d78e405986376bd9bd0a3a60ac2a362f67abe392a3a5ee987db7374f8a20c998

Analysis

max time kernel
148s
max time network
149s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
13/07/2024, 17:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

42bd378844493d5a774a98e06343d75b_JaffaCakes118.exe
Size

142KB
MD5

42bd378844493d5a774a98e06343d75b
SHA1

7e30d8c80baeee783f0bfcbacb7abbb5ea5482f5
SHA256

d78e405986376bd9bd0a3a60ac2a362f67abe392a3a5ee987db7374f8a20c998
SHA512

62c5e19387ff13289c4fd787e059016d5ec96d6b0b04e0150c9fb316a850d7a3f231a93969595c7cac085ba623109d410fe7ffafa8dfd0ea8508d72bb07818e8
SSDEEP

3072:8Ym4+5h8QG6Qlycjo7CXkti15JN9ylxQsl4X/nex3a8BYQGT+JOJH03D:8L4+z8KOTn0tiHJN9ylxIf0a8BYQm+UQ

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\IniciarPrograma = "\"C:\\Windows\\system32\\msiiasmsn.exe\""	42bd378844493d5a774a98e06343d75b_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{30846F41-4141-11EF-BB94-CE397B957442} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002f8e41e3384fa749ac47329e409d990900000000020000000000106600000001000020000000bfac4937b1ca38a18d216925cd38e791d6d95d9dd59cc5d7fa77f2220259a440000000000e80000000020000200000008e8697357f106906463d3665af5e35b6e8327759442d6e65b31c124e05ac397620000000110a0c2aeac93aec01c0b461ed608eb33cb3f325aa35828989df6f7b1d99a55340000000b362103abbcf69778bdf73aa8548cb272478d390e41224d2192432d6358309fc07fa419fb36d84bb492144b5fb0f3ca4826dacd1800cb3114e10d7e68acb9532	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "427055238"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002f8e41e3384fa749ac47329e409d990900000000020000000000106600000001000020000000237c0d61b6b3cb86abbf827e4d3d8dc8aad54a8f2afd1274b2596792b97805ce000000000e8000000002000020000000f1ea50a09ff9a517fac99470f17c0b0c63422bcd5d37c8df74ff20c111a0e03890000000356f5b77860a32d374d3bd04212e2362da24e9f46de238bb635cf698348654a6ac30af5bb6dabfe5963d7423a8ead822c2acc4f194580aed5b0bcb1aa18ec83f2a4c125e543a8fd7e95c821bbd47bdb01ca47e0417a2230f65d49602e7fca025de2fd8a1f23867f5cd7294e5de534095ac3405faac5abf1aab2434c551e2b374fd4781951273c480509a5272f27f6d3e40000000f596034484cf94de30f97c595eefb0322f5fb31f8e3ea27de11626b0f243af556c5a95bdf078d3f119242fee27ad4746bf0fcf7cf9e6c1417873e0ff7e5ede7e	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c05b11054ed5da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2628	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2628	iexplore.exe
2628	iexplore.exe
2300	IEXPLORE.EXE
2300	IEXPLORE.EXE
2300	IEXPLORE.EXE
2300	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2976 wrote to memory of 2628	2976	42bd378844493d5a774a98e06343d75b_JaffaCakes118.exe	30
PID 2976 wrote to memory of 2628	2976	42bd378844493d5a774a98e06343d75b_JaffaCakes118.exe	30
PID 2976 wrote to memory of 2628	2976	42bd378844493d5a774a98e06343d75b_JaffaCakes118.exe	30
PID 2976 wrote to memory of 2628	2976	42bd378844493d5a774a98e06343d75b_JaffaCakes118.exe	30
PID 2628 wrote to memory of 2300	2628	iexplore.exe	31
PID 2628 wrote to memory of 2300	2628	iexplore.exe	31
PID 2628 wrote to memory of 2300	2628	iexplore.exe	31
PID 2628 wrote to memory of 2300	2628	iexplore.exe	31

C:\Users\Admin\AppData\Local\Temp\42bd378844493d5a774a98e06343d75b_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\42bd378844493d5a774a98e06343d75b_JaffaCakes118.exe"
1⤵
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
PID:2976
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe" http://internet.boticario.com.br/portal/site/lojavirtual/menuitem.a113af9aabd4f9cdad01af1010ef8a0c/?menuGrafico=CadastreSe
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2628
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2628 CREDAT:275457 /prefetch:2
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:2300

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bfa5b50767f804fa8d419298b95b5de2

SHA1
fdc4dd30d923c09036f0152d2a9b16ff11feeb2a

SHA256
fed93f894a988d4bd5e00b1df4d965529df6be65166c862a56a44984be0bc548

SHA512
4f37cba223d0bede5a355ddb52896d009a9b647e149f717e19914786f1fb46eb6cc4f1ea8e47bde66c4aa7043688238aa3d950c8bff8c5084d0c9efbf0091c92

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9f8dafbe83cc16dd4b3316c6c602b91d

SHA1
3488eefabb3dfae450a5addee2a254ba57ebf39f

SHA256
53532c01b1f96286de03fa11cee660d370aa2fc22a4d28962a3d60406bad820f

SHA512
a27b7edd98e17ee523322e94cbfff5c61748df9dd1ae92eee6ad77853a93fa13bea47187bd8a7e5995dac163c74589faed34f916fa964241da3a145f6cd3b8c1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ae820ce584eff72132d5ef3374e56b79

SHA1
97a290203f61bb2bab16a59b3abcfe5057e2a060

SHA256
9d8ed0a04497798a8e8137dcd196829e35479c3792dc84f661b64642be06ba4b

SHA512
ae3597d40b7a99502dfbce37218f55e0de9c860057385e5de51a10e53f87e685b395839fe66c2357554177d393bef73c8195392e082ba8519c75aef10ce41d48

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
09e2f90d9523bb627f86942019833561

SHA1
dbdc83c1acb6fb95cff38fa59b8806b2f4e44b97

SHA256
83b003e6e35fa8e72bd8e715ca338c73b0ecb66f9e59ad84cf44a905d73a5fe6

SHA512
f5f696f248ec869ba542db99042e7414eecc34119d6ffc234aaa61cbda247471acb8630452bcd145ade3a861ce77e03fdd0f18c1cfc39aa4dbb00335ab01730f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8463bd59d5034ea223866d12130f173e

SHA1
fe3a9753567e44a172f995981c2d4362a10bb4c7

SHA256
37ca94e03d6ee8c9f1fee5de3d602576023abfc1f640210e7d0824c0cc7d10ad

SHA512
2750bc2666fd07d6c7b5f6e689bfa0b556d5d97a26d18f1d491c58f8692b775e3de6bfc7c690a7bbe8e570f6994ded3676ec0b9169e7082b19e73c90d8c484b7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
56ad72cbae7a00b6a748d7cc62c836f1

SHA1
f0e08c224820c50ab1a8b1925ea42b9a73f5543f

SHA256
f01eb1fde21c9f36a0a38bf3139db62d80bc2a49c5bbbbc51746a075ce2f2be8

SHA512
891565aad01ae15cf711ab3c059266d1b2f6aba6161c93729fe914a5eb7b3dd925bc205df74823432c9ac4a402c7fad7dcf2add1c1dea457b0818aa7d3e81ae2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
63d38a4028ba59f89edfa544e971b30a

SHA1
0f3570a8f067c55f5da45ba6f81316409f56f1c5

SHA256
abd440af4e224461e23a143b45a7a6da155ec12fef52f2cba79795c4579f2320

SHA512
6aa553a872f3e30a86f793311eb7fa053e6e13a59a4a81a8ef378d266f3f4ca0415e1c5909f3f33f99368c6c656fd674f31cc72461e9ab5b4b12c0f078fd3812

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
16d8af3cf668fcfb24681a2417dc4f63

SHA1
a5c6531e60c1bf31186c4702da432e219c384aa9

SHA256
62d42decb236dc050ee41b369305d4fea02e6373b1cf2ad24e6845f586f53ac7

SHA512
88afa9d0a85a7d4f8c4e51f288ec77c2125495e3969624b4672fef35fd8bfe2ccca0d2417bb08e5eecf47a1c92e8b8a1c12a422b49be28aa69d0ebbd9de8847c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
87006a1d4562adcf6cc1e2321cabff07

SHA1
a94e48b9559313ab68bfd19755d752a5d320cff7

SHA256
c3c6af8c7d736bcace2a57123502409078567d8676406771e599805b409d3228

SHA512
10930c3ec5acbacffd016d1121e820fbfadfc7f656f4109ef66c72f260cf5be798e52f0e2fbaf155e1c0fdbe93b3c8b12eaf634172da588e1e2b046c5f70c0ac

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
819d7b4ca2c1f5501595179961a97fcc

SHA1
401c9daac3c76204d14162b9f473d8b036048d51

SHA256
b2a4d114658c7d930404a377f1f7901bccadecde7f50bcadb7edbfe797ee5ca5

SHA512
71114c8ba0dfb0cecac524913b86f672ad9558e064eeaf775d49b98679f274de82036fbe2b77b59e858f51b93c4df5821d6b4302021b0f3d728f2cd574051114

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ae264bd2c38a86387110f7e12791d38c

SHA1
f666e9906e520a15f98723e626b32d21abe9fc0d

SHA256
92d163f04fd3591e30a6caa9116f5fa34525bf0d9be11d97334804bc41855fc5

SHA512
5a0f269b8bbc0dfdb50a5fc0df7e3772d0472a04945d9e67cfb256053290b9248f5a2ecac4beac667fedc7a05fe7697b9ff2a67d680504c37a80dd332c4671e0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fd6dc0ee43f2788ba2299181857b8b9a

SHA1
e2297773b75662c48457733a42af4d5dbf0d50ec

SHA256
5220049347e51bab89c1cbe7b549a12a383443a5bcb03f8e649ae1fb0c25fb1a

SHA512
e9e518372352baa5a815b24d9ae1332e90095eaee4da9105ea179549fcfa497c1c54168ffc2ffe1990b0bc4af23ecd5d2729d9a4924ea788763c9686b278fc88

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
aa242782e0337f372f0e01ca57c4822a

SHA1
f3d5ed8b4026edaca3f82fc28d786246b7a88af7

SHA256
cff351e1e5a3b162cc05a0c4b7192421e1d031048a7823a25b46d18e10371aaf

SHA512
3a059373b93a366b3355a14ff668a780c632ecd79a0a41b12c29ae953bf2f5ec6dfaeaf5981b03ff528429c42a8eb069d5f807f10d3bab564f1f7ca0b3b6e1fe

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
06a366c68e2e286df620fa11592e1132

SHA1
1bae399f108db4046b18c500e6a4b9d2910c616a

SHA256
c398632ebfd6b9f505d2dae6a74426a888203bcc0f329eaf71adf5413121562c

SHA512
1cec0c1023bd0ea30435aedd670d0be75e6fb2f68af31855d7d0875636729f2e45ccc23155f96727bd2c3cdb3db79aeed0d7615b7cf81009336dd8410e48e216

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ae84d862bbd2b6e0b65d3d956affaec7

SHA1
adcbb56094fabfde5e693a27f68efae73602e07d

SHA256
47ecfb24726eca611cfa5ee36630e78a2d716842d090f180609dc4a831cc6582

SHA512
14f308665233833766757d96a94530257c0b222756d105cb86c11aa3c2fbbe614d16f194ecd015276889cf305689fd91f9927fe7c50fb3c92a57b847ab47f53e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f179173c89cdc4d5cc81922f1b8418b9

SHA1
254e7ccde8d67c1271ed387ce4f141019aedf37d

SHA256
af0ba6f32f8191c90687f2d13109b1ec69cc536b72c01e83d2f19fb2e7e5ed57

SHA512
bddf98cb1cd3fc6d6a48b6380c805c82b8befa6448192535a320a45ef060d7e07d67dac4786c5eb4bda114c53134803c8ebb8be09377007fd0f2e6a721a55217

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
830e00a05a88bd586f581ab64ec910ed

SHA1
948782dc779dc0292befe30a3abaa126202c61ca

SHA256
a00ef8031712820d7c6c2d7ba99092d01caaa4e3f4c9794b02e5b16b2fac4e70

SHA512
d2cc0d25f1885d29934c24ee76060a6a30fab89011a90edfc399443d5965c88e878d1c54a41b111ca9560f74c4eff033b82c1d803f8edbe98a7eebabf7dcd88e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
35db718c0e47d1cba33f95109dd21802

SHA1
2d91beaff8d7f35b49ab849de89de816cf1b1072

SHA256
fac9c997e16d451753e1350b3cf688f139e3c874517146efb6d5ca630a51a23c

SHA512
ca7a2d54ba837927b9d27afdf9d52a99a6516e32f40406bb2e6e41f7bf54f264cfc4de7e376cde6aadb609fd2651ced720d5d018e726ef285da874d849307d8d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8801b82bbd8a5b07dca8a28cca5a8ea7

SHA1
27aeeb19a0114ae5621e85a822f469eb17fcab1d

SHA256
289ad94ee8cc5170f58cd4129d3ae7360825c40bac116b30e9121fed1cbf6a21

SHA512
575877c6f13b9904331e102b344f8290d1054f24151ad3ba568c30d10597a20ee2106e6b286c93c4267565d1cd9a0eeb700ddfc6d0f15c5f27f0991801e1dcd7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2a782f529d59d72ddd74685a8a4e2c7d

SHA1
5e74ead156d6461f416e42ccc6afae324dd53888

SHA256
d5bea41727f77bc119a0f1f0899ee68d753b05523bd1aa6082b9070fbf66f2f9

SHA512
5b00511aa7a9d42262505665a53c6ecd2809284ed3d65c609cc481b21c516f1c8d4ffe5474a0966f5132131d472d476bfe9d0a697eae45558b277e913cf144b3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab5AE0.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar5B40.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
memory/2976-436-0x0000000000400000-0x0000000000464000-memory.dmp

Filesize
400KB

Download
memory/2976-2-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/2976-1-0x0000000000220000-0x0000000000222000-memory.dmp

Filesize
8KB

Download
memory/2976-0-0x0000000000400000-0x0000000000464000-memory.dmp

Filesize
400KB

Download
memory/2976-441-0x0000000000400000-0x0000000000464000-memory.dmp

Filesize
400KB

Download
memory/2976-438-0x00000000002E0000-0x00000000002F0000-memory.dmp

Filesize
64KB

Download
memory/2976-3-0x00000000002E0000-0x00000000002F0000-memory.dmp

Filesize
64KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads