231c93b9b9557c80126fdd39baaa9b8e3b24b101513fa958ed8663d29676918a

Analysis

max time kernel
150s
max time network
152s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
07/09/2024, 10:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d1bd66fce45abc89459829cd162e1086_JaffaCakes118.exe
Size

1.1MB
MD5

d1bd66fce45abc89459829cd162e1086
SHA1

310eec153c5cd6da5df8106b4b1ca9f0b87da49c
SHA256

231c93b9b9557c80126fdd39baaa9b8e3b24b101513fa958ed8663d29676918a
SHA512

2ab7d5cbbe17f39c042484b89b9515fe884c5abaf5e1afe602d94c4faa8c31abe9cb09748ae3f5230ec4c6f0b0300ead2a96af8c91bc1a8de2753dca5b42936e
SSDEEP

12288:3sM+aTA3c+FK1vrlVYBVignBtZnfVq4cz1i5pP9kPQCF:cV4W8hqBYgnBLfVqx1WjkPF

Score

7^/10

discovery

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2504	cmd.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	d1bd66fce45abc89459829cd162e1086_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	PING.EXE

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 2 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
2504	cmd.exe
2984	PING.EXE

Modifies Internet Explorer settings 1 TTPs 44 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\SearchScopes\{02D117B5-FF0F-4213-A4B6-4318ABF70F6F}\SuggestionsURL = "https://ie.search.yahoo.com/os?appid=ie8&command={searchTerms}"	d1bd66fce45abc89459829cd162e1086_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\SearchScopes\{02D117B5-FF0F-4213-A4B6-4318ABF70F6F}\URL = "http://search.yourpackagesnow.com/s?source=-bb8&uid=6ce4bb1d-3d0d-4d0d-ac39-f209f27eaf71&uc=20180118&ap=appfocus84&i_id=packages__1.30&query={searchTerms}"	d1bd66fce45abc89459829cd162e1086_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{6C878EB1-6D05-11EF-BD50-D686196AC2C0} = "0"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007b88b8645d6de74ab21efaf0de98379b00000000020000000000106600000001000020000000e578f0ec8d0663474755b5a4083f029d38e69a3aa0733163b509ccf7712c462b000000000e8000000002000020000000374440f6cbaab8583b0ef61dd3acb5a969ebc98d2afe51f85e6eaef4cfd58f8f200000003191b24b5a1c233917c8ec36cdf0e3c93dbbb0616b52f7dfd978d7df4aca0d9e40000000fa9fcf29c8ab7224e61fbdc99c509b3cd06f3b0210487cb347f9d0415af4dfd7f6b1d128c86fffc0729146d0a0fae97883f4e7d3f8962d37b15aa3171cc70de4	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\InternetRegistry	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\PageSetup	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\DOMStorage\yourpackagesnow.com\NumberOfSubdomains = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 50304e461201db01	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\IntelliForms	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\LowRegistry	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\	d1bd66fce45abc89459829cd162e1086_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007b88b8645d6de74ab21efaf0de98379b0000000002000000000010660000000100002000000031fda4ca0ccdef9ba4695616c1b0e8c51b43710f6332b0637988f9b601503c0c000000000e8000000002000020000000175432bb20210b5d3e0579126ea8c8d3660ec98aff3a870bb8b0f6827efb8d3790000000a7941f1577d47927689894967e8acc59e400abc71aa0306545c61ed9027eb99b79e33041b5295f270572744f53abada50aa0fe5c48d85e3910ebc399e6f2328b27430e4f04d124a79be5aedcce467a443b8e78eee800759946e0451015441a457cbb28648d0747110360749f6a20b7037187e4ab155d5294fc82ec4c05a5bf2e323cadbf444cd730d999b078be6d4ff740000000a7fccf385c1ca1a2f30ac112b5ec45cf65e4036a6a003a72d706216f42e5f4e74676b2bc1481af1a866de3baf1ded24e49cd365950b237c320341e4867ad4454	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\SearchScopes\{02D117B5-FF0F-4213-A4B6-4318ABF70F6F}\DisplayName = "Search"	d1bd66fce45abc89459829cd162e1086_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Zoom	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\SearchScopes\{02D117B5-FF0F-4213-A4B6-4318ABF70F6F}	d1bd66fce45abc89459829cd162e1086_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\DOMStorage\yourpackagesnow.com	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "431867425"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Toolbar	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\DOMStorage	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\SearchScopes	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	IEXPLORE.EXE

Modifies Internet Explorer start page 1 TTPs 1 IoCs

stealer

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\Start Page = "http://search.yourpackagesnow.com/?source=-bb8&uid=6ce4bb1d-3d0d-4d0d-ac39-f209f27eaf71&uc=20180118&ap=appfocus84&i_id=packages__1.30"	d1bd66fce45abc89459829cd162e1086_JaffaCakes118.exe

Runs ping.exe 1 TTPs 1 IoCs

Remote System Discovery

T1018

pid	Process
2984	PING.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2676	IEXPLORE.EXE

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2676	IEXPLORE.EXE
2676	IEXPLORE.EXE
2692	IEXPLORE.EXE
2692	IEXPLORE.EXE
2692	IEXPLORE.EXE
2692	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 16 IoCs

description	pid	Process	procid_target
PID 2752 wrote to memory of 2676	2752	d1bd66fce45abc89459829cd162e1086_JaffaCakes118.exe	30
PID 2752 wrote to memory of 2676	2752	d1bd66fce45abc89459829cd162e1086_JaffaCakes118.exe	30
PID 2752 wrote to memory of 2676	2752	d1bd66fce45abc89459829cd162e1086_JaffaCakes118.exe	30
PID 2752 wrote to memory of 2676	2752	d1bd66fce45abc89459829cd162e1086_JaffaCakes118.exe	30
PID 2676 wrote to memory of 2692	2676	IEXPLORE.EXE	31
PID 2676 wrote to memory of 2692	2676	IEXPLORE.EXE	31
PID 2676 wrote to memory of 2692	2676	IEXPLORE.EXE	31
PID 2676 wrote to memory of 2692	2676	IEXPLORE.EXE	31
PID 2752 wrote to memory of 2504	2752	d1bd66fce45abc89459829cd162e1086_JaffaCakes118.exe	33
PID 2752 wrote to memory of 2504	2752	d1bd66fce45abc89459829cd162e1086_JaffaCakes118.exe	33
PID 2752 wrote to memory of 2504	2752	d1bd66fce45abc89459829cd162e1086_JaffaCakes118.exe	33
PID 2752 wrote to memory of 2504	2752	d1bd66fce45abc89459829cd162e1086_JaffaCakes118.exe	33
PID 2504 wrote to memory of 2984	2504	cmd.exe	35
PID 2504 wrote to memory of 2984	2504	cmd.exe	35
PID 2504 wrote to memory of 2984	2504	cmd.exe	35
PID 2504 wrote to memory of 2984	2504	cmd.exe	35

C:\Users\Admin\AppData\Local\Temp\d1bd66fce45abc89459829cd162e1086_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\d1bd66fce45abc89459829cd162e1086_JaffaCakes118.exe"
1⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Modifies Internet Explorer start page
- Suspicious use of WriteProcessMemory
PID:2752
- C:\Program Files\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://search.yourpackagesnow.com/?source=-bb8&uid=6ce4bb1d-3d0d-4d0d-ac39-f209f27eaf71&uc=20180118&ap=appfocus84&i_id=packages__1.30
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2676
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2676 CREDAT:275457 /prefetch:2
    3⤵
    - System Location Discovery: System Language Discovery
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:2692
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\system32\cmd.exe" /c FOR /L %V IN (1,1,10) DO del /F "C:\Users\Admin\AppData\Local\Temp\d1bd66fce45abc89459829cd162e1086_JaffaCakes118.exe" >> NUL & PING 1.1.1.1 -n 1 -w 1000 > NUL & IF NOT EXIST "C:\Users\Admin\AppData\Local\Temp\d1bd66fce45abc89459829cd162e1086_JaffaCakes118.exe" EXIT
  2⤵
  - Deletes itself
  - System Location Discovery: System Language Discovery
  - System Network Configuration Discovery: Internet Connection Discovery
  - Suspicious use of WriteProcessMemory
  PID:2504
- - C:\Windows\SysWOW64\PING.EXE
    PING 1.1.1.1 -n 1 -w 1000
    3⤵
    - System Location Discovery: System Language Discovery
    - System Network Configuration Discovery: Internet Connection Discovery
    - Runs ping.exe
    PID:2984

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

Remote System Discovery

T1018

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

Filesize
1KB

MD5
55540a230bdab55187a841cfe1aa1545

SHA1
363e4734f757bdeb89868efe94907774a327695e

SHA256
d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

SHA512
c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62

Filesize
2KB

MD5
11edd8b2fafc767bf0205ffe98e8de51

SHA1
0ecd6ddaa14b9b4ca8054ffb31fb67b68b43fc47

SHA256
62a57ca609eb9560c555cee36ecb79258f713ba332dbd8545aea8a76c8b9d489

SHA512
c3c11d4c9fbde1e441b9ce04b67ac9f9a0da6d0a6e0ba3988eecdf717def99b2322f397252fb3e3a3807721c5a5a9b060b7fb2e051bf59439cd52f1cb9808445

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894

Filesize
1KB

MD5
c320a0ad811a42b2eba03a612c8ef547

SHA1
429aa5cf214778dfda81f0300daced4ff69d95bc

SHA256
2ecd87c11d0a1ba66fe1179c8241a36b869d9926bc845c3df2779773740a468c

SHA512
23d46080c205c478cf2a86f7db155a6635fd31c4c7ba3174c9fed86a5759689afc7552c6e52bc5a3626f74f13cfd0e982efaddfc375f46d31aa9af37e0374f3d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

Filesize
230B

MD5
034b159d4f713dab35d5986c277a35f5

SHA1
f0f49e211879a12c2b467b9b8ead0cb93ed6162e

SHA256
ce7a8698ace3433550ad04442b4d7e0fc1ef77bcaf0cd7617b71d2f57df33c89

SHA512
8df0be8466b7aeaa73360435c0e18487cf04100c30b708d389d261f8fbacc952465d56d4d71bb857478f4e9bcfb46c9da1d4ba8132212ff51fc72b20ae9f72aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\4FA45AE1010E09657982D8D28B3BD38E_87DA6D1A132183C24FD4DEE456A0E63F

Filesize
410B

MD5
d6b78173528f32e2c076ea6ec079720c

SHA1
ec07516573818cb98857956f8a93b5b79f9b90d7

SHA256
21a2c74cbb2fce2b6c5680327979771276d0989317806d04d63d3a44455f9f93

SHA512
14accbb09a3edb44153285b06f5ce8cf01715ca47df37b007da6480409d72e01821c7b00f166cef6c2e25c24037cfdff9153a02bf1123e3c37e84b35530b832b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\75CA58072B9926F763A91F0CC2798706_B5D3A17E5BEDD2EDA793611A0A74E1E8

Filesize
438B

MD5
af4a078f249968085ea4b5c6a2683e15

SHA1
8b58f4498b8ce6e5ead9aa6db368e8130d5beec4

SHA256
b0bc778dbfc988ad98bfeb6b44f149b5404b421e8d84119d0701b34339f5ea71

SHA512
8662f47cd290801ee6021a639147277e08bd3d75dd0b5172a614b7e0111ed14aabff53c77d30b35ded2ed3907ccef13f808fff4aca0aa51bc6387ec539e33daa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c1c1f20c7c0e43a9c97c8a1d558c107e

SHA1
7436320b37bc951047140623661109cfdd6429c7

SHA256
25cfd1e649e8a70bd6e6c9e9e7cded7835695da03cac6e409c194789859f2304

SHA512
871a23256a766aae40f5c2beafb0835a66edde233c6ae0cbdafc220d9dae117083f77362bd93237bb6d9046574e1e89e6a1c7492ce694afcff7109dddbd15fdf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2484a2d43200a83e7b33c8fd2c9df184

SHA1
5738e567c8e4a20bf70f2f2c89997557defb0a7f

SHA256
97d84eb4e2ffd0e195a7be116d2317d495316e972789ca9030729fc03666bae3

SHA512
c9705595d989cc77438b50ef86e3ea60a0364bcb827a4b50154dcb49feca0929be7013460f3a929ae2eab63cd5ecd8815be77f0710e200ddf886585d5fd85339

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2872f99c64fddb0505d8b836ff5358ff

SHA1
53ce4c7aaaa8238439c9ae2b1e27eb6d6e71a247

SHA256
3135e0d992ac0ec9a185bcbd550930d57d4f39e12c6a0e8bdc6ac631e8399743

SHA512
ad50081023b8c0d5b48640b7d329a4c0b7b6af022e1164b2e01ec05f6aae9cb72286782a5b4060d06067b4a4a25496905f99e3228db0e76bd831582da3fe4774

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
54b8e57f272ab63b609599bcd41e71dd

SHA1
c91b2fd0553228120ffedbba873303c803974099

SHA256
08b0ea345c4d97619a176e5e8bb80b193d287b681959fb8d7200f39f84b868c8

SHA512
ca358a9e7ebd514412c38d36b9abfdfa9a82bfa3c214939e0dba7544f7c0a23154750cf4b5d25136ad6bacaf2758c084d040caf059ca89a1ff3154d10aeab962

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d02ec379d59be9d219de14985ac8cd0f

SHA1
57fdcbb87f7c3495f5403f5737b37f57d2b4f299

SHA256
e324874c1c4a8f4f557b1e42c6ea569615a7708d7813a4250f164aa1c988215d

SHA512
5ad0db9c0b34c733cd31e3fe9ffc5e1d969b68f45690e7df3c5d954c79e2b08f7d1654398043c6c3298872dd322387ee083a7e3b6a675d18c007921502bac17c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4a6819fa6b6ed03c6d79785fcf9ca020

SHA1
c270db3c5f69b5f682efdc80637d8652d041e593

SHA256
44b06b83817b7ff8cd63a5ec799bfe5529f3159a786f8e2fffa41b5dc73800e9

SHA512
049358263cd5792a6be7f7c852e856e27c3124c6693537912389fcc84527dc3360cf83a48d9cc772cbb1086d58bcf41a76e7d7ad79aaabb3315aeb4b336f876b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
56fca5c17ad7eea10f3fdbe8754099cb

SHA1
0525543e11076e710b4ffbcac12e3f50edc592d9

SHA256
b3ec761fcc7e3c6ad9ad485077dd647eaa0f67633f0615f2bbe4e03d252d701e

SHA512
4e24b00e4a68fc4acbc84e7b641f03becff8d176ab8d9c210d8efa780240287ae640def913e99ad492f258cde41560ec88b3faf8705c6f3259e3fbd92be9381d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f6915521d62ee6db7196147f4fca9309

SHA1
b6d171da0fb2b270105e98b35ac0ef77900d49ea

SHA256
14227f04179a049dbc3e8386a13d1c8a31e2e01836dbc38eae092199da933890

SHA512
67f257729de8f50e354f87e9a875442f193a9e4cdcff5009202b4cbea20486bd1f3bb3399813b04fb7a5bc74c231831a97bdb05a048bb5015e5174398c6b9fea

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
176a612d252f760b050390fd293338f2

SHA1
44e65db3d64028dc554badb037db6d41c6afe892

SHA256
1bd176813b5d6a2b8b51ead09a28a32aca7577016346b9881ec307f5be36a486

SHA512
41c8febdc3d7f8c5be1f13e45c640196dfeec249b7ddcc651c1d0fc4c8960ed2d72dc3e43dc4a0af3c5f960745f3cc569a1e42ece7dc83829e05db06a2b2f096

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
228a2908c2e1b0fbf1cd78bb2a362bf0

SHA1
f5b54ff8a84ab73b1f23c3a49c0c1c8a0ad53368

SHA256
95870a7a4d3ecdc1a2ccc5bef88ba5cda9672f9b692774dd3b4c1af0a8ce8452

SHA512
01e1ff54d042ede41ec1a144b7194ddd62923aeac24e624b2deb326f4db47634ffc73af50ff503c682dd0a6963f52bec610f791158bbc2409a31210110a03a5b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
68155c162c794b26524baef460d883bd

SHA1
692b61ead496c8b104a007f0daf1c8ba21fd67c0

SHA256
2f2f80c6ecc0c6973e1b2ec3eab0a8efc03ab39e046472386037f5dda13a529f

SHA512
358cb96e6c6df764539a86917ba115715420d2eaad3e1e079a2250cb04e26456262267e0e4e0c369829a5e1c7101ee06a30d0cf7628c88a88f406e8ce0f9c92e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2cfd865a8b80fd716f047aa8098a8b47

SHA1
255fcf07b002aa57abb212f2e59f2d8db86cf793

SHA256
3dd59e4088e34694ee208bf3f1b464487855a3b732e593a1f78a6b70ed12a27a

SHA512
26aad3d95cfa8bc2598e196823c0607fcc387c977f87fe17d957a3ebab7ac6887ef142d22dbefd1a862a82fb6e245970226867dceabdf85feb40a531c9fe788c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3636fdea4a6763f60d2268393cea138e

SHA1
218108e2338183f1bcbbdc109182ae70d7c0fc21

SHA256
c36a1284c413312389b5fdb1029dbe3845e7effdab1c84a7dce00e0263c151b6

SHA512
2b5c6489d0dbe0d698acd38a0b01617589b2c16adc81096b5acaa28c7dd296775ef1b7d66a0d492ed83db36c768c13663fca6021ac9551b134314fc19d093cc1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ebac849f3368ee1b09ea6842afe7600b

SHA1
2c35a93c3a58d64482e3304ebe536d1800750829

SHA256
a60440651f66c6040fb9e96ec83df46c004ea2a6c11ce218d1dba838b90e5532

SHA512
00e786ec21531600154b877c1d905e06af85e7fcf1685163daec880b6f123becbf1389f0cef47296d8856a675c169dd51b8b0672cc3aea6b2783e241c999ecbb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1fd066f9c7773b31faa4800a8210245b

SHA1
1616766e99bee1eb98a33d711dc2a13bdcad5584

SHA256
cbc4a1001a2105ba59118cbb31664acf3dad65b0b98a8e1d07ce199d079d2474

SHA512
9ec451f54927c5218f2f4bb810942ce5e0358e6a2357c8043930410d9b82e3912188568f0785ce6fb3d0b54c4b2698951d095ab09a8a7fe159c1893ab1f633f0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3d592661a13a113b9807ec777e791eb9

SHA1
aaf78e5f98c84b2a06fd448d09546d50846c7be5

SHA256
8de10273d39fa6c37b8bec90fa62819c856413c90b31e59b6bb5b4024120d4ae

SHA512
0c7570c0f4e84cfa9047332245f0974a8c72a52c240f56a8693c1e8b36ce27d3caad6d46f4043c0bac5753c760b175ae80262d284fecc4aadd2e121bda7ed2a8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8440e11c14031527648c2c54a9072e4e

SHA1
7bb4b04135a030c25328579b0e7220a854f5890b

SHA256
e587c39dcbd51e80503f991f398ba5492d6ab069ad365e5f15b1ad216bd76bce

SHA512
55c94425d25227ba454bf59f986c9b56b10aa5d40e195bc30cc075c73a5451e901ee82d9dcc5697ec7878861bf6cb839fe8ee69193f154089386c1e226086788

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6c4942073c532a468ed3e10b3bc7fb11

SHA1
86491c99dcc4c5b8d88d7b3e80a61fc0e7c59ac5

SHA256
c47e1eeff952e727035dc790e6ccbe330e19dec5afb1ebb63a3d8f28a35c1925

SHA512
1c8271522ca1a8dcaac906c9cfa8700d3ceb1b5bf205acdb0d4945af2d0b2e61da1c1150ecb26023cdb85ad25bf3302433f62e2d36847259183c3046837b1cd4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8541105e42ff1e7087e70c5f850bf11d

SHA1
ae7d893a5ad29e4eda07acd0708410dd8b7e0190

SHA256
c73371df6080e161ce3c178192e4db61951e3e38aa0288cb25aafc7dcf60a0eb

SHA512
80f07d8ed637e25b9f4e8d969c7f78850f005e161eebe26ee1a4c24ef65ebf64aae376b150d34b7ed0383c5dced73d14ffe8a06e268c9973988cf8b81d248356

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3c6994467fa02b40437c946cc4c49c5c

SHA1
203c2f156f5f89d1e3deca211959eb90896a97c1

SHA256
4402b5c7bdd8380f7cdc868a7c1add3289e61a3b1c7b0eda91f06bae77f8ab2e

SHA512
98b46936ba63cce4f3f38fc6de438cd5d2355ad7c10b8f393725e3ef6a4e188f19ead6f0c934c322ee94b01641d593992747a130a754b25325901a46cb1dddfc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6cc06e8f3284a1304334f32db53b0a97

SHA1
2e65f512933c1719ad745833237745ce0bdf3547

SHA256
13d9314f434082b8876edbe935c6f671918d636e3111f1acd8d34bf38c721ab9

SHA512
68b743404aea22585f7c4d1d3a9320bbaa6b468598330c627b4076c91b273cf6340e9209fda78a8a987dad97033d0967a3a502ba640079f99ff806634304ca17

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c171b58682954bb4d0e1b23b80a550f2

SHA1
92d9c222fe56a83ea9c446916080a45e53bad5a4

SHA256
61a7ce4d7cea5ab4b0ec2e415a31ba625a3d0bb1a73d35ee9042fa49914528e0

SHA512
02b74568e32351bad092fe62828ea75677014b33ffa1a092e7f330e7aa7b52e1172e06ce833caefe1e65889b2f89a548d30eada141687d6e2482e098520ae08c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ada0ab52b72ac36cdcaa153aee29a1ce

SHA1
eb7e99816da2eb7a6bc30ef31ae1a8a1a271869e

SHA256
e3e925ec9940d193de1ed9118adf00604f1f71b90a58a911947874822670f2ef

SHA512
b7483753be892c6ad2a9e5a6b7817a51d02e2290eeb4d6cc66beaa4914d47a5373b0824215f855d5a9f3f697243790eb0b2baa5b35821eb1d921e83d676e3e0b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b29c5c4e1c0083b76d3b03897e591f47

SHA1
4d79c8c3eebe2373c939409bf9c68fcf29182673

SHA256
13712b51c48b69b2caba5479afb40472a09c12fe615222ae47e1dc9abeeeb68d

SHA512
1b1bb06958871d0a5e7015256833335d29ffcf690fef6b1c24b3e03227741d73a6c8c84827bd45d5b03531adf0eb6d750d8ae4a2cf30dd843d4a018d3c0814cf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
adf6c52b6c1a387e75786a97d50441a4

SHA1
181556c7c684404ee7540b41833f40e48fca9a73

SHA256
c49fe98f59a212a26bb64fb672a1a518240d0965997b816e9c6f4fc2ab67841b

SHA512
6edc86ae47af1e517662fee086dd6660ea8ea0adcacf26b1f43aa86e710d284b6502824e9e01b380c1317249f68d7206820c3a8a9cca27664a28ee90cfbc2f85

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a79c29f54540f76ce9d3590a6327828d

SHA1
e383b2d83553abd758ba32770947ac6fbbbb946c

SHA256
0d90e08d971eec3c5485f6a6eaf47118a253e5a50152af5e395da3c6e17ade0e

SHA512
497ded31a4618c49db80ef4d4a6ead91afc7ba76b193ec1a9e6a3d4e73b9f7436ae659320a4e64b3d4f0ea17c9dc9d6b4a319b0aa7dfc52cef0059520e89ef82

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0edb9db981cad95aaf2fffc2fa4a5ad9

SHA1
2f1cc3eda907e277f31eeb4734175326a5ef8dbf

SHA256
a095ce0a4ef29b9ac3351fcfcb46707d816a4b0ade00a1e81753c7ddb43a5780

SHA512
b35b05b985ba6656c897efb39f9dd3b7c1aaa37c3d45cb51719cd0a7800a58faed6d594d618d214111a792939125cb35dc96182315dc2c05cc6e193b8034dd1d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1f1126a32c10220ee343decaddbc75a3

SHA1
c6676d12220991b50e30a7310f02ac891986788a

SHA256
798cdd8259bec853f684964e11d92c5e9bab339e50112634e05369bca5393f28

SHA512
0b9ae067e79b1fb4809bfd75982201432bb9b77185ecc52e819618da81254f7dc052d361abe740428010b6ce0b70d6564f1c3508a16bfe01766e8cb12375c3e6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
44be18e6b901d085eb8dc8182fa8ef3b

SHA1
226da30bb6f2cfe45126be4ded869dc1b8ab264c

SHA256
9363ff1804cb3b205b4c9157802d305fae24a4614756ae5e585ecf78be4d9b99

SHA512
ec8d412693ff333e12089c099740a925d8d4ef7a4ddd060e7c3f76a03867a1d36a947922a1c71980b85a2635553159b9f02cc8118c8a27930635587497b00e22

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1dcb278719a6d9bae8bcfd897513622e

SHA1
c8e3687b4b29162e4b45c5c672342c8debf948a0

SHA256
b5b4e22ceffb46f41903f180d3fff097dbfa7d43dd1fb8a4d549befeacab99c5

SHA512
27577c9d04cf29211842d7c60bf832d37d91b3afb8d10420eaf7d90f33fbed155e4d49977a9f2b1b41b4740af378d60f145b96937764e8630478d78543129036

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b06f7c426f4b24775457e22726c77d83

SHA1
4db8ab6a572c3ff79ef3543c283b433358954d8a

SHA256
5997b15fc9132e90a5de440248fb3bfa28f2c277c08ffbf0dd42e90224c4ac59

SHA512
b09fa37d8ea6aa32f3d2ef1f23b8a8bf1c4936aa708586bbdd95d63004bc6c152459f2adbfd8fbdd65e78ba730c0ddb76b561b86eb918c8354a38a2b12d1875a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\lutsxto\imagestore.dat

Filesize
110KB

MD5
3abd15e37a498a176a8bc212f4c34c5a

SHA1
bc6977dfe7f9a41ec7097fc888c593b2e65ff21f

SHA256
2db508b7417765f9bd267e1646d96386972a58cc4de962a3a9b094f3fd91d8e7

SHA512
b42fba082236c7a0611d0b263a096fbd47da0ef96c7d5b2965fe4c67a4e16a7c81626a166ae7b389cfaded5eeeca53be052c9a154822e3cd0cc315acc67fdccc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8H7UVK5L\favicon[2].ico

Filesize
109KB

MD5
504432c83a7a355782213f5aa620b13f

SHA1
faba34469d9f116310c066caf098ecf9441147f1

SHA256
df4276e18285a076a1a8060047fbb08e1066db2b9180863ec14a055a0c8e33f1

SHA512
314bb976aea202324fcb2769fdd12711501423170d4c19cd9e45a1d12ccb20e5d288bb19e2d9e8fd876916e799839d0bd51df9955d40a0ca07a2b47c2dbefa9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NQU8S4LJ\js[3].js

Filesize
198KB

MD5
050e8a91d3908b26158efaef465c9ec6

SHA1
10fe8ee656d450dc31cdf22ee2b47f87e7fff275

SHA256
80bc485f1e5d8c46158d478d6f0da064fd3015d34ba0a1b4f0ce36e2bebcbc2b

SHA512
6477f32990f2ce18d79a98d008ab9de1019fff885c7ab2610984fa8fb53eb7783b7a6fb4a50f9462c7743dcf3f86a8e004f7499abab30c4df0db590dadc0c368

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabCE78.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarCEC9.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\22XJK0QR.txt

Filesize
330B

MD5
f8ca5caa7026ed1c9d3e33d0865fbe4d

SHA1
418044bdfd95b8345cf1cb87901e2c451ff3eaa2

SHA256
a1b06ec7e8e604cf800084246ab772fae0d432fa52ffce5519529c26f75f4b96

SHA512
a86f333f0bd21b061b8e7982c839f575182286c4c362f2aed72a652ca56d4b6f289c1443c0cac85355a42f89c49d548a09fe1adbaa8737be6175e007b09cc144

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads