1ddf4b34e8ffefa7656a9a428d78860a30225a5235a4c2f4c91971e90ebd5ab2

Analysis

max time kernel
150s
max time network
128s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
29-08-2024 18:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c96cc8f95b6c2f636a7ff888ca021fb5_JaffaCakes118.exe
Size

1.1MB
MD5

c96cc8f95b6c2f636a7ff888ca021fb5
SHA1

680b068c9a7433833086efe07fe38a0678e8ed0d
SHA256

1ddf4b34e8ffefa7656a9a428d78860a30225a5235a4c2f4c91971e90ebd5ab2
SHA512

ee816a1ba044a2720ab73a58376f298604d28464c63fd3be0343d3ce86ba51b29a44b7e8f4190b616e2d84a616889f839539393c0c3163d900436a556ae718f8
SSDEEP

12288:/sM+aTA3c+FK1vrlVYBVignBtZnfVq4cz1i5pP9kPQ6D:EV4W8hqBYgnBLfVqx1WjkHD

Score

7^/10

discovery

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
1148	cmd.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c96cc8f95b6c2f636a7ff888ca021fb5_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	PING.EXE

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 2 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
1148	cmd.exe
972	PING.EXE

Modifies Internet Explorer settings 1 TTPs 44 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004961a9603b5d8740891a04601e8b8fb9000000000200000000001066000000010000200000001ca35a98a92bf966d1c38dff7d20b27f19c19d69823304b4a2f5789ee86be986000000000e8000000002000020000000c5ad982ec7d1dd292367665fb39d31cb75ad69a69c3fa8e3c06987da5a034f1790000000f0e412d561b398653c89c54afc9fd66840e55384b2970a85b98f2f5a9f5f5332550fefd04809e7e6a65f0899602831e623a846552f1243cf7530d04a2091304987c407860655101fc65dab26a6203c3254025f4d6efefab84bee5763b6f9ff8804468cc4ac6fddb66f2ddd123221961482ad0c7c42b70620e7ffeaa23543f00ab6ffac8a551bb0049f158dc722aa9cf24000000023ea7b19b4fc2bc50de19b7d0bb289896c651025fae93bc4c22c33787ed0c6cae002c269efc194600ef84b47b7d0219a93c56ace20ebde7226238fc0c4747fdd	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "431119579"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DOMStorage\searchm3p1.com\NumberOfSubdomains = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{3821B6B1-6638-11EF-A429-7A64CBF9805C} = "0"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\SearchScopes	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Toolbar	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Zoom	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\SearchScopes\{16158979-5A53-42CB-A3FD-23B7774B20F1}\URL = "http://search.searchm3p1.com/s?source=Bing-bb8&uid=5e48802b-558e-4f6a-a13c-235444a646cb&uc=20180415&ap=appfocus29&i_id=packages__1.30&query={searchTerms}"	c96cc8f95b6c2f636a7ff888ca021fb5_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\InternetRegistry	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DOMStorage	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\SearchScopes\{16158979-5A53-42CB-A3FD-23B7774B20F1}\DisplayName = "Search"	c96cc8f95b6c2f636a7ff888ca021fb5_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DOMStorage\searchm3p1.com	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\SearchScopes\{16158979-5A53-42CB-A3FD-23B7774B20F1}\SuggestionsURL = "https://ie.search.yahoo.com/os?appid=ie8&command={searchTerms}"	c96cc8f95b6c2f636a7ff888ca021fb5_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\IntelliForms	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004961a9603b5d8740891a04601e8b8fb900000000020000000000106600000001000020000000eec9e43402065bedfcaa2695b86b98f8dbf9c28543d1a94abcd9e67cd623bfd3000000000e80000000020000200000009e421d4071d9b6ab45bb26823ec4e8fe0b0df62f994beb8eddf528234dc6218e20000000fb919a0aef8a08e9dd4e1fdb069a661481c007ef86e14217efd463bc126cd68f40000000cec066145e642587a6c1390140184091d3b2fe1b9dd77a23713a60562ba71df7ff130297e7526dab2662014f5839a59aee15128d92be21fac2d625ecb2d4b0d8	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\PageSetup	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a06ca90f45fada01	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\	c96cc8f95b6c2f636a7ff888ca021fb5_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\SearchScopes\{16158979-5A53-42CB-A3FD-23B7774B20F1}	c96cc8f95b6c2f636a7ff888ca021fb5_JaffaCakes118.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE

Modifies Internet Explorer start page 1 TTPs 1 IoCs

stealer

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\Start Page = "http://search.searchm3p1.com/?source=Bing-bb8&uid=5e48802b-558e-4f6a-a13c-235444a646cb&uc=20180415&ap=appfocus29&i_id=packages__1.30"	c96cc8f95b6c2f636a7ff888ca021fb5_JaffaCakes118.exe

Runs ping.exe 1 TTPs 1 IoCs

Remote System Discovery

T1018

pid	Process
972	PING.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
592	IEXPLORE.EXE

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
592	IEXPLORE.EXE
592	IEXPLORE.EXE
3032	IEXPLORE.EXE
3032	IEXPLORE.EXE
3032	IEXPLORE.EXE
3032	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 16 IoCs

description	pid	Process	procid_target
PID 1520 wrote to memory of 592	1520	c96cc8f95b6c2f636a7ff888ca021fb5_JaffaCakes118.exe	30
PID 1520 wrote to memory of 592	1520	c96cc8f95b6c2f636a7ff888ca021fb5_JaffaCakes118.exe	30
PID 1520 wrote to memory of 592	1520	c96cc8f95b6c2f636a7ff888ca021fb5_JaffaCakes118.exe	30
PID 1520 wrote to memory of 592	1520	c96cc8f95b6c2f636a7ff888ca021fb5_JaffaCakes118.exe	30
PID 592 wrote to memory of 3032	592	IEXPLORE.EXE	31
PID 592 wrote to memory of 3032	592	IEXPLORE.EXE	31
PID 592 wrote to memory of 3032	592	IEXPLORE.EXE	31
PID 592 wrote to memory of 3032	592	IEXPLORE.EXE	31
PID 1520 wrote to memory of 1148	1520	c96cc8f95b6c2f636a7ff888ca021fb5_JaffaCakes118.exe	33
PID 1520 wrote to memory of 1148	1520	c96cc8f95b6c2f636a7ff888ca021fb5_JaffaCakes118.exe	33
PID 1520 wrote to memory of 1148	1520	c96cc8f95b6c2f636a7ff888ca021fb5_JaffaCakes118.exe	33
PID 1520 wrote to memory of 1148	1520	c96cc8f95b6c2f636a7ff888ca021fb5_JaffaCakes118.exe	33
PID 1148 wrote to memory of 972	1148	cmd.exe	35
PID 1148 wrote to memory of 972	1148	cmd.exe	35
PID 1148 wrote to memory of 972	1148	cmd.exe	35
PID 1148 wrote to memory of 972	1148	cmd.exe	35

C:\Users\Admin\AppData\Local\Temp\c96cc8f95b6c2f636a7ff888ca021fb5_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\c96cc8f95b6c2f636a7ff888ca021fb5_JaffaCakes118.exe"
1⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Modifies Internet Explorer start page
- Suspicious use of WriteProcessMemory
PID:1520
- C:\Program Files\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://search.searchm3p1.com/?source=Bing-bb8&uid=5e48802b-558e-4f6a-a13c-235444a646cb&uc=20180415&ap=appfocus29&i_id=packages__1.30
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:592
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:592 CREDAT:275457 /prefetch:2
    3⤵
    - System Location Discovery: System Language Discovery
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:3032
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\system32\cmd.exe" /c FOR /L %V IN (1,1,10) DO del /F "C:\Users\Admin\AppData\Local\Temp\c96cc8f95b6c2f636a7ff888ca021fb5_JaffaCakes118.exe" >> NUL & PING 1.1.1.1 -n 1 -w 1000 > NUL & IF NOT EXIST "C:\Users\Admin\AppData\Local\Temp\c96cc8f95b6c2f636a7ff888ca021fb5_JaffaCakes118.exe" EXIT
  2⤵
  - Deletes itself
  - System Location Discovery: System Language Discovery
  - System Network Configuration Discovery: Internet Connection Discovery
  - Suspicious use of WriteProcessMemory
  PID:1148
- - C:\Windows\SysWOW64\PING.EXE
    PING 1.1.1.1 -n 1 -w 1000
    3⤵
    - System Location Discovery: System Language Discovery
    - System Network Configuration Discovery: Internet Connection Discovery
    - Runs ping.exe
    PID:972

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

Remote System Discovery

T1018

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
ce1ceec426b32c301d48efe5f9d4f153

SHA1
30e1a6b73afa8a010c56989ae0334affc927ccc6

SHA256
69f69aa6b517a3ef91293900666a733668b129c8dd1641a5adc412046bde0a6f

SHA512
a836aeb9bbfd53f67151653d2a5e392195f4369310f50d8875176c8d93f1a61e67e7be08350e8434ee635ac35d32126ab1af41120f115c8a1943787bbe27a050

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
dc19d30bee444ea81c02c35a176f010d

SHA1
35fb0dcea5fcbd75b60c8e754ed8783a94981ba8

SHA256
bb51e491376ecd4ab01f0f5f9e95447c69e69beafb1c4c296ce4a1f51ed80971

SHA512
c985a9a887ddf5743b7d14b3946115f1bf4b5c356a891b4faced7eafee8f8a74d1d0aeddf37923d59b5f46851536ade9c7972728efe137f0e03646bc07ba03e6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
da7e003aed30a1560afea38f90e810c4

SHA1
d238dbdf02adbf15a213cceba8fedd3ca62a077e

SHA256
dd8210e7f567bc98ea451825eb212836b7c30c48c4834a639ea04afb5b958d9b

SHA512
4245dd673a808ffa24daa740b5e4a6878eb6c45ad50f19439ffcb1aa0e16f57f27dfd6913196fc7c6e1afd18a78196c6f3f5e130ce17a6f4e4afdf257cfda01b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d33d99271001d1efd602bbea146851e8

SHA1
496fc797026ba427db50f3755517aa4e8e8a56b0

SHA256
9b7a105a6b6668da991f5cbd8c9d5491edd7bb418c0808f075c3292c3dbc1ee3

SHA512
4db1e0bea3259ee13a3036db2247b66cf329e1061f09d7a9328ec2d65ac337536907d3823730ac3e4943677a2d46ee4c0859a942a40e4ce9f5578d5f66d7fbd8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
59bd36f61860c574d599e5fa26881afd

SHA1
c83200bc54aa6960411cc6b995a94e2c93ab7602

SHA256
67cd8684d52c1ca4a19296ee545375565e844f4427a423a60cf824e7aebc12a6

SHA512
6b14d01ff660e5538b361d4d2e3301cbc0ba72062e3eccc269b75fecc07d1a411065a2b663a09d96b6b220bd03ef6ae5fe4f5c4d0c069d0c14cb470700143d71

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c67aa5f3d037490212d760ee083236e2

SHA1
1a7b4992b0035788ca88278e61e4385737125499

SHA256
d5eaf44cee884e83da74b096ef008861670deb61bde82c2f2b4a5a3fc02211a6

SHA512
96b14d07dc7ca96ef210f4fac5960c2e44d841dbcce5dee5cd28357b7610502cd3d72619675f1d0b196ffd9c2bef9d5d86a52a447309b0b8f45f742cd94ed445

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
358fd8838d696e70505e6283c1509fd0

SHA1
696a9e5b3565d0bdb409dd785a9fb70eb28ddd57

SHA256
303f7589c724b799816b004edff792d2987a80ef1d05d6d50f1d1170af2def91

SHA512
bf5a2d6f2b4fb06e09d34c35cb38cb740b9e9e4e4990c98e4d54fff9bc0f803b5e08acd6c669600f7e31546867dd169db4b78a2ac0aeb58b3ff842eb6cd39762

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7720557be8a4fc8f794c994805869922

SHA1
6f33c67fc125f4ae8563c6e513509d4c2c74aaf2

SHA256
5984dcff8df9d2eb748e0345e48622d4f8763f9602b10650c97d47fcf8a763a9

SHA512
2dc01b49d96af008bbcb9bcb63c55388b3b0961ae85491e53ab4f7638c2fc37e4bd9ca4eadd34c3104c471e317c41f123aa119f911149cd17455c4a4fec15c10

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a3da7cbe5fa4778d6de76606b972d210

SHA1
000eb009dc1cd38b44f3c71ca4ffa00a72133687

SHA256
077277ac227adb70a25e9a717c6a263975b88605553b568e306aad58ed49be4e

SHA512
e365ab00075492ffde928183185eae433ec92e758c39a4000a16e791c5e432f44b7793f05216e1ca735e0a782bd77042b0d13e337206bd66751d4ec08b0319e2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
00448343475c841e4319e4ea80423ffa

SHA1
f89fcefe536a6a752e3200d34531dbd6ebd39023

SHA256
7622a67c7b900a85dddd319a91579a9355fe0bb48b2da5fc27084885f32cb6da

SHA512
ba877c0ced6e7722e9f60c1d8437bc62a705e2d6ee36d129d255136ebc243b034ddcf0ceafefb275e95c09a4e35882980f890a07b881d68143403143ecb0b555

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f977f868f1e2e0f80b14bfee670c852c

SHA1
d28e3396b141a3f7f2023971add2ea35c7f7c822

SHA256
c5c44524eabb41005846059a319d12f9503c4a7e897b2f0119bc535e8a399e49

SHA512
d8da3a0e8af86e989e015b260141755bd9c444bfc8b2a9bef4ae2765b1be4b9c2d9dba0a46e0532d8d521349e6d848a75374179716b071d6321af4b26cd03b5d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ed3bda8892e6690f951a5b6773754f20

SHA1
350348e2237fb54c3cfa7481ab9f2f4b14530b4f

SHA256
0828fc7b36f4945d6a8435791e3a2d6dacf7ba555b242f0087a6c8b19257a0fc

SHA512
9ae5011a80ee3c1fa404dd3e879a7bebf71c43a64db7ec4292cd1736744550a3a43d8669d7b678cd2af3d18a21b7df164970db69e3300122803ce5f72a4d1aca

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
81e08a3ef81a8a9ec379ae6ee93cf489

SHA1
72a09f4b4c6ccb1d0632596c80ea7bc5f20f6d58

SHA256
91c710e134a1223001fee434b807fb4f4d7444e78f7f6fe5e3c1da4c51d7681c

SHA512
d43769ef42d60fe76579ebebd5975c30054f5a828da4219bfb1f6748a9092edfdaf4ea7fb7698c054badcfbf49efdef67c6829298a03b3d29e9d50fd581f1629

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f4660600d039792c28ec5014c07fa7f0

SHA1
39d2423f8dbb395b5578ae5c75c445f390995cb2

SHA256
c80a128e4c63edcf774fcdedafc6f7c61d3cdea52fcdb0429049fde49638a89b

SHA512
e8ba19d11c51eb2d4297da1f9b0483df7b6b23b20e4ddc15092a1cabcbd2d0faaf063d6492504606e9fed1c3e81068a7dd0fdde2caec3b3ea7761403df8f9407

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
dbd1722826eff89298dc9e0c06802e5d

SHA1
aca5953b8a149cb47871fb8930829cec6da0e665

SHA256
9b4cbbfe07e676c9b25a455c97c698657be3e86d362be40bd2551bde268fe256

SHA512
62da1281962e9234a7909317b4e27110deca75646fe66db33a47d3d4db24a1a8e2d477c44f6469fc7aef159b44c573833e289a78e62341f72ac27de647934145

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
13fd635098ba61654e0458447a428750

SHA1
2350dbcabf5a54807dd29aa0e4af1d33c0ca665c

SHA256
54fd111fc5531b6872624cfa623d1746dba5d958b0349c0b1fb55b0bc9a30d04

SHA512
a5c2b59a06d83d9eb83c11e65be4bbb5662eaf7c112a9c84f6a768697e2ef14e875648ba0e63092c0292ce6eda7c22141f9f6f932ba748c6ace20a42441f3542

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c984380851ab115cf1b8b58b8c847a62

SHA1
3d083df441d25f4daba6755ab3af29b732b6fca3

SHA256
503b9faaaa7e61e7a0a9ec40165b4a1e6a3d7d57585bc1a3e9268d1eb5f2557b

SHA512
b66a03df38d6fc1235b4b0d7f6492971d53aee59715db9213930d26ec234da37942e885b22c40b8f4865cf30cb3696e12cf85d6f9d871269798a7614eb57424b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e1226a1a88549d6b63403046a46aedfa

SHA1
f8b9f160da80fc64f9a3e11f1759060910464e3b

SHA256
70934fb1c66bb60c460c272296605e3b038d7840be6fc12e1ba202d8b5ec1afd

SHA512
8ad8e7ae5aa8c9552bc381deb2ea4f81aaf87952a7e5e02fb2700886bfd5be53430024ef44dce11cd84328dde11bdb51ff3a6d1c4df833295c21fe8a4074cff3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
20f4724d44d6bdc78a956a8d25a3121a

SHA1
30a05baa6be137b22a087863ccafc562fe89aebb

SHA256
ee21d18a84f373e6df58ab6e35b193898ad24b0037bdebe4bc63c89290ea2fcf

SHA512
961df86ebd3410bfb609ff04495c599a4bf96b7f39365c6347b77bb5dc5aaeadaff6ef97d6f6fd3cdd1f7eda00ba99c1ccfbc6a97e4756f69e9f0ad03f675505

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6611830eabd93a8cb9ea372676e1a9f3

SHA1
02ad69b1fa6bdf4c80666b6005e7ffcef3268d97

SHA256
7403a2312044990467b599966968d04b20a360ec48c36b91597402981d4e37f3

SHA512
f236b79bfa90dc20266bac27a6a8fc05e12b441c3660e25641caee4437e23cc3efe1c7c656672e9fc2a049daad1e455176692c2c83416423f36e4854dfe9fa38

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6172cec27df3ccb7b594dc42b0f716a1

SHA1
5cda628ea392e91a170c72204d15cfba7fc04e3b

SHA256
b5676772998b8e1710d4d8bd32e97b8cd26ef291d6557312e92138bb8fb13f25

SHA512
0df0532988d6ba65ad257b44d00da3c090e4b4ec2a536392298db9ce8ab2dc2d49be15793f67caed428ef767394729ecee2fe123937ea7e9f16c543134ced133

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5e83979b353b3f3ef5fa2125ed0a7a76

SHA1
70fc623394c3c04760c6704c76746a8caf621ec6

SHA256
199c68bcecbb4a256f2c04b04a15db48f2664cd9b06dcee8ba0c7d32da074956

SHA512
0c7fe37128469849ff464ccef34337a8c7afdee3d16dece490c6f214b110e9431370cff7eeeb98e03200a77bb19f77686e83197ed3db2b2612f44c2292aa095d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7f4c0ebb48f3e859d70a91cc31bc306a

SHA1
b88d0cfa94aa5c4bcc82d3a2c93237f554907252

SHA256
b4c3eb1cd3f287689c14d93cf39e5da00b8e77c3011d697e994a3669ec022563

SHA512
09c4b1cfbf5175faec6c47c4fc2b0a63603623c1873613369e2bc278312a4794ce948dc73ef7130a50edb834bb342a0da822d9d09b9517216b0539a92ebbece0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7a4a8157e2d5cd1927963e2aaf858108

SHA1
21c49eb31b7f6dad2cce0d2084d4e940f4046ba7

SHA256
651dbfa982878ad96e05d29ff81861e4dbfa0ae6e0877711402e737bbb334210

SHA512
9c6fe9f7a7dc0f505e5cdb004d3e1f0c7441fdc21e013e4d5b33f7c9ad3c6505057ec92b10bffb4d9f57227be09d49101922fca4f0c94cfbc9c52e94c906ffe5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
219832424db21f62663b1988d5b3beeb

SHA1
85b00a0a1b0add71abf7c4014d84e3caf2160fe5

SHA256
1f34a2dd5360b15ed26051d45da6088d387aba81b0e503a4b9a2f71baa43e50b

SHA512
ebb7c962b1db1f4360acf23c4a8ba7354bd6a86ec9a62324b28ec286e66fdd93d5f5c5ff4a1fc7f69a2ce0394ada4582e4815400ac33c14940d09caecf27de5a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ca1fa670c635994e5c2debfd3a3fa243

SHA1
cd3eb5b8553063844383c49d2c3d7b8749758fda

SHA256
c898ab3d522d43ca581bed4cd1f10ee96e68ca42539c5bd5921c34338f767bf2

SHA512
421702fa721fb6073b69a0ace359d6ab289deef3e95adbbd576c14c0d3003fcc010e51e0d4efecb4c37c7f8488fb9743c0623922ed49ad4cf7ea7a62252f0187

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
c849b3e7534e05ed849e1b27372513ea

SHA1
29dd0b53ce9deebaef8ee1ffb9b458d80d42e406

SHA256
958622470c3c35b048310eba5a400af41b4ff2fd1bfdea2fff259ce66ceb66ad

SHA512
25be2a694e3d7517185e839131f0e850ad9fd866e3a43b0656f187c479736abd99955c7d7b608a574daa2aa9a8017546abb584b2e4adc71ef852712ff8cc2cae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\pzrzu69\imagestore.dat

Filesize
110KB

MD5
6d058b9521d3cc315606b687b726ff47

SHA1
fb56129e89adcbbfac0e9946c86ffbe057f0c64a

SHA256
b14040253e3d1bcca5410d7f2bb30fff7ab0f688289cb98a5ae13475c38f29aa

SHA512
234692d67e32e71aac5f0503f2d198889a8b6bb45a004af407ee6699d6a5dafc53014246ba3c2bcb783bc87da7c16fc5d02d6260a95fb85dd778c11907a652e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BDDDRHWK\favicon[1].ico

Filesize
109KB

MD5
504432c83a7a355782213f5aa620b13f

SHA1
faba34469d9f116310c066caf098ecf9441147f1

SHA256
df4276e18285a076a1a8060047fbb08e1066db2b9180863ec14a055a0c8e33f1

SHA512
314bb976aea202324fcb2769fdd12711501423170d4c19cd9e45a1d12ccb20e5d288bb19e2d9e8fd876916e799839d0bd51df9955d40a0ca07a2b47c2dbefa9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LW44N8OS\js[1].js

Filesize
197KB

MD5
569dadab5bb1eea614eb8fb47c0a4a2a

SHA1
ff7cd577db38243529d3b44b18443de48bb18b15

SHA256
eafbea5f77d993864c5557f26ab2902812b043a38407cf7f3b3c8495d4414c1a

SHA512
d21ee0c3a859446dfb33014f63db7ed9cfeabeae63527bda3a53ec3ee4d79be5e0af73830c7e761c0c68c4170f922dbee731b9bf819c6f026df79fdfcbfea041

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabB656.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarB669.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\8LE5S3F7.txt

Filesize
686B

MD5
464c1284c3c3079f2eb7734a3b954556

SHA1
e108045ede7f5ad629d291314368fd8e0d8367c2

SHA256
836e287cbd2865ba28866aa717d20431ca4232b6ade31d8efe9ae89f3782b445

SHA512
8883a2cd6bc8511a8f61917d5bb0fa56db1d08d865f99693144c182bfd21444d10ac88e2913163aeae9c21474e0602e15d801c9328a6e736108ba7f9f6b5665f

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads