c9c12b03532cc0ba4c7b5b2af0a7fc423f3e93d2b26a64ca9f92443124e30dfa

Analysis

max time kernel
121s
max time network
128s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
10/08/2024, 21:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

87af976eb214ba65b2ce1c7c160d3414_JaffaCakes118.dll
Size

467KB
MD5

87af976eb214ba65b2ce1c7c160d3414
SHA1

3f0d9e1e5aefe253d3d820598302daff1335f9aa
SHA256

c9c12b03532cc0ba4c7b5b2af0a7fc423f3e93d2b26a64ca9f92443124e30dfa
SHA512

345ecca8d058b22dcbfde7152b4b556ac81cf542b5073d620ee82b43b9ddb459d7bbb40a6cbb51b890d72b55b7051089873246948ec726576b039e0611663e97
SSDEEP

12288:wjLWGos2+Ash2XrjJ03q58829Ofxm0ugy62HTDl:aeW2Xr90u8f9Ofg0uTHt

Score

6^/10

adware discovery persistence stealer

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\fttboujriwczpvi = "C:\\Windows\\System32\\regsvr32.exe /s \"C:\\Users\\Admin\\AppData\\Local\\Temp\\87af976eb214ba65b2ce1c7c160d3414_JaffaCakes118.dll\""	regsvr32.exe

Installs/modifies Browser Helper Object 2 TTPs 2 IoCs

BHOs are DLL modules which act as plugins for Internet Explorer.

stealer adware

Modify Registry

T1112

Browser Extensions

T1176

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B66BB773-64E5-44DE-1456-846862A91FA6}	regsvr32.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{B66BB773-64E5-44DE-1456-846862A91FA6}\NoExplorer = "1"	regsvr32.exe

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regsvr32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 35 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000062974e5b5f804e45b98349be16bffb7800000000020000000000106600000001000020000000f89a25890a3836b96360643a1335e85c8fd8bedb392f7a2c923497709daa5e03000000000e8000000002000020000000b7cab5a7abf53f7eeff67ab0aff565509b31950d9a774773cb4c2c3ad2ecbe51200000004ad7827d99b8b69ec408a4075c20886e06523beaf17a89bbb6fa196d5f21a8ca40000000a911df586e42b790ba2b6268a6a781056f508a00454eb9001fb54a117e77961317ea19e0386ed448600a03cfd42cc0610009569c574e254697640f7cf89f0e8c	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 60ae55c969ebda01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "429486090"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000062974e5b5f804e45b98349be16bffb78000000000200000000001066000000010000200000007d71799c32949535afc065cd3d93825eefbde533bee01f0ece705e24b7663788000000000e8000000002000020000000e4d017699eac3e4ac63614b67ddb7943e799902fa52450bb77519cc10b6132fe90000000e332ae41eaea7050fcab6e8cc8b7093a744993baef06ef5779a9a5d9aeb9d2ad62671da93252e3bb08c36e9483bb47d8e5590819b14d5aab7e8c73003c534ae81334936fa9b45ea9d90967272340388eb43b638f4c4a44bd5a059c9a409388ee4d40125951242aee26e78ed5c91cc8d254be9f5632eb86c33c9dd3fc86f8b9dc4bff85813c75cd1d7e001498b9bbb02240000000b2ce9eb4ca8f7789722b780e6f2d19f500b24931b0601a9164e07e2b0e676fe25557b499574294136e25ce0883c5bc62bdb15985ff62a6e0add55490f8ae588d	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{F4A03AE1-575C-11EF-B254-46D787DB8171} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe

Modifies registry class 5 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B66BB773-64E5-44DE-1456-846862A91FA6}\InProcServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B66BB773-64E5-44DE-1456-846862A91FA6}\InProcServer32\ThreadingModel = "Apartment"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B66BB773-64E5-44DE-1456-846862A91FA6}\InProcServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\87af976eb214ba65b2ce1c7c160d3414_JaffaCakes118.dll"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B66BB773-64E5-44DE-1456-846862A91FA6}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B66BB773-64E5-44DE-1456-846862A91FA6}\ = "du-little browser enhancer"	regsvr32.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2800	iexplore.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2800	iexplore.exe
2800	iexplore.exe
2148	IEXPLORE.EXE
2148	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 2652 wrote to memory of 1736	2652	regsvr32.exe	30
PID 2652 wrote to memory of 1736	2652	regsvr32.exe	30
PID 2652 wrote to memory of 1736	2652	regsvr32.exe	30
PID 2652 wrote to memory of 1736	2652	regsvr32.exe	30
PID 2652 wrote to memory of 1736	2652	regsvr32.exe	30
PID 2652 wrote to memory of 1736	2652	regsvr32.exe	30
PID 2652 wrote to memory of 1736	2652	regsvr32.exe	30
PID 2800 wrote to memory of 2148	2800	iexplore.exe	32
PID 2800 wrote to memory of 2148	2800	iexplore.exe	32
PID 2800 wrote to memory of 2148	2800	iexplore.exe	32
PID 2800 wrote to memory of 2148	2800	iexplore.exe	32

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\87af976eb214ba65b2ce1c7c160d3414_JaffaCakes118.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2652
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\87af976eb214ba65b2ce1c7c160d3414_JaffaCakes118.dll
  2⤵
  - Adds Run key to start application
  - Installs/modifies Browser Helper Object
  - System Location Discovery: System Language Discovery
  - Modifies registry class
  PID:1736

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2800
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2800 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2148

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Browser Extensions

T1176

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
713a3b8ce6dd82286514efd7bf54fcd2

SHA1
1ed26e10877ebf8bb1acbf7b960acc26dd16f7a9

SHA256
02e53af1da0fbcca6a7f5e5c1f5c65585f058042ff5369ec780e872d31f13475

SHA512
de2b43bb217c8aa2e2304c076a46609e789df0c1140a2689ef85e8d5649c70676760b9d7966f53480286fc21aa3b2781959c4624132a3eeddf728657fef0f378

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ca9665ea161e5262089fd04a1ff6d468

SHA1
e2c6ac2c0565ddae0db8ec65471002e9adf0f573

SHA256
66629310bd093a880adb4865d058570339745c7dbc334e5245bcae97bdd09c30

SHA512
616a48406f31c9476893fcb80652dfd18b85855628036da508ecfdcb6b0b713664aeb243f89ee08c39b75cc80d17c7a502b5de18e488455c5fee21d98b79357f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3aa32853146b38d5819e88ccb3936e2b

SHA1
36e71dd2f2b12c9bcd7e43672aa014ffc072eb83

SHA256
3f2d210c04ec4a83b5db2532954edf04e9f67a638112bb688ba3ea893f6fb68e

SHA512
f4ed958d99868acb1256b8405dce204b4c0da8ef0f76c5f681149cd0f44e3de85b1df6df71f195dd395599a0e8e53378a4092a8f2cad1025465e542c583afbaa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
049c1a346dde5c79a0dcfee6ff8362ea

SHA1
ee4091d7d2023d87e8a12d013c27ddad531ba8ae

SHA256
9fea480b5b4d9d3e885a0bacb504b2d5c6ffa0287a5e8e8b1f56915289a1adcc

SHA512
754bba53428bc6d38b6084aac46b6389e9cd39c21fdb74708d0038574675138a54b8740047afc6d3822e471dc0e6573ac24435d732d43fe028c196a6de0d9911

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
516d6d684a88660f44be33d1a278acd8

SHA1
f08424f1de74bd6736268f55645b173fe374805a

SHA256
5c0a9fe079d3d12520ac57028e0f30cc1c88fce245a8250f5aa00f21d4873e76

SHA512
ef8001782cc14b3512c13be86b0705a8d8b345731d8e8d057e476658139127bceadc1966d1111a629dec48cd07489a5005aba48154364a3a7184fb9a29a13ffd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d5774537fed12040ac518fbec3e2d469

SHA1
8477fdc42cf7ae7b3bb67d95cd8dd551ffd01857

SHA256
5627587ac36a8bfca2b44056ec0bf1ad8609fd0cf9c54dc540da1d34e8e6e1c9

SHA512
fe511fbd7d194c25f6d91f3b705d7f4847fd0c82ba9dc4e12f0160bd1b3223b2cabd72cfd65de20c652e7bf896aeee26b7d1f29a4f4650274b44c983eb031fe9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
278f7594068da3ac6b40b9bb7f4429db

SHA1
ba2302c7613e9a2781417f1bb0ba3b62603945f7

SHA256
4568101c9f2a7c612ccda82c512b642c57a7ba724e3a978327856c05a1bdfe36

SHA512
f588fc470435d227c6a17f25fd7fdc27f16d2f97fdc4328ea0f6152cbfc3f63947dc1722a42a239178d8456584db45c25dd98c01f24189e2e0b8853419876185

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5f8bc15ba6885d39b61f4e7cf0f36484

SHA1
5fa3c01ab908e07b18bd4b7c7e52cb9432cfbc26

SHA256
04c011ed9acac7caf50520d1b1ccd83fd41817ce5fdf6e7a9111a63e40f9d6d6

SHA512
9248c1a3099713f2935e53d7c4a5c14c56ce15eb12ae0a3d8790face77fe75b3190a5a715031d6cd8561fe0c8f8d3c1898831b4788e847ece7fec8ca591a6835

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9d0c9955491c8d3af4f9db0066614e6a

SHA1
82506f23b508950c4a62b1464a7cce44949d1e4d

SHA256
78d1d38c7df2b5558e5a5920b50683dcd2c25b42eb1811f037f5cd074ece111a

SHA512
0c289681371cb75b5a7026532fa5bfb4f825ed06df0c5bddae99df5280b836583cd233999d43224d7c7bc3ed9936de23734c535a91e0e34f2128f1e937ec20ea

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c06d5c23577a1fa29365c09add735d1f

SHA1
5541d40c309a1439c2e6400a7dfc88478907d3d0

SHA256
f690b974c59cef301885db1e8a375ac04327428ba6924ff87c6b330d9b363811

SHA512
49f9ce973eb0e8c930b9deb713d8935a6c41a1c8a0d24681765692025b547841e3252054cc741b6a8b0c5cb2126e82443713d33e141437ee13a9ca7ed779a68e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f4119853ea19358c03690de94e8c35ee

SHA1
2643538139a744312b28a75398d3e596eb101826

SHA256
395946eee0a84c3df8018032e7ad516317b6a66e0e3172ba59186e91b3a82e9d

SHA512
2d1530ebf97dbe000abe68c808c1ca965dd318980bb1cbd6d804363308cc36d207aae5593e654ee43afa28fb8d3178fe095f02850e13bb944156207902b7f6f4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5fb48997d3605f12caebd8ebcb881068

SHA1
9ba35b71ed50ad97805eb0fb28edb9ca4fd2b358

SHA256
0824967dc164726d18d390e55f16eb8a39794079288257c9c76f36c5c3605ec1

SHA512
5cd1a41b2409ab80d130c5b75cc3a8e217390ea54fd3e02355a10bfa8a99bb5ebbb9b6b88266571bca40de049776ecaaade4012fc56234cf1b81839a2f05e983

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9a378a2169ebbbb79295424da03e3e0f

SHA1
bef9d3e7ff0a6f4a11f46c1439f827a57867e976

SHA256
004a588c5933b9fc4972940f313ef027e971f04a7ad6d408626d478f040536af

SHA512
e404822adb3dac0d9471ba5e756a726e69a1b88add4967fb2ebf36a53037bc8f3edf6fef7531f4e84dc277a645c3eac3abb5544438fd1dd95717ea72fbca516c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fd62c5e074f0c4aee4fa92a4e130d29a

SHA1
14c628bc2f84fefb1e9e1f9e1ac020a0ad681475

SHA256
035a0b72898203fa65988b0ebe0843a489f11303ff9076149758e9835405697d

SHA512
3599b8b7a0db43a67c0e5a710b97cfceb2ab3ea9aae57b6947974a684dc5ce55f6664b4443156a03b29243cd2cbcb245b2445cae40e9773e5fb36196d2593210

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5aa68f3a70d91026832596bf82cfcf00

SHA1
92e85996357b66aee4cc2ca922c6e808e0213ce0

SHA256
8f591a32c22ad8dbe8c079ebb7ff7c55d936a37edd07909f0895c5364d7695d0

SHA512
e7a11f3eab41379f231137b5ef238001ada9f83b3ff3aafeb4229859be61a065bbb0c5c63b283d3e03ddfd3f0d013f6760508d18d12450571fd7484697d4e74a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4bc11988fe8aebc0cc5e739d5575f7c9

SHA1
494c011a1ab3e1c063f65ec59e4c22ee82db15cd

SHA256
fb817933e49b966b742459192a4a981e5a20edb5474889a1c344e749b53d131f

SHA512
31abed4d4000a197bc9d3b8f79e0a29e931a441a9ac0eda09f34e228035549c37f3654e21e3a6c18a51697bd6ccbe64315f09159ffec0762cb178b3d773e1d9b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3ac2db320279a3d3f3d596a8a4ae3fc0

SHA1
460a091e821d4ea268a60bb7c755cd53c9447a21

SHA256
37ae4bee4300987083cc1ea9f549453e005e4dea8119c1d0ddf4b90632b5bc36

SHA512
fdf2775a958a21ff995c683ca5b2e2faaf973a878040d18bd39df79192169f93a6281cdcb907eb66fae56160bbcfb830629db9a2b87e498227da617571ccad32

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
aa36295f543a2ddc245be8d5490f5282

SHA1
aaec962768f1916c9115091cd4da74ca71544663

SHA256
26f806b37bff6014ded52c80978182d9502b34edcbbe3252187f82ac9a11910f

SHA512
3e114f41c2a7041c65bf57df8b570dc661d014afdee7d23884ddd3e45b16a5b1da5edb0c608c8619477d21652770f1f98056260ff0b85c07eb2b03df6153bb47

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab5F60.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar5FE2.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
memory/1736-0-0x0000000000370000-0x0000000000372000-memory.dmp

Filesize
8KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads