5381cf1c07d26fd6eaebf43c14e27edc787e03e2e2959d7fcc106196fce9516f

Analysis

max time kernel
80s
max time network
141s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
21-07-2024 23:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

BandagedBD_Windows.exe
Size

112KB
MD5

5771dc777121b6db68b13177c6d2f479
SHA1

5da5787b7fc16b23a580ca2fb59e596d7ca35a98
SHA256

5381cf1c07d26fd6eaebf43c14e27edc787e03e2e2959d7fcc106196fce9516f
SHA512

fcdcfc0631295d3317063fc2b4e2054cff87f8bc597e0c4481c023d2afabbdd97180d15420b94882d2b85d7dd4d147975312bab6d22b9393f1e9009f03753d72
SSDEEP

1536:uqv7jfumxFM6EajCJyPOcF0bAtYFpFWtFn3VR6Bl:u6/mSOC09/WLn3Or

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "427764865"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003125cc29be9a0e41b44a3d73dc8faf710000000002000000000010660000000100002000000089987085165f1e4fcdad3369b49d0d26752b82902a58efa4a6cf8cab7264760d000000000e8000000002000020000000853712290184d5c595110552d32c358d73317e97e3790224a7ed44cf02abd3d790000000c318a26d5651d2a46c9e06fd33c1d83feee2a554332b3a849af6a239b36a7b378e8fde63649f6b1be01de22a4ac7ff457334fdf62b6e6c4204330e388c3e77c147ed99d38173454e2590c9edd36e9b3c65a4aee0ecc7d48611712efcde7bd7be9ebc51456738e1a9a13bd0eb2069dd7221ee024ae36af1beec68b5c65cabe2d6a71270dc233dda81eb8a556d6fbeb49540000000dc2bf4edb1439999cc8e14bb0b270843e75eab42ffb7fb915d4ffddfb9c50413028fc289c17bb0818cb40d75110e3cbda6bfb2e1fcd79587ebd2cb8d9e114cde	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{6A30DAB1-47B5-11EF-B82A-724B7A5D7CD6} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b0549040c2dbda01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003125cc29be9a0e41b44a3d73dc8faf710000000002000000000010660000000100002000000035cc099ea6eccd9b3df7d09476c6cb653160a4f424f2999c1a37f91dfc9ccb49000000000e80000000020000200000008ccec1af4f371fb882ffd3201dfd7663af054eb55376cad3431c95b282aab03320000000fa9ce470f369adc30380b0ef8f1423faea897520d807d011a9da01d90feb491e400000005806db466a93ba0445b0d58487d2ba06f08cc382baaf2102d0fde1090db2b9f5b14fa8ca279d5da9972f16a518bd9fc8c665de1905fa9ae3d5441e0bdcae754d	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe

Modifies system certificate store 2 TTPs 4 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349	BandagedBD_Windows.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 0f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030853000000010000002600000030243022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c00b00000001000000180000004300b7004f00b7004d00b7004f00b7004400b7004f000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e349200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	BandagedBD_Windows.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 040000000100000010000000497904b0eb8719ac47b0bc11519b74d0030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491d00000001000000100000002e0d6875874a44c820912e85e964cfdb140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b40b00000001000000180000004300b7004f00b7004d00b7004f00b7004400b7004f00000053000000010000002600000030243022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	BandagedBD_Windows.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 1900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa20f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030853000000010000002600000030243022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c00b00000001000000180000004300b7004f00b7004d00b7004f00b7004400b7004f000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e349040000000100000010000000497904b0eb8719ac47b0bc11519b74d0200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	BandagedBD_Windows.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
2536	BandagedBD_Windows.exe
2536	BandagedBD_Windows.exe
2536	BandagedBD_Windows.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2536	BandagedBD_Windows.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1520	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1520	iexplore.exe
1520	iexplore.exe
2864	IEXPLORE.EXE
2864	IEXPLORE.EXE
2864	IEXPLORE.EXE
2864	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2536 wrote to memory of 1520	2536	BandagedBD_Windows.exe	29
PID 2536 wrote to memory of 1520	2536	BandagedBD_Windows.exe	29
PID 2536 wrote to memory of 1520	2536	BandagedBD_Windows.exe	29
PID 2536 wrote to memory of 1520	2536	BandagedBD_Windows.exe	29
PID 1520 wrote to memory of 2864	1520	iexplore.exe	30
PID 1520 wrote to memory of 2864	1520	iexplore.exe	30
PID 1520 wrote to memory of 2864	1520	iexplore.exe	30
PID 1520 wrote to memory of 2864	1520	iexplore.exe	30

C:\Users\Admin\AppData\Local\Temp\BandagedBD_Windows.exe
"C:\Users\Admin\AppData\Local\Temp\BandagedBD_Windows.exe"
1⤵
- Modifies system certificate store
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2536
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe" https://github.com/rauenzi/BBDInstaller/releases/download/v1.0.5/BandagedBD.exe
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1520
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1520 CREDAT:275457 /prefetch:2
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:2864

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0637089c98d3b4d65b85cd85131d0327

SHA1
ec2393aa959ab7c9380c79f977484b57a454ef21

SHA256
8abb3fe9f973a36541df8916e1125f40dc6c85f535d023d3e36f6529b6264153

SHA512
04ab91360e45651ad0271f118f5ea4fe3676e12ac7d98ec60f95883fc48cb06384464514958d81fb8ef0132798f79ff852ad8dd3a2a7f3bba423f650c37b44ac

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ba16e6aa0a751fd5f48b61e31b17976d

SHA1
dccd85c4676f907f739f7ed3df937289d70f8f02

SHA256
7de76742e5996ecb6b73cd1c97be462ecce5fbd1b4c9ec488ed98e7eff0f5ae2

SHA512
271f095e787ac8e9309f2a9d1da9d1b00e9c9c0c53d4cee8e2c3e94af6a173885380923481265831905bcf4897abcae6437f632284791bff2ffd0b1027239acb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
28ee7b345ef506ba3ca5c74541379d6e

SHA1
69c7e51d18de5ab93e65fd1e01365ca45f15908d

SHA256
4e56a184edb003000c784fb62491e5ecaafc452e222f7898c9ffab637844fb14

SHA512
ca35406143de047656629e7979e1a16dc4354946646a22a4631883479ac3cbe40255ed71d3731fd3ac377314f8dbe4c071eac224ee8ef7bc04ecab9976676546

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
efd560bdf205d60db8ffed57e6b3430e

SHA1
a7c78d6fe1a8cc41412457a84643f2542c7e2824

SHA256
133c51031748e7986fbe03f97bb52f3602dae567cb518126eefd6ea668583649

SHA512
82c432f24dcd027a0b46d82cb10c88a41d31a2b7b21d47ce97dda611b6590d75ff76a35e93e057573d047e43557ab9afa59fcc738826a6aa5675e0ddff4d9a3a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a0fcd72f7e36afaeb12ab889c1b866f8

SHA1
30a808c3f2196fd4474ee554aa8515d8a30f8d1c

SHA256
929c6462f9bcb2061310ad7e320848b5c20787f6e629cef4e2f24ba78585329f

SHA512
65085636698e02f44b4adc34725645f361835cb53bda79a1bf3c7511f1b1613336b61dc4aed4ee069e465adb19115f9d52cc114d1ccfb5c2db1d79da9fce2b3a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
aadb7d17ed7b5e48fcbe16a5c70f6fee

SHA1
6e4d1aeb3d98fbe0b3e55359182448095388ed91

SHA256
a09544471c2f3d19ee3812bc8da6125f401a4f5ed55eb0a8cfb9cbdf062c13e0

SHA512
a5995bae09db8fde3c150bba49c1b702f230a9fd4e714cbbd77db575396efcae078eca96dc301247a63725f033f492fc6cb45a5d6fdaff4755a356cea9fe8128

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ad6fb6cdefcc8715c17e88934d78b931

SHA1
38c9da0941dbbc6ae79f3f63780f450ce74d1405

SHA256
711be1085b53e6a97ad14700de01451304caa54204298db4440db6e22fddfeed

SHA512
ebbd4b3158aa8793e2fbe037e9817e3f4918d057f61eb8d0bc673f03347804257343340e63a80d8dc4a96d0adeb2b08752efe74e6e885ba120bce7d4438d2753

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8fcb732b783ae0a451bd1d7bfc0a8cc0

SHA1
4ea177b7e28643aa6049961cdfc5533671c4cd0d

SHA256
d4e82685f92e7feb93b9aa18fb5db0ff608c4358b33b546f72450261da7cd049

SHA512
bc925dc66f25203b2bd36905307472197bab7d2cc366c62bf3aa9d602f7cce8055037a7e280a1d74239c3a10014b497aa9c245ec455a884c552dce3fc9f2f857

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
65038eda029409a760b9feaefebcff7c

SHA1
634e069df1173b643742c8935b8b1277f63fb7fc

SHA256
f882662ed32befd53c11be3dca8cb2e31f2bdffc3e486237d921b4d0630fd827

SHA512
542a5cd71aa33030858db049a849a8c597a47ef4d4b7c85718e633af7ce681c8aa008f9dccb736900c459490e893e53b62419f3e97411f4ea0ec20880fcdbbe8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4c473883b083ef15380640489146607c

SHA1
3ca93e816eebb0ab431f59ea3f1d401ccc602318

SHA256
984b31e269e00e61895565f16b496c657819ba77c6ca80532c28eea70f5d4f82

SHA512
c4aa5d4d63f8b8623e586f1270950a97ac0f84c66ab983651eb4ce00bdcfbca138085636b9cb0e6bd03ed4a62ce31da07f3b03aaafe2ed19b16be2a0b9f9ca85

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
141c640b35b0056d778dd222734ca38d

SHA1
49f9c72374f3472cab2747cced022ca43009db6e

SHA256
9edad4cf8586f4bd23f4d2aedb61ad7587bcdb673b4c28e28615edbfb98f3e7b

SHA512
4ca9e84d2fe222aee5d2f3927d54219e182a0e04598606c33763a5b8231f890494cd2264494ac15de5923e767e6093ec7fcb6ee4519095b1c36566721ab8fdc4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bec1cc08dae10e3dac683ed3c9f43e60

SHA1
a5876773b935e752ec9dbe7b7502110e818c0b55

SHA256
ce8bd589128d5b210a4bba2da190c8f800f908afcfa50611938726f5eb59c6e8

SHA512
5eaf33d5c32d0eecbf66ee7e8babcc50e300235b305161164f8cfb3f3d448a1764b549e50d17013db5b59edb5b2c8e87bb9c6b166d7cdaec9e914dcc6522bb8d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2caf466e9aadd2e88e5a7a1df04dd487

SHA1
0d164447a62d7f2cf40a364f586638636b7826dc

SHA256
c6592b14a4fe36e860f3a30162c4864c8f822fcbc1774e20b79b02ac4a541dd8

SHA512
41b8690b7a545bd7c7af98c3c4497b69e6917adf194d70cb8bea40028d202831bea5bed92b53798115406d4168836f6292c6cbe54c3f7a742096dcc6b72c29c8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9d097afd877ab8cba3c7236617f9c227

SHA1
9f7dec74e971202ad705fdd5c0b81e4f6a3b7546

SHA256
fbb37a58d7c1b01715daca9d378f32a8fbdc5d8280c401dd924c30dcd9f4b426

SHA512
97a634f36280797e7b655882c29a308e9e3d0c5d22e6459b26c53390e3865de2ff69f872e47b76c32b58a1dfc3974af397ae34cd9a4a3fd427d1f43db6c1b47b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1b71f3b2072ff59205ac75083e08c16d

SHA1
f5765cb9dc70e0ed32e195c0a9783bf42496786c

SHA256
d04ceb2f74430cb34890c79af41c609179907c8b7782a6ad325c723963b442b7

SHA512
fa7b7d6be202122be50e821a457d0940d34c13f20d9579d40be807ea8a97f70115714c3eb3042ebe1c4558467f9ddaa64e96ae1624b72df8bc939ae40d200b4e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
150651d77e242f70235b88b39aef2358

SHA1
90c03c81faa091b1c73110f731755ce112b8ed48

SHA256
402234e96f384fb6e7c832b4d43892e12ba13f1776af7e0aa6d9a3e6b83e2d6c

SHA512
ab7d492f34430c0c0199a479691cbff5b41bb7887afff7a16baf84c6fb7fda7757b3724f9846504fd3038824f43f881eecd016ec65c58421e84b4ec39aac836f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9d82d1da3167a8c9efc6c1e553431fb5

SHA1
ee25d4c48e70221b5ae10765860b7477f2d28d32

SHA256
303de308228f43c0a6442ed1367d1ae14fc9e81d3cf6c7e9a2d0abbb6d433940

SHA512
eb66fbbc5a19f31ec0fa3a270076bfb5b35ca27b0be718218666f3db0c89ae2d3fb24a8aa36eb680c6fc270556fa3a8dad367ea03646b00ad12a01c93823724d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a91240aba7547601864fd90a288fe3de

SHA1
10b59bbd4cb1a0627633cae755bb3227198fbc4c

SHA256
8db32be416b1439f738a314f0484277fccae0ef067cc370bce9a79e18f2308cc

SHA512
e5dc9bfc0ebf8445e526417f11f00220658ac3a105bde57ce9b294f5620e8c62fe8720ce29e345fc3df372f32eb6065a1c8febc12e89ae354d700992210f10d3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d54cc32da231ce11c1cb0c3fffd60c96

SHA1
6452829f841091b6f77325dfd6309e097eb33d62

SHA256
62e6a913df1b7c1e43541e30ad0b78f41b89405ca99bb8f1fd2653607905b6cf

SHA512
a9f89b57c417abd726f883a6880372748ae1748c6b13af0de83bb29bd1d88a728ec1babfb72143f7f6d39bdb2bdd1ae0b656f4707e6fda1edb193e404729ec1b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
431e66e64ecaf274ce9f39f24d8dc845

SHA1
8609f91e0bcb550eaa07ef2f6ecd295f74c911cb

SHA256
23055715245186cd313773edf859455df822825fe66f217612983c8ddd96c83a

SHA512
97b5e1119d8168ffce1a7fe08471b2423491bca3b61c6733de631e3c7f91e05bfe114d51b3400f42913578fece053d3edd05d4ca2f69991106a42d3b96b8e4a2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
83f9e57377fe1dde117c07197cb53f9c

SHA1
2ae3b8a0112bdf4b427b1a41669ade205c54ae81

SHA256
a971728d9a187f17299bb214e2f2eff3b40feecf2fdc14c74ce80431f0a015fd

SHA512
4d0e77da6ff3143561081d9fdb0d8aa0c7fe1d060877fa5f92919f4ae449ba55bf310eb54cecf080a2d57ab5d651cd9d14e56b79321fdaa5766cd952f270b492

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
70842c203ea21d64df20712d84b880dc

SHA1
6228ec984b659fae99739434ba8aad3f44d7becf

SHA256
c5e8cba27673aede01e94213897cc8d78730219235a795e84a30f4c02b52eeae

SHA512
48e2a6c1de337fb38cbf7cfd55a1cd383c54b949fc0f35ab49862186ce5c91392b1ad2d286d53a02e0626726a36b2673acf94f5336c63d90e63ca1e019d84954

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7359c70fbeb02a766f42630f85a26525

SHA1
cc1c12f1b79007bf8d9dfca52e4e2ec886973828

SHA256
7a61697c23c34c8b9ecc032a6bca18c8f946b34433d3776d26b6976c8e17b545

SHA512
22fd0adca65ba27a6a436a1ab8674837cc86286bf181f9831c2a7d0212af49e5fd7a75d68d898ee53f2cda6899f1c9ff21c9820f144c47f8537becb887508ffa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c2853708f4ba96352391a14f970708f8

SHA1
4ba357ce9474d01f04dcb83fb00f0b4df9b19017

SHA256
d3686c3b8f5602334626d047cd0c974dbece4d14c0e2f9a9d58482ebc08c3d44

SHA512
121b94bc9dca499b8c1b37bc63db27ea536e203cc6f840ed018cd9de98716d194089ad64383ff3c1de44d83e194110706590cf9d2a913e5af4953c0b8ba6742e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
20cbafd33cde787a8fe574b0bffe9a01

SHA1
002ee1310a702dc3fc5ce132dd01a3b285c10a24

SHA256
257d3e0dfe175ceed9e57b1b37d4d4ae8cac3726a8ba4f5503da45986ccffcb0

SHA512
64302aac9507582c2d000710b567bbff62edd73ded2479ab56c5c47e594b299600f4643ca7927f80887072e9bf9c23658f7d83ef601b5c1588b2452e8ab1f3b6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e1b6fe31a0c5a0b55ab9520137c9a90e

SHA1
a346beef4504a2f7610400cac2277609c08e48c9

SHA256
5b563e565ecdc36a228b241a6d8c36ec610f3e17e3c84a2060f87df5dc1ad200

SHA512
c023de233fba1b381f19dbd0fff6761b3d9c3d8dc88ba55db73769997366a4aea5c3d72540f943749692bba9ad38348e3ffa66eee8020c0b309208bead450e14

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
566d332b1c8da23e4fcfa3e7001800b7

SHA1
0a995c89d79ff3dfa54f8ec028a9a41fea1e9f4a

SHA256
bb9309e0d4dd3072ac427920321156440933d060ff0e5fd9b7027a80c435c626

SHA512
5de4e921e8898cdeaadaafeab0f9ea36d4e3b0089006e980bede68c632134d4b73f0ebdbae2e3dadd6475d87327e88d65cd1a476d6c36847e200e690d5f053fa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fcea3d2927943c74238daf71e7727eeb

SHA1
0eb374efe0933d0d8f2eb62238869373e63968e7

SHA256
5a717c613f7cb023e1d3fe7eec8c76c7f4a1535b878c25bb48a2efa5045d44ba

SHA512
2e31b22a21ecfe62e0d98494645192d8dd0efd50b013eb185af978f62979c1800704f4d559b6e4206221de7c55a61b2519dca73f92b1ae379268cdf8b9137eaa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8e8c84601cac07f7cd23dcd03a6087ea

SHA1
b4f2fe0c405cd986adee0bd8339ff7de5ea70d3a

SHA256
6e78b696df8c5d0166c4521833599eb820f83149696cdc57d26dc270f5c2ca50

SHA512
b9cdfe3891501eb4b86e81c92a3f96ce3ffe7711e1c117e6d35e3e842c8f6d601d5c616e02364c3ac6baba94b076a883e46be570947a717e17b0d99789ab24db

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
63cf7cbb1c51d89a539e738a95da6637

SHA1
1af6ad5ff0bedad6a8c1ffbf710062169abf2667

SHA256
b7c33da2b8e8d2e2269b3b711d6b77c425e19ea9847a30e29347bf58e4e3ca21

SHA512
0096de6b84cf6417f5e6b0ff2f95ad534aefc8f88b740d1b4b67db08d02a3ff3e71d8ccb6b6ca515b8977cec2df14cbde6114230f817c25363fdc9cf614a8014

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
834e104caffbdeba8a62a7c1a0da1759

SHA1
849f267ca02cd8560cc43fc32c66ab427b875275

SHA256
113941db0a2ddb736a5d9fbb467d451a745735f288c89041bc368c3c12aa68de

SHA512
828203a8de509d67f54ba3c3f99f28a9d269dcadc2cedde0238617886b4abeed4f8af55bafd24c77d71e7e984351309dde9b311d5d5fa2a97f1db92f11ff746b

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabB56C.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarB58E.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
memory/2536-0-0x00000000747AE000-0x00000000747AF000-memory.dmp

Filesize
4KB

Download
memory/2536-38-0x00000000747A0000-0x0000000074E8E000-memory.dmp

Filesize
6.9MB

Download
memory/2536-3-0x00000000747A0000-0x0000000074E8E000-memory.dmp

Filesize
6.9MB

Download
memory/2536-2-0x00000000747A0000-0x0000000074E8E000-memory.dmp

Filesize
6.9MB

Download
memory/2536-1-0x0000000000200000-0x0000000000222000-memory.dmp

Filesize
136KB

Download