c5cd472b829c614c4c0ffd36ea083829cc6762f5efd65afe9fbd2ae5f11c2e58

Analysis

max time kernel
146s
max time network
140s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
19/08/2024, 09:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

aa8afa8f36da9543e143c392962f7684_JaffaCakes118.exe
Size

144KB
MD5

aa8afa8f36da9543e143c392962f7684
SHA1

43b2cf52c0671d9f1d393fc519c07cb2ef4b0f02
SHA256

c5cd472b829c614c4c0ffd36ea083829cc6762f5efd65afe9fbd2ae5f11c2e58
SHA512

e4d6f3d888a54f0e711307beb127b066dc5401a3235fbd7933edc952c240fd55e1591842155f74900e943f1b01d95b8d0ae7586b6dddcaff25edd2e02df65e3b
SSDEEP

3072:6B7jZhyZJZ1+5z/V+1cY7J1jSJQolyNz+xez:6RjZhysz/o1ntUe

Score

7^/10

aspackv2 discovery persistence

Malware Config

Signatures

ASPack v2.12-2.42 1 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

resource	yara_rule
behavioral1/memory/2624-0-0x0000000000400000-0x0000000000483000-memory.dmp	aspack_v212_v242

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Windows\CurrentVersion\Run\wmplayer = "C:\\MessengerPlus\\mplayer2.exe"	aa8afa8f36da9543e143c392962f7684_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	aa8afa8f36da9543e143c392962f7684_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 39 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Download\RunInvalidSignatures = "00000001"	aa8afa8f36da9543e143c392962f7684_JaffaCakes118.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a3d5a058b71c4645a1a6b8b9d2c7fb4700000000020000000000106600000001000020000000bd06f7a8ebb1ca61131e7642faaf48980bbff6f03bae50b66ae6ef8ffb583856000000000e80000000020000200000004581ccf2d1d9aef89eba2e28526d79c2a1214efe47a44d0e24996ae475f5a776200000007815f107fa440c3d2b7ba30bc8f8a32a8d2489094ef1ce53cc704b9f1626251140000000428003d6d3e4c3a25a7f3fbc90c7a91f0427e953a4b7027ca47316f28c5e892f38a7ea92c49276fbd257aa42aab3b73c36443280a988d031f0c1a1c8c5ac15b7	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a3d5a058b71c4645a1a6b8b9d2c7fb47000000000200000000001066000000010000200000009d577b3771a560418313e05b39255988e45cd48c59a6e5ee35b81046a1a8585d000000000e8000000002000020000000a733124cbc56c8112efd59cf976f2f208bf67dfd3c0f830f78537be07a373ecf90000000e75d22941b281bc1b16833cd3f85447112c722a3f0218ebbc27f03c534df669b56cd1010d09d4f743074f87b7af21d9691ed3c20a3e6c4f7626f944f5636dffb2c41fb93371e06c3406586671f028ab1299555f16b878891b6c79b544a44e0aa1073ccb4fb55630b9a67715f62bc9cef79a9ea68685b0a7d9df90fe4ee93f41e02df5780692abb89e638fced46a5ecb74000000088d79175bde79377a46662d61ad466abf0feea881deb5cd695362e60d8fc3e35f310af9e4e4bf763924a6d78fa5976dca2f3e1bde22e6cbcddd7e7a9bab2e01f	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Download\CheckExeSignatures = "no"	aa8afa8f36da9543e143c392962f7684_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{81FD7D81-5E10-11EF-B557-C20DC8CB8E9E} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Download	aa8afa8f36da9543e143c392962f7684_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "430222914"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 60ecbf571df2da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2676	iexplore.exe

Suspicious use of SetWindowsHookEx 7 IoCs

pid	Process
2624	aa8afa8f36da9543e143c392962f7684_JaffaCakes118.exe
2676	iexplore.exe
2676	iexplore.exe
2752	IEXPLORE.EXE
2752	IEXPLORE.EXE
2752	IEXPLORE.EXE
2752	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2624 wrote to memory of 2676	2624	aa8afa8f36da9543e143c392962f7684_JaffaCakes118.exe	30
PID 2624 wrote to memory of 2676	2624	aa8afa8f36da9543e143c392962f7684_JaffaCakes118.exe	30
PID 2624 wrote to memory of 2676	2624	aa8afa8f36da9543e143c392962f7684_JaffaCakes118.exe	30
PID 2624 wrote to memory of 2676	2624	aa8afa8f36da9543e143c392962f7684_JaffaCakes118.exe	30
PID 2676 wrote to memory of 2752	2676	iexplore.exe	31
PID 2676 wrote to memory of 2752	2676	iexplore.exe	31
PID 2676 wrote to memory of 2752	2676	iexplore.exe	31
PID 2676 wrote to memory of 2752	2676	iexplore.exe	31

C:\Users\Admin\AppData\Local\Temp\aa8afa8f36da9543e143c392962f7684_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\aa8afa8f36da9543e143c392962f7684_JaffaCakes118.exe"
1⤵
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2624
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe" http://www.youtube.com/watch?v=vsd3g0h_vs0
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2676
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2676 CREDAT:275457 /prefetch:2
    3⤵
    - System Location Discovery: System Language Discovery
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:2752

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
5622eb22e26ad4cfa080897c3a4a7403

SHA1
190ca34eeb7adee4c1293a3f5dc731977bbca708

SHA256
61af19d952681a0a551f82d5f6e251acc494122cdc1f5e1f36baeaecd1e25aea

SHA512
077d8e78211ff8e764fe3f20b6dd4008620de6dca4203a1cfe9802e398990ec07e14652ea30d194a78ac0596d4b1b19f7be15705a35903125b6f46a564817ee6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bca3215eede71be8df4e32adaf05371b

SHA1
5290aee45163711b8a286c06638e11aa11637492

SHA256
4e4fa839ce67dfaeefaf022e35af5a044bda89c1c5da15825bbbafe48dd5795d

SHA512
de5754b76419451c4550c699536eb974418291e630f6abc2898d61322d4ec0fc407160cc864f6b26826226a4db5949880ed0a2a2f013f6cdc1d13d3f647abfef

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
505f4d10322d7a9b58c6152853e78b04

SHA1
a5b2624dcf2068a41395d617aed2d0c51365bd46

SHA256
77940a42b372c4c4717c7a44ec93075cc572bcd18b2c03997cf9c9d0bf7e9437

SHA512
71e24f91328f1ddd5aaeea0a4240ed66aad308739ad8b96f60a40f89e9a4231aea180d19abf557bed6ac0a6223b1607ce8f9c59acafd3103cbb46a9af3d02c8f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
28ed6e28c367ee5256036a6a7e77a01c

SHA1
2fad8ebf1324a0b851d4c1142a4a849c4a0b784a

SHA256
fe49fbe154519c6530587077c3ba27ac6a1de565bc9edb85c23e0394d39322a3

SHA512
d9b74a04398c50cc5fd9991da772583985ec588d44bbc25e2972acf4efa9f0439ed836208c184e99b3e6b410ee38b8b619f1161182dd242b147c27cf28fc33f9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b707ac5dc494bdb33ed71fd3deed4668

SHA1
36c3233c4e0d29e5e35705d4d5a14cd247218858

SHA256
e76b7e8c86b5345dead240baa825c97ceb64f68bf82c7e0b55421bba1786609f

SHA512
501674fb2a8b0ba3c14368fb4371b66c4e34bfd42793a4c5b913bc8f0f054a9e206c8679fe7a680fcee47a3c3ae05d492a4d0b4ae0c100fe29119640f23e71fa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
93ed15d05a30102311a236d05d8ffc5b

SHA1
dc826bd95ccd89148d803ae3e761dd0b617de734

SHA256
9ec9023297a13acebe0b0c3c2e673cbcc1345234851c0640dfeebea750d30bb2

SHA512
2514540d34a5d42b4ea8f4c3f2ca52db082570ae65b542f43c2439051e5d7bf57bc45277b361e3e43c0dea4bd956e5ca0bde169f60b78c364bf482d7f9390cd6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6ca920c3f1ac6e912690c51a4d7dd3a0

SHA1
5970bb331937e82bc130521731d22470a7a8c1a3

SHA256
fa281d43538b0afcdc5ad1d6bebe995f4decc6b0483bfd33a345d46fb78e0018

SHA512
5d6b0b187c6e315de511ed76c46c82ea1fe5c6635e544e5e7ad7260ae7fdee790cd2055746711cbca357ce57bd8c2303abc4f1381af4e52cb6d8185e4ef97684

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f4a37372c0f50a13a41d7873f06d5a59

SHA1
8c151161908b3f05e14da9c5a6f0dc46304d2424

SHA256
56fee9ec2b63ada02340b1d7aa3ecd0d6ce2a7908d7e758c474720e0f25b7775

SHA512
0b38b70aa9934653663bfcfb22b3fc4d12f23945b7d25bb6829a589ec4d825fc5ce975941e4e61319af4b82c21d105d6ad6e27df54bbd3efc6bc8619d6a8b9b7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
aefba7869430031a03ed9fb91fd64692

SHA1
f3fdd41a87b3a910fe3eb22649e46debc9e6a13b

SHA256
21b9cf31b65c0b545a7fe0b404e743560778ab6bf53a3e6dff47f0b6ce4ac3ad

SHA512
554b3aa46d19cc4053c3979951f5f64a02ce9dc0e5fd80221958f84b746d9e78f234827e7346ed06e61237af42a9d2a0c034da512b048c397db7ce4671c1efab

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6483668a3b5685c426b141f1211df1bd

SHA1
a03e3ac622f7159d875db188f84f1d9fadd09f37

SHA256
58ab0e772c0add9e3ba437e8514105d30716f53a729433cba0697a0075550a82

SHA512
d9e13c27af7835decba9f51676dbd98b83f656e9678f36a2d193c25ba19b0de320af0fb3ccd8765219e4e1e697dafe9c4f7ff7d14206390fd7ffc45b1c2f6960

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6de2685936becf6546b22a988508d097

SHA1
20a66e669e0f88a3078b4ad2d7ed79c4d65bc1fb

SHA256
aef0448d2bbef8ef1885a9b4d032973ac9261180ff89e06c674bb1d9192e5357

SHA512
4530dd6a50b7e0790d704f2762734307d32fc0cc44cfdc6a2d597e4dbc7bbd5eb2e200ce7ba63da7885c9a8311fc7674eec83341b2d06ab1947ac87aa979cc41

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
322cc8ed0f8a74d8889b9aabf6a4e1d5

SHA1
ce28f13fbd15b99bd4c4df67dc66c01b86363d9b

SHA256
2c61bb2df2fc12c34b667f9028acd9aa88916d5af19695af28baf19bcc9cf494

SHA512
0b51bac3ad2e472d7f51c50aa2dba715daf49a24a28976aeb68f22fc602e81d0f746d3a3dfb5ed057de7318a744a10835f62d5bdd2cd6b00b456aa749791b005

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
902f7d489f120d83158eaed3e19ad3e9

SHA1
a1230a8424acc6ad544c507ccc675ae4da12e45b

SHA256
9781581cc635f4d58aa54ae44df1ec8c7a7ba4dd20a3c616913c3ccb23a5ac01

SHA512
5b2e14ff39dee8816c0bb274d0da5822a64dcbbf0334189eb8c3805e248a14ae315645cec37ce4dd5d077d603d753260ca08333d2f0d80298d31f9168156411b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7c32cdede3abfa9cee8b4a79d9083da9

SHA1
6a92198d42cde85374f95996d898279e7d87e7a9

SHA256
82a1df3f91e695a1b095c5795532b17bcc784c65dcef3945158966b9729d40cb

SHA512
ba91974e599ed105c28faf8c833137c453643b1f9f35246b26bdad090d24bb08bbb76356f35fa8d79b4aa900f975b3257ca961ece9a96d79557983ce938befc4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ecdda95069d766dcbe6f0e8ded123590

SHA1
aa3ef0859c5b705e2ba28b23125f49246a85a4b1

SHA256
434140f08d108fed9e8e2abb3ce2fcc7d2cfa1191f1497d9595e3f7387d0f88b

SHA512
4532ad924629c19e510e2e60038097f9e052dc483deae1d3f5a3eb83e84475f2b7e1e412a20a6791dce53ef6691596c0266ce32240998c3ef12c0d53508daeba

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
028d07159ce84a1a3df2d7cd25e7f8bc

SHA1
31aa3521a5cc7fb04710fd62c93d861cccf48e65

SHA256
8c3a3ec7b11a858cd64ff8a67c74a91f7b9a14b02f285a32830aae3356d0e4d4

SHA512
71ae68b9870ca5527dc03171517e5ac283e5ce6baaf6ec4263cc093c6f02f95231ecac537b3aaced42dcd20febf314ec2a870bf7cd5d1eb0f5c2f001dc96d972

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ee6d6643f7d7d25c77eec30a8008afc7

SHA1
8545ca2c6062e36caa1e427d0d1f16b4f49aca26

SHA256
63f794665a7d6252236dbae5a3d437ae331ba71e702cf565cad1f21ca826b14b

SHA512
a101aa2c701035cfffeebbd97e5fd088de42d22d4189967a70e154a7f64ca1c0605cc0b7cfcaca0fb83b232c5b4bb517e7b943f627198a2cfdfce0d4ca8d4c3e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2bc14341ff181459cb2c3221c8c907ff

SHA1
f2400d17da642b8c46402c9ecff769bb5b4addca

SHA256
69598459cb9f9303ac13ffe18c5fb45b74eb5f1633401bd4b44f9bd145fc65ab

SHA512
a52605701451aedbb9e75b1e73ccbe4d40d5527cb57d777d71d605aac23c2270407c65ddd37dc7338acc7990005c805a2d3e15352bf2da3e606e903f757daeed

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ba5c5a626d96c7b64df9856b2eb3b6aa

SHA1
3d19f1fcd2cbad86b4437ef6aa123b57cc75c341

SHA256
fded168536addef2b0d1d73d386f83c4582830e328f958265fff0bc5178efb29

SHA512
79f3e8a6b74abd40fd3bb5d7391a3a03632b30e89c534d49bfac67b7b66603d202e7a75f0b8bd45421a39a3a4f5fbcd15373a09f8a994ed77a3ff1604cc797b5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
83f6d0b670425153c89924530ba45945

SHA1
d99b85060c45f4c862284875e53dde74aa7440d1

SHA256
6df969b03bc7e7dec7d5027696a7cb6786027ac615a5f6a4249d334f93c7c5eb

SHA512
3ce5da625744a0ae6e27c8b2995f6bb5849e04b95bdf40c58d873bd4c54c58ffd1c87230ca2d3558a3c7b28be00b338c372e3a3dcfdc648c60a950c013d8e42b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
02d53a2266502df505891ce2a6475450

SHA1
61bd8c9eb3a21fcc7103d4e06d4b33bbbf32f93b

SHA256
002c30d46d0735873111cf3c2ded925b526ae9af5f8a73528a558eb3a4c3c084

SHA512
78e16c8b4705eea50b5ea791c5c9dc3bbfb0a104fab9ebc6a559148491ba38735f9f2e92513ea3fb2672e959a7c929b89a096e746b42f0236bc2f333bdc853b2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
bc6cf03773ed08b0efc38fb049c221eb

SHA1
364aa55cbbd29dcd20bc1800be1b186e9a63e465

SHA256
ddc538f3828e7027ff2cc7eb4d0aadb7ea3d6f45564a7df39956b3f72f8b46fb

SHA512
b9627d5592b23c1eba950326e5850afc13e1a53b009227395311e452ef22cce64da6f48a8c79a78d442a55b61bcff9c121182c4db28122d33c588f7fe9ff2644

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\0qn8gcy\imagestore.dat

Filesize
1KB

MD5
94ab4fb3998e5769f6f260b940e8e049

SHA1
bcf36b38f7cb91cbc017b9bd1ce6abbede51c837

SHA256
4714e364485d1fcb1170d3282daef111df85bd08e12c54cb62818dee58071971

SHA512
7e19728bb2581062f99be8a2b3f4bed0762c61e5778509bc7bf3088b975db85b1a3a915694a2c137893af3cd0bb88880a088024af1a7e5bcbf0c418af40c0841

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\39GEHZPO\favicon[1].ico

Filesize
1KB

MD5
f2a495d85735b9a0ac65deb19c129985

SHA1
f2e22853e5da3e1017d5e1e319eeefe4f622e8c8

SHA256
8bb1d0fa43a17436d59dd546f6f74c76dc44735def7522c22d8031166db8911d

SHA512
6ca6a89de3fa98ca1efcf0b19b8a80420e023f38ed00f4496dc0f821cea23d24fb0992cee58c6d089f093fdefca42b60bb3a0a0b16c97b9862d75b269ae8463b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab8306.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar8309.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
memory/2624-6-0x0000000000400000-0x0000000000483000-memory.dmp

Filesize
524KB

Download
memory/2624-3-0x0000000000400000-0x0000000000483000-memory.dmp

Filesize
524KB

Download
memory/2624-2-0x0000000000280000-0x00000000002C6000-memory.dmp

Filesize
280KB

Download
memory/2624-0-0x0000000000400000-0x0000000000483000-memory.dmp

Filesize
524KB

Download
memory/2624-7-0x0000000000280000-0x00000000002C6000-memory.dmp

Filesize
280KB

Download
memory/2624-9-0x0000000000400000-0x0000000000483000-memory.dmp

Filesize
524KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads