0126ce904131dbd2074a64a9c23cb96620f69f7ff86341bcc06cfa1888160753

Analysis

max time kernel
149s
max time network
135s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
19-09-2024 07:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

eacffb072e050c9ad85aa016fcff27f1_JaffaCakes118.exe
Size

1.3MB
MD5

eacffb072e050c9ad85aa016fcff27f1
SHA1

212f02a99af1408b7ee9b6831c842f0e03241038
SHA256

0126ce904131dbd2074a64a9c23cb96620f69f7ff86341bcc06cfa1888160753
SHA512

c6438ce2c0c9638dda1bdce787b574a056f8b3ffbe8485a77729c04d53780eef3260e1dc9c2aa9e74074a694bbafcc62a1b1eedaf669133937d2768046d702c1
SSDEEP

12288:OiLJ5i7sJXx0douBjhCCAYi8c1i6oaeNSoeDlHsg+2Vasj0eqs:LspfjxAf8c46oaKeD5l+25j0ts

Score

7^/10

discovery

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2360	cmd.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	eacffb072e050c9ad85aa016fcff27f1_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	PING.EXE

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 2 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
2360	cmd.exe
1924	PING.EXE

Modifies Internet Explorer settings 1 TTPs 44 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\DOMStorage\searchtmpn4.com	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "432891293"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Zoom	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\DOMStorage	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\PageSetup	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\SearchScopes	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007b88b8645d6de74ab21efaf0de98379b000000000200000000001066000000010000200000009d08e200b229a9634d4abf8d2e0dd0eade12395dedee41ce7fb4512f82987598000000000e80000000020000200000007d68380ceef7bbe60c7d2579f585c170dde877bbf8196a0bcd5972a42e932f5d900000004429f97897cccd6b994416cb1b2c0e4d800fcf9298387ed19be30e31cbdece0e267de8e10d3ed3a9a5fb3b5ae3e821bd6c00f0ea761388dab9b9b39a10b6b24ff872fd8b6e4e4346fbe3fd5005ded48589377094fcbed1c1d83221c567201920740f3bc35c8a63e0d30b227e28d6255527b23b45b21e74c2d6a534e72989c5a46de7e13c4c1337886c6e870d15792cf64000000052362f94c6c71fd0d07bf7136dcf7cfe31a565d701d1d559210b526b472c655726fd2f37f10e3b70f14989396df671fcfc1e755f8b391a9bff3224f324848ccb	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{4FA41DA1-7655-11EF-87F4-7694D31B45CA} = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\	eacffb072e050c9ad85aa016fcff27f1_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\InternetRegistry	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\DOMStorage\searchtmpn4.com\NumberOfSubdomains = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\SearchScopes\{1C616763-3DA3-456B-A2BD-DD4033A059F3}	eacffb072e050c9ad85aa016fcff27f1_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 6078fd26620adb01	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\LowRegistry	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\IntelliForms	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Toolbar	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007b88b8645d6de74ab21efaf0de98379b00000000020000000000106600000001000020000000313f490d4a0d71f395f8f2c88c9cc2919804070f4cb95e09f106d2fc2cf21d46000000000e8000000002000020000000a9209be78dd98ce017c39fee642f64246ad4faa7ac01b3de64032495bc922573200000004c3910b05f87a65578fe464fb01cfbf06936cbc8661bd839b265d9673d4d965b40000000ad5e249d195b9e2c08bcb4d207fe8b662f3903477c839aa50fc345aa91279e1640b490afaafb5b9ce31ee36e24bd998215ae60f2708f1aa2c0b41b9d24bfc32c	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\SearchScopes\{1C616763-3DA3-456B-A2BD-DD4033A059F3}\DisplayName = "Search"	eacffb072e050c9ad85aa016fcff27f1_JaffaCakes118.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\SearchScopes\{1C616763-3DA3-456B-A2BD-DD4033A059F3}\URL = "http://search.searchtmpn4.com/s?ap=&i_id=_1.30&uid=&uc=20180617&source=&query={searchTerms}"	eacffb072e050c9ad85aa016fcff27f1_JaffaCakes118.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\SearchScopes\{1C616763-3DA3-456B-A2BD-DD4033A059F3}\SuggestionsURL = "https://ie.search.yahoo.com/os?appid=ie8&command={searchTerms}"	eacffb072e050c9ad85aa016fcff27f1_JaffaCakes118.exe

Modifies Internet Explorer start page 1 TTPs 1 IoCs

stealer

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\Start Page = "http://search.searchtmpn4.com/?ap=&i_id=_1.30&uid=&uc=20180617&source="	eacffb072e050c9ad85aa016fcff27f1_JaffaCakes118.exe

Runs ping.exe 1 TTPs 1 IoCs

Remote System Discovery

T1018

pid	Process
1924	PING.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2116	IEXPLORE.EXE

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2116	IEXPLORE.EXE
2116	IEXPLORE.EXE
2652	IEXPLORE.EXE
2652	IEXPLORE.EXE
2652	IEXPLORE.EXE
2652	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 16 IoCs

description	pid	Process	procid_target
PID 2720 wrote to memory of 2116	2720	eacffb072e050c9ad85aa016fcff27f1_JaffaCakes118.exe	30
PID 2720 wrote to memory of 2116	2720	eacffb072e050c9ad85aa016fcff27f1_JaffaCakes118.exe	30
PID 2720 wrote to memory of 2116	2720	eacffb072e050c9ad85aa016fcff27f1_JaffaCakes118.exe	30
PID 2720 wrote to memory of 2116	2720	eacffb072e050c9ad85aa016fcff27f1_JaffaCakes118.exe	30
PID 2116 wrote to memory of 2652	2116	IEXPLORE.EXE	31
PID 2116 wrote to memory of 2652	2116	IEXPLORE.EXE	31
PID 2116 wrote to memory of 2652	2116	IEXPLORE.EXE	31
PID 2116 wrote to memory of 2652	2116	IEXPLORE.EXE	31
PID 2720 wrote to memory of 2360	2720	eacffb072e050c9ad85aa016fcff27f1_JaffaCakes118.exe	33
PID 2720 wrote to memory of 2360	2720	eacffb072e050c9ad85aa016fcff27f1_JaffaCakes118.exe	33
PID 2720 wrote to memory of 2360	2720	eacffb072e050c9ad85aa016fcff27f1_JaffaCakes118.exe	33
PID 2720 wrote to memory of 2360	2720	eacffb072e050c9ad85aa016fcff27f1_JaffaCakes118.exe	33
PID 2360 wrote to memory of 1924	2360	cmd.exe	35
PID 2360 wrote to memory of 1924	2360	cmd.exe	35
PID 2360 wrote to memory of 1924	2360	cmd.exe	35
PID 2360 wrote to memory of 1924	2360	cmd.exe	35

C:\Users\Admin\AppData\Local\Temp\eacffb072e050c9ad85aa016fcff27f1_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\eacffb072e050c9ad85aa016fcff27f1_JaffaCakes118.exe"
1⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Modifies Internet Explorer start page
- Suspicious use of WriteProcessMemory
PID:2720
- C:\Program Files\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://search.searchtmpn4.com/?ap=&i_id=_1.30&uid=&uc=20180617&source=
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2116
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2116 CREDAT:275457 /prefetch:2
    3⤵
    - System Location Discovery: System Language Discovery
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:2652
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\system32\cmd.exe" /c FOR /L %V IN (1,1,10) DO del /F "C:\Users\Admin\AppData\Local\Temp\eacffb072e050c9ad85aa016fcff27f1_JaffaCakes118.exe" >> NUL & PING 1.1.1.1 -n 1 -w 1000 > NUL & IF NOT EXIST "C:\Users\Admin\AppData\Local\Temp\eacffb072e050c9ad85aa016fcff27f1_JaffaCakes118.exe" EXIT
  2⤵
  - Deletes itself
  - System Location Discovery: System Language Discovery
  - System Network Configuration Discovery: Internet Connection Discovery
  - Suspicious use of WriteProcessMemory
  PID:2360
- - C:\Windows\SysWOW64\PING.EXE
    PING 1.1.1.1 -n 1 -w 1000
    3⤵
    - System Location Discovery: System Language Discovery
    - System Network Configuration Discovery: Internet Connection Discovery
    - Runs ping.exe
    PID:1924

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

Remote System Discovery

T1018

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

Filesize
1KB

MD5
55540a230bdab55187a841cfe1aa1545

SHA1
363e4734f757bdeb89868efe94907774a327695e

SHA256
d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

SHA512
c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62

Filesize
2KB

MD5
aa8a400db9c6af750faeeacc3b17eb00

SHA1
96d81c9bc987c599134a5dcf9fabea55b3de09e4

SHA256
cf684445e7d808d06c9aad8831d1051641483b57d87c1574aca5c2a2bcf771fa

SHA512
ff00f5d6ab1ac08495686ff545912869e2a68804e19907aaeff897c3d01d3944f8490d3303cd195f88802eb887ac15dc9161ba5c362f0a70713949db80e1d78d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894

Filesize
1KB

MD5
3b4c6c85deba8de05f18b51bff648db2

SHA1
6a2b30a2da2860b4cc4cf9c0b66957d2651a8209

SHA256
80b6bfc73eb4b55d2e87a2864564df5128e89910090a5c250853cbcba028568b

SHA512
c89dc47e2eeaaaf3094ab9a8199ce0365e89a9ecc80cde48802590c6bdffdc2b1443b5dac090ee566840517f311233fc508bb7432bdc90d7a24b793a17287c7a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

Filesize
230B

MD5
609dfd834ba47c7b95a50ac19d2e9922

SHA1
d256aafff9b76280e584f9b24e5f725edfff40bc

SHA256
e13e112e4b08b7dfacf96ebc6cc6d6b745b3fb3c66bc44468148c7d1392fe5be

SHA512
a0b19f675ad5b8bf84f6e39bebdd8d1e884ce52ce2b2be14df4def96bc577e930dc560ed90f21bf1449df48295595b00dc71c807ac648619cce42d6cf55c7e12

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\75CA58072B9926F763A91F0CC2798706_B5D3A17E5BEDD2EDA793611A0A74E1E8

Filesize
438B

MD5
a07cc4d4274fe39d97d656c73d8cdbdb

SHA1
89c7fe3df0625ab2a3566c0aefb332d17c0e7a47

SHA256
f4d6f6fa33d64a58f4fba9105035c2ca5436e60dd68b6250fa47e277f824c2ca

SHA512
2e821fc5ef06ad12c328bdbd336c6048cbd4265a6f5150c841a11264f1f581f5d212a9127d1470fc393dca9c752c273df6c4294a7573ce293b6e4f056d99aeab

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8859ec42eeea424203de5875c1e27fe4

SHA1
255872a89555df93409d14329c14292442ad66a2

SHA256
a226b7ffffddcb82e6e6de8975ae7cd60fc6065312ab8befbf077c67ff1b8782

SHA512
af05f3a2185cc9279bccc8137b8f8f82007127bab64a87ed0e4ea295767b77951fa65ea47287d81c87180fcd3a8c0fd09f7726179de11c96da276d0165ed4fad

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b15e5e8a8b6ba657dd4e7cb8fbfa36b3

SHA1
3f70cc332aa473cb9fbc3d39d68e33a889675350

SHA256
6a5fd21168d55133af46fcd400a5a92911bdb111d492f4843d478554b21b69b8

SHA512
8248a8c0df1a96c5c0deb5311f9c1b85d1f2e54b1b11f4f92dc2a5198e4d875bc062456b86b0f6661a3a79edf2b14d5af4839fb3dc146037222ef9a5b561d423

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e9a61f3baae73ba33009ba328f14115f

SHA1
ee29644df3ffb29a80c6c5039096b6e25c03ebd2

SHA256
d43d419edfb731d06a90a616f581437699ef312b031810849365f6663af62ed3

SHA512
7e30217da2a31087f23024b990ebff728ad409d277bb54c0ffbc1a990815f483d892bdce0dfcc9383ca0160f3f0f7e15688e43f9ea1d7f29ff6f50ac7588dbfb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
add547af7c21439a1473e47ddd1b9af0

SHA1
05a089c80378cff40ba50c91ca61415dd9458129

SHA256
953c156f87e5cd97bbe88a3d827419fa11a7a8519e9485f4e51744aaf0ea8e10

SHA512
27527702edd86fe834391165081498a66ea440e2fd45b07d706fd6c39f014c5d005e8789bfa27a48c30686e4604f9c519a9a143be18f8a383eb484c62335def1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
120040f40ffb674438db646b8fa8831d

SHA1
128e04c6efbc628616d6c49706833295b12c90fc

SHA256
da0ddc9c1c98cd5d13b2150b594731d9ee48aac70c6f84efc444ba7bb0b30a3f

SHA512
e8aa1b994fc0f137eba8f98bedef1411907b583261cdf1961e2da1ce52ebab12334edb054d40fb554a83b3163d1a46b84ff4fccb37576fed96c457c591577907

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a159ad83a2acdc0ee22e1cd2162e5b8f

SHA1
ad66aebaa8689f28e3823730538ce35ce88e502e

SHA256
51d809506039ea6e1caf6291ff0a509476b92e75035dcdfc0c27270ba28c552e

SHA512
843323538ca7dc60e6669b8307c87014693e3b299f764230b6934e215784eb26138d7aceb0165baeacf8a4a7b35954d4321fcc55175504214ddde1126118bb9b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a5f16d4a4c362543094a254b78d6c346

SHA1
4f3ddef2b2300d09e873f9e13439f024a4809879

SHA256
603d8db627775a933a44f132802407dddc31359f78fb0afa32a29a19fd17711f

SHA512
52f4f34fe59e2c67c4b85a3d0163a704d894e681c3d7b7d06ba53edfd8661b27e35b278e619ef412944215974e236aaf970e40ad80cf68d69e91c4b3b2b81509

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6615b82f04140b1c03a406425723c176

SHA1
2d5042e2fa93a2a60b40116f5609ab2fb2a0f119

SHA256
9ef33b0300de0f12da401995d4e083ecf1193397ad4117f70770e149999540ab

SHA512
2b6a3e268bec80fff681d529ea716c87d31f051184efb852334552473cd52f3ec485b5ecdbb80fc8c46660fb98850dafb25aea112890cab1d9bc59f42a1a6ef4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
157dc0d89a4f418d6c4ce11d0866394d

SHA1
b2d7bfbe55a9588aa6880b7bd8a2d076bd5d71b5

SHA256
5486be9c9a0e691651081c8244c6e2cee2e4ea8f9b2252af01f26a88987fab1e

SHA512
7924f6ed83a3484f6878d5f8c97e039f968a3df13d99a3ed0624b9e64a1f67dd458cedc24030ee8d2138ae94417095f234747c038f5eddc0bf2076eb5cf4202b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3a74df55fb355b04cb80cfcd8ea8d35d

SHA1
9b5c45e7b4811deaaea04c8cbce9c58e604109b8

SHA256
9c5a75b7d0c61c05f2e9d833c33548e023cc8d798fce885daac8f758168f3ee2

SHA512
052fcc23ae38ba22368cd5234e6ff2cdda0cad3d2d3289abfbf69d9b3638f8b2329ffdf7e9387a30a8755262d0b10fda7cdc4fb50ae873b8571662108af268bd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f4411fc96321585da3cc9ed36ff60f1f

SHA1
02b4ec14e5a3bc3881a2d49f6f2b8bc62db59436

SHA256
16dd799af86b5566a2ad31540c0d1b0dce2f0ad2ea12f47e6870f375f7a00f22

SHA512
d6c7d9d4d97a09591b109048518f9f0f582fce261066fd437122b3334caa2d9f94864182779703897d41ff7bb40f027ef4b99b1b1af00a0d6984e65c2759f4f9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2009af8265218d31259551088d8a54a9

SHA1
26e401df0f1a132d0844b172441d31244db23598

SHA256
b698a71fed6710765f8b0604672eaaf965f3acc55acfd54a80fdb3e74c1cd044

SHA512
81c7f752736bd3e06c852b900bb28c78f9a3df19fe84574c77f660358f68259bdaa30efe25ec2245044f8722ecdcde1c2467d87e0cbb44c97d9459d812bc462e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4b9a7c46c7687312704f53a19e9013d3

SHA1
409980758fb952133dbfe3c27dd2fccb00bc4ef3

SHA256
a15019a027f508405f70c5016c424ef25da802aee493901906dda22788c79457

SHA512
42821ab1cb594c15dd5174f7745a60a33b52baa18dca1751998496a36a46c65c3ed98d7e83b756d046d92f35284ca61ef4d29b34b3358ad5aa11149f71208d99

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3e0ff7613eb583d12ed7d9021a52665b

SHA1
0a2046248aa8c0455851233648e45fec55277428

SHA256
e0dc87939f8066da7f423f7ae1a5e4d6854a12dafe1dac8e575a3c29edaa87ff

SHA512
5d6f82f10ed34b30b8b59ee2cf8fce93b2be06ab9cdf6cf0bf04a48f0d1019bcccc43fde4cea765fc012d2e7481a920db958af35a8f477585539f6534feb50b8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ba82875b7a6ffc19d7ca16af4e54316c

SHA1
90d97af0e2d780f09862f4102a3e76ae3bdf23e3

SHA256
1953de5fdf348f1bf850fbaf21bfe693d908ac2cebc5a71865c0a123285d3091

SHA512
53c0700449e428d977a318468643b1fdacfd509d2154e669b4c6f580e5367154f80c235498ed866cf7ddc08eda8129ca9375a80d903ba6a402165507a41a151e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e6608ec7d826d7ec9979e876a46b1e8c

SHA1
9aba4b9a7994637dda423475461bdad511fed937

SHA256
668fb02e6cf935156363c7df79b6c1e1fe4a703525a26b5a29bf08587e363411

SHA512
541bc1c628842ec5ffcfa31054a6e742d052475dd5b5122710093166cd9d624e2e2aee5c021a173dbfa21d40c07bbca037170474566fe3c04b489e69afae0a0a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
740fb434da9d0c765390b4ed34275153

SHA1
70306e8fcfd3aa0311fd046a31245e2956abf25a

SHA256
6b2176d3ca5ac6fb413e2118abf3ee0e37010b5d35b6015207487207933fcee2

SHA512
ae6155f0febfc438872334e347803b020f807ece7f2dcd598b19ee15f5dbc4eaeba4e0cb8a8f9fbfd2b324411c650923154767430bca7e56e4c9fc207186cc5f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c412813bf3d72ac43b42d7e068a2415d

SHA1
4f16b2b78ea9809b16efd003d2716ca0cf2879b6

SHA256
be72e41b1195cf1d28c10f6b4532598e9c22a7f09c28807ed6877e00ab1b6ec1

SHA512
0532022ef9c3cf6dce5715dead84ff279c731eaf31afa9ed6d3999bc7a0dcdef49c71e5f380132f8d74721046b9488c74413c0a2e635d5369697cded4a697961

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8df46a426df8c36500ab08b57f218ee1

SHA1
afef4e8ebaa1874f31008b073ae749c0fce4cc65

SHA256
e8023f8527f4a24e4546e1f247b77efa5b89edbcdb4ccd10d3abbebe3d04595e

SHA512
d4690a78379bc219c42bab9507596db0fd9235626675b260b13182dc688c82a9f51c97616e302446b11e5d96edd3821c25d60ac99741f94972d773403660cf13

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
59c8be61533e454cd18996711ea70969

SHA1
c62c528d6c3d6eb83b7fcd0e889e6eccb222276b

SHA256
670fad7492e6f9d5806787371fb552f979828b0c0b6143a96bccc0cb3bba1432

SHA512
34deb6e61c38dfdd610521ac9f66d904e524bbf81314b81fe4bcb07533cfb5fa7f5249bdbf3a9c70e276568f90484596eb08e201f860fd5184a7b31d8be4ef6b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d8f4c413b8d32c40b998194dbe829054

SHA1
fbaf8dc949d23b82889ba6abd74e46dbb4e47115

SHA256
64de1366b247d13001f1ff946727335c8b067eedaddbc7b90d5d738a5b884e20

SHA512
c1fac8d4cdee41d84fdf1aecb0ee2606afbfabf1dc96bb9793f37ad88d1e6f00597b06160944115de07b1cdfcb1d3f17214f70875a0e8dda2597f31b22538e8d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a3dd66a3c5f6faf9b91a259d67f73ff3

SHA1
c1d897dbf500b2f5ebd952a3205655047edef0f2

SHA256
1b9504558d5c0036585fd65d6f428405eca010da5e11267fe55648e707a0c0f5

SHA512
9934f23cf3359e3db4fc7efd6bab9692aafa73ebcbd67e55aa4b72767439143445e0cacbbcfa4adb63996b99bc2112860db0c9252d7022bb3c5609d8d94349f1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
92a5589a554f026047d739a11e86cd6e

SHA1
5aa1b094009488a4c9e2d0bdec01d1bc0c719758

SHA256
a4546687cdd1e8534b9266442e049b2f179c1218a6180b52a6c77aada9e08ca5

SHA512
f7a9a3102bbe3c191523bfae43b08a613761c8936b4e12758d0bb3af78d6c8b1c2317b0ae673101c159e69700803a6b9b2801b546f1a4160d3cf7d499b553c2d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
03846ec049207bb60dc5b056401e4dcd

SHA1
00c1df85965b3a22c05058bc91de772a64290dd5

SHA256
9c7c19f8ab9a6dd5146b81e1aff025dd1930f791a03ae3e775476652f217aec1

SHA512
f9a9d9625586a00e422692e7f663b7da46ca1dd54cedc16d0fd1f1946f56124e309cad87bd89965fc172ac61eeb58f3d5cc7e0df247d3a841270148fbdfd0e09

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
16d26ff88de42b59f4b26cf4db7ab818

SHA1
44128db1330a97072a789302cceeb969add42002

SHA256
f3a6f769175e40e67f12fd0bc6a5089755933f77dd9b3b038fecddc583e42792

SHA512
bd2c8396997f54e7d816e5ac76acb472b4176b4fd99bb15bec67a3549fc913471272bee3e212c7593759ad5db6961d9f77107435c4028e9c589d25b2b9ff7dbf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6acb5bf18b27c3e2e48160242b4ea888

SHA1
c2c2e080af206aedbd7436066209394760fa42f6

SHA256
21b1d0a92fbe8f33a0aba10b28fa0022f84af2d70b3cceec02fe1a132c3ae9ad

SHA512
b88358fbd5abe8b56e34f06a6b76e7e76f587ac9343222799eabc1d95f2b7fe71825672f97f76e43e8b10faf6179afeea83eed0dce341b4311f7be605fe79cb8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62

Filesize
458B

MD5
90e4c823bdaab35c1b65e011160ccd74

SHA1
32df0ab30b699c68433a7bb845cf845e4c361dd6

SHA256
52817166c14f663b8bd39ee2378e393728413970f592b89c1590eaaf39f71854

SHA512
b3f24ad20f83c5f31ab9e5fc2b2742c6b04cfee0476b5b0cd423373e7fcd7d5a5a4963fe4fe92346d4c8b9e90a3e14645bb84b0ee045f9ac8a8c82cf4cad02ec

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894

Filesize
432B

MD5
ea9ae9e89ca2731998485e69e97d7a0c

SHA1
d6473ade0bbe096b2e3e20fcbecd33aa88f3b9c8

SHA256
a8e0b1f1deb664b4b34eb419bd34d7d473f588d5980747417dab800fc5af0d14

SHA512
da97740740691f9a8d5d5df5b863b739f006ab325b3cbdc62e1e8adf79fa91f1405f11e76dd3e4e39fcd8c3809c319aeb75906f9b8af3e727e75856ad3ad6f46

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\lutsxto\imagestore.dat

Filesize
110KB

MD5
96c50d473dd5c0e1778a4ef53846e6fd

SHA1
cee71d2346a0aade456c3e0c5eaa50282f1e6364

SHA256
24b06de3d236b880c2b637c02b220aed8ead1e2da699fadc1c84f343191d7a00

SHA512
d57f1a6b719a367816db5cdf2585242be653a3de70f6399f612a2dc2ad4b87503dae0f3b709aa29859c80fae3b3685e117aeb455b32807a9a3a193c09aaa4db1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8H7UVK5L\favicon[2].ico

Filesize
109KB

MD5
504432c83a7a355782213f5aa620b13f

SHA1
faba34469d9f116310c066caf098ecf9441147f1

SHA256
df4276e18285a076a1a8060047fbb08e1066db2b9180863ec14a055a0c8e33f1

SHA512
314bb976aea202324fcb2769fdd12711501423170d4c19cd9e45a1d12ccb20e5d288bb19e2d9e8fd876916e799839d0bd51df9955d40a0ca07a2b47c2dbefa9c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab8C5A.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar8CDA.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads