59f898cc427ef4f3d95272ecdca6e98da3f03594204f27fd7b27c9af66aa26bf

Analysis

max time kernel
148s
max time network
148s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
12/07/2024, 06:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3c3b15d0338f1a3b27d7695f78544f4b_JaffaCakes118.exe
Size

45KB
MD5

3c3b15d0338f1a3b27d7695f78544f4b
SHA1

13f6060a369c1b04c55d2a9ae20bfa80f0a84127
SHA256

59f898cc427ef4f3d95272ecdca6e98da3f03594204f27fd7b27c9af66aa26bf
SHA512

39b627b40add3930956a1e65ecd8d4700e5d8ef1248be44df49f309bcd3782f037894bc555f40b7ce14f1fffc9317e54416ddb0ff5be431803dcc058d504b9d0
SSDEEP

768:ahC9qiQF2o8wXGzz1Q1pcM76NUx9B8jUoRCJRWx/3FLAXrar7t5Ahz98x0:n9qiQF2owCGM7J8jXjRAWr8zKx0

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "426925937"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{227C0F31-4014-11EF-AD79-76B5B9884319} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002aec918cb9fa9248b7812ac80df2e74c000000000200000000001066000000010000200000002e43af430a84b1aee8b0a140492e93708aa77802a290411dbda118239c27fb49000000000e80000000020000200000002fba4fc5520203959648425b8c1569ac2dc45c6acfd98cedf153e7337e7af508900000006ebef5b6716e8e56d3c447e48e5a13f7a390b41b3ddc26969aafb06365ba74d629eef7518b8cd4795c0c08a64a69ec8d99ed92ec3c54fe39110bc30028506ce5094846e5004774c4094db72a08203f63d76b14019fd99b51a32a4ba64c10abcd680ff1c3766af0b457a79ec9d7d6f6d2392147997002ce17ef3f4aae28969f508ab08d41b23c38de67ca448760f2f87d40000000f447da434924ec7f86e9abd22a3777321d96478a0b2e226cef126e80ceb46c86359c3b91c3dd26f23e4f08393fbc29ad655d27d24c853e1387bb70c2ef2acb54	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d0711afa20d4da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002aec918cb9fa9248b7812ac80df2e74c000000000200000000001066000000010000200000004bc9ee30841bdd57132c03e9baa06645528a436975ca306d1b27637c8d887d44000000000e80000000020000200000009624dafc223f3221761f9d92f775f4c769c23cd131ab12b0b7c61a71a193281120000000c57993f2a896f6c5e9f7013ac1b478a7fdd3630fad9fe76ebf131349e6c83db74000000022a7468a14ecc93a48b8ac03d91bd09d46e081a2c90808c3bc707d0035acedd96374fff03adb308e3fbccd3871fff8bf8112864979dd8407c192bee9e43e74d5	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe

Modifies system certificate store 2 TTPs 6 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 040000000100000010000000410352dc0ff7501b16f0028eba6f45c50f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d0b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b66053030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c131900000001000000100000006cf252fec3e8f20996de5d4dd9aef42420000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510	3c3b15d0338f1a3b27d7695f78544f4b_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8	3c3b15d0338f1a3b27d7695f78544f4b_JaffaCakes118.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	3c3b15d0338f1a3b27d7695f78544f4b_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13	3c3b15d0338f1a3b27d7695f78544f4b_JaffaCakes118.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 0f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d0b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b66053030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c1320000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510	3c3b15d0338f1a3b27d7695f78544f4b_JaffaCakes118.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 1900000001000000100000006cf252fec3e8f20996de5d4dd9aef424030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c131d00000001000000100000004558d512eecb27464920897de7b66053140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc41560858910090000000100000016000000301406082b0601050507030406082b060105050703010b000000010000001e000000440053005400200052006f006f00740020004300410020005800330000000f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d20000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510	3c3b15d0338f1a3b27d7695f78544f4b_JaffaCakes118.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1124	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1124	iexplore.exe
1124	iexplore.exe
3024	IEXPLORE.EXE
3024	IEXPLORE.EXE
3024	IEXPLORE.EXE
3024	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2812 wrote to memory of 1124	2812	3c3b15d0338f1a3b27d7695f78544f4b_JaffaCakes118.exe	31
PID 2812 wrote to memory of 1124	2812	3c3b15d0338f1a3b27d7695f78544f4b_JaffaCakes118.exe	31
PID 2812 wrote to memory of 1124	2812	3c3b15d0338f1a3b27d7695f78544f4b_JaffaCakes118.exe	31
PID 2812 wrote to memory of 1124	2812	3c3b15d0338f1a3b27d7695f78544f4b_JaffaCakes118.exe	31
PID 1124 wrote to memory of 3024	1124	iexplore.exe	32
PID 1124 wrote to memory of 3024	1124	iexplore.exe	32
PID 1124 wrote to memory of 3024	1124	iexplore.exe	32
PID 1124 wrote to memory of 3024	1124	iexplore.exe	32

C:\Users\Admin\AppData\Local\Temp\3c3b15d0338f1a3b27d7695f78544f4b_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c3b15d0338f1a3b27d7695f78544f4b_JaffaCakes118.exe"
1⤵
- Modifies system certificate store
- Suspicious use of WriteProcessMemory
PID:2812
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe" http://www.hotmail.com/
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1124
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1124 CREDAT:275457 /prefetch:2
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:3024

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
a40aec419a6b446426dee9e0cd978f66

SHA1
0b2895729e271f91f1cfe48dd852337b9690f9ac

SHA256
cf867e2e5b81348d53f7f2aee93994a9b568d0b51a210c3af863515694154279

SHA512
4ecfac451020414e173a8ccd8b38c9cf0960e0fa15757f58b10a92b94c1db422092e440ec6bc5fa2c5ba811b1df0724da02ffdfe5840f166498f0c3f5e166cf8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
ae0270c7bc6426ab9f50ec825ac7e370

SHA1
b506f5ffcd2110fa6478876299a6ae09bc77c0c7

SHA256
a1456a797a401b1fc70bbf9244c56e8ed2fb808d5b92e356f57ec0a9e20e6c69

SHA512
da55caadd1c58a30bd2fdf23cbc3e160c5bc0c7f7d0160246d0fa6a53964932d446a70d61df4ea65eb3400029c33541f451285f0a9fe12e3d1195d59d0c61b41

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
07dd3e5b527af22da3af250149010825

SHA1
2bdacbd04ca2cfe71beff5393b4c34bf99d89b29

SHA256
0536d0716a1126504b67b4c5ba5fa535c06eac354200b4e9b94b82895bf203cc

SHA512
bebe2ac4ec0563d485d71be019acb8f33a55a5970bea9f77f76c3d6375ad7a046a6baa6b66ebd984f0bdecfb6bf0459f58dcf7f07602d7dfba1bb52d553a1ae2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
39206651d43a9f8a3f94b7aa2cc06f32

SHA1
80eb3cd39a2ce02a76d647ad806627bf73f72a10

SHA256
ce69541877cbed7c362de0160e2cf8160ec49d0bee53f862566df006a1c444e5

SHA512
aa1724a2bd9eb4be29bf4c6d072f437ff6a789bf04252cd007c2adc0390c053e3b33a795ad3d5d0b1a0a183e33d54502ae6ed0221888af6da585d4470c08af3d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
681c2c7aee394855d7c879b551f52f5c

SHA1
837a422cbd4cffcd2b433e3f82ab3019322c3093

SHA256
bc6529eb66e7b7f026d571c15f9b9b8507db7afd3e64f5ddcd279655aae7a874

SHA512
9eeba20a6c17f9e9e23df667f09bb937fd5cfc90cbcca4c0c04e0ea32c11646140b1be36278756ae70d66a01c92fdb0878327f9b16cc53aa0068fcc4a2bc5ac5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
84afb223f15ae4cc9a5ea00bd11ac411

SHA1
f7f5c5b605b0e509348af9ac7efd132e348397bb

SHA256
dcc7f670da7433596063b754c2d57536737fc68aa7cd7d98ff7a009a9946005a

SHA512
1d05f4f8461bbb52d60f0f9a0138c2fd0dab1677eae4f18d868fceb5804d7022d58f3860913bdb9f6332c5dab7bd0186d9b26638f38db56cf491ce3b00d2750e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
320360ef398723479f2999d8988c5feb

SHA1
eafac8373ade275746d726a52847029f55ce9066

SHA256
e852e6d9bab2ae5f59440fe20f816302a3620c57432716a4798d6ba1644834fd

SHA512
dfde8b4afe4882c7e055b5c577fc0080908d247984a3992d6cb5b34e61ac752b4951fbe7e6cdd7a066cf06575967f84fa177355be1105293e655406f73f4b84c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
d80d3fc86785176c862a366ff8d20fd1

SHA1
0ec704b39d9bd3e85cb5bf31c4ae3a0a64ff3947

SHA256
47eb5e1dd8903638f9dc87fb9fe1dfcf5a06d19ae0f4ed8a46448ea8588e04c7

SHA512
e17e43b50ae9cc234ba353adbf3c293e18725eb65c578a06777044214b75852f78d35f59d3b7528f4ed5dfb677a64424d2c35e169b7a5a3df803a6adb15b0899

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
5f35d5c15a9231677ff37816831ea468

SHA1
20c05a88b41d06bb6abe36ba6cbbf3e20e4536fa

SHA256
eb1429e48c8bc3879a244cd169a5e3183575c8db1e96150ba4d593ffa26c6a51

SHA512
a2695190e9ff5afc351c6a5dd43e09389ad52abf00946d6c7beb4523e9a738d5047d3b6d3bb02819373f28b3afd560b9eac20dc81cb7f70aa7a547fcdaead194

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
a701aeaabbb15459edd7ec154aaa294f

SHA1
67fc73d24b59ed217fa1a4e270e9a9305405ff96

SHA256
37bb57e5d19e84a546c7ebdbb162e01047acb9b15692236c95d8437ab047b7db

SHA512
b7435f54d7461865ba1de692dd039ce3ddebc2c2c32e4d8c7527cf40cf7d2565efa043c54f16ad9dcd8923a006b3470f697e0f3ad0d93688f3a1dbd6b2f0b068

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
5dc8b5c886d9854f8d61498a9dcbf312

SHA1
6df62f7fc0ade80f07ceb4289e666dd52238d8bb

SHA256
9c47a192e5a4aef3ea47a2b671868f682073d24677ff5081adaaf1cd3ce091af

SHA512
86d868d3125b7e95a63b2768edddf880e8e2ff9f4db042ede5a2f70b3e5668fdc96a223510dd63f40f2327eb9a3a647b9f2b7b885140e7d9b166e60c00fccb31

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
8e7ffa2754f7588b2fefe8b4c9854fed

SHA1
1af2ed2c897f3d64321ab1b23204bb9e46582f6f

SHA256
c5a74ca4c125c23dc94d4d9c1288e2ae48b58d9006e03480ba5714ba44a3026a

SHA512
e7a41541055f1140eca0411b2ea9f7ed0257d8ff4443088132fccc363c841e1189838f60f89d84263f6473d2e28dc042c8db15b4506f8b41882e938a79950006

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
e5a634ad568cccb575cde69b3262b717

SHA1
3d6e61f5b28b8420c53bb2f15eaa4d93d7404a7e

SHA256
567413d2daaa3dd7de2dc9e23000d98f79dc5b68f982aa963bde55f2a764d2f1

SHA512
79047ff3af94f7a63535df6a703f4edcff60409f34b3b5fa475b6cb1d8d3d4b86c67261ac1ec90cef73b6a5e882bff9b5e2a3a3972b622a6e0889a2effe61769

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
dba1088bb83031de453387bc66d41566

SHA1
34d8531ce67b3a719f8c616098b029e9162853ad

SHA256
a6283ad70a478c8e882c7c0dae0f9cffa91eb4d155a4576ea69ad8ae9e47ea1f

SHA512
2bc3aa11b697289660dcb0390361b8b32730aa7254d67aad6d92c04293a0e1660ca73ee4078505b131a1f41f1ed26aba612bb8491e8d3defe1006b9456d9bfb6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
3b541c696651592c0ddcb0be65d3a910

SHA1
56d554266e23b4e878a53e5532e0d25dfbf09a1e

SHA256
f6a5c1cf4fabd6118970f9ac48fc88338d1eba746749f5e406dab68aa9c7c14b

SHA512
8262e6aa76ed86165295961d24fb379f112ad71825850f9ea70421f49eef64390bc5b95cf7f6e7dc441f729d7be1133ad3b7631c164450e0150395ccb3ec368e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
5c406715b4a741e58fb91595578ff2d5

SHA1
6ff1383006ac2bacbd10eace35975514347d16ca

SHA256
7f21a07eda4c4473d1a64ce1b5f4c9d4754f919cad5736d4292dc36379c5a660

SHA512
1455d0b858f96a1f59f9d6b2aec82e4d9b00c3741d370d0a222c03ae6df7234c4d335d06be6c8f3552d6091bdeebf76db56d47ffcf02381910d9273f8e487df6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
28d4dec6119fded963b9f85952d2d892

SHA1
0ccb9c5552e75acfae97360697bf31cd419bb37e

SHA256
b07f8a51eaa528af16402c5eb937f6b50d78fc52a2f3827e8a9dd8a8cf93f9cc

SHA512
fa620033a582d6e382490f1761060ab0e1a6d97e3ae856a814b2abfef581a95b7b2f528fa0b22053251abe81dc0b12512aa12bb6d0da148ddb0ec7814f3fbdbe

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
aadb39a0bf77abce39e87cc24805dee0

SHA1
eb3ede57b77ac7f1271c65b4cc1fd7f71d6f4a5f

SHA256
2b011770382ac122d5d2cf7626f97edf764bce559c1cee490e1abe9499c3f126

SHA512
739c3a7962b498d4faccf71b2b47684c5e02aaea2640970809d287cb93a726d85f4d2ce8f1e22e1093fd15982aeb016e71f36f82f39e4774d3e46a1d11f1239f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
624be4ac60e0b0aa0cb868edd0ac9ea0

SHA1
a08b341dea4a83aa62592bbedd051730f137979e

SHA256
b450643685e5e10570641fae2cdbfaf3a68a2fc72c0781c6be6aacc49a19dbdf

SHA512
cfe1a763a5ccf418a0facda612d7dcba63032ce7d324f04164bf723d2ff809c90fba63dddd0461aa25dc02b1af7f6c17f7026c2c4909949fb1dd12913e33bdea

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
46de12b190d209772ad9a8a5a0d31cfd

SHA1
540d52132c5b0fa23a8a2f427a4c5813480cd47c

SHA256
a9ea864c607fd8e9828a68def97053c052735fd8791cfb18e70eaadb83adc5c4

SHA512
cf21b4b80eac739461e92c7164a9060ff16a5abcef3db2d982642b8b94ec83bbec69f020f9a2b3d9778372ee31259a5ddf4d903d43700a67a735ffc2811e43a1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
88bd28d75a5eed10c9144257ff00e80f

SHA1
859f673caca543732889d60f21f324101d79e73c

SHA256
a2620abb0c499cbc371e723e80fe0b107d5ec7d5bbbf870f798c56425ec26397

SHA512
6ccfd11bffb09aa213f7a62812e3690bbc27beec60337b30f108f5b03c12334c14915874b2801635f78b8dcc7af9128fdd5f2fe3530b1ae0f216f33457e883b7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
c984723a8e860122bf739f97b2024b7b

SHA1
0e3f48abcf2f44fc57487cc547aa094fd0022c96

SHA256
7988a1d379f059cb8909fa6820b38f9b31b3548f2003b78e89c41d940d42519f

SHA512
0a6b4facf3be472d3c911938f660953ee8c40b9c12fdefbb8b7838534da71958bef956c2beb3617a3a7ad06ea72370efd13afd5b89293d55efaba3a3a07e13c6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
2c6a45f284c7f5dbdf8a4156a7edb5ea

SHA1
d3d8773b4daf3effff53fd8c82b9aa8957347770

SHA256
7616d3f093f16ae03cee2ca28720610831ff1e7606a0e7cf72d513e70a7ab951

SHA512
80e94de42d54f00d70425690952412263d7a79edebac8014bad17600638bfda04fbc4b8309829756d0b5d3eb826acbc932c686357f63136a009884d86714b749

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
01832d210300191f6e284c2288c9d7bb

SHA1
ba4c20fc503d0ef43a071082a2b452202830cd63

SHA256
344e2c60fe003f039e6af50923183ef555f81070dbd3f32c8b49441c0217a032

SHA512
a7b93d755bdd0274d7379c6a3684febb559dc7d7d4cab31b172151a3cc8e57e2adc31ad74ed16d9c5d60a69e3e78f3e712e89b0a661ca09dce1008793289d185

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
ad85ec6b02d83f3aa7682849fc15fc94

SHA1
ea967022539b834a3ccdf000875fc27ddcd552f3

SHA256
ff153b22e30371611d0645fb192d867a3fb4fa04b66655b7287ea604c9a2345a

SHA512
c40dc9019189a527488c2ffcdaa3776ca576b2c3da8a9a9029b713c2b0be78edbab44495a5a6f0a21c4af648eaec37e1d3524194b0dbf180bce0bd6a449e637a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
3457a24a6a7aa4cc557d8dadb5ca0c1c

SHA1
412ba7c924b2802b972d9228bcee1ac610cad5c0

SHA256
f45e66e851954219956acc7e0eaf35842bb49a223dc9e15f2593e97ae56eba02

SHA512
20f7c989622de1b334a32046324904cbfd9563850d313e83f5a6fe291f82f39dc2a1dffda49200ab5717ba924a9a4cbca17955b0713712f3872db45ec3917454

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
77d48294aaf3e9384455e0eff94f6488

SHA1
a28eae6c4692482833d9fe57e73e03d88b5d50be

SHA256
dd970f46ba91b20cdd79fae0db13c4bc0e9ebb90628cbbdee078470b92a51dc1

SHA512
32cd1b70c8e4532b28c37b7b17a5888ab70e617264f64e6e126c889fb16d7563e5ebcdd0f702b5cd33e2aea11476733c2ced77de6b56ff74eafae0a42a9edd3e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
887eadb56609a7f36adab03e01115ec9

SHA1
8083e81756e6515282fcc97397463e61d6035696

SHA256
e76f6b4e2cbbfe117d751bc7fefa5ce1dfd7f938f2e9a4a28101aae28ce4487a

SHA512
2f9327c2e1d745fd1084107fa5fa4ad00b0a1ff44acf97dd0079cd63218746ef0233e246677a0e9f98987cd79e0c922eaa7342c3e41d7dbb15cb7c55fb5d0c60

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
e5a4bb4183a5f8d9043823fd7ceebbaa

SHA1
f194b371bf33ae346ce89972ef25406b85258cb4

SHA256
a4d1cda885f3af496aa3372baa7e58f6fa907768e49ca5baa08b3a32ec7eb0a5

SHA512
0c860a37733c75fd63249e62d078b533d4b6909b6a671f70096da23553b94e9f97c152fe9f8acac6273a9d43a21fd57e6e99db45cfe5afd4fbe1b91a95b21fbb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
280472bdea32f188e7af9eb7f2d1cee1

SHA1
cd882376cfb49f332a1515032eed19c31326585f

SHA256
445e239f40e1bf611ff3a7488d893cee55e2300fc843eab64ddd09ee4d4c2899

SHA512
904a8021b7255c023766b02730e036668c46183da694e08246e36e3ac83842bee15be94c0e88168ffb36044862669e1f4d2c8fdae05ded7a0777498ff66e8687

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
07d777b8f8616761af21a7719826fc1c

SHA1
cce6f351a07dc332556ca1c3e496abf36e55ef02

SHA256
fdcc76318152ecb62958c51c58cb247cf0d7f7eb92fa583b91354243e97fdad4

SHA512
ac8707bb7d21596f7fa7acd283922a0a081d539a9b65223b63383a75bb04601002d38ca78319f4b7729827f88279f54bfef5f5cb1206f9cbc65f3334b791bdd7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
e03aa876e9696ea7bc76ffa9e72756fb

SHA1
14a879b5696435201343735c5c1994dee87f418a

SHA256
8f0b75486118634a78733d3c7a877599d4a5f8e3e88046be77ec5b4bdd97e9e3

SHA512
ec8d1f4da4dcd7c46a5ba55a82d1b0fb57a88da3fd1f6df2a70f27873fe764b81c4c6d556d1d0d7442db43033249dd1a609408847a8af2bf93f400db1426325a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
7664b0087cb773250aa01734efb6c53b

SHA1
63ca0350f9c295447e2ef72eb8eb3fa5bf55a44f

SHA256
9b5230a7295c84c1b8e187d9ffdcefc98009cc36d13c0a254de23d30a615b4ec

SHA512
b58a6dbf92d8a72ceb56fdfe374af21b441093f712865d9c6281c25aa2e7df438bebf69e025a36f40907eb401266c704b5c2c48468251e4672375fb681e66685

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabE061.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarE11D.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
memory/2812-496-0x0000000000400000-0x0000000000411000-memory.dmp

Filesize
68KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads