2a89459711143eb3a814b6b5fddc27789c6fe25559475d3b1c097d09266c0d39

Analysis

max time kernel
140s
max time network
134s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
04/07/2024, 22:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2663fc4b3c9dd5d12e77acbdc765061e_JaffaCakes118.exe
Size

14KB
MD5

2663fc4b3c9dd5d12e77acbdc765061e
SHA1

2e89cdcb745638f03b8a6567601082d9864ffe14
SHA256

2a89459711143eb3a814b6b5fddc27789c6fe25559475d3b1c097d09266c0d39
SHA512

ac5755746f0c050d62954da47e63a96e2c230cdb72fdf92a2ff43486099508ef2a92718725ca444821edabff95a5619a2399d477bc6f28fcb62661a45eb51efa
SSDEEP

384:/THplgohc2uWgty5+PIqMvE1HWjBfe/2ZOWw3tKWFl:/FlgoSSgtfIUdWFe/PNn

Score

8^/10

evasion persistence upx

Malware Config

Signatures

Disables RegEdit via registry modification 1 IoCs

evasion

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Policies\system\disableregistrytools = "2"	reg.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2172-0-0x0000000000400000-0x0000000000411000-memory.dmp	upx
behavioral1/memory/2172-479-0x0000000000400000-0x0000000000411000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\svchost.exe = "C:\\Program Files\\Internet Explorer\\svch0st.exe"	2663fc4b3c9dd5d12e77acbdc765061e_JaffaCakes118.exe

Drops file in Program Files directory 3 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Internet Explorer\iexplore.exe	2663fc4b3c9dd5d12e77acbdc765061e_JaffaCakes118.exe
File created	C:\Program Files\Internet Explorer\svchost.exe	2663fc4b3c9dd5d12e77acbdc765061e_JaffaCakes118.exe
File opened for modification	C:\Program Files\Internet Explorer\svchost.exe	2663fc4b3c9dd5d12e77acbdc765061e_JaffaCakes118.exe

Modifies Internet Explorer settings 1 TTPs 59 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000f745e6e14a425a4bb2fb3b45a5fea43200000000020000000000106600000001000020000000aec274f3d52a75e225464f65e9cebb815a0cc23e8bf3a27d306ae82e05ef30b8000000000e8000000002000020000000971875ffd0939f9fc6416fef48f5996779fd326cc0859ad8d67cf12adacd5a1a200000000b14c634a3c8fe2375a8e8df4180d79002cf9fadd6fc7d2fa97fe80f7d49c2ab4000000070e955b2e0a8987a5544991045fcbb06ea1ee3b78042454fdbc322b91ece07afa51a4e878e5cf5b8b51a3753d756cced82a17836a94469b98d25219592e6b62c	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000f745e6e14a425a4bb2fb3b45a5fea43200000000020000000000106600000001000020000000b9189f390dc98032a824a4e6c4834e97820cd4afeca5e5021f68e320fb812fb3000000000e800000000200002000000092eabca390704d4eed8020ddcea98405f3bbe4bd6fe7d0281d49402490a37b0620010000f410524b697bb2b9ee54abf819e4aabf01964b1a828d54f10bd82fec505ae517eb5e56d89a80617191e065d3704d44d086c4d03458933a5ac9a11ecb69c2c2eee26c2c15d7d7b700522a4eab7a1ff557ae10605c15e7bfcb7041b3d3e48500f51073b745c44679f09fec9060f8f79156269e76f63ae21ee374c41d9f0f91b17a362682ad564d7edcea40d3423ee36464df292198cfa6714c195093ce5764700cb649d475031ac3ab5534aee5067bee19e3a5add939b0abb8aeb48c0a426018c193622d3a2b8e57b81451faf888f445972a2fb3ca11deaac3b8eb9f5aec621f2feb5c43859a5a1c0a91bdf104dab9e9c491252d43dafaaf260b2f25e551a44df2f24e824b30c3691366ce3d57f53d214bd43a9cce55fba30c22bccce9a3dee4ff400000001b852b003d29cc371d5722bddd6e97417c6e40f0bdb9bbb5e121393135afc320090a616bdfa71f57d2ebe5553ecf0cb8a374b0c2a3c6db79048e4cac88f25680	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff4b00000000000000d104000065020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff3d0000003d000000c3040000a2020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{6475DAB1-3A51-11EF-A293-4AADDC6219DF} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000f745e6e14a425a4bb2fb3b45a5fea432000000000200000000001066000000010000200000008f5204ebdf969176e4407208994cac390231a8130ee6087e759eac98f7529775000000000e80000000020000200000007e892c29a92756fa23386f4e2a348d2456d3e3cb4e84d4154772c52b18eb127f200100003dd0f77ae9d08b81aadcd30b006f5ddf4ed2adcf95fe013b8d8a54b7b95992079434c692ce1a4f051ba745ea93de60ddc7029f39763390e47aacbc7cd060967feefc20b7c88e2d6161f3da45fa7dd675d63018544ae71174c22153b6b2fc1f287cdc07d9a7ca02b6ccb27f6e213fd4f40adeb0c216009ac4ac80d20a79f8d6a972918c3248dd0ee308087b269010e4f5cf36c79a9fd4b4ac081851f2b0eaa77be7da738aa917ecc9d8de152acec6f2f60d2e43b75b32824fffacc9e57599c3e9055825c2086ec5e8b13d17f53feabf7f78aba4d03ef19091a8c7f692855208b19d4cd865ab959bcfe93976b77c05b276402a2f4f7ca89deb2e8506aee8bb437bbbd67c77187fe9f90ced80eb3cce85b6113548ac3870b4c58a4b204d06d922ac400000003dc456d6b72b43f90a3d5f070d1448ff5e7a2f4c892eaccab0dc3e7e200fae9d8430efed1e427d6bf6212e04b8c3ed6cd9723a5cfa3029e095eb9113718fdca6	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff6f00000019000000f50400007e020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000f745e6e14a425a4bb2fb3b45a5fea43200000000020000000000106600000001000020000000217ad9c6a8e901706e008f73f4b85e384987e31aa632b349f4f8ad3f1c349072000000000e8000000002000020000000c505d190b8815e97a1ee441ac2e58862acfaa67b15d86138cd00d78c0cca05bc20010000d84bd82d9c25982debc20e200d6d2f5f0efe16208cc616f024830ccff2310ef63d9a5ddecfb251fce52c04512315ec16493b84211f3345ab4b772f4d75cafee38f7f8748dc8f1784cc0f6596ee6f4cbd34ff5096fc8383664efae5baed2bd358534907970dd2589e04430abd679ff504d1f09e8fc48297f0467a58da2d0e936a84208595865596b9b2b1d43dfb020bdb83e6d6bf40e996f5d55cace88f4c3eb125e9a247d53bde46034fabe34e8f3f7d399f2314badb1fd53a69a0a2ca686a42898c54c6d1b68d94e8f9a4496256350613bed85ecc9b1e76e7f4b9bd28af92961bea186e0d17860c00dbe868553c2049cc3dcc68d33bb21bcc5053b2aecbeb733f728e2ab502a4577d78de77b7c622d81f53f976e47c4536f3c22d68c8568c5f400000004d2502c2860c2cdf29cd72b7ae58f6009fe9833b4fdb13d4a60e79f2514b912f4adc5fccd55e3b333e26b73deb5b52de1bec23a6367597bc5e9876d5d4177d36	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff19000000190000009f0400007e020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "426292540"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b0a03a2f5eceda01	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000f745e6e14a425a4bb2fb3b45a5fea43200000000020000000000106600000001000020000000632681698deebfc93ad0963fce4ee30503af87cba44da63e8041ad34ab447006000000000e8000000002000020000000274ed36439a1c6f6e92e840f7efef3b3db8ae2f819a84a29341edb0ff61d9175900000009831f97261a69a8ffbc05ee8bef88da10ae23d24f015381b08d53f94ceda56e680ae7c55642c32d1aadcd7880f7ee528932f827dee1e0a85dfa70eadeebd3443a3ae48007ff6d8989273e3d3ea7e0b9c85b8a343c7daeec138b17af07c634cb2116c879f5596692242e0045973e0bbbb6f6c21eaf6dbb4cca5d56a05a87c41a0b46a13cda1eaed62a5bfc976ea8ecc2540000000e3256518fd3d024941f2a28f6890e03422ad8812e11b24d31f92d927887d43791470166f27571663211693217eb2bd33ede4ed7e910fc8eda919c076163c8c67	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff3200000032000000b804000097020000	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff5600000000000000dc04000065020000	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff00000000000000008604000065020000	iexplore.exe

Modifies registry key 1 TTPs 1 IoCs

Modify Registry

T1112

pid	Process
3012	reg.exe

Suspicious use of FindShellTrayWindow 8 IoCs

pid	Process
2504	iexplore.exe
2504	iexplore.exe
2504	iexplore.exe
2504	iexplore.exe
2504	iexplore.exe
2504	iexplore.exe
2504	iexplore.exe
2504	iexplore.exe

Suspicious use of SetWindowsHookEx 37 IoCs

pid	Process
2172	2663fc4b3c9dd5d12e77acbdc765061e_JaffaCakes118.exe
2504	iexplore.exe
2504	iexplore.exe
2800	IEXPLORE.EXE
2800	IEXPLORE.EXE
2800	IEXPLORE.EXE
2800	IEXPLORE.EXE
2504	iexplore.exe
2504	iexplore.exe
2504	iexplore.exe
2504	iexplore.exe
2504	iexplore.exe
2504	iexplore.exe
1404	IEXPLORE.EXE
1404	IEXPLORE.EXE
1404	IEXPLORE.EXE
1404	IEXPLORE.EXE
2504	iexplore.exe
2504	iexplore.exe
2504	iexplore.exe
2504	iexplore.exe
2504	iexplore.exe
2504	iexplore.exe
2504	iexplore.exe
2504	iexplore.exe
2268	IEXPLORE.EXE
2268	IEXPLORE.EXE
1792	IEXPLORE.EXE
1792	IEXPLORE.EXE
2964	IEXPLORE.EXE
2964	IEXPLORE.EXE
2800	IEXPLORE.EXE
2800	IEXPLORE.EXE
2340	IEXPLORE.EXE
2340	IEXPLORE.EXE
2340	IEXPLORE.EXE
2340	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 60 IoCs

description	pid	Process	procid_target
PID 2172 wrote to memory of 3012	2172	2663fc4b3c9dd5d12e77acbdc765061e_JaffaCakes118.exe	28
PID 2172 wrote to memory of 3012	2172	2663fc4b3c9dd5d12e77acbdc765061e_JaffaCakes118.exe	28
PID 2172 wrote to memory of 3012	2172	2663fc4b3c9dd5d12e77acbdc765061e_JaffaCakes118.exe	28
PID 2172 wrote to memory of 3012	2172	2663fc4b3c9dd5d12e77acbdc765061e_JaffaCakes118.exe	28
PID 2172 wrote to memory of 2504	2172	2663fc4b3c9dd5d12e77acbdc765061e_JaffaCakes118.exe	30
PID 2172 wrote to memory of 2504	2172	2663fc4b3c9dd5d12e77acbdc765061e_JaffaCakes118.exe	30
PID 2172 wrote to memory of 2504	2172	2663fc4b3c9dd5d12e77acbdc765061e_JaffaCakes118.exe	30
PID 2172 wrote to memory of 2504	2172	2663fc4b3c9dd5d12e77acbdc765061e_JaffaCakes118.exe	30
PID 2504 wrote to memory of 2800	2504	iexplore.exe	31
PID 2504 wrote to memory of 2800	2504	iexplore.exe	31
PID 2504 wrote to memory of 2800	2504	iexplore.exe	31
PID 2504 wrote to memory of 2800	2504	iexplore.exe	31
PID 2172 wrote to memory of 268	2172	2663fc4b3c9dd5d12e77acbdc765061e_JaffaCakes118.exe	33
PID 2172 wrote to memory of 268	2172	2663fc4b3c9dd5d12e77acbdc765061e_JaffaCakes118.exe	33
PID 2172 wrote to memory of 268	2172	2663fc4b3c9dd5d12e77acbdc765061e_JaffaCakes118.exe	33
PID 2172 wrote to memory of 268	2172	2663fc4b3c9dd5d12e77acbdc765061e_JaffaCakes118.exe	33
PID 2172 wrote to memory of 776	2172	2663fc4b3c9dd5d12e77acbdc765061e_JaffaCakes118.exe	34
PID 2172 wrote to memory of 776	2172	2663fc4b3c9dd5d12e77acbdc765061e_JaffaCakes118.exe	34
PID 2172 wrote to memory of 776	2172	2663fc4b3c9dd5d12e77acbdc765061e_JaffaCakes118.exe	34
PID 2172 wrote to memory of 776	2172	2663fc4b3c9dd5d12e77acbdc765061e_JaffaCakes118.exe	34
PID 2504 wrote to memory of 1404	2504	iexplore.exe	35
PID 2504 wrote to memory of 1404	2504	iexplore.exe	35
PID 2504 wrote to memory of 1404	2504	iexplore.exe	35
PID 2504 wrote to memory of 1404	2504	iexplore.exe	35
PID 2172 wrote to memory of 1400	2172	2663fc4b3c9dd5d12e77acbdc765061e_JaffaCakes118.exe	36
PID 2172 wrote to memory of 1400	2172	2663fc4b3c9dd5d12e77acbdc765061e_JaffaCakes118.exe	36
PID 2172 wrote to memory of 1400	2172	2663fc4b3c9dd5d12e77acbdc765061e_JaffaCakes118.exe	36
PID 2172 wrote to memory of 1400	2172	2663fc4b3c9dd5d12e77acbdc765061e_JaffaCakes118.exe	36
PID 2172 wrote to memory of 2960	2172	2663fc4b3c9dd5d12e77acbdc765061e_JaffaCakes118.exe	37
PID 2172 wrote to memory of 2960	2172	2663fc4b3c9dd5d12e77acbdc765061e_JaffaCakes118.exe	37
PID 2172 wrote to memory of 2960	2172	2663fc4b3c9dd5d12e77acbdc765061e_JaffaCakes118.exe	37
PID 2172 wrote to memory of 2960	2172	2663fc4b3c9dd5d12e77acbdc765061e_JaffaCakes118.exe	37
PID 2504 wrote to memory of 2268	2504	iexplore.exe	38
PID 2504 wrote to memory of 2268	2504	iexplore.exe	38
PID 2504 wrote to memory of 2268	2504	iexplore.exe	38
PID 2504 wrote to memory of 2268	2504	iexplore.exe	38
PID 2172 wrote to memory of 2364	2172	2663fc4b3c9dd5d12e77acbdc765061e_JaffaCakes118.exe	39
PID 2172 wrote to memory of 2364	2172	2663fc4b3c9dd5d12e77acbdc765061e_JaffaCakes118.exe	39
PID 2172 wrote to memory of 2364	2172	2663fc4b3c9dd5d12e77acbdc765061e_JaffaCakes118.exe	39
PID 2172 wrote to memory of 2364	2172	2663fc4b3c9dd5d12e77acbdc765061e_JaffaCakes118.exe	39
PID 2504 wrote to memory of 1792	2504	iexplore.exe	40
PID 2504 wrote to memory of 1792	2504	iexplore.exe	40
PID 2504 wrote to memory of 1792	2504	iexplore.exe	40
PID 2504 wrote to memory of 1792	2504	iexplore.exe	40
PID 2172 wrote to memory of 2076	2172	2663fc4b3c9dd5d12e77acbdc765061e_JaffaCakes118.exe	41
PID 2172 wrote to memory of 2076	2172	2663fc4b3c9dd5d12e77acbdc765061e_JaffaCakes118.exe	41
PID 2172 wrote to memory of 2076	2172	2663fc4b3c9dd5d12e77acbdc765061e_JaffaCakes118.exe	41
PID 2172 wrote to memory of 2076	2172	2663fc4b3c9dd5d12e77acbdc765061e_JaffaCakes118.exe	41
PID 2172 wrote to memory of 3016	2172	2663fc4b3c9dd5d12e77acbdc765061e_JaffaCakes118.exe	42
PID 2172 wrote to memory of 3016	2172	2663fc4b3c9dd5d12e77acbdc765061e_JaffaCakes118.exe	42
PID 2172 wrote to memory of 3016	2172	2663fc4b3c9dd5d12e77acbdc765061e_JaffaCakes118.exe	42
PID 2172 wrote to memory of 3016	2172	2663fc4b3c9dd5d12e77acbdc765061e_JaffaCakes118.exe	42
PID 2504 wrote to memory of 2964	2504	iexplore.exe	43
PID 2504 wrote to memory of 2964	2504	iexplore.exe	43
PID 2504 wrote to memory of 2964	2504	iexplore.exe	43
PID 2504 wrote to memory of 2964	2504	iexplore.exe	43
PID 2504 wrote to memory of 2340	2504	iexplore.exe	44
PID 2504 wrote to memory of 2340	2504	iexplore.exe	44
PID 2504 wrote to memory of 2340	2504	iexplore.exe	44
PID 2504 wrote to memory of 2340	2504	iexplore.exe	44

C:\Users\Admin\AppData\Local\Temp\2663fc4b3c9dd5d12e77acbdc765061e_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\2663fc4b3c9dd5d12e77acbdc765061e_JaffaCakes118.exe"
1⤵
- Adds Run key to start application
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2172
- C:\Windows\SysWOW64\reg.exe
  reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\system /v disableregistrytools /t REG_DWORD /d 2 /f
  2⤵
  - Disables RegEdit via registry modification
  - Modifies registry key
  PID:3012
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe"
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2504
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2504 CREDAT:275457 /prefetch:2
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:2800
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2504 CREDAT:209938 /prefetch:2
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:1404
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2504 CREDAT:406537 /prefetch:2
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:2268
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2504 CREDAT:537608 /prefetch:2
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:1792
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2504 CREDAT:734215 /prefetch:2
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:2964
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2504 CREDAT:209943 /prefetch:2
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:2340
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe" http://www.xiuzhe.com/VIP.html
  2⤵
  PID:268
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe" http://www.okxiaoshuo.com/index.html
  2⤵
  PID:776
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe" http://www.okxiaoshuo.com/index.html
  2⤵
  PID:1400
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe" http://www.okxiaoshuo.com/index.html
  2⤵
  PID:2960
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe" http://www.okxiaoshuo.com/index.html
  2⤵
  PID:2364
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe" http://www.okxiaoshuo.com/index.html
  2⤵
  PID:2076
- C:\Program Files\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://www.506013860.com/mama/vip.htm
  2⤵
  PID:3016

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\07CEF2F654E3ED6050FFC9B6EB844250_3431D4C539FB2CFCB781821E9902850D

Filesize
2KB

MD5
98f9ac4c9fce1d97505db04985429753

SHA1
374b2b3964b14d4533998bcb4073f7e78bdf825d

SHA256
df3c22e29b5fb2b98bacdd98c84c4ee067717cef369d029a61139776fa1bedaa

SHA512
5c1cd5aa01db5a7532eb3124dd3b3a029ea83d15aef226a986061a8549e8c92ffc5895347810123dbd8d1b29074f1e66461e361f67b03a588549e9f83b6089c8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3994DEF8228AE1D7767ABF85A3741D99

Filesize
472B

MD5
454c630d2b72f5019d75f6bcc82be756

SHA1
e3612c9e8f02c75c9fc767a50e6be5c1202fa97c

SHA256
06d9b3cfd6def758909e1467720aaa12a8c526131d42475e9d166bdc0bed1828

SHA512
2a41af0534da6703bc28f1f2c80d24b28077aab10592862fefb054f05c5e3a2b9b40180a54353a05b0f59b3822dffd35e8ad26f2d31942f538311723b7da72ce

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E

Filesize
1KB

MD5
09018b283356d2a4207b9533f19e2a31

SHA1
34a611ea4043e78352e50fbebfc707bf3a1321ad

SHA256
7b737396178f650052961b694d56765a9b6695d51ca2c1bca96a875cf7bddf98

SHA512
3871540f7609a410c54ec5c41e1576997b666db86681a666d3e5c4fb02661306459410fc55c3a5b3d3ded427d565841f23fbc9473a0b05cc65ca7979af029c3b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\07CEF2F654E3ED6050FFC9B6EB844250_3431D4C539FB2CFCB781821E9902850D

Filesize
488B

MD5
0ec2b7f415abd95b5d9aae3aa9f2f122

SHA1
5d72e1f701d675af0faef0551110b238fe474f01

SHA256
6229b0786d2184946f52744653b3be08566ad6b45ddc5ccb58fe1140ecd26713

SHA512
f537d6727842a1dcc92743ccfdebeb4ddfd33f1f34d90fb534482abdb540cebdabdfbb629ab81f918f3f17822ca2af773447f53c78e53fb740c25859fd9cba67

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\07CEF2F654E3ED6050FFC9B6EB844250_3431D4C539FB2CFCB781821E9902850D

Filesize
488B

MD5
6c701ba42c4ada915f0a4a9004a1c485

SHA1
495fc28496292e36f910edca480cd87199abbb32

SHA256
c0ca4bb46065716d254495f404e82579423aee026d3599277300817eb560f9f3

SHA512
98b29e40e49453b740b31682ff0076176746d452da1a2e6c82a4e25dff54ef3d7c60573efc59ce9548aa72111ffcdd5dd262ca9723b01f8e5e5d7a8405990549

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\07CEF2F654E3ED6050FFC9B6EB844250_3431D4C539FB2CFCB781821E9902850D

Filesize
488B

MD5
bc39237face69b34c7b738173236955e

SHA1
59b1d05d28a31df4083f4f9494135ee86c3d2c7f

SHA256
2a7119993c6ae3f9c966099cb5f5f1729a5e35cd84a14c5f881f589afa05877e

SHA512
96a44f56e08e9f7b44d5609b6033745548cd83c69ea9e2bbd20916648c18bb0df8ca3af620e7c54e1ecccaea57135c38c426990fd2aa5ce36bf8bcd885e7b36f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\07CEF2F654E3ED6050FFC9B6EB844250_3431D4C539FB2CFCB781821E9902850D

Filesize
488B

MD5
d2c97878e75954e7f1600cf3410ca556

SHA1
a01c68ba03471a51f8353a1838470a2026f94770

SHA256
9feb7161d08e82e3ad8f3abe6693c446c7626dc634138b543d5be6162a58e45e

SHA512
d1691cca80b9cc4015356f5f9aa6bd20f4419e8194d13993ffb984b5a597cc661af6d2c7dc5d0d4bf19eefcebe74bfa37dd568ed21e177854938ca1c0c4ba592

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\07CEF2F654E3ED6050FFC9B6EB844250_3431D4C539FB2CFCB781821E9902850D

Filesize
488B

MD5
be27db45e8dfcfe9429b316a0ec63830

SHA1
799cecc5b85668ef81b9235b137a47d5480b5c2f

SHA256
914a28c409779390349d30429ea1f5827b7ec278cb810a84b25fbbc9542ee68b

SHA512
6681a5dff8b829e4041b9dc9601456f71be4edae98059eeb83e47fccc91cfba4b168c3bb797ab11b568cc7071c99cc92849b635f8360fd6d8a1d6743dfe7e005

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3994DEF8228AE1D7767ABF85A3741D99

Filesize
484B

MD5
3a919f0258c23b9e59681a80580c3c57

SHA1
0048798c048a4ead9bb347a087448de46540992d

SHA256
eda2dfb5c9cc9f50162da9275834c828611906798f22979738ef7cca6cf6fae4

SHA512
d346447e072056b0b3f9602563a83ffcb500812ab80ef8de22c1373d1b9b5fccf1bd2c0ca7fa3b06d978e2f3a3378581c7a91e9d88c4ea07832f6b3168c025dd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3994DEF8228AE1D7767ABF85A3741D99

Filesize
484B

MD5
e815154c37c64758e62969e0aaffd969

SHA1
dd797fb83389c3be960e5883908e172b8314e892

SHA256
5e2eeb76083a066e27ba5562f2a7d0c258780ad532b18697ac65b3da9ab972f2

SHA512
fa8e3da6e184d9aac3e11e1725bb381ccd133255cbb41ae46e3312e2ef3ffb5dad4c55d1d31fc931c25c4c46a76fe8e2465fad63d487e24a7befc3233f21ec77

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
cc68ffd323a8d51ca8fae63e2aa8cba6

SHA1
7d0959a5ffdafce850c6eb817a4260a2978375af

SHA256
4aa628bf9bca2dfcadd7cdc29330b2c0cf54f93ec2fd3d3ea319761eb2b9a7db

SHA512
eea3841ac8a959d4865e1b66861333d91cab4f703a9bdc6a56b05574a3382664a826b542c6a0b841ec3fbd004f4415f8f4f3d9af0221a8409556a09f85ad54a0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5cfe0eba50b872a2315f7168b131b767

SHA1
53f95b1f6b5025cdaf9128ac674c16d908bd2b23

SHA256
b4fa07f3429adc18cd63b808fc06ed45173c52333b45e10b770983999734843b

SHA512
cdfe545f1c5970523603b227b099f8da5fbe266b37a9e09ce0f8d5463f388b939767e5872e84bc67109ff811eb1eb0a5e2e13235dfa952da5060aed225011476

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b2a3f01d7e942d3f2eb36aff6396c0a1

SHA1
1ae9ea58f7f6d414585b6a5bea72bbffdb2e3b5b

SHA256
395e1b40c976cc48993c6c2332dab84399e673affca04f5a73fa3fe0873bc0aa

SHA512
91ece139cfe0403faf61f808a3f2a4ad37535c71e90b55736539f42a19902a90409e4112b4547ff36528da7cec1ba7c69d01a09e9ef11bbbc84e10df7227228d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
eb4d4f1b58ec6f6bf8610ed87a2d2b8b

SHA1
c5eaf82790fccaba94898c4a997e72b2ba7d350b

SHA256
cb3f0aa9eb4801b004512f38ef8443aabad4b01edce4921537d7ff22240ac807

SHA512
6184bbcaf6050ec03430f5373ab5f4f3bcca5c5e93cdc5a01b7095ed88285dbb35f269a47cbf8fce477a1ee60a8d4df255c8207a452b2045018f8b25900d569f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
864ace484a96785ea3e463231ae0de89

SHA1
21024529b8f27ad635f8cd370a9370e927217493

SHA256
8fd37bfd8c73aab04fcad3ccf20902d4562ad187d01ce59a705c18d155664ccf

SHA512
28b38c838cc0112461c32d3dbfb0d539244265e1415a5ef77571bf0e8c4a44d5c9e5f2127889f220805c805ffbf606713092f1e3e7e1f9242391547dcf09f5a6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e19ce42275b29df955b23243b2a9bcbc

SHA1
28fda892f9f5c4928482f995b38e482314667d0d

SHA256
77a836fe24367e12f66a56b53230a971cfbcfc74eeb36cc0bbb36703f58c4829

SHA512
956e363a43036c8c28f07c3359c6686bed2d7dea2ac2baf5a4bf6c947fff94d48269bcef6f1c86e19d8af7e1e9c592b6be47dd40364427a072fe4051d3b50846

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0201450b450ac509ad045530d0b6bce6

SHA1
e9becb32949087ea67fc083a900205194442c1da

SHA256
e30a32190a3ade8c5bd2405a6a87b39465f27fb3e6bd6b8866e8fabfea318300

SHA512
c87ce08e55be2ca42ce4d4cf7038f31573443ce349f54c37aa48b54477e94eb47aff4f60c786e0036c48cd36a19c1d8fd2f13a509230df4b23492e49420e4120

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
57498fe4166cc5dd7bb0b8440e1ca083

SHA1
dabfc884c4c4645c4776784fe9c5b18e5591d5fa

SHA256
4d1c29b2923d55c18bf74be5a402a93d9e2ea03eb3b6d663318d7e663a129182

SHA512
2003967bfd20c0c21005e165f51a1bebcbdffc52f17413efa863ac47424e9d095c2d7721c200920bd484653c9c206704e03416580f922dbdda7bf3d9aa012389

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
20c9e4d01012d16786c7c19fb29ace96

SHA1
412cb8ed2a52fd3697e93ce4bad35a3fab662a46

SHA256
543099eb9d62e05089941c878e21e0a8437a0c0214d0f091f8c2b8ca2bd94d91

SHA512
ea323d1caae16fce53828d519ccba5da5d509e5cbc123ac0c25eab6a2331de4fe5e64d3b4bb753f95ab04bfdc4315dad6372f2115196f05bc5f975f45ad67ac0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1fe292443ffc2c171da5534ecd49d47f

SHA1
6dcfd56a62f46f0116296c78865f27acabb7aecf

SHA256
3116320885c0f61d67238bbcc231d82139e2c12ef82a0bc9ad2cac4ec9fea9ee

SHA512
ea9d89f5d78f577c51b1d6d94bc26e736fd7dd3032af32b3126709f9a7ef7ed24dc5ff74a66696416cfe541c75c5738babb6ab936a2c93b18425c7420a23af49

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c021b84d23f1f0a273bca588fb570ef0

SHA1
fb2b4ea9f2033bb184f53bc7cf6ed2b5f1ae8542

SHA256
f31b84c8e5b6a7ad3f8267fd0f7c3c5565f95ae536120a94ac1ae2960ce7b217

SHA512
099922191273bc8a015e56249e1b0e34baa5a0ff03f3bd6b97792b6b850fba64b1a6d9bf0e4b49c6747ef274055b89983024c5d4764f2f2c3d78ca5ee7b26dd4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1ca9d7416b4de1cd4d3b5024e7db45c1

SHA1
dc1c72c9f2693f95a42fc9346375ce3747dfe4e6

SHA256
b21962f089483e5d3a8b4a269780a4354d201168869901084507c6b738646bff

SHA512
aa8e859363762cf938986774f0a4e41d5d5ace5a7377b4de90c4f6accd2f90d87fea8a9d43de2770e83ee18e3cee89793bd59fbb32fc7482b5e554c8e64ee67b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4e0c3d0e70378fbc85ab2b64acc940dd

SHA1
53dd6f805b73bfdf97085a7980bca7e16af74e9c

SHA256
14a33b61d21e9d1250c3780bb7e08aa2cfb7dd5656378dbae64159ccaa524dbd

SHA512
0543da8e8f9b75309bde2a312aeec54653bd7fffe5c7a50b4614198b3b9fb5cfd68047b599f89a91449a90b0ff34c1443554633c3dcd945bc27589ab00a19317

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1a281c21282bcf1aa2aab015d00762bb

SHA1
cdbed46a77384622a02800e50f595f4cf098f258

SHA256
9ab3339d9294e4055553dde48c780ee26ab52cb6b3a559296d8ce44baa557a04

SHA512
8011cf9e99cfa63200d9366a9f07db40ee5f7c6a518bcbd67852b216e00b76c9e897e378b2dbc3731bd0edf6910bb543e2884ad5a3b484d18ad0e5fceeb4aa5d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f93142a7102a10bd4e085e0e8c1c4ca7

SHA1
aaeb17b2ffeda6d1c6a99a2444c0fed98a0a2577

SHA256
3d67a40895c33b3e198f9c7c030c02f9af8d55f2f12a66fa52e883b53dbe36b9

SHA512
77b6139e7b0e3bff4dde03de7ac3b7567d8eed2db6acb63eaa3db380119744038984e37630d80319883e4b111f25787e9e242c328b75d5040d2464a3ce62d366

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a7f706d8f3d3e3ccec0206a0f8e7b6c5

SHA1
a9467ce98215b0a3351f95cc064ad83bbda389c5

SHA256
849f5c73cb39598e42d9fd30018e93044ff5c1ddc60e50bd63f2b1aaea2df6de

SHA512
53c5ab6431050f15980d34df5523c1313d49c24a6333c6182b4e30894fd6ea44f54e070d8790dc5d66162919546074bae9c6dbffd140c69d6f63b07ae0ad0182

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
022a9b412314d46dd6b542576dd6d594

SHA1
88495b6c488f064971c51c82abd5981c70c54c93

SHA256
b28c3869cab1eecb9958b1094d98348431921cb6741961f904e5ea4ae4efe0d3

SHA512
69ce0e9d0d2bd2256d2768391cf9ac5029933414976ab9fc3b70c4dc874eefc4dd6e66d12e182fd639b42881a50b51a44732d7158bdb40e5be88f18780ae43bd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3b5e6497b9450f0528687509cef46f67

SHA1
cd7f9120b72b384fcc6578f0f5ee681ed3fee75a

SHA256
57bca3ed20e379c48f23b0ce10d360729d28e297dce1c814b8f0c98f2f6aeac0

SHA512
d0c06376c41c788f53500eb85820136652591353e879797a758cfddec7c113932feb00fccb36ebe927f2c798fc1e00e0e7e783752f7774783a26aa1aa21aadfc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c1280b87efeaaa34250b924447831e91

SHA1
f7d9d478bb72235b31b8f39640e870bf4da9967c

SHA256
556b1bd9a7915f2e0f1919c45fc89438788f40b391e0e1b4e2957fe0c975992b

SHA512
1aca9964fe49a028e3562be5b8da55ef48ddb217364b1dc997941da578bf2dd1322f930c8ed51e3bf43fa4da86288e1dc22333eaf284b62fb019fa025d07d34f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
24b0d3ea5cfcd506c32df81305bd1455

SHA1
b57cc27204795e04b0825795709d26f2de9bfc4a

SHA256
766559495e2bd8c0708a80901fbb44e83da7dce30a8cbcc5a7766f237a450ce8

SHA512
9c3faf8909a9257a35b7fbb30fafb1f277a2cfca9b95226078d402a3fa39aa8b611e97c5dc86458d3a9c9099463f1d94e8910f0c8d67369295fe6d045a3fe02e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
06027a29cd4c09370177df0d26872d2d

SHA1
821a6d9d41f25b5f02df566c1c1b5af7eea61509

SHA256
acee868f0550b38f19f970944f6cfbc556b2f3b51b58a13ce4a8c137572a9420

SHA512
6678d3dc090c619632c383a9bfe65f40c42ae0e0e229d2e88bd6a21f76c31afa4561d058f7bb0f22577aca22833b8272ea9d03617a3047dabefb40d100356383

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
66ec180722b3bcb64c423d7ecdb200ca

SHA1
72ca8d711e4f59c46553c372b23c9e40be9bc582

SHA256
41386bfac55d568799bc6c2f70c6235800d75cc3610d9ce16f58dc7bb785ab04

SHA512
93aa8e8ab8e4a7df4f3c579e9d5ab3fb7a21023bc87fc218cc45f59d6d409066950f0ea47c80ea16a5fa20b78deb596e809694f751ccc7f2a2d447ed6f5c7c8b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6258edfaba59aff6d824f5353cb5af57

SHA1
8dad90a8df3c10dc9100f05b21746678ca565d7a

SHA256
a52d83b7c39b11a2212f8344fbf76148c302a51d639d802fa9b9c975d2dbe348

SHA512
4cb7d0b13ce41a44f941c9fbab950e013d5b72ff377c6f033486c01cde8d36f8ab8e11f5b03f97fed06965163df572f230a0392173e32454bfc9c4eadd376b95

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E

Filesize
482B

MD5
f891032c9ad1e1beb26f85cb129bdf5e

SHA1
eeacb84766dcdd9c778dab7fa93497552072ccbf

SHA256
d7f582243ac0f188b6845db7176ec978d676634cc13e0292790cfa4d8aff12d7

SHA512
c94b288ee9a4395fc790a250e48cc1185b4010c4d93ddc4fbb1901e501a9d1c0e9c4c99aeb7c7d578df4f8dc5b746e5554b2c5b8b94db3fd112d9838e88f5cd2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E

Filesize
482B

MD5
f14bef5754c4e94ccfba3b64b5bbb51b

SHA1
9975d7c8346bf15d96801ac7596e117d3ba39bde

SHA256
c52413efc664d2174b9ea7d8a0a6119573fdb17c1dcc7eb118c4dac27fa02d6b

SHA512
06e54585de1fb2f6fa23109543f4698261e8428eed571375c77164a32850c848562a2f33516fccddc528975cd53a76a78ee8879218617581bc5e4ecafa08c786

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E

Filesize
482B

MD5
4482bb78e4c35e2f71b7a007b7feb381

SHA1
f32d3114cb5c15271fe7dfce3e12a01096ab059d

SHA256
13c93e312840c59131f0844cbd54e5b5659b396e17f9f15b72aecb04269f6790

SHA512
e1014594751136baf827feab53cfc846bc0c07e9ad73b2d5db8c138a990a558804cac5ba35f5a41b43dda43730b56470960eb2c02106b8972d3f8bae117deb58

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
63f841819da72b9460d8526980236768

SHA1
549b2dfeacad36bc390f9cd79a728bd8496976f0

SHA256
39e5de1c179d600308a55e83dbbe87c5161f9125aae5bc0fd1719b494dbed7d0

SHA512
a9fac4545f77f53b21fa4f2065a8e97242e406f1874911f909d0f3f98ceb22f947158a694c349bc1534b6d8946d2c096e76dffaa815b0b2c0b7ec7b38d300657

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3NPBB818\bootstrap.min[2].css

Filesize
114KB

MD5
eedf9ee80c2faa4e1b9ab9017cdfcb88

SHA1
ed29315e0ffb3f14382431f2724235bf67f44eb3

SHA256
f04b517ba5d6a0510485689a3e42dac000f51640fd71b986804cba178eae42a5

SHA512
ff9296270da6bcc3b664ce5f9dd5715109a954fa9ac59c9845332b5edae9aecc90db3334a3434c8d4d3623c6495de04fb6b9ab3cee0803208246cc9d1b4049a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5OCCPTL4\index[2].htm

Filesize
985B

MD5
a6d4a72f6894f3963ce90032da518aec

SHA1
464eae231cadfed89ef6db9b010d5e82ab8d6038

SHA256
874a410af24e2cd4761c054565c768b03898c09940aba283df223a51378aed28

SHA512
bef6a7676fb650d633d4ea3ca862d27c26d1e2795ae2b4b6b89861c14d116f856db21a79e46d6be839318f4fbb8ac784425bee4a2d3bbfc61fef4bb8f0210ff4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B1014REI\bootstrap.min[1].js

Filesize
35KB

MD5
b6d6c550cb657155feb06fdcd34b73cb

SHA1
27947c0c0fa837da9bdfdfc36f649c25f54bd1c0

SHA256
267a83092a5fd6ec5fb746bce12d440abd37f1d649c072f653e17d0c800eb647

SHA512
f57baade307d54d9e4b7c820d1b5ef32e948df73789c8fcd51bf0b1ac7d282f05b540d14ddb0b5644c44bdc6f991ae67c9f4a78595f4b33bd91601a24aef1402

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab2D99.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab2E65.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar2E8A.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
memory/2172-0-0x0000000000400000-0x0000000000411000-memory.dmp

Filesize
68KB

Download
memory/2172-479-0x0000000000400000-0x0000000000411000-memory.dmp

Filesize
68KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads