9cf9bc6733b6556c1c5adb6bb36f202ceb3a932318f8acef38ff889d2ead29c9

Analysis

max time kernel
143s
max time network
137s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
25/09/2024, 03:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f50921030e6ae2af4b7b0651d2e1f9f6_JaffaCakes118.exe
Size

83KB
MD5

f50921030e6ae2af4b7b0651d2e1f9f6
SHA1

edd8a450475ac20d0aefec900b42bc855dc2ad7e
SHA256

9cf9bc6733b6556c1c5adb6bb36f202ceb3a932318f8acef38ff889d2ead29c9
SHA512

00ad2cae0c47e92c87aad285a91965bb2323e96199e6ee883f04846b8d6ffe0cf2dc4d50b22897322d541637c0a9c944765fa79dcedb33b3b91685d189097615
SSDEEP

1536:qVoMV5LdRgB/4GPDG0bWX6vcpGE3Z0Sl4JSuZs0St:8gB/4GP60R0pdzl4Pg

Score

7^/10

adware discovery stealer

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
1652	regsvr32.exe

Installs/modifies Browser Helper Object 2 TTPs 2 IoCs

BHOs are DLL modules which act as plugins for Internet Explorer.

stealer adware

Modify Registry

T1112

Browser Extensions

T1176

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{AA58ED58-01DD-4D91-8333-CF10577473F7}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{AA58ED58-01DD-4D91-8333-CF10577473F7}\ = "Google Toolbar Helper"	regsvr32.exe

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Google\googletoolbar1.dll	f50921030e6ae2af4b7b0651d2e1f9f6_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	iexplore.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f50921030e6ae2af4b7b0651d2e1f9f6_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regsvr32.exe

Modifies Internet Explorer settings 1 TTPs 28 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\InternetRegistry	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Zoom	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\SearchScopes	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\IntelliForms	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{3A41B271-7AEB-11EF-925C-5EE01BAFE073} = "0"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "433395486"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\PageSetup	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Toolbar	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\LowRegistry	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE

Modifies registry class 46 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4319F0D3-2E1A-427B-8A90-35B5244E42AE}\ = "IGoogle"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4319F0D3-2E1A-427B-8A90-35B5244E42AE}\TypeLib\Version = "1.0"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Googletoolbar.Google\CurVer	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{AA58ED58-01DD-4D91-8333-CF10577473F7}\InprocServer32\ = "C:\\Program Files (x86)\\Google\\googletoolbar1.dll"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\1.0\ = "googletoolbar 1.0 Type Library"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\1.0\0\win32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\1.0\HELPDIR	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{4319F0D3-2E1A-427B-8A90-35B5244E42AE}\TypeLib	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{4319F0D3-2E1A-427B-8A90-35B5244E42AE}\TypeLib\ = "{2318C2B1-4965-11D4-9B18-009027A5CD4F}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4319F0D3-2E1A-427B-8A90-35B5244E42AE}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Googletoolbar.Google\CurVer\ = "Googletoolbar.Google.1"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{AA58ED58-01DD-4D91-8333-CF10577473F7}\Programmable	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Googletoolbar.Google.1\CLSID\ = "{AA58ED58-01DD-4D91-8333-CF10577473F7}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Googletoolbar.Google\ = "&Google"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{AA58ED58-01DD-4D91-8333-CF10577473F7}\ProgID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{AA58ED58-01DD-4D91-8333-CF10577473F7}\VersionIndependentProgID	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\1.0\FLAGS\ = "0"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{4319F0D3-2E1A-427B-8A90-35B5244E42AE}\ = "IGoogle"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Googletoolbar.Google.1	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Googletoolbar.Google.1\ = "&Google"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{4319F0D3-2E1A-427B-8A90-35B5244E42AE}\TypeLib\Version = "1.0"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4319F0D3-2E1A-427B-8A90-35B5244E42AE}\ProxyStubClsid32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{AA58ED58-01DD-4D91-8333-CF10577473F7}\InprocServer32\ThreadingModel = "Apartment"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\1.0\0\win32\ = "C:\\Program Files (x86)\\Google\\googletoolbar1.dll"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{4319F0D3-2E1A-427B-8A90-35B5244E42AE}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Googletoolbar.Google	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{AA58ED58-01DD-4D91-8333-CF10577473F7}\VersionIndependentProgID\ = "Googletoolbar.Google"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\1.0	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\1.0\FLAGS	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4319F0D3-2E1A-427B-8A90-35B5244E42AE}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4319F0D3-2E1A-427B-8A90-35B5244E42AE}\TypeLib\ = "{2318C2B1-4965-11D4-9B18-009027A5CD4F}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{AA58ED58-01DD-4D91-8333-CF10577473F7}\InprocServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{2318C2B1-4965-11D4-9B18-009027A5CD4F}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{AA58ED58-01DD-4D91-8333-CF10577473F7}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\1.0\0	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{4319F0D3-2E1A-427B-8A90-35B5244E42AE}\ProxyStubClsid32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Googletoolbar.Google\CLSID	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Googletoolbar.Google\CLSID\ = "{AA58ED58-01DD-4D91-8333-CF10577473F7}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{AA58ED58-01DD-4D91-8333-CF10577473F7}\ProgID\ = "Googletoolbar.Google.1"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{AA58ED58-01DD-4D91-8333-CF10577473F7}\TypeLib	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{AA58ED58-01DD-4D91-8333-CF10577473F7}\TypeLib\ = "{2318C2B1-4965-11d4-9B18-009027A5CD4F}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\1.0\HELPDIR\ = "C:\\Program Files (x86)\\Google"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{4319F0D3-2E1A-427B-8A90-35B5244E42AE}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4319F0D3-2E1A-427B-8A90-35B5244E42AE}\TypeLib	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Googletoolbar.Google.1\CLSID	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{AA58ED58-01DD-4D91-8333-CF10577473F7}\ = "&Google"	regsvr32.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2632	IEXPLORE.EXE

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2632	IEXPLORE.EXE
2632	IEXPLORE.EXE
2740	IEXPLORE.EXE
2740	IEXPLORE.EXE
2740	IEXPLORE.EXE
2740	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 19 IoCs

description	pid	Process	procid_target
PID 2736 wrote to memory of 1652	2736	f50921030e6ae2af4b7b0651d2e1f9f6_JaffaCakes118.exe	28
PID 2736 wrote to memory of 1652	2736	f50921030e6ae2af4b7b0651d2e1f9f6_JaffaCakes118.exe	28
PID 2736 wrote to memory of 1652	2736	f50921030e6ae2af4b7b0651d2e1f9f6_JaffaCakes118.exe	28
PID 2736 wrote to memory of 1652	2736	f50921030e6ae2af4b7b0651d2e1f9f6_JaffaCakes118.exe	28
PID 2736 wrote to memory of 1652	2736	f50921030e6ae2af4b7b0651d2e1f9f6_JaffaCakes118.exe	28
PID 2736 wrote to memory of 1652	2736	f50921030e6ae2af4b7b0651d2e1f9f6_JaffaCakes118.exe	28
PID 2736 wrote to memory of 1652	2736	f50921030e6ae2af4b7b0651d2e1f9f6_JaffaCakes118.exe	28
PID 2736 wrote to memory of 2612	2736	f50921030e6ae2af4b7b0651d2e1f9f6_JaffaCakes118.exe	29
PID 2736 wrote to memory of 2612	2736	f50921030e6ae2af4b7b0651d2e1f9f6_JaffaCakes118.exe	29
PID 2736 wrote to memory of 2612	2736	f50921030e6ae2af4b7b0651d2e1f9f6_JaffaCakes118.exe	29
PID 2736 wrote to memory of 2612	2736	f50921030e6ae2af4b7b0651d2e1f9f6_JaffaCakes118.exe	29
PID 2612 wrote to memory of 2632	2612	iexplore.exe	30
PID 2612 wrote to memory of 2632	2612	iexplore.exe	30
PID 2612 wrote to memory of 2632	2612	iexplore.exe	30
PID 2612 wrote to memory of 2632	2612	iexplore.exe	30
PID 2632 wrote to memory of 2740	2632	IEXPLORE.EXE	31
PID 2632 wrote to memory of 2740	2632	IEXPLORE.EXE	31
PID 2632 wrote to memory of 2740	2632	IEXPLORE.EXE	31
PID 2632 wrote to memory of 2740	2632	IEXPLORE.EXE	31

C:\Users\Admin\AppData\Local\Temp\f50921030e6ae2af4b7b0651d2e1f9f6_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\f50921030e6ae2af4b7b0651d2e1f9f6_JaffaCakes118.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2736
- C:\Windows\SysWOW64\regsvr32.exe
  "C:\Windows\System32\regsvr32.exe" /s /c "C:\Program Files (x86)\Google\googletoolbar1.dll"
  2⤵
  - Loads dropped DLL
  - Installs/modifies Browser Helper Object
  - System Location Discovery: System Language Discovery
  - Modifies registry class
  PID:1652
- C:\Program Files (x86)\Internet Explorer\iexplore.exe
  "C:\Program Files (x86)\Internet Explorer\iexplore.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:2612
- - C:\Program Files\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2632
  - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2632 CREDAT:275457 /prefetch:2
      4⤵
      System Location Discovery: System Language Discovery
      Modifies Internet Explorer settings
      Suspicious use of SetWindowsHookEx
      PID:2740

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Browser Extensions

T1176

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Google\googletoolbar1.dll

Filesize
56KB

MD5
2842635140c2ab6993fa5457842f584f

SHA1
57282421821a826d43503ff48eccad80506e5334

SHA256
76556ccb6c4798142d4a275251d698762ffe07909bc0b69d6288990c327856ca

SHA512
693f7592c06a68bc74abd54b610aada5ababc4d8b3c788ac592be70429859314f6766dbde135ae1591d611e983be2400b300c276e4bbaeb14c71b4b6f335a169

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
880443cf71baf2191660caf56c361aac

SHA1
93341dafcdfffbaf24c5a7b136724ff4ad5a304f

SHA256
aa8fa010a0047890c685869de8c5d9b5f3dbe467cb6f5073b2bdebabdfc4f766

SHA512
f6c999c68f67e6b6228d0a1bb5666bee90567401796ed5147e98b3ff5a9ae233f96e19ad73c52e51dbfcc79d64246e7000d3f40aad3d6990c0a0b49efb9b0844

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a2ddefac630f8eb82bba7aa731a05aac

SHA1
2f662106d27b9570b688c8fbc2455bba96851f68

SHA256
e72801be7caf1d07ed565c29ed130b13348d593f947b145b0caa6816764a05e0

SHA512
4fde1b4ff6b2a30d0511c72171e8253db4634b65c3388b544d67080af379a4090402cbf0ac62960facc709384b7b37de44f44a362bf2563142d5eb1410485015

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
afe0e2b0eeacad25593d0bf62f1e5431

SHA1
6909c17149a2f107e51a5c94aa2655142b4c87b0

SHA256
b4801c8083d97b05770381d362bf3a033dde1ba9b650ab54189018d48eef3efa

SHA512
e2f4664f2e5195240ad4d0476c7bc9944cc991b4070364771c67328d86932b5f3da7f79978b34c05d398f6f5c7525394cd0238e65c0e5e901771b86015daaee2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6d2271fa7da464c66a164f65410893a0

SHA1
3e9e6de17107cec9b3ac545435a51d5054210e46

SHA256
291d458f633b915b92be67b762ce9d5118376e12d49cc2aa8bf7993de035b3f2

SHA512
874dc69690eee6aa886a492c87820db49b2579e94657dd2e5671cfea5ca27eb5004c3d77f1296e81e6ac3101b796a4dbf8bd3e0b9014896c322af679f68dff8a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9ee5cd03f4ac1b73e4bd9d3e6341928e

SHA1
19f80b846b1068420bf9310a6555b5a6cfe941d4

SHA256
90091c66e724cde543100ef096d030a6a4f2c7362107129c8c38a82d1a9a5254

SHA512
20e6445cb1c1c7d96ca49852c74f96472c4ab3913a6bb1d917564086e199ef759ad6bd9d4298d4794eb807b138b7161fa84522321571853523a1ed0fc8acf6e5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
39a9536d632f81b923c2be335830cc35

SHA1
d58b1fa029a6bd90e1f9bb4902d0421e51a44625

SHA256
c7b7bdf801fe3fc2536d6f56b71ec1bd757fbd722e24f9450531570e2873fc76

SHA512
377bfb0e37da00ea78bf0f42cbefc2f6400da9c1c3dcf57326f1c345ea2ae1f8fab15e1ddd52eeb4e2730dbb11636e378e3948d6523f4392314431b1891fa5a9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7510a9612bef72a313eabf2dae0c7d83

SHA1
a30e6f9510f2420eef2a2b6d962a26027240c92b

SHA256
c801235c2a881925d45194866066f9eb7a15f838cdc8e9d8728042d45880ad04

SHA512
9a8cfc521e4edf9689675d1a10a9daa6018f0fe35df32e00ea23040247e148f26b597e4540c57e67537bfa735e61d12a6312b3cf6f347073e8580a52d56c313f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fb8635ca044553b0b383d6f13a8e74ac

SHA1
8003273670bf0a3de53e02a66ffe510ff79b2163

SHA256
c1a46279831d31282f4ad1c07070afb21301bc708c0a731f9f8c2c275cbec42d

SHA512
f82df12e1a5db6f88e4d06d55e7ef4bae2907c2d6df52b66623eaa9eed1e140ee9d0ca5276ebd5fd7e9a51abbed06a8c7ae12b7d46723b8cac16cbb8e1d460f8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2faa5c830e9a2ae216923fd59661fc2a

SHA1
eafedae96f92cbee1b01fd32ee45cfd03501e177

SHA256
2f2830770d193129414504b57f36cd6e1c6748a9511eed4927dd67b974853978

SHA512
b08c8cd151574206be46763a7970497c32767c7e9f0a908798397672d469c6e46defae2708f13e2684907bd0cd65fa7883beb7b6fff932d417283dedbee75fcd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8cf6f1a26c0fb7d72a410fccf1e1b9f6

SHA1
9038480f622e20ecb05c0f40d07c1357a8c44f48

SHA256
1180e023176d052e81f5d5cbaa7780d57fdcc06fa0de587ed91efdb3d40683c0

SHA512
2dce6fcf6cd6db84a62159669bbb493ec72c17b7eb6444fae6b8df252bc1eeab6b14de6d03620923dd903287649439e6e8de345ebf3901286dad98876bf30108

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
05e2e8c7c639c170c5403c158fa6e292

SHA1
850c38df267841855bf7c63fb62e7ab758c2a624

SHA256
d1a6a5eff4944fcea44daaabf0f38fa1848b3d8248d169ad0f7dd5ddf22bb451

SHA512
31e8b651900f67017f76a7f5f42127374c88db43ca197b2d6920a653b4ea02a9eeeafa7beb244add517d8c897c28f5e94e6fc75ac0009f4452952b980f185d81

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
03338f1fa4e457ebc93aaa72abdf79ef

SHA1
2b649cd12834aab23813bd15e7199ace390458d2

SHA256
80b581078e4c5cfe672fdec8a0f78cd38f9fbd0c5467dd0bfe32c5266220248e

SHA512
30189b5a826943ecfb1d68f76c64ed337057bcec912eb6ceee42ce95c0ea7f1f6bdbbf6b5b49715f58efb1c64da19f406b4c9ade3d0243a9c0e3e9e196163642

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
65c1d62d480381c48df66b6a06b913d1

SHA1
8d51c0b4d3cf6f5ccceadb8b068665b55da1e50a

SHA256
ee7c19b9445c096d6eeae08060b18642f204f9afaf588f8b0e5867c579df2f82

SHA512
565efe820830077d4c0c81206f1710ff70bf854bc9234768181898d9afe7b8e76b76d4a2ca4cf3809de3d37b02d681f7272861f3921602763eb45d41f2d5f120

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
49a0a3b2b9da2746ccb1a7dbc602acf5

SHA1
18d8de60f62dbcc0611c0922ee8a7088d810f3fc

SHA256
7f6a0f58fb91cee72cf3cb9cdce0997971151400a36f5d60d609162cb169e786

SHA512
f56a7f35996a3231178ab131ce5ef33fea7929319a0dfcd1ee49ac188beaef44be1453121a1c797e655d48b1ef1b6656c97f1387203031538d83008ade91f18d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
48a9770f0dac4f39fd8adaed7c33a4d4

SHA1
148df8a6684862ec2598a0eb016b3f3f41f0b9e1

SHA256
c972d8a8696a5dad4fe5b26c2b4c58fd476db3e92a05e79ab6a847b99a5821db

SHA512
596ac8d8c670ab3559e7ec0262ad29aebc3e4247b2184aeb22528f83af488dc161ae937ea55cc9d65f2a4e4d3f9432762dd0633e5595c95680576849ba5b13f3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4c19616a4be7d19e40c99bd99629a3c9

SHA1
f2b2cbff8d427ece917a53f24851802482111bcd

SHA256
fec82bc6ce016802bc2bcb0026b3e9f6e0ca959396c790558d140a64ed813f08

SHA512
01aa1f53503a787079f40d2c6882ff5d50f9954d487b8adcb88c962f134bf3c909432cd2a993de6cfcc9dbe89af5feef3873dd86edc14389d0ae9e722259edbd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c29e0e17ccfd652d324d6d2f1770a8bb

SHA1
27038abc4ad6461eff252b3cf71f949dbe126031

SHA256
3f68ab18cedbc9b1046fe87bace7b549468a37d56bb689fdadbffb8b3aa055df

SHA512
65c82d305a624e89fc79d107796bd46edc56668dc8bf56e3846f4a284e6fc4cbd21eb19bc5f25e8e536693938a3eb00b189355507483269e3d937fbfc5cf975c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
994f24222e5a8fa7cf5447b3ad462027

SHA1
602c13f14a42bad9185bf6429dbd577fc6262c8a

SHA256
5617750f7abb6a10e3a554f4779598f407e27c2dbc8baf654795090a47285fcb

SHA512
db88bec4faa928403875595108a239ed3d20f66c4d96e1036d84f66850922d82e6903a1c76c7cc9c48f9e94cb8d812005e0955105b0267c1356704a3a4a57ac2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bfcc388268656f4a1211f6ef5c3f4d6c

SHA1
ad3492263a66ce8b12eff79e2f15e4c4a2595813

SHA256
82ded77af2d6c14199a27d0aef0d2a9d02ae15c4b38e1f860c1441beaf35a67b

SHA512
eb1400b5f6efe546f618a839ecf97ae3edda3ccd7526d0998c0f5a040f659b55fd7d30ec0d67960e14bd8fdc3e34e830fd6e2a6517ecc6ebe6af6d3192a27153

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab958E.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar95EF.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads