06f5cd1518655aba2986f6210b7c91b20d7c3b32dd51c764a650088f478a2151

Analysis

max time kernel
74s
max time network
134s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
20/08/2024, 01:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ad75dacb4181fe8165d3956357488324_JaffaCakes118.exe
Size

79KB
MD5

ad75dacb4181fe8165d3956357488324
SHA1

f75f2bffae63af235102bb76dde167d6944a7c3f
SHA256

06f5cd1518655aba2986f6210b7c91b20d7c3b32dd51c764a650088f478a2151
SHA512

8d2058ef0d0085d5b4a435a8a6f9f06bc7633a6597e6eb9e9ddc92bae5f8535af4c0b139ca62fa9717f6c157a352af130bf46bb82db330d8cc35cbe8bbae87ce
SSDEEP

1536:N8C0iWEpRMhmPfRSqxDyLOY4gO8J749PMkR5LipWF7X261Y6u10nouy8H8BeaLCk:F0iW18pjx3T8tkvRhipWFP17outH8BHZ

Score

7^/10

discovery upx

Malware Config

Signatures

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1720-0-0x0000000000400000-0x000000000042B000-memory.dmp	upx
behavioral1/memory/1720-14-0x0000000000400000-0x000000000042B000-memory.dmp	upx

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ad75dacb4181fe8165d3956357488324_JaffaCakes118.exe

Modifies Internet Explorer settings 1 TTPs 50 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\DOMStorage\gotomypc.com\NumberOfSubdomains = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\DOMStorage	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004ecca440099c424d92937bb9b1db2c92000000000200000000001066000000010000200000007d0135142686e85e18dd04e89ad4d4fb9381ed8e7fbf06760648ea0717c845e7000000000e80000000020000200000006fe4584632be7a14d5ab3b1e45cec1f682e994dd2e26b12304f93f918d705f1890000000875aecc40307b8e2eaa65f16c0443432dd305f72edea37fdd87b826a724ae9142a4a90d59fa5701aeb7bd7f08ac884306998768d525a4537eaa35afc5a01bf529cc36670d8a9027d38f0bd81400418130a7fc460a6400cf69cd8ded43955ba66b632aeb9463eb3b3493aaea223499cc7920e0621eb5347ba4d131e0e59918d2ec217b412e2d30a8ffd62316d1105fa6c400000002e8d7bd2ae4c839c7c16cb80b4c0588cd0628a083cd00b2b7f67db6eda16a8f4f316a157372ac8cac48eccacb5032af4e88c53d228e30bd3739bb61246836dde	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.gotomypc.com\ = "9"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "22"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.gotomypc.com\ = "22"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "430280894"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "0"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\DOMStorage\gotomypc.com	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 20da4056a4f2da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\DOMStorage\gotomypc.com\Total = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.gotomypc.com\ = "0"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004ecca440099c424d92937bb9b1db2c9200000000020000000000106600000001000020000000c3411e9c869d854b3be56f00d665c6232c05d5107c2cd794b814e140cc70f056000000000e80000000020000200000003da4d4d4ebe210dddd101e99774036781dfdb0befb89a9d42b4a19bdd3e6adeb20000000c9ced66e387604fd080defcc81ca7f7ec6d1b7e840d82d81155a29494bca44b0400000000a8e4e2475b2de2d695f9d7142d4ca09151128fb5dcf1f59502dc0ad0bb356f5c4f32f68e9b492f036dfc0815685331e5d553fcd04e406e7fae74234b3000453	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.gotomypc.com	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\DOMStorage\gotomypc.com\Total = "9"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\DOMStorage\gotomypc.com\Total = "22"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{80BB9B51-5E97-11EF-9363-5E10E05FA61A} = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000000000001000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "9"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe

Modifies system certificate store 2 TTPs 2 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436	ad75dacb4181fe8165d3956357488324_JaffaCakes118.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436\Blob = 04000000010000001000000079e4a9840d7d3a96d7c04fe2434c892e0f0000000100000014000000b34ddd372ed92e8f2abfbb9e20a9d31f204f194b090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000003de503556d14cbb66f0a3e21b1bc397b23dd1550b00000001000000120000004400690067006900430065007200740000001d000000010000001000000059779e39e21a2e3dfced6857ed5c5fd9030000000100000014000000a8985d3a65e5e5c4b2d7d66d40c6dd2fb19c54361900000001000000100000000f3a0527d242de2dc98e5cfcb1e991ee2000000001000000b3030000308203af30820297a0030201020210083be056904246b1a1756ac95991c74a300d06092a864886f70d01010505003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e23be11172dea8a4d3a357aa50a28f0b7790c9a2a5ee12ce965b010920cc0193a74e30b753f743c46900579de28d22dd870640008109cece1b83bfdfcd3b7146e2d666c705b37627168f7b9e1e957deeb748a308dad6af7a0c3906657f4a5d1fbc17f8abbeee28d7747f7a78995985686e5c23324bbf4ec0e85a6de370bf7710bffc01f685d9a844105832a97518d5d1a2be47e2276af49a33f84908608bd45fb43a84bfa1aa4a4c7d3ecf4f5f6c765ea04b37919edc22e66dce141a8e6acbfecdb3146417c75b299e32bff2eefad30b42d4abb74132da0cd4eff881d5bb8d583fb51be84928a270da3104ddf7b216f24c0a4e07a8ed4a3d5eb57fa390c3af270203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041403de503556d14cbb66f0a3e21b1bc397b23dd155301f0603551d2304183016801403de503556d14cbb66f0a3e21b1bc397b23dd155300d06092a864886f70d01010505000382010100cb9c37aa4813120afadd449c4f52b0f4dfae04f5797908a32418fc4b2b84c02db9d5c7fef4c11f58cbb86d9c7a74e79829ab11b5e370a0a1cd4c8899938c9170e2ab0f1cbe93a9ff63d5e40760d3a3bf9d5b09f1d58ee353f48e63fa3fa7dbb466df6266d6d16e418df22db5ea774a9f9d58e22b59c04023ed2d2882453e7954922698e08048a837eff0d6796016deace80ecd6eac4417382f49dae1453e2ab93653cf3a5006f72ee8c457496c612118d504ad783c2c3a806ba7ebaf1514e9d889c1b9386ce2916c8aff64b977255730c01b24a3e1dce9df477cb5b424080530ec2dbd0bbf45bf50b9a9f3eb980112adc888c698345f8d0a3cc6e9d595956dde	ad75dacb4181fe8165d3956357488324_JaffaCakes118.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
3008	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
3008	iexplore.exe
3008	iexplore.exe
1264	IEXPLORE.EXE
1264	IEXPLORE.EXE
1264	IEXPLORE.EXE
1264	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 1720 wrote to memory of 3008	1720	ad75dacb4181fe8165d3956357488324_JaffaCakes118.exe	30
PID 1720 wrote to memory of 3008	1720	ad75dacb4181fe8165d3956357488324_JaffaCakes118.exe	30
PID 1720 wrote to memory of 3008	1720	ad75dacb4181fe8165d3956357488324_JaffaCakes118.exe	30
PID 1720 wrote to memory of 3008	1720	ad75dacb4181fe8165d3956357488324_JaffaCakes118.exe	30
PID 3008 wrote to memory of 1264	3008	iexplore.exe	31
PID 3008 wrote to memory of 1264	3008	iexplore.exe	31
PID 3008 wrote to memory of 1264	3008	iexplore.exe	31
PID 3008 wrote to memory of 1264	3008	iexplore.exe	31

C:\Users\Admin\AppData\Local\Temp\ad75dacb4181fe8165d3956357488324_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\ad75dacb4181fe8165d3956357488324_JaffaCakes118.exe"
1⤵
- System Location Discovery: System Language Discovery
- Modifies system certificate store
- Suspicious use of WriteProcessMemory
PID:1720
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe" https://www.gotomypc.com/members/connectManual.tmpl?ConnectionKey=1185737466-ca7a72c1e2eb3593b15a4f0c4012cb4e&FullDL=true
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3008
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3008 CREDAT:275457 /prefetch:2
    3⤵
    - System Location Discovery: System Language Discovery
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:1264

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04

Filesize
471B

MD5
cd70f9ee6afbddb18e7920f8c57c6362

SHA1
3125e9f15526d718f93572645a4712a39442abac

SHA256
f4bc4b1b735be48bb55d4a2465df85c97314e1e347c6e8e43e39e197b1aceeea

SHA512
979d0b5bac76920929d80b4efd142e622ab8aaed2b232959da57313c7cde73e27633677beb0dd8bc1462d114c6e856fe666d6adbab796ceb008f6e8bbb09f37d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ce87b81e9892e49fa24cf8b59826b949

SHA1
9d11041022d0541a9b338feb3b6a20723c477f0e

SHA256
a62c6915238c6f9a6dc2d1a6f41d07b6790ac8cb38a83f49c6e888093804752a

SHA512
4648cb89fdc24082478ba6cf0bca151705ede677d943c8ad8ae2cb86baefe04af95b9370bd2fe5104f93fb21207ffa4e973cb04aac61c5b96bc1c65dd58a8594

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3ecff64427d45b14bfb07365f1605d3a

SHA1
3bc08b4b89536c75c8862ee3ffd9933403fca703

SHA256
d19c3a3add94f5ad2052424b0a5099adeffc10b8a02f8ef60f1c130f8b3184d5

SHA512
3391b614cc2f089ea6f62dc708dbfea90e4becee636c1e87d737cf4e2692863b6c8b692dfa4e32af1bcf99bd03fa5311eb0a3c7170d5cbdcdd93eab7383ec9c4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5bb80b3d1fe8aadf61c5fb30d74a9c0f

SHA1
ecc544ae6ce618bb61817aee25275b08e1214e87

SHA256
812b2c2864544c0187163bf3e420b43d80652c3f4dc352c5d08605744163d964

SHA512
bc07d60e96a50ac65a6b3fd775a7fd29645de20b0529c0d02a6dec5095eb73fbc77c81804edc6cedb6eab3c0a951d36b8c1030eda2e6f5b1d4d404cc15925502

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
792e94332fbc554b9395a8ace093f0a1

SHA1
ced4847e54814299be915d6582d9d3de69143796

SHA256
93daa81567e7b95ba1a8ed120dd18831d826ee2f3e9c90f99ece50b1fe40d878

SHA512
2e73929a5065fc549ba2286dad6e2ab8a818bd63bee28e23449edf3929fd1e7405f3841be2980d665c9b3074048967f8dc6b422c537e163453ae6ecc6c100a9d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8ae6620916b925a482aee899daf3101d

SHA1
5a9af785843c87b81d6ed6df659bc2e3c68533bb

SHA256
4d4ab7c5b10d09c2bc32bac9f48a0ef3775ae830b7209539de4a8dcf34a80f49

SHA512
8fe6e61d2545234b1b058d02445fb62f382febbd0b9ce540a45ecbf54af5671cae8b0bdf3220544deb15f937be5fd8e74af5e965879eb5d1a4df2a222502c1a1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8179727d64d43aaaee228082d46cbce0

SHA1
28e47d0eab3e2d9dace2893e382abe03e0283ecb

SHA256
96840d0c384bab676be79de3074f7fdb191c1bedb85aae142990182277c78734

SHA512
02f66dbccce3cf12b1b4a0417c0830146db6d81b6cb4492ba2515845e45672a0acf7105c3b65e82bb2b10db56fa408722e5de5f0a65f9626e17957873ddec01f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e5ed969894b37d3dfd83d7036ca2ac17

SHA1
dcbe8ed31d129a39ab839813bde68f9bb157cf14

SHA256
05aa569faa23ca087e3a38168e990e7b3e3161d03ce3ec999f071cd3c1d6d8d2

SHA512
094f62add0bb95f6c7058152030b109dab75843cc2b03c7f943d552208eda4db203cc82794791a5ff063f23b3e92d4ec33fa25a91008c13e8bba52500c5cafbb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fad578c00d55caee9cbeb55e8a7922b8

SHA1
192bc2276510a6d4b36e41b7cc3e8f273a1bfb10

SHA256
c32db6042aa3ad9d7193fd4a07e368250bf63a21db903d773f695f95086af84e

SHA512
effeff956d1e7e133384d9445de19adcc29d6e2312b2a8eadb34d465e716bfe994c23b1957084f62d5569e6c3e6aed8134b53b3a6e6a7e195061d6fa76770f88

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fd2e9d0f4eaa9ac3e7b47753075de80e

SHA1
9579d6b10c2e8e5400e3318448b64741b54baea3

SHA256
991a2dc38208936fa45bd482a71f9fe22339148c18e5c277afcf2e777a6a01f5

SHA512
3caf737f7dfae0400d2214b2e9a94e7cdf19dab823087cc493278902a4836e4bffa89155c0418bdcfef6623fb759209b9eee315bc696b06a33d228e9017945e0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
390ff789db26feada01da2242ae0cdd1

SHA1
6d03ee67d88f98b179f31c12c37c74f47da1d71c

SHA256
c51601f18ea85833fba31f19cf330d9a07dc105e7a71e64f91c0bf33ff2162bb

SHA512
168b6bd9f0b492757307d01545d73cc02fa0be99a0bf85aa6678a7385870078fe1167c589d2157cc760df6969b6ed035c7f0bfd4bca06c7980e8b1d00744f058

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
de33aca6fee5b0304df789bab2213bfd

SHA1
1a3375a1cedd917a647c8e0a625f844d34c4df4f

SHA256
6fba635b88f2d455ebeae2f0811708c97f8e7b1b5cb117ba75e003c18a03d586

SHA512
cbca21008a0555b0e329a7f36d23f731bd56358899eb15df10cea9aa893d6bb6303f08def85e47c4637ac49c31aa88f923aff5d6c737c984fbc9fda1b69cace2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d3763b6e0d993d8afac65902e6af0f18

SHA1
d21b26a4c8584d0f1397a7e40a11eca2aeb38c26

SHA256
32d1e922c1f9214e38941adc7aafd420896fa7a44d8eaf4b4a338811fa07a51b

SHA512
c4fce779a7478d80558f7f4245689786d117f3bbe60ac2d79c1d4255f3c148fc991343757aa8cfa188ec9ccf361ca53caf4a456b60bb61f3add8ea746644122b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9fcb5d67b3648da3bac57e85d48df08b

SHA1
a65eb58c84dbc509faf8887c3cef1b5a8bde4ea0

SHA256
36a7b33fa2d5b96c865590fbdd0f6317ff9be83d49ae9b2aea80257895fbe708

SHA512
1f0525f061ccc734843e08375125bf54465dbc8ea32fb01f055419272ddf729a3ab78fa6261f7dbcd68fa2c43d93d30838852679318e0068c9c0d672438759e1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8fc439805fcfb751b3b62cc98f992fb9

SHA1
5b803cbbcee5991f887356ff28c2a2e72b5855e6

SHA256
ac371a55316b9e64cfebdd3509509d096e06d87b67e07934940e55da5f427118

SHA512
66f16e28e3b892abf866d248de9e9335faab9224753b2254fb24f90678922905e9d8c3aa10521ecdc0ff575c9e4dfb1f7669f3e404677c0c01a091cce7ad510f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8cebb997593f81a4a98f635f8e5f68a9

SHA1
648191d573517debe0419228d71b1f7e279fc374

SHA256
636e1e306c5d73090d5ee49053c7a676e04c74eb0d9b262d9e1905b9fbdaee27

SHA512
43d9463594318ee96c917324e4cbab1883d53d97eaecbbd944ec0e57b6c9c3b88e04f7a68c5af3ee145708da22998d97a9ac827c98df36533faf3d42ad8dcd00

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c175250da488650fb379a66a2b6925c5

SHA1
199dbe1c647b66245a8a0968fc09d2e03d44424c

SHA256
5c314eb2ef844d94ea0df50e74a1df6014ab02818f01a87fb02e01504b36b202

SHA512
079c70fe979fb650fd0067e7c5f9ba19095ae8f476881d870cd10e0fe6e2efd6f434db9d2ab114792ae025fe3f9a04adfb808f6754adb2e3075ad1321e1ad3c6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
231e59568bf3427eb2e54fb785d260ce

SHA1
caea89464ee87257f5b245bd06d4915ff920d75b

SHA256
4da3e58afea6ae3376e769b9942afa4872790f62d4d627e3a5d0d31e2fbf1cf3

SHA512
c6ebabb6c451adcaedb2a8d17bfa2c89d3897ce4b43395c91f2c059ce38aa591592b5bdbb9fe9ec9b4b203f31b3860ad53e5cac5347ab3f4ab9ca5981f4e9b19

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d67f53ac453746a33aabd3cee168fd6b

SHA1
e030f8804016bbb7560e6ebb0f139b051d1d51ce

SHA256
f39c0198c78eb1946a59702e0bfa9d54d2e33f31479b2f3a711edd47459b8811

SHA512
6c9e9a38d2b7ea0dbfdcb225e561ce8bdaa48850ccca6c60984b6af3aa002202b3e9a085a3fb6436d32017055073ebb1f164d13469a6634e546255e7bfdf6271

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6d4a03be68d944a0aad93143f5065219

SHA1
9f7c7616e7f65bc83573ebd16264a51fa114180e

SHA256
f3bfdab5bbdff86a2d5d476a338c294ee08bf47433fb5b46c2766f6f565ae4f1

SHA512
5d627bdfec3d098d2103d263f501193c231a1ca0625c7dbe066fbdbd6b0b347ed361cdefaff7b36ed9b7705a0f702175837cd76058b78398d392a47f600791de

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5fa2dd70b594f925e33eae203e3571d3

SHA1
c9cba69da0394a8a752f275fbf8cd724f1fb7596

SHA256
e5f58a842a2ca93fa7b193d91007554d688500580c4acd70b082f6e7b8a67597

SHA512
99456af7f197a34b5f5c5e7bc0973c0a9b8652eb02f9fb3fbe53d02f79a651b48c6e92abcd8a33d13b91a8a20d427e07592726ede76970e7fe09f0e760adecd2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
97608d7e466813e87ca590b556c9caa8

SHA1
181bb017e21e30dd42f53def91bc710d3e68fdd6

SHA256
42b8df3099fc3173b288144e732242e89a835006776248d00a6daeb39d788797

SHA512
dc85926104a79415f9ddd7122048baefb809bc17f61b855c9980caf6dc1344a423da1b6d4e56b27cc16b61e8f5976f32964822bd215c35264bab741514d18dfc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e056b524e93ab85b8523cbec3b455b66

SHA1
7a85d56298a883b48ec6b5c2b2bae37b0d49ef5b

SHA256
48069e2650449e8d7d0969e7814bef3a5653c9bc1b70d079c8656c3040c3f577

SHA512
3cc627235bd3e82223dff61ada22d42b354575a70bb13c9b642b8c615591113324c11ef0b0b18f88647ae064b5f389d225114b6fc01416e2ec5b88f9ba2b3d01

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e88813eb74e3fe1dcbc6fae9a9736ffe

SHA1
0a9f10a979850c3ffb682ca290863352ae22f20f

SHA256
61861bb6ece9862e10b9fb46008f46b879df0f57e10c442256f30b99dcf98eb1

SHA512
c4f8d8bcfbfd42292210e94916c1892d677191e7dda0713940afe8b5d2c57c9cc290384c4a136ba219b312da3db7cf5d3c24d5557339113df8bf7a8066f5b157

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04

Filesize
400B

MD5
ed9db82ac57dd147c9eb2d15ae1108cf

SHA1
3cd4733a674abfcbaf98b357aba90fde6ed03e05

SHA256
f20ecc1861312d458157e6b787a5ecf8f949ef32a8bd672171ce169e7f510dc0

SHA512
bff485f34f5a45fd7922e5b9526167798136bbc1c4f69b6c494d2f29d3a48a585e7a8b5752fa9aaa0a9fd2d14719f598dd05e32c216c23e3a8a0ac4de51c6d94

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\VI8TM05S\www.gotomypc[1].xml

Filesize
13B

MD5
c1ddea3ef6bbef3e7060a1a9ad89e4c5

SHA1
35e3224fcbd3e1af306f2b6a2c6bbea9b0867966

SHA256
b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db

SHA512
6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\t6u9s4b\imagestore.dat

Filesize
4KB

MD5
e61bbd3cfc23f8846cd8f42849d1c29b

SHA1
08242c639fdf26ce1e24e6f64fd87327bc4ffd26

SHA256
f95c8ef04ee473bfc325c7ba25958659d636b54588fa71e9c779b6bee475760e

SHA512
b6e0b2cee65e0e13ccaeb0ec475756b402c7b07de819866a47c291bccba4a584c966242b512cfbdfd59ece8902057299e750f9a8ba4965de8ca65f4f0138b28b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R4VBOHSO\favicon[1].ico

Filesize
4KB

MD5
64cb7acf731eee1e55d3998cb84a1585

SHA1
2f89e7053f6f8467452ed7f65e218bdee93a6951

SHA256
887e52b725b8a696e3fedcb7acbd431f524ab59ef47a21fb2b23c91f01953ed4

SHA512
c1016fd2267aad3c58b098ed3daf29608008b914cf811c4029b5f263fe29b9fc5aa94fd91b0e4e95d46745da0017c86905357a371a70b01982674ca24c231c4e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab7E17.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar7E18.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
memory/1720-0-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1720-14-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads