dcacfcf53c8ccb10edff0852d750fef02695884b407bc3596746af9df358bdde

Analysis

max time kernel
140s
max time network
142s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
11-09-2024 13:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

da665f559abd4989a80995dd6dda129a_JaffaCakes118.exe
Size

71KB
MD5

da665f559abd4989a80995dd6dda129a
SHA1

4b19ea54e57b8902585624d137c10273a339cdec
SHA256

dcacfcf53c8ccb10edff0852d750fef02695884b407bc3596746af9df358bdde
SHA512

2cf3d6f31bd52f1f3dec4c84cee64497839fca8ec4b21f8bdd5419ed355edd70402f054a6ba361110c249a11284fc6f2ffa4103ed3dd93bada24b00b025a5994
SSDEEP

1536:WBej95nI6HSpc+UIqnEixqOLaJ5bODOHC:7LnI6RoqnxqRjUOHC

Score

8^/10

discovery persistence

Malware Config

Signatures

Sets service image path in registry 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\systeminfo\ImagePath = "\\??\\C:\\windows\\system32\\drivers\\systeminfo.sys"	regedit.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Microsoft Genuine Advantage = "C:\\Users\\Admin\\AppData\\Roaming\\MicrosoftValidate.exe"	reg.exe

Drops file in System32 directory 1 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\skank.dll	cmd.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 8 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	da665f559abd4989a80995dd6dda129a_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regedit.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	reg.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	reg.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E39334B1-703D-11EF-A817-DAEE53C76889} = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a0612eb84a04db01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "432221528"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e337bacba951544a9a832c52e69bfb0000000000020000000000106600000001000020000000439c9210787e8b3043cdab064fd920835a24ba6afe84b4e052b4a9f23167a693000000000e80000000020000200000002d54f64311e96b7de3f3e68c8818ac8d8ed0020abf92ff9cafe2527e562788b920000000d4494cac8cc525d31e0fb1ad8d39a88557f20818c11a39811ec06999d29f59a6400000009133af4026e40f83f5be016987d92cd86168eade13df16a9a2b3454c59e9957f035e58fdfbeec52006684eba5295edff88c2fa98581a606795a2e7e74c4f6d3f	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e337bacba951544a9a832c52e69bfb000000000002000000000010660000000100002000000023e98d6c5f62b8901c70cc6f52fa41e1a1029a947fd45d04723596d52a4c2b21000000000e80000000020000200000000da48514455ea072678b69558ac946de5f2c9d4be0e71d5be8c79061dcf9d27e90000000092afd4fd21868937d9f9359edf651edfeba4c57335e2e3ec2139bc4d4643b90bf751393673ca9285158c36f86cded93aeea3db2129f9b419423af23ce74ab3051009c08aca46213dd0294496184fa0b15e10325abd6d07eb8513a61e2f0624cba568d8ff76a9479abd59ec0493f585c214e6fce0e5a60ba747357ba234100e7194c9566d08ba2788437437cc5d4134c4000000084bf79c575a07b1f047b1f97923918e71e995c5417a9e7e981eaf7d3fe14a08d3def3406b1d89a2b86aeb2737f5ebf3652dfc29bc92a600c1ed425cd3d73c1d7	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE

Runs .reg file with regedit 1 IoCs

pid	Process
2736	regedit.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2884	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2884	iexplore.exe
2884	iexplore.exe
2864	IEXPLORE.EXE
2864	IEXPLORE.EXE
2864	IEXPLORE.EXE
2864	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 32 IoCs

description	pid	Process	procid_target
PID 2904 wrote to memory of 2376	2904	da665f559abd4989a80995dd6dda129a_JaffaCakes118.exe	29
PID 2904 wrote to memory of 2376	2904	da665f559abd4989a80995dd6dda129a_JaffaCakes118.exe	29
PID 2904 wrote to memory of 2376	2904	da665f559abd4989a80995dd6dda129a_JaffaCakes118.exe	29
PID 2904 wrote to memory of 2376	2904	da665f559abd4989a80995dd6dda129a_JaffaCakes118.exe	29
PID 2376 wrote to memory of 2736	2376	cmd.exe	31
PID 2376 wrote to memory of 2736	2376	cmd.exe	31
PID 2376 wrote to memory of 2736	2376	cmd.exe	31
PID 2376 wrote to memory of 2736	2376	cmd.exe	31
PID 2376 wrote to memory of 2820	2376	cmd.exe	32
PID 2376 wrote to memory of 2820	2376	cmd.exe	32
PID 2376 wrote to memory of 2820	2376	cmd.exe	32
PID 2376 wrote to memory of 2820	2376	cmd.exe	32
PID 2376 wrote to memory of 2836	2376	cmd.exe	33
PID 2376 wrote to memory of 2836	2376	cmd.exe	33
PID 2376 wrote to memory of 2836	2376	cmd.exe	33
PID 2376 wrote to memory of 2836	2376	cmd.exe	33
PID 2376 wrote to memory of 2840	2376	cmd.exe	34
PID 2376 wrote to memory of 2840	2376	cmd.exe	34
PID 2376 wrote to memory of 2840	2376	cmd.exe	34
PID 2376 wrote to memory of 2840	2376	cmd.exe	34
PID 2376 wrote to memory of 2844	2376	cmd.exe	35
PID 2376 wrote to memory of 2844	2376	cmd.exe	35
PID 2376 wrote to memory of 2844	2376	cmd.exe	35
PID 2376 wrote to memory of 2844	2376	cmd.exe	35
PID 2376 wrote to memory of 2884	2376	cmd.exe	36
PID 2376 wrote to memory of 2884	2376	cmd.exe	36
PID 2376 wrote to memory of 2884	2376	cmd.exe	36
PID 2376 wrote to memory of 2884	2376	cmd.exe	36
PID 2884 wrote to memory of 2864	2884	iexplore.exe	37
PID 2884 wrote to memory of 2864	2884	iexplore.exe	37
PID 2884 wrote to memory of 2864	2884	iexplore.exe	37
PID 2884 wrote to memory of 2864	2884	iexplore.exe	37

C:\Users\Admin\AppData\Local\Temp\da665f559abd4989a80995dd6dda129a_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\da665f559abd4989a80995dd6dda129a_JaffaCakes118.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2904
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c C:\Users\Admin\AppData\Local\Temp\a97171.bat "C:\Users\Admin\AppData\Local\Temp\da665f559abd4989a80995dd6dda129a_JaffaCakes118.exe"
  2⤵
  - Drops file in System32 directory
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:2376
- - C:\Windows\SysWOW64\regedit.exe
    C:\Windows\regedit.exe /s C:\Users\Admin\AppData\Local\Temp\984.reg
    3⤵
    - Sets service image path in registry
    - System Location Discovery: System Language Discovery
    - Runs .reg file with regedit
    PID:2736
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /S /D /c" echo y"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2820
- - C:\Windows\SysWOW64\reg.exe
    C:\Windows\system32\reg.exe add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "Microsoft Genuine Advantage" /t REG_SZ /d "C:\Users\Admin\AppData\Roaming\MicrosoftValidate.exe"
    3⤵
    - Adds Run key to start application
    - System Location Discovery: System Language Discovery
    PID:2836
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /S /D /c" echo y"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2840
- - C:\Windows\SysWOW64\reg.exe
    C:\Windows\system32\reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\systemRestore" /v DisableSR /t REG_DWORD /d 0x00000001 /f
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2844
- - C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" "http://exibir.flagradas.com/"
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2884
  - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2884 CREDAT:275457 /prefetch:2
      4⤵
      System Location Discovery: System Language Discovery
      Modifies Internet Explorer settings
      Suspicious use of SetWindowsHookEx
      PID:2864

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b882ef4d79bdb1b3922db1f2b77ea4e1

SHA1
432f2da5e0fe5e39c5a08b6aea56841b84effd7d

SHA256
7091fca5c993ea3ddff8be48d12f0a6070371a392875810fc2ff550e4d442344

SHA512
838ec6a7b53af1c5a0366d49ff5a72a1d31c1d351ee3b75998729615a778eaab2a8ba26036d0f58c3b5a3df1c75817e45852dc580f57f41651d88fb1da6646c3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
438e6dbda2732dd26f03fb1779d17cab

SHA1
3722d2f48294162a0af694a63aedafc614ece370

SHA256
e8d9f091ffc73bf318c1161cb2bc1be3328cc2d45a66ec7dc4e38daf218d1302

SHA512
5499016bfb4bfd4a84645921f8efb70c7c62f278b62b00c52cfeffa54486d566f0a3187922d4f2b30ddf55120bc93eb33bc732e0bd036ae7cd574c69a2dd839b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c6a0ad280140bb749c16d0c350eb188c

SHA1
da247c32c30927c2269b08f7edff6655ac45dbdd

SHA256
f024c6b1bc8ef44c54f4e1bfa6ab68a37fe3e59f4d1212c6e6fd8d2f41fefff0

SHA512
9ecbb330525f5389ff18535f11c2a3b0b8f165e0f25a3837f281f917328e48ff798cae232fba8ade7ac6a8acdee6c3d022a9acadd2d6d2d653a30652851163ad

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4b9792be1d42d8985dd7c38ef1ae1557

SHA1
0b2e075927aa4760998d5c71e8b62de02b7a3ddb

SHA256
a380e1aedeb7065a0377bb9bec5bfafb40bfd661be8056f31b4256635c2df6d8

SHA512
2d8040b2da848d95adb989924af8e9b8625314e50c94a81d39e420942933b398e3fef46909b130be003fe97a314d7197f8825203936743655752120a5181f0d7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
636e0f6821b70c200f7d4f2c3a352235

SHA1
667a6590b384155867b0c4acbf9d70e69d267188

SHA256
8d3effd210ec0d5acd93bc7237e2c5c23fd6f3d5eed406dfbb3bd1bee18ba1ec

SHA512
e4e62e36d3c20fbc7e8a437f6fec00039a23873b30c738ec59994413725a76bb5872a24a6c97de457ec5017e49d347198d400db30dd133f64d13433e3727efea

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7d9d78e514deb2e6ad8a0296cda17c2f

SHA1
0f5561f633adced9b9cd9c7362e45b336cc35a56

SHA256
9dec14af35b846b9e45e810c921eb44f3a10fd6ae34469d9f15a2eaa438673a4

SHA512
2d3ece236f57fb0f7eade8c36125f167c953ee4753314fd785bf4f9b6666589d18b1af3d9733df00561c807cbcbac40b17517ba09eba5cad186ecff24d491fc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ca0316c73ed0d485ff2fc7bf5965e435

SHA1
e83b8f50ee4b47c7ed66b2e08e3ec476367edaa3

SHA256
efe703d17fcfc94f65dec4148e7fae8aab0fb0afab66ee7d48720fa71aa01eb6

SHA512
7d056810495336863b0a36b0da6e757ae4936461538bbe147481940b4d40bdaaffd6326d0497fb0fcaaac9ff95becabe1a033cee71977e5ddd3e9eee5501f8b6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c7b7409248f46225bb1aca9c20dfb66a

SHA1
80e94a8d787d885a0b6965dfd69a6bdfcd458ecb

SHA256
e41635b1a1578cfdc875350b0704a6cfa5079829fcd8890d6d972a16c517dc48

SHA512
ef6444fa3f00c499942bb7eaf9b673e0d11f2a00cb689232cbc7a5ef93b7b3d660e8da9c20f7a572e299e8fd3bd7e20b969240aa004447b990328727a2ebefe5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
73b471316ecf7c95ab6e6297055bf5b5

SHA1
b970fb7dfc8f9fc4e31482e98926d356fae52695

SHA256
58e2c66d9c4a2e16f34718fe7321064d28302e0c329edca8890437a85579d05d

SHA512
50ed00f201a538e28046aabd945f71e8d96aed5df2dd2009271734a7bbd1d9abcb0f37f48666c495a7de23622e47680ed9a068454802acfed93968b1d222832a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
569fda0bba018df74221073a7d0ab13a

SHA1
977a4cbb79e30a89e02a2cb8aa1203f989368078

SHA256
4066abe32344613a7ccd8727b26ef3dcf370bda1ae98da8fff20ed4a8a17b46b

SHA512
1416a1586dbfa8ad84f723ef13ef9d545884acc9eda1cd34f5bc30dc0a933d5dfdb94a94dfcac4e11c774177926ce4af5669bd68c5e7a90d5f336f17da338273

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c7f92a3b2f97b4c86acce7197bb38e90

SHA1
6d64f8533ba51fe5afef098139e1cdc882c85bd3

SHA256
e52e0f441e88886004b3b2c1ff080a4c8cde5863e4b90661115f2d7d3062cbd5

SHA512
76bc643ed952031f43b100a601637644c937ce141eac9d37e4ca38214da4e0c7b40255cdc2728ac6b4160628951d3e8cffbaa8bc2446785942fae303537415f8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
18b4bffeab8563dbd4befc7d52e068f4

SHA1
27ef600e1b1ca1bf772b9b9af57c769190914952

SHA256
59071eee19199b22d06cad7723274c6223445326da2feb6f3640ffe76e269b1f

SHA512
ab1039cf51e20fd6b9327e0bdbd944f5d5499e17fac2915ca388f42abe73dcd24816779bde5dd87c66273275723ca318ba0af456fb7f2d6eabbcec238cdaae77

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5d1c83bfb4bdb59b1117cd0b6146afd6

SHA1
f7ef39184bf3e480eda9d701742e8c4f8da1721e

SHA256
0eb71b5b80e7c7fbccdc8492af77c6773647314622743a231017b96777f7871a

SHA512
688efcbbe377556cf0cd0b270ab2909deae9b03439819cc2b78e18f02a92e423a430d5b39323d6329abba71e2f34a153db22c69a1d4d78c1424609ccd81aefa1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
00b6ca2971e47b995514fad1f42075be

SHA1
1939043e99a1240d24aad910fcbf98bfbdbb5e6c

SHA256
fe22c227babbd495105749bee46ea0212d037b74c75e59afc33a5759d94b37ce

SHA512
1a7d910ec25359691868b13224f65a9e46ad0ea4a0b12fade374430a1d5dbad155f3f0d3d71b43bf628ab1da4e100149bc235c161104c7495d858edb3bd81132

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7fa543824442b4ddd348204ff80bd5cd

SHA1
9a9c723dd71b701ec0b4e9e9c9cdb80c1644520a

SHA256
2efcbbdbff7af382d22cd6f4531bb22d920373c44168ce66b39230558399b6e3

SHA512
a909697f02e7dc37a093f57bf084f2fa1d7ab801490812b302c3b0ff26588e0a976f4afe65bef8ee81d78e4e4fb586d89f8f1f79e0bd3ea59a300f2e2b628d91

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bf5aeb553d82b057eb9781d21c9cf830

SHA1
bab880788464e676ffe6ffb07ba3adb4d623c0d9

SHA256
4f68739274690d35438ea156507efe5952f59b5482a6abed617b2554339ba5eb

SHA512
2c0c68413563b4473f79a76aaad323f81018bf2708e1d1aa10e4506039075d037f5270a939ff6728f3630e8004c7b9b2e3438d34dd21c2f9e64246b8a1f18bab

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f1936775df70ffc6ee4c424b0b267c8e

SHA1
29895ea901cb6d55d1741e6b5885e412c16d9228

SHA256
bcf618926a4b0b75d5fabc5f9f8a505a020f184b29437a2f41941600f4d3e9b2

SHA512
30ee4ec2fdfa5179ac8894d1535bd6109a938ba4166f2c55d31d5e274da8d3b02f346475dfd542ba9ef38b9c2b16823651abd45cd644be6d70478b14ae440f02

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
22d27e18ca7e26b659efcb4cb469faac

SHA1
4b869c3350aa6e2de67261a823eb96cc09dc02ae

SHA256
f2cbf632fbad7466b4b292e493547eebf67743efd41e5b38c9d73c85e556d3fd

SHA512
cf6f979c4e038225a1b1217c1aa88479fd1f401081b0b1395e100dbd655112d604445ab38b9bbcecc7e98d91ffccdcca3b6d19b9278057edcee942edcb7f4876

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c2396267ba76f10b396bec78be9d5194

SHA1
2b6756ceb4de7ecb64cf6c86de3a9f47c7d0aec1

SHA256
da5f6253669d5fbec75ea4aedd7826dd83481c6031f6d925678d1450ac22b4cb

SHA512
a080d55beb9c898a32113b7baa490e37d0f57603cccfef955e0d23b1e6b385196141d513389cb58e5c68304131b79cf5e39db4ec92691ba436b116b68ef342f7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
380ada80e7a4b3a0d9cb37e83613f076

SHA1
3cba063a69e7eda0d0c38ce58ba5895f2ea80340

SHA256
716c69647957ce223e23741f25e15ecea0d15d2c352d06a9401f57a644dd2f32

SHA512
b857e448d9cbfa0bca5adabf05c0fa6fec75c11f2ce2ae3ebe514ff0f4583c6761ccb0a5719ea6297ccaf9559f72ebceb53182b0b9d356517e4afd96de768184

Download Submit
C:\Users\Admin\AppData\Local\Temp\984.reg

Filesize
2KB

MD5
cc111e6e1a7900af3474b6f9e50fbe40

SHA1
b3d744183d24b6ec34b54e96939fc3261c20f86c

SHA256
920d5540ac5fc921e8516557305a34b96e54d6455ecffd8509f460c10f8bcbbb

SHA512
ec4c3cd4622cbd89d7a4a5b2939d600bf9b2f6a0eff5a38814ba223251c1ee54c8fa8dd04664e8d170eb2c74938794d8d856d7d55700577cc9b33c3d7d7bdcb1

Download Submit
C:\Users\Admin\AppData\Local\Temp\984.reg

Filesize
181B

MD5
9d6a89a0e8909362709eda9cc61276dd

SHA1
83d744703a3b6f982749918180bdc946e5d82f00

SHA256
2094f95a488eb1e3a1a87463e26dc401d7164f6f4c07aec05c4be2bbbd025d4c

SHA512
32466ec4f00a965602aedc7c2cba953ffc68757a3ab5e6e7a965027882e609d23fd3a301db0ad94d456a4cacaea02271afadb495795935e89aa823e4ccd24bec

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabA9CA.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarAA78.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Users\Admin\AppData\Local\Temp\a97171.bat

Filesize
8KB

MD5
6cecb0267a0de523981ae80c652d19d7

SHA1
0e7dbce5c778fc6a2cc45ca74fdf3bb7d2d9b806

SHA256
56e20093bdaf961edcb9eb281ea1e730f6ac4d1e4d7f9409ad1b6150cdf16ca3

SHA512
441b7bc8ffefba3961637d78c27d5d6dd19c189030af844ad1c2d19d212ddf516049a7cae3dabf68b655e46a7ae968f3f3927cc0c62e325e389103e0d97fa8a6

Download Submit
memory/2904-63-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads