87750da1e198e4664fc68eac13fb0cf75222c07794bb184bb4db9bd818315cc7

Analysis

max time kernel
148s
max time network
149s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
14-07-2024 14:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

463f09d8e1a3ace2dc63093ecc027354_JaffaCakes118.exe
Size

216KB
MD5

463f09d8e1a3ace2dc63093ecc027354
SHA1

e0faf860e093ae2167a6bfec0261d6015549ae65
SHA256

87750da1e198e4664fc68eac13fb0cf75222c07794bb184bb4db9bd818315cc7
SHA512

c9928917f50fadc46a34c610a96617fa61ea3131bd33333589e85fab8677f1f140188d26f9d5369c8a24db4511aff32ddfdf3c2618b6bc63e98815c69131f522
SSDEEP

3072:Cd6HpiVEibJ7rEixbTugWP2zHVrtkaCMcaDAvTJiP8DIAGjCX+XsIK:Cd6HpzibJ7rEixDm21VCjnTAjEys

Score

7^/10

discovery persistence

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2888	hotaction_fi.exe

Executes dropped EXE 1 IoCs

pid	Process
2888	hotaction_fi.exe

Loads dropped DLL 11 IoCs

pid	Process
1316	463f09d8e1a3ace2dc63093ecc027354_JaffaCakes118.exe
1316	463f09d8e1a3ace2dc63093ecc027354_JaffaCakes118.exe
1316	463f09d8e1a3ace2dc63093ecc027354_JaffaCakes118.exe
1316	463f09d8e1a3ace2dc63093ecc027354_JaffaCakes118.exe
1316	463f09d8e1a3ace2dc63093ecc027354_JaffaCakes118.exe
1316	463f09d8e1a3ace2dc63093ecc027354_JaffaCakes118.exe
1316	463f09d8e1a3ace2dc63093ecc027354_JaffaCakes118.exe
1316	463f09d8e1a3ace2dc63093ecc027354_JaffaCakes118.exe
2888	hotaction_fi.exe
2888	hotaction_fi.exe
2888	hotaction_fi.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HotAction_fi = "c:\\program files\\comsoft\\dialers\\hotaction_fi\\hotaction_fi.exe /noconnect"	463f09d8e1a3ace2dc63093ecc027354_JaffaCakes118.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\HotAction_fi-uninstall.exe	463f09d8e1a3ace2dc63093ecc027354_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\HotAction_fi-uninstall.exe	463f09d8e1a3ace2dc63093ecc027354_JaffaCakes118.exe

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	\??\c:\program files\comsoft\dialers\hotaction_fi\hotaction_fi.exe	463f09d8e1a3ace2dc63093ecc027354_JaffaCakes118.exe
File opened for modification	\??\c:\program files\comsoft\dialers\hotaction_fi\hotaction_fi.exe	463f09d8e1a3ace2dc63093ecc027354_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 35 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{C9437571-41EE-11EF-BA79-7699BFC84B14} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "427129798"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002aec918cb9fa9248b7812ac80df2e74c00000000020000000000106600000001000020000000b08e0a558ebcaef01ab2cb90d4c55bcf5a9038f69e03c75c6076f9d75b21bd33000000000e80000000020000200000006ea65508eb2a31e0bafdcec618230edd4e6f5abc14e532e75caab78b9190e0ec20000000b755a647cc968d2ccee33909df5bf9d5e5e52c6dac7d90672d0575372d83ed09400000001b389ec0335e9359959fe05783945378774640f606d16e3d32797a02741dc6614596a62545e1c7b69b682ac51730c2deb37498c6f57caf3dff2102f239c543ab	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 803eadb8fbd5da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002aec918cb9fa9248b7812ac80df2e74c00000000020000000000106600000001000020000000d4e8f1e2032a7c655ead91289a14229cdca2bf94deae363b1a18ccf9d72fd8ce000000000e8000000002000020000000932d0ba2e3e42d4fb8b18eb34bb9d62e3562d4274538e81fd254bc49f7ec7e3390000000a8a68f8e60ebd9198fb5df8f9feb57b24f753877823d3824834847b4fea1431afce3778c0340093312a3806c0cc8118d3f7ab5c13de709603ec92d84737bc04715fa9233643558110a6aa9bfcecc77a9bddc4fde76c133cd41bd7b179cd0b2d27b454488ceaa28f5e6f2ab20a23e295fda6018d30c300a5a8653f62222217e04a0c286a9396864e46b8b949caf16bc0140000000f51c1b8fe94e97d3154d2d00254499eab858d012617f64b199cfab8d91ebf90efabde7a168e4ab9b41c822b48ae3d74b2012d529b8afa81cf3d3f4f4be6eb733	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe

Modifies data under HKEY_USERS 12 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.default	hotaction_fi.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\netscape\netscape navigator	hotaction_fi.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\netscape\netscape navigator\viewers\TYPE1 = "application/x-cnty"	hotaction_fi.exe
Key created	\REGISTRY\USER\.default\software\netscape\netscape navigator\viewers	hotaction_fi.exe
Key created	\REGISTRY\USER\.DEFAULT\software	hotaction_fi.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\netscape	hotaction_fi.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\netscape\netscape navigator\viewers	hotaction_fi.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\netscape\netscape navigator\viewers\application/x-cnty = "c:\\program files\\comsoft\\dialers\\hotaction_fi\\hotaction_fi.exe %1"	hotaction_fi.exe
Key created	\REGISTRY\USER\.default\software\netscape\netscape navigator\user trusted external applications	hotaction_fi.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\netscape\netscape navigator\user trusted external applications\c:\program files\comsoft\dialers\hotaction_fi\hotaction_fi.exe = "yes"	hotaction_fi.exe
Key created	\REGISTRY\USER\.default\software\netscape\netscape navigator\suffixes	hotaction_fi.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\netscape\netscape navigator\suffixes\application/x-cnty = "cnty"	hotaction_fi.exe

Modifies registry class 13 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\cnty File	hotaction_fi.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.cnty\Content Type = "application/x-cnty"	hotaction_fi.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\cnty File\ = "cnty Data"	hotaction_fi.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\cnty File\shell	hotaction_fi.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.cnty\ = "cnty File"	hotaction_fi.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-cnty\Extension = ".cnty"	hotaction_fi.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\cnty File\shell\ = "open"	hotaction_fi.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\mime\database\content type\application/x-cnty	hotaction_fi.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\cnty File\EditFlags = 00000100	hotaction_fi.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\cnty File\shell\open\command	hotaction_fi.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\cnty File\shell\open	hotaction_fi.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\cnty File\shell\open\command\ = "c:\\program files\\comsoft\\dialers\\hotaction_fi\\hotaction_fi.exe %1"	hotaction_fi.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.cnty	hotaction_fi.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
2888	hotaction_fi.exe
2704	iexplore.exe

Suspicious use of SendNotifyMessage 1 IoCs

pid	Process
2888	hotaction_fi.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2704	iexplore.exe
2704	iexplore.exe
2588	IEXPLORE.EXE
2588	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 1316 wrote to memory of 2888	1316	463f09d8e1a3ace2dc63093ecc027354_JaffaCakes118.exe	31
PID 1316 wrote to memory of 2888	1316	463f09d8e1a3ace2dc63093ecc027354_JaffaCakes118.exe	31
PID 1316 wrote to memory of 2888	1316	463f09d8e1a3ace2dc63093ecc027354_JaffaCakes118.exe	31
PID 1316 wrote to memory of 2888	1316	463f09d8e1a3ace2dc63093ecc027354_JaffaCakes118.exe	31
PID 2704 wrote to memory of 2588	2704	iexplore.exe	33
PID 2704 wrote to memory of 2588	2704	iexplore.exe	33
PID 2704 wrote to memory of 2588	2704	iexplore.exe	33
PID 2704 wrote to memory of 2588	2704	iexplore.exe	33

C:\Users\Admin\AppData\Local\Temp\463f09d8e1a3ace2dc63093ecc027354_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\463f09d8e1a3ace2dc63093ecc027354_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:1316
- C:\program files\comsoft\dialers\hotaction_fi\hotaction_fi.exe
  "C:\program files\comsoft\dialers\hotaction_fi\hotaction_fi.exe" -kill c:\users\admin\appdata\local\temp\463f09d8e1a3ace2dc63093ecc027354_jaffacakes118.exe /install
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Loads dropped DLL
  - Modifies data under HKEY_USERS
  - Modifies registry class
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:2888

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2704
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2704 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2588

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\comsoft\dialers\hotaction_fi\hotaction_fi.exe

Filesize
216KB

MD5
463f09d8e1a3ace2dc63093ecc027354

SHA1
e0faf860e093ae2167a6bfec0261d6015549ae65

SHA256
87750da1e198e4664fc68eac13fb0cf75222c07794bb184bb4db9bd818315cc7

SHA512
c9928917f50fadc46a34c610a96617fa61ea3131bd33333589e85fab8677f1f140188d26f9d5369c8a24db4511aff32ddfdf3c2618b6bc63e98815c69131f522

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
2faf363c59070b6129fa9f375b12b84d

SHA1
88215f78385c839929578112ab193ffcac48457d

SHA256
bdff3f50e3eab5c31ecf3dcdf90aa7db8091e074c85b6a298e55c9228c8483e7

SHA512
e38689b2f982365ac4ed56a3849406c0e4228d37813e730606d921e3e5964dae84a669cd66207945d6dddc68da69eece37e0611b3f9d6d119683552e4d88328f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
051535ddc79c8219f89b625983bcba2e

SHA1
de54a751d657f75226ff69de319cfde1170f1cbd

SHA256
b5aa5f952e157e57e15c68c9679523d283badaf03396d9b857f7f08169b239f7

SHA512
6864d0307e09529dfa11da6ce98c91ad72ce1ba7ef5ce256e72d35b3de0b4fdb50940819e54ab40ae4be11c55f582c364ba86c631591d0ac581993e210287995

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
0a2ae29479caf0309bb7f9dde217500c

SHA1
27f0b585de9233dc8a0c3deacf32984dbf527777

SHA256
9f7aaef8437ddf9485b6f4a32cb47e6422b96a09ad0665cf01acd9870b058775

SHA512
9271b6bcadc95303f31065cb2b56aad748c3847ffbc65cbde94d20b13eb683841d21ed377a3d268c9909f86b4fe6e92880652724671e643ba2cade284edccad5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
b17c2673ded40a3a2bcd46d3f816495d

SHA1
c578af1afc5fc81f19e29975179a431d832ac2c1

SHA256
67553a2fd4970dae5eee2e830fa77a3175bdce7d524d7e92f2611489ecfa5abc

SHA512
d137bdacb48182ff57959d5eb15816e2d58e29de2b385e55da9cddeaeabeffc27d36b21e6fea2236665240d6cb3ab0aaac22b0dbc24cf7c76e19dd89cdeb57c7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
a9cdb506332a1720154b260f011f460c

SHA1
f1e136d622e68322f7261fc2fdb257e3ca31a097

SHA256
bde177c10c2e8510232644f1378672b638e1ea40f65f11fd42e876b516c3f5e5

SHA512
aa54d604dc7511af6f746f8d5f031ea7c0065d8593fe256bc4a3212592f4f7ba748c5bd02011b698f6a5de08c85bc1fd844f20a76a058ee085dd3e66552b7410

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
b92a953eae23c70727583a0009b42402

SHA1
9023a737f36ecdfac1325a991aa8b7c2e3fffec0

SHA256
ea86dbd65bec331a857ecbe797f02192534ee4affc6066deb8e3dac86b8c683d

SHA512
37beb16de71b198d71a23d67571842a45455d9eefc4744f1c68e89beb032b012ed6af5a43277bbbebc1cd62c6869517d3c39af0c8f07a3392871c95e5a2368e8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
f73161ee55572e9766a846fed03e5009

SHA1
ef35bd78985e8035a29327af422c2daf68e67731

SHA256
13784a8a8b2265b028c4b4499df29e4ba283bd75b5344786a1c4f42b80fb830a

SHA512
887c7e00c5c148a7836434bf66859f55b2f54133a87aea739da04a8cadd3b71371c48fe7a587114ff79c493644dc2a6327cdbefe61e2acb82f1026a653fd6ce4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
3a40e3743b6498f8a867e49c8e55c624

SHA1
3c1d2d8a3b012b85a479abee3bd3d73aee33e4dc

SHA256
1c656cd898d60f5ca2f68eac9a21bc6fd2c606ecf432a7df5d887c3aa4395107

SHA512
0582a55bbc762a4d2c66ca13b259c6745dbe3f43ed09ee80c7e44d60fe99db0036f0b47342748f51a93ffe9f65ac4bd4fe6fc4671ed7bc845b7b171a1053357e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
0d02ef5afc4e4bd7e73f76e83d9965bb

SHA1
7e833bb2183fec20de56ff47a0c716e1a54ff321

SHA256
370d2259d88b86a774b19b3552bb7fc2ba728375cce294c04f20d6daada2453a

SHA512
b482e630caafca7a2a59c40cf5fb981212a1c8e0d32619f1df44ec3844160eb6392647cb2aced596b81ce5ce35f90b34616d736bdafa9312ff62b5ec08909ac6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
169ee1cdbdb3c57c2d1e5338dba65ab4

SHA1
992467d894fb05519693cc9f2a95215b9b0f845d

SHA256
08a10c5bf9e03b3375a12ad1304aa5eedf6b4c6845d905bcc1fb5f5c3f3d73dc

SHA512
b238953c6de2c0936a010a83f78f7fa4794f98641ff4daddb4fe574d335b1e90ffffc0ad84bd4f80adab7a47a07ca96b86be24acf952fd0041b604dab70e54bc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
c7a3109e68c54a01c046860fde3ba1f1

SHA1
1443e742c78f32e64afbdc5b6d7d79bc64895c29

SHA256
7f51f8b389dec4b29bdfac3271b70404ff4d9174b0beb6880dac10122d606e0a

SHA512
30dff47e3c221d6beffb5e562bfc911f35fd54f11ea631b733449ccef6c5f16fea081d03494fac2e34b06e1141cfacefb5c20e138624e48249f0b9672e687ffb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
ad19c673f1312cb9e86fa9e87fc0f601

SHA1
75778fa77d1b3a4535d726335c13dabc1adce433

SHA256
e280a1e96ca70c2b3367a51c2979cb3beedc2840ff855741a801bb052b23fa9f

SHA512
f914789a71a16d465f4c86f4f989f5bb75a6aa88c721330def9d9933078dc02be546dd42875def0e0d493c68ce735624f20d6e99f418fdaa353064a7acc0e366

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
06aaa21dfa6bc2d5712976e4d10e7d06

SHA1
3ec0ccbd6b0374f72b0a00c44b77d0719b6fe9b2

SHA256
dafb88a0c15c64f2c299f3d6b6dd92a7c5b9bbcbc4b2f1f671a6d64d725a56cc

SHA512
dc0c4d7fde30c66b9a054b79c0e4c8508a9ffea1a527335d64222adb61868817563b4eb5573ab91e81619831ef8dc59b530bff40fea22f707ddc16a195c679e8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
39b5a96df4591d6222bbaf3b4e3ef943

SHA1
71ca9882baf104ac57c83dcb2f1ba5547aed813f

SHA256
3feb8555471184be7977bc9cbb7e7e38301ba9ef9a235c9b7e9570cc9a4f7dc8

SHA512
d337850cad8719b936f50893c8ae7c544391b409abbe5f46c9cabf2e32037c5dcc00c0596d59e49426768d6f736a11ad4cafd27c9bef4356bf21b019dc3c93d2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
73b080d090d6e35e0d79f0d3fb32461d

SHA1
d36fbb7dbfa61fdad5309a1e8c722a0aaef5027e

SHA256
04d846a4b0f4048695efb4a7a0bd4e627090455686e5117084bada15c1a45e21

SHA512
f35fe3548ec3f8011c9211a7c2625f75d0764285ebc1550262ec779a354894277d80fd9fdfefe3c2305ce6cde7cae3274adbe65a6070ae7eef06a189237f4924

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
8d202320f95c78968efb6e7927b8a409

SHA1
da75649387875b2525372d3ee7301078ec61bbde

SHA256
ea0f166a119d459d710a5ca2011797692fe8f60418145722d1e2de402e3c35a5

SHA512
bed04211b657b656eef6e64b2f33a2b818a841b606c91daae6ca05070ff5624a0bc299af3672ed006ab3c7d6da627cf3deb6cef728832d00a18b194999f8276a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
ee9e3d2751bb54147e1a6525e66bd5f4

SHA1
9e57b44a1107057e5534c54b1aef6813bf3a374c

SHA256
2201b32dbbd7a1bcfbbc3787d7c7c98a9c9876096c2117661724fb0b0eb72cff

SHA512
4643306a7fef4f2043a6725d89fc8fcc789620ef90cb59a8ae14b9bc706199113be9ee78b6f6965573523213a1d6679b2553ece97e674ccfdd71cc2f9f13b59d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
264e9b2e9313de3a5ae7b7bac7a3cd5b

SHA1
6c3f68d8ce0ac4ba1c29b0b1202f6c6f35aeab2d

SHA256
8f157b1b332417e70f134502794bedb37ec0088f6e1c9230b7d3948a6094b60d

SHA512
7a505db25f8097e3eed26ecaa36234ee19a69930646403a09bcb28c3bfacdefbd7b156723cca63fc28b8267c682baf0a2c706af933c813e77e8bbd49cc5ce610

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
8353151d3bc81ae393dd9655d89af1d9

SHA1
3d7210adfddeecbf4869f950a259aa8b9bb142af

SHA256
cabbf923ee6abb973ec6db4815da31e182874b3b9d6e2b9e35566c738c586db3

SHA512
cbb1891ba77119fc9738da65f05dcf34fd5d48a0af80b247f5cf657fa4595d79cbac8086e93e51a12b5715567e2bf0500f3ac3ec19791d17e18f88e0245acf3d

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabA3A1.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarA48F.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\HotAction_fi.lnk

Filesize
1KB

MD5
748254bf237fee5f0c846e491c9ee023

SHA1
7490d753ea7c5c1d47c59ab07fadcfb8ec5ea7c8

SHA256
b74f005a59c01ba2668cac9cd95e8a573f2bd478e4c095a324bc7eed0ae64df5

SHA512
0c71f2ffe6dca34f958eff49fb9c83d975baba757e34c75d966e5f9c64397fa4db1077fa13f12e56175fb70a8edfd7cbd11fcfb183b865e99eb08149d56dce9c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HotAction_fi.lnk

Filesize
1KB

MD5
14dca57b1801001d83b594b0d8ab01e2

SHA1
50318414f775f973ab0879782a875b35396083db

SHA256
86a52ecf9d5d8585ad8f3feb2e7025dc4a23852f4fe54f6c4fbcb2be4ca5e9e1

SHA512
cb196bb969b0f510a985f8abb8f6b8f7a2a50c48ca1117703aa61dfa568bb6e9dd463273cdfb6911bfa366d3b7faa8eba86390ba507291cc3e041c003544350d

Download Submit
C:\Users\Admin\Desktop\HotAction_fi.lnk

Filesize
1KB

MD5
fe07e9a195ccac2f5633e9612852f4d2

SHA1
99230170be08ff293645c86aae6c9a5bef017ea8

SHA256
9000e653bbb35e40ce2f63f8e713a6ff8f6791a0e345959a33dcf624cb7feab5

SHA512
30148071f80e09ab124be51ca962fb3c8607fd5a70fbfb853aafe6ee8a127cb9b159edd457e95d10844974f9f93fc4129f1b22d6ce7621f1edc62c27a2430855

Download Submit
memory/1316-19-0x0000000001EE0000-0x0000000001EF0000-memory.dmp

Filesize
64KB

Download
memory/1316-18-0x0000000001EE0000-0x0000000001EF0000-memory.dmp

Filesize
64KB

Download
memory/1316-17-0x0000000001EE0000-0x0000000001EF0000-memory.dmp

Filesize
64KB

Download
memory/1316-23-0x0000000002450000-0x0000000002486000-memory.dmp

Filesize
216KB

Download
memory/1316-42-0x0000000002450000-0x0000000002460000-memory.dmp

Filesize
64KB

Download
memory/1316-0-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/1316-43-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2888-54-0x0000000000490000-0x00000000004A0000-memory.dmp

Filesize
64KB

Download
memory/2888-55-0x00000000004B0000-0x00000000004C0000-memory.dmp

Filesize
64KB

Download
memory/2888-41-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2888-56-0x00000000004B0000-0x00000000004B2000-memory.dmp

Filesize
8KB

Download
memory/2888-57-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2888-60-0x00000000004B0000-0x00000000004C0000-memory.dmp

Filesize
64KB

Download
memory/2888-59-0x00000000004B0000-0x00000000004C0000-memory.dmp

Filesize
64KB

Download
memory/2888-58-0x0000000000490000-0x00000000004A0000-memory.dmp

Filesize
64KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads