e091b855ca4b3df0b8d5b385d9c4499ce59ff93d107015d442f5092cd114df93

Analysis

max time kernel
134s
max time network
131s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
11/09/2024, 15:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

daaaffa5d44e24b759ba8b5fb71311e3_JaffaCakes118.exe
Size

1.1MB
MD5

daaaffa5d44e24b759ba8b5fb71311e3
SHA1

74679ebac9718cf30b34bb1017090932c5e616c9
SHA256

e091b855ca4b3df0b8d5b385d9c4499ce59ff93d107015d442f5092cd114df93
SHA512

c93863f056868779b6cfd9be1dd2ee3487d95737c642ddea0f3e6a9d509cde17c6bde7fbdba36ecf1cc0dc8bdaa476001f1d082ce83f8d4c254983e8c11d18b0
SSDEEP

12288:nsM+aTA3c+FK1vrlVYBVignBtZnfVq4cz1i5pP9kPQSL:sV4W8hqBYgnBLfVqx1Wjk/L

Score

7^/10

discovery

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2648	cmd.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	daaaffa5d44e24b759ba8b5fb71311e3_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	PING.EXE

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 2 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
3068	PING.EXE
2648	cmd.exe

Modifies Internet Explorer settings 1 TTPs 44 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "432230887"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000078a0cc6b0b830b4fbbc12dd3fac6f5420000000002000000000010660000000100002000000064d19e85f8473708f106fe7fb74d27fc0295f2dd844b283267c14236792eba6a000000000e800000000200002000000040881c3f5b46cc5106a2dcdbd22a8d4baf6c5ad97d860648b10eb138a1db941a2000000074d97bd6a57c468f6dfaa3481186eddde576b6465ac5ef827997ea392694bd484000000041c49bab692bd2e3755e810282392f453c9c01e85181b3b101163f9257b3a0ec4176792a52149a1291afd6209d4c4d05790de4298da595b36bb66cc7eb1c6c15	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\DOMStorage\hwatchingnewsonline.com\NumberOfSubdomains = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\SearchScopes	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 505af2996004db01	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\SearchScopes\{E8E9EC3D-8DC4-446C-977D-C4C4B56962E1}\DisplayName = "Search"	daaaffa5d44e24b759ba8b5fb71311e3_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\DOMStorage\hwatchingnewsonline.com	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000078a0cc6b0b830b4fbbc12dd3fac6f5420000000002000000000010660000000100002000000084ade17b821e91987fdc366a3cd44b0c63a66724b39ddf601664706edd152f48000000000e8000000002000020000000127c6adfd36f60419b36910f2a5f4a30b03982839847648e6db95630a5c43d1e900000007ea183aca00c1840ab70db089ae7e942dbf40680cf299a55d9ea47bf9e019672e217228f4ed9a701661152222834e8d482a798b046366e901be5cd7e2d188aa610204428f5943dc246511054ba72db2ec5862bd099795ddacf8802e9e45336f0ab3df4356db2b1370eb1e0951e3f3f7174cb8bef724bb06a70c617ab474c24c25dbd7b680e018c3657188fface9a2cca400000007c5f600583041ecdea7082f46ae9bbd96ebf662698376c80665dc288885621b3a19fbf1b5cab4fd1d5503a0e5ea29a57d3e36afc63568061b34663536493ef2b	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\SearchScopes\{E8E9EC3D-8DC4-446C-977D-C4C4B56962E1}\SuggestionsURL = "https://ie.search.yahoo.com/os?appid=ie8&command={searchTerms}"	daaaffa5d44e24b759ba8b5fb71311e3_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\SearchScopes\{E8E9EC3D-8DC4-446C-977D-C4C4B56962E1}	daaaffa5d44e24b759ba8b5fb71311e3_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\	daaaffa5d44e24b759ba8b5fb71311e3_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\InternetRegistry	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Toolbar	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Zoom	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\LowRegistry	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\PageSetup	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\SearchScopes\{E8E9EC3D-8DC4-446C-977D-C4C4B56962E1}\URL = "http://search.hwatchingnewsonline.com/s?source=GoogleDisplay_v1-bb8&uid=c7c422ca-0a3a-4c1a-b8e5-32acca49253c&uc=20180117&ap=appfocus154&i_id=news__1.30&query={searchTerms}"	daaaffa5d44e24b759ba8b5fb71311e3_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\DOMStorage	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\IntelliForms	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{AEF7F181-7053-11EF-AAC7-FE6EB537C9A6} = "0"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	IEXPLORE.EXE

Modifies Internet Explorer start page 1 TTPs 1 IoCs

stealer

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\Start Page = "http://search.hwatchingnewsonline.com/?source=GoogleDisplay_v1-bb8&uid=c7c422ca-0a3a-4c1a-b8e5-32acca49253c&uc=20180117&ap=appfocus154&i_id=news__1.30"	daaaffa5d44e24b759ba8b5fb71311e3_JaffaCakes118.exe

Runs ping.exe 1 TTPs 1 IoCs

Remote System Discovery

T1018

pid	Process
3068	PING.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2764	IEXPLORE.EXE

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2764	IEXPLORE.EXE
2764	IEXPLORE.EXE
2732	IEXPLORE.EXE
2732	IEXPLORE.EXE
2732	IEXPLORE.EXE
2732	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 16 IoCs

description	pid	Process	procid_target
PID 2012 wrote to memory of 2764	2012	daaaffa5d44e24b759ba8b5fb71311e3_JaffaCakes118.exe	30
PID 2012 wrote to memory of 2764	2012	daaaffa5d44e24b759ba8b5fb71311e3_JaffaCakes118.exe	30
PID 2012 wrote to memory of 2764	2012	daaaffa5d44e24b759ba8b5fb71311e3_JaffaCakes118.exe	30
PID 2012 wrote to memory of 2764	2012	daaaffa5d44e24b759ba8b5fb71311e3_JaffaCakes118.exe	30
PID 2764 wrote to memory of 2732	2764	IEXPLORE.EXE	31
PID 2764 wrote to memory of 2732	2764	IEXPLORE.EXE	31
PID 2764 wrote to memory of 2732	2764	IEXPLORE.EXE	31
PID 2764 wrote to memory of 2732	2764	IEXPLORE.EXE	31
PID 2012 wrote to memory of 2648	2012	daaaffa5d44e24b759ba8b5fb71311e3_JaffaCakes118.exe	33
PID 2012 wrote to memory of 2648	2012	daaaffa5d44e24b759ba8b5fb71311e3_JaffaCakes118.exe	33
PID 2012 wrote to memory of 2648	2012	daaaffa5d44e24b759ba8b5fb71311e3_JaffaCakes118.exe	33
PID 2012 wrote to memory of 2648	2012	daaaffa5d44e24b759ba8b5fb71311e3_JaffaCakes118.exe	33
PID 2648 wrote to memory of 3068	2648	cmd.exe	35
PID 2648 wrote to memory of 3068	2648	cmd.exe	35
PID 2648 wrote to memory of 3068	2648	cmd.exe	35
PID 2648 wrote to memory of 3068	2648	cmd.exe	35

C:\Users\Admin\AppData\Local\Temp\daaaffa5d44e24b759ba8b5fb71311e3_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\daaaffa5d44e24b759ba8b5fb71311e3_JaffaCakes118.exe"
1⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Modifies Internet Explorer start page
- Suspicious use of WriteProcessMemory
PID:2012
- C:\Program Files\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://search.hwatchingnewsonline.com/?source=GoogleDisplay_v1-bb8&uid=c7c422ca-0a3a-4c1a-b8e5-32acca49253c&uc=20180117&ap=appfocus154&i_id=news__1.30
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2764
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2764 CREDAT:275457 /prefetch:2
    3⤵
    - System Location Discovery: System Language Discovery
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:2732
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\system32\cmd.exe" /c FOR /L %V IN (1,1,10) DO del /F "C:\Users\Admin\AppData\Local\Temp\daaaffa5d44e24b759ba8b5fb71311e3_JaffaCakes118.exe" >> NUL & PING 1.1.1.1 -n 1 -w 1000 > NUL & IF NOT EXIST "C:\Users\Admin\AppData\Local\Temp\daaaffa5d44e24b759ba8b5fb71311e3_JaffaCakes118.exe" EXIT
  2⤵
  - Deletes itself
  - System Location Discovery: System Language Discovery
  - System Network Configuration Discovery: Internet Connection Discovery
  - Suspicious use of WriteProcessMemory
  PID:2648
- - C:\Windows\SysWOW64\PING.EXE
    PING 1.1.1.1 -n 1 -w 1000
    3⤵
    - System Location Discovery: System Language Discovery
    - System Network Configuration Discovery: Internet Connection Discovery
    - Runs ping.exe
    PID:3068

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

Remote System Discovery

T1018

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

Filesize
1KB

MD5
55540a230bdab55187a841cfe1aa1545

SHA1
363e4734f757bdeb89868efe94907774a327695e

SHA256
d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

SHA512
c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

Filesize
230B

MD5
37a84e7895cbac13a4aab382308ba57a

SHA1
09d9139a133fc99b66d8208432e27c9329520661

SHA256
e12cb6fec94006624f60d5d908e13a2ccd4fc3f7bf68cede4d71ba391c35e212

SHA512
435496ac83aa4fcac77be049582c2291fa646ff090063a6b62297e6150163684cb237551b3b53b30351ce2c0865e94574c73c6774d5295ffbcdc94fe13d9b242

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a6d0e9e8b648f26dd9832f92048056f9

SHA1
e970a71a3036e03539969353c024ace8e2c7185e

SHA256
f57121716713a81c0c40fac94b4d3f5c99b29d2b4107351969357b65f7ca67b2

SHA512
1463ea38fa6518734c6dec32fecdde4dab41d00b9aac36cdb39c59965071d5cfb9163c9db4759d5189ce158489597a2a723c9bb652296a1ea646064e1552a357

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9913bddd5f99968c36def1c1a906e470

SHA1
50e34ab43447849b279107267b08eb5611c72369

SHA256
5411bd4ec465b4dba814c795a007d885370ea0b158a29b80f8b576737feba799

SHA512
50b78a740c49017b943f27221c9babfd76abf5e6e0c12ddac07fc4beb766dec5ac0af187fd6c9f156c0be47967c4ccc3b304df43f9a2660b04b917d35d3a00a7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1eea1e63ef86d85af58c88cd11d6b1c7

SHA1
f5bf12e9029558dd18d9e9c1d670a3d3b25525fc

SHA256
026cee80a79765db69f26fa51861e2094e97e07087df987be3febdfe48b6644d

SHA512
9ed8473201c4394cc56101517787a5f68938e4fdb066e6d758c69f09cba60a0aa715ae1bb2dda8158579348c7b449b4a66e04602330ff199f3f33c14a50de15a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c2cff3edf7a64aa0bff0c4eaec0d18c8

SHA1
2193a1afc4458a0211088926e86853f00a1c4ee2

SHA256
102b07280df77348525a8b1dcd6559744088c10f6faaa3287de19d8d61b45a90

SHA512
9a7a00d93874b2624ec0c6bdce54a22383bf53b55860ad321d1dce30a141e75536909c710811471109d7c6e4b0d8de16c4eec88a63e2ffb029786c4a2371ca39

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
10e4920954c1d57999477a63408c97ae

SHA1
1fa1bfe9389dfad7a1a91457f87145930716977d

SHA256
c0186c7a62acad1a0acff09328f43707a214aba0c5c047233bb25cc71dd06b25

SHA512
1b4c8b8b32466c23fe74f2936f735277bb7f09bee740dd097b1d346ae4369e84e3a0c56e726ca17b6394d836a1d093a2bf116de6911435724e917e964d11fefe

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9fb84eb3300c166c6399762d4fd0e085

SHA1
7788a6b20d4602aff87ab858ed8c6a3f4516daa4

SHA256
53cc597c625a9b23e1c2523ab5fa8a8cf72a8ccab53b1760a5e2193c523aee41

SHA512
eee39e959ecddfb98fa65a935d645b413e1a3d81d83f115c56ab13526e3dd9483f8fc6aec1dcdecac7be79a244d4e1a0a36ee4f1150a7f12911688b318d98bd0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0551f98011f33eac6dc2561e0583da8c

SHA1
c4cb632ad06bad95e75f04441a9c6da39037e32d

SHA256
03d529fe434f9a62af4551907bad76bab4872f1f1d513b97b0a6b032867fffec

SHA512
94fae10275d8d455f6c0ea38103ee36a8c3750b32e267a96c7f6bcc9acecc61c62b5e5f749ca3bec13b35adc46fceef5aca4f81889a4a34ea1c8b97bf77fc2b2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
abeffb334ae7b656a31079182aab7927

SHA1
0e112927f89cd4021eb55fca82b7d617e33c3505

SHA256
20fe13d07df5881196f71e5b5e9b1fe20e05fbffc899a57d8f9c92f7e21516f7

SHA512
8371d0dcefbd6ba087f401bc7db7c124af8013b144dd86589ba388b5dcb907db9d848775257d54a0842ed8751ad7b59fbf97319276e1c3a86e4ab4d94d845670

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
be3f62fa87231560b3dd1209fbcabae6

SHA1
d51c4eb95c69fcbdd3c2cade5fde6b59b486ce79

SHA256
e3d3e15d0ceb6fcc10bd0995637caf1323f3309a7623704f713c3bc86f5e5232

SHA512
fb0a64f2b7bd8aeb25c80a340b685893e3aa5ce65d6b4de6211f7e170602d2bc99e9748b2c740197aef2b498165cfc2f0e7f96cdb4a2176d58ee30cf1fa346b1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c68d1c760331ed6e4ff499a279f8a2f4

SHA1
63b34eced0e7503fb0329ac15ecbbb9dcce37fb8

SHA256
08366d62f0c8a95e8018f2ffe1def540ab783010afe2fdd30cb1ee69832d3031

SHA512
4961ed08751745e3b530bae780ada7615dee0bbfcc55a02b9b02d8296c898027c556643a128d183b3d789932b5a9f1c131ea4b7660684e1f76887207122bf985

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
dd7f984e8c63b8d355806905018ab570

SHA1
1d19111e495a8dc1f19f07f37d3e38d73f262dd2

SHA256
9447fe8f662e74794ec3161723f76a3336df83d30212bc99ae7c5706f70810d2

SHA512
3794a5eb2e1bd56ae03f710364bd8dafc08d773d23e55bd4028fb3d1ed591dc414d5d5ab7038908a4dd6b5e9de98e29d0426c93aac416e9fb4da50e9c0a60f85

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
73f298051ca8924df657777a57779d45

SHA1
6e35141ada239da1f73055b23cffd25e409c92e7

SHA256
81a0645ff3d1933e79aaade0414f159877b06268d32687026fa681af36f06c58

SHA512
e94c5dffffb60da7615755894b7b777fb1664d034955dbd0e109c14e5688e910d258499498ac1f4d46ac0d1eb34c00ba5a820aae48bcb1eefbc28613cfb3ba47

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d11acb17b64663fe04e8961a3b96a27c

SHA1
0bfa2d4b5f0b34dd68f22b648d9e906562c1ad47

SHA256
a14e5fc2835e8171b7868cac4fa974e2884de3287fa13b1df435b5b352dfcf87

SHA512
18b7a191d0c140a0e39371948974e3c855c2ed9aa931f0362983cf8dcf9c598351c7a9bc22be7bb9d146a089b2992c5b9890ef1811605aa7198d852f8ac4f398

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
875e2b017dd5605ecf3eb4aeb7451610

SHA1
aa7ecb894b9c1152be7993f01fdb2f5ef0c552b5

SHA256
e4aff71dfeb525aa953527066d35416bdb90b86005cf8b731eb674aafbee6a94

SHA512
ea24c59742203f0c2575fed18fbd8d8f8f4bc608771adbdc78f76c36d1bbe49d1e51550f2f00fe60929dfea48f3b5eb87ce5d65fb4b6d0af29c556c5eebd2a05

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
db0fd798057bc7a85c0c68172436b51d

SHA1
0d24ef4b8a309bde76fbe6881566ddaca62fcba6

SHA256
49a38f2fe30d77465624edfc7d598619639979870f18fe13fc03594526d251a3

SHA512
8213babbec476db7b7a32fad3cfa8d89f97c01a12924199f94cd0602be66b0e9a9bcedae75e3b1a1a4dd32f44b6f4b8d099a5c6c20c1c976aea2bdcb3b377890

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9d976925dfb588c0f6f65a3dd8d3d66b

SHA1
ad4cb28e358e9ffd097f2840600c1318483f043f

SHA256
1f5e3aaca2dded1696b0a7c4a506f67b24d6d77e0f76ae715abb6cd397689bd4

SHA512
abbc0c76650c446fa47f26583ef77a7b7b503fac1a7775c3692c441c4d74c5bf27cad9e25441f243cfc2220e3b4a0756dd3937a03a08daef73400e6e498eace7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
80f5afdb2bae48b741a2582667c59d78

SHA1
23453af557d27a0cffb9c7c7098b034fb079acf7

SHA256
4828cbdb3fe091e72b8ab776bee528167487b34d469959577ac8cc710152f0f1

SHA512
cf91d343ca853599f7060edbf615a7b96cbfe748fb89074f2124ddb58b5ec296d59e32c6b8e3bc66a6d3f49c86f64d9d00e7bd6722d71911c79ecd5e66660e27

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6025fb6ea6199f54528d90f6945a7b66

SHA1
89c0726987450dfc2890e5675c0876f7afcfb0aa

SHA256
802afb167ae969dc054cbbb6168b2551b0f52f942ac99cd4444a27cfbe8a0b35

SHA512
8adbe20d2695ddebd2c7e6f7cbea8e5a26f61f784415e8570310f0385e96ef117321c06e93f980e4364b29fe239a0a7a2810895ef2d82ec64c778c6939ebab57

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bc9dd6d2b0278204966e609ae2b8b518

SHA1
41e424c2bb1118a5221aed9541d036b6283d841a

SHA256
ab39b2684dcab7d0dce475244deaab20cf9256bd0d3bf3f1f8a8f6fcec97614f

SHA512
cb7611c8a1377eca799329e8ed0b90d9968b707683ae1c598dcb8edfe3d3b4ba40c73edb1c286fc7fb8d330527cdeac55ab610850e98173116ce204255aff84a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6da5bd5ec3f20b32c6af41cd21a3c078

SHA1
4078ec5c50ee35fde96960320387550e812ee6ef

SHA256
df80371154afa22d45a4c9c459131b7dd874b26f3f07bbc1dcda9584eee4b81f

SHA512
b2b3db640233771ed4082cc143c757cceda52ce1074e96208c510867b6d57782d1bea685c25a73de9880de3304f5b029e9e2563190fe7c3786e1daee752c4150

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ccb1b8663b48897efdf9999b61006636

SHA1
8aa351c8e261b31453f45b52ae30ff582db1a4fe

SHA256
1c8fae3bdbe3a6570fb98102fef21d0f63a84158c2c89890257dde2b98c159c5

SHA512
bdcade7729c00ca40f2d65106d914652382b806c8fbfe31d1a8d3affb272b557a774fad67abc48fc27946a754d3d6bc69a6c0846b25638f9f7f4e7ec5ca2491b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ec63b495b73f2aa584975d7e1412e400

SHA1
b2152de89a0d7383fbd02a410a87d8fc97916273

SHA256
4d23d3e6abc6a25ba715cf2428a9133beb807054b35ebccbfd96b934cf036d34

SHA512
d6b4373a6a8369ec21d467d49497764fb4eff7510f7c1e8a6ea47082ba64a34eebb6b4937f8b26eb89f7e27c14e37adc8f55590c461c6ed186415efc2f9335e4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
918dfee7ad00ff652d304fc48de908f3

SHA1
9c61e85b4b3cb69098b073aee5b1b4594b9b80b7

SHA256
27dc674b6960e2a34e2920b65ae0fcea54389e74708dfbb7bcd6906ab1048760

SHA512
5f8ad75a56ba4129024b71a1318aa23df84a9443aff3d5562aeb7d9181d5cbb9cf2aacf65eb9e19d9b86e26cdf83dfa26440f3fa6655172c276ba49906604d87

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3e2c8b0d09883381f9cd2af75fc0bef6

SHA1
c9f57fd467c226723a3542f985ff53e9588308c9

SHA256
69383672914b5b903e693d88501b4b4f07acbc078ff5b2ae5dd81f302d2fccdc

SHA512
9249689e1ba92ab934ac78db1c2244e49fe14e46cad534900c824aef23535e76c7dde5a568b360d5b09e053f64e727db33699c7c39f63c6a6939143bd9c46a7b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
903f37b2dcd14c1404aaeb0770fb505f

SHA1
cd1ba1261bf15c9609619df814c4ea91150ca412

SHA256
f91a221d368d76a13ab920c08881c557fbcbc97f056db6ac6a201ac05b2e8379

SHA512
43ac106faee04f5f17035bf518ea84572573b0ba0d854c415c40bfaba0a27b3fbfb7011579a46bd7cfbe9bea76f334c939fac45a895af317e41911ff421f0663

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
88a89f060a4cccd48a8939a294019c6e

SHA1
77bff45277b289a14ee6b4ad8cc0db7725b4a3b3

SHA256
3d86c9b8e2282ed5c45ae5e2b5040a8d1d664ceab015f6e973e7a5f1e72b1f96

SHA512
44e946247689edc31b377252b61a265acffce509826d605959d6b12f3e37ba6c077c6283ea7bfc9c1b101f2201fc0fcfe1e6969b1de40d910ebbb1f4c88e344b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8d2cc24d9a3863aad945a685f1c638a7

SHA1
1f05727d5b5642bf4a13822986f0e3b837de78d9

SHA256
737b1d8cd4c9d3cef7f3b8733dcb0b1e6fb30984ea670e808d0f74404dd0e048

SHA512
c07beb4f24c0a3a2ac2b503421029b1532c98b9a0a05eae3a067ccf5c1f1f7cde9ee48afcc86d984668ffad46412bda312235b829969cab3e9595294eab53732

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9ad53bfe8ea0720ba849a821fd3cdb28

SHA1
201ef58d21f5c1c5e1ee47ba6ecb394f8174c1c7

SHA256
d85100361536598ccd5163181df610bdc9f8136e192a56c55ee5ad842694c1d3

SHA512
afbda8feba848159a77c5a1103cccfb100c9376e85d8e3cae6f4862abe2c63f282a02800fc72d19189bd721a01764c5fcba68844c55c9205727b8e9868aa26b5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e60a2ed04e58beff1e66fcb5c12cec9a

SHA1
c9d486e81250b330def0a01b36241586a0468c31

SHA256
7357d238b45d31e69bff610fff8973ac536a1cb8a3b10c05b5fabbfe54a028f7

SHA512
5fbdf77de0b508ec36d3a79ada9c07c360dc54949924873bfa867b826c04b2bc3fe4ebd5126c67822f5757652fabada304df7a294904ab6d38930b7c56ed9484

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\bl977i7\imagestore.dat

Filesize
110KB

MD5
58a957daa978dc6345661741fcc7b02f

SHA1
9c3dc97d5ac9f1c8af4588f697eb9a23a54b864c

SHA256
cf03dbd6ae0c5f50c98b855a1a42df575f1e73f45df25cd54ea8f751486406c9

SHA512
f77aaa63f45bd3c5a8168a24433762249ee0ae5bba595c124516d8dc98817416e277b0677ee532f5390c259182b583230f70fa75bd92e158d735421b5f5c9d93

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QS2MOPHD\favicon[2].ico

Filesize
109KB

MD5
504432c83a7a355782213f5aa620b13f

SHA1
faba34469d9f116310c066caf098ecf9441147f1

SHA256
df4276e18285a076a1a8060047fbb08e1066db2b9180863ec14a055a0c8e33f1

SHA512
314bb976aea202324fcb2769fdd12711501423170d4c19cd9e45a1d12ccb20e5d288bb19e2d9e8fd876916e799839d0bd51df9955d40a0ca07a2b47c2dbefa9c

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabB50F.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarB531.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads