9fe933489e68d282bc46a471fa473e9d586581241b1071a80181cadad2b1ec2c

Analysis

max time kernel
134s
max time network
128s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
05/09/2024, 23:51

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

ce2f2608d88a08b84f975ae19369d640_JaffaCakes118.exe
Size

1.1MB
MD5

ce2f2608d88a08b84f975ae19369d640
SHA1

c0d5591a4234536db3b77a8e89765aa90fed9876
SHA256

9fe933489e68d282bc46a471fa473e9d586581241b1071a80181cadad2b1ec2c
SHA512

de6ff2beb8630f2cf3b77076b2dd0ef3f5404948f657b19adb1a683422836cca475ba168e9beb41ad2806a916982aec0296982a687a4a3f3340456b1693547d5
SSDEEP

12288:XsM+aTA3c+FK1vrlVYBVignBtZnfVq4cz1i5pP9kPQiE:8V4W8hqBYgnBLfVqx1WjkvE

Score

7^/10

discovery

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
1348	cmd.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	PING.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ce2f2608d88a08b84f975ae19369d640_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 2 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
1348	cmd.exe
3004	PING.EXE

Modifies Internet Explorer settings 1 TTPs 44 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e0cbd5adeeffda01	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DOMStorage\searchemaila.com	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\SearchScopes\{33E530CD-C444-4DDC-A57A-B5645FD6CCFA}\DisplayName = "Search"	ce2f2608d88a08b84f975ae19369d640_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Toolbar	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\	ce2f2608d88a08b84f975ae19369d640_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\IntelliForms	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\InternetRegistry	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a7e3310a2b0e6e498bd88e48ec67abf6000000000200000000001066000000010000200000004c453b9043df41e500a9a01223d05d60e0777b51a0f7b02c2b4ad9b57c517605000000000e8000000002000020000000aa432271c0e8e93a738ea091dd084250ee12030f78376ef6528e6854cd9741ce2000000048228d851420989bf2402102f286d5fa5f65314335d77d3de8112281c3020cb1400000000f57e6d2c12c33e1979f0316827645cfe14b7148754490f99c3478d8454f2c3a3f8d11626dcd89f04ab30e6b2319c4a54c297d10163afe0ee807a13b659a32e9	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\SearchScopes\{33E530CD-C444-4DDC-A57A-B5645FD6CCFA}\URL = "http://search.searchemaila.com/s?source=display&uid=3c35826d-6946-402a-a92e-a39d5e630177&uc=20180109&ap=appfocus45&i_id=email__1.30&query={searchTerms}"	ce2f2608d88a08b84f975ae19369d640_JaffaCakes118.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\SearchScopes\{33E530CD-C444-4DDC-A57A-B5645FD6CCFA}\SuggestionsURL = "https://ie.search.yahoo.com/os?appid=ie8&command={searchTerms}"	ce2f2608d88a08b84f975ae19369d640_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\LowRegistry	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{D3EF55D1-6BE1-11EF-94A4-62CAC36041A9} = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\SearchScopes	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DOMStorage\searchemaila.com\NumberOfSubdomains = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\SearchScopes\{33E530CD-C444-4DDC-A57A-B5645FD6CCFA}	ce2f2608d88a08b84f975ae19369d640_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Zoom	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DOMStorage	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a7e3310a2b0e6e498bd88e48ec67abf600000000020000000000106600000001000020000000fe7eba67b18660a9f03ba57c15c3186fd09f783dd147f04bff5904de60579405000000000e80000000020000200000002c8f76bad8388b94729cd53f310287de167e2e417c1ece34bd171f4a58f943ad900000002f94b541909e020595f6007af2069dd81ccbd56730dea1287e70fd4c9b6b4024f89537f4e3c779b9979816c7d9689b1da782669512c4c18edb4ae2129d3faed2f7fffd007c5fc66b2986bdac53e818621fb086cf9758879b80d4381fb366d1bdcc5d3abcec14abc5777d393ec6f3910d7c04acc2462085f0f9e66d98f4e9403d3416ab7dbbe8712fcb66b2082291660a40000000a134a10640ca2c0d2df2ffde24014dde43042135653d1f888ee107cfe7a49123e45a1885a7f6064370fcf848e3e429e9c183099ab3b5db281eec63914c31f8df	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "431742181"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\PageSetup	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	IEXPLORE.EXE

Modifies Internet Explorer start page 1 TTPs 1 IoCs

stealer

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\Start Page = "http://search.searchemaila.com/?source=display&uid=3c35826d-6946-402a-a92e-a39d5e630177&uc=20180109&ap=appfocus45&i_id=email__1.30"	ce2f2608d88a08b84f975ae19369d640_JaffaCakes118.exe

Runs ping.exe 1 TTPs 1 IoCs

Remote System Discovery

T1018

pid	Process
3004	PING.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2256	IEXPLORE.EXE

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2256	IEXPLORE.EXE
2256	IEXPLORE.EXE
2988	IEXPLORE.EXE
2988	IEXPLORE.EXE
2988	IEXPLORE.EXE
2988	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 16 IoCs

description	pid	Process	procid_target
PID 1724 wrote to memory of 2256	1724	ce2f2608d88a08b84f975ae19369d640_JaffaCakes118.exe	30
PID 1724 wrote to memory of 2256	1724	ce2f2608d88a08b84f975ae19369d640_JaffaCakes118.exe	30
PID 1724 wrote to memory of 2256	1724	ce2f2608d88a08b84f975ae19369d640_JaffaCakes118.exe	30
PID 1724 wrote to memory of 2256	1724	ce2f2608d88a08b84f975ae19369d640_JaffaCakes118.exe	30
PID 2256 wrote to memory of 2988	2256	IEXPLORE.EXE	31
PID 2256 wrote to memory of 2988	2256	IEXPLORE.EXE	31
PID 2256 wrote to memory of 2988	2256	IEXPLORE.EXE	31
PID 2256 wrote to memory of 2988	2256	IEXPLORE.EXE	31
PID 1724 wrote to memory of 1348	1724	ce2f2608d88a08b84f975ae19369d640_JaffaCakes118.exe	33
PID 1724 wrote to memory of 1348	1724	ce2f2608d88a08b84f975ae19369d640_JaffaCakes118.exe	33
PID 1724 wrote to memory of 1348	1724	ce2f2608d88a08b84f975ae19369d640_JaffaCakes118.exe	33
PID 1724 wrote to memory of 1348	1724	ce2f2608d88a08b84f975ae19369d640_JaffaCakes118.exe	33
PID 1348 wrote to memory of 3004	1348	cmd.exe	35
PID 1348 wrote to memory of 3004	1348	cmd.exe	35
PID 1348 wrote to memory of 3004	1348	cmd.exe	35
PID 1348 wrote to memory of 3004	1348	cmd.exe	35

C:\Users\Admin\AppData\Local\Temp\ce2f2608d88a08b84f975ae19369d640_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\ce2f2608d88a08b84f975ae19369d640_JaffaCakes118.exe"
1⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Modifies Internet Explorer start page
- Suspicious use of WriteProcessMemory
PID:1724
- C:\Program Files\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://search.searchemaila.com/?source=display&uid=3c35826d-6946-402a-a92e-a39d5e630177&uc=20180109&ap=appfocus45&i_id=email__1.30
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2256
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2256 CREDAT:275457 /prefetch:2
    3⤵
    - System Location Discovery: System Language Discovery
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:2988
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\system32\cmd.exe" /c FOR /L %V IN (1,1,10) DO del /F "C:\Users\Admin\AppData\Local\Temp\ce2f2608d88a08b84f975ae19369d640_JaffaCakes118.exe" >> NUL & PING 1.1.1.1 -n 1 -w 1000 > NUL & IF NOT EXIST "C:\Users\Admin\AppData\Local\Temp\ce2f2608d88a08b84f975ae19369d640_JaffaCakes118.exe" EXIT
  2⤵
  - Deletes itself
  - System Location Discovery: System Language Discovery
  - System Network Configuration Discovery: Internet Connection Discovery
  - Suspicious use of WriteProcessMemory
  PID:1348
- - C:\Windows\SysWOW64\PING.EXE
    PING 1.1.1.1 -n 1 -w 1000
    3⤵
    - System Location Discovery: System Language Discovery
    - System Network Configuration Discovery: Internet Connection Discovery
    - Runs ping.exe
    PID:3004

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

Remote System Discovery

T1018

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\75CA58072B9926F763A91F0CC2798706_B5D3A17E5BEDD2EDA793611A0A74E1E8

Filesize
1KB

MD5
a99d81e592952e066ba7f64dde8ea80d

SHA1
e854409e608fdc541d77246602521aea8ff27388

SHA256
0a9c8119cd2b21f56ecbc0bf475c974c3fb8ca871fc2d4d696e98e36c9f9b9d7

SHA512
dc6dca90d877d4bfb0c66f12c43d4c69949537ebe6d8a968a27836b9f0c65ae7e59120184fa317ea3b0f4722fcf6e3f7a526bbbaeade7c87a64fc6cd54c3ce0c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6DA548C7E5915679F87E910D6581DEF1_E78AF556B931B27E99E310A416718F29

Filesize
402B

MD5
5771c82a97b0203aab36e1cde61054e9

SHA1
effa77ab1d2a4f8d9144b677b0ddba8f7849593d

SHA256
2f41b0ad35ee36bf1ec59cf7ac6d29c5c2629ebfb129a0f11d3adfef9392da66

SHA512
c1840aff0bad2f9ce7d9a2a9189a81f754b7f27f08daec13328f7f30a58a62e70abc35f0954c0cd2577f13ae6913385dffc6a55d41f7e1191e3729f0107b976b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\75CA58072B9926F763A91F0CC2798706_B5D3A17E5BEDD2EDA793611A0A74E1E8

Filesize
438B

MD5
9a5962040da5c29cf49def0eb80ae24b

SHA1
c602b80b18d01322d14b46a590c9c3ccfa7ccada

SHA256
273e4454c6662129bf5d6fd994edbf61506ce9351e640c06aeb73fbe5b909d59

SHA512
c7a20391e9893637ecbb53ece93b04e365f1c3ed256795f5ed517c5d8a99a9a4df79ae654edc2656866974835c4ebd4ceab2730b83d6ffeec0562f59f0b8d547

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3303484303b0c61660ca19038f01e442

SHA1
d088d9063f66cc534c847ccc4334517dfb575719

SHA256
c5fea3a51247d2fc26fec25e5e2324c4121ffc7e8d68368b1b998eb78667348c

SHA512
193f82878312fa94f8aa17179741a9d62dc2e758340180c5dc94b7e5149eb9ad8a416098e34ef0e70bba222af158176f0d97ac50f9cb85bb02c4a1cfae6773d8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
863a80cb6388072973a98a4a2f5a587e

SHA1
cb1a016296c17885f5a54fb7e95a856c762b3d6a

SHA256
969c35999a1bd52eaba065f57bc4b54cbd7f2c987d3d950698e9593fea8898a8

SHA512
f9bf9886e0a6a1d1cfd92eb0f685196a68b81286d8a0d9dfa0638e618be79345454ab4be2d36f227043e8632cd4837f2dc55b2f1a569b7e6378910b1f15a0e34

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ed0e48cff736a0c01ab7ef52b0ac0a12

SHA1
74efd33ee0a3b77b29f3aaea23102462479895ad

SHA256
c6daa8b9f7dbd9cf2d79b8f17d29088a48fdb9ff94f8d94df91230efd5c337f8

SHA512
9f7da1bb0f4a84a5ef2a11ed6ef691fe9cad69dbc605f56b9fa0c232bd61b2c8ec89ee7133bedb705268c6fe43a9a2f21ddd3beb4f1eb0b07e88883a4749315c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e20474aa1e0b29db9032348a332a6b63

SHA1
80121a4aa2c113ad1053db828d72efba0950a7f7

SHA256
c6a54f7cdeeff88583f22db4af22a633d8cc332c8d7af85f936b5aacacae5c7e

SHA512
79f3f0e35aaef91c0dde3cd2d607f93bc0b9ce7f3158081ec1997cbd3326df1fd002f0510c6b3a6fde3703d67eac34d4d4e63754304647072d1a1452e28d3f6d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5fae61528caed535e937f92c19a1e07f

SHA1
d17c3dedc3dc9668a30f3b04c28970c5429e0536

SHA256
72af8f8cdc9b58650a58fab635199aee02c78f8bd92f5a34f772dc2a05d77613

SHA512
589679f775939b9984784d706a268a3874e9837c3f210581d3dde3d995074cd5f8ca4e4bd2814987d250668ba732a3816b6d10ad9f523fe1d03c61d096b9c0ee

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5b3128f2c207fffcf20a11cc4126e365

SHA1
ed0b307352bd1366d061b8fb09e653198227d5f3

SHA256
599e34fedd0875a2b8fdbb05b7f3a099253c83b35fade6f4cf94262958fe233a

SHA512
d9a1ab2f9f42972e39130da0b7641da9cf6249353500dcccf14ead2526e83fec0c27f2d092898c585b2868e473f17b7eabc3da4882b291846e299c4b923f19b0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0572fca0fffa5d786bb8a41b9213f136

SHA1
7a4f5627272aa25a787c678962a74a60b857c998

SHA256
bee844f7d6b55ff8ccd4fba07db2197a658781f88163c5d8a7c29e9223f93fc1

SHA512
ba60cbac7a5a55d343ba9ef7b82a8b3bec79eb7abace424d536e71cc7e5dc4547a276d695ce715e872dfea4b1bf8f604319b316d33defdfce43a9fb9fae439c3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9d7824ecd8cd7109dc1d5b807fbb74cb

SHA1
72cf33a95082ec3ac51e1d12e0889cffa5265c10

SHA256
53dedc2a1ba593bcc01a33ce8977aacb15c369b1eeeceab02b3a3f1ab23493f2

SHA512
ba663574fa5ce0ffaf5327822dbe9d510d72453cd7fe0b19966c4c3877b9da4d59cf466ae4fe48bf7edb2971437bb6f93a8d0cd44ddea61f9a1679f9b9244227

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e0fff23148903460723a24a2d9fefde2

SHA1
91fedde68878e0a80646d95c6e8858be02d4ea49

SHA256
6a7facf37a44269487d149b07ec830715e89ab68c5e127e83cfcac7bb1a7e5cf

SHA512
6fbd44d9ec32a723d70e7c6965e9bb0e7cf8aa3adc482a4d3fc4f6e245fd77171978a5708af4537d233a01ab319f77e69c2bce03ea492dbb5dd1e3570abac4ed

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
47e8057f354dc6b28960b59817a7bf2d

SHA1
82a7aad121f3d5598b314b3d4a28a084c6e0dcf7

SHA256
af75902377970598bf1e097d21563706b337c67889d86e619989cc19afa41234

SHA512
f0c3643ae9ed1b7fc010d7f5b7431b8d0b0246daaa308cd4fced5565d1273a316edc3dd4c820b351184be8b5c7d842677fc968eff1dfc261f8e0d74d73918ec9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2533c201f1f4e5792ec81c787847e81a

SHA1
3ac494525182da1b9254df77ec40245a2eab0ea3

SHA256
c9ca4541c95945f68ab27c046d5d7e29786ae1fa00161bce1ae9ce6f9b8fbf4f

SHA512
911a8763c82c7206c2833730d006d1a62608ca673333b67382fa85887f73ce5de53d721f09a8d6642aefe597cd7b285e001e7dac273222edc07f9cc252f9124a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0e87ad4f9633a8d9908a468bea5578f1

SHA1
ce8fcf5823468c4e59a4ec248b91c8a0bfca48a9

SHA256
1a7fbc346fff98bf511db21c5db5be0a59ef504808feff8ce5ff9baa1e0fdc68

SHA512
3b1884f8620c858ef48c2f671f306ebb111626b27f217bd1d6b9a8ee6f909f3d690152c04f80b66661245d518aa58deb138f3252a93c0fe29194ffe8f36e38fe

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c685394e4188a2e3ed990ddce1f57940

SHA1
4006cf4ca20305a3ccec9a1dad5f61ceb8cb5a63

SHA256
d0c335041d7f80390923355cbdda852cae9f7b9de92b0d1e292cbe77fe71c6e6

SHA512
4bc371cb205a8362d326023d243f3c2d13f5f6dfbc8483c5d01a329a5eb2c1bb68cf0aae8eb41bceb16509497ada382559de26781931fba76b1675fa622b66fc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f999a6c73b8ad0017cd4f7539afb6eaf

SHA1
37724f4eac4ce33685334663623b372ff6033def

SHA256
7995c814b6947407afe986a4b513323d8b3243f5d4acafc47b227281e1e51998

SHA512
b359f3f3a3ede09aac66e6e19f73590b9e9cf17e1a20756b77ceaf009a1747c222780708ddb702cf511c34c97372e84be0da0a4c5e79143e83e658e6d3e1c689

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e3fad9b4e00b678cbc958403d28a25c7

SHA1
05cdb5b40dce7936e6dda587f468bf3c59cc83ea

SHA256
7c9386b18b7c5f6ad0187d057c90df0af4a1e198d1bbd7fc20967b6b322b31ce

SHA512
99f0c43b6abdf53d1a943643e4376d972f1bb8e533dac5930b8c32d6b1cb8404ae97ec0241a4f149653116f776e1dcc0ced84ee4786b647e36e991f64acf16c6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2b8c57091f029af200850624ed5c39a0

SHA1
382761857ed72920b711eb4169d09f01ef56fad6

SHA256
a9cd47bf4a3c2b13a15863aa2438255042a8e37c373eefd98f3139c9aea207dc

SHA512
852fa5d47d908dcd377e8c7e4e665a91ed064bdb0b1888246650f22bc6ccb56c95b4a9b6f866f80f7ea028856a184a151690563f38c1d4dbe9126a9869b6fa55

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
46b317389a56f8f6cf87bba9361b9293

SHA1
4f300250d618062c4cc68a088b933517f84e9156

SHA256
f9b0f510c44ce250eb258d1186e513d09aefd673bd4e0cc4aa7d83fee313977c

SHA512
b702b1643ada1dfbe024e2aaf20ef349ac90fd5fc8ee90847b5a933077e2d5074558dda12b195612cffff8e2bbe414c9cfb2b05221bc93c119725c279760a31e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4a957722b90fa1f61e72b04859d4844b

SHA1
14b2dfabb5a3c842f870b84c13168aa902fafa70

SHA256
029b17edf8b2ee3c16ca586ea963babae3555ae4df0af3e6877f37fdf9960a38

SHA512
cbcc4e1d42cfe87cd6f26d446f12cf1e1caf73a8428d19557f47575d747693f6b46cee21690dda916cf49b8fba98829baa416f5d2c1b5e445a0660cc28bd8570

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
18b976ad472367f7a743a150b7170b05

SHA1
9d49d932670c41ca7b733d1201a3288c05f74f7f

SHA256
fa9c792437c272c7d88f92de5c41b8bb1af12694f6c2e817e4861a609c5c218c

SHA512
520e1b6b5e1d53e98b91c3c4865fa7172cc9778bc0a07617708364923f35d949667ae1c88a10731c4469c2604a8073c6dc5259ed6ef01a37aa74790924accd43

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a205cccae8f15ff1970ff6f8e3254316

SHA1
193fab77b34d36cdb54c74ec1575bf093cacc42c

SHA256
87693ddc8118399dad144b1db1bea96078174a1ac2330f1e6d094bdfc77db461

SHA512
4994ab445695d4aa2457548b9f969b5e7a0323a9a0ece7778b9c97db006bfc9e58fe7f30f6604d3cf6271dbfc2550edb15717ba898354105bfff54d2eb5612ed

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c7ae67d80b581bd130e9ef19d01d1c31

SHA1
027514431f1d44412f02cec0173a0dd2bb9c4829

SHA256
cbe991338e6785c6d60a5579d64a400334238b9d8b6b27a6620d35b791b73cb2

SHA512
3003bc94aa35f81d06a574df5c18c30635399f086e45a28f2b130f7639b4a5000eb797a56d2f7dd44ae8b316bd1915531f6b3f1e8559a758a5068661b23ba59a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e59685c649e4e2874568f42681d3da67

SHA1
683138cbb510fab20e1a2b61a2134ed539e666c6

SHA256
9cebfecc09dc727587816663d128b51c1045fbda1be834b12fa82a8d9e641fbe

SHA512
842ca7c3117072617d19893583e3dca9376cf8abfd3a9c42195d0c8d9e1cfdc5050f7082d7e4aab6b659ea33242c9add1da8ed2fb03d49012e7060566065f556

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
578619b37d0b7c1f7568a1d4abc8b952

SHA1
7636f61153c47b48cf5cab952db64f9b15d54c47

SHA256
37a37446a55c99b60f8d73f744dbb802a17dd906beb40283336885aa36fea2b7

SHA512
f96db7eecdc67b72291b70b62e804fd1a2a5d3f0e5c60ad2b9fcdf90442c294e59819f7dcafea9b6e06f9bb36cec9411d60be12fbfb76476046e823cc03216be

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
63c81faf719dda23d5f26ca5cff994fa

SHA1
85bbb32a393cf8c81077ff1e92d1224500a61135

SHA256
70509d588379215ed7fddf327485305a5360a5d9e023257a279194810a8e5dca

SHA512
8d0dae189ed5d653caa38cc35f1ebce4aff9608cb0c65d117341b0e2c9eeb83a6083a224b6ea4aab2df4c2ef455f35f9f69b1a1fd1c478233becc862a58a8407

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c4d9b1c6ca23c403562361ee1f3071e2

SHA1
9c1049647866cc6be5cfdc50352469a7cf800f05

SHA256
eabdcac37e9af1a0924f4d49494d8f7a355c09a0b4f6d620d8e5a5daec184ca3

SHA512
cc303f3c7787561c98eefa1100f3045dcbb9ed9d6718ca897e2ec068925cb3815d5d3788d57820133ffe1342904768c0eb260b2f4e4ce2fdbfca81067df7e701

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
258d0df76a79999b9e3fdcfdd951ff75

SHA1
680a9153bb27d7ddb0714d340ecb20f0931ff2cb

SHA256
95c03c09b94bc4ee2c350a1c7747fe80f986201adcf27315ab5497ae96947b64

SHA512
fa3a3072d1692a3a1623a0af72eb7a292c85aec2aaf0da8bd43ae2730392aca20efb53636e95a27b71f1570b3e435248c5ae7ba33b7c80db83b9fdb1aae46912

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
77bd5c44eead61f6086a64c608477b27

SHA1
145a8deba6a75ae87c7f158cfefc7be4da8e0c6a

SHA256
a43b4a3eb7df5bd3e0e1cb01dd71c44afe3ca1cf7612e264127a93128a5b7359

SHA512
d29526516a9c27121a7f942c4ade322b6e19da4a68bd44ce6ec9064ffd9096882b29d633d48f1a249ac8a0f9f00ad3834b76eb35bb0045354947d0b0ed9ece9c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6f54db210a4460fd8b48bcfd393ef569

SHA1
5e64e3810ec4298b45e72382b4300cbc9d2aa6b6

SHA256
2cf6e548729fd151d420fbfe6d738e406d796d715ec7382db6c3acc506207252

SHA512
db43f4a00d9791a9d13dc40b3c85165a8ac89e14e3d6abc460b002c2235047153fbd00927caf8dd311fda4b1905b857abb25b656147c51af14ba4daebb15eff5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7441969d311e338cabf65197c320e932

SHA1
0aaac5ea5a4f15b8e18238270f3d1aac9b9f165d

SHA256
f9ee7067ce31abf4e0a48bae7db8f95bc681362e1d1b3d903514b05fba5d3c24

SHA512
cbdb17c306f17e913cdb56c162c4377af3e1637bc1dd1b2c45ea86c1c1e7da9e7605c4b8ba3a87e2a48972160ec5068363a33eedcab006d0392bb479811d5695

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ec43cd06777b95b8d263d8efa6c0939c

SHA1
36763603eb89a61e1190d1e15ae99685ad2f7280

SHA256
9f8065f2bdd8ea49adb6bda8e11ab0a67603ea08b771aa20a16095bd513d45a7

SHA512
93d71de3f8b84ada332dfae16dce480b5bbef61916ca51c52b491b1df44d7af57268ad4fd6c05f979ce2b3d7ce6be532de330f73e861d669d17971e268b8b0ed

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
95bce6611e9754b233b2cdf1aaed5308

SHA1
81bd590644da31bd7b6661e6f6fcf4c729fe3d8a

SHA256
931deba0f204290f75ca1e87aa72845bec4e29372b90bf82085ac5151a751a3f

SHA512
e5827a3b04aee68a53a7d7087f7ca986ec142e4804f2546090d971d2d6122b22eec63cff3e51ba3c842b816bc9da681f1326f81caa99de04ddd426d219434463

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d0f18a14cce3d9c51a71cefbf1ae718f

SHA1
153bf449e58cfbace4e2cff827d5b2be3064d31d

SHA256
ff71a3958c2eeb4326df830f8e8ea0beeb1ad1d3f68ee8a862311d0cda2ddfa7

SHA512
3c989e711f96af2522272621121fca781b1895ad8b18ec9769ca6ffdcc12ed91a5acf9367ce10432917b17116609d5f846da6ebfa78acfba5c463941eaa68ab2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b1c5f6a498944760d610aadb71b713dc

SHA1
62101e6df0df94dff054862c183564fdcf5eb619

SHA256
b8cd292ed0935f05ac3cd59f57b2e6955113352a13a9c0455f89a392adeade2b

SHA512
0f88b0f1f9f3b51e4bf6bd5f3257368e1d561a7dc8427606539d18c228dcd09af8de46a325925e4cdb5976c88e137735440ed1d02b19114f1dc93becb389f33b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c8967c1721739a10b8fb041cdffc5925

SHA1
82aba41533882b7fbf6397d555dbc5b5280fcf81

SHA256
ef5b63d53262b03af946bcd29678d258a645c788389231b1ecdb96eba3c96363

SHA512
4915b08099abfcf2797aee40f916ccb7cef4721044955718c028ce36465bc56602d6690e40a5ad08df2ab6596ac8133de24a0a27e1dfe256e45665a58ab4fdb4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c3a769ae472b6626591279c1cad6fc54

SHA1
2cc9edb487fe711e8c0105c7927458a41f17bb9c

SHA256
fc29a7faf1311a34ef0ac8d8fbcecebf62bb3a0b2980068ffa320eed8e401933

SHA512
4cb3b6f58b3fefdcae332243570bc76c087621791e184405777b16047a844e33fbe7eab28a8f8ee2d080d2da142b94bd18b5a0c706ef7e65050aebe42fd4649b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\gsz3hkd\imagestore.dat

Filesize
110KB

MD5
3aed58b60f06cf55378f8e11577969fd

SHA1
0509dab13b07a973be4f714c3722f601c94b68a3

SHA256
a3173665c5f5464db577b47535a8c83f828b79b6426b96d933202d7e2dc92cfb

SHA512
078d7009b63a0f4e01d19662192b24b67b8b653ff56c938174f23b4630290de7daad08aa19caafe6ad6b96641680f2ae96ef6ca727cde77bf619e970a0eeba0b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1LNUKNV0\favicon[1].ico

Filesize
109KB

MD5
504432c83a7a355782213f5aa620b13f

SHA1
faba34469d9f116310c066caf098ecf9441147f1

SHA256
df4276e18285a076a1a8060047fbb08e1066db2b9180863ec14a055a0c8e33f1

SHA512
314bb976aea202324fcb2769fdd12711501423170d4c19cd9e45a1d12ccb20e5d288bb19e2d9e8fd876916e799839d0bd51df9955d40a0ca07a2b47c2dbefa9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IAE3FJ0M\analytics[1].js

Filesize
51KB

MD5
575b5480531da4d14e7453e2016fe0bc

SHA1
e5c5f3134fe29e60b591c87ea85951f0aea36ee1

SHA256
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

SHA512
174e48f4fb2a7e7a0be1e16564f9ed2d0bbcc8b4af18cb89ad49cf42b1c3894c8f8e29ce673bc5d9bc8552f88d1d47294ee0e216402566a3f446f04aca24857a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IAE3FJ0M\js[1].js

Filesize
198KB

MD5
bcc568d213b309260edc683552b04ffc

SHA1
2be8a2be20c48d5a21e2d2d872e30a111a99c308

SHA256
bc7bec5a65b9ca935651f7bc5b01fc781a76039cbb857d163149e256b7b27f67

SHA512
6ae6b022d93a64a5e4789b99645f5ed536fa99734000866d892f4120eb51d6601bf00f2ea473e08dfbd83b042a0d4dcf4caca4bbffe6162259384cb8944a2aa0

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabA279.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarA2F8.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads