8d38ebca7475247cc6b07059a8370f432744a9c6581f0672eafe85000b235498

Analysis

max time kernel
150s
max time network
137s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
11/09/2024, 16:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

dabb3496ec5208dfb8793669d3a022e8_JaffaCakes118.exe
Size

1.1MB
MD5

dabb3496ec5208dfb8793669d3a022e8
SHA1

a1fec3f105f9245ea9e52af06fd0f06ad9567856
SHA256

8d38ebca7475247cc6b07059a8370f432744a9c6581f0672eafe85000b235498
SHA512

e3e660b1eb4177bd20669f7c7383476f20f5cfb4e7d44a69063ecaa6c4921d7ec3f4cd8b9821e17298a08028ad269e661a70e071b91b16f148d636c6a26f900a
SSDEEP

12288:2sM+aTA3c+FK1vrlVYBVignBtZnfVq4cz1i5pP9kPQbrk:NV4W8hqBYgnBLfVqx1WjkWQ

Score

7^/10

discovery

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2384	cmd.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	dabb3496ec5208dfb8793669d3a022e8_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	PING.EXE

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 2 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
2384	cmd.exe
2276	PING.EXE

Modifies Internet Explorer settings 1 TTPs 44 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\DOMStorage	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "432232973"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\IntelliForms	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\DOMStorage\searchgmfs1.com\NumberOfSubdomains = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\SearchScopes	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007b88b8645d6de74ab21efaf0de98379b00000000020000000000106600000001000020000000bc49f815c68c77ebdcac39a15378cfca490af8a8ec3719f1f2730460636f2bd6000000000e8000000002000020000000a72ad5abb789ab1bb984f6d8c3628d8644ff05b9a4592f7908245e615ed4ba139000000031b9868fa7c1b72772f47e85fd5afa83587885bb1fb0bf427ae2881611a880a0b6c591202ec94b3f01756371181700b8c0c17a758d8ac4e23bcedc00d228ac132dd1880c043012b1c3d85e95995a921cbb262b458ade10f43e2781ef87195dc8f6914eca4d2aae6bc095fbbe80d8cfdf2a2d40914a8f567b50fa314a4a135d87222325c87b82e3313a85a2b7598ffafa4000000072de4a3e79a4d7b23f53f06d6354823bf1d8d6588ed5c951ffbf34878beb6e3c33977bdfa930f958a7faae5238eeab563cfadce134890bc05037c278a24da6cc	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\LowRegistry	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Toolbar	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f017c47e6504db01	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\PageSetup	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Zoom	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{887FE9E1-7058-11EF-AF16-EA7747D117E6} = "0"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\DOMStorage\searchgmfs1.com	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\SearchScopes\{A90764C3-8DBA-4E42-9276-99E0015756BF}\SuggestionsURL = "https://ie.search.yahoo.com/os?appid=ie8&command={searchTerms}"	dabb3496ec5208dfb8793669d3a022e8_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\InternetRegistry	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007b88b8645d6de74ab21efaf0de98379b00000000020000000000106600000001000020000000ead47b50a0314a06356f9fef8ae499cf64458d1f29d1b7fc5f82964f933979ea000000000e80000000020000200000000c188c5615bcb1994a4ef47d09747748a87131fcb0918ad271d7095af93c7b54200000004078ecda033f89d875c96dcd4626e8168cfd8c96ce6fef3e93f391a52c26bd40400000002f642fa2477a5e47a326bf862d251f59cfcaf6226233589092650c06964f1f38d8f8705728e9f744e208bf2604a4ec12159fdfb0c3388a12ad02cb5c08db6f11	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\SearchScopes\{A90764C3-8DBA-4E42-9276-99E0015756BF}\URL = "http://search.searchgmfs1.com/s?uc=20180506&i_id=maps__1.30&uid=6c8305c7-e07c-428c-b1b5-154d991e0242&source=Bing-bb8&ap=appfocus29&query={searchTerms}"	dabb3496ec5208dfb8793669d3a022e8_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\	dabb3496ec5208dfb8793669d3a022e8_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\SearchScopes\{A90764C3-8DBA-4E42-9276-99E0015756BF}	dabb3496ec5208dfb8793669d3a022e8_JaffaCakes118.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\SearchScopes\{A90764C3-8DBA-4E42-9276-99E0015756BF}\DisplayName = "Search"	dabb3496ec5208dfb8793669d3a022e8_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	IEXPLORE.EXE

Modifies Internet Explorer start page 1 TTPs 1 IoCs

stealer

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\Start Page = "http://search.searchgmfs1.com/?uc=20180506&i_id=maps__1.30&uid=6c8305c7-e07c-428c-b1b5-154d991e0242&source=Bing-bb8&ap=appfocus29"	dabb3496ec5208dfb8793669d3a022e8_JaffaCakes118.exe

Runs ping.exe 1 TTPs 1 IoCs

Remote System Discovery

T1018

pid	Process
2276	PING.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2556	IEXPLORE.EXE

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2556	IEXPLORE.EXE
2556	IEXPLORE.EXE
2108	IEXPLORE.EXE
2108	IEXPLORE.EXE
2108	IEXPLORE.EXE
2108	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 16 IoCs

description	pid	Process	procid_target
PID 2768 wrote to memory of 2556	2768	dabb3496ec5208dfb8793669d3a022e8_JaffaCakes118.exe	30
PID 2768 wrote to memory of 2556	2768	dabb3496ec5208dfb8793669d3a022e8_JaffaCakes118.exe	30
PID 2768 wrote to memory of 2556	2768	dabb3496ec5208dfb8793669d3a022e8_JaffaCakes118.exe	30
PID 2768 wrote to memory of 2556	2768	dabb3496ec5208dfb8793669d3a022e8_JaffaCakes118.exe	30
PID 2556 wrote to memory of 2108	2556	IEXPLORE.EXE	31
PID 2556 wrote to memory of 2108	2556	IEXPLORE.EXE	31
PID 2556 wrote to memory of 2108	2556	IEXPLORE.EXE	31
PID 2556 wrote to memory of 2108	2556	IEXPLORE.EXE	31
PID 2768 wrote to memory of 2384	2768	dabb3496ec5208dfb8793669d3a022e8_JaffaCakes118.exe	33
PID 2768 wrote to memory of 2384	2768	dabb3496ec5208dfb8793669d3a022e8_JaffaCakes118.exe	33
PID 2768 wrote to memory of 2384	2768	dabb3496ec5208dfb8793669d3a022e8_JaffaCakes118.exe	33
PID 2768 wrote to memory of 2384	2768	dabb3496ec5208dfb8793669d3a022e8_JaffaCakes118.exe	33
PID 2384 wrote to memory of 2276	2384	cmd.exe	35
PID 2384 wrote to memory of 2276	2384	cmd.exe	35
PID 2384 wrote to memory of 2276	2384	cmd.exe	35
PID 2384 wrote to memory of 2276	2384	cmd.exe	35

C:\Users\Admin\AppData\Local\Temp\dabb3496ec5208dfb8793669d3a022e8_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\dabb3496ec5208dfb8793669d3a022e8_JaffaCakes118.exe"
1⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Modifies Internet Explorer start page
- Suspicious use of WriteProcessMemory
PID:2768
- C:\Program Files\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://search.searchgmfs1.com/?uc=20180506&i_id=maps__1.30&uid=6c8305c7-e07c-428c-b1b5-154d991e0242&source=Bing-bb8&ap=appfocus29
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2556
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2556 CREDAT:275457 /prefetch:2
    3⤵
    - System Location Discovery: System Language Discovery
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:2108
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\system32\cmd.exe" /c FOR /L %V IN (1,1,10) DO del /F "C:\Users\Admin\AppData\Local\Temp\dabb3496ec5208dfb8793669d3a022e8_JaffaCakes118.exe" >> NUL & PING 1.1.1.1 -n 1 -w 1000 > NUL & IF NOT EXIST "C:\Users\Admin\AppData\Local\Temp\dabb3496ec5208dfb8793669d3a022e8_JaffaCakes118.exe" EXIT
  2⤵
  - Deletes itself
  - System Location Discovery: System Language Discovery
  - System Network Configuration Discovery: Internet Connection Discovery
  - Suspicious use of WriteProcessMemory
  PID:2384
- - C:\Windows\SysWOW64\PING.EXE
    PING 1.1.1.1 -n 1 -w 1000
    3⤵
    - System Location Discovery: System Language Discovery
    - System Network Configuration Discovery: Internet Connection Discovery
    - Runs ping.exe
    PID:2276

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

Remote System Discovery

T1018

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
94f30bcb5ff92b4618606e6bb00ea744

SHA1
a2af8299d140fd5e59b3189947152d89181b69e1

SHA256
4fae48d79b9065ac092bc389694ebad82a1155443f684bf20f61d97f0f99f4b8

SHA512
61c189597ae1d1359ba324977042b9a82fe0bd1a118db514ba04f479e0dc8a92d886e5d78eb928e73c5c544ae967592a42393989efe090da4fb2da1a5feb8297

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8fb8242ce17a35b12901722a1b36cf8b

SHA1
751c9e8efac0934a54b46eaaf1bb3adf9c910f27

SHA256
b3cf07c4d0fafc6278c9685556abcab6df4b708098b7e07c1ee4a1f8ff7c78c2

SHA512
20ef4c2d669ec98d38f141e8f02f455666990d2289bee30246d40cc5d935386c7c8d2e7223bdc4a4a1536d91f779b711f01884650408b44bd70ba5a1ed4c859f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0793544abe1343355e3df926a66f5a6a

SHA1
abbf7e4d2e9992b503b7e015520cc63a0b42b7e6

SHA256
24c5b0c65cd467e2fda651c1b4d7507dcc32c9ca39c58502caf5a2c63b9bcaf4

SHA512
98e523df849b7755ca3e4ba5e8ee9fb007ea09dc14fc8e2533d70a34dbd3926073ce220969857e772569f54767ca8d1a9a04b58bda701e24cc7845c43250587e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ac7f0c24796d67457a756d3155f42af2

SHA1
2ef580feaea967bbfa151d9264e9550011f1acee

SHA256
95a0b0cb4109bf425923c9cd913c5f998d238c9abcba0548b605a0334ebf4e95

SHA512
d023c5773b529315a50a24c24a618b0675c4af55d1dd3c1917c1f50fef42480b175b31ce8784ca83d51fda0806a768c2a1403e79982be4e207fccf4e00673b18

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
dfaa7c9369421420cf932f10ece0cc4f

SHA1
bb338dfabdb1849937588142fc2a91dc3278f52e

SHA256
517da0668fadcc40bef01ef47c011abdeb6fed2613284b4b6f7ef9d4258730de

SHA512
614bd0ff0e88838776a971b9a3af38d5626d1f15695bc5fbbc1a414e6f999061aace08cc0e92812c58dccbe11185d1aa19eba0ad7b13c5e0d66e4c8a8fa1e57d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
271894b6ecdfe0e8718426ff954fca0a

SHA1
6f4dd6c401d257c5a258dee682e4c88c2c3415ea

SHA256
24f323ff0784629a96d640c72b85e9d2e6cd333c3a19a811c1f6b491695df63c

SHA512
d1778dbcc3b28cfc60f52c3c1e7b0c72d708d8feee1d9d7fc895b618b2dffc859bc5f65510f8bc66f56e3d6d59922d4a8cda7127032c858691dde522bfc37fc2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9cb92e0e97faa2a24834781414d2a53e

SHA1
9b380d7d111fb5c2c05beb58913531bf2d3a62e3

SHA256
42e587482adad673dddd5cb652414e51ad1ed0199b3fee55c4b83cdf2e0e7a59

SHA512
682da2a22c47356a1bb98d5ace8bde026fc621cff6f1c37e1307a8ca1222a66e2a5ce30cb4af0aa152303e04c6e01ed3e39c2896c118d0fe06b5741c15f57462

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f520cb66f8bea97a95f53e0368d9762c

SHA1
088f5e83467ab1299d23471971bd89d204e13bc1

SHA256
aebc731d87055dfeaa78176a11b3f1af7b3002453a93d92fa799b14ed91d013f

SHA512
9c3ed756a1c2633ab9b45ee0723650266c86d6af6fef8cd4513d2be7061149c28fd165e33e180f05ffcdb89b6cfabacec66c862943ec6a9f76b81db47899425d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
86deb90c3d230b7b027dc45c755d0d73

SHA1
b7eb7b8cc994196616c9ed5c7601df0530140933

SHA256
e53ce3a4ed64fd8938f207daad2e4e901f52c29e570b3da9b3a09942eb90e3d0

SHA512
58986290c7ac34332f0d8dc5b27c64eada9818bad8de645c4d4220a922dffc32b29b4dfe6f4bca15b05df0b6858396ebbc2b79dc10ac91b5b328d9d15843423c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e6891609f4fb7f8f88fb1c9f2c69826f

SHA1
c3141011e755dd411c436eff4c63bc79efeb6a58

SHA256
a7bf7d08a8e7e32d21e6a6f344177eaacbc2f975bc8db54e69afc310d48659b6

SHA512
c6768796f10e57bb928468ab69a2c075bbd3cbd125bbbffbfaf12bf722d3c35b8c06c1e0712f436f1cb1426346d86a08aa32a17a830e31eb665ea9773e22330e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a3352281dede75490a98cba319fa8486

SHA1
da049f33b361165d901b23abee1eaa53792086fa

SHA256
f2f1ddf6c5d49ecfacfff9253bc1b1c0b1b306d7eb3ac62206176619ec9d75c5

SHA512
6de6f77911b8f00f8f41c540f26b2a5fee474745c943b5ab6dfaaafb9786ec8556590940fa6c45e15fdc2ccba1ca4a2b8cde2a3d42ebe9e503c1b27e8053688b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a08cc68a0d4814cbc8dcf385311bde49

SHA1
79583e9880293f623c3bb11bfff5b8a0407a7fdb

SHA256
e5627d70d11b514f46a3e7896bb8ccf2cee428937f653d301ad53b62798c952e

SHA512
852eccfbf5380df8f7e025990c6387e4e65f25d3e4ffe1088bc32caa80a72a0660f078e03840d2f1b70d65c6eecc082c8cb84111612f8f07135976304c6cba27

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
89a6776889ed83b1159518408c98494d

SHA1
abae2cc767e00b3175980f3d8495e77c4d8eb4b8

SHA256
0cef18cca8f069cb8dcc1619e2cc9e94c823495ee3a07a5de155487155c7357d

SHA512
7d0750f9c5b5767f4bf608bb9f75c1564669cb6124154433c00139cc5e69afbf59de0110e1cc9160777810661be5f5d051be35bf04df67189e5b72abb230fcd3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6e53050dcec79075e00aadde0855f688

SHA1
50633773215146e49eb6905738a29d7f22692ae5

SHA256
298550e6b0d9e4af3c979fb757d7cf382bcd2bb7a6fb83be504ffe44934fdcb4

SHA512
0d8856f2b1081693e6a1892467859e40f83da65356571793d9273214fbb7b547692ee83188340bb880dba491047ffaefd64a920254591b2aa768ccbf812c7b86

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ea71f30f83f80100869da84f04639648

SHA1
ab7a5220283428c082cef0647736f2546072739a

SHA256
668db1c4f40144df78b57ac524f3629ca9039cf82ba4177d4260576f3e78699b

SHA512
e0e52ddd55910fcb27723b8495ad0274b1424998e2317d96fba32fd6aab8deb4f07fd301d2b88e26cd1c0564717e4c28510802909e14af88a0b891e0bb490f22

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e764d671c8cc42ba4676a96c17ca0dc9

SHA1
09d45060e663ab604eac214d103d2669bef00c43

SHA256
9f7f3f1846f99c3d2980ad414e3722cc14c2fe8311c47a25e6ab0d26b86d75d9

SHA512
2368e93bbb8130396a044a3ad816d08b46d54ad6598a81b11cd676326ed770302b8f699279f8c292a1bde5ad5cefef3b15e1676e52e2a546525d7408b0e80fb4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2541ff52c6fe8c6d6a2491bf0ca7b7aa

SHA1
4c316e23672b3c627f649d457849a3559f30a05c

SHA256
3fcc7d985ffd287aaf5c1ded4c4d502c6850943b04839426de01640215239b45

SHA512
3a5793b0ffad5f3973705852ec41f8c46206214413090904144e4c41b43b60637a7855206582666aae0c609b0a89a6ee40d8f493cab2f3edc65f617d1402e64a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1241495aeeed8c03a5965100f6e95aab

SHA1
1d04306d4285752e14b9dc02504dd3b9224ab6f5

SHA256
335e32ca933ce62aa83be92eb72d22bddc94132a2100e02cf0ec4315c759bc64

SHA512
1e78b6b6f3b4f102b5b5e06b32ae7faab027d6b15c6035b27a8eddf5d329b61521bb4f83ed0167df0bbdea9c6a80baa6907a2a35dda7a8c9c15b12cb385118cb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8c1528fd1bacf0e4745d3752d8265806

SHA1
e2cf58ee7465d5bd8158fdbe5b9da9c5f8cdf680

SHA256
f5a1240b95e778433c477648cf97cad314ae220452a94d8d0c97953313a05a95

SHA512
0525450ba30405801ac7614b04e949597f3fadaa6782433d5787e9d0a7319ee14a3055f03326cca773c20ed72919f14b3562d730ccd6c69677cc0a2991e099e1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d213f7d5b851b268ee6a7cc0417224a7

SHA1
0c3649ff512cddbe385441d651605be5b4f8222c

SHA256
9365394274b22bcf76fd191219661a75a4815a4f9fe40848fa870d39a57db885

SHA512
807c80c90afaa466fdcb18fc960310a92cc09ec3240be539e1d8b8a6e907d2490c1b07010a5f602ab5893016bc07dab00a855a2278a13eb440f2d3e978ebabe3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fac5516234764ab86c4752b841b59ab9

SHA1
b8f6259b8c0dde3d34c62eff48cdfc6765398a7a

SHA256
89fc9cf39f93ca0d2440bfb29507060fb66313b65779992569c9a6d5569c27c8

SHA512
ac61b5174592ec1853ff238f6b12027ace4ac922adf0a14992ce90b76962801622556e24c8092ea2ed0d99599eeb322e724c10c6a1ef38ca3ff3608fd8f37b36

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ce69a1e0b91fbd58f7cd613f8eced636

SHA1
2ffd49b6d57582c32d259df60923dc84e44df709

SHA256
e9f2fe82a31796e8fe7ba4ea91685095ded986490d9ff4180e556166d4b7f74a

SHA512
a239f7c92629578768a9d9b7f0375f1892979d70ca65a235572b7bfb9b72acc85f1ad4e59ddb210c2b7801e325d9fd1db79d44a2881db7a3991a10dd99625042

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2f77748c4bcc1713e60b4c0de838e9d0

SHA1
4a238125fbdb2c344c4742fd9e7e54d55bce958e

SHA256
3ab65bc317bbb5b2bd426e658ea39417f423098bea5b0320669da3e3f8a16af4

SHA512
7573dc8efde01749080dc3d5ea2604a679f4c9ba1d678723b42d850b664e8cd8b389089e5f30782ac8f3051e688fe5f4374044cd5a57beef1e775e327de835c1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
eaa6fa45dfdfd355d7f9d1d7841a4e6f

SHA1
9095b2214452711bf640b59411f00f944a2f957e

SHA256
5071954304a3cf18995a93386da3f26e97915c5bee3d442c9e2c73f90f66ae18

SHA512
4cee7a3bc7b5e7bdf2d8e8aefa38bfb24d1d31f2066134e7fec99df3564115561c812bfba3248c24a62eb530886db8733a5fa141149a9c70f77b4ff616e71aa0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
712ceb8b5fa347086edd3b32e9632c61

SHA1
d0000288fff814eb8e4a63a419e227fa74c9fe3a

SHA256
11be2937f78e0caa7109287974e64e863f8a2fd0f51f53da6f0cc3d5e98f4669

SHA512
c206b52528fbf661118d604dba60ebf7f641475e2d2d696041230e0b3e01eb7fb3ba91875044ffd133838b745f9ab40204a28da3561dbc5b2ee74e5271ee8d9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\lutsxto\imagestore.dat

Filesize
110KB

MD5
658a354239e45ef396d633f34fb53fe5

SHA1
24c531a7a2d6e8cdad3e9afd7c133652b14eaaff

SHA256
383ddde9ce13ea79fdf5baeca47ff036c9885b4143ae00ec4ab7d6ade4660554

SHA512
715dddb35c747e19c0d203d97eabb34d648c891117c463f3a77c3533e4159984ed3f9c8d081c7d8173362482ffa0979adc310bcdcdc5cff6fe1e42da2c287f00

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\56KJ964X\favicon[1].ico

Filesize
109KB

MD5
504432c83a7a355782213f5aa620b13f

SHA1
faba34469d9f116310c066caf098ecf9441147f1

SHA256
df4276e18285a076a1a8060047fbb08e1066db2b9180863ec14a055a0c8e33f1

SHA512
314bb976aea202324fcb2769fdd12711501423170d4c19cd9e45a1d12ccb20e5d288bb19e2d9e8fd876916e799839d0bd51df9955d40a0ca07a2b47c2dbefa9c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab395A.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar39EA.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads