9a49c02ff9257c1b58b2c388e03b6ed0c545726c108fcd8eac3a080b96ce4f34

Analysis

max time kernel
120s
max time network
155s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
12/07/2024, 23:34 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3f50e640e44b44ce2e0044230131f5ed_JaffaCakes118.exe
Size

1.1MB
MD5

3f50e640e44b44ce2e0044230131f5ed
SHA1

ffe3c32ed385410e1898175d531f4ed43bc87cce
SHA256

9a49c02ff9257c1b58b2c388e03b6ed0c545726c108fcd8eac3a080b96ce4f34
SHA512

9e98f514a29eba6323af1b3925f268c785552849ed9f97f6ad5594977fdc0bb46dcf451875b61dbd0a022071ab48ccfb3a4d9fd836b98f4762f6d257027754a4
SSDEEP

24576:sQ+k0qiQ30FV4I4OIVWKoLUe8MEzyW7ThAP+idhkMiKm8iOnz1R27:BFDiVFVeOMWKmKhyWP+P+mhk3Mvn5g7

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 3 IoCs

pid	Process
2256	3f50e640e44b44ce2e0044230131f5ed_JaffaCakes118.exe
2256	3f50e640e44b44ce2e0044230131f5ed_JaffaCakes118.exe
2256	3f50e640e44b44ce2e0044230131f5ed_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{5CD97531-40A7-11EF-9629-7667FF076EE4} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d07a5432b4d4da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bb7c5835718279428690b074aa627b7000000000020000000000106600000001000020000000c6fb892facd482417045293e803da852b420ba98179243839156ddd89bb93217000000000e8000000002000020000000ebf1056552b2ba4447c5e6ab97e6bf4674df8749925061a5c5e02c1e0ad28ded20000000e0ead62fb3005fc1198a3c485a272417a8c765532f562505eece0aeb024e3568400000000af2a68d64e78e2eed68f6848a93499563aa1202a01ef10f37475d612f743d004be50376cfbb18edeedb59dc746171a8093c3b7eb50b5fff7dd98246b0218128	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "426989173"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bb7c5835718279428690b074aa627b70000000000200000000001066000000010000200000003a11f424e501f465fc2f282d9d761e1be57a06bacbb9224b91703e4018875048000000000e8000000002000020000000e785b1e2262e8874871b7aea11c0a53a8a03930e0fb09065da6d917fd3490e2390000000ff79a4f3ebc11e2ca77b1d39de921cdaed701086fd4eebc367022327f1c0e6987a1d94223528f493ab05f88cca7358590be5c9746211ace54f43aac752a09e380e0edbbbc42b944db6da6fc43134005b9c3298e947ce1827f7643ecdf8fbbf34409903d3771f6661871fe7a952eaabace12ef855778e163371a0aa8f583e45e927211c8bedd97881a936923a3c4ae3a54000000029a3a0fff11fe8f715aaecfdd91c710b74e0726d6b598e1d9c5d64d579e45f6343374664d66c048eed8ae90cc4569e4fae9db0699608f1e6e280f80f3f7bffa1	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2152	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2152	iexplore.exe
2152	iexplore.exe
2596	IEXPLORE.EXE
2596	IEXPLORE.EXE
2596	IEXPLORE.EXE
2596	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2256 wrote to memory of 2152	2256	3f50e640e44b44ce2e0044230131f5ed_JaffaCakes118.exe	30
PID 2256 wrote to memory of 2152	2256	3f50e640e44b44ce2e0044230131f5ed_JaffaCakes118.exe	30
PID 2256 wrote to memory of 2152	2256	3f50e640e44b44ce2e0044230131f5ed_JaffaCakes118.exe	30
PID 2256 wrote to memory of 2152	2256	3f50e640e44b44ce2e0044230131f5ed_JaffaCakes118.exe	30
PID 2152 wrote to memory of 2596	2152	iexplore.exe	31
PID 2152 wrote to memory of 2596	2152	iexplore.exe	31
PID 2152 wrote to memory of 2596	2152	iexplore.exe	31
PID 2152 wrote to memory of 2596	2152	iexplore.exe	31

C:\Users\Admin\AppData\Local\Temp\3f50e640e44b44ce2e0044230131f5ed_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3f50e640e44b44ce2e0044230131f5ed_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2256
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe" http://www.ardamax.com/keylogger/
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2152
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2152 CREDAT:275457 /prefetch:2
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:2596

Network

DNS

www.ardamax.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

www.ardamax.com

IN A

Response

www.ardamax.com

IN A

172.234.222.138

www.ardamax.com

IN A

172.234.222.143
GET

http://www.ardamax.com/keylogger/

IEXPLORE.EXE

Remote address:

172.234.222.138:80

Request

GET /keylogger/ HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.ardamax.com
Connection: Keep-Alive

172.234.222.138:80

http://www.ardamax.com/keylogger/

http

IEXPLORE.EXE

490 B
172 B
5
4

HTTP Request

GET http://www.ardamax.com/keylogger/
172.234.222.138:80

www.ardamax.com

IEXPLORE.EXE

334 B
44 B
7
1
204.79.197.200:443

ieonline.microsoft.com

tls

iexplore.exe

747 B
7.7kB
9
12
204.79.197.200:443

ieonline.microsoft.com

tls

iexplore.exe

799 B
7.8kB
10
13
204.79.197.200:443

ieonline.microsoft.com

tls

iexplore.exe

831 B
7.8kB
10
13

8.8.8.8:53

www.ardamax.com

dns

IEXPLORE.EXE

61 B
93 B
1
1

DNS Request

www.ardamax.com

DNS Response

172.234.222.138

172.234.222.143

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c8b6116a7734d237797b339fcb4772f2

SHA1
e5516343e97a941d872f405c5fcc6a66ec2f11c2

SHA256
7531cb6ceaabe95438842dad2aaaf074292277c2e849ece71601181d003bb14a

SHA512
888a0ac18ca5ab5758de5fe809f577568d3a9916c17f4df60d51ecc25a9c59b46d42899af19451a85a398233f80d8d632e8b9581c38eb764b44c78ecab072fb8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d98fc833ce078285f4204aed790d59e8

SHA1
4b2ca4b4dcc2c8046f6c7b52bde478136f59723f

SHA256
1a61750584f146e9ce36307414f976c223c5f4cbb8d4eb0a3884526d1ef45dd9

SHA512
335ef137b1acd7b93b435e37faa0932f42e11531ab1acec88a5a0e3d1c58415b8e01f90208ef1ef52b084007795cfc1079ed6caf12bdc4d9abd92955da97c4e5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bb50589bee4f305714f2b0836109a1e6

SHA1
88d4b06b002cdea7b8b675e1b3a1711060570eb0

SHA256
cec45402b64baa1fb6f2af6f8848e5374f4b4ba10efcc5dfcf98e7bc22158f83

SHA512
1b376185bbf9dd0085bd6d2c4c045a23bcabea91f6c83e67f66394940549e06db8f496cbf4db0641f42d62a92d742453b8d625c981a2052f50afffb30d823444

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1c564024c12ab0be8ca551c38ec5386b

SHA1
20e4bd99529bb86d8887714432eb96d1889f880e

SHA256
aa29aff7c5e8b754f13f8eefcd50ddd88034085cfe89486707b2a5800039e53b

SHA512
fd828a334f4ccf73dcb6738828a3dfe498020fcf4b784394db5c5012f5cdb797a3e3618ba7d31433ab881d6256b65f54d68e2c4874f9ffae92549a4e302a41a7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f5df1896519e6bba1417814b3301fbca

SHA1
edb44dd6e0daf17b707fba05e7896e65bff6d697

SHA256
cda589221fa7f578bbda91057dc98a29dbef77f44cdf99036fa09c5568e3bc44

SHA512
e9332e865230c7a65b354867e526ded5a5c0839751f7648a591710e1f3d28f3bf54f2e066c0e73a5c8f0580125990d99a84b46372f43e44478dedb2a8fb3b85f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ee10bb06697c21d308e45b0c4003e0e7

SHA1
238c1b6d3102b9bc976ab3e935f88d84e068f83e

SHA256
cef3c01250790d2b47a69d529a82d609c8e8802e16c8b5a2817f057c099820de

SHA512
1381feebbc2df786be15d349bbe26a4d5a034ebd99e664caabcda046847aca3bd0088ec044f9515c4ff89aeb04b190a87d9ade7d9a87ee2c5ad068700633574e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b085d70c2bb9be1a5cad3e2d40974b72

SHA1
f0a35101722d70ef9a754fefff98689b7774dddd

SHA256
9a48d6cd195a2f9f364f2926c836af70ea9dd9769003525dc814bc0ea1461122

SHA512
e5fc19a6441fe063a7caf3006a855db59242afcf950b2a4e350e761afef86ac85d76010e2d92ca795eedd5a1d5eec86c4e5d4c5c78f46123682f806835e87c2c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9b962ebe425a9ac60e9b4525e876ee24

SHA1
ae8b2b39624d730d7c967893c937a52daf7018ca

SHA256
daad9e35bae8c23a6c61f1e4acdab94a38698db22e7e3817d1c066a2c8d4d0bd

SHA512
ef5a00707fa37e01ee71f146244109d79c7219205ec6d6283586e5df8c0e420f30cbda8a4374d0785bc8f952da977d952ded442510cdc7bbe5253779592a5e78

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a7af3c3894d25cc2ba4eb87dbb7573ef

SHA1
e4e545fdf58f378c3b8d18119f4d52794de28218

SHA256
81893aaa44ab8903dcf762e0c7225bc7f2238c0a273a26bee9a8d454d4d822a3

SHA512
1fde3917a30dc7c2fc898839164b8ab409bb3e2874c61dca9a4cb723f9c46bd9e04b1251d388a7b45b214a5a5be7f2be541502a2b83efa66426c5630b97e71b5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8808f328cc35a886b7772cf02e40dec1

SHA1
07014a41f2bcae29c316f0d2bb10886ff563675d

SHA256
8596663e2ce8e002793954cbfb5920c342ec926a589c2da529f610c7421f676a

SHA512
936ffbf66759bf3af21a8bfbb2763997c4c46e2c7b32dc0578d1d04d3a99611fec8b9c8f5b171b942558001f3247493a7301377877414be8aea3e0a3c066eec3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c24a74699bd36590806874b91258d171

SHA1
e4b294bd26cbcc77753e84fa63b0a956c88e1ca0

SHA256
686795e35b4a2258f2a81d2479d04ad261ad038ef6ef128c4b0379656d0e44e3

SHA512
ed8eeab91037389c51960b32c1516b30896d50505ffcf2b8052e91d80e002784cf717ee4df2f549dbbaa7f551ea53019d7a2d0fec529300a301f5e8f2788a848

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c6e36daaa27266a90fe8c7cf1609c0d9

SHA1
0a7c23f47377457024c3cc6e3c8f575274577ad1

SHA256
14e9b40f3ce2ef48bd1974f01ef40371d3f92587227022990c516b17f4594606

SHA512
b60764bf3776a862c96c123064e67f8fa65b3d22c527ec80792968dc2b0e5d01070c15c964e506dd21963c4aad678813276c5ab70197d44582890332b52120d3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4a8624b3bb6686d37c1b588745078701

SHA1
9148a19111f88f21b4b53b1dce29ee1fc0bc8e6a

SHA256
7de9c1b26484f9869da6a5da953d4ba5e8124fd91b28cefe06d20b6b2b12f95c

SHA512
0e49f4ea55c8be1363f0cb9adb4e82a0ec6f1cb8f9a9b8203f303aa4ecf9f2c2ad9827516793131080c1bf25c09465b0d95246347daafbd24327cebabb558869

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
aaaff7b131a0462d95e6360fe9e7cbff

SHA1
704d07beb72a656d9e6c3d2676d5d0f1728dfc57

SHA256
d6968c22b3eef24d5bac6d778b84b0dc3c8cbbf25acbeb825a39f6a8aae5873b

SHA512
fa6337a434d90cfd90057b2258a2de00c1b309f229977701ad1feb4dcfd562c25e45620399aea48cfaa8a136c0b65da076ffdb2b27086c1f2cb4e903a5e278a4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fb662d6906d5bdd1e6960393571dcbdb

SHA1
8fb24da34320e0cf4925af48aafb690853c2d5a9

SHA256
477dd125f9167025312a3c020b3a51e2b17cbd7215164f21c6725e58fe8745db

SHA512
363d3bdf28bb70c9c1ca16e35e5c0c2ef4861736ccbb3149914e2259611d6a6b0fe22bc2a0f1b2f4a2dd4f5b4c139b97c762fb664e3b5e1bd823963c78afd7f0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0f721a4f5d4dfdfb44eaa678d376d457

SHA1
0234c5338648a4ebc4b783d51b27ec698d55dd7b

SHA256
109d4105b56a3df0cc41aafd3fba92dc821730d8bf1607328fda761ec7bfa293

SHA512
bc352087e498fe3f27e31c431bac81996dfe3ed1de45f7ab3df1887ed043dcb3f3a4c905454abc054f9c3d2c00ff10787ba9510ea73f2c5a7f5f041e6862d7d5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d75fd6b2f55f664034eafd77ad956b76

SHA1
3800914d99fa0e5a534009234250ee13a032b015

SHA256
8ee9e00ee9461434c97700181a90e41d01bec9aef8118442c1c9b402edc84f8d

SHA512
2e6ad7dc57d900c0ef2289a5748c6414e126f31a9f9a037b794312e6c9934b7d7aabe46bb4e3b4b45b1b42efa5bbd15edd4f898f36a2918022b6c25e35e69702

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1c0820a7d22f04676508e13baef7053b

SHA1
55ae9352799fa6780e0d6003a0d088634154e0b5

SHA256
edcb59475a23b30bf5141d0e7b960d9983fe43745ada279539193d1800568be0

SHA512
53725a92fb2e2dafb39d50b9d88ca9792c55fa3de4cd4dc6761c46fc8f68e8351decc7b6e20d8bbe6d280e0bd17edc5dfb7685893c24f725504491be660653b1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d67b3e5c70222b504584a704a5d9f33c

SHA1
926514fa0ce172fbb9e481c98f898f313def6650

SHA256
5edc48bf7d73aecf05d4be58545b7f086f357685e283cb36d74f08eeefc12f1e

SHA512
b58cf15c363c3d8cd7d12000bf585717f69e1852fb364b57e72947f01a43c7c5b7250ebdd9ef972b06090490c8d99cfde1203a07f0a17ed36387dc1abd60700c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab5831.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar58EF.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
\Users\Admin\AppData\Local\Temp\nsj2138.tmp\System.dll

Filesize
11KB

MD5
c17103ae9072a06da581dec998343fc1

SHA1
b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

SHA256
dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

SHA512
d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

Download Submit
\Users\Admin\AppData\Local\Temp\nsj2138.tmp\UAC.dll

Filesize
13KB

MD5
7f56c0d6a8733dec142814ed5a58b0ee

SHA1
c119e66f179cfb758966f3cf878466057bea1840

SHA256
86445396775370aff5834f10bda25e505b6f89efc69a04fe1ce46f5d128be73f

SHA512
8b3b9bed985b3583b7be8b2197bb068e5d5508f8b5c4a7fc1278b2662dc8d9a53fd6df63f636e44bfc5aa37f030ac76b8d259d6b446bf87d5c72b74ff5b158f3

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

DNS Request

DNS Response

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.