59cb0ec2266dd284bd304e5057ab0d45bedfce95124e697bd2f7195c8f588199

Analysis

max time kernel
119s
max time network
140s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
08/09/2024, 07:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d3d40f73fe8e32c7c7d285759de0dc20_JaffaCakes118.exe
Size

528KB
MD5

d3d40f73fe8e32c7c7d285759de0dc20
SHA1

507b9adbc84fb9d0632c60c90bee9015cd809d55
SHA256

59cb0ec2266dd284bd304e5057ab0d45bedfce95124e697bd2f7195c8f588199
SHA512

351f62a7a1c55ed9351bddf4377342a67779a2330fb70508ec5fc26b0a166d1aeab10072486f19e505d48ece4d5536d4d22b1eb39c910b1b2e2579efd75bf2fa
SSDEEP

6144:GGosq68iEbBJg78BJnW5SQrL/eiiX9PFat+X:BosKs

Score

6^/10

discovery persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Run\wmplayer = "C:\\MessengerPlus\\mplayer2.exe"	d3d40f73fe8e32c7c7d285759de0dc20_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	d3d40f73fe8e32c7c7d285759de0dc20_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 39 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{D6B3F191-6DB2-11EF-BFBC-7694D31B45CA} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000303eef0e2cd1a9499efdd285a56ddc5000000000020000000000106600000001000020000000df8347033dcfe219777068824dfef0b3cb36ccd31c81ff32dd5dab0a3602e921000000000e800000000200002000000012293e782ce10234069afe553b6eb524ed31028b572e39d40e6c0c5b4d9e56619000000020d035441b2c3395219f37b179554c1ec2facd6bbb6d90dccc605f63807d22fbc5894c53f4758c99c2cb0b669c82e37eb16b36d3c2ecbe69ceac592f340ce60c71fe3762771138ced10472a80ab8789622140d9ab8b53391a0eff042e95f256e5df4d5965f14cb53feafc6a22fcc33ef24688fc2e96b4449fd5295aa015708489a564758c3731e49a0156d27985c817c40000000f0c5f1d05230e15ad832bc7f331cba917067ee644e9d169d82c1241eda937775e82935e710fc728f27a03c1ab79f0c408cfd998bf9aec99cab3578997e619b56	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Download\RunInvalidSignatures = "00000001"	d3d40f73fe8e32c7c7d285759de0dc20_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 608296b6bf01db01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Download	d3d40f73fe8e32c7c7d285759de0dc20_JaffaCakes118.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Download\CheckExeSignatures = "no"	d3d40f73fe8e32c7c7d285759de0dc20_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000303eef0e2cd1a9499efdd285a56ddc5000000000020000000000106600000001000020000000da35914af076c8ffbffc726de6ebec663745fe83e9de8321a196dbd940ac1e76000000000e80000000020000200000005bfee22f395eaeae378f5cd8391de83fc0d704bb135998ea82376716aecf5bdf2000000083413f865e25830b405a0231112d7c4b554ae48a167ca6a1ea8d02fb939b98f54000000006f74fcae4d60601312900062cf27e3c736e900fbcbe9f4bf8931e6e2a6849b55df60d575fba4ef7ab5592bbf97a298ab65d869edc270318a476145255cf7473	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "431941904"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2696	iexplore.exe

Suspicious use of SetWindowsHookEx 7 IoCs

pid	Process
2792	d3d40f73fe8e32c7c7d285759de0dc20_JaffaCakes118.exe
2696	iexplore.exe
2696	iexplore.exe
1536	IEXPLORE.EXE
1536	IEXPLORE.EXE
1536	IEXPLORE.EXE
1536	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2792 wrote to memory of 2696	2792	d3d40f73fe8e32c7c7d285759de0dc20_JaffaCakes118.exe	30
PID 2792 wrote to memory of 2696	2792	d3d40f73fe8e32c7c7d285759de0dc20_JaffaCakes118.exe	30
PID 2792 wrote to memory of 2696	2792	d3d40f73fe8e32c7c7d285759de0dc20_JaffaCakes118.exe	30
PID 2792 wrote to memory of 2696	2792	d3d40f73fe8e32c7c7d285759de0dc20_JaffaCakes118.exe	30
PID 2696 wrote to memory of 1536	2696	iexplore.exe	31
PID 2696 wrote to memory of 1536	2696	iexplore.exe	31
PID 2696 wrote to memory of 1536	2696	iexplore.exe	31
PID 2696 wrote to memory of 1536	2696	iexplore.exe	31

C:\Users\Admin\AppData\Local\Temp\d3d40f73fe8e32c7c7d285759de0dc20_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\d3d40f73fe8e32c7c7d285759de0dc20_JaffaCakes118.exe"
1⤵
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2792
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe" http://www.youtube.com/watch?v=vsd3g0h_vs0
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2696
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2696 CREDAT:275457 /prefetch:2
    3⤵
    - System Location Discovery: System Language Discovery
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:1536

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a6aa121c1846ecf0f5cbe74319896d1b

SHA1
b692ee0efbb1f38ec9be1577e84fa44f202bb3f8

SHA256
7f7fd440ca21c6a631717c06835f591109f1a69f7c3d989a541cb627b6883da1

SHA512
149215576a1bb5e011bc17cb73d91f002929c263691706b04cafaea33ab41021884c345930ae408aa6375d289e74f42dbd766bcaf7b250d66f74074a3a70e645

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
068a66ea6244a59dbdcfd381be53c2f0

SHA1
4e96e4ec9b911af7bbf45f2c52884eb265acae20

SHA256
90f478140859451536d1a517e9e083b0ff0a0262479c15d27a0137e0f2a12e2b

SHA512
2a12a04d9ed1394788cdcdd0c9c497826abc04b4bfaacabcd236d3c5b1f2947b6c748cc61762aa00f1190f21d8da4b8541abd8f62853a4e6322103b459368a58

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
768eb0e08af5fb5a47b734aca47f9554

SHA1
f62c8668d2a8359d7dce435a0971e7681a2c6cf7

SHA256
37fcc3268ec23aee29a0a571153546782868fe5cc76a9cd85fa00c76b85b993e

SHA512
7d5340f09adb7b55a87c9479187e953f423853ff4b2d9053ae816174c7efe105a0911c64805ccc5aa7536b0b0048605a4408d04044571a11509e3e419535a037

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ca4972f4c3c0eae2670ddf7eb3b5778b

SHA1
8b761dd6765d62685b9b4fd4998fdc1381592dfa

SHA256
f8b9e6cd9f1827b8e0d08cc13f766949fb67be781540cdacd8f55df999661ed9

SHA512
8f08e171fdac59bb4d368e74ee668b25acf272eb76f8c96b6310675578cd91b2fe1eb6ab2cadab404a1a235499d2ea19bac4ad23b3f6fa77fbfbb77985f4e7ac

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
aa4037c3f3958a2f2a869a95ef483323

SHA1
4cd3716a321aeb25dcaf121743d7c13efe8304f1

SHA256
9802f2c16cc5facdc0d6b3679f66f8aea2c9a052afbbc9fd1a3274e93b5cf80e

SHA512
f9ae3dbd93d3e42efd2f43bbfae7ade2e4012f489af2be77b8e95066963b7d8c5657793925955786436bd0742eab6725fca449f415818ef953b982da8db7e5fa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f04f1f2fc2bb69b13aa5b28f66ffcae2

SHA1
27e1d9446608aba0b39add0446e1c3f8a5d7d183

SHA256
1e2d2128a257a8115ef18bd8c25812009f1df983b89c9b8ee4a23d06cddb3b5a

SHA512
9b259b54b58f17866df76ce43278d3d1186e5f3b635d4c3102a7755acb0aeb6b9e8bbd027d0fddf87779881f74a33c9ac279dd5adf2d09af45adcadbc33d7d3c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f5a23c6607b15d36b4243f83860e0bde

SHA1
9f9cea86189909a2e9f235eecd9108afde95a5df

SHA256
6b3c0c69758d8dc6ccab88850c7e8b59413ed94183c6c33e8fa98546086e0c13

SHA512
01f4973f44266071d4f25795b9c9069deafe333abf04bc92c0d2b99f51bb7005423382c9addb4602fa0e491efa54cef34205a09dc544310f7e6e1175c754ed06

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7e96c4c4e8b355d726c4b7617d04b39c

SHA1
71b81aa657871b4898b42827146e8f0e9ad2a7be

SHA256
dc84e0702c46025713b65efce3b990e5580cdf7afb241e5521e069063ad98a5e

SHA512
03f77f80a481b94ffaef7f66a35c6f1dee96cf760b3fa3bae1731ff50721fd3bb39813fc186c57b4e1344fb812154d45b49bff2069a31c8919eb561b77f195b8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ee5fa499a3db261c13cb9d00f8c0055b

SHA1
3bfef0fa42b6da695b6e9977849a234db26f7ce1

SHA256
699d220e887d72a8f5e42348c92bb6bb7a8604bc6ec22b4b466c71a9b3b15863

SHA512
acd3632d634ce0c170e643b0b2358de4ca97137cab817a113652a450b09ff7cb2f7822b73a2c342410e8b4088a7dbdc61f52c146e6a4d898fe9c85db17ec0642

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3f0080612ce8057d7148d62be8e25ab9

SHA1
57b299487a769019724b33397ec71a676ee2194d

SHA256
9d1a445352c072e54d1a44103e29c4139cac3fd926759cd47251f4190af3c958

SHA512
095c36194a0a5ae9afb2dfda08b7a684f0d1a808d758bdc4ab1e4d3cfb1b7ce1bd11e1514b15ab4a44e1d5b54fa933f15f1fc27257e96b67a9902e3b977ce847

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5054812e9b26bfe6cb482fc378132726

SHA1
80af4c8a282c7c9aa00c9012e73f76ac16edb849

SHA256
73aff3846115097c30efb7e3179da070e184a566d08381d11bbaefe7dcd18705

SHA512
d57d731a9bcfc3bc9cd12a5356d40ca08051eba795593cb7813e1bc8f3f9469098735e24d7cd804d719ff343a97077f625f045ff570eff58116cf8c73ecf14f6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b7490533699ac84435476c7081fbacd2

SHA1
11beaa3cd3fec49cd0559edc2d15bc8ba8f6bd4d

SHA256
ab1799062f2f5999b6d1868420f05ba05c6852a655e617662b681438ff1ac2d7

SHA512
007bb9740ce6616d3bf2801a4766905c796c822b63dbaa29e20ffa3e7166decbafd1138b0c4522e3fd907a16a9fe82201cb5392e60e075ed0d46484403c1a7f0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bee0ba3372f2602ec21c88ebd5201104

SHA1
6f9491fa3cc99eaf6dce226587fd7d61e785afa7

SHA256
b4b63632cb3a3b7305a981d5967d032a271461c27ef3f22ef52b2fff6e38f410

SHA512
7ab9d82fc976f02d1bd6297b04113efeae9afd2b95da94e574965ac75092ab6f5a1fa4543094ba31f3d7d37a13a3a4c3071caccacb7be71a5f784e7b12683dd8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
28c4ab66c8c689ec0e1bb1d481ac0abd

SHA1
6b236b4bb2bfe6c8434cc524c7816f8ded23c687

SHA256
d4fed96b5de10c2dfa5dd31f24d69ebdb08234566829862970f2e51c09bf3c16

SHA512
e979d219fc42c30ad3af7618cea1508ef53685932502b517dce01541a10fcfa872bb04b36fd22860d941fd0cdcb335b75e062e11d8e2fc469da2528a55afd6ae

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
81504c713e9bf23820882c19c3f6fa56

SHA1
466525d1b76d85d74d2490c8f5df13138cbdfdef

SHA256
75531b6a836909bcea49ad69e0e169b83b5d660cb6594cd41d7d8f7c7b1f5834

SHA512
fb6e355161d7ae6c2e0104c5b38389465be35df0e3ea0ae5ef831019436c6b7793cd3e689b90fa534af60fe685cdabf37a755dbe3d78e2ece48091b2ee50d756

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3cc5561c77715289c269bd47fd0126d1

SHA1
6a789a36a16ad247b4ef641f7e7976c5a2f6fc61

SHA256
ccc443205e762d5e4bad3cf58da75e11455da4255afa685dd346e6804e028432

SHA512
c723c290cc39ebb00027d72f8cac20f3926b3e03cfa7a72c7d2ebaae81469ce629df793d448760a9eae274ea6f472326f82a68d4737668b26cd1fb8e3c4d0fa0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ae9d14569bc056885438c1e92ae52451

SHA1
5f8eb3b17d9f372b7a744ae8790d4910f7a38ca1

SHA256
1054fe3755d734ff9d4a4184f71ef42b8b002a6cd1af64367de71a4846ac0c46

SHA512
1bd2ae8ced1e0484b19db89f3767103728b08d11354001dcc45f85ef72421df2088198ae57e693c2f938ee2e9d24ef280254ef7e7d9a23152f93fb88ab43cb2b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
097391898699c412b745ef00f63ec3ce

SHA1
05efc6911ef6c9fe88ba21fbaa7e7f3d8475b669

SHA256
3a2b814b8e3daaa1e96de96adaa2483a3aac4bec42f764889990779df927f24e

SHA512
f7602642694b88765ccaa730fe50107e12f154b8a2263062647fdde47c7194b6ab0c5b6b397845ae7a9f13856efe54258a688dc63361065eee90120d0201fb51

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7dd39455a65c25d88e48036e6e7dbcd2

SHA1
6e594fc2c0670915d2f5f5cd4560849104600bcf

SHA256
768d98151a71ba6816d068a8d2e305875a4c78dfa11438fb0acbf9fe84a7dfc3

SHA512
42c5b6e6f545348a88744663cb0b80bb0712c32c1dd179908661a5cf97e2425c57d1182cf4f456b7486da01eddea0d9f6669aa0467a74c704e8197dc9eb5401f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
33d0be5c4c9065d5c513fed2c5051c2a

SHA1
e526438335d9843180aefdf78fc448302b212069

SHA256
7c4fcf1836451d7ef917e03726180254d82112a5c96f0ae9b50e025bcb874f08

SHA512
3c6bf848230e0cce90b17fac0a1dcad641a117f2822a32417a50153ace1f1ef875eea6f14f9aaf9a415f474779188823a75e0e6196336b9bd71b57ee89e83ab1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\njqq61f\imagestore.dat

Filesize
1KB

MD5
d25ae53d13e901aeb7be997c8ae2e033

SHA1
7dfd3ada9328d4a600d89d5de68b6bd2637e8395

SHA256
5fcdc392a054f3e933fa9a676e89322eb479d2189417b733e1e47379f8d52d20

SHA512
3c4608b7566db98fee6cec9db5289a3a8adc18bb284dad0e082a6de638fa28cd55d06d0c875f1ae9cc13d79f077c7fc76d0cc13208021ad9ccdf7a48c6f26649

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7CNUR30T\favicon[1].ico

Filesize
1KB

MD5
f2a495d85735b9a0ac65deb19c129985

SHA1
f2e22853e5da3e1017d5e1e319eeefe4f622e8c8

SHA256
8bb1d0fa43a17436d59dd546f6f74c76dc44735def7522c22d8031166db8911d

SHA512
6ca6a89de3fa98ca1efcf0b19b8a80420e023f38ed00f4496dc0f821cea23d24fb0992cee58c6d089f093fdefca42b60bb3a0a0b16c97b9862d75b269ae8463b

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabF6B0.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarF6B1.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
memory/2792-0-0x0000000000400000-0x0000000000484000-memory.dmp

Filesize
528KB

Download
memory/2792-3-0x0000000000400000-0x0000000000484000-memory.dmp

Filesize
528KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads