7c4a12f52a3eed59f3b7bd9598ddf8f0a241049900ed3310a69a8fb312346f9c

Analysis

max time kernel
144s
max time network
135s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
04/10/2024, 04:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

11e2f3e322444d43bffbef8587164539_JaffaCakes118.exe
Size

2.4MB
MD5

11e2f3e322444d43bffbef8587164539
SHA1

29c00e5f107a91c8cb73d8f2b70c063614d908b2
SHA256

7c4a12f52a3eed59f3b7bd9598ddf8f0a241049900ed3310a69a8fb312346f9c
SHA512

7b51100f15e55a80b60e0d0c17c600a681cb43f2a2b9c13f635ccdc884b259c903053a6ec27999edef6e3f9789739a87da447df76c1692125f97da234ce3751d
SSDEEP

24576:lg8vc8eW1aQ8rWWdneuZLtObIL2/PEdqzICEFISO/c1Ev+fLA1Yz07nzBA2ho4kU:lTxeWWPlPZLziXEdSICdDv+lz071A2t

Score

3^/10

discovery

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	11e2f3e322444d43bffbef8587164539_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 37 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e04d515c1816db01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	11e2f3e322444d43bffbef8587164539_JaffaCakes118.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	11e2f3e322444d43bffbef8587164539_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000045c0dde48c11474f81d9a2c02be4ea2200000000020000000000106600000001000020000000dab3e97f45407801c2306f15b242f5abbf90c89ca9e8007f37a1ccfcbd4a538d000000000e80000000020000200000009abf28a425fb240714ab6010f9a20cad2bc3ae3702825247323b92010164b94b90000000b96b8ac6fe2c9764e08c166119a022830b9b12388b3e93d40b94f741bb89d258a159b6cff40aeeebd7b84856fa6a8f6f902eb28674310a9b844e674aca2394afdfb8708e16e5c9133a2ed00d1c3fe31835067c896072039bb759e5a62e27677a1927c80cdd323f837dee5844ffc1ae365e71cc92cf9c9aca50963ba049a89c712e069cc6aafab69d91879cd6f2dcdad240000000fefdfeca6f812430b34818c6f50972891cdf83959f4469348e0854f0ab37e5653c8353930474ef2527ec8dfcad5f03fae8a6d3d3d3ce7880d287d96d3fbe3ee0	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "434179018"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{87B3AFF1-820B-11EF-BA5A-5EE01BAFE073} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000045c0dde48c11474f81d9a2c02be4ea22000000000200000000001066000000010000200000002eea1cbbacea5aa519d8b0ca10162c528deba682a068bc2481cc87e3e95d9764000000000e80000000020000200000009fcdd4104dc72f4d77e281bc9cbf46f0772ddf113c9fffa7f1c22201bda94391200000004b44b42879f81e586d34f889261f4f1ddd5e182f9511c3f077e9c7f38c0f17e840000000be526970217443cdaada03214881c5034716fa8272699d31de03f1c40871bf31cb5ee4c4458ac16ac47ee3fc4dbcce512c9f50cd8b1aad23f7192d462898ed2f	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main	11e2f3e322444d43bffbef8587164539_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe

Modifies system certificate store 2 TTPs 2 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8	11e2f3e322444d43bffbef8587164539_JaffaCakes118.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	11e2f3e322444d43bffbef8587164539_JaffaCakes118.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2456	iexplore.exe

Suspicious use of SetWindowsHookEx 10 IoCs

pid	Process
1872	11e2f3e322444d43bffbef8587164539_JaffaCakes118.exe
1872	11e2f3e322444d43bffbef8587164539_JaffaCakes118.exe
1872	11e2f3e322444d43bffbef8587164539_JaffaCakes118.exe
1872	11e2f3e322444d43bffbef8587164539_JaffaCakes118.exe
2456	iexplore.exe
2456	iexplore.exe
3056	IEXPLORE.EXE
3056	IEXPLORE.EXE
3056	IEXPLORE.EXE
3056	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 1872 wrote to memory of 2456	1872	11e2f3e322444d43bffbef8587164539_JaffaCakes118.exe	29
PID 1872 wrote to memory of 2456	1872	11e2f3e322444d43bffbef8587164539_JaffaCakes118.exe	29
PID 1872 wrote to memory of 2456	1872	11e2f3e322444d43bffbef8587164539_JaffaCakes118.exe	29
PID 1872 wrote to memory of 2456	1872	11e2f3e322444d43bffbef8587164539_JaffaCakes118.exe	29
PID 2456 wrote to memory of 3056	2456	iexplore.exe	30
PID 2456 wrote to memory of 3056	2456	iexplore.exe	30
PID 2456 wrote to memory of 3056	2456	iexplore.exe	30
PID 2456 wrote to memory of 3056	2456	iexplore.exe	30

C:\Users\Admin\AppData\Local\Temp\11e2f3e322444d43bffbef8587164539_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\11e2f3e322444d43bffbef8587164539_JaffaCakes118.exe"
1⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Modifies system certificate store
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1872
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe" http://822210.9lwan.com/cj/direct/628147.html
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2456
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2456 CREDAT:275457 /prefetch:2
    3⤵
    - System Location Discovery: System Language Discovery
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:3056

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
df255e2dc80abfce7de4a5d2d0d6833e

SHA1
dac0f6dfbd59f72f920d828d477a423fedd3174e

SHA256
98d749bc64b7c14c85a23587e1ef4686363516327cf26ecdce540adbaadf1ab9

SHA512
e71932219ea5442e442cfc237c404afd6c256a9609bd4bb8d2582b9f25e0dd2b0b37e7da0c5fe55049e7c7183577c8877d3752b7ec8cc57980241f1b60038caa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fde0d45f8b68e64b5a5dd525aea232ff

SHA1
4f0989924ba8ebdac988beae9134999dbdb875ae

SHA256
756ba74b65bb41c4199e9ec1c1790ae363b78a290d467e0a2b5ac352b857bb8c

SHA512
5d3065f5fdad913fededad3a949638b86ffaf21e148d2682106356345fb487f680e40d093dc1a04a484f36e1961ae7fb2ab3f22a7079d28cc6ee079124ab7d7f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e98268cad39d033ae81b2fad6780c225

SHA1
5c2d035d9a96d6444dba2c2976110d70d4a57284

SHA256
d00d1853cbd1fe3c25d905bd85d82e27db67de85d619835298c467797ad65792

SHA512
e39528be2e076703953551386b87c3f5da3b89f438321bd88dcb06ee5950492e44ccca7acca6ec2ce714307edb235ced0dae5b679f8af23269af4429d4ef4145

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
58ccdd4c9f220fe5d596fb6771a47d52

SHA1
77bc972c30ddba51bba8e832f45d68d1df0c34d8

SHA256
d987fc46305a75f2fff5ba30ad5ffa8e0f9c6fc3d2d3769bcdd81f80b2e95bef

SHA512
fb058c7e8f699893f3e650bb287bb24667c055c48fb18e9a8b3976da490144ab2d3ba47ca3daafb327ed09798a8168703098d3d4dd039eb505cba28fb595ef1c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
86c88b37fda1c2bca0da485cb1ed2870

SHA1
cf2d7359a4adbd09e0e94b9c1b83268987969b7c

SHA256
3fa1287ea0ded6e1e530233ff893927069629fe06cf8d9ac6286082fc3e358c3

SHA512
5c89a99984b25703ec926192df62890b4432693123b2109a703afabcf1c8d120f42df042d800ad57f781704810fd95de61480991e3bd97c93cdd7281f9ae29cf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e494a04451764b972bb2bff3b9d0f651

SHA1
2c847fa5afbaf45595abdaebda9dfbab7f220238

SHA256
d2d37c7b1073fad06614ae9ec8276ad0888e2e39a1b9ea61cb0224a04d9b35a4

SHA512
b1b0dd7ef547192754680f3b609f2f7c51dd898ffedf08fa519820e1586757ef4690563c15428914fbb0adb164fa39717e34ebb9a44cb330d7815fb95334bb8e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d3310ede155415ab6197534461375ada

SHA1
cf39a7300c847effe3c07300b9d1373522645873

SHA256
b42cc61e522496c2b82c5e22c928ce8962a08d9fda3f16c29da4830d6e6a6590

SHA512
6d86887c937e6986d715d8203fffa06a65bb7abc3f8b151080b5aa0fb3b3b4b2f8c5dddee53d57048856173a02a13f5ee82867808f6dae2aa6fa69f5cd17405b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a833aab52ca6bdf04b859e2cc9fe8f94

SHA1
8e05835cce133cb51df2b9e8ceafee39645ed7c8

SHA256
7dd4e6e532a2b641c84a2e760270a8056f8c900117db8485577b6530cd6da3c5

SHA512
5d8c6a11ccbc87a7035ec70febd0bb0e2e9ad753b2e32261c9d706c103465b80f12f8b150f19ecf6970f56c1d19ce324877878ae3f53419ca16ebeebcc913b99

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
077ea9610600e7c7a006828e5e99b767

SHA1
41609fe7370247fa57bb814c352f8a06c3415995

SHA256
c1570126540b37959f3f594e2153b3f640d6bb4b3efe5aaae1edcbf5d3d1a110

SHA512
319ab7ef63ed369562edc528253800ed58b8a207c04128d4b0acbc0185b258f2ba622e5bc86aa8f06954d1f389c1d7d9ca11f91aa3a33c548420a486fc13b249

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8051401334b00ae983cb682ea41b05b2

SHA1
e17e3a76b8178230467afab8b71c76c2227271ea

SHA256
ea62a4b844ad765de143c928b11b0b9d9ca4b4a8384c77ac286fd210d4836e4e

SHA512
2fbc7d9e12e25602946b48ad071b15347de5cb0c38c560d90dacc07fd231db7f45724538923d938c11450dfd073a32a676e76b4df3fee9f1eb3440bc66bcdbb7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a57ce4fc31cba4f13a4c145b28fc0054

SHA1
1169d6080f2176c5accbc3a83b0cc5da1cbf4537

SHA256
566a5b8e380d3d98fdde72771f596233a7923a93c3556a7401ab592adc9fd495

SHA512
6447d9d0d0b6a48358023a8b4cf8b358c6bcb5ae5bd0692f14e2f3f68f3c05c1f59ea3f41fd0d0df9cb21affa88edefac5c69dc2672ca46947b913fd727fb1cf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2a9308f3eb7c58b7cfe48e426350326f

SHA1
5b6ba311017dbe00f3d8a16973bc797302b01844

SHA256
e723d5119138bb3b92a1588c3b47bcf8f9f8cd74040d6512a33173158cd0a546

SHA512
4541aa62e07ab21c8e96f7ca5a1895b65642a03c0390ade4b746bcedbea531a1f5c254cab1c351ee95436314f426a6493b5080389254ca72b59e61f418d33e1e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
88f489e438fd3225a21b8d2577b2d2a7

SHA1
cd2100f86a64599f876a053818bcdeef61350aa9

SHA256
1805c8d09465f8cb4f92de4376618597cc98bf9148272f21b93a180a98dfeb99

SHA512
91f055f608462b4e9f2628905a0544cbded01b1fc9928d6fe799a3f6b25bab908be82f501fdeaa0650c918dcf97fe6997f9c05bc4ec249b4b8a3ae129cd889c9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4c88fcf7e816d580feeb553af3345b6b

SHA1
ecdc26982f85bf49e9a30a9c5762f2d6585d703a

SHA256
d26a0287e119ac16d1661517a632fd5a7534e4683229de18ae53220a58e20531

SHA512
408b36f97cb806b61c839016ed820e91525b536482ee4c26c9b8f05fffc2e16e989e04049ee048742a8410b2c08540114b91da4b5e4a4dbd75b198ff69c86111

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3b517ae9646db08edf86ce28b8a1b5d9

SHA1
39ebf8d1afcdc4c81a432e06841023fa20a29e9e

SHA256
1fb9d486153d14e4a97e48580a97841021d2ced6d89ac590e58ceaa196df7a77

SHA512
43b91e9de99553af76bd61090338f36f57317f150b02a91ee30912e2384c4c9b1adf686f903f2b620223fbb6c12228393f8c724b1fddd9ba8f7c64e1650de4e7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2e7b392a01b03b72fe4dacc03c3717fc

SHA1
4864a4d5519864409ee90471c4b4d6945a32c6d7

SHA256
083c8710ca7bc9872c58e5895215c3cf7cffa97a148a373071fb4a21c553071d

SHA512
61e94d378a2282ddee6c79f8ece01526e611fa42303ccd3d1202c87b36965d1fb27755ee4546218d59e4b8fae54ae5a188cd26a7e04a1c4f0c28d99863245be8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f5845efeea68ce9fea3a18094cabf59b

SHA1
fbf28b8d46fa84e3ecc04a3cf6fe9c3d20158885

SHA256
5e816a658fd1e957c2fc3da74057dff575375fdf4a0894445c4adeef94e31249

SHA512
b230ddd14d6a1c02649299b4deac5d613f96e66cbd1d731368b27ec57ccb2a5f41927d0251e704fdaa98f198001120147650582c3f483b4a4f2af632481d563a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
75402e0bb98cc288ffb5a325523c9a90

SHA1
816dbb7647897283343d91a1b3f636b64ae01f8f

SHA256
151ce1029dbb215791f10a5b329b1d5b42cb8d6a3613bf26286d5b1330121203

SHA512
28e0f4eecda68c916076edc3aaee40ed47526fcbe7b9db19a6971a7884d3335d30dcca81de5baf120e0484970dd683b77f063da6964e7302e76a8bed45f28c21

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9ab7d0f86e475e815b9f845bd6aabb6d

SHA1
5d75393d1679b32f17ba4161086460581af01f92

SHA256
bf96de8392cb18497d2c83f7df70ac3d5f72b08cb8be9db189da8db968b84c61

SHA512
5831ecf4afe753daba7fc5bb9fe02ad8426d3ede2b1319295a2caba76d5d1e9eec2578bbd16fd39212e3dd486d5328f943637a512268d5692bb2850f8c809266

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
166660273a9d2f6daf0a7406c026f039

SHA1
f2d941a93442973783a017065ad986efe7ee18ab

SHA256
fb01f9612cf1e138cbf8f241eaf34b3ba9ba2ecc18c8a18887fab72a5ff630da

SHA512
6584352fb72e87438026ec1ba624219fafadf08be4734acb0148902c74d0bca8b31f798df43d7548d62d27cd6a34f80106cdb626e1399ce6ba2baa41fd73da16

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a45680984c3843c18a21432c949ef44d

SHA1
c79005eda750fd578da8bf5c9d3cc6ac3e5f4b76

SHA256
882fb12c744bc23c5533662ed473ab7d305603b1a6f33648062d1e32e232f579

SHA512
096ed167259888b9184fff29ba9a61877d9b8dc48d6846000d4926f0cade15d8cb33a443cda562d3e12fa63ca0febe348856febc94556e28e7472bf8d9031376

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0f5474403de52ee5607aaed42ee22337

SHA1
946d6bbbfae9dae60aea6187ca2a093a71e89883

SHA256
ec3f247c13f8cde78d2a8b452994b357ec1a53d8526ae78d43c9281d186b8ce0

SHA512
7839bf71f6e5855663664d6878240bb1cedd8ef1a2b2545c3c344b5aa2376e2dcbe2d2ab0406de22f0cd0192597e1a15d5976875c2bfe2b65b0675680e2c355a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7ddfd1079569f013f8f3d0704c244437

SHA1
f1bedce66fed6516099c2f5ea8d3f2d28bd0c844

SHA256
e390b6cbeae4c3704501a8d8ab438e3790f692e559f03e6136b89401745a73b8

SHA512
9bbf359bc8e8f93e4f3236f0b370744dce5ba2b2db15d2197a8c5d4efd288a6ce85e9c3d18794e232685975dc8b67be3a2f73108fe323ed5c77a05d1dda29f1e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
59a6f2b375e6382d4339872c5b637551

SHA1
39491a148ed6558091eee1ea47758a8e80c77839

SHA256
2507b598471264a71b8990bc8d6384c8b3cb35e38a0b01e2b522528187741649

SHA512
7aaa8d8173cfa5d9347a96f1da7462b2af183b6b0d6720e5b690881bac8f26db9bd64a7952e4532e2059eeadc9c3ac5e7c7c0ccd558c502bd09bc1a5f9e925e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DJB1KT77\ErrorPageTemplate[1]

Filesize
2KB

MD5
f4fe1cb77e758e1ba56b8a8ec20417c5

SHA1
f4eda06901edb98633a686b11d02f4925f827bf0

SHA256
8d018639281b33da8eb3ce0b21d11e1d414e59024c3689f92be8904eb5779b5f

SHA512
62514ab345b6648c5442200a8e9530dfb88a0355e262069e0a694289c39a4a1c06c6143e5961074bfac219949102a416c09733f24e8468984b96843dc222b436

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DJB1KT77\bullet[1]

Filesize
447B

MD5
26f971d87ca00e23bd2d064524aef838

SHA1
7440beff2f4f8fabc9315608a13bf26cabad27d9

SHA256
1d8e5fd3c1fd384c0a7507e7283c7fe8f65015e521b84569132a7eabedc9d41d

SHA512
c62eb51be301bb96c80539d66a73cd17ca2021d5d816233853a37db72e04050271e581cc99652f3d8469b390003ca6c62dad2a9d57164c620b7777ae99aa1b15

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F91VN88R\background_gradient[1]

Filesize
453B

MD5
20f0110ed5e4e0d5384a496e4880139b

SHA1
51f5fc61d8bf19100df0f8aadaa57fcd9c086255

SHA256
1471693be91e53c2640fe7baeecbc624530b088444222d93f2815dfce1865d5b

SHA512
5f52c117e346111d99d3b642926139178a80b9ec03147c00e27f07aab47fe38e9319fe983444f3e0e36def1e86dd7c56c25e44b14efdc3f13b45ededa064db5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F91VN88R\navcancl[1]

Filesize
2KB

MD5
4bcfe9f8db04948cddb5e31fe6a7f984

SHA1
42464c70fc16f3f361c2419751acd57d51613cdf

SHA256
bee0439fcf31de76d6e2d7fd377a24a34ac8763d5bf4114da5e1663009e24228

SHA512
bb0ef3d32310644285f4062ad5f27f30649c04c5a442361a5dbe3672bd8cb585160187070872a31d9f30b70397d81449623510365a371e73bda580e00eef0e4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KIYAG1MM\errorPageStrings[1]

Filesize
2KB

MD5
e3e4a98353f119b80b323302f26b78fa

SHA1
20ee35a370cdd3a8a7d04b506410300fd0a6a864

SHA256
9466d620dc57835a2475f8f71e304f54aee7160e134ba160baae0f19e5e71e66

SHA512
d8e4d73c76804a5abebd5dbc3a86dcdb6e73107b873175a8de67332c113fb7c4899890bf7972e467866fa4cd100a7e2a10a770e5a9c41cbf23b54351b771dcee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KIYAG1MM\info_48[1]

Filesize
4KB

MD5
5565250fcc163aa3a79f0b746416ce69

SHA1
b97cc66471fcdee07d0ee36c7fb03f342c231f8f

SHA256
51129c6c98a82ea491f89857c31146ecec14c4af184517450a7a20c699c84859

SHA512
e60ea153b0fece4d311769391d3b763b14b9a140105a36a13dad23c2906735eaab9092236deb8c68ef078e8864d6e288bef7ef1731c1e9f1ad9b0170b95ac134

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MPUI9R2R\httpErrorPagesScripts[1]

Filesize
8KB

MD5
3f57b781cb3ef114dd0b665151571b7b

SHA1
ce6a63f996df3a1cccb81720e21204b825e0238c

SHA256
46e019fa34465f4ed096a9665d1827b54553931ad82e98be01edb1ddbc94d3ad

SHA512
8cbf4ef582332ae7ea605f910ad6f8a4bc28513482409fa84f08943a72cac2cf0fa32b6af4c20c697e1fac2c5ba16b5a64a23af0c11eefbf69625b8f9f90c8fa

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabB147.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarB1F6.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads