963b90dc78a63ea622db854836249fc18addc20f2edc5110d5f3496ff01283ea

Analysis

max time kernel
119s
max time network
132s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
17-08-2024 08:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a1c2b4ca12d50db1c7d20466c5326bf2_JaffaCakes118.exe
Size

142KB
MD5

a1c2b4ca12d50db1c7d20466c5326bf2
SHA1

e999c4b27d72baf26b3ba35c0588a2ae1d07ec8e
SHA256

963b90dc78a63ea622db854836249fc18addc20f2edc5110d5f3496ff01283ea
SHA512

e3366244bd509055e5fb4789590030478a6b001810a78cf6d1c62b642445386a982f993e0ca2bae18009c87ebdf29454e7d89566cb09c53750dd469c6381a85a
SSDEEP

3072:lQVteGUz3hZ7UbyfCxD4sN4Hxc7yBJan44xulkSppGa2VZF:lQVtPUz/7Ubyf0EsgxtkxXSp87

Score

7^/10

aspackv2 discovery persistence

Malware Config

Signatures

ASPack v2.12-2.42 1 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

resource	yara_rule
behavioral1/memory/2820-1-0x0000000000400000-0x0000000000482000-memory.dmp	aspack_v212_v242

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Windows\CurrentVersion\Run\wmplayer = "C:\\MessengerPlus\\mplayer2.exe"	a1c2b4ca12d50db1c7d20466c5326bf2_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a1c2b4ca12d50db1c7d20466c5326bf2_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 39 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 2050ebab7bf0da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Download	a1c2b4ca12d50db1c7d20466c5326bf2_JaffaCakes118.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Download\RunInvalidSignatures = "00000001"	a1c2b4ca12d50db1c7d20466c5326bf2_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{D5C9C981-5C6E-11EF-913A-D61F2295B977} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000d854e951ecdca4792ad3aea80f035510000000002000000000010660000000100002000000073dc30be15eba03208145c6be2140913000af0c8ec916a50acdf21a4bcaf3951000000000e800000000200002000000099bc52f878d6155d4cf85523741667551fa9a619f06b90ce539f2bd714b8b01620000000d9ade136970c8f25757cc9ab2fafd0d4bd5f5124f85cd09a7f262542a919516740000000e7a27ae73b3c8e99b39e120705381c08d39cdaf9db4c74535d75d17d8dde28f0f508220072e0cbc3f728b3a6c207e7e762568e486cc5fd0f4b284d5c037f0847	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Download\CheckExeSignatures = "no"	a1c2b4ca12d50db1c7d20466c5326bf2_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000d854e951ecdca4792ad3aea80f03551000000000200000000001066000000010000200000002785bd5cb69ea3957ef6db6989cc576805497562ea908653e703a53a993d07c9000000000e80000000020000200000004e12ac10613068588a57f6fe8ae24a7dd6709bdc4685001acbe6e13ea0e5a8a990000000a6792b6f88f43f15330fcf7af6123ae5011881bf036c9112da76ed93a3c587e8497a015aa14f9345ec1894e92c182b096f2b60072b757a95ac7f4cbfd56f8bcddbafda2944021aa955cf75d61bc8e39ba18fd94d34e45e8d6439d5bc568aaef7a43277888cec1d6b07b3e308172d0e4c7adb7344cd63808bd92aababf19c9747f8e3616257cf8e1c019ee9ca42f712dd400000008027fa5dfbd50a314f906d46566f7949c3874f1d6f24020a1cccda5bfa8f835cb9be6fc735d9f3982b3128c827a0484fa12c6377becdc1f2954c056b94d37e2b	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "430043526"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2704	iexplore.exe

Suspicious use of SetWindowsHookEx 7 IoCs

pid	Process
2820	a1c2b4ca12d50db1c7d20466c5326bf2_JaffaCakes118.exe
2704	iexplore.exe
2704	iexplore.exe
2700	IEXPLORE.EXE
2700	IEXPLORE.EXE
2700	IEXPLORE.EXE
2700	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2820 wrote to memory of 2704	2820	a1c2b4ca12d50db1c7d20466c5326bf2_JaffaCakes118.exe	30
PID 2820 wrote to memory of 2704	2820	a1c2b4ca12d50db1c7d20466c5326bf2_JaffaCakes118.exe	30
PID 2820 wrote to memory of 2704	2820	a1c2b4ca12d50db1c7d20466c5326bf2_JaffaCakes118.exe	30
PID 2820 wrote to memory of 2704	2820	a1c2b4ca12d50db1c7d20466c5326bf2_JaffaCakes118.exe	30
PID 2704 wrote to memory of 2700	2704	iexplore.exe	31
PID 2704 wrote to memory of 2700	2704	iexplore.exe	31
PID 2704 wrote to memory of 2700	2704	iexplore.exe	31
PID 2704 wrote to memory of 2700	2704	iexplore.exe	31

C:\Users\Admin\AppData\Local\Temp\a1c2b4ca12d50db1c7d20466c5326bf2_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\a1c2b4ca12d50db1c7d20466c5326bf2_JaffaCakes118.exe"
1⤵
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2820
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe" http://www.youtube.com/watch?v=vsd3g0h_vs0
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2704
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2704 CREDAT:275457 /prefetch:2
    3⤵
    - System Location Discovery: System Language Discovery
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:2700

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
f8782142b60f0833e15bec19f3c90eaa

SHA1
1d40528c604fa7d74dcd2eabddb2f062129ac7f8

SHA256
cdf2ce69f8d4156849121edaa26e1a5c10b6ea89d893974c239ad109a5f76d0a

SHA512
6c1509289c3860983ca0951c2319b33de807417137d4766466552ecbf6b71846fe8252cc1fdff29fe8076e8083e61810f4c2a5682170cd23b78ccf794997cfe8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b6ff866a2456a0cb2a5b68e15fc471a1

SHA1
29e4dded5ff2e3b58d85f37808e9ff9bdcae83a9

SHA256
10d810eaaca2cd947a32f25d07b5386725804a5c996d1650b26233fbc741e016

SHA512
44330d9613175e377072038941e75dff0116ba788fd4b25b3d54771e9f59db3d6a00e839f4805f72207da88ca8287530653abfac9662684a4fb35a4c8e290ce6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d4219d1aee3a372b5ef09b706ea0755b

SHA1
67eaa9c9bcb79c985db7ab746fcc89216e6e9faa

SHA256
4ea650f30a7559c16a0714d95fe06a019eaf387f4cfd0837a5b027e7c78899ae

SHA512
66cb07012d104226e23fcf1f45e36cef88e4cd4ef34a29bbb30fc8e11e72c9481fea5e5791cff53508fe352ccb5be264338c3ccede1f6ee444d4f88e03527ad2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a897fc7efcafb275c6584cfb39340805

SHA1
3a822df7c28fff514af66ca3ac36aa52fec9195e

SHA256
bb10faf67c7b735d3d8e7fc580b57200dc444678932fa698a9a07e242d46a8c1

SHA512
1ac551f696d47c49c02c5012343e6c121544b8dbde88390c24c7613e251363b4cbd1d00da453ed056d6707e922a312fbe854bd795128410a93b7753017f15ce5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c1c2f2964ce08fa1ea5353ccf3a421fa

SHA1
93479a5aa6b2cef3d1691fd8b7d1195c950e5ad7

SHA256
17d40991ff55a2b7d40a1c06603e7d716173a73c30dd7c68636c6e8c43016806

SHA512
e749436f0c892d90b494b012fa0cdbcdd0b9d1f01b0070feb0d1bd57561785e43d7f83e90e8cbbd864659b2905158ba9668d50e7f6f8b326936117949ec45437

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fd928054ac0801a573a1f06f62ae3739

SHA1
c81da3492a7c7055bfcce213fb0dd055c2a24abc

SHA256
7179af6891c1ccd12d80e89a818dfe01be5d8eeb75376e59cbe8d254696f33bf

SHA512
b11593493bb53fc4409e858651cbbde39271e2486cfabe0493e14310be705595abd9af92e98588677014e4a358de71c558f73c2893f9d18403d88634981a873d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d90f94970b692034c93d5755b1149d24

SHA1
21c48e81897d8861494a221682390b187b5b253a

SHA256
bf08b94e992af259742c39f23495262d42fc8aa769b6ed0b9633d64d3028f6e8

SHA512
9033ba390f37bffa19f5c0e67ec0ed52188e1798c3c5953fd0887299441d43b165250dfd42ccb419ba0eeb67956d4110ab67d676a7a2aae1a8c4b434eaa09293

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b903e5eee51bccfbfae24ebefb576bd8

SHA1
fb8f71bef17cdae640bd84cc1fabc392f311e1ad

SHA256
694475e7680e25db6bc20ef89151cd256ebdbf7e70aad1e134d726699261a1ba

SHA512
9bbf86d9bdc4d3a79ecd6bd45d7ed8cb966b05d3b5311da141cf2a17f85eb45a2367e0839b8ff015ba7065c115036291868d013a7b43fc9a1c74dce523e78942

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fd0c50684be4889b2d0202c4fdc8c07f

SHA1
45ddaddcd35e4c76b8a3a85b1cb6fd8d313af99c

SHA256
9abd2a175d917e0d3dd4b6fe9bcea88110ee5029b798d14558363430de19c050

SHA512
397101a0e8fbacc3e0a1363a8cb9deca37951ebaa5a592477815b69aae4458bab279164d9b8c605981340b93753f79adb0682f830394d1ff353d9b897514de71

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
975b8fd0a6e5e8e031f18402e0a14e7b

SHA1
c07af1c57ae855da6ad5683aec752a33ffb7cc36

SHA256
bc018dd2f4191766a97fe6789a7363d3e9be806bca023880b65dad52488fa28e

SHA512
9a9d060b95b11ef2b8fb741c353e45f030eb4ed10c3f30529bf831f0c0f8c4660608564e837ce92df2bb89f685a5f4e2ebacf41e33879dbc9ef6a087a058829c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
880b7283e31d7c5686103f57c2d1a310

SHA1
58686a739a19893319b08279d93f55719a47f320

SHA256
d9629945a7ed410ef26342af6852f3f801f350fa46e19e4035e1e0f64df26e1a

SHA512
ade22d851cd182ac9849030cf86f50a3c87c93c2cdfd9b919da5a662b80c2e7e782bf0bb0e126d98451006256ac1538591e6c61594f102146337d9429988964e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
405fc395264a79aecd44433b2b09696e

SHA1
4f7cfe8676cf0c953145dc9fedc3d297f49ef2a2

SHA256
ba1ab727a650822c239297ee377ece0e98d76dcf30cb3924d743ce95237b6c48

SHA512
d30f986295c0e7352ed296c002f5d04976b4520a04f2d35593a7068f0d4d1d73bbb82c0a304a25fc4e915919b4e828928824c10b5fc4e3ce6bd1568a01150d8d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9826fb5c0b93eb6d89ccb853ca4cd847

SHA1
6c4491ccc1e57b01045a03b369092fae5a878ca6

SHA256
e9f2a885a02c5d66cb2dbebbdde5bcc8c6b1bb423253cee1f5b5460da4fa294a

SHA512
32c23b77018496aa6a8065f2c32f7659412cf4eaf14dc475f9025af5bc66e2236bbed1c808e0a03c70fc1376d878f43e2c1ebf007d6de3a5f8d75b40d8804c4d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a0f5b2eeaf7447a4a5b507561084aec9

SHA1
750c8a160a6de3c76e279adb5357a088a8b2b445

SHA256
7a098a3559af807643a57dc4fc872aa9e5fcc740c6db7297b029ca360e71a780

SHA512
f361b0096a543005d4cd782ff333ba28908378da02ea51292ba81379b7cbb9e78c80bdafac517cadceaab0d469e497fdad7e2ddf7b663d9867f0b761c54857b6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
186fca50a4cd02714133a539f35199ff

SHA1
bdcd5303decaea48a6872a06a04c74cad7cadffa

SHA256
9077dd3b65de6621276f6d3ffebdbb42068f5839c6d0654ee7900f7bfc235ea9

SHA512
fadaf38ca319fb49564b007190e91b3dde622b425e37c31ca64985857c30df9e1d91c1d2c9f6eb2cde8da5c2bff4f45bc4993c6928637072ccf71afcf883e14a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
31af245be87e5f7bbf7f2ac9c5f343bf

SHA1
ae93ba0398e1f61e123f102a2bf389f747577bea

SHA256
21339fa06ec73dfeee89de616120acea83ea94999d0adb7a75bec8446a3c6022

SHA512
9b4c9ba14abcd62f11651dfa44f3404cff0f3ea0913cfb0d531e515b0516ec9b6e7aba4a61ededb71de70298acdcd1e4290bbb99fe01f4982d5873263ad797b8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b8949ce65bb0ef5824f71245c819366f

SHA1
ac89a67ce23a77c9eee6fa64be5797d6ad55d6b0

SHA256
c4e22efa5f29975b0e9e0b4eef0f142de27aa4939ddc178849a8c724e7f3256d

SHA512
d770d725a20ba534b08807e71c2803c7ff80e69f78bf52c2fdc424d7754f7cdd63892068e22b3915f9eb3716128865605994c61f9183086dc50eccabe449c729

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
af3b89aa40af6ea8ed9924e9e4c23d62

SHA1
6c9634cac5d72ac50c9d25ad2f7d3e47f1818fdf

SHA256
f8fed286c46a9e23218ad6e84fdee4136126a46d1d36a8535cf38f83a07893fc

SHA512
5d6d18d3eac9ed2373b013ab3832b9d9996f380c595328935ebcf7eac8a2f0a1a183c019504221b2b3218b2d29b13465b4a2651f1a46855ded6053a5bb2d2e51

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5f729cb1c8d3c2700bf29bf3d4d48d91

SHA1
0d1350e370568063cb1186e3a027d15443621027

SHA256
ef9d4115226d3b176fee82ac00c3b948a439a950c00b6c70a60d1c9a0d891a87

SHA512
343c5bc12533aad519c8ce57e99db625f5ab0f7bbc83d26af49573a6be8c3020e60d97eb6b5e163aaa53854fa78ba101baae7bdb96efbd7e66e6a9c373f187de

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9d00df90a140f6c9ecfb9909217f05e5

SHA1
3bac50cc8bec9633852a8bdf47018c3c23d752b8

SHA256
901829bf8c9819e342fe3a2b0c24657b6b247e2cda63ae0f50e4ad186088bd33

SHA512
58a69f7093421045844a11899750f12b6d3b640a744282ee4ae70c9ae299fe96a54c1a048b506be4206f84492b7fd843befaf50935455fc071ad19f9e8209bbd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8c9cadecef88b558c3bd21d5cd5f557b

SHA1
cef4442b82fa49271b8d07bed38202e404e70592

SHA256
2abf3dd29ddbadf8fed6d981e63acb15308ce7a7fd26f89e1b4dca8f0b4df919

SHA512
76116f246661a55e3374f9faa919d6ed060c82cb211653ea20ecec79800c61e4ffb171b488b0f7dd6c4a8ccb0977fe98c38d03e864b28e133618a736d55a4376

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
8ff5f36181a5d15c27ab5a9146b7dd2d

SHA1
d3cb963e4864cc72cffd48f0e0dad8f59fa0d64c

SHA256
04bce778fdb8e44489b37daf59f3691ee1f3f47fda219010be4d86acc0b18ba9

SHA512
73a4a652304bc44da557f0255e493f2e3825700cd67730c060adff23000b4dbaf90c857d944f11a63cffb1ab9321685f7504669a3eee79644c0277e6dbdb2672

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\85y7ywt\imagestore.dat

Filesize
1KB

MD5
e179d0a34dadf1f73c83f9b1f535cb3b

SHA1
530638332ce623c4cc48b4c92b1894ec82416d20

SHA256
7abd273a1e6db3b01ac4396f8d9ee905e04c073533b960467fee11277c373748

SHA512
b19ebb4735ab16c03af71c12e6e6047fbad7a78d6f1e15893918ce96968519022e2b8aee39bc72dceb4f23d99ff523de71144ddbbe3f8f2f1948b7781bc2a0fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RXRX1VH\favicon[1].ico

Filesize
1KB

MD5
f2a495d85735b9a0ac65deb19c129985

SHA1
f2e22853e5da3e1017d5e1e319eeefe4f622e8c8

SHA256
8bb1d0fa43a17436d59dd546f6f74c76dc44735def7522c22d8031166db8911d

SHA512
6ca6a89de3fa98ca1efcf0b19b8a80420e023f38ed00f4496dc0f821cea23d24fb0992cee58c6d089f093fdefca42b60bb3a0a0b16c97b9862d75b269ae8463b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab981C.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar981F.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
memory/2820-2-0x0000000000300000-0x0000000000346000-memory.dmp

Filesize
280KB

Download
memory/2820-3-0x0000000000400000-0x0000000000482000-memory.dmp

Filesize
520KB

Download
memory/2820-0-0x0000000000020000-0x0000000000021000-memory.dmp

Filesize
4KB

Download
memory/2820-7-0x0000000000300000-0x0000000000346000-memory.dmp

Filesize
280KB

Download
memory/2820-1-0x0000000000400000-0x0000000000482000-memory.dmp

Filesize
520KB

Download
memory/2820-8-0x0000000000400000-0x0000000000482000-memory.dmp

Filesize
520KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads