e095ef495e3b84653bb69659d62b8b45f7fbfac0d372fb28f310e34a3a1960a6

Analysis

max time kernel
140s
max time network
135s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
30/09/2024, 11:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0129dac505baa29798c3ce7aaa8f7a24_JaffaCakes118.exe
Size

288KB
MD5

0129dac505baa29798c3ce7aaa8f7a24
SHA1

b1990cac420b3e6433c8d2bac99d59f6d831e9e1
SHA256

e095ef495e3b84653bb69659d62b8b45f7fbfac0d372fb28f310e34a3a1960a6
SHA512

ad4e846d0f508533972280e44469998f7ed650e7f6cb0a7751d5118cf78e3ff801c48ad2de7fa293425a1f6ebfae79fcf2ccd960c62cbdd59182ea4f9ce943cc
SSDEEP

6144:3Wmy24K3PGrqFBq4IzM0nKzo3ickvhCV5ZZEQMcTO6qKqInbEWGWNk+gRuYUT:3WZbickvCQ6qK2AkRRuYUT

Score

6^/10

bootkit discovery persistence

Malware Config

Signatures

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	0129dac505baa29798c3ce7aaa8f7a24_JaffaCakes118.exe

Suspicious use of SetThreadContext 2 IoCs

description	pid	Process	procid_target
PID 1908 set thread context of 1476	1908	0129dac505baa29798c3ce7aaa8f7a24_JaffaCakes118.exe	30
PID 1476 set thread context of 2768	1476	0129dac505baa29798c3ce7aaa8f7a24_JaffaCakes118.exe	31

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	0129dac505baa29798c3ce7aaa8f7a24_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	0129dac505baa29798c3ce7aaa8f7a24_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	0129dac505baa29798c3ce7aaa8f7a24_JaffaCakes118.exe

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a3d5a058b71c4645a1a6b8b9d2c7fb47000000000200000000001066000000010000200000002510e4264bc1698e0eba4a87526e313e9e8a469b19cb835309e55180af6bdb76000000000e800000000200002000000074ee0b95fe3e60181956bde3a28b5980cfacff62d81fcded26931e4b97583e6f900000009b49b84806db3cebbc08c237fb237f2e395ff5ce915861e470aec21e8312276642b799986ee9e16624c8bc205ebe797e9b7a91cc169e55194d1a9682131c173132e06f0b7431e96a0aec477f4be3c5eaf992eb86ed757ca01403b3f55e00003ab62ad3c0ae95f06da6e2af966a5a3e25941d148de8c3afdcc829681e6dea9b12b83d91ebc1d63c4ec03c3be3ad8bf33140000000349e30cff922f9c5110febe4dba7a5e2d58a80426f6b0dfe9bddeff52b143ee44d5a8fb9e246ea4be944ba5a24f04c267832489a740930fa4a5f05857b79d2ea	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "433858895"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a3d5a058b71c4645a1a6b8b9d2c7fb4700000000020000000000106600000001000020000000531aa20921f9942970b8d7aa3d0df7d8a7303b603513c180db344c46ab63b55b000000000e80000000020000200000001962c7e2b98a9f041863f5b56f3ea4577242a25f442a2b7b578e76e4434c02242000000024fec213eb346e358dbf7bd60473ab8edc504465d7bcf89fbc7eeea88ab67bae40000000962eaf8f62cb74310f0262f2e83dacf56e088a2319c5caa5d8d4b2db4deebbf05f0329fd99fc7bbd7f6feac9d52ced118b4b4f19aed85ddd7a4953d85a9fbf6f	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{2F8E7E91-7F22-11EF-988C-4E66A3E0FBF8} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 30c337062f13db01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2736	iexplore.exe

Suspicious use of SetWindowsHookEx 8 IoCs

pid	Process
1908	0129dac505baa29798c3ce7aaa8f7a24_JaffaCakes118.exe
1476	0129dac505baa29798c3ce7aaa8f7a24_JaffaCakes118.exe
2736	iexplore.exe
2736	iexplore.exe
328	IEXPLORE.EXE
328	IEXPLORE.EXE
328	IEXPLORE.EXE
328	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 26 IoCs

description	pid	Process	procid_target
PID 1908 wrote to memory of 1476	1908	0129dac505baa29798c3ce7aaa8f7a24_JaffaCakes118.exe	30
PID 1908 wrote to memory of 1476	1908	0129dac505baa29798c3ce7aaa8f7a24_JaffaCakes118.exe	30
PID 1908 wrote to memory of 1476	1908	0129dac505baa29798c3ce7aaa8f7a24_JaffaCakes118.exe	30
PID 1908 wrote to memory of 1476	1908	0129dac505baa29798c3ce7aaa8f7a24_JaffaCakes118.exe	30
PID 1908 wrote to memory of 1476	1908	0129dac505baa29798c3ce7aaa8f7a24_JaffaCakes118.exe	30
PID 1908 wrote to memory of 1476	1908	0129dac505baa29798c3ce7aaa8f7a24_JaffaCakes118.exe	30
PID 1908 wrote to memory of 1476	1908	0129dac505baa29798c3ce7aaa8f7a24_JaffaCakes118.exe	30
PID 1908 wrote to memory of 1476	1908	0129dac505baa29798c3ce7aaa8f7a24_JaffaCakes118.exe	30
PID 1908 wrote to memory of 1476	1908	0129dac505baa29798c3ce7aaa8f7a24_JaffaCakes118.exe	30
PID 1476 wrote to memory of 2768	1476	0129dac505baa29798c3ce7aaa8f7a24_JaffaCakes118.exe	31
PID 1476 wrote to memory of 2768	1476	0129dac505baa29798c3ce7aaa8f7a24_JaffaCakes118.exe	31
PID 1476 wrote to memory of 2768	1476	0129dac505baa29798c3ce7aaa8f7a24_JaffaCakes118.exe	31
PID 1476 wrote to memory of 2768	1476	0129dac505baa29798c3ce7aaa8f7a24_JaffaCakes118.exe	31
PID 1476 wrote to memory of 2768	1476	0129dac505baa29798c3ce7aaa8f7a24_JaffaCakes118.exe	31
PID 1476 wrote to memory of 2768	1476	0129dac505baa29798c3ce7aaa8f7a24_JaffaCakes118.exe	31
PID 1476 wrote to memory of 2768	1476	0129dac505baa29798c3ce7aaa8f7a24_JaffaCakes118.exe	31
PID 1476 wrote to memory of 2768	1476	0129dac505baa29798c3ce7aaa8f7a24_JaffaCakes118.exe	31
PID 1476 wrote to memory of 2768	1476	0129dac505baa29798c3ce7aaa8f7a24_JaffaCakes118.exe	31
PID 2768 wrote to memory of 2736	2768	0129dac505baa29798c3ce7aaa8f7a24_JaffaCakes118.exe	32
PID 2768 wrote to memory of 2736	2768	0129dac505baa29798c3ce7aaa8f7a24_JaffaCakes118.exe	32
PID 2768 wrote to memory of 2736	2768	0129dac505baa29798c3ce7aaa8f7a24_JaffaCakes118.exe	32
PID 2768 wrote to memory of 2736	2768	0129dac505baa29798c3ce7aaa8f7a24_JaffaCakes118.exe	32
PID 2736 wrote to memory of 328	2736	iexplore.exe	33
PID 2736 wrote to memory of 328	2736	iexplore.exe	33
PID 2736 wrote to memory of 328	2736	iexplore.exe	33
PID 2736 wrote to memory of 328	2736	iexplore.exe	33

C:\Users\Admin\AppData\Local\Temp\0129dac505baa29798c3ce7aaa8f7a24_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\0129dac505baa29798c3ce7aaa8f7a24_JaffaCakes118.exe"
1⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1908
- C:\Users\Admin\AppData\Local\Temp\0129dac505baa29798c3ce7aaa8f7a24_JaffaCakes118.exe
  "C:\Users\Admin\AppData\Local\Temp\0129dac505baa29798c3ce7aaa8f7a24_JaffaCakes118.exe"
  2⤵
  - Writes to the Master Boot Record (MBR)
  - Suspicious use of SetThreadContext
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1476
- - C:\Users\Admin\AppData\Local\Temp\0129dac505baa29798c3ce7aaa8f7a24_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\0129dac505baa29798c3ce7aaa8f7a24_JaffaCakes118.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious use of WriteProcessMemory
    PID:2768
  - - C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=0129dac505baa29798c3ce7aaa8f7a24_JaffaCakes118.exe&platform=0009&osver=5&isServer=0&shimver=4.0.30319.0
      4⤵
      Modifies Internet Explorer settings
      Suspicious use of FindShellTrayWindow
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2736
    - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2736 CREDAT:275457 /prefetch:2
        5⤵
        System Location Discovery: System Language Discovery
        Modifies Internet Explorer settings
        Suspicious use of SetWindowsHookEx
        
        PID:328

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6B2043001D270792DFFD725518EAFE2C

Filesize
579B

MD5
f55da450a5fb287e1e0f0dcc965756ca

SHA1
7e04de896a3e666d00e687d33ffad93be83d349e

SHA256
31ad6648f8104138c738f39ea4320133393e3a18cc02296ef97c2ac9ef6731d0

SHA512
19bd9a319dfdaad7c13a6b085e51c67c0f9cb1eb4babc4c2b5cdf921c13002ca324e62dfa05f344e340d0d100aa4d6fac0683552162ccc7c0321a8d146da0630

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6B2043001D270792DFFD725518EAFE2C

Filesize
252B

MD5
02f76a6b06b999af9573b658db60194e

SHA1
c26e81b03ab5048025a174acddafd98050b361c8

SHA256
d3562dc9699955ba4249a04475ebddda5d55f4bbe69d947af8cac11932da815b

SHA512
73bcab44fd7ffb3ab728d63251ac1a49eaba8f467901024939c079ac8880cd8de36bd5e024757b3d09e63e80bedd154fffd420640605e89579b5311c944a76ed

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0b349fe457bb24b0665ee65fe0fc530f

SHA1
e2c27ac4c2315b79cb7f523501ecb44be731f001

SHA256
4dbf28e46de581141beae88a219467e3ff651079e22b50147d3157e58b3cf842

SHA512
966241fe3222da27b4ab4dffe65c950795b26bbcf16dff1226a0c265b2cdd22d47018fd25ebafb9e9a4fef16f2271b216257a4caf343817ffb05fb7354451f2a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5c77fc9dad73ee699266d7e77c33ff73

SHA1
56b20b4ef126fc840ae002155b6add52631cae9c

SHA256
6c125098063bf01627c5f4c8cd686701fd3fdc2967c5853ef7710b7987dc855a

SHA512
9113736cabcb7a11f5cc0ed9fcc77caf303c36249c4b8954058bc5fa43258d0c8629b7c142ce7e2aa50eb4550a1242c2309d0f21da20c414e7385fb848e11c14

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e3dccecbc78427985be36db249824cde

SHA1
f2e6ab48096b697168d6d637dc1f446c28e71850

SHA256
bdc87ca95470a1d9a3aff26da931274263fe54f8c4152bb02f180b5c9ab17842

SHA512
86146287d659356bb0e862c30516d73c1a2f49c44e096a8f4e48c1f6f221ff58c328967b3cf8f43988ada14fd1730396f4446db284e7902f8d793869e8459c75

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b2bd9db362bef3387a34f58a3d7431d1

SHA1
11dfa8c47010c81183eb7d65aa9f637bc45feb51

SHA256
7b37b3b3f1a70afc0b51e688a642d24f634c778704226bcd517907c0b0cd0bfd

SHA512
dddfac93ac0bb93fbb462c445eb3463b84e6b1308030b90d805dca6edcb00f33149acdb14ec8ce386cbbfd18b722355f1e0580cba05e8706c0c393b040bb14a3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e0dd95701751980781049958a2b8ad4a

SHA1
b85ef1dd0f99b77d80c37ac8fd487a0c7fbdf064

SHA256
e7d6bad10c768bd98b24e118e9751a4c157b40ffebcc258777f002c50dc1e312

SHA512
0486c06510cb11c579af0edc24b6d0ea1990798396222985dbdc4ed32cc18e9ef05219dd4b431207cf18015d2708bcab570672b5588de10e72e201f2d1cf6214

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6ce7e09d45a05353b9b4d232c906b3ce

SHA1
aa8268813fc1f5c4fdaa15735b73c999f56e79cf

SHA256
5c935733722ada7dce169dd45e8983f0f18ab3f47f3cdbdfa3f16f4a7f912aa5

SHA512
03be5c9795f73c5e01210fe70902cc47998c48c46bcbbbec449a64f63e6bb1848e472670d8df158b9fc7af231d22440b26e264b343bee1ceb9fa7bff66fb5156

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1d70ed4fdbe4e89aeb8fa44b7de930ca

SHA1
ffa3462e7e86b97812de6ecfced8c3defe95cc30

SHA256
23a12343d0dfcd1445d541f4fa0fad00a3377fea640eb404ed9c233f00d0ff40

SHA512
5e12ed742aad69dca9367d8b0623e14276661a5b1465c8e7248395f91ae8622139654677ddd389596511fcf7d549d03ef3c5787bbf879c3cbf2cb8d0daa3a4d9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e88950820bc0c26ff8400a877d7e05b0

SHA1
0fdbe116fba98f4a5c87effc084ffa279148491a

SHA256
6c592dc1294aff294bc70446a21916348415b08381d57bcc3c94395e13e5e042

SHA512
017e5f78579fd5e9b74736745e167da3205a546e767b8efca57057122e6282258274621dfb3ec696de6aa2102ffb3b4b529a466c58e17f99017f5c79a1e7c6ba

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3a210111329dcd8e7599a39dd611989d

SHA1
b16eff8d7be8e307a848798073a727c55d2232de

SHA256
2654bf11c712537efca797730c93cfe5724d1fec06a08949d8e95e6350687b57

SHA512
ac2eb417e521469f7f2d92c27ef77d8d03599de5da5d7a743f1a970175279cabd37c1fdf8a9e546d0ac19c13c7c49b2302ee22f3282c6b979f771cd20d595f11

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cbf3856eb05c133441e1ccaa92e36638

SHA1
bd0b3cd19b7a4f1a9121de0cbc72ec6808f47cc5

SHA256
4cfe8273e04d92e8fbd6fa5c9dc0477141465d63f03b48358fdb4e577a295a7f

SHA512
5da6e732888f9cdd5f85c226dfd1d792b3b0fdae52954377681d1b5e10908f4ae9ccb6a53b95a68a49c79ec3391aa778b5c56131d8e5ffabc610edb941589fc7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c0bee0cb45f5bf139aa857c9ac99a67d

SHA1
87a125001ecc41c920dfb013625ec696347c44a0

SHA256
b8cc69d0aec51949590810d1d330801485ec24f9495bbc1b8003aefaaf8176c6

SHA512
26e3ab7464259cac32a47f66c589d848b25f7e71c5cb0348fb2f8c72257676631d671c514322d7753259c15ff0ab2b66faac632cd646d50a49e3e2b4f1970704

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6b99a29c82f4bf3c6b9cf57ac27e1e3c

SHA1
12f6b72f20f109c7aa2876c550bc0cdeb4bbd7e1

SHA256
c4742d6e54199d9004504b9a9d972f1cbc7be1edec5be7d99b29075258b40332

SHA512
a9e8c0877e1d8917e006b5a55f16762a13bd2bcdf30b38ad718473b8806947bdeba2545f9b3fda1aff9b79bec3455cdfeb6e5d604488c92d0e6da0839050daf5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d80ce444059eb376f3ca644a804f6663

SHA1
1a0ebae11390ca12d39d1e81c65b7b3a81692c50

SHA256
b31efb5fd44d7b53d53d4f4abb0d5273825fe148df4e8371cdeaff36ec418019

SHA512
1a9fdd447fee1d4107160ad055e0d52791ca270e41081dd1190b69e24581ec118b6e14a5389e2f87491fc3fe96218e6738399abed4f452f1d308c48d97a77968

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ebdcee5f167b827547c13b8f2e9d1d1f

SHA1
323036dd15275e252c217596b22e5850f45c09e8

SHA256
2a80d54667ec764a853419cce35e9582698115c2986dd82b21359f5c2f0da4ea

SHA512
6bb3582ac00c2dc8284c98611bb9a83bae1bbedf5c59e73f414e726a5429fd0eeb0ed88acaa0e4765dd4611743ad926a43e00a9d276e168ccc7de7be6c75137e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c6e31699e753adf12d627ec9a5e827f3

SHA1
ee658b501935d7554418726d6b257f89c8fd74ef

SHA256
60c90451ee6c8be8ff05c530b033991bec1fd1886b90753132acb5672931e8d5

SHA512
dab632aa338a7724d043fd7f9681b54a4a9a784f44d2d7f53885b3cec32dde0a843140c2065d6a8205a1d9562d0b9cfed3578724c2d4781f5060ded46b52b22d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
83e57ad1de96231f97dc9d2527e46033

SHA1
a60066f124517caa6a234b16b8db8896b8c3866d

SHA256
7dae2d2d2d6f1a4d11154c32d6eea14da183b83eadfec9c9cd37ddf841f41887

SHA512
9eeb297b03912ae8606a3babf798399b22ee2c41788e0d0dfb3a6797a4d0fa6631a7600ba165eea5d46974c10a7ef8b282a51f1ba682bbde848a5f713f1bb774

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
126228762657bb3d7610be13c8e9b1fd

SHA1
7b5c1b2be77ceeb579880b4640cc5223e3663c55

SHA256
554eef8b8e7d56c73bef19a74d0c9eb920ed5db9cdd7bf264236f141887bb7f4

SHA512
26c9d603e1a53c109367a71ed33bef5430fc8bec524b55a9d6d21fd7f127270f6079ddefe669b9c031619b3d3143232526159e2d70935beb3e2b42613b24073a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d3d4731211bead80c909d24323bfa5f8

SHA1
73135c1ee455ba9791656d095c265d55adc4e9a0

SHA256
8055d2b4b7995002197699d65186c85bd76cc554fefd7fa5d5a62eca2f31c0a5

SHA512
a14570d39bbffb19c8345bf1113af3ba7efe3efd5b39af6535984f41af8316726f80b79f5d5c299376df0f58d30ad9c6d9a18016301f6001f8f8aa3c2ef5992e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7751e365c3bb0cb066623cd59c75d0db

SHA1
45e1b5c8ca591e721797f4b8d1c751cb2c62032b

SHA256
338ee606619ebf150dfea14438f10566268969b71a227076de1d737863f6c4ca

SHA512
c37650c0c46d91885d245adad54a59222ef4457829c4a3565a091704a064ab9f515c0a9b8f3e7999e260915e1c5566e68002455a0d169f8dd44e78503f7b22df

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9b1a39cd945faea1b0ff933af8876421

SHA1
facad9d710d6dd6ab723e835e7e59b0d24df1e9c

SHA256
d11717747ef37ab3813f89996e84ca44ad52c5c39ee76d61af954e6262eb42e4

SHA512
e546409d62c0f1c62ed3ea24d9b8f5ab2571114a80f8680e6228e21ff32893511973b401eb3f6eb4befe8bb764a86257a9fe5c5b01db191a22e1c336d8447d75

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3168cbc2f9efa807a8f14080ba68c79d

SHA1
b86ad54e76c6bc20b85e56b6021f160119d06ba6

SHA256
fa53a7edf193692f790df31f2bfadfac919d9862ff047b87d702c79e8acd1095

SHA512
6d45030fc567ae11239bf8d811034e13a2bc52d462a1af84295b45fcad756ffb1c531c98835c05d5ce99594d25d1216dbc2bd8740dbcbbf7ac0d93fcaf65a8cc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
233e22da7445b99c08bec3117e9de56e

SHA1
a4a937a04abfdb5e0bcba009a1983f82482808fe

SHA256
761cf3f943c834dd7e683e782b544ae71d94af205b20b45c44b91e4ebc530e59

SHA512
68a9f085f35820940c69bceb341bd65e4c2e6bbba844eba0f6f05925777cf4f56000472f2b9564c5a192f0faaca301dbbe22c22f1a18bd9bef48b1db51ebddbe

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3653d8b2bb55fc226f9c8950ff90748c

SHA1
cb16832e82b9e61261e1fd46f067d9a176dab5b8

SHA256
da491bceda6cbb7c9e6bea01a37bd3386a989e99a340e16bc5251ac27ccf3fce

SHA512
68bd9153dff8b97fcc6a2d0dc4604989a9b43d27153d8467036a99eddbed8646e1e495f5543935f20e350731bb22fbc28548f5bbb2fcf4000590daacdfbe6d9a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
888b9db8c482880341d68323b78eb8d3

SHA1
b851eb8e7067ac1e9da8aa789afd0fd7d3420c75

SHA256
bfe0137285dfde89c608b475df5c3971353df374622b9d893837bfa1b52c5ffe

SHA512
231da48767f97450e044df92cb98884227427ac5dc1b733b53944a8b361a7ff6046f1414fd4457ee98f513399b89defd185a15592df5baa2158f8bdf21abdd57

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fd9919ead0b66aacbc29c1d7b0634421

SHA1
fef213d412091fd27a7c612803b816c0ccba489f

SHA256
fdf110a8d6e2ef677e4d31ebb315a3f64c60c25e03b605106eafc1df472edb63

SHA512
25923a651b1d9900017ab7f273b6edcbe624f14e5c200c341e04d80b2b52fffb0a1569fda09445ab54ce952f8b0907d234a2fb92ba154bc8d59942bca303905d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab2674.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar2744.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
memory/1476-14-0x0000000000400000-0x000000000042D000-memory.dmp

Filesize
180KB

Download
memory/1476-2-0x0000000000400000-0x000000000042D000-memory.dmp

Filesize
180KB

Download
memory/1476-10-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

Filesize
4KB

Download
memory/1476-4-0x0000000000400000-0x000000000042D000-memory.dmp

Filesize
180KB

Download
memory/1476-6-0x0000000000400000-0x000000000042D000-memory.dmp

Filesize
180KB

Download
memory/1476-34-0x0000000000400000-0x000000000042D000-memory.dmp

Filesize
180KB

Download
memory/1476-12-0x0000000000400000-0x000000000042D000-memory.dmp

Filesize
180KB

Download
memory/2768-27-0x0000000000400000-0x0000000000426000-memory.dmp

Filesize
152KB

Download
memory/2768-17-0x0000000000400000-0x0000000000426000-memory.dmp

Filesize
152KB

Download
memory/2768-31-0x0000000000400000-0x0000000000426000-memory.dmp

Filesize
152KB

Download
memory/2768-29-0x0000000000400000-0x0000000000426000-memory.dmp

Filesize
152KB

Download
memory/2768-23-0x0000000000400000-0x0000000000426000-memory.dmp

Filesize
152KB

Download
memory/2768-21-0x0000000000400000-0x0000000000426000-memory.dmp

Filesize
152KB

Download
memory/2768-19-0x0000000000400000-0x0000000000426000-memory.dmp

Filesize
152KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads