e6ea34c2d425dd185fcc2dc09a9a8af25ea4f1d328fa3b2198903ba4f171c001

Analysis

max time kernel
148s
max time network
154s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
24/08/2024, 14:37

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

bece0096e6106a556703933f3b18afc4_JaffaCakes118.exe
Size

32KB
MD5

bece0096e6106a556703933f3b18afc4
SHA1

69adbc926ddeb86d792d4372ca3691959d60aa1e
SHA256

e6ea34c2d425dd185fcc2dc09a9a8af25ea4f1d328fa3b2198903ba4f171c001
SHA512

625a1b42017b67ea3c24ff88c87bb1a3e140e1d823225f7836402e78d0ab54f06d0f232645ccac2c7af22e787534fce2eb74838bdd70e0170a7bd94f6615b9ac
SSDEEP

768:ssPg0f06K8wyexCf/12mG9eFN/lxQVcU2HLPW2:PKZye0HEexG8zW2

Score

7^/10

discovery persistence upx

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
2172	14310.exe
2828	svchost.exe

Loads dropped DLL 4 IoCs

pid	Process
1656	bece0096e6106a556703933f3b18afc4_JaffaCakes118.exe
1656	bece0096e6106a556703933f3b18afc4_JaffaCakes118.exe
2172	14310.exe
2172	14310.exe

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x0008000000018b4d-5.dat	upx
behavioral1/memory/2172-15-0x0000000000400000-0x0000000000416000-memory.dmp	upx
behavioral1/memory/2172-28-0x0000000000400000-0x0000000000416000-memory.dmp	upx
behavioral1/memory/2828-31-0x0000000000400000-0x0000000000416000-memory.dmp	upx
behavioral1/memory/2828-460-0x0000000000400000-0x0000000000416000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\Startup = "C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\svchost.exe"	14310.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	bece0096e6106a556703933f3b18afc4_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	14310.exe

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bb7c5835718279428690b074aa627b7000000000020000000000106600000001000020000000123fe4128e250c8963fb463a0c306dba3721febe18fb23bdf8eccaf7d09fd097000000000e800000000200002000000067bab494f6e444bfd6dbe48d435bd5482afdc2b7e25e1c7d313f3e65383b659720000000dd8cd0275100557ec733117428822b4c54dc37dbe9f49f26c858d7e8b9d9b6374000000057450b9fe2c029b7dae15717088a4ac73a781c2e60754caf42060b95f385af7899022554a430966d94c454a552a68d4b386ff21a49e72ef179dd33a011e41e40	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bb7c5835718279428690b074aa627b7000000000020000000000106600000001000020000000c9fe384f52d96e86a28de7423af182e2bfdc1694cb314a04e9420a3160899493000000000e80000000020000200000008520145199fdda7ed65c03cac2210f9a24fbc6b660f5730f149211a2dcbd30c790000000348e33c51715302b891da92a8b8d0f8a56d292a55d71078bc40a5346f155615d8dd96175fc599bd46e60f63531f46017a63e5075c6cf3965142998905dece29342579e2bb1c1e3d129ea66f5a0b77deb31aa53f53591a27c8b1f17d761062cc2bc3cb840807daf0a05f95ce69dcf15279e3fa95f1382fe5c450fc0e0f79720c8aea05a42ebf8e74ecc670f21400ad05940000000469bdca8a37b66c9458f9bdd13c41e1871e601532972f31deafb6921f6b3112845f9277cc2bf64caf2759332c8f9e88d53c37f0e87158ead90c28cb2907c748a	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{69333691-6226-11EF-B29C-DA2B18D38280} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "430672129"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 10866b3e33f6da01	iexplore.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1656	bece0096e6106a556703933f3b18afc4_JaffaCakes118.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2872	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2872	iexplore.exe
2872	iexplore.exe
2672	IEXPLORE.EXE
2672	IEXPLORE.EXE
2672	IEXPLORE.EXE
2672	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 16 IoCs

description	pid	Process	procid_target
PID 1656 wrote to memory of 2172	1656	bece0096e6106a556703933f3b18afc4_JaffaCakes118.exe	29
PID 1656 wrote to memory of 2172	1656	bece0096e6106a556703933f3b18afc4_JaffaCakes118.exe	29
PID 1656 wrote to memory of 2172	1656	bece0096e6106a556703933f3b18afc4_JaffaCakes118.exe	29
PID 1656 wrote to memory of 2172	1656	bece0096e6106a556703933f3b18afc4_JaffaCakes118.exe	29
PID 1656 wrote to memory of 2872	1656	bece0096e6106a556703933f3b18afc4_JaffaCakes118.exe	30
PID 1656 wrote to memory of 2872	1656	bece0096e6106a556703933f3b18afc4_JaffaCakes118.exe	30
PID 1656 wrote to memory of 2872	1656	bece0096e6106a556703933f3b18afc4_JaffaCakes118.exe	30
PID 1656 wrote to memory of 2872	1656	bece0096e6106a556703933f3b18afc4_JaffaCakes118.exe	30
PID 2872 wrote to memory of 2672	2872	iexplore.exe	31
PID 2872 wrote to memory of 2672	2872	iexplore.exe	31
PID 2872 wrote to memory of 2672	2872	iexplore.exe	31
PID 2872 wrote to memory of 2672	2872	iexplore.exe	31
PID 2172 wrote to memory of 2828	2172	14310.exe	32
PID 2172 wrote to memory of 2828	2172	14310.exe	32
PID 2172 wrote to memory of 2828	2172	14310.exe	32
PID 2172 wrote to memory of 2828	2172	14310.exe	32

C:\Users\Admin\AppData\Local\Temp\bece0096e6106a556703933f3b18afc4_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\bece0096e6106a556703933f3b18afc4_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1656
- C:\Users\Admin\AppData\Local\Temp\iTV2HwOA\14310.exe
  "C:\Users\Admin\AppData\Local\Temp\iTV2HwOA\14310.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Adds Run key to start application
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:2172
- - C:\Users\Admin\AppData\Roaming\Microsoft\svchost.exe
    C:\Users\Admin\AppData\Roaming\Microsoft\svchost.exe
    3⤵
    - Executes dropped EXE
    PID:2828
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\iTV2HwOA\17819.gif
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2872
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2872 CREDAT:275457 /prefetch:2
    3⤵
    - System Location Discovery: System Language Discovery
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:2672

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
846dc0ce4e5e55536bcb6cf3ee56d6aa

SHA1
911ffe9cdf63db391a37ee8dddddd41510a4f624

SHA256
ed05fea32b9daff031689f856aa9df0e4e92d3ad1f44d952f7785369f1fa1611

SHA512
9014fe708fe1659c16656140ace0376834eee22fe54cf5868ae4a83e59ac005830a161899956e9b2c09df8c3a42ce89934496e8f683b2be6f259e970a5734e44

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a713a7c6d85ab2e34ee257b6a5c67ac5

SHA1
40074fca768e13b02e8fcdb2e811ea825c22d955

SHA256
1828c8db9d81157ee028bacc034faf844a390fe077e98522ac530aa83f78a1f4

SHA512
a82eaab9826dda7fd8af3cbdc26b104a5e024e289eafc112e89566eefe389b7d3266a111a68048004ce0941a16579b02821ffcf230e67f7fdaf9c5f9a5c01e32

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d671b954fe6675cd8a5777edb1ee1ff3

SHA1
ac1f35c40539c8bbd2bf79b5a4f3303d89026d17

SHA256
cc8b5b1506231dbe10bde58353edbc67b6402b11da62046f5f5923df319e5670

SHA512
917c1db25a18b503207e9865b280ded7a3f68fa8a176a4bc6b471d6025b445935bf86db9ccbed90f815de82da0c0163dc28ed18c8f4fffd3021b8aff1566d11c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2379e3a409b343666661f134c040957a

SHA1
b6035d4bba12def74a1de22b43e0d0ab7ba3bd58

SHA256
7e73e8be69b6f27de8996029018892dee1a5ddd268baea470648c479c8cb7a8f

SHA512
392b4c0976b93282fccdb6b4dfbc0e52e6e9cd675dd7adf371899dbe176ee7ee6ef5710c07929eb62ec1c44a4b0de6f553034de3346563e340b26be7972dc943

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
18cb78d31de80fc079ec26a345a07908

SHA1
a7f523c1a2076b7502da657285788979a5ea5f9c

SHA256
1cfd3c1d90a92d4673a6f6ee2cd06646a85e980e482675fafba2a99c2e2b4412

SHA512
67b87e44d7e17e6c242531daa19153e83ca6a0e89dde1cbadb3f3be383e728f1ad49ff8975141542fcba1f1a9cfc8578c190a9b7392ee41e122dec3a6f3f5f85

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
84c06980e055a4ebd00546f285f7a128

SHA1
32874e1bd7b4402fc8c94d9948d1514767fb196e

SHA256
cbac5ba4a22325f14d95d6be906509c3605e4136c0451b73261568b95b5894ce

SHA512
55c6860dee2ac6ed39097a7e1132ceea9dc375c0600574a16e9975903409ba0656964c77079e566edae7d380d1647bd4b3f0579746c98891116dba1664975367

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a4caca96673eafa53a4c23bdff110ca8

SHA1
974a18a0177c7758d4ec6669f7f2cf581db6b47d

SHA256
22d65ee2391d3885fa742d21ba8062fd480d2841d8aae2618a7b2e51d9452ded

SHA512
93cf5320568172d6aba8f610200b8609d5f8be07c1e7ca3ae2359b5340967ccb94421340450ce0456382a9173909148e4bd07a5a6c8cd13376b1ef90bab82800

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c0208605f5c3fab72a15a53a9595a708

SHA1
86869bf2b778c3b1ca242490dfa70643d94cc26e

SHA256
715c955395fbe7bc63c9dc06b81ea3572cc9a8e3af3cf67f0e88189362407c88

SHA512
fca1601f5ac0ed0b62473dd03dff9cbd6f298351155a910a8c39d258062ac0eb30a6ff340dc24d6a9e771fe3ea6eb77d5a60d71a9592d8dba22181eed5c8f667

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7fee2cb992df6faeec843eab7002aece

SHA1
708fc71f376b7aa3b2c56a78037fcb0023156320

SHA256
0daea009952a322581832a530e8c72083e6a4d0245951a0ff544bd729331f11c

SHA512
139ebbb85f9c7b948396e2605576c7d25428d3546bde8235d67134c7ef7855497c0c0108d937394851ac0a9033156b931eb0adb40e20ac381c575217ddcd3fb5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cb381b4491caee562402b6b6335f5188

SHA1
34907c293cb0547130622e331703d15184f3a300

SHA256
0ffd883d77b15fa9aa41e7f540dc3d5f0a55ac28c446f312614cdb24b9f20189

SHA512
7a39d0ea49c8c11e638eb289ee17d993b54c231d6b86f03981c48c4c2e477783e62914e2305a863d74077b0d24bf968f3841de265a472c16f4e076994de83d73

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
142d6042722fa4d85192c44e798b2f32

SHA1
8e9ff2ad67ad8532b8148cd918b312066ac4336e

SHA256
3421706d1a68d7c3714409ed9968dea90480752be34688801d368cc79e680fe9

SHA512
2228c40517885c5f100f35a6c0c9c55db66600f7f007797c228c6f811dfd7d8cd44331591cc60d8b8d3db9fdc61b8105de30dca393ec996d34d124520f5fffe3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c3d5a54ca7277b6213872da2df324f20

SHA1
18a13fdf74dc52521b10b0767e810f41f73d589d

SHA256
c1ed43766db47c36a080e4b6e711740339761890dec017d766300367218be753

SHA512
784117f811ce9ab1f314884788dba5c2b2fe403e3de22a5eaa73c0915f3913da5629839d7a8f5e8aa9c2cfea39ef4351f0e449e786bf1081695d03bcddf761b8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
68a8a579457f4b6a48352531bf3f852a

SHA1
5b47db0d5117485eed1b521615922339e4efaec1

SHA256
c99810eaa641b8423b0b08a23a4bee8f2182a8117a7351c6abe190055b4b9f31

SHA512
50b6543e6a080beedb18227267accd5c806f515e120dea8e919c7185e7b0d0c11347dc7ed19803f371e6548f72e3bed4531960ce76b7ff1c8b9ffaffb2cba54f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5bb9868943e78015769a62fa6a6deefd

SHA1
a3c900d59bd345ffd402676ce8e46a1f4a4489c9

SHA256
5488ef89d0ccf73bc6ee5c830c201df4fa82ca2cc85ba18364ce260dec0e38a4

SHA512
25dc917de91dfd6e6077a0c7fe5130c13376879f48a79765f906592d2b2201c175bcca67c74b26f16de666ff84ebf71d8b4a1c2a87db4194ecb8ae4f3bf67839

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
51afa48f8a7c669037ffd83ab29229d0

SHA1
bd78b68490e9c261ed2e56a39446856898955764

SHA256
9cd5cfe20f9b0c8a1b7c892e768d4f33f283cb4d5e638e929132c1937de0ebd5

SHA512
6a645955f6f5c610056d8e4380cd8cd1d9c9c4c4b11a1e95757809f68cd996aace5732f270e924f408d0ddeee2451dd4f26bfc8ac534f16afa310dcba0f825ab

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0255246b07690377c9a1852b7ed57f80

SHA1
24854d13f73568f58f66e5517dc69f1aa2240736

SHA256
affdb3e8b05fe9f212f5bac03b4d8b627ecb06e827d07a262f7fdefc3a635856

SHA512
e6e74a19d913245b653948d1be7c856139962c95af3961c1af02a8cd431009cf92fb5c920f4e3671f95f70d909cad9c0a15bdc9a03c49d705503882698e24f1e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c80ea84a49237fc82d8cb70c4e1c7daa

SHA1
20a26c19898496ee8deb60d80a7892eda65209db

SHA256
c0c98142dc3246e49070090fde634f1ad084c854bbf1e632fdbf9c42711c7ab4

SHA512
46c7eb8e7056f2480a5ac6fc141d763882e81990de4a6d07d6035af31a2c7ddd1034415f9f073f00c69a1e59e000009f3390b73e339bd8fbe81b2f8cbcfe9ed1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5eb129593c8d78b762cfc20a25402327

SHA1
2493274cd2259f6f498d98d7ee7f8f388280e1c1

SHA256
7ba7a99558283b3af2c63e05c888e2a41a2d0d064269d550f9f067094aee1b40

SHA512
62752d536d3073a954a06c1743415907d6139ce6ec703c18eb593dfb8809fbdafe247b53c2b223b761a2c73ad7359fffadaf7f893b69c9d7d22c9c9a33a97810

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
83d73178064b850b1abf3988fa8801a2

SHA1
8119b4589b22a9a15c3c6bbddfc4b0eae3df4dd5

SHA256
a5a8dd060335b4af94ff3b294cb1309ed0cf0ffa0d05a847e943d6226330fc72

SHA512
ea876d2580cafa7d55e6337c2b0584027d3baa39b947f88c8bfbf82e8accd00914bb6076d15ede45a0f5c9e05c743eb21d44d1b8d2a94a376491e1ec975ca426

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab56BB.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar5789.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Users\Admin\AppData\Local\Temp\iTV2HwOA\17819.gif

Filesize
132B

MD5
9d86d0ad08395cff7ed41b0277c27104

SHA1
ed245a57604afea6e4d85ef8aa590999efb85086

SHA256
3d0318b69a55942931dbd2a3ac0f1a3eaf1ec7bce8819595a50b8049ea5c6846

SHA512
6681e2f55ea7830b7300968cfc48085414143b5d34424f3bbfe87fb129e9b8630c4fa7b83ee4c970bbfc290a9e59931fcda02f062f1adf9a507755cb45a962f6

Download Submit
\Users\Admin\AppData\Local\Temp\iTV2HwOA\14310.exe

Filesize
24KB

MD5
cae3babb106d88975993a857c5a260b5

SHA1
ed39b37a67023c1e07f0ac024e162c7d16fa976c

SHA256
1d3bf97dee148cd26adf6a30338fa1b4cd843712466fabb9fee153d917b53595

SHA512
26fd4398bf429879bd29942345dc0965078d215a4a9154f21fe94781650951ede822fa81cf8613dc931d7af837687698919e2c661019879a55e13c922e9ba9db

Download Submit
memory/1656-1-0x0000000074650000-0x0000000074BFB000-memory.dmp

Filesize
5.7MB

Download
memory/1656-0-0x0000000074651000-0x0000000074652000-memory.dmp

Filesize
4KB

Download
memory/1656-2-0x0000000074650000-0x0000000074BFB000-memory.dmp

Filesize
5.7MB

Download
memory/1656-14-0x0000000000B40000-0x0000000000B56000-memory.dmp

Filesize
88KB

Download
memory/1656-13-0x0000000000B40000-0x0000000000B56000-memory.dmp

Filesize
88KB

Download
memory/1656-17-0x0000000074650000-0x0000000074BFB000-memory.dmp

Filesize
5.7MB

Download
memory/2172-15-0x0000000000400000-0x0000000000416000-memory.dmp

Filesize
88KB

Download
memory/2172-28-0x0000000000400000-0x0000000000416000-memory.dmp

Filesize
88KB

Download
memory/2828-460-0x0000000000400000-0x0000000000416000-memory.dmp

Filesize
88KB

Download
memory/2828-31-0x0000000000400000-0x0000000000416000-memory.dmp

Filesize
88KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads