b6bec6857a59ca483398d6117278e43ff626fa31d040b2ee0a72158846dac2cc

Analysis

max time kernel
143s
max time network
149s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
02-08-2024 02:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

82a4aab7067b45cd96d537032344f1ce_JaffaCakes118.exe
Size

92KB
MD5

82a4aab7067b45cd96d537032344f1ce
SHA1

771c110c63747dadbfa602158caeb565a79051b0
SHA256

b6bec6857a59ca483398d6117278e43ff626fa31d040b2ee0a72158846dac2cc
SHA512

7b5fc5ec054177e93ba3eb2a8b31e12b5a4dba0d36dc9b77c07d80aa8289281dee0257ef54161a5dbd862f6eef411cc6f337a83a30b162eeb1110a8e1b7a5a5b
SSDEEP

1536:VaaafML+d3RsNESWJHHB1avM22iwMwOEQon:Vaaa0Lo3Rhp3ak22PhOE

Score

6^/10

discovery persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Office_app = "c:\\windows\\system32\\H1n1il.exe \""	82a4aab7067b45cd96d537032344f1ce_JaffaCakes118.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	\??\c:\windows\SysWOW64\H1n1il.exe	82a4aab7067b45cd96d537032344f1ce_JaffaCakes118.exe
File opened for modification	\??\c:\windows\SysWOW64\H1n1il.exe	82a4aab7067b45cd96d537032344f1ce_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	82a4aab7067b45cd96d537032344f1ce_JaffaCakes118.exe

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003125cc29be9a0e41b44a3d73dc8faf7100000000020000000000106600000001000020000000288d387a4b3304ba4be00530b3c0b2e8c2acc2f2ade85bd8591e9a00442c4940000000000e8000000002000020000000ab7a978cc255164e34c9c81e9ca8dfc387cd0b7164961a7e4b1643aedc4fe160900000004ef03818b9d15f02a608a6917b7273b610387c9266d16cbc95d45986247284159540c493b81e0e8d299b88b7e8257b0506cf43290fc0cbf1f15dbb1608bb8e436487eb9fd122d15bc793106e5660c03e2b3d01324a17367c575e6fd31a08ad332c4baeb28a04c7a3df16b5e015d75b0c2b6735a02970bdd13b15a97a5748bfe15dcfef88138046b514db12b53122c878400000008ca6c6e57712de3e43b98cfd464103a65dce8317b210acd7cab5475f16de49e6c95b7004b05a95ff22433066c4e8b8563066c87d3db888fcf24a93a9cb41debb	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "428726502"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003125cc29be9a0e41b44a3d73dc8faf7100000000020000000000106600000001000020000000c0ba3de8a053df36b21ac55e58819e1b85b5e3fb5864cb4c162787f93ebf4e62000000000e80000000020000200000006c187c0aa521f8b55c7943ccb8732f1864b565b45bce28bc5dc534ec1b5572c820000000aa888387148418dcbe4ca0f97a6f0b44ce4669cfcf07324f345a95d46df8a5fa4000000020d5817259a1ac70a08069f809e1fb792de3944ec7061bf792f27a90df6625169c5edf7e7b6fcf84cd11ae9ea517922251e24dc6b99bba3d5602bfd0d79f6e42	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f045834081e4da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{66E15AC1-5074-11EF-9749-F6314D1D8E10} = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1012	iexplore.exe

Suspicious use of SetWindowsHookEx 7 IoCs

pid	Process
1688	82a4aab7067b45cd96d537032344f1ce_JaffaCakes118.exe
1012	iexplore.exe
1012	iexplore.exe
1956	IEXPLORE.EXE
1956	IEXPLORE.EXE
1956	IEXPLORE.EXE
1956	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 1688 wrote to memory of 1012	1688	82a4aab7067b45cd96d537032344f1ce_JaffaCakes118.exe	30
PID 1688 wrote to memory of 1012	1688	82a4aab7067b45cd96d537032344f1ce_JaffaCakes118.exe	30
PID 1688 wrote to memory of 1012	1688	82a4aab7067b45cd96d537032344f1ce_JaffaCakes118.exe	30
PID 1688 wrote to memory of 1012	1688	82a4aab7067b45cd96d537032344f1ce_JaffaCakes118.exe	30
PID 1012 wrote to memory of 1956	1012	iexplore.exe	31
PID 1012 wrote to memory of 1956	1012	iexplore.exe	31
PID 1012 wrote to memory of 1956	1012	iexplore.exe	31
PID 1012 wrote to memory of 1956	1012	iexplore.exe	31

C:\Users\Admin\AppData\Local\Temp\82a4aab7067b45cd96d537032344f1ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\82a4aab7067b45cd96d537032344f1ce_JaffaCakes118.exe"
1⤵
- Adds Run key to start application
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1688
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe" http://www.danidutra.com.br/trabalho/Amizade.wmv
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1012
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1012 CREDAT:275457 /prefetch:2
    3⤵
    - System Location Discovery: System Language Discovery
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:1956

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\4FA45AE1010E09657982D8D28B3BD38E_BE32D9F1882B93E37445F58E05C44495

Filesize
472B

MD5
3e5b9ddcf4b596748e9e9b0edaf0c332

SHA1
b84022e944db84f399f37227ee1115958db6aa6b

SHA256
2755681c98eb6366e0f78b7f3742718aa41d0c171e6c118241cf3359081c58cc

SHA512
3a6cfab89c3e19da9e398eede86b21a959f5e8367d1472ee98fe8446db2ed52f9dfc5dff28292ce06fc6942a6beaf648ba782b7647f8de98ff02e4ed4d10d710

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\4FA45AE1010E09657982D8D28B3BD38E_BE32D9F1882B93E37445F58E05C44495

Filesize
398B

MD5
6df093cfb7cbc26b00a61ed57e475f0b

SHA1
be56600c274ed51789120a528cd4aa678c4a1793

SHA256
8f0deabfa3dc35d94af85fda1bbc1ed3cc38b1bf7989b6f31fa761a4ecbc5e2d

SHA512
9e688be664fa8cc05c9a48618017023827a6975ade0f1c35e69b70e86e548e2eb48e10d6b38334d4884cda29b3fb7f2da085ef71bfbcc3c1d6f766b37463766a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
698881df9988071ff84c91f61a54c0ad

SHA1
f34e8c96d7a82e36b6d26614432d891219bfc9b6

SHA256
494ba5816a725e00e400f5357d2a06c3522a4865ae05f98859c098d839222dc3

SHA512
041b40559d7685976984e7e0c5bc7786e039a559bc5faf653785c34b1e43d35d46d2988d64b8a5bf405414c0c33e99067fc6105f59c1fe9bb339d81fb0eff061

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b715659f417aca09752795dcef5b07eb

SHA1
253b3d7e5337148093e10b23b3e47e0b76215a98

SHA256
5fc78d756403ba6066cec9937d39939df932052e00b61df9665c707a15aefc2d

SHA512
c284b56dba8fb1cb1fedbb2df405cb8a8b4add254b195f79949319fbf371ae0cbc5868d076c8ef33df2fdf501983e6ea0f35ef5d1863194e25bf4c737e796901

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
047bd8825cc96184b80071c1c412c2fb

SHA1
09c1ecfa7882753b674a4d43ba08c878b09c5b87

SHA256
df18579dad220680d2ced09ef1f743379aacfab708e5d5234126d6daabbb430b

SHA512
dd733061447dc2012debdd36c3c6bef97fda8952c8abcd2d1d76cd601dc9f1781ff165c36e3da1593dc4d799607dfd90f47c5466773ea83e6a54394a35899fb4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
40ef1a2ab6bfdba412a9d561f87ac50f

SHA1
d6e8e47238651de45da27394e4b85fbf574c6547

SHA256
2a5b830461b8b5352f5657284e0d07ce1e2cb720d698a5e72328f441361f5ba4

SHA512
3ba2e2b0c3872fce0f47866a0ffe953aa8d29d01c1b45c55893761f98df9a15576b2ddbed473dd51540985a9075be9d517b03c07a8f2f95a8dc9b702e0dbd3b2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ed9f782f738baf31df0550affad6251d

SHA1
ecd5732a9e6fda5c7c293d737c5846a21271cb25

SHA256
152c6329c4de17d234d7e4a56242bd0f48520567cb302569fecbc352f5ce02b3

SHA512
a9575310f7cd9ed55111923746503928f9957dbe838a365a77703033ebcc045f2dd69a95a564eb971254c6b0220291e7855f04af710630dea249ea6ad271af1d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a35c4372bc0fece0e7b78057d9b35410

SHA1
e4d2f4f4f966be19e47f8f56a72461831e8517f0

SHA256
b12136ada8eee4f1dd4cbd4478a02fe6224d9b52783820ddb3e5b77990e17f87

SHA512
652a5f1f0fb8e7f982ce98e359bfdd2f681a562dea42ebca774af88b11a6ca96de6b5d1837a390b872d93b0119d31f0f9bd5db5b128977fccc45a29f612e0445

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
aacb802bbfcc13d886516038775aba97

SHA1
9726393b073d116146181908d94ba0ce8f579ece

SHA256
6dc327632d2efccc1f5496556e7ff36c03fcf4c25bcbb8fc16c4c8fc3f515768

SHA512
a9a6a8e98b699e80bf1b0824a36bf43f7a4f0da53d0d1d2d73ce8c0585e5d3035d0f58a1d4a03a0e92669918ebf0c1f1ac41cddc6f8b795fddb1a9c6103b041e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f8343452f1cd3854840ed0130810bd0b

SHA1
e4a29463a292b87fe207cfb69278492862564917

SHA256
c2dd6f7d92c3e0e01c5757519bb75bc4023944b26cd43605761bc2d34e015174

SHA512
05fdac59433b6428a71d92a1416fe43f6a8114c18701b5cf30fb4a6104809a14bf2ab87631cfba4a71fff262be3bc89f6008da254cb4d63f8ddf54aeda949d26

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
27ec00929356c19c9ef9fe587e5250c3

SHA1
ba35aa828b91ddf5c69216889d9ae32b7c9adcd9

SHA256
7f955bb15947e6c3f9feb5208af86c223cc802172f6f0bf14051140f8165b537

SHA512
fd508e317be87bafcf2793f607a838032ec9acd97085adac24353fc0db3905d01ff4f8f7891d9b214a9b934ff49fcdad7d4510ffa9b4577db007e6c1024dd9eb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9f65edb7d438efaf23e84d13d0f14a72

SHA1
aadb771205036e4ab312dbfda44d0f4e0140d99b

SHA256
453b30ca180f20c7da288601f7b0119c9268ba48ae332fe3c3cf25b9e8a1b343

SHA512
c566625bfe1c711bb675d12bf4c622922dcfcecbb1e47e71f2c20f058c5d44db1e62585856cd92304a1b29ca081a4480c251990244328be334414f72c2f3a08e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ceafc660df064f3dfdb68c8a4c85dc78

SHA1
565cdef7604a44399c97d039c9b5fcce3c9f7b30

SHA256
ebc9dfa2e8ac3225196869f7ed36aad8115013ecaba5e272e67f93eabea6ea88

SHA512
146f960bd92eedfdde8a3cae31e42bfe1132a567155fcf71bdac39345a928ff9b9be5307057af2454f6a3288b1492c81f13bdee92b536e950ac9ddc3995bc733

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
06a6f80395605ff496694c1aa1fe2e10

SHA1
f2089a353dbfc92f2688408850627d1ea27dc480

SHA256
ed8c760b8deb91e530d1a5ab6769d195a8b140e4a474541a6dc6469a1c6695e3

SHA512
84f4bcd731e7edabc814dec5e7a99718f8b94179529fee8bc70faa1fcb91fccf39cfd356442f82998828cba06964b7111a64ac98f0710183811902acffc6cf38

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6b32121c7a0b0840c87d0ad2774595ec

SHA1
9300eac291abd5d437cbcdba1f5576d02d86ca63

SHA256
b1ffae8a698c188a74d1673b89b89d27b1c688b5253f51efcac72875eb588a07

SHA512
3d0ab5073e0fd1b0df1dfcefc7099ecddc6d4016410e93648eccfeb037604736c7286770c63ac5449bf29d2c78a97e85dc05563f7e385082b741dee740368e5e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
32a8adca5f2b21e4858bb9602b844c2f

SHA1
e5bb09d551c2876cf2b1b5dcc16da62086d2de44

SHA256
9995b4de2f54116e4849097efd4efad1d05cba2424730eaf59396aec423e45c1

SHA512
f1f6d46566e37b62d631c2e830d5bf3a067758cbf4d9a314a0704849e2a646cac47d4fb7e58d92c0b630ca20f10f8276c26e1100c7beb5d9f299931e2ecb88a9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bc0a0c455ba7aa9870d273cf29c2638c

SHA1
0836d1e93f96ad8a308040435e55eeb3254d0eb4

SHA256
0d529caee87a6e0f6f122f5fe9eea599a49897617abd8eb9615f7669b626efe4

SHA512
c3eab61f4bbad0b26d64bda34385768b8bffe8e75f01f88d92a3d6853b8182a3581bb3348ebf90e06a171059fb0a1021977acbdc28cca67ce2057ef440c45e4f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
74937023850627a1b066d88dd917cef2

SHA1
049060880a8c416b03095d9c27546590e72f02de

SHA256
ef44bfdf3d562d40a46264084ff002f54193f1f3e7291978e6443f0120732f7c

SHA512
6fe818b4ab392ec82c123512a2baf42a83f0471f0316652ffde773df65529a176ac352790b04df38cb2cff193e2110567d15cfdfbbf5102098f51a18b8ea7882

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0cb61f922b6687cbdd92f0f63b61fea4

SHA1
cafa55bfb6548032569a8b72648dc0f08b50b628

SHA256
34f422e58feadb0468c7ded8804d2cedcf496b43d993fe8c466dbd71d8acd767

SHA512
73881c085b318a6f7200e3d364c9e598517525fde2d07e2f93130fa92196904b7d0a24a149f58196647437d944a305ec4e027cb7643f9789b3df5d8073155c21

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
125c2c63fae9259259156ca1547632f6

SHA1
223b0427d3c756d1f1c789fd7419e037f411152f

SHA256
21d12093d4cd37f1b8b596500cfafd959aebb11ef2fa115d0b05d07cd9c34a7d

SHA512
26cbb01b4e83f2c2b95fc4759561f69855e76c165b63b5d954ea69ec909076b60091f4161b611eebffaccc39a961e528a80df80d872035523fdcbc2132bc0a74

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bebf273cff64e6379a47a9e7c6f0281e

SHA1
85021605b420a37f1589b63cef365a68a4cfc59c

SHA256
d0ce3b597d4eb56884e5857e52f4c32d6f503bc41930af87277428dda0222ccf

SHA512
d3531c6414f3db22d0367048f7735d2bd91c212d08bc6be4e6dd575696401811b314d23114335ea45b4294857c81df19aacf946dc6736c42d619eb53b272bdc1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b2861e2ec30c53a88310d601cc2ada50

SHA1
607c0cf39bfbbc3570d9ad0dfc45c1388f7a242d

SHA256
5987316435b3fee6f8f7bccf3c35c7e37d776477f65082a9a2fb43b5428431d5

SHA512
75ebfbf64ffaa587ac89d6c5e85ebfc0877bc4379d8bfa539c08fb83d1d2120af8e7d49833b395e05342ca9355ca92d52796de489f9a7fff9589d6867df8e373

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab451C.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar451F.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
memory/1688-0-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/1688-5-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads