a2d2d79fafacb2c92d8fd323797e28afccea45d0cde3dec3c6087f4c6890f318

Analysis

max time kernel
139s
max time network
150s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
25/08/2024, 01:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bfe2c439395ba0ec1f924e7a5aeb85b5_JaffaCakes118.exe
Size

1.1MB
MD5

bfe2c439395ba0ec1f924e7a5aeb85b5
SHA1

614a2d2502b8bdfe53652888d63801f736f1c439
SHA256

a2d2d79fafacb2c92d8fd323797e28afccea45d0cde3dec3c6087f4c6890f318
SHA512

febc4debeb99b0bc26a1f9237a13f50ce974ab20ef718741996e8093f668e01eb85a2aa03108d31e702b1be7c50d8e230c46abe7e265ae547b06a1e4e142a485
SSDEEP

12288:nsM+aTA3c+FK1vrlVYBVignBtZnfVq4cz1i5pP9kPQSl:sV4W8hqBYgnBLfVqx1Wjk/l

Score

7^/10

discovery

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
960	cmd.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	PING.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	bfe2c439395ba0ec1f924e7a5aeb85b5_JaffaCakes118.exe

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 2 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
960	cmd.exe
1540	PING.EXE

Modifies Internet Explorer settings 1 TTPs 39 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bb7c5835718279428690b074aa627b70000000000200000000001066000000010000200000001d70592c0344fccc92df9e6ecc34b855bf073d0b2ca552b84a6d61828cf5a38d000000000e8000000002000020000000cbb92e5bb8daec243ab0dbc025d1c76b85d62b7dc0d6dc8fe102f090a554546820000000c77fbb594386b013599ab81bc57f4ad90650cef915aaaa518bd166f687be28f140000000510eee1164c7e998e2ee7ba26f3c41d6e673db0e9ed49673fdeda9ccff6185658ad4d38c7148d933ee0a6a7fc3b9ed0f380aa3907e6f8fc9a39fc4529981ce24	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Zoom	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{36997DC1-6285-11EF-A533-F296DB73ED53} = "0"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\SearchScopes	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\	bfe2c439395ba0ec1f924e7a5aeb85b5_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\IntelliForms	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\PageSetup	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bb7c5835718279428690b074aa627b70000000000200000000001066000000010000200000000e001c743c407eae19c3346ef40529bda61f574520b3c0b957a942442bc6cc74000000000e8000000002000020000000ce52793957b3eccae72d9c6199a2400f67d5e1246cd48788be2ba7ba8093ce9190000000ff00c38e6f9654705d86ebecc690f26a4bdd206a065e6363b9661923c4f0b90111d94bd156764c5ffab4e22ed8a691d90e3d809ded9c96cdba8ce453cd96afde90067a8d0f4f5ec2eba2162f35b659482ae41628c686370cb87dab787a50ab64c4ce8ab4894400f14696431d81f44e28f32e408083cbefa8a96a95c1ccb237050c76640dbe0fc0fcf22a5fe3cea282c340000000210509fe3a8779f618ef0ee22a42748cf8770bc2c74c73765ad9a95577ecb7075d69021940563c3d823b05b44a0e886f8d1cebf21c4840e72f974ab5ebe40b64	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\SearchScopes\{64F8E4F8-8681-40A4-A664-1EC02F5B57D8}\SuggestionsURL = "https://ie.search.yahoo.com/os?appid=ie8&command={searchTerms}"	bfe2c439395ba0ec1f924e7a5aeb85b5_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "430712846"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\SearchScopes\{64F8E4F8-8681-40A4-A664-1EC02F5B57D8}	bfe2c439395ba0ec1f924e7a5aeb85b5_JaffaCakes118.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\SearchScopes\{64F8E4F8-8681-40A4-A664-1EC02F5B57D8}\URL = "http://search.searchfff.com/s?source=Bing-bb8&uid=7bb2c9ee-9dc7-4e5d-86ae-4725b67df7d4&uc=20180115&ap=appfocus29&i_id=forms__1.30&query={searchTerms}"	bfe2c439395ba0ec1f924e7a5aeb85b5_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\InternetRegistry	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\LowRegistry	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\SearchScopes\{64F8E4F8-8681-40A4-A664-1EC02F5B57D8}\DisplayName = "Search"	bfe2c439395ba0ec1f924e7a5aeb85b5_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 701d6a0c92f6da01	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Toolbar	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE

Modifies Internet Explorer start page 1 TTPs 1 IoCs

stealer

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\Start Page = "http://search.searchfff.com/?source=Bing-bb8&uid=7bb2c9ee-9dc7-4e5d-86ae-4725b67df7d4&uc=20180115&ap=appfocus29&i_id=forms__1.30"	bfe2c439395ba0ec1f924e7a5aeb85b5_JaffaCakes118.exe

Runs ping.exe 1 TTPs 1 IoCs

Remote System Discovery

T1018

pid	Process
1540	PING.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2540	IEXPLORE.EXE

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2540	IEXPLORE.EXE
2540	IEXPLORE.EXE
1688	IEXPLORE.EXE
1688	IEXPLORE.EXE
1688	IEXPLORE.EXE
1688	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 16 IoCs

description	pid	Process	procid_target
PID 2692 wrote to memory of 2540	2692	bfe2c439395ba0ec1f924e7a5aeb85b5_JaffaCakes118.exe	30
PID 2692 wrote to memory of 2540	2692	bfe2c439395ba0ec1f924e7a5aeb85b5_JaffaCakes118.exe	30
PID 2692 wrote to memory of 2540	2692	bfe2c439395ba0ec1f924e7a5aeb85b5_JaffaCakes118.exe	30
PID 2692 wrote to memory of 2540	2692	bfe2c439395ba0ec1f924e7a5aeb85b5_JaffaCakes118.exe	30
PID 2540 wrote to memory of 1688	2540	IEXPLORE.EXE	31
PID 2540 wrote to memory of 1688	2540	IEXPLORE.EXE	31
PID 2540 wrote to memory of 1688	2540	IEXPLORE.EXE	31
PID 2540 wrote to memory of 1688	2540	IEXPLORE.EXE	31
PID 2692 wrote to memory of 960	2692	bfe2c439395ba0ec1f924e7a5aeb85b5_JaffaCakes118.exe	33
PID 2692 wrote to memory of 960	2692	bfe2c439395ba0ec1f924e7a5aeb85b5_JaffaCakes118.exe	33
PID 2692 wrote to memory of 960	2692	bfe2c439395ba0ec1f924e7a5aeb85b5_JaffaCakes118.exe	33
PID 2692 wrote to memory of 960	2692	bfe2c439395ba0ec1f924e7a5aeb85b5_JaffaCakes118.exe	33
PID 960 wrote to memory of 1540	960	cmd.exe	35
PID 960 wrote to memory of 1540	960	cmd.exe	35
PID 960 wrote to memory of 1540	960	cmd.exe	35
PID 960 wrote to memory of 1540	960	cmd.exe	35

C:\Users\Admin\AppData\Local\Temp\bfe2c439395ba0ec1f924e7a5aeb85b5_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\bfe2c439395ba0ec1f924e7a5aeb85b5_JaffaCakes118.exe"
1⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Modifies Internet Explorer start page
- Suspicious use of WriteProcessMemory
PID:2692
- C:\Program Files\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://search.searchfff.com/?source=Bing-bb8&uid=7bb2c9ee-9dc7-4e5d-86ae-4725b67df7d4&uc=20180115&ap=appfocus29&i_id=forms__1.30
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2540
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2540 CREDAT:275457 /prefetch:2
    3⤵
    - System Location Discovery: System Language Discovery
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:1688
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\system32\cmd.exe" /c FOR /L %V IN (1,1,10) DO del /F "C:\Users\Admin\AppData\Local\Temp\bfe2c439395ba0ec1f924e7a5aeb85b5_JaffaCakes118.exe" >> NUL & PING 1.1.1.1 -n 1 -w 1000 > NUL & IF NOT EXIST "C:\Users\Admin\AppData\Local\Temp\bfe2c439395ba0ec1f924e7a5aeb85b5_JaffaCakes118.exe" EXIT
  2⤵
  - Deletes itself
  - System Location Discovery: System Language Discovery
  - System Network Configuration Discovery: Internet Connection Discovery
  - Suspicious use of WriteProcessMemory
  PID:960
- - C:\Windows\SysWOW64\PING.EXE
    PING 1.1.1.1 -n 1 -w 1000
    3⤵
    - System Location Discovery: System Language Discovery
    - System Network Configuration Discovery: Internet Connection Discovery
    - Runs ping.exe
    PID:1540

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

Remote System Discovery

T1018

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6e854e5e7041efd0574540a1586039ec

SHA1
c7d1a05515f2d7cf4a4524afc268beb564227887

SHA256
a215dd5d696c4cebf5c58d49037a9971ec27fc86feb380f4ed7c0074bbdbd1a6

SHA512
bf3e87ce8e78bd006940668f4469faec42c35cdc821864821a51d5cdf00c6cccce0a395c3f739b1182f685d49e2af62b24c1a754737847c0d99ed3bd078dbdb0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3d8b802a45b121db076552afb9f51377

SHA1
c8baf46e039fa0be0e36beb1456cd63026874cf6

SHA256
3a0617abb75e903649fb0384fee88f1c475104d14eed451ef7e46fa21008f9a3

SHA512
a3ee880057c79d055f018e99fac3c0f9062262efcb7aea09ed10790f2ba233a0ed6604c25294e1cf8fb3f4529193f309518d0d64eaf5f6ae4ee560b50c5217af

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9ca048986c93421f2c255e1809ba5a90

SHA1
facf41c61adcf90df11f76416a3629529fd5a58e

SHA256
dd83cfeb6460359f815b0de3e16c403fcb52e5d9c2bc6aaf078570c9f35295d5

SHA512
c9ba94a3b4afa60d08bc122929e43062cd8977528cf2fbb717adcbc814ab7d1b7120e0e0784f165057347ba63c9f8ad6303b239d2069c82ff491d74b8c7c6094

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c9ba052564407ea3a8b5859a10ffcbd3

SHA1
88498bc235414fa3f67459ca142ba388556e6d7d

SHA256
660ea3ba4b0d299f94ef2da50e99c74ac111689b62d19d922f8f4e8977fbef67

SHA512
3416fab455833e6bb9dfb01451f0b233c2b7c547fdf10d0737b57b52114f99b92cec7aa98212b54f117456ced4026a4f7d50f1ed4aa709834cc7ce7d54108ad6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
310a549292ad29e1e7119d80d82e1e82

SHA1
e4bd29c2954811a1fef915cb4028c03091be651f

SHA256
4670355e337b94f8601fccf333c42caaa610e3428c78c9ed6a6edd52b0acbc48

SHA512
673b1c1668f60583b3453f5216e937a76c5eed57d2af4a33310103597211591f5ee4b8e9663800e6fc3b8c8549dde624384e6809198b33db1200a77854eede18

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8ffa9c28902b290a4d0220ac55370eb9

SHA1
55d5e699be0c495486a0a60640884e507372bfbc

SHA256
799d8a964235fdde98ff07ece11e0486a688e33503d6084d5648d53fed7d1e1e

SHA512
3f3cc14f959739a46400c535d90a1ab9750162147d4c9db0f26963b9dbcb74ae4cae8528b2777444e9896d2a9bd2b750c452f3cba898274cd3e72c3fee8539ce

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b89944bf49fbad6f503e2424d6109f57

SHA1
78fbbd45b16457c9c3500a06c854bb6acd3f3c48

SHA256
5270aa0cf9e8881fa6c34cfdeab0944d94c009c181c5139888421777e6ae71a9

SHA512
8172424f26dbc51608d9e168ae9d899c833fe4d604ba004a624ab9fa7fc304c0a5688382b96a967357e81d47528c261a771caa8440aedf8760710138d7308c00

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f12918acffec4e7c3aa65bd382dfc65f

SHA1
d9c5420044deaf6c4d68b0805bab13a3918dfa65

SHA256
d68169adc3b0c828ece1173d920a5dca98cd466245f8f802181101218d068b5d

SHA512
e6d71cd6ef65cc75387bea875643c0a28be1e9d5a25651e17d38e1a3831201cf95a24bf657e8b2df0c7e885756416c96bd23a076c1b1593f7bd8110d01364f31

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2c969c2189f123f310f0083cf29e98c5

SHA1
d7800f351a775db563cfc5ae1441d32146b93be9

SHA256
3d965de479449cbf3b558ff0282e11a769c786a754df0e4d9cc2a2e51b61c0b4

SHA512
643c0ec000fb6e227cb9a054154c694a8f7134ffad377ce2a7bd6fd8942f1015c6090746e126e049e3c9be37fee0e2173a9864d2a91a1d039fab0c93587dedea

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f54bcb1d9049bca2334e556a94870454

SHA1
be65882f8332a1d31388056830ca1cdfd93def31

SHA256
632e764d0bb8c00af7cc94604d7f46ae13eaf3694d3300a166f1cb1468ec273b

SHA512
7a7ca668eee8f3f39870cc185e7ca0c6237564e8ab9d9909dd8f24160d19ada0971bc95be2a3f9b8dcda39e02477c14bcaf0df23a5de1403b87dea4745850d85

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a2a739adf45da755098bd04fc718a3f2

SHA1
688a0c34d3d5e4694a22afc886a858a9a2429d98

SHA256
18f6219167d76af86ebe50010c151c5508a342e60d6ef626d4c98753cb1f0bd7

SHA512
c34dd3b005527b6e290e1e67e59ac1033da72d3444e287d6c50128613c08d98ba5313751e58469ab3afe4baab78f8ae01f00eb06217fed76801824c3ad2ae0a9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b127fb0ebb81f448602dc7b5004ebed0

SHA1
4b951a4a4e244bea2821fa0474e3669bd85962a5

SHA256
e7247dcb54cde124bb0ac7b8e2300f952ac4d7a9b422d3bb38405b065b11d11f

SHA512
1cca11a0f65a0ceb5835a867008e500676954f60461a778d4a3752e405ef3c1b4ee27943bc8a86ce60a98b9ce4edcabb1fe85f8c25041f7005d35e91ec2bf211

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
eca213d9ae8decb9127db8542e423013

SHA1
60963fc7ae30510e5c4055d29038f2a0d03110d1

SHA256
eba0bcb8e0302c7adb584d80b05380b13630d202e125e449801380d6daeefaf6

SHA512
61514a42e291fecd7665b6e27017254771d52dd04034f2eea5486ffc7a22387c03a4a39b1340e97b2a1cab0fb9db1ad0c7e0ce96039391561f8ab08f143b34b6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
196a034495d6a0d53dd6d79c17df3fc7

SHA1
e890249746630a79c56e733af9d1e31be6a5fb6f

SHA256
ba1e60916c122cd46d250818f38e2c88e60fb4ab919b17ce4496c335cae851c9

SHA512
0d6064f458ed2233532cb8dd09e45e66cf07af1e7a22ab5228c0ae5679442fc6a9844c95f75b362a995b379efa94fe25f52308cb1aea1948ecfdc7d94a6be4dd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8998df1f044065e0b9fc32cd0705baa0

SHA1
bf4799f2f912d63154cea1bbc49c930889f5f645

SHA256
6c29d60c3f7f1e97745f8ca22cea198a91f6b702265ddb42c59cd5669a9593f6

SHA512
486a6c60f1a3a2f3c2dcf288b97a97d1c025177844b193190433fc325e110660261b2aeedb191f0ee1a293d3a73a0edd17b5a3b53eebe35949a01b24a83b43e9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
051b8721458abc3b197e2a6196d491f9

SHA1
313f7af9c1b748d21310410bacff2e42ecce8af1

SHA256
5a431c1fbd66b18c3e507ddef6744498715e330ea78abea9ddb00843df6697a2

SHA512
5b6cf0aaf46b58ffc43370b90f5abf193440a6aaab7e44267abe4a55bf7ead01ec5de3174c5d814c5ceef2fcd2ae629405fd6918ba218639c8ce7f4794ef16e7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4e7ae6af1ce0c9e94915d4b9f88f7d89

SHA1
396cfe00e8bec84d3c5559f2d7cb3e080481af50

SHA256
4cd16a8389ba6d0c7e566b7060b4dc24722d0df927e3475c0e2386deed0f6ab5

SHA512
be7ed6157c667def26078373a15485d8ee1c01b45f3dace2e5d55de03bb081508e6aaa78094c7d364f8ee433dfd18c48a2d791322ff1606bba7b15d135879b83

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7441ac12e5499fcfa435a5264d8a559e

SHA1
f81efc3e74b36a3fbe9f03598d0b9f09a88947ea

SHA256
4017ee75c1c34f014924bf08bff89f452ad91d4cab0cb4849eae000330f7b488

SHA512
0c0cf6129592df802a881a807d032091cc8ec7f5713f3c7b811f8ab39a02ab55a2f0e2239bc40ff4f0d5461d7a35e9dd9811fa8a40376125b9a581f163a0d669

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1f3fe6eda6d536e4ca9b0f52d737e2ee

SHA1
31323a8755e7ffd840c6331c9536465c7bfaa741

SHA256
0caa941abad4569ce660f7fbd22fbda327a890e1d5596e8775552afc0a552f2f

SHA512
3dba1c87e0b5fef67616083b62cedb6de700a4b645e4a5ddebde13ee22918a75b011f397f8fdce8835bcb45474219324b7256b054f1b22244be37ff61b409e28

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9308ddf6e82244413c84140d50d54002

SHA1
2eca7e2483f2c267a3aca9269a38443a39a502ce

SHA256
3ebaf7b1e86536fea3b924d201e488f62050b28655c11e5d10a6c4f698fe1373

SHA512
51b8b5d8a3c2c33be84ef24fe47340661804576940fd6355b08fd90b28918230f7ef85807b99b502f520bbf755ed2e0a95cdc8587dd29ef8f267179ff7a3baaa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab4D86.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar4E44.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads