82ea7cf27d035ca8a72bcb63b6890862713cd0103fae49ea6970a9671b2480b9

Analysis

max time kernel
85s
max time network
141s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
21/09/2024, 22:38

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

f0c02fc1904027b46dfbc135c4444745_JaffaCakes118.exe
Size

690KB
MD5

f0c02fc1904027b46dfbc135c4444745
SHA1

a0d2a0facc8d1308dbbfac5382331d9b3ec89d2a
SHA256

82ea7cf27d035ca8a72bcb63b6890862713cd0103fae49ea6970a9671b2480b9
SHA512

5bf2e954b64ddf73881b2371f534202d91425580a46292a338903b9c498c883a005e807b9d423ec80eeeff587ef277599b08c35f1719e686371a481e81fa41d3
SSDEEP

12288:sc0uk3fffvUTFTvpR3arb2r0JMD/ZqyE47ogJEogEf0pfqU3hQcM:li3fnvqRvpk+r2MUQoIvf0pyU+

Score

6^/10

discovery persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Windows\CurrentVersion\Run\ctfmon = "C:\\Windows\\TEMP\\services.exe"	reg.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Windows\CurrentVersion\Run\msmmsgr = "C:\\Windows\\TEMP\\x\\services.exe"	reg.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 584 set thread context of 320	584	f0c02fc1904027b46dfbc135c4444745_JaffaCakes118.exe	32

System Location Discovery: System Language Discovery 1 TTPs 7 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f0c02fc1904027b46dfbc135c4444745_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	reg.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	reg.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f0c02fc1904027b46dfbc135c4444745_JaffaCakes118.exe

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{33B56881-786A-11EF-80EF-5A85C185DB3E} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007b88b8645d6de74ab21efaf0de98379b00000000020000000000106600000001000020000000236f9b092877f11fdc1b3c316fd8b2c073a432715b549a1cad84fd2e2ff98f99000000000e8000000002000020000000982473c1d55af49e85ce20c0ab88c3c8d3bbc288e6199b329403273df0943c6320000000d2aee756c442d8ad992f480cc0597a5c2f2b2b42efe58c534037ab3d84ea2a6640000000d2e5993eb7b14944b29634e7e85c6192f2a46fe399b9508fc8edc6b986ab375be9887d83cef839234837ace499435572ef04a0df626132cc7c7fd584fcb39642	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "433120169"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 503f690b770cdb01	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007b88b8645d6de74ab21efaf0de98379b000000000200000000001066000000010000200000001833945f359edc2cc4694c0132861ee40c96c395472bef70211e433e37aa609d000000000e8000000002000020000000e1022097dd25437efc34162bc62b92e6f5bb149bf52435582a9338f0240eb66f90000000ba9b462627b0e3443c018b653259a50e0aba863b6ad1b49a94ad47c7f73ed7499f2eafb8dd9c4d77b9b9da06fc2dc05b612881b675323b4fd44a4d831202aaced3b0099a47b8aae1b0a372b6c05edcfc84539aa5bdb669d5625c5bf882935988762824430b46e743bad312cbf5145db9b783b96cf7f0f545fc51e7f403423f473bf703ea025c94583e87c3db6660a16d400000000784b22a248402e513c1315de137a3315ee937867fb5994d932d4698b39012a5929f6e4444f19eed7b05cf9912c390ebba372de00061bbdf5724bff7fc36d461	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe

Modifies registry key 1 TTPs 2 IoCs

Modify Registry

T1112

pid	Process
2904	reg.exe
2912	reg.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2960	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2960	iexplore.exe
2960	iexplore.exe
2996	IEXPLORE.EXE
2996	IEXPLORE.EXE
2996	IEXPLORE.EXE
2996	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 32 IoCs

description	pid	Process	procid_target
PID 584 wrote to memory of 2188	584	f0c02fc1904027b46dfbc135c4444745_JaffaCakes118.exe	30
PID 584 wrote to memory of 2188	584	f0c02fc1904027b46dfbc135c4444745_JaffaCakes118.exe	30
PID 584 wrote to memory of 2188	584	f0c02fc1904027b46dfbc135c4444745_JaffaCakes118.exe	30
PID 584 wrote to memory of 2188	584	f0c02fc1904027b46dfbc135c4444745_JaffaCakes118.exe	30
PID 584 wrote to memory of 2112	584	f0c02fc1904027b46dfbc135c4444745_JaffaCakes118.exe	31
PID 584 wrote to memory of 2112	584	f0c02fc1904027b46dfbc135c4444745_JaffaCakes118.exe	31
PID 584 wrote to memory of 2112	584	f0c02fc1904027b46dfbc135c4444745_JaffaCakes118.exe	31
PID 584 wrote to memory of 2112	584	f0c02fc1904027b46dfbc135c4444745_JaffaCakes118.exe	31
PID 584 wrote to memory of 320	584	f0c02fc1904027b46dfbc135c4444745_JaffaCakes118.exe	32
PID 584 wrote to memory of 320	584	f0c02fc1904027b46dfbc135c4444745_JaffaCakes118.exe	32
PID 584 wrote to memory of 320	584	f0c02fc1904027b46dfbc135c4444745_JaffaCakes118.exe	32
PID 584 wrote to memory of 320	584	f0c02fc1904027b46dfbc135c4444745_JaffaCakes118.exe	32
PID 584 wrote to memory of 320	584	f0c02fc1904027b46dfbc135c4444745_JaffaCakes118.exe	32
PID 584 wrote to memory of 320	584	f0c02fc1904027b46dfbc135c4444745_JaffaCakes118.exe	32
PID 584 wrote to memory of 320	584	f0c02fc1904027b46dfbc135c4444745_JaffaCakes118.exe	32
PID 584 wrote to memory of 320	584	f0c02fc1904027b46dfbc135c4444745_JaffaCakes118.exe	32
PID 2188 wrote to memory of 2904	2188	cmd.exe	36
PID 2188 wrote to memory of 2904	2188	cmd.exe	36
PID 2188 wrote to memory of 2904	2188	cmd.exe	36
PID 2188 wrote to memory of 2904	2188	cmd.exe	36
PID 2112 wrote to memory of 2912	2112	cmd.exe	35
PID 2112 wrote to memory of 2912	2112	cmd.exe	35
PID 2112 wrote to memory of 2912	2112	cmd.exe	35
PID 2112 wrote to memory of 2912	2112	cmd.exe	35
PID 320 wrote to memory of 2960	320	f0c02fc1904027b46dfbc135c4444745_JaffaCakes118.exe	37
PID 320 wrote to memory of 2960	320	f0c02fc1904027b46dfbc135c4444745_JaffaCakes118.exe	37
PID 320 wrote to memory of 2960	320	f0c02fc1904027b46dfbc135c4444745_JaffaCakes118.exe	37
PID 320 wrote to memory of 2960	320	f0c02fc1904027b46dfbc135c4444745_JaffaCakes118.exe	37
PID 2960 wrote to memory of 2996	2960	iexplore.exe	38
PID 2960 wrote to memory of 2996	2960	iexplore.exe	38
PID 2960 wrote to memory of 2996	2960	iexplore.exe	38
PID 2960 wrote to memory of 2996	2960	iexplore.exe	38

C:\Users\Admin\AppData\Local\Temp\f0c02fc1904027b46dfbc135c4444745_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\f0c02fc1904027b46dfbc135c4444745_JaffaCakes118.exe"
1⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:584
- C:\Windows\SysWOW64\cmd.exe
  cmd /c REG ADD HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v msmmsgr /t REG_SZ /d "C:\Windows\TEMP\x\services.exe" /f
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:2188
- - C:\Windows\SysWOW64\reg.exe
    REG ADD HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v msmmsgr /t REG_SZ /d "C:\Windows\TEMP\x\services.exe" /f
    3⤵
    - Adds Run key to start application
    - System Location Discovery: System Language Discovery
    - Modifies registry key
    PID:2904
- C:\Windows\SysWOW64\cmd.exe
  cmd /c REG ADD HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v ctfmon /t REG_SZ /d "C:\Windows\TEMP\services.exe" /f
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:2112
- - C:\Windows\SysWOW64\reg.exe
    REG ADD HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v ctfmon /t REG_SZ /d "C:\Windows\TEMP\services.exe" /f
    3⤵
    - Adds Run key to start application
    - System Location Discovery: System Language Discovery
    - Modifies registry key
    PID:2912
- C:\Users\Admin\AppData\Local\Temp\f0c02fc1904027b46dfbc135c4444745_JaffaCakes118.exe
  C:\Users\Admin\AppData\Local\Temp\f0c02fc1904027b46dfbc135c4444745_JaffaCakes118.exe
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:320
- - C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=f0c02fc1904027b46dfbc135c4444745_JaffaCakes118.exe&platform=0009&osver=5&isServer=0&shimver=4.0.30319.0
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2960
  - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2960 CREDAT:275457 /prefetch:2
      4⤵
      System Location Discovery: System Language Discovery
      Modifies Internet Explorer settings
      Suspicious use of SetWindowsHookEx
      PID:2996

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6B2043001D270792DFFD725518EAFE2C

Filesize
579B

MD5
f55da450a5fb287e1e0f0dcc965756ca

SHA1
7e04de896a3e666d00e687d33ffad93be83d349e

SHA256
31ad6648f8104138c738f39ea4320133393e3a18cc02296ef97c2ac9ef6731d0

SHA512
19bd9a319dfdaad7c13a6b085e51c67c0f9cb1eb4babc4c2b5cdf921c13002ca324e62dfa05f344e340d0d100aa4d6fac0683552162ccc7c0321a8d146da0630

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6B2043001D270792DFFD725518EAFE2C

Filesize
252B

MD5
d7a62d3164bc6ff3a28bf2843ae48234

SHA1
2dd726752d0f55983a592bf930ac0f63925c8583

SHA256
d96fe9033e7773c94eca3a1d0d514ee489775b8cafe168bdb21587efa40ea60e

SHA512
d247cb4671c0b59ae476911bc129b666c5effa8e3db14b55876dc79b5a8d51583f72da2c67e0f19f5af9ac983fae4583137eb8b354ba44a608b5fa8eb768cd1c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c4156112159828e1f0e56d993da8e5f9

SHA1
b237853f37aa41e7c49ed02e4dde1d0832b886ad

SHA256
e1de314de1ae31f1864ff9429dc97aef5c582a3840456ec899f782757fa91c48

SHA512
07f1126d2e7f94d2e58d5c37e1def08e856ae91b622114c7a3d2d472e0bea675438f80a6ef06fd760d08e044029f37865c3831cdb3c7a852efef6ff5bfbd6653

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e311de5c93d105561162a42af9001d15

SHA1
986729dfe207b67f341fe2c6c7d9e7c31f1d43ad

SHA256
c3126aa646f581d848698a8cc28e5835100f15f275deadc52c276873c5a497e9

SHA512
58332f5de884128041546e8e531d702199c1b5366e7e9b6842e2cf01671b198bc3939d7ff52e880e020abdb53d42eba2af7977b5c75d6890e573638da0ef10a4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d88257fecd6533349d4558514c3dd3bb

SHA1
60643c0b3bb8a256f5cf994f40ebfe25b1520fe1

SHA256
7b1dab11204e2cf862985535ce791bc38b06ed0a0984753118149e4c18adf812

SHA512
92cf559af5bc6fe0be63485a61720a517dbd28daba90500840af00337d4c8725b2c325700638ce8820a02924f29adf36f2c857d81ddbab6162e6a35f16a782cf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
10db4b270ce50bd3ccfbf933cdbed165

SHA1
0e11fa6bce4e5fa17a630d36a5fe4718cd4a3ca7

SHA256
11c85106f152a75e21bbcc1a4040972fe8129e837ee19f0d3bde950f293a795b

SHA512
c2f1b4b3bc8741e9a0f6b8cdcb275ee4325d4b7644cb9a05b5a446f2078eecbd380ad00a5e37314b34e97173a7985a6bfbab44d919b6c28663f876a7c3d78079

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
10287e9471d24ec03be37d3d385b41d4

SHA1
05407a94cde0219c30b3cc1b8d90a8f12b8eb9ec

SHA256
da946ecfb85153ab90106cea6b291864e920a55946d3e38fecacf38e5648f137

SHA512
28ec904a16b61bbff80ff07770c8f467480058fc154c3ab3108cb8daf450a889510e78eaf5e69376f139f0f04980d37b5bd0a08bce25e1749059b67e96fbc07f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
07cd65e4a2bc887438e8a9658f6d8f62

SHA1
b3fe1ff46d5a6b7895d9192ceafe4c58c9cd3687

SHA256
90591b78c7de3b6f368400adcbd3dbb14675578346a72497a499d86daafc71ce

SHA512
f13d46c3b3ae9d4cd4204f9f3c7805f877d2dbbb4fc1b58b7d635da5e48eb03ee58fcaf922408ed9ac6a85c43148c37ab8a6f8abd1c5d2e5e65ab1098e7fffbc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c8a0150f760bf51e7b344f735d4e6b0f

SHA1
712216564c44569e6b33cbe4994d0b7e5d6b3748

SHA256
8c7150c5d1f8a812fa9fe12c7f35b0efbffb3ad1133d70499274dee479577a8e

SHA512
8e3f62137b31ac0d0d6fd842701961ceaeedf2ae561c200fb57b5fca3f4dfc2f46909b5a8be4e6df08dc5c6337559dc83f818922e7b6c980db2ce89d1be5b30b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
40a4b5979a834af9ed3307a8a6622d95

SHA1
9e4e760270f63d97194e519730a179b48d03734d

SHA256
78c327d8bb37dc0aca50f7f98e33f9403a85d3fba2c314613851ca336b5e732d

SHA512
8092fb5fd72366245b3311334c0da5407cf443ed7f900d0aea46d88294a810c7a67298b7a8e2392773a34b2aab54a98fda8679f7d421bb80ba9db44ac284d0be

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3de13cad29ee755e51d5f0b387a9790e

SHA1
e9bde34f1d03797ab7a9ae5bb60827a904e68fca

SHA256
5fe72423698a72af0d7b98fb22f6fd4fd38530080b32b48253518823a6d8d868

SHA512
9430dc09c85fdb37d749e018cd0aca8424736674292cbb1da68e374d924a1e43b99410cee452a476465b6eb94d2c06d6cf3f0ddf1001d5d8668f3a96a17c4461

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d7032d21fab97dbd3b63e48570d8e66b

SHA1
7311ddb31e4dfe364adb62b635d9b24ed0cb6526

SHA256
e1fd9d32c30358f5a067db646448742c6dff69bf96869cde92e73c3a1bf2c6d1

SHA512
89e57a7b398e9d342c8ee9de5061fafc485b75bd0948e850b048ef526d2af1a943c0f6b70e2a479ba1985ad25901f5dd58e5e26b51b09cec0e725390a99b2c56

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
33f2f0637987a7cbae0f9ea58d0af5c7

SHA1
cbf07cf2a18becd0679a0228e2df0a6739ae2c88

SHA256
237f6eda8c29051631a72091ef6f30637fff53372c4be6a7b0a0c89f735392c3

SHA512
b611f871d59bd274326b9e670ae7634ddc7cc254214616cdc5339891b3dee89a73c31eb89e481235768e70284bcd963b792f751b8208418ea8fefd240e5bfd5d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a16fa2c53578c9116951c9dfd92cec52

SHA1
5190ef7c1129ae8462126df1d1179c02fb838b13

SHA256
a57d4492290b9870d757054a631a558c886a23a8abccff8eb88c3578335f0080

SHA512
34589056b9a566ca67e13cdf5b286160671ea25c956d2afb2f6ab726aa7fb7263527c76383adb664d0b2eca08731743ec8d837474f24a3c98339a8769f16e038

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a30ed648b2cea98f95b41438833b3604

SHA1
f34305bf8b0879e8f79f4f027b6ea025de983982

SHA256
bca8d2b19a4392a60df3a32fb85cb693bad6a16d52800c4c008a24efd654563e

SHA512
5be38afa640cc7313b9b8d3e6c243c46b0ad13595f999b193b1ecbdc951c8cabbe9f69e5bced8568161bfb7bb2da6cc9ceed263a4f013e6516368e263b26f2ae

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6227566f6f3ea88cbb6c2ed092a33367

SHA1
f9a4b778e78cd9866fc556fd4567ddee6381eda6

SHA256
ccc1d2125315fd47b1635d82e2cfe9c03748523d38699905d18d4dea6c32887b

SHA512
c1a0598a482dffb588b0e3d76dc420f2d423550e9f1ebafeebd42df8e6b68288cedef795eb636da324d0105cf08c0a3aa822b6fa3ca8f7bd248a0d330ea882a7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
10fcd968996c97b57517946af706eef8

SHA1
9c4ce5ef5917104fb6cbc757c1f3e81616872615

SHA256
f4d421ace755a4cff1967b26de97cc83f8250a22bc6c9f571d7f06b25b85ce62

SHA512
07df7e8f2378794d19966365bc5631a21df2366d9fb293a0d57236a287be4f6e67b9160a1f288f05aad3e13744f9d6ce3fc3bc72dbec9633d5d12a345d4c8c60

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
05ffacb3ddede43783c041b10ed65a4f

SHA1
7cd522eefbff4ec29e21c79b2261147c441f9ecd

SHA256
38ce457a96dbb92fb963feb531059207472e879ae2f9f57e1444ef529ebb2e22

SHA512
785be80fa24f4b15c82518d46ed84bf794b2c1635718da2826345b0bf15b0be428b5b553941324c4bc3b135213f6c22eba77dedddc98c0ac59a3f9b0dec73b87

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4a7989e435ca0398375a99c9f210ca6b

SHA1
5379a493b044393248d9b850b3be07a8b2ab252d

SHA256
9a3841ec4410ee7923998b4d201172e64a311eb597fcfa79fdb7f246802e4ae9

SHA512
990cf61efa691336d452802d6db8708c76ca321fa4bf269ec57e727bb1ac05181cff2bacf76c8a98b2d8a2be185d2c95a99f9fefc273bdcb73a9a08fb4f13224

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e73a07c237c6c2b47bc6e08372aeed0b

SHA1
84b6852090d14828d14d8e0e38faf7921573aadd

SHA256
46bd6f6f13f44d3c6b8a90839ecb8b54279663318681d023a128ab87925ab47e

SHA512
5e6846d3d221ee251a45d297d00ac7d0c1e108a9196bafc071fa92d9d857c88ec38f7fad9d26021024ca1a36c48f8fa3b28fdc2c2cfea3919a0770335b74e762

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
958b2e3a4316151d97999ca14142cdf0

SHA1
afb3dc92ea56576742aa4bb65ac61be781e91bde

SHA256
01bb1558be09bbda4ad5a752a7026506b957f320e1a045db1319e41dcd838395

SHA512
949a927b4c967db156c236ed9d984dd6d64663091ca15b382dc2b1aeed8c02aea92e992d057de2e333485f7c9995fd927ec1f5b735d3b8b826496b8ef4b713df

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d59ee00db72e2fd34414f4d87028e667

SHA1
0b4ba02fc43f2ee34a903e2fffb39f226565c825

SHA256
c19ede10d32638539acb5c45db618b5581c1a65c3dd021f7430a22908da1308d

SHA512
adcf00440b5b92c8b8471bd26d3e94fd5dd61c272b69323857d91c69e3388c42a95dae2d0fd31e37c911e2c24adc35a0f8ee600182ed55ff06636a926a61d9f2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8e5ff2cf74202a35db31b213980630fa

SHA1
a7398e8a5112891463dd0d693bc95f6426ac087c

SHA256
abfed5275d205b561c24ecbe7496e99568ec18464ae59518a3f85aebad1de3ee

SHA512
6356d1452230caf23575fd2529b4d605cc25169e81737a7051ad640e04d6f36a1b21a78642d32078406bec70c8eae1d30e27445ffce0616b2dc0139e1471ffab

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e4ab69080e00c42a4092b57f7bbb5b2d

SHA1
2f6080aa3125eea7200ac0b4f715aa5382f8d33f

SHA256
017eba26a96ff77631f4bf7ee21125c4d85dcb2a8e11e02f24ff8828a8ca5afa

SHA512
075cb9c1aeef0c9d76d3bf916dffa544c2359df9200149e4b755a81bdb949c159b790548d02666ea70ef4f3e4ce3b4b57861dfbf0a9e67dd7629e3d7f23d2d51

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c88a76041b79c4190e570fdaa2c74bea

SHA1
849fc251744cb54202fa7c2ab5b43a18866420ba

SHA256
f3c2094318e72996524b4406a95344e15d6f50e5c88c56501d0c620af7acd07b

SHA512
fa307f7d98753626391b6bf518c377600fdae8e1ae58c4eda37bad6b7bd312c5f6543cf2fb3e243762fc2ca0e81a4faa932a0f66406333d2eda985248c5fbb66

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9ced2a43ac4776468cf6671bfbcd69a7

SHA1
62a6d3a7746227022b927f5874b90c8d25ff513b

SHA256
6a5cc7a0cf4fe7157e2cfbc973c02772066b9ad93753ec9da9f892566e144a64

SHA512
f07bf10c2da2f6100122cbe45674799f4c61bfbef213dc4d4a96ae5a50bef075615f8c4d08759ee7b90b87fb0e224b4295c07582b9ab3d8233b57ccd42ba857b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8de278ae60ed44223927da26dcd78d64

SHA1
0e65bf99cfbbc48bfb2d08167092accdc2ed96f1

SHA256
f50f6be64df47616d6ff141128ba2df4434a4653d3c822a1bd370eaa456dd0c3

SHA512
fe394fb22c76c24f4019b36db5ef572831500cf954282aed0db497793f1a41286e7eda54100f246f4e58fa621282300db88433a247825e60c7d67bbc0e4b0f56

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
89a70242a3587c3b6e255b97b1ba732a

SHA1
acf97537b2dca105f611bb0a3278acab2fb11570

SHA256
eac06f603decc27780d2aa410e44a2e0de31ed783f79c1348fdb4ff015915a03

SHA512
29c813b7466cf92f98ca84883d4da4a97e36ee05e724cf9dac4efceec1038968dfdbff64e430fd184106c9beee3389a0dd9f4f58fa2e6bb8b96cc9028807f3b4

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabADBF.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarAE9C.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
memory/320-1-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/320-4-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/320-6-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/584-2-0x0000000000400000-0x00000000004B5000-memory.dmp

Filesize
724KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads