034fee532bdf148678f0f9a28873290007a56105adda6a9025a27bfb14e34acb

Analysis

max time kernel
140s
max time network
134s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
25/08/2024, 06:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c01aaaef09d91bd8b6323c389bd405a8_JaffaCakes118.exe
Size

146KB
MD5

c01aaaef09d91bd8b6323c389bd405a8
SHA1

7422573eea2ab15f3d7e3926e539c91d9b03f723
SHA256

034fee532bdf148678f0f9a28873290007a56105adda6a9025a27bfb14e34acb
SHA512

0f52af35775a78eabcc16c58a0abeb21984807660c53e2755acb808914877f8a287fddccfa3b14b0cbe03f21742fbcdfcda4ee36e070b40e4dc5b76c92bd27fe
SSDEEP

3072:1THd970tATVnTGAsyA2l/4ZdjX8PTH/A5O6c2F7qRZwDappjR718Xd3:Bv70eSBu/sRXkh0FkZwc

Score

8^/10

discovery evasion persistence

Malware Config

Signatures

Disables RegEdit via registry modification 1 IoCs

evasion

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1"	c01aaaef09d91bd8b6323c389bd405a8_JaffaCakes118.exe

Disables Task Manager via registry modification
evasion

Executes dropped EXE 1 IoCs

pid	Process
2808	explorer.exe

Loads dropped DLL 2 IoCs

pid	Process
2292	c01aaaef09d91bd8b6323c389bd405a8_JaffaCakes118.exe
2292	c01aaaef09d91bd8b6323c389bd405a8_JaffaCakes118.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\system.exe = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\system.exe\""	c01aaaef09d91bd8b6323c389bd405a8_JaffaCakes118.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2292 set thread context of 2808	2292	c01aaaef09d91bd8b6323c389bd405a8_JaffaCakes118.exe	30

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c01aaaef09d91bd8b6323c389bd405a8_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 00284646b4f6da01	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003e1c4d4a7885794291b78de8e6dfadfd00000000020000000000106600000001000020000000cfb3e48afc97700fead280a9add0541bc4dce3af204dddaab9cff71b90844cc6000000000e8000000002000020000000771e19c5b906b1cc7c346be6423139ee40988a2e8e232ff2ef084e9c7471c15a90000000aaa4fcc33349bb51b8bb1e62701d5ffb1e286df2f54eb32d0d822e2c2fc69d28171fed3777771806a8b284d4c43f21a1e0339dac531cea3d6bc61ae982d5fae974e942e50eed60b32e65491e6ec39ba9282bd7e2ae77a70d2d13f3b5b6cf6b630aeacc782f12edb252ec7e4a0cf76a7d29c5813695b0ffc03b78df75e69006542cdbf50db5a90483581400e4893809974000000083543915f687cfd3c4d82367356d51fb2c3e4720b81204736f5463f55ed1fe33253a7d0ef942cfd80909e978a0bb561ab643515763e4329ecf2f7c1bc56f08b4	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003e1c4d4a7885794291b78de8e6dfadfd0000000002000000000010660000000100002000000052633eaef7b767e315ba997404d402859666c7e0af89e9ba4291f342cac7b10a000000000e80000000020000200000005c5accd470e1e25c52061d1f4108a97b297fe181163c489c952aa0ad480c336020000000704eff0fd081420826d6a390cc725aa6b3bb61a00cf80bc70a65c8e8212019f140000000793ab1a1ced50d6d6cd4dfb4ad22be574db93165947d56214c877f9d1900dde554a1a25d2e4818a6bf3142c5e726f12a4ec50273e1ea45bb903c01510b72a635	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{6FB4B8F1-62A7-11EF-9EB8-6A2ECC9B5790} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "430727541"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2292	c01aaaef09d91bd8b6323c389bd405a8_JaffaCakes118.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1684	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1684	iexplore.exe
1684	iexplore.exe
2568	IEXPLORE.EXE
2568	IEXPLORE.EXE
2568	IEXPLORE.EXE
2568	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 17 IoCs

description	pid	Process	procid_target
PID 2292 wrote to memory of 2808	2292	c01aaaef09d91bd8b6323c389bd405a8_JaffaCakes118.exe	30
PID 2292 wrote to memory of 2808	2292	c01aaaef09d91bd8b6323c389bd405a8_JaffaCakes118.exe	30
PID 2292 wrote to memory of 2808	2292	c01aaaef09d91bd8b6323c389bd405a8_JaffaCakes118.exe	30
PID 2292 wrote to memory of 2808	2292	c01aaaef09d91bd8b6323c389bd405a8_JaffaCakes118.exe	30
PID 2292 wrote to memory of 2808	2292	c01aaaef09d91bd8b6323c389bd405a8_JaffaCakes118.exe	30
PID 2292 wrote to memory of 2808	2292	c01aaaef09d91bd8b6323c389bd405a8_JaffaCakes118.exe	30
PID 2292 wrote to memory of 2808	2292	c01aaaef09d91bd8b6323c389bd405a8_JaffaCakes118.exe	30
PID 2292 wrote to memory of 2808	2292	c01aaaef09d91bd8b6323c389bd405a8_JaffaCakes118.exe	30
PID 2292 wrote to memory of 2808	2292	c01aaaef09d91bd8b6323c389bd405a8_JaffaCakes118.exe	30
PID 2808 wrote to memory of 1684	2808	explorer.exe	31
PID 2808 wrote to memory of 1684	2808	explorer.exe	31
PID 2808 wrote to memory of 1684	2808	explorer.exe	31
PID 2808 wrote to memory of 1684	2808	explorer.exe	31
PID 1684 wrote to memory of 2568	1684	iexplore.exe	32
PID 1684 wrote to memory of 2568	1684	iexplore.exe	32
PID 1684 wrote to memory of 2568	1684	iexplore.exe	32
PID 1684 wrote to memory of 2568	1684	iexplore.exe	32

C:\Users\Admin\AppData\Local\Temp\c01aaaef09d91bd8b6323c389bd405a8_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\c01aaaef09d91bd8b6323c389bd405a8_JaffaCakes118.exe"
1⤵
- Disables RegEdit via registry modification
- Loads dropped DLL
- Adds Run key to start application
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2292
- C:\Users\Admin\AppData\Local\Temp\explorer.exe
  C:\Users\Admin\AppData\Local\Temp\explorer.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:2808
- - C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=explorer.exe&platform=0009&osver=5&isServer=0&shimver=4.0.30319.0
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1684
  - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1684 CREDAT:275457 /prefetch:2
      4⤵
      System Location Discovery: System Language Discovery
      Modifies Internet Explorer settings
      Suspicious use of SetWindowsHookEx
      PID:2568

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6B2043001D270792DFFD725518EAFE2C

Filesize
579B

MD5
f55da450a5fb287e1e0f0dcc965756ca

SHA1
7e04de896a3e666d00e687d33ffad93be83d349e

SHA256
31ad6648f8104138c738f39ea4320133393e3a18cc02296ef97c2ac9ef6731d0

SHA512
19bd9a319dfdaad7c13a6b085e51c67c0f9cb1eb4babc4c2b5cdf921c13002ca324e62dfa05f344e340d0d100aa4d6fac0683552162ccc7c0321a8d146da0630

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6B2043001D270792DFFD725518EAFE2C

Filesize
252B

MD5
7b86b6703561f89962e55083c772818a

SHA1
37119799b406f07dbe17f7824875954fef5142e8

SHA256
866f160c60b2a424ee2a82c799a167f222a0225d365e23ec0931bde5fd0447e9

SHA512
6ebb7ad3eb499d6900dbbbeb91b1739f17dd88b98b4bfb86ef15f843e7cf991cd3347e19e104f97d49bd4af26150692981cc29655bfbd8f00da26478998d7b3d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d5047bb6011811f5a78dae9f8d4a7653

SHA1
8ca29602bb5e27c66bf88acd938bb6f28159dbfd

SHA256
fdd9be219fcc38deb0fea20e2426034233182d9bf421cd2a7672b89ff63ed91e

SHA512
5d80844ccbec77f08a1b07422f5936c49f90e8ed5bd3cad29a14cd3fac31ae34dbc718456fc96db5c32bc6cd298e16dab6bf32bc64eb248d05e5b1c924cac42b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2e75826f1908432c833ad23ba5bdc412

SHA1
cb2cc0557c95913158e7bfb50d528eb2e209d94d

SHA256
02628a61eb1aad5f0f514992937b750b577eda83e473fdb15c9c849a091fc47f

SHA512
bd4b5d5b4fb5ddb7cd347b87c49342882c4c7e98f781c3168084e143cf4d91671883f3e175f80fb73fdf916d42ccb9f44e1e83bc9a532867241a1c5d3ef56f0d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
607d00e4fc95b0f693e77d0d69784c31

SHA1
8379e8fa834406e36df15b68d77bdc66ec6da753

SHA256
da1d1e17a7c3bca0533bc32b7ee2035c2e6ea2c53840be70b9e10e6e3955a1bd

SHA512
bcd33078d40685b0e13618073dc161b11db221694162467be762e9a974a78050f47d252783eb5652d05787e3b16d9279c35082ca026d4e84ad5052af3e128b51

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3ed68145cfed62041aae5408a0242114

SHA1
df3e5720eec3c055c119eae6fedd108a7d3ffffb

SHA256
694eb5fe340f69158e99113cd2a01a81621e1a6be2e6c1e92295a5135fa7246c

SHA512
519213579773bf83ed5d3f00934cf5c63469ad2ee57ed98f429fa028be5eadadcfa4aea4d21c63d5bd673791508d35c3d874eb37e93a9292767fb0575bf059db

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bc4d47ed9a97fdbabf4d1b720ed59336

SHA1
d558b7db4a52ad1f3d79702a65338309714211a3

SHA256
5470a8c3003e1d5183d196dddda869e73638aa4b16ab97b2d0f8cb0e8ad0a165

SHA512
d10b7eec3f6826fc15585fa2a6ab9de1193a2a6952e8b0d0ea9435f3e2089a6d81c36d06a4be09bedf601e6505fec98956d1bbdd7e02f31b1f09227061009ec9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c9d6bac823be8a8b110c992257c4a220

SHA1
2fd7ee6ba89dc87843d76d97f5b6b9863155e0b9

SHA256
c469c56ea756a5d9121f02437876e9d5023c374de9be62c1766664e7e4976c6c

SHA512
80e2bd594fa38d2d58aabd91db1ed0be5f4796758de3d80681cfdffa6cbeed5c251b060d4707ad15e368a740479293bf2ee2246fffc667f2a21f454efcc846a5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4a01f3c55d5b6cd292344ec090ee15ee

SHA1
0e41853c462fcc3b34dc4131ea6ab3a53f0a1705

SHA256
ec343a968ac4348c0c82f9be2f88de80deccb800ba6d10a8b85d61b1842946de

SHA512
3581d2fcfa4d279c7c892f24b8681def4ffbbad467aa24a4ff813cf403db0bea250e603cbd623d3d0d05b4c034b8b98937a6a5e4024b3ec7ed58aef4fae29c1d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
14fc7df7b4a2ffbd7b22634282d0a559

SHA1
e3503e15e57040a8741c1228a91ed962e0674ab3

SHA256
dee390ffa22dcd018f9aab83ca30a78ce22b4708f420c2169cbd574d79eae028

SHA512
a85989c3d9ebe5898fefd54714df29923fd0afff17e4e05c1eaf232c93d6979ec4745880f450b40fb4cf332a44f3e5a903377cf9bb6df41882046fdc24cd68d5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2d5a50d4795a28104cc0801dc01235b3

SHA1
030bac65149ffdb32ddc15cd8cf05f665715ac49

SHA256
aa1ffe882d63a3c77ee8f18b669be2b4ff8a1db956b98e4424df40b68579d272

SHA512
2eac999a5f94b4117f905889982a4b2a3c05eec6c3342de2711b6187e50a230c8bfa06768b9071606f3a4dc203bc0b14170a202642a04bba65a9992b47f65fe2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b70acab6d1ad6f4fd3ceda22df9014f4

SHA1
398571841750f7a8309cda326dce8527f391aa63

SHA256
43bea58138e06d85854204f11a293bf6ca538cf5afd8c945a0f3d7dabae47d77

SHA512
4d3827140427c7688a10a48b13ccccf8d9ff4795bd1ce8d6b17037e4b0d538f76124ec015ade22f385ff058aefd63012a06efc5813b0865cd947562b507fb265

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4cbdb07aa742734735981489cf00639b

SHA1
8a24ea196485db91c74311c5b1b011e6154af467

SHA256
ecb95f59e4c3a154d575d7af805658ab0c58e89e716b4519a1a955381e07ec66

SHA512
5f2ac7454bb9ad2961a6d474b727017b43bf07f9bd5f26d8b6b35238da47c4c2b432bdc64e3af4f7e3656781fd4c36cd74aea472cb9cc2474f98206dc330d3c1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b15bcb9322f0241e8dad9457da5a83d4

SHA1
835cf6a08af4337639be9f9bffcae19048dd2587

SHA256
a435a38ab37aa359924a5153086925c8b0674adb5d5dc0ab8b98073e73cdaaa5

SHA512
724881169195deaec1fd21939ffc6003e2ffa23f779f322afae82ad3bcc124b44a952a81e08c4f8081f5d1e486c2f67d686c55edee8b5aaf62e2546e4bb85f22

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c8fb19adee74b4f8ea353e8667a1e51a

SHA1
20658082a1cabc2520366a333bcdd1c9f79ead4d

SHA256
5d350af243ae124ed16a07abbaa872a567c92e00408bc2b96fe1be9a5c7aa1ac

SHA512
26712fd39c45359c84962439db66201faaa8e5fbeeb33061919cf8516a46b4d36049ea5cce7d46138034a441b1512b2c38cdc770d5a48da98ba38d9bb47d186b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5741832e8dd70a06ce10becb14d82827

SHA1
3d270be99547f73650ddd5a8a042dfe66beb9f10

SHA256
9c27f2560a1abd456edd896fa69891314891b5f61e3855c2fbd85da3260632c5

SHA512
3052384d01255838130ed9b18e09e75c6c78fb472792bb8f59735a5ae1d5b5a5d9ca8dfce8bf965267c72dd48bfa982eec346c5508235c0181acef4757b9985f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
beb88b092e673577b94368f29a3d554c

SHA1
8da0b693d636214b12391a9ab149cdfa7b8928c4

SHA256
8be5f179f1f57df17d1bb2234e4dbd90e53e43dda2194cfe443abd7f6c4f0a58

SHA512
7542f27d2fc9c32df426994f30c1db762249105aaa3a282d410e662cc3881f48a7ab82607245514bdd3566c725b5d8aea4d8ea8c149987272782ba5e60511db5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
910023fb0a6640eb1ca41ef0d057e49e

SHA1
9390badcbdc8247c29f3acead3f36fff7baa4d49

SHA256
f53eccece4530a3b4331c35be8bfaf243cf2995025e4a5d81aa6e5fe8582c587

SHA512
ee58980f3c546f05ff430a1b64a69519c6fd759269607cccc8c3bd166c976ee23cee4a63b44f8b27174f0e1dd3bb34fedb01ea7a3c1e36c3db77bbf8ffe1021e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5f8d685b28214f4c7f07e0910a00cc01

SHA1
77beaca79196b64dcd3181520d7eb0e7c53d5052

SHA256
6c505d2aa991eea0fdd2689dd8115f9058b5338a53005eb6cd1b0bc988b259d0

SHA512
35af69aebe9c86a36c4a42656b4a88a728d8ef36b3cfff0d8a769df78968bd318ef87876b7206876a0e0e3937abc8edb29f7f64a7da87d15724ff724705cc39e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3282af408e1b54f3c3d251c1cd2bf209

SHA1
646b8fc4bc0afb4e70ddbef25fde0e6d8cd97144

SHA256
91b6ba65fcbe95aa5cf588510248d7899bec38a29cf5a984597bf0aba9031736

SHA512
250172566073b2d2aa01aeedb3d44cb67fe1f7ec046137c081949cc6b209d8b15128b909fd1d7c728416a2a514b6b349216bed09cd8df70b12f4f8d18f1af68b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7684aef471dac64dc9f8fb9ec68dc94b

SHA1
2e1bf9d5cf79b1c34b131071943c774f7209e257

SHA256
1e73fd7d599a2cf2343f1f592a476100aec739376b08df730b5ed085978c6e1f

SHA512
ad3d5bd5b0fefcc30623f450f8461a672d5e4af06875c2e77f34ebe2f259dbfa38ab8aa39b08b987e494ba29a6c84281b1f41d701ed27d9fd3c6f3fbf5b12409

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
595ff13c75dda620b8c214629842e596

SHA1
12226dacaffb57b655fbbd7839c087f10f2953c3

SHA256
0d7dfbfeb2e192fe8cd11238bcf707b29a7dd1d9794a258a2926931a806e5882

SHA512
8802e7adca2b5c556855049551174454e2733f26406b89e9b3d8f413605b052e99520c2ad6eb9735ce5b48893ee80205337fddd28cab9622c0457069a677fac1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1a6d8bed57792f13a3a74a6793fc2b54

SHA1
8cb43685b1052bbb158a190484deb52443dc769c

SHA256
cf37b0acd4ca53c069234d9cb05ecd2a3b0042f256c04489f0daba7e73a36b95

SHA512
fbe2a7cdc6d3bbaa1c68190275eb57478d99e46f06416000d1ff4856b4f7a6922d4aa3b9cb929fe7c531871f4a804ffe82b5d7460726ff726d5e672bca6f12b6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e5c1db0a781bcf7fa3086ee317d35f1d

SHA1
983176c3413ab436c329dec5aab7e93a40571235

SHA256
dd95f15fb16f93b60875cdb42e5a9b98f5049596a241576e4edd7cafb608c173

SHA512
262d388713261d0334169ebbdfc19cd2893b25298283ee531109f903e9cc57261890d2cbd94250cd2642ef80f86fbb9da43bce84a5fbc3fd0efb94ea267993bb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
06b006b8522f3d6630e04e640fc24cde

SHA1
66dcef4c619dfa92ede091d9284159ddec2d4aba

SHA256
2004ac4cbe3343fbddf19bbef6945061751aaf576dafb35e80083d2bd4e0d33c

SHA512
32dddb1b293ef6cd622e9cd86902db30d7555a76e75ac69c2e9b7c0dd7ac9fb472f8ee7cb4d0d5ea0fd32e32cf9b9f79e83ca32da6403dfdffaadc489e34a9eb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1baad112739ed3efd7304a52d792b0c5

SHA1
a7c1180751b0f95999d9e1d64e56c0c533795993

SHA256
255d21a48d6046b510f87a1f575508552ad33e00a775991e889b722c6d24e307

SHA512
60e0deb5e085164e30df46407cc2e8c4618235dd609bab56819f4425ef69db0a04644e02b19f8f61f04576a2db673894665aeeec554e83f7dff43b6d141a615d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
12ac24b9a4686067669f673589a0a874

SHA1
6f89fc4f36d5e8d6127bc8ab5e45be2e7487c155

SHA256
72d1e93d0eaaedd59196db9600c396be270be1d4e503e08259d7327d6aed32a5

SHA512
cf440f1b6b85a3d05b0e750d1b1d442d9a84c198b70ee7dbc9ad8dd74f99b63ad9bd07d6238472f8c8d388612d61c207e12ba30c91c6b27669a26ae31b9def3c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5bc108844af3701bc2e9c9e286cc6566

SHA1
ff877345ad41a86772057a1c0fe4f8d04e302044

SHA256
374afc9f93f867df630e05a42db626c87c815ca3931e4af99a1b956dcee36d16

SHA512
289f43e6aaf97582dc8ff0b56c0329a9d2d2028193d905ade18018afda3a4ad64b00305586347ba1f60e4b12499833bfd423020bb009496e21dc2b79300497ee

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f026bf24bc4e8124b923995c28004123

SHA1
70f0d9f6b8c867023800419260a67ce722eb5533

SHA256
d3e4c72c14c3fcefd2808bf10302259f839d5988ba7d7ff366d7fd7fc16bc5df

SHA512
c78078e435e40bb0cf1ad8eb392baa77a5a9a7f5b4d42a8730f77b647137adc3dabdee0a76ea0f3a15b1635f8803fd751a89c055d6a7116fcaf5c46fdc629122

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
79ef8196258530df630805fc1d15841d

SHA1
89167f69da1346f8fbfe356c457ce9a43726737f

SHA256
9586e62d2fcc798189a1fd0c43d7500500afda3dd91cac9b19d5e8de6418724e

SHA512
431541018969d886c338433cfdbf66ef54213dbf11f6ac30047fb881d17ceff0a983626b1b069ac27d18c3e755e4064817aaccafb306cd0c4f92a966300fbff9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b244e670b4e000ecef9d1d619ad3b5db

SHA1
85d7e3ca9260283595560c868fef9f1501e50f34

SHA256
7e4556660ea0d171a47bdee739dd57a5be082dea5fe9d0a58c18d10d251e5cb4

SHA512
7cba108e34ed8cfb5971afcd1f718eb480ab75fe61c9d7eb411dac53432c994d02481d9dc4d4d2118e3b7fe26d72a1b9ede6e512b463dc3a01f037d76ab8fa11

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
48e436867d69a934c47190c47169fa1f

SHA1
c33a9ed0eac89eb44517972c6658ec30ef3d4b49

SHA256
6ce4664d9d5aa4bc226773656dc72365f6e2b6e31d7844a25164e151b143f7ef

SHA512
965e9beac71161641afa121042fe3f13423370d119b801c5cdb22ccc80baffcd2f29fb3072e28743cc45bda95277553830d28887df13bb468a59cfb718fe9804

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bf7b1b194bfd0f009328fb661f267f2b

SHA1
466c57beedb7c3fb18a3b53a35ede67d4cf1e8e9

SHA256
4acfd9dfa925da7f8d474aa5e58284b63ff4817622177001b05e7dbf8c797704

SHA512
e880083774a40b5428126e1748da6f84f575bb2b61f81f7589441ec1d93c1bbd3fe7fe661fa783eda4a895ebbe94f1bcb13c5e297d38eab3b540e4560fff478a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab1AB4.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar1B33.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Users\Admin\AppData\Local\Temp\explorer.exe

Filesize
13KB

MD5
4db8dce311dd754681729a7bfbd27c74

SHA1
fda9dd30c98d33f32b5be39ff957e224457c430d

SHA256
3d96f25b5c2729f8c6a7b65f44bc350c770fc3eecea7e055aec974ca135ea585

SHA512
6da3f38ca7825fba05b974f4f023271bdfcadccffc3359b836779d98a0e97c4ecb11dbcd43f67c3c6c1190c44a559dae11170c172c90b44201780a0831f367fb

Download Submit
memory/2292-27-0x00000000740B0000-0x000000007465B000-memory.dmp

Filesize
5.7MB

Download
memory/2292-1-0x00000000740B0000-0x000000007465B000-memory.dmp

Filesize
5.7MB

Download
memory/2292-29-0x00000000740B0000-0x000000007465B000-memory.dmp

Filesize
5.7MB

Download
memory/2292-0-0x00000000740B1000-0x00000000740B2000-memory.dmp

Filesize
4KB

Download
memory/2808-16-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/2808-18-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

Filesize
4KB

Download
memory/2808-20-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/2808-25-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/2808-14-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/2808-23-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/2808-12-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/2808-10-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads