mafiaware666 | hxxps://github[.]com/LJ9859/Malware-Database/raw/refs/heads/main/Ransomware/RIP%20LMAO[.]zip

Analysis

max time kernel
134s
max time network
151s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
21-09-2024 17:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/LJ9859/Malware-Database/raw/refs/heads/main/Ransomware/RIP%20LMAO.zip

Score

10^/10

mafiaware666 discovery ransomware

Malware Config

Signatures

Detect MafiaWare666 ransomware 2 IoCs

resource	yara_rule
behavioral1/files/0x0012000000019256-1315.dat	family_mafiaware666
behavioral1/memory/3012-1318-0x00000000009A0000-0x0000000000AF2000-memory.dmp	family_mafiaware666

MafiaWare666 Ransomware
MafiaWare666 is ransomware written in C# with multiple variants.
ransomware mafiaware666
Renames multiple (89) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Executes dropped EXE 2 IoCs

pid	Process
3012	WindowsFormsApp1.exe
1684	WindowsFormsApp1.exe

Drops desktop.ini file(s) 3 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Documents\desktop.ini	WindowsFormsApp1.exe
File opened for modification	C:\Users\Admin\Desktop\desktop.ini	WindowsFormsApp1.exe
File opened for modification	C:\Users\Admin\Pictures\desktop.ini	WindowsFormsApp1.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 7 IoCs

Web Service

T1102

flow	ioc
27	raw.githubusercontent.com
28	raw.githubusercontent.com
29	raw.githubusercontent.com
30	raw.githubusercontent.com
31	raw.githubusercontent.com
25	raw.githubusercontent.com
26	raw.githubusercontent.com

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WindowsFormsApp1.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WindowsFormsApp1.exe

Modifies Internet Explorer Phishing Filter 1 TTPs 2 IoCs

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\PhishingFilter	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\PhishingFilter\ClientSupported_MigrationTime = 8007f8a64f0cdb01	iexplore.exe

Modifies Internet Explorer settings 1 TTPs 38 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d793ad506ece624c80bd99362738d90700000000020000000000106600000001000020000000f4d951bcca51b5162edd364b54ad3903c8a895240314cb4a922ca0241dc643cd000000000e80000000020000200000002aa9ab78a96bdf01054819a1a62ed46f9d7033ca85f8bed9193f00ec0d3d6bf8200000007552d7575814263440e8cd3c33efbb642e70b122a077e41764e6b91d31920cd940000000713672439d4a25778e0cdaa4e456c07340d3c81184bb96c8c44621ecafa168f28f0d321a764d80febb48199a5bd650304644e2ee66814f3f05b66049c0f59025	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "433103273"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{DD9997E1-7842-11EF-A914-FA59FB4FA467} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 10c4dab34f0cdb01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d793ad506ece624c80bd99362738d907000000000200000000001066000000010000200000005b46564d6177dddad340c8b5ca671706b525740dd04e905201a2a12e742fef56000000000e8000000002000020000000dcb60cbad350fcd1eaa1c758ca11b5153109ff7fb692532c54cd55bcffc5a89190000000c7753c416bf0ae6056d3d55da42444925620fac051959748ae9af23c00f2fe9d704d6c6e863adfd497709b9a0509bcc230f87ab95a2b085772b789d66287a3d7ea8cf576d0ce08d0498aa137ee9bedd38e603ab2141c200a81b859d050bb8f34ed9668b66863800eaf7085d4c4d2763b51260b2df62ad466dd976aa83c5925987c654bcd0ae8a1f06cb0ad90b8571273400000002fe750c0a35f6944c7a6675627a09b90d82b7fd861c4088da22820eb1dfff771b11a16e1de9e62cc672d5544c7441bc17bcff59d37bb620ab1b37958735d60cc	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeRestorePrivilege	2012	7zG.exe
Token: 35	2012	7zG.exe
Token: SeSecurityPrivilege	2012	7zG.exe
Token: SeSecurityPrivilege	2012	7zG.exe

Suspicious use of FindShellTrayWindow 3 IoCs

pid	Process
2316	iexplore.exe
2316	iexplore.exe
2012	7zG.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2316	iexplore.exe
2316	iexplore.exe
2752	IEXPLORE.EXE
2752	IEXPLORE.EXE
2752	IEXPLORE.EXE
2752	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2316 wrote to memory of 2752	2316	iexplore.exe	30
PID 2316 wrote to memory of 2752	2316	iexplore.exe	30
PID 2316 wrote to memory of 2752	2316	iexplore.exe	30
PID 2316 wrote to memory of 2752	2316	iexplore.exe	30

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" https://github.com/LJ9859/Malware-Database/raw/refs/heads/main/Ransomware/RIP%20LMAO.zip
1⤵
- Modifies Internet Explorer Phishing Filter
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2316
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2316 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2752

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:2376

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\RIP LMAO\" -spe -an -ai#7zMap25857:78:7zEvent32503
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:2012

C:\Users\Admin\Downloads\RIP LMAO\WindowsFormsApp1.exe
"C:\Users\Admin\Downloads\RIP LMAO\WindowsFormsApp1.exe"
1⤵
- Executes dropped EXE
- Drops desktop.ini file(s)
- System Location Discovery: System Language Discovery
PID:3012

C:\Users\Admin\Downloads\RIP LMAO\WindowsFormsApp1.exe
"C:\Users\Admin\Downloads\RIP LMAO\WindowsFormsApp1.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:1684

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9a209938af3b89212559ba441a522ff1

SHA1
ba872b45b4666c3cfb2bf87ebf4708144d8a58d4

SHA256
a38796669e23f0b28fce51b3fe96f6c5895897e8cdf51b748894f73162491a69

SHA512
43f164f11d7ac7653e3545259f7b75cfb55c04aedc9a42bb26b57cbc70d8ff315087511c852da6392559a852080e03a65d44ce676bd1834a5ddc34bd72ce9f64

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9856819223307abcc7478e0bbdcd27cd

SHA1
549a2c1b19d8ae5380b0551d05332164e8e8b247

SHA256
610870ad8909edb52b2d5eddd7d1e86644ea1ea0859905783571b7bd5a628d9f

SHA512
864768770adf24eaf5d23653bff677bd8007289cab408e8630a17b67f84177f1b4395b95877f1e9f7358861142e98ba77881c01164d44aab9cac672f712360fe

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
08fd1793e0791e2b3ea2e4e52d17c3a5

SHA1
263ef771c294dfae22519790ed1720230e759e80

SHA256
7e6a25a93a8db12e79c2fe4bf7cdcebd3d73930e12b1872d6e3fd652469d6ed2

SHA512
5d3e0243d5188ee180802e179d4cf056ec70f3f602a5f8dd5d0c06acbc44a4ae7f8136a8b96d7e18fb1b9c8e0731a5753e26759273a546254d57da68d16dcfa7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ca0e16f0cbc342b02041e03a78ef59bb

SHA1
563618e8be75a8d3abcf3a842d9b204ac20b3441

SHA256
0a8d7c8a8795d1621ed0bbb1d4eeba485c603400bb762d46ee37cd8ea182d4f9

SHA512
7fef5e996d3733bebfe5d4bfceccaba44432e5278741c8608dcc0652f079c9b23070510344812c708c6b1d945e3c4ac469e7218d57a347bf8311fea7e19ed17e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fcc93ce4bceb611611062f640780a98e

SHA1
8c5bbdace03f9167b34004c40c0fc9bc083d3692

SHA256
26c2865261169f06cc80cfa1825f86fa90a952339fb82dcf3b23325d00e124ab

SHA512
edc369360f5df159c642ce40d9591727bcc2dfdaa1507030e4fa4fad5661d06ad3e74730a2f64ca3c6a3c0efd688cb75131a8219c47669d6629be2d52cd0479a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
47698f9d37183a77d0f68f40c237857a

SHA1
b84b9eaacb74843e172625aea0fa6dc0e4689974

SHA256
a895b1a42576c83381f2ae625786cffe545d3f72ed86957dfa5649135a6d341d

SHA512
2965aab75076224d4c9cd799b5abc61fdb5f2f5b45dfc94e62df15b162dc3146d96ab836af082e81dbb22881c478d40d407466805b6f1c68941f24c0c45d4eb4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7ca7f603fa041d0903ec44b2c31b7d8c

SHA1
ecea5f8765aef3b44b60a816d654e60acd3f93e8

SHA256
ff10d351f2b7d85e8c4bba7d76df64fe138f0d7290fcfc938d7c72ec953584cd

SHA512
c46c6809886d4fb8cff288a2b479d9e3947155852d0dea506d286a888c033fb049cfab85bf0b95b47dc4dfd2970b34e0f7a2266bf0a7e667c98d049a38d2903a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
99789b77c3383a0c8165525c83d0caa4

SHA1
1512af6ef92a0f793a8026ef456363e836860625

SHA256
331cee91ca517b2b39b644fd1d9fd06cd9329e931a975c2c32f33d53d41b6ccb

SHA512
0cdf8e40dc9429d84f900ff5fd738d4a3eaded931ef26b9c878909ce0d78f3e6d4802d9f629e22cd4851d45cb5113554cf97784db0c234f3830b88b7b7c3f0ab

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fd6cb9177b26da5a0596614da7c2c966

SHA1
42df2756ef32578c32840a4d1241d5e918a22155

SHA256
7184353ccdad37de37e9943714f1509c96f61b8d9abe1194d1d0bf87f7a77271

SHA512
9cf13dca0428ce48bab154118431e99ddefdd0503833864be4c07e9ee4923c8170555a67d4bb9d5ae51f7e197469b49a8b1f7c2681ffb1813aac9e8508150bed

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e334c263de03da97ff267b19a4fe858f

SHA1
4082a22c7f76a6b28489351fa49a3bc70f9dcf3f

SHA256
6cd543765dc598e8ae0e19b3e59d2a9ae18cfd4b0e37569dfeeab1c92e79a212

SHA512
d9754f57f1babc54deda13651a734a5bffabaa44a19d4c1b9fc13dfddcae740898a8c7fb1da892f490f1de55008e7009a1ef2669ed17ba179f7529703e951759

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
922030dc1e13b86004b12b34d5e187fd

SHA1
226058183a311ce3adcf65848adf55da1c230a7d

SHA256
431a5d40264c3b63ba4f29b248d0fee02c93d4ffbc6532698ccc9a9a4213e5be

SHA512
0416dc15c85aa1f4b2b090bae42fd67d71bec5de2f81ce51ed7eaf38a0b732b774f40be5d0884130d234e45f8f062574294059f305d98d8c4fd19bde818762bd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6f4392993b39d1bb5ea7a96802566d2e

SHA1
1ec8ab0f873902b13b0422d3152354a697c8e59d

SHA256
654d4f2fa8c7ee64bc3ccfa0d543c776abbc125a0807eb53cf7a90eec3a23144

SHA512
e1bace29623f4bf24ac6a7c7e2b0868ca768d315ff8c5ae900158cdfee534e4806f759e5446e19456202d0035f4f8e0599021dd2412fd17841a9b1fbd41995da

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9694cfa70af0e73d582d378968948254

SHA1
217e5c286edfca5a31b8a760a40d944cae0e45d3

SHA256
678db5d3f7b741364077dba96f308acd3d714b4929e51636afaae92695463068

SHA512
1e088ad4a7f817c34bcc81619b2f2ecac924b22d53d4ae800026d7875ee9fc6481444f69dbf40913fc52b16b188ce0bc710615787ef018931b60400249ee0efb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1b0cbb8736a8e4115d707b596c9034c6

SHA1
b683c5cfa56ecdb263d3130c484ef5ef83e2e985

SHA256
ea11face255faf57a923e49537e27a463b3f61a603e02029d36050adb2b56a4f

SHA512
d5502669bd8bb845c11a2a5311781383ec9839db180f917edec0bb7ab0ceb4ef57f7ad43d085b7613b09ef0bc7b22277346f9690d14b10b9cfd0fa1396d5a73b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2234fe0b740655eddcc9f78dd4057d07

SHA1
b87b7365220b175fe2c550fb7e1c9cb3716c245a

SHA256
1bcf05c665653b3a736971c516cb748b02b91fdc130c5ea45b6b3bee45778b7c

SHA512
0a9c2199e89c22a386949c3baf27daa5a2c401666f49780c99b263ff52971679a775244a312f4df8178b84c4ebd225f9e36421eed922c6b688e91ed6c438039c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
72e2f962d1b7911c9d39c665f23074ca

SHA1
d7c20435219627216c9e3af85bb464b2827c90e8

SHA256
66c88f5aef413f132205a4b1e994728fadf19b4d365e570c22526c1c544984ed

SHA512
60ab0a22899beabfd401d11f1b0e21f6837b1be3c243d5bca622fe11bf82b998778850b3bfd1c5d1665ef3fc97087f6cd1e58918e6e83f596cd96bf4844f8bc8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
46986fc81be13cadb25359c8e752e9d5

SHA1
44a70cdc10a68e2f5fd2920c75c8d2f47c4101cc

SHA256
d9cdab97153f0a9de8817068d9b4dcf7d88b366c8451c3223ba9ef3a425cf07e

SHA512
185f5caffcabf4a32faa8daf5ca0d56b777a1058d9a633185961a146a7fdc4a732b5eae0a1004dc940872e9952e84ffcfd67af6e9e2d78c415931f898692bd13

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ce794332c66e88db0319098388c5f549

SHA1
5fc9d085f2eda33877acf401adabc0d6d0ecdd7a

SHA256
783573164aa605aba872f3edc2a11b796a77c74718c8d9783f22fc026503c04e

SHA512
7293ad0a9777ad43b20beea9d94ded84755f0467e9a95e3ae9a92547ef85389deba4ff64f24f4de1371120365bd20c69f05cb5dd3aac76677f9b86f830323960

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9d517bfd2c80c673a700719fd7fc2993

SHA1
99c59ba813958cff01e6e0ae7e8c8589a09fe772

SHA256
9e83d4a1b0b6dbf7235f8774c451191ce490bd18f565e2edaf19050fe98ee378

SHA512
91462ce4798b7ee12d94000e50bef27a6b69adc23eeff18541135efca6ae5cd7b73ba6c97207d4e62329780bbc653dd21c6c493d38a84f54e026eccaad886410

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
aaceb8d037d83ad4df21f51903524a37

SHA1
5e3d87efedb326ae31ba9d1b16b485ac9472327c

SHA256
f5bd0127b45a23e30959454b078568f1b90f1691092c7e1ba5ba1e5a677d3be8

SHA512
2814fbf8e664b62a3cc145d1d4cad239fd21868bfa20eedd3a7055840f2c8842067d7535487070d454a3d55fd90e53552192a9790e3cd530841b89eaea87f7cc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
23af3db36b36f8115f43691bedb99000

SHA1
2694a0f3bd8692f4d7714a22b3797dfcc782be3d

SHA256
cb27872978bcd29e6181e37a89db536a2b4941ad9c9d2321e70fa8d2b093c495

SHA512
e11a79ef7164f528a7fcda0b780ad70b46700773884ece26936cf87df282078e24dbd5c49741ce1e6bbd63d8968011321a6670d04ef863fa5dd1590c12c4f10f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5fa265eb5bad326a1971189e6a6c22f8

SHA1
cd64206b869a18503697453f756f5e50bef56a43

SHA256
bf5718524a4542fc6c647ca0947b610c53f009fd8d48fb7035edfa1b265be45a

SHA512
ff0b80df349221a9aa0bc015ba272e51a17c99ac42e6ab50925df188d01e775f210b1a0abd3026219126599686c43332e68dc6faa5cd6111074c69c916d936c8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
677ab39c386588545f052b331b212c5a

SHA1
c7a405116ceb2f4d9a4e8db0b3918a700a0cdd67

SHA256
a106d0ee78bbb92438bfbb322d41943a9f223812c6475b8bdfd5221d938c963c

SHA512
9793892bcb22dcfec1bf4487911bdd3cc29c95a6f1921ccc6ce7a9420c95b8feabede6da48ae792cae17a7bb1f9a49b003f6416b0bee6896f6db4829a6f2e012

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6fe395d9c4b26edbc78373b13d7ba5e8

SHA1
bd7d782426d86ddc8bcb1f987a1ca55680dd1fd3

SHA256
f5fba355844ab65ef5548e8a10d6f7e39bbec0701a502e5c081ff12383b1512e

SHA512
4631d82efdf25e362734d645897b667fd5a1e16bc14e68cf741441877afde43f0129511f9afeb6084187530af65292950ad942d91d6677c6687993b56e24949f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5708efa97d053c5b00e808f650278064

SHA1
f2830f5165db4471869ef5997d823705e207c637

SHA256
17520df0ddb919cdaa130258ca5519f37ece8d8344663d669fcc04d8f4f46ad3

SHA512
7af817aa4039ed965107e1df75e67f11454607ba45b3e3878ec6fa14e464544755043db2e25a5853fd13a2796fedae8217b9e3ae2bd35eac8086f6f094808eee

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b0dd48f8ec1b714e28f06fcd2ca8c6a5

SHA1
539e563eb3d3b2313425e0ef00e454725f82908d

SHA256
4e54e1a13d304db27cc88ca61f0d13b1abcf8379a78e80fa488ed499438cf267

SHA512
670ec22a1a790b403568f5e74cd63a9e54d6ab4e54503e08319283ba986c29b7110aaeaf3047a378afa4df8ae4bd25946441f4931c48f054f22f73b9a87ceb80

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
92cbc400de039b843c8d5dae54e3853f

SHA1
3895f2f35aca17721e0f32014b242f24c1253e90

SHA256
ba5c05312335f9ae65f2c65f73b5e25e24fc0a0a5a02bb7579a3c2bf138e7400

SHA512
d341a9a529eb0472e629d9e698e99af14bb4b01d7df7ebe1e8709034c519c5113d76bb7fc83b0fa5c3761ea877e8ba082fb49258bdcd9007f2110e8b2606d4ff

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
dc8db4281d33ce581e8c5fd79ecd34f3

SHA1
e05a030141234c4b116c0bb97134872e7f343e37

SHA256
aba5624108d06c14b7b1125e9e40a70e3b54796411c6b0a6327a7f47262f9efc

SHA512
eb3f1af17a43455d2567e555bef1da8ecd8d309d6319300b4cef3e350fcb862ff6a33536c5245db89fa2fda2c97f01a7a1cbe7cbb3f9c4cc17bb497679b21d67

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b33ead79eeca85cfa69a00e01d58cb5e

SHA1
739fc4a58413fefc935980bbe0d050d2f34ff238

SHA256
5e8c4cbacaea0259dbde9a71bccb944c817df78c50275556cabf5504676ccc70

SHA512
23a62a495894cfda1bf98ebafbc06b7d4e1facc483ba78b9ff1a0a68f9e0f9620f831648d0ed87ca7761a48e449688664d898537ddf58d4cd66b8f358d8a3b3f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5151103dca92e2a798b1cdcf88df00cd

SHA1
56ded5d191eaa08e044187211f89d0b610eb1da1

SHA256
e0d53611446cfa9299e16a6866b251d8bfabe64ecd310dd2e6245f83f220767f

SHA512
40c0d8e77554e9e0055e173f849948f99f17f4eb499320c292812703253c974b7f5c74be29c27120c226ff0abf754cf24ffdb4fe56f82e1fe4ecef2df58d57df

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ee353e129fffbcff1f302bab35b5691b

SHA1
a11d45d162deecec1f574f79c69e2c4e46b2bf26

SHA256
466ee3852191018d81b9f2daedcb7a930491eae1b6276e2f55004fce87f602a5

SHA512
c4a4b848b37352519d0565613ddf11f368deae6a3cbfceb79c22b0b5efb944e75367f9ff7a252a77c31f1fda65bf872a35005a3c34a1c36df03ee62d66f406e6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab8A86.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar8B06.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Users\Admin\Downloads\RIP LMAO.zip.esqmt71.partial

Filesize
1.3MB

MD5
cc17b7415ef8b6afb240325dbba61baa

SHA1
c3681a4d45a4ab10f704d193940f158cd63b41ff

SHA256
87e5b0bef97f9dc195693b5499a0e5f5d0ce7e3e5bf610cf7f2836904e1d9a62

SHA512
79c17e03333f2270ede348572bf2f231055433478d135c9c4aa3454b8c9b79bb34742f162cc6cac85da511a1ab219be75646393767388455cfcaad39b2a731c5

Download Submit
C:\Users\Admin\Downloads\RIP LMAO\WindowsFormsApp1.exe

Filesize
1.3MB

MD5
70117cfb0d652621da77c47c952fb81a

SHA1
3d841739fd18d02612851c10684631ddcdbc442c

SHA256
9e1609ab7f01b56a9476494d9b3bf5997380d466744b07ec5d9b20e416b10f08

SHA512
abaa63d29588b5fdd5fdc99b1a9eeeeb5ec32416b24054ea5111d960c483492e8b76fd5652d32d8bf6380a7a803916e3009c90ffae9988bee6c4f09b4b7a71d8

Download Submit
memory/3012-1319-0x00000000713F0000-0x0000000071ADE000-memory.dmp

Filesize
6.9MB

Download
memory/3012-1352-0x00000000713F0000-0x0000000071ADE000-memory.dmp

Filesize
6.9MB

Download
memory/3012-1348-0x00000000713F0000-0x0000000071ADE000-memory.dmp

Filesize
6.9MB

Download
memory/3012-1344-0x00000000713FE000-0x00000000713FF000-memory.dmp

Filesize
4KB

Download
memory/3012-1320-0x00000000713F0000-0x0000000071ADE000-memory.dmp

Filesize
6.9MB

Download
memory/3012-1318-0x00000000009A0000-0x0000000000AF2000-memory.dmp

Filesize
1.3MB

Download
memory/3012-1317-0x00000000713FE000-0x00000000713FF000-memory.dmp

Filesize
4KB

Download
memory/3012-1861-0x00000000713F0000-0x0000000071ADE000-memory.dmp

Filesize
6.9MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads