ee70c9a1d42b56482b7a959b59502153f5cdc9400169a6947eb618093731036c

Analysis

max time kernel
148s
max time network
148s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
04/10/2024, 00:11

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

11095454616f1eca601d06a89cf8ccbd_JaffaCakes118.exe
Size

44KB
MD5

11095454616f1eca601d06a89cf8ccbd
SHA1

201f5d3fefc7f3f5af95a673bee49604799b3196
SHA256

ee70c9a1d42b56482b7a959b59502153f5cdc9400169a6947eb618093731036c
SHA512

c0cbe51f529f938f653e3b9fff99d05d6db08d4c07a3080298e201b41e909d03d13077991c0dde2e8c5c7c5e4b1957c25a2c7bb615c00c3080b9bf465a0ce6a5
SSDEEP

384:/TZSjkeFIJdxL2DpWPSCbzncBSztDU4kWxh2DpoxKFIJ5RjY:/dSjrFIndO8liEdVDhOoYFIxjY

Score

5^/10

discovery

Malware Config

Signatures

Drops file in System32 directory 4 IoCs

description	ioc	Process
File created	\??\c:\windows\SysWOW64\avthekiller.exe	11095454616f1eca601d06a89cf8ccbd_JaffaCakes118.exe
File created	\??\c:\windows\SysWOW64\gbakdhuwza.exe	11095454616f1eca601d06a89cf8ccbd_JaffaCakes118.exe
File created	\??\c:\windows\SysWOW64\mwqaxmzncr.com	11095454616f1eca601d06a89cf8ccbd_JaffaCakes118.exe
File created	\??\c:\windows\SysWOW64\avoismhdwt.exe	11095454616f1eca601d06a89cf8ccbd_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	11095454616f1eca601d06a89cf8ccbd_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{3BE424E1-81E5-11EF-B0B8-7A9F8CACAEA3} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c04ba014f215db01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000303eef0e2cd1a9499efdd285a56ddc5000000000020000000000106600000001000020000000d51bbb4598728520183357d7aca81ed419ee3f92a7f433dcbea0dff9835d35ad000000000e8000000002000020000000dcad55b49569b0668b4bcad93a1eb339aea48a04e853de5b667e1af5d128b1bf90000000c6ed30e13ba85ce840d4ccc61182495ff02352ddeaa9ebc748601bff4766c40dc51093bf5abfe83abef3e95a0088ff8cccfddd36d140cd4398d9817903aee272b6cf5bc145adf904855126372b67e4211ec16e7dd08c56dcaa19f12a908fceaeb10f75847004af1aab6d89ec3e51ce12b03f9de6ba5032f36ddbdc331f4e37ba84026695d4b0e848558b0bd947602b2a4000000021ed5091d81dc06cabb168a2eebd761d2297a7385fec32f9c2e495d79ba3463fd69cd1b14a1899522d07dcfb122284e92cd9c38d26d474f66fdad4ccd0315858	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "434162570"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000303eef0e2cd1a9499efdd285a56ddc5000000000020000000000106600000001000020000000b0a948a4feff34f5b20befa00e77f7f7d9039b056fa75d93e6b9714b866eb648000000000e8000000002000020000000375ea1fc7510a708ebe2960c272544f7c885302a16a47267a66626faf6a09e6d20000000778cf2998409a9f03bdbd6127fe1bc13c3978bc2015065be99685a7c3b4a3a2240000000af0c23fabc74302af946c123991b3bb6d9759f80c90f8d4b66259949f82609638bafc483a13951bb339c050694e043f32087259e0443ac15b605390af704e787	iexplore.exe

Modifies system certificate store 2 TTPs 2 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8	11095454616f1eca601d06a89cf8ccbd_JaffaCakes118.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	11095454616f1eca601d06a89cf8ccbd_JaffaCakes118.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2664	iexplore.exe

Suspicious use of SetWindowsHookEx 7 IoCs

pid	Process
2104	11095454616f1eca601d06a89cf8ccbd_JaffaCakes118.exe
2664	iexplore.exe
2664	iexplore.exe
2912	IEXPLORE.EXE
2912	IEXPLORE.EXE
2912	IEXPLORE.EXE
2912	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 2104 wrote to memory of 2664	2104	11095454616f1eca601d06a89cf8ccbd_JaffaCakes118.exe	30
PID 2104 wrote to memory of 2664	2104	11095454616f1eca601d06a89cf8ccbd_JaffaCakes118.exe	30
PID 2104 wrote to memory of 2664	2104	11095454616f1eca601d06a89cf8ccbd_JaffaCakes118.exe	30
PID 2104 wrote to memory of 2664	2104	11095454616f1eca601d06a89cf8ccbd_JaffaCakes118.exe	30
PID 2664 wrote to memory of 2912	2664	iexplore.exe	31
PID 2664 wrote to memory of 2912	2664	iexplore.exe	31
PID 2664 wrote to memory of 2912	2664	iexplore.exe	31
PID 2664 wrote to memory of 2912	2664	iexplore.exe	31
PID 2664 wrote to memory of 2912	2664	iexplore.exe	31
PID 2664 wrote to memory of 2912	2664	iexplore.exe	31
PID 2664 wrote to memory of 2912	2664	iexplore.exe	31

C:\Users\Admin\AppData\Local\Temp\11095454616f1eca601d06a89cf8ccbd_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\11095454616f1eca601d06a89cf8ccbd_JaffaCakes118.exe"
1⤵
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Modifies system certificate store
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2104
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe" http://www.youtube.com/watch?v=Q5PBXcHesZY
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2664
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2664 CREDAT:275457 /prefetch:2
    3⤵
    - System Location Discovery: System Language Discovery
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:2912

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
6267d14b05a886d96f817f114bb3a85a

SHA1
43e2da05a928af7c33bada3f28aeb08c420e5fc9

SHA256
c20a4f788ed5ba21e210910d2508bc8aa928e4566f02a4463c97369c7556ff8d

SHA512
ca2bc53d1ab6743828a26af69eb0b2511d97200019ab0a5a0fe4f8cf2bede4df8e2f265eaefc70ff509eb72148657d8f4be193252bf9b2e78ec3d0d575411ab1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2440b6be66767c1d0c23cd0423ccb68a

SHA1
9e77d2811f45a2a1d1a5256dee1c39a44ed91a4d

SHA256
3d8f913e7e58634eaada2231a9ee018d80fbaed927739485782e317465d87217

SHA512
28f7a25ab55c9b4a283503303903451d59ef06fba86845bd2340d066285e5000508809fdc1f5ba629dced85f3496ba6d6d728b9077d04b32ccb9c5901bd88a56

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
67e8b055486f8a170f77d56651eb29fa

SHA1
e11f062523da8d871fc54666cad1eb2d5a001743

SHA256
e1dad76ace5851132b31f08d74405fc1182b7f8c200036216ae16fcf07238e34

SHA512
0e998ec41baf50e698be781cd71d5d6d7cbd89f9da5cdb7e60b4c57cad06e8880977dbb0dbd6aa4e2afad64640e0d095d3cf1a3a4dee229752c6953ab603bc66

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0a3d0e904d8a4873903b20e48aaf0cf9

SHA1
618de6f909589ea0455ef3c5efe2b936f2fd4588

SHA256
ee6ed69c04496ac7bb78672baf5bc124ea0d6c290dac717af3862330f8319f65

SHA512
60171ce61968ea66011e2732c8f7457d9dfec4e9179ee8764fce20afe3d5432dea8baf48a75ac3f8870a34d5d24e12feb1b9be201d90d076759f298c19bf5200

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
66b4a21e504a14da5cc2ba2d1fb5ea55

SHA1
3c8e0b2c0c99ae19e7f6f24ef85f6bf0383556e8

SHA256
0346cee97edbc29ce0d956e9a62810af663e568201bf05292928a2f8ed841cdb

SHA512
91d31d88e095d9fb0fd9267029ccc1198951ece59e5e5287c0e82d84276c62d105d57c87e762ec476b00c26b33eecd4c2b3422352ae5faf8a5b847b72a92da7c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a643ccb1683fdaf96bcbbb58f4c97bfb

SHA1
5f9a02f9ef04c15a104e9db2783ed59bee9ef358

SHA256
448ac36d5e96082768b2f2eb7b7c230345d02945f1755afdd8f7f9a991048a98

SHA512
3e60466170d9f730b986de60000f19dd33abd46e9bbc39ac42b197355758d5a3bd227f8d358045db7587240c67ecf2b955192cd0426cffc7083e5510dffac861

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b9a67130ec433b0da1fb2a4ddfd69bdc

SHA1
3d08cfda82a9caa7b1f2ea53fa8b1af189147c9a

SHA256
31fcda82011f13a04effdd4ab391e8e69fe621c51cd6bbca5b8168c191b64691

SHA512
ffa4c2b83b0f1bafe19933501b1d304c2eead16ff1d48c7f4e2e04c93a17b98fbf21fc4163d9cfe487e7e5cba9d64cef4d102e88fd4509f6fb08bc485861ddaa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
597d4bd7ccfad64a6bd564a2f7c50eac

SHA1
c7eda513377e870c62f5a3c2e0418ceb6cab281b

SHA256
f0d69a3b1199ee82348cf124a97701cacf1ba09ee6f7b71be03a2c237cfa92cd

SHA512
641795b489afa8593b00becb57e0d8e03122d0feb9944d33d359adaf7b4a8b523d0290c6edca3c8d61cc1a428cd9ca99d4604b70238d99261140321f36377cba

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a77464f8e562da4ed2777ae75bc48c2c

SHA1
8a88582ed41ffa3b0ff4bf3925fdfa90c5418e85

SHA256
88407ad0ed59d4c74f27fa6b40c14505f0a1465dbdbd656203a010b47527efca

SHA512
2bd6c2e6f820f8533ef9f48f871fcd77d3992e9454e3f18b50c02b8c2c5f29b82b57c99b8016d6f85e841b2b55a6e2b0ef23609ba316a4fd9ca919e5bcb362e4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d5aa5d0a006674eec5099492a649a59b

SHA1
dff91e2b4e1dace200c6c043bca034db3bde8284

SHA256
f32c706c7f4875d9546993fad4732be81beaab59dcd78516d6ba370d42576367

SHA512
b7886bbd25daf9f8c1dd4d2a419ce6ed340e752c0382c6d52a91b69951d32b7c044f4264c9bd38797e2ce584241016676804c7c8146a78f11fd09e9b0ab612a9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3f45e577b4b71aa1e8c8148c27880943

SHA1
5e0addce969dc4dd612b9c813c74e4d27c68ee29

SHA256
beec51db2c1c6012089f02c20d3109626f9c075f9b366408bcd1ce4c3fef27b7

SHA512
188c9a15d4d10788870ca4e22fcb0469882053c6404ee7e07c0b014d4b3579dfa6afcc0c15ed51e8ba6547049ffc9927733fbe936271ab90b63add5dc2600de2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ef86afb312475299f8e2ab32acfc3fe5

SHA1
634095e6871f9fe6d4fd6e6913bf1a7c15096f5d

SHA256
47d25e39f7568b3509bdf90b49310bf9f774ab82ba7175a9a0d32449be3e8f54

SHA512
cea62cd07bd543091ed51cd76a5e8e17d0f8e7ff38c1d19621292b03cece4935249010d88d592a222999037c0220855e7cc6c817ebec83c8c287ff6ed8aa78cb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8ee3c2b8e6e96474e17debe776844476

SHA1
61b3c890bde1723f66e12c27b4a6ecce32a5c2e4

SHA256
27701245b5e5f06ae3d98c1ac290708d7834682bf4acc3f5406e0d6be75d18f6

SHA512
fe5ab4aad97b1825f51c5f2c21fcdc5195df168e8ff0e7a7995619daab1022a3bae7662fae2f9c6e734f7d3d39fe3ea9eddb0f70c32f135a45831d027be147f3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
006722fedff345207be1e0aaafcc250c

SHA1
91218fe437c19bb643e98d3d6144d21c34d56dec

SHA256
3c23ddd8951e69563f5a9e8cc6b77f859191827a10be2e45ce61818b000b9269

SHA512
b1385eabad2827e25b4e2983eedd329cafa6ef7360c70ec317c23d6386bd48c9bd9ca07e31de7803488ba7f761b4fb3518751d80187c4da331605ca18c5ada46

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8e1d80e7d4a3f43ab613441058f76a11

SHA1
d641e2e8245e2225272c9630d53686f041a129d1

SHA256
ecffc378bacf9bd3cffda5f837f8ee32324c1b64565721ebf194f323028f8f5f

SHA512
d0d5fac808e9880a4b6f783ee6394f12a2589e1c649c8d0021bd63a73b8d1526386f366d9bd1016bea4d09e21b5ecee178ee16b4ef1599fb010761a676494ae4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
010d551e21ca9b96bc656baa00178f81

SHA1
553c360d717de7539a8fef3321265481805ff2d4

SHA256
2e70bd7d9481903bc7cd00e2d550e67b04bcd15739919ec451fddfd33b9a1c7f

SHA512
9a93dcf7aa8f30f114d809a16e360ace7f6c0388776c8c1c3a1974451758f82bd9591581aebce800c84ede30c1f90d530e713c64020fab6873f95181999fe35e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f04cb8021ad6854ed8ca0c126c79e471

SHA1
10c14be1eb6528d4d4d2dec198ec49834280d472

SHA256
b6fca64cffdd4c4fc73b909b15aafe90b7fb9e336bf147116e1b676109109673

SHA512
311b98b14f5baf3f2f2e4d977674cfa86577aab01e502b7c858a0c7696a0cc6ec6e8abd1d0f3e1a36c16f55aa24c667bf8c4a72b26a6fb9e620ad96754ee029e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
dcece2085bc0f73d98acac1f2dc1c924

SHA1
429fb5469d0ff9571c255c2aeca2d8de8f41cac3

SHA256
7d5d249dc35db96df495b1ef88644c344d976ad0f371ec7744b23b5952c462df

SHA512
e0571e02b4a18b69432683cf92b423393bd23d5e5c4552b4e890eba9e2f61ff6bf2e8418793dc5e6e9bf25f4f162020386599cd220989c5e61594d419e6ff7ef

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1d1430f9d3bf60a21d6a3813698f0a13

SHA1
ad7fbfb510572ac421de252a7fd6cf4dba820ae4

SHA256
6e5882a8d9d3673cf09ffee57fab9b1a57e4c167dd9b7604b22b3eb8a8de2ca7

SHA512
d8d9057b8e55df7b15fc12a7786bb7a35dbf6cb9aff2f758a8627c2357108a963b5ee015ee35acacae8b5f1d823d29928a52926cc6c1d912748224c0af459b52

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8c54c60253a304c613f8a88ae42e5efb

SHA1
e00b907f6213af43f930a1fc8a95c93b87cee169

SHA256
5d982b2f31dfb6b206c4e25533c0748fc474ea6428da4d409966c4696499815c

SHA512
402af08ce20eb816e55c12cc32e5cf47fc4dd6e3b214ea5a934e1fe29e81a1fb678fab4e78a24ed661484b8a1659ab464ba0c3bbf32cd9fa654ab1681ad43f9d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
8ffaf82809be872a44d574b6d6559a15

SHA1
fc2f43487dd9573ff77f9a36da57362ab83ccc70

SHA256
865cdfb00c7d6fd76c4708af14195e076a150deeee6c16a5e1035416798ea64a

SHA512
2e30c143102a7aeb21bb310ec1c6981e548895f67dab582e225710ed7c78dc2c97f7342b89f66aab774443925e78fb37eb59c5689f3b139b7bd1f20e9177dbe6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\njqq61f\imagestore.dat

Filesize
1KB

MD5
18695d17e99dad825b3a6727abdc395a

SHA1
1f12f94983cd69f295ed491497b084b34ab419fe

SHA256
c43171ccd7cf793a811894d18341b11091b63672db425e4014b5a6783c08e75a

SHA512
4dc6c158e3b2c86c9b65d00c65dea031b218caebd38453a7619868de64cb57fb38f61c9528e9e895c6819d94849d98d8af1b9c76200b487575b4c0a8121daf69

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EOYL2MRI\favicon[2].ico

Filesize
1KB

MD5
f2a495d85735b9a0ac65deb19c129985

SHA1
f2e22853e5da3e1017d5e1e319eeefe4f622e8c8

SHA256
8bb1d0fa43a17436d59dd546f6f74c76dc44735def7522c22d8031166db8911d

SHA512
6ca6a89de3fa98ca1efcf0b19b8a80420e023f38ed00f4496dc0f821cea23d24fb0992cee58c6d089f093fdefca42b60bb3a0a0b16c97b9862d75b269ae8463b

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabBC1E.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarD444.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Windows\SysWOW64\avthekiller.exe

Filesize
128KB

MD5
78f748f4c5d83ba5a9a33a936d3cf768

SHA1
673123588327841ae2441d99bb0dc6ff2f6a4a93

SHA256
dfbfc61482de39ffb044f0a1a49dbe915bb58c7fece6ab56348d01efea8a81c3

SHA512
4b4a9c75603ac2fd93b1cb4f27bc6e31f4c56e57b3ffafb7af67c5b97d74d2cf44548e736a2224b93d245fc4a64a037e294d5a60a25c1271d1a06cbc0719514c

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads