2f6af7c572e31e392a49e078ccea31a5a27ded9f45b6099eed1675ddb85f3584

Analysis

max time kernel
133s
max time network
127s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
30/09/2024, 00:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ff8f5c0312ba900c76a3f2620882f43f_JaffaCakes118.exe
Size

1.1MB
MD5

ff8f5c0312ba900c76a3f2620882f43f
SHA1

414ba4276b908a865783056f7804c91781e5a491
SHA256

2f6af7c572e31e392a49e078ccea31a5a27ded9f45b6099eed1675ddb85f3584
SHA512

ab20f7f6587c1eed995fb1fa78035d4db53cdd196dc58dcf8ff8dfb3063ce5de7a8f08994248c7a69b433e4409a3608569775026ab6c3428c12f99f24a13de63
SSDEEP

12288:fsM+aTA3c+FK1vrlVYBVignBtZnfVq4cz1i5pP9kPQa:kV4W8hqBYgnBLfVqx1Wjkn

Score

7^/10

discovery

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
316	cmd.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	PING.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ff8f5c0312ba900c76a3f2620882f43f_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 2 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
316	cmd.exe
704	PING.EXE

Modifies Internet Explorer settings 1 TTPs 39 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\	ff8f5c0312ba900c76a3f2620882f43f_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\SearchScopes\{2113A37E-D1B0-4D38-9ADD-6FC8F44592A9}\DisplayName = "Search"	ff8f5c0312ba900c76a3f2620882f43f_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d793ad506ece624c80bd99362738d9070000000002000000000010660000000100002000000062190033ba2a1e8d8b2171f62dee368aee51da809b9ba44c7e61cc134cc06d8b000000000e8000000002000020000000e8ae9e60c664b3effa67059e96abfc65d481be1567e77b053b1e72b3439d4f0f9000000088b4752b90fa56f17fcd1db59193431a0b35d58d41c8486cc3ae7761cab4028e00e0512a33650a7518bad95e74e5f4e69fe529dce3911237d4675dcaa92778386743aa62cd1cb4c637e9b982318417010fdf8a595acd7eb205406e9388df711630de2cdec28cedf48f34717b3759fa76901ba67429e2b2504f2460e8150b74e7eff2b909dfd1d46502d5bfa6d823740a40000000dedcf831aa15be9fde04b589147aabbc4123dabb8deb9cacf771292a1b278a31fb1ead9871ae390023e990dcddb024832a5994edd01851ccea3660e50fce75b7	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\SearchScopes\{2113A37E-D1B0-4D38-9ADD-6FC8F44592A9}	ff8f5c0312ba900c76a3f2620882f43f_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\InternetRegistry	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\LowRegistry	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\SearchScopes	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\PageSetup	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{3B22EFE1-7EC1-11EF-A7A5-465533733A50} = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\SearchScopes\{2113A37E-D1B0-4D38-9ADD-6FC8F44592A9}\URL = "http://search.searchlen.com/s?source=Bing&uid=58a9b860-d02f-4ee8-b555-e1561b3f13e3&uc=20180110&ap=appfocus29&i_id=email__1.30&query={searchTerms}"	ff8f5c0312ba900c76a3f2620882f43f_JaffaCakes118.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\SearchScopes\{2113A37E-D1B0-4D38-9ADD-6FC8F44592A9}\SuggestionsURL = "https://ie.search.yahoo.com/os?appid=ie8&command={searchTerms}"	ff8f5c0312ba900c76a3f2620882f43f_JaffaCakes118.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d793ad506ece624c80bd99362738d9070000000002000000000010660000000100002000000029e1af334099955bcdffa9acbb48399b504fc27f231ff6fef63a26c90301549a000000000e8000000002000020000000f7648300730c534720b38097b8ea44dbfb042a2555c13413b3387396f2465032200000001e7ee229f3b12b215dc8b814b30fd911b949422ae06c864a7e95d0bdd97f079940000000b3be78d3f816fb8f6a8a7b63fada44db6da5791dac4d1ab9b9577c22627086e89506c70644f6d4f08c8767436ce189e642b8c536535518ec500d4fb59222225d	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "433817252"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\IntelliForms	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Toolbar	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Zoom	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a04a7c12ce12db01	IEXPLORE.EXE

Modifies Internet Explorer start page 1 TTPs 1 IoCs

stealer

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\Start Page = "http://search.searchlen.com/?source=Bing&uid=58a9b860-d02f-4ee8-b555-e1561b3f13e3&uc=20180110&ap=appfocus29&i_id=email__1.30"	ff8f5c0312ba900c76a3f2620882f43f_JaffaCakes118.exe

Runs ping.exe 1 TTPs 1 IoCs

Remote System Discovery

T1018

pid	Process
704	PING.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2832	IEXPLORE.EXE

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2832	IEXPLORE.EXE
2832	IEXPLORE.EXE
2760	IEXPLORE.EXE
2760	IEXPLORE.EXE
2760	IEXPLORE.EXE
2760	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 16 IoCs

description	pid	Process	procid_target
PID 2160 wrote to memory of 2832	2160	ff8f5c0312ba900c76a3f2620882f43f_JaffaCakes118.exe	30
PID 2160 wrote to memory of 2832	2160	ff8f5c0312ba900c76a3f2620882f43f_JaffaCakes118.exe	30
PID 2160 wrote to memory of 2832	2160	ff8f5c0312ba900c76a3f2620882f43f_JaffaCakes118.exe	30
PID 2160 wrote to memory of 2832	2160	ff8f5c0312ba900c76a3f2620882f43f_JaffaCakes118.exe	30
PID 2832 wrote to memory of 2760	2832	IEXPLORE.EXE	31
PID 2832 wrote to memory of 2760	2832	IEXPLORE.EXE	31
PID 2832 wrote to memory of 2760	2832	IEXPLORE.EXE	31
PID 2832 wrote to memory of 2760	2832	IEXPLORE.EXE	31
PID 2160 wrote to memory of 316	2160	ff8f5c0312ba900c76a3f2620882f43f_JaffaCakes118.exe	33
PID 2160 wrote to memory of 316	2160	ff8f5c0312ba900c76a3f2620882f43f_JaffaCakes118.exe	33
PID 2160 wrote to memory of 316	2160	ff8f5c0312ba900c76a3f2620882f43f_JaffaCakes118.exe	33
PID 2160 wrote to memory of 316	2160	ff8f5c0312ba900c76a3f2620882f43f_JaffaCakes118.exe	33
PID 316 wrote to memory of 704	316	cmd.exe	35
PID 316 wrote to memory of 704	316	cmd.exe	35
PID 316 wrote to memory of 704	316	cmd.exe	35
PID 316 wrote to memory of 704	316	cmd.exe	35

C:\Users\Admin\AppData\Local\Temp\ff8f5c0312ba900c76a3f2620882f43f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\ff8f5c0312ba900c76a3f2620882f43f_JaffaCakes118.exe"
1⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Modifies Internet Explorer start page
- Suspicious use of WriteProcessMemory
PID:2160
- C:\Program Files\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://search.searchlen.com/?source=Bing&uid=58a9b860-d02f-4ee8-b555-e1561b3f13e3&uc=20180110&ap=appfocus29&i_id=email__1.30
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2832
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2832 CREDAT:275457 /prefetch:2
    3⤵
    - System Location Discovery: System Language Discovery
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:2760
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\system32\cmd.exe" /c FOR /L %V IN (1,1,10) DO del /F "C:\Users\Admin\AppData\Local\Temp\ff8f5c0312ba900c76a3f2620882f43f_JaffaCakes118.exe" >> NUL & PING 1.1.1.1 -n 1 -w 1000 > NUL & IF NOT EXIST "C:\Users\Admin\AppData\Local\Temp\ff8f5c0312ba900c76a3f2620882f43f_JaffaCakes118.exe" EXIT
  2⤵
  - Deletes itself
  - System Location Discovery: System Language Discovery
  - System Network Configuration Discovery: Internet Connection Discovery
  - Suspicious use of WriteProcessMemory
  PID:316
- - C:\Windows\SysWOW64\PING.EXE
    PING 1.1.1.1 -n 1 -w 1000
    3⤵
    - System Location Discovery: System Language Discovery
    - System Network Configuration Discovery: Internet Connection Discovery
    - Runs ping.exe
    PID:704

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

Remote System Discovery

T1018

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7c73b5a393928b30ac2d3041c3ec7f1b

SHA1
54ebc140d2f6568113d5e4fa2642dba31ae11bd0

SHA256
1b541b3e3f2ef16de36c1fb01ac9f842ef2f6c9b02d2ef7af4dde4dc3aa8fc1b

SHA512
001553ad764a3c06fd2c2c4bf22fc964377c7691be7a1c5270d979871757c329344cd0740aea294436c0bc072133f87852360d6cd80a44d863652f4f70368409

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
46ee8e85cd05aeae4cf23207640e8d6e

SHA1
a96f2984d01a2a3da81a6de4f6caa17750bd7fdc

SHA256
0938c10abc97208a18e1ac3b788fb70f093044d090cf95f656001854498c15bd

SHA512
c8496a7516bcbe7665fc25577c8763b315f088b23257629937e6d3c7b150e98dc28edea9f879848f8551b5c535fda9f5c36a1f6f919997c4cc5467999570d1ba

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6f0033506d0e99241dfb5066be3ddce6

SHA1
b7bbd33c41b9f9b78887dce67498306584c0bf20

SHA256
39a7667d02f85e983e10b876f9b2bfb65af8b00c38eee37527dfd6649fc747a1

SHA512
7c64a171b5347f98a9a03668b07da3227f8be4d86dd3552c8d47e9e10f644a7cd603c47abed97432ac535ce322fdf07b763b690ab14829cd3a22390a465affdc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
55ea9e655de390c097380b7b63564f1a

SHA1
9af8fc7551f502cee5ea6da9f64570ae98034616

SHA256
268ed4baa334f126512e9b03f1343ac48891735b82c6742f58e41480d5876f1f

SHA512
bce219c8757bf24246bd7148d7924d5868f2f7a64b3a6d854f6dd98e4578ea96ed18392598aad26106598a68e576f3a5eaf76a816be4a9ab12b4e7c2b8207e62

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f438e19a3585d8c13b646bcbc712837e

SHA1
f26009b7520061df1edd9e5781e2ebdf45aed12a

SHA256
b333c4e492439deadb4d30efdfe392c79698b035c311f2d1fca76473367cf42c

SHA512
838b6bf1931b08d80fcb330b976a34248387c11763fbefac99f5de96738af1b9758752f05a3eb36572e9997c8216267e178087d0d6de1dbe3356a1a22d68a523

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e0282c0a87413a69c8486682b6416e52

SHA1
5f7d30b4c40dc66729d675729f6a24cc9460a5f3

SHA256
627c296113c575bc092e7ac9aec92fb97a12857a4a2bf7e544cbcc995c5c2ae6

SHA512
e93668818010513b4b34c00d1e6f137014afb572225d1a95c98e749391b4d152c5c8fbfba3c4dc31b0267012147ffe64014718e289baba9ed69aebd61943809b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6ccbcb019e7cf09c1c01bb78f2ea36cf

SHA1
6e8a26fc465d5782bd0efe9278215fe323ad1c65

SHA256
ca9f88984c20a0470c1e7d240c7dc60cb60902668a3530075d5e50edf867672f

SHA512
c974b74815d804326850506a7e129909dfb4dc6585060282bde08604fd6a56ec0dd1561d376b45c07db2714a0f5e8997ef082e99aa72703c565d1b92cf0fd730

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fa7d330d07e5dff27dd799de7f543847

SHA1
19695a8be70ebcf2b760faf381b9b8cc46a85ced

SHA256
1ad2d3b5142b6d7b35193dca4ea1bc8005bde8687a20f50f26692b7ac939f5cd

SHA512
4acd5e324ff090a38652ee0600dbe37e74ea32523469f3863c7f745f1320c48435382916499e54b15cfcc8dc96cad52cd9e736366983b5423cf84fbd78c52229

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b4873dd52b04d918c507508343ef3b25

SHA1
5580c7ddb6c7cbd252c0417ba462069e3dbed434

SHA256
85ff3c04c570dcedb014dcbbabafdd529c09339bfd79038bcc2b673bad9fa59a

SHA512
876887c3cfc8903d3be9ed8f8cbf821ace0484cb4c0f3f745fd4922fae46b63f62a7a058dcc066052c7a746f65079f41b3d3715322ab6236097dbb5ce5cebeec

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6b57632470fbd15188a9e46b2276d016

SHA1
d916de2cf2dc1a28fc8468fb6bacd71dcc6c17bf

SHA256
815208b40d224d420744d288df3aa926470c080fc55f474659febf7e15bf5561

SHA512
27f51efd6665038bcf56154dbc0b5e0630f29b3dad666fe0ce7c4f496be309ee11b078cb21019b28301aa937dd261a9bb3b4881b66b78c8fb21d95ecb95a90e4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
23a96113ef2e4092245464bb546659ed

SHA1
fabf908205121e57449486143612458a210e7157

SHA256
0bd6c915a6b68066032ab9a33910af9d039c1a369cb59d8860fa82decf8df5e0

SHA512
8b2a7dd9ef9d34ad83eae9e453b2393b6e0acb5c412af283c2d0e0b6624e965a380f97a71fcc556cba800d3e0cc3738f467a40639233ffd020c31e50d5b6b232

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cb86dfb7d157dd4f6e66240ccbf374f1

SHA1
facfc7c7ad802183605efa3344d6f40569f5e33a

SHA256
df5d05e25bf7fe887c02f44a904b1966d026d568ed74739961dd40b873af10bb

SHA512
f141108e943797c1937eb787b22e6e38b2516c6150bae075ad105b3aa93ca31e30e78dfb52af841de4d4840cecd94278cf8ed62af62988d4cc60cade59aa2242

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
50d387375a9d2aa984d112b7cf6ea415

SHA1
1671e647edb4790f33e21f9c7dbbb072b62bbb1f

SHA256
2d96558039d4235f88d51d991f96d9a64ec8cb418d8a75473f4917d70720f18e

SHA512
95def79ca68fb23b3cfa32ed7f4a5d8864af851f38155bee63e9087a6b5841bba8b177291da6fdaa5486dc8816a52051a6fb98de0b26f3b62db2772e7c84f219

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
29b1f0d489dc4dd9654f100c3dd028f9

SHA1
75d4091fdaff1ed80f46a40cc8a52ac5dc24964f

SHA256
98d1f4916146a7ed0fa99b1727c250fe8bb731c8bbedfca712549a0a39bbb29e

SHA512
3086d260ef01bfb45d7e3f489e4f08f99565b49dd2d8be0f1c195b6225c689cb0a19cbccd27eed65f8c3ddab35433505d9af09ab00774f9c4a3dc90824fff136

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
963b1ba3bcd27aa3f2e4f15ea60d54cf

SHA1
58bb7a0293fb7cdaccdc53850536e6f2baa517df

SHA256
a3d96cb4f54d227a399868a8783e08bf18a663beaf182029927e03d58b1f9221

SHA512
9d64ba7d7fd55d59700d2061eadb450c777699550a3ea76958a634d9b92a41cfd8569784007952fb71bd3890239bc09c4432ff227507d47819ce7eb40b971817

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
428fb8d33f7c8d64876737dbaa908f20

SHA1
2b33cdd826c724d7af08d81dc45a9ac193a9c1b1

SHA256
cfc211d6664321fd7ce2db3547258353cded4a4ebf98057c2611ae7768812a15

SHA512
f58618013155830eff5f0aa2b93398605e26d20ba0e337df7a9dec02102afebb3d4e77142f29bac9bd3c1d6e8b01379f86f4196923ddaf3df9d762f9fd0a2bab

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d60cbbf9509302ae52ed30ea373bf00b

SHA1
11e3c8b19c848f9094947f451bf651cd1d234d6d

SHA256
370d7aa405d36f251645e563a9caa1ff37ed631e354b05109dab6dfb71ccb81e

SHA512
5852bd82b3c297e782ed29af4cac32da7b733aeaf7aa290778f5ad0114bcbe3a17d2990a46c3adf9edd710fcaeac921bb62f6987a46b524bb6a1008bc139f475

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
24eed6fc6f0ffe604b5dcc6cb4824444

SHA1
7f579392f0a2ad6e7395893c7c5f1549f9541c25

SHA256
c07b3dd305738853c4c0605772b4439aaa1e94820ad378e8bb325dd4648d273c

SHA512
0845c63888fe72ef8a759ad2d21506d4824c6670f05a2d6f24e1e7805dbc5828883ca2163de3c258795816481652efe9398a5cab9f944544c7c74f20b4fce628

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c2bda8730e168f3c9296837aab5405e4

SHA1
d7945e2011d4d31e3eb650a22cd93cb8f46ceea5

SHA256
c24193c33b769faaec227c1fc693eed0302a5db801e90e255c46579ce1da965d

SHA512
6e9244251404e68378695a8b25f4e4ae8047b4a8a6207666227d42926bf5b763ed6fcbd5d6aa5b2a5ff401e3d009b27fec5e1df2a8559cdc767977bd492e3d51

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
51ba538eaa1e3c7b8ac5e24f2921adff

SHA1
08ad1e0669f29df0cd10ee1ff6458caec330dac1

SHA256
1a58da19ae2314a8cd77e7fec2f1f378591d7a61accbcc6a1f1825570e05464f

SHA512
eb2c9f740d9a0b94be79fd4578c0a9bf09268575a5234c72c2be7bcef3450778ee97515923bd9e7da43588da9ae3e54e589a9527717ff7e906f155eea8a3e308

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d80891ca8fd922d69f4e7b2da996a139

SHA1
d1d7c586077384a75e2af7f6036de7e57ff272b4

SHA256
cdef8aae27723fa3ef1c0e0192fefcc7a2b3080296168993aaab107a0071b7f6

SHA512
4f3de2dd3e8acf0c3f722071eaedef8867fe22cb7d6c8834183abe3cead6f2ad1507715cd8ffca7e3aecaca37124ce895a15b95f9c931dca8a0092862eee7900

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9a4dad7a8308d8c7b0ed9bad0300539d

SHA1
a7eebc80f0c7bb4f28743f99ddf4b8b42f9dd210

SHA256
d5f181c36465c2a554fbaf3fece87c6fe8bdd3d64bdda749d3f1b442de62e643

SHA512
43920ab667ca04c43dd46d3b0ae8593a84fdf5a36c520db1e2955e757567655c991efc677180a865a2e1cc5e43071113ba0f3b99b4ba116654455ca671a274b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabB4A1.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarB4C4.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads