fe49a08531fd8c00bcddc400dca8f7112d03cb27cc8ddb603629384071a7898f

Analysis

max time kernel
148s
max time network
149s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
23/07/2024, 15:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

68324121dcc74a665f07ae0df41393a1_JaffaCakes118.exe
Size

19KB
MD5

68324121dcc74a665f07ae0df41393a1
SHA1

f89e79786516fc853b6af4ddaffeeed180c7c427
SHA256

fe49a08531fd8c00bcddc400dca8f7112d03cb27cc8ddb603629384071a7898f
SHA512

3eacaffc6992f17c5ffe3a01aeb4c609f1996cdee86ebe376c955528545a4fd54546a167d0880e80310279dfc51df84c0b84c40d546ffab7c7e683e3d20325ff
SSDEEP

384:8WvWJEC/C22vD9FuGAKU187WCidc0o/BAgjW6LzGO:AECq22ZFF7WCid/oZAgjDzj

Score

7^/10

discovery persistence

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
324	cycxfxtls.exe

Loads dropped DLL 2 IoCs

pid	Process
2056	68324121dcc74a665f07ae0df41393a1_JaffaCakes118.exe
2056	68324121dcc74a665f07ae0df41393a1_JaffaCakes118.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\cycxfxtls.exe = "C:\\Windows\\system\\cycxfxtls.exe"	cycxfxtls.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\N0TEPAD.EXE	cycxfxtls.exe
File created	C:\Windows\SysWOW64\N0TEPAD.EXE	cycxfxtls.exe

Drops file in Windows directory 7 IoCs

description	ioc	Process
File created	C:\Windows\system\N0TEPAD.EXE	cycxfxtls.exe
File opened for modification	C:\Windows\system\N0TEPAD.EXE	cycxfxtls.exe
File created	C:\Windows\N0TEPAD.EXE	cycxfxtls.exe
File opened for modification	C:\Windows\N0TEPAD.EXE	cycxfxtls.exe
File opened for modification	C:\Windows\system\windll.dll	cycxfxtls.exe
File created	C:\Windows\system\cycxfxtls.exe	68324121dcc74a665f07ae0df41393a1_JaffaCakes118.exe
File opened for modification	C:\Windows\system\cycxfxtls.exe	68324121dcc74a665f07ae0df41393a1_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cycxfxtls.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	68324121dcc74a665f07ae0df41393a1_JaffaCakes118.exe

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "427911462"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002f8e41e3384fa749ac47329e409d9909000000000200000000001066000000010000200000006dcfe2e799756c745b5d4aacfe076efe2b52c758addfb94cf9bded791840d173000000000e80000000020000200000001b2d226c2d33ee6061a30acc8a9117b4ff2b79877400190593fa32cda12416c290000000ce9df8997cd546f58b0d7982a2310c0b2ca275c5c0164bebe82c63a41e45ca62efccb15c3e2a0743add2c850983ca4087f83fc48eaa2c0e59aaa6423cbc879911697dda91b6932eb4e2a58a390967b464e4cc510a2dc411de5606369c016135d45abacf526d310921b8461ffa218cce849b070c690de20a642eddde9263d434108c6a40167254b50f86bb1eea1700d714000000061a813795b394880c91c8b234017eb70ff50a7574d6952199d157bf74f7b647826194440ea91ec8d2b1081a5b810dee5cf70eee13263e5d8767f2fa1e0b84d3e	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{BDD43B71-490A-11EF-82B5-E297BF49BD91} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002f8e41e3384fa749ac47329e409d9909000000000200000000001066000000010000200000006e448572d11e3355152ef738492700c4e7f7a1f86d0c2d1e1ed36b0c9ccba978000000000e80000000020000200000002207447ad5b3cb6025b55c89db366ff010f6f2e3df6dafb07f2bbfbb1b56d07a20000000c9ae1adec2878e2838402e040a79ed3632fc05b33edde74b5f73cb8b692b16fa400000009cd127094c04a5bf078bde9677df334946531a71a5937a271e2c2a33e97c14a1cd96cf96e17acbae653712ec08eb55b91b7118ab0e6cb6db16ff46efc57261be	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 702ca69617ddda01	iexplore.exe

Modifies Internet Explorer start page 1 TTPs 1 IoCs

stealer

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\Start Page = "about:blank"	cycxfxtls.exe

Modifies registry class 1 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\txtfile\shell\open\command\ = "N0TEPAD.EXE %1"	cycxfxtls.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
324	cycxfxtls.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2752	iexplore.exe

Suspicious use of SetWindowsHookEx 8 IoCs

pid	Process
2056	68324121dcc74a665f07ae0df41393a1_JaffaCakes118.exe
2752	iexplore.exe
2752	iexplore.exe
2968	IEXPLORE.EXE
2968	IEXPLORE.EXE
324	cycxfxtls.exe
2968	IEXPLORE.EXE
2968	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 2056 wrote to memory of 2752	2056	68324121dcc74a665f07ae0df41393a1_JaffaCakes118.exe	31
PID 2056 wrote to memory of 2752	2056	68324121dcc74a665f07ae0df41393a1_JaffaCakes118.exe	31
PID 2056 wrote to memory of 2752	2056	68324121dcc74a665f07ae0df41393a1_JaffaCakes118.exe	31
PID 2056 wrote to memory of 2752	2056	68324121dcc74a665f07ae0df41393a1_JaffaCakes118.exe	31
PID 2752 wrote to memory of 2968	2752	iexplore.exe	32
PID 2752 wrote to memory of 2968	2752	iexplore.exe	32
PID 2752 wrote to memory of 2968	2752	iexplore.exe	32
PID 2752 wrote to memory of 2968	2752	iexplore.exe	32
PID 2056 wrote to memory of 324	2056	68324121dcc74a665f07ae0df41393a1_JaffaCakes118.exe	33
PID 2056 wrote to memory of 324	2056	68324121dcc74a665f07ae0df41393a1_JaffaCakes118.exe	33
PID 2056 wrote to memory of 324	2056	68324121dcc74a665f07ae0df41393a1_JaffaCakes118.exe	33
PID 2056 wrote to memory of 324	2056	68324121dcc74a665f07ae0df41393a1_JaffaCakes118.exe	33

C:\Users\Admin\AppData\Local\Temp\68324121dcc74a665f07ae0df41393a1_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\68324121dcc74a665f07ae0df41393a1_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2056
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe" http://www.18hi.com/
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2752
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2752 CREDAT:275457 /prefetch:2
    3⤵
    - System Location Discovery: System Language Discovery
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:2968
- C:\Windows\system\cycxfxtls.exe
  "C:\Windows\system\cycxfxtls.exe"
  2⤵
  - Executes dropped EXE
  - Adds Run key to start application
  - Drops file in System32 directory
  - Drops file in Windows directory
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer start page
  - Modifies registry class
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:324

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e78e75c65f373a9626b41466c65e2148

SHA1
11977bec02675167c9d8fdd7fd9ffb94f5f73c45

SHA256
36233b7de26219e6814a836fc47de32a9ff65464638ff5ae0fc084eaedfbb120

SHA512
20c44785bff70876289db005a26994ffdfee87ce671277870946c36ae53b39a55b2390e89b3256dfeac7a1dd0debc1e76b3be64de703d3d37203bf305b626d24

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
be820b04bac5dfdb37444e0584c441a6

SHA1
4a7f442ebcf342c7dd42e47480b42086674edd16

SHA256
c4fd8be82b3b2214b8d89057005f408a2697d2055f8ce9494315a6fa63df6ed9

SHA512
aa826443ce388d9513584dea59326525b0acfc107e8262a94cc977d12f259486b1fef668ab8a0d5d794458705bee8f28a9064302ad1b3b1e3aba8dd79f36bc00

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d1985f39e14305ebda59e02e91d3080d

SHA1
e1673010107a3ba938b7ee20341073b94d0d1d41

SHA256
a0e268eca3beecd481db12a37aa8a952892b4ce31bf2c3b22cb48bffe57ae4d0

SHA512
576aa15e1b46a26db41168bbab62e2f8ec5465b5dbae8e546c1bc73bb4e0f3868e7637e54d591717e98f018bade18a3275a5ba3468ea056f616ccb47023153d1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
20f4550b4aeaf19edbe07630466cb22f

SHA1
e7e3079ebe176426877251da192f4c18761e10e7

SHA256
3df538c8ff6e43b8c4ffc1978ec2d1f4a382e1af5e03e23163a8f6fe5dce5d85

SHA512
fcfe636ae1fe4025f5cb62a6dd5622bb03cdc3dbc9c029f0828a99c9b7b31a80cad8a00fa86c55fe07e9553cea90ee42a9ca8696ac4f762c6b7b84c3606c8829

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1d3fba78fbf9ef22aab29a51e88faca5

SHA1
9f25b9e759f89e280325af06339bf7383828f864

SHA256
4bfce1bd7e4790d6cb782ba9fed5c057536ca522ca19f49c022dddbf29ea82a3

SHA512
8e95b3031672c4bf8daf1f852ab0b945d4332819104b8cebfa82461ff4f010ef12918dadbf88fe69c290831db44f3c73cf06fbf5244807c2c4e16584dfa08494

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
48b3921a2f9c1cd56574c2f3b234c2fc

SHA1
9eb102fb296e132926df1776e5f1c607171819e9

SHA256
2bc62fb494ef059ba60dfd3ed57f6d956bc84318dd0143a91278874555dcc65e

SHA512
52cdf5422246dd404a0dd27251d9636dfa77472dad0e70e5ee0c28b532743ff299542204ca1a66116f89712b2ad91b44ef458f9d35bf1bbc50482ae2720251ae

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5db6939851ec45b1325e2ce2f8005d18

SHA1
0b33c86a17bc1c6f0497f95a4d469d2a9a1c5166

SHA256
46b02bf0b2e3136422bb46d3fb8097c771d033c1fa19f3a6a616d43523bb1aa6

SHA512
d40c709e0def194d027e6112e6c04bf6024916ea17c07dcae87b008616fe2a871021c806d983a71404e55183e4802a00538d4ccb6fe189afc3147f780074adf0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
97455239842edc84849e26954fe0fd34

SHA1
03a6621ce07125be2a2c09755fb730cc52f0ea59

SHA256
ba919375689cf0b27bcad141d937a401d9ae466c897ad49d1b1004f1091e69d1

SHA512
66313f742a7842d2533bfa9eb4b2781656df6b3f695d8556bafc90453ac558e410fb2c7b01cd514d7b9f47ea47c14ef0054de39c86ba85a211f664d85e53ce39

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
95f8e3354a67b34fc489c0286d5776c8

SHA1
aa9b354226d4fc9a7bbc47f1af70ddc152b4813f

SHA256
868fff03d17fb17718271dc9f7c37b760641732b2068b8e2b309a34c2ad2ffdf

SHA512
75daf4742d652556fca8ea0b73be53fb5ec2e4944db0d65ffb4b108b834a65cd8c5b1fde3fd47ba19e06d609b1486e8f4c6f0a987215f4fa657846413022946d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
40119546f2e339fad8422a888e4b1d94

SHA1
b3dc2917c739bd48a9022f10a1d04f589a971af4

SHA256
c3bbf8cb5828669ad6019794e6c400995631fc16b5ad88e0c8cdf832a873a8f3

SHA512
740312eacf9548de55661e5f7853a2df3bc095486d5bd5e2f355cde8403d11cc9353c9e769f8546acc070f6abd80f4dc896d68c4e7544c7a07ce0bfd04d7f8fe

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6a14e81fe59e32e78714983df0613b55

SHA1
82c083a0b8c4440b1dc8e6f5e7ab633a1850032b

SHA256
fb2b538d6bf256db2cd8b29b2c4454eb45dfc0e34695086957dbdfbe2bfd7eed

SHA512
6a7dc67780bfdb3c81650ff46b8b8cc0638e72f632c1d7227bf5cdc7408ecdc45f81c749246b01192432f525de96f0b5af67421aaa15753c0f49b21e46e4da6b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
418b612af3107b6790b61385b3fd70cc

SHA1
39a4799505ea336256ee1f2b39c06b17e5d72962

SHA256
60e5180fec8c240a7d3594b1b7cc574439c0b31e7bd105ca2393b2f6a72ed14c

SHA512
a84e7e85973275439d9e5cad0322f17d8e40dd0137c9afe96f9461fc314fa31b93afc5710f5a72d82258a24072d48def1c9eab6523baa794673da1d3a49b511b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3a2f264fbb8d25c6e293920088a6db64

SHA1
de3086a8e3947fcffc60e7d88e63912bcf3787cb

SHA256
4aeb2dd482ad9ac161526f697d300c81d35366bab4676dfbafe1dd87d7a6fd79

SHA512
a040113554a20ebcb59926f331cf305088cc2e465f5f4d5a84e19c913245a7659bbbb659bdc9ee42698eb6fce8a944a2e9adb5f965b356780156694d71f5ffab

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
02f2ba0ebb2df50cbbed9baae0800f5e

SHA1
843b2c6243a9a03ef266151aafeeda0aa4fa8d20

SHA256
b8aadc219cb046f3010ba127e29f36ec3859f7edd7abda932fef36adea4fb731

SHA512
4879e9322845c2da270efc0493216eb3cd71aaef49cfc1787546c0f90dddf42cc623eeb88292f4007d35cd62b7aa5ea4d5aa11bc838b7ec52c37acb9d97b4ebe

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
afb8722269883b4798f6657796369a1b

SHA1
cb9ce4db319556d8983dca80c23be04eb0e66f4e

SHA256
a81286291ab4c24ae008823372b10f3ea660b3840d361a38ddf54c75d0647fb5

SHA512
0dfbcd30f6ac5c285895971577f50fcdb42e89aeed9a8f36dbf78fe42efd77f5e00527399f73385e162776b5d2a736d04786a1fda70a2f5448de86d3d2ef6e55

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cc40cabc7e423fe971504d4ad9d255aa

SHA1
9c060ccc33933f709cb14add9610123692fcaf82

SHA256
faa4ac2ecc02cfa78e6b1b9f36491335f8dede03eba855b03328d1c506a42000

SHA512
d4f86da789023e07be2bcb2695ea0718b405a6fe7368bbcb6f240ffcae251b2d3d1f676a874f53b467dfdd6b3ba278b3e34b034bc8bea3c19198c9ec1bf3c952

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
38078b6fa8cbb0ad560a222ad36c0f92

SHA1
bdadcd50c22de459eee6141877c33d178b2aac37

SHA256
7089fc52b72ea4af94cdb779c27f51fac627b9e11a3fa18cedce04d9bcd39b0f

SHA512
b9c92c042e17fe00a234d745cb0ef071fe3b212d78a9f8915435fd4af2bdb8e4509dd8de39b10e90b9b324fd3867c615436fb50e18f748087aa10ef5c2467945

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2e0d51ac55950173fca388005c7f5f9d

SHA1
e503fbd5f1fbbe621a074f12edef65d76573ab4f

SHA256
b849cad7b0dd8b5eee4516377c8ba9965adfbe7773f3f9af34b0b6c22a94fecd

SHA512
fa14ac87245b498079d6a9a52a7ed210fd2cd730fa3e2a0dd73c4b72169c254091e4d4d45f508c24387283a01de3042a1f37106eb765d06d6b81c80e25537625

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b39e0913ea24245c846d25ab0af4dc30

SHA1
4b95ea065eefe4925db2bde06884e292db0eedd2

SHA256
66dbc68d28b5b8f43b68a32402c5230cd68c13ad18f741e544332a0732ad495b

SHA512
29b3afe010b8cd01b9f32a2297d93d0d66a417668ce97810a42a51f480b40de57d6d5d8dc97eda642d76ed287dc34e661b6f0a6ac5a9400ecbeadff35cc2b0e2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7f367afc01f4cec8551a0e581ffbc485

SHA1
b8ece40f9ac2f56d211c02633b11f8e537ee822c

SHA256
146d485264b5250bfb467c4cf04640016564aa52da234e17f37ce520adf7f3b6

SHA512
225cb3ca24b4b426c335d79dc433f91b4412671953a69618587f401bf8a3e82a147d23d99d603422f47fc53299eae74c9a4f517b167fcd59f7276c5e51d2ac15

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\p6d9oj1\imagestore.dat

Filesize
1KB

MD5
39e854ea8c0dc83afa8c1d78bf27d12f

SHA1
e509c12bcbb8522f12eb5cf8bd26ee3903235ef2

SHA256
dc9ba4bee4d20ee223c3155f53d3120c1fe757cf3ffb6ef79a69c92062380424

SHA512
4ffe2a910b73d0b963cefd916e8231ae3353000da2e595ad5358800feb836b78b6f5a764d6f43840782f4f7311fcd23908e4f4f3cbd9cf4dfa712985a41615d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JQ7VMQEC\favicon[1].ico

Filesize
1KB

MD5
932a14a6d0a0820bcb9efce2fa03f9b6

SHA1
d1122d5d7bd6ec49eae6375d70cddd33ca2d96be

SHA256
e14f682bb352d18c44ca55b73444aab41bcaf4efbf60b009d28aedd836670ebd

SHA512
f8e84482f787cbe43b287e695632550ba5d7c8b1b48fa8bfef64393f0493b99e9fbe5824eddaa86e6ffda83fd6ff10b5b4bd81c789c38084310c443a3e2bb3b1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab19AA.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar19AC.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Windows\system\cycxfxtls.exe

Filesize
19KB

MD5
68324121dcc74a665f07ae0df41393a1

SHA1
f89e79786516fc853b6af4ddaffeeed180c7c427

SHA256
fe49a08531fd8c00bcddc400dca8f7112d03cb27cc8ddb603629384071a7898f

SHA512
3eacaffc6992f17c5ffe3a01aeb4c609f1996cdee86ebe376c955528545a4fd54546a167d0880e80310279dfc51df84c0b84c40d546ffab7c7e683e3d20325ff

Download Submit
memory/324-526-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/324-17-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/324-33-0x0000000000250000-0x0000000000252000-memory.dmp

Filesize
8KB

Download
memory/2056-0-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/2056-3-0x00000000002A0000-0x00000000002B0000-memory.dmp

Filesize
64KB

Download
memory/2056-18-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/2056-16-0x00000000048D0000-0x00000000048E7000-memory.dmp

Filesize
92KB

Download
memory/2056-15-0x00000000048D0000-0x00000000048E7000-memory.dmp

Filesize
92KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads