9562b39553c8337e3793e13ad66aea877f0d07ca4016ff762a5fdfc79ae4fbc1

Analysis

max time kernel
149s
max time network
124s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
12/09/2024, 01:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

db910ee0692ee2dfd0622ca8ab05e051_JaffaCakes118.exe
Size

1.1MB
MD5

db910ee0692ee2dfd0622ca8ab05e051
SHA1

edbfd608707074a964d5af6dfd29d9c3d08562ac
SHA256

9562b39553c8337e3793e13ad66aea877f0d07ca4016ff762a5fdfc79ae4fbc1
SHA512

20b0def619d2ff1a83b6f5c275bc28f12176ffae7f9cdd276ddcc51b15cf6452d1c3a068a79970ceca4e9c8397bf3053ec8958342e713dda02bb695508c1c250
SSDEEP

12288:wsM+aTA3c+FK1vrlVYBVignBtZnfVq4cz1i5pP9kPQlF:LV4W8hqBYgnBLfVqx1WjksF

Score

7^/10

discovery

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
1596	cmd.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	PING.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	db910ee0692ee2dfd0622ca8ab05e051_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 2 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
1596	cmd.exe
1976	PING.EXE

Modifies Internet Explorer settings 1 TTPs 44 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\	db910ee0692ee2dfd0622ca8ab05e051_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Zoom	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{1C3B93E1-70A5-11EF-8BEB-4E219E925542} = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\SearchScopes\{560C7F94-73D9-406D-88EA-EBE3DBE3AF26}\SuggestionsURL = "https://ie.search.yahoo.com/os?appid=ie8&command={searchTerms}"	db910ee0692ee2dfd0622ca8ab05e051_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\SearchScopes\{560C7F94-73D9-406D-88EA-EBE3DBE3AF26}\URL = "http://search.searchffr.com/s?source=bing&uid=dee80d62-d56d-4de0-95b7-d4517fe8f853&uc=20180120&ap=appfocus63&i_id=recipes__1.30&query={searchTerms}"	db910ee0692ee2dfd0622ca8ab05e051_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DOMStorage	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004961a9603b5d8740891a04601e8b8fb9000000000200000000001066000000010000200000001c5a437a55c9bc5268eed4afdfc38354bfcb35bbfdeff7a77a194b946ee7e3b7000000000e800000000200002000000049e8a646762378ee981ead346547e71abce6c6c038fcbbdeaed246a3b8b4e29990000000b3b8f70c00c40ac2d8831fe0fbf3f7bab32d860dcaccad18e3430752544c631313651efb74489c4f1a1240f5a226b12afa4ba181d852fb5e6f3d30ae48f131392ba4801564afb16afb78893c8df371961bf47b645ee006fc65cb32a22c07f411a07f6dc9eabf1d27e580cd58fde02506fcac2332bfaf92cdb07b5737e85798cfb06f60fefc5eacf62cdbb01c298bf2ba400000003e963523839fa6875ba10a6b9d14a60b6338e2b961f0a8592ead3dc6e70bbce286d4b1c182df7f55685be6a4ec382d286b581a2a0cb1353bd5c05474a5d8d9a2	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\SearchScopes	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\SearchScopes\{560C7F94-73D9-406D-88EA-EBE3DBE3AF26}\DisplayName = "Search"	db910ee0692ee2dfd0622ca8ab05e051_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\IntelliForms	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Toolbar	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DOMStorage\searchffr.com	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\SearchScopes\{560C7F94-73D9-406D-88EA-EBE3DBE3AF26}	db910ee0692ee2dfd0622ca8ab05e051_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\InternetRegistry	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DOMStorage\searchffr.com\NumberOfSubdomains = "1"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "432265882"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\PageSetup	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004961a9603b5d8740891a04601e8b8fb900000000020000000000106600000001000020000000469d3d9e01a5e155dda19d0f340b2f232d84cac49ca4ccb16c13eb9eb754aa62000000000e8000000002000020000000ad09f4dfe967b187ad7463a91aff22efaaf55759d09267a23c7eb0df2d3e323f2000000014bacca2a0a90b80a49a4decf1f1c74cbc32b024074af3b9156c2c3b606ed70840000000a61bfff83c1e23a64422575fa6323a1259a5056ffe4a94e3f4f353b932e6148a1dd760dcc8d9c7c54563e9796ae831c6d65c059d4186d69f641d49ea55a53eba	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 30a36df4b104db01	IEXPLORE.EXE

Modifies Internet Explorer start page 1 TTPs 1 IoCs

stealer

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\Start Page = "http://search.searchffr.com/?source=bing&uid=dee80d62-d56d-4de0-95b7-d4517fe8f853&uc=20180120&ap=appfocus63&i_id=recipes__1.30"	db910ee0692ee2dfd0622ca8ab05e051_JaffaCakes118.exe

Runs ping.exe 1 TTPs 1 IoCs

Remote System Discovery

T1018

pid	Process
1976	PING.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2808	IEXPLORE.EXE

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2808	IEXPLORE.EXE
2808	IEXPLORE.EXE
2732	IEXPLORE.EXE
2732	IEXPLORE.EXE
2732	IEXPLORE.EXE
2732	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 16 IoCs

description	pid	Process	procid_target
PID 2252 wrote to memory of 2808	2252	db910ee0692ee2dfd0622ca8ab05e051_JaffaCakes118.exe	30
PID 2252 wrote to memory of 2808	2252	db910ee0692ee2dfd0622ca8ab05e051_JaffaCakes118.exe	30
PID 2252 wrote to memory of 2808	2252	db910ee0692ee2dfd0622ca8ab05e051_JaffaCakes118.exe	30
PID 2252 wrote to memory of 2808	2252	db910ee0692ee2dfd0622ca8ab05e051_JaffaCakes118.exe	30
PID 2808 wrote to memory of 2732	2808	IEXPLORE.EXE	31
PID 2808 wrote to memory of 2732	2808	IEXPLORE.EXE	31
PID 2808 wrote to memory of 2732	2808	IEXPLORE.EXE	31
PID 2808 wrote to memory of 2732	2808	IEXPLORE.EXE	31
PID 2252 wrote to memory of 1596	2252	db910ee0692ee2dfd0622ca8ab05e051_JaffaCakes118.exe	33
PID 2252 wrote to memory of 1596	2252	db910ee0692ee2dfd0622ca8ab05e051_JaffaCakes118.exe	33
PID 2252 wrote to memory of 1596	2252	db910ee0692ee2dfd0622ca8ab05e051_JaffaCakes118.exe	33
PID 2252 wrote to memory of 1596	2252	db910ee0692ee2dfd0622ca8ab05e051_JaffaCakes118.exe	33
PID 1596 wrote to memory of 1976	1596	cmd.exe	35
PID 1596 wrote to memory of 1976	1596	cmd.exe	35
PID 1596 wrote to memory of 1976	1596	cmd.exe	35
PID 1596 wrote to memory of 1976	1596	cmd.exe	35

C:\Users\Admin\AppData\Local\Temp\db910ee0692ee2dfd0622ca8ab05e051_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\db910ee0692ee2dfd0622ca8ab05e051_JaffaCakes118.exe"
1⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Modifies Internet Explorer start page
- Suspicious use of WriteProcessMemory
PID:2252
- C:\Program Files\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://search.searchffr.com/?source=bing&uid=dee80d62-d56d-4de0-95b7-d4517fe8f853&uc=20180120&ap=appfocus63&i_id=recipes__1.30
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2808
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2808 CREDAT:275457 /prefetch:2
    3⤵
    - System Location Discovery: System Language Discovery
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:2732
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\system32\cmd.exe" /c FOR /L %V IN (1,1,10) DO del /F "C:\Users\Admin\AppData\Local\Temp\db910ee0692ee2dfd0622ca8ab05e051_JaffaCakes118.exe" >> NUL & PING 1.1.1.1 -n 1 -w 1000 > NUL & IF NOT EXIST "C:\Users\Admin\AppData\Local\Temp\db910ee0692ee2dfd0622ca8ab05e051_JaffaCakes118.exe" EXIT
  2⤵
  - Deletes itself
  - System Location Discovery: System Language Discovery
  - System Network Configuration Discovery: Internet Connection Discovery
  - Suspicious use of WriteProcessMemory
  PID:1596
- - C:\Windows\SysWOW64\PING.EXE
    PING 1.1.1.1 -n 1 -w 1000
    3⤵
    - System Location Discovery: System Language Discovery
    - System Network Configuration Discovery: Internet Connection Discovery
    - Runs ping.exe
    PID:1976

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

Remote System Discovery

T1018

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

Filesize
1KB

MD5
55540a230bdab55187a841cfe1aa1545

SHA1
363e4734f757bdeb89868efe94907774a327695e

SHA256
d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

SHA512
c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62

Filesize
2KB

MD5
b4783f9e427d385fc809582d81fc14db

SHA1
f50d293d50e09658532475a410b3cca1974d9f86

SHA256
48afc4945215a8898cc4f54870e981ec04c6a716a225f610ee25744bc833f067

SHA512
c6231e20726cc19fb6a112de703e4d8e7ee7c07614395d129ede22a4a1d94df659fb8b2bf73a039ba41b2a7322ff53fd27fe9d910bc783c7c7fe6bb41514d773

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894

Filesize
1KB

MD5
0351aab57e804c53ad03da4042054ff3

SHA1
6e7af875c0517debabd4334d2ae2e9e29024bd82

SHA256
10e5088ee6632350873a6c857f5e6e55e7e314c6b48a203d4f04a674b408f186

SHA512
851de06829d92cf1375e9718feca0605395fb7c237abb2d7a710ee2346dc35655ced2351a8df72c593689e9ad76520a3508d303782e63136756826d1c44846c2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

Filesize
230B

MD5
5250b51a96823fa64a4cb9d8fc64a7b0

SHA1
546c335079d5b795eca56f74d721f9b62c2b8252

SHA256
154fc40dbf63b0057dae848668a091612c7ee0d7ccda07afe264e50b51e01eeb

SHA512
4acb9bb21e56d4fd957ae5cb702f458cb472020d00286a8a0b770e07e28b5e412d548b7e0354d6abe1de4272156745704edae4cd0edc04c58b7d2934a2223da4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\75CA58072B9926F763A91F0CC2798706_B5D3A17E5BEDD2EDA793611A0A74E1E8

Filesize
438B

MD5
a182e25dcf1c05ab5b3c895cb5e5b84f

SHA1
12215d1c54b80ab8233242b2deadaa7a23914d1f

SHA256
74353a698c2c3c9f50a77949fea080894fd9a08914033047af5006a37c3b702d

SHA512
d9278fe7b325110aef8ba76f1e53f68a0072be4a69e7d994fe3881e8ff99cdb1061ee3bb94f75d247d532bae316ead3b600193d59f1c3fde1c109f14d957e2f4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e5e0b02eec2a4623bae663e11b2c91b2

SHA1
6d861006ffd9952d1ef1550c716f8671202d21c0

SHA256
058960efdd7aadc3f98da7c0c15a957acd4706270d56e9de9b93ae641720badb

SHA512
dec316cf1f6fa8b665c52cec9d9c00c433a4ecfe3a4de25f28ce3040bd9d5168d70635de78bcfc07413a8173de4f5f0aebd4966912e9647d95c93781f2c26b54

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a2f765075a35c283e9c3856ab418ea5e

SHA1
578f18364c24cc6eb4fd44aad26a19f36846eee2

SHA256
32bffd7641bc8bbfe50bc39c2f3418e493acdbb8c852fc0e9858afaf5fe96416

SHA512
b36e1943b7885052bbbc7ff0816e134d82e05db5193b3c69d75b236f1a67c0f2cb9aaa6365ad7b58714aab4cf23cea67ebf425d73d5cfe997b0e9a0e748f4298

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fcd37b9ef05716902604776d951a195d

SHA1
fe1e480b51e64d49d53838ceeba29828e4d62969

SHA256
0293c0e8dea8ac02ef6a9edd847414afd48f4514e3031d64c58ccfb0a4d21183

SHA512
d249de70b69eb1c1248d02831e411abd61790157b6767fd952679dbcd31383196654fcf9011fc9a54ae1a7b3e0b0a1b47586757553fdbcb671c9ec0083eaffb6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d925e64c745b08bce2c5651ce9fdcd46

SHA1
68ca83a212e5a7f63edbb956fbf8a1e0da4d9670

SHA256
a8208273f3c19e78df2df91b66e24c301d5926066f33dee42489631bf04cf527

SHA512
5740c36de3e185553bf06bf9444b88bf4963d77ae4e417e54ce883d9378110f0a2a8bbb15f73f69a954c04b2f781cffec511aaa122bbd4e6fcd36deb23318b6e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
41cf28ac59258513d62403c6cba9c1c3

SHA1
0fb58e23ea7d8386c6cb9e5eb29501f308ebc9f6

SHA256
fc151d35b3e914737d81932184693491ad1f864e82eab14c20632d82c58ab7d1

SHA512
b93179aec9bc57a677a9bdb908ecc9ea175ca86b6efc79d0a23fc54ff5d8cddd7a004ce35a1fcfac38440646b6c6d65f8249b54c34154c019d0a9deae87a7654

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
196c271939dd5bffd62eb033a873c7dd

SHA1
da209bf5667f9d12a5e94820d42153492d44fe26

SHA256
39b7b39cac415b8bb229704e0c820b0b6d35d4f02d930a5aed47b49e5d4fd8ca

SHA512
54f0a178fb36f1c450361a3d178c684d25b888c12eb00defe0575464fa9baf64364058d8d0a02dfcbeb068baa8b796ecd50b2fd444bda7610e52a29f5e662747

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ec9a26d84c7ec8fa55644dacc21b5b12

SHA1
b146b152db1f05165f86ad1f7009b632918c35bc

SHA256
bd9d7e2ef9ddad22b745f30aa7f78a70ef88c275b4b1fe93c75c2b06e700481c

SHA512
1cd242c1cb542b67191449aa66e76a42543bdbb98c1acef9915235024ce38e8cbb4e763ad65e0444861b4298c877a0b9181fe41091e8d0028fb221a862344a0e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
385b4d25acb1e9c6760459dc88e55fa1

SHA1
85012ce3461205071a0da848e5621b80d84a9df8

SHA256
86102d59844a62f95310f75f719fcdd0795a9e40448682f949372bdda09aa580

SHA512
83bc8194c6d6d345012ed7feb605a99f3182d2ee83a034b4ddceae25bc1a8fc6da40897e93352f82fa57b4d3ce8f72bf722326e3d7a7987e65164f84ea8cf22a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ead70e4e9a09d30f94c2cf833399e17c

SHA1
6ce4fa5e33bb87ec2ec5119bd44d82827e34e852

SHA256
f9224a9541e44d5c25880aff4757612d0123843108ccc8d5301084274d9d9aed

SHA512
28cd47a1682312410521907b07e0db481a3b6da8a8db6c304874b3eed364473d46c4f4d36a0fcf0d061ffcabc88db7d701e1b299c88893f15271be3d6a3bc71c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bfea397a1843947ceb95cc517c46ca94

SHA1
d3a19a96fce2eb5f5dc255e66802b8b625298c1b

SHA256
3a0551f092314cd9223ed593088b2b6abd75296aa0d72eedb069c383d5f5d852

SHA512
4c6cf8ce046c2d186adaa0d7bb0f2281821935c9bb67f35ac766b68d904a6bc7e88032cf96d006dcf1a67d2ea3b432dc0ba6fe15b215a7f986ffa6cccbeed60c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3684de31f6be72334fc1393154551830

SHA1
e157d19ec6853829a87e8e6d36d45e965c10ed8d

SHA256
ab69c3274f7014d12fc170386df09913447f6d4465d99f677ba3149032a1f92b

SHA512
768cb8beaccba312fbc893033f40098dfdecab574fff2115649cb6b13c31e274b5adbeee9a76d13b8da809c223d473e647bd9e5825000ef66a3d97e5faa92252

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7ee5403b0630d1d9fa76477d0af95cf3

SHA1
2968b6724e1a974aab8ec34f6cd0dbdb40b0c5f1

SHA256
4d290fb714d4cbb0cea122a8f1ed043a99a8d38c659f833a24fbaee0c09aadb8

SHA512
e5225618c503f1e68151ca57fe00dd1b4e46ddec7f6300fd06314561dd9a8dcd2a1ddd38c2f39d1043be795225656dc214d3373783d1ee46ca92c7f7e2f74db9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c959f0002fc1a08587ca9d7befbf0b82

SHA1
ee2ad5643ee047d9af7f94048b0316049c20e790

SHA256
dc54b2ab87b17c6a7ef007eeb41500bbe3e7cf9dc6cf6b626b205f1181d30f12

SHA512
cab155de85c73489877f4d82b3d0b7656706982b359a8918c1cbbe25b646192724eb00bf2904bfe4db7e30fdfbf35d84da67c3b77b3494febf87149170790298

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
215d70a6d0cf8abb71520fb744cbda88

SHA1
87de3cc2fdfddcca9b6fc65113e7dd7f460e58ae

SHA256
031f550fcb63cd7bbc54abb76dc1ab394b2f7033c810662ebcda82528e559c01

SHA512
a785c715abf3cb24f03bacd81561b094b6b1815cf16c47efe9f98094c08bd7cf1bd35f55c0fb844c10829e96e14b03b548bd17fc2a018aa7d52c3f5e995fb163

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7bf8273aaf73219386c33abfa4e905f4

SHA1
3f9ffed34de135abecd1e0bee3f06691da90f3ef

SHA256
27b61e1d2ac33298a0c33cf0026620f2f15579c7e784d911e105a3d9328a5a91

SHA512
3b6577cb87db2add37a5b8de241a23403a583a21d90a89af69d800794fd4ec8ab5415b6025f5ccf400ce2ecbcd0b2c02d963632b2124aa09da7d10abd9c3f1fb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
727cc573edf825e214e538e85dd6cd51

SHA1
e6c3d2eda0239a8452783201a333c7c234591e26

SHA256
733c9d5ae1750e636f740f963f1773846b30fbdbf12f3ce2d999a47d65931161

SHA512
37789eae0a22e2de183413a0bf26d9c23f9a56b6d5486d1d95b355a7232f793995ecbfcacd211741c0f682418a20cd70283fe9797ea17de5f970eb8a0a615294

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e2a68de73fb66d88bc2086962752485e

SHA1
9ba8e8e4a09e035745b279bc3db864ed63843b31

SHA256
99cebfd860e52af8dee2f2dffa0f3608a9b3f79d87b097c47f0d9e081849a0f9

SHA512
0866b9aa0be64287031527d75eafab17a50f145ed31f0ee4bc74ae7397a6fe08a7af7c459d970a8cb57124439db764099734a440b27831052e38147eb557c580

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62

Filesize
458B

MD5
2282967b1c0b00b3fb2dfd790071298c

SHA1
030b4c81ae621432205a804bd09a82d7793098c3

SHA256
b630c66adea9596f5c9a76eab36655fab600c98b5e065a252436c6ea88020e2b

SHA512
1187d4ce828d26c13d2538b6f43134a8271d1f175cce0d3acf294cae066e44989f74a3e40f29514744096aeef165fb63689a482f2fbbaa4ff7402229aacb2ecc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894

Filesize
432B

MD5
2c64a2f0491000efa0648194b6f5f4a5

SHA1
50aaf12aa4077b0a1d97c1b36faea844624381c2

SHA256
db99a6767335ee1e4bdf87181f0082d56fd5374eb5894647a954abf82e3a67a5

SHA512
33ea4927993e4aefed3368329b2723616af9e7510f4ab6a7b9cbc3257d6ef151d68b71d0624cbfdaab63dce182394d61d8ce5c76350351440e96252fcac2f8ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\pzrzu69\imagestore.dat

Filesize
110KB

MD5
a1eb2be514754a66e388ae110ade935d

SHA1
b01d84599f878fe448ca434fd43743cdb2b7181e

SHA256
91ff6ffd529e55ffb5934528eb02b478a91290e7f889e7b39f4e4f347cdfc1fb

SHA512
39464f714d28594812537f38d921ec2ecf15ebc38d4958bd86eef5f4574761cf4078f35b59973d801dd51ad05cdf2f130277d944f0b5732e6ead025a934281e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BDDDRHWK\favicon[1].ico

Filesize
109KB

MD5
504432c83a7a355782213f5aa620b13f

SHA1
faba34469d9f116310c066caf098ecf9441147f1

SHA256
df4276e18285a076a1a8060047fbb08e1066db2b9180863ec14a055a0c8e33f1

SHA512
314bb976aea202324fcb2769fdd12711501423170d4c19cd9e45a1d12ccb20e5d288bb19e2d9e8fd876916e799839d0bd51df9955d40a0ca07a2b47c2dbefa9c

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabC9F5.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarCA08.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\3UGGPWSF.txt

Filesize
106B

MD5
4447ea2b4bd5c1667e230e8b898f4dc7

SHA1
d4b9703e29b60bf3894ea9023131543119b76f00

SHA256
028513d25036cf7bad5bdc190088217e6e1cea61549761cd223c0630797e70e8

SHA512
acf09710075e37a9f92337bf0f6974381a70c93d9b0dcf5b1d77cd363ca95713fe8c8c2237f7368db8118b7b6647e5668ba747580bfdd8a9fba7a041d1c4dacc

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads