b930c25023f9ab7ca44bc4694cbb8153ccc06cd2d42e872ac4907d663de5d54d

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
02/10/2024, 23:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0ceef4902e0a722933b8b73d2ef16cdd_JaffaCakes118.exe
Size

176KB
MD5

0ceef4902e0a722933b8b73d2ef16cdd
SHA1

f682b4f6426a1a30e13d2f495bbbfeba7d4004d4
SHA256

b930c25023f9ab7ca44bc4694cbb8153ccc06cd2d42e872ac4907d663de5d54d
SHA512

beeedd75734c715c6c4b3623ac80f7796797d2accf64610a280212bf1f83a5a7bade73850a1c1dc3b787b79145cd9a958bc448ccb0a8a1322c080b1bd05cb5d2
SSDEEP

3072:B7CruBiQ8/ZnN69CK0umzIpHJctCinxER34ImWIIU9OdjAUYr6Vi72NTQFf:B7CiBiQ8BNalM8clxOIYhkOJAdWTQFf

Score

7^/10

discovery persistence upx

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Control Panel\International\Geo\Nation	0ceef4902e0a722933b8b73d2ef16cdd_JaffaCakes118.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\QvodTermi = "C:\\Program Files\\duoduo\\QvodTermina.exe"	0ceef4902e0a722933b8b73d2ef16cdd_JaffaCakes118.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3168-0-0x0000000000400000-0x0000000000490000-memory.dmp	upx
behavioral2/memory/3168-307-0x0000000000400000-0x0000000000490000-memory.dmp	upx

Drops file in Program Files directory 22 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\rar\wy.ico	0ceef4902e0a722933b8b73d2ef16cdd_JaffaCakes118.exe
File created	C:\Program Files (x86)\rar\°²È« ÂÌÉ«ä¯ÀÀÆ÷.lnk	0ceef4902e0a722933b8b73d2ef16cdd_JaffaCakes118.exe
File created	C:\Program Files (x86)\rar\Çå´¿Ð£»¨.lnk	0ceef4902e0a722933b8b73d2ef16cdd_JaffaCakes118.exe
File created	C:\Program Files (x86)\rar\ËµÃ÷.txt	0ceef4902e0a722933b8b73d2ef16cdd_JaffaCakes118.exe
File created	C:\Program Files (x86)\rar\ÌÚÑ¶ QQ.lnk	0ceef4902e0a722933b8b73d2ef16cdd_JaffaCakes118.exe
File created	C:\Program Files (x86)\rar\36.ico	0ceef4902e0a722933b8b73d2ef16cdd_JaffaCakes118.exe
File created	C:\Program Files (x86)\rar\chrome.ico	0ceef4902e0a722933b8b73d2ef16cdd_JaffaCakes118.exe
File created	C:\Program Files (x86)\rar\i.ico	0ceef4902e0a722933b8b73d2ef16cdd_JaffaCakes118.exe
File created	C:\Program Files (x86)\rar\ÍøÒ³ÓÎÏ·´óÈ«.lnk	0ceef4902e0a722933b8b73d2ef16cdd_JaffaCakes118.exe
File created	C:\Program Files (x86)\rar\ÔÚÏßÐ¡ÓÎÏ·.lnk	0ceef4902e0a722933b8b73d2ef16cdd_JaffaCakes118.exe
File created	C:\Program Files (x86)\rar\¹È¸èä¯ÀÀÆ÷.lnk	0ceef4902e0a722933b8b73d2ef16cdd_JaffaCakes118.exe
File created	C:\Program Files (x86)\rar\ÎÒµÄÖ÷Ò³.lnk	0ceef4902e0a722933b8b73d2ef16cdd_JaffaCakes118.exe
File created	C:\Program Files (x86)\rar\movie.ico	0ceef4902e0a722933b8b73d2ef16cdd_JaffaCakes118.exe
File created	C:\Program Files (x86)\rar\taobao.ico	0ceef4902e0a722933b8b73d2ef16cdd_JaffaCakes118.exe
File created	C:\Program Files (x86)\rar\yx.ico	0ceef4902e0a722933b8b73d2ef16cdd_JaffaCakes118.exe
File created	C:\Program Files (x86)\rar\Ãâ·ÑÔÚÏßµçÓ°.lnk	0ceef4902e0a722933b8b73d2ef16cdd_JaffaCakes118.exe
File created	C:\Program Files (x86)\rar\ÓûÍû±¦Ïä.lnk	0ceef4902e0a722933b8b73d2ef16cdd_JaffaCakes118.exe
File created	C:\Program Files (x86)\rar\mm.ico	0ceef4902e0a722933b8b73d2ef16cdd_JaffaCakes118.exe
File created	C:\Program Files (x86)\rar\q.ico	0ceef4902e0a722933b8b73d2ef16cdd_JaffaCakes118.exe
File created	C:\Program Files (x86)\rar\xh.ico	0ceef4902e0a722933b8b73d2ef16cdd_JaffaCakes118.exe
File created	C:\Program Files (x86)\rar\´óµ¨ÈËÌåÒÕÊõ.lnk	0ceef4902e0a722933b8b73d2ef16cdd_JaffaCakes118.exe
File created	C:\Program Files (x86)\rar\ÌÔ±¦ÉÌ³Ç.lnk	0ceef4902e0a722933b8b73d2ef16cdd_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	0ceef4902e0a722933b8b73d2ef16cdd_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 37 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 50ec23702415db01	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 304432702415db01	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{9AE3D8C0-8117-11EF-9912-4A4A300BA5D9} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Software\Microsoft\Internet Explorer\VersionManager	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31135012"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "1867186567"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Software\Microsoft\Internet Explorer\VersionManager	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31135012"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000074472bebe7af3a46942426e1e277b42a00000000020000000000106600000001000020000000f1007b01f37ce3b321e3656662dcbb5e43fc485b85c5595be393f564cd482f90000000000e80000000020000200000000adeed3ee0e1fa7580fc6f261b1be1fd368ae1906461cc22b942592b27d4d50620000000b4dcccf58f8ee3e286b38b2be07f065414be4ed86ff5121b9fcdc4a83e85908140000000abec1042a35114db92fc910f3e9d2298693c4f3ca70ed4c82c669d8f727e8f0398fcc916a47451c8fb96253d7b807a1551da2d2243aa596a904c819229898555	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\""	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000074472bebe7af3a46942426e1e277b42a00000000020000000000106600000001000020000000bfb524b66533ac218a9d8dc4ff833c0ae159cdc0424491a7dee672559cb2543e000000000e8000000002000020000000255be1bae1d98c6c2cbe64fbcd4ba970a8ffc9b808c73c59c8b89579d11623c3200000007f3eac789fdb640d1d158c8283694db3793e5ffe633e13538949c1e183e9dfb640000000b0ac5dd79b0ad2579d57b2f29ec784ca4c1dac22eb9f0d25fb44b7e8d6e0dec051ea808d104afe7236c5179d036d50eea5eaff208ea6664545a48701e6c16b6e	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "1868749103"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "434677360"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31135012"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "1867186567"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
3084	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
3084	iexplore.exe
3084	iexplore.exe
116	IEXPLORE.EXE
116	IEXPLORE.EXE
116	IEXPLORE.EXE
116	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 5 IoCs

description	pid	Process	procid_target
PID 3168 wrote to memory of 3084	3168	0ceef4902e0a722933b8b73d2ef16cdd_JaffaCakes118.exe	83
PID 3168 wrote to memory of 3084	3168	0ceef4902e0a722933b8b73d2ef16cdd_JaffaCakes118.exe	83
PID 3084 wrote to memory of 116	3084	iexplore.exe	84
PID 3084 wrote to memory of 116	3084	iexplore.exe	84
PID 3084 wrote to memory of 116	3084	iexplore.exe	84

C:\Users\Admin\AppData\Local\Temp\0ceef4902e0a722933b8b73d2ef16cdd_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\0ceef4902e0a722933b8b73d2ef16cdd_JaffaCakes118.exe"
1⤵
- Checks computer location settings
- Adds Run key to start application
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:3168
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe" http://%77%77%77%2E%6D%6F%76%69%65%73%62%61%69du.cn
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3084
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3084 CREDAT:17410 /prefetch:2
    3⤵
    - System Location Discovery: System Language Discovery
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:116

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\rar\°²È« ÂÌÉ«ä¯ÀÀÆ÷.lnk

Filesize
1KB

MD5
b86f15f660e4ec12d74794ff5e98c236

SHA1
03603bd5661b98079b6c9b3ff9b5a72d3a5d8256

SHA256
f9f4292bfeb6d48bf056ea6ab187454b41923be0d66e8611a28473cb090aaef9

SHA512
493a0791f92eb18a8d72830d48499ee333133fb360d1ef97fa6ee6011dccaa099f5e4a75ac03df78f6806e64bf6c77f8a2fca8062532177a7a1a37dd04e89c6b

Download Submit
C:\Program Files (x86)\rar\´óµ¨ÈËÌåÒÕÊõ.lnk

Filesize
1KB

MD5
4ab03c1d943ffe9e0fd1f0985f7aece3

SHA1
2b30ef3f709c9878d63418da222d01c5bfaa3649

SHA256
a5c62d182b7d82271c60289f905688388ca61093e373496962520ae318760eb1

SHA512
0b331b1ceaff2e97987bbbe802d12f0d89bc4933774e0a1d5198df6c10a16b7ac528ecc7c9293ec0518643d951b3a75e47fb8ade5d58e5aa164461962bdfddf2

Download Submit
C:\Program Files (x86)\rar\¹È¸èä¯ÀÀÆ÷.lnk

Filesize
1KB

MD5
f1a0895a1b8e4a7ce853f552dd3b7980

SHA1
c3542cdb03dd4b16c5fd6dfb0b66402534d79d85

SHA256
f43ecd32a4b7334579d7db73bb0aa90659d6b92dc811778504c98b93dc551668

SHA512
b2fab986ff2e132835c7299e3b1f8b2a15c81d2230d0eec310bb337a0ef5c63065cacc130cc9a56b23b930e59f9257e37b66ec4004b3a1861b04c1905e33a536

Download Submit
C:\Program Files (x86)\rar\Ãâ·ÑÔÚÏßµçÓ°.lnk

Filesize
1KB

MD5
585215380bf35e1826c40931b04d3c80

SHA1
d06c62d66e369b2324b4b4fdc439e29fa9d527db

SHA256
75aa138d1c7f353710717b55eaa292a36e40aae4772903b69a729d2ecde82ad3

SHA512
1b7557b48a957c8ed7e060a6d29dc815a7b9714dfc83573e97d51e2aef19cbc6a6d2eeb9436f12e0256e637bc846caa90e8633c0a5a1cbc3b140621a408cae03

Download Submit
C:\Program Files (x86)\rar\Çå´¿Ð£»¨.lnk

Filesize
1KB

MD5
a16b4bf83b03a4289431a37c2a60ee11

SHA1
8b87c28cc0ef1cf78aa96f9c7a87a7d34206e355

SHA256
fdc79a145a764749e67f968460a2718bec694f61df4ea8ca10e944ae91253a62

SHA512
d63600ed8cfeda1204473bc0c1fa9f674a1c1fefe8e199e84a4a5dfbf07389510d40d07707508b0cccc4aea55ddfe3e8a5f814f2d7f1ba6de1874c805e21370d

Download Submit
C:\Program Files (x86)\rar\ÌÔ±¦ÉÌ³Ç.lnk

Filesize
1KB

MD5
510f2cd93aa13ca0e1637af66280e476

SHA1
e1548528f40f9d30ccddba7b42ddf602863f22d4

SHA256
625ff37a8a05310cbfe0af4adc220916d8b5b8076c69ae9340ae39933a63cdc1

SHA512
22c90d9f666cc8d0ef70471f5a3b49fe801df56825d788070100d9a03f6b070353381c3a9d8e2d41845094fda88487cefd6377fa17db442ce256976b0b8fecf2

Download Submit
C:\Program Files (x86)\rar\ÌÚÑ¶ QQ.lnk

Filesize
1KB

MD5
0473d55b5e8afba045f34e4c69fe7ebd

SHA1
dd37b3b138891dbb2395bb1105370f90639beedb

SHA256
2f301e0f947bef9295910c895103946a922f74780a258ca29a89aefd0f2d6471

SHA512
6c22c6ad7cb2506a6827f552e7f702ccbc59c43a09254a0e8740767fbab748bf32ca1540c76000792f57c7a9031a19f505c53a6abb9427de4b541843f646c05e

Download Submit
C:\Program Files (x86)\rar\ÍøÒ³ÓÎÏ·´óÈ«.lnk

Filesize
1KB

MD5
07377ec9020ccd56d460b77fc21938bb

SHA1
651b758108dc786711fe9560b52efdd5b03812e6

SHA256
1034ed20228220a43a865911d18455c3108aeb62a6bf38706ffd9d8445a78724

SHA512
ad529b59a7f6d2abe27c38f329a53c628455b4a8c62df4d93f99e5e9244ca34d09e379f28d3ad91fccd36375a24b5763bc78a0f58af8d4c6d040cca58040cb93

Download Submit
C:\Program Files (x86)\rar\ÎÒµÄÖ÷Ò³.lnk

Filesize
1KB

MD5
74225fc88af4d5a758da192c15b37af5

SHA1
3c7cd6e1186c2e7297ef8bfe9482cdd77bdca35b

SHA256
feecabee6dfd2e8b66c33b33427b4db753eae808c15cf6143de819ab86a75805

SHA512
d2b08ffa32ad02a829b1f162e239f87aee3b7b16e3660a7e5a1d9f1dc8d0775af389b0fde8548150e28a1afe979740fd19b9eb2202c30fff0f859aab485ebf8d

Download Submit
C:\Program Files (x86)\rar\ÓûÍû±¦Ïä.lnk

Filesize
465B

MD5
18d95608c30e6d13806baf7000808862

SHA1
7a9935a4d4627c140096fc0dceb61378caa2ea25

SHA256
fc7c00d6e2aaffe48381b2117f9e2cebcd749c1cdd123b65037ae45a6b47a098

SHA512
97263556976d534fc73fa7c074c1d0846479b8f66c8914a890c2fd7199942cff08f431f769897e5ca80d67724991d7d2808b06a393fcf1e004f336206e073667

Download Submit
C:\Program Files (x86)\rar\ÔÚÏßÐ¡ÓÎÏ·.lnk

Filesize
1KB

MD5
968b37e128522eddce2aaa2ebbbcd61f

SHA1
001be64bdf434c4fd3f385c7889d1385c350c8a3

SHA256
3272061eae525f84295013131f52fa9effe2f4933a2f48ba27030eeb92ea1ca7

SHA512
9d98bd45d7c6aa6261c39c3287f5805613bc330a93b28fb21d6043a16a9b48a20ede8de435f4cee43410e7ec29314ff0397bf6ec50010a17adbd4ff2d2be975f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

Filesize
471B

MD5
823fe1de5451b6ea9c69599b131233db

SHA1
af8b9b46bbe4b0b996abc996cc5f000f8c498348

SHA256
a13b5fcb02fe68cd72e236cec1284e80ef9aa37bcbb596f57fa0d32f9bdb5a32

SHA512
043c555804f19aa482e5419fd0a27b3cf3ca5369cf4f9941608358a7cca8f524515041881b35af63b02dd915abca4a51f45c2b60f1070a293b652d6fbe3ca782

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

Filesize
404B

MD5
eb585b16be9d3ef1109ef8a9e166684d

SHA1
da17371f76fcfab3bf086b9e01c56e87c787e976

SHA256
02dc2b7c2b4dc2e2380dbfb54fb7a22423137d86bb4d763c290c1f28c3664cc1

SHA512
c9ac4d94a813f623a3aa39238b8f2e39d8100cad65d47572c4da321a66ef7c06bfdc87b244892ac72338386cbce003af1f5c5a0f7b3dfb443bda4b67a2628a83

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\0U69O7L5\suggestions[1].en-US

Filesize
17KB

MD5
5a34cb996293fde2cb7a4ac89587393a

SHA1
3c96c993500690d1a77873cd62bc639b3a10653f

SHA256
c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

SHA512
e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Download Submit
memory/3168-0-0x0000000000400000-0x0000000000490000-memory.dmp

Filesize
576KB

Download
memory/3168-307-0x0000000000400000-0x0000000000490000-memory.dmp

Filesize
576KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads