8c5c52172fa3fa71809a12be5ecce077b8683741db6e45cfa21274e31a934255

Analysis

max time kernel
140s
max time network
127s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
12/07/2024, 02:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3ba949a0ea07a21574c8c19aa2a98185_JaffaCakes118.exe
Size

2.1MB
MD5

3ba949a0ea07a21574c8c19aa2a98185
SHA1

6858d3b67e2ebb5b0054adc10ec26716a6561eee
SHA256

8c5c52172fa3fa71809a12be5ecce077b8683741db6e45cfa21274e31a934255
SHA512

c53fb962d10e237f6c06399141396b0b136c01a639ef6b39d1569b5eab0207eda1e4be07ea82672bd3bc76a94e402cbe15d096b37e3d9f131703199f7d5e10eb
SSDEEP

49152:C0R7+Ac0qQEtZkCkg303WlcIxnZg01o32:C0C0qxtZkCk00mpxZgUo32

Score

7^/10

persistence

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
3016	isass.exe

Loads dropped DLL 4 IoCs

pid	Process
2928	3ba949a0ea07a21574c8c19aa2a98185_JaffaCakes118.exe
2928	3ba949a0ea07a21574c8c19aa2a98185_JaffaCakes118.exe
3016	isass.exe
2776	IEXPLORE.EXE

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Windows\CurrentVersion\Run\lsass = "\"C:\\Users\\Admin\\AppData\\Roaming\\isass.exe \""	reg.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{2BFFD551-3FF6-11EF-B34E-E29800E22076} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003e1c4d4a7885794291b78de8e6dfadfd000000000200000000001066000000010000200000002aff29e7fcff1698ff12db80cfb06743d43d47bc6cb56b4cc7b53c44b9815365000000000e8000000002000020000000af465a45cec6a14efc394f5afb131e9b8237aec0943d6a849d7ec37cd7b5ca48200000001532bd2b1d6b67ad3be5dcad15b2922bccb919cd755f32129f78a818a5cd05534000000082c198595a6bb48201eab7fb3e4e505d35bd966c1eb8dcf65ac858011a14ef20ae610292a4dcf8d5d09a875817159ec55b87a462dc3d02a221aadb805bcffdac	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "426913067"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 5047960003d4da01	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003e1c4d4a7885794291b78de8e6dfadfd000000000200000000001066000000010000200000008bdf8d4022d713ad9940e298e3be2d2329c3a42bfbf208843f246cce049a21b5000000000e8000000002000020000000d4c39c941de85412759daf6f5c91cca78b91e9285956a1c98906022afd6cf7bb90000000e111f944de126391d8d1ac519d87eb84a6eb5086119f78a28d6961848ac2e8107ee2c0673fd8adb62727a47150b65edf95570e30bb39b2644509f4facc5b2ed4e05b3220755bd4a6ccefebc4a5046c5b5d2bc05dbbaecc8da6536683090d88e57683aec4b50c8f1997c6dc1f7249446e60f461451f37889af77b5c051265fd455177c3eb6704e62b395b092124bfd51240000000b276ef8819fb457439950ec31e03b0ff1b56577ff24fdfcef901c7cc660c705399d3b13654ac04ac0e1435e2ac6f5884f0a99ba7ac65586e718624acf88a7f68	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe

Modifies registry key 1 TTPs 1 IoCs

Modify Registry

T1112

pid	Process
264	reg.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeIncBasePriorityPrivilege	3016	isass.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2732	iexplore.exe

Suspicious use of SetWindowsHookEx 8 IoCs

pid	Process
2732	iexplore.exe
2732	iexplore.exe
3016	isass.exe
2776	IEXPLORE.EXE
2776	IEXPLORE.EXE
2776	IEXPLORE.EXE
2776	IEXPLORE.EXE
2776	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 27 IoCs

description	pid	Process	procid_target
PID 2928 wrote to memory of 2732	2928	3ba949a0ea07a21574c8c19aa2a98185_JaffaCakes118.exe	30
PID 2928 wrote to memory of 2732	2928	3ba949a0ea07a21574c8c19aa2a98185_JaffaCakes118.exe	30
PID 2928 wrote to memory of 2732	2928	3ba949a0ea07a21574c8c19aa2a98185_JaffaCakes118.exe	30
PID 2928 wrote to memory of 2732	2928	3ba949a0ea07a21574c8c19aa2a98185_JaffaCakes118.exe	30
PID 2928 wrote to memory of 3016	2928	3ba949a0ea07a21574c8c19aa2a98185_JaffaCakes118.exe	31
PID 2928 wrote to memory of 3016	2928	3ba949a0ea07a21574c8c19aa2a98185_JaffaCakes118.exe	31
PID 2928 wrote to memory of 3016	2928	3ba949a0ea07a21574c8c19aa2a98185_JaffaCakes118.exe	31
PID 2928 wrote to memory of 3016	2928	3ba949a0ea07a21574c8c19aa2a98185_JaffaCakes118.exe	31
PID 2732 wrote to memory of 2776	2732	iexplore.exe	32
PID 2732 wrote to memory of 2776	2732	iexplore.exe	32
PID 2732 wrote to memory of 2776	2732	iexplore.exe	32
PID 2732 wrote to memory of 2776	2732	iexplore.exe	32
PID 3016 wrote to memory of 2172	3016	isass.exe	33
PID 3016 wrote to memory of 2172	3016	isass.exe	33
PID 3016 wrote to memory of 2172	3016	isass.exe	33
PID 3016 wrote to memory of 2172	3016	isass.exe	33
PID 3016 wrote to memory of 2172	3016	isass.exe	33
PID 3016 wrote to memory of 2172	3016	isass.exe	33
PID 3016 wrote to memory of 2172	3016	isass.exe	33
PID 2172 wrote to memory of 1944	2172	cmd.exe	35
PID 2172 wrote to memory of 1944	2172	cmd.exe	35
PID 2172 wrote to memory of 1944	2172	cmd.exe	35
PID 2172 wrote to memory of 1944	2172	cmd.exe	35
PID 1944 wrote to memory of 264	1944	cmd.exe	36
PID 1944 wrote to memory of 264	1944	cmd.exe	36
PID 1944 wrote to memory of 264	1944	cmd.exe	36
PID 1944 wrote to memory of 264	1944	cmd.exe	36

C:\Users\Admin\AppData\Local\Temp\3ba949a0ea07a21574c8c19aa2a98185_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3ba949a0ea07a21574c8c19aa2a98185_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2928
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Roaming\34pgr6a.gif
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2732
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2732 CREDAT:275457 /prefetch:2
    3⤵
    - Loads dropped DLL
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:2776
- C:\Users\Admin\AppData\Roaming\isass.exe
  "C:\Users\Admin\AppData\Roaming\isass.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3016
- - C:\Windows\SysWOW64\cmd.exe
    cmd /c setup.bat
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:2172
  - - C:\Windows\SysWOW64\cmd.exe
      cmd /c REG ADD HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /V lsass /D "\"C:\Users\Admin\AppData\Roaming\isass.exe \"" /f
      4⤵
      Suspicious use of WriteProcessMemory
      PID:1944
    - - C:\Windows\SysWOW64\reg.exe
        
        REG ADD HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /V lsass /D "\"C:\Users\Admin\AppData\Roaming\isass.exe \"" /f
        5⤵
        Adds Run key to start application
        Modifies registry key
        
        PID:264

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
95a00e02ca9e5f323c27696941702652

SHA1
c496b04b474b22987b8e84f157ce5c5b9dca6933

SHA256
13a41da3a4e7bda774e87816b2d3684e0311c2ff3f6cacdcbaa60e41d88312be

SHA512
f1a417b8ced37bed029da77a85a05a167d8ee98e91a30d40b49be702af354e1f5a20b01185b2b5ecfc905646b1c1461b7981d9f83fff29b111bdb6a659cd68a5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
35da8a17098be22ee8c7bec578d6fe7c

SHA1
89a86e54ec36aad51bc1f42119c13ea777384a3f

SHA256
20d35d6c028d67199d9225ab5606806c1b5630582f23629074011a425146b3a5

SHA512
ef4e3fadb33b945467ea352f1da6866e6682914ba4a424525c56b5b2c4e1540c3571d3ec69dbf2cae145f548be499cb55b99f50ad4ea17cd36df135af2ad0817

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2d82afb5504d569d293cbfaa95b589e5

SHA1
e8972fd1bdb326b197d8f812c9932f186cba348b

SHA256
646b984ff160d0db1f94f71212c9ca4941f7c13330e56555c2fe86db2b3eca7d

SHA512
a185258399ed1338709538f306c78aa891f60b469abb93f5946ddd5de90d3e43712d98e0628b7add03e1afd0ac234c95b101f36b41a9b00ba57098c4a8b84c45

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f4d9ea41d5b37205b4c55c51925094d1

SHA1
8402b3ad414ac97d5269fa121bf2bb09bdc61a04

SHA256
2aa75dc9491c281cc19bd04234d0a2ba40416b69d1a90979ffbfff55e7ef07d3

SHA512
432f9ec72dc4148bb17e2e5e7fed8d7e860c49c419e2b3b3e539d05c1bfe73e025df3e6b5b197b47de3fa5611e715cacad278cf9900a7c929cf4f654ab115667

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e7f1374a790c8a91f1531add5e8ca76c

SHA1
5f139b2f30b7f0c2722440869fc812b33170118a

SHA256
2d825ae2cf38d20614658e75274440cf5c83e5c930de702a96f47c7ae06d7b86

SHA512
079406b286362189db0ae4f8703b0fd97ac16e8a48bdafc73154f2f7f62c2798309a24517d274bee04a8abf2cb2bc8fe7c1eb1606e82405de586af0d7780eeff

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f3f6c77a2bd7dc6f81158b9ab8ba8055

SHA1
fa95d3f22ecaf55dec88cc833dc3d06bca6014fa

SHA256
6f969ab196b5054b1e06daa0994f1d0945215e715402f39a6dba9bfaaf278139

SHA512
aa010d12fcf139550057269398bfe415437997c22092c30d93c490c260d0425fbd0fb23c22578b3ed80dcae2b5b9e64b92a455f236acf3dec7d2f7473fe86ec0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f043753bb2c5008ccb6a0737d99a4f5f

SHA1
d2ed8191933a92c60314f9faf36e664d1ec690ec

SHA256
b3dcb55f6882280b517aeeb695c504e2742444fbefa1b16153e0593ef5db0162

SHA512
7ef6638772e168740620e27e831080af376191bf1fa99613b8ca3653bb63c3a851f6dd47a758edbb6b6d3b7a8fb05172e5c0208e5969e262b15f0225bc275203

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e58f67a8b7755a5199f9da2d75b01871

SHA1
5a7a739d9d90ff65c15c476d25440b7bba796a50

SHA256
b0805dba66277037d40557aaa9bd7b1bba39abb8b12db16ef96c422463b64b57

SHA512
8a904174f6808e03edaa400ad4f14d7fb93e5f2d567cbeb4a6404585d9b2bae606a89c6b32f5b2f65853aa5977dd5dcbc27757909e68b46cefa8ff7220a3980b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
850f9f624918db2fa3c878d4d5a72660

SHA1
dc0ababd3e3ac68cdfc7baf7c98fc39a2393eaa2

SHA256
7eaf5dfbe91ce896343bd083b6507099bf2a3380d180c8052eef74e332b0db7f

SHA512
c0cdc6853c38598748686129108b00b6a89590498e3ceb1011629330374566afb8e13fdf5c34d5655bdb132dc0c535c64e69931acab86893cc21f0f3dc45927a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9ec81029ad0f44fb7358cf7c9424b9dd

SHA1
d3812ca2ee7b06a8844109df16509a2378a517c7

SHA256
4704db3192acfea8e89380d4bc0408754c967a1e028582dd168970a3af3b1bf5

SHA512
29ddc9c006762dfd4e11216c488061a852f67101b50bca1a65b20d56e6b6e5b53015c18830ea8ba6c7836e1262c8641403ee21c5b0afec59d9c2b2801039ec23

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2837cae193e66cb4bc1711dcc5a9d6e1

SHA1
cafab3367cc8653341302e05d005c80c94774ee1

SHA256
85bf771c5aef60f251707bf14aba60af2ad780a984a866956d2410e4b615b8c6

SHA512
cf8ae2f64e386336d4d22b69d60d5efd2aa00ffd2bf298f5487e927ce5e159119f51a6c1d95c95a974f5152049732e011db4f744bf89a9f2fa31d971101d2b30

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e19667559147b6b488a37e359bd53bea

SHA1
dc87b3d890c2f7a136b64ed39d1390a5d0d15702

SHA256
7916639869090d137850d41c08a7c84ed5c31ca649ae7f63f671557cf6fe72ad

SHA512
2e2847b84059a4ce052b1237e1324eb39db02d2caadd579ae49e69ddfc86b915280cc967daf8b81113cebeb31c423edaa09dff0f183404d1eabd9c1032744e91

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cb3dbf505fb86c9357b6194be59fccf4

SHA1
680d17797ce6528c93b2ac9e76de08753a0e7024

SHA256
f288569b4245fa72fbc077fb1a05f567092d8e0c8fc993b8e33ebfb87877e960

SHA512
90432a25e05b2009415082fc8c442d0ee5c04820ba81cd167b508a2765e3198acd19a2bd7455dbf5a68910398bd53482db5120847576f91c9c078b87f66d9736

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3e701664f11eed84a56da1eff4649230

SHA1
bc30c9ba05e4900883f795e4c4202b312b4f545c

SHA256
8612888e9f496837976f4466243a5e96f9e7dfde583f4f85b556bdb701cc25ef

SHA512
f01a2ae8cdc9421a45e7a3147f7a5a446e5f6e9aa008da86a048cf7dbf9d2a6d586d50dbcb716ad89b490e52bea7de4fc868cf9cc6acfe74e46b5050a928f188

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3d03d6a69ead1061e7983474b0b7917d

SHA1
b692339a596b5770a5a0bd1877f2a65e0a816495

SHA256
1a19cd56f7e688146a17d79194dac5d2d4738d4abe4bb8bca416dc1c42285944

SHA512
306f93891810dc8cd2595146892b1f85c41297ffd0c6af2d6af3411fa6bab0db7d05a24510820c6d3f47adb50af71d4dd3820552c052cb9c0b09d95e67fbffd6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0bcdef959529ec14c3048bdf95a52c2b

SHA1
9ee154d321f39824dab22b6828782feb50a44284

SHA256
94af47626d7a265ddc4d2653d8966e254f1c37dc4b302665b4bb1425e8b6adc5

SHA512
9f2ad8ef8b0179fac3a2a8bf70345602e9c40788b343b33624446b948b16e76ce0fd5a0805f33411e272a8eb5b113313302fa27218728c86142e9880b1176bc1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d4d41c6ac1eecb4343e810d31ee2f271

SHA1
0321e944743ecfd3f0117248089dbac10e8bd7ee

SHA256
e3f313b030f34edce46f9c9d6bf77268abae06a931d7cff7a287c4b124642ff9

SHA512
e1091b2562ac0ce0fa4d49281da699b63dc92da00a3028788b1e279078c3819f29dfb2c68e73891b91af4779f557e0c1afbe3e546762008c328b516a38b3e1e1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ec90562f0aed5a484db35059f9638305

SHA1
b45aefc453b88ee4cc38564787b907791dee6fd4

SHA256
2c0f698a43f1b442aa49a4e39566ef2e8bf86b8a03fe3bc4a18b2347467784c2

SHA512
71c3e60780f1a98d43c93c66a7690eed42ef1f2be975f9ca31258cda7d184718c2c8c5a994a852e7afbe1c2c316a951c58cdd876ecfaf0c993553cae6c855e42

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab84AD.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar851D.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Users\Admin\AppData\Local\Temp\setup.bat

Filesize
145B

MD5
09b39ac5213820d74ff5b2e309021086

SHA1
cbc786e7c806db7f6e9bd02fdf18cb7c98ca512e

SHA256
4ebe83a1fe4896fd9481fe8d003e3436fb58410b3016c9dd715c57348c981b2d

SHA512
c30d5165f3c21a31a37b128e499f788265d64227b94107d95ae1f0fdc737db143e5094cf75dda13cbedbab8e06a88e5d9ecae04fc134f39350a4e0efe860a44f

Download Submit
C:\Users\Admin\AppData\Roaming\34pgr6a.gif

Filesize
1.3MB

MD5
435f0281ff745d3409a946fc47b9f325

SHA1
3ad3b02450602dedf47601cc05de0c0c4c9751d8

SHA256
d809497e22e5efd7367be8dd07305e32abb35493aa172905da8f0b301fe5ab16

SHA512
5ffc648ca71c1617ba19942897ed01e2992c0c59634ce781c1d435745be66c62561bafaaaabdbe28c4e184cfdf23a6ed6d071bed27cf07d92160dae1a41d9dc3

Download Submit
C:\Users\Admin\AppData\Roaming\ntldr.dll

Filesize
386KB

MD5
f9df718f7508506e9ebdda7a2ea5dd5c

SHA1
6a17c548ba8487e340d67dccb95b4b185cd470bd

SHA256
8ad40127b256406070ebc5effac5186590b890d8cc79d1a923f0dd3c701b0490

SHA512
1c2f1ba6973c2cf589e27ed0b1de18f3cfe1dedea681ea667ac71b351a4ee29c78395f3826341b67ce983f8c16838c7bc8f02fa402fa0cc0077aa7bf1e947421

Download Submit
\Users\Admin\AppData\Roaming\isass.exe

Filesize
245KB

MD5
28f532278f2f5e3fe97f66b4a8cc14a6

SHA1
c221f34a188778bc45a4b2dd6f10ca7bdea20169

SHA256
f7cbbd078ec53067bdb818a40fa62c26e5b8ba343be5168222638b67fd05c553

SHA512
faaa60b839cc5c80f651ba085b1dfb773ea4088a8b51321e75a1e1850c4e79224af842c9128f2f785c1dabaa279089c282fde545c3b441937209899db2ef684f

Download Submit
memory/2928-12-0x0000000000400000-0x000000000061E000-memory.dmp

Filesize
2.1MB

Download
memory/3016-15-0x00000000002C0000-0x0000000000325000-memory.dmp

Filesize
404KB

Download
memory/3016-455-0x00000000002C0000-0x0000000000325000-memory.dmp

Filesize
404KB

Download
memory/3016-454-0x0000000000400000-0x0000000000448000-memory.dmp

Filesize
288KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads