4440bac7bcfa7f91c05f67b0f6ebee8d36c4b4b4748960a987e61129924eaaaa

Analysis

max time kernel
119s
max time network
148s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
14/07/2024, 13:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

45f3dc20d10262c6d1febd6a7f648c33_JaffaCakes118.exe
Size

1.4MB
MD5

45f3dc20d10262c6d1febd6a7f648c33
SHA1

35af59c473aa23dac50b7b38f8a990e1e1edd116
SHA256

4440bac7bcfa7f91c05f67b0f6ebee8d36c4b4b4748960a987e61129924eaaaa
SHA512

8e5018fdf5bb139cdbcdf9756593fbe76dddd521345f6ebcd7bf09f5a93289b2628d83b86938f401f20b272c4977a31703b99770360bffd5c1c8ecd24ff3ff70
SSDEEP

12288:j1J1mPxuRM4Unqs50FOqF7fqKbJ0bBmndK3B38iXiE49/SMZoS4mIybbL2Tv:jbkG/Cqy0FbFbjbHK3+iXgoM3IybeTv

Score

8^/10

upx

Malware Config

Signatures

Drops file in Drivers directory 1 IoCs

description	ioc	Process
File created	C:\WINDOWS\SysWOW64\drivers\kiss.she	45f3dc20d10262c6d1febd6a7f648c33_JaffaCakes118.exe

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral1/files/0x0008000000018b7d-3.dat	acprotect

Loads dropped DLL 1 IoCs

pid	Process
1984	45f3dc20d10262c6d1febd6a7f648c33_JaffaCakes118.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x0008000000018b7d-3.dat	upx
behavioral1/memory/1984-5-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral1/memory/1984-10-0x0000000010000000-0x000000001003D000-memory.dmp	upx

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 35 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main	45f3dc20d10262c6d1febd6a7f648c33_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003e1c4d4a7885794291b78de8e6dfadfd00000000020000000000106600000001000020000000255bb8bf8ff57907d494eef82d7a639eb8b95fe5696bae35c63bc8be8952625f000000000e8000000002000020000000fd23a3b9bc5d27c14f7768a4eac1f471f911283d8115c805eabc21dffb9de4d220000000dc42005cc6e0393abb4a20312ebe82ea79b2552456251974384a209a5f0165184000000094b2ce89aebed323d8de2ebc0f36980511ee5acbd8b34265b752e73dcf10933c6b26059713a6acb1f53292bf711bcb3e58d374d36b78a5a718fb2692cebffc0d	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003e1c4d4a7885794291b78de8e6dfadfd00000000020000000000106600000001000020000000de90accf0c46e0f3cba52875fe7b72f7d2b5486f56893847516c869ab0e771ee000000000e80000000020000200000009bf7e1c5cb657fa14e2125fd9ef9a31d3d8dc0bbe92d6847607f99fa7cfa91979000000072b665dae88f082024fa94300af2e8e23aa3c2fcb4f3311a73d04c80b9ffe280d93f0afb1659fdb507b0d8b25c2684fab80c7fda08914ad1c272fb6e7be503baf9d81e557d23ccaaac994bc0ec72d9b87062a77d2b35a135c16dc733c727a6cb3a133ffc3e430af5bb7cc75805931722f9d2029f0253ff8f1d70110423059679728fe050c4d06713b8b18153381b584c40000000343b33fe9de6d80831705e46439cebee171e45ff59a92c3f05c925d09be1c496ba651422e9cb23ee6524e9012fa775f651eff1dd3c4bf183ead238ef54218498	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{464F3891-41E2-11EF-90E9-F64010A3169C} = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e0b0c61aefd5da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "427124425"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe

Modifies system certificate store 2 TTPs 2 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436	45f3dc20d10262c6d1febd6a7f648c33_JaffaCakes118.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436\Blob = 04000000010000001000000079e4a9840d7d3a96d7c04fe2434c892e0f0000000100000014000000b34ddd372ed92e8f2abfbb9e20a9d31f204f194b090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000003de503556d14cbb66f0a3e21b1bc397b23dd1550b00000001000000120000004400690067006900430065007200740000001d000000010000001000000059779e39e21a2e3dfced6857ed5c5fd9030000000100000014000000a8985d3a65e5e5c4b2d7d66d40c6dd2fb19c54361900000001000000100000000f3a0527d242de2dc98e5cfcb1e991ee2000000001000000b3030000308203af30820297a0030201020210083be056904246b1a1756ac95991c74a300d06092a864886f70d01010505003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e23be11172dea8a4d3a357aa50a28f0b7790c9a2a5ee12ce965b010920cc0193a74e30b753f743c46900579de28d22dd870640008109cece1b83bfdfcd3b7146e2d666c705b37627168f7b9e1e957deeb748a308dad6af7a0c3906657f4a5d1fbc17f8abbeee28d7747f7a78995985686e5c23324bbf4ec0e85a6de370bf7710bffc01f685d9a844105832a97518d5d1a2be47e2276af49a33f84908608bd45fb43a84bfa1aa4a4c7d3ecf4f5f6c765ea04b37919edc22e66dce141a8e6acbfecdb3146417c75b299e32bff2eefad30b42d4abb74132da0cd4eff881d5bb8d583fb51be84928a270da3104ddf7b216f24c0a4e07a8ed4a3d5eb57fa390c3af270203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041403de503556d14cbb66f0a3e21b1bc397b23dd155301f0603551d2304183016801403de503556d14cbb66f0a3e21b1bc397b23dd155300d06092a864886f70d01010505000382010100cb9c37aa4813120afadd449c4f52b0f4dfae04f5797908a32418fc4b2b84c02db9d5c7fef4c11f58cbb86d9c7a74e79829ab11b5e370a0a1cd4c8899938c9170e2ab0f1cbe93a9ff63d5e40760d3a3bf9d5b09f1d58ee353f48e63fa3fa7dbb466df6266d6d16e418df22db5ea774a9f9d58e22b59c04023ed2d2882453e7954922698e08048a837eff0d6796016deace80ecd6eac4417382f49dae1453e2ab93653cf3a5006f72ee8c457496c612118d504ad783c2c3a806ba7ebaf1514e9d889c1b9386ce2916c8aff64b977255730c01b24a3e1dce9df477cb5b424080530ec2dbd0bbf45bf50b9a9f3eb980112adc888c698345f8d0a3cc6e9d595956dde	45f3dc20d10262c6d1febd6a7f648c33_JaffaCakes118.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2672	iexplore.exe

Suspicious use of SetWindowsHookEx 12 IoCs

pid	Process
1984	45f3dc20d10262c6d1febd6a7f648c33_JaffaCakes118.exe
1984	45f3dc20d10262c6d1febd6a7f648c33_JaffaCakes118.exe
1984	45f3dc20d10262c6d1febd6a7f648c33_JaffaCakes118.exe
1984	45f3dc20d10262c6d1febd6a7f648c33_JaffaCakes118.exe
1984	45f3dc20d10262c6d1febd6a7f648c33_JaffaCakes118.exe
1984	45f3dc20d10262c6d1febd6a7f648c33_JaffaCakes118.exe
2672	iexplore.exe
2672	iexplore.exe
1004	IEXPLORE.EXE
1004	IEXPLORE.EXE
1004	IEXPLORE.EXE
1004	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 1984 wrote to memory of 2672	1984	45f3dc20d10262c6d1febd6a7f648c33_JaffaCakes118.exe	32
PID 1984 wrote to memory of 2672	1984	45f3dc20d10262c6d1febd6a7f648c33_JaffaCakes118.exe	32
PID 1984 wrote to memory of 2672	1984	45f3dc20d10262c6d1febd6a7f648c33_JaffaCakes118.exe	32
PID 1984 wrote to memory of 2672	1984	45f3dc20d10262c6d1febd6a7f648c33_JaffaCakes118.exe	32
PID 2672 wrote to memory of 1004	2672	iexplore.exe	33
PID 2672 wrote to memory of 1004	2672	iexplore.exe	33
PID 2672 wrote to memory of 1004	2672	iexplore.exe	33
PID 2672 wrote to memory of 1004	2672	iexplore.exe	33

C:\Users\Admin\AppData\Local\Temp\45f3dc20d10262c6d1febd6a7f648c33_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\45f3dc20d10262c6d1febd6a7f648c33_JaffaCakes118.exe"
1⤵
- Drops file in Drivers directory
- Loads dropped DLL
- Modifies Internet Explorer settings
- Modifies system certificate store
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1984
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe" http://bbs.qqxiaoxi.com/thread-htm-fid-12.html
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2672
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2672 CREDAT:275457 /prefetch:2
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:1004

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
abb11f4502b7e81b4aabdaf718d927f5

SHA1
b2f9fe0c28526c0ca9b3bf7a900f9850e50232f1

SHA256
2a9b21c0e1ec29c1317a4a386627fb8d07c19a1b0f4c7a335e6b453f355e8f01

SHA512
bf9ade6913e5c040352f9e4f14a267ea7a1c78a579ab65dc7ff4549f08c5e3fe617e3323429776f560b696f4f504affefb97b4d820bba1bec1e52c065bc071a5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7bc0828adad24a53484be1e3ddd19585

SHA1
12f3ee2554037fd7117b4d904f3941316e54cbc9

SHA256
fe7ef656cdbae79901970849b296bf8cb3b09b120eea954713075352c69e3fc9

SHA512
a47edd5efcb4a648ba51cc3ec88cb762e1cfe1da5820670d1aad9b8873048a1cb3f18a3a5e4e503e740e35998e677eef996fb760bf443aa99ac3b99fcc28dd83

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ca34bd6cd5145ffa04837c9eb956ad2d

SHA1
6202b058ee6b397207788f6bbace764a279705e9

SHA256
8a3a0051c39a1b10825a85dd1a7b8e30e49932d8b49456b666828672ff2a8af9

SHA512
8607ec943e32c78fbb97a828e59535e306c4ae7ae7798785ac49df3b9c1c2ee616e7d3c3c346a35d99c9fd10a8fa156f74488e76cd6ba1c7c695e9d9c26701ef

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
db1f9603b19fcafdd1a82c3847de2de1

SHA1
82703d7cdc395685b66ce79c43e5c7f4deed1b12

SHA256
8cd8817936994aa81c8619c7946af9eedbe094e79464c162d70d1be2d00672d2

SHA512
4e5c844193157a1fed7f6600231e07c06a0cf4a6b9f678fa4105afda090ba8b1e4fa1a9b91a53d42e3c61193990bf800d0919422233ff9fb4c3d44b184135f0e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
72f54799f363c59c8606282f7f8242ec

SHA1
064ac2f6cb9bed9a6e2b5d5cbcc6d67c5f085989

SHA256
dc95e33a96b977ddadfb8db49a5fe328a547d764a99dec515c2be0f0b8fac05a

SHA512
5d7841a3e2e0f2494590ae7e9a1597f7226d338da69ad8cf019b1efae722c159626aa4b3ad47125306d0380f9d3a17943232fd54f7697ab31a8314776622e0a1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9e5630f01ff8a1afa627d77c4e98da31

SHA1
d099082faa9e6b1a654442f9cd7debcdf64031c9

SHA256
e5b5540acaab71cb6c02f3dcf8ac98c45c28092880c6ac7eee0074c4608619dd

SHA512
e0013a01598bb4cbfcde60ed745b355862acbdc02fcf389a4f0d815ef4c3c57f8f6dddc3a6e48b277060c7655980433ba7d2a3a4414f7b2127863bf8404ac91c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
44008bac389180cc7f36687bc9d10a08

SHA1
ea075277b0c251a0906e30c5b750bdd99b790b36

SHA256
900e9c0d401123b248165d838ab50d59e209d469dd14991cf627298453a480a8

SHA512
48944ed197caf16838cef70c99ae9566efeabe63e94043c1bf7fff716459fa434e6cd0ea396031439f3b33454af28f45b4c11103f79f01320016ea0f55810414

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0ff1c3581c3d6a2b0e363992603c45b1

SHA1
79b0fc7372e23b352338105b2c7fe48928a5ae89

SHA256
05cf9443f8043e884c8924c638c0539a6c1882552d2f75ec77907dcb3a51aca1

SHA512
4c15faa11395a0e639202907508b72e4c403801d356eaaa24e7ff93d0d8f9586b8ef644e7a61540735e290644beae0ce5bc63fcf2bbb0096d1706e41b535ec33

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
73e2969748e9995c5a73f9afaff85221

SHA1
b49d9bb3ca33cc20ef2a64f7ab08f51ae14f54cb

SHA256
846243f4f8443e6e07ef621f42de522e0fbcfd1c3bccd2b67254d9177f3f4994

SHA512
1a3cf3e4b850b19b1871d89a066962d92aefcb81f810688a092575bbf92b0a5587a46cac5269462ca6479af730cbecdfc4792ce1267269f6285d1a0199272ddb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9d281714c04e74100e4d9dc13d775c84

SHA1
499e1db7491ee155c2cb32ea77d7439bd0c049ad

SHA256
ee5f21de030544a625b24344887be30e59b5c13715a8e498b7c123f411e07fe1

SHA512
6bd6f6b101d12bcbe3d6e8ad152dadc2f6d1af8b81dd42afe22ecba2eda72efa0b1e0c726a09d56dd5e0871362aa8c1e1190a3a7b00839a7a06cd9500914241e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
42ee9e9cbfe18d195dd36f3eefcc5092

SHA1
6d64f82f1d898af0fbf4aca2a8e519c915c5a069

SHA256
ef164685580ee53b25edac0b6464a7ab6ada256802af67e477751c9bc0c7c50e

SHA512
7d266b8900113be3cdc2d84fe2d583629ef0b7256f7c8a2e1dc0f65a1c39fad451588fe6f821b0d8274f51f327cc7d17ef1aea7f7fc7df1d24b996c98713a3df

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a0f835a2acea3d4e9f9936f8a6b4bc67

SHA1
233399d9a6816aa1e2bdfdbe03ae9eeb5433dc7f

SHA256
45b2711a1ad89c9d7792ec382d17bbe990b8abcfaf2acda3d113e76b6aa02f76

SHA512
33371ec1d49b41d7c4d2e6a1bd31590ffc25f5b0dcaea5d6dd3303121c6bd18dbb4e3c7d6fd2e7f0ecb9aab34e198c2b03977c5b4a7bcce00c65c9827fb16d03

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
391ae4e50358c096c50abe016866e7db

SHA1
e8561650aa0c620ca4a1c150acfb90a8adcfa255

SHA256
999fb9bdb01fd3023bda34ab9af6e1e246894a870e484f1dc8f017d8c7ff1875

SHA512
a3ee5321d8b35621ac672c5248eb6a20a7618b88d802a7d50b77a88ec795e6770cbf5397385c48a5116aeb4f0be84d8ecf9f535d826e679e97eb373759874678

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
40d5e104cd8fb0328a7e14042ecc6091

SHA1
66da832e0fc2d5ec0341e7f3c4a874b938f155f4

SHA256
d1b6a0e8ae2500f93504de46c1e4b4b91a40326160c7bf3823f10f05ba5efa75

SHA512
714287871b2d890fc3f2b09e6c44fcfef57ac32fa547358664f0200f6a6a5efcf6569699beb9278f7c34206d133cc0533e931724a219eaeef7e6379438afc939

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f306f2f256acde74cb69c6bac2eaf193

SHA1
818ba381b603ef688e4d70a9e78c0888cc23385a

SHA256
cd3dea5064c5d51575099b5957ef5fa4d518090e40b42cbce66740e7b763e980

SHA512
22ae61ec2a466103e9aef62b8fe8472230b6724256ce1de07b9b4d9c81bf2f943cae551ea490512cf1fb6b38ad25c00771ae73daf5d94915d4e59ed69306b71a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d0f6701a05f9ae8e7d8146aad8adc69f

SHA1
e151a624e7b7df92b5570b98b0835eec915b1955

SHA256
49d9704b9835c71edae278c2fed6736e83bfea1d092ad732f36811f35bda1ef2

SHA512
2ea8a3ad360e0f191a4ec1c158db47b0fa80f2443e9077dc0fea624de2685272a060dbae412f6cb1f201324d3b73298738961b4008f1a482051d14cf0249acf0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab4FD8.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar4FD9.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
\Users\Admin\AppData\Local\Temp\SkinH_EL.dll

Filesize
86KB

MD5
147127382e001f495d1842ee7a9e7912

SHA1
92d1ed56032183c75d4b57d7ce30b1c4ae11dc9b

SHA256
edf679c02ea2e170e67ab20dfc18558e2bfb4ee5d59eceeaea4b1ad1a626c3cc

SHA512
97f5ae90a1bbacfe39b9e0f2954c24f9896cc9dca9d14364c438862996f3bbc04a4aa515742fccb3679d222c1302f5bb40c7eaddd6b5859d2d6ef79490243a4d

Download Submit
memory/1984-5-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/1984-9-0x0000000010009000-0x000000001000A000-memory.dmp

Filesize
4KB

Download
memory/1984-10-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads