0a490e3c9806bd30951c5f4aff365a50de18e9bc46077b51b1241b102e3626d5

Analysis

max time kernel
138s
max time network
131s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
19-07-2024 09:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5b5fb970f054d8c8bdb3d75cd246c497_JaffaCakes118.exe
Size

142KB
MD5

5b5fb970f054d8c8bdb3d75cd246c497
SHA1

9f21eda6810d55f0461581236778a16b1c5b2576
SHA256

0a490e3c9806bd30951c5f4aff365a50de18e9bc46077b51b1241b102e3626d5
SHA512

359049be3ed61228cd39d6eecc39097fad04b4a6d8d9beb4872238096d1a19a251e66185f40357649af5e15cad6aa4185e757f23a97f02e0d2644a2691a6ee09
SSDEEP

3072:Tqc5vBAaDGRpEKXRGCO/kPEImUfkc1Jc6C9WdtH00dqKPiasESijU44XEFv1StH:VFypvA4MVOkQJc6CEQEnPixEvQEFv1St

Score

7^/10

aspackv2 persistence

Malware Config

Signatures

ASPack v2.12-2.42 1 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

resource	yara_rule
behavioral1/memory/2036-1-0x0000000000400000-0x0000000000482000-memory.dmp	aspack_v212_v242

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Windows\CurrentVersion\Run\wmplayer = "C:\\MessengerPlus\\mplayer2.exe"	5b5fb970f054d8c8bdb3d75cd246c497_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 39 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Download	5b5fb970f054d8c8bdb3d75cd246c497_JaffaCakes118.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Download\RunInvalidSignatures = "00000001"	5b5fb970f054d8c8bdb3d75cd246c497_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000082ebb0b9d6f3f0458e93e15bd38f268f00000000020000000000106600000001000020000000146fe1af2a8ae7d253b1a303b4a4f24dffc61dd794b1026e3e94ec58997c3d14000000000e8000000002000020000000af81ef1a242633e7e3c9ba5db018572d6e8675779eb3681a3bfb9cd3a8a95d8590000000f316ca31cad343da8d1910bc421697c909da2a4b677810fd64209ab3476a7fe9c364a1fe2f231ea283747a9cf9a0a79df0d1b47104a327da29501bda4a6adf4975deaf6b190697019472b1c0de39bbcab98d67e9d76b21d03283b7c767801e5273b558ee9ca2f319819e7d00b64cadee328de6112132a851d4ad922a9928abe3f92c460b39fdffd385189ee041adf3fe40000000f5aaa0ee5c3a694d2805ab5a7080394ae59bf013deea722d44f07fabb15c9b35e01bacd496893656cd53bd8b8e63de8190cf071c3f9052643452eae7588d6a9e	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{DF9A5481-45B1-11EF-857A-72D3501DAA0F} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000082ebb0b9d6f3f0458e93e15bd38f268f00000000020000000000106600000001000020000000f69e2672ac39d443e83a311d80279bf517976cf3e0d9ae2441b13199d31d6c75000000000e8000000002000020000000399764ec57f2ab5c54be7cd464b475429b7fc9c89b67360b0ec8ddf355ba761d2000000020832bc58e984f6d54198f003a5d3436bfcc54907d15d71dcb83731e4b124079400000000f243b243a7906febb4bbc6b85165cf4173202c152843ad67a9bd3175560f614a4e6e4b8deae97eb1b8a68f573ce9be92c3bbcfc1a4b2c0f51d7a4667384a8b7	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Download\CheckExeSignatures = "no"	5b5fb970f054d8c8bdb3d75cd246c497_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c08c8fb8bed9da01	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "427543441"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2488	iexplore.exe

Suspicious use of SetWindowsHookEx 7 IoCs

pid	Process
2036	5b5fb970f054d8c8bdb3d75cd246c497_JaffaCakes118.exe
2488	iexplore.exe
2488	iexplore.exe
2200	IEXPLORE.EXE
2200	IEXPLORE.EXE
2200	IEXPLORE.EXE
2200	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2036 wrote to memory of 2488	2036	5b5fb970f054d8c8bdb3d75cd246c497_JaffaCakes118.exe	31
PID 2036 wrote to memory of 2488	2036	5b5fb970f054d8c8bdb3d75cd246c497_JaffaCakes118.exe	31
PID 2036 wrote to memory of 2488	2036	5b5fb970f054d8c8bdb3d75cd246c497_JaffaCakes118.exe	31
PID 2036 wrote to memory of 2488	2036	5b5fb970f054d8c8bdb3d75cd246c497_JaffaCakes118.exe	31
PID 2488 wrote to memory of 2200	2488	iexplore.exe	32
PID 2488 wrote to memory of 2200	2488	iexplore.exe	32
PID 2488 wrote to memory of 2200	2488	iexplore.exe	32
PID 2488 wrote to memory of 2200	2488	iexplore.exe	32

C:\Users\Admin\AppData\Local\Temp\5b5fb970f054d8c8bdb3d75cd246c497_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5b5fb970f054d8c8bdb3d75cd246c497_JaffaCakes118.exe"
1⤵
- Adds Run key to start application
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2036
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe" http://www.youtube.com/watch?v=vsd3g0h_vs0
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2488
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2488 CREDAT:275457 /prefetch:2
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:2200

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
71e7f2199688bf585382c32f5833861c

SHA1
86e866216dbeb17f04e05f0e43840d3889fcefe7

SHA256
6adca730615d06ecf7008cd5e2eb3f251f0f10ca685a26be088ca8b2467612f9

SHA512
7cb8830a5a0ef01b8a8df048d160139cd1ef8a087bfc4ad5b7e2b7114413780b85c185d4fda59579e98906092187c47a75fa0b5ab0d7d7daa0b8c2f21f139769

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6a7311862b464d783406c8229c730373

SHA1
8f1155a4e0915fcfb37f72846bc94e269a39de32

SHA256
8d6a20830b550c5ff98f84d25f5f3b6b492d8758a8d2bf0ccb26c88020a0a908

SHA512
e4a15930d86d2df9b72cc462bb188f0693103249297626598dd4f3b5ce2128fffccab1190abf74ad5934934e71bd2973c46e933a52df262da07f2f5878081792

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
04d4605ccd06a4d0b0fb2f0e8a088736

SHA1
d0cf4e4c8be1a1f66a82f2573fa5eeb182aa3dff

SHA256
70f00866a0e2ac851b03e40ae3c3f097732772a7898d3347df4a1cee2a1f7027

SHA512
c0575bb6e4bf67f48b32efe2c1799f9640862c9749ed2a616b487a0582fbbfd7bdec7bf57b7d669606a39c83548d0a6669e9054851c9bde05d8bf37ba6e6e1ca

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cb44215166cece4e6caa04ba769a30e8

SHA1
f3fcd0d00790e40fb32e109135e5a3ec91808810

SHA256
0d9167aae8a0e692deb990aed80ab79e35736bd07f2067d12c9bc895728c805d

SHA512
8f47cc183d9709c211d7c3c10f7dd529207767aacf38ccc4111b5405fca0e109a6578cbefb7eded901afd5a09153f85934a13d5d0aa4372b758f908ab9bafbe5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
154ed2f00c6662c3f0ebae9ac6db3f1b

SHA1
8b0e3d51b7bf0b0e5fd64a577213f51f4d51ac8c

SHA256
eff4339a1a48c7a652b5d6b7ff3bc7c38314ca07b8c14e4b8c42ef109da42abb

SHA512
499f8d9c7b53e413c5378c01bd33cd1aa44cda0b856866e4ac498f1e60a8bc727909e3de6564b512634b1af9e88ad0286850663c3dd49e7fb995508bedaa7357

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
710a01cec9fb22d9cba1e08edc47d116

SHA1
96026e9a70738854fb29c315d813342232194af4

SHA256
a83983583b6e1162940efc6b92571fe5584a2821af4123787c80088faf062bcf

SHA512
5fb568e692e56305b0f0886cf88dfccb2f77a229065d55c0dca502c0d5d10e1e5df8fc826b498dd75a2be30deaf5db59e5cd08446e5d651fe1ce9557add86ca1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ee05101c7fc6963570fb234dd59f317d

SHA1
27f3e78cfa4f13c1b62b8a89f58e7bf4d0137173

SHA256
c23e4edde5d432c09a5978ddd2ec094e8741a5777f9327c30ef56c1b9287a371

SHA512
b78138f97deabaa44016d0613807da6b3448c5285e574e35ee015b57810ac869729aec4b6d84b2c3dc95b869c90398fcdf539280fd4de3d8016e0908a3e93267

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4b3c2b4c0ed06c9deaa534dc41853036

SHA1
144717df9ae1d80817bb219d877fb22a29ce58dc

SHA256
660c9021699595a0565963adb492c1bbc4eaa9aac8509cab13e93b2f96ad9be8

SHA512
6a5834950bf6bbca099cae62cacfdceece64c6cd4ce330b52c41ba0db7e79e431f1d0fa6edbcf1e878e60dcb74bbb79cda25ce1dac6defa2a447ccd08a239bac

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a56a00ec982f0430dae5740e8c33ad33

SHA1
e8f817b680e43d5f01cb0a333f1aacbd8df496ea

SHA256
221380310116f65ca25c2c68cd7309d57928afa654ebe0dfc2692faeaba3d3ec

SHA512
ff492ede58583fd221274d5f2eb0cb5fe1cd571a029ac82e9e131e0dcb6dc662ef46f4f7dadd67517aa4cf2dbfedf4b8ec45eabc604e90a7a9528d0223122687

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7bd35bef5b4de17af444b07e108aeb3e

SHA1
95d3066cd9a877b72b8c68de3324fbc777263768

SHA256
e316a75df1eb43a7d126a92fd91e440165f9b57f3d16c1a94fbee3a261119c35

SHA512
6f310ec74a7df24e8c801b750b7e66c28f3ab2c12843d5b6729658681b3b3c08747d8cc23df2d3f6b9a5638f79f2436748adab3b4b1ea98da29e536acb652a8e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f5b7082c9af953b453067656a238449e

SHA1
ff5a48dde5e0d03409d7a690b2c6f328e890d81d

SHA256
0e9a2e5612e938c19f2ce508b995a6d3bacd0ea5500c61e38df24e1f7728c0df

SHA512
bba92f76269040f604972c520afce0bcb1e85b0fa09649817ae7cb322804def4b6eac24cf237037f27455fea9916981307ca5eef8a66b48f975032f758ea66b6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
35b4585825efff3270a7e54763eed6b6

SHA1
d9b4f5861571c90a362f74fa28f0a74e85031b4e

SHA256
dbd74f65c0b7a58bd7525a0ea8b22e1be6874133226eeff5800ffe0b5f2fc1d4

SHA512
03f55be19e168b92ce088b0a8f6ac037a511b89674346f9be85756841a7077b30af7c8ef4d799b04158691bef2b191ec46e84c8be5227054f24eca92493dc65b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0da6d360670bb57822bb0c80c86c0924

SHA1
9ec137767d24fc4581c796f7a2c92c0b5c51b007

SHA256
0587e78f9cf6f576e963f0d0dc36bdbfd3efb6d1f7c189bceacf6629b791feff

SHA512
1d08e239d5bb7957844262c641581b9815697595d4d40fa0d1d85d6ed6bb69f08f2b7de08efb2c0ed6c18fc8d1ac39c7e44fcc954511c17a3beb0668bd4b4b27

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d27e237498380f2db2c53350ea09e189

SHA1
03bccae99f260af91991a50584e84e457722bd33

SHA256
aceaf5903b8623c137dc31b2a1259cc1cf06ecd8a0c5d54cdfdd62399d0c7212

SHA512
90a666fa065bc8e19c950c06de23aee6f5ebe58569531816071cb312c8e2f17cc646f90fe105537f356dc61048c4d811d925ecd513f4005e9aa945e8f503c0aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ff2dd3de980a0aa9a83fb8a16c4ce56f

SHA1
7d365f56404848773f76810bf9f47cfb350d180e

SHA256
9c0a6ed4270a1e515dda13cebd046b7d36c962d90f943d94e6dcfa2c2c66a03e

SHA512
94708d51f9ebe479110fd105ac688b7985650e17f75df73ac946859a2911246fd0e2621de70c5f044ed8270820e41822495e753bb0f1bec0ac9bcb292d510a81

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
235411b7cdd36abdde594523757645a9

SHA1
241611dc74aa54830b9e6aeadbdd4ff3f8be843b

SHA256
c98f81503eb62274b056fe8ffb64e8e905540316f0e5952a55e94c7a74a9598f

SHA512
6ad41419df08ece5fff8a945bf985a4528ce1dcd4e76798bfffbbe4c61cd05b0c0dcc3a78f29b2a8fc21633a305f1a99e6df6cdacff0eaa80e9740e151da9b40

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bcfd821aae84ca1616565386935d139f

SHA1
3188436039a0164471d0835d27afd373ce67fad9

SHA256
5d22d4a14afc874ce35bd4ef295b9d41e72486eb01b42ddd54e77c0673e26e48

SHA512
361d7470bda7cfe4824af8458cf9177a431122518b8eb6153451acb6f05d23898e1781f079b0019c8e2075e6d1e46319fa3c00e8c3c75ce6386816462a414779

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c8a19774a988b8c9170f41a9c0134d58

SHA1
23f21eb7709a07008850a34668908928c79a1cf3

SHA256
84b14fee4869e772c0b814d5bf35cc4233d5d485df12d6f0f17bb24670f03d01

SHA512
d3e9c280f7ead9958e8b8218bfbe95cc7f4077694e6841f046fe3a5c5ae4bccca4d604d33dbb233f66996203db40629e8d431d31d56c1e6fad9b624ae639ab79

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
dde1f27a118b01e41f8b7de3bfb11149

SHA1
fd6950d651ee64dd38af16c99f4c01d7fe0c2ff4

SHA256
4447d786b2fe48c5005e3320c92f097680d555024bf51497effaa6b5c33f28a3

SHA512
989162a3f40dbd45bd5debdea72cec76ad6c1456f441a62e8c1fff0b8efa8cc7c11e82805ddf85c699d476de5ad8f45eebaf43f9f61cbc6fe89105f919139a00

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\hqw8ypt\imagestore.dat

Filesize
1KB

MD5
5047200cd6619f2b73a7db1234922dad

SHA1
a5b65b02111381c9d53368c132778e955c07df4a

SHA256
1167ec20e8c06a465942c85d01e21373e93acfe22a7d8549f7c8c1d36dcf511c

SHA512
7ff3e8620b82121126e41a78873674659603878b61c2a0a7b2be85866a15066e1cbf8e915d6ef1da9a6a715f9a6781a3c5d12e8ccc77599acf2604c9d7fcd6fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BVY7RUMW\favicon[1].ico

Filesize
1KB

MD5
f2a495d85735b9a0ac65deb19c129985

SHA1
f2e22853e5da3e1017d5e1e319eeefe4f622e8c8

SHA256
8bb1d0fa43a17436d59dd546f6f74c76dc44735def7522c22d8031166db8911d

SHA512
6ca6a89de3fa98ca1efcf0b19b8a80420e023f38ed00f4496dc0f821cea23d24fb0992cee58c6d089f093fdefca42b60bb3a0a0b16c97b9862d75b269ae8463b

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabDA8.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarDAB.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
memory/2036-0-0x0000000000020000-0x0000000000021000-memory.dmp

Filesize
4KB

Download
memory/2036-1-0x0000000000400000-0x0000000000482000-memory.dmp

Filesize
520KB

Download
memory/2036-2-0x0000000000330000-0x0000000000376000-memory.dmp

Filesize
280KB

Download
memory/2036-3-0x0000000000400000-0x0000000000482000-memory.dmp

Filesize
520KB

Download
memory/2036-8-0x0000000000330000-0x0000000000376000-memory.dmp

Filesize
280KB

Download
memory/2036-7-0x0000000000400000-0x0000000000482000-memory.dmp

Filesize
520KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads