a2eaaffb3a83005c603b6ed986a2cce86babfe08a7e6749ef97104acd4958909

Analysis

max time kernel
144s
max time network
148s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
03/07/2024, 08:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

21b8e9dc0f3417fb8e0652210628562e_JaffaCakes118.exe
Size

36KB
MD5

21b8e9dc0f3417fb8e0652210628562e
SHA1

daec76400595ffff1154fe75a719a975c416be46
SHA256

a2eaaffb3a83005c603b6ed986a2cce86babfe08a7e6749ef97104acd4958909
SHA512

a2f1331ef14ddc4b0127ac5e993354073fbfc351790fe219e87dc942ac05b2529a6c8dac8f017974b2e3cd3ae3532575094dab43b8b42c672c24913a982e28ba
SSDEEP

768:XIkUXQd+LXsYBUEquf7Ps4BBBB4JvJzr5XPSth:1UXQd+YHEqwPTBBBB0xB2

Score

7^/10

persistence

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2504	2012list.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Windows\CurrentVersion\Run\Windows applicaton = "C:\\Users\\Admin\\AppData\\Roaming\\2012list.exe"	21b8e9dc0f3417fb8e0652210628562e_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "426157651"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 50c9752a24cdda01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{54731D21-3917-11EF-A564-5267BFD3BAD1} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000cb85facb9a88554b995a29cb694613e60000000002000000000010660000000100002000000042ffaab9e1681047ad50518e410c3523cb778cf4f0fd97051c3be62ca01cfde1000000000e8000000002000020000000d3ae5276e99e9e4126258762cc934d420e9e82c37ae62b1d4a36e232a39336b420000000f92aa89b688b66242bfaf587fe753258b9bd234e64bcefa80f5caaa47abe184e40000000a9552a5dea23f2d38af81b2c9226f025049510f8f6ba61f3bc04d576647f2495bb2e75409d458c8507d60a0275f82f5eda887987dfe1a0aca6e03616bb3e0c0d	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000cb85facb9a88554b995a29cb694613e60000000002000000000010660000000100002000000022d4f9a4a839bc759db7345ccc59b9dfe25ec0208417ff20096f91e14614c65a000000000e80000000020000200000001a3734f6e2ca23a7808f523bb72e05856eacd78bde7335bf2b35ec16c5b12a7090000000ce1c49744769e1c3fa1e5936159f27a392c225a0cac74362d1b2aa33b3cb1bb06f4aba4c8a64688a972a35011d022acdb47d993f87a572a57de7020e9fd13a54e48fe9f5a785dfb6eff46bbeaeb758aa9be3b03955266e70f8cb5f677157ae6e489e4b0bf75f72024acd4ca68277766a7087b018fa30211466562354a574ecf9b282abb45910a71065a01cea349cd27940000000cf5f73d5894db7c6617bf5249fbe1511fca0118854840e49669f17c70f16992da4372a31b078b1e3939ea698f0834830b84b5ffcd2c2631e15f8baac923bc9f6	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2504	2012list.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2500	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2500	iexplore.exe
2500	iexplore.exe
2128	IEXPLORE.EXE
2128	IEXPLORE.EXE
2128	IEXPLORE.EXE
2128	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 10 IoCs

description	pid	Process	procid_target
PID 2000 wrote to memory of 2504	2000	21b8e9dc0f3417fb8e0652210628562e_JaffaCakes118.exe	28
PID 2000 wrote to memory of 2504	2000	21b8e9dc0f3417fb8e0652210628562e_JaffaCakes118.exe	28
PID 2000 wrote to memory of 2504	2000	21b8e9dc0f3417fb8e0652210628562e_JaffaCakes118.exe	28
PID 2000 wrote to memory of 2500	2000	21b8e9dc0f3417fb8e0652210628562e_JaffaCakes118.exe	29
PID 2000 wrote to memory of 2500	2000	21b8e9dc0f3417fb8e0652210628562e_JaffaCakes118.exe	29
PID 2000 wrote to memory of 2500	2000	21b8e9dc0f3417fb8e0652210628562e_JaffaCakes118.exe	29
PID 2500 wrote to memory of 2128	2500	iexplore.exe	31
PID 2500 wrote to memory of 2128	2500	iexplore.exe	31
PID 2500 wrote to memory of 2128	2500	iexplore.exe	31
PID 2500 wrote to memory of 2128	2500	iexplore.exe	31

C:\Users\Admin\AppData\Local\Temp\21b8e9dc0f3417fb8e0652210628562e_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\21b8e9dc0f3417fb8e0652210628562e_JaffaCakes118.exe"
1⤵
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
PID:2000
- C:\Users\Admin\AppData\Roaming\2012list.exe
  "C:\Users\Admin\AppData\Roaming\2012list.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: GetForegroundWindowSpam
  PID:2504
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe" http://www.brazzers.com/
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2500
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2500 CREDAT:275457 /prefetch:2
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:2128

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
901f8b427c7925c6df63a4d8f5970a17

SHA1
0b29ba241d8293deaab84e7a1bb12cbb09c13c42

SHA256
e7fdb4448a00d6e36d9ca566afbfe0ea80d41762caaa34d3ac85695420c35b51

SHA512
43eeb395b60921cc01ac910592ebcfc5ac7ce0a86de3f68846727191e89e8813618d8d2542b6afbb5b41bf7c4be0dd12927c23e3ef40f8be17fd6fcdee59796b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
42677d20f55c164256dff372d7412928

SHA1
28a7c6c95a8030c0933abba63b0e3c31b43d83c1

SHA256
ccab3111d41f41fda9e97e40d33b91286a0494ecec5b6278219eda020c28b0e9

SHA512
d1103313411fa68192c1acf3e55b41cd30aee77ed8c654b35a05af439e8966e3f50916c6a36d03885f336eadd0ece267a5a306d736330f6cc28745afa3f5314a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c33e16769e1a8ef9df13b29d133c02f2

SHA1
a1e5652e4f3147da83bd5d4bebc168405cc96a37

SHA256
23ffeb50c9c64626e95955e822769f4c32e7c7dc446fa982b4971ab584dd8b25

SHA512
95bd856db4404c77b602cd963c996717c664e0b3972c8e5f4bb6d951cfa5a8adfbe0add862a4a61d5c86259bcd9c970f50db0dda66536307342bb64e1abce2bb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6151b605e5aee8d461502f1707e40c85

SHA1
737c76bbbc55cf6e8efd145d6fb9a24f861d369b

SHA256
683f43ffafe9d887a2cd446e208ef8e29de40b90b04bcb9a808eaccdce85e792

SHA512
fcc0621a8a3e8b0e06cbc79a1751c5cf8cfbe4be8ee642e3241be362e5b6c742b2001d54abe67e86f0e7ca56c78acaea13fa224be45d4e0e9072a8c936a1c536

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d59efed130d80cb13bc3a4fffdc8c11c

SHA1
334ee4a7cf52bc595022a70a5c8360d0bfc5a379

SHA256
0afedc0414823d457333c209e54148efbc6e37366bb2dcb76491fb766152d299

SHA512
4a9ed16cc2297aa8e44af8d6e18348b3adfeadf333027860672ea6ce2fb61527efd8944d1d1a98718c9e0f3e6a243ceb1211f1d408060404e0f22564aa5a6099

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
59aff0120e72c013f5ecb96c0c586970

SHA1
6630b68817cad0fd18582e958fa3b539b12c0918

SHA256
c0d0dcafb3d55bca5010d6511716c2746d4795f22d577ec3983a776515aabcca

SHA512
6baf00783837de37eb91b582aa81e385ea7e3a18c6e1619e03fc835b93620561d1e01d64681c9b7ce8c6801a8386e6fea3238c7ff84f9d9e31a99e00cd43b537

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3446eef939db714df839521ba875559c

SHA1
7d7844921a1d75588830e308482579b461751834

SHA256
baec0363077921dc36dc14bfee7bca2cc6f2a8c7cefa98320c24387a07692cc5

SHA512
9a93ce3bac9c97cb6a0e29c395d1dc1da5e925cd1712d426fa78e9e3a65dca88fa15920e357c8c9dab9694a45ddf8f16b2e1598067532b4b8e42d04766d408da

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e042873d4d269098572bfb2d95a4bd27

SHA1
aa4c81d12c260d8d4f970caa5d4a4d9b548e66fa

SHA256
35883f33bb9c01eb70a485b95d53758a6cc95ffe6c29c6fb3e6b75914bcd3fa4

SHA512
3a5228eb4ed0548747f0a5f17f8baf845bcde0cc149832b92cfbcd86c14c5c5ebafc99547e8e6124f2f0696bab58b662b94609a607903851e4a0af52b4c391a1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4302943a7f1d0fa6a9e1d1c08081c386

SHA1
325bc9e1fc52834c81c3a619ffc3d67a00c48465

SHA256
b29a4e529d2f48c00eb53195de96266e922dfc77c55c243c41dddb498a61401a

SHA512
cf4720fe7e664114b747ffb14be4f307a14ba1f3ed00119070c1c643a5d41d99c09e255053f9cf0bbca1874a80590b0294645eb63e03551067b7cb1db488eddd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4dfd7b1d81cc7898cf992876fe97380d

SHA1
e6154144f0dbaeb5532f2e957dde674819fe2e42

SHA256
a8047ee590bb1c00fa8db9c923b5ad1158284fa06ed8771803fd298cdc48eaa5

SHA512
8d463a613451f3172c8e29707e1430024f832efa6d3ba032c169b49dd034dbf866ef2ba71596f0536f716aaed0f5a63695bd5266fca992bb4671c0aab29c128a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a712de05e7c8265ac0233ef611cc397c

SHA1
7737942969629b3e116228dd3e55deb2c913b4e7

SHA256
2a899c7608f92cb42a8d06efce0fab402d2119797af58d68e32e008e4f14a7cd

SHA512
785c7b8641177bbc8d66403f5082ad18675ff24cfed7dbaaa64ce38ddd94b9f08833649e94d78ed78120d917aef98d27063cebfecffa2a15685b63376d80005b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3da988d6c1fbd5e5009aa22ee9981506

SHA1
cc96479f0ca9d39f5a406ea25bfa653d40b2a1d2

SHA256
097f98b2581123a8b0aecba9c5b21d4bc4c613c5facbc37f2249cf26d7447f08

SHA512
78726839980bb229e551f28961a920b2f7657ab489090bdbb8f4edb16fa063bdeb0bf7661f2cc4ec3ad05bff5242be9b73619aa753c5ac2ba7249dc2e760861f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e797084a18bade520d2e40b7906fd91c

SHA1
be09fa34fafa5ccade93fdce541c2e5499559a69

SHA256
78069ad227e2819abef404bf631baec692575c4a79e23ada886c8087f8157bac

SHA512
735b74a394edb760b6edfe8149daa77b89d31a6b384aa80f408fe1f894aa1bd4dbc8a77b8001039eacfd05af752a94914c500223c61be57fec6849547d00b594

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
21b4436302cac2b9223945d6ae905d03

SHA1
ba39d2bef0cc773dae2959708760c69999ae6c38

SHA256
2ca9465697ebe5883d07c243eaeac2540176887d94b4e2b74fe98d68f03fce9c

SHA512
cc20db7e87c49c3f1de75a17c82396fa61b7d83c9c2e639d5789cb849b98d4d88f037e88e51a32fc8c8d8d17dd015de5b2f3c8eb94735319266e7964d7df4bd5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
41ddf112e1a620c70f4f40cc41d33816

SHA1
7ae1e02bbf9812b525605354722df891f92de748

SHA256
21be0cb67149dd4460ff24309a458ee78ebbed89a1727f2e918b13954416beda

SHA512
c0ceb2276b1422cf9eb76e1cbcfac12d9721d23c97fd2b02f2e3567b02677966540094dc796516abc92584415c784529d33dd7a2f0ef97df934c99f8a7492973

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
620235b7722f991075501441ab79d63f

SHA1
ea9eab9c1c82e82ebc5801ce04bb6baf2af9613a

SHA256
a582d6833888523bf122b81235698c8e1f2fd92116db24f15e59b52e984b0bcd

SHA512
76053540cbbba7ff4325540a74591ac8f38c8b282083eec3ae55d58c2f853b6c909ccc1ea8bd00dd032a42c045d6cd8bb024888a768d71ac6dfab93f2de4a495

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8246d6a7993dca07457e03b349a787d4

SHA1
c75795a596d26c1746233db7b560b026d9c15f44

SHA256
40b7040da271b38c9c69bac0bcadc22a654f6c68e03b1251085ae0b63cc542f9

SHA512
e01d04b71894a52b043ababc42bf7efcdb7f3565f2085854be0fd4fd056308eaa2f90a216b4fec259cbce593eaca35bb336f319dc0c6d9622a67893f41ef9a1a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e3136d2e143b657d2985d4140b872835

SHA1
6051a91a88d49118a48ab3a9d3d4faae9fc9b60f

SHA256
331b093375ad815541fa3f97d00f4e5049fd4cd9cb36aa699e967e014894d089

SHA512
39c9abff4eb30f821ee5752e9eb3dd135459b2a64a347e2015d698b354be32ab2821963aa36909883ffd5241308b8960d12012658859b02fb44a9a659d458b15

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
340aefe1e2a76823ce2b270f706a670a

SHA1
153ddc2783751b4e2ba5efdde8bdf9c1ff275f33

SHA256
e85c7895c7666160ed4db0ef79eee950d441ff1405c5a56650137247b93c4fc8

SHA512
e317c35e965828d97dea90e7cdbda6ea34eb93bcbe5d33db83af11106c38edb1603cc44be182cd14a98cc04d6d30d294d6d7d1d35c236424f01fcb33b0b39acc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3e64c4c940bd88958578f34f7fe26d4f

SHA1
57a94c59f2dc98ef4bd18657915a25af6d7f23da

SHA256
775b3a429d2fec061f1626bcd4075bf948f3e35833c63e317257b8945da8690f

SHA512
4d2ffb105d0e87bf6b8ce19b7d8c250d2ff7cd6fa3e1e9a3757a5a46b2a61c94e2538a4c699421386a0c4e9e70a83d5f20e59771cdcda86481b5bb468096452e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar4C34.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Users\Admin\AppData\Roaming\2012list.exe

Filesize
36KB

MD5
21b8e9dc0f3417fb8e0652210628562e

SHA1
daec76400595ffff1154fe75a719a975c416be46

SHA256
a2eaaffb3a83005c603b6ed986a2cce86babfe08a7e6749ef97104acd4958909

SHA512
a2f1331ef14ddc4b0127ac5e993354073fbfc351790fe219e87dc942ac05b2529a6c8dac8f017974b2e3cd3ae3532575094dab43b8b42c672c24913a982e28ba

Download Submit
memory/2000-0-0x000007FEF598E000-0x000007FEF598F000-memory.dmp

Filesize
4KB

Download
memory/2000-755-0x000007FEF56D0000-0x000007FEF606D000-memory.dmp

Filesize
9.6MB

Download
memory/2000-754-0x000007FEF56D0000-0x000007FEF606D000-memory.dmp

Filesize
9.6MB

Download
memory/2000-5-0x000007FEF56D0000-0x000007FEF606D000-memory.dmp

Filesize
9.6MB

Download
memory/2000-2-0x000007FEF56D0000-0x000007FEF606D000-memory.dmp

Filesize
9.6MB

Download
memory/2000-1-0x000007FEF56D0000-0x000007FEF606D000-memory.dmp

Filesize
9.6MB

Download
memory/2504-757-0x000007FEF56D0000-0x000007FEF606D000-memory.dmp

Filesize
9.6MB

Download
memory/2504-758-0x000007FEF56D0000-0x000007FEF606D000-memory.dmp

Filesize
9.6MB

Download
memory/2504-756-0x000007FEF56D0000-0x000007FEF606D000-memory.dmp

Filesize
9.6MB

Download
memory/2504-12-0x000007FEF56D0000-0x000007FEF606D000-memory.dmp

Filesize
9.6MB

Download
memory/2504-14-0x000007FEF56D0000-0x000007FEF606D000-memory.dmp

Filesize
9.6MB

Download
memory/2504-13-0x000007FEF56D0000-0x000007FEF606D000-memory.dmp

Filesize
9.6MB

Download
memory/2504-15-0x000007FEF56D0000-0x000007FEF606D000-memory.dmp

Filesize
9.6MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads