20a86be5a8bffafaabf0bbd45d02972c26e8725149cba8fdeb2ffbbab70c7d08

Analysis

max time kernel
140s
max time network
145s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
03/07/2024, 18:57

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

2369e4f78473b17bd9de7e0a2b84f9f6_JaffaCakes118.exe
Size

140KB
MD5

2369e4f78473b17bd9de7e0a2b84f9f6
SHA1

55d084cd056febd26404aaa1ea977341dce5c25f
SHA256

20a86be5a8bffafaabf0bbd45d02972c26e8725149cba8fdeb2ffbbab70c7d08
SHA512

37fb7cb645f4fcc2ecb8b55f3cf4aab89ae886dae1b4dfedc309404fd1232fd6fbc5684845185727b750be422cfa570f73905de903aa61b94e9989bac542eddc
SSDEEP

3072:0Z7aOdH1SnXsI0anCfTye9MRqXypJuIeE5XyBIeZTZ:WR18XsI0bfTye9UqXeJupE5XyBIeZ

Score

7^/10

persistence

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1696	iexplorer.exe

Loads dropped DLL 2 IoCs

pid	Process
2840	2369e4f78473b17bd9de7e0a2b84f9f6_JaffaCakes118.exe
2840	2369e4f78473b17bd9de7e0a2b84f9f6_JaffaCakes118.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\msnexplorer = "c:\\windows\\system32\\iexplorer.exe"	iexplorer.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	\??\c:\windows\SysWOW64\iexplorer.exe	2369e4f78473b17bd9de7e0a2b84f9f6_JaffaCakes118.exe
File opened for modification	\??\c:\windows\SysWOW64\iexplorer.exe	2369e4f78473b17bd9de7e0a2b84f9f6_JaffaCakes118.exe

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006fb3d087c4ee9c4bb22550fd83a039050000000002000000000010660000000100002000000056f18a6b5df4d61ce9cb8a8610e0c1d4e87f9c0a7b393ab8a41e451268df838b000000000e80000000020000200000000e4ec57f5959e72f9fdcd177a3461d318ced9301e2baa7ed6a20ca58e6f175c29000000020aef39a5d477559dae1c6bb1eb5eedffee00eb01c8b22bba20aa5a6eac9f9a58be6179095fcb56a13babc11732125ecd4249a1cefb7f9ce42fe9dd85849f51baf84d8c45de7c73730572c11b654e70da613c2e3e1049b5c5dcd0ff6f9c88ea5a00c6218faaf755363b55276b3f35ade34c462f4b2694100813cfcc81d83d7a5afa646bfe00d093b1a5039b505588b4f4000000022945b23fd5890fe2a040d255cd5e874ffc550cf9768eab0d4b949d9e936a597e753d0f0280909d9f777c49a2810ed781e041ac363d999e515fc7e7b01b96742	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{1E08DD91-396E-11EF-999D-7E2A7D203091} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "426194926"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006fb3d087c4ee9c4bb22550fd83a03905000000000200000000001066000000010000200000008e9c90556cb95029d15bc3abfe78ac5738b6f9ae4ebff6293063bb65c4ca7e2b000000000e8000000002000020000000ad45f0e8fbfc847d7ddbed06a289648a432381aa405c5064b8fb463a70efa2282000000003fc0fc5c85345f4e31a3ec59651b376ba2f4172497a215c524c85a3aa8ae9e240000000bfbb67203f80fefcf80b1454fcd6b7326c5c078f860462618aec72ab26f74e1ec925dfb9874857b9892b45a6599f6c9debee6fe23c7c4b873bb01fa7130e4c89	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 9033ebf47acdda01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
3056	iexplore.exe

Suspicious use of SetWindowsHookEx 8 IoCs

pid	Process
2840	2369e4f78473b17bd9de7e0a2b84f9f6_JaffaCakes118.exe
1696	iexplorer.exe
3056	iexplore.exe
3056	iexplore.exe
2056	IEXPLORE.EXE
2056	IEXPLORE.EXE
2056	IEXPLORE.EXE
2056	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 2840 wrote to memory of 1696	2840	2369e4f78473b17bd9de7e0a2b84f9f6_JaffaCakes118.exe	28
PID 2840 wrote to memory of 1696	2840	2369e4f78473b17bd9de7e0a2b84f9f6_JaffaCakes118.exe	28
PID 2840 wrote to memory of 1696	2840	2369e4f78473b17bd9de7e0a2b84f9f6_JaffaCakes118.exe	28
PID 2840 wrote to memory of 1696	2840	2369e4f78473b17bd9de7e0a2b84f9f6_JaffaCakes118.exe	28
PID 1696 wrote to memory of 3056	1696	iexplorer.exe	29
PID 1696 wrote to memory of 3056	1696	iexplorer.exe	29
PID 1696 wrote to memory of 3056	1696	iexplorer.exe	29
PID 1696 wrote to memory of 3056	1696	iexplorer.exe	29
PID 3056 wrote to memory of 2056	3056	iexplore.exe	30
PID 3056 wrote to memory of 2056	3056	iexplore.exe	30
PID 3056 wrote to memory of 2056	3056	iexplore.exe	30
PID 3056 wrote to memory of 2056	3056	iexplore.exe	30

C:\Users\Admin\AppData\Local\Temp\2369e4f78473b17bd9de7e0a2b84f9f6_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\2369e4f78473b17bd9de7e0a2b84f9f6_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2840
- \??\c:\windows\SysWOW64\iexplorer.exe
  c:\windows\system32\iexplorer.exe
  2⤵
  - Executes dropped EXE
  - Adds Run key to start application
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1696
- - C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" http://www.cppse.embrapa.br/fotos/marcia.gif
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3056
  - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3056 CREDAT:275457 /prefetch:2
      4⤵
      Modifies Internet Explorer settings
      Suspicious use of SetWindowsHookEx
      PID:2056

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e95849fce98fc6e5cacf317746f4ab36

SHA1
d04a45f13d7af7dbee0adb61c0255c64508b1ed8

SHA256
c901e4855a072bf378193d809334bf5d19e8f4d83860dd4d243a570404004e69

SHA512
3fe42729c511058e92f26b668309e10064bc328394ecbecd78ea7b1e653ad972c13eec40f9f4830ee1352b422e4a1c321adf6ba7b5c853b1af524fcc411c46e6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1dee7f948cd74fec3a8e51df375972ac

SHA1
00030f25f9feaf7cac99c5fd94c260fa104e6b70

SHA256
0dd44eb1f99f899fa41a16724cd7e51cf2ec9fd34e004bf20871b5a637d74d5c

SHA512
f9e7f415611957aeecf3b37f930872fae0de8e66c1af896f8fbb2bd8aeb9032002e93c6082ecb30fb80b15e402bd790a86dd5404f478663ec3ad285bc8807155

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5473db74059b2eddc8b27741deec6b96

SHA1
6de56985fee355a4b68bca9a819cf5a82d6c2704

SHA256
1f838410010c69b42bdffbacbdfb141029badfc5b2ca4ead1ab03b5a331d4411

SHA512
fec83faf8c6ef26cec1e95260e0630d89cf5b087876148e6cc3a06fda1822547a97980d455f5bf6fa3c41b2ab9f970a575fb476f00fd6694dfd76d359dd66185

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1821b77e889c2daa7d9ecc2e1d5e3753

SHA1
6d54263ca65a00f64ca33e4ff1bb523197222767

SHA256
443d4615870fd58e06954e0f0de3778fe3d348e6e3ea23cadc9c77bc7f0a599e

SHA512
0f63689d49c19b2a2ad5bf647d19a5420b2c144df43b299c5dc4c543e2bb042991658f30c7dc4d51789a956ebc38cdca440aaa97edd05869e7f0fbf2996b4b73

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2c6f8b71f7f53f80033a80d3cab35fb6

SHA1
0671c405cdd074f8988e781f42d363d467f06e1a

SHA256
a1ec4eecbe597aff349de399c4aad2b5084f0d11439b5edc74e6dddb8a34f304

SHA512
7f5427344abec6ef7260cbc26857291b09261d832cd044111d718c313a4797cb1ce62f2dca85033131b4d250ed247c4437341e76c0087cbadfae3d9ee0e0707b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a697f9758aa364750c3ac7448994e985

SHA1
67ea946247ef3c45e45fa861c47ebb62d1099ad8

SHA256
b4589d20e0080228e708e0218dbc75a41320a6d37cd2129d98151490a4afd08a

SHA512
280e5dbd7b46f1eeaed49052b90603c30eca3e59de4505bf215bda1e1afc62884c25168b7dc3bdf974dfea8d44b41be467f2a55da5f14408e61dd6cafed923e8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
10ada571b5bf839bf52af06171fca433

SHA1
d3367581110f0616847e6ddcc4454e0719a883a7

SHA256
54c18d0230875742458cdee8b75a65c7085db8dd62b5bd0a159d3623a0427ba2

SHA512
a64e442dffc281bbb6f8f0da0bdad481700e2437d57f014ede7b2a33c698ede815817dff18fb4ad12d1b2cb9f7d8a7fbe6b2bd3ee0bcab123a33cb6546671360

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b68c61ce123ac1deb77476c37a256a62

SHA1
1994b16584e688fbaa4c19ae6a89f60e8fe35746

SHA256
081e6f7cbe98dc6b071fc1617cda48365ec521d3b92bba7c947c0c27908b5879

SHA512
ed64204f2807c45ddae55681890607c2c3d4f02638ae1faf5632b16e93abfe1d1a030d6683cdd6be58758a1d471f400055b9a534a645d89ec49cb8d537e271b1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f5c0601d873c0bf22900ce92b824459e

SHA1
702bca37e365b3933825876b68a78dfa61ba9eee

SHA256
a2c9d8aa99eea07cd6e58443799859f0881a0ff9c9b028b8b2a26797cf8b3817

SHA512
bd6685785424dca3cd36362d01b61050954eceb8dafd8caf06cdb3abd8796ca009084633842d99424d7bc5ff09a33501126634dccf0f0a2f9761b45623e14c1f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8c66763c1ff49c99cc0396bcc9865f5a

SHA1
e7cce37b2ddb217e94080bfca614a57faf1ec83a

SHA256
cd7e8d0b33cc0784c72b7c313a164ca5b3bf5ddc1a55b5d6a2d433249633e349

SHA512
bf3e18fe56e39461d003e31643571f51ca11abb144d30cc3cd334418308bb2aa82a1470237583122b79aeb2a003f54902b105ce066f439416f660a7325c8b42b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a35de8c012341aff3f40d7f13ad1421d

SHA1
d1083e3314099d74f02b47bbb295e99fe380263c

SHA256
6c39dd3275ace89fb29be2b30fbe2aaef1ace64351a75844d09c6886b54fedd0

SHA512
f10b5ead0406bf41410b36e75866065ec42764c0477eb805c647ab8146b92fcfd6ae33dc7a52c1e0725e94069076c8515a32f6d5c70ddbbd6b9da295fdb3027f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4c289de33a89e36fe1945cf3928bae81

SHA1
11ee62d41bbad2b019941c092118d2f262a32dfb

SHA256
61ef63bc1b62bd8db2c83b98593899666cbfe1bf108535674a83ee646ed15d4d

SHA512
12cbb9805dbfdab90423f20d2be9bb0613de087fb1f0970a51c143b6f01d2b15463be48c50ba3485f91a02fbf74365d51ad871a4fe390e878c20e4e9f1684151

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2c1424dd3539edd2472c5950b35401a8

SHA1
ceb8a60045d114024067e0f7f6462abed6ae6735

SHA256
3b12f617a0b4cc5670828aecd1ed95f420ab4368e93b50e95c7abc1343004077

SHA512
1d2bdc863702f2989efd27a1d94ada195f82b87bd0906398f03109d9054bf96a0e98b1accb226c273052b2cb5b0f81bc148d20412f925e08586bb0a1a88a9cd5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
030f8ab88d342d9419a7a1d960bb082d

SHA1
2aa8779cd0161565babd409eceb819d2a4ea454c

SHA256
d9994a42343c4689c8e66635a85225d8f400b24aff449ae27cf3a18c560e3b60

SHA512
2ae2c632b71f5df7abfe699cd9e365ba2a012a51079736963e61de73eaea299375a16c3dc8056be320229f7ef40d269764e2b15442c7ada5013b5791e847d501

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
30defac1efd996abed06af9f43139ea8

SHA1
2a656e3a019428875b3b4f62805d1126998fedb4

SHA256
7474843b0c81c84d5eec3fd23cd34e008e3f8eac226bd6a5d1d042fcb2df951f

SHA512
7b76506de911dc23e10b14ad78775cc3af89f4ceac55cb2bafefc4be909a9e18147aa984a850cddaedc06d9c4dea300181f7cb8c189c3dc0ce98c843bb45e606

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4e102d10b57437534e63e81e84c83ed2

SHA1
9447d63f7c6a944ed2080cc156deea534c528ebe

SHA256
a73b45320fc3f77130f52ffe39ac7caf2e1291caae217d2b18398b56041c4d93

SHA512
46c7c1de36f0a23b0ea12b0bc628cceeca1a117715283ac040c5a6207e36e5406caf3e13baaf984aba347f9313aeeb0dab6895b05106cb63fe42504491c7396a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d08876767354a62258e500df075ff5dd

SHA1
1fe5969d92a65c79709d8a3be6fec102b6a6e6b3

SHA256
cc03e9851bdb3407f1e82b57d3093615937e5b6950baeb98dca8356db864ff27

SHA512
efcb7c3b1cdb842be6f61603752641b6e540a32ac2063b697d0187243bdb0f304eb0b8e4cbec095aae74912d9aeb6c00f58a39e6ee7f3253f39985e3f62f8bb7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e6c56b12a925e3f760eafe7e134836b2

SHA1
9a7f01bcb8c78bca840e2bcac075495c43f9d994

SHA256
4e24ade40f6f4aa43657250a3a62fd07914a86a7c630bc7397cd32db933a81a0

SHA512
0a9b4d857660db0e906036d292e37dd4ab0a6364301f2e81f928675b27d0bafb462e0f3039184f3e550a3b1411fc6db45ea6f2e94ed74bdac81cead5c9976398

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
04d259e3ec033e481d2014bb06ab8e55

SHA1
b332451caaf8eac9f5c7478781b2a63e02d96f60

SHA256
997fb0e5faa607a9d2d2d574911c01a56ca6f02e52632db90fd1ec4cb17c2d34

SHA512
d9ded201ec6be40d9fbd3163888ff020a5f4d70ea2e51bf2269bebb354f50071120d39f0bf455baa8496a3e4fae4121e43a72b8029136294455b5b0060f8fa53

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a649f193a3d401db4ac943c6b5b005c0

SHA1
f1fee1dd86690330d395bb20a1e3cba003f4be1a

SHA256
805595a3b4f7b37fabcfdcf577df6b64d4d00b197b1d9d542d99986d8ba15a13

SHA512
a2652654bd6f2efff1204eec64fb19bed2e8bb69e230224e0e75b807521ebbd9602d0399f9a9270c20ea40c73bbd2f8f96bd87da2724a2ce19039d8cb324e21c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b4c55e7dc1b1a68d0e57041cc194a869

SHA1
c72ba12289cc946542a9bd3a223fc6c11ad2023b

SHA256
f712411b5a0a60257bd7745f66049a89343127c7dcb04e80c1d9a47e29b9743e

SHA512
7d01c52d4fbd7b5c06b844ae363183e256ce0006561105e245ceb35044bfe670cb3865965cc11eb4b097492525391662b92c52b5d737f575478d179bbc053c12

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab3584.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar3633.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
\Windows\SysWOW64\iexplorer.exe

Filesize
140KB

MD5
2369e4f78473b17bd9de7e0a2b84f9f6

SHA1
55d084cd056febd26404aaa1ea977341dce5c25f

SHA256
20a86be5a8bffafaabf0bbd45d02972c26e8725149cba8fdeb2ffbbab70c7d08

SHA512
37fb7cb645f4fcc2ecb8b55f3cf4aab89ae886dae1b4dfedc309404fd1232fd6fbc5684845185727b750be422cfa570f73905de903aa61b94e9989bac542eddc

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads