ffa40311160948225c47164e2cf88390ae06c33523562b0f462b78496bf26c1e

Analysis

max time kernel
144s
max time network
144s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
11-09-2024 22:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

db5bd72dae2c7eb8d3343a38c717e9cd_JaffaCakes118.exe
Size

10KB
MD5

db5bd72dae2c7eb8d3343a38c717e9cd
SHA1

4877368a753bb81ff811514c4b3bea26434822d9
SHA256

ffa40311160948225c47164e2cf88390ae06c33523562b0f462b78496bf26c1e
SHA512

56af1fa52d18642332026cffbca8875da09f22cce898a17de4e8a65b32718c9606942f97a99ce3dc0ca8c64529728079d95d534707dfcc3f24e810f4c02b559d
SSDEEP

192:AviDQM7FFmfkcjTyCmV+Yh/4QAKYiNcrS1a3BQznhB9Yi1oyn:AbfyCmV+G6UN8S1awCi1

Score

5^/10

discovery

Malware Config

Signatures

Drops autorun.inf file 1 TTPs 1 IoCs

Malware can abuse Windows Autorun to spread further via attached volumes.

Replication Through Removable Media

T1091

description	ioc	Process
File opened for modification	D:\autorun.inf	db5bd72dae2c7eb8d3343a38c717e9cd_JaffaCakes118.exe

Drops file in Windows directory 2 IoCs

description	ioc	Process
File created	C:\WINDOWS\SMSS.exe	db5bd72dae2c7eb8d3343a38c717e9cd_JaffaCakes118.exe
File opened for modification	C:\WINDOWS\SMSS.exe	db5bd72dae2c7eb8d3343a38c717e9cd_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	db5bd72dae2c7eb8d3343a38c717e9cd_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 28 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\IntelliForms	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\InternetRegistry	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\PageSetup	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\SearchScopes	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Toolbar	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "2029151048"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Zoom	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{A6889101-C5D8-11D6-B5D7-4625F4E6DDF6} = "0"	IEXPLORE.EXE

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeSystemtimePrivilege	1716	db5bd72dae2c7eb8d3343a38c717e9cd_JaffaCakes118.exe
Token: SeSystemtimePrivilege	1716	db5bd72dae2c7eb8d3343a38c717e9cd_JaffaCakes118.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2616	IEXPLORE.EXE

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2616	IEXPLORE.EXE
2616	IEXPLORE.EXE
2708	IEXPLORE.EXE
2708	IEXPLORE.EXE
2708	IEXPLORE.EXE
2708	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 1716 wrote to memory of 2616	1716	db5bd72dae2c7eb8d3343a38c717e9cd_JaffaCakes118.exe	30
PID 1716 wrote to memory of 2616	1716	db5bd72dae2c7eb8d3343a38c717e9cd_JaffaCakes118.exe	30
PID 1716 wrote to memory of 2616	1716	db5bd72dae2c7eb8d3343a38c717e9cd_JaffaCakes118.exe	30
PID 1716 wrote to memory of 2616	1716	db5bd72dae2c7eb8d3343a38c717e9cd_JaffaCakes118.exe	30
PID 2616 wrote to memory of 2708	2616	IEXPLORE.EXE	31
PID 2616 wrote to memory of 2708	2616	IEXPLORE.EXE	31
PID 2616 wrote to memory of 2708	2616	IEXPLORE.EXE	31
PID 2616 wrote to memory of 2708	2616	IEXPLORE.EXE	31
PID 1716 wrote to memory of 2616	1716	db5bd72dae2c7eb8d3343a38c717e9cd_JaffaCakes118.exe	30

C:\Users\Admin\AppData\Local\Temp\db5bd72dae2c7eb8d3343a38c717e9cd_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\db5bd72dae2c7eb8d3343a38c717e9cd_JaffaCakes118.exe"
1⤵
- Drops autorun.inf file
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1716
- C:\program files\Internet Explorer\IEXPLORE.EXE
  "C:\program files\Internet Explorer\IEXPLORE.EXE"
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2616
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2616 CREDAT:275457 /prefetch:2
    3⤵
    - System Location Discovery: System Language Discovery
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:2708

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Replication Through Removable Media

T1091

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Replication Through Removable Media

T1091

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
eb2e51ad8f7781c7b558e66df686064d

SHA1
27ef945668718f9905d0b00764c81b0ad22aa3b9

SHA256
ff89820204a8049c421ccf452de8e2b4a1707b281919e92a4525244264529f57

SHA512
63ce7a7e6e7477de316306a7435c162b174b0352033c3bdd93fc1499eded5b0c0ba180cccb4491d8091316f8a4fdaa702e0a50ef3a2513ed1fc995ee096d250b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c6ecf997224f13702744aafd0d3486f6

SHA1
bf250cc1846a2d5695c1f97e76db42ac188f1ff8

SHA256
9db6c78e7672d78b19d4551177e99819c0692d34061ccfad2e37595b36446f00

SHA512
d34dd5a54314390fb3e188815b2d259c45c3d4fa9975e4308dabbdb33d082551af8e71936d3d268ce27d0066f9668e7bd8ca50ecf8b89f762ccdf3f6f949614d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fe95ee29e4d21b0b29a3cca038173a48

SHA1
34c3133c63369c556124d72fb931a609cf21dcdc

SHA256
8a610515797da2e91423a053552a0546b2a1b489eecfbdbad8bb4cf82018aa61

SHA512
4ff509349cf215fdf2e30f5ccdbc0fd12ab70488f758ee172f0bfc5b36d222d6ebcb14903e5448150269fd3c38c71213cc37ea2a7d65ecfe24addc2053c5d2d8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
980c4528e086e28b2e43202d04d19e91

SHA1
87c4cd357587783e2eea7906fc651a334884fcbc

SHA256
3518bb2cebc8b3c67a65339601889c6104a91ff336c2e1fe733ea2b35ba949ae

SHA512
7a8df125066165424000df4962c2f4bbe9b75420f7ac3ace380fd69c22f60e752911965bd0f42c259ab6a0cb3d853914b31278f9e79c63b2b938ef369f801ce7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a40221dc92eb9521bf8f1c045456b5e8

SHA1
96971b2742f096970a17fa3dcd47ef3ed730c163

SHA256
ef1a4c10f93f741b7d5a4e11148016eb558eda7c1dbfa73fd83091ca1b88fbd7

SHA512
0d9798348a84e4aef511a51a9a5fdf3cb0373f374f31f58588e2ff3751915fd6136e6dc4f6eb7ff9cc7d9933785096603765bccdb43d41508196a5fc558654d2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
82391017e978a866f394f872f08c82c2

SHA1
a99603f04dedb9b73c7ce2e73fa883f224bd8db2

SHA256
e821a9bcf594725b9c15e6cb730eb458f82e4057f3da7a33eb9e7f78a0242060

SHA512
7911fcc9814fa028e2fbddd0858adfa05dd96ccecaf4ef27da7396ce465d5d8019c3ecd0c7f7345ff0e062c55fe38754239c490bd9b4cde9b3981a12e6806eb2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
43ef06c10303e613529bfab1d0250b37

SHA1
5c3779bd1ef136038e0880206517e4545abbb18b

SHA256
ee0ef559bdc0c2f577e3c62feb800da130ee5025ba8c03f434bf0b60a6b01628

SHA512
77ba03a3e03f68c85fa2395e37a354a070dc1b8dae1920e77a408a8b03c768102bd35952421becbcb955e28a367b095284d9f3c6b38f515fbd8ee829365fba63

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6960fdcafdc81d30a9404aaf03c19274

SHA1
eaec2dee697b3a784d33e602081e121cefae2df0

SHA256
450d29e4dc5f751b4c3af675e4e7a49b4dec0798b11b500cceac55addf20734c

SHA512
1574c6ef5b95d7f4738f675f9bd8d935ce65ddd3cdc8a58dc68d00bd3c31e92289c35597744584b552edc3f28a2350b675f9e87f60a2837bcd0a14da0a609b0b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8d013194b2d5fc1d21d641b8f60f805b

SHA1
bd53a128e9d0b88126a9173583db1677fa4f870e

SHA256
3e1c0cc9c167077a4046b8b5ef1e2c77f083e0f3f126c794545da4d94aaf71d6

SHA512
3774fd246e72875eeeb13245662c4fc637b2cbb82925eebcc6948b1f1bb5697045dde5ca64bbde74fd950745086744664d41ef6eb190a28278fccd0ef1088df2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
99fdb9e6b872219f3726d7a04837bf69

SHA1
ed4df7ff21efc88a833f6bd42d8151b35062e70a

SHA256
67f787b283b12aa135f5bd8d26779559bd4799354efb2e532bd946621b0b139e

SHA512
5b8f8afe63430feea5e2ee696ac8ebb087932f2ef484057579b5ff9a3b3bed7ddbb49e5c7fba9fb35fef3c1038fe33e0f2f55b2e6a22b7aa3cfa9149bbfcefcb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3034934a16fb393b20573fb190865560

SHA1
ef94b5b4513cee81338b3866e4f212977aa083ed

SHA256
921d468b0ec32269a383180bdbca366253b2ed621b9cc48978c53fcc0eb94f3e

SHA512
d10d268ba9689232f56300674ce50f67b700ee2d27791c5c72ab5afb1515a5a44efdc0f5488fde76925097684c603f6abab8918c2be67f88a71ac7cba825b116

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
82f34c3d62394e0eb0633ff8a6af8b70

SHA1
f8ae1b27e2de297263f02ac5c090207ad34fb908

SHA256
cfe63c878d41c741e4b4d195e1ef02c3258d16ba7d2995355258bc0517b26525

SHA512
89caa597d1eb3a4d078f0e5947d2f6042abf55c867ef159cd6b0442d0e6e3a41653b91c0d02340251d399b17cc22832e163f783c1ec723432739991b28151f2b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d62efb88441de6dc0b75470d805306f4

SHA1
59be7f9cdfc06fc7952cf96e078767aef74515d0

SHA256
9ac8ab3d9819ddb545a6379bf1fab80012745fa852026ac7b354a3e489e1968b

SHA512
a55b97eba49045d85ba0c8097786f27598f99aa735cb3f4738b0e4864cd3aad269050ef5ee39a057a7bff94349a74afd61b164731aa985aa2a0aacc76ab2cb51

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
656a633c079d8c02fd8fa2a77f51723c

SHA1
00ad5b8e9498fc7255f00195c790773653a770fa

SHA256
f7b37104fe1be97b96ff22bedecc200cd691f9f78b98b89c8b022e7ddefc59a5

SHA512
eeb3f4b84e51be2cfc67edc19cf663ac33cd52a6b0a524945c4a80bcd4debfa97ae32b75e5659b3d7a54d05157f1b9d874e6c5798f1673d0b84dd60edb531091

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
29c37b2234a963f8af05e88795a3367e

SHA1
ecfcc26db8dbcd150835ad0cc618327c69f0b94e

SHA256
09ba955792e07b50772a9ac14b91c2d2e16978e76ff1eed30609c912b2d07950

SHA512
7dae843714a7176cc3bab648ac29a9518a1a6eb1902e8da32292ce042095e5cccfda66a3e2242a5d3be62f5412a3141661f554172a58e0a8c13f546b93e5702a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
dd8a2fd272b310b23962877890a5a6a6

SHA1
b73650915e97ec9728f89875d996532434c4dc47

SHA256
3d449c4a716a0821f8e4c3bc6b91e4564bd3b2e4db45747cb9dd55730218f29e

SHA512
304154f21e255e661869d75b6d25b3d8f5a0574fe7a68c45192fdea043720306e2c66d7bf8766fa624f900f57f9ab7c2c0f19f187ae9e68997fc1d9b7a4be8eb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f6faa21a371a72476afcfd6e6431ddda

SHA1
692fe7f75ec512c84cdd5c408ded5c9ffab572d2

SHA256
6f4a1bb5770e4aebd65497e2638e47a56a2d0e5a7a2e78d03272bb91c49ea16b

SHA512
9821c6f9a51ed58e6e01d2395f5481ca1039f3e44127fd3807e5e802d87759244092e8808712bf653561651e13edc4ee95b6b2bee6d5eb957ca4b9f2f6af9175

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
19cb0513142762f4b36d9cdc50128d8f

SHA1
95ad205e075a0503b175cfe6a451838287d862c8

SHA256
22879f7c39258f29323b8be8ce2a278820d9011673ed3674cb7b1351a96df86b

SHA512
cda4efb8933047ef9e326b4f6cbab74ecdaaef327ae8046f2131c2a10bf33f132a70064fd65864589cef91e3b903e952de39c4ade00948652407dd10be64e0ba

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c05b2886837925ab7c0999f1c978c693

SHA1
381ace86ad5233befb795087fbf3d41e581143c6

SHA256
c71efc329b3e0753db24413185232aab859c0accd35513202580fe8a0a0b48f8

SHA512
785f16c297376ee0b9635913fa0d14bb00484a01590a64119347599e4944a3ff5ed567ed5b83a855b00108d16dd4c024512bba9a8814f2ba742a7ccfbac1a176

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1aa94682b5b4ddcb83c2ee4b4e8ee3b4

SHA1
07c3243e926456a74fdaca7b02b748c375a7a925

SHA256
ad1e3d3edd18765069c88de21bae47b9f0679f7f760a90bcb9007d63b9a9d5f4

SHA512
2b7a4a216b14013cef0e1ce48b749c9b7c17ffd513ef459c2911d4ea8e825839811a59eb9e6316735220b50060acd5939b3f3c90bd40a92b10e0ff812436bfdc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d8bbd3940a355a4a9343e50ae20b0fa1

SHA1
612704757e75fe6d96141562d4b3b207be21a37f

SHA256
cbc43a1dd4b3dc6e93523d98f0a82e9543fff045c142a3dc34e1193c11e90b0f

SHA512
ff8f17682af4bc05adb526ea95bbdae5d7d488bda0cd244d1f104975935e4efdd09de95dc542d802d161a1ab5afc3cc78840dab366fb4c481c2732a192249b00

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
916b6121b2d5affce06b8b976e143286

SHA1
1cc7139c4d4dfea816aaebb073176bd862ed741c

SHA256
a824044f23882bf73dedab78255d06757d8b835eb0d29ff70249ba088c94646d

SHA512
834e403dff62a010d3c39afd73c8a1b711528f45dc330f5f06bb1c7be8ff5d4bdfbff5c7dd38e9393a820e6b632ea44a9174d1152c8eac773a2fa4f90152b70b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c58b195782513d3423938593c8c20bc3

SHA1
fef5b6ca67324a6043f28d70ba1fe4a8e3a93130

SHA256
3af356d65f8674ab6f1e17b52323bd45986085896eedd6987222ef3b582de26a

SHA512
026f7baaac66054402f5cf53647dd4338a8ef7929cf491f647fe16076f91a14937257b87f2637d4f8cdba82e43344cada558aa17e4d55d80ca216758cee4e6e0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ccb4621c8c2907c741e995206947b370

SHA1
f91800aa7687f72b48e6183906a1e684bcae7b45

SHA256
5dac88bb1467ea317c71ced01fb91ad9e2c51ed6e86594b64ac501182a98610b

SHA512
65d59a72257bcc86461caf8a5685cae4596a3d421d83867cc382d4fb4b41970044f4f39f0bd255a19c2b3f6bce072a8d8b4298b0a0b1f333d8d1fc3f9e4b28cc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
90793afcf9e44068a4ef72cd15fe5b90

SHA1
f02ac82678f7f339d327648b531dd44a612eb076

SHA256
0b5fab39ca69ec01edd084c4d98129832c78437c694da8abbbadd5046a6c1f75

SHA512
300f3268ab2f1579629b1d0b9d4ef9571bdf57f0756a928cb8974dc49921cfaac45badc722adaa146e9ba76471ff3b952120056b3c50fa32bc5b5628ab72f8d0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab7E94.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar7F53.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
memory/1716-0-0x0000000013150000-0x0000000013152000-memory.dmp

Filesize
8KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads