f952e6698223a9375b6b07b4d5a04cb5532ddb6c830fa8a747ea5daaf0fb1350

Analysis

max time kernel
136s
max time network
130s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
24/06/2024, 17:34

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

09df95ba5ed8f55ec2a8a6b1499fb436_JaffaCakes118.exe
Size

888KB
MD5

09df95ba5ed8f55ec2a8a6b1499fb436
SHA1

54000558e58447fdfa14b9847c8f0115e5b5ba3f
SHA256

f952e6698223a9375b6b07b4d5a04cb5532ddb6c830fa8a747ea5daaf0fb1350
SHA512

e9c7113f0ec08c109f67346cb7660d3e70006118a90e99fe94ebcea863b5163606d048fb654c77051a5e5bf549f572ecaa2abc845b2f6c00b72dd75726913452
SSDEEP

1536:Vu+iYf0rbhPYlU+0j5PKkoJjnFhD5+U2YPNwj9zj+6AOjNpNe7TYxLkTCkU1VJHU:GYGPsDtJjnD8mwj9G6j7qvwPTXn+

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Run\wmplayer = "C:\\MessengerPlus\\mplayer2.exe"	09df95ba5ed8f55ec2a8a6b1499fb436_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 39 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Download\CheckExeSignatures = "no"	09df95ba5ed8f55ec2a8a6b1499fb436_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Download\RunInvalidSignatures = "00000001"	09df95ba5ed8f55ec2a8a6b1499fb436_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f0d59cd45cc6da01	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000120661f8df553b43a73826b7cdbec301000000000200000000001066000000010000200000004ba05ff24999e9ca7fb6877a031ea78760f477386997f78f5211afe03a3703c1000000000e8000000002000020000000dc325ac4bd584d1407f7af1aad1afe637ff3401808b2a8fd0a76a6f6aa86a04f90000000a9de18b16e15b70c0d7b4f2e853e36562a2b423001630ff5655ad6da02fa800ffe5df1d29fbff1c5fde879ec2695dc508326853a3e0c4d63d01a93fee1035ad50d6264839133cb0a2d9ab0e70b04c80cb94c3be69d998ebc62f3f4e6300f14f0a22b480db12d6511cf045eeb62278ff2f93bf872e6492ea9a641085dc4ff4ecd3947b614d2d8a61003517346eaa09285400000003c70c6abf360e35a4d120f8e280f9b4eed72066481c7ff563c7f32fe5755398029532715c72d26502c5e5343063268013f86b0713bed3b0249e17d860be5a0e9	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "425412331"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Download	09df95ba5ed8f55ec2a8a6b1499fb436_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{FEFBD1C1-324F-11EF-92E0-EA483E0BCDAF} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000120661f8df553b43a73826b7cdbec30100000000020000000000106600000001000020000000dafd9d6f4aaa4179986ccb2f11a20507e44dd8cb118c1a708daf0df9baa470c4000000000e8000000002000020000000bbf1b3f9392bd3972a0d5ffc453470069685e67a8f4ab20a6e4b303545264b53200000008b796318e2855d7344cb31e10c948a1aab4a810755786cb1274d57ee970eecc2400000005347d236e5886d1d5813daeb852283dea610b86fef84122ea19d8f59fbfbbd165b2f611c32aea1d28c3c3047a1bdb7a95807db5af01df55b2f3539ecc95581fe	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2012	iexplore.exe

Suspicious use of SetWindowsHookEx 7 IoCs

pid	Process
1724	09df95ba5ed8f55ec2a8a6b1499fb436_JaffaCakes118.exe
2012	iexplore.exe
2012	iexplore.exe
2188	IEXPLORE.EXE
2188	IEXPLORE.EXE
2188	IEXPLORE.EXE
2188	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 1724 wrote to memory of 2012	1724	09df95ba5ed8f55ec2a8a6b1499fb436_JaffaCakes118.exe	28
PID 1724 wrote to memory of 2012	1724	09df95ba5ed8f55ec2a8a6b1499fb436_JaffaCakes118.exe	28
PID 1724 wrote to memory of 2012	1724	09df95ba5ed8f55ec2a8a6b1499fb436_JaffaCakes118.exe	28
PID 1724 wrote to memory of 2012	1724	09df95ba5ed8f55ec2a8a6b1499fb436_JaffaCakes118.exe	28
PID 2012 wrote to memory of 2188	2012	iexplore.exe	29
PID 2012 wrote to memory of 2188	2012	iexplore.exe	29
PID 2012 wrote to memory of 2188	2012	iexplore.exe	29
PID 2012 wrote to memory of 2188	2012	iexplore.exe	29

C:\Users\Admin\AppData\Local\Temp\09df95ba5ed8f55ec2a8a6b1499fb436_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\09df95ba5ed8f55ec2a8a6b1499fb436_JaffaCakes118.exe"
1⤵
- Adds Run key to start application
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1724
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe" http://www.youtube.com/watch?v=vsd3g0h_vs0
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2012
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2012 CREDAT:275457 /prefetch:2
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:2188

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
73e58036e1a843b112857b7c588ab869

SHA1
729d21ec75785d18129ad577bd3b06cd1ee05700

SHA256
072961469265fce2672bec9564e1ecde77471454289027a23c4103f81a16de34

SHA512
bbb27bebe2e0a7bd50c71ddc90ae1738b2b4a584479760578650036b57a246ed9b0a41fc57a505f45c3790b46e80ebd867a23f7df7f2dca63d03a8b3d2884584

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e078542a239389834cc783c8050a9eed

SHA1
af8d71ab5ebd559c0820941d59e4cd4cad8527e3

SHA256
fd61ce796bb576d5cd28d2797ea197fe7b924bddebaed6ebb6bab9a19da62e95

SHA512
634da7f96fccbf637ef819beeff28dd090394875129007e00a57d530bb8d7b067f9742799467935c8134d0cc1aaf2005c5ad11e1a241cab3903d4b5e9c7cd79b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4dbbe16b5df3f588be2256ad5504adf1

SHA1
23b499470fb99c3f3cedf722ab20252a2e6f18a8

SHA256
81f6239762bdb68af67161ac4e9a10c2f16c85bbf8abaf3cf114b5acb4ad1d48

SHA512
d9caa1c858a1f122d82e49729c864ee39c1d6c3735d5b67e825a6b863e972d54299f23684188fb9671be0c89294875382600c46469de6c7e5d422fe98c70401b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c87be068d9bdcf922b75056a87fb1074

SHA1
0460f165cca11b2581684a42cd46be2c9141cae7

SHA256
1b18bfbdd6d95c0067f72d91119afa620b4326c1bebe917f44e47a6bd9935b2d

SHA512
531d40a5ec885ca746582e5cb195d34744958d74662df5117d6e207c101691b566f1f6dcb54faaa9df4831382ade3deee9b3132dee0e3c2cb9123b871e978d86

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c8b19ba3aa99f5cfa7e80703f85897b4

SHA1
7f54ed151336ae4ff52fb2222b7625a4393e8da5

SHA256
4699855bd1cbb6ae84be0125f9e6f2c31b527cc532ea01a5dc2e92028043ac3a

SHA512
27991151199e0e8a0114539f8d058af3b716cdb3ac08aa73c6f5069f65b80dc421cf99e19369e893dceec7b9ca5e1ed54a4f9b656fc1dd29a6788112fbe6a920

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d2998e59dc501bf6636f93f8c501e1c8

SHA1
82f5929eb118b1c3a9e27962815a76b61a241870

SHA256
1b15b3a4a861e20a4d044aa6d8808a67b6174caffba0329a67d0b9e6562fa737

SHA512
c950d1977290dd04a1a9244f8b3d51dfedaa39968bfdc5f1b845818051c5489c0997816c90d0cb63589cdee5a9439829e250d97d93ede5f12ff966f7a27d8029

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9e3043593cba53ba59972f3484a8c8b5

SHA1
7ea14dc0e619ce034f9d50adfe7354295024239a

SHA256
7c283e033106ea97035b3bc5f68d489e5780f4814eff1052f30a9d68d167e038

SHA512
89114e83b848f623cdb09f8c5a73f59cc35b9239621a591cc20e5b57ec65e1a2418b0dec8db7e23ec7f68adbbc048105a489155d4583468fc0fce209968f49f6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b82262b1a37dbcc3475dd402a0a2660f

SHA1
ac8f7f692c57f7771fe05d4c3d5274b9b8cac1a7

SHA256
821c9cd5c74865578f61f1b011c91d5606812df7d1098afb42be45bc94b0dd1f

SHA512
477730f1a0e81b5c1a38a95a6ca3eab914220f47bf8335132660859354b4f5c2c33436cc955c3469fe96d3b0b420ed04f40f8009b8495dc407c6a0df5cfb5136

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c95f5fd113fe5edf78da84a328c14372

SHA1
9e7d6f7b191c9799d2db1c96aafcf2353688bd07

SHA256
a064035703cc44faababd4acc8ed865a814805138fff57269646f31afc1bdec5

SHA512
1d8c1f274a4f42b80b2f1ac7eb9b4e00116ca5dc08be8eff9711adbbad545457c9503440d34f9d9c326e6edbe826a430d868ffc1effd4f0d51f578c2bf310408

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b64eb45f15945d9a181d084b4f15d893

SHA1
22404f78e027dd3af2710fc2dbcc3506e560973c

SHA256
0044487c3a7d8aca6e3551cca39b270b35712178d16a57c62c22fd3574d0cd9f

SHA512
ba32b86662cfe808edced341a2bca3b4f0eda97bf9f27cace2030a735251f431689ac7313fd39e2d649bbdbe50b269eb4f7cb540b2adddc3fb25af5881cdaa58

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
464f21458934caa12faa9c498933a716

SHA1
b2df67e2e63c9dc3e08e444f04c86e72f4e6119a

SHA256
1d600f60b80c1afe64a042c4654fdac5fa2faced2941a8f2ccc4548b6441e1ef

SHA512
b5d2410c17224aaf80ecff52284e98a5f4fad62466402db2838d4868dc1c0e9efbbc9985de783f42e98dde453b22cd4b765faf0e88ed0bc49332c19d68cf0070

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c7f5725afac8ce70525bf8ebc9d059e8

SHA1
8694087523b6954ec26b38bfd81c4ba7fc4bd800

SHA256
9037d11d4337b9476eceb5a9db3feed38ff08bc731f4e3c3491d909ff27eaa98

SHA512
2fb809d246540c08c46273baa773ece1a2883c803f5af512dd8caa2ead4841b9ca423efec69dbe076919f2f8c0f24ec237d2bb9c1043a44da8c749a7976f7069

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ebb60173837a7b651e67e45515cbab81

SHA1
96f53fad0302e7933fc2d48fe56b0c3427aa4d40

SHA256
82257e90ec8d3fa86b37cb5f24cdf4829ed4230a0a9cb87781c4161a13af43bd

SHA512
ea844aa5138055186048c7a64c0ea8bcf7d6ade453585c85cf72322d76bd1c9960bd1e18008b9f982e80ebf1af53fc8d34974cd0d2aa7a335abfe2b64786d90c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
18b4c1736bfbdaff2f6ada46f2e8ea8e

SHA1
ab752572febc199ebd06bc47b313226fd3f749e3

SHA256
82124f6f1bdad0e9528112488ca59745931cc5da0182da819c625ab8c4a958e9

SHA512
eeb7cb75da01689f8c357318f30bb34eb6b58f20226697b981e367590bdb755969ed53885b96eda512c9f38dad638383f0a7500561aeef4643b29b860e05bfa3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5ca9c376719b34fa504ca73df0243377

SHA1
2290186011bd914e85528d7e442e28bfc523a394

SHA256
324ba60629b2e47c288ed94024923af2fd5962194c7ad263d64d4d4d05005d4a

SHA512
4d3f2a8d98d68dcdbca7d2739eff005c5b00079cac2555dcd7c7f10d0445de4d73bf4e16487cd428fb944dd9b32e4ae451d6d5938c531adac1b5241b48ec3a64

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2a72c054cefb823090e024da904d2e8c

SHA1
1360978a8a0d73b2b08baa95a9053ac348fffa3c

SHA256
b11cfb39437ed339956e4d5dd2c7d2f6c00e572030f4a87add610f4df84d16e1

SHA512
4d4ad715be8e0d164b0e0a46858d9a3f78f3df6c013e750ec61fdfdd36f7611daad1ab08fb6afaf8e4a2ee40710faddcf6277daab3c1dd7d336cc163d9273de1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f8b7f4d69ca5adf34d27b94130d6d9a9

SHA1
480e6149739df3d024ce5ea6df15b92b43289c84

SHA256
54d82893bf65429a8ce64ddbfdde1bd59dd5bbc9c7cbfe893e4d1683e4ca50b1

SHA512
b330bd4d4b52bae6e649c26cd52adc7f00c49ab98c590572500608491a8762ec586433f8e7e79fa87b741eb535e2f7159b1ba2ef88b18a6ad835f5380bb6c23f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3ae4c3c3f70bbda236afcbcafdcf56c8

SHA1
7b03b6d8e897658fdef31d852b112de5e4033d81

SHA256
aceb1e5a37184c041d8c9e5b458372073db5e3e1b0c661807484b7cd5d87c111

SHA512
c136afeac2a81f1db4355f7680a5b5c70fc72adb539f23a7c2fdb34eaece4277f92e13a6c7ffad672cd863149b408ef6c529ec861ba4d90acf9a9e0c263cf35b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
de03ff9d18503e2e86b8cd8ffd389589

SHA1
14507fbc46c5403f66a1b8250d160033edbc4d56

SHA256
aaf473fe1e09c8027ec87c74049c96145872604419d0064b7955d631a6057091

SHA512
c07b6f79eedf1ce557f005b1c7c0980a66fc572108442e74bde3531eff6c2c3b307dda636f48d0b4582538c435e80462756ec38d18e21789b6e73e01c274f639

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9201d692745e63a0e7c9db8f016bd068

SHA1
112d471740ee1ed80ceb18c04dbeca344005cadf

SHA256
27871c3d0f37b403922ef2452675680f44969f7b0e63b2464921e7c4f7cb38be

SHA512
72758dcb3b54d405837cbcbd0cd7da45a0a47050e52b7de59b2e6d0236255cc47c5d78e7862907eab2f5c101362a32c5fc305b2cf90682a99975bf5857ca3f0c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9646bb0837524b0b6f8ab5fe2114932f

SHA1
e4360a21fbf791eb2f5cc2b3a0761645b49128b5

SHA256
f18df2166d0337eed7431150576f3588f380fbf11fdba878209a0cd7fca038e0

SHA512
b27eb04f5eae61b4ed6c6bca95140dc443cad4d7f695a5c8ca9267baef3a3fb4fb0392b4f6e21358909f5abc9fb6ffbdbc9e4c9520b0f07a8f2d5eced6a2e8f6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
ee62953de426e423d5e72506c9c039bc

SHA1
4e52b08ad37456e8cc9f447ff6df03440de011aa

SHA256
03e49a7ee2352130e5d1694d65a3d79520a9e62e1dcae4d676a1ff160634d442

SHA512
abce5f78b36fce2025fe94121d48a5791907f8ddf1839e190ebb4ce8ac60cf5b07602bd563bc24223672560c8d10a7e6dc07f583684f9649a3bea5cf1b8e4c7b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\sxsuh4u\imagestore.dat

Filesize
1KB

MD5
9c73646e6dbe8e83ad160b6a23ad9718

SHA1
bf7e590d9e31636c11ee543ef9412dbf9c836a19

SHA256
cb2c205699fd9f06596c63b7b8c46b712200b272d1f1ffe2c94755acdf0ddeed

SHA512
845d021b2a769a20e27a7210b530836cb91d9052f2b30acf5ae604ac77edcd1df0620ccdd3130a48fe55718714659798b85b6a84843187541b678788eaa0afdf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B1014REI\favicon[1].ico

Filesize
1KB

MD5
f2a495d85735b9a0ac65deb19c129985

SHA1
f2e22853e5da3e1017d5e1e319eeefe4f622e8c8

SHA256
8bb1d0fa43a17436d59dd546f6f74c76dc44735def7522c22d8031166db8911d

SHA512
6ca6a89de3fa98ca1efcf0b19b8a80420e023f38ed00f4496dc0f821cea23d24fb0992cee58c6d089f093fdefca42b60bb3a0a0b16c97b9862d75b269ae8463b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab3862.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar3863.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar3953.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
memory/1724-2-0x0000000000400000-0x0000000000481000-memory.dmp

Filesize
516KB

Download
memory/1724-3-0x0000000000400000-0x0000000000481000-memory.dmp

Filesize
516KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads