bf1e7d6995e59d1238d48a6a3ef797f37f5986bad6fbf1a4c4b66e8f85b05cec

Analysis

max time kernel
133s
max time network
130s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
11-08-2024 13:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8a842d5e1eccc2a3e5ddd0a3ef37e67b_JaffaCakes118.exe
Size

693KB
MD5

8a842d5e1eccc2a3e5ddd0a3ef37e67b
SHA1

4d87129619c8873d62dff15a64cadb1744616cc0
SHA256

bf1e7d6995e59d1238d48a6a3ef797f37f5986bad6fbf1a4c4b66e8f85b05cec
SHA512

30934420955e19c1a548e05ce70581de02ac44d3391ea1c839b061cf5a25201370f7f6c85586c0b9ed3f88635e0a4aec6a31145e3e49b99e1a4b35032d72c3c0
SSDEEP

12288:8Wji9ZJ/XQ7m4vwcYyt7z0NqLcf0SNSGh7iZsrTpWwYwH:PWZ/A9YMt7INqL67d+srTn

Score

8^/10

discovery persistence

Malware Config

Signatures

Boot or Logon Autostart Execution: Active Setup 2 TTPs 2 IoCs

Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

persistence

Active Setup

T1547.014

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{3bf41072-b2b1-21c1-b5c1-0305f4155515}	8a842d5e1eccc2a3e5ddd0a3ef37e67b_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{3bf41072-b2b1-21c1-b5c1-0305f4155515}\StubPath = "C:\\Windows\\V_Server.exe"	8a842d5e1eccc2a3e5ddd0a3ef37e67b_JaffaCakes118.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1832 set thread context of 2264	1832	8a842d5e1eccc2a3e5ddd0a3ef37e67b_JaffaCakes118.exe	30

Drops file in Windows directory 2 IoCs

description	ioc	Process
File created	C:\Windows\V_Server.exe	8a842d5e1eccc2a3e5ddd0a3ef37e67b_JaffaCakes118.exe
File opened for modification	C:\Windows\V_Server.exe	8a842d5e1eccc2a3e5ddd0a3ef37e67b_JaffaCakes118.exe

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	8a842d5e1eccc2a3e5ddd0a3ef37e67b_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 28 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "429544686"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{62A7BCB1-57E5-11EF-A2BA-566676D6F1CF} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2264	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2264	iexplore.exe
2264	iexplore.exe
2064	IEXPLORE.EXE
2064	IEXPLORE.EXE
2064	IEXPLORE.EXE
2064	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 1832 wrote to memory of 2264	1832	8a842d5e1eccc2a3e5ddd0a3ef37e67b_JaffaCakes118.exe	30
PID 1832 wrote to memory of 2264	1832	8a842d5e1eccc2a3e5ddd0a3ef37e67b_JaffaCakes118.exe	30
PID 1832 wrote to memory of 2264	1832	8a842d5e1eccc2a3e5ddd0a3ef37e67b_JaffaCakes118.exe	30
PID 1832 wrote to memory of 2264	1832	8a842d5e1eccc2a3e5ddd0a3ef37e67b_JaffaCakes118.exe	30
PID 1832 wrote to memory of 2264	1832	8a842d5e1eccc2a3e5ddd0a3ef37e67b_JaffaCakes118.exe	30
PID 2264 wrote to memory of 2064	2264	iexplore.exe	31
PID 2264 wrote to memory of 2064	2264	iexplore.exe	31
PID 2264 wrote to memory of 2064	2264	iexplore.exe	31
PID 2264 wrote to memory of 2064	2264	iexplore.exe	31

C:\Users\Admin\AppData\Local\Temp\8a842d5e1eccc2a3e5ddd0a3ef37e67b_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\8a842d5e1eccc2a3e5ddd0a3ef37e67b_JaffaCakes118.exe"
1⤵
- Boot or Logon Autostart Execution: Active Setup
- Suspicious use of SetThreadContext
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:1832
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe" ¨Á
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2264
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2264 CREDAT:275457 /prefetch:2
    3⤵
    - System Location Discovery: System Language Discovery
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:2064

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Active Setup

T1547.014

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Active Setup

T1547.014

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9e0c29d4473e77d2a2d47f00b0b81118

SHA1
bbe9a7daa1a69e20630b0526ce205a0a666cb1a2

SHA256
e645144b5efaeed5278544aa3af39cdb685abd3de54371aa238e404147fda449

SHA512
e19fc5cd0ef246240119bf7f51edcd4ced529552fcd079bfaa0f3f05a1d0531cdace820e7cc5b4f74a276620075b1d4cc778035b3686598d53e502a59bc1f162

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1d4be707d372e4b06992a6a547d6cbe6

SHA1
9c1cfacf33c736870c5e67a375cd2900cd362382

SHA256
eb8b8e554ba98cd6e036bcfe2d73ccbc9aa719181b8caa153f1aa027e83b80b3

SHA512
6f246c4e8bbc24ac1013bfd77988f5a2892a2e0cafebd405eea557409a4947576364e435052132376071771c08abfc0bb6d51f4d0aab0e7ec7bf0367a22ccc31

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cc47916f01137ec67650e7d641288843

SHA1
695eac9e5a901f22faecd224a357e3215b5081b1

SHA256
91a8ad050a183068609b381869f8c9a821e1e6eb4e349ce4ff5f927b2a013018

SHA512
aaf739164709c0b84b433724bbdbb9a68129caed70c355e9403fbb63545714ab62a4c836f3e7e82f887aab41f8cd64516999a9e51da9169492885287a4c166f6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3eaaa839ced8977f693b1e133f9a36e8

SHA1
792a7927ee785cef923a407dcc301b165b4b88a7

SHA256
ef5e0f2187307675cf688c81398febe8b59b8e77bec68b6ebac11872563ab0a5

SHA512
912a17229ccab5499aeb967d0b2c1b56554ff777b3f4e7a8e1749d3d01a2ed782ddb4f9ceb63e7dc996c76a93db7e093eacf01a9d40c1adb4754d10c799d1262

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
97432dced3467a483748bb4a7f8e60d1

SHA1
356d06834d44cab751e9feff6fe6ad4232a49c55

SHA256
acbe3f55faed046fbbc146c533e915beebe5b28bc708041e124169ae42e52661

SHA512
27b641bd2011b990f986e4bc224c0f6ece86aeef4140174930a9c21e35e79afc6047ef5249657af197e7a8259b741f2173ec198f78bd520726002eb61dbac398

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
936b84ec6fe1f868155484916f56b392

SHA1
8fa3346e8b90a7b04ddb98cdf185714f15f713c0

SHA256
99e6c6627b0c8b59683637a43abe1c386cc938385dc80f2dcb7cd74d999dd918

SHA512
6444fe0658f82c7b94294fd717a59c9cee7f40c8e89c91d4d9e605ed8f7fe759aee5f0f42025878ededa7ae2dbe4293355191ecc2c8d8a3d0be6399085259430

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
003d7e93e90f200c4f9710fbb3263458

SHA1
3f647655fd69b56691082b72961a1b0382915ee3

SHA256
a6edcebbf4849375f827314c6df8f778b66a22e8caaee077162647ef13d27d9c

SHA512
e41848f184ce86634e8e7f10aa5e5e12dc4292c22758cc1545c8ed6f6741ab3adfeb0458857a11c81a77353788a54e95ef6a5f9d85ec7cb7f22c5b5fa314a172

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0785bd8bcb55143102fa3afea5f201f5

SHA1
bf78af2ab417719428b5c241ad5852648b7a6afe

SHA256
039c5fd182c2a170252cd913123db6d8ac9d3f426703d1924ef4d1c78b566605

SHA512
0e9ca5f2257a63416b467185cbaf93e83db05953cc6592aaec607c0fff4f78af9236319423a753f64369f585aad62c6e5d8b20dda2511aa4f48216683704386c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8186ddb7c7a31ec2921f8d5fa669bc4e

SHA1
e9958b4040ecafab7bd25a77d92deee3175b5cc0

SHA256
9896b1b85dda902a55ec9bbf059bf54d093883852ad14664ae57207c4697b8c4

SHA512
7afd1097fab97fe2c653a31d450d0dca73115b93b384118547d1c3341c5e456b5cc7588f4ef23d3576aefa7f21295cae809884bc3c422a72eb37c505e893a28d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e41b609686b4b0c5a65046253b8cc616

SHA1
e59a96fa0f130dafd2c06322663ee80cefa11f9c

SHA256
4cad67cfcb211da488da25f9b9eb6b915658ae00b84964438b954d5c280ba1f5

SHA512
1aa2e87d72d4b9c0587ee44131beb17a730151df0cb63926518eddb780ec8d90ef2c0e784bd0d9ddcff4f59832c7b317668ee19b6bfce649f973db731f650819

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
138378aab7139b53c32c89e99f25bdcd

SHA1
a8d8ae9b0b7332c6b452c45f099d498d70de28dd

SHA256
19fd298cb7091fe72e8b98446e9996f95ce9d42005a218948d91aa5f52e563f4

SHA512
1b4be6417140370403fe2e373cc34a22450e498d1995b6d03463f38d077c1a34d9f88e1339f2a44247ec70a82e662c02d4c95eae6714bcfe5afbfe43fb7e5856

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
40e3d57e84c8f28339e307ca491e6823

SHA1
8de529b79cf73f30666a8a95261933c68c7016a3

SHA256
c614afb7de2739ac1d19f4c92a6eee9356ed72232e8f4e56f1d332cb6324e285

SHA512
ca3be2c2fa4b6c4b44f0617649027f6ea6cddaf443b993e87519a352beeaf8e33bbb17bf2a0379ca2ae3988141bb4c2fd631eb331f8e62db0db44fd375173e65

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f5dd5a65671a854d08c02839ae30de98

SHA1
890c783551e4d3e205f908205db4e10bddab68aa

SHA256
171eb3d241953f39b809c920bc19307d18a90a6d295358ddbb62deed5514bf9b

SHA512
baf1ad3c6b1b3e7ce733e8b278a74d9e6108fcca2226f2f6bb0653c27439cc4180a5ad04af6110fc1b4b897d7c6dbe09330cfa690ea4ee8035d1422c86787466

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f3712075babda76ed5cae7d4f484ecb4

SHA1
701c56f8a0bff7d6ec3a0e3bde286b02ed248e0b

SHA256
5e1ad528465dd2af33ac6901c0fd68941d9a843200606ed3c517a77b46f9fa8f

SHA512
be72ff4184bdfdd6f574c9bfb81dcc124e868b9d78fe89c81227cd27cc33b3d152d491ab9aeb92fad9831cd3f1a196459a4f866d95c8db18a6e9a66d8bb3c7e4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c37b51c769c486f425d187b1d152ce0f

SHA1
4d65c544f2bc910d587494203a45a2b5216762e7

SHA256
7140adc83a1dc6209d6b862cbec42cd51e46046fda253e6e2f0d94ea286328f0

SHA512
406595a04fda3e14ba44f25cf1db14fe5e036794aeec37d6314e71e2c45fa6efb0b2837d1812b08302bb4169820263272ef777eed4999ed60cef93d92f148ba0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ebf723177abb63678dbf895c64c8dbbb

SHA1
0e450215150ca066d4742a8249098ddea609d567

SHA256
1e39c12d6a42b2e136a85eeaa429f950ec246c2d691ea83ac8d6152fb6b7b35b

SHA512
998b697cfcecf71ffc62145a4d982e362b0c0fed4098dba5722a451a7638f9ef98ca6b4ecfdb4eee761a6fb777b251c7dc3f43fc0366932475059629f82b7414

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
231f06400fcdfa34efc79249008b19f3

SHA1
768e97f10187630d1ce245fa5f6bf95ed63ca585

SHA256
beeb845b7b7c0ef0197f32d88637ac9c330a9f58f2e401f4fe779e84736d7fc3

SHA512
7fcb4521f3d6ae5cf915498fbb1800ee671b7846875aa50f692a0749583aeb1301c8b206361230028eef39295c7739869fdfb5a4aefd169be804dabcd253136d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a0811222c62b9001826e3c0833c456e6

SHA1
40288d7d10334715e0b9cabdcd1c0af21886039e

SHA256
f492690ad265554a1e3dde635b5660c130f03346ebf47b2609ac1c30e019cffd

SHA512
fd7c55e7204fe05e2928942243fbfc47340f7915a6e73b2b2c6a9695c9bf75df95ca93fb3886a5dc4b1d1c580e8b9c1235dc0b54e746460748ec2008e9c5b891

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3322fd34d6f03b4cccabecc2b1927bef

SHA1
8ae644d456c28add97b8ea1994abfbb3952018a5

SHA256
f5e935168e2a321c98b7461455c9f2f8c3d6bbc32ff693ee3b6b8934579dfa17

SHA512
da358022e30d1721c148f2b2f260a6ad7e28d703af40dc80d524470b7069b6f5e3d89d0360379fa1b446ff6785d6da811d41a8a0948b7f2ac8202bbd6e2d6924

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
93b36d50a7fa8ffdc386571180110d7b

SHA1
74dc865e01db2dc4e8512786a47f480f81d25daa

SHA256
338d613b221d15c52eef7d5f16fc82d112fcda07cc194fc23caca861a3f54975

SHA512
139acf6c2a4007b3283d6e098b44fc9d3d41853aab58b895f736a9d93ddc8013916271fcce8b500613ea6a8314232585129f6f680a52cd13cf4c7d7ea5b93850

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabA7F.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarAFF.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
memory/1832-0-0x0000000000260000-0x0000000000261000-memory.dmp

Filesize
4KB

Download
memory/1832-3-0x0000000000400000-0x00000000004B4000-memory.dmp

Filesize
720KB

Download
memory/2264-1-0x0000000000170000-0x0000000000224000-memory.dmp

Filesize
720KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads