e1bc9270d2b384c4745c37a6a5212c5cfeaabe243ca4d9d69a65505787c90376

Analysis

max time kernel
149s
max time network
142s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
26/08/2024, 00:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c1f64b3b4c0f5e44ae357f180bf109f0_JaffaCakes118.exe
Size

1.1MB
MD5

c1f64b3b4c0f5e44ae357f180bf109f0
SHA1

51a315daab737f73209ac0ccf6db873b172b3450
SHA256

e1bc9270d2b384c4745c37a6a5212c5cfeaabe243ca4d9d69a65505787c90376
SHA512

52ebd3f449d49a5525c34fa9bb5eef3e8c9a9da2823bc0f47a8bf3ce142e1729c22aefe0b76de72f63ec5805891e8a529d102f93fca24397e5d19623b5b96cf6
SSDEEP

12288:3sM+aTA3c+FK1vrlVYBVignBtZnfVq4cz1i5pP9kPQCs:cV4W8hqBYgnBLfVqx1WjkPs

Score

7^/10

discovery

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2928	cmd.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c1f64b3b4c0f5e44ae357f180bf109f0_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	PING.EXE

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 2 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
2928	cmd.exe
2172	PING.EXE

Modifies Internet Explorer settings 1 TTPs 44 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\PageSetup	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Toolbar	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\SearchScopes	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\SearchScopes\{E56C50BF-3334-40B7-A90D-EAC66093202E}	c1f64b3b4c0f5e44ae357f180bf109f0_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 7049e83653f7da01	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "430795836"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\IntelliForms	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{5F41F791-6346-11EF-988C-4E66A3E0FBF8} = "0"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DOMStorage\yourpackagesnow.com\NumberOfSubdomains = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\SearchScopes\{E56C50BF-3334-40B7-A90D-EAC66093202E}\URL = "http://search.yourpackagesnow.com/s?source=-bb8&uid=90c2ab3c-8cfd-45f6-b93f-c3a4782a59e5&uc=20180116&ap=appfocus84&i_id=packages__1.30&query={searchTerms}"	c1f64b3b4c0f5e44ae357f180bf109f0_JaffaCakes118.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a3d5a058b71c4645a1a6b8b9d2c7fb4700000000020000000000106600000001000020000000da16c7a52b8d4464edf83fa5411464ef02c083370270cc7f65b8010290cbf0e2000000000e80000000020000200000009f7836be6d5242a52dd67308e35d2466c170137e3d290ee6518d300e1c3e578a9000000025f221c0b941fb1c2254e5037fb7a31e77129af9612d897d5e0fcdf9f0314b9f4ef870fef89ed8481e8322c7e061bc5e6e4488f4440784df3def4fc6bd1622759ae038898baeb29028783f73b36336784ae298c7d0c2e80b8bd3789accc740280a5a98231bb7d28e6a2ad3681c1de98fdf39b68d4fba9bb641476a7e4ad38885d613c6fb396e7f3983bfc846d3cccb4c4000000028b2df34dcada41262d4ffc03c4065ae0397333e5cd34b6fd5c1cf8d4337d72286b0e81cc2950d97a80ae6a316c174931530333aef730f93b97afc153050db07	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\InternetRegistry	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a3d5a058b71c4645a1a6b8b9d2c7fb47000000000200000000001066000000010000200000006d6e35f572526b40b3eb73f5767c1ada88cfe5b4882bad1abe5e1b1acdf0d607000000000e80000000020000200000005600d67cdf4321ff5224eb4ac3a2a108d27f7ae9ee0fa58309590e466685962920000000513ce4f7a4ad312b211019bb644f6721cf15e72862b3c14cf884f96e27ef941840000000a85eab84b27eb0ae0586d655bf43a8dd4bf00717e102428b96b1d1fa640d95a54900f6ad8b6591109acc4d60c4bfdc7f732dbde5e58f0c07c8fe1bb30ca9f1f6	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\	c1f64b3b4c0f5e44ae357f180bf109f0_JaffaCakes118.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\SearchScopes\{E56C50BF-3334-40B7-A90D-EAC66093202E}\DisplayName = "Search"	c1f64b3b4c0f5e44ae357f180bf109f0_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Zoom	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DOMStorage	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\SearchScopes\{E56C50BF-3334-40B7-A90D-EAC66093202E}\SuggestionsURL = "https://ie.search.yahoo.com/os?appid=ie8&command={searchTerms}"	c1f64b3b4c0f5e44ae357f180bf109f0_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DOMStorage\yourpackagesnow.com	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE

Modifies Internet Explorer start page 1 TTPs 1 IoCs

stealer

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\Start Page = "http://search.yourpackagesnow.com/?source=-bb8&uid=90c2ab3c-8cfd-45f6-b93f-c3a4782a59e5&uc=20180116&ap=appfocus84&i_id=packages__1.30"	c1f64b3b4c0f5e44ae357f180bf109f0_JaffaCakes118.exe

Runs ping.exe 1 TTPs 1 IoCs

Remote System Discovery

T1018

pid	Process
2172	PING.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
3044	IEXPLORE.EXE

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
3044	IEXPLORE.EXE
3044	IEXPLORE.EXE
2560	IEXPLORE.EXE
2560	IEXPLORE.EXE
2560	IEXPLORE.EXE
2560	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 16 IoCs

description	pid	Process	procid_target
PID 2740 wrote to memory of 3044	2740	c1f64b3b4c0f5e44ae357f180bf109f0_JaffaCakes118.exe	30
PID 2740 wrote to memory of 3044	2740	c1f64b3b4c0f5e44ae357f180bf109f0_JaffaCakes118.exe	30
PID 2740 wrote to memory of 3044	2740	c1f64b3b4c0f5e44ae357f180bf109f0_JaffaCakes118.exe	30
PID 2740 wrote to memory of 3044	2740	c1f64b3b4c0f5e44ae357f180bf109f0_JaffaCakes118.exe	30
PID 3044 wrote to memory of 2560	3044	IEXPLORE.EXE	31
PID 3044 wrote to memory of 2560	3044	IEXPLORE.EXE	31
PID 3044 wrote to memory of 2560	3044	IEXPLORE.EXE	31
PID 3044 wrote to memory of 2560	3044	IEXPLORE.EXE	31
PID 2740 wrote to memory of 2928	2740	c1f64b3b4c0f5e44ae357f180bf109f0_JaffaCakes118.exe	33
PID 2740 wrote to memory of 2928	2740	c1f64b3b4c0f5e44ae357f180bf109f0_JaffaCakes118.exe	33
PID 2740 wrote to memory of 2928	2740	c1f64b3b4c0f5e44ae357f180bf109f0_JaffaCakes118.exe	33
PID 2740 wrote to memory of 2928	2740	c1f64b3b4c0f5e44ae357f180bf109f0_JaffaCakes118.exe	33
PID 2928 wrote to memory of 2172	2928	cmd.exe	35
PID 2928 wrote to memory of 2172	2928	cmd.exe	35
PID 2928 wrote to memory of 2172	2928	cmd.exe	35
PID 2928 wrote to memory of 2172	2928	cmd.exe	35

C:\Users\Admin\AppData\Local\Temp\c1f64b3b4c0f5e44ae357f180bf109f0_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\c1f64b3b4c0f5e44ae357f180bf109f0_JaffaCakes118.exe"
1⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Modifies Internet Explorer start page
- Suspicious use of WriteProcessMemory
PID:2740
- C:\Program Files\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://search.yourpackagesnow.com/?source=-bb8&uid=90c2ab3c-8cfd-45f6-b93f-c3a4782a59e5&uc=20180116&ap=appfocus84&i_id=packages__1.30
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3044
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3044 CREDAT:275457 /prefetch:2
    3⤵
    - System Location Discovery: System Language Discovery
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:2560
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\system32\cmd.exe" /c FOR /L %V IN (1,1,10) DO del /F "C:\Users\Admin\AppData\Local\Temp\c1f64b3b4c0f5e44ae357f180bf109f0_JaffaCakes118.exe" >> NUL & PING 1.1.1.1 -n 1 -w 1000 > NUL & IF NOT EXIST "C:\Users\Admin\AppData\Local\Temp\c1f64b3b4c0f5e44ae357f180bf109f0_JaffaCakes118.exe" EXIT
  2⤵
  - Deletes itself
  - System Location Discovery: System Language Discovery
  - System Network Configuration Discovery: Internet Connection Discovery
  - Suspicious use of WriteProcessMemory
  PID:2928
- - C:\Windows\SysWOW64\PING.EXE
    PING 1.1.1.1 -n 1 -w 1000
    3⤵
    - System Location Discovery: System Language Discovery
    - System Network Configuration Discovery: Internet Connection Discovery
    - Runs ping.exe
    PID:2172

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

Remote System Discovery

T1018

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

Filesize
1KB

MD5
55540a230bdab55187a841cfe1aa1545

SHA1
363e4734f757bdeb89868efe94907774a327695e

SHA256
d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

SHA512
c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

Filesize
230B

MD5
1d34bdb52f18b81e5d5eafa9053be859

SHA1
96234b8d2e4d360604f6fcc80dfef163977f444e

SHA256
f12c9b8ff7087a7a6866513263886d201ea63b7f131d1283c1f3fd6cd8b17d10

SHA512
628b3e5896bc701c58537fba2ecc1ea73b6122aab86236a6270ac68cd026e4c6fd0f481a1a91331276825abe4aedc9fb877e852cc4945fbcb5ea8ff1a159a26a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
89c71eac4e2afc68877ac21f31ca0791

SHA1
94a9ef906e32604cf2f359470664a29afe7e6f5f

SHA256
64231a72e6f55b42ad78ab835a18f2afde739bdbe476e352e22457ee26580e86

SHA512
ebe5cc5de8048057d5ca6f0c7919b9022c2b02864bd5921a60f81e1b8473d12992bada4f337b839c0effad2c066c6e281adbabd464a7fd60d76cccc0674167f3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6d843e17eea3d4a224e2fd0e5b6dd8ee

SHA1
c5933ec4571ce5e086269ff61e27e8a70d1b4768

SHA256
19e581afa829cca6ed91b48842c33c9a24cfdcedccf2e36b6a2e852f3dc375d6

SHA512
3ac31df8eab2fb8621099579abfbba2eb2ff2a1229fd861df24cc24dccb37b03a85050400ba36a50b2a7ddc86a7f4d4e9500a5aafffaddb277b98dc7d2dbf43e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b52ee71af90623e2fae261e56229777b

SHA1
fb5c799af1d4bd3157992d2706d853a74823c46e

SHA256
89347441685b4fce229eb1d6877d6cf0457a8cc5e76b3238745a109a981498c3

SHA512
f7114be02a2a697f8e673247db4987754f4b1f9b2bb07192d20542ec19ab4bd1deb26ab7caa0fad7a56f7c94ae93a94c799308808f00cc1b423c8b7045e46d21

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9afa5f98fe5c93c462cb63b2b8a1a8d9

SHA1
19c517c547ed211130b79e74da48b581e6b6ddc8

SHA256
e2976af585acc74527c924913e6881e366aa0bc8a57baaa821b929284bef7b7f

SHA512
898bae94562d27f3b1e9583093f25622e876df2e24f23cd9176d77c01db82b16d5bd4c6f0818a54c8db70055ba35190d69e444a414522e2672ca5fc64cf604d7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3c7c900dc5aecf7d45fc110389b90734

SHA1
ae9165acc62a2adb81316625badaa2a000465005

SHA256
5de79ae71badbfdcad3edb28d52436c8555112fca4462fce80ff16288cb59206

SHA512
67bb566dea25be303cd19169f0092c8fc570d2d687282ebb627f3a100bc5372b5e64a833834acdf95378dec07f3df6cafd7640a5966d5cd6e59cef09ad051c1e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
247747d8261d9b8eef45deeb8d21d53c

SHA1
b8234bd893c574829916522ce4f705041852834a

SHA256
03f5b8aa362c5aa31f400f5d0748d1b91fa92e0e2cb5210fab6547124a954274

SHA512
6c388f725f52a6d7b7d988b8b981151ad26effdd0d7c3227f7ab7fd970db5754a0f8f8b1b029ca4c4c7818411fb93d306faba0ea0b313ce5e050c12debf32975

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1c02c85c562ee1d15e0bd0db97a6ff40

SHA1
56e23804692ba202865a9c06f1b4a64880dafc79

SHA256
5c85b863a957922f0a6378f77219df67c7fb443516bcb07f5f92da4da632e5a3

SHA512
25abb17c7d2fc825fd88a0e8552410fb83652f75ebd6a73994b9dd2ff58cf6acf8551b3a09e7d45f8acc7736b433a43d8070d1b42611ac04683d2cb05ff78779

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f3dd71950d9682a16468473c0b9ff310

SHA1
72399204ba76769a5745f45f6bdae40c96829961

SHA256
472856311bbc7dbd8ee7094e38fedbd14585a7db263f2d7a11dec8b8be504ee8

SHA512
6c62049f0b509a62908d78dcfee804571ce16a27a3a6de6eb5652d7697e5c777dee61f69633a343a7efa7536731b4a6855ed1baca436ce89f8eb4b4d18bbb657

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
79ae3f0dea8b1fc9db3d0647d0cc47a4

SHA1
42f06591170605939e7241c9137693fc5436127c

SHA256
f270eb6519f3843839ea14bf62cc375a64c2154238ceaa248b63541482db2f92

SHA512
7e2365d397f2b0b7faee74d54b71001eafdd52637506c2fbf279ecfbb94e36eb6c85997faae33c281c97351c6a201b784d64db976cafd259e0b3a404d6409c68

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4e6cb356ba84ac8651aa59f325acaf59

SHA1
ac275dae38a249a046b81860c2bde587a17251ea

SHA256
249d491dab1fa3e39073bde7d1df6c8b9749bce0d1a04505bec6d3a62e05a315

SHA512
e9a6c8dbb35a2efe0dd1c1a2dee282008a3c92cc8a0c55c9aa94d896868ad52237a946293a8e6f4da70bc89396c5797055e9891138939db6a401c11367387fca

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
69afa2a40522f3120fa49fcad5c54d10

SHA1
1840003b608b4a20c6603fc159ebb95756c00dc8

SHA256
a9aaa0048ca7aa58d8fadad5295722c73d2b8608f9951f97cc7d6da71b67d42b

SHA512
93ec01d47a7476e27a6aebaa780c4e1311670d450f949d8d614b5371b1279c0babe954ec7e4c1a0bcbe4b89ef42f62a03f7e57fdbf41fc2a516f5f0243ad47a9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7d9d55f4ae9725580e6ee0c2b2a23816

SHA1
b40f540d99380fafb9195d1a0c56f885e5b33641

SHA256
df16dd26eac835a257b28966a0ec55bc3668a9399df6ee72232d3dc18f3ad91f

SHA512
7316a5a08cbecb9124fadc93b343d0bbc1d11c890789eb15343261b4e14e538b72c29d5af7f3dd07735c747f838ecb95ef3e193eb7d94e910e83892305e1f567

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5c6dedb793c901f0bde60c0bf87f55f4

SHA1
2e50c95269ccb3fe6b1ad7bb4c2c0a07e9bc161e

SHA256
857fb39f2d74f1c0508bbaca891de3c09d9371939b8ca87e6abcba55253c48b3

SHA512
4b1840887bd269687e95e532e20ca826b365d99d8886cccb8bb3846cf2db934df49873b75d387ffd0ead27891e1df3b06b88a8e5cda748fe5003a4e3ced5885a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9b74372847771e95908b23efd1bc936b

SHA1
1c67e5f8a07cbbbe98cad731c6b9c6a950269ca4

SHA256
c06d116eacb918a9ad8d959f05d4774f81b5b747a0404d4715b4b0ebe3ac8202

SHA512
52b98ac46eafd711d22314505bbfddbd108cdb8eecec86e59ba8b71b5a23d3b52a97e6a48da2099cfe5b7fa9ff7c069fd2c9938c0247f858122a379228092cb8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2704afe01b0e44624f640c5cb20cc768

SHA1
f211eccf847477dbbd7ccd2456fd2f21ddbc7136

SHA256
c524aa3f26830026f88de50e3d9b770fcf3913d5c0d364dd57cee5b060e5bcab

SHA512
3f277d06dda8b62cf75d608c25e935efb030c1c5bbd5a5061b9daeb3228ac7c9518b8bd4c2c274f91b3a91d2cc3ea577e226451eb52b27ffd364bc537c1429ad

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cf3d89dba61cc1e8d0811c6b5e7f2804

SHA1
20b767c4434c07744c4bbd455c94b40b65190bcd

SHA256
dfa5385bdc14fe00a33da4652e8930614be46fcbc8380251223acc3a43b8782b

SHA512
bb17af41511c342df3912dfe5116dcea153719913f4b42a611c94706c37fba9751fc837e324855250e76496ddd7343c5ab501bef8b8134f1f42124eed9d1e99b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e20a56943a5309c9918a96708985f429

SHA1
2ffccacc134e3eb6ceff5eaeb3fd1879f7faf618

SHA256
a6c8c2b7576a017185f0247f357e1985aadd148ace7f982fd6917b4cb3223903

SHA512
9ad2e35a4553ef76c320aeead0221f077fc4ba53639d563894e20856da85e2aa21eaeec7f46afce36622e8f87cef91b60b5ab6b5fc1e4f251f3e8196e10892ba

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
746e2e6b213d01b5931cf28778ef9eea

SHA1
3a11b6ecfb5813acf3e0305378ee570a4d628767

SHA256
def2f1448e8df206146ea411077fc8738ad6b328c16d0dfbc46fd4414e2fac4d

SHA512
802cd3c948406143c2569568e9126bc2ac47bde80c219da686d180d6cac5128ea827d4ce02c562e92b001a06921a46ddfaba031e4ee44272c275a07fb5f534af

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b51255f0beae420cd205e820b7269280

SHA1
3955881b08a69b84ad5931617dc215a5ff7a66a7

SHA256
c12154b52fa2020c654895dcce46ca0d0249242c50b87cca261c601d27c5ae89

SHA512
8ce31b9b1159f18b7813cd2f55dc7ae321ca6ae368dfed5460bbba2cbe8cc48583cc807960fa186d10f0b2745e7769b062334a3deaadc1aa59fb49d12f4b4cc0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ba8e7d7fc5d5f145b9367f47a90a7c31

SHA1
5b970ed3f2edc29fae0f5b13fc5802d4c1444f92

SHA256
6d01fd5492623c1ae56e7a53b6a09d96d0368edc8c302034771648069185ae8b

SHA512
e119c49741ee2534400c6ceabed275fa108867abb2ae4ebe5e6b12de683f3a42693533f1bc31cacc99812eb6bfbf55031fc848ce0ee0eb0435dfd75f1a36a296

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
232c19d57d11ec83073f4249a0ee56ad

SHA1
efced7d9236a3dbb7d3261656d85b815652bb866

SHA256
f9d875fd3b17de4645044811032d07949cf71ac8d8e6d1118c40e95a6c0286bd

SHA512
5d52745267029851e4635470aad7f7dbdbe7876e39e8193c4a54c02a09e5c93a4258e4ae6a50a00993733fd317ed10e7ba718fceaca92e6637f5ccf3fbdcc84f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6209b2b83e192ada87a91da3f01b1f34

SHA1
a1b438b9abd1bd2ab555747131d4e2261fd60c85

SHA256
a7ea8c49cfed3d3f4f5601ef0cf0ae8579ab6afdf667e370450385aa6de72892

SHA512
32851c4d6378c89061b45fc58749b48a2a1199962d186882d3864c15e2388106207ec20a99e579c47d1fe21297eeac46a75cb24dd7ab9aba5589e4ba9bc996be

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
f9fccb7b6e66d8d4c97bad320add9c43

SHA1
954d9bbede9da4a87993f49a10c43e4259e811ce

SHA256
249e5995b03a564c0cc5170a512ab4640550800afa9f3286d69f1f5b6c6e5ff8

SHA512
839539762c85c5135b1837d2164e4d9233b38552030c6ab6be6366d2d911ce9da4113475014df2e09c6cf0216eee55ee9e75695d9fcdc2bc6c1a62fd8e803e39

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
9a16dc9e0a74971e4abb70ac41436688

SHA1
a370a26bfc0ffff63457b8ac55966c2cfe39d34f

SHA256
3d7c9842ab9769491e3e7abc98fa4865a48932340ece7b29118821a79e622429

SHA512
499a81e4a8ba5904412b26b0cc08e2d7971f616d2929fd7aa0821131b3e2431adf6cab86e1b9b7a21040abe89c93afafbb3d0ab2d62ecf2d80f580f6c3ea4a47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\0qn8gcy\imagestore.dat

Filesize
110KB

MD5
8736b202030b28e708979ca38610955e

SHA1
3a4c76e3190dbae40109db36fca2e25dbf8763d4

SHA256
cb844a58b626fc9295f4cd6d8fe47503953e8112028dcb7abcc3997ee72853eb

SHA512
ef789bc5790013ad1dd6e813a35d145a352beb8538e7b1e57be9a5a675b51b1f96e1d2ddb4bc8bb46ed6e7e441c187e0b3c9dce261eaea31a3fccc3e40a21e70

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HHT5LGG0\js[1].js

Filesize
197KB

MD5
4952ad5e6cfc4fb8c5cce2ba5ae8b7e2

SHA1
36bddc3e22a8ccc529ea2b9f514ab4b1a057e4fd

SHA256
80ea2c9dd4092dfa87749f9a70b533af045642c0aeb983682ee8695c26275b08

SHA512
2f72e6bfecec5464821719f9eba4cfbec0b50f7b41c425aef0f3f0dd66577fed26a69b5a789d21601a0f4732e4432814d54f759bd49019c909216b1c505d0fb5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LPQ313RR\favicon[1].ico

Filesize
109KB

MD5
504432c83a7a355782213f5aa620b13f

SHA1
faba34469d9f116310c066caf098ecf9441147f1

SHA256
df4276e18285a076a1a8060047fbb08e1066db2b9180863ec14a055a0c8e33f1

SHA512
314bb976aea202324fcb2769fdd12711501423170d4c19cd9e45a1d12ccb20e5d288bb19e2d9e8fd876916e799839d0bd51df9955d40a0ca07a2b47c2dbefa9c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab2F7B.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar2F8E.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\YGV76369.txt

Filesize
716B

MD5
852647aa0e94b0fb070fa9140d1678b4

SHA1
b69f77816dec51b069776d2487e42896fa13f797

SHA256
89f45373bfabf0f9b0215bd266cf0d7c85a91100156a61fd8bc7bbe196c74383

SHA512
fd4547aeabc46f7f0e64edc2290b52eaacdebc1ce659c59dc7ef7605eba219e68b4a207d6588656eff568193fb87f6c064da289b67f0f45d4f7590fa64e2f180

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads