18bf3e0320c8276e2defd68bbd400b2d253f4c37ad6c018beb3d6b4ffe9f4976

Analysis

max time kernel
150s
max time network
142s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
12-09-2024 08:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

dc1e5ef8b533e5966cd4185d30fe6007_JaffaCakes118.exe
Size

1.3MB
MD5

dc1e5ef8b533e5966cd4185d30fe6007
SHA1

1c7071134ba6002aeeb364bcdbbf9afdcd0d4f4d
SHA256

18bf3e0320c8276e2defd68bbd400b2d253f4c37ad6c018beb3d6b4ffe9f4976
SHA512

ed17cd3965fb660e60c0357464dfa83a8bdb36e4d6ee03b9dd9fc074abf7b350f125977962c6f327fe1ac5c39fe560db7a40085645b779fd672fe3daf057d102
SSDEEP

12288:ciLJ5i7sJXx0douBjhCCAYi8c1i6oaeNSoeDlHsg+2Vasj0eqqF:RspfjxAf8c46oaKeD5l+25j0tqF

Score

7^/10

discovery

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2580	cmd.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	dc1e5ef8b533e5966cd4185d30fe6007_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	PING.EXE

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 2 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
2748	PING.EXE
2580	cmd.exe

Modifies Internet Explorer settings 1 TTPs 44 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{41019271-70E0-11EF-83AF-F2DF7204BD4F} = "0"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6C8CDE17-0730-450B-86A4-28AF78117C21}\SuggestionsURL = "https://ie.search.yahoo.com/os?appid=ie8&command={searchTerms}"	dc1e5ef8b533e5966cd4185d30fe6007_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Zoom	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\LowRegistry	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\SearchScopes	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f02ebf16ed04db01	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "432291261"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\DOMStorage\searchffr.com\NumberOfSubdomains = "1"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6C8CDE17-0730-450B-86A4-28AF78117C21}	dc1e5ef8b533e5966cd4185d30fe6007_JaffaCakes118.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6C8CDE17-0730-450B-86A4-28AF78117C21}\DisplayName = "Search"	dc1e5ef8b533e5966cd4185d30fe6007_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\PageSetup	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\DOMStorage\searchffr.com	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b3e8f15f634dfc43bfa5c3a2648d88c400000000020000000000106600000001000020000000102a4630f9328cc20eddf6b54a6a2dddf159a38d566902b3c9a078f64bbaeca1000000000e8000000002000020000000458140b3c2e0f515d80307502c330f41c7c9464fbf817eb11eed6de00cc1b72690000000f353a4e58b079757f01ee16b6108500c9500c2fd596c0d708bce9dfb1e450b8ee716bb7deb34dfcfe819b299b59835691b51d8d4936c4e996785312b139fed90f90ba68176e20ceb896d5ac6016c08c59c549e48b78b85d9eb0c85b1ab28bbaa6af74974ccf451c11d0f11ad99fb082ae0bf3dbe6276c7650fee0d9649df9b0db8ed28e43a0f62c18abe94e8120313c440000000ca4083df65a536cc7ca83dd4b65ed2523b99bc9891185ec54ec3b4ce326f4e663e75a300858acefdc92aa517c4bb31486832e2ad4f9de2858c49cb24295ccc2f	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\	dc1e5ef8b533e5966cd4185d30fe6007_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\InternetRegistry	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Toolbar	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b3e8f15f634dfc43bfa5c3a2648d88c4000000000200000000001066000000010000200000004e9d72b1770f77cf440ca0386b93e4b885b67116904669203d69432b6862493e000000000e8000000002000020000000227a77a742c0d6bedf51cc418f29aa9c4726d942285701854a473b7c744fc3b920000000148b8e9acf76bcfd960ae2a1246f8022f94faee97edc93896d512db8083a5b77400000006c34d1f5eb9bdc9ace3b8149ddf661697eb71113ac5d75005a3f06c503a77b43dbf081dc8aee03550b5fd4955ec136b6ebc6b2c7a8baed72d645da4951cb622b	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\IntelliForms	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\DOMStorage	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6C8CDE17-0730-450B-86A4-28AF78117C21}\URL = "http://search.searchffr.com/s?i_id=recipes__1.30&ap=appfocus63&source=bing-bb8&uid=cf1f351d-69e8-4f8f-85d6-84659825acb2&uc=20180901&query={searchTerms}"	dc1e5ef8b533e5966cd4185d30fe6007_JaffaCakes118.exe

Modifies Internet Explorer start page 1 TTPs 1 IoCs

stealer

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\Start Page = "http://search.searchffr.com/?i_id=recipes__1.30&ap=appfocus63&source=bing-bb8&uid=cf1f351d-69e8-4f8f-85d6-84659825acb2&uc=20180901"	dc1e5ef8b533e5966cd4185d30fe6007_JaffaCakes118.exe

Runs ping.exe 1 TTPs 1 IoCs

Remote System Discovery

T1018

pid	Process
2748	PING.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1828	IEXPLORE.EXE

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1828	IEXPLORE.EXE
1828	IEXPLORE.EXE
2728	IEXPLORE.EXE
2728	IEXPLORE.EXE
2728	IEXPLORE.EXE
2728	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 16 IoCs

description	pid	Process	procid_target
PID 2668 wrote to memory of 1828	2668	dc1e5ef8b533e5966cd4185d30fe6007_JaffaCakes118.exe	31
PID 2668 wrote to memory of 1828	2668	dc1e5ef8b533e5966cd4185d30fe6007_JaffaCakes118.exe	31
PID 2668 wrote to memory of 1828	2668	dc1e5ef8b533e5966cd4185d30fe6007_JaffaCakes118.exe	31
PID 2668 wrote to memory of 1828	2668	dc1e5ef8b533e5966cd4185d30fe6007_JaffaCakes118.exe	31
PID 1828 wrote to memory of 2728	1828	IEXPLORE.EXE	32
PID 1828 wrote to memory of 2728	1828	IEXPLORE.EXE	32
PID 1828 wrote to memory of 2728	1828	IEXPLORE.EXE	32
PID 1828 wrote to memory of 2728	1828	IEXPLORE.EXE	32
PID 2668 wrote to memory of 2580	2668	dc1e5ef8b533e5966cd4185d30fe6007_JaffaCakes118.exe	34
PID 2668 wrote to memory of 2580	2668	dc1e5ef8b533e5966cd4185d30fe6007_JaffaCakes118.exe	34
PID 2668 wrote to memory of 2580	2668	dc1e5ef8b533e5966cd4185d30fe6007_JaffaCakes118.exe	34
PID 2668 wrote to memory of 2580	2668	dc1e5ef8b533e5966cd4185d30fe6007_JaffaCakes118.exe	34
PID 2580 wrote to memory of 2748	2580	cmd.exe	36
PID 2580 wrote to memory of 2748	2580	cmd.exe	36
PID 2580 wrote to memory of 2748	2580	cmd.exe	36
PID 2580 wrote to memory of 2748	2580	cmd.exe	36

C:\Users\Admin\AppData\Local\Temp\dc1e5ef8b533e5966cd4185d30fe6007_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\dc1e5ef8b533e5966cd4185d30fe6007_JaffaCakes118.exe"
1⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Modifies Internet Explorer start page
- Suspicious use of WriteProcessMemory
PID:2668
- C:\Program Files\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://search.searchffr.com/?i_id=recipes__1.30&ap=appfocus63&source=bing-bb8&uid=cf1f351d-69e8-4f8f-85d6-84659825acb2&uc=20180901
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1828
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1828 CREDAT:275457 /prefetch:2
    3⤵
    - System Location Discovery: System Language Discovery
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:2728
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\system32\cmd.exe" /c FOR /L %V IN (1,1,10) DO del /F "C:\Users\Admin\AppData\Local\Temp\dc1e5ef8b533e5966cd4185d30fe6007_JaffaCakes118.exe" >> NUL & PING 1.1.1.1 -n 1 -w 1000 > NUL & IF NOT EXIST "C:\Users\Admin\AppData\Local\Temp\dc1e5ef8b533e5966cd4185d30fe6007_JaffaCakes118.exe" EXIT
  2⤵
  - Deletes itself
  - System Location Discovery: System Language Discovery
  - System Network Configuration Discovery: Internet Connection Discovery
  - Suspicious use of WriteProcessMemory
  PID:2580
- - C:\Windows\SysWOW64\PING.EXE
    PING 1.1.1.1 -n 1 -w 1000
    3⤵
    - System Location Discovery: System Language Discovery
    - System Network Configuration Discovery: Internet Connection Discovery
    - Runs ping.exe
    PID:2748

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

Remote System Discovery

T1018

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

Filesize
1KB

MD5
55540a230bdab55187a841cfe1aa1545

SHA1
363e4734f757bdeb89868efe94907774a327695e

SHA256
d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

SHA512
c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

Filesize
230B

MD5
d53ef633a7b48bf5032db29e98522291

SHA1
2c7065f05b6bf6a566245f20d9272f1f11aee4c4

SHA256
421a5b104ca0318ad284216bce658682ebd5931bb024f9d9e148c350cdd47a87

SHA512
d1601736226f63e88f154b4823c18d61ac05e9dfd70280107c019798aa81df73d0debefc082c3d53bbc94c7773b81541dfe14503dfc9578c52f11e0afc666d9e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bc2ddbb974cf8b06acbd40e6b3386c55

SHA1
26be6e7191329fcca0e6ae662c331c11f306158c

SHA256
ec9d5bf670606a518171f0708389b77bb41674279b548542a18a19af59745e34

SHA512
10b1728e3fe9211282c0cd2ffef9115b85ce4088fbc20140c03d8d544c97759b3398506c4e8ced165af356870dbaaf4e279a576c2ca1ceaa2fd6388ac71f2a62

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fe39f0357bb7f0749d71b5964492ad29

SHA1
5c8fa219bc535296ba5ff1a3a0f08209600de279

SHA256
0641df450b9724e44d4eed8782314541f6c0aba5bf5db78d4a62585d425c4dd7

SHA512
2fb743804bfc112485d52e6daeefd7cc03efc2021fc6e6b85476831db385866b9e71504caddf3d30d0e44f875fd67767ce0b2eed852794d61c9b6df6e98fce12

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
41968aeda9278b977681328985618c24

SHA1
3e3d75993c2a3e2aa0ae83351eb55ad966f1c9e8

SHA256
a10130d4cc8f916a54ddcd8e9206c2b12f54d4d06069bd056f4f1fd0ad290f73

SHA512
33bffbb002260345cdd6dca9cf7fa5fec28a19ee4da16852d38d90559f2f216f833f2243156cea7daefe5181e35f4b924d2032446875f96505a6131e90792f83

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
69b66c4aec24821e11469f38766317b9

SHA1
1a6b87d218fdf76585d88f5af7d1150f0a102ea2

SHA256
2289a7608fc446104cb67ee1f795bee64a55a6ba6212e126e665e59e4d451e6d

SHA512
a8ab0806f58677cb3c03f176bf7246563ca9987308bc246fade2bc5ea91fc48ba09b316d54e47303df56ac26ef80ddd893b748cf1e924d85cc0843ebca79e633

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
725a136c950bebdd5f981c9b55fec22b

SHA1
69b3561cb71062afacfedeac9dcc75e56b5db0d6

SHA256
7a20317a4514284a349a4a32f19b45ea30a06537b4fb1768cb61b2a5160cbd48

SHA512
ae84701865fb98920b6555410815c08e7fe409750569fa7222343146c5ccdd4855a29c86a421920187eff614c70b68281af3d4716a7233863c9514b3861617c1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e8f0c7cad0e82a58d601b803a2b37e74

SHA1
8c6cb7756c4304e9560ecbc1cd6cc2b5b4590134

SHA256
55751ac59ca2ffc64fd12b13543596c9323c0b2e455e4e1824695350769d8e05

SHA512
6315d6c2a4a99c8f3d729094ea656c759788d3876807706ddd8a27909a1a0c86b553b32c848d3da4a39c7937a3e8c75d7a41f91b8562745b9b996c8acca67d68

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cde5a35b8f58c1d244e420e9ab70e48f

SHA1
a2d1b866cc9fafe8e72628669a1aea5156311df1

SHA256
547bf9c2ca77f9cec5e8bd280c93fd3ebf64cb65e5879ca436cee4ff10fcfcb9

SHA512
a968065257082e75202d11eb0b42a9880f04523c95340793dc140509f818bdd9621f1ab55e38da13f35a24f93cf48088878bfea06459da85f70fe231db417475

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0cc5493c6f0a89a15071a565965fd8b5

SHA1
3331940c42e6af0b606be117f0c4ee3e84b8f1b5

SHA256
fbbcbf918ac5514be166f9e4b7a7d903105885a8b807bade86b7126294fa5e3b

SHA512
ebed5c6af2e4098e61f1e503a81ee7b7bb57bc05dbcd1ba9d9f8daa82ed83e26fdc5a7cced21371f313ce58b3e01add69da228e885b593ee1c73ac9e1c39ab78

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8222a99b53ba64892adc755a33cdf5be

SHA1
e3e3f9671e4b51735567add445ec768de06105b9

SHA256
e8b121f6bb712541c60ac3942d3056ffd4cd1a7a2a1e27f814b7d996bd571c06

SHA512
17cd199b26abc90401c9ae379a29cae8d51cc3e80b5e23d6aca8ec115c9ae4566ec72c45ca8f2643f2230a767b639b589ab5df80d04bacf77f65cacd68f29369

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
074dad8441765f5a2df65721badc21a2

SHA1
20b396e1494b37f23aaa1b61fa031c9a5de44604

SHA256
b0f24d5dfd8ebe3672ee5652584cf0c4bf532a00a21a562a0feb1ed3a5055884

SHA512
390fab7c365d7b3bd741130904d060e6c0e38f82c9a7f1e655f1a9f0b1df1c260b65853c542714f335234d44bce5ee0005151122369b029650c165c2072d5358

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
26def78ef4051650100a60826a05181b

SHA1
b094fe70bab235c1037d1047db3d9dd14241b79a

SHA256
0c73607c16d6ad0ad0b08394ff36527c4d2c2066c69f510e7f4da8de760d747b

SHA512
470089e47e4b40d62cb0469d72b750ce0f0913eaff4e91e1c919ea6b5a1d5092a64e1a902d34703422ff7db3fd6897b542288752144e6c08f5214ee0806460ae

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0bf83105c9b07006aff62c4280dcdb0e

SHA1
fc20e123d64d49f8bcdc4ac096f56f73796f3a30

SHA256
b84c8ed4b88951118841ba39d37c1de20bc9f63346318e88218f0e8c429e9036

SHA512
5b9c312620248933c385ccf007b388e3b5356897232b822010f2e322983633670c94959f1a8b777339977ad5f5d6c5420cc5f21e9d70b6c214a929fb4fa82859

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6baea396a4e5aeec104151fb254742ad

SHA1
0110b66018941e8780bde12eb1f62b743c931aad

SHA256
5360f7b1120169d781258c68619c085ac9a66d9bea858e94783d4de626c4ca0a

SHA512
c4c3581cb364dbfa6f73cec995ebe80059e08273f8623f75d4b0bb8016e0a3dfae5eab6a36461c9842438205700986477de53610f554260b0d69759decf68e22

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1ddb3c4923c616096bfff7662156a857

SHA1
a18a48d7b0f991abdd977dccf02ce262580ff66b

SHA256
1a177fa3f7b02a19eac226529caa80cb008be4d3bce30fdde4714c85e22740d9

SHA512
659c5a8531d01b5dc534abca3d52abf58596db36e840b0d1ff1cc740d72ea7b1f529ec6a714235868c1b07e7b5696a1ca8596edc96bc266f70d3b62ef92d0e5e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7c4504529301de4b56ea354797c6d616

SHA1
d315039a73734b6984fcaddd559fe1860317e13e

SHA256
5528d55026a22013c00d73adc029b6f75299c01f6f9825ea9c8d3cd5df6b93b2

SHA512
5e94e71b5022e3b1717cdb73f30c992ebfec2ae368d46471353649219df4820263b44ea3587469aac4717ba7826277c0c936984265de28b75a355018301ae846

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7a648cb359483055886acf4914276567

SHA1
f7f4e6db551a1f9d86ec51e695d347e2e05d68e8

SHA256
ef772fc8be75c78bb62590a5d0d980331d6fc442143df750bcc3c4eef5fe44a6

SHA512
b8f8119699480681f0fc54f351e3f8f4918d7db5acc7d38467664b8441dfd5497e5a56960aac8ce4fd322d96dcc255a8203bc823a152f0700f78da63b7f98858

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2fbb4d4947f38edbe56e5c9cfd3af87b

SHA1
6df0ef21978ea90b7a1f3fbe3176466df4e8afd6

SHA256
f82b2ed9dd60bffdcc54fbcb4a9382ac392400105a556319af1cd6f27d514352

SHA512
37c2f0804633f415618f8cfcc648631ec6c2e6959a166209ceeee339419b04f0d618d1f19aaaf986376e0e59fe8c4ad12296197bdf492cf6ed6581d7e9919ed6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3fccec756cc736cbffeef8c38b8283c3

SHA1
87336f1a038a1f6ac3e86bba83c08293be7dfb59

SHA256
1048f1eae419f7493c9ce9eeb232a5b07bd8ead5df4ebe279a7b0470aa4edbf9

SHA512
2b07bad7e74146657050e6330d7644c58a080ee39dd863ec127c4904183719054d25d3af703de710b9772e09cdaf7ac9bd2718555435aab3a88105b1eec05603

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ff51e5cc978d3a725dd9cc28de2ebd43

SHA1
4d5af6c611f7937f4c4e739269abf61f36af3192

SHA256
e8696479d4469aba46c2e3bcf989781d3c51ff1a431e27119870493921c6e51a

SHA512
37a98a544895336b606101a8cbd30f11c6ad2f5639377426df3172db95e4498dcafae6da5c9c0e349cdf16965b19eec7519a1ebf01043e2b998c133bb4cdedcd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b90bf736cd723483e8b0e56bd89fddbd

SHA1
c454d7712e4b4113049c805263dd0ed46ece0fee

SHA256
07df0cc9fa778efc50a22ced8a2c644acf8488464ea6fe90dbd71270e1c5a635

SHA512
b395dd262dab2234d6ee41cf29ef7bd87cb77b2e045db05fc0659fbd170248abd4dfc72fe95d7937010a2a21076398a693c96643f7a8e0dd3158a131481f628f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e9593b15106e035897ef06bb186ac3b3

SHA1
257fe5cef4c3c471ef26500e491b1c8f2c836059

SHA256
ed0d55d3fb1c988d21780a4e213d4a607ff59e693663a6c4917f54fd56e9af96

SHA512
d9168e398941e702e1f05b001731b17493d619da8a77f8534c2e64ce14c634de0edb03ba0d61088b76d8f1e9d07317fa1aae2b1edec96560f9eeeb4d8e990c94

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
590c0d889ac6a13b4ae4f07f77c47796

SHA1
762d4ccdc60d174a287adb8cc0b847efdbb42513

SHA256
51679823d035c40322c327183b7548c5a084fb449a0d19efa0cc5b909ededf69

SHA512
e2474d4bc6de1e8665832cc37cad8d725625bdbd6e782efccc3c0662b4b908c1d7fec34646311fe707f1024090f01014f5c72b65e8355a9fe6060aed156518da

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
77598cbbce6546568fb54bb80b6cca39

SHA1
1cfb129b174809dbfc13b6be8cc69bfc5249261f

SHA256
d12596fafaf0c22cbeb84422e421836d133dc864eed2a8f99966b662371f4652

SHA512
207332e61a28e6da73065d5ebc26c43fa7f52d1905c892bbef8d9e79ec7bbda797602d6b22633d0d2f32a1d85d82912f068ade3251ce42be69375185f369ff5a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
39952aec0728540cb1ed7ab92a1879a9

SHA1
9ac027c8eb0d0dc5e3500cbf1078991a513c2547

SHA256
e34e1fb74923cbff51a85a30b736b793dc83ec6aa279ad119c008dd2450c81e9

SHA512
56ac0c7aac7e733156b9182406f99fe6fcbf824958a513747c051b47f084a41e81c095260f1ab6043773f94a53c5b40250efd933e3e89f43dbca06f40dbdb993

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0b066b232c625394ee8865ccfa94df6a

SHA1
93fa79168c101d44d6f52eac9a9eab2639e38ab5

SHA256
bd415fae3e852d0889f400f38502e0b1c8f84b512bb1ee9171fec5e3bcfa9aef

SHA512
1c459a260dcea9980f84b3e1956341276188dabaee199f3e78f37762307e6303f0fad199ca7b07f6c74515ca0af580353ea36f1644d814787f6a0b23a6f18acf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5ce7d21d1e8b31f4a13eaebdc3a8fcc5

SHA1
48153a4c2399f7b3848378ccee59ec40a8cb3a21

SHA256
8c46a13fdddfabf711848a6195ff61649835a5a74bc70efb67994e9cc9c3a377

SHA512
b402546bb821c6a8ea77503c24b3b1d4135b1d6041a3c34a0bbb28b3620f10a8040a4e06083623fea3c323856543be6f2acf79c8a1fd66a1939c12c89c786cf6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5c6aab35c41a040d9a652be3928e9d0d

SHA1
f109bb026c1980dd4b25e9e3e8dd0eaeb9d06def

SHA256
4dc67c32b21d15637349f1ce4c13da2bd7091b99f0a5b28aca09bef0d4191d94

SHA512
946de9d1fcbbe1698ab08fa7360a4807fc31ea9e733ce757f1c17d4c3d60b9221a27eae1500380409b5ecdbc14ae709b0acf04095efb12f64e67685ae86722b3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b623bb676a8c31355a4f4e36136e23ac

SHA1
28d4be422232916841bd38d049f51367d193474c

SHA256
4ad20fc3f4e1f5b8fca10959ed82ba93c8c4fe4372d8bcce6e3c68baef7481f4

SHA512
74b1f4c6628fbf83b15646336aebfedd789ecf7a769c48f00ee2b0020f5ad4241366b3137918d0bcb3ddba8577c87065add486b179a1839040b191172eb7c98d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\e1ur8h2\imagestore.dat

Filesize
110KB

MD5
f4eeacebcfd7d7b8916219929f7c6c82

SHA1
0b9a86f5ed4705fe2068513931a2b92e7a124c3d

SHA256
5c763ae8c423f43249ef0a0d94e54f177092a8f53530f9f761ae571bc577b8cb

SHA512
66d575edb1c90fdc9ad1b8b0decce001e97e64f716ea28138273dde28f5f485f396356f352410c3e4578f3b3be1789bfde849e4b2d56fdeba10549e01409fb0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZKZ95V4R\favicon[2].ico

Filesize
109KB

MD5
504432c83a7a355782213f5aa620b13f

SHA1
faba34469d9f116310c066caf098ecf9441147f1

SHA256
df4276e18285a076a1a8060047fbb08e1066db2b9180863ec14a055a0c8e33f1

SHA512
314bb976aea202324fcb2769fdd12711501423170d4c19cd9e45a1d12ccb20e5d288bb19e2d9e8fd876916e799839d0bd51df9955d40a0ca07a2b47c2dbefa9c

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabEB7A.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarEB8C.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads