41cd725357f8b828ad838b2d8aca193c157509d44e2aca133ce0f5eb95434212

Analysis

max time kernel
144s
max time network
145s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
27/09/2024, 07:48

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

fa019d8a7139062f4636767fbcce8915_JaffaCakes118.exe
Size

49KB
MD5

fa019d8a7139062f4636767fbcce8915
SHA1

1dd1da89e75c3ed1f35ea4129f215548834ece29
SHA256

41cd725357f8b828ad838b2d8aca193c157509d44e2aca133ce0f5eb95434212
SHA512

c5f7f5742624fd806dba46d41e062655ee879aee53a909321d143cbe6c4b25a988cb71f336b6c69eeb53af7a5887da0124fc9b319f94bca9a7aa72986c569ff9
SSDEEP

768:I8RS0QW1/vJrgI7nLq/diPRtDLGdzHEZSlFKq7IqFQXAF2C2bTGPYu4f:mAZfa/QDLGeAlB7pFgbbWG

Score

7^/10

discovery persistence upx

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2768	iexplorer.exe

Loads dropped DLL 2 IoCs

pid	Process
1448	fa019d8a7139062f4636767fbcce8915_JaffaCakes118.exe
1448	fa019d8a7139062f4636767fbcce8915_JaffaCakes118.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\msnexplorer = "c:\\windows\\system32\\iexplorer.exe"	iexplorer.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	\??\c:\windows\SysWOW64\iexplorer.exe	fa019d8a7139062f4636767fbcce8915_JaffaCakes118.exe
File opened for modification	\??\c:\windows\SysWOW64\iexplorer.exe	fa019d8a7139062f4636767fbcce8915_JaffaCakes118.exe

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1448-0-0x0000000000400000-0x000000000042F000-memory.dmp	upx
behavioral1/files/0x0008000000016c8c-5.dat	upx
behavioral1/memory/2768-14-0x0000000000400000-0x000000000042F000-memory.dmp	upx
behavioral1/memory/2768-20-0x0000000000400000-0x000000000042F000-memory.dmp	upx
behavioral1/memory/1448-18-0x0000000000400000-0x000000000042F000-memory.dmp	upx

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	fa019d8a7139062f4636767fbcce8915_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	iexplorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000078a0cc6b0b830b4fbbc12dd3fac6f54200000000020000000000106600000001000020000000da5e2102e086cfc69332fdf515b7fd53305cea975c4195c1d7f69fef18f31ae5000000000e80000000020000200000007cae013179068d3ca5ef764826d31eacb1329cdeaf4baaa563922161ff2f533020000000b1c8600ddfaf2467a8e23e636ecd3a578d96f9a1a7173bb97cf0f458ad5ca3454000000071a165f425f22b3ef73fae453bbe8a47d99efdcf400b4b374f3ee2e297285edae466df62891855fed7d638974ed8ea34fe017c2c2012e66a61c40c6be2d43f2c	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c076e5b2b110db01	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "433585163"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{DB1E8D21-7CA4-11EF-8778-C60424AAF5E1} = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000078a0cc6b0b830b4fbbc12dd3fac6f542000000000200000000001066000000010000200000009c91798ebee7f9798ba50dc829388f1453eda81c36455f713ce88a5fc0d17cda000000000e800000000200002000000050e7fb328d85a6b2eb4206b016d1e02a293693033771f710f174ef0219756686900000000a0f28bf1ab77bbb35f23ea0ad2135ab700f4c6af2f99674514cd954bd92cdaf4c32ed9ac6a236f2f6d8decbb64b0f3708b2683425680241b793b5bce5d2006d1150f8a7095244577534172184e2ffba58fb53b5800b760929aa875e58f471276887cee857b22b4366cc75ad8931af9b4c60a9c3d47c3d3cea84b2742a5a96ac4efcf388a038c2317394b0cb2cc1ac4d4000000007b51c970c7ac7175fe3e2a407c045c96ec3670a784b1e8c0e74d653b7feaaea3e8d0600bff2ae6d405993f9cd0294c08a701d6492253f06824ad043763dcad7	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
540	iexplore.exe

Suspicious use of SetWindowsHookEx 8 IoCs

pid	Process
1448	fa019d8a7139062f4636767fbcce8915_JaffaCakes118.exe
2768	iexplorer.exe
540	iexplore.exe
540	iexplore.exe
2708	IEXPLORE.EXE
2708	IEXPLORE.EXE
2708	IEXPLORE.EXE
2708	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 1448 wrote to memory of 2768	1448	fa019d8a7139062f4636767fbcce8915_JaffaCakes118.exe	30
PID 1448 wrote to memory of 2768	1448	fa019d8a7139062f4636767fbcce8915_JaffaCakes118.exe	30
PID 1448 wrote to memory of 2768	1448	fa019d8a7139062f4636767fbcce8915_JaffaCakes118.exe	30
PID 1448 wrote to memory of 2768	1448	fa019d8a7139062f4636767fbcce8915_JaffaCakes118.exe	30
PID 2768 wrote to memory of 540	2768	iexplorer.exe	31
PID 2768 wrote to memory of 540	2768	iexplorer.exe	31
PID 2768 wrote to memory of 540	2768	iexplorer.exe	31
PID 2768 wrote to memory of 540	2768	iexplorer.exe	31
PID 540 wrote to memory of 2708	540	iexplore.exe	32
PID 540 wrote to memory of 2708	540	iexplore.exe	32
PID 540 wrote to memory of 2708	540	iexplore.exe	32
PID 540 wrote to memory of 2708	540	iexplore.exe	32

C:\Users\Admin\AppData\Local\Temp\fa019d8a7139062f4636767fbcce8915_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\fa019d8a7139062f4636767fbcce8915_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1448
- \??\c:\windows\SysWOW64\iexplorer.exe
  c:\windows\system32\iexplorer.exe
  2⤵
  - Executes dropped EXE
  - Adds Run key to start application
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2768
- - C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" http://charges.uol.com.br/charges/20061210som.swf
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:540
  - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:540 CREDAT:275457 /prefetch:2
      4⤵
      System Location Discovery: System Language Discovery
      Modifies Internet Explorer settings
      Suspicious use of SetWindowsHookEx
      PID:2708

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

Filesize
1KB

MD5
55540a230bdab55187a841cfe1aa1545

SHA1
363e4734f757bdeb89868efe94907774a327695e

SHA256
d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

SHA512
c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
736c45b7e9a7dd5321d4ba586826dbeb

SHA1
f7762a73e8854e48649134db9a119f8771501d62

SHA256
f8b60b637847850b53bc15902939e54096f8bede2c24dd36d23e5f0a09748680

SHA512
46a124abd158da7e97850f0fa31cef1ae63ddc43b2d3c80c79e716635862fa2fa8ede2f2742c0335e93a7a6ef9f83200e6150cb4bb9d3e102aaeb688f1e0f472

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c9f44d81bf3a0aad4e7f1ce6b61ee369

SHA1
0627fffba3302669d86bf48b5a91bef5ad08d628

SHA256
f538e1bb6bcb967c2a770c6f312888860d5c0890f1c561a8af48e99d0e90e753

SHA512
e0c102000fa3b7e7781a6573df6abdf7ed2c487a678399f062ebf87462a81364a655e57c54ddebebdd7fd4a5701b570992e49eb20eda51b085d128ee0498e309

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e8d5de63b91caf5d1e5763cf933de515

SHA1
ca50322a93c56e281ef05eb5a9a8e689dfab83bf

SHA256
e1930585e9f1c8e0c25efe726c52803ce00fe14ab15f38ed60fcbca25a95194a

SHA512
41ff76107ddbbba17a5c63d7e44d94498aa327a4656684cefbb2c7e555801d8ed5a06925ecaec262116fd175b48043420c48691b6521bda57c2b40175130e2eb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1b1f45db17600822f771f6219822a5d8

SHA1
c129aa2dbd36098605b01629319fd49a70127d88

SHA256
94807fa0ba71add52010ceabe6d294fabf27a661e67813f8241498046dea7990

SHA512
9e09970494f8498ce17f77a2dec327d7e330a04bb748f0e3a04be3b1cb37c7f4858bae65e86ff90f602dc76c9f5bfff9f85645af0a3c543774d8c1a6e890c534

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f3021aa1c294293232cb5c0d92e53398

SHA1
e029e4771ba64e7843b4fd8d80480cb322d2c9ef

SHA256
6eb1450ed4cba6bda25e05d4c6c39314db388818232dec5f5dfb818d50bb3804

SHA512
11459ef52d4e0d266937566f34108157c51faf9a822d8ad122d1d0d0cbee52503b2ce3819fe632a71632786c864801c8ee452f31b13806dfa92bfab7fcb87fbf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
50c9b626e52621e287e3f1ea1784adb1

SHA1
4f91a46b7deb540eb75d122cc880e0b99f5ed896

SHA256
dc60d95a27382e358fcf15c8b51625b2bc889b6984dcf4096e561641802fc569

SHA512
8f8186a1ee00c16e841040fb03524c291748d9d05bfc9547cc391e65125411d4d53c3d7ee43afdef1288dddee42270768c0a275aa2d6ef09897589464e790ca9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c8d382a5f9a29604803d3f5ad17e1fa1

SHA1
13e8db0da0afc2117c684b7b05dbf0e96ee400b3

SHA256
b92006f4f69b7753234c4e42badaaa514d83b907c081ec71ec18074d755da6db

SHA512
a18e6d53e965d361518cbd67b27a90af13991b78bceb0814c8389be60d39917953acf546c5bb1262fe6289fd17dd16ab5abfcd0d9ffe0e02057d7c4fe07e8edc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0889caf03ebfa4b22cb02d44e0190ccc

SHA1
be16c4fb5875a37cb824a9f30282193fa5586f45

SHA256
d674b4db1a1c7725fb8c516f3c0f1d640fb039de234d029335fb3022b60d1d00

SHA512
2c465eb18a3c2f02269dff2adb6acda733c49542f5b956f429171680e8dd48d129bec29113b7955fa93d74bf39283e7f4845b65e9402973a0d8d16620cfc8c39

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6f6772ea9c03216e78f507f3d0b32161

SHA1
d28a53d6f1110eb815f438e2f15cc21ef18eb647

SHA256
8ef3c77872430774fa73814681f7d34c4e7154e991b0ea8345ea03f8f373756a

SHA512
63530689cae34eac2611b7e711f5137514c09cf8c7b7e49e0779ba4b92158dc5883223b593d9e2189c4f5cf9927b595a7490723e163aa504d281dce927ef0725

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
42f7491f022cfcf8af636a04fc697a7a

SHA1
a6e6c7fc78e24c7748ea58b1960b623a862d040a

SHA256
dee22d62b9712dc7efd88804cd5f07b26a751ec1f8b1e88a134296a05a8b7ad1

SHA512
fc2906052eb181e6c7da66ea83e26eb85f9cc832c2062bff1febd2c6609119569d0f4145a271c4e499514777a5e1f641e871fb2ca7ac41b59f99e5c88dc60678

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f566afb2d50c85ff5889cd1f860ff2fb

SHA1
35afb379489b86861e941c02bdfc86ee75feec0b

SHA256
19b8609888cfaa53fd85ce7d99b29c7fe65aec9ad526abc4789bd9431c7da4ce

SHA512
8e783ee6a9fe5844ecbd507d19aa4933afd6e007473e672ee2384bfb45d0f8a78c88b002b50e2264aa961174494d03856befb73fc78f23efa5ecc8b8eaf83ca1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e274330bb1a1021d8da0fd8375916089

SHA1
0e44a9f60a8d73ad4b2d46c1914e1f16e3d98be8

SHA256
5439f4590ee61547283fbd8102526e1729f22478e833bc91e8ac04afdab2d9e6

SHA512
3674249eeaac2c19f8c3d19e77e747cdab8747d226483eba4a7d40e261c502f6213d9a2e5aeb130dfa6a63180e6f42b5126bde03152118db25fc5acbbf1c3704

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
70fbf97de7a1595b5f617d3ccf71f7bc

SHA1
7d0b3407fb4c1141c6cb0061a703c13baaab7095

SHA256
f038fc9e47e6dc910910054a1792a9c141ccf5d5e2da2222092d7829432008e1

SHA512
4ea19a4fdfc4c2a8dd03775f30db33092087d8431b4ff0c2053146ea2e74cc9ad6ccbf4982e25913a82db7ece5a2b08440eb7918b3050876ee6cba6680331337

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
eb21108cd32d50fe6bd8a2813ae45110

SHA1
9450b76d97fd92349ab01624d73e3429a2d0be5b

SHA256
109655519c4eec782d57ef1562bdb8968d7886112aaa644e89da9cbf13d54232

SHA512
59b32c8956e9a7abbae97304caef4e02e496e2a95287794ecd92d02897838638846d9b0668592a358f55dcbcbef5d5a46d12a7f641f58325adfa6babebc33677

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a9b0e616dbedd2411944f7a5275782c8

SHA1
29b851d93ccc8201e94d83a93a1b24d17def5393

SHA256
7df47f180268f05829aca22c23907f24b2b03a3f3dee73f12b5cb9da02540fcc

SHA512
35ad495ca62bd91d0631f594864c8f24315bfae52ba6b77061c6648222fc967f6c58d3a2243eb484acd84ea9e0b3141862820e2c31d4d18bab088368d814e4cc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ebfc7e0a48482b92787dafacbe391c8b

SHA1
dcfd6c669d1c554dbeb3e7c4783c08c13e217a76

SHA256
59aa4412d0d8bf449e9d8de2c8b2431eab8337ccf5560da8c29919c09603d832

SHA512
d9a7764dfca9104e126f83bfef3966249421c42d48c3a1fff0cb1128ed748eeee1cd5a0900c285a2efc3b26a1dbf96bc59eeb61ad7fcb5cf3120ee86c17b32ee

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
73b383a9c33bcd62276e3449e1581bea

SHA1
3c76b2646d8f980a596ef79a2a09435f4274775b

SHA256
726f83373ca4d339825b31daae16d67a6f231ceb77fbfe1186ea4c3f7456d8d6

SHA512
70d9465759545b57e16a7b94243ef7cde6fe52bf09f72a3de053cdc955e5b12af97d41e6422d5026714735e9c3a8801cc05774f04f4527c68144ec933d320789

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f0d8decc6b371ad45eab31789e8bd962

SHA1
8eb594d00f58fadb886a31b541e1ed9b26daa4d6

SHA256
f7a040ce24266fcd8e52f981236f07fd69d6cb3edbc33062a1b68d639349cadf

SHA512
1d45645fd439e63461236197890dbf5424b566b5b1133268bc231bd2d09fc7ac80512c3a43a129b134b277466233ba1ce5d48e80debc1d5c6075950884f1a893

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3662b1e9d83dbbf7cfbe37437db4cef0

SHA1
b5aad6009f5416aea27037e425ef05849f476ab4

SHA256
fc4e86c50d469631cb78736cc953c1023ca4cfb014735c93005e5b50ea353768

SHA512
b7b69d986f9610f7c48a02afac5da5e172c793ddb07ab34a73a5e08c764070373066a1fc9fe3679f4624f7ebdb13889e2d57ba039db8218dc7c3d5ed60d7c51d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9cde5d969d6163e9ed31f2433ba9ade0

SHA1
852e71bbc8b9e1b5e9e84be70a4eac22708e7b23

SHA256
8085954a3253dac4e4fc28e2e7139c724a69c93cb3a18dc34818d46100ee14a0

SHA512
33500cda6e1240388f7ef9916f0b37f4ad175e50dec4103ad121065447f69d75320c84be08adda93673c3ad70bd441f21055ddc23570f3438e6e61b7470b3613

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6e4f0b5198ed4012c9eb35464c038f20

SHA1
18c7325dd398e9e7fab5c4fad0531778cd02a9eb

SHA256
fd0e83534dad0b61fcc832cba18d49b35331fe0911a969eec19ac2b206e33995

SHA512
f259880202ec7913d4e5646564eeddba280810b780585f7deb6498397f40de0d44651e398a5c504c6b8cabcd5acbd94de50889513d7658bf306fd988e4645e7e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
01f214de762619d3a550d4626a1e17bb

SHA1
386782094d33b86f985b4b643e2d6a49820643b2

SHA256
f4224a788812b8bf5459775f79caa965226766c85ff880497f59b980f6ecccbe

SHA512
f0ccb8e9ede3f8d0681f23efff46017dac6398aae890d3835db8b77f33d5a46afee09297490702a4be6a643e6228749f725fee6f2f598c764ea65b1f94aaac12

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabF9C.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar101C.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
\Windows\SysWOW64\iexplorer.exe

Filesize
49KB

MD5
fa019d8a7139062f4636767fbcce8915

SHA1
1dd1da89e75c3ed1f35ea4129f215548834ece29

SHA256
41cd725357f8b828ad838b2d8aca193c157509d44e2aca133ce0f5eb95434212

SHA512
c5f7f5742624fd806dba46d41e062655ee879aee53a909321d143cbe6c4b25a988cb71f336b6c69eeb53af7a5887da0124fc9b319f94bca9a7aa72986c569ff9

Download Submit
memory/1448-0-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/1448-12-0x00000000003D0000-0x00000000003FF000-memory.dmp

Filesize
188KB

Download
memory/1448-13-0x00000000003D0000-0x00000000003FF000-memory.dmp

Filesize
188KB

Download
memory/1448-18-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/2768-14-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/2768-20-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads