5e894d0c79e2fc4f9363ffdcbaeed337c8d9bbed1fded4714b58a6f16b295b30

Analysis

max time kernel
148s
max time network
149s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
07/09/2024, 03:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d0f5ad9449ecad7d1a3f3f8850d2e6d9_JaffaCakes118.exe
Size

153KB
MD5

d0f5ad9449ecad7d1a3f3f8850d2e6d9
SHA1

fba5b6ac92ad1adbba299fe19c0b0f89c6ec19cf
SHA256

5e894d0c79e2fc4f9363ffdcbaeed337c8d9bbed1fded4714b58a6f16b295b30
SHA512

7d8227cf6f09635b5239d079e1fbd6e740b8a7fc048bc3a290e9005c306c0c43234ee329d52a54164effe3bd5c78a8b0cab90da17cd279dbaf99dd55dd2d3300
SSDEEP

3072:kfJNVAthYInlmX+mS3STOOWAHGhc6CdRah4g:ONVAthvQS3GOOWAHU3C/ay

Score

6^/10

discovery persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 3 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunServices\lsass = "C:\\Windows\\system\\lsass.exe"	d0f5ad9449ecad7d1a3f3f8850d2e6d9_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\c:\svchost.exe = "pppppppp"	d0f5ad9449ecad7d1a3f3f8850d2e6d9_JaffaCakes118.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Windows\CurrentVersion\Run\sys.exe = "C:\\Windows\\system32\\svchoslt.exe"	d0f5ad9449ecad7d1a3f3f8850d2e6d9_JaffaCakes118.exe

Modifies WinLogon 2 TTPs 1 IoCs

persistence

Winlogon Helper DLL

T1547.004

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\c:\svchost.exe = "pppppp"	d0f5ad9449ecad7d1a3f3f8850d2e6d9_JaffaCakes118.exe

Drops file in Windows directory 6 IoCs

description	ioc	Process
File created	C:\Windows\key2l.dll	d0f5ad9449ecad7d1a3f3f8850d2e6d9_JaffaCakes118.exe
File created	C:\Windows\armoon.dll	d0f5ad9449ecad7d1a3f3f8850d2e6d9_JaffaCakes118.exe
File opened for modification	C:\Windows\system\lsass.exe	d0f5ad9449ecad7d1a3f3f8850d2e6d9_JaffaCakes118.exe
File created	C:\Windows\drivers\svchost.exe	d0f5ad9449ecad7d1a3f3f8850d2e6d9_JaffaCakes118.exe
File created	C:\Windows\napishell.dll	d0f5ad9449ecad7d1a3f3f8850d2e6d9_JaffaCakes118.exe
File created	C:\Windows\noctam13.dll	d0f5ad9449ecad7d1a3f3f8850d2e6d9_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	d0f5ad9449ecad7d1a3f3f8850d2e6d9_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{6BBF2F31-6CC7-11EF-9303-EAF933E40231} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 409a2742d400db01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "431840790"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a7e3310a2b0e6e498bd88e48ec67abf60000000002000000000010660000000100002000000085a2ca6de71ea56c811599b6edb77ca3f27b42509e59a40882ec570f436599a6000000000e800000000200002000000086404ff8f764ced8b6b1d505c9170f55571a65f42a79d5b5f309cde38ef675ee20000000e88395cc3a767427bae35f40b0326b333332ff469cd79cf5f3effa3d09d80d0a40000000a1ef787a871e3e1d1e0e5d2b209f9a85872842435a8b8010d03ede3310e47c6459abbab1ec6dda44f105303980f980299e1575fb7d60f6fb2e0841af5a8f8a8c	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000000000001000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a7e3310a2b0e6e498bd88e48ec67abf6000000000200000000001066000000010000200000000df396a2fbd1fd6f81f02c68b8162ad8b3ef83948d369b6e8774b8245e6a4767000000000e80000000020000200000002a5c46ed7161b24c6632adb219b5fc4719506cdb5c4e0d33a87fb7726d3a335d900000004360452b6a89e5e40d62f05815b7dc389f060a57ef196812e843ca99aab7f2701c0b38ce94cb762c8a65567f966facad0c777e3dad21b28056d7db65a122e23d540d9e434a427f41d2b514c51e289e777b2976ed965ac2ba3aa3ebab13cfa1d9ba489a1f94ead0509ca271bce2c2bba9f7e735c465afd0dc95a69df0828d234939c93d049d5865b20dafb9c77c6e93d4400000008e2b6eaa95f04da25a6ef2170d39da264e32f36072d1bd921ec72c53321abbda37e4ea159e319c9b51285cce09dd9ab7c2f1d83a311debb52e324e9061366961	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2084	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2084	iexplore.exe
2084	iexplore.exe
2748	IEXPLORE.EXE
2748	IEXPLORE.EXE
2748	IEXPLORE.EXE
2748	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 1620 wrote to memory of 2084	1620	d0f5ad9449ecad7d1a3f3f8850d2e6d9_JaffaCakes118.exe	30
PID 1620 wrote to memory of 2084	1620	d0f5ad9449ecad7d1a3f3f8850d2e6d9_JaffaCakes118.exe	30
PID 1620 wrote to memory of 2084	1620	d0f5ad9449ecad7d1a3f3f8850d2e6d9_JaffaCakes118.exe	30
PID 1620 wrote to memory of 2084	1620	d0f5ad9449ecad7d1a3f3f8850d2e6d9_JaffaCakes118.exe	30
PID 2084 wrote to memory of 2748	2084	iexplore.exe	31
PID 2084 wrote to memory of 2748	2084	iexplore.exe	31
PID 2084 wrote to memory of 2748	2084	iexplore.exe	31
PID 2084 wrote to memory of 2748	2084	iexplore.exe	31
PID 1620 wrote to memory of 2612	1620	d0f5ad9449ecad7d1a3f3f8850d2e6d9_JaffaCakes118.exe	33
PID 1620 wrote to memory of 2612	1620	d0f5ad9449ecad7d1a3f3f8850d2e6d9_JaffaCakes118.exe	33
PID 1620 wrote to memory of 2612	1620	d0f5ad9449ecad7d1a3f3f8850d2e6d9_JaffaCakes118.exe	33
PID 1620 wrote to memory of 2612	1620	d0f5ad9449ecad7d1a3f3f8850d2e6d9_JaffaCakes118.exe	33

C:\Users\Admin\AppData\Local\Temp\d0f5ad9449ecad7d1a3f3f8850d2e6d9_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\d0f5ad9449ecad7d1a3f3f8850d2e6d9_JaffaCakes118.exe"
1⤵
- Adds Run key to start application
- Modifies WinLogon
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:1620
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe" http://noctambulaar.my-place.us/
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2084
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2084 CREDAT:275457 /prefetch:2
    3⤵
    - System Location Discovery: System Language Discovery
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:2748
- C:\Windows\SysWOW64\svchost.exe
  svchost.exe -send
  2⤵
  PID:2612

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Winlogon Helper DLL

T1547.004

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Winlogon Helper DLL

T1547.004

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
dd6be2d35213bb6e53bebc35f5afe801

SHA1
5a686d2492df0b03d8cc4f12e14b3351ee833175

SHA256
bf20c893e9f4ce4194c0316dab5892bbaffcb48e0aa500c6153efc10ef1d7538

SHA512
7edd679a314463b6a7711e838cc022d6f4d3805a112c649e88c5c780c6de8f7eed6ec3dd1cf08fdccddbc61f138132b0d301ab518dce6d4f772f0827850f54bf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
603bb22c1d33aaf8f2fb541bdd9a001f

SHA1
1197ee5b012787863f45550b2be8a0b469c35dca

SHA256
e5a4421cf4f5dac80ae301dd957622868cab971a99ffe46185e277bb236d3941

SHA512
8643e9d9bbcfe3a76cff2d7d5620a5eb58ab58f265a90cd0bf3a9b5c6c919fc5d0cc3a5e02570bc03947290537b69e77b01c31f6199f9afe85d034a3d4a45e5c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
84067a331b8574e05a151200dfdb737e

SHA1
a0e6a3322cfb2b5158a13d78fa3c35ded8698b0d

SHA256
2e0e15d132e92cf57d694b7029c0e9eef7e0ab6474588e01c8bd6930f6e1bb1f

SHA512
b99dd4ebbcfffca378051209bd6488ab51cc7452cdf91107b7b194227c3408b039191100fb9b987c561c16f4a60e11ca3ea390fa3b8dfd63ada640a25b102e4a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1db85ff95b291af5cd21af9a5454576a

SHA1
9c70958e03f0d222866e18d20433b103df3f4453

SHA256
0470d7a1e98416b265e44e93a5e58b84b376bce7e88e7f6cb717b63cba7ac688

SHA512
b6cc06bb520b3988ab36f17ec732007bdac1cfda727b152af6913e1260c4ede19711f983cc83a29a54b9ea83729f7e1a0621e57918e8ca53fbdc61b9df8b4e21

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a927fe9ef55499e86b2f993049935ad8

SHA1
6c9e94bf580b433bd6d41af95515768d54498f36

SHA256
e248ff8b1751d450c415f42747257343d7f29bbe93399019f78f2bed3fc1a8dd

SHA512
85215955878c1416d22366f86c21245561df53cd7f7ca1a27c78a8d455ca7ec0c07234aee4c14097f16e8932dccca680acd3280aa103b04e688baa9d69c6242f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bddde1589abca7acfca9da4ed3c2483b

SHA1
3fac533484d4545671992b2c3445f74c034d1bff

SHA256
d97f1f377aff399570de8cc05097c464fb3517487e9e88f0db8c9899ab171fe6

SHA512
52aeadff9e4f4284f2f51a937e34bdaaf9a1cc6ea6870f2860ae063a02e59ba9013a95f89967513d2d63c874943f9b91279ac428d0e0104ff6a8f3fba5c9dd87

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
82cfeed995a5267304c97895dac43cf5

SHA1
7d258a2a30f0b8c34db44d5d5c612356f764627a

SHA256
e8d5fc092dfbb8b70674375d3cc289d55b6d70f0c451fa2600629199d5029a9c

SHA512
3165523122f3af8702a2ff25d078bfb6aeafae2976a4510d27005d2553c653520034a09d5f3fd1d92a4ff498d5a6356ea45cd21ee81217a71c5e28250afdf12f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
589e21ad1e5dea7d5ed392f00b5ed842

SHA1
d67efd9d2cd31cff6e54f61cd516bba356495ae4

SHA256
02d5f7652ef03d042d93d909cf5c59c81fc2fa8b4e8d9f53d21a9dedd24601f0

SHA512
dfe788d5e0f9c5b44c60435a17635fd8c792a35c340e27ddacc0332cd8a483d5262f05bd81772e5f346dc1839084edb61df4db7f94f3c5ed9b6e436062614b64

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2df913c085a5f1302d9aedf497ee5d8b

SHA1
bec50eac2d38f9246494139ab7d0b48503d087a9

SHA256
b40dbc85629c58fa0794e7d30841e37065828bdf57bf334143e9dc9175c676d8

SHA512
0c0a165fde14e6c71c3f160304d29bc24617ae6c5761b52f1bb3d40fe48b574b25cfc6b8f07a89036f97f28df31da087211cc483aeed26d09eed4ccdf454a118

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1f8e56e2840ecf28da26f325c412bf30

SHA1
2c2751ea949e7b3f34dce4a292313ac63cb3fc65

SHA256
763dd64200c75d78ed2e82ac7949ab9a509000deb52690d1d9152f5f0d437a15

SHA512
da93b8f4c70f463607fe38a7404fe63af05471df27ac24be8529d753fd80ef40bf65c793cf0cce65236fbf1a9bdf151466587f49d3b0289bbb351747ae2f1cc8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4dd3f5a54114b11862741949ade75664

SHA1
bcf069945730f7dc626635d98897fb19f3e9a08b

SHA256
204fb420eeeec984a74c0dedd57c179fea57800e55b63f1d89e7ab45bde51d79

SHA512
dfd3833cf98ede757028fdae400a04844f2c4ca4763ea81d36bfa1c90791fa0c72b06ee5d71113516d7a14e9f84c1de450c4d2256625bcd42a4f3acd1520de0d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
72c7eb97f753b1f66ae5cb95381a3554

SHA1
ae1f8954c50012ce64ed31fcc275bebefb1298c0

SHA256
bbc96dda71283741bca67f1d23305b177caaa17c31b9f89528cfd55eed5d0df6

SHA512
c5b16172366e0b51100dd7f12a9697aaca0545d088f1ad0226f3e3ef8d52bcfee33a7327a3bde715b3cc2332529984bd9b2c7f25162369d40134f440354b83c6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ce35615f11188930cffdee0556e6c4ba

SHA1
f7c0eb3ed820d1ccfbc8bd158b6669429f80bed8

SHA256
df2b0d2564ea6524456d504ba68b66a0010932d08b1ce03ad6e5bf2fc2254acc

SHA512
ba6b00574f92460c70fbd6a8cb8e77e8d6b52a8be30bfd1e510cea89d4726db7b2f5e9aba1f5069ca278fd240c09caeb0430fb45519a1adc819293858dfd861c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
05f8e6f69d836a0d801597699f912a53

SHA1
dafde717455beba66b278a87ace088a12f3095f3

SHA256
dce3731ec85c8d3b3b7c5e1943a7cb6c05431fba34046ed0e87349858cee0e0f

SHA512
e7f8c2624064db164533403ef6a0a0142724f7066d91024ffb85de5682a0e66c9338a5235c5c9653fc901f0126cd7c69db7f27d13a7e61af4843a7132bfcba33

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fc7403fd99255bc6c1421320e2e51c52

SHA1
a858207a11cb70ba63260309597f80ea496911ed

SHA256
8ccc2f78071e742f6ed0efb9e358a3498dcd775dba435a249ee1cb6d5326b267

SHA512
b5cfaa98f9444f3b07cfc418b7769521e141def0fbc12379b1a51ecc6dbe09753939c31395888b898053f4266fe50e67856ebbd4a798a868ddb9b94f5b0d0daf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b182a43887395404e8a400b7385d12f2

SHA1
45cdd4c45586301629652e8427ac6468f5861447

SHA256
1e7c9766f160d23cc1ac14f76000fd6c92173f0c72f276fd769e71737120d1b7

SHA512
0d0113fbb254079a161d8ff246ae2efb40ab16f9ef24fda9017a3c3ba16cf232714c1a879faadbd25aaf11e4879c1fca1efc47651f35f015427388b6fc892287

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
59ab946441fee624a6aa15f48a27b8fa

SHA1
8185e4a09d05c4f7baf7fcf103f32d39b764979d

SHA256
7a64435bcb409cc7b347e847653a89fa3a3d4f62b23e71144e0f56a45efa1ccb

SHA512
f87081eff96161f3b5bb9eee3e20190e3562ab808e38d0ba5fb577a9aae0670b546a7f40a9411a146eb2beff065eeec114354da22c342c21921b2a2e1a1267a8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4803fb6f61044d9360ef6e2bbd806630

SHA1
8954a003866530a39d8cd9d1106432549e298e49

SHA256
8dfc30dbf7c2c99ed912fbbbad4d5b820de7273acf76ae97f2c99138356671b4

SHA512
0433d233ee652140eb91cf72882b1d70a2f83a4e065bd4aa4882dfd482542a6454cf28fe609bf1c9cfab3c78617fef97e8488c2b5607fdb404f031c8b616209e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d6150c86d717c491e7c57a666c329eb6

SHA1
60b9547d3562cb0cb780f1b66309a49a0045a4e0

SHA256
d16594e644995efbc72d5d1c3e41e3a79d96b267f4deff13d630b1f97724d39f

SHA512
9f80a2106dedddbb6638a58cc22c01e86d9231743b1dedc2c496db6fcb24d5706b047548e3dd5c9acec142469236792110b05c3cf7a3c2b6b2fef5eb40accabb

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabD8D5.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarD945.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Users\Admin\AppData\Local\Temp\svchost.exe

Filesize
13KB

MD5
68e912ca335a8fb536c15b48576d9ef2

SHA1
e7cb659f9038feb5c52b081f1a00c8e4ea33da30

SHA256
815a7e6a847c871620ed1c6a5e38c51b4fac5953d46b64f6862c32e830b8bf9e

SHA512
46334b3ab3cb57483df4b1c6d702802916a010448de09354aa01e6e26264dc4c1997fe056338c4343515b9197d5136af4b967261f7858402ed2f86bb8f6f712f

Download Submit
memory/1620-32-0x0000000000400000-0x000000000042D000-memory.dmp

Filesize
180KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads