e9c6be1d1df7c4402a64910fc5d7fe5e5b5902b5cb3dc0bfaf011d9eb32e5408

Analysis

max time kernel
122s
max time network
132s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
07/07/2024, 11:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

29f1ed111e52aa0ac14c9daa8c907c6e_JaffaCakes118.exe
Size

5KB
MD5

29f1ed111e52aa0ac14c9daa8c907c6e
SHA1

af053cec2e230f3b205107b484b8ea95ac8544ed
SHA256

e9c6be1d1df7c4402a64910fc5d7fe5e5b5902b5cb3dc0bfaf011d9eb32e5408
SHA512

d00ffff282997635cac63627c11d32a4293aee34466cb088a3dd816e37b7406e0b898de4c798a4b6f943f0312aa6b81cb689f3b5e188b023b6810ec4fe9b7159
SSDEEP

48:ZvtWxUKQZVh7JIzIZ6NceyAVTvEHHAH7dhNAMoBAX:Z1aQZVVq8UNcpA2n47hcK

Score

7^/10

adware stealer

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2644	cmd.exe

Installs/modifies Browser Helper Object 2 TTPs 2 IoCs

BHOs are DLL modules which act as plugins for Internet Explorer.

stealer adware

Modify Registry

T1112

Browser Extensions

T1176

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects	regedit.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C613CE22-151C-4331-94FF-F113A153F66D}	regedit.exe

Modifies Internet Explorer settings 1 TTPs 28 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "426541079"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{10E2BCC1-3C94-11EF-9143-F235D470040A} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe

Modifies registry class 5 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C613CE22-151C-4331-94FF-F113A153F66D}	regedit.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C613CE22-151C-4331-94FF-F113A153F66D}\InProcServer32	regedit.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C613CE22-151C-4331-94FF-F113A153F66D}\InProcServer32\ = "c:\\sysdump.dll"	regedit.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C613CE22-151C-4331-94FF-F113A153F66D}\InProcServer32	regedit.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C613CE22-151C-4331-94FF-F113A153F66D}\InProcServer32\ = "error"	regedit.exe

Runs .reg file with regedit 2 IoCs

pid	Process
2380	regedit.exe
2448	regedit.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2360	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2360	iexplore.exe
2360	iexplore.exe
2840	IEXPLORE.EXE
2840	IEXPLORE.EXE
2840	IEXPLORE.EXE
2840	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 24 IoCs

description	pid	Process	procid_target
PID 2552 wrote to memory of 2380	2552	29f1ed111e52aa0ac14c9daa8c907c6e_JaffaCakes118.exe	30
PID 2552 wrote to memory of 2380	2552	29f1ed111e52aa0ac14c9daa8c907c6e_JaffaCakes118.exe	30
PID 2552 wrote to memory of 2380	2552	29f1ed111e52aa0ac14c9daa8c907c6e_JaffaCakes118.exe	30
PID 2552 wrote to memory of 2380	2552	29f1ed111e52aa0ac14c9daa8c907c6e_JaffaCakes118.exe	30
PID 2552 wrote to memory of 2360	2552	29f1ed111e52aa0ac14c9daa8c907c6e_JaffaCakes118.exe	31
PID 2552 wrote to memory of 2360	2552	29f1ed111e52aa0ac14c9daa8c907c6e_JaffaCakes118.exe	31
PID 2552 wrote to memory of 2360	2552	29f1ed111e52aa0ac14c9daa8c907c6e_JaffaCakes118.exe	31
PID 2552 wrote to memory of 2360	2552	29f1ed111e52aa0ac14c9daa8c907c6e_JaffaCakes118.exe	31
PID 2360 wrote to memory of 2840	2360	iexplore.exe	32
PID 2360 wrote to memory of 2840	2360	iexplore.exe	32
PID 2360 wrote to memory of 2840	2360	iexplore.exe	32
PID 2360 wrote to memory of 2840	2360	iexplore.exe	32
PID 2552 wrote to memory of 2448	2552	29f1ed111e52aa0ac14c9daa8c907c6e_JaffaCakes118.exe	33
PID 2552 wrote to memory of 2448	2552	29f1ed111e52aa0ac14c9daa8c907c6e_JaffaCakes118.exe	33
PID 2552 wrote to memory of 2448	2552	29f1ed111e52aa0ac14c9daa8c907c6e_JaffaCakes118.exe	33
PID 2552 wrote to memory of 2448	2552	29f1ed111e52aa0ac14c9daa8c907c6e_JaffaCakes118.exe	33
PID 2552 wrote to memory of 2900	2552	29f1ed111e52aa0ac14c9daa8c907c6e_JaffaCakes118.exe	34
PID 2552 wrote to memory of 2900	2552	29f1ed111e52aa0ac14c9daa8c907c6e_JaffaCakes118.exe	34
PID 2552 wrote to memory of 2900	2552	29f1ed111e52aa0ac14c9daa8c907c6e_JaffaCakes118.exe	34
PID 2552 wrote to memory of 2900	2552	29f1ed111e52aa0ac14c9daa8c907c6e_JaffaCakes118.exe	34
PID 2552 wrote to memory of 2644	2552	29f1ed111e52aa0ac14c9daa8c907c6e_JaffaCakes118.exe	36
PID 2552 wrote to memory of 2644	2552	29f1ed111e52aa0ac14c9daa8c907c6e_JaffaCakes118.exe	36
PID 2552 wrote to memory of 2644	2552	29f1ed111e52aa0ac14c9daa8c907c6e_JaffaCakes118.exe	36
PID 2552 wrote to memory of 2644	2552	29f1ed111e52aa0ac14c9daa8c907c6e_JaffaCakes118.exe	36

C:\Users\Admin\AppData\Local\Temp\29f1ed111e52aa0ac14c9daa8c907c6e_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\29f1ed111e52aa0ac14c9daa8c907c6e_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2552
- C:\Windows\SysWOW64\regedit.exe
  regedit -S c:\temp1.reg
  2⤵
  - Installs/modifies Browser Helper Object
  - Modifies registry class
  - Runs .reg file with regedit
  PID:2380
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe" %1
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2360
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2360 CREDAT:275457 /prefetch:2
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:2840
- C:\Windows\SysWOW64\regedit.exe
  regedit -S c:\temp2.reg
  2⤵
  - Modifies registry class
  - Runs .reg file with regedit
  PID:2448
- C:\Windows\SysWOW64\cmd.exe
  cmd /c c:\temp2.bat
  2⤵
  PID:2900
- C:\Windows\SysWOW64\cmd.exe
  cmd /c c:\temp1.bat
  2⤵
  - Deletes itself
  PID:2644

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Browser Extensions

T1176

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ebf94f168cf04e1999300db3004a55f8

SHA1
54717e5c0aaafda7bb225ef8d959f7b1545843fb

SHA256
4fdc604dc7c6db9150ca45de51d43284dd462e3fa83311ecea4e235e0c9e28a5

SHA512
3824edeb79d738cfe8a1a59847d564a12477b17505abf8e884468115132aed7bbda666e3f3790b10d2a48a2efbe86b070d95788763227692564979b30720be26

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6abae043cafb19dd5f2f22a7ed5d0856

SHA1
92dbc49cff9320f6a1a182f10f97fde12c8b838d

SHA256
e0ec73620101400701c7bc4873d80e581a23df962e5734865b60da87fcb98c50

SHA512
69013e0046a4665dee7d12a6b92cac602f97afeb07d8761d14a8178ab172b66e73357fef6bff3644552a2713faadc0060e43a122e1be3091ed1c5004457b3d39

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a4a0dae7f2a5d1546cb1fe9cabd57e72

SHA1
a563c26cbb7f9c64b54aa9789a5ea0515f2a21d1

SHA256
ea8a1027a0c0fc5bbf87aff8d386663fb4a61ceb18dcc1b2df1c1daade509489

SHA512
bbde54efd9f3874bc29aef8df0734270ae8d9cd58e60b86a4a459b414b7f1489dbf9603e094692c1b8f6da95f9b2f2cb3888a990295613cf4d48233b2697003d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ad4c9bf3473e9daa85e6daba5aee06b9

SHA1
5b994e4198d3569006e262b15aacca17c884c74e

SHA256
0c1737150a6f86d16519ff1f32231399545fc53bc24dfb6225b9c199166b1514

SHA512
44304090e128fe3b98ea05da3a46af5a388455908a89d014d4a8fb69224d23d08a308870332ac43eccc8511b153baea88b770fa413128fb0e414b74e78db9834

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7e5b182ba364cc1f53022069a400eaae

SHA1
adda3feb99f46dc35d6fbb452620854ddefafe0f

SHA256
1d565a9eb67d33dbbe152e49eebbc33792eba5490db9a9035527642d0e6e32c9

SHA512
eaf14d7324141e2c563fb357d2cbcfa05cc4bf7614e0b1552cd59b7e02b62ad54d186f08bb745c3a2982897b9e5f0411a7f0bc2335c839bedd3ea823c3097485

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
26c05d511be9610719ddb376d7c5a425

SHA1
8ff13a30c19b05068f5f9b49bcd5e73c91302469

SHA256
163b42da0f452d28bec2f70cfa1f75445e8ab11144e4d39f06b51c8ee7650609

SHA512
691da0910f88ab5a009c3f8fed0e23077c1ea37b932d3f35df86dbc5432be9a7b200bfe5afdf0d0dddba45883dffe42e9d8340c5a740edd4b663b61b1cf2792b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
90f3cbe94ecb7f69bc2bfce09affc0ed

SHA1
7dca3c7bc2bd6049036394bb31ba03e0cdd0cfdb

SHA256
b3248a3a91dcedd82afad1f66fbf923a91eba0c107ef64af9c911aa19773c9f2

SHA512
f280a6c6a55712d108e1e626bcf1486c6f1a752cea81addffc9ef8c7d74cf08eee72393d988d2e72dc4eb6716333335751f5822505b756cfc43439e2d92b095a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2f625c923fc20b0c7c3bc0a02130cf54

SHA1
f842aca2c16cac50407417d75acb0425fb5dffdc

SHA256
0c3a9dddec5a76af22fbe3589150e3e4b1b1c4e5f8d6eb12b4f3b35690a5fb42

SHA512
cc2fd77976d0568e854d39b40bf6f3cf155f92bfe1f35d415783cf52b9d2671b7b0668a23423cdc1fc1dc5976e341e46037739a369891afe7eb1a56c2f8ad4bc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
be44716bf1e4b01b4348df5497f7f486

SHA1
db3dc50c7b5ff8ba6c9127acec1c57a03cf7b6aa

SHA256
eb401f0797a15ce33721fe54969cafc12986dd52e922e39f39b7cfdc4e316b66

SHA512
28ec64cce2136daa8ec6f9ac138d06eb1f6acb599c7bdcd43550e7f51fa91948a1fc1a4139eef1a64e1ae8339630052300ac065cab4fb9e262f6931bae4b7646

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ddb14142643435fe599a2bf83f990743

SHA1
d9df146b4e9f1be9a1cf6e3c8cc4180173906a0c

SHA256
30f9ed0803baa474a41c0700f072a8263782403d15eeb234058e7c66224761a2

SHA512
46c7cd61afebaff55e2e4f9b7987c2e9d2b7fc3ba4225435d68adc76f1a912e72f26e9de8d7dd869c2af59f257122072e6d84c2546c69114c55ff7f49ee8122c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bb9747e120a9410ad985918f45515739

SHA1
df87dc642a8d0e64a5e7296f96a83e07adadfe99

SHA256
7f0ec8f9dbd185f77917d9b88ace970b0bc0880118c450ee1c87261cae5d3e72

SHA512
a067b847cb49ac37d13d02fd3fb77b5137ade01168f2026d709a449cc720e55eea1263e23e0c633e35166d5513ad14d1b232ce41b92d30089398dd54aff44aa9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e46eb69f31ab6c5acc01e9055fe3e219

SHA1
fba17639e950b271ea40355e1cc9c44b9306fe22

SHA256
6e6e6742246f053bca0a1b1b7948605a57b8efefc051abc397528137dd7fe852

SHA512
36ac0222307949aeb5ef3f40bb4d7ee6206f2931a46e823e53769ecb3ba35505417526257e66ccd5734b8a3cbe804baae1711a8605f729d9062f574f850aa101

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0cba0daf4a6bd678140e53b753c37e5d

SHA1
ffa53cfabfb2186743a52e5f111cea66fbce07d5

SHA256
4753c5e71fe0bb7bdf15efcf4d7fd204db44337daad68d5af9aa697a1dc39bad

SHA512
a45c9b4674d7787a037e3bf3b27dc78940a062000f71402cbb47eb0e2ef8725eeef19f431499f1f91f2a91620dd5a3e15cd5fe516817e9a3f70eaa35942f16d9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a980ecf8f5ad123f8d5a909c81649f3e

SHA1
225c9236a6d3f646d8b3ad501e50df85c97827a4

SHA256
f1eae7706f27ebd8289cf353221dca954e30eae9d10c98f17e61c97f23ea263c

SHA512
59ca9692dc7921442bd131ef13e3eb87fd9c57d6880bfcd790958bc523e2d412b5f90b280fda3845acbe0cf5f30c4a8ffc854d700f9c2a6d422a0ae555a3a2c4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
730176f474b506797e9ac3afc62f6c2c

SHA1
f0d4e51a99968d6aae32880b3cdf05ea3b3fd562

SHA256
ac19a25761aa3f88401e1e0773150c47585ed794cc4485d143123da5edee5eed

SHA512
e2256c91c94e345bbaadb571cec1c88105d89754efc040027aba493a09474bb54324ef0cd757c6b86c26e18f97cdc7cd93b41ecc74eb5c8b1fe93a3d6786fcd2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bf30d0ffb217c926883c88b4690b42d6

SHA1
520837b90ac339182d191c0dc13020dfe72d6a99

SHA256
5e4c4543e85d86bbb2bb3a2163e9959ed028668ca10f8c00d71b2a70c92bf8da

SHA512
c6c8bc3500d4c84de34c6c358503095d40e873521b449914cb94790bc710be320dbbc7afb530d6490ea6d4b58d92ead66a83bc9c2bd5047402b60eb985e79336

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f0de10ac157591da396dc71848016f6e

SHA1
498899baef2e07553a892a513fb3848ed58e6415

SHA256
44020ed8591734e161adb1b25a7a10f26e42e1cb928ddc644f317ac594b7e662

SHA512
89df2c3548d0e6d97124970fdb0d8a9b408acdfa222479ed1b7660d7ac4903ffb8cbef41898a808049b0b938807c349b85cf745d779901ab8b2a05a1f2c1d1df

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabB79F.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarB80F.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\temp1.bat

Filesize
224B

MD5
d6d984960c6b55555038fb6a366d1fee

SHA1
300f2615f09c6add911401d8f90dd29542fc39d3

SHA256
5e0786140fd6b161ede0b530685efb4d1f588561ad74186bbf2c820bab119a76

SHA512
3893d2f4443cbbe46c03eec4cb5a6c1c9916f2dadd557397e1c7c6478a451407275eb71f43401cf055caf216bded8731ce2c774f1054ae251ccf9ebabec9db32

Download Submit
C:\temp2.bat

Filesize
84B

MD5
b9975d30ddbd098a754312e16f744ec6

SHA1
9d41e8816bf8f8aa48356c99af46e64947a0d2ef

SHA256
6e4f3dd8bf9469f50bd04878da2bb005a9df85192a5c7428b4477cecbfd4747c

SHA512
5bdca7782ebe7a2d919c7c096d0b2e9927c68044a5ca802ce7a43e6d4d62fda7b5d7620a1154e640c9946def1b13539a948a58bf13697f897748dc66e3406c02

Download Submit
\??\c:\sysdump.dll

Filesize
4KB

MD5
c7bf8cd9e5eb16abb1e77101d9c06440

SHA1
d283df309bbc85c79d52184239a735ee85a830d4

SHA256
4837d1cf1eedf70b42d437f3066839bfe92cbe2dfd30c5d8c140ebf9bb2b7551

SHA512
19c71d0b81b74c31b7de09693aac9250eea0a1bae6b4600ffa870763ec74515725eb34fb411a867a0227ad410d2f3821653c507ebcde3e4efa66ea8e11287113

Download Submit
\??\c:\temp1.reg

Filesize
435B

MD5
492eb2c8ff983e87c95ca5a704c6f5b8

SHA1
8677a4e0d606a526b1c90f180116dea7a6bcb0de

SHA256
9f0388e16d77a4560acfe712ab8a8c6a171c5d369c4134cd3af9bec658bbd431

SHA512
ded2c5fa380fcfaa346dcb33a0775cc476ee7f152b0b54ed34b3e97958e200f1f9f01ed546adc2241d2462cfaf39e9e273eaba04cb2efcfbf7085ba9251acd6e

Download Submit
\??\c:\temp2.reg

Filesize
128B

MD5
6fdc273e79d8888a813c762aa55edc39

SHA1
a3e72c4eaf143697e3c1a29c8b1c223c121e1d58

SHA256
e0eb2406ae229d4df0d3ff5bb8f9bd907aa947b51fdbb6bed1a3238852849f6c

SHA512
370125ded5b43b67cfc8f28363086fc9b2c85c6fe53ab1e5e00281cf87292650b2abe7bf9420631ca405f4c7e213bed00c53432329cc5f7d6d1f615a02a1f253

Download Submit
memory/2552-0-0x0000000000400000-0x0000000000404000-memory.dmp

Filesize
16KB

Download
memory/2552-21-0x0000000000400000-0x0000000000404000-memory.dmp

Filesize
16KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads