98e4154327d2c7b023a260f7497f033485214dedea4b78b763d8ffdb47889f13

Analysis

max time kernel
136s
max time network
130s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
21/09/2024, 17:09

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

f0435c3c231bc7d04524322316a73568_JaffaCakes118.exe
Size

1.4MB
MD5

f0435c3c231bc7d04524322316a73568
SHA1

4ac3094b0ec97ffdb3152640bcb8d6cbceba301c
SHA256

98e4154327d2c7b023a260f7497f033485214dedea4b78b763d8ffdb47889f13
SHA512

9c0557b7821fa4102753ec21fb374f5bde7fb791ac8fa0ffcae995c9db8bb63a2361428b1aabf11f852a68fabf4d5d3f721055085d8eeb8075fc6e6fc38086d4
SSDEEP

24576:7aHMv6Corjqnyi89LUhPdSmAL/stGYHLdU2SMO1N2h7HZ5ytBB7+p3uMnRs:71vqjdi89LrOLHL+2BpHqjB60F

Score

7^/10

discovery

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2964	cmd.exe

Loads dropped DLL 1 IoCs

pid	Process
2732	f0435c3c231bc7d04524322316a73568_JaffaCakes118.exe

AutoIT Executable 1 IoCs

AutoIT scripts compiled to PE executables.

resource	yara_rule
behavioral1/memory/2732-0-0x0000000000400000-0x00000000004AE000-memory.dmp	autoit_exe

Drops file in Program Files directory 44 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\TheWorld3\世界之窗.exe	f0435c3c231bc7d04524322316a73568_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\TheWorld3\世界之窗.exe	f0435c3c231bc7d04524322316a73568_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\TheWorld3\世界之窗.ini	f0435c3c231bc7d04524322316a73568_JaffaCakes118.exe
File created	C:\Program Files (x86)\TheWorld3\2\【卓越特价商城】.url	f0435c3c231bc7d04524322316a73568_JaffaCakes118.exe
File created	C:\Program Files (x86)\TheWorld3\2\【网址导航】.url	f0435c3c231bc7d04524322316a73568_JaffaCakes118.exe
File created	C:\Program Files (x86)\TheWorld3\2\家电商城.url	f0435c3c231bc7d04524322316a73568_JaffaCakes118.exe
File created	C:\Program Files (x86)\TheWorld3\2\【凡客诚品】.url	f0435c3c231bc7d04524322316a73568_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\TheWorld3\2\【当当商城】.url	f0435c3c231bc7d04524322316a73568_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\TheWorld3\2\【网址导航】.url	f0435c3c231bc7d04524322316a73568_JaffaCakes118.exe
File created	C:\Program Files (x86)\TheWorld3\2\在线网游.url	f0435c3c231bc7d04524322316a73568_JaffaCakes118.exe
File created	C:\Program Files (x86)\TheWorld3\2\淘宝网.url	f0435c3c231bc7d04524322316a73568_JaffaCakes118.exe
File created	C:\Program Files (x86)\360\360Search.exe	f0435c3c231bc7d04524322316a73568_JaffaCakes118.exe
File created	C:\Program Files (x86)\TheWorld3\2\favorder3.dat	f0435c3c231bc7d04524322316a73568_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\TheWorld3\2\【卓越特价商城】.url	f0435c3c231bc7d04524322316a73568_JaffaCakes118.exe
File created	C:\Program Files (x86)\TheWorld3\2\【美容秘籍】.url	f0435c3c231bc7d04524322316a73568_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\TheWorld3\2\家居玩具.url	f0435c3c231bc7d04524322316a73568_JaffaCakes118.exe
File created	C:\Program Files (x86)\TheWorld3\2\电视直播.url	f0435c3c231bc7d04524322316a73568_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\TheWorld3\2\百度.url	f0435c3c231bc7d04524322316a73568_JaffaCakes118.exe
File created	C:\Program Files (x86)\TheWorld3\2\系统下载.url	f0435c3c231bc7d04524322316a73568_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\TheWorld3\2\【台湾美食】.url	f0435c3c231bc7d04524322316a73568_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\TheWorld3\2\【淘宝特卖】.url	f0435c3c231bc7d04524322316a73568_JaffaCakes118.exe
File created	C:\Program Files (x86)\TheWorld3\2\【疯狂购物】.url	f0435c3c231bc7d04524322316a73568_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\TheWorld3\2\电视直播.url	f0435c3c231bc7d04524322316a73568_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\TheWorld3\2\【凡客诚品】.url	f0435c3c231bc7d04524322316a73568_JaffaCakes118.exe
File created	C:\Program Files (x86)\TheWorld3\2\【淘宝特卖】.url	f0435c3c231bc7d04524322316a73568_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\TheWorld3\2\在线网游.url	f0435c3c231bc7d04524322316a73568_JaffaCakes118.exe
File created	C:\Program Files (x86)\TheWorld3\2\家居玩具.url	f0435c3c231bc7d04524322316a73568_JaffaCakes118.exe
File created	C:\Program Files (x86)\TheWorld3\世界之窗.ini	f0435c3c231bc7d04524322316a73568_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\TheWorld3\2\【美容秘籍】.url	f0435c3c231bc7d04524322316a73568_JaffaCakes118.exe
File created	C:\Program Files (x86)\TheWorld3\2\实用查询.url	f0435c3c231bc7d04524322316a73568_JaffaCakes118.exe
File created	C:\Program Files (x86)\TheWorld3\2\游戏下载.url	f0435c3c231bc7d04524322316a73568_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\TheWorld3\2\favorder3.dat	f0435c3c231bc7d04524322316a73568_JaffaCakes118.exe
File created	C:\Program Files (x86)\TheWorld3\2\【台湾美食】.url	f0435c3c231bc7d04524322316a73568_JaffaCakes118.exe
File created	C:\Program Files (x86)\TheWorld3\2\【当当商城】.url	f0435c3c231bc7d04524322316a73568_JaffaCakes118.exe
File created	C:\Program Files (x86)\TheWorld3\2\【淘宝风云榜】.url	f0435c3c231bc7d04524322316a73568_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\TheWorld3\2\【疯狂购物】.url	f0435c3c231bc7d04524322316a73568_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\TheWorld3\2\淘宝网.url	f0435c3c231bc7d04524322316a73568_JaffaCakes118.exe
File created	C:\Program Files (x86)\TheWorld3\2\百度.url	f0435c3c231bc7d04524322316a73568_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\TheWorld3\2\【淘宝风云榜】.url	f0435c3c231bc7d04524322316a73568_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\TheWorld3\2\实用查询.url	f0435c3c231bc7d04524322316a73568_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\TheWorld3\2\家电商城.url	f0435c3c231bc7d04524322316a73568_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\TheWorld3\2\游戏下载.url	f0435c3c231bc7d04524322316a73568_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\TheWorld3\2\系统下载.url	f0435c3c231bc7d04524322316a73568_JaffaCakes118.exe
File created	C:\Program Files (x86)\KSafe\cfg\ksfmon.ini	f0435c3c231bc7d04524322316a73568_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	PING.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f0435c3c231bc7d04524322316a73568_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 2 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
2964	cmd.exe
3044	PING.EXE

Modifies Internet Explorer settings 1 TTPs 35 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004961a9603b5d8740891a04601e8b8fb9000000000200000000001066000000010000200000005afa96baad2225452aef497af592ebce303072297cda815b83ccda52cee8f5da000000000e800000000200002000000092edef048f320c7f3919e1f74d3aae27fcce916e50538794d31e923ed3c069d390000000f341984e7a7689e5deeeccbff359f6fb0bb8fbe9bc0e6472be1690f42fc913f82f62f66ec9d5cc3bca33a14d6fc840c97d803163029719e4d0336930bcc1ab068b678d4475418d9e39db683986a8f2603635b4143e69dd35b2823058b56d99bc7c333b85f9ca2c328a6aa5dc37c44799e46cd64cc41550cf9463e5089a754d850d21e253e9844ca2f4dce0c026961ffa400000003d23ee4dba93f5575f8ad68e6b5bf8ccdd630682adeac12fe46ccbffa6608e6e04ed2d19b41aceaddb6ef372da39456f2f6136f7d1dd7847f6417231f50944b9	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main	f0435c3c231bc7d04524322316a73568_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 5016d226490cdb01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{512EA121-783C-11EF-AB1A-5A9C960EEF88} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004961a9603b5d8740891a04601e8b8fb900000000020000000000106600000001000020000000d4a7e80df4dff391ef5766d528c7af36c5da272b6a47edb1a83e9e7c1e3bcf06000000000e80000000020000200000000f18fea87137003c82a7a577d91c19ed491bfdb896301200f4ff82f1d27281ee20000000fd5a06172b22a46c0128b4ebeb134cc4bc4c324ae5bcefb1e88bc2fe0be7e1df40000000dfd2c118036384adfe9c5dae66d20d93568227ffbf150615b70dafd633e0d71d06a67d8db4dff38eac91c1704879f6f9a235f31f0ca66cf146ab8c170a5a2070	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "433100460"	iexplore.exe

Runs ping.exe 1 TTPs 1 IoCs

Remote System Discovery

T1018

pid	Process
3044	PING.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2532	iexplore.exe

Suspicious use of SetWindowsHookEx 8 IoCs

pid	Process
2732	f0435c3c231bc7d04524322316a73568_JaffaCakes118.exe
2732	f0435c3c231bc7d04524322316a73568_JaffaCakes118.exe
2532	iexplore.exe
2532	iexplore.exe
2588	IEXPLORE.EXE
2588	IEXPLORE.EXE
2588	IEXPLORE.EXE
2588	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 16 IoCs

description	pid	Process	procid_target
PID 2732 wrote to memory of 2532	2732	f0435c3c231bc7d04524322316a73568_JaffaCakes118.exe	32
PID 2732 wrote to memory of 2532	2732	f0435c3c231bc7d04524322316a73568_JaffaCakes118.exe	32
PID 2732 wrote to memory of 2532	2732	f0435c3c231bc7d04524322316a73568_JaffaCakes118.exe	32
PID 2732 wrote to memory of 2532	2732	f0435c3c231bc7d04524322316a73568_JaffaCakes118.exe	32
PID 2732 wrote to memory of 2964	2732	f0435c3c231bc7d04524322316a73568_JaffaCakes118.exe	33
PID 2732 wrote to memory of 2964	2732	f0435c3c231bc7d04524322316a73568_JaffaCakes118.exe	33
PID 2732 wrote to memory of 2964	2732	f0435c3c231bc7d04524322316a73568_JaffaCakes118.exe	33
PID 2732 wrote to memory of 2964	2732	f0435c3c231bc7d04524322316a73568_JaffaCakes118.exe	33
PID 2964 wrote to memory of 3044	2964	cmd.exe	35
PID 2964 wrote to memory of 3044	2964	cmd.exe	35
PID 2964 wrote to memory of 3044	2964	cmd.exe	35
PID 2964 wrote to memory of 3044	2964	cmd.exe	35
PID 2532 wrote to memory of 2588	2532	iexplore.exe	36
PID 2532 wrote to memory of 2588	2532	iexplore.exe	36
PID 2532 wrote to memory of 2588	2532	iexplore.exe	36
PID 2532 wrote to memory of 2588	2532	iexplore.exe	36

C:\Users\Admin\AppData\Local\Temp\f0435c3c231bc7d04524322316a73568_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\f0435c3c231bc7d04524322316a73568_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2732
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe" http://www.5015.cn/?newth3
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2532
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2532 CREDAT:275457 /prefetch:2
    3⤵
    - System Location Discovery: System Language Discovery
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:2588
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ping 127.0.0.1 -n 3&del/q/s "C:\Users\Admin\AppData\Local\Temp\f0435c3c231bc7d04524322316a73568_JaffaCakes118.exe"
  2⤵
  - Deletes itself
  - System Location Discovery: System Language Discovery
  - System Network Configuration Discovery: Internet Connection Discovery
  - Suspicious use of WriteProcessMemory
  PID:2964
- - C:\Windows\SysWOW64\PING.EXE
    ping 127.0.0.1 -n 3
    3⤵
    - System Location Discovery: System Language Discovery
    - System Network Configuration Discovery: Internet Connection Discovery
    - Runs ping.exe
    PID:3044

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Remote System Discovery

T1018

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\TheWorld3\2\【卓越特价商城】.url

Filesize
194B

MD5
9018fcca1506b6e9998cf9483068765d

SHA1
ca7297f37507501b783b9384597b95f7a77e2602

SHA256
6589fb51a3d3c0128ba11a27383ef8f4f4a76d87e343a022555e1b8c63b76de4

SHA512
0811dd3febb468711702e15a32ced2f1bc29441cde1232f3f02f2c6f8e973aa550b32ebd0e097e3d9bd703e7774ab838daef9e126369ab7f4e23ac8613f2fdab

Download Submit
C:\Program Files (x86)\TheWorld3\2\【台湾美食】.url

Filesize
134B

MD5
25852a9ccf176fc455d9752841d27114

SHA1
d7f298bd5fd616e0ec0778a69024d21653c83ef4

SHA256
22dd6f2b0ae0e373796457a5414a3535367a358f531d07bfd220f1f36213da02

SHA512
eec5fb3f9fb14e6bcd27b42165842a250eb0338085c054bdb00162a0e11663972764e07e8449a288a9b641dd5f3d2d11216f788b4f5676f179748dc1e4a24683

Download Submit
C:\Program Files (x86)\TheWorld3\2\【淘宝风云榜】.url

Filesize
142B

MD5
c931fadca55f88e0e5edb7552c4b1ad9

SHA1
aeec96c72c7db3ae94d25369e8ff73745af6cfb4

SHA256
93e8c38c6d5286c7922be4944a87787aedca8d5c9478e4f89c4fe1de7371b710

SHA512
a5c95e5a1236a9eb3bed1ba8cfd99c48516ad30ed28bcb1453928731c3e4ceb68cca61a4d1122a5c20717a539e3ff98fe86cd555216e4bf368e537b2927296a3

Download Submit
C:\Program Files (x86)\TheWorld3\2\【疯狂购物】.url

Filesize
82B

MD5
d8b0997d51b69f071b951de35a1f5f4e

SHA1
c0f634151c7c70c0d661d6e36e3298571854239a

SHA256
69bf159c06d52670174336c3a229afd1e3342fd3a25666fdd4617fe211945fc3

SHA512
d03b46f108e0da4bc800163fd60108d1f96cec69119b623e29c83a97d33bad28b7428f47a05cc65b8058cedf536fe1c35d9db6c1c6125abcca4d9d9d724ccbcf

Download Submit
C:\Program Files (x86)\TheWorld3\2\【网址导航】.url

Filesize
78B

MD5
15a0dfd6971a548e27da0e9e081fb20c

SHA1
d4e96db0a1f75cb170db214d2a3bc837d8cec84c

SHA256
0301c5ca25bf7462637537ec02af8d5e59d573ebdf783568b24cd7048e283589

SHA512
779392917f82d8517ea4cc0c48ffac06e20a1cdf6950ec170600cc789305eb9669559c67a097150f40d2fa676e41308abaf07a5e58f1994ccf6988477f4214b6

Download Submit
C:\Program Files (x86)\TheWorld3\2\【美容秘籍】.url

Filesize
134B

MD5
57efae2fa1413b359aa55ebf818d44e9

SHA1
a25ed510c0de2b7d714c20fdac23db9c1c5f4128

SHA256
bbcbdf46a55af3d1511f0b2d52939213810d2b9c0c54d073c8d09429961b88b2

SHA512
3a3a4074db5d4a3af95cadc3da8751012993d6c011de49f628dbe45a13d3cb8dae8278813eaed57b8e071df97560d05270ea3116b28e6d0de6a4d75fdd9ebc9d

Download Submit
C:\Program Files (x86)\TheWorld3\2\在线网游.url

Filesize
190B

MD5
f48866be4b9729453057af8c2de8cb84

SHA1
f48cb381e5baaf598da3f464836ab7ef628b0710

SHA256
b0cab2c945158a89985a9d5b77704fda9a7495858ca5c7ebaad5b524f303861b

SHA512
a1a4caa9fcfe83f9eedfa7e435229e32c5d3574798b59700591e756a5aa2eaf2f67943b467e47088c685d078dba6eda30e7ac292068557fdb7f5316ff47625ea

Download Submit
C:\Program Files (x86)\TheWorld3\2\实用查询.url

Filesize
78B

MD5
05f923433437db81afa7a2b19d3c6f51

SHA1
19b6b8a548c430b1fca8a214874d67c3915bef85

SHA256
ce2c4d2b876cdf11b707f79b45b891f674025f421b6e8c99c40509e849c67e68

SHA512
dc431b7ab359ee1d1147c2272461b0dc0b8f41bda55d8ec4f4e3d896013121bd88c32898a844494bdde8a37ce7823b49dfed3a31625d8b006d16e961d462ed17

Download Submit
C:\Program Files (x86)\TheWorld3\2\家电商城.url

Filesize
126B

MD5
f847c2a7d92d221480d4577b5f4a02f1

SHA1
287d2ed6b93141516651fd902394afe0ccfe8c5b

SHA256
4d097096fdbba3ed61c35598bb26cb66e407dad48bdd9cc6f630f272bf0b318f

SHA512
191515b24148a710f7d2ab6187005be0a09ae9bce72507d963411234b36458b5de9dd935818460a6af4d121c48aba7dc082bca23a06844948d3143ef0b858e9d

Download Submit
C:\Program Files (x86)\TheWorld3\2\淘宝网.url

Filesize
145B

MD5
73e9d1a5c85a6d17cf6daf1a29747d68

SHA1
80586a1a5420d56f65e37d0b1b0b7c2faf19a79a

SHA256
9f4bcaef43c584c99aa48042285b3f744ee9eb1afb934bf2864759543819fae9

SHA512
0a68b2230fccb66814b5d85fa79beec4b633361e1273499417cdd9676320398c6056d2b95500e1191b467bd2f5a462f1cc0bc76ccb4e11120fe0cb375d3040ca

Download Submit
C:\Program Files (x86)\TheWorld3\2\游戏下载.url

Filesize
81B

MD5
cf8565c8ae2227e2405d6dfacaa04879

SHA1
471aeda36ba5044533b24886189e68e43538f01d

SHA256
4a1dd24faf80eda60d1f60e2c84a727e20be9b4aa6b032d61560ffcde73e9b44

SHA512
654fb592ddcd92b1979fe89edbfa6c228a757d52acc0afb49d4e2177bd0c3697a67eccf1da112340d02f240ead4554b01cd8a2ce13173d0aeef14f2526c4fe53

Download Submit
C:\Program Files (x86)\TheWorld3\2\电视直播.url

Filesize
184B

MD5
de76ed786e20dc35d1462da506355f6e

SHA1
f302c494fe862e046c39482ed5e698450c1771a5

SHA256
0fd9332ea18b83e7f313cc3960010b10fa4f1d1590f8f5ef75254d8ce121c9ab

SHA512
9261c8983f319210df9eb5c7439d79547f47f74218683d3d43b8a8a660925bf5a9b4415cb15011d7dd6732f56ee20596b465faea23a4cdc7e873b656bbb0a65e

Download Submit
C:\Program Files (x86)\TheWorld3\2\百度.url

Filesize
141B

MD5
78412d08796c909a0853a1dd18ccd586

SHA1
ceb2d947d41df77377aae60ab559a304fb405b59

SHA256
7e03a4aba9fe8f15abede66b5ea190ef7d1c16e200b342a7b9dfd417545150f2

SHA512
3beca38f6f757b3df3d7cf836ffc996e8a713df809fc5cad3f81363991943123acf55656c767b898b025760d0f113d53a1211c231332569f2027bf4f4b59e119

Download Submit
C:\Program Files (x86)\TheWorld3\2\系统下载.url

Filesize
183B

MD5
e321c8319ae133844943486b541461dd

SHA1
8e18a6bdb999a036cd407521e64ada293c0e61b6

SHA256
8d1dc50916793e02d99602dbbbcba6fe43346521ec8df4cb83a2399f0f7c684e

SHA512
cd0fd9fd5082c20045a43b8904d3c4a196cdd5f977bca7c6eb71f4968bf0d9b91eb78dc7aabd4162f28706312da78ba435e01d4412ca02fe3a83decf373a3b6e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8e96d1e5d0e232409d7ab621f1d9fbe6

SHA1
468305cbf6f818b42f8c4a2524ac668e0536cd70

SHA256
0faefa8a9e02bcbc9a363da1cd6d7abe8212c6530ee50b78242dacdf7306632c

SHA512
ebf6cc1279034f17f0c5884ddc568b50a034094b359e332306e991c55a4ab1536d825a3f4a73715fad88a2b45301e65ce723f36e044e8b71cd5b9bb908623281

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cf12d5309cca5c6b486131b6dca03d37

SHA1
a9e946c4b8ad0bc5db820802af9cb238877f44dc

SHA256
04c68904e61c84e29f20229a79a2c5c539b524c7d014a5b115a3804acee033a4

SHA512
17d4f636e193b68ca8c59a2c1ed24d99654375ac4ea31fc9203bd76baa03a731320d311e576c9513048088312e5e271562e82cd3f51489151a2488fbb3e5b4d3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7e1b1fe86cb11a1bda2eef04a57ca795

SHA1
560fe5d9f9db8b4451e40fb49a71eaaa162126b0

SHA256
eadf47c7e766a48daf5ee527e799735b050ea35666acb63e295a4b1933a10567

SHA512
4b6fab5417eef5006bab783ea072c7dac0101461379e91a9c5b898c795b912bd940c81ac9d3c82af69ebea0d3ef7a4ee61df685a7d2559fb855895b97c320232

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e05becec4921a22e0d9e837e119d8027

SHA1
3448907d5c65e437d6829afd978b29fa6dcbecfc

SHA256
2d93d35dddf0459066f1809c28fcd50108128ae628994951880768f4897b920c

SHA512
2f4ceea45bfa571e4da0e308cbd14a4b6212ca2b12383c3b5d029f8bf3ab999b303c9be640279753bb2c7aad36dec371097e39c0cc3917f6389b71a44c0e2065

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3ad134001650ae14169cb30cc4f221b7

SHA1
56c8524339909f2ccb1ec6bf4c264c6a517101d4

SHA256
809b09cb616b20ed6ad345c85d9d17e0ca5ec3b7a66b5d07eba209044611041c

SHA512
e67aa9c11ba68f2df6dd20bc252190baab2c8fa4caef69a9b0447c9fff5b214ea91f520bdb779557c4bf14196a6d19f1c71331db8cb85193acd51851b7cf2a8c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3cf3d178c4cd1a0b7045919bf66817b5

SHA1
0b1fbd18aef70619e344b6921083daad008236b3

SHA256
b82124174195ad7d09e9e42c24462c313fe7b0a48934bb8a2e4b14268adb3b30

SHA512
7ea710a5affa16d7303ff6298328e2c5e0b12d6fa4ccab5924a25ce2e18eaef2b9ccdd5f0636af6d2e6cca58cbf8ad824fac6044c343951c92b5e09aab17c56b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f16295e891269c77b9dd066f3f8972c7

SHA1
0efd68e41245c7c974ee95822ef5fb1e05f64491

SHA256
5b25a21781fa93d831d1e6b83afd1612392d7fe821a627e28275aa469c8a21e7

SHA512
ee14362b80da57ccbab71d6f1c58bc51262cdba0a5291e1b7826317a1c68d6ffc9ed5bc5f6fa64936611562d08959e54d4a0269b6f3abc45beee5a4b9a2d4d8b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b34bfa3d1db4272e9474f315303d2087

SHA1
d7ada2df0625f3f2e0c6bb06519be04583cbfaa9

SHA256
3958bc7df85e85ff0fe0c73dc6188cedc76859553313043885b621ad4eb9e4a6

SHA512
0d2d2b2c578f9fd90d682f96763843a535891abb6e8e55d0308d45b97bd57a069e3c0aa468c0051420e074b5be224f117dcca5f5c7594374e1fe2ec3056d419c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
390d13c01586b6627c8c42587d20cd95

SHA1
9f4e377adcb8f4338efd30a6a00dbf763ad7469e

SHA256
4e5fc08367c702010666be76e4aaf44ffada1b5f0b563cb57c158f73d62b0fa4

SHA512
53fb2c7d69f5d356ef9f8b34a19e6780b58590e61597dbeaa327f8f8e6cf6a9dda3ee00942e5e3c9c87bf5dbd3ebaa6883901b930098d22701f5292b31f7db58

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ee8d57423c006ecba5a2477e6e764909

SHA1
974276fcfb25567e63b01dccb6889513c0ae505c

SHA256
1a85ed3ee6c23db6c83af742f3824edbca414a214ed3203c935f5b3b66688782

SHA512
865481d8df07731b8d2d6cd6d649390bcb4a9e530daa702552aefd0d0b498626290f627bfdb5f59975f710b68263f068c58dc5fc6f4e1ea040158497abda3ee7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b1967b9d96693d603539dccbc30b9f0c

SHA1
a617e83b7a5f538e6dbdfbfb99998e89350143a2

SHA256
8b10197fe8b252c0278e9f94526177dcf47237481aef1442b669491ae464653a

SHA512
4c73f56b550d86d33a7beda646a9406e4025b9bd35770a9f82da6ebe3c06c98e1d4dc794da116fea73220f4687810eb9a60bc124f39b073dd2d6f38171eb2b05

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d5432ceb50c19c961abb2f3f788ff1f7

SHA1
6bd4b70e2efd01c026b28729d95d568dfa9c17e9

SHA256
3935b96c2494f6f355eae42d41278112fed37c1065c97699e4182412c1992220

SHA512
fbe21dc346de5abab927668361ab51b9a630a43d13fb7904149a0ffa79f0b2bf6e5f2efa4bf932063354c3021b50fb821ef132a7d23371cc1f7c46726b686a22

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0252bd0a32c45ad8354e20e88cb063c8

SHA1
29976c1cc3952d856acb0941561ccb069ef483fe

SHA256
ea4e4c8fd43877fa802db04cb01e77d05ba62b1fadf68a3a13953b315e48efbf

SHA512
36f4618d25452cec91ba546abda9104ffb4d047c876626af7c2fe5d8a9e5ebb9340d2842136854420670c359337f777cb7f81e5ac5dcb6691ef988ccdede89ac

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
678f324daef91d5d75114d5c32e82f57

SHA1
ade1e9976b2e2dfffd0eb08d2fd23bc9d8edf6de

SHA256
21a78d48c7a0587ee4f20146089eb0dee4e6cb0769066d9be01ca6b954346b00

SHA512
b998b91125967e5e0dc0fd07ea434592209872c8cafc8a141a663991deb33bf7cbef8899cf0e732742534aab80fd680120d799831ddee3078a5e494c3a95fbbe

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d80ebd37ffb1c85238d33de16d9501c3

SHA1
3e0abf9ded48746825d7586769c32bffca85548b

SHA256
9d17e79819db566cc8abcf36d2e0299d41d241c696088973be46b64dcbcb1da6

SHA512
2aaecb05b786a63028779e6d3ec1e2b5f6edae5ee6e9cc2b395712a03248b2fbd4100ee5fd33b55c5f6fbc5236672469a1690019d41567f2bd81294eda0c9a88

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8c1014420fd4b373c04f84b485040aef

SHA1
ab33146377908f585fbe557ffe1627931c68db1d

SHA256
ec51a516df83eef571dfda8dcb6c9f82f51bee3ab6c3568e0dddeee13c4696c0

SHA512
4fb87228eb7ed303f8a07d3065ffbca012e63f457d4fdc806adc76936cb62a545ea4ecc74c0c55b2ee9a548c5ea7b01ce74fb21a1ed47025962e582908124a4d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e2e636df4d4fb377e8160ec240d6e8c9

SHA1
3f1c0f06d4b51b43d34c19d15c017fc266935a7b

SHA256
4dac8136c3860b02b684be9222d86e00d3bbe72e4d04b9d7127be63045ab077b

SHA512
cdc7e8397379ef64c55fec359ab0d27d80973e8b176d8e40653b2c0486d5e6e3a3a0027803bfd175c189992e7d608f9a37f051de0a554bcdb83fec3814897a99

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
55f8817832099abf1a2b6cd171b99a3d

SHA1
378dc5e07685e5ae5a8cde58d975e3ae91ac3993

SHA256
0ae1af9a8e5e3e39f4af4c70bcfe5f0d7b4e6be65224be7940f7bd48d25961fd

SHA512
6ad03ac17e17273e861138156b218a0fff59859d2ba2d60507827f9bf1f150bec55a8f2d2a1c66effa79b9bfefab3e5a7121ab65e2896d63c8e14e1df394c1e1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c6fba22cbad8dc42502bfcc95eb57bab

SHA1
da8514f19751434abd6970f485c5d9f67a29ee07

SHA256
8fda90c26338f61fc8ce7bec11348a9e38839bba76fba2ca984e631c7c3d220b

SHA512
5732dbe36f2206071606d5f7b50d71735182c681b9fd6ffdd8e4b20d367d121f5b898e42407d8b36028dbe314840343a4501f64b34c935f28b3c4515bd9665aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab12D8.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar1348.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Users\Admin\AppData\Local\Temp\autECEC.tmp

Filesize
192B

MD5
531afa31e63f4340844de937716019eb

SHA1
7505578b1384caea8bd7cca0e0e4814c65b98453

SHA256
6361d0896bee3569562d2add5b93c8e1cd6250acec04206e219abe598c78326b

SHA512
b272598cfa49b8d4c7ce6fd32a14a64d6e1554ff1654f629d35311bf40377065d578c12745052ae9a889e5d7f798a73413273b027ab43140041c1ebdd0afa2a0

Download Submit
C:\世界之窗浏览器.lnk

Filesize
1KB

MD5
b0fa44b924dd83ba77e5928f70238db9

SHA1
d0bdf80f5447d4c5c1af9b03413a44738fccd1f0

SHA256
b0ff54e886ef5f378752acb82fba3f488d1948f845d33cf0424d61605d3af4a2

SHA512
a57f13f36da9f65b5f56a601275a58938bd67dea5092887e12077aa65d0df5469d598c94638b24cb67b3ba07df19618eec0262beef535f2b1c1e49bd72fedf4a

Download Submit
\Program Files (x86)\TheWorld3\世界之窗.exe

Filesize
1.4MB

MD5
9bfe658cfc944ad9adba1620b5d466b4

SHA1
034aba118ba053e168e80e29671a9ec4674c2f12

SHA256
931cf24254954bb1516f415d8ff4ff8a4478c922b993d3e29f3586cab4172bbb

SHA512
86d59322b5592b00c71a177775566dd77dc6a68bd4261ae4faf5778d894893420105ea60e8feb6e8b7dbe0e7d76e1fa0e63a58508b14b192cc81f724d7cfd4b8

Download Submit
memory/2732-0-0x0000000000400000-0x00000000004AE000-memory.dmp

Filesize
696KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads