fb5c72ec155559deaeb72a6dbdbf276778c4d9a3b705bf753e08ac11accbfbda

Analysis

max time kernel
150s
max time network
150s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
07/07/2024, 05:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

29c02a20c2c2c93b7dcffce17480e2c2_JaffaCakes118.exe
Size

22KB
MD5

29c02a20c2c2c93b7dcffce17480e2c2
SHA1

48b902f1762bac2173debfe9cf1823c4425f7327
SHA256

fb5c72ec155559deaeb72a6dbdbf276778c4d9a3b705bf753e08ac11accbfbda
SHA512

5d33623bf14c5c9632f7c498fc413d2fda0dacbeeaf0144ca1fcc8cb4bfbb89859f3132c289ec522cace693e0ac63f15d9dc238e86b0665afdc27d4c559d4a56
SSDEEP

384:MsWeNRCs4y31uhXtYZxGFxhc2pJ4kvLYMzEMqNRU3Ui2OOm9isb13DYFIx:/RCs4ylujaxGFxvpJ44zEwkOO5+5D1

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 15 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2948-0-0x0000000000400000-0x0000000000415000-memory.dmp	upx
behavioral1/memory/2948-403-0x0000000000400000-0x0000000000415000-memory.dmp	upx
behavioral1/memory/2948-510-0x0000000000400000-0x0000000000415000-memory.dmp	upx
behavioral1/memory/2948-520-0x0000000000400000-0x0000000000415000-memory.dmp	upx
behavioral1/memory/2948-530-0x0000000000400000-0x0000000000415000-memory.dmp	upx
behavioral1/memory/2948-534-0x0000000000400000-0x0000000000415000-memory.dmp	upx
behavioral1/memory/2948-540-0x0000000000400000-0x0000000000415000-memory.dmp	upx
behavioral1/memory/2948-977-0x0000000000400000-0x0000000000415000-memory.dmp	upx
behavioral1/memory/2948-983-0x0000000000400000-0x0000000000415000-memory.dmp	upx
behavioral1/memory/2948-991-0x0000000000400000-0x0000000000415000-memory.dmp	upx
behavioral1/memory/2948-996-0x0000000000400000-0x0000000000415000-memory.dmp	upx
behavioral1/memory/2948-1004-0x0000000000400000-0x0000000000415000-memory.dmp	upx
behavioral1/memory/2948-1015-0x0000000000400000-0x0000000000415000-memory.dmp	upx
behavioral1/memory/2948-1022-0x0000000000400000-0x0000000000415000-memory.dmp	upx
behavioral1/memory/2948-1032-0x0000000000400000-0x0000000000415000-memory.dmp	upx

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000d854e951ecdca4792ad3aea80f03551000000000200000000001066000000010000200000005d8629cf39b1e1a744691715364e1f9175aaea25c1721ba89e6533bce604345f000000000e8000000002000020000000b60c6c47f33b80a1008508a428d31b0aebbdbb26d48e6b202465cd3ac20d67c0200000007949ad81316666ffb9f80a5b9cc2cfabe09845c5aba538ce1f4baec965002721400000008a6049e9d2accf3f17e188e8df27c08f4fa3945159a246b1c46690878c761a39e91885e8c0f73d13bf2a03249997f240c142546fde48c20859ce38ae2809eb88	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000d854e951ecdca4792ad3aea80f0355100000000020000000000106600000001000020000000070cd4014a11939df6eda62dad729eacc2aa416dbedc7281697df68d2d4797da000000000e8000000002000020000000779bc8f2a5ee5c872d7bab096443808bbe34798c9ad0f7a4b626421301ada7389000000051e792d207f7268577febeb626bc3f4401860299b1db3d7b712ffd1905a114038813a11e26b9b2f1cafbd634b204428efc732eadee4c2a71046d50d0122f4fa8bbf634c14ad2dade4adcdeeac74434ebcc9068aa85470078d64625f38f3025f6f2b3f4292187a53ec41b1ece3f6161b917aa38dec2697c0c14fa9a5ffc29c7678dd2c0fcf40ba57764131d9c9a8cc640400000006d616a1bd7ba30bcea66be82233233210ad9378bc1b907f17e56e5cbc3fb142fdba7c41d1e9e78c988b05add8353c7db5e6b1c19835a8c5da8454bb174212ea3	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E96AD1C1-3C1E-11EF-BB30-566676D6F1CF} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "426490761"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 506abbc02bd0da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe

Modifies system certificate store 2 TTPs 2 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8	29c02a20c2c2c93b7dcffce17480e2c2_JaffaCakes118.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	29c02a20c2c2c93b7dcffce17480e2c2_JaffaCakes118.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1652	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1652	iexplore.exe
1652	iexplore.exe
2280	IEXPLORE.EXE
2280	IEXPLORE.EXE
2280	IEXPLORE.EXE
2280	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2948 wrote to memory of 1652	2948	29c02a20c2c2c93b7dcffce17480e2c2_JaffaCakes118.exe	28
PID 2948 wrote to memory of 1652	2948	29c02a20c2c2c93b7dcffce17480e2c2_JaffaCakes118.exe	28
PID 2948 wrote to memory of 1652	2948	29c02a20c2c2c93b7dcffce17480e2c2_JaffaCakes118.exe	28
PID 2948 wrote to memory of 1652	2948	29c02a20c2c2c93b7dcffce17480e2c2_JaffaCakes118.exe	28
PID 1652 wrote to memory of 2280	1652	iexplore.exe	29
PID 1652 wrote to memory of 2280	1652	iexplore.exe	29
PID 1652 wrote to memory of 2280	1652	iexplore.exe	29
PID 1652 wrote to memory of 2280	1652	iexplore.exe	29

C:\Users\Admin\AppData\Local\Temp\29c02a20c2c2c93b7dcffce17480e2c2_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\29c02a20c2c2c93b7dcffce17480e2c2_JaffaCakes118.exe"
1⤵
- Modifies system certificate store
- Suspicious use of WriteProcessMemory
PID:2948
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe" http://www.orkut.com/
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1652
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1652 CREDAT:275457 /prefetch:2
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:2280

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
800967fbb182b1b19db14de8f62ceafa

SHA1
4eb319ed87cdc5dfa94e1633c8953641a57f0fd2

SHA256
35ff6030cc7a15a6ae8fa82836e7e7ab981c04c41eb76654d158f128d46fed99

SHA512
6fa5f5e082ac5df9346f7220061e9aef1ed1318540682a59813d8d8bd361f9d488505fcbd0f8c8a64566d39b96077ee1cd716cdbc6884ac17311b796bfa23fa1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9238dcb216311cc034517d2baeae59ce

SHA1
b07661022acbdb608e8ea8915e644ad1f53c960b

SHA256
12751dbe7e6f31a85ea62efc51c7d631100e1177b9dfd18f2e0e155e7fb1c4d7

SHA512
8638529865e7cbcacc11b659dd6ba81f8705fa69dfb4c9907f06e8629adfdd9cc644572a6f52e697082c836940ba3fd55bbfcd03de3a7f9906682f5930ff58a3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
090f6a6d58c09c106d42c50e95bda849

SHA1
8e23789ded392f30d5340f3a4d63716083529515

SHA256
38ac20a8c593c74e255d210a38e956c561a31a1636c61962f88ecb202ed5bcd1

SHA512
6ccd90b9181f4bcd015b150abde587e8d855ed7226d4f00808d2684e938baacc106ba1b21e34a53a63e2cd403a6a9da5c7d3b8d63ce9517fbbdd4179442465ed

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ef3040baaf8b75719684674f6dae27b3

SHA1
ed27ac3742a0fdfe9a118725e64fbe0bc970448b

SHA256
44a91f2e262b4d43af1b80bc24241d4786d934bbb8d2f27aaab4210b7e030b36

SHA512
ea7db58add0f647ebf0b7fd5a2e9add168a7ff0b6552472dc2af419e041c5537e35be479e31de5c3f76381bfc854971ada50262e85aa7411831374e1d1a78372

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e662a7ba0bb217e15504d37706cd06f3

SHA1
0cbae9f3b813683f4041685eb9114b274ee2b634

SHA256
2368cb3240c3ddabc139f739335eca090c6e1890d7c181002c265b44ea344043

SHA512
3626de822ecff4167e493be4b77493a88c126b1f91420df5a47135e2b87451dd69174ac6e2ec35e515179f866d3d27487a31c8557ac5d10f1daef4349a92282b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
78b83e0076f0919e66282766f57c338a

SHA1
945dad1fbb5d20b52ea72e3920d69dd3d716b805

SHA256
885e06f3ec2c5eb131d13369873919fe865f13e4996a49e6bd43806749223609

SHA512
197dfcaa9f7555fd3e98c0b28d819ee6c689fc39a4e501006daec37491cfcb74dd100687bd7d690a65068c3ff9a25d3be7a957132519ccdac8971f92acd7cdbd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
78d94c29c3670cbe3818b181addfefdb

SHA1
51fed8e22d49e7370e92e553b3a08f0913e356f3

SHA256
9b983cf9b562d6b330b4f2a1a95fbdcf33d7876c2184734ba7fc4cb8a09b9eb2

SHA512
a730d5d8a9d528353c889c27c9d90f144fa428fbd88a093e19960bddfd5ff667ac20f5b235022c097d6971ac2b57308f18005b72ac655037422c42243c63f991

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
590ce9e5535e917a31450180992b4e5a

SHA1
813d85dd724b8cfbcbc0bc836ba8ffa6caab5285

SHA256
4561fc74254b85d21d01b884d98ea01e3c69b46c49256218a8391eb1c3d2a953

SHA512
8e3698ea2cd8130c2f24dacc55fcd8f3914f884563c0cd54aa8e58f01d47cf8571b6526c596cce80dcc8258552cf871b6d0ab1217bf48539c4e2e54da16219e6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
51562f3cd33636b478c1da3a8cc59239

SHA1
247f2a77864e9649b6adae14deb6f89c542d1354

SHA256
fe28ee0620c75ca5d377bdd29d950944e0608412ee05f682cfa6b2d8bf9b23a5

SHA512
b2acfd7c1f8240b6993f3c10a5a239fcc865522d533309e9b9900e087fa7964d6d03078ff457037143f7965bfac1a69b021bbef475433770fb3a1a852794e366

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
02577ddaeecaa1ae1503e9e0f93ae928

SHA1
5bb52d1d7340d3ce0f67fe2e77af41252e78881e

SHA256
718125bd7a993ef8652af6b25149e78f2bc889761060dc9c46f0cf8b0f5bd3ca

SHA512
586d66fa99e6da291f5c1da3f4a50fa6dc183b91544f051ee575a3b6e50698f1a05841df703465a01d25fe7d5eb186d9321db2fb5c4a525bbe68e3e297c110a5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
23697d4a57270115b881616aaef7bd46

SHA1
e631d5585d5f49a0bef26b490f644fff217b2f78

SHA256
17aa73722097668853d40e43bcecd66a02bd25cd753a1b32bfc56c0eb787bb09

SHA512
49cd1f64f4c91d10f3a61b5483ddb455175c9754cef84f21316fbc91765d754c1564c6967fa841d5a52ed2903f38271ed9e20f5d8544add54e1d8317462129c1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fb584bb1620f98d17060704c2bcf622c

SHA1
8bb14549371f128396baf3797a1296daad7dc9ff

SHA256
5575cc68fc6fb137f45bed83be88b0f67c41650190dc024c96da892305bd68ac

SHA512
4026100ce93c812c245c127fdba7187c5566043b210916e3f23a3f592c07503e22050cb07375b5e983e78968a79e784a27955e9287c8e79446c72a9826855d83

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
84eb0f6b82bb73948562371675f5c9f1

SHA1
ccd7d360ce66684b4b34fcac54037a28ae5a265d

SHA256
e670313afe4a6ed489297cc62e3aa82c1ee77c5d314b0006108277903a7a518e

SHA512
ac250f807d9547e37b8220d3f88b38ac3018d0b9571e067635d43393303aa7fcae242dc768592640976d3e7e154e805da71904de7d2be3e3187da7644ccf6810

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0f41124119463097b9b35a5aaa042362

SHA1
05a1035fbf9e1adcf80939c3ef09abbbb980b6bd

SHA256
c954fb7e1578b524b70435359ef56611930aaa843f91887e16cfb40489bce8e2

SHA512
40fd3dce95b90b7110703ca4ac2845d38a678f42a60717919822ecd255d90800b6a00d7c9eaf7c9fc4d659756804f72c633279824be538a3e5c6c52430ef6df5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
295ec62dc65445f81bba40d6b56f82db

SHA1
da2f15831b73812fddd2959190f83d596323c943

SHA256
3b33551eed5e10679ba5fc7128f23b28e7e1f35292fd4edc899bcc869e28bf93

SHA512
214d6fd5bbc88a767f3d4c8188dd6a928d46851956e43a691d518472af2043b2626ef59b7f928f6c14b2e7811357c1e1e5101fb353497f43dd2da923a33af45f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0137f6a5f8f9d32ca1af785f4bf5b0e8

SHA1
972a3505e3d9adacc00b6d4a5309bd7b9ec6eaf0

SHA256
916fdb7a3accd212a878fb204af4e843fefddad287ef71e2511259bed9a46958

SHA512
48fc12cc7383237dc307c6523f5b82b571131803ff7c75f6e6da5c6030e7c64be646a4396823b09c2365d10004ed6226753f3b9ac9d4e82708383076b012e00c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
03e336d828ade81b1dd812bf5f1241c8

SHA1
1b6588267ed850e384f832b837d40602639f0dfa

SHA256
c28666ad22a61a00b9c5e21d62dd169d7f9503a95b1ece43e62811fdbff1a836

SHA512
b223224775e070320830ee96a28613cd408b227734fa163ea46bc3121b1e64b2e9418cef418fdfc01ab328813e7b902aa20e1d1ceb5d3ee7a6a352cdc42e1bea

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
83246327a8d078efdf55546344323f68

SHA1
bc215275f462f803c5d8fac38b87a33cd7b9ad0f

SHA256
1f6cf64d774f27254b3cf058ba8f44440c6ab2d4b808248c901207b0be8e46f7

SHA512
a6ab9d0901065bc6017b900fdda12d060573d036f2d2e1afd1f9dd8dfa686b0d91cb1bc4fedd4bfd247b58612ac4b9c6737f906591ce72f59e67f819e0b6a01b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
56e035bb0a6b1f9e5b72265c65690d7a

SHA1
5f84aaff5b9033e84d01fe7cf98e1b0774904665

SHA256
a3db820b6404c9e3cb25f725558490a6567977bd14e19c2c6931d6b1b2c65670

SHA512
f235c89205e344ce2d459a663d9dfb28d06fe69e03f9c2583660ae4c296ea06ebdc1501e7d2d64d21caefaa044c727d1ec585da9460eeec49454f052e56bdd70

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\85y7ywt\imagestore.dat

Filesize
99KB

MD5
0b7d7de6bd46d061136baae5ae51050b

SHA1
8945b28c43df48b3bcc919dca5537dd166443c40

SHA256
bc2288068d3c69c8537538baf5c569f5b1d456b44747292d83c4ba877e0afb59

SHA512
d5a744735f4065d4cd89ceb31d637e8d2d42c15f85fedc255360eb1207c3e35e461ab18f1c2b4a5cde3e7f72f0a8f00bbd336590ce33390c5dacf5989c271933

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\84EXSCRK\master[1].htm

Filesize
162B

MD5
4f8e702cc244ec5d4de32740c0ecbd97

SHA1
3adb1f02d5b6054de0046e367c1d687b6cdf7aff

SHA256
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a

SHA512
21047fea5269fee75a2a187aa09316519e35068cb2f2f76cfaf371e5224445e9d5c98497bd76fb9608d2b73e9dac1a3f5bfadfdc4623c479d53ecf93d81d3c9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J7FHNNOW\favicon[2].ico

Filesize
99KB

MD5
562fe6b5bc02c09537b054ba674740f3

SHA1
082f9d8d488f49c3085384009e9700b207dbd8c4

SHA256
29b906ce83796e0f46ff07dffbb9cd63278bace576d063fe3d888ab41c76e0d3

SHA512
c1a82e9104b03fc145aa8df7146b316e737d60cbacf6ec5221e0b7ccec4ef8f0bb9267f950363c84d3f67e916d728f36ca79f9d244400f8bcf3ff14a909a20ad

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabBF88.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarD442.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
memory/2948-403-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download
memory/2948-977-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download
memory/2948-540-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download
memory/2948-0-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download
memory/2948-534-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download
memory/2948-530-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download
memory/2948-520-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download
memory/2948-510-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download
memory/2948-983-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download
memory/2948-991-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download
memory/2948-996-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download
memory/2948-1004-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download
memory/2948-1015-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download
memory/2948-1022-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download
memory/2948-1032-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads