dd92cd28935df3c471cfeeb227afa5828f3f6097c425c9be1831239b7a031da1

Analysis

max time kernel
149s
max time network
149s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
24/06/2024, 22:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0adf47be3f783759daf407352a4e52bd_JaffaCakes118.exe
Size

16KB
MD5

0adf47be3f783759daf407352a4e52bd
SHA1

1d3df092397d0110ce03b2d235ed86d5649e45f1
SHA256

dd92cd28935df3c471cfeeb227afa5828f3f6097c425c9be1831239b7a031da1
SHA512

6c3faf53f7ddb4ac9e3de1ae1ca8bc99d9bb4e1ca964615a72986169f2bbd4afd18fd84fd28ee43ba064609a506979cc932a808a351fddac05aa0dabebc3a439
SSDEEP

96:ktTkNHSlAsnCqVtNPwvf1svfQpWBXwWQ8IygzqcqG3AFmh0qnSFigMOkPZq63+Ex:0kNHSlAWVYESWQ8IyuqbG1h0bWOS4k8c

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\Setup\Configuring Data Access Components	0adf47be3f783759daf407352a4e52bd_JaffaCakes118.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File created	\??\c:\windows\ime\d.vbs	0adf47be3f783759daf407352a4e52bd_JaffaCakes118.exe

Modifies Internet Explorer settings 1 TTPs 35 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{2B33FDA1-3276-11EF-9449-6200E4292AD7} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bd2a7708e9798e4fa0b20f3efd8e9361000000000200000000001066000000010000200000007ee1a9e6d9d6e335af4d51af78c9f83502b05d38495ab608daca68dca077e86f000000000e80000000020000200000003b5b1b739d2b609368225c64497d50b3c87855bc285b9365175a8d7658878c7990000000fef23283ea5390788812a8f4e19aa468d40cb1e5302a00d6f2fc4a5d62bbed03a0cf2f9d2bffde3afe577032e8500eac8d9e3f3daedab33b5ab1c55ca0da76bef2b86024f7e28a6fc518f5c3b057779db5bc4ccb2df0e19a3d9678cf43604ec3d86c34aaf3bc8c52a17eeccc5456c0b1015f34dc507d94e8078800832136a441e4a1882e34f292f1aff6da1f0a88eed8400000005fe15c2dae51848d7577e8b8ab350f48f3f33b1129eb10eb502301b1127eb4bffa0b67e4066842e90b773bfba64a52f47dec2000f17b63d369efc20baf7fe6e1	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bd2a7708e9798e4fa0b20f3efd8e936100000000020000000000106600000001000020000000ab4be2861538502b39a9ed8c7ed2ffe840f0c38ea6c0c14883befb2b7e9dfca8000000000e80000000020000200000005a76b2f543b3a3e896a27edc808fec52e60559ff715249ce111b0a9548ece81e20000000af40f3c8c6746a6dc1271cf39334f45f2bae05a24b5425c6555234eac1301b0740000000d5f881e6d144022e14fb4dc674ef2cbb279e3e7193e5d46076bbe89077288a84f7c91e03f22b9981137c523a4bd0512917bdd6bb508e5c014835581395bae78b	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "425428726"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c078020383c6da01	iexplore.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1732	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2360	iexplore.exe

Suspicious use of SetWindowsHookEx 9 IoCs

pid	Process
1588	0adf47be3f783759daf407352a4e52bd_JaffaCakes118.exe
2360	iexplore.exe
2360	iexplore.exe
1732	IEXPLORE.EXE
1732	IEXPLORE.EXE
1732	IEXPLORE.EXE
1732	IEXPLORE.EXE
1732	IEXPLORE.EXE
1732	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2360 wrote to memory of 1732	2360	iexplore.exe	29
PID 2360 wrote to memory of 1732	2360	iexplore.exe	29
PID 2360 wrote to memory of 1732	2360	iexplore.exe	29
PID 2360 wrote to memory of 1732	2360	iexplore.exe	29

C:\Users\Admin\AppData\Local\Temp\0adf47be3f783759daf407352a4e52bd_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\0adf47be3f783759daf407352a4e52bd_JaffaCakes118.exe"
1⤵
- Adds Run key to start application
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
PID:1588

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2360
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2360 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:1732

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751

Filesize
717B

MD5
822467b728b7a66b081c91795373789a

SHA1
d8f2f02e1eef62485a9feffd59ce837511749865

SHA256
af2343382b88335eea72251ad84949e244ff54b6995063e24459a7216e9576b9

SHA512
bacea07d92c32078ca6a0161549b4e18edab745dd44947e5f181d28cc24468e07769d6835816cdfb944fd3d0099bde5e21b48f4966824c5c16c1801712303eb6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\1B1F4BA66CDBFEC85A20E11BF729AF23_AA85F8F9DAFF33153B5AEC2E983B94B6

Filesize
1KB

MD5
834afec7c42303bfde8a1995336f7be9

SHA1
81aed92a436267b98d10746f5d75dc761cd43912

SHA256
e7e895c3439f3daa2af616f11354b88cd7148fa1c01a23a1e83c055c4be6e9ee

SHA512
dd25a0e3f2f9c9b9a8ae04f70cb10481e0011c3378775c00ae76ea7d69cf5711618c7d4797904320a798eeea1eb4700566e36d91ae729afec3bd7f22547a9166

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\68FAF71AF355126BCA00CE2E73CC7374_123B8BA19C64CE9A8B3EAC32000FAF3E

Filesize
1KB

MD5
0f151ce57376a2bda927a15ab48a09f6

SHA1
ac1243df535e685760aef0bd4b6fc880163671fd

SHA256
98efd13b8e8d0d990b2998cbf90968347db39c697f2e8018e1d6b575931e2436

SHA512
89f0574262b7f7cf3f598f81e9ae27371bb5795856f63b2e46e65d7368f48d260e0aedf4d982ad8be32c67eb5dc58da93245d5356ae8632d6253c1b0cb030acb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F07DB822C3548410165E7DFA39F71BDE_D1159485058F1BA818709F2469E05FA7

Filesize
1KB

MD5
1cb6d010ac0fa1a81721a16682a8a268

SHA1
84bba5952adf19d127dc2adaacfdadea0b62ed23

SHA256
a49c0e2aa4d98d01cfddb8d062438973947af4b5e46848ae1b781000c25ae6e9

SHA512
5bde27664cb3d62c67aaf2253a45f3ed954e090f29694961ac906edbd6fd48237bc3c8a25a1a9eed467fef5f7b173fe3dbacc8014e8fa16c04793f58d2519d4a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
8dcc11580799570767ea477bf4c03a66

SHA1
8f134f76920713ac0933700af455a73d14c9eb89

SHA256
da0c99120dbf63a5535294702184b60de2cf285a8e5df3a5e720b68269697532

SHA512
74eb5564392426c7a1ccf34528f89eba0ca49bc968fdf7c786d0a0411ca2f20465bf6ddc6d8ef692bf4c6a0013bee3cf5213934f83f43c7788ec7024d2331592

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a93553a0cece8ae7009b3bc5c29700b5

SHA1
b973421cd696c82ecb1d4af4b0f176fbda90f5c3

SHA256
30ef406206c8d165a158ec96a092babdcd7561240524d6843cbef10f5494367b

SHA512
72686ca63590267f580efb783ae017ac78c1f84fea920e3d37aefc84c0da1ee13487e83f438522802ed66b0ea941e5ba38ae3707a0f574f6375846ae9c670e5a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e2fa1c1c0f6cdf1ef80ed6d0b2125fdd

SHA1
b0e6b47b63edf33af8e9d4d32040dc9c894297df

SHA256
068340606b89abc30da975d3474171e96d0c561a1919d7948cb90cd69f27ce72

SHA512
2b96eb29c8a6b58641d033a5b1cab5e4b5635ebb28d32478d62f27ee0dab31c198d71bb4cd48c67342e902402ac053a380ef1c0d1972aaab888585b42d9de354

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1cf3466c9241ab1e0082a3ded60a627f

SHA1
2670c5314fa7a1d76a0ff6c2496b067b0645b964

SHA256
212005642427187430c23cf52b404d4c6ebd9f53364356b7b84a39bf31b62982

SHA512
3055864b010f18075715745097c5b02ffa9abc020b4f8194c4a91fb5e40603134791fe0fab9b704780f793796d308c8e620b292afa3d0f5131af62a33e7a09d0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4aa983d4548fad581e9067daa0f8f2e4

SHA1
758ad627a67f697956c63e0bbbacbc8cebe53b28

SHA256
44d002f387a3ddaff32ad441aeb85a5e3cb74a3f6d9a6424653c459d8cd5eb25

SHA512
a6351ffec9f0b40002a862b08a8d6b013c2a8c2152ea9593c3cca25e0b6206425b6f891230929fb177bd3317e8fe95445d322155c9424e89f73b8a016a2edc60

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
38fd800760136bad6e2bb42898cdad54

SHA1
602e6ff0bb82b8fb0c0a24cbdfc741197d617f76

SHA256
451f9a2b81d731dc14f4566bb5cf9f1f0a64b68fe89b55693a378abaeb47d495

SHA512
1b5a0cb7bb548a30f8b01d1dbca06916c867237f657086f56f64b677aeac6eacba4012e809c491a0bb79e4cceb225bfc0e2f892b4a089c3cbeaeb18821bb1cf3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
61937fe705efa3ac9cff11686e207e09

SHA1
52103bf3e0da0a14bb87a38e3ab70b931fa80973

SHA256
96c2c8785f8ed83d0b8a8e4b0f502927b666f374ffed1dcdc972d08ebdcb0696

SHA512
9d0377d0de9cd0ba572268b4fc3ef8cb53be0966dd2e36e623d3125e9dd48e0a023315ff6f4414d4b7ea01f86c671cfa3196cf8963868bd82090de2340d0cbeb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
25caad6ca69018bf1eec91db2163f862

SHA1
1e39e63a0f86e6e300ceda6cf52d8fbd7e261b76

SHA256
313d2ee68495cf8b21e2f16b3f1fbc54f4300cf06a886372b885a75fcf6a707b

SHA512
1b4ab9cdf3883c26a1832552c76965f673afecf8cd3a323dd3814b6480c2df620088b3832444dced9e79f37c014b605db6b40b487b5473b57d1f06452c3bade8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
da67a78d4ab159248d9d8ebbf42a4ea6

SHA1
88d65b41692d42dbeed240142e71f91ae8b54011

SHA256
83b7f7a4e818891c1254e3304d88c386a94c449534be89b894acb6d44c22c4ee

SHA512
136c6fac6c76f838d5c4dda753ab267edb482cbf512d157c4be8f5bc005837c7d895fbf32a809a3eddda4ed8e32b484d0f7c718f8f1a2d7fabcbfd9fd3ab1723

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b9fee718046642bf7fd3ced58ca7f4a0

SHA1
d69d24b50eed0cbbf71cdb0846a7dbacf1c44a67

SHA256
57b61230533dbd262e92f0f6e89b49daac5a8756dcffdf12d0d6d86be8e5ae75

SHA512
701753b3a2a3a8d5e6267021201b453b986943618f3ba6229a0e0be2140f5c410bcc31d22e6e970de885310f3bff71d34019be81e85c86e54ab7746e226f36d6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9b4089789401d49e697effe7832f511c

SHA1
591fdc8bdaeb83e8bdb52c3f4915273b35db15e3

SHA256
990f8796328fb1acb6a72d607b8425d9eba32be69c05dbe2de9d3bf842e54671

SHA512
29521feb5382ebf3edf433b14d34732f25fe86791bb87de8ab015440b9c7ce9fd2608dc1e49a2699a4c2325ec65d42f24370450c412a027ab5fd616aa59807e6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9b09facc0532a049c4e404f231953394

SHA1
c6ed115d858b3832556cfb87efa756eb43d53185

SHA256
0862fed032f9db632f3e0689837dddb1c2afaf976ecc08b566ea523f59b17f50

SHA512
b7354930ec0c2dc2a66d8b8bd97efccb9d15a58fb72392084a535b0ab0140bcf7c7e73c81ead7c8add79ef14139d374a6022d89122583455917868a240db0d52

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
14265e4743634fd8e366f71993d7272d

SHA1
b301d37ceeadcd46de590f92422bbaa66c3ab2e1

SHA256
62889407ad0d0a75ee9a5976658ffc5d78fc0704bdaa01b8ef5743037e777b2e

SHA512
fe4db1e612058b25a438be449244a0149c35b7c4708bf6f62efe2e69cb5b05bb1dc47f979de990d87e1900d4295b479adc159448eda37cd26bbd7402c5f16467

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
de986136e25c37989096cd2293eb128d

SHA1
df3ecc262552f91fcca015cb1dd641d07cd88342

SHA256
b4104246beb0885acbd13c6b4195364fab9c2b091c6731a7820341e659503c43

SHA512
81ac66ff14f2cc20732864727500bb20532c68b80b10247af3c0f9280eb1278f9c1eb3d2d7e5b648eb427c2a4ef4675f1eb3f7bb2adf89394a90635b8bd2329e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b11f7910e8c60f9799bb3fe496784307

SHA1
2841446ccb01d987899747d97d0b65f554f898ab

SHA256
524f1807de1d8abac9831949167421b04d2fa9c1619306067c941e5539ede7cb

SHA512
36bd87dd4801d062616e4c06ee5781dd107d01cb01390d22c5dfe0e4f3ed39dfe764d20d4283cd9aa47978896be1b74435f8a8ed74ad00f7df54192cfdd76708

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
92cb57b542a0264cb2effc2955177bbf

SHA1
61be063e383af73b459db7c4204d7cd301ddc40a

SHA256
576b72a911a7bbcd7b392c8460c9dd3d18a09b0a3d77735b7302a6f0e288ee85

SHA512
89c606388dc4768bca85aea9d137bd896a424648dc6540434e9ced1c8bf6ea63e9ffed8ec03449fe998af3ff9396cd34147dfac36803b1a32fda281986572b43

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
69a59061ba0dd3c393192e91466372a6

SHA1
5bb5695c9260854d078180588603590a3ef2d210

SHA256
7dbc836e61b98b1fe1893afee08c80a7fd670eb3b074e31d5e00acd4b5f9f5dd

SHA512
e2be05ed29e9042df4fc64e055518ad53b1d297e13c03c55911e084879e5aa95f4e7959f1c442fc5541f3d0421c1a3af068041459731d0476e6d7c1c047f445f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f47115326506b9c9bf1f9d4f876e5c23

SHA1
e9f1c214219a28b87417a5c77a0c1ec7b975b30a

SHA256
a697bfc85f28c69be6c34e3f4a4cb162483ad6ac364ba1a88246da57eee13a1c

SHA512
c74fab49adb43fb721624786c372a8c805558033a7ef202995f5a236c10b27f9e253a61cd579816e2cb886e3a91d4983479b04cd830bf7e93f449c78970d6fe6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a6adb2653ce6e77d164dc4caf976f60d

SHA1
0e6d63478bc86d22fd096319528069046fae3da6

SHA256
5d5c8c8f50af17041a8665b654a115274a0870cceb0f027fc5e0722b53a55841

SHA512
7194459d132b288a6586cabd355779900028d5bbece34e923729e81c802e47280d23f52bc80e59913d21661a5425752ac4583ca31a5fa2ed5495bdc9d34b75f4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ae38fadc1828400f6df8f945f622f4b2

SHA1
7e6eaf7a30aedaf53de1cf6ba163bd4ce93aef4c

SHA256
8644f8e3f027c55e2948f4692093338c84d3004a28b11122a5754760b816eb41

SHA512
f362a32571ae69cddb96d7653a4fc201bb49344d0ae06e86857467f90a2c9a71c3fbaae4f58fc304407dab1d9ece6bf0a1013d90ce0c9fe425222987d632b61a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
54320de7b601e45fcd769fbe902062cb

SHA1
2c92abfee30639609c2f0361ef0cc50be71861ed

SHA256
50aca6cc4bec58a7905070a7ad92d77bf975356b13a52466b41fcbb2d6dcc358

SHA512
17268c68888fe73222206983763bd51883db1c7e4f35db07f6062004b57ff07257b59039ff06dec687a405d3b301edd30fff4571da97d06f7d9517b85e7656e3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
791023cbbb3bedf1347ab0a8db00008d

SHA1
fa3ad7a5264c8bbededa451345399aa671ce636a

SHA256
14e625e6efb2820d20dc8d2e3193f18a7b0b4987f2e51b8985c4cd604f639e8c

SHA512
d28d100c69e9d7b3de4a7697360199178d3bf123964f3cb561fc53b2d5e3c510f5766beeb98649d3f25b05d930106cb81b25eadd985908ea7c71e027bec8c644

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\92mvs6j\imagestore.dat

Filesize
31KB

MD5
ff51540bfb04972aa75c7490f161df24

SHA1
c10df0abaa98e385ca5294c9d2c6c5aa2fcff177

SHA256
80f6011cd36b406752bc77aad4e7b8ca8b0e7c32e7078bb689405833c8fc428c

SHA512
53a9245635116c75a0d83be1859db87c4849adef98fc28e93f04a497bebb048d4e482afcdbf307c76cf571234fcec37f2198af0f4b65c60a7f6fcdad8582b056

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J8SD872Q\favicon[2].ico

Filesize
31KB

MD5
4859e39ae6c0f1f428f2126a6bb32bd9

SHA1
1c0c85678ae963bc96d0b7fbe1eb89074cf1fbe0

SHA256
a94f8a8553caea8430dd4ca3cc01d4e318d19828f74cb65453ffb7f5d9e2f44d

SHA512
97541b40d8beac0dd8831ef8d2814efef10cfb185df316e05b4f3aef0a2d1839fb7a39d90f141f490e21b2955c32df9d690785cc4def97cdfce21acf9bbaa2c7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab2E73.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar2E86.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar2F3C.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
memory/1588-251-0x0000000000350000-0x0000000000352000-memory.dmp

Filesize
8KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads