11de5164e05ed46d249ca3afcbc96d829a8ee47aa8ee5d87c75c617682b33a0b

Analysis

max time kernel
144s
max time network
149s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
25-08-2024 01:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bfe1b4c3b2f7eb3bb3324e8357762e4d_JaffaCakes118.exe
Size

72KB
MD5

bfe1b4c3b2f7eb3bb3324e8357762e4d
SHA1

413b141b8a9c555f777b7c8fe30562d52a985f81
SHA256

11de5164e05ed46d249ca3afcbc96d829a8ee47aa8ee5d87c75c617682b33a0b
SHA512

9dab6b7b0b28a5b1c1b401995f07da90afc4eb520a0fcb8d2649a980d3f92aa1257dc0377821d5c5d54873922e264ac7b9bb4844b576e2df6d283dbfb889b56f
SSDEEP

1536:Uv2QCWVCm9oDXIxBmqIDv1GOJgiP0UOv67NlS:F8VCmODXIxBmqIDv1GHiPyvQN8

Score

7^/10

discovery persistence

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2312	taskmgr.exe

Loads dropped DLL 2 IoCs

pid	Process
3040	bfe1b4c3b2f7eb3bb3324e8357762e4d_JaffaCakes118.exe
3040	bfe1b4c3b2f7eb3bb3324e8357762e4d_JaffaCakes118.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\taskmgr = "C:\\Windows\\system\\taskmgr.exe"	taskmgr.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\N0TEPAD.EXE	taskmgr.exe
File opened for modification	C:\Windows\SysWOW64\N0TEPAD.EXE	taskmgr.exe

Drops file in Windows directory 7 IoCs

description	ioc	Process
File created	C:\Windows\system\N0TEPAD.EXE	taskmgr.exe
File opened for modification	C:\Windows\system\N0TEPAD.EXE	taskmgr.exe
File created	C:\Windows\N0TEPAD.EXE	taskmgr.exe
File opened for modification	C:\Windows\N0TEPAD.EXE	taskmgr.exe
File opened for modification	C:\Windows\system\windll.dll	taskmgr.exe
File created	C:\Windows\system\taskmgr.exe	bfe1b4c3b2f7eb3bb3324e8357762e4d_JaffaCakes118.exe
File opened for modification	C:\Windows\system\taskmgr.exe	bfe1b4c3b2f7eb3bb3324e8357762e4d_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	bfe1b4c3b2f7eb3bb3324e8357762e4d_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskmgr.exe

Modifies Internet Explorer settings 1 TTPs 43 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "63"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 0077686c90f6da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\DOMStorage\www51115.com\Total = "63"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002f8e41e3384fa749ac47329e409d990900000000020000000000106600000001000020000000c15cdde7c1ffbabf2d58d6bb3c4b6ad09dec5727d5c7e68bb48664ab8c075658000000000e800000000200002000000070372793fe4a028b04bd514a466951b69a3ee9760d67e04c18142163f6e1e070900000008614bd2afd52d1a2d13489548f825a5dd05161fbb3171751ba7e4c2ee5e07db56068f2a86d63facebf74bae8d6373df5857648c04cba4b40c54af5d4a6b5d2744f7f19e9787c9c4379e44eaec342ac51acd5b290b4881bf892d61c6c4151d69f1702f7815002311f180b96c6520d8ff420a9dc9cde6029bc5125bdfcac381484b44b30009d76b2abfcd8ca56b02f9f4140000000c169917149d45cf56af427b08cd990b6e8dc986619725400a543de0ddbc6aa619df07fe153599e5c824e2459a318ee99ddcf732b890b590dd9aea6c7d3ab9256	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\DOMStorage	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "430712143"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\DOMStorage\www51115.com	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\DOMStorage\www51115.com\NumberOfSubdomains = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\DOMStorage\www51115.com\ = "63"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{952488A1-6283-11EF-BB94-CE397B957442} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002f8e41e3384fa749ac47329e409d9909000000000200000000001066000000010000200000008e9676addb3aa26721139503c6f23e8084257cd4ff852520cb12f72e5a2bcc0e000000000e8000000002000020000000f5a2548bc35eadd796a0403fdab7157aed6d2451db9bf090a7977c4519ec592620000000f39643b3aa9a83c0d25f6d4e4e43f76f3daedd30f85d1462ac500ed15746495d4000000037dc1383a402301655c5b4c5e83b76a070832832597db14b9447b8618727f338dda83533f29981c7780e2f4a5e690da8c2780aa1f63bdd05cff6c299d8f885fd	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe

Modifies Internet Explorer start page 1 TTPs 1 IoCs

stealer

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\Start Page = "about:blank"	taskmgr.exe

Modifies registry class 1 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\txtfile\shell\open\command\ = "N0TEPAD.EXE %1"	taskmgr.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2668	iexplore.exe

Suspicious use of SetWindowsHookEx 8 IoCs

pid	Process
3040	bfe1b4c3b2f7eb3bb3324e8357762e4d_JaffaCakes118.exe
2668	iexplore.exe
2668	iexplore.exe
2312	taskmgr.exe
2744	IEXPLORE.EXE
2744	IEXPLORE.EXE
2744	IEXPLORE.EXE
2744	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 3040 wrote to memory of 2668	3040	bfe1b4c3b2f7eb3bb3324e8357762e4d_JaffaCakes118.exe	30
PID 3040 wrote to memory of 2668	3040	bfe1b4c3b2f7eb3bb3324e8357762e4d_JaffaCakes118.exe	30
PID 3040 wrote to memory of 2668	3040	bfe1b4c3b2f7eb3bb3324e8357762e4d_JaffaCakes118.exe	30
PID 3040 wrote to memory of 2668	3040	bfe1b4c3b2f7eb3bb3324e8357762e4d_JaffaCakes118.exe	30
PID 2668 wrote to memory of 2744	2668	iexplore.exe	31
PID 2668 wrote to memory of 2744	2668	iexplore.exe	31
PID 2668 wrote to memory of 2744	2668	iexplore.exe	31
PID 2668 wrote to memory of 2744	2668	iexplore.exe	31
PID 3040 wrote to memory of 2312	3040	bfe1b4c3b2f7eb3bb3324e8357762e4d_JaffaCakes118.exe	32
PID 3040 wrote to memory of 2312	3040	bfe1b4c3b2f7eb3bb3324e8357762e4d_JaffaCakes118.exe	32
PID 3040 wrote to memory of 2312	3040	bfe1b4c3b2f7eb3bb3324e8357762e4d_JaffaCakes118.exe	32
PID 3040 wrote to memory of 2312	3040	bfe1b4c3b2f7eb3bb3324e8357762e4d_JaffaCakes118.exe	32

C:\Users\Admin\AppData\Local\Temp\bfe1b4c3b2f7eb3bb3324e8357762e4d_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\bfe1b4c3b2f7eb3bb3324e8357762e4d_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3040
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe" http://www.35.ah.to/
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2668
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2668 CREDAT:275457 /prefetch:2
    3⤵
    - System Location Discovery: System Language Discovery
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:2744
- C:\Windows\system\taskmgr.exe
  "C:\Windows\system\taskmgr.exe"
  2⤵
  - Executes dropped EXE
  - Adds Run key to start application
  - Drops file in System32 directory
  - Drops file in Windows directory
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer start page
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:2312

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
ff17d86590360d0398b4843cb04f0dc4

SHA1
969928b042d1897c52f26ffb0ef7b5b595fd1b7d

SHA256
6e69a6856062efe9baa63338dac6086241d8438516a79c3487ed583daa1b31c2

SHA512
265d3b55d12cefe1f771740f559d89b1126ec1b3f78a28479fe685a27c8574d86b51380b6ec74def664a42c64d59acc2a35839574e53ac1298453574d33d3d18

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
216da021cdb3951a968c73196ac507d1

SHA1
c17fa16df6b24f2a9ece86af164dd4727bd441c0

SHA256
91d4f82f7c1530ae781caa8ef61b994d6957db608d7235eb568f09f4f0520d9a

SHA512
7b7df239b75c3a071e6d8ab89eed5d58c2098efee453a3765d8ffc97b90966cd6fbb4835f97fab0289ca29d603af41efbd38b898ce78ac6aee46bf01e2ee57ad

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1fe39a3e60ff3aea25e34deac02544cb

SHA1
d979e57499b83b9a3407d9900869da3ed562f300

SHA256
402b2fd55d45cc26b1c0b9cc892ecf8a6551e0444160d3bc3413b9d6852f7e4f

SHA512
b7599c4b357ab2ef5ffa6d827de967f982eace5220da972c917d970cd72b5d0793e31f688e6d1d0642f321420ddef1f9d15f1f7ee7c5591660f7eed89a6060fe

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5d2794f13e37a6d4dbc30a7207063314

SHA1
1dd62c570935824efed701f6323afd47bb573169

SHA256
ab9141e24c80f9a243fe58ed6b4c671fa9d024107010752a92929323e294c4d6

SHA512
6b2127142b8420810e2bacf36719b61983b87dde8eaf0f4c23b4eba261a86ac3526a802b4c7da444b6425847558e20c3d9abb8755f25a1f78231957493dacb55

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
39b5b7fae8a18f46c849ad9c05993ce3

SHA1
1f58bac4f2ac377caf510d4a6356ac402ef8a816

SHA256
d2ffe6cd3514d4165d5cb89a24e32c70c0010472353fa5a99894d73a3a5cc189

SHA512
5100acff2b5f7596837c5bc197703831328b81b839e5e1d2ac7925035d04ca8af5f3120d7434679e505f3037d5991e7d4898925cb96fc2074faffe3049e17f1a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c6b607f03344c8cddc16a8510344d8ec

SHA1
f8dcaa36a04878324b684d059b25ab89f0720417

SHA256
39956a74a9cc54f20599680c001f5b20dcde66810184f9c27a81f55e8de27313

SHA512
3b5eeb280f363380657ea8635a660eebef02d2ee4f070d4c44b4780c6411b45159baf63d5127f0d2080aa0529837c9cc4dc1a03755b11f8005697f6d8bc0a81d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5ddbacaabcfa2269bdc05ef787287ff9

SHA1
d4185a1ee45872126ee56ef932da911fdd808d42

SHA256
28441dea3c0901dcee8b15905edec6d67938cbb7fda632590428e0fe7b91e5c2

SHA512
9b82bf835e0bc2462f54cbb55d384e5e3a1f12a2dcb251d8c97907761617399572c1ca85d3691735c6e36b9c41df407daff7549185524a2b0535faa7d11c261f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
70458506c25d15a0a2cffff45584de9a

SHA1
957ed9b6025a320c3aaf29d650f795c94bd4dc59

SHA256
08d59da5c338b818d61c9a77490fe1c5da4925986aa3398fd76314a23ed7fde9

SHA512
413294cd3b05e527b377c71835b5f244aebe00dc472c46f665008085d5f9da2ef871541c7aa09a1bbc55fc78005337af518a211486a8b134627116eb904bfbaa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f230d6dcdce45844f126a748ec35cf61

SHA1
6cbbda7bcf42ef478b4f013ee3e1946842151010

SHA256
192fbbc709dbc1d85571e0a9b6496e355b8f05c700d5353b08e79438dd469b3b

SHA512
b7df672e76a5a9da9bc01fcf75c614ecb12fb9c60e05eb3f0c2fe46fcbbac5ec9157d3d5f63e31f1aa25de59929dbdeb2c084245396edd5d126eb946ee05f2b9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
20e0f1aa8935844b26b230cc7b64c153

SHA1
55ad03e09ccaaf6bf2c2267317000ab43475b5e4

SHA256
cca71d3709e3760a5567e365b19e32fda09c02a6d6f4f1f7175c7a8e79275971

SHA512
65e6a0133c2c98268171c9f5291863b38b09bf81742d82d4297baad3c62814145ec2da61876e292d2dd19cc784f9b0c70c2d9a5f72666b9c0b06294f5b3c1724

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
388ddfc2a190a8f7e0deb4ab866d99eb

SHA1
589e39719503b0316d889d8984d1d7bcde758ffd

SHA256
139168a73905ba51a672b8245b503f0adecb5a4a4e665eda136439813e56d867

SHA512
48ef88c868599842b2513f0cb0447be730844e871cc3cb731be059764b38c1779192991d00944894e75580b0ead42dd06917ea9b4a2efbd1d343c94e3ed1e04c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fecc5cbf0a4d2111355b8b7eab87ed2a

SHA1
c5474521a3e727d6b1da0d196522c58ed151473e

SHA256
ff8d3dd297b1de344815c485c53b0a80ee08f64e5840ceb3d348eca9c14b5fa5

SHA512
145989d93f771240e52adf014df4d23c71942083e887855b92079aeb1ea8c119a93ee75f0135568b4c3b58c6235a1a63d37a7fae0f24737c06ce77355da03a6d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8835cd7e933f86649145ccf31e4f155e

SHA1
1da4cdcd7dfa1786deb48c7c7da7a9d238d984c0

SHA256
d6fdeeb3d9cda92550ad11398fede6d58c890b89aabb8116097f6fa9fa6b4406

SHA512
0f9e0a6d302ce91cca3afcc62915be80ff1169667ee64f322ba4262911d86548668443b5b59b2a20745308529d5cc6a3d6d9c08bca528fd7f7df4ef04deeaa3a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fa8161923525386275d05f3cefdaeb2a

SHA1
e6e81a55b2b1a56e58f61d72c1ecb0408146cb15

SHA256
0c2c9f6457f5947584b123fc6de68ceb36e0add205e5706e1e8ce4d513c9d6d7

SHA512
1bb6487eb1af1a505f7528070dcf6ca9a74863bbcc9daa8e6addc53bdb85b87ae7004fe7ca920def26d2f32ef561f4e6886e48e59b36771f99f9e6c33b187958

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d856346f68178b83a63e349718eeea2a

SHA1
07d5a1944680a650c1dc248c9d3e86eb0f6b9d34

SHA256
40dbfa71f7ad74d2993cb85a81b1b749c842bf5cd74c301f0e3b33d44ebb99fa

SHA512
9e16acb1507018531b44d437bc39c46861c3d548f5302c662bf9d8d314b5d13fc4ce84803f7c51ee7cf4c49607afb06c89bb7acabfc794f1e187c3bc198cff2d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
79ab00ffd9ac0ba3b547f6dd43539983

SHA1
ff48a6419cb0fbc56e418b8b85407a4b7ac3c847

SHA256
33d922c0bd27451887ef5af50d6b74d77adf932b65fd665a42823cdcdf49fb06

SHA512
18a41c600bfa3812a80a2e76245e272472023c4bff150eedd1260883b20e28701b20743dc95df348597b9cc216a347b146714da17a80049667ac200f2bffafc3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
13065691bcbcd512f862dbf55d157f52

SHA1
3933be1a87d237c38d96dfd38072f385737e4148

SHA256
3a89ecff52631f06c19040e2a1ddbdc9ce1834118896a13922e61bdf45bc8279

SHA512
1c2063009cf9242d6a56b07ede0071758441a60eb84f22d8ee94b7058a88894b34d2034d5c1371d341276b650e0adc7877fa38962d050cd01147037031cfe2b7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
905c13048fc2a4a375c315aec41dc856

SHA1
cd7cfb0caf6d7aa53da5a97df12f3d5942cfa005

SHA256
e97b092370e898efa74c1394634410a9fe4bf97d52b2b906d0017723c78df1eb

SHA512
65e7ed537f132d9fa86d587b64c95e517ff6d125cdf5906d5dba705874635f6e78e3dbb77e1953276469f8902667eab3ef48908efe0dc822b6b558725c78d220

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ad0e35fde5f0d42d1d3803b81890f8ee

SHA1
0ce0f32401db0b6848c561784b70df82a9bf97ab

SHA256
66d8324723e704ead778c3f02bc939dca26dd5572bbdb50716be81302f8dbca6

SHA512
ef0e76be8f56d86ef776d2ec5aadd91ef48ddc0e23a5773b10c67d5a1882ad4bf28f0a3a73a2248415f291be2b42b1169b16bf4b6cac62e2016ca6fb4f5a5a5b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9f5d0fc87607dcc83d6aec6d1fd3ad9a

SHA1
1554193764dff9d2beb6a502e50483d9dad4291c

SHA256
89585b91c78098333efeaf6f4e6676ec1910699be3917197950900c1078bd2b8

SHA512
95bcd7a27645795b0ab4590fa4de3268658b21e021cac9a421fd38cc5d5b63d7fa277459534570d0a663b96682b0e8eaed99523ce3643126e883c7ff28cd1125

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3f48df7d01684eb230d29c7f94440015

SHA1
b718ab2275a80796bd0277be1a50f569a931fd78

SHA256
856e53589619236a78a7280fc188fd5e70f0a9df5a57ea6edfb4a043f36ae13a

SHA512
90c4014acef36605e2b01bbbb1af81f325f93558f7ea002a542f5882072650b135af7b8e27b13ab538afb2ce5a719132c504e018dbb23b1a6d5847f2b336ceb3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
61dc19634dfb1673b568bbb2fd423762

SHA1
7a03196d081ed667a4c8ef1162318e21a324eeae

SHA256
1d2f9ae31955b2a8510428256cc2cb12736f8965edfcc0befd71f562a293275e

SHA512
187b795471b47f073cf2c16c88e585816fd2fb1359c173530c1abfdeab66ba13609e60d0ef0f185fc97beedeaea3e3b8a229b1ba6732c5083b76b203a24d44e4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2de8b9f8a8c3018e6c24bc5f20769e21

SHA1
b55b75feb22b3dfcedb241081bb5cbb3775e073f

SHA256
888702989c4c3d61b537c428b02b51f5c3f1ae2d83de54ee6ddb352fcad962ac

SHA512
5ee22c14fa9eba42a4f74db27f4e0d919669614cf72e9b80ab088ca8d3c8d1e36bfa53f4d98728de521f740de8037093196d01aae63817b9e8789bbd5bcae5b5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
d012ae7cc51e5c68fd942abd79bc3b18

SHA1
e11cfd96e47686913954392fbc64584106c9e7ac

SHA256
0adb1b89cf735b55ee1dfa0556ab4f7442afb8a595a333cdb99495a8d23134b1

SHA512
6a4c97886bdd455a08288e4cf860d0986b35a1cdb70de725dd0779efc07a242450ea12fa77d72b43acf1778851e3c03874b744b0d61db7812d93e137f08f6c00

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\p6d9oj1\imagestore.dat

Filesize
2KB

MD5
124a5c0ff031c429019b2fc4d68b01a5

SHA1
37991f9211e34832babb054185f62f08b7024fb0

SHA256
c44354ff962b89997c0dcf8b1459fcf95c14e4925093d519c8171b6d67c499d7

SHA512
2a5d1716f3ab62e6ab5985db593742d05dfb956fb8be3bab58733478c2b737ad5969a33586b36993e2bd0630456862566ab7bfd8e55572c70c054abe55a48046

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WK27LCMU\favicon[1].ico

Filesize
2KB

MD5
f2b560a9c898b429f6c5a9c3184972fa

SHA1
0e95de4f680c7fa0756080e6557a7fc2f6ab35c5

SHA256
3416f55ce995ca1dcf0ec8c5635645d2b96f6f23b8ef8e976f9e3373f37f9d1d

SHA512
04a2ee7309bb66c92c47d5d94e49fdc694316b960fb00e2599dfc936a097b3c038983baf2d402aa5d5d47138ae2b25a7918a04f521d5afaf112045adfddb9bda

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab6CBA.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar6D2B.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Windows\system\taskmgr.exe

Filesize
72KB

MD5
bfe1b4c3b2f7eb3bb3324e8357762e4d

SHA1
413b141b8a9c555f777b7c8fe30562d52a985f81

SHA256
11de5164e05ed46d249ca3afcbc96d829a8ee47aa8ee5d87c75c617682b33a0b

SHA512
9dab6b7b0b28a5b1c1b401995f07da90afc4eb520a0fcb8d2649a980d3f92aa1257dc0377821d5c5d54873922e264ac7b9bb4844b576e2df6d283dbfb889b56f

Download Submit
memory/2312-15-0x0000000000400000-0x0000000000412000-memory.dmp

Filesize
72KB

Download
memory/2312-45-0x0000000000400000-0x0000000000412000-memory.dmp

Filesize
72KB

Download
memory/2312-31-0x0000000000260000-0x0000000000262000-memory.dmp

Filesize
8KB

Download
memory/3040-0-0x0000000000400000-0x0000000000412000-memory.dmp

Filesize
72KB

Download
memory/3040-14-0x0000000004920000-0x0000000004932000-memory.dmp

Filesize
72KB

Download
memory/3040-16-0x0000000000400000-0x0000000000412000-memory.dmp

Filesize
72KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads