hxxps://www[.]mediafire[.]com/file/9b3nj02vi74mtcu/WaveCrackedByKrasnDan[.]rar/file

Analysis

max time kernel
300s
max time network
305s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
21-07-2024 13:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.mediafire.com/file/9b3nj02vi74mtcu/WaveCrackedByKrasnDan.rar/file

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer Phishing Filter 1 TTPs 2 IoCs

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\PhishingFilter	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\PhishingFilter\ClientSupported_MigrationTime = b0f8d76872dbda01	iexplore.exe

Modifies Internet Explorer settings 1 TTPs 56 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "111"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\DOMStorage\mediafire.com\Total = "124"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\DOMStorage\mediafire.com\Total = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "51"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "0"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "808"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\DOMStorage\mediafire.com\Total = "808"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\DOMStorage\mediafire.com\NumberOfSubdomains = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\DOMStorage\mediafire.com\Total = "51"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\DOMStorage	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\DOMStorage\mediafire.com\Total = "111"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\DOMStorage\mediafire.com	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.mediafire.com\ = "124"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.mediafire.com	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{833592D1-4765-11EF-B8DF-E649859EC46C} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.mediafire.com\ = "51"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "124"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 6045c95c72dbda01	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "427730548"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bb7c5835718279428690b074aa627b70000000000200000000001066000000010000200000000004055c04904eb4362053c1ca221fa2da025119c3a43682dbc6645440b70567000000000e8000000002000020000000d43f4584f4ba61803f16862724022e398fd2a45c3be39a363062a8a72040a0f620000000395ab9ea1eb57c0a683fd7d9244a756945507ef3391426d1e35d04d6c9f7bee840000000b4ce82241a20d81779f891546397877dd78eeb097248e6a0cd1d226561bf8af90b5705a7d0846d59a59b9e0e5aabb17c480af85603d25c04a02cef6d07190675	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.mediafire.com\ = "808"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.mediafire.com\ = "0"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bb7c5835718279428690b074aa627b7000000000020000000000106600000001000020000000714cab1b45e4fb15258072d61cced1512f9cfc015246709ca59d436ee340bfe6000000000e8000000002000020000000d68fd9ef2d2b540a3d47edbc40b61537c516f54e0053414c1abd9ec00fb096c890000000c502ef6a3880282dfce77029f83ed778b167642568304d4ab952cf257713f9a98dbaeddf6eb3100819c5af7c268644a730277325473802399c6e1cf48413c4fd38c4a4864358647a43cc33f9ef4cae7c1e8b6988290a311ab5396b84cd7f9bab63ce7b3df7b108d9bfc8f876583ef84d0b452f53f10c83100cacd81bd2f6a3146500dec746710d35eb9ee3dd6b7c0a4b4000000023c4fba1cbcb23b4cb912dc2d53b293936184d6f3628264d9f39d435265c1d48af7f9b71660b36fa61f97754ef35237c2a0170dca1d0586ff4b76302a15340d4	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.mediafire.com\ = "111"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
2592	iexplore.exe
2592	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2592	iexplore.exe
2592	iexplore.exe
2504	IEXPLORE.EXE
2504	IEXPLORE.EXE
2504	IEXPLORE.EXE
2504	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2592 wrote to memory of 2504	2592	iexplore.exe	29
PID 2592 wrote to memory of 2504	2592	iexplore.exe	29
PID 2592 wrote to memory of 2504	2592	iexplore.exe	29
PID 2592 wrote to memory of 2504	2592	iexplore.exe	29

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" https://www.mediafire.com/file/9b3nj02vi74mtcu/WaveCrackedByKrasnDan.rar/file
1⤵
- Modifies Internet Explorer Phishing Filter
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2592
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2592 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2504

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\New Text Document.txt
1⤵
PID:2388

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

Filesize
1KB

MD5
55540a230bdab55187a841cfe1aa1545

SHA1
363e4734f757bdeb89868efe94907774a327695e

SHA256
d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

SHA512
c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

Filesize
230B

MD5
34ba8d6b636cdf02de1c39f97fe2f415

SHA1
5a9f5a51171c6f08dea921f9796286f00886d48c

SHA256
c6520f3cfb9b48fae9f93a8d2101fb9d279313da404a3bd8e9d00ca0c2a3058f

SHA512
da77e736e7ba4edf2921c113d78d32dc03d676946f881b606828ebf802f0c65e438155ac9c9b43d2636c5439447e8e805bd16b07e39bc4254e0e0e8cf0888c60

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
08e8a69499c93727ba1d7b3326a06316

SHA1
4903d4de8bd4b1e13cbd3ac55b2ebdde847748c6

SHA256
390ed3ac3ffd7211c2c7f6f5313e9d1e7f1f137930c9c5f9b93204fe1bfe3825

SHA512
00bc5a01444644ce4f0b605a16463b11d6ccf1e8359aa2f2e48613cb4213e81bac104b01df2da991a68c84a69e2470a3f4db3f8ab22451de8aedf787d1dada16

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6c9560cd496c323eef8875736e39d3e2

SHA1
7f4cdcc5683143deef90f6a8e2ea162c4a5e490e

SHA256
829bc37556cafe06c8702ddc6fbbfcfb4dbe7ee3fcd480609f35a113474c866e

SHA512
35f08ed3225b35aa35e0d6a15458846e24b18b941713a48e0cdf59ad49ff4851d9d32f03830d83d7409af1014eef2b18f0ea8d40e57ae0a69fb08a7e3be7db4d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6c266736d2b82d02b08b44a0f3b6affd

SHA1
cb66a35f6754e815fbd6dadd1323099f93dca304

SHA256
83261c46fff79f09987be84ec06c75773140147045c6910a92740fbbed863615

SHA512
13ea0ed061c054539b18ac14629c364eb92b7f76d1547d3761edaaeb26839e84261710f3ebbf89f4dbcb61d1ffeb3c34b44319827840c56288d631b2d3a67d7c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ad769df773601e51786ef468ca56e8b6

SHA1
a81cd2cd41ba347c440b9a38e33cc5a8219aef3c

SHA256
25d9b0d3dce4c6515a54010a6a69bd97796370757346bfe7888bb2320a805317

SHA512
765ad025734c955ed3398ac6e79fded3fb0ceea6d355bc77e63536b9b9791e8204d35b63bdf4be4a80bc8f2c23a4426e6fb6ae44cb590533c4644d5fea413514

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
33d76fe59a8b0c90cf08c6b6bc542d41

SHA1
6a560f70671bc7512d62a5d89cf17e0078bee70d

SHA256
a9ff17cd4ed3805a8537b941c72824ca670018b38244b0648693e621136fa219

SHA512
bf927318962317ad5dc641d0f3973568d89ec49f2e4b4611676c791d5e519814bb2fb67cfd73768b2cfefbfb23eee5873571f1ae8deeb6b84865bb6506b9ec0e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a4ebc6d5f09792e02ea21c25b21ebfdb

SHA1
109c685d551287f1ec313ee0170e8a50ba08c079

SHA256
7d672b8855ca63a8d811b75bcad986fcfde46215b6e8951eaa9f62480f0b882b

SHA512
fa79874132c5750b06643e8919256011d355c1a4b1e49f3db3162af7c9db781e904c62d1fe07a6cdcf2f13ce267322a2ec253257831c272754928b88d234d844

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7c4ac4258240e826082af36a1ff67dd9

SHA1
218c2370da0e3572aad8ca5e178781e100ae85cd

SHA256
60d47a69d6eaf093fb4dfef3b39287a366e1d7850aa12904af29949296a8aee3

SHA512
93a59ab54056515eb744625b61d262697b8042c2d5a377e0a2eb79259198064257a9eb3dd11d260b0ba4323d6891bfe0248af7eba49284aa18a94dc965b7810b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6d0216bc168807049ac08462fcdd82cf

SHA1
26242a07b38e8e8aa349b3f0cc1e61bdfc618a10

SHA256
2af6a5f00c76b4fcb332e18abf4b386a4b9fe999728d15993846bc773146f23f

SHA512
3e26695170db6cdcde5dfdc988d2deb9e5d5b7e2116e6a045c129c3641031514244375520eb1b2c13899764287c2096d1fd2aa57df96b97ee5b861cb4abafe9f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a99d06f263e26144c6e6f431d2cab9dc

SHA1
cc8aa2ac3cb12d3baf3c6fbbb94f887bb82dd7e1

SHA256
5c8ceda9916f6a1d8b3769f14480ab2e2f585326e1ef6009a962db67846882a4

SHA512
970b3b748df2ab325497b9f58665e404e47baf84b54e37c4b4b9332b0c225eb69ff8e27daf947ea9a011f825be125b3d7b37b970131d015af8f616f912a5eeda

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9ead80f2908fd6ad32bedf94eba1f8c7

SHA1
d7f11a4aeea98200e43f713605c133946130ff58

SHA256
9def46df3c61678c63c0d9181da6897f4bfde90179ffb7263f8fce786b56757c

SHA512
184bae4d6c9fb9405b3bb1568b87c5f63760ebd29cfb910d9943c596820bd24de0331ce68c7475f820a3d8d7966c926557a877970a910eb82fc6fed59ac7679a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4f41c6fa19885a1639385d150382796e

SHA1
e0a5a52d6251b96033ad3452f71c8b6159fa8b79

SHA256
a0802f9dd73f7d0a8ebbf6a6e354f23a0b6b60b3d64f7769526417e9c6ff0fd0

SHA512
6cd1aed36a9442ccfc495da2e18891ed7dea7638b081d4e4d6af4a84612556092032b8f2090d745b6f1cc71dcafaa51c6ecac5a72df7c9901eafbb97e4283a3a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
781aef536f5addb070a654d2bed4f5aa

SHA1
6270ded80b846151ad5b2340fa2066f838fceffe

SHA256
0fdc8620248de5a2bf7ad0531739b0678db26e2b012d969696450151aa037c39

SHA512
0be0dd5c66e7bf72474f462a7e20657abb26e39ceb3c3eb32fdff8e316599fd8e6fad4b8bbb7546647806849261189d396c336627f48ac3c091e0c8980935cbc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d27d8dfe74678dc2b5e471bbe998954a

SHA1
081fc3b12d02ef1518f83ec9a889219660f6a352

SHA256
16b53c721b7859461831239ea56c6bc0f3e7b50a14c14f4c36e685cf78339074

SHA512
66369c98efafb3d55d174675bb2e8066067f8f0c7e7ff7464e6327d00c89c7762729e2560ba26aa163c642dd5d34eb0d15b70e8c3258c11231dc01ec6abef644

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
686783369d05b7493185241fe9470caa

SHA1
7f3e8b42ec8a99212872c6c114fc904876cbc0c5

SHA256
81c23ae5f2888ae551e020dc6e0c36508292505a60a3b78004a1d70060d428cb

SHA512
0bae266491f740db02cb047a93d74755c18e55653ab6c0c736fbfb83dc8174656499cd58b9fdad28241b6088bf785e0b49fdf50a13994c11cd78b20c660ba40f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3ea123009815d842f955e1c2b841e4ba

SHA1
e6acafc9ce47129d5d0443d9e079d9b215906836

SHA256
9e8138377220511fb049fdcdfad739912b518c62c47503f59582c3b4981645db

SHA512
e150714fd33f238830e73272944efe048663373fbac3122a0876d354cd01531bea50a79b8ea925e28b7fb9de2f2234e0732c3a137b9f74e4d980ef9a12ce4a13

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
500cc41fb33e50955d141d3ff740a1fb

SHA1
c92d546617210ee89361fa8ae36150aa745a0636

SHA256
2d038ec4914c4618704b138555c0b6433dc679aca3b6d9ea4f908e6af569b586

SHA512
d0d131d1297c1d2922f372e0eeb11b83d6200392f435fe6fcab274ebddaad937d1e7bbde94e3e0f40bac38c80a8fc61490dcc88085e4419d948a6a37baff71cd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
55dfcb1772ca38ed15bc7d1cf2a384f2

SHA1
4814d5d798c79ef9d6c1c603f7f1e05cd6aa64de

SHA256
c8ba7a2c6267411af317343017fd3911da313400b05ad37991b2bb0753eb034e

SHA512
a573e943b5f13d2ad80d98d1424299e905e89ab873717408f26e77bb5f7ee51176933a1135b69ae9ea710f429cdb6ee6e49144c2c478fd6b119dedcd56456ece

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d012f133d3e78db65499d0e9982f20b3

SHA1
cc2c058c4c2b34cb4ced788ffd5ae9fa464bc489

SHA256
48dd8d907f9ce71c205e325802d9f2387151fc07f1bf3616019ee02b31e42d10

SHA512
995e8242d5dec69bb009986233b7efa65d934148e1ab055d9527f4bb3ccd927ba4cedbc232d5e75c360488fdec67e80debaa788717a4492841347a980d60a263

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1270770cbf3b3c1b8254961ffc5461cc

SHA1
ea6b277656b6464b22f83d45a4ec3e393a0d55ba

SHA256
c9bc397d6fa3786a9ce836db6b266bd45d5e4ef19eb4c71af433fe820fe42f4b

SHA512
74f2ea87c87c71056cbabb4e8c1e61261569b496d6ce61318d94e4ec96753f422e2d23ae0afc5520f5d8c61ac04e5223345831483bae63bb2460325ebac84719

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e1076899c871f10e518d4223b64855af

SHA1
d74860177f3c5dff6fd2c0c7154e167170fdba5f

SHA256
deac93c3ea227da0a71da23cf20511cbe4ffb686b433085c7ec7c38179328732

SHA512
6cbe5697f1f80c8c28bb4a364e5de4a085bbf281d3b4ede597f0f52d4c20052b18b4ae34e2b90e473fa8e09938db5294234ad62c0717ed09ed62410851acc575

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ba48fa0c67fb16690bf7c8229bfff19f

SHA1
d62887d9d8ccfd9f07465ab87090eea8bba2a607

SHA256
938446a59dfab1f7135ec31d63b6f780c87ebf492b18751168ae699073392533

SHA512
6db9c7a6d7153ccc690f86cbb8b7dea8b7f1a8b6bf752b1986abe44b95f73af46643fcd785b2a8439de26386475da98a853a5c29512f470e66d40f9286b19e13

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
761015798f90ca001b8c2d5e3c4ae3cf

SHA1
9a8228e31d32547755a1e0727d13bdd0ce04b40a

SHA256
0ab708767f2bdf07fe3abbef7d7f5e45be93a12de2b8061d75ed5ac1eff4597d

SHA512
2afb98ac3ad379a98129897d621a865815960448943d41525c7b562d9bf01983c9fe4fc36110be4f8be3738c08fe84d12453f0e4d779173a42c2d5c29b70f5e8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
69db8e1370037102f36e9c2b9470dd35

SHA1
cc4d0611a398e711790b422b928c26073c7b3518

SHA256
9f00d6a00c02a9beb3b448a5abe841e23ea53c1094d7d5e536adcabd55b774f5

SHA512
49f07016c2fcb671344175fac2abe0e12d543047fad2671706e19b92bb7c52a061499ad5ad9fe70ceb0a29f5f57600649463ed9f9705a223e589433d952a88b6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c643399b3e065b175fea294c9588ecea

SHA1
b3800a0fc04036fc7bfc773b00ddce5a79dfb676

SHA256
a87efcc3b9c178e8c5c41b6f7b948bebbe3a5e183d67450c5cbbb251091a3953

SHA512
23921927225d3b0f3a0a17111fe26f38223239fcd4e05e12aa82159e58eeb774afb0595cfc98aa088e19efa5488150897374b3c52c81a4e4f710f1c3f85e7591

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
171246d3332ff8daf4ad3b2a04617e07

SHA1
897a3cf8a8a03b84066d26a054f0cc4f52d82afe

SHA256
ccbd3191258160b44dfa2e9aa1a54d93d41a270c2349204fb73243999c7faeb5

SHA512
c9cd78259c068450ec24ed978a834b94838a32de8028a80d8771d5db7ed3201f648cccde0e717ad3e04c433284f4e94a171ba88edd47364fbb0b3b1adb0aa3a4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
77a39d24586fe3f96695d9c16c8b9179

SHA1
ffdc1b349f79ea7c0c49d06039b2480c7de55a47

SHA256
df1ae35396e320e8c1e5be245be5f857fa2b908dbef38929ee3eb708e98830cc

SHA512
4c44cb6c418843a2b8828a005b3b378b5fd74b856e6a4d97b3dbe841b7d420b625c4dac3a91c3bd0150deaf9b2f71ad216b2c6e299d79e13d29ed2ed035930da

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
62921694b8bbcbf0f4da2f37616b245d

SHA1
416a9b1016e23b84108df03fb9772992fe8ee9eb

SHA256
bc0c56f367419ab84156f910f058dda0a5fd0777863cbb2d1b6791ccbca95c77

SHA512
609ad2af0d3384980969c4cf5e45e7b1c5ea6ec294cb7aa31e952d6416ba0cfb48a9be6be8524e270a7bcef510625967f45d82154f6b8e1782828f9ab6b9365a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cc1e41811b80b35abb2701fc8f44606f

SHA1
b4d00a372fb332da307fbd1fd8b53121bff3fc10

SHA256
5d7c7e70ffd7fa31b1022933dcff320ce50c8d6470420ac6b1ca5f9ee1166e2e

SHA512
8e756cb1dd9c8eb3f07e3ae3b8556449260c6da54ddaa81b5cfbed3c8fbdffc415d12e857889face43df5d334d189ea981fb767b108a3b527428460bb67ae77d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3e12b4f066602aba6a1a992d09da8fc1

SHA1
bb6cd4804160fef463d3883ca0a5d5aea2bd989c

SHA256
5630e8251dcb2ac3dc3644f793fc8c7e1ac1dd70c75528dcf61df42eae1396d9

SHA512
dd7ba68a69cc5d04e4f3e3b90546e733dd720b81bc2b3936ab0edc1be5358b17a3973ca44ed165bdcbe1f13bb5c0826e7f07235fa2aa5c1e189870e394d9fa46

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bc4c3bd4b90d7f617ed14c90493b596d

SHA1
bc99a30fab781adedab47380b4bfa8095ad13917

SHA256
f777a2466fda62ddc0a51231a1f64f40f838d7db17ad72507826b60dda677345

SHA512
ea95bdfd3db0f5de9cf70e75142dd31daf46624815f18469c66be5eeefb41edc0676416d1209672ad367140443237e111c89919ac3bd549801b5b8c24b69ca08

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d254b169cca8299efe54e8f323f2b234

SHA1
5e6563b0e7b218b260807a5a9b1937a2134cf60b

SHA256
60a28fb713c99454bb290cb95a47294773742460104beb0a49d4602feadc2628

SHA512
bb59b093a3675de71b3286a52191809f785b1f3e0c5004cde6c0888a81afc69f71988240e731345c0aa36a2d2507e5bdef077e6617fee44f821dbf55d738e287

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\KCUYFIBD\www.mediafire[1].xml

Filesize
13B

MD5
c1ddea3ef6bbef3e7060a1a9ad89e4c5

SHA1
35e3224fcbd3e1af306f2b6a2c6bbea9b0867966

SHA256
b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db

SHA512
6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\KCUYFIBD\www.mediafire[1].xml

Filesize
246B

MD5
18da04802bdcd330f1cec9a85a656f79

SHA1
3c83bc2042e810d86b1b8f1e9a6bd7f9a3041943

SHA256
fd3e94f3f9636e8d2409aed36627270b8e63704889ebcbf9c352b595770f3cae

SHA512
5d90c570e27c40dbf6bd61240858b170ae9556bb58f9916bae819cea55867c1f78bcc8718061847f053a4440b4319ca9e64fb0b5705f249acd84d0225593ce1d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\ljg9kkp\imagestore.dat

Filesize
11KB

MD5
d796373e6a646d222064e42465faf6c8

SHA1
84a55ac02c408bbe68b946ec21c33cfbb04314f3

SHA256
c51e1961e0808cb9ab5b22f559e13bea3d3bdee00a1b5aa21160227e182eb621

SHA512
2201d0a7e8312a28fc0a7ba1d86f8fefddb094a405c2b13527f179389a692fa0518f1fe004b1424f72918145e2ea11b8321532b2be9b899ff595f21b90ce83ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VOGNAB2O\favicon[1].ico

Filesize
10KB

MD5
a301c91c118c9e041739ad0c85dfe8c5

SHA1
039962373b35960ef2bb5fbbe3856c0859306bf7

SHA256
cdc78cc8b2994712a041a2a4cb02f488afbab00981771bdd3a8036c2dddf540f

SHA512
3a5a2801e0556c96574d8ab5782fc5eab0be2af7003162da819ac99e0737c8876c0db7b42bb7c149c4f4d9cfe61d2878ff1945017708f5f7254071f342a6880a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab2CAC.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar2D9B.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads