629b372151bb4d904de33244a5452d76d9d427847c2b287cc6d6f9c9554b81ad

Analysis

max time kernel
121s
max time network
129s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
29/09/2024, 13:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fea77c090ec7b99389bac2d303a65c89_JaffaCakes118.exe
Size

8KB
MD5

fea77c090ec7b99389bac2d303a65c89
SHA1

12a95751ba64d051b22043c8c4fc73e8ada08398
SHA256

629b372151bb4d904de33244a5452d76d9d427847c2b287cc6d6f9c9554b81ad
SHA512

8c3ef427880bd05885069349bdf67d3ff540b20a95d13ecbf7d4dacc3d0d88bdd3eb216aba520f0e9fc5bb11e5d5c0d91214692a2a53eeefe59a27bf135e6dc1
SSDEEP

96:ziqFuUZ5AOPawy5/gKATMpxfNy2OM3uwMh/eB1eJj5l5rh4pi6fINYaqkGObt4Z:WqB/Aaby5/gApxlPNLaVdh4YtJJtbY

Score

7^/10

discovery persistence upx

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Control Panel\International\Geo\Nation	fea77c090ec7b99389bac2d303a65c89_JaffaCakes118.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\down = "fea77c090ec7b99389bac2d303a65c89_JaffaCakes118.exe"	fea77c090ec7b99389bac2d303a65c89_JaffaCakes118.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\fea77c090ec7b99389bac2d303a65c89_JaffaCakes118.exe	fea77c090ec7b99389bac2d303a65c89_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\fea77c090ec7b99389bac2d303a65c89_JaffaCakes118.exe	fea77c090ec7b99389bac2d303a65c89_JaffaCakes118.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/632-0-0x0000000000400000-0x0000000000409000-memory.dmp	upx
behavioral1/memory/632-4-0x0000000000400000-0x0000000000409000-memory.dmp	upx

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	fea77c090ec7b99389bac2d303a65c89_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Control Panel 2 IoCs

evasion

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Control Panel\International\Geo	fea77c090ec7b99389bac2d303a65c89_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Control Panel\International	fea77c090ec7b99389bac2d303a65c89_JaffaCakes118.exe

Modifies Internet Explorer settings 1 TTPs 28 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{338EE7A1-7E69-11EF-BA28-E699F793024F} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "433779445"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2052	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2052	iexplore.exe
2052	iexplore.exe
2348	IEXPLORE.EXE
2348	IEXPLORE.EXE
2348	IEXPLORE.EXE
2348	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 632 wrote to memory of 2052	632	fea77c090ec7b99389bac2d303a65c89_JaffaCakes118.exe	30
PID 632 wrote to memory of 2052	632	fea77c090ec7b99389bac2d303a65c89_JaffaCakes118.exe	30
PID 632 wrote to memory of 2052	632	fea77c090ec7b99389bac2d303a65c89_JaffaCakes118.exe	30
PID 632 wrote to memory of 2052	632	fea77c090ec7b99389bac2d303a65c89_JaffaCakes118.exe	30
PID 2052 wrote to memory of 2348	2052	iexplore.exe	31
PID 2052 wrote to memory of 2348	2052	iexplore.exe	31
PID 2052 wrote to memory of 2348	2052	iexplore.exe	31
PID 2052 wrote to memory of 2348	2052	iexplore.exe	31

C:\Users\Admin\AppData\Local\Temp\fea77c090ec7b99389bac2d303a65c89_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\fea77c090ec7b99389bac2d303a65c89_JaffaCakes118.exe"
1⤵
- Checks computer location settings
- Adds Run key to start application
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Modifies Control Panel
- Suspicious use of WriteProcessMemory
PID:632
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe"
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2052
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2052 CREDAT:275457 /prefetch:2
    3⤵
    - System Location Discovery: System Language Discovery
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:2348

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
81707f656c6ba7ecd0012ad7c06cb861

SHA1
5f1365546dfe9e2b63898cc9e62b2628ecfdd46d

SHA256
2784a43b4725bcef3a7109ae0005ecc09c611c3dd8e78312560a37c6fae43e54

SHA512
aaa431f23fa9723e4fe8de4ddff8a1ae7ec3a75f935361de50a5010971bb27b932b9dd4dd9b4577c303728e589652f5dde41bd9abcd4f7227a9bfbb4722069b4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
73a3e2d82314761c2cc388d2765e78d5

SHA1
ae1b1f0a5b2098e7d4c2110281bdcfb3999b1d23

SHA256
7f92d427f274978fac0c640cc6e78f76504ed92acc4a42db47c33232a466347e

SHA512
699b085cd0dee34e870a94c4d5014904a52c3583ada76958bc6b7963333690fa3acbf0112e5027c94d2f77544a7c62cf072c45739f4d97799a3f188f21ae7cda

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8c6f52369046df1994262175754f425f

SHA1
07cf1abe78f2935ab26e62a81e9b51ad645bbcab

SHA256
cd5611cddad5e3c937d1bf1cbb246a320eb413a9179274313054b1dd234397a2

SHA512
db74bfabd8718fb1463a3e1c523183c3b2c72051c07a928c36d7f08870d917d76f3463ce3300e834962c02e8d5c4e1eea8e05582d17623526edb999fcf650c41

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
100deee7d895a9a4aa8568e4ffdd3a46

SHA1
cb0ec4ec9c31f6564890b6770cab634de1d4ca10

SHA256
1a2cc2fd5c3476df73f30811077f153aefbd5751460b6d407cbe049f5d2140a1

SHA512
2b9bc9c305d01dea05e0b70c90727c82efa63fe4c101205c29280b71b3489aacc9a602786136a633f2c377d89287ec972c9a8741f94ec01cb7bb5c89e14b6416

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6ad3a962dd0a681273acf9ea506c84fd

SHA1
e864f3c5574120f3fb01b14cd5e253612e000d50

SHA256
052e7aff05ad2bf4b79cd7846fd1e195513bc85a08a411b103a8fe8dd48fdafa

SHA512
61bb8ee52f804a81118f50d227f8f8776fb5758e196aeacd5bba4e7e4bd7bfc9e97064bb7ee121fa0e940b8d5e3de98b0ef3d9cf8769b49b4761ef06cb89b7fc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6bc5e2469c73f08cf68dbd0baaa340cf

SHA1
8774566f8ecf78208054358242acee595b95ceb0

SHA256
34f3b2681e9d2dcf8a733148d8e18f2d90808cf47c60e2b8067fa3aff54b9dd7

SHA512
b9f89d293da999e512b2223134e56fcc88031a7db7066b05a39967d608202f2f88f73e4fa8a0b2e2cdec1368094e3d2601300b8b1bd4871fd439e2fa2048441e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
72dbb8ea6ea1befda9c7549e17883b91

SHA1
7ecbbde435f4d738a965b154ecebec6830ab1e9c

SHA256
797008b0858d576753bc818908eb2958576984d3381115e9f86180e0dc33141c

SHA512
2d41404bcca55b594e5d49fd207e8c68e13087ef9a2c56164678298052e92d98d9daaca087922064b1331d64fca5d723959bb265c3a299b1e360516a95346322

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f33e36f6486d05a3ae47b83df2fc1002

SHA1
03d158da75df7c223beb94833470d54644a2ff0b

SHA256
575d3f9cbe1716c2544e13df9ea68b4af8d37bd1e2502709fed0a4190279acbb

SHA512
59b58ecb7422b4377cd5ad3431efa009962e85ead815f1f3cd894e17701404a861170dd17f7829b67de3ba0fb1d528c159875787093415da8c919ba77e5b396c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0886d4e268c5d71f091e5264dd3e5313

SHA1
e3f5fda160fbf89e4eefda28030382d36214932d

SHA256
e3bca21d573f11ba5ac2ed9e7ec11fe3b30c2ba5303c6962378bbdfb762b7d2c

SHA512
3ccb490d53b26d16612a0328ba532abe38ef81e8b5ea575ca1e002783016375b7c760427ee3b10576cedb5a8d91f08a3a0268a6fc0acbb5416186a0469556761

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
dc6d22df33f3a0737ba6093591e798e9

SHA1
e72e6d0a381503153951d78cf4468a4ca4ab894e

SHA256
1ae630f232df47886447b908262da990aafb28c8c7fa009c8198e1e8f4ab1622

SHA512
e760cf7ac8c6f0cec37552ecf34560102f02af4b44e0bfef5b6db33d867b4fd8bd320e22bf54dadf5f59eb13f4b11ab1111b5f7c62219fa2d5a006bfddc876d6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0cf86fd912a4f7c846147571c62339a9

SHA1
87eab36190143ea8e36e853382157c2d06aa6746

SHA256
148434c6989fa39b67226a634cda1c1d08f2dff1ca59b13fa07556bec7a70c1b

SHA512
dbf2ad196f316146cf8c273a37894ccd0ea6f2cc55b3a617e401d0eb70bdebec91ee8bedf00d3cb0fd5d1d81c11ffbdb3f3303a69dd4e452fd2caa82b29c3363

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e7eb2a134841bb5fc378e967117c4d66

SHA1
eaa61e6b54a3b9e13f70b2a0a5ec8b41b7333c80

SHA256
c47e8cdb4b5827634b8a68b2128065685b122cdad9f1a8d7e4378ca0835deaa5

SHA512
cfb594a01d0e9fcb8c4dd0c90f5ae7976617078210eb857d39d81ab8aa18d2eb8df93a258c7c47f2816f69b521c0bfb6c38fc5eb3ff1ea095dad1b43f51ea1ff

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
51659bc7ec6f67231f64867a43122029

SHA1
897f913c71d9a80caa17131fea21179d9f943842

SHA256
cb4fc9e65c603f5f082f36f41546e2ac56068eee27868a6aba43d44e8f9c27af

SHA512
a3694284804ac9b2e52aa89ef7ba07afeed090c6567b507814ca15c86e9a11c57ea5261820b98cb57188ab63208fb47d66cab90f63bd978de4e03350386240df

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cb792c79ff4cbf02f9f861d5e393e191

SHA1
b119c74a716b59203299bc5f0ef6049783ba6468

SHA256
2c698cb0ec3a493ed2fbd48504b08a430a6440ee35a49f2db1cabb47259c77cf

SHA512
9fcaf373e0ae3216f8b71960681bcf98e4c742b81520cafa412e0d06be271a90109d9b1b4388a0ffa602f10c7e51f5eabc7e1e5e6c8404efc58f3c5551c5f56c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
06f6d8d05b2fd4ae50884048a9a0a989

SHA1
7de835525f23077e35b283b7833426b68f111710

SHA256
26a3c97b36e33b1a8f8e5cd5c3377638bb5c6f26e8259ebf7089c65d53864112

SHA512
63a50a884bef8d187a507dddfd23a0e0f78e7a79d3b71fa541af3190cd4f77cbb28ea1e57ca65e0323c3b2d525158c0937012e43e9393b3230fc0301abdfab09

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7e7046cb0048ed7b490315bdf9d6d0fe

SHA1
a21d0a17a484f76d46662b318bdde5b96d2b7e07

SHA256
cb64437c03bc348cee3056bc76a0105a7f39e3a6d51c9da57ec5c0acb8b16ec3

SHA512
7ac6d37d3e15353150c77b9d0db4e9ba6aa9cd16e3c53cbaff7396e9aca8333cab4034eb01855699d094f8c2c42c12519396c7c00bd01b1006ecae9958dde168

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4a9eb6c8737b11279391ed1ad46e316d

SHA1
d1d6d46a65a3f99c8443d8635a7c387d637ea5e6

SHA256
ea60da0c62502d3e04dca7c277b5aba7cb2cd5ead7f7d263d60eef9fc39c1939

SHA512
d93ce3ad97dd49fe3e1ffc9c783e366e3a2fb131a226cb7eda5fc1af4d57b7f84ae2fa1eaecfb9c43c82cd36760e9525545d95f50e4d07c5f5750ea730225240

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4caf26095bde5a20cd6a92e78e02ac3f

SHA1
edaff3ef4920dfcebd1fbf836973ba45004f1a0a

SHA256
7bfb9099b894cc5956fb365e2c75a3e039619e386fc21a77dcb2f8a35b497ab6

SHA512
b8145de4d0fbfb30af2a1616b16f164919d75dd2dc8d282b5e2552e9aa4d2053206d06719aaff253e7e61382e5a500fe967bc877e7a5645795c4010b95e36c2f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a28de78e8866388a6b8a9325a2da2abb

SHA1
5866d02286dab4342fa8b600835ab4e2e7033229

SHA256
6e31be1737a77d5d9985b6a2e1257c02b62b297eca8f13b2ced35fa44e21a0f3

SHA512
4acfcd9fb09dd94aa1bf48b9ad1dcbcdde4f3db53c9aea4c1aa47b59b6ba6397fb863ef3ebdd94f066533e21435b35523c6cabe874f02693deb0dffea3c9b07f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bd06c496bb186f707777af74ebbfefc3

SHA1
22da26d84085f74b3aadacac0e114b59e1814d9e

SHA256
cf1c8a317f58ee0fed76e2fe12eaca6b5c084ed5a03be78d65b1a8601bd3ce4e

SHA512
de5295697631b66c879da59b4897dd3093c264b2c62ecb94a972ed38bad8303c17e1140c5c7616c620dcf4faa56e8cf96914d22a9aa9f99a800d13deaa6e834e

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabBC00.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarBCA1.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
memory/632-0-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/632-4-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads