&query={searchTerms}"	b540d42ab5eb326f448e7f1426b0d92b_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a807600000000020000000000106600000001000020000000d02ef22680704530c31f944a83d9863e50f0d16f0ec6931b44a2ddb8b12ac077000000000e8000000002000020000000626c3fa589800b0df83f319bc3b6eb7e8602331d260a12639aeb1b4e63ab7532900000007dad82d96fe7fe8f27daa273b318b85c6087509fadd0500ae662f2e878842a1ebda64b37f8da4a82e5c8b2032a9028479dc3f503e0e6ce2aed3ebb734a3740651ea4375bff884b0b532f41cb8d57e67c0e8466dccc32c220e8f2420c2870cd245e0b8902cff300c84a30d2b8e95e78582bab87e168822a5c5c3ac6179f503401e3f2cfba862f488fc6d46589b4452ea5400000004a6dbcdff1066def572a6e5b48b13b9a99dd7c1957de3dc86d20c86ba7b6a12262933a6e2c1c5d80868a1f1885b265884dbbbd39df8c2417e6911db414741f26	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a807600000000020000000000106600000001000020000000b8bedc876a3a855b38189a569f27cf63ee53fd7fdda3c5d01d26abff8a4753ac000000000e8000000002000020000000e4cd6383c7a02ee7b8750621958364ff6dd583155bb8e6dce28d27ac87cd21b120000000a5d172c4d4f2b0f995b4675279e03f786e54e3c661e30645f6a29b5293582b0f4000000092c3889d97b06520570c3d1793a6f37565e09c0c1a69956c00261ad8099522588e4b0152a509763e4bbeda2a13360bb11a26fa3e246f2fc050a0a23214ca2455	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{FA13C351-2C25-11EF-9BF5-F6C75F509EE4} = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\	b540d42ab5eb326f448e7f1426b0d92b_JaffaCakes118.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6E334182-003B-410A-89AE-ED5300475935}\SuggestionsURL = "https://ie.search.yahoo.com/os?appid=ie8&command={searchTerms}"	b540d42ab5eb326f448e7f1426b0d92b_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 10c91ecf32c0da01	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	IEXPLORE.EXE

Modifies Internet Explorer start page 1 TTPs 1 IoCs

stealer

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Start Page = "http://search.searchfff.com/?source=Bing-bb8&uid=72c8ed6f-3679-4ad9-99a8-0d8a808ce2b9&uc=20180116&ap=appfocus29&i_id=forms__1.30"	b540d42ab5eb326f448e7f1426b0d92b_JaffaCakes118.exe

Runs ping.exe 1 TTPs 1 IoCs

Remote System Discovery

T1018

pid	Process
1160	PING.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2652	IEXPLORE.EXE

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2652	IEXPLORE.EXE
2652	IEXPLORE.EXE
2656	IEXPLORE.EXE
2656	IEXPLORE.EXE
2656	IEXPLORE.EXE
2656	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 16 IoCs

description	pid	Process	procid_target
PID 2096 wrote to memory of 2652	2096	b540d42ab5eb326f448e7f1426b0d92b_JaffaCakes118.exe	28
PID 2096 wrote to memory of 2652	2096	b540d42ab5eb326f448e7f1426b0d92b_JaffaCakes118.exe	28
PID 2096 wrote to memory of 2652	2096	b540d42ab5eb326f448e7f1426b0d92b_JaffaCakes118.exe	28
PID 2096 wrote to memory of 2652	2096	b540d42ab5eb326f448e7f1426b0d92b_JaffaCakes118.exe	28
PID 2652 wrote to memory of 2656	2652	IEXPLORE.EXE	29
PID 2652 wrote to memory of 2656	2652	IEXPLORE.EXE	29
PID 2652 wrote to memory of 2656	2652	IEXPLORE.EXE	29
PID 2652 wrote to memory of 2656	2652	IEXPLORE.EXE	29
PID 2096 wrote to memory of 1908	2096	b540d42ab5eb326f448e7f1426b0d92b_JaffaCakes118.exe	31
PID 2096 wrote to memory of 1908	2096	b540d42ab5eb326f448e7f1426b0d92b_JaffaCakes118.exe	31
PID 2096 wrote to memory of 1908	2096	b540d42ab5eb326f448e7f1426b0d92b_JaffaCakes118.exe	31
PID 2096 wrote to memory of 1908	2096	b540d42ab5eb326f448e7f1426b0d92b_JaffaCakes118.exe	31
PID 1908 wrote to memory of 1160	1908	cmd.exe	33
PID 1908 wrote to memory of 1160	1908	cmd.exe	33
PID 1908 wrote to memory of 1160	1908	cmd.exe	33
PID 1908 wrote to memory of 1160	1908	cmd.exe	33

C:\Users\Admin\AppData\Local\Temp\b540d42ab5eb326f448e7f1426b0d92b_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\b540d42ab5eb326f448e7f1426b0d92b_JaffaCakes118.exe"
1⤵
- Modifies Internet Explorer settings
- Modifies Internet Explorer start page
- Suspicious use of WriteProcessMemory
PID:2096
- C:\Program Files\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://search.searchfff.com/?source=Bing-bb8&uid=72c8ed6f-3679-4ad9-99a8-0d8a808ce2b9&uc=20180116&ap=appfocus29&i_id=forms__1.30
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2652
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2652 CREDAT:275457 /prefetch:2
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:2656
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\system32\cmd.exe" /c FOR /L %V IN (1,1,10) DO del /F "C:\Users\Admin\AppData\Local\Temp\b540d42ab5eb326f448e7f1426b0d92b_JaffaCakes118.exe" >> NUL & PING 1.1.1.1 -n 1 -w 1000 > NUL & IF NOT EXIST "C:\Users\Admin\AppData\Local\Temp\b540d42ab5eb326f448e7f1426b0d92b_JaffaCakes118.exe" EXIT
  2⤵
  - Deletes itself
  - Suspicious use of WriteProcessMemory
  PID:1908
- - C:\Windows\SysWOW64\PING.EXE
    PING 1.1.1.1 -n 1 -w 1000
    3⤵
    - Runs ping.exe
    PID:1160

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

Remote System Discovery

T1018

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5a33420ddb9a5b50a0b8926cdf32d5a6

SHA1
6f584ca7f283abc6c185ecb26881332d2da5fa64

SHA256
2ece3fe0d7bd087d33b63b58e4de1e82f997e6326f2224b827f3271fd90fbd33

SHA512
72ff3617e7004e5fbf60232b3a7ae280d60f238f8571ba244492c0179b5da160d2eef7a1174f42bb3d58b98f8ec336d536d2ba4c9b12f304e7e839fc65e119c5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
556e2bbdbc3545dbef28bb0d53e6f25f

SHA1
54d2b966279d2d9fca8fe39a85cdd21748d5eaed

SHA256
8203da796d66f6912ce8a5861d8189c1e8a0cb2b0dd4cffbf3647491bdc9fdf8

SHA512
fd15976d21a44ff97817a3c55ee5630b7b9433775abc773e3e35b856ca66776c1ad8a071e6a5af3fee34a8d042be2e50f12740c80095b8ed355cc7ad3528bd3f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b67bbfb3b4fd5b51f4f3abeaab37f182

SHA1
a7cf48987a24c1578fd05e952e80bc236cecb7a3

SHA256
614f80acc6f361742297609a03610a3841b1d85b260bdc3a7353166e028bfd3d

SHA512
a8682c5a17d7e34626b0e8dca732acb03becbf942280f123cc9028b9f4ecb5f26f505ded90d895662e0eb16f9f131702404e91ab32bea04139dec476a183b5df

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
eb9915b0abbf267fa48aa9e5b2343edf

SHA1
e242e8e35b1d4cc7c91269757b88ca1561f53bcd

SHA256
0e626668105ae57f3461b70648b70d35d23ed96fe8b79d0a25eebec441b9e2dd

SHA512
0e0925626f7efd5b09cd763fc0dd5f45ce0cbfba0cfcfd4077b93526236ce297036558ac72beeb02479464456f24026df0908f4dce46f89d53a2be0d1f9da83a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
baaeaa2ff04635230947cd6e2eff840f

SHA1
86f94dbd48fbeafbd6760f212430cbbf38eecd6e

SHA256
4024f1ddbe21fe09472fd6a2908823bff8a67ac1f23024d8c9e5c2369677f09b

SHA512
89b19efbe2b6c1c11fed967fc97001ea0a460aad0f3cb592a5444aa880aeb2b244de4595d5cac17ad4c4a1ea51e525d6d6755562b4cda3eb19bd51364eb93a43

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
daa104e9a764aeab766fdddbf2c8359e

SHA1
0e7cc62036ea95f77b6d1856d2d7c098d950c560

SHA256
fd15a6effcf9a5ee078a7ad3946fb67b79d4778c366e874b8db96db47e2d2325

SHA512
85849ee94e970367ba833338ce2bff8795c1e46471df7f0c7099a12190738d063d7b36d07b06a7856a2df3713e2a45d90bb061a8a9979101af31306a7a681894

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
433416e247279e2a1cce8f2a28dadf88

SHA1
520c6509a13b901b0c2af502edd9cb7f313a49cb

SHA256
806535ad2953c18386a6de80e0e56893f5ac541ff798e089c472c50b262e7262

SHA512
22457180bb950b029cee12756d32aaf4a99a9a04ef0583cf84732667db24b88c39badd3231024f8000d4cb1a84c0821b91b8425651c387ac5c0ba3e72e98a8af

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ca3a6020eeefc7604367af751643d349

SHA1
10fd32fac46f96bc870a057720e0367e6e7f5bb5

SHA256
c7df13663682e6776acfd43a4b00d686c59697e9ea1caefa7190fe9ee400814b

SHA512
4db77a9914086202ea5080e7414235444bdb7d223a6f810be647fea0386b982eee2bba0a705d2de3a30d02b14f3c239152be032a88cfff27f8c0672d28b7edcf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8adf856202d3f56242474b3b2edc3c17

SHA1
9dcdcfc0649bcd7674c2fa63d6349f1419e807a2

SHA256
a97dc1209cbf963026a226394b2866892ad0de2a834439b31ebe4127b06c0e4b

SHA512
941c26aa533cc4c3ebaf4c638fa60a97164ceef83e3f7c200c2f321be0276e3afb5b3340b941cdca6ccb22e0effb692aff61a224d1f5b0486fc790f45a661dfc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5d11b7521ac15f5bd046787cbf9ef71e

SHA1
052ef9b7891f87afe3a22d304b1c9940a2ac9e16

SHA256
ca5fe5d151a6030e4afe9ffd6cab6ce78c3d0b736d8c077282ab4f595b171810

SHA512
5bd37410775d341a4baa2a02b4732989731a8f0c3d82afccfb4bc02f69cb338961c804f320d58390c59e82f8d872e37dea818288469749f23a74cffebdfb842d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ccf14654a6263602cd3ae1fe4aacf3e0

SHA1
aa0ea8f9563dc6ad4ab14fb22129d91f956008b8

SHA256
e882da27fbcaa320d884a5f2746ba8a95fa181d8fd60972c73437ff8e039cdd0

SHA512
f67036925e2e3dce707d59ab5cc1d7c59c7d9642f61e360725a1cbc5e5daab7407f9ddab9d2dea3b361a87df900773fa5dbae1056884b6eae83adca8022cc07c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d8d290fd8ddb953e84eb64e687f457b1

SHA1
0a2319d6be592e643f70e1fc86f94766e03993a8

SHA256
80d6758372fc4107aa11c423e0fe494ada95e4c24a8a63cd51565d3fc1e14722

SHA512
ae62af9781f2b9cd2d4fabc285ea5f37f44145d359fce2ee73d3bf4f7e40ae64edb116ab11af06752d28ffa6dd809561c12d214b30e97704acc2c9746c8d2220

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
050ee76045ce4000f6d8262d6d860a1a

SHA1
d79157b697a079337858297844b3adb266223fca

SHA256
0df77069bdc3078009a2153ed05fe9ac90723176cb7bf6fb9bc1e096a8e45892

SHA512
7e2cb30ebeaad2728e39723cd93bee87c085f7791f94c3aa90121a73b7a49f6f845229ffa04036ba3804265e1b1c2cddf23733cee78bcc59b8bb430b3514e3ae

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bdfaaaf258576515cba5e2c0af2a7ea2

SHA1
bd3f79d3e80ec304bb75bde62ccbf431aeda7e55

SHA256
fadb7910475ab6384f649c27e1023813457417eb3d5dfe578962fccc233b2b63

SHA512
a4fb93a17e4cdcbee5383e8f23328158a5a160073bbb2dddd6cd7fee45528d3b8c11712e0bc634d310ea807a30124264675e945ae114c7a54c66d0d63767137c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0a877bb73f470109e665dff08cb8d1c1

SHA1
ab9976bbd2401fdba1f4a337022de66af8330f35

SHA256
ff572082dfc826ff189c023234393fe2529a6b88f361c2509728d5c582720eb1

SHA512
a059036f08c59244b454b84446d1ca8ceb04e808917eed87db33cc22b9f79bcf2304a147f22e257f6ccbce3705b94c9ef947dfafa67e572ca65ffd2ab64fbb95

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ec6aac5242d25332bfe8f9875cfd068a

SHA1
232bf9af45e12c96ad9753f61f0445c863e9650b

SHA256
fe73100d0ec4320714eae3ff4ad00d4619a74e17ea3e87a78d2f12adf323043b

SHA512
dc9932766243360b1733e0efa4641c40f3cfb4130fbd10d5028c8fc24f0a06c292350ac8084db228f178bedb7c87a33a94692927e864d81809d3e113965a1645

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6ae74e3519a62f36a9358d5981393f1d

SHA1
5952f70fd672162af5656fe45d16211d2f36c26c

SHA256
439285aa2156dad23c5f6fac08c4cfbce25afefc88e5baeef59f5c49c39dcd3a

SHA512
0250761a2d786ff121940a9e6b0536f3250db0cb385769058086f6084cd2d739e9c7b886d4e601c92949681f730af99d4b7d2147cbdfcc3ce598160db65e0bf0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b3e752064cff2f3f65f3f74758529047

SHA1
3f2a9aba8da2626ab33cf1f9bc7d321f24274b00

SHA256
4e355949c1b665fbbdc6fb76975d751d77b47d7ce2ef29b486319f883b7dc87b

SHA512
fa16e7673b0bf57c75d8856ae7f6c602cdf5b59c6231747e471620f4e20cdbac5068841283eb38288f32dd94997bbf8989a45db2036989fc6136e18f2d82d255

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8920b5f8aa46280f253abfadcb17f6ac

SHA1
ce98a35617fc5cab2c25df3651e9afe81b6d306d

SHA256
f15b6fb0ea3c4f3cd51df44dc8c128bff1beaeb37b6100c83cb9fdf4074be818

SHA512
5956b835dce84b337bff06396361f6619b163dd34e001d2becf30019d5451458861ee037e31a6c10a06b3f3f52bb42d450ba67d56781f0d601ff02f9bb186798

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
56c64f3961b926a388bb87ed21d647e9

SHA1
3e48d8e8a6b6d992242b18bc5e2334138ecbbbb4

SHA256
9a41681839efeec1b0f147c1af62117e9ff8113ba5a8e1dc258a2d3a6e78a4d6

SHA512
8198647036bb693ebd666a193dcb7a70d3ce9ef1ef14317ab17cf7295a9ef5454da0430c35e1473505186eb10d376f103e335bc74435566c916454e9d5582911

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab6D27.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar6E04.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads