bbb582bbbbaa63737332d290eb46c958499105d89605f8e7eea3cfa1a526d85c

Analysis

max time kernel
121s
max time network
132s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
29/08/2024, 13:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c8deec610d55ac8f4847bc2f4d69e1de_JaffaCakes118.exe
Size

512KB
MD5

c8deec610d55ac8f4847bc2f4d69e1de
SHA1

9a262a8cfb713b002e69f088c245ef77d16a64d4
SHA256

bbb582bbbbaa63737332d290eb46c958499105d89605f8e7eea3cfa1a526d85c
SHA512

0fe5191f14f8042c827bf9815dd1d4c72294abe0d6fc11e6f117edda68fc72bb427945da241b6acfda85561bb22cfca9137cf910825ea62be5e61285ab95d07a
SSDEEP

3072:JQp8NErMEYAcKNvUEy7YKPvRW1CnqZ5JAVtD:JQmO79nK+CnqZ5JU

Score

7^/10

aspackv2 discovery persistence

Malware Config

Signatures

ASPack v2.12-2.42 1 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

resource	yara_rule
behavioral1/memory/2304-1-0x0000000000400000-0x0000000000483000-memory.dmp	aspack_v212_v242

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Windows\CurrentVersion\Run\wmplayer = "C:\\MessengerPlus\\mplayer2.exe"	c8deec610d55ac8f4847bc2f4d69e1de_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c8deec610d55ac8f4847bc2f4d69e1de_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 39 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "431098565"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000082ebb0b9d6f3f0458e93e15bd38f268f000000000200000000001066000000010000200000005af0c012dbf6a83d8a1d7c520b7c57fbeda1479ff2763ac5688f44047d1cd5fc000000000e8000000002000020000000417f72ac77f0ab1dbeaa7fbf9adcee75a48eb7fbb79116a9bf83f215a17f3f782000000088108a2bb93f66e9828a8137c26eb3a4c2d0ae3abbbfe520bca449e902935bcf400000005476b5ec2b583e1cf98b6860c42fd808bd805486b6c4cb4392679d1b33cb90a31324d2269a27ea13779c3b18f42bcc7392734ebfe46ef095cf044bdbe9f45fe7	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{4A9DAB91-6607-11EF-B7ED-52723B22090D} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 00d6f82714fada01	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000082ebb0b9d6f3f0458e93e15bd38f268f000000000200000000001066000000010000200000007f3f5e4d464b1776133885ab0155d3de078300d8d3ba37d20aae7969c014b3e6000000000e8000000002000020000000006974e553b49b80ce3a3b72c04cc652e7c08c057af2735cd557cd2c953794b090000000752c3162ca16fcd3a356f31dbf240e4b9fb8b359d231a2e568a4b8ed03ec45f5711577665dc61f562b24827cdd8770f77313f507b3011a25d6ce87da0d107446f6c4f403ca71f11bff42074677c57941f8dbb739ca7a1c1e6fb7bfb9caa9cd9b14821f101617ba92b986a62b3580c09916b170563ee7067fda92407a77ecccf9ab5e8a3745666fdf9000e0a707bcfc70400000003a079144c9e54ffc97c4fd511fc2605ec954222f4e8a36c798371de996e3be2f16733601bd1ccf3b1fddf6b7f9bac84c178658059c307bfa760e42df119dd499	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Download	c8deec610d55ac8f4847bc2f4d69e1de_JaffaCakes118.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Download\RunInvalidSignatures = "00000001"	c8deec610d55ac8f4847bc2f4d69e1de_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Download\CheckExeSignatures = "no"	c8deec610d55ac8f4847bc2f4d69e1de_JaffaCakes118.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2720	iexplore.exe

Suspicious use of SetWindowsHookEx 7 IoCs

pid	Process
2304	c8deec610d55ac8f4847bc2f4d69e1de_JaffaCakes118.exe
2720	iexplore.exe
2720	iexplore.exe
2856	IEXPLORE.EXE
2856	IEXPLORE.EXE
2856	IEXPLORE.EXE
2856	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2304 wrote to memory of 2720	2304	c8deec610d55ac8f4847bc2f4d69e1de_JaffaCakes118.exe	31
PID 2304 wrote to memory of 2720	2304	c8deec610d55ac8f4847bc2f4d69e1de_JaffaCakes118.exe	31
PID 2304 wrote to memory of 2720	2304	c8deec610d55ac8f4847bc2f4d69e1de_JaffaCakes118.exe	31
PID 2304 wrote to memory of 2720	2304	c8deec610d55ac8f4847bc2f4d69e1de_JaffaCakes118.exe	31
PID 2720 wrote to memory of 2856	2720	iexplore.exe	32
PID 2720 wrote to memory of 2856	2720	iexplore.exe	32
PID 2720 wrote to memory of 2856	2720	iexplore.exe	32
PID 2720 wrote to memory of 2856	2720	iexplore.exe	32

C:\Users\Admin\AppData\Local\Temp\c8deec610d55ac8f4847bc2f4d69e1de_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\c8deec610d55ac8f4847bc2f4d69e1de_JaffaCakes118.exe"
1⤵
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2304
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe" http://www.youtube.com/watch?v=vsd3g0h_vs0
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2720
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2720 CREDAT:275457 /prefetch:2
    3⤵
    - System Location Discovery: System Language Discovery
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:2856

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
50f0d3a3ae9fc97609b3d3755e737db4

SHA1
125e6d2c6e91764718fc07fae268b04e8aa9aa66

SHA256
331e0deaa2332464f728b84cd72e0b9cffa7631bc4fdda32ba83a28bf0bb4346

SHA512
08e69dc592e157122f85e81df3e988e8cb05c74e1a3cea656a52fb2e7ae6641ff59d641c71ff9816929ca755bf6e4a6155c6b78f043f136d762572e3999e1a5d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
90e10d23f5884fb7ba07378047b90fe4

SHA1
54f1a3aff1ab1b4b4ae830f767d7493635d175cf

SHA256
7aab6b9d73662caa90a80f94f5270a7fc9c24262faaf9223ff7025b50b0b1503

SHA512
b3959604122a2a575a7911261d62d73f89cd7e36101a32b7fa7139d72a0ff382307b666eed544b0b8a441d4bf259ac8e2d3900ae847099e977daf654244985e2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7e04f208c2a8dd83a7a6732fdf8e3635

SHA1
a52da292e03f1d46de331f7037b7716eab054813

SHA256
dc53b21aa01839d6c3f0becf081b179186c6dabc0dc944b4a128b92e447204d8

SHA512
a786d1a1f47ce5b99a438302524e6d872575ba59b80812dfc9d76a6f794c8f18e20bad0b8ea7b347dcbaae997d3358d6749c55611b9625392e543cc6b5c80403

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ee8e14160460e5c061e94d674216052a

SHA1
ef0d9c9fe0b7b9ca852d7f8475a4e46b93263af8

SHA256
398fc3c6abfd1c0e57f4544dd130259b6d837b5bd7d2ba6eea5406d44710241e

SHA512
9d0a9ea1e6d46ed265fd5f97c0ba0f88efc30f6f26f2707695bf33f20a5f47dcf053deddb3a7227173c036e00fc7dbd496d83f6619584fc0a5a0fa15c0749554

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f1f25f94a1b5291522d19aa7be758968

SHA1
db112764e5f45afe762f4eaefa136bb9ad52f9e9

SHA256
dd03680f7fedc2bed20cf933739660921a07aec5d0a850e356801ae410527dd8

SHA512
0f2dd949bfa7515a7b7d328b4d83a54972864f35b75713c144e86c9e4034fbcd0f2a1ccb5798046e9de86e45b413477c82fabcb51bcf5f2fdd36cf59f9686fe3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3bb078a46a530c7acae3b914ecd2b046

SHA1
2a14fe1c35e3eeb23abbc4e8ee84640a86081eff

SHA256
a0896f25e3fe3fe192dd3baf5c7cc44fc9a506686258cf75dc8f36af2bc8e401

SHA512
86b65050e549c642a87807eb3f8b395269cd6bef4db8b4a08ff00403c5735160bfac324081dd376a129efb703e0abb83faa613c28af27db79a1a162c07be1a0a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
04356b6229a087f6cf77ae30b3590de9

SHA1
8c702a0f639450e7d91a4e2409f6ac5422af0b21

SHA256
0127cb58a672bc31c8f80dee91806dd0334260ab0eb031baf8c87e38e3d31125

SHA512
a0387a2aa24b0de0042a337737e2750a27f6461721d493286a04b976f2c90c292601f33f98975517b88bfed39692921587024ab5a0ad09657a3fb4dc763dbbd7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0f9ba5f65f008d83dd79b6a3d6a0b8a1

SHA1
4682c9405094bd1b54aa022627246d5ea01c6bd7

SHA256
e33039a05e8a96e21dd1fe2554adc4b3f637fb689bd690c471a364974197cbfd

SHA512
27c7d2d9f92089d05e2f20c0d339c645b7c2bbfa815df756013755ac82dfd670a9b098b807595e14e5a62ca25e6d9787bbaedc1f22665b4c0583b2bd2e5fc823

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cea318cec7cc3ba778f1654dbff6d759

SHA1
7a7d677aca094bfbc437c3bb1c7aa9e5315e9c76

SHA256
ae12b2cdbe37999aff295fe350470009157d06f3f4a58d37ad86835e2d1f4d4d

SHA512
b0acdbf73a919349baf5080ff4d1d9a02d1e0a92568fc3d5be80aba19fe34f92ea0b31af39d7ed3a117b4f2b3295c3d5ab1b2488159d850d0b8373e15faf5b2c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3a0b5b49f56a679912bbbbb017c5adb1

SHA1
e2acafd9f561fd6fe55b67a01ece5c2adac3afe8

SHA256
bb2121c042c6566df163d482390171bab0b97084458c234f07079019a1b46f15

SHA512
2d74b77c9cb62dc2850008c08904462c0ec900966765aaf0258635e88ce769dc819cae34ca1440c3887bf42bc37172a094baad5f04f5d0ea05d66e07bf046611

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
eaded81144431998009fb55555746829

SHA1
165a170545262ab28447a92662c5b4b524532861

SHA256
65460784f3fd84059e736182012fc099b290b9be018ec6ad306ddbbae70035b9

SHA512
927dd9c21aa0c96f3c89014d00f7c6ed2cb260c7832987ce7643bec55b1ed1c9c85b88772664d5fc9790ad8f3ac7b719ecdd31a6675bbe027cb1ae5f114faa1e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bb80f52c31107d6cd1c412a4be5b8621

SHA1
46597cbd58aa3cc8ebe4b2d95afe1929a87aabe9

SHA256
ddc8f8e92625c274f426aa02b059f703dce3547a34743e1ddb55b21a6127cda5

SHA512
09ec07856915dc6c0db5a166aa2db6030e52fd0d8098de56f6bdcef7423f1267ee5bdddfe598de1f000e26f8313923dd4f7ebc401970a4f9f1303372b35a19f9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
af9aa0e6a2d2388dc3ca5add2e5938c3

SHA1
7cea9782f60a15a727419dff543870ba2cd85a24

SHA256
e06a95697be98f36ce915c80c58f4a80fb1654e5ed68f633609b9a4094e4593d

SHA512
b29f230af0fd8623039b77743c2dd93c38fa9bf4134a879d30d163de440a336bbc3dfd507518ccfb2f8dca289347d71ce9ab08ac47d92c085b01a53879d95573

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
aaaa6ac5a46f5160a5526bcf3ba59e0c

SHA1
bbbdc99cd9dd91ea8d2366f7150414a20c3d3941

SHA256
27a99b2cab66d7216216f5f79d359df5941571467743934b2ea0a4faa6384a1c

SHA512
6682617ee7671a5529ef639788979b2c8cc84fe7d7cec0314daec72e99f8495588471e9d57b29443210042ec30133654c6ad8505c6d6783130e2274c2c2b99db

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f83962457f3ce5dac0e612f1bcf6a9d2

SHA1
74a3c1d37aecf706c5d7737d7629c3cb423be4ea

SHA256
1862201f383bd84b86c8fd482aa90776e612451403f190d90f1704d5dcf8c0fe

SHA512
4ad4cd9920a62484f23a3c1b8e2eb94d8d152ec7e21c11512229dcf021368a3d591b9239a75e45744c11282aded59d26af49db8999c4b8a60b02f17c3aa579ad

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b43a7485b8e4c7fe0fd98861fe1dad25

SHA1
331eb032a2dc9ce8c26905cf82473abd0a791631

SHA256
73bca4a0c65a94d3d370c45027f514aef11dcecb49296c86a1205ccbe80cd1b5

SHA512
3f3a68afd7e34cbf3fd72dbd93504f9b1d91eeea86ab6a8e0935a752b9a073b945e4616987d16c38d884e3406b0a6666f0b131dd793d83af6f212a6ff1c1adf8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7eb69532db713bb5a5aae1607ca34fbb

SHA1
bcf36ddc11bc3674b10ef106bc71dd408e9f9016

SHA256
ae24f7736b94a802e726e6bad267351422c7caca625d0aaded9972c687939b79

SHA512
1fab19145d5d1a4e89aac167040829fe2674b969f35924531f4d606c86f5c038cca126f198328a145265c6f6eb7022a4963f518d041be426e2400c34398b75c1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a77172bc73e61f7a182b9a7a10e78d98

SHA1
1324e54c81a5ad24722b0577e6221feac6eef95e

SHA256
1fef08885e71104727c0c13404da4d44263f5aea92303c978bb2a17ccaf936b0

SHA512
274ba478a152059d0da7aebcb1eed713b661e833872485c0b8bb47b4e0a068fb14c535060f0f3b5596ac0fe5d847d0be7a174247fa7c86e7dca77c20eebc8693

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
bb07696666bdbac2731aa4335223e345

SHA1
c1aec7da183b077c96c5aaf04d9ec2546ab51007

SHA256
68d2e08b5a82034c3849d2fa82f5650796e42314f584a4b619ed710e0d2ea2b2

SHA512
515436be970a6c80fe683bee81d0ac8b4b3e0d79af551be658eeeb5eeac146b57806052faae3040d1bb0a9d89eaa76db3c3dc8a07fd7b12e40f888ad10659e0b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\hqw8ypt\imagestore.dat

Filesize
1KB

MD5
afab3edb43719f3669f496c9dd420de6

SHA1
9b3b1c81e7a31aaa3b180783e96e6bad7f6feac2

SHA256
4f7444f3413978b965300a82523d2b4df9ec5ed631ef3de63929bbee0155b692

SHA512
5eed9512e95ee90c306a4be9b3884eb9b52e3eef8b06f212503d468777541e452dae037f3164bec2abd16ad60dcd1b7fa44dd9b853df1998ee6ee40c81e067e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1VX38S3F\favicon[1].ico

Filesize
1KB

MD5
f2a495d85735b9a0ac65deb19c129985

SHA1
f2e22853e5da3e1017d5e1e319eeefe4f622e8c8

SHA256
8bb1d0fa43a17436d59dd546f6f74c76dc44735def7522c22d8031166db8911d

SHA512
6ca6a89de3fa98ca1efcf0b19b8a80420e023f38ed00f4496dc0f821cea23d24fb0992cee58c6d089f093fdefca42b60bb3a0a0b16c97b9862d75b269ae8463b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab48A5.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar48A8.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
memory/2304-0-0x0000000000020000-0x0000000000021000-memory.dmp

Filesize
4KB

Download
memory/2304-7-0x0000000000500000-0x0000000000546000-memory.dmp

Filesize
280KB

Download
memory/2304-6-0x0000000000400000-0x0000000000483000-memory.dmp

Filesize
524KB

Download
memory/2304-3-0x0000000000400000-0x0000000000483000-memory.dmp

Filesize
524KB

Download
memory/2304-2-0x0000000000500000-0x0000000000546000-memory.dmp

Filesize
280KB

Download
memory/2304-1-0x0000000000400000-0x0000000000483000-memory.dmp

Filesize
524KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads