29b1d36a98b9d27c5e2efc1e6258cb79080768235bc56ffee0f72076fcf99cdf

Analysis

max time kernel
149s
max time network
128s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
20/09/2024, 22:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ee8f27dfd22e8058d6944a40893e0892_JaffaCakes118.exe
Size

1.1MB
MD5

ee8f27dfd22e8058d6944a40893e0892
SHA1

ccf6c62097548b56e80632600aab8e592cdf9557
SHA256

29b1d36a98b9d27c5e2efc1e6258cb79080768235bc56ffee0f72076fcf99cdf
SHA512

6152f1d398725d67fb06770177f68f06f3686910ec8da05130e084bad187be3793dcdeedacb99a27c7d420b481311607246981223e01665418df5a2504ca1c59
SSDEEP

12288:HsM+aTA3c+FK1vrlVYBVignBtZnfVq4cz1i5pP9kPQy:MV4W8hqBYgnBLfVqx1Wjkf

Score

7^/10

discovery

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2776	cmd.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ee8f27dfd22e8058d6944a40893e0892_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	PING.EXE

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 2 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
2776	cmd.exe
2484	PING.EXE

Modifies Internet Explorer settings 1 TTPs 44 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\SearchScopes	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\DOMStorage\searchffr.com	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\SearchScopes\{CDA0A938-7B82-4089-B8FD-3BC5F80D1E04}\DisplayName = "Search"	ee8f27dfd22e8058d6944a40893e0892_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\LowRegistry	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "433033661"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\SearchScopes\{CDA0A938-7B82-4089-B8FD-3BC5F80D1E04}\SuggestionsURL = "https://ie.search.yahoo.com/os?appid=ie8&command={searchTerms}"	ee8f27dfd22e8058d6944a40893e0892_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\PageSetup	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Zoom	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{C96E4331-77A0-11EF-873B-E28DDE128E91} = "0"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\DOMStorage\searchffr.com\NumberOfSubdomains = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e337bacba951544a9a832c52e69bfb00000000000200000000001066000000010000200000005f4d0034c18f4ee530b06d73e10688090f1bc4abdc7884c00f06de39dfd68b2b000000000e8000000002000020000000eccd63fdcfd9e0f28d6ed3141feb88eb1458be0f769896ed137f7f5489c7c966200000000c4cb2284595679f666ec71f5c048da9195e160cb681ef30748469e6983964fa40000000161f0711fd8b6bc792817ad396740569fb0512718fe5e9ecae4ad69d1b86f60169e7a2d4b3e50c173377e161768fcaa0d20f776f489f218e9f2a0a71e738e943	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e337bacba951544a9a832c52e69bfb0000000000020000000000106600000001000020000000420f86f85140b844253cfd5a154806f625eda3d402a522791e1f7c3026984aab000000000e80000000020000200000006323606598546d29ee45f70b396927f4183458004e2673f661ad771e51ffaf9b90000000f71748efb00f486be2ed687c0dc30f8f6006102695db984b6bee415f409cfcf4a587d1235a96eb4b5819225672210b284a8faeef6eeef3581cacc5b638afdcae237973330c4308a07ce0fb1f67cb02963437115b7f814db2d34cab3b570e60ea43f023f66c73e233ebafbd39236c1e16c4990eb7e72f5ff1a4602a589385c44d61cd72d1100c2ef8457a90e7825032c0400000009326d7edb453915645247ce2232483c60cc3a5bf512c0e21750530ab836c39c8973cc986bf92f8017c6947492e84e1f4daee95d8387906231257859e8bd68a87	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\SearchScopes\{CDA0A938-7B82-4089-B8FD-3BC5F80D1E04}	ee8f27dfd22e8058d6944a40893e0892_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\InternetRegistry	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 005fde9fad0bdb01	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\DOMStorage	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\SearchScopes\{CDA0A938-7B82-4089-B8FD-3BC5F80D1E04}\URL = "http://search.searchffr.com/s?source=bing-bb8&uid=25273193-443d-447b-9a9f-5d1962d70765&uc=20180109&ap=appfocus63&i_id=recipes__1.30&query={searchTerms}"	ee8f27dfd22e8058d6944a40893e0892_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Toolbar	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\	ee8f27dfd22e8058d6944a40893e0892_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\IntelliForms	IEXPLORE.EXE

Modifies Internet Explorer start page 1 TTPs 1 IoCs

stealer

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\Start Page = "http://search.searchffr.com/?source=bing-bb8&uid=25273193-443d-447b-9a9f-5d1962d70765&uc=20180109&ap=appfocus63&i_id=recipes__1.30"	ee8f27dfd22e8058d6944a40893e0892_JaffaCakes118.exe

Runs ping.exe 1 TTPs 1 IoCs

Remote System Discovery

T1018

pid	Process
2484	PING.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2784	IEXPLORE.EXE

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2784	IEXPLORE.EXE
2784	IEXPLORE.EXE
2836	IEXPLORE.EXE
2836	IEXPLORE.EXE
2836	IEXPLORE.EXE
2836	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 16 IoCs

description	pid	Process	procid_target
PID 2300 wrote to memory of 2784	2300	ee8f27dfd22e8058d6944a40893e0892_JaffaCakes118.exe	29
PID 2300 wrote to memory of 2784	2300	ee8f27dfd22e8058d6944a40893e0892_JaffaCakes118.exe	29
PID 2300 wrote to memory of 2784	2300	ee8f27dfd22e8058d6944a40893e0892_JaffaCakes118.exe	29
PID 2300 wrote to memory of 2784	2300	ee8f27dfd22e8058d6944a40893e0892_JaffaCakes118.exe	29
PID 2784 wrote to memory of 2836	2784	IEXPLORE.EXE	30
PID 2784 wrote to memory of 2836	2784	IEXPLORE.EXE	30
PID 2784 wrote to memory of 2836	2784	IEXPLORE.EXE	30
PID 2784 wrote to memory of 2836	2784	IEXPLORE.EXE	30
PID 2300 wrote to memory of 2776	2300	ee8f27dfd22e8058d6944a40893e0892_JaffaCakes118.exe	32
PID 2300 wrote to memory of 2776	2300	ee8f27dfd22e8058d6944a40893e0892_JaffaCakes118.exe	32
PID 2300 wrote to memory of 2776	2300	ee8f27dfd22e8058d6944a40893e0892_JaffaCakes118.exe	32
PID 2300 wrote to memory of 2776	2300	ee8f27dfd22e8058d6944a40893e0892_JaffaCakes118.exe	32
PID 2776 wrote to memory of 2484	2776	cmd.exe	34
PID 2776 wrote to memory of 2484	2776	cmd.exe	34
PID 2776 wrote to memory of 2484	2776	cmd.exe	34
PID 2776 wrote to memory of 2484	2776	cmd.exe	34

C:\Users\Admin\AppData\Local\Temp\ee8f27dfd22e8058d6944a40893e0892_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\ee8f27dfd22e8058d6944a40893e0892_JaffaCakes118.exe"
1⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Modifies Internet Explorer start page
- Suspicious use of WriteProcessMemory
PID:2300
- C:\Program Files\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://search.searchffr.com/?source=bing-bb8&uid=25273193-443d-447b-9a9f-5d1962d70765&uc=20180109&ap=appfocus63&i_id=recipes__1.30
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2784
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2784 CREDAT:275457 /prefetch:2
    3⤵
    - System Location Discovery: System Language Discovery
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:2836
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\system32\cmd.exe" /c FOR /L %V IN (1,1,10) DO del /F "C:\Users\Admin\AppData\Local\Temp\ee8f27dfd22e8058d6944a40893e0892_JaffaCakes118.exe" >> NUL & PING 1.1.1.1 -n 1 -w 1000 > NUL & IF NOT EXIST "C:\Users\Admin\AppData\Local\Temp\ee8f27dfd22e8058d6944a40893e0892_JaffaCakes118.exe" EXIT
  2⤵
  - Deletes itself
  - System Location Discovery: System Language Discovery
  - System Network Configuration Discovery: Internet Connection Discovery
  - Suspicious use of WriteProcessMemory
  PID:2776
- - C:\Windows\SysWOW64\PING.EXE
    PING 1.1.1.1 -n 1 -w 1000
    3⤵
    - System Location Discovery: System Language Discovery
    - System Network Configuration Discovery: Internet Connection Discovery
    - Runs ping.exe
    PID:2484

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

Remote System Discovery

T1018

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

Filesize
1KB

MD5
55540a230bdab55187a841cfe1aa1545

SHA1
363e4734f757bdeb89868efe94907774a327695e

SHA256
d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

SHA512
c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62

Filesize
2KB

MD5
a3d16503f25566a1cffd8c9ee09ac5ed

SHA1
ac4294ab4d0f69e78dfddba0a4146e7b2db0b81e

SHA256
9b1bb6add0508234cbe295f5d45ec4a23122ee12bee6f26a6eae5309c61feefa

SHA512
2aa7badbcadb696ee6be8bda6627d3a7a4d9713451f6c9409d2b58731c1e422016007bd208e5669c18c10fac182fad7e4d0b71507e0b7f825f268606f5135290

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

Filesize
230B

MD5
3f1c465ca47bd987219e9c5b3eaf4f35

SHA1
b981e141bc0bf1ab1872ebfac33134618ba4749e

SHA256
d34ecd5f06b433c21dbb91e85e6f21ae0633930a2ab3d818e9eaae366914a533

SHA512
e27116fb50df08d305ba7e0e1ca0d974b4655735b76dd29764e0a56dcf8652b263b9137010caf0abb8aef0e6fef05dc55fe6a39f09157016f3fe019e70973a00

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
5eb2c5851730c7cb9bd3b6536b14f14b

SHA1
b1176c1ee0ab453923853b1aafb1d86c3d47c660

SHA256
51e9f4d1f16b06192c421708e2aafc472b68edfb8714c2b4e274400901e1486b

SHA512
5fcb88482c4fb46ebf993334660d19f813cd96d64038393d97072f92e0dd630693340d37a5f021ccfd91dc6149503984ac6cf5114e28d15c977dbfe767ce28d8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
105542a20852cac0282e264753c7387e

SHA1
d69f819496ec160f8e19cf06ee9774d8f77995be

SHA256
9fdaf2a7a00d384b86f4cee996e299437fb0e9e2492ff988627c631ea79207b0

SHA512
9265d76dd3e40d85f0a17032155c880a2872c3f63b7ad16154a9ad4dd18a9ba4c6a362ff7f4ebdfe7d54f725365d001be322915418d9b5afd933592dc0381a13

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
eb27ab1d57c31b07d275b76d80c36a23

SHA1
e74ae6cefc15ff3196e59334dc08d3ead1ef2a2f

SHA256
1ba292b3d219943965908475b4f0db3806933f46a81995fef9573fa1e0dca91c

SHA512
2e78a3c507973eb12953701ecf0e68a1775a0cba0d7d51d2ff94cec58bf6c4d63a72406c9e0534f8b798c848e5d51eb0b1dd17ffef77047eb82f3b5004df9eb3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
87479ef5b221405f7a3b815dad18bd29

SHA1
8d9f34e5f11216547dc0ed042b3669a4141f5c44

SHA256
80c57abca7f8c2346360c4e9847f4d7b4b3b4ba6aef9624750ed284af4fcd212

SHA512
e46823a2a6b8a3bc1573aeeb6f10b9ea0efd93e1c83265f2aed06b1d2f46d349af568ab49a729409250831dcc737de6dee25a9a9dd98ef82294963c966156e84

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d5097a2a04d5359c7df4b86e0501c93e

SHA1
dcf50544aa18a6bd38750d64d89ae3cfe1b99ca5

SHA256
b0d5a152374fea080c7b5b70dfb8a67297c06fccfae3b8fcaed5e50b151a35ff

SHA512
cab2474acdfc2b98d28e6787021883f54152df03847f9dec98836158257a5500f0b812b31cf9d9c11b354547e4abbd9ecb2c5d5938bbee8b5a8d5141268209b2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
75820d8849ffbf39ed42c59160a2ec2d

SHA1
7836618eeec5c946b7615cf4373f567b814fccf2

SHA256
18bba02bffb9d9e9711fdc11f3891562f13e272b909098716326629b7d63122c

SHA512
73e96b93233f3e968631a155a98237f363a28ac261dbbc2cfd0488680728266931b0e7e62466ed8431d16909d000ec55022ea2d0103ac138e01efa559f4262f9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6ff7740f5959a9611c6ab8abb6877bad

SHA1
029d4edc2f4c19b6f0f8015f173454f94b85c092

SHA256
417f6005fcb97a7962f881130a9cb01eaac66cc04c6e1956f4e3e41a0b8c1788

SHA512
ad4655b5b1c1b1d672e77ca7ee7b351c4b4da8fed2cb162a632ce49af8c86aa41e9798c50bf813badecc6fbae5240445020ad1a095554b3b7e2c2700fca1226c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
35ae210a836e028120b1bff8acfde2ac

SHA1
cdc4ed9b06436fcd6d4af0b6d4b0904df7e0b135

SHA256
801da3ff5542c2db70638b225bc616f8fc501fa000cde10252635fa8f7bcd43f

SHA512
af4974eaed5c1845e2e20793d71013e310acb05184f0a0fead3a6a76538540059a700901e56c807cb34015d123449f7613d25ec646f59c715049b2880e67ee24

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4dc535a88611495d3891710e8d945cc6

SHA1
83fab966d005b4bc19084775cbf9c28e19c2f28f

SHA256
49c0b1128613782a5e760fdaf70a9f20abcedc2a0f976f293910bcc8fa34140b

SHA512
a3551a5416fbb2f47859db1f9e7d3a83bb44ca22996090ff92735e39afd6a0508145de73c4b75693a8512c3f7cff7e344b292e83492a98ff96f2f59013d31bcc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7f52d9090e4a813a00f79f5853f1e2fb

SHA1
86dfae41d2c68b65c490efab09d820e76c10ab54

SHA256
602633f743479187cd7d5fdee277c9c2a3737a566781d22bac22061c178e0a09

SHA512
c2cfff0975e604c8cf2d7e19851736d047fbddb2ffda40407f3aa23d2ef7e6abbe9fabf1d128addffa52543d633c242c3e83c92e28e528f2de5d20e9dfb085be

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5e2e2f76c4978caa30172c834acf7bfc

SHA1
1e40345e13c01effefbc7a4b3c231083429be9d5

SHA256
433395684b91b6315c7b2f442ec447191faf2c3772c72ecc55c73c5ced388785

SHA512
3348b214cbea2f8371a040ed8553ab5cb52a98a43c1b996de2c6321763bfa62f83333393f818b6f11e87df07d0b41c0dcef23b2c0676871b02631f57c59de3cb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ecb4062ff61ca5e6274de28fa664b5e7

SHA1
2102bdeebd7f17522805149c63e5fc502bcc66b3

SHA256
564c40f9b6e95dcccf7ac8617b5437f1dc6bb03b6b03043985f1a8e66def465c

SHA512
ed1a5ca2cdb3d8184f74726e96d3429e1825e8c41361088c1e4eba7e9774948233c5f05079eb1618ccc32ca097e54a9bec454a62753ce344037ec772fda44f72

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
deb60cc941c49680013acfea54f7a29b

SHA1
eb9e3a40bf53795a3c63144c18b89e3d2761e38e

SHA256
16df3147a6f75e701c892e4d3e42baf23b1e73b5d63ad942e959db7218850df2

SHA512
bf91d7aca224475b2ed2ae90398fda04d53dc38fecdb6f3d0db4a4230f69dd14cfddf0b8e51016db27db2836c60fae8ff3e251eff82747a898a6264f72064404

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bc880df57c4c556a4d9517150e621950

SHA1
f8d4eed40b6182cc36e41a79735bd7964205ada8

SHA256
ee61fec8e08e62e8e1b7f9c94042678f47165567f12f11b03d5468afbb5e4777

SHA512
cf71aad7768e0bcdd23199d050fc3204ff1dc5bf17ba73faf82ad7a7cef0d58979f0f6c808e88e63a31a6b1396ae44b2012e85bcb070e7fff36e5ef98b0bc708

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9cd058cdca54bbb20fb562ab376da34d

SHA1
1af96f10b58f6a49c2ffb35b2932e562a43c5b50

SHA256
e0d9bb3eb6b36034dd8ca67f929d665eff7839e9deb3775c3416e8c544743735

SHA512
31a6b1189122be7a3e2a13e9a852578718688503ed84812a9be261926698fbdcd538c55ae92c73131b26982e1698b91807f449047c02e72d33adc7c2472c9279

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8d4fae30397c997399133917c3626204

SHA1
677d4779ca86bf558bd9e20e26395388f639ff98

SHA256
ba2aea25be1ac6eaf3066a79856c7c8e3687e39e6758acc10449c715a417954b

SHA512
87e974fc2fca377ed12a152f665084679e859d2b897056b31f0c1429f42f3e035902fe91ef0d09f50568a5b757aa4492b6923340543d986eb00eb931b5f45570

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
19710df01e1f7d5b3f84e600954f4e66

SHA1
6d349b5833b97b59d568aa317736bf0dcccc9266

SHA256
87e9279ab691ac185c335b653914b14958536a2b5fa931fbf910b0ab40ead83f

SHA512
7f83edb5a6cd316e0b84dbb60a236ea0ecbcebc1ac34b5c0bdb63aedeadc335339faf5fca402a08930f50e89b367cd5b91ed6f41c8172608b49776888e711627

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
04d1ab4ce9de878bb92b63815f28fd97

SHA1
509d2705a21b975fc94fa32b0664190231c5cd55

SHA256
af61d0091d2f98d62c4aa68c98dab991371601718147d080acc324f09f807d7e

SHA512
630eae2c320f7048dfc6bd7908d5d649487765a9838062f520ea81fa4058503a607b12645702534c4a82b68ca8a25c7cda30556f39738ae1b7815c899bd036a9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9baced02901fafd459863c95e8258b5e

SHA1
e08b0ef13bfeaf5126f50259ec2521ce21f1eb2c

SHA256
f74f53afa8c2ee3591458c40c73c2bbb8fe6891c338619b29fa4d5c4d97cd277

SHA512
dca068a7381179597dd39ad10413e3f8ff6bcd2f14fe4b380e35b8d8e5995cc2de933945a72c9b30cf441fe4b5f3213433b863c6b215e0fa5502dbfb4992fa5b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
30d9d464c882e84ba9f61147324607ac

SHA1
c4970f6d97d54ab4b0cdb05d305ee63789a42d81

SHA256
a16ac3138ba11510006fb4c8be62215862aa6400b6f4750298eac11474416deb

SHA512
0686f5d5c655a4b19982a3bb69de9c9417a7af0a23651f5a11dff763b77668ef7084160ba100f9afd6bccbba0a3ebe58d276f174324ea881689922bd9b74c759

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ec238094f685464274fad59d9023a56f

SHA1
d0e9493158f4f0e815f688a69baca52668a5d77f

SHA256
8ade86e1b7104c7feb9379da92637635f966c95152c52cab293f4d317c95e24a

SHA512
5b508db43205034d5398690b7f80cf199e6433ea89596696a04d07a5b26f3e86fc9a699b15d751c9e2b33ca8357051360758c5f84d322558d2dd5117e41ba0ea

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3acebc4b1acd0c4a1e88bf7029661c02

SHA1
561422e2d692c819c28b06039f2e4f1946128851

SHA256
ba30b85b44a875f610ed9f8d5d4f7b164b2af3dfbcde2356bc1333616cb3c0dd

SHA512
7a141810d268f2779891ecb641cbb5f0510e082b804ffff5c45fd0c5c117f7afe75996aa7cca5e241ab56d5faad1fc54a8bc747b3820617f8e3fef0d7969bfce

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
03240366739f0f1c142d864d6554361c

SHA1
3b0c03dbffcf9b626ca16225bc0f9aac33a04ca4

SHA256
82ff9542c603a13eef19a3ddf8bc6238534d1f03f2962d7b99d598b3e5906ad8

SHA512
dc1ccd330c0c8da11d7429b5641551e1b777df6315e34e7f04deedba6e09f40c0be672b2e2203f639eb2a83615b243954f313f18bebb44c5ab2b423de8ebb66f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
31e76d3d5a255f312a6a62b1e6c54d77

SHA1
3a7827c7d417b098af4effb742162ea152521bb8

SHA256
2c7544b01410c2596eacf46d282f230faa899b414f320e66c59d0f538fd248e9

SHA512
8230463e315ad542ffebcc34f8426660294514b015c8f0c8c42c9d0baf30102ae51de4dc0674ffd1a4b4f6cb1a201ce6718032ac037f8e9569c445e782d88062

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7468b5373b801c1e5831e592307ce642

SHA1
9c33bba4fa8bc52bbd889561f7601388eb035706

SHA256
b52fa372e53f586983844b16bfc3603dee6eec54b8f7717b183150b9c9e73b88

SHA512
10192c4ea39cea94245f07b8ea0d0404ab3755c81f64e3dd2924abc900c82d1e200f93163789e7aa826d3843fd72a2aa56adbc60e5893d07920de79441268984

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e680f6eec56bc1b97c221147629a1a23

SHA1
29212b7e474ee642d374a2a6655603f4f91c475f

SHA256
ae47db9beb11a2dc284ee4add097e1d6f8d65442e915b59e7020f0c597461b8e

SHA512
00d7f19816a2466d60fc59f6c59c75de2df4dc2c4b13b3903711c87d63f6f58dd39b2da571b8319378fecb879767ecf8c89cac3c9b4d3cac29625a67b5bc79f4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
880886a9515cd445926a72f48b6c9402

SHA1
3016a6e0bf49bae37e04f0354ced85e2d091951a

SHA256
cb4c6ea925da8efbb85f8d53f67a0e8a948fac515a3b969246a19eb46751d6ef

SHA512
c332c0cc3b0b9a31113de49a78796bebfacbaf86b4fd30ac9115c6954e8dd07d886baa207c95f068945720e13591c6f710897ac2feeb919210d533e300bd2cae

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e089c0fca744fa858fdfd801307232d7

SHA1
29f63d831e9adc4567b12bb8cc48aca834874326

SHA256
7fc9e8c7ab5a1d1eb8e3ed7b45ddf8ccd44c0d9e01bef277bed8c805e529f1a5

SHA512
61dcc6ecc4552ee050b78b2b9dabac69350da5637bbea97f5ceaf6ca89d149668c6f6e36e14632271addb44ad159307598692a43e9c7daad628a4a1908fc4f85

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e97e04c94b1a75653fa563482aa044cc

SHA1
8601ca127eec3305bbd438053f9d35c06081386f

SHA256
1e11041dcd8641015a9246a794149a9ee414fa25d12bd89c5a303f805d2e09f8

SHA512
8193b04d12f891723037840c78a1d90eebafac5f77da94dad7c4e21e50b1671f3f646714d957ea69a4c3896dfca9e918085a73bb178ac34f76ea7cbb78338a55

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
21486ed912f61a24394556ab94d2101c

SHA1
b068b60e1a6261584eeaba4d3f50ceb8f76e2bcf

SHA256
05db1da0bd8650c47a2305946c276dab9999830ea87c3fbacd30392e3b7555f2

SHA512
26386fbf191d857de8497987c12ab19739bbb248fd85e2466e603c9d29df45df1bb5f85fde3ac9f1ba2d463476b45b30d2b2389f76d2e774528e529ab8d59f44

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b389258156aac192df4149a200dbc856

SHA1
4a6bf96e99c848a4fe7b112a00f4583e4e6cb85a

SHA256
31163aea5f04fac3eb5eb46dae7b0a17b614e36c3e183710585ae1adb613c033

SHA512
ea3cfa87fc564774c1a1ab9d3f66dcbedeb0e2dc12e92ba3a0df91cb6051cac1a3c7add84834e7f755f29c652f3aa909b5ecdc862a495dffd50996c5ccf9e036

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
93642aae32be8ee90733edccbbf6642b

SHA1
5bfc3402dfbc8704a9ef44df7fe107dcf7c2663c

SHA256
cde92616c1282ed4c6ee241118c5b356a8d002049b679f0317519ca646cfb246

SHA512
f1b180e7b0a7deed69198a9b2a5c91a4924d8744d8d24edc9f53ec74b3862a780fe82cabf31aea69f95cd14f5bf200094ce10335e32e8e7bce460c70f2a46501

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
4b8756d9b183d2b0b10a0598403167b0

SHA1
da319cb0572d9a6d6e3402c3d6cdca2224719983

SHA256
59abd4c8bbd29952627afda7802af857d1a645f68fac400ec74e9e71859c2aa2

SHA512
a25f17beb7235089fb3eface31fe12b2425cfb9af9fc9923301eb87fd73ffa66c72d074143449f6db9f41eb013d71eb578484d320421f5109a400e7444873f69

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\ivwlua0\imagestore.dat

Filesize
110KB

MD5
260dbb6e85134032c9e01a7e69dd3d47

SHA1
92819450e26cd35894dd8fb5fe8199ea647dc90b

SHA256
23f48aa4ba756869f5f0a58ef99e5a503af65d8cc4d1834f6e52da9e0bb37d1a

SHA512
67c2d89143c0f4729da45a45073accae57da2cb9bb1b72d959daac0f318b4ee7e686b1c04ae7c1ed381e8541ac596597c64366cbb8466d96f85f1a06a46dc1c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0E1IWGZ4\favicon[1].ico

Filesize
109KB

MD5
504432c83a7a355782213f5aa620b13f

SHA1
faba34469d9f116310c066caf098ecf9441147f1

SHA256
df4276e18285a076a1a8060047fbb08e1066db2b9180863ec14a055a0c8e33f1

SHA512
314bb976aea202324fcb2769fdd12711501423170d4c19cd9e45a1d12ccb20e5d288bb19e2d9e8fd876916e799839d0bd51df9955d40a0ca07a2b47c2dbefa9c

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabA833.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarA894.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\86U097DH.txt

Filesize
107B

MD5
71b871702092868017c4b09a6756491b

SHA1
bf2ce32931d9f9ffea2f03299c314cb75bbd368c

SHA256
85860cc96152fb01739c1837ae06e15af4de65345d14da3e675e60a461cce4e2

SHA512
2e7943e29e5b51c5e3ce9f102171f921ebf7cc1269cb623f1e19d57111c3091c976256cc168931ce58249443606863ebd9b5a8f48f710c16ccde9ad62a3be319

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads