9d66317be2dc0293a7ca3e9aa3ffb0c5bb7babb58f45fb8b6e4642d8e4ebe58b

Analysis

max time kernel
149s
max time network
131s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
21/08/2024, 10:38

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

b323b24bed693d31a60ad1e00d1049ed_JaffaCakes118.exe
Size

16KB
MD5

b323b24bed693d31a60ad1e00d1049ed
SHA1

93251fc2dc4bb188b66a1b88195c207050b41a59
SHA256

9d66317be2dc0293a7ca3e9aa3ffb0c5bb7babb58f45fb8b6e4642d8e4ebe58b
SHA512

1792447c3a2d76f73c3dff19851ba53f7f8e8c0100a70f465a44356f5ea61d883a2291b3a8543164af00b0c9fb68232787fd54f58c69780e2e70fa219adcaedf
SSDEEP

96:ktTkNHSlAsnCqVtNPwvf1svfQpWBXwWQ8IygzqcqG3AFmh0qnSFigMOkPZq63+EX:0kNHSlAWVYESWQ8IyuqbG1h0bWOS4k8S

Score

6^/10

discovery persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\Setup\Configuring Data Access Components	b323b24bed693d31a60ad1e00d1049ed_JaffaCakes118.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File created	\??\c:\windows\ime\d.vbs	b323b24bed693d31a60ad1e00d1049ed_JaffaCakes118.exe

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	b323b24bed693d31a60ad1e00d1049ed_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 33 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{898E8FE1-5FA9-11EF-B58C-DA960850E1DF} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003125cc29be9a0e41b44a3d73dc8faf7100000000020000000000106600000001000020000000ed545954ee184915a5264afeb10f7e5002f9656bfcd3e57a795172a9ec13804b000000000e8000000002000020000000dc0e9b288ff35e3dd2321046df203bffb2547c4b215558ce51429ad5e36655e39000000066e159fa47e5ac9d8e48f92be52275545dbbe824e5e0c33a9e172b87f66ad40ad5b3f3ab9b2d8d384a8eedc2b5fc0e5d747385be0823e4c29b74c9770b351764fb2f8582e59da023242c0ab388bfb783afd686abb8b7599e08d7fd416fe35bdb2dfa21324c29a786b916c2e0d079b4256e8a3944d7254836a2232f1a4416be4224f2c0dac83ec5051785e68ef4b37d1640000000a067c2e890b6562adbe5efdabb7ac981a3b3f5ddfe392e95aeed3b9781cb85297155fc49419976925ee8e672f374a0112948659604f7d6e1ad993a710aa420f6	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d04c5f66b6f3da01	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "430398591"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003125cc29be9a0e41b44a3d73dc8faf7100000000020000000000106600000001000020000000e3205429a1a91f45c09e016279178ae10dccef2ce12b9170dfda468bfe7e4369000000000e80000000020000200000003161d0a52bf2b092cb552e366bef35a0e7b940dbe9ec2a3393f7b94debf50c46200000005bf921978bc803e86a524b18b8f2b9d328bf20002a723c5d5fb1a3eebb86019c40000000f92697b5299a2460005be7c40bc2e96af47f60b6546e067983ea276699b8c2a84fb4a14916064a9a67191d746e0e132fbeaa54be982af5c1b75df6e5abd3a18c	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1716	iexplore.exe

Suspicious use of SetWindowsHookEx 7 IoCs

pid	Process
2072	b323b24bed693d31a60ad1e00d1049ed_JaffaCakes118.exe
1716	iexplore.exe
1716	iexplore.exe
2224	IEXPLORE.EXE
2224	IEXPLORE.EXE
2224	IEXPLORE.EXE
2224	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1716 wrote to memory of 2224	1716	iexplore.exe	30
PID 1716 wrote to memory of 2224	1716	iexplore.exe	30
PID 1716 wrote to memory of 2224	1716	iexplore.exe	30
PID 1716 wrote to memory of 2224	1716	iexplore.exe	30

C:\Users\Admin\AppData\Local\Temp\b323b24bed693d31a60ad1e00d1049ed_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\b323b24bed693d31a60ad1e00d1049ed_JaffaCakes118.exe"
1⤵
- Adds Run key to start application
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2072

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1716
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1716 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2224

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
51e01420a1b2aff347e3c3767c6026d0

SHA1
52d4411428804faf238b5d4f65f0aaf62c51ae60

SHA256
e870753e498d1f0e692d896a70a05057b98b394ae19e2464fa63e6a44fbc7f42

SHA512
71745f17b9630530abe358e70abfdd263e586c86aa85dde8f66a34bbbba2248cf00c31b65fc2b543997d76f01bf81e207408ad49dece63a542a7c6808845cdb0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fc2cf1a8dcabaeabfcee12864bbbc99f

SHA1
f7b45554f4e75f07d7f83e82f0dde8d17dfb2cbf

SHA256
0594bff6e4c530d157e44e88338b4af3be02ec9504064c68b98463fa6e32498d

SHA512
77d443222472fc421f78aaff5d55fd103bf488a58990f4928c685868784da8ba9e7355438d3dd19333dae44c48be22fc12d0db568b0a4a884060ce2a1c0baead

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c07704cfaae9b315d5c06b67defc02df

SHA1
90063fff1d97c633b627a4e7bfdcc470349a7ae4

SHA256
9b116e19f4630ff27c70555d42a5fc38de018bede0441f526e72269770821f1b

SHA512
efb3fd523a6b9ec7bdfdff4bbbeda114345dedc7b9bc6368e8628cb1ed71de23f4477d758119b2a6d066c89e211eb62830d6b8bdea017b9caad48a680d39a55c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
91c0e8e8da936d3f1f28c38df9a794c9

SHA1
cb4309e5017f38b8e05e0d84fce69876a8c401f2

SHA256
63ff0acd14dcf09833758ea3f9145a432fcd1bdee10f144ce358d2d62d84bd67

SHA512
409621c5c0eeaa895ba8c6c0e1ab5f644f5879efd7c279112e165519b6beeb68b95b255f459819fb6410ad15308d4fbf392b8685eaf93165bb4d26f9eccf18b4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1960295644e893533671eb646a45c2be

SHA1
e92fd36756a54eed0ce178d2de17ffc29c93eecd

SHA256
9a4838c4f6687b398238309a20fc77e1662604c440bc9e7c6371b61052191c67

SHA512
0b8465a252abcbfcb9b6b4428dd880fba4e0b27a821a536c135ecbed5c14fc363c1cafea4a763b02234c94d6418b2391668be2d906e0db8e7bca4c2bc2058878

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
62eaac6eb4787b8782ef5bae067fba8b

SHA1
7e438a6ef7ab2bb6fa93f74ddf490a54eaa9d09f

SHA256
e16f0c280bb76efd7b954bce36d4f890d9ec414d23b7657254ae6c18292cdb0b

SHA512
a219f43bfb95cc9c6ff1fc1f6f25b6c28d74dfdd81ee640b775dd57d72921a61ba9cb878afaf0417c80cc46a838de1fc1f3a0bc9e2b817002a629c3e99772cfa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ff759f5a0e3f76845f029907b50d89c9

SHA1
76aadb2d6b7c23bbe63e3390b24474374724018e

SHA256
fb123349ca29a9832404935459b9e688b937e30777b57ec472d8efdd6a9e033a

SHA512
181b3972af0f1ee1ff38059e62d9a4eda10f0ecf2960a4e81e2c2e1a17ebca107f309c163b2d265abfa999364d750713eb7b82b64ec43b92a8c599d519a350c2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
164eb4649c47155c122c4db82c20584d

SHA1
7ab84fe0c0379ed9f14f6c12c66cec73052e703d

SHA256
4ae7cd8a0b5255f47c69b927b9590892b239643eb32161a40afbff58b8e73832

SHA512
64877bfc2756cc67f76c28af13c161e35f32488a82d9f4e16ff6305ca19c0c443a3e12bbce7630b11a00d465ebcb96bd9e0b174cc28266d80418304721cc3b5b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6dfcfc5d5bfc0c6be995e9c602dc828a

SHA1
e06bbcdbfc3818788f4b92dc6627b024c48e88c5

SHA256
46ba4669e8a70cf6fef31200fdc78fdf84bad7e34716dce503c12d99db0147a2

SHA512
3de0859dc5563ea54d6b6f9e6d5a5c36e2bde7612e5bd0a78a4f31be8d287a28235b5065a09e02000878eaaa155f81758b63830840b770d4d17ae6547dc2b384

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e9f4a1ee0f4a293c8564f9304f02dfec

SHA1
7b08664fc55bf1eb6959b5e193c63b9cbdf41e1d

SHA256
e2a21a12629814faf94750d92fce268a1717511eca47fe8ac229e01dda197816

SHA512
c4da66ae64e3f2d96d5e26f1b1a1a57604aae20163c021bc9f4c03277c3edda75dbdf1fe3cf779f7e0b9416c38432923624ecfaab8f096139561849ecfd0ad71

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f79aab18077fd02dae31381017389f5e

SHA1
def3915e7fd2706242b806b9056d69deb39de0b4

SHA256
3a0ea8d671e3ceacfc36f58773a34c47463e9df17308a6ca434244dcf81e576e

SHA512
204f3c3113ac9b288097a139cd1d31cadbc7124d9e2aa5a709b4c21a1ea015d4694a4fd31bba4c3769a9fc9edf619bd270a8468d5c9532ff332965dbccfcb157

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6f7e38b338c39a67f790996a0664a0d1

SHA1
f8a20cdcbcefb2a1e69d87131e69e61393c71dae

SHA256
86775734f0760f134f48858cc530bd69046b9a6e8b23c6330a06982c6dc70463

SHA512
67a060f0b2831ea80c7d282427c92ad347339a25c1546949ca66567b7914bd10e4833b531b29117b44b08b759232d3b4b52fb0761c435ba3a3130b48a672e569

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3cb1b2b0ca04caf7a53ca14f4563d853

SHA1
68f7aaaf9c5f30b9b24ba43bdcbcda852528268c

SHA256
f7469e07927c5cb89b089d90c23171b9e04c8be7f70f2cf53d7dd2ce90796cda

SHA512
1f43089a17ab3701b0f148468aec9a579ce549d5daf6463583806bab190c02021488c2817fcb602f227119b9fb4bf630096a619426b549c3aef2f878ad29d604

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
916e48d32b565fe98975b0ebe68255a3

SHA1
f952b5feef92f0ed1d44ba4c9766f0dacb45dd48

SHA256
3d4f0f0f522fe99fed8f84dfcbcc0e9a8a23947f3dbf15dce4e0ba1a730392a7

SHA512
b7dc3edeedf67536b91e2d43546e7e142a3ecab105b8d4462b64e9bb7a790566bdfaa95cdddfd8f8a51300462e4052f27874c79bad0be9f9a248654102c61ef0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2774619e3c6aaa9f96d0e83a7a9907a4

SHA1
b30686e0082e722e4c5df0cab3bb101489c5f49c

SHA256
630572098d67cbc1bc3c3cab83c1631e1c8395aedfee63aec7ab093f04f48331

SHA512
332d8f898266cec3f5fa89ff107e0589837ee43d40a79a0856d968d38a2354ab21e7ffd30d664387b2ee386cbb6a4fe8d257f2b1027e11b3890dc87bf4d7a715

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
60e1bae14023f22f34a37ca061cb964a

SHA1
8cff97d6cbd0655624ff10de12c6189bd2f6f02c

SHA256
818df6a2809d95a48c51f64d36fc944bff17bb79f5f0ab4a69e2d787adae89b8

SHA512
b1cf625f5a82ecaa3e7a8aa482d07ce67f44acb7db93d7b67da723075a59fc7e2442568f179c4d3f1dcab7d98f9c50e020c0cf0fb896b5df56a50a92d7457782

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8eda97c5155ba27db4bc0b2acb01f5bd

SHA1
759a1f7bfd0f044920090c10ce29a2fee5db9372

SHA256
ef4cc29c93f446f5732790da27ac0fd13a3e8adab277e745495bb4f645df8dde

SHA512
d7d437488c2d60787e2932ef3f6b7f373a8f72df985380bf1b6c93e71b7b1d2ca00755bf55e45ed011476432eb8b0d04483d40b3f69a8a663a90bd8812638e57

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
77aa0f845763ae6e86b634eeb49918c1

SHA1
8d11b130d5417b0446d69149f6915eaa2a0244dd

SHA256
8b505abd748030b9dfd7c87650fbf1c47789c0d642a29d2c06cfaa5106efe372

SHA512
ba8e797bad043f72309f5886834fd112ec210a08f583b8bb6694b16dd82d3af7385f0bcddd926dffa4e1a13dbfa69010c6990ade3c34fee8949b8f9672406310

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
66c1349194bb1bbc828928cc059e442b

SHA1
de3a629cfd254103505654b58b296851be1f4a8e

SHA256
b2fa9778bb64d94e16a120fa42712e2093dd419b8ed2dad79193fe3e7e6cf885

SHA512
cc7090b793245cd6e2d55984f52a93525cf67e81e032e4545d670ea06d316f4ce5bbd61f777ae71091504ad1417985b44ddee7f20c54030baec34e445942612d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8eb12463bfce4ee7d5c79d0c5abdee12

SHA1
9a9f6aea08c58823d359d018a44707d5903605b9

SHA256
2aca90ef0ad1c66aa142c57d6dd2a870fc4939e128001d06ecbf9d1648478b22

SHA512
d8bf92ec28608662b15181256859abcb2fd53d13f59291d0ff4d949eee95e8a68eb6e58f2a331e092c01a97c0e4ae0aa48700cfd54d43bbbdfc7e53e379aa036

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
46fb1017d33459e7766fe0e167c8043f

SHA1
b416ec91b8f3c2ce961435d142fee61b0590fc5a

SHA256
dcedfd5263d7d332952ff0b86ed83224313d5f6142d2693bf9687aa60317f24f

SHA512
14bf378ba8c7c7380c52f01585ac99f37045543f8207386c597ed388a2fcb64a2cc46e2ce77e7bed364d2c072141ce2723d44c0561821a24754349f809f42839

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab2EFD.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar2F00.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
memory/2072-9-0x0000000000300000-0x0000000000302000-memory.dmp

Filesize
8KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads