67dd007fcda2f31d183021d1b0cf65d7a1a1c3ad232371dc3c2d38c05213ba96

Analysis

max time kernel
117s
max time network
137s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
25-06-2024 04:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0ca57fc7a6686f0d256062653f314a8d_JaffaCakes118.exe
Size

140KB
MD5

0ca57fc7a6686f0d256062653f314a8d
SHA1

ace8f5fac4eb409a45c4af92b5867cdff4041165
SHA256

67dd007fcda2f31d183021d1b0cf65d7a1a1c3ad232371dc3c2d38c05213ba96
SHA512

d2c62232da88608184d021eead18f7561555f7b71f7bfe15751c80e1663891618d2efc08dc3abaf40b8735c396027f5f9b09bfc086e61f9458b83f7ea79da9d8
SSDEEP

3072:am4bH9vTQbR76mS40PidJW63e3g4qjRz6DHzg8X0gxyUgawrxVj:DyvTb4lcAlsHZE5X3tV

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Windows\CurrentVersion\Run\wmplayer = "C:\\MessengerPlus\\mplayer2.exe"	0ca57fc7a6686f0d256062653f314a8d_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 39 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Download\RunInvalidSignatures = "00000001"	0ca57fc7a6686f0d256062653f314a8d_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "425453199"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Download	0ca57fc7a6686f0d256062653f314a8d_JaffaCakes118.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Download\CheckExeSignatures = "no"	0ca57fc7a6686f0d256062653f314a8d_JaffaCakes118.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{25229E11-32AF-11EF-B98D-FE0070C7CB2B} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a807600000000020000000000106600000001000020000000b615171e2f74d7bb540baf072a1cf5ccde04dd4bc7fb7bf64a1dc02c951c6288000000000e8000000002000020000000857c1445a37c2a856222c1c2f3ffcef7cc7314ce12cef69d5450815c00192edc20000000a7a1650a679f8106b573713f42591508b6b53634c85855f3c959801f2ae5e8b3400000006337310adeb51474d77f8efa68a049678d51781b3099099e2634f4d362956dba8fc89727854d23bafbbb9ce97ec6d381c4ac135df2c80e3ce56e874b5744cb92	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a807600000000020000000000106600000001000020000000e97f65f28625a7a1a5fb025c6eb5554e958406845bcc9df2a70872e54eccb1cc000000000e8000000002000020000000b7ede35b0e6dd784f839ddd3280cfc72e784b0d7738f1fdca1eef9902672e50f90000000eb48dc0dc93c6d94cddab22fe6ed0d1ac6d4e4ecf6c2c2ea3de121c400016d499ac970ad59fa90fddf9c801a1e58f28b7cedf3a61cd8634c6940a1c93e6e183b1589b25471506a309c188e97a7ea934ce07a6c2a8bfdcf7befcbe95abe42fa8041f1d7c16288794123b1baf2b28c16c9c8176a6b461c18d32eff4e737cad425c7180ec86f44a5aadd324497bdce42ada40000000a2e1be45061da3c8393cd096e947e670c037ef17ebdb7b6f42fa6e6fe89c37b3ccfbf99acddee2d2af974cf76f2f2bc5127e7ab856f340cc96363f2c0e3fb2b0	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 70df73fbbbc6da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2908	iexplore.exe

Suspicious use of SetWindowsHookEx 7 IoCs

pid	Process
2208	0ca57fc7a6686f0d256062653f314a8d_JaffaCakes118.exe
2908	iexplore.exe
2908	iexplore.exe
2688	IEXPLORE.EXE
2688	IEXPLORE.EXE
2688	IEXPLORE.EXE
2688	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2208 wrote to memory of 2908	2208	0ca57fc7a6686f0d256062653f314a8d_JaffaCakes118.exe	28
PID 2208 wrote to memory of 2908	2208	0ca57fc7a6686f0d256062653f314a8d_JaffaCakes118.exe	28
PID 2208 wrote to memory of 2908	2208	0ca57fc7a6686f0d256062653f314a8d_JaffaCakes118.exe	28
PID 2208 wrote to memory of 2908	2208	0ca57fc7a6686f0d256062653f314a8d_JaffaCakes118.exe	28
PID 2908 wrote to memory of 2688	2908	iexplore.exe	29
PID 2908 wrote to memory of 2688	2908	iexplore.exe	29
PID 2908 wrote to memory of 2688	2908	iexplore.exe	29
PID 2908 wrote to memory of 2688	2908	iexplore.exe	29

C:\Users\Admin\AppData\Local\Temp\0ca57fc7a6686f0d256062653f314a8d_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\0ca57fc7a6686f0d256062653f314a8d_JaffaCakes118.exe"
1⤵
- Adds Run key to start application
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2208
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe" http://www.youtube.com/watch?v=gOO_UqzEc5Y
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2908
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2908 CREDAT:275457 /prefetch:2
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:2688

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
24fe0c8089a12eb4cb8e24cf96fc942f

SHA1
3d9f5d6ae86b2f6178ed7e5236094451533fd808

SHA256
d397bfc9b0151679dcd426594f976cb1b215679ea7c57ead8979ca83a27e4b91

SHA512
1884cfab0fe7d074652e2b887594d12c4077eb41a73e5673af9d548c1904da8bbeee1a25e91bea62d396a13a28ff0c59846995527a0738e9e2eff0e02c107d6b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5d91af6251989d766ca88b497f35b860

SHA1
e404fc6e2e616e074a031eacab526adbe7e6cfe1

SHA256
1dfc4724c9745742594c79ddb845c55efbfecf90c1a48e1dabef82100d884880

SHA512
2c76e3f189ad703725fb98212cf90fbd4a846b5640cc7f31cc30432006ecb91c16bbe4273d476aad031b522b0466d205a193ba3473938a04cfe89a4df2f36049

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
454b42f77a7a9cac77230fd55bc5f8ea

SHA1
6443bc2b4481376cd5c204d3fc5a623e4f464f16

SHA256
4afef8bc74144cead79fb6e31cf992a8b479c243de849ae4ab4477497ea88e9a

SHA512
57a45ab7ed2e27bc0b45b50628c31c82d65df19f5043cbc4eddec32105abb86d713be614a1d1f42b5c5a98b1e7aa9b69a03b6229614352982204346de3c098c3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d84b65688943e609bf184797d4f580da

SHA1
4cfe46bf95458ac4513c3ba5bab2f57c0c11fc63

SHA256
af98bfc09374067c7bac8e4f927e777eaf9959c27146050451b3844977fabde0

SHA512
35ed6a6f2cc9eb7b16f8b7582624401336111d298e0d9d6cf2e0c7789e9de1cb43df0ad2beb9b7261b539a6d6deb358f1efb0b79af6326124ef50ec9ca59d83b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
314c937b08bea6b1d328b423ff06c8a6

SHA1
ee3eff03bcfa035f57a08674042d6fdf972ad49d

SHA256
a99c4b4d72371863f0a6290b9cc27a5ec41476107aef77102516e6f60c312011

SHA512
e6bcc2a02c6d7d49f3a426ab282c1d4cdd1c4f4f968115e609fcee5ac5064f5a69cad7895662f6035a3270cb654cf08789186760512472c907d3c1045acf7f45

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ba19879008405bd86e878205055f2542

SHA1
96bb112eb093a4b41765e049936085c5838d0cc5

SHA256
8d6d4357db6af0b70049bec3190e545356b8017f39e74ce6db3dac09a383dd1a

SHA512
5ee9d839b9535fc3f0cf80f65fb22ef284dab97ac0bbbc7388c003d768e92da8ca93dfb0b28a81be65412dafacafeb53328e82a49fe6ecbf4ff7fe2db55e6fbd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
15597bd9ab088585d7d4b936b2299a40

SHA1
ba9e68a8c7786feb9fbdff5d4ed215e927f17079

SHA256
cb9bd48416e82d41a8b68d0f66f197cf83263a24f7a4e92b6c8ed765cec1d8fd

SHA512
90431ea929293ff285b7ce193e0f40d0fee629edae9265f58cc8cca9223831e848a924ac321e9372f9e823b0c25e2cb6fc4f64d2170a568747168240610b640f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
157d0f5884d767566b5301b71088a383

SHA1
c31f4b4a38bda7b8ed2d0f1d0b735f882d1fc09e

SHA256
2acc1e623e1ac7c5abbdfb6cad13cd3d0d7da525560001e03883da5cb789dd07

SHA512
852ae3f81b9687605b2be8d9e17f32945445aa01911fef20f6e0bf6135ac096a8d9c1fdf3bc204e73668e0475888d2af35eccca21f65d12c419b673c8304a27e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8ff4aa0c95157f9dbc4f716bb3f964a9

SHA1
160022808ac9ae6b33be4e970c6ec4a253634876

SHA256
e7970d6ec324526b2ab654d2b3afc7b8fc4dde58e3abe9cf8f7bc4290c6609f8

SHA512
a7899046bebc0174d34862f7775124360dccae74521b8dee8ccf3eca3779fe91164ef7da20622416529bd43e21c91e39bfe04e7c6a64884fe21a531c422024ca

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cc6c8f392d169a7ff93588ec113c484e

SHA1
a620ea9f8a71d5b4f17e65163de240bd48bbfd5f

SHA256
0ec6d30d3b13f62e21a0253e273b5282430b57e4943c17f9a537dd6c001cf790

SHA512
684b8f33dd6c6e6c129527716fee7b07f3c69320cf898142912760c63e93c4f253887eedd668fd7c18e2218ef36d038aa87ba00cdba551ffce6395ae3b4ecde4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2cb3ac4730cbc65d5c51471a65ab7fbf

SHA1
9114d10fdbd1aec6cbf27c8476580b04c7f8512c

SHA256
b7d2441680a25ec3a95f8e9fda4311de25da18cd774f9c02f65935d3d052092f

SHA512
c62b858a7d3d339149950eae3c28b4d18c42a1a0a9e002f43435d4d7fb2f3110d13918f8d648429d588e4d9e48e94704754416abb6cfc5cc5121e07810d390f4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
55213d7db210061cd7bca0eaa2a49e81

SHA1
d9a4612571f7a8c9cd4a9c77720ea30f5438a925

SHA256
433c4cafe544896e343105998fd4055d2406c19bb22951f48becacb833284adc

SHA512
ca29baf591ee8e289e2adc55c48acea08b72c67093752fb0dbd24e27e26c2adb6855ad0573eeae5750f319cd7c42f412466effa9c9ebd149f82f2a48eecc6653

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9ac1a74a823bd3db13632a0254d4f468

SHA1
824719432b86bf3ead50bbff688b926557db76d3

SHA256
da08e64cd9a0030bbff3fea4e45666c607657b8ccaf1bde50920f44852aa1b66

SHA512
f160a85c8349b832f6ca6b622fb1227ad122fec066f61439c249f7214d01a23c5f8545bfa739a5d16e76ccfbb1126258f4953e001c3a699d4bde3ad67c171e58

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
acff251bf50cdb6e9cfc9e49e00c34ed

SHA1
b03bd0422db57bada3fbf5cfb183f4feee7e683d

SHA256
053e975816233d8af283c4625577482f98d453022ab2880a3c508e88ddda18a2

SHA512
9ad45d65d1dc75287f8c46547a865c4a24cbe6086566822395a0750890cca4fdb51d51be1713295af0a56b933ce41e9dc14dfb4e08df819c7aa65888fec8384e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d9d1716ec9a83ec80f72a18df382266a

SHA1
710dcbc5b714413b52aa1890bd3959e17a037d19

SHA256
1d99d8d697754f710b79025ff6004d1f78f90132a458a753e85df237745ea495

SHA512
d6563f730a5a67ed3025acd7259f86d56c3ee2b074a2cde962da3c4897ab159ad03579b7a700a30587528285be128e7033cd3fc564555564d99abe40b07707ac

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f8dbaedac98ee51f96ff353a7cac33fa

SHA1
7cc88067a65de8d4c712a773851e040587caba3a

SHA256
7e2337484fb319779f2f4850c72091013f1c7f58666c74a830752e759aeb6806

SHA512
1cee39e2a6d0f3fa26be227c55ee574d11c9d1f860c6079a7aec57cab0c29c3d09a28ba5897ab17ead9809b298b375e3d783fa474b8ade14e95df9aa2fd8cd83

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5e0afe1310e11e86da1d34a51eb9c56a

SHA1
81c9c3e6cdbcd8f6c0f08a60e4ddb4d642b3d567

SHA256
8e1d1dc0ff4dcee52407861a29db1b29179b97715a2af0dbe90e878a5459bd8e

SHA512
b31be5a233626212a44e47082cab942a69f8e0440ad4b18faa78653efce91d81656068534fd78913fcf68d282995084856f76cd654c49d5142784d12c30f7582

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3941dec8a393247af48b25ae4c39987c

SHA1
67be133d9e6e63a741cbee7b559ff9686ecab9c3

SHA256
bfabdf25b45fe579ca39387dbb05069fe9efb9d792e1b6c62ca2bb953224e97a

SHA512
d15d10abdf7f7d3d5a040d49553890dc0bcf2546f3bd741e0283b92834680d52a9448fe6e1346c7677d646928d976cc5ed238cec874b007d3a70114859da0161

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\c70czm7\imagestore.dat

Filesize
1KB

MD5
ace975e5952a560fa98fe0884d3b623b

SHA1
c54f1c728782377b34f568e8092076f9a74dc4c8

SHA256
8e9920b875f4d98ccf66aa0868a41a05f190f801a90312aac8ddba42c6f4e40e

SHA512
2b60d57e3a3bf0dea26fd66acaaab29725ff553131ee4795c637a39a21ec87e1a36b7d351325d373a3097a85471c0682261dea740829bec141c2019b081bcfbd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A8DU897P\favicon[1].ico

Filesize
1KB

MD5
f2a495d85735b9a0ac65deb19c129985

SHA1
f2e22853e5da3e1017d5e1e319eeefe4f622e8c8

SHA256
8bb1d0fa43a17436d59dd546f6f74c76dc44735def7522c22d8031166db8911d

SHA512
6ca6a89de3fa98ca1efcf0b19b8a80420e023f38ed00f4496dc0f821cea23d24fb0992cee58c6d089f093fdefca42b60bb3a0a0b16c97b9862d75b269ae8463b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab8799.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar87CA.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
memory/2208-1-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/2208-0-0x0000000000020000-0x0000000000021000-memory.dmp

Filesize
4KB

Download
memory/2208-2-0x0000000000300000-0x0000000000346000-memory.dmp

Filesize
280KB

Download
memory/2208-3-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/2208-8-0x0000000000300000-0x0000000000346000-memory.dmp

Filesize
280KB

Download
memory/2208-7-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads