458c6851b2bd9850846110d576ed0023d766cbd5577ce85169f9546535494734

Analysis

max time kernel
149s
max time network
147s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
24-08-2024 20:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bf65806f37148766604297beaecc056e_JaffaCakes118.exe
Size

1.1MB
MD5

bf65806f37148766604297beaecc056e
SHA1

2df6573be484afce00fd6dda709ae71a13f2da3f
SHA256

458c6851b2bd9850846110d576ed0023d766cbd5577ce85169f9546535494734
SHA512

fc142c42afe80522ad912398aa9c782ae43732196984d5904c65f1430ecd46c5101cd10f3f543e7027ad847bc9c1e01c89cd04a403236020f5754d4225295dc2
SSDEEP

12288:vsM+aTA3c+FK1vrlVYBVignBtZnfVq4cz1i5pP9kPQKPR:UV4W8hqBYgnBLfVqx1Wjk3PR

Score

7^/10

discovery

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2600	cmd.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	bf65806f37148766604297beaecc056e_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	PING.EXE

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 2 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
2600	cmd.exe
2668	PING.EXE

Modifies Internet Explorer settings 1 TTPs 44 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "430695024"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{B8DCC1E1-625B-11EF-8B76-DA2B18D38280} = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\SearchScopes\{2EFAE02B-143D-493A-BCEC-8C65957AD614}\URL = "http://search.heasymapsaccess.com/s?source=Bing_v2-bb8&uid=4d0ad52a-5098-478d-a7db-8869834e923f&uc=20180122&ap=appfocus29&i_id=maps__1.30&query={searchTerms}"	bf65806f37148766604297beaecc056e_JaffaCakes118.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\SearchScopes	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\InternetRegistry	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\DOMStorage\heasymapsaccess.com\NumberOfSubdomains = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\SearchScopes\{2EFAE02B-143D-493A-BCEC-8C65957AD614}	bf65806f37148766604297beaecc056e_JaffaCakes118.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\SearchScopes\{2EFAE02B-143D-493A-BCEC-8C65957AD614}\DisplayName = "Search"	bf65806f37148766604297beaecc056e_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Zoom	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000d854e951ecdca4792ad3aea80f0355100000000020000000000106600000001000020000000f54a6fc69dfd480293e090fa47f7a12b7321d640a0c5bad41e279f7fe74fe8fb000000000e8000000002000020000000f5ec625bda2ca3bd234ae029ef1f6746d55364973bc691b9188fb3d01e5c1d009000000075347aeea7858d26d98be788f22229f753bcff9c4559feed1fd3179eae62d39342fdbabc3cb176a2afb1bca6e7109b4e9be16cb1dd425c4c225dd7ae185929e083c633406659866c4179aa2fd89e0d0b6828b7b48be0188e1c1d7b50a20f64ec8643f950a78623d06311de4c77a43a31b7233794c05f6048f2910162b6b0d57be35df584a63b16b889d1c345160b574c40000000f25f353c71074639a7a9ce4e92bf1c8452fb666970eb19bf31d58ebf018f5a30f64bebb6fc4b53ef3baf21a4ebaadb16870539bc8589d6bf6fb4cb4ced67c388	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 101fb39b68f6da01	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\DOMStorage\heasymapsaccess.com	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\	bf65806f37148766604297beaecc056e_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Toolbar	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\DOMStorage	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000d854e951ecdca4792ad3aea80f0355100000000020000000000106600000001000020000000b7ea6a39d33e57fcf5654e7d1dc7dfef1ae3a2107292278e7a978857e9449d64000000000e800000000200002000000004e9eb8368eb24e03ecfd496c4b3add848da9a9fa99185ed21d5c091f2d1bf11200000001db8e3e9a3d4f42b11a925063e198b995f132a8e74741802eb08910b5501b9bb40000000354511b23af33220f2dc01b59635754af51440b3152214beb1e872f7d6673df041edb50e3ed04cbed534d7433e503ede38d7809715569ad2dbf52870015fda69	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\SearchScopes\{2EFAE02B-143D-493A-BCEC-8C65957AD614}\SuggestionsURL = "https://ie.search.yahoo.com/os?appid=ie8&command={searchTerms}"	bf65806f37148766604297beaecc056e_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\IntelliForms	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\LowRegistry	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\PageSetup	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	IEXPLORE.EXE

Modifies Internet Explorer start page 1 TTPs 1 IoCs

stealer

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\Start Page = "http://search.heasymapsaccess.com/?source=Bing_v2-bb8&uid=4d0ad52a-5098-478d-a7db-8869834e923f&uc=20180122&ap=appfocus29&i_id=maps__1.30"	bf65806f37148766604297beaecc056e_JaffaCakes118.exe

Runs ping.exe 1 TTPs 1 IoCs

Remote System Discovery

T1018

pid	Process
2668	PING.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1068	IEXPLORE.EXE

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1068	IEXPLORE.EXE
1068	IEXPLORE.EXE
2880	IEXPLORE.EXE
2880	IEXPLORE.EXE
2880	IEXPLORE.EXE
2880	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 16 IoCs

description	pid	Process	procid_target
PID 1952 wrote to memory of 1068	1952	bf65806f37148766604297beaecc056e_JaffaCakes118.exe	31
PID 1952 wrote to memory of 1068	1952	bf65806f37148766604297beaecc056e_JaffaCakes118.exe	31
PID 1952 wrote to memory of 1068	1952	bf65806f37148766604297beaecc056e_JaffaCakes118.exe	31
PID 1952 wrote to memory of 1068	1952	bf65806f37148766604297beaecc056e_JaffaCakes118.exe	31
PID 1068 wrote to memory of 2880	1068	IEXPLORE.EXE	32
PID 1068 wrote to memory of 2880	1068	IEXPLORE.EXE	32
PID 1068 wrote to memory of 2880	1068	IEXPLORE.EXE	32
PID 1068 wrote to memory of 2880	1068	IEXPLORE.EXE	32
PID 1952 wrote to memory of 2600	1952	bf65806f37148766604297beaecc056e_JaffaCakes118.exe	34
PID 1952 wrote to memory of 2600	1952	bf65806f37148766604297beaecc056e_JaffaCakes118.exe	34
PID 1952 wrote to memory of 2600	1952	bf65806f37148766604297beaecc056e_JaffaCakes118.exe	34
PID 1952 wrote to memory of 2600	1952	bf65806f37148766604297beaecc056e_JaffaCakes118.exe	34
PID 2600 wrote to memory of 2668	2600	cmd.exe	36
PID 2600 wrote to memory of 2668	2600	cmd.exe	36
PID 2600 wrote to memory of 2668	2600	cmd.exe	36
PID 2600 wrote to memory of 2668	2600	cmd.exe	36

C:\Users\Admin\AppData\Local\Temp\bf65806f37148766604297beaecc056e_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\bf65806f37148766604297beaecc056e_JaffaCakes118.exe"
1⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Modifies Internet Explorer start page
- Suspicious use of WriteProcessMemory
PID:1952
- C:\Program Files\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://search.heasymapsaccess.com/?source=Bing_v2-bb8&uid=4d0ad52a-5098-478d-a7db-8869834e923f&uc=20180122&ap=appfocus29&i_id=maps__1.30
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1068
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1068 CREDAT:275457 /prefetch:2
    3⤵
    - System Location Discovery: System Language Discovery
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:2880
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\system32\cmd.exe" /c FOR /L %V IN (1,1,10) DO del /F "C:\Users\Admin\AppData\Local\Temp\bf65806f37148766604297beaecc056e_JaffaCakes118.exe" >> NUL & PING 1.1.1.1 -n 1 -w 1000 > NUL & IF NOT EXIST "C:\Users\Admin\AppData\Local\Temp\bf65806f37148766604297beaecc056e_JaffaCakes118.exe" EXIT
  2⤵
  - Deletes itself
  - System Location Discovery: System Language Discovery
  - System Network Configuration Discovery: Internet Connection Discovery
  - Suspicious use of WriteProcessMemory
  PID:2600
- - C:\Windows\SysWOW64\PING.EXE
    PING 1.1.1.1 -n 1 -w 1000
    3⤵
    - System Location Discovery: System Language Discovery
    - System Network Configuration Discovery: Internet Connection Discovery
    - Runs ping.exe
    PID:2668

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

Remote System Discovery

T1018

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

Filesize
1KB

MD5
55540a230bdab55187a841cfe1aa1545

SHA1
363e4734f757bdeb89868efe94907774a327695e

SHA256
d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

SHA512
c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

Filesize
230B

MD5
207417e346a074f1dcda1d1d22c95773

SHA1
cf5e99565764becbc5356d644061a0f3c4ca08e6

SHA256
923faa00f7d2bb3221324118067b6d75962836da1a5096e4d0541c60df39cbf4

SHA512
c82471f7a357912a318a0cbce18860f07188d79e3eec38db053884861f7052de6b632548652fe8820cbf9db61e32a79b29bc6214aafcbd00b5de5c672ab29331

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
9016e01895b54e34ab2cac1127fcbb6a

SHA1
8d2591a47fb79c43e0d212389e8182d7f33a779e

SHA256
d68abd34c849ac089c4452af6445aeb17b2a2f75a59d8999fd7c275c098c5caa

SHA512
5585e02126a3c875b93a175024a94f99c2905cdcd333dd15d06134ae848b687745d85a89e7ab27b33b14fad49faff997973e6be40105221116342b56c4a5e9f3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
128a1151e71f20f9c61019097d2d4ba2

SHA1
1a47f4f57d3532798aeaae0f1edecdc8b176bf04

SHA256
74982fee8c6d01533094f88c1e6a4c9db8b705cd483569161d2a797b8d595d26

SHA512
17a552186821cde2a11653ca2f7fca373827ccfb81641a917834e380b87e93ef467e25be38a79464272b92ce53d50ec23349bb8e4574b5d4563d317edc19af8f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6af549546aadd51f182a12e655a06ebb

SHA1
0555d74c2c64ea9abc1f124ceb511b78c859c20d

SHA256
4194c0ce78bd8cfb4f0988ef182c062de991c1448b29f8a81d56f869cd1662df

SHA512
29686e18357cde42fe41cca1ca19044ff8d59deaed2cff1e2c4fa82fa1a3a14e4a83365ffb591b553e7fbc0f16564211f868ad07ef6dd8e4bdfcf8557a814981

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b51c5f4748a7af74f8755a96ea506baa

SHA1
34cabb8c768ffd0a1d0e79a9d4603df6c2e97f7d

SHA256
488c7fdbfeeeddc1ca784894326e0e8e4819a7bacad652913cc90c76367741b0

SHA512
1493f0637be9aefca4370d93e80fe0c6b20152668c086a02d951a0fe8f3f568900033da9bd9d63b95858866f5c0a8dd76b5dd757caf8cc44ee8696d78de88de0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6fa441956475e1595308fed69f9f7ff9

SHA1
20dc86839dfe4797892e311f9dd783f7ea381381

SHA256
4e1488de4758959b161d9289f5d53eac7a122c347a6a4779de39a6dbdbf01d9c

SHA512
21335fd916e5faddffddf6291846febf49fa34be592c782b6438587a570c4b0da0044fac4aa856e23f52bf0bcd4e378267af96675427702cbb03c4c51309c197

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
188cf2d510b81cf85401c3757488ad35

SHA1
38184b0269f7ada9faec5c65e4f3bf05f86af469

SHA256
3faadb83b4e2f1f4fed0986e4f6cfdfbd84aa669b708fcffaac5775ea17efa0f

SHA512
231bdeea282c1da71caa68751cbb6baa7ac0a07b0fa0dd71b9e7a662efbab348c36aaaf6545219ca5607e302e47db8dadff9f64196ed97878cf22110df058477

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
25d62fe716f064988d27307b0f188cdc

SHA1
b92d41385044577fabd1b21e2c4f29a65443291b

SHA256
59c4e20d62b6c4b5aab8bb79ef276b42f380994cdced58fa426488929cbf6465

SHA512
d98116576396d7379cdc6c402f595c8f55e5d8f1fc2a9722d253ccc62f0ee9a694561a3a6c960fd5fa003285fefed0310f1d953df0aa7de5c1b69789efb3beda

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
84353b8130b09f3565d5981faded4181

SHA1
797728ca220fb0f39f7e9c64ba0a51f24cf22b5f

SHA256
62c97ea7acd4334eb70a677a627969be2dc525b7129f751eef0527d287d35856

SHA512
da48f7eeac667f64eff5184f5d30302034ae27830980e7239b17e022776cf3b3e7ed32561b1923eb5f873bea34ac29369d84d7196a2fbba9581024eaa6228820

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2af038a779f55c146ec01937d5086730

SHA1
4bcb561167d8409b38f936df7bc1bb275cebd15a

SHA256
1b48e1c2dc2358b92bfa0601621a019718fffe43d571cc9edc2e6f2c7b94a34b

SHA512
ad9316c49b596edee6ebf563797d16c478e6669aa8fb4ed362bbd56d50c3341706451bf25621f0345cc5cc15c339a411697e0bfd0cd94ac13489e854df5eb6b8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
44a81bc30f08a6737dd8889a8d704f99

SHA1
172d64eaf3f396d7f139263fd4d129403ea254e9

SHA256
437bdeb3b3070034f2ac94438b1a7439bc72cd73507c8416804c2bed86d2fd45

SHA512
b33e932e3b1e30f1cf3955f8754e2d2b9f65883d176e56f4c171c25284b3557a9190375b36da2b396cf96653dd7b14b4e3b753786bfe360d3348c2fa6466b796

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a7e59f3887e964b0943e40df18755701

SHA1
bc0990a743f5c30462c8c32a0318a176ae753343

SHA256
edc6be0cd6229f70adb117c8158f852068303a9285e08ebcacb2a6bedf632220

SHA512
085adb6ceca687f017ec98ebef212ec9b4da2cb1c04a7138b836d294a5d4891a86f60a5a5bdab8f1addd22e54092aadd27e689cdcd7a02afb372cde7c846a258

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
12fd529e8864e10c64dfcc2c952af705

SHA1
789531d170f185149caa4fc3e88f46cebd71926a

SHA256
c84cec8f0788bea07998418da192db4594b72e28ec307eb32663026955c1eae4

SHA512
149e45c0faa497648cf569c4220ab49d9e213cc071b6f7a0b4fa3e6142ed41fde82b4db31461ad0a6d43f37f5ef7a3cdd1d43e2268ca3c1398065eba5c2142b6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8884bf69726baefe7bc4d03df6674710

SHA1
ad5d0fc520d223103bb34c55b3517365e0bc12d4

SHA256
ed225b51da7a149b1c10336080aff052c7d275253339d9415b5837aa7c3bd4c9

SHA512
a24163b6aee4b6142f160cad6a361fb9d14e6bc10902f60c8ba39f72e5e90141b4d8f7e030c6560e6af059a190af86604737d3f1d6d0e4f9f19d0244ab588d1e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
631cc2b22e405f7c39a78d79ed89b1ea

SHA1
b22105ca399bcc3d9ec52575b41993b45e985403

SHA256
ae06a9b7e00a8bbdc7c8084b3e319781f734aba0f716e1cc9531c079ba90265e

SHA512
48b019facb601b870ac2861ffdb2ea475c975ebf019c8fa666b08016c701ca40c9ca58e11972052d20be0c4086886095d5c5c5c1fe0ddfb3a9c2f6b4df742ce9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
43a9e18300506b4d0f4a9994e969d3d8

SHA1
1c9fc69f1c1cb6bb61303289f2b552af5c2b1305

SHA256
2d52fb76855b0e7872de67240e0eb18659824f1de3b6ce0837d222bb84302ebc

SHA512
5e3e985e17258891b1f4101a5adbb9e8960bf609aa6ea0526ec75c72454635042ab328b6213c1b208cd32ba395f2176f722cef74d055a36d7c93b0b4eae0ba40

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d9e2af4893d4e9fcf805218cc17096e2

SHA1
715084d0431325170d204a9619ffbbba8a5a47b3

SHA256
41f14e2389e9afe6ad1a479df832e5e7b3bfb18921432ee87dc3194e3843bd97

SHA512
0ac38553236af1d8719fa59b4e17b187721ba7c405820ac129c9e1e09cecf24a80dcfec8c3137a5dd04d40fa95756f10757135c39f1accc273a0a7ddc07fa90c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
245cb7012c4fa294c7b47f73b63cefcc

SHA1
362e9164fe77493d4890dd010a5e64c4b243ca1c

SHA256
66914dc442d7d6753de72074ba49d97196a19da27bf382abeffcf7b34e6bdb2d

SHA512
55808e64bb065155ac0ecf523a738e5715c936b407468f7ab86bd1821c099a118ea868cd3c9cb983213d825226d367662be4e2c04e4903496d398f839543fbce

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bb7df417cd947efa814e1ac734b92e26

SHA1
4d8e22c0e120bef11d4e906659afb970e9bb0817

SHA256
5ab1a7c48577c61ef5a1efb0b204783a55d55baf042a831143d9324eef4f3c9d

SHA512
017779f2d2d4fa509a257f21f3c67a7948fa5aa36a70f5d3e4d4bf430a79b9b1ca8703cfafd61fc59f041aac779f9c8bbb5baa8aeffffc9465846eaca1b41ef9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6b68439e542acdbeeb5d67205997fc68

SHA1
6d53af18102d8b6dbe9a34c2f20cf3597847e37a

SHA256
f1a4a74054598567b9cf45e78832f890e6257b1d297441155915ff2c9b06883c

SHA512
1e23c6b96efc20c57e015fde1ed7058949946497184228894d6b6d2032704b1021e0613b92f100a4b34acad403b33bf6df19fa940ed41abfb35da93baf514321

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
45545782a2fbffbd169dda2c9f0590ac

SHA1
466da686ba471affbf05130b991ee438a2039000

SHA256
9f88fa1a32f02ed62e89dc9bcacb5248585af25f95b7074fcc039a0eccaa3889

SHA512
7984dbd9b8b1e3ca464623c8b1d2b8f4ba3ee696a8d09f9438c5c2805ea1cdf3cffdf3c08c75f20d66044b6ba237c11287a54360896d610790f000691889637b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
2d4cf116d5388540cf783e81ec948ffc

SHA1
d1786ce1594580ffeb202f2568fd4d4a8280a945

SHA256
8f62d81ee61721efa9be73ffbc8a01e0a68a3373dbe1c27911379d760ec1cf4f

SHA512
9dcad29908f092e6b197b92d6b2f73595d111f732b505ecba20d8a6468f94d581941e572c1b280713449c2dceb62e768c401c5155180b02225577de8385612e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\85y7ywt\imagestore.dat

Filesize
110KB

MD5
be4cbc1348bf2d42118f8bb3bccb1b31

SHA1
45c224dec4c852245cc3e3790c44563fd505c70b

SHA256
49ad9ce6b50869367b2790515bc961d0c384ffc5b03ae7487271ab7821fe75a8

SHA512
a6b5a2d0ba0efb85a07ff5d686df2db2f6a2a05db59f11bb0599356ed8cbbab2359b31ba6871337043e17ff50280a1afa797133939dddbbd7e4175b716dc65a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J7FHNNOW\js[1].js

Filesize
229KB

MD5
6f2ee03be1fb2479b78180b50a7f11ae

SHA1
650f4fc5cdbd77f997cc11578b8aa8ef85ba1754

SHA256
3f643f02f5c163728f64a5ffb07da505ba34d0a2a3c7f92a3192edc871c6dd4c

SHA512
92474ec3e8aa0d4080482c5d1ab170c2bbfee326507e0f4779df8e66910e3e2a2d1dd8fb24f07528709df1de4acaccd05bccd9dfc88de5e4002de1ca0bc5ebad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OX8Z8GR5\favicon[1].ico

Filesize
109KB

MD5
504432c83a7a355782213f5aa620b13f

SHA1
faba34469d9f116310c066caf098ecf9441147f1

SHA256
df4276e18285a076a1a8060047fbb08e1066db2b9180863ec14a055a0c8e33f1

SHA512
314bb976aea202324fcb2769fdd12711501423170d4c19cd9e45a1d12ccb20e5d288bb19e2d9e8fd876916e799839d0bd51df9955d40a0ca07a2b47c2dbefa9c

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabF318.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarFCA.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads