03080e416f1afe4ed0d2a8f9f054157c95c5a8d4c8f28a3b267b683208551da4

Analysis

max time kernel
150s
max time network
158s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
26/07/2024, 07:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7333593246047b81aa06a59345d27abd_JaffaCakes118.exe
Size

1021KB
MD5

7333593246047b81aa06a59345d27abd
SHA1

641c26e549f75262778715a6c7420f9bba5a443e
SHA256

03080e416f1afe4ed0d2a8f9f054157c95c5a8d4c8f28a3b267b683208551da4
SHA512

b1287d4a83cd74acf117895c9e5f144209f6d615f1510bf8ca73535ee27169697811686bdf9d1806fe78b6ace1ae7500c200215bfecc6d4be3030ebf3bc36504
SSDEEP

24576:7TSPqYdAAsseHzAV7LSQbx3pMqPjH2BmAdwIEj:sqYdDSb4pMqPjswI

Score

7^/10

discovery persistence

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1812	SasPBHackV8.9.exe

Loads dropped DLL 4 IoCs

pid	Process
2876	7333593246047b81aa06a59345d27abd_JaffaCakes118.exe
2876	7333593246047b81aa06a59345d27abd_JaffaCakes118.exe
1812	SasPBHackV8.9.exe
1812	SasPBHackV8.9.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\""	7333593246047b81aa06a59345d27abd_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7333593246047b81aa06a59345d27abd_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SasPBHackV8.9.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 64 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{1E87CC41-4B25-11EF-8E5A-6EB28AAB65BF} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\DOMStorage\blogspot.com\NumberOfSubdomains = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e0f755f331dfda01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{1E7BE561-4B25-11EF-8E5A-6EB28AAB65BF} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{1E7C0C71-4B25-11EF-8E5A-6EB28AAB65BF} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\DOMStorage	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff5600000000000000dc04000065020000	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff3d0000003d000000c3040000a2020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e337bacba951544a9a832c52e69bfb00000000000200000000001066000000010000200000009f336f0f5366708d37ff3315243931f345adfa0d62c8047105e4d93dcad01a0d000000000e80000000020000200000002c6b4f1fb492b950391fa9f5e67c3e0b07ff34b03291b07e96399e4c9e87de4820000000f11b461c49ae1e653c403a2c9e8c4596b08b7880254739d701a0495e845cc20a40000000f67409795bb09fd1abcd09e7aa4ae58cc42f5d246a5a4def5f0e6616d05ff26ae02ad2e21ca2cc2613e98bf157a118ce111ea0a07e8a3dea59de18fcbb6a4277	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "428142695"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: 33	2240	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2240	AUDIODG.EXE
Token: 33	2240	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2240	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 3 IoCs

pid	Process
2980	iexplore.exe
2752	iexplore.exe
2504	iexplore.exe

Suspicious use of SetWindowsHookEx 16 IoCs

pid	Process
1812	SasPBHackV8.9.exe
1812	SasPBHackV8.9.exe
2504	iexplore.exe
2504	iexplore.exe
2752	iexplore.exe
2752	iexplore.exe
2980	iexplore.exe
2980	iexplore.exe
2476	IEXPLORE.EXE
2476	IEXPLORE.EXE
348	IEXPLORE.EXE
348	IEXPLORE.EXE
2332	IEXPLORE.EXE
2332	IEXPLORE.EXE
348	IEXPLORE.EXE
348	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 49 IoCs

description	pid	Process	procid_target
PID 2876 wrote to memory of 1812	2876	7333593246047b81aa06a59345d27abd_JaffaCakes118.exe	29
PID 2876 wrote to memory of 1812	2876	7333593246047b81aa06a59345d27abd_JaffaCakes118.exe	29
PID 2876 wrote to memory of 1812	2876	7333593246047b81aa06a59345d27abd_JaffaCakes118.exe	29
PID 2876 wrote to memory of 1812	2876	7333593246047b81aa06a59345d27abd_JaffaCakes118.exe	29
PID 2876 wrote to memory of 1812	2876	7333593246047b81aa06a59345d27abd_JaffaCakes118.exe	29
PID 2876 wrote to memory of 1812	2876	7333593246047b81aa06a59345d27abd_JaffaCakes118.exe	29
PID 2876 wrote to memory of 1812	2876	7333593246047b81aa06a59345d27abd_JaffaCakes118.exe	29
PID 1812 wrote to memory of 2752	1812	SasPBHackV8.9.exe	31
PID 1812 wrote to memory of 2752	1812	SasPBHackV8.9.exe	31
PID 1812 wrote to memory of 2752	1812	SasPBHackV8.9.exe	31
PID 1812 wrote to memory of 2752	1812	SasPBHackV8.9.exe	31
PID 1812 wrote to memory of 2752	1812	SasPBHackV8.9.exe	31
PID 1812 wrote to memory of 2752	1812	SasPBHackV8.9.exe	31
PID 1812 wrote to memory of 2752	1812	SasPBHackV8.9.exe	31
PID 1812 wrote to memory of 2504	1812	SasPBHackV8.9.exe	32
PID 1812 wrote to memory of 2504	1812	SasPBHackV8.9.exe	32
PID 1812 wrote to memory of 2504	1812	SasPBHackV8.9.exe	32
PID 1812 wrote to memory of 2504	1812	SasPBHackV8.9.exe	32
PID 1812 wrote to memory of 2504	1812	SasPBHackV8.9.exe	32
PID 1812 wrote to memory of 2504	1812	SasPBHackV8.9.exe	32
PID 1812 wrote to memory of 2504	1812	SasPBHackV8.9.exe	32
PID 1812 wrote to memory of 2980	1812	SasPBHackV8.9.exe	33
PID 1812 wrote to memory of 2980	1812	SasPBHackV8.9.exe	33
PID 1812 wrote to memory of 2980	1812	SasPBHackV8.9.exe	33
PID 1812 wrote to memory of 2980	1812	SasPBHackV8.9.exe	33
PID 1812 wrote to memory of 2980	1812	SasPBHackV8.9.exe	33
PID 1812 wrote to memory of 2980	1812	SasPBHackV8.9.exe	33
PID 1812 wrote to memory of 2980	1812	SasPBHackV8.9.exe	33
PID 2504 wrote to memory of 2332	2504	iexplore.exe	34
PID 2504 wrote to memory of 2332	2504	iexplore.exe	34
PID 2504 wrote to memory of 2332	2504	iexplore.exe	34
PID 2504 wrote to memory of 2332	2504	iexplore.exe	34
PID 2504 wrote to memory of 2332	2504	iexplore.exe	34
PID 2504 wrote to memory of 2332	2504	iexplore.exe	34
PID 2504 wrote to memory of 2332	2504	iexplore.exe	34
PID 2752 wrote to memory of 348	2752	iexplore.exe	35
PID 2752 wrote to memory of 348	2752	iexplore.exe	35
PID 2752 wrote to memory of 348	2752	iexplore.exe	35
PID 2752 wrote to memory of 348	2752	iexplore.exe	35
PID 2752 wrote to memory of 348	2752	iexplore.exe	35
PID 2752 wrote to memory of 348	2752	iexplore.exe	35
PID 2752 wrote to memory of 348	2752	iexplore.exe	35
PID 2980 wrote to memory of 2476	2980	iexplore.exe	36
PID 2980 wrote to memory of 2476	2980	iexplore.exe	36
PID 2980 wrote to memory of 2476	2980	iexplore.exe	36
PID 2980 wrote to memory of 2476	2980	iexplore.exe	36
PID 2980 wrote to memory of 2476	2980	iexplore.exe	36
PID 2980 wrote to memory of 2476	2980	iexplore.exe	36
PID 2980 wrote to memory of 2476	2980	iexplore.exe	36

C:\Users\Admin\AppData\Local\Temp\7333593246047b81aa06a59345d27abd_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\7333593246047b81aa06a59345d27abd_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2876
- C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\SasPBHackV8.9.exe
  C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\SasPBHackV8.9.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1812
- - C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" http://tinggalenter.blogspot.com/
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2752
  - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2752 CREDAT:275457 /prefetch:2
      4⤵
      System Location Discovery: System Language Discovery
      Modifies Internet Explorer settings
      Suspicious use of SetWindowsHookEx
      PID:348
- - C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" http://2502280e.linkbucks.com/url/http://tinggalenter.blogspot.com/
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2504
  - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2504 CREDAT:275457 /prefetch:2
      4⤵
      System Location Discovery: System Language Discovery
      Modifies Internet Explorer settings
      Suspicious use of SetWindowsHookEx
      PID:2332
- - C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" http://tinggalenter.com/
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2980
  - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2980 CREDAT:275457 /prefetch:2
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2476

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x56c
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2240

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

Filesize
1KB

MD5
55540a230bdab55187a841cfe1aa1545

SHA1
363e4734f757bdeb89868efe94907774a327695e

SHA256
d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

SHA512
c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B3513D73A177A2707D910183759B389B_32201FF65E9A20A693462A3946A29CAE

Filesize
472B

MD5
75ee32ab10e6fd7af7be5a50732ee342

SHA1
bdcfc057a51ea49521d4a8279e4afebbb09328bd

SHA256
07c4b5c7b784ef394138dfaec8c9c95aa0c7569fbf51dfbe4945bec3f423e819

SHA512
f6ac59d931ccf32ff62caa76691ad05fcdd1968df56c3b28c8edb48f4fe2238ef99bad0fac0e9218eaf31858a5a4d9c7395e3986aac7bdf0fa19cbde1c1225ce

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C02877841121CC45139CB51404116B25_DE59F8C40B88A0DF57DC57DBBEDD7057

Filesize
471B

MD5
f526b97570e45aa7619b548952e8eb65

SHA1
69e2ce67c2ac2e796399b312d98c3c28b9576b81

SHA256
7f4230e846773a1e77556e15a86267bb6976d4b58737601562f76c0a97cd4514

SHA512
80c8788cc9632e419febf7ed128b899887c5c696b0bdee775b258f87fc91cd0e76c8b3b58f7802b1a65399d7f50cd0b4942c691895039b7db408e685168d1a73

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

Filesize
230B

MD5
9aac180a2d43ccb4cdee563bc096cde7

SHA1
5ba36eee7032ea46a6c932806eeec3c461ea82bb

SHA256
233d80428105f62485fd70c9b3332a67387102eba81edab7888217db044c9b41

SHA512
081d7795b1761f61f98a75762a29152f2b6245a8f31e17453714e031a1de36da60e67dcc73ef518f33cc6fcc823857b09d52144c71f8348616db7695b7b2ffb5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b6a154091f59eb582cb12159fe25c2e1

SHA1
b718f322e24c454d0c75e5161442225201d8c931

SHA256
7c6f50ff147d805b902cfa07c832c919751f2130482c3da5320066d563bd2825

SHA512
2c8795d98e57086b856cb63892dcf1f59d0c360fa016f97a0a65fcbda2ed2663ac4b48d0628a272fad7f108aa5cf701eb84da21eb8a0636ffd2b90b846e267eb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b7ec6760938deae9f2d622f0eba299f1

SHA1
a382c03c87b03b1f7dadeee68c3b56b700aa344e

SHA256
504e90706fd4a534b96262c6712dddccc94d485e147157dffc5eab381b1a5322

SHA512
6d00ee52e6d3c9befbbee1a9b8d69448b5ce44d14c3ae739fa6f69ff9e0ef4ead0824f4c0aeaf7a6b35921ba6ddfa64cd1d39046374b8a91babb278ab6da840c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
db04b9b7b9e7336305e1550a8dcc91c3

SHA1
a203585800020c47b9022b39df89c2c06c5d26f3

SHA256
07a6a0fb36229728241c9e863def51f9d2cbee5f6530b3ea12ba7d64530b65b2

SHA512
18a57526d407d777a6a06064a38ff27b036f567a51a29e719f5e8a11c45f772a6493510f165af41d7f3d308a67ffdffc47ef25fc0929d00d1cfb96709ca2796a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3b113b033383a75ad6b99131259f81e2

SHA1
179782957770d6e76c97bfbf214810cf244b5975

SHA256
010a62aedbd5b8da2d555422cee8cdbd2e48be222cbd76fe515ef4cc9b7f6b1f

SHA512
ece92de0561bb240a3acf3e7313fe052209222270eae488251a176e7000ede928aae6f9d2389a5db6955c2d929c57ac06d675f59c84bf98ce1468d424f25c4c1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9faa49b5f5d98fd3d36e03fbecb5e8a0

SHA1
3eae228c956608154416f32454b6e36fc7d94419

SHA256
b16632fc9e5fb4cea609db09e4d92f891a3b37bd0da1a48c5945b8539a24d771

SHA512
2ca7031f8904033aab0d2a7d596390e25c5f6cd694730a699820e4ed79816bca97aab62c05bbf93ad1f8a5084f5f46cad27c5413ace4f8691722a3838409b86a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
341a7b65d5cd73c5c9d3b1be1ebd41c6

SHA1
bd004d82d600f5f1d1b6fefb5f3fc7883d161be6

SHA256
94b4be312e654a144597032897a997a86b55d45744201ee4bd30509703745ebd

SHA512
fb07b7abc3226194bdb6a80dd78352d9cf0cfa79ea4fc11cddce0c0300357d0fafb0179bb78a82a2dcd562fa0400dae1e48ff8e6e5bf5b9496bea144d8e09fa1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3fbc2d120041ee81b26f4b788c6a05b8

SHA1
6696b42dd3b5674a1a9433d262d9369b67bba1eb

SHA256
8911895b953c8215ca738ac819a1c426205ff815d89c57f4db54cadb8c69620a

SHA512
0b2c3bacb87ce727ee127e94db80e90f8278f423003eca39e95c04e843d119deceae23c40706f0c65eb082d5929f8f1216512edf84578b0ee561a8412673a67f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3f8b5e3c6a91b735000f9d2e9aa33108

SHA1
14cea89c74828bb30ef51defccd7d81132e0c050

SHA256
01f5aca8b30fd95ee2a54780298961a66612f5b37c3d3d9d0eaa5b86b86f830d

SHA512
a5a44eadfff8331b9cede0764d56958bca3bf79e61aabb9dcb0aefdb2b9a196cfd19ffa50ff78f5228c4d82c6652754da2f330cfdede89f33f0d1f596f949987

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ce78472c9fadcfb30599729e33db2219

SHA1
719b56429dfad28205d56af6f0f5f53c7aa72855

SHA256
f8d5aeb5ecfe5b586747940d03bc8528289997e6724357339b37f8ed1f4d9166

SHA512
454c8b2c20ecec6580799f75e0259ac5ddc8e1e92f22988725014d42fda9047caef3d2929346116feaf0edb8ead5ab4a873b7cb1b61eb45c3ab7ce033b36879a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cb90c9de029dba0d1c27fbf4757534cf

SHA1
0c9380f3bd73ef48684be14d15342233fcbfbf7a

SHA256
fe52e9b2d3bbd56a0f0406685177dfdb3a27e2d9743d89bcbb11783db3c1bc14

SHA512
8b80c5a200391d174a5f04a4d7c090626d2933aec3e763e2e2816d92a6ec7280c498be3000350843d2c95e25c12210e649e643f07faee8bc771858f37e5aa881

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cbf4eb6ec56dc752a7ef6b0164f4d384

SHA1
adde384014523b2a9adf70bebb6bdbdf54391566

SHA256
8c3b941f383e1a1c09f3c774fbf5af6f5db8737249fc02a9706bbf30ac963b5c

SHA512
d6028fd39e2d6efde0fdb24c6e114c18a8aa8a5f662fe711c754f6bee133cd074a4a21e33cc7dbdf0cf09fb1de28777a17f139b905830f8453a8df7c7942a157

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
412328b737ace08adb5669f7df714fa0

SHA1
fa29359e41d836658b05d21758718e7e17998621

SHA256
52fc154e455a09ec8bac6ad7938614507af7bd815e81c8c17544fd9a00339e78

SHA512
64121d0de11847a801be1aa0861f99beb1dbf0777929e29b296582b92947c749d45dea3d561bef31bbd7fb8127d5dc818ea27f3c2d16d8a25a784e4f82fb4e92

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
add826003dd47cddfa1f48627604a3c9

SHA1
a33d039626dd99c198936dbe13df88cb20cadc22

SHA256
e3e3a1536eef486611cf11159c63a9ed239386b76e548090940b515b5c824cd6

SHA512
1992c7fe82f7f48cc20ccdd752ebf38054f02325fac553429001423d68a521dae44130ed4b516ad7dd556e3f21d8ab3e202277149daee42a35bd3861801826da

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
184981cc63521732bace1e595b7e6e28

SHA1
f827a1fc60f64e2acf15de1cbca93b5549632f5d

SHA256
7511cef17ce46a5e951639292af25c62ca984d6297b7cf761ce34457f1724ed7

SHA512
378905b4b1db1b2b055081f4cba21ca84276b0e5d3213177791c2cc598a3bd3595357965bbde83e9970fc593bd32ae892fff7ed47e59b772380bbb43de2318f8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8ee3f346b8c630b1dcae99a042d0e356

SHA1
2eed08048425e583a47309682e3fd16008c33848

SHA256
90786011a72af486dfde62ea934e068f50d22742d0ad7a75aed8b52c68aac48f

SHA512
530e7faf697d26ec28ef8ef1c3e7d9b2c228a16aa9a7b4d364aea88b07f31f9a01bee6c2e4f0ce6ebb5c22e869d2e99e82fcdb2e94c09dfcd7b29067d3250863

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f3259891add48c8e9701a507a9574022

SHA1
e13531e5283950e4f366600e6e2104e2d9a49655

SHA256
826e072f1867cd4c60da045f19cf1a2d7082445624c383696b629139df21afce

SHA512
50db5dd342cc93155cbce98d5c016df9979fddcca12f0d587c738a1fac1db134e6f228ef2550736ad2253f31b8121fe63bf2dc14af908cc453f52acccc377275

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c04cf5fbed36b25cb4bc68fcfc1e4a8d

SHA1
ee9dbd4341d3067da108118eba80a2c0d1a17768

SHA256
529ed867ea1b9e5075ad7204e9e3554a49b184c310a60c9546a2354e0ecfa423

SHA512
95ded32f5f7e7d13a08882de6f0b40e92766d43b047e302ed0fd3611b24f08696d4208144452ee82ddefe1e1ba944dddf4d493050b15b8a04987a8fc03e517bc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
710497fbd63e12552c6e23dcdecc1216

SHA1
54b0b4d9f88f61cf07ae584e4318656e95b52816

SHA256
0b3eb3ba75787fdb1982825a74e2560371fed4f4201634d567e9d46c823eb927

SHA512
2ebebf45b3000379ed31c0125e3a7d9fc7347d53aede3904411b1a563ee3b9a1648b3a93b228b35c52b18d0f4367815834a93555bbbc792f1e2e727d0a96442a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3add53bdf59b9d883db61b916982735a

SHA1
61f6f7d0d2ad87ed9df499cd75597f49a487ed10

SHA256
ba3ae49fd90df9f6a12ebfa6cce536aa09cfc8255e7ae7ac2327c3b919414207

SHA512
51548c11a6137acecb2c2243a1c3528665af726ca08463464e20a22cfdcf59d4a785420dbd0f761ffc54fc5070a112117de05f9352eb9db083e2cfc3dcbb1be3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
57bf12df9f334ed0504781b84a9c4f3b

SHA1
bad07b0fa5a250ee52d33d4b218fad852bf0d2e0

SHA256
f7b293d36ecbdf7ac289f49517719b980475538c0008fbb3e42b2b2fb9125892

SHA512
56e73ddf9b354f7ae5749e30e4323d2e90f71e64225fa5b30e9c424c47ca8092c784337be60612c76972f21f3d893a80db75f9fe793215d44c7f6caa413f2bd0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cc24cb726a7267faefef43172db4488c

SHA1
b3efe6d0c2447e211df4a9c6acc15e4f5c0d75b7

SHA256
e9a5300e038c7433a42313a2b20b18ddf99b8c483caf0e8628e738ddcea40afb

SHA512
9c4be6ccbd7055fc88a10270f9e90ee0a57d9e3661dc01703f191dd90fcee1541a45a0d56c2283e1a335cd0f21886156a583e70a7df41a1e9856db1b718c9410

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c6c155f375767b4f7b7da94400f19f05

SHA1
c4e1c4d168bc1bbde1cd36be7aff02f33704ffd2

SHA256
206e41a36be7d5f9619848a9a34941259a48a6a982419262ec1e3ce13cf282f7

SHA512
f51c20c1bcb1dca04f09a451288a879a4b9dce0ce8a3acc093a1dc48f3005a14a66590be24ce18ceb157507f4110d46e22ae9c7c4d08c785ec85b50909404779

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0003c26b808ca4d3b19940ae3ebf73f6

SHA1
1f1ba8bfc8c6f67968911e3f9ba92324558a6bd4

SHA256
e8da5da7d0d0f004941f80658a3f8c7c5fa354a479a7b2b5e2c3c95110c74c7c

SHA512
513baae5e58a2b0a5c4f23e2f7efde955f1887f8844050cffa43241024d280fa60bb7cf4054b6837306794d667ad8604424473df7340deea0011383cb5401013

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ea9caebe4a59c03b2c1a67275f87c4f6

SHA1
c6d2d88d9e843ce7d0d5b43b2ef8a169c5ac0381

SHA256
6daa9b31dd02c39999b32508c6267999e8c8cbae83d0befee5494a47330554ba

SHA512
8a9e108693034a55f27306ef16cb44337a4ea435dfb6b0452c0923e026b3d7088edfc620faf5f8065e0e0dbacd7e12baa89f522c75c6833ad5ac2fb69c45f56e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c8136de268d623f87e6eb34c022ca0b6

SHA1
ac7051d1f9d75574587d4dab054a13d971f41eff

SHA256
4e2cc7a64a3852830ff77a18e0375251ab84a5602ba476dc053721eba6283e8d

SHA512
4ac2bb428230973c74475b8c88cd12bc678ee63fe4623be1648f3ce55ad1b00e765f647e213397b00d22a194d511cbd91432868cb2012f96834d4384378de34d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
25afe607e89e86f0dc0d99e5459358e1

SHA1
2c23bbe33f5781eb02ffc71b7b79ed8f1c21faba

SHA256
22798101660605d04ce2bfba0184f1b79a1d283b4b0c84b1ac3d81c43e252ba4

SHA512
79ce92d7923260ba898df22781e3535888a171c09b1eebb7f65c0fa7add8049f8f507148f87411fc53f3eef21147641799b141c7652bdc36018a2070fa358ea7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0c4002bb34146d8807d01d73bbdf4c5d

SHA1
9a111b884e669fe16b10bd821f1f8f5155bd6a96

SHA256
779270f8cad92c8f25fdcd100bc7eabcc656dc3836038da557b7711a38dbfa48

SHA512
763a66d7a77e7bc6abc9ba148bb24be7eb0d3525b5e98752e9cf8386b929cb168c74309bcbbda28517f114e06888075779f7cd09c1a319f6a9455aa66a90541f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
22be4cb12cf57b40e90b1d4a717571ad

SHA1
3a52749dbc577429b858dc94f8c8ef74f4b81ac2

SHA256
a73f09c72027b5c5acf7515dfe70aaf08d3323d940b36e74c0f8a486c7f25f67

SHA512
decd5afa22945928a4b9b619cf98a8b31ec5ac6decaf08458835b912b78bcf833da28968056ab8cdcd6ba4a35bf4004f976dbbc51110c3428133d29965dfe22f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a5aac39bebc9b0490e457766f4d903b9

SHA1
f2a8f4de4910bc22c0ed108ec640652dd0726926

SHA256
a719e20ff4ee83198644d23a613eb22ed606df97ceedd5649bfe715e2a65338e

SHA512
08f3688ecffe565a2549999f567a5b2c9ad5dd243266f559e34608081bac2f2e11d8520e0a87957ad5646de89e97fa0545247a7c5eae942609b18420b09f4021

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
25bc709b4c07b23d7ffedece1a3e5103

SHA1
2529a77289d73098d62a24b51f6192604c0f509d

SHA256
d6fc75fa3409d39d5bdeb6b8f67503b531dbe96d9e53e00c632bebe035d87eae

SHA512
d9614fddf203c25f79d581ccabb3a74a2e1d716b5995d4b6d46ca09877c7fe4324f974502a6717e96494f44cf5022de8db2f5eb5f99eccfcb7cec9f7e38688c3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
14bfcaca6363f9e5bd03cdd9639ea9c9

SHA1
b15fbb9fc0049b610fdf5c6432c91015d52dace4

SHA256
91a21b856fc9440a2cf2617079c20b063a95091ef7ae1ba9be53dbbfe409cf61

SHA512
02ae4b8653aa246b2230b17a4fe2911f99987ef10edbc0a7a0d70aec86618eaf62dbbfd5c2bc40e9c697cbb83f099c7b37c9813c24efdb03b25f195f9d60ff37

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C02877841121CC45139CB51404116B25_DE59F8C40B88A0DF57DC57DBBEDD7057

Filesize
402B

MD5
ff20a84884379c1372f240d5139228ab

SHA1
4c2799e13ad88538bf3332863a8280efcfd72b03

SHA256
9d76973e7c1a0e175b9f55d3e4c377931b2e52ac98e8978b76a1b13e4889e001

SHA512
ad25443995e64529719bcec0502633a2699ec889e6e3c793005ecc08e7f0dcfa7caa39d37697eb96175636e0564d7ec13f227c97e0ffd45d2680f30d62b776ff

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C02877841121CC45139CB51404116B25_DE59F8C40B88A0DF57DC57DBBEDD7057

Filesize
402B

MD5
4b3a112d3d38639a6be4ea8dd9685fbd

SHA1
51e69e8ae7f1f302960abafd94a0f63bfe948438

SHA256
e19ca73ce898aa91ea42c601ee176f1bba4838476bebdfd5ef8d809375dbd0d5

SHA512
f6f2f41661f86c8298a54179a8f640926e38590dc65585620d283234748e2b8b2844ad8b570be2d61ba87e2277e4817e2a08a5b13e1a0aaeff4daa388eb94e27

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{1E7BE561-4B25-11EF-8E5A-6EB28AAB65BF}.dat

Filesize
3KB

MD5
e5715877e32c7e33641b6a3b84c6a24f

SHA1
7b2454258a726a86444104e249691c080c302f7d

SHA256
a247b6e3b1c8817b2d13a723ab473b2176f80a267a15e18ad1b59fe6fe23bd1b

SHA512
711229e752979e98d57efd279b05f57efa0ed3bc003ec8e9bb38d62e734cdd0086ffc47abc7c45f0182a4dbe9e204b9a0855086759b6e7130859d2599350849e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{1E7C0C71-4B25-11EF-8E5A-6EB28AAB65BF}.dat

Filesize
4KB

MD5
68fbb6794490771ee72cc3eba192213a

SHA1
e3c9ba3d4b9e2867fce0c3819cbdb73fae293fa1

SHA256
3fe5f211049e30946769431ec7c5411dbab6398e101a4a4c85787dce723cbe12

SHA512
f98b578e9318543366d67414a6035636800fedf4d04db459ddf2770e9441621f9456f32ab2582c057c274c11f57666fc46467971d382af215d2f97eb91732cf9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{1E7C0C71-4B25-11EF-8E5A-6EB28AAB65BF}.dat

Filesize
5KB

MD5
a45f4baaf6281a793fcb174767505646

SHA1
111d25ee722eeec68ac4347e929e38746835b5b2

SHA256
f418c29ee55572ff86f6ba230c7bbf4217cb033bfeadaf0d01da9105a176f5ae

SHA512
2ddc661c23401f0ff49c86aeaab3f5691fc3ea65b87a53e1ffa4c85aedcc0eb4152b3c343654cda407b409d853b40030438e097c44b727e75752659bc821a028

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\ivwlua0\imagestore.dat

Filesize
3KB

MD5
8168eee6bc8fb6b0d1445c23f0577248

SHA1
c0b619f2b8e5d90040ceea2e6bbccf019aa8e0e6

SHA256
dc5b2dd002ec2cfbb0cf14d3c73289c1ff3317c73f2a2125275a20c8f19b78bd

SHA512
aa7e93a3480d507847b877ee65a4a39badcc037a60518c5edb2115201b6bb5bdfeb594c73b55629de6cb64b073ddcf6afabf42868969731756d9b99d0e1de52b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0E1IWGZ4\favicon[1].ico

Filesize
3KB

MD5
59a0c7b6e4848ccdabcea0636efda02b

SHA1
30ef5c54b8bbc3487ea2b4c45cd11ea2932e4340

SHA256
a1495da3cf3db37bf105a12658636ff628fee7b73975b9200049af7747e60b1f

SHA512
bcfebb2ca5af53031c636d5485125a1405ca8414d0bc8a5d34dd3b3feb4c7425be02cf4848867d91cf6d021d08630294f47bdc69d6cd04a1051972735b0f04d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6XUZ2JLF\platform_gapi.iframes.style.common[1].js

Filesize
55KB

MD5
881eb3704191d887333d08190e37b9c3

SHA1
fb5f7a2259c6e2d0a986f1df7da0017f6f4bc198

SHA256
03759f99c9adbff1efc85f512a97546207efcf91894a08b131bf59c2e2b95206

SHA512
860ce2d7e2ee0a1eea2701af9d0e01659508e26bcbd2b4456bc926fbada737a067fb5281085c00d136f6294964cc2a6764ce2c12cf3fd32a0f130c117a6e3191

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WHDSWW5V\cb=gapi[2].js

Filesize
135KB

MD5
cb98a2420cd89f7b7b25807f75543061

SHA1
b9bc2a7430debbe52bce03aa3c7916bedfd12e44

SHA256
bea369fc5bdd5b9b473441583c46b9939232bf1f98c1cedf6bc2241c4f5068d4

SHA512
49ccede4596d1e5640a9c8e8be333f9c18812d58f02b2b15adb54172df1387439e9dc5afc4ccd9d8f0f75f092318bed68d3cd577338e88ef4f9373de8a07c44e

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabD28E.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarD290.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
\Users\Admin\AppData\Local\Temp\IXP000.TMP\SasPBHackV8.9.exe

Filesize
204KB

MD5
8f16808f8b8cbb489e0b7dda9a9ffbad

SHA1
8478cc1f2052e5c9d57a142d2067b5c461e644a0

SHA256
34d3bbdc2a7b037b86edfa9fe988aa8e067eeefb20f814152ff776ef591a0675

SHA512
dec82eb87f9d471fda418dab11040b40e5ad6d06fc461ebb4b9cc41f99ee4e853b9d5523bf2f0f88423fca84ca33ad7394bafd39ab66e31d331371b18bd9f368

Download Submit
memory/1812-18-0x0000000004D40000-0x00000000057FA000-memory.dmp

Filesize
10.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads