f4a2954ba2341cc0f2c606882457b3f41640dce58c0a20a89609ef72b6513423

Analysis

max time kernel
121s
max time network
127s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
25/06/2024, 15:58

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

0eab55034eb0861dd82be65605f42eff_JaffaCakes118.exe
Size

115KB
MD5

0eab55034eb0861dd82be65605f42eff
SHA1

716a5d4b0d5a2b0eecf33e2e306eb50660684579
SHA256

f4a2954ba2341cc0f2c606882457b3f41640dce58c0a20a89609ef72b6513423
SHA512

5033c81f739332bf738de0bbdd6191be1b942d50e0bff546df4f3de58518d79cd3b439f0111a86d763b2dd6571b0e5a39855fe73994506b5ecb55f9f5a5d9a01
SSDEEP

3072:A8ULObb6T6+a0BZIeNlB1RW7HwjpUp+4gMqbh129:A8YObYptNl39oIbj

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\roms32 = "C:\\Windows\\roms32\\roms.exe"	0eab55034eb0861dd82be65605f42eff_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Messenger Live32 = "C:\\Windows\\roms32\\msnmsger.exe"	0eab55034eb0861dd82be65605f42eff_JaffaCakes118.exe

Drops file in Windows directory 2 IoCs

description	ioc	Process
File created	C:\Windows\roms32.log	0eab55034eb0861dd82be65605f42eff_JaffaCakes118.exe
File opened for modification	C:\Windows\roms32.log	0eab55034eb0861dd82be65605f42eff_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a003219d18c7da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000b2968c6cf60b74b94229c882944fb8100000000020000000000106600000001000020000000d208e0ea72f48e4d6b01ea8c578176b61db431ecbcef0464a6c855f8434cbb83000000000e80000000020000200000004eec558e4820a5940ade164e756a04067879d83ee15504ed799acfacc2c761d8200000005dd6e8cd1a9d011886b2244344d0ed5532f9dde0e4a2186cf2dd647816ae75c040000000c4b1e40e8dcca578e24bb1b7883ee2b2685b71741696927cf38f71f86693c081f2ac19f164c6605c849de9361eb88684d9e9ba30ccfd87a86781239f6e167277	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "425492985"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000b2968c6cf60b74b94229c882944fb810000000002000000000010660000000100002000000046da78573e62ca51c8e1423ebd91e14c15b894dd2f9a87db5a18087939979e9a000000000e800000000200002000000081e0b957cf0760144d4cba03738d4ad65f4c8721b574c5939fac1451377d4a3d900000009b1a951ffbeb8faed668e6f009aa9d22f5d97f4a79733a762a3a9cd066a9a57fd4ef2a077df6339dadb27503771334b56d64a76b3097ce88d0e489ba98970b448c4d3e1f15abdfceb7d6b2045a99131095f35fd8f0d429d294a67b2e27b994f5edc981c5f2660cbe620e66d5bf32c816fda11c8308c8471960dd526afbf9603e8bd794dba2299676a729f0ba5bdd652c40000000401bb32a0e6117d7c3557361abe35b96d959ea368697b61251c820107ddf55dc749424d64ca13756fc3da74a1e7bc53758c28a793ec96d0e5f55c76e0c172c92	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{C88F6401-330B-11EF-8E7F-CE8752B95906} = "0"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2120	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2120	iexplore.exe
2120	iexplore.exe
2636	IEXPLORE.EXE
2636	IEXPLORE.EXE
2636	IEXPLORE.EXE
2636	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2164 wrote to memory of 2120	2164	0eab55034eb0861dd82be65605f42eff_JaffaCakes118.exe	28
PID 2164 wrote to memory of 2120	2164	0eab55034eb0861dd82be65605f42eff_JaffaCakes118.exe	28
PID 2164 wrote to memory of 2120	2164	0eab55034eb0861dd82be65605f42eff_JaffaCakes118.exe	28
PID 2164 wrote to memory of 2120	2164	0eab55034eb0861dd82be65605f42eff_JaffaCakes118.exe	28
PID 2120 wrote to memory of 2636	2120	iexplore.exe	29
PID 2120 wrote to memory of 2636	2120	iexplore.exe	29
PID 2120 wrote to memory of 2636	2120	iexplore.exe	29
PID 2120 wrote to memory of 2636	2120	iexplore.exe	29

C:\Users\Admin\AppData\Local\Temp\0eab55034eb0861dd82be65605f42eff_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\0eab55034eb0861dd82be65605f42eff_JaffaCakes118.exe"
1⤵
- Adds Run key to start application
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2164
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe" http://div99.sitesled.com/video_cicarelli.html
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2120
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2120 CREDAT:275457 /prefetch:2
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:2636

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
73c9db5f9a57e759a51fdfded4fc3d27

SHA1
9bf52b1836ff68e0ada073b76a69c8b6cbda7082

SHA256
d21c1668afc6482269fa159655eba3d8f7ad982681e53c2c118283872a0ab08d

SHA512
b083448f780ba5d45a6156f5035bf63698ed4403700a2353619cae613f737d8ba910fae829e0437dcac1271b31b3a3b661a13b434f61155f7febf595b59e1253

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c5677a41407b38303f76225cc8a1be13

SHA1
5cf5d5ad7e38cca006fcc62807edcc6f70ec2a4d

SHA256
785d2c3ce209f7fe9d9b23d00c08a270dc2fdfa21827037f94f2e6ed4a778606

SHA512
66a6e293c95797517f8c6de287ebb2290d3de19c8e0b4529eab9e5e647e14ebdd49decc1a3248123b036ae504dce60eaca6cbcc94363daaec4a582cb460b01be

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9f21a8dd6960b6ebcb78d6edbe273d99

SHA1
b5b4bf5c0034d56786b0101c9b54e522a6e52b10

SHA256
d3bc9f1cb9acfee743828030d9d95305fdcbe000bc775a59a7c22c460c801f40

SHA512
73c9af9f1efbbb03fc4f80ae7bbc129b6e7ece75e48c224d84dc3f5a9590b1844124e7a5f778fd6b060c1d6114109374a692bfd3f83a29c38ca3374e24158ade

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c6a2ffa6ef092509c5654db77c3fc05e

SHA1
bb473e763c2045f7ca7962e04d0976b8aa5b8345

SHA256
02d29e237c3201ba1ff22a24d3ecc681da7ff37e323d769ca64d7dbf23237612

SHA512
88aeeee6a4f02ffd03385ba490e6d85e5b890e24af704739e581df07e1e4b5a4ca8c28ee94ddc83c0b027c73fe717cb8b10281506fd606df99e8c5c3b82499f6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f79cdd98b4ca98698a56589819434e52

SHA1
ef22645c92b30dc65bb7f46b89abd7b8c265e426

SHA256
5e2264df340a05f499fecbb89d06c6a575cbb0f80b10f694e5d9d195b1139387

SHA512
9c4cbe6c92a74bbf9b00844df23377ef9cb138134336f167ac64f2320b987271c038241c2e0befe231835df6f929aef266cd8dccb9897ec0fd8e40370749c085

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
82f1c63f554415db267e6a9a48ef6ae0

SHA1
e6e1452ece47cc0542c22a8af756b2c71d4f5b0e

SHA256
009dbd546aba170c062688f2e743469adc47647678f592440e1089ddc4dd2f47

SHA512
baaa3b88529076cb95de2fede80d5c13e56afaa9ac50df841265fcfa4bb1f337d8eeea6027b478bd7b98b1fd95e41eeb63f26d22b610fd3ef76d2c8cc0a974bb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
434c0681f111824ea580036ba29daf25

SHA1
61f89bb6a9a56447dd9204bac58c93bc925bf49e

SHA256
d0b6d9e1c71d7ab8e358a544fc70446b64d781cbb357e9221fe6ab59fbd59ae4

SHA512
2dd14ee8c0fa82bdba06e45b61c781d9ae9391950aa3806998b1dc9470cb92b5c40da797bcc3f14d5cc88bf7ef615892a8d695633300d095721a2ca2ad4bccca

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3c49ea8b0e431682fd1bbbd60455b21c

SHA1
52dff91f4bfdc154234c1b165f4baa833093e10e

SHA256
cf3c4ac374640ef897d77edf5e597bd837d4fea03323ec6ca3c093751fb90f3b

SHA512
ab2082e23abf9a1e8b0249680708ca8f97180699d5b6ad7a3e4b8a57e23a18b07840fa463b2cb15a9753b680f1681a88f127cf9933b41ec45ee944d39a3d8e9f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b0c647a073da338d5e5f9a00ed601de0

SHA1
ab3f0e125ffc4247f2d1e6de69804a91f19bd21c

SHA256
212474d99136fe422222f10aa25cc981afe398bb6ad96c771fa411f5b28034dd

SHA512
6060c5b453c79214a057e858b4189bf161fd023388442ba810d870af32b77d35aaf9aa40332561111800f371a62c45beccf1dd27b6cbdf9eb412e40cf4fbc8c9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f573d180889a9d319d07fe5c2c49949b

SHA1
16731c99a7029c6c6dde03962f05940ba87c681b

SHA256
867df0b3edbd05fb279b6ab897cb0c0a21d1515cf724fd2a86a73f7d9f232514

SHA512
be5e0601d645a5838c0892945988a83d3f75f168cb1273104065c870df7cadf988fe0997336b9d82994bb337b4a36aad7cd4849ab3944b216343830b0daeebb7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0d53cd7d6bf53a2d781478affda2034a

SHA1
7fdb165875cfc58abd8591e78507cc30b6543ce5

SHA256
ef62479ff077cbbc6cb265e45bf9ade3f9f72bda3c56c798a1df179e5e5d0749

SHA512
080a3ef301a95a233d37393c6fb8e1badb6edabe80a8893825e4569e2fa28faca60148cd32bc1b19a2411ee0c25f95fa67e4426fd1d0b563773b20cef8fa75ea

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a3daa078d8299dee20b776ae03646ba4

SHA1
1e2799367720478f8e29f74b06a90b4ff088e425

SHA256
411252490e4df29b0f3959d7577dad565ab69f086dfe6d9a6391af5e02d2831e

SHA512
d4b87e2a0c22bac14282bc58fcbf4f325098aed6ecda6fe0726ad9ea80753fe975f20aa6f4f6bbde40259b65822218b3dbdfec1d3655436fc39b6c8d224d304d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7363a15b358da97f8ccd3379c382ae2d

SHA1
dc14d91acf6e39493219df5932f822ea136ddf52

SHA256
bf028806f26f1c560d84e75dc49aa59016e68ab6fdbc10b2c0a190361c32a99a

SHA512
a1c8b55d042847994188f34cf79299d80d2a5207a31341e136d7e23dfcf2d3dc98bc0061539ca85b6194055f592f8d34802150a5695d249d6bee8f0acfbbc0a5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3bd1475445505159dcbe396482fc00f8

SHA1
5f2e9343ce8ccea5431a16d2103e3627146968a8

SHA256
b3b6fb1329dbb92a34a6d1bd7b9c7ebd58a06a5ab6dd28489fd76e21551b3039

SHA512
296db8e9df1f1b7a4efd4e77a95b495b402ddd299eb106d1e9b6fa4d3adca9845eb8a862cde8a89523c07d6df1542a20ea77d4fb6ed7032bdcccdee63c29d5d6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0c61e2b64f2620996764955addc4cda5

SHA1
6e64ba7e2bca180277fbf61cbfc75206d36e9e30

SHA256
291feb31d273c575c180198cd4e87d1dec3bc29db394f2c9d82886eff83a3f76

SHA512
072a3d5c428c44bfe554a38b17d291355ffc81e49c2ba375fccc83ee1a65afc75e37cda2d2152cd7dd0bef2c84b46eec2f667d2420cc6c2f41eb89f4017ebfd0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
74ea65185cff3e8d13b0d5e74cab5dfa

SHA1
1fd6a7c2a33fbaf5148bdfaf91a31db98518d5aa

SHA256
f8298da528f023a82bbf8bbdc479c5d4d13750a7c4d90a37289663f904b850aa

SHA512
c769451dd1d76d0c4c8573f290a7a52d211993be42341e22dc3ee6e1d18718d2331e54c8cc32c8fa6ab9b33f45f7dd69d749fd0a5f061de62ebd67f0b2b5b776

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1b589c678ddfb5a71fcba3dd26e03edd

SHA1
437a266eba4cbf13c8803e39175f610d6663cbc0

SHA256
ba0088e9a17ee672493a5682289f1955624447dd666ba0bec39c5bca96670cf6

SHA512
6b92e53fd130dd5528f69df1df827077baa8d56958ebc6a710237b9ed848ddf2dc0c647d6f7ba100a432eff84b4d82ea574dfa7ee48811bef570c4ed9aad742e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a214a5bc96a6b7dd12f6ed87a4dae199

SHA1
93622dfa2190920d0deacb7a0a71ded5cc3e02bd

SHA256
7afd16d58a0e2c5492f916b32d5f7e467b2e493f5f975b02633ac0343cccfe5b

SHA512
dab8fff7620a290a603606f1079160340bcf5ce442e26cebb94e0a0b70eee88a28f2af9e9a611b286eb95201de29d7697fd786bec7f223b228880ddb07337cd1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fe52be38d0c60a37d742997f128dc77c

SHA1
97bba2154e9268c82a8c03080262ba06c7e46ceb

SHA256
47070858cddf2a922396863c5d61d5c8a135451307280c524f496362810265be

SHA512
a98e6882c34f1f327d2326e78dfc4bbf7ce4c981fd01f647542baa1e849a8abe56fe44d0ed35966d619f00aae08b451485df190ad09085286b5d6c03b4aec283

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab2ABA.tmp

Filesize
67KB

MD5
2d3dcf90f6c99f47e7593ea250c9e749

SHA1
51be82be4a272669983313565b4940d4b1385237

SHA256
8714e7be9f9b6de26673d9d09bd4c9f41b1b27ae10b1d56a7ad83abd7430ebd4

SHA512
9c11dd7d448ffebe2167acde37be77d42175edacf5aaf6fb31d3bdfe6bb1f63f5fdbc9a0a2125ed9d5ce0529b6b548818c8021532e1ea6b324717cc9bec0aaa5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar2B9D.tmp

Filesize
160KB

MD5
7186ad693b8ad9444401bd9bcd2217c2

SHA1
5c28ca10a650f6026b0df4737078fa4197f3bac1

SHA256
9a71fa0cb44aa51412b16a0bf83a275977ba4e807d022f78364338b99b3a3eed

SHA512
135be0e6370fd057762c56149526f46bf6a62fb65ef5b3b26ae01fa07b4c4e37188e203bd3812f31e260ec5cccff5924633dd55ab17e9fa106479783c2fb212b

Download Submit
memory/2164-0-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads