48f3ecc55fba04c117078e3292f9df8dba5e317795af414b9a9971d3e8079081

Analysis

max time kernel
118s
max time network
148s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
09-09-2024 16:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Processo Trabalhista.vbs
Size

969B
MD5

350ff0bb5c7f9197f8367c225e6a4d05
SHA1

505a378b32f674ba25114ffe7fd1360d5ef323eb
SHA256

48f3ecc55fba04c117078e3292f9df8dba5e317795af414b9a9971d3e8079081
SHA512

2c858a5f654027b575418f8957857929c190efbc4dc7f870c13814ed033c61769e84287ec11aa3bcc374130a657e750fcb93796a0a71abfc0d2c9c0b34445215

Score

8^/10

discovery persistence

Malware Config

Signatures

Blocklisted process makes network request 2 IoCs

flow	pid	Process
2	2652	WScript.exe
3	2052	WScript.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Windows\CurrentVersion\Run\Wima = "C:\\ProgramData\\Wima.exe"	WScript.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Windows\CurrentVersion\Run\Vamg = "C:\\ProgramData\\Vamg.exe"	WScript.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b8d48fc8adfa6b4a805f1a4a681aaa6f000000000200000000001066000000010000200000003c7d39c4e2dd4bdb84afee32e43e296a0934d64d8457bcb1e25f1267bba2672b000000000e800000000200002000000073229e426d823dc1d53de66041c28aec4cc5002efd55329ba8871fd8288ed5c4900000004fc038e896e8632d99ee43216f838a978c56e6162ac09b67f319e420045458e0eadee7af79c32e498a4d615ba36b56935864f5e28242dcf81b8bef1fa297f02c21b1fddcaf0678910a128ee062010d1c449dff1159d29c10b5ff77e6105b7b8c769d83d32b8c5b2c1b5302a4d93b844486ad006f0863f35ecfe4c64d179a16b782231d69be005288f90e7481e65d97c2400000006c54f70e869bf7822a6eb413b2a3e961afb4cabacd5a9939be712127e9521c4f9290fb98e51162cfcbad8a2d0bc0d4cdf129b6ab5c0d9bd1884c04f5f5f0ce78	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{05A0C6C1-6EC8-11EF-8C8A-62CAC36041A9} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b8d48fc8adfa6b4a805f1a4a681aaa6f0000000002000000000010660000000100002000000002f0997a860af761a0edfbd032e7d9a0bb50cde97eefe74ad85bf7487144ae6d000000000e8000000002000020000000eb5e4b848cd75770fd147660b98a3b0b699e633a53b915665e92849814aa27dc20000000cc93abd833c2406d0adf2b03ba447a6585f051e3aa3de079360ccdc0235f73c0400000000dd4223ca5ead330a7542d7267f3787855b231cd35e6b89c69c31c124bcc0286cb2cf9d31deee5b6493baffcc48fa6794ab076629f74cd93a4e875ddf1c4d720	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "432060962"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 20ec43ddd402db01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe

Script User-Agent 1 IoCs

Uses user-agent string associated with script host/environment.

description	flow	ioc
HTTP User-Agent header	2	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2536	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2536	iexplore.exe
2536	iexplore.exe
2392	IEXPLORE.EXE
2392	IEXPLORE.EXE
2392	IEXPLORE.EXE
2392	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 10 IoCs

description	pid	Process	procid_target
PID 2652 wrote to memory of 2052	2652	WScript.exe	30
PID 2652 wrote to memory of 2052	2652	WScript.exe	30
PID 2652 wrote to memory of 2052	2652	WScript.exe	30
PID 2052 wrote to memory of 2536	2052	WScript.exe	31
PID 2052 wrote to memory of 2536	2052	WScript.exe	31
PID 2052 wrote to memory of 2536	2052	WScript.exe	31
PID 2536 wrote to memory of 2392	2536	iexplore.exe	32
PID 2536 wrote to memory of 2392	2536	iexplore.exe	32
PID 2536 wrote to memory of 2392	2536	iexplore.exe	32
PID 2536 wrote to memory of 2392	2536	iexplore.exe	32

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Processo Trabalhista.vbs"
1⤵
- Blocklisted process makes network request
- Suspicious use of WriteProcessMemory
PID:2652
- C:\Windows\System32\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\ProgramData\output_file.vbs"
  2⤵
  - Blocklisted process makes network request
  - Adds Run key to start application
  - Suspicious use of WriteProcessMemory
  PID:2052
- - C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://roncluv.com/br3/ywgeidf8wehc874h.php
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2536
  - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2536 CREDAT:275457 /prefetch:2
      4⤵
      System Location Discovery: System Language Discovery
      Modifies Internet Explorer settings
      Suspicious use of SetWindowsHookEx
      PID:2392

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\output_file.vbs

Filesize
2KB

MD5
38b0e1801b2cbdb68342f1f0d4f2ad00

SHA1
b9efd6c024a3d611240898ac835d14f8cba0fb52

SHA256
3494b3e7858dc03bd07afb90bdc3f72d39231198093db094b0c53dd5cfe4c0a1

SHA512
6588763356b7aaaab04a37f9aab4bf072fc4922c376de4ea67770a273f7eaf7e0ab53cce9dc43c2f0e9ccc2337a073741e6db09f8642bc62df302555c88e5175

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3458f7b9c822bd0a1014d6c8b134df80

SHA1
2ca5225918e21643e8f80cc931a751cb63f144e2

SHA256
9eef0a8d06d80c27419a434087e5732f4c7823ea38aada83d77eddad4e202142

SHA512
0563259b57b6f8ffaee323ca9ba3ad71c51915797d75f9287d558bd6b0974c4213245491891e85ab41396b04d6190b78b01a22b8f34faf01a16140b0ffab191c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8c22d94ec7fd7921ea4740b3f408c5b9

SHA1
17cc77908fc9bcfa249216b0057546901a19bfd9

SHA256
eb5a71184082944add1b14e260d987d51022b937e71ead9039ea2bd94c5da548

SHA512
858124829b529c01538d36153ad7867b31fc8b0509193d7cc6402003d17f7005b1429d340f0a3fbc62b1ce87f7e419a6c207ceaf3968352bb5eb9fee357b8d06

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f6b89c498471e4b0c59c9588df362e91

SHA1
e7deb9cf4551f74d9f6dc246612820cb9a98aadc

SHA256
06b6fa906e34cff207dce62932f883c64cb3e91f610988b1f0897a17ae1ec5fb

SHA512
9314744074126f9371ea919824abaeabb1a1614e525cd70d43678a0f1c6d75a537c2228a364ff2e33495b895e9dbb2f6cc428890e06f3f6456cc1a11d8045c6e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
10eade0eae4713abc4fb79239febf1dd

SHA1
749bbd3b4ca6807a131413bd7d60eac38816a9f0

SHA256
c1a38bee3251c7dc0ec156367bc95ec0e8c6ded8ce0d61020e8652ec0423a67a

SHA512
83c964c45b066b15e08fc12772207836ab36e0bbca712603bfea2fe8a7e969951d8b9c1c60a4c24b735d37fe542b4b23aa8034ab94ec9dbaa25955cee18aefb0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
17c1f363cad503d161989d4c0cbc58de

SHA1
d91c637d56a0547aba62cf611fabc26bc9de6e12

SHA256
ace90e4250fbfaf5ce2b92dd64ed5c62e2601a4ad4004b94cff8006bb0c06809

SHA512
75e9375e10d2ef278e3c914ffdf46c6303eaba5b0d8fded4aafcf16833be971fdae2d067ed1ab707696e96864a5cb3cda3f1e7f2f4b8c348ae28b55622027eb5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
deb6a36664ae9dfaf1843bb20ab316ea

SHA1
b1e05d2ad06f2a95a64d191fcd21cbf07c281d48

SHA256
d8bc4f289ec9d157deb01e104af52ea2b80af98bc430ad61b6be0f3bb76f5b80

SHA512
375905c9ded82c9a1d18ca562374193e6a235c3f7d2a90754b71882fb5d5cb13773d8646456199a5896147b93666f36b7b96fc2f7c725189dd043838561ec777

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4d46a5a10092bc0d7e85e290a74cc134

SHA1
62c38a340ccea5f618bec74ae76ecffcfd8a9dd9

SHA256
882da6266cce51c15462c15773eda025412c10c8040bdd39ffe872eca852d8f4

SHA512
8a99adb2e2de6c53c0ee01b7c919c9a9ac9a0a0eff4888b4244887262423ac5e44f7289338782b8e12f250fe08951419de4dbf39316624b1447364f244c1c08a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
715055e1b5597ad9d06465b388cc364c

SHA1
9b0e28ea7c62d481541cdad7a2953e2a212e0bec

SHA256
159ac1ee4cf1b100755dfc79de0f0afbc04fd546766445e29e8e394ace152452

SHA512
f15b9333df576e263e1677626e81b7ac81d7b95d497931b5abca714168865d0c9001bf29e90585ccf3f637a6f4661ebf6e10b5dc7c1808c0a297ebefca3ffe44

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
48f50acd4033b1bddfc45d326908813c

SHA1
ea60e7574d3fe12a483f56a63c09991e1533cbe9

SHA256
2c3ab76783da20a72d4828e1669d0e06c45e057e38fa06f3a6411a1119ce44bf

SHA512
8f9626b7b0782fbb64179fb13972ae54d09baf2ad6381edd0f32d9a42f3403ec407777a724ab2e14befa813a6365f18f5549b06241897f288f51a5e87581b83d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cd6c10838af3fcb93acea57e3c1cd888

SHA1
977cfab4fee3a13564583c22a3f3ebdcb354b8bb

SHA256
1f35327d7766ff633ed656bf26fde48ef22065cf6470e826e8f56d38c7fdb822

SHA512
004a0df6cdfd2ef57599bc93941578015436d11a2656d546c85c07172d70131227c9c9e96f0367c2250903dde472036720c46b82d35f124044aa7f5795b0bff5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
910dc0e1eebafed476d5a0801fb1d951

SHA1
4f39aad8fb04e0a8dc0c796668819a37d34b6c87

SHA256
c6f3787cf892c9e705a76e5fd95c8f9b2da8b55011ccf7a55651e991d2a3be31

SHA512
a986390674a4b942b0db80dd9ed0234e09e842cd3e97afcdb9146e7f64c92babd9ad2cf5c3e6ad66e7328572c329108cab882013df70050911c10dc2613ea39f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b5a67903d06d8dad28830c73a09343df

SHA1
d427fc3204fdbbadfb2f14691ba96c3b70b9d857

SHA256
1e9461a64bc52a6fa14bbfc92546726e66d8aa4fae8e8bec073316792398fffe

SHA512
cf97bd8ced4c7839d136de3b48e844f3133ca67ebce26f394f6f1db9e666f8141c4f2a495ac50ef8aed4746d3e0c7096624dffc1668fe4df9039eff28d09a194

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fdc903f26ca6d694a39b896a3b77ac3e

SHA1
4b6c8d7321bd5e330912e2bedfa238923b83b2dd

SHA256
606c966b16d916cdda16fcbbb8111111d88c0556eb2829fa3af37930817ad03b

SHA512
76eaac9411c701002d5bc0ddcfec8d16c4a7541ebec5b817eefc4ce6d6aebe1eae22ca44aae61cad07f798905d3bc5252ca85fba8953b0ce0795fb569affe88a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
537a0e7ad69e6e05d45853e1f0d0b135

SHA1
7f05dc21c4fbe64b23d6743d549ff07d191a9c8d

SHA256
f1eca796b763848959a1ed6c10c353e917fbabb66b57bd5a01ab4c0039ea2f04

SHA512
3dc43f9283fda0ef9959d917af8b0f9aa26174513d98a713241605ada66b56d84ccae440eaa188adf3370aafb56ec59840a6ae148d24163ba5e73e89da08929d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
50874eebeff3eebac94dea49a2c2188d

SHA1
cdcf77bf72ab52c3d0573c655b8af16111c7b32a

SHA256
f70115b44f0e593734e593107bf455bc0ed2e691e852c6a910f149f24435be8f

SHA512
b82ee71e67cbc1d3b9a1a37aebf098218476c1fe9429d78c8075c00b93bec56dd34022fca14e9f71f0e3af4e34a0bf77ecb1b33b4e385d76eef129d7b16e1e10

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
80a43818089ce22dc8260afe32a3409d

SHA1
0565480b739c335555c5962f9a70938a808d2e6f

SHA256
79c9c424fcadad1eb75b2dbf52f2121df0fe7596ef400c4492003f8068f938dd

SHA512
9c097ec0a29b83680ef5a5b386c7c49dfce4c408d34acb2d613250de7422d4b72a83ab533ce37bd2f5ec1a22a454b0bddfec344142e7edd0d5bd82343a64b814

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2875bf1c51844018d989bcd2ad0b5499

SHA1
59dfff3e0309b82d252385de868ce4bedab25248

SHA256
db8484b4bf0cb88fd675ef3dfab2c992c5bf6cb8a8650b0404763622d9168b04

SHA512
6b3b33747b9d410d708cb29dd05601b177af09217ae1659273f57924212d16910e97edd9bd4b4614bc38b6b7927d2219ba87f4ca0168c3b0dd6fa163e965ea31

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a6701d3391dd784eb1e1181825979f71

SHA1
cc0b7502e2eaa6d080c14d262bf40744b01a4deb

SHA256
514e8570f643aa27d978be97a63e1fb68182e7c7af597a56b8b5ee852cf104b7

SHA512
65d2e3b0b1bd7811db06f24226c4c94ee3df47ed098cef931865d83b5788e2fdd361ab5b3e67fafdf5e1c7150f9fc6850372484f2e9404134c6ba4b46fc83461

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fe384fb7db4a51a628ec524161d17ecf

SHA1
bfc88d3c12dc0708cf247d10eb1138bc23366722

SHA256
bf769d3ab1c58238d2348d41846e14717f752ca2880b4946658c3893ae025e1e

SHA512
6fb15d765e6fcf0f9c054e65d9b2a8ad1a0440d3fcc955b4760babacbcb1ed9321420a22384a88f78b1f6ba2aeb87159c565f4dd8b121e7d64682a96808d290f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ba95981b8b878c24f0a096dc31014794

SHA1
86c8edf5f15f8533de96682b62c052fde7fdf14e

SHA256
2416b39b38f45046023a71a19e156316d8b7489d488d5fbe466ab07819bcc2d6

SHA512
027c82b2dfd479030b35df99849b096c6084d5521f2588e6462b14b8797afd51382ccaeb73260c971f110711deac0269997ede15e4da97ecf678217ef89dc8c6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9782ec1ef3153054570a990b84a87ffc

SHA1
8ef9a5c09231de6b2ad49b1022cb9b6d14102ac3

SHA256
1c37556360b0c2846c41ab6cd9e79a2b21b1644143c3e32f01ea0f8773efcd6f

SHA512
c1e3047ca3892bb665c1abd9c5ff19d9b65ff20885c6109cbce40b2e135053cada26791afd68833b6cd1d368a02bf9562bb9e43cb9ed696eaf9c16fd986d729e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
26f76265ad861c3db1ba37fd3b1f27c7

SHA1
03390d5dc84a00d311e5efb2173fb0b3a0622342

SHA256
69005f206cfc47d22950a02577ea38467d0aeed51b2430b1bfad74ae83723a22

SHA512
975016482f0c71e21c5f8c1a52c822c35c901bcba32de63ed036f0a7fe9152dedcbed1ce95a0b10aacfd48dad9a09c2880fa30609c93b88c67c453d0395df140

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
50f3a67d35116070b13051c23b2012ac

SHA1
93bf4f38d59d55652da4a37990715da543ea3d84

SHA256
dc1a2e6389af516ed244bf5ece35609c0ef93b293d98013c499e03502b761e08

SHA512
41a58be68a5bd0a8c3b0f52cc101dd1871c133b93360f746083d83d4dedc95de12813e509728baa8074e9b3fe1e1968130408f31259144e43dce2065dc6a9193

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a0559c1b935754a66ec3945bab1a3837

SHA1
9fb2fee44b69dc644933e7336ba623c3105c5e42

SHA256
dc7611689f3faa887e743f48c50b2e9aebca1443db1a9bb1534bda9741a6dcb6

SHA512
b45f53bbeec64845e69fae49def81b1ff00844d9cbd513137f0ccdecbb8dd89e5ab42f3eaaf378760b6a498ef622fc97652967b6260ebe8b9c150df83ca3550c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
11e7177f41a6f5d5eedac35ac44f74c8

SHA1
205257a5469229bc700e16f453d88d84821a2f0d

SHA256
ca00538b122a3718207d619c60f8318dd27e50d522d9b923f74acdf996b0b62a

SHA512
f5e5e38941a1399dd43801166cec2c159c6b9bafcb345364ebb32aa6594c9bd5c2256ea0040d7e63187d754d201bf9081d3ce7982f00adc039ce80db31501e03

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab71E7.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar71EA.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads