25ac4e482d9f2094be23818d89d03afc5459a7670f07c376be5ad92e6c269a48

Analysis

max time kernel
149s
max time network
127s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
24-08-2024 19:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bf4daefa1b0662f6f06908256c532ede_JaffaCakes118.exe
Size

1.1MB
MD5

bf4daefa1b0662f6f06908256c532ede
SHA1

02ff0cd30b3435c0e2ca5c351208832c5c048740
SHA256

25ac4e482d9f2094be23818d89d03afc5459a7670f07c376be5ad92e6c269a48
SHA512

b0bf23f7f204ebd397fbd2e5df7f6b3889a22d3a87d359e7b54a37adc1f494ae0b40855971fadc5e928a7c4768a9587b49ea02b81d20e68d1971e0ab665792bf
SSDEEP

12288:vsM+aTA3c+FK1vrlVYBVignBtZnfVq4cz1i5pP9kPQK:UV4W8hqBYgnBLfVqx1Wjk3

Score

7^/10

discovery

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
1312	cmd.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	PING.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	bf4daefa1b0662f6f06908256c532ede_JaffaCakes118.exe

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 2 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
1312	cmd.exe
1980	PING.EXE

Modifies Internet Explorer settings 1 TTPs 44 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\	bf4daefa1b0662f6f06908256c532ede_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\PageSetup	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Zoom	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004961a9603b5d8740891a04601e8b8fb9000000000200000000001066000000010000200000009f603506b1c640e943480411f71f9c676d13a49fa584657cb49af59ec7e6b751000000000e80000000020000200000007f8cdf7d56533f415799db9bfdd40513c82650e7a2ff18dbbb5164b15752ed0b20000000d691b478bc5bdf7b3c10da9b10100acf726cb3f71cb99d328798f93c1e8b83a7400000005d412736b340a9ef38b34a884549d9dddb24b8bf2c5884faef439a6b2d19828844fdeb66f4a281156b79889962c05c0239c675287354f9eda1c6507e45d90d2e	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DOMStorage	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DOMStorage\hpackageintransit.com	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DOMStorage\hpackageintransit.com\NumberOfSubdomains = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Toolbar	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\SearchScopes	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 70b31d1d60f6da01	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\SearchScopes\{59286C5C-7049-4393-B719-12287A944169}\URL = "http://search.hpackageintransit.com/s?source=d-lp0-bb8&uid=19470b9a-263c-4473-b06c-7d09730f2d25&uc=20180111&ap=appfocus1&i_id=packages__1.30&query={searchTerms}"	bf4daefa1b0662f6f06908256c532ede_JaffaCakes118.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\SearchScopes\{59286C5C-7049-4393-B719-12287A944169}\SuggestionsURL = "https://ie.search.yahoo.com/os?appid=ie8&command={searchTerms}"	bf4daefa1b0662f6f06908256c532ede_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{43C5F0A1-6253-11EF-A1FD-CAD9DE6C860B} = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "430691390"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\InternetRegistry	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\SearchScopes\{59286C5C-7049-4393-B719-12287A944169}	bf4daefa1b0662f6f06908256c532ede_JaffaCakes118.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\SearchScopes\{59286C5C-7049-4393-B719-12287A944169}\DisplayName = "Search"	bf4daefa1b0662f6f06908256c532ede_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004961a9603b5d8740891a04601e8b8fb900000000020000000000106600000001000020000000a702551617d89a9a88b7801814dde28065814132a1066fb5f4f5f73e05872009000000000e80000000020000200000006420e8cd4e69e6c19f6d72c9484790cb6343aa3eda39b60b6833f8bda274bf94900000001ef3f3234a14c412766f08ecdbc3033d231650b931bee218038495d0ad702e36bdbcdbee00e9b4667b15ae999e2d2c542f7185c567b45bc779593c8ed9cb90a1ac376dbfd954e5bf956b61f25f65cae9866156855180805e9e7c88aee972e9207d48a4de95a30e3d0652656797d6abd66f44c0b814b403c408221f0ed0f2179ce858fe8fe8c15c03d76d96c6a02e31e4400000007ad20a4186a10a0c3b9ce8db248d50c5153d60b61f4cec092bd1afd860b388058f1cf50a774bbad0f47802f677532ab69af18cacf3617fd009141bf23667415a	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\IntelliForms	IEXPLORE.EXE

Modifies Internet Explorer start page 1 TTPs 1 IoCs

stealer

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\Start Page = "http://search.hpackageintransit.com/?source=d-lp0-bb8&uid=19470b9a-263c-4473-b06c-7d09730f2d25&uc=20180111&ap=appfocus1&i_id=packages__1.30"	bf4daefa1b0662f6f06908256c532ede_JaffaCakes118.exe

Runs ping.exe 1 TTPs 1 IoCs

Remote System Discovery

T1018

pid	Process
1980	PING.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2736	IEXPLORE.EXE

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2736	IEXPLORE.EXE
2736	IEXPLORE.EXE
2912	IEXPLORE.EXE
2912	IEXPLORE.EXE
2912	IEXPLORE.EXE
2912	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 16 IoCs

description	pid	Process	procid_target
PID 2500 wrote to memory of 2736	2500	bf4daefa1b0662f6f06908256c532ede_JaffaCakes118.exe	31
PID 2500 wrote to memory of 2736	2500	bf4daefa1b0662f6f06908256c532ede_JaffaCakes118.exe	31
PID 2500 wrote to memory of 2736	2500	bf4daefa1b0662f6f06908256c532ede_JaffaCakes118.exe	31
PID 2500 wrote to memory of 2736	2500	bf4daefa1b0662f6f06908256c532ede_JaffaCakes118.exe	31
PID 2736 wrote to memory of 2912	2736	IEXPLORE.EXE	32
PID 2736 wrote to memory of 2912	2736	IEXPLORE.EXE	32
PID 2736 wrote to memory of 2912	2736	IEXPLORE.EXE	32
PID 2736 wrote to memory of 2912	2736	IEXPLORE.EXE	32
PID 2500 wrote to memory of 1312	2500	bf4daefa1b0662f6f06908256c532ede_JaffaCakes118.exe	34
PID 2500 wrote to memory of 1312	2500	bf4daefa1b0662f6f06908256c532ede_JaffaCakes118.exe	34
PID 2500 wrote to memory of 1312	2500	bf4daefa1b0662f6f06908256c532ede_JaffaCakes118.exe	34
PID 2500 wrote to memory of 1312	2500	bf4daefa1b0662f6f06908256c532ede_JaffaCakes118.exe	34
PID 1312 wrote to memory of 1980	1312	cmd.exe	36
PID 1312 wrote to memory of 1980	1312	cmd.exe	36
PID 1312 wrote to memory of 1980	1312	cmd.exe	36
PID 1312 wrote to memory of 1980	1312	cmd.exe	36

C:\Users\Admin\AppData\Local\Temp\bf4daefa1b0662f6f06908256c532ede_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\bf4daefa1b0662f6f06908256c532ede_JaffaCakes118.exe"
1⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Modifies Internet Explorer start page
- Suspicious use of WriteProcessMemory
PID:2500
- C:\Program Files\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://search.hpackageintransit.com/?source=d-lp0-bb8&uid=19470b9a-263c-4473-b06c-7d09730f2d25&uc=20180111&ap=appfocus1&i_id=packages__1.30
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2736
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2736 CREDAT:275457 /prefetch:2
    3⤵
    - System Location Discovery: System Language Discovery
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:2912
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\system32\cmd.exe" /c FOR /L %V IN (1,1,10) DO del /F "C:\Users\Admin\AppData\Local\Temp\bf4daefa1b0662f6f06908256c532ede_JaffaCakes118.exe" >> NUL & PING 1.1.1.1 -n 1 -w 1000 > NUL & IF NOT EXIST "C:\Users\Admin\AppData\Local\Temp\bf4daefa1b0662f6f06908256c532ede_JaffaCakes118.exe" EXIT
  2⤵
  - Deletes itself
  - System Location Discovery: System Language Discovery
  - System Network Configuration Discovery: Internet Connection Discovery
  - Suspicious use of WriteProcessMemory
  PID:1312
- - C:\Windows\SysWOW64\PING.EXE
    PING 1.1.1.1 -n 1 -w 1000
    3⤵
    - System Location Discovery: System Language Discovery
    - System Network Configuration Discovery: Internet Connection Discovery
    - Runs ping.exe
    PID:1980

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

Remote System Discovery

T1018

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
13703a3df7d5f449f1c206beeea85215

SHA1
4c221d0e647e9697d8d13372eec526003d599949

SHA256
c626d487c82690c58553ef810c72a0880206f5851b2e812748e9c22c59a92bfb

SHA512
3ceecd71a888d1087ec48a5c445470195bb36c21119b0551e02680b1df20729323e26c7c1bfd5c687c0e0d88d5abcc510374abe36e2376d9c3d91bb0c5526f04

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
733ac8c0ce614ef18c807a76023af2e3

SHA1
f9ddc784e358eab6c43694ec47855e1f851ca193

SHA256
ee2029d6a7224ac27c5b3063613522443b8a135d27981ae4fc0d83658f5a66f7

SHA512
4e6d6d248ee921fced25dd01b69b066345dc7ce52d284cd7696f3696dd2c13b628a84c7c219bcea766296f729e43807dc7145205fd527bbb06e4987cb7389284

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
29b3764934e21d3cbae2c2e97cca8e86

SHA1
b5d403fcef05426a02be88196a6b10980191eade

SHA256
023242f0cde72a4ab88739c0dd3a59bfa933bae81685097b0be90d61c461d488

SHA512
d99b7ec31030e515706b33fdc1f893b9d3f4cc8a0abc272f817fe20cf5410d4eb503dd8605146eadad5b719157c7c8e0b1215381d18f8be12635c8a4b6ce1e2d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1e0f322ca019228c339e2bafdb1f4dd3

SHA1
602ae307e24b42e6cdcbd46033b0ce071850afaf

SHA256
2942c400f16d9dfb065a082b2fc2c1aada4f2528421140a0baf3e2b8f69fd4cd

SHA512
e5cb27e220fbe7448c8f5c06bd72a43b69e18ee0174c1655cd30694a91e2e8991223a9598756ea8c351581875bc9730f2419fe5cb581577d4c218d20a0c7a4b4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3a46db34e90e800a95f9eeb5ae98c73f

SHA1
9a1dcca7d013a671f8fe4c226035d279f7963db6

SHA256
53093b4f17c782ea26e836fc0e40ea4b3f6de164dc1d8258e3766f331aa31ae5

SHA512
60d7ded41b38bdf603d1060e46455c8b8c9992331a6e74ba6be086971aa1bf726f36b4bc412e03c659084f45a95a32b6ab76db23b25de7fec9fc0e8437ef2bab

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b998d6339302764285b5f3e137b4dd0e

SHA1
6f52ff9acca295948c2d78e3d262a501f339e0b5

SHA256
193cd2744c1b9b66f1b9250994c5f890c92c2b547d0100178e2ed64564bf7365

SHA512
62b0c4aae55fd3bbfe78ed6a273ea3b854c48f7a2f2898b6c679e88972a502d939a6127087f54d939569683b5eeae9278444f786472afee725437413a9e1bf4a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
86277fbccd45b804a1a5f1e77fb5d927

SHA1
154fe347e87de113fb2a45fcec529f00f19ff4c0

SHA256
eb93ca24547a6fd849cb44d524d67e650d15b1ca5a3e4412f83b2b53e525a8b6

SHA512
be1dce2fdf9a61a7642ada95974f9fada63262f27c07682f92317a181f80df290686199acb1423af41359ba6ba78aa8bae83a7aaa42bb119aa6fc880cc2b6c1c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
62c4be95d40425fe33e98707603b2644

SHA1
3e68d43c69d2df78368a21290b670348b2c6d489

SHA256
d1e0ab45cf890373e5ef5f3e359412c3d5c91f543d16368b8d41ca0e0f3b44c2

SHA512
f443e67e26d54607df4c7e55c3c97fe7e63f399edf9b60bcb01323b8a81e36f9e19810affb68fc182419fd7d1877f0ace2a6d0fe48fc1bbbe8d8993e82341cde

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b3d64b7785c5bb9ad45b4a17956268e8

SHA1
8125c532a5acc12327ead69bb93f55a258061306

SHA256
7679170b03f6f8b91f6895e88d4ac1d652cac1b73006974ee8827c97a27b3e6c

SHA512
1a948fd69d17259264d35c4bf3111c1d9fa8892029ffb73e98f5cd3bed659250bb4bfffb819044f6279b271e1110153d7dda6770f7395642bb575f1137dae923

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
df25470e2cee23f6d39a862569eff8a3

SHA1
988ac645a14e3040f1cb66eb69733f2e4a62d47e

SHA256
8fe95d477edea8e12757f4366177a7811a8c034ceffaec32ac1c0da2f12c6f69

SHA512
1637a886786c837d95d9b0721c4484112cdb5a931facdabfd71e2541033ed5b306ace7d1f21bd8fe878831d431ebed621319ed33655a48ac57c2d650a010ef25

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
79b6f60b408e86a74ea2a1b40fb65df9

SHA1
f25f7a1d52d77023881291fed44e7502ca97040a

SHA256
e2c098d899e71c31ce5d638e178e7e13b92a38cf3ca3d6e0759ef1ae9c591cdc

SHA512
fb142d9ff24fc178cff792d5c8b11849a27935bab49b22b60b90ea5ad46b8cf9165d3922803a2c622dc3dc29e3604de8975d948d21f542a7c3d63f08fec18a38

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
657da95027f9ec3b10863caf0093e2fe

SHA1
5d5402de0f5bb807fdad798ad0801e3bdf7be2d5

SHA256
ffb3c17b2d61f36a5e819445c683cb7917f302c4c32d1226eb8ce752b83e9853

SHA512
2f04369c1fe1cbeeaf4e9ca59c27c9179eea406de89c95ad7657e653f46c14ee68a91e65d982cf642ec4e83a75234455664f71246bf160743ea0f8b6d95c933a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
67a5f26b74214e7475680460f079a65d

SHA1
b253732ed529dffa7c31fcba5e0f2b1aa0013448

SHA256
95e06142d879a360f5aa5a81ea62253f803a7f60acb0002e49bcff98fe16f83d

SHA512
2463de9b8313c55c1adc799f89e4431c5e514d806c2fd903e78c0ac48bd02e57c4dc70a1c1047af2fb9ec24650ef52378abd7517ea279789b65f9ca7bab4d0ac

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
571732911e830153a40dae5ac3a08e16

SHA1
e0ec513cc98bede9b7f08618c39f2236d4013349

SHA256
1254c2a46d867d07f8b4ff66cb955661962f2455701ee01ba9975c503fefb2e0

SHA512
62f3bf824be4b4575e1bcf9cf15b53774deb6d1305090601deaab27b4dfcc948ad7e73d5a2673b2c68a23f63af149d8630bab4e58317c175d01bcd081e2037ca

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ef07d5d951ec3e2c3a82cdbf2982762f

SHA1
b18412b9e222be4a1f0d159e566a6ee2dea4cc31

SHA256
00694352ed3d27461bb2b9fa936f6f12887095bb91f328bcac850dc230840401

SHA512
da5312db13b31a91e92e0acaeb92caa85c40c99dbb41ba4c3b038abae869d04f16be56d2d3a7dbad3cd37920b1bbae27e99cb827d98339a5ba36b47c489de4a9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c4627b1137d7542efa02d8db95131c6d

SHA1
fd841edeacc8bed2195072661e38bcd67250f2e8

SHA256
010dc2dd0abb06c17932087991fdaa15bee3317328eadd2bd881d49cbb90eacb

SHA512
5c408e4be2424150f9e4db0cc5d744bad32001491103599e8e08cf5dc3dee11cdfe28b7f06f46016da42284f0f684aa3bf081bad2f33a5867e6627a23d14dabf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7b4778ca5aabc7f5263dc8e274d39643

SHA1
0f935e76ca7d403c82308ce9f009aa924e576528

SHA256
70e2b23e34e6dff0f136a7e487f80e90dd03e6f69a3813a849baa4d9b7a905b1

SHA512
460129295ad55d7713d10fd1a716b1c5ed0d07427845be3a4a8adf4a86ae7061aaf4bbeae8429848675a674b5f8f2ffaf446b220f1e8c8b59129e7aed716b555

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9bb2a90069ec5d8a5e391cfe1156931c

SHA1
24d1cb1a0090a9be0d9bb1902c602602bb639687

SHA256
bb422fd4b28108abbcc6aca6ee958932308a9d8106ab18aa61a85d396060054a

SHA512
4e276f78667c357b4c872ddde03e106a37d3c1a0a0d50d4ad9a7eec6b0788c86498287bbc63ae2337bb75669605202c96c362c553a6a8b9c1e0c0112212e5224

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
627ee8fbe682a25a7529a2f20595312a

SHA1
ee507f281153321d3cf602c1e1c746e2c87bf4a9

SHA256
719e78f736f18bc44208f69644d888284e7d48413ebe7d1b6488927447a52936

SHA512
eea49b20170f8b5a0c9978cef3afaa969b84de444fa546b06febaf720763d37da893f0b595d451b7770adc18e6e2e352cae8929b76d47c447061a3f4ae746117

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
241818a70fe523bbd792720a50e1e383

SHA1
9eee5f352e5dc1c86af8531774610e014a525999

SHA256
9c840bbd01ceea9f0860973f93926d7ead712711a3337b663562298aa5eb919d

SHA512
29aa63421e7c92152a39fe5c08b321a82a4ef47a9edd129b553324d4a9223c09d32414299a3b371ead2e4d7774152c6fe4cfaae93a2159b1471c4070702a2213

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
dc20c10eddcaaf2048917669fa3ac089

SHA1
b1e844e13501c0f1a951e1c8aa5ada7677d9d58e

SHA256
265c1c4508f023159ea4d34ba71a793dbff578428bca986b39ae9d3998b9a3a8

SHA512
707ff408864d2ed0892f1f3cd771914782d56aba149b6f3e1479787945ef3d1fe416a200cd30e591c7c7604a44adce3fe66d5473a92fe0a6c655330ecab12bf0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b389c6b24059d98f79d4313745f38b28

SHA1
385fabc93c28b414dfd3642531efa05937badd4d

SHA256
963228788425e5a122796f5dc422ea68a569c27c1dde4e41fc2588b53364d564

SHA512
8232a04d1dd2b916756b4ea952e11421f72de6c17f33a69a567a53a05af74b7f274589d0d32de7b33ec3fa14a14eb52b028bf366b0df3290ff7197e5e4bd3263

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\pzrzu69\imagestore.dat

Filesize
110KB

MD5
c8953628d5ab1e6d9fbf270337879d64

SHA1
4eedaba4f30654406c9a91d6051efdb4c10cde17

SHA256
ae086054cd8a7d355df09296823a9c33100042b4d46612bf76b1e276be447f72

SHA512
7507874a2a0e47329a16beccff69b2ba920d3394ff9285b31e70160df60e545550f5b3c94693271c30ec8a45c08c5585188fa67c2e3806c75a4e3b3fefa68440

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BDDDRHWK\favicon[2].ico

Filesize
109KB

MD5
504432c83a7a355782213f5aa620b13f

SHA1
faba34469d9f116310c066caf098ecf9441147f1

SHA256
df4276e18285a076a1a8060047fbb08e1066db2b9180863ec14a055a0c8e33f1

SHA512
314bb976aea202324fcb2769fdd12711501423170d4c19cd9e45a1d12ccb20e5d288bb19e2d9e8fd876916e799839d0bd51df9955d40a0ca07a2b47c2dbefa9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BDDDRHWK\js[3].js

Filesize
197KB

MD5
9672d95274dea1eb5dc2bc47f9292779

SHA1
40ea6c783302b4917f13cacebd7e0339533aee09

SHA256
3dd33b5c66c93c54347c63a546e7e371487418ac5793e45cfefaaaafc592e790

SHA512
1620f8b2b61bb2b09615bfd2670427af13401fa7db712918f7730e0485fed7e6e559f5d6e737981ac403cce8b639488666eb211cd9e2a43d0a895872fb65fd54

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab17B7.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar1827.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\LZ8N9SF7.txt

Filesize
113B

MD5
5c868f52c43b94286f44d4123e39ddc2

SHA1
8611259574435468145042bb426ec57ba8101bea

SHA256
376ae8d6c7350c614412ef3094a69e8376fc0a62489f55336f16cffc979a6fcf

SHA512
6e628ac38ca401e8378c0a182f8d39e2df69956d01e9de0013db029b49b6888ea024643c6faf28a9bf8e0a57b062429c03763a6898f92e6eedce0b086f2402ad

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads