3af87789919c309e4c12a854e16eaa5732ff63ffc5ee53661e76226010b9c278

Analysis

max time kernel
147s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
19/08/2024, 23:00

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

acef4325c78eb1c16da6bb9dbab78eb5_JaffaCakes118.exe
Size

228KB
MD5

acef4325c78eb1c16da6bb9dbab78eb5
SHA1

b0901aea963585e4c583aa0efc79815dc46e1576
SHA256

3af87789919c309e4c12a854e16eaa5732ff63ffc5ee53661e76226010b9c278
SHA512

a0317b3eb19579d68611f820cbb3770cf2266226b8daef5d679480ba99434fd12640034a321fac771bfcd10aee8bef7b9a1e4b70724e131163cea6329bc3bd72
SSDEEP

3072:flAdaGHvXRrmFF00Pfz/nLpCW1lcAtkdXMcaDAGShp5USLgnyT2QVJ:flAdaGHJrmFF00HJJhSXjO6p7mQ

Score

7^/10

discovery persistence

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\International\Geo\Nation	acef4325c78eb1c16da6bb9dbab78eb5_JaffaCakes118.exe

Deletes itself 1 IoCs

pid	Process
1792	ukvideo.exe

Executes dropped EXE 1 IoCs

pid	Process
1792	ukvideo.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\UKVideo = "c:\\program files\\dialers\\ukvideo\\ukvideo.exe /noconnect"	acef4325c78eb1c16da6bb9dbab78eb5_JaffaCakes118.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\UKVideo-uninstall.exe	acef4325c78eb1c16da6bb9dbab78eb5_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\UKVideo-uninstall.exe	acef4325c78eb1c16da6bb9dbab78eb5_JaffaCakes118.exe

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	\??\c:\program files\dialers\ukvideo\ukvideo.exe	acef4325c78eb1c16da6bb9dbab78eb5_JaffaCakes118.exe
File opened for modification	\??\c:\program files\dialers\ukvideo\ukvideo.exe	acef4325c78eb1c16da6bb9dbab78eb5_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ielowutil.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	acef4325c78eb1c16da6bb9dbab78eb5_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ukvideo.exe

Modifies Internet Explorer settings 1 TTPs 40 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 00cf9fc28bf2da01	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\""	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\SOFTWARE\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "3181825163"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31126155"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "3180262546"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31126155"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "3181825163"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Software\Microsoft\Internet Explorer\VersionManager	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31126155"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "3180262546"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Software\Microsoft\Internet Explorer\VersionManager	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 205996c28bf2da01	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31126155"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000001bc9387f4f791b45af7c7e57591307f1000000000200000000001066000000010000200000007c272f9e36c2b0d885854bc64c4128a421ceefc811d82bc993c0607d650dba67000000000e80000000020000200000006fc9db4cefb2071ba6d2bf9eb96f8e5c1edeec19a3a94e93575cbe335760084220000000aff6bc67d76312cf94ca5155f243fcabcc3d5f49928654b17c7e07a593f1d77a400000005184574da77a48a03924bea74e908c5b7b21d62c171589a79c78a06aa47200155bab29f45adc263a8c59c1e7d99a0a1aea72ac53edc1ffdb0fdbd7a414dc5d15	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000001bc9387f4f791b45af7c7e57591307f10000000002000000000010660000000100002000000012dcb5b3f09ace2bae5ef2c84a21799974d77b705fb068286178f7448daa6143000000000e80000000020000200000001576a358c87f2a27bfc2546feccba5259a6a887e82f18769677c4e8a90376996200000007455dbb4a6a156e95544b4de0c137c46282bd0a580961051af9f54b874fe5cb540000000f8d87aa5a053243fb523d20c19554cdee529663fae440f986053e42721935de3344608187b9dd26f60370732c8e3eeae9f483302fd7fab17af9eee02f872a562	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "430873439"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{E92C9062-5E7E-11EF-BB4F-EE255DF7DB21} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50"	iexplore.exe

Modifies data under HKEY_USERS 12 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\netscape\netscape navigator\viewers\application/x-cnty = "c:\\program files\\dialers\\ukvideo\\ukvideo.exe %1"	ukvideo.exe
Key created	\REGISTRY\USER\.default\software\netscape\netscape navigator\user trusted external applications	ukvideo.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\netscape\netscape navigator\user trusted external applications\c:\program files\dialers\ukvideo\ukvideo.exe = "yes"	ukvideo.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\netscape\netscape navigator\suffixes\application/x-cnty = "cnty"	ukvideo.exe
Key created	\REGISTRY\USER\.DEFAULT\software	ukvideo.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\netscape	ukvideo.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\netscape\netscape navigator	ukvideo.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\netscape\netscape navigator\viewers\TYPE1 = "application/x-cnty"	ukvideo.exe
Key created	\REGISTRY\USER\.default\software\netscape\netscape navigator\suffixes	ukvideo.exe
Key created	\REGISTRY\USER\.default\software\netscape\netscape navigator\viewers	ukvideo.exe
Key created	\REGISTRY\USER\.default	ukvideo.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\netscape\netscape navigator\viewers	ukvideo.exe

Modifies registry class 13 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\cnty File\ = "cnty Data"	ukvideo.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\cnty File\shell\open\command\ = "c:\\program files\\dialers\\ukvideo\\ukvideo.exe %1"	ukvideo.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.cnty	ukvideo.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.cnty\ = "cnty File"	ukvideo.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-cnty\Extension = ".cnty"	ukvideo.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.cnty\Content Type = "application/x-cnty"	ukvideo.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\cnty File	ukvideo.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\cnty File\EditFlags = 00000100	ukvideo.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\cnty File\shell\open\command	ukvideo.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\cnty File\shell	ukvideo.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\cnty File\shell\open	ukvideo.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\cnty File\shell\ = "open"	ukvideo.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\mime\database\content type\application/x-cnty	ukvideo.exe

Suspicious behavior: LoadsDriver 14 IoCs

pid	Process
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
652	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
1792	ukvideo.exe
4228	iexplore.exe

Suspicious use of SendNotifyMessage 1 IoCs

pid	Process
1792	ukvideo.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
4228	iexplore.exe
4228	iexplore.exe
2676	IEXPLORE.EXE
2676	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 4792 wrote to memory of 1792	4792	acef4325c78eb1c16da6bb9dbab78eb5_JaffaCakes118.exe	83
PID 4792 wrote to memory of 1792	4792	acef4325c78eb1c16da6bb9dbab78eb5_JaffaCakes118.exe	83
PID 4792 wrote to memory of 1792	4792	acef4325c78eb1c16da6bb9dbab78eb5_JaffaCakes118.exe	83
PID 4228 wrote to memory of 2676	4228	iexplore.exe	100
PID 4228 wrote to memory of 2676	4228	iexplore.exe	100
PID 4228 wrote to memory of 2676	4228	iexplore.exe	100

C:\Users\Admin\AppData\Local\Temp\acef4325c78eb1c16da6bb9dbab78eb5_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\acef4325c78eb1c16da6bb9dbab78eb5_JaffaCakes118.exe"
1⤵
- Checks computer location settings
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:4792
- C:\program files\dialers\ukvideo\ukvideo.exe
  "C:\program files\dialers\ukvideo\ukvideo.exe" -kill c:\users\admin\appdata\local\temp\acef4325c78eb1c16da6bb9dbab78eb5_jaffacakes118.exe /install
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Modifies data under HKEY_USERS
  - Modifies registry class
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:1792

C:\Program Files (x86)\Internet Explorer\ielowutil.exe
"C:\Program Files (x86)\Internet Explorer\ielowutil.exe" -CLSID:{0002DF01-0000-0000-C000-000000000046} -Embedding
1⤵
- System Location Discovery: System Language Discovery
PID:1728

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4228
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4228 CREDAT:17410 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2676

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\dialers\ukvideo\ukvideo.exe

Filesize
228KB

MD5
acef4325c78eb1c16da6bb9dbab78eb5

SHA1
b0901aea963585e4c583aa0efc79815dc46e1576

SHA256
3af87789919c309e4c12a854e16eaa5732ff63ffc5ee53661e76226010b9c278

SHA512
a0317b3eb19579d68611f820cbb3770cf2266226b8daef5d679480ba99434fd12640034a321fac771bfcd10aee8bef7b9a1e4b70724e131163cea6329bc3bd72

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

Filesize
471B

MD5
93f15508cd4b36df3a93b731aa089d42

SHA1
42777a71786f2a4ae36f9a79b3ed046d4d0a5382

SHA256
302bc8a564bc6b000aa867b0cc7d53b6026137cc50b8dd951a8406b5ea588a26

SHA512
3d46d8a5fa284510f8ea3060f22f08b67e36d126cf4a203fb8e98fa8b0f6372b82187804760033c414cd6132ae340f68b7a94d57088739f3f303d6d9f51ee6d1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

Filesize
404B

MD5
3f1954389ce0035bd59d82316880f644

SHA1
3a56e7878bd58360168b913fdf330663cfd9fddb

SHA256
fbfb97cee111423c5e8a131401b8f07861068e8649345c6146e77834c2ad7e95

SHA512
9b52bc5ee839a7c1f72b175ee4702e8391a8d981917d3b3941c90fd6ad7ba1765555fd2c3cdcd9af0a168457fece0279b6a0499a6000dd9be707e716a1a30816

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\VersionManager\ver51C.tmp

Filesize
15KB

MD5
1a545d0052b581fbb2ab4c52133846bc

SHA1
62f3266a9b9925cd6d98658b92adec673cbe3dd3

SHA256
557472aeaebf4c1c800b9df14c190f66d62cbabb011300dbedde2dcddd27a6c1

SHA512
bd326d111589d87cd6d019378ec725ac9ac7ad4c36f22453941f7d52f90b747ede4783a83dfff6cae1b3bb46690ad49cffa77f2afda019b22863ac485b406e8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\KDOTUZKP\suggestions[1].en-US

Filesize
17KB

MD5
5a34cb996293fde2cb7a4ac89587393a

SHA1
3c96c993500690d1a77873cd62bc639b3a10653f

SHA256
c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

SHA512
e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UKVideo.lnk

Filesize
950B

MD5
7c6f09218660336dfff25b5bfc1f5514

SHA1
4d0f6fed782613fc776868e4b85b169308fb6209

SHA256
1724435619993a4acb01192ff5776fc2886ea0b4213b7c6f045d249f9ee58fc3

SHA512
631075726db88395d84837a2673f71d86289fb3939fd4dd95bf7b0cb79f24549135f6c95384c305a9098b796c15f9136a711099958f3d8db9255e9f077553353

Download Submit
C:\Users\Admin\Desktop\UKVideo.lnk

Filesize
920B

MD5
b99229a6a9e06db7c5fb907234f2568f

SHA1
d1f1b3eaa8d0da57be905c7fedf5d6fd381ccb4f

SHA256
cdaad7df28e2669bd333e62ce968f5b7cf7404786b04af7f49d61b93b9ffe5bd

SHA512
98276e9bda585c302210c549aeceee908f27e616e7b29b00e31b8ddbbc7a9536a2cd9f41e6046894744572ac61e471949e031adcf55695a1f9c3072178c4ccef

Download Submit
memory/1792-40-0x0000000000400000-0x0000000000439000-memory.dmp

Filesize
228KB

Download
memory/4792-0-0x0000000000400000-0x0000000000439000-memory.dmp

Filesize
228KB

Download
memory/4792-33-0x0000000000400000-0x0000000000439000-memory.dmp

Filesize
228KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads