a9d33f1c39cb6d1cb434c277c7b2fd343b6c3a4883e62ee57984e0e7cdf2430a

Analysis

max time kernel
141s
max time network
148s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
06/09/2024, 23:47 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d0ab574fdaf564b09cef76560c8aa91e_JaffaCakes118.exe
Size

215KB
MD5

d0ab574fdaf564b09cef76560c8aa91e
SHA1

9fb3756367e1ae01fe934f4b74e6c851df9d1e90
SHA256

a9d33f1c39cb6d1cb434c277c7b2fd343b6c3a4883e62ee57984e0e7cdf2430a
SHA512

f43330f13cab82d4fd65fc96ebaea89c888b2a7f701bfcacd45b0f586a9b6ee9d7f8067f3c37a830c2b4af703b3036f6661030358f61a17669971d3c8a594327
SSDEEP

3072:v2HzvOOfwjdbsCOJHMhVDNY4WaNm5sPrGmKMReGRoutNr6+A3:veOOfkbsNBqtWaNm59oRoS4+0

Score

7^/10

discovery evasion trojan upx

Malware Config

Signatures

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2580-1-0x0000000000400000-0x00000000005C5000-memory.dmp	upx
behavioral1/memory/2580-25-0x0000000000400000-0x00000000005C5000-memory.dmp	upx
behavioral1/memory/2580-27-0x0000000000400000-0x00000000005C5000-memory.dmp	upx

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	d0ab574fdaf564b09cef76560c8aa91e_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	d0ab574fdaf564b09cef76560c8aa91e_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 35 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main	d0ab574fdaf564b09cef76560c8aa91e_JaffaCakes118.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a3d5a058b71c4645a1a6b8b9d2c7fb47000000000200000000001066000000010000200000001b56438e496f8a941d085cbd3a8c4ca3534510d13329a075d266217b8ebf1304000000000e8000000002000020000000e9aa46c0763cef411b3b283db7f494ed38e7a66d0fa931c64f8d61417a1ce44e200000005e83beda02f96f07c18d6db5f3a9620c771efa6670e2122e9cbec00834496a8140000000033c44cb6c41096ca9a65ed0d86fc60bddab89dacdeb1d14ef43b54f2064f02c92ca2dd202b65dd1fb305c28e6eed97dec9df3d405a27cf63affabe5db31d868	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 606fbd4cb700db01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a3d5a058b71c4645a1a6b8b9d2c7fb47000000000200000000001066000000010000200000000a34793c9598a1e5210a8a87c09e0f22b362ae33249c5b75e02fa359cc5c9de1000000000e800000000200002000000098f265736ee779685b69e66e6327d65749d956e813fb485ffecae503bd04a86b90000000942d9fbb5427daf86ae714594ee80d265430a744a00687f4ffba759a103c6c49e8a41a306b32d8b423139f2629d83d842691f0a942eb7fa8e6836fff8d551e55394985a5195b7cf8575d42206ecd7f121b14aec1be2dfc6a9c1b34ffe15ea89db73a1a3a49011565b46caddc8297e615e4ccd939ae497c1dd6494c645e3e38dc69ed7556a1f2e4c86421a0dc47de6b75400000000494333c9aa7843dde50d213f8272bf5b6baade41405ce56cd4ed569d942a458bf6a01bb8221c93e864a94be688655eccd57d9d6810fd2bc8a48b23db6b602e3	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{5F2AFE61-6CAA-11EF-BF23-EE33E2B06AA8} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "431828314"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2624	iexplore.exe

Suspicious use of SetWindowsHookEx 9 IoCs

pid	Process
2580	d0ab574fdaf564b09cef76560c8aa91e_JaffaCakes118.exe
2580	d0ab574fdaf564b09cef76560c8aa91e_JaffaCakes118.exe
2580	d0ab574fdaf564b09cef76560c8aa91e_JaffaCakes118.exe
2624	iexplore.exe
2624	iexplore.exe
2268	IEXPLORE.EXE
2268	IEXPLORE.EXE
2268	IEXPLORE.EXE
2268	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2580 wrote to memory of 2624	2580	d0ab574fdaf564b09cef76560c8aa91e_JaffaCakes118.exe	33
PID 2580 wrote to memory of 2624	2580	d0ab574fdaf564b09cef76560c8aa91e_JaffaCakes118.exe	33
PID 2580 wrote to memory of 2624	2580	d0ab574fdaf564b09cef76560c8aa91e_JaffaCakes118.exe	33
PID 2580 wrote to memory of 2624	2580	d0ab574fdaf564b09cef76560c8aa91e_JaffaCakes118.exe	33
PID 2624 wrote to memory of 2268	2624	iexplore.exe	34
PID 2624 wrote to memory of 2268	2624	iexplore.exe	34
PID 2624 wrote to memory of 2268	2624	iexplore.exe	34
PID 2624 wrote to memory of 2268	2624	iexplore.exe	34

C:\Users\Admin\AppData\Local\Temp\d0ab574fdaf564b09cef76560c8aa91e_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\d0ab574fdaf564b09cef76560c8aa91e_JaffaCakes118.exe"
1⤵
- Checks whether UAC is enabled
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2580
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe" http://www.gamecentersolution.com/downloadgame.aspx?CID=21157&AID=916
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2624
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2624 CREDAT:275457 /prefetch:2
    3⤵
    - System Location Discovery: System Language Discovery
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:2268

Network

DNS

www.gamecentersolution.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

www.gamecentersolution.com

IN A

Response

www.gamecentersolution.com

IN CNAME

reflexive.com

reflexive.com

IN A

184.72.55.36
DNS

www.fenomen-games.com

d0ab574fdaf564b09cef76560c8aa91e_JaffaCakes118.exe

Remote address:

8.8.8.8:53

Request

www.fenomen-games.com

IN A

Response

www.fenomen-games.com

IN A

159.65.253.100
GET

http://www.fenomen-games.com/downloader/start3.htm?subscribe=1

d0ab574fdaf564b09cef76560c8aa91e_JaffaCakes118.exe

Remote address:

159.65.253.100:80

Request

GET /downloader/start3.htm?subscribe=1 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3)
Host: www.fenomen-games.com
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Server: nginx
Date: Fri, 06 Sep 2024 23:21:14 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip
DNS

www.gamecentersolution.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

www.gamecentersolution.com

IN A

Response

www.gamecentersolution.com

IN CNAME

reflexive.com

reflexive.com

IN A

184.72.55.36
DNS

www.gamecentersolution.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

www.gamecentersolution.com

IN A

Response

www.gamecentersolution.com

IN CNAME

reflexive.com

reflexive.com

IN A

184.72.55.36

184.72.55.36:80

www.gamecentersolution.com

d0ab574fdaf564b09cef76560c8aa91e_JaffaCakes118.exe

152 B
3
159.65.253.100:80

http://www.fenomen-games.com/downloader/start3.htm?subscribe=1

http

d0ab574fdaf564b09cef76560c8aa91e_JaffaCakes118.exe

653 B
584 B
6
5

HTTP Request

GET http://www.fenomen-games.com/downloader/start3.htm?subscribe=1

HTTP Response

404
184.72.55.36:80

www.gamecentersolution.com

IEXPLORE.EXE

152 B
3
184.72.55.36:80

www.gamecentersolution.com

IEXPLORE.EXE

152 B
3
184.72.55.36:80

www.gamecentersolution.com

IEXPLORE.EXE

152 B
3
204.79.197.200:443

ieonline.microsoft.com

tls

iexplore.exe

747 B
7.8kB
9
12
204.79.197.200:443

ieonline.microsoft.com

tls

iexplore.exe

747 B
7.8kB
9
12
204.79.197.200:443

ieonline.microsoft.com

tls

iexplore.exe

779 B
7.8kB
9
12

8.8.8.8:53

www.gamecentersolution.com

dns

IEXPLORE.EXE

72 B
112 B
1
1

DNS Request

www.gamecentersolution.com

DNS Response

184.72.55.36
8.8.8.8:53

www.fenomen-games.com

dns

d0ab574fdaf564b09cef76560c8aa91e_JaffaCakes118.exe

67 B
83 B
1
1

DNS Request

www.fenomen-games.com

DNS Response

159.65.253.100
8.8.8.8:53

www.gamecentersolution.com

dns

IEXPLORE.EXE

72 B
112 B
1
1

DNS Request

www.gamecentersolution.com

DNS Response

184.72.55.36
8.8.8.8:53

www.gamecentersolution.com

dns

IEXPLORE.EXE

72 B
112 B
1
1

DNS Request

www.gamecentersolution.com

DNS Response

184.72.55.36

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
81e8a1ece3097a916d025138c54f5dc2

SHA1
b1407229ac80787d07db5d3943eea63df77df351

SHA256
326581d8b87bf16d58b3da1f3e24b2345238ad5c545c19b8c0164742c711e868

SHA512
99612f642e0a0b67d6d9984c8bbf259cb45dc3b0e42de07f6b4f6465ef9ef6c1a7676a607474110cb8ad3cf59ab6a6582dd559144b82dd7c6ac8a56f5cfdfc20

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ffd490636dd1596406cbb8d30abc007b

SHA1
14c6d217edbeb0912700a2945ac5d51730998ed3

SHA256
581d6b0d3f5fa85fd0715416030a648873467d684170055972ff68f81b4849cb

SHA512
b4cdc3e1e2958abe6b2a4a9d26ff8d859f8f252417806fb7251b6fd63194ac3e7a2397063792c5205a64e04278650b9f4f86cd2a82ee6c0e374eea5ea772a545

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
51e931a7594997421ac401d756cdc100

SHA1
7e87d441d412c40aa8195d9838a384fbd4dc64b8

SHA256
57e2885bb750258aefa8802acedb4ac6c69b7ff761f62b8a2e491d8659d09634

SHA512
141fed4d2fe1a9234d0fa85a09ce98db6c8c91dfef225532be4bbcbe223322bf9642e79eb2bc61328de0b5bce23786d36c735c08c5202c899d59f8b86a61369e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
179c9bc95e5bb76749520c0d37823733

SHA1
c2b181cec55f0a4b10469795484cfe7ea6f731c9

SHA256
6648b521fb3bcf0f63ab95dce510b94dd72c3c5983cdb7aaba24a817e42af558

SHA512
5bdd219ff9793debb297d237d44980f7f8d00bbd087f989f10c67df308165e898de0693e145974342d693c4469bc8323b92441629d20602d62d7536de33c122b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7baa4eda1143a9f891be2905551cd852

SHA1
16fdd6bbddc843a02c762fc8ded236b0e8ba6e3f

SHA256
4e44873e9bde599648d9a0160d48be576262acf0c14958c053b0162cef9a0420

SHA512
f07f29ad07d5739eb9a1a160bb82cbb268c7e38279d50ee59150def2f622e9b6d9e005c4db1cc35cc6f28febefefef46601ac42c76a9d1fa501a9240589ecc7e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fba350841594e316377e46907a2de068

SHA1
6044e3ce2b47d815ccfa7ae515313d70f52f77a5

SHA256
0118ad39e2275628d3e00336f0f7631d91afb10381266601eeadf63e47266ebd

SHA512
fc8267dbf3ef4e763738aec2ead5f00eb2cd3243f0c8ba67abc1b289d4fb9042cdee6f4cde1d1102c7c0f1c8a719ce52d01c299d9a76fe83690685a1a73e7fd0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fae23138663ddaae75284cdd2f048456

SHA1
cce97fac652ca82247347e63057bb19802a069c6

SHA256
702aa6f767281d03b133a98097918560bca6c74f5c8cd7e52bda707d9eb280b8

SHA512
9b2dbbc650b7384d29907563a5ef9425225ad9003fd66b2640fc10cb349edb1d9c39140ec91d3ec1a0d751169716bf5d3c631fb21cc0b1d208872d1b59960cd6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2b52c02b3080776bdf0043a4dccab706

SHA1
b5d1ff09e94ed336fd49d6b6474b1a24b4a9125a

SHA256
d831b88435be1db42423f209ddc8c56b96acd1550992194a356d19925b4d3337

SHA512
4d1fefa5c92a076909e231716ee5891ccbde4b45de8d27879c7f1a67fbde71618e7fd64d83e47d64fc7c2b0eab8c05b221dd6fca44532f32d2dfd27248371cba

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ed9117d31f95ac3a0f8f26c86c83a38b

SHA1
8d4f64b194586fa812626bd60d4183e05a810920

SHA256
d4262b33695990c0269cde20682d97f1968429cca79cb2878edd228ba35f5662

SHA512
4bd1294d4239e848944db33a7429392459859a7b18a832876e4a65c35b49c19f13199f543fb7e205e836136f862482339968716e92462091f0f0808612648647

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bc8f76a90ae7eda64fc1982836516dcc

SHA1
3cacb7b920616dd189bb4f5ed1e3f3e5b3745fdf

SHA256
0a69969600e4e6288070e9228207e6e39f3d1fb47b263bd08ebbff17372b863d

SHA512
91e7dec8f798c4a22f5e03930bfa1313b49fe1c49c3d36f91a41d7294f22860aa4903b139fd101b11eee23ba807c0520f91f4192a0442711f61cc2fcf42ee5af

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
eaa6b6a312b6ce8452b3f54235d52cc2

SHA1
1ffeacdc64478527496d0bc3dc770ba27941610b

SHA256
57572fec96381971acdd178674e5fec975d863c2e117d1f3c18c12321c81aafd

SHA512
50f6e7b23154562e6a9facdec2976f6c6fa983e3d93cad8fe26003de7264f009345e6ea17a798dcd7cdf04822740ff9a5b49c350a04af98e3a427888ba131534

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
df28be12286a2a2ee746628dca19e7da

SHA1
e542a0cb0a6c4301eae576768ad6d07cdf41182e

SHA256
7f465b3972c8fba6e5e54bc7efcdb2f488ed882baf5eb155d681333ff2e39a5d

SHA512
bde98311ebf12a9e30b0bf93ef4645b7fc6b634c54689dad97fb7133f29d3d50bf2803beb8315102c3b2785f2431fe850f736d6612952e7e3d4024734cb7914f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e3b48b080c8f1d92c97dbbf1b68a5b75

SHA1
9cf0df533b2b351c59f80a6dbb0751ac41cc4dc2

SHA256
2c96dbf091e6785844184ab4712730df0404aa2b84f518a058daf5e878cdcc8a

SHA512
af1d649cbdb4195f9fd2fce4f542b5f486aec6010178fa8020f89788b1fd4d64c57510f90d5817b8db3a5fd1d0cb78a01a9486cb22b98a80df4844d6bcadb49b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
65cd5937b84e4167ed15a70ef7f1bb7b

SHA1
080b9d1c86c850e52a01c279dbdd9359e7e16700

SHA256
91238840b044461c643195bd64ab36226b4aecc6e16702d960e7c1bb3496677a

SHA512
113276a6894b0bcd26264217acee9453bb8df4eb06e840f109139e7fcc83409c61ad199c097fc4b95ec6324e7d8b052fd74531e20ec4fd21f29a5bd6fb302d75

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cc1ee89407bfe59e3180a3f181cd08ac

SHA1
a13683a0c32c631bd7d4d7f30e33f1a6ab848727

SHA256
02bd7e8a979de1c3aa2b44aae99582fc1a987486832a4495fb01e89d9d3a1504

SHA512
dbf2fcae93b4e26281413fbc98fa78da71a417118dd6fbb533093594e7cf52db57b8d13e4728497674fde2ef95919c99a1a39d2285e94df47e4ee1df6d97b599

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ce91f26a27d6261eb6e89131724d8338

SHA1
29ff027663c6f2f3208217596558207f9a6089c4

SHA256
50f46ba4e853ea705d1a1409d158e562421463ea2673a0c3725ea5019298ef67

SHA512
b10bfd3c94f69d1139a49a494489eed4a23c2f9f2d500bcaac3b4e2923f1cbe147b1c4c05f777254df64e6ca3bf95168364dd5c4fa8772b2ae4a32f46c0ca20f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
60ad4f3b1120488cd5e53753372fd38f

SHA1
d732e548148570bdb2a251946a1c30c9f1a1231e

SHA256
793b51209f89e969cc620ce77af35cddf5fb5c05da88f5957d2999ecb206bf41

SHA512
0303b9b602ef6fb19051843ab780307887b350478542d5d0e124cfa3ab68fc318573669c1ec16d4921aa7d16c26d4d9a4f88603f34234c4a10c299accfc6630e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
82da55d53faa230ddfeba337ca0e0317

SHA1
6d4bc84ca66e684abede3f6ad7e1cbe84d218cd7

SHA256
c68ce2042de7ad1cbfc4a4177fe19cc20383c65cf8b2b24fff33f2b70b5373d6

SHA512
be864b390ad69b010ab4078ee992e6cea117fb16b9541fb1b2086fad1041a2446fa50b6d35d05c90a16bb74d146a10bbfc2e85da2424faef1f93f71dd792b633

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1ef1f91642062031306f14215a8a9f78

SHA1
a675f09adbd9583f64bae7bcb32b0ba9712019a9

SHA256
0027237537458d9f116379cebd80898a27da2e305633c5a855bb15d2d61bf1d0

SHA512
55d6b4cbc40dbb1a3093923dd9d284c744b528bd1277e7d61a0fa99ee9bce32d1afe2b36ec1797e922fcd58e4f52a53c484df99cfd0a7b899a31e33c32b31b83

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabBCDA.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\FG.url

Filesize
192B

MD5
0fcf82b5a915470e8a79d3516f582a36

SHA1
75f81b41607905b231521243129aff3554a58db0

SHA256
076264d4f165cef82f0cb07f6795f1d5ffa74741a943fca42cdeac65823bcae4

SHA512
adf69ec56756fe672677b039cb44bb13fc3adfac569f5ea4eda4e7b35de5ebe0229c5825ca8337aa2c623a773bdf775ddd3689e9fae03a7af1f694576d954293

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarBD7B.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
memory/2580-27-0x0000000000400000-0x00000000005C5000-memory.dmp

Filesize
1.8MB

Download
memory/2580-1-0x0000000000400000-0x00000000005C5000-memory.dmp

Filesize
1.8MB

Download
memory/2580-25-0x0000000000400000-0x00000000005C5000-memory.dmp

Filesize
1.8MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.