ab6e5f5bc2486c3e98c7d2b8b786495f3798f824a5bc199369b31d9f755b09cf

Analysis

max time kernel
122s
max time network
130s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
29/08/2024, 14:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c9039d8f848c23aa133ba43f88c1b035_JaffaCakes118.exe
Size

536KB
MD5

c9039d8f848c23aa133ba43f88c1b035
SHA1

daea13b4ca1bffc5db915e3e8ff374734887783c
SHA256

ab6e5f5bc2486c3e98c7d2b8b786495f3798f824a5bc199369b31d9f755b09cf
SHA512

3a3d24834d55feea6b32f94441b233fb35bddbfead2bdbff41ac667db32413c6f97290f5dc128ab54ef8663373ea8ed7faa657f88b18796fbf4605e6935b5b3e
SSDEEP

6144:2+UdvH/XwGC0HVluYEW0AXbmk4dK5YF3STcuMuUN4T8InHNRdn02rXgxbRV1drX:23JH8ZV

Score

6^/10

discovery persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Windows\CurrentVersion\Run\wmplayer = "C:\\MessengerPlus\\wmplayer.exe"	c9039d8f848c23aa133ba43f88c1b035_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c9039d8f848c23aa133ba43f88c1b035_JaffaCakes118.exe

Modifies Internet Explorer settings 1 TTPs 39 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003125cc29be9a0e41b44a3d73dc8faf7100000000020000000000106600000001000020000000f484889b482ced3415bc80ea3b2dd47aad884449a2f01c719c73d092c437b997000000000e80000000020000200000008c889554da6868eabcb3c3bbad0f50f4cafbae7696f2c064fb13406d4d8ab7cf900000000608cdb65480cf4fe1c465900cde1c18cf79b0a55d86476b44d8cf5a0f9040fb0585cfff4bce85fe88c2861620fcd403a86fc6b6d39e90b132fd42fa2a6c529aafdd1302ba52ef13f84495adb5bd23dbaea8ad897de34d05d0168a97636d16a33a486b8bdc51d3c90f46227db963def7ee28eb788d7be10d3c2089d57131bae2c2d72ff03bf1b826a0c02188c71795d1400000000cfd4b9ad9b5f2d879531f20db82de5d4301b75ddf43fd2f9639843050f3fd8129686c2e9b350cb473a74cd9aba5884563ce16805199ef6de5cb4d00a7a48767	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Download	c9039d8f848c23aa133ba43f88c1b035_JaffaCakes118.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003125cc29be9a0e41b44a3d73dc8faf7100000000020000000000106600000001000020000000a3dab2cd4f29d82b4f9f01f2b574b3370af0d6e9c975687d166641392edb667f000000000e800000000200002000000036143e6bd5adadf63d8803b8a716e4b85913618ae77997f8dc05c60cdba9451620000000a2aed02c781352a8696e1e19b29448f32646c5cc1b0b068d19ad90caf51e3fbe400000005068d5e799b0da93e50c31726c5bb0d7102b1bf3678472507e44b1c574b86f87cc35d2c83e8ccea4b370d5c8c3e0f8eebb0ced329a244dd9f37b32777bd413f5	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "431103849"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Download\RunInvalidSignatures = "00000001"	c9039d8f848c23aa133ba43f88c1b035_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 80cee56f20fada01	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Download\CheckExeSignatures = "no"	c9039d8f848c23aa133ba43f88c1b035_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{981C7BB1-6613-11EF-9D6F-6AF53BBB81F8} = "0"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2960	iexplore.exe

Suspicious use of SetWindowsHookEx 7 IoCs

pid	Process
2308	c9039d8f848c23aa133ba43f88c1b035_JaffaCakes118.exe
2960	iexplore.exe
2960	iexplore.exe
2772	IEXPLORE.EXE
2772	IEXPLORE.EXE
2772	IEXPLORE.EXE
2772	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2308 wrote to memory of 2960	2308	c9039d8f848c23aa133ba43f88c1b035_JaffaCakes118.exe	30
PID 2308 wrote to memory of 2960	2308	c9039d8f848c23aa133ba43f88c1b035_JaffaCakes118.exe	30
PID 2308 wrote to memory of 2960	2308	c9039d8f848c23aa133ba43f88c1b035_JaffaCakes118.exe	30
PID 2308 wrote to memory of 2960	2308	c9039d8f848c23aa133ba43f88c1b035_JaffaCakes118.exe	30
PID 2960 wrote to memory of 2772	2960	iexplore.exe	31
PID 2960 wrote to memory of 2772	2960	iexplore.exe	31
PID 2960 wrote to memory of 2772	2960	iexplore.exe	31
PID 2960 wrote to memory of 2772	2960	iexplore.exe	31

C:\Users\Admin\AppData\Local\Temp\c9039d8f848c23aa133ba43f88c1b035_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\c9039d8f848c23aa133ba43f88c1b035_JaffaCakes118.exe"
1⤵
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2308
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe" http://www.youtube.com/watch?v=uFn_a9Zhc2A
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2960
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2960 CREDAT:275457 /prefetch:2
    3⤵
    - System Location Discovery: System Language Discovery
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:2772

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
dcbe665d1c6507a02e503137af091462

SHA1
c76ad4f1389cee806e4b5cbca207e29fb35ba057

SHA256
418729a1d187676741f45aedde5716a6bf42e599260a483724975c8d82a8678c

SHA512
ac989c0191b88e5db2cbc90d321856d5b165216b566f9d423fd6f9f6b9c8d3c6b4115770d2638519520eccded5b91c074a393cdd84444de77a937ad433628632

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
85a2aa25e2b751ef2905d9091bda28a3

SHA1
ae2b494d4a2a17b44ccfa8360fbfd7fa21d07575

SHA256
08585be7068d7709b9c8322edba1db8bd293acc66116795491d0005f16ccb56f

SHA512
fad5402976851346ab2f4cf309f6a0d1521bcf8459ed0f629729635192bba7c31cf27b0c80550ca788c931441d72d152874444fb7fcef6517796fd40e5fe88df

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
30c881fc089daec466a7922725c3ad04

SHA1
500f096e3d56277c3106f58abba3a47b3bba29fd

SHA256
303588ca6190f05185cb172d9918b31b058325daa0dff18290763e7e2bc65aa8

SHA512
d1c769fa16e799b3eed25c402534a52157f927a1daf9dfd929ecccacd5d95b6f5ba875cfd4c89af4d9adde22d45dbd3f254f366646ddfa2d63af070cf998a62a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b4af3a05392ca2e6b50f4facfa2f93be

SHA1
c0ec2b923e321db65adb2eca26d11c8191e51b8c

SHA256
9e31a8de49f6be6cc617f253f7003de2bf74c8e9eb415fbd9d8324fd5bc682f3

SHA512
515ed745eb36de72dae909041441958f2a5264de0ea0fbd537a94123623b54c1b92a7239bc00182b31a492af8db0bd4f2ce3f69ae1dad1e45d2ee79c4f719a92

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c3feee39ff215c3f059cff1af2b5fb1c

SHA1
c21a5300dccb4e67f7abe9645cbe142d5cc9f285

SHA256
86f5a98178976e4bbb69e5c7b46eba7cb90e3ba29d5f137f30b8f19ef98707a2

SHA512
cb6c2f1708434956ba9a9ea63ce3b3d8440aae1a846d04ec2d104d8cb0424e245c260d70f22387e545d4ec3cd1c0ec9bd6fc12817c870a766028e19bd30f29b0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8b4964e5d9e69309e75d608193655e8d

SHA1
14b2a0d4bf716d64380e01e6bf2c29f49cf78868

SHA256
9747bf5449e37b68e9ca12db98852b6032ca72e2d444ca534d56bb286b622f3c

SHA512
7d26491720fdcc5a9af046c51a4e37e3624f9807b985442efde64745d7dc78b767094a7afe042cb03afccd5dfec097022e037c0a60719dd45367b5676528853f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2cbd857c568aae3a6e7137eb6bd557ea

SHA1
521140060eeb3f751432aea023fd96c5760ef5c6

SHA256
b5aec204ce93ebc8e93683c9922150a923d5d28e466a44f190265e18521e3d89

SHA512
ba264ed3744aeb6da619d9739b4d035195f751812250dfeacb94fa71f8b7d0401455aaea1e27380fcb300c5f898db7ab2ec1da44cdc4068c79def41da9d0510a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
16c009bdb1c3107de1cdc5bb1540fd37

SHA1
a210dd5c2ebc8d1e6351945cc8d16075ebea6e29

SHA256
1b3ee2e75e0140ab7b01f5b80836d48efdc728d7e762ae08a0fe457636809360

SHA512
e8a4f4b9cae99a54545abcc1a93fb591531d8f8da566fce2200456cb0d8dd1589a29dcec8ae20dc79c3a2d31b21f154952f302ffc191c7d42fd487a7ab8617ba

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
84bc845d08953d85000e978955f28d64

SHA1
6cda7e9c6d35af6f2b7ec5af7aec49223625c5ae

SHA256
db636d0edcb6c368265d4195bb9aae69e106e69dcbc290156830afbdc9222ff0

SHA512
878f96a0278cdd748a058d6ebe6ee3f618163c01bff2cabd46352f819045371ee4158a95f5f847ae4ae3f8728a548cf5d3de31a5035bcb3763d45543ff9fa8b7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6c5e99cf416ff75289bb254e2d43008e

SHA1
8d7154f98394dff736f01df76896045e2071d2f5

SHA256
edcc7d8951698b2599704ac697423a48540586f8814c888527b01be696d866c3

SHA512
04d9e2cab4c3595a6ecabe41958780cc8556c8f2431917df18d81a010ca54bfc08b81adfd6df1c2541a98c0b9bd68f548f20ae6cdf7410f057b54861527ac87b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d902f1db421d689ede6d16463208b155

SHA1
806108ca48654e6025d4ebba83d3cd57abc7a587

SHA256
17f39b602a43f567d4944acfc72bf29392101a0d39571b1c2edf39e90bd75242

SHA512
b771c41dfb01783c98706c9b72a1bcb3e173cad066fc7a5920462de3559e09f9a3668293cfc2043c90a3a3345f370bbb969ba5e739619e7a9b65eb7153cac90e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ea9b6a72c92a8e22452f1ae9a8e5d2d7

SHA1
dea921f68e995d7faaa330e3c377fa0978b3d4bb

SHA256
c70743cff3f85c9ad354e95d6e9a05a36a3f5f9279dffabcc5c6c264b939c7aa

SHA512
ef91dfab5f81114b51eb8a5dd0086a55a991cfc6bd1e1a532ef5a43ddffc5080f004e3bd5f48728321f44b9c4385fef494ea70bfc892e4fc27831a8538698734

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e30672845912e5d56f17cb074e795b0e

SHA1
32bcd5951f9e64deade7f60c379712675714e8ff

SHA256
8af1510f5634330565091a96609b84a91c2374cc77fd3d6b530d5c08a65bf105

SHA512
726d73dd432935c5ab13eb8123a01cbb848a679c9dd1565785b1bc929e4302d816a68f3dfe28152460f5f656382672fde817bb045277a96455ead6cf34f24e8f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
574761d0f44bcd18e6dbceb4ddf8c705

SHA1
0081a8d9eb53c5ab98ca531c7f7257cb2e973961

SHA256
3d2dc4e6294768e10a4a238b347298092dbb37d310292fea5fc70e580121c21a

SHA512
a45bac64c2ad2ae1420398c1f9fdd10bd03a4253999a8469c15b80b1641a16843a4423fb7c35210ee944f06ef7653c79a11b2161769026e67af90d6e6dadcdb3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
54a00c7d0cc751d3dd59cb77a85f3d7f

SHA1
e508aee1f410939248e18e5bc57cccab730c87ef

SHA256
dbc478e35eb82fc6207d6689bd700bf8a7fd643a718f0b309898d80038351cf0

SHA512
c8a6911a330c8aa702c8e602ec7296ec2b3a026e082abfa7a6490680b2d105d62be8399e793653c2a8bfe7581339025e274a39737962da54b12dd28eb61aa0c4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
aba705671ad3180969b95080b2de8ce5

SHA1
6c18052db99a9f420b2613b5b2d3d10c98d4d9f2

SHA256
1f4ff8f59aede2275906081d8e3267144a952156576a6469c5681f9e66e63814

SHA512
727f8ae0f1a9fa929cbc7b5811858e24ee7bd48689971450c6c689655c5ab5da30eff3ea40118f9a1e4c68e4832032671d3371762ecac26d593f0347285d4476

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0d38c6793e82d02e3e8dd6f3642d62ac

SHA1
294d72c59004e5c06adef5ae438222fdfe5fcc2b

SHA256
67104e9651b9a2e47dba37bcdbf152aae2a883e3034668771384c56154ae0e67

SHA512
a306dcf69679fe097bfc66f6724d16402ea350a12e0643a2013b170ac291991224485b972d457cfdd59295982b9704c11bff7787f846d8986f665b43b8c643dc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e84dfd8202d08c6d7300d93b3a1e1d26

SHA1
762b2c7e113d0d15898f9c7e93a6f2e0b4fe33aa

SHA256
e04ceb40854c598ec55feef3633f473b8b468857df6eaf749234050759c23999

SHA512
91991f4962f2d0cb1aee3d77a4ff4979c76fcfd56877ddc6a582f63f96a16ff5646a8c6dc61d499f20e5d12e0e897decc495c664e73e4ebdb071bb64850abc6f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1fbddb07146e6eeedf12dbe5e964a135

SHA1
9dc3dbffd2d888c7e1672a31f5b893a601991e5e

SHA256
56b9cc1d866ca69f2a5c2222ba42d290229b58df1da51221040654c1577905d0

SHA512
0fa34be4390c675ade35c10a117a74a7f337937f7a8adc547d981c06d3daf9b1fbef6d98df708758ff421da514c3b0189179a50df93f8f52067d6c0de534f5c2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d63774fd731b4552158956df9273f652

SHA1
3e2fda1c2e88a7534c9d9c46b93d9ffe62ec0ce8

SHA256
646257a6f2d58d220a05116abf1015de0a1bfbe3bfa1632bf414f4a25f5d3cc6

SHA512
2efdd85a03d76375c859878b8637c11172c6bd939df22dd535604be5f3709b1636a9b2c37c93450c946c370106f52def5bfa7bb5faea155463cf8ef9c18787c8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0e9f035565434da2e1db427d3b17135f

SHA1
88763a8af1949f50f4e8891814305b6866553b14

SHA256
3377c5e2ddccd2965bd139521062c41310dfeb5839549dc1d26cc6b6aa88339e

SHA512
e4f3876eed61c07480851555f716b9cd2dd9a122d33f6821665ff1cb6afdd699aea303148eff73112dbedbe459ea1386f90d8c17fa48f0922acb4e6b85c95353

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a1c1850ae552b82a19ba65ce17b5c924

SHA1
5c4a9cb7315daf5babba68dad7abf4470c469f71

SHA256
92aa38a28a259eab3d19fbec9e2a0176c9342e3aa3f15319165cbd908481fd26

SHA512
e2e5562573c938c859ce8e9b7b21f049eceffbb5c8c77a9004c60799677b51cf69b851071f547407b834976406f3c08c9457c26c81e72c42bf9cc96490b59e4c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
1a094eb41799cd2715c3e8d8e8cff591

SHA1
7fb10b6cf2a10c9dd663afd6475262a7dd164da4

SHA256
2cb68bd0a3746344bbe9e018da5e84905326464f0e0b4335ff74d1580018d53d

SHA512
cb93af44f846b159ea8aef9dfb66066c53002c94d0dd25f6e0305e12d326c8dbc25ce502bbb85bfe2f060f00dd57ab97a100b4d0cb1758942b64bb5498082d42

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\jmgc6we\imagestore.dat

Filesize
1KB

MD5
1a15aed4a2cd25fa7418086415c24c5a

SHA1
59babcc3e32d48f2f52c7c8e64ab8371a8fc98db

SHA256
05ce98268dd474f076438372eee35c7cc9bb0e7b2b569e028ddf92c35f29d55d

SHA512
641740b7339e9dcdca5b059a185973cba428203876de526a425319827ed52653c99ed6f8a087f9781bfa84848fcf0c2a297ae09ce267f625cab3f71c2cf741f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J8I3CVQY\favicon[1].ico

Filesize
1KB

MD5
f2a495d85735b9a0ac65deb19c129985

SHA1
f2e22853e5da3e1017d5e1e319eeefe4f622e8c8

SHA256
8bb1d0fa43a17436d59dd546f6f74c76dc44735def7522c22d8031166db8911d

SHA512
6ca6a89de3fa98ca1efcf0b19b8a80420e023f38ed00f4496dc0f821cea23d24fb0992cee58c6d089f093fdefca42b60bb3a0a0b16c97b9862d75b269ae8463b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab31BB.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar31BE.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
memory/2308-0-0x0000000000400000-0x0000000000486000-memory.dmp

Filesize
536KB

Download
memory/2308-3-0x0000000000400000-0x0000000000486000-memory.dmp

Filesize
536KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads