c260139d42c5280cdd08d67b3238aa7bf1cdd479e65954b6bc196756f3a9ab1e

Analysis

max time kernel
149s
max time network
142s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
07-09-2024 14:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d23049ad9abfe63d45973292e7cd17c6_JaffaCakes118.exe
Size

1.1MB
MD5

d23049ad9abfe63d45973292e7cd17c6
SHA1

a8b5b86f9f8fe3d9b953376823951d3697bcf333
SHA256

c260139d42c5280cdd08d67b3238aa7bf1cdd479e65954b6bc196756f3a9ab1e
SHA512

dd9599e083ea9e3d21b4e0d9160dbab433d1d7a81236954a6b80ea5e29fbd60caccf976bc3d591a0529f30d00e30dee46287b048edcb8d0b2cdbf71c7269db1e
SSDEEP

12288:OsM+aTA3c+FK1vrlVYBVignBtZnfVq4cz1i5pP9kPQD:FV4W8hqBYgnBLfVqx1Wjk+

Score

7^/10

discovery

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2432	cmd.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	d23049ad9abfe63d45973292e7cd17c6_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	PING.EXE

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 2 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
2432	cmd.exe
3024	PING.EXE

Modifies Internet Explorer settings 1 TTPs 44 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DOMStorage\searchws.com\NumberOfSubdomains = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\SearchScopes	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000045c0dde48c11474f81d9a2c02be4ea2200000000020000000000106600000001000020000000592dc80c92dced2faa8994417ea74c46547b43bc8665b214d61a63253feae2ed000000000e8000000002000020000000e59df4e54dc54fe259a52a9991379da879bd0bd1cc896684e482ce9386ab239b900000009bca666baa4e8b0dd2628987ddbea39980fe8616744af5b7ab74f57b1679e65a7d45d85f05baabd6dacd333a3e1687bf7d0a6f9bce6b89e131a58b8672455068c347efb7a4928f549762e218640fba3c598d13b62616b821631257ca7d2da7ee0f8240f9234a8e52d56d5e57f45002fb3ef577b2301115fd6d3135d217d1d50327359af4cad6453f5c0441205f3919b94000000029bb3e63f660381942b7bc391dc2e4893ba952f3a675b9d2ed560b987ed5f86e24d03c4a938845d9f03ad646d258e45805d9941f541d5c907e1d0e19aeaba01c	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "431882577"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\PageSetup	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Zoom	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{A8CDA6C1-6D28-11EF-9C44-E61828AB23DD} = "0"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\	d23049ad9abfe63d45973292e7cd17c6_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\InternetRegistry	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000045c0dde48c11474f81d9a2c02be4ea2200000000020000000000106600000001000020000000941a5268b9b49e160fca3419c9c0e3736be5847831ece82228cd3bdb46c3aa41000000000e800000000200002000000092d444c41247aba007f575bc89c4ab319c8379f99ff726df235545d7d1f3729120000000e4556cb3dd14e0dad6f9430e255c9ded4371975791734ff60e8c749e19eff7e74000000023d56d364781f02d2b22b3779ebac1e92a2a42f6951ff22ebff7b9ac81091ccfb82c53c9ee363e5df78a40dbdd96bb22e6a88cec33a795691eacd87d69bf4b4d	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DOMStorage	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\SearchScopes\{D7A82D6C-E5CE-4BBD-974C-9B3BB06124EB}\SuggestionsURL = "https://ie.search.yahoo.com/os?appid=ie8&command={searchTerms}"	d23049ad9abfe63d45973292e7cd17c6_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Toolbar	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\SearchScopes\{D7A82D6C-E5CE-4BBD-974C-9B3BB06124EB}	d23049ad9abfe63d45973292e7cd17c6_JaffaCakes118.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\SearchScopes\{D7A82D6C-E5CE-4BBD-974C-9B3BB06124EB}\DisplayName = "Search"	d23049ad9abfe63d45973292e7cd17c6_JaffaCakes118.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\SearchScopes\{D7A82D6C-E5CE-4BBD-974C-9B3BB06124EB}\URL = "http://search.searchws.com/s?i_id=weather__1.30&uid=7cd0c3ec-75b4-4dc9-a662-7971d46ac4ad&uc=20180502&source=%7Bparam%7D-bb8&ap=appfocus84&query={searchTerms}"	d23049ad9abfe63d45973292e7cd17c6_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DOMStorage\searchws.com	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\IntelliForms	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\LowRegistry	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 306ad1853501db01	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	IEXPLORE.EXE

Modifies Internet Explorer start page 1 TTPs 1 IoCs

stealer

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\Start Page = "http://search.searchws.com/?i_id=weather__1.30&uid=7cd0c3ec-75b4-4dc9-a662-7971d46ac4ad&uc=20180502&source=%7Bparam%7D-bb8&ap=appfocus84"	d23049ad9abfe63d45973292e7cd17c6_JaffaCakes118.exe

Runs ping.exe 1 TTPs 1 IoCs

Remote System Discovery

T1018

pid	Process
3024	PING.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2816	IEXPLORE.EXE

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2816	IEXPLORE.EXE
2816	IEXPLORE.EXE
2720	IEXPLORE.EXE
2720	IEXPLORE.EXE
2720	IEXPLORE.EXE
2720	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 16 IoCs

description	pid	Process	procid_target
PID 1184 wrote to memory of 2816	1184	d23049ad9abfe63d45973292e7cd17c6_JaffaCakes118.exe	30
PID 1184 wrote to memory of 2816	1184	d23049ad9abfe63d45973292e7cd17c6_JaffaCakes118.exe	30
PID 1184 wrote to memory of 2816	1184	d23049ad9abfe63d45973292e7cd17c6_JaffaCakes118.exe	30
PID 1184 wrote to memory of 2816	1184	d23049ad9abfe63d45973292e7cd17c6_JaffaCakes118.exe	30
PID 2816 wrote to memory of 2720	2816	IEXPLORE.EXE	31
PID 2816 wrote to memory of 2720	2816	IEXPLORE.EXE	31
PID 2816 wrote to memory of 2720	2816	IEXPLORE.EXE	31
PID 2816 wrote to memory of 2720	2816	IEXPLORE.EXE	31
PID 1184 wrote to memory of 2432	1184	d23049ad9abfe63d45973292e7cd17c6_JaffaCakes118.exe	33
PID 1184 wrote to memory of 2432	1184	d23049ad9abfe63d45973292e7cd17c6_JaffaCakes118.exe	33
PID 1184 wrote to memory of 2432	1184	d23049ad9abfe63d45973292e7cd17c6_JaffaCakes118.exe	33
PID 1184 wrote to memory of 2432	1184	d23049ad9abfe63d45973292e7cd17c6_JaffaCakes118.exe	33
PID 2432 wrote to memory of 3024	2432	cmd.exe	35
PID 2432 wrote to memory of 3024	2432	cmd.exe	35
PID 2432 wrote to memory of 3024	2432	cmd.exe	35
PID 2432 wrote to memory of 3024	2432	cmd.exe	35

C:\Users\Admin\AppData\Local\Temp\d23049ad9abfe63d45973292e7cd17c6_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\d23049ad9abfe63d45973292e7cd17c6_JaffaCakes118.exe"
1⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Modifies Internet Explorer start page
- Suspicious use of WriteProcessMemory
PID:1184
- C:\Program Files\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://search.searchws.com/?i_id=weather__1.30&uid=7cd0c3ec-75b4-4dc9-a662-7971d46ac4ad&uc=20180502&source=%7Bparam%7D-bb8&ap=appfocus84
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2816
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2816 CREDAT:275457 /prefetch:2
    3⤵
    - System Location Discovery: System Language Discovery
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:2720
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\system32\cmd.exe" /c FOR /L %V IN (1,1,10) DO del /F "C:\Users\Admin\AppData\Local\Temp\d23049ad9abfe63d45973292e7cd17c6_JaffaCakes118.exe" >> NUL & PING 1.1.1.1 -n 1 -w 1000 > NUL & IF NOT EXIST "C:\Users\Admin\AppData\Local\Temp\d23049ad9abfe63d45973292e7cd17c6_JaffaCakes118.exe" EXIT
  2⤵
  - Deletes itself
  - System Location Discovery: System Language Discovery
  - System Network Configuration Discovery: Internet Connection Discovery
  - Suspicious use of WriteProcessMemory
  PID:2432
- - C:\Windows\SysWOW64\PING.EXE
    PING 1.1.1.1 -n 1 -w 1000
    3⤵
    - System Location Discovery: System Language Discovery
    - System Network Configuration Discovery: Internet Connection Discovery
    - Runs ping.exe
    PID:3024

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

Remote System Discovery

T1018

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

Filesize
1KB

MD5
55540a230bdab55187a841cfe1aa1545

SHA1
363e4734f757bdeb89868efe94907774a327695e

SHA256
d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

SHA512
c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62

Filesize
2KB

MD5
11edd8b2fafc767bf0205ffe98e8de51

SHA1
0ecd6ddaa14b9b4ca8054ffb31fb67b68b43fc47

SHA256
62a57ca609eb9560c555cee36ecb79258f713ba332dbd8545aea8a76c8b9d489

SHA512
c3c11d4c9fbde1e441b9ce04b67ac9f9a0da6d0a6e0ba3988eecdf717def99b2322f397252fb3e3a3807721c5a5a9b060b7fb2e051bf59439cd52f1cb9808445

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894

Filesize
1KB

MD5
9bcf045e844cd97ac05a93c59d125c72

SHA1
d0e9cf858a15caba80886b6de2b3346080987c20

SHA256
5487a5e38e30c20277abf992acaea20ed6b2db8837a284a5a61104d683fe7a3a

SHA512
253dadd4445ac95c9eac9ff3726a672e73c231f1199beb3be53a837d4d54e411e1c33920a17648fb9ee5b043882020fdbe20f80f67aa49b3076dd38c669b18b4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

Filesize
230B

MD5
5278ac39d684c0996becb2b822750988

SHA1
c2809ce69447f4b821e2d4fc848af86c3fe05434

SHA256
88506013a63ab33f8e36d951c1abacc7ef1e3498f0ec42a5404734db0c656765

SHA512
566623d186f411c525029c301071b6f658c57e98e0998f85afe1e80e53747a4dbae935c4b397718140d7f5add99da45b54eb087bda235ccfb6d8934521d705b0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\4FA45AE1010E09657982D8D28B3BD38E_87DA6D1A132183C24FD4DEE456A0E63F

Filesize
410B

MD5
1afaf02f5abab972703c9ad201aab7ff

SHA1
66866eb89722b91c5288b2df7cb909b4c43b6053

SHA256
11d05df0272e87ad4b62639a605e410294663cf07df98b463da6c86f994a1bd4

SHA512
7e7a70ec32992424a8708ca6c402a4594e925fc3e5f09567e7e16137098cb902386d8e117e073c9081915a5503ee9d0f2a19ee88a6ed7a26f41cd7fcf9380a7a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
955a00002467076f6e274dd7eaf0024e

SHA1
7aa6b56a81552161914e35ba71e1d2dd031ac8a8

SHA256
1056cb84650f56ddf4bba4e90cf336f3eb1575fd0e8df280bb11c8e6be8a5488

SHA512
57d520d840bef3dd3e97114c5ceec6014ddf228d948e2fd74668442eb44c0e0b48b25ea404b5d3fb892d2dd02a60829c850ccb55824e894bb3cc9349e592eb03

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e9b67bd7d04b6dc41dbd9db6bda249a9

SHA1
756f109c85b981caa8d51462be118f14665487e9

SHA256
e5b874fa3fc1f27655e63ca250806f11cb446db91ed8fd07a8d0be90c5c553d8

SHA512
4d34a2f06b3b4c789b407e029498c092ceb2e93d155afd82144adcc674c352b6dfeb03e1d060a8e4a38b8d8956f593a11c6ec8c82e38711b60a37d9e78af23e7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
36b9ec17f9362a58f30e6a96331d80ec

SHA1
1fd016474f760269df6ca206b94a8bfa4da465e8

SHA256
2af33734d1a5d7047886bf450535600bb2b52bbdfd1586c4b8a350c532663b45

SHA512
709ecbbb77d4c338a0db006eb12516d791fd705418223cc1a3c12f71fd3f2a805bd339d4020fb9db0816df746d0fe9ec2ff3111bd27e9f383b9e138f9cf74b35

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2f095e126e491d704d1e1a17594de3ff

SHA1
36bbc5434590c5e579184107a5b596e100925952

SHA256
db4716a913a31fcfe44bbe3ab05b9a172754ad28182c0b17ce33abd8575f13aa

SHA512
8012308a893b86c38b06c6d63e1185939cc8e799060546c89f6ea128a5f6bcae0cfa6ec00a8788d8b53345d325820c77b97891de6ff917aeaa7c5aa40492375f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e8aceee1f202db01961785d1c51c60a9

SHA1
3fe3be08c7f14034732e9235d9a8343c7b6d70a7

SHA256
bd6278373036fec9ecd37816ebf0fdbcbb4b951a904fa16ac56fe0239153ffca

SHA512
3b12ea8a81106a986c80ec261a2c2b4b9dcd4a024cd6c76ecfff1c8e7b45d28ea7bc09339e2df4bd0a864325eed55982cc57083b6b3b5f8788b46c5d51518c3c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d26762e77691c2353aeae8bab53df0ad

SHA1
8b4cbefa9ce5ecf6ccfb7962e62f59e010ff17f2

SHA256
48d9f13f4449082d0d1edc2af450e285213d0386448d049c0a70f0e8165784d0

SHA512
dd9b6b0cca570d2e31afb60db0c9359b1d5c04ee97ccafd319b1121bf02bdb1991cbc4bc480c7b83161b7cbce20163dd88229b5bc904817ac6489e4e032aa31f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2f889ef028d08f9531d1c8a2c40cc50f

SHA1
2a9b1311256e8ec6eea5f10a2868664c5df6bc63

SHA256
3cf684e0a3a4aa11c0a5acf3608975ad2cf654d48edf1b6b9b2e4576a4deddb4

SHA512
64fe76eddfc502f88e92c88b11db5b451fbd6c5260980d4121a133b4418c03f8328fd12f3c67731d206e0e6f58de8445b370b45073d1481d7b06d7d8700e9035

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4980795f95459e027b47bd48c132391a

SHA1
7d2cf46c210b3d7fcdacb9f7339f36865c53388d

SHA256
49c748aebdf509b31d884d6f266cc67c2cbd60b3decc905153a42ac89d20cda1

SHA512
629f9d9900c615df16084d00609ce5bdfe45df76d69757736867be29ceb9b9ba9187e467b220892e8c9a4a899b4542313a8f76fcaca94cd4ea2f55809d9d6f0e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3ce8fc0c7a9d902305b7f5522ee4b9c4

SHA1
a97bc1f4487eee52304c7ae209e3f48225a99909

SHA256
8f93234ad5a54244eb0e408590b781254f33e13a3a258a202f0c894ea8081b11

SHA512
7dd2c1d5b7842c728cc9bfcf9f9fe7a1598d084a126d6e3278c3b2341ea49d18cb2fd7f7ada261263c706e6020d85a2879178e1a2e1ec3a3c891b49eb6ed40e0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
db091c3fd92d684b51e9432716f83389

SHA1
8a91e476495290505ee4d9ab134e49f81352cf33

SHA256
382aba6bf15fcf4785e016df4181c4deb7ed8d36c9f0d22ba0413ed289c2d06c

SHA512
39aeaad1e55225c90b325656a4ffae2d78fafeff626ca95f9dd3c3d608c94f19efd80223ad2c27616d21889771c232f592724330e74ef60495bf975a22997a27

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bff50318e2f0998b655786fa039c513e

SHA1
2ec1320ca14aefa8de07d381f3abc5908d34f03f

SHA256
aac357717854fd2e08bc05b32b5ff9d14d2bbb12bf6641332018efd89e9119a1

SHA512
948a7faa475606b21435d883b8a17ccd1c322e8361fb21dde52b613cc2106edadfddf0e9ea7c143ede6783d8e8703d50caff5373e7ce588763f2f925332d7221

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
48ec7f90c4cdb5db79ddd6cf62e72a35

SHA1
c86e64a2aa84b10cb20e73ea446487596d8fe906

SHA256
deb88bc0aa5ab7df008c0487acb22953e1a69005746c48373caaaf2ba2232c50

SHA512
80a544b7d7562cb7e9d82fa716aaa51c3079347e2e3357539782485eefb8e859c4e12e3ffa7ed0a49962099971c8b7c2b0adac18e8e60f8657b9ca75888544ee

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f08862ea975e0ee0bbf2290df267d9b3

SHA1
cbebf1763bd71ecc49042ac916786dd61645f42f

SHA256
178728a2d1edce900cdc1c17882694fe9c4ef57dda1d1edcfd4fe972d8dc5b41

SHA512
6de05a8cc45b949938b71b62df05f2574bd4ae53d00ed411bc8fb92542bc505e784c4ce11758a8fb27bf5d40f93df2a115b861a45f698e183aab17fc022bd586

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b274cb54242fdd82ee48757da7c7eea5

SHA1
6689db290561a3007477b52cd303e900961be8bd

SHA256
2125e6662f1dc0b6f47e9bc67a572aac08d383813b5132d993c200e85dd75827

SHA512
22085b16c2186fe7410109945c60ae4cf85b36954821e39c478e8c47309aac003eeefe389a393fa920c7a27d89820b5daaa2dc2b9ce41c8c9bf662f2b891907f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
493cdd364008cc043afe98a5c9226f94

SHA1
a64719e8032fb08c51cfd5105aa5754126fb398b

SHA256
32e4ca6b99a2eb94582086d5b4641259dae91a18798d173b3d7bea4622c12df8

SHA512
cc9118efa062f1048a9fe45223e30f4737e7f7191d814023c728127c4e4b5edf0f64f5c51885d6fe38ce281b2a5866ebecb44656e89ca37964e2762050a03609

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a3ec1c729c9bf2c854d19ee79175b122

SHA1
d5ca78a3769ea14c7246ce505043761b70226fa5

SHA256
7f2c42bca0e4bbe9ca9166b700e5b8c64a66ddf60948f8267bb9b6011815a65b

SHA512
531d502764f0b77e4f28b10461230667b3f636879c432fabf52e11e3524e8bdb3e2729633ca6020b0067802abe0daab679d8c37d1548c265d99d1e526794514a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
88f066f7bbd3c36927795783edbed646

SHA1
4288c00de851f696ff357b1605ed295ae2c0224a

SHA256
26510a522091c6ecfa148455255e4e6debd0336fd3f10eec5cd5b9ab86bd4c7d

SHA512
953b0332c5f5f3ea8c9e4ac9ac0c75c922cac1a79f26db8be66ab70409e84d3acd7adaa06f027c6c47b0e0f3722eae5f74f0bf63832f2d1e78a2945ee4d2c208

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a41979b36d3a436c62c4874258d94199

SHA1
d3b3549215963d3353c96ec1ff529659ed00804b

SHA256
6379549324e5e78a0b2136391c27e0e26496ed67098f24e86e6970f1ed69840c

SHA512
4dffe1cc673451c788fc0231912eb1a49fc03dc635d56333ea119bc3dbf2c84aabe6384d88fba6e973287ff36ddd403b5e8559f8850b55632e735ccd9decb9bc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a4cceaa438f55d4547008d5a3f5cee6a

SHA1
582d3e8a9c5dcd73cde090a68860f84bc8117573

SHA256
2bb4749bd7c272fada2c6be45af31201b17dd546592c89cee05abf1e3d1c62ba

SHA512
c4d18bf155523c805c2a70bb16a7806b7cc4e69b86630d6d7a39233fc08f7760de8972fd7f123914465ec72a5f6cd40a87fea5806214a9f86eef98a96cbab01d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ec24d9c89945d10fbefa8758443cce83

SHA1
cf2c89bb55198b2aa259f522c709442ef084d56d

SHA256
0c5611531dfa85dd4dcb7be8758ec2a4de0234952090abb85788f7351a9e2ee5

SHA512
63ca22a0a5f13b3956a96886cb095cbab27b3e11f6312c791e93b4ca011c5086fe89aea5d022aa82a29c95f702bae14c36d73a4409446797bff7585953249e42

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fe7be771689c96c2eb7d4a2682c09063

SHA1
37c35b186983a8b9b99accde86705b2a5076d7ab

SHA256
713366b570cca24ea4e85996b8780a2f4e1c6497487556633f14c1c912dea79c

SHA512
7d5e294f9e22c878ce32ecfe2e369503e29d103475a6e913d678fe9a345a8c6e161da63b1695bd7eedd3f00ae97912e5b40d2ce070e1e3631c424c14c9926c61

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1146526b3c9ea9a05e3c78d5eaf0c099

SHA1
4e182f09f0b8148d953798fc9ef980ddec786585

SHA256
32858d98a469a386a8c9a9ac861828957b7d6e4b290a016396ab10c4dab06fc6

SHA512
003d7b0b28cdb0c76adbb44de45f95e06b727678cb525de54cd7546d43e4daaa68191044aa1ae22ac8c6f3a4e41a28a5a1adfb401800c57abd56db36d4fdb96d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
08dc91d4668e2b0a86e9b8a442620ca1

SHA1
0ce6bdd81f6bc81a1c962cf237ac23f6a3f27d46

SHA256
4f8a25c32a92131acb910c48d9e5063e69d508e04d2d55528a132cf8555cf895

SHA512
88a2ae32a97dae95e1d8abf2da6a863418509fb19fa7891bdc14421920f84dcf46e0a3ecb69c37b3c8f2552a2a2aa382be908c1a570bbdcb67c4047f9bcc8ffb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
58d82ec9666e451f505d6e46fda60336

SHA1
46a1e28ce943adbca31e3fadabc2074e5e1d996b

SHA256
c0ab7d1d06ff3555d2af91106a3a4bb4b509882b9bf317a7d738c44a40843e63

SHA512
ec63c72df0c1d0e0809444ff5437d67faefaa3b62d8a48e6314b58c97692b9387529dc909b764dcc461c0621b8197958b17f1bc863374f223149eee4d3c9a814

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b25ac5d4fbd3ce16d06a58362a459a22

SHA1
9818c88dfb6dfdffd645c1a4ffba5e367cc2cc19

SHA256
53f7200bbaf01e1c8b399fb379fce17d2970d96ca5a9dfa79bc2c831e7308886

SHA512
82d362efd4fcf662bca081a222bb4fbeafc09fa4e3c028f077d33ada1e288e87bcfac1af1d585eb713faff99f07111b6fdb5802594b2d5a97a60b666b49f43c5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f0b5cc80cd5d36ea0cb69b9b2b51c81e

SHA1
9590e7e0d56a6861faca9b751d13b543c10e6c75

SHA256
fe4d2920d4b0e843ad9f166c7024bacdffd0a0965cc981334402d905a3689a50

SHA512
57942725d53d8b49b3e12846ced578281b6212d50f7985e5eca8aab942b4b69dc33d3b236d334240e928c14cc01644f9891b665d1c40f36ed0a4cb0b82bbf90c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
381238fdfd5a611a113d47522b5e6a01

SHA1
d3d15161303562a251af233dbc1a384d687d74c7

SHA256
0b448e06fb07d0563f6c0534b58612029cd55f9d11b4e0d3fdd31497a171b4c6

SHA512
8d7b151ae6bf3fa96b345136219c3a716d954c4b33220fa3260305daa596efe0858cb2f52e421eed3f70793c21cf4522a5f090f32b7cfa7f2a56ae995982a887

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
30ae440d965b16806b3597bd7e3fde9c

SHA1
17ab5358dd22d0308ba1afbe03d8c4a5dd4a3a22

SHA256
460d18a9865b11f83f246e3e8555710f8f632f523024f6f2579380db45ffc709

SHA512
9b10daacb1186ed353382d83fab162c1e968bc3d5ae60ec1fac9dbd935f4c3e2caf4ce1f893e2f76ee3123078c37cafb7e4f180b2a54dbc0c94021caedab5ae1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
99ebf81918067fe356b27994e259c401

SHA1
6d24dff223af7ad5c1eb688a06b1d67ba01f8b7c

SHA256
7eb31a71c5388698a2e309d3accbea460cf8bfa6ae45ae810ef20ee62caec53a

SHA512
1a9a1fad9adaeffd50dd30be20b912c4022dfaa3e562d6a83e9d09612914c51c5d2f89294d58adfd758e7f2c7e7b85b33c1e891c6cb6578d4d22f7985d9d8f41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\yiu0yt6\imagestore.dat

Filesize
110KB

MD5
04976e5dc7360d02c868630718c4bcf8

SHA1
3b9351c9f31b3b0841feb0ed5a893c8b43a589e0

SHA256
b97e35baeac553ec96f7a4ff944f70569621afb929bd90799b78fab856a4fc18

SHA512
175403e0a09346bd1333893bffe7b08e7519e72c2e3eeb8c95d17dbb92e29828551f577a7e9675e3cc383991ee59fd0d2738990154ab1c5de67eac2fee10de0f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F91VN88R\favicon[1].ico

Filesize
109KB

MD5
504432c83a7a355782213f5aa620b13f

SHA1
faba34469d9f116310c066caf098ecf9441147f1

SHA256
df4276e18285a076a1a8060047fbb08e1066db2b9180863ec14a055a0c8e33f1

SHA512
314bb976aea202324fcb2769fdd12711501423170d4c19cd9e45a1d12ccb20e5d288bb19e2d9e8fd876916e799839d0bd51df9955d40a0ca07a2b47c2dbefa9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KIYAG1MM\js[2].js

Filesize
198KB

MD5
50c778f3e8eca910fad4295574856b7a

SHA1
ee6588aed5b682d937303600fda249c9011c0bb1

SHA256
d362905480eb4f478552a1ae9900693c6b90d9985fddb988f4f5b17ae03ab362

SHA512
0627283d97750cd33906fb26c832514db7b7c1705014e0d166556d3df9aed4779ce1aca05d183793d4a8b14db7253eeead615aac320f1827cd7a6203b5816844

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabA102.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarA115.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\032ZV78R.txt

Filesize
106B

MD5
8ed39ce5fbacb3847a96babfc57d0ef3

SHA1
32cf93edcf624874781eccdad467b981da2fd663

SHA256
43eb0c42254e10e15d4615ac52c4eea764a0f809452e4846358ce101768ce9df

SHA512
28bc292057e8693833bc87163c14393ab664450736f58a28df9274446ebbba348a74055b1830504669dd754bdaf6cc391ea7ad3cde50ebc1619144d1d4da672e

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads