f5fc522ee7ea42699bee0f64510ecf5194f073a4029af9995a2f236a144a7b59

Analysis

max time kernel
133s
max time network
127s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
04/10/2024, 09:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

12deba0b037118181b7c0f6277baaf67_JaffaCakes118.exe
Size

45KB
MD5

12deba0b037118181b7c0f6277baaf67
SHA1

46fc4fb95d3a2720669ded9d0506506619c1118b
SHA256

f5fc522ee7ea42699bee0f64510ecf5194f073a4029af9995a2f236a144a7b59
SHA512

96487cdf72f76fd70a1034e86adb6ae8380807c19eb65a1b72d6d3370cdd3386b735751132123d75706e22ba067d8148ce340c25749b385b5ac07e705bf77bb7
SSDEEP

768:Q6MDEOgk6guQrhO23k7/9sppE0iKFz89519yFSUKhJJ16c5Qbdk1Kj30ZRfJLJVS:gExDPQ9l3ky88x8vTJJ16mQbdUKLwRZe

Score

10^/10

discovery evasion

Malware Config

Signatures

Modifies visiblity of hidden/system files in Explorer 2 TTPs 1 IoCs

evasion

Hidden Files and Directories

T1564.001

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden = "0"	12deba0b037118181b7c0f6277baaf67_JaffaCakes118.exe

Executes dropped EXE 2 IoCs

pid	Process
2344	svchost.exe
2544	svchost.exe

Loads dropped DLL 10 IoCs

pid	Process
2148	12deba0b037118181b7c0f6277baaf67_JaffaCakes118.exe
2148	12deba0b037118181b7c0f6277baaf67_JaffaCakes118.exe
2148	12deba0b037118181b7c0f6277baaf67_JaffaCakes118.exe
2148	12deba0b037118181b7c0f6277baaf67_JaffaCakes118.exe
2344	svchost.exe
2344	svchost.exe
2544	svchost.exe
2344	svchost.exe
2544	svchost.exe
2544	svchost.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\taoY.ico	12deba0b037118181b7c0f6277baaf67_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\pop1.vbs	12deba0b037118181b7c0f6277baaf67_JaffaCakes118.exe

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\installer\svchost.exe	12deba0b037118181b7c0f6277baaf67_JaffaCakes118.exe
File created	C:\Program Files (x86)\tencent\StormLib.ncq	12deba0b037118181b7c0f6277baaf67_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	12deba0b037118181b7c0f6277baaf67_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000078a0cc6b0b830b4fbbc12dd3fac6f54200000000020000000000106600000001000020000000ff21022e71383c0ffe051def40aabe2c7e16cb39ad9cea81d82d5fc905100317000000000e800000000200002000000021a7a00e81561f474de1ae336f785117813e26012ad05cdd81c760bcb92abd3690000000a2d629055404f649777ece967c1e911a25a17b89960b7d52a74ed52fedade05353cdf70515acc673b8c0adad05c9e0b3dfa866a223028ae6b495717006378105764c2e611a22f902a93d9fab3fbc1899d373d377c528df507294dccbcef525971e348014ee62d01fd8244a7f96646d344592b1b35d6db2190273b2338ddd3e2e0e597e1433ad9296364b6b3687d66209400000008431dc836c8f5d17c659ece704db54986c61d87bc578d6e12a473cfbd5d966f495b82a79257706f692b7ac23d3a850a06ca37ca9e7880895418caa78daea1257	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{68D5F801-8237-11EF-B5A6-7A9F8CACAEA3} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "434197863"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000078a0cc6b0b830b4fbbc12dd3fac6f542000000000200000000001066000000010000200000007888b9bd24d9ef892dd8165361e21dc9d379c0b45cb5cfc9e7c6bfde6221f6ae000000000e8000000002000020000000f7b9b5f1264a0d09fd7ca983ba47d0e85e15871424eafc731085b3ed46ec1fce200000000489606263683b6d4b48a4cbffa9c14bcbd74b551a68727b4e3d24302878e3ba40000000b3f7b1d60e4d885655089a4ef78dcedb29007827a482c7f0df84b971db561f761329bb6064b7509463d5ef1f0378ed2658293c3453a90d1b4ebcc4d1ed04ee68	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d07eba414416db01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.ncq	12deba0b037118181b7c0f6277baaf67_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.ncq\ = "JSEFile"	12deba0b037118181b7c0f6277baaf67_JaffaCakes118.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2900	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2900	iexplore.exe
2900	iexplore.exe
2916	IEXPLORE.EXE
2916	IEXPLORE.EXE
2916	IEXPLORE.EXE
2916	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 25 IoCs

description	pid	Process	procid_target
PID 2148 wrote to memory of 2344	2148	12deba0b037118181b7c0f6277baaf67_JaffaCakes118.exe	30
PID 2148 wrote to memory of 2344	2148	12deba0b037118181b7c0f6277baaf67_JaffaCakes118.exe	30
PID 2148 wrote to memory of 2344	2148	12deba0b037118181b7c0f6277baaf67_JaffaCakes118.exe	30
PID 2148 wrote to memory of 2344	2148	12deba0b037118181b7c0f6277baaf67_JaffaCakes118.exe	30
PID 2148 wrote to memory of 2344	2148	12deba0b037118181b7c0f6277baaf67_JaffaCakes118.exe	30
PID 2148 wrote to memory of 2344	2148	12deba0b037118181b7c0f6277baaf67_JaffaCakes118.exe	30
PID 2148 wrote to memory of 2344	2148	12deba0b037118181b7c0f6277baaf67_JaffaCakes118.exe	30
PID 2148 wrote to memory of 2544	2148	12deba0b037118181b7c0f6277baaf67_JaffaCakes118.exe	31
PID 2148 wrote to memory of 2544	2148	12deba0b037118181b7c0f6277baaf67_JaffaCakes118.exe	31
PID 2148 wrote to memory of 2544	2148	12deba0b037118181b7c0f6277baaf67_JaffaCakes118.exe	31
PID 2148 wrote to memory of 2544	2148	12deba0b037118181b7c0f6277baaf67_JaffaCakes118.exe	31
PID 2148 wrote to memory of 2544	2148	12deba0b037118181b7c0f6277baaf67_JaffaCakes118.exe	31
PID 2148 wrote to memory of 2544	2148	12deba0b037118181b7c0f6277baaf67_JaffaCakes118.exe	31
PID 2148 wrote to memory of 2544	2148	12deba0b037118181b7c0f6277baaf67_JaffaCakes118.exe	31
PID 2544 wrote to memory of 2900	2544	svchost.exe	32
PID 2544 wrote to memory of 2900	2544	svchost.exe	32
PID 2544 wrote to memory of 2900	2544	svchost.exe	32
PID 2544 wrote to memory of 2900	2544	svchost.exe	32
PID 2900 wrote to memory of 2916	2900	iexplore.exe	33
PID 2900 wrote to memory of 2916	2900	iexplore.exe	33
PID 2900 wrote to memory of 2916	2900	iexplore.exe	33
PID 2900 wrote to memory of 2916	2900	iexplore.exe	33
PID 2900 wrote to memory of 2916	2900	iexplore.exe	33
PID 2900 wrote to memory of 2916	2900	iexplore.exe	33
PID 2900 wrote to memory of 2916	2900	iexplore.exe	33

C:\Users\Admin\AppData\Local\Temp\12deba0b037118181b7c0f6277baaf67_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\12deba0b037118181b7c0f6277baaf67_JaffaCakes118.exe"
1⤵
- Modifies visiblity of hidden/system files in Explorer
- Loads dropped DLL
- Drops file in System32 directory
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:2148
- C:\Program Files (x86)\installer\svchost.exe
  "C:\Program Files (x86)\installer\svchost.exe" "C:\Program Files (x86)\tencent\StormLib.ncq"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:2344
- C:\Program Files (x86)\installer\svchost.exe
  "C:\Program Files (x86)\installer\svchost.exe" "C:\Windows\system32\pop1.vbs"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:2544
- - C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" http://www.95081.net/1.htm
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2900
  - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2900 CREDAT:275457 /prefetch:2
      4⤵
      System Location Discovery: System Language Discovery
      Modifies Internet Explorer settings
      Suspicious use of SetWindowsHookEx
      PID:2916

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

T1564

Hidden Files and Directories

T1564.001

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\tencent\StormLib.ncq

Filesize
9KB

MD5
671584bd11cff35064c545a7d9599de7

SHA1
273a7ed0bdf66933f6f8c49ed8483d241d273472

SHA256
23f3698310efc119ef079650deec34abacf853eea78eabefd179836c430828b7

SHA512
f8b597fab65f7316768ce24e41f0218da116d2f42affd088ad59113a968900be70c72b07f4206374d1e1e6177406af747e06482c56e91443832fffb3fa216795

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
307cde18306afc8d2b7b4ed4418af903

SHA1
2a499731cc13f32ba06e618d739466ae6bab221f

SHA256
70df5e76f345f3cd6dd2b78f4bc527c368cb53dab561534e7c1efab59f7df250

SHA512
c25efd60ce5b05cdedd36ec0e1bf7feb84136add020d42a86b912eb1ead6de7ee7d683067e01e65bddb8bd3f03dafd910aa80527a89e1bc3d8dda0a7ed77e79f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8911deda9a072b2ae56a24b94e9843aa

SHA1
c3f56e7467dae84ef9c7bcec6c6f7a25cc83787a

SHA256
07d1bf731592def4cbb85d7990efa1b64bfbfa841f3d7b360c693bb0626ebc03

SHA512
b618a149afb99e4915b58482b752809090bdccde088e92d2e97d62d82c2c1844fd1cb6d960f74a523f685dce4e0adf3ad62a7a8dca8a3dc352f49c7a25fa5168

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b9e5f0b75326260b7a0754cb6a113e35

SHA1
602744a531594995171e830b3702703696d43182

SHA256
ce6e316379d04f4030061ea7bee3a45d504ae298ec38095a9b398f10ed78af59

SHA512
55cc55788767d74ded667608358902fee851220e55bae079871d752486c89b72cd8fc7012a2f69882df06f7c1adc11bcc932845f540bf83148d7998cbdeb78b1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d652cf5927b6801224a3fb97a0a7ee7a

SHA1
4f5b5a106703ebd928ae99f6d053203360a34e99

SHA256
ae186ef34d9506151256592138f3d16e7924480a28ad8543255dc9a734630868

SHA512
c7eaf1e4d3f80ed414ea43abcd6dde2c8509ca14f1518c002da7640ba6970ae8a7f7ea50e0b182c6a615088f72ee79d413a95a5dcaabccb34902c5909526b299

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
89cb6434b33d813a1557e906a5eac287

SHA1
71be96fb6e2c8ea716f874f6f2a6eb82757086af

SHA256
93b146f196eafb15fc44ccb176ac35c7fee20664c62cbaf63d6c14a522e2bd71

SHA512
d231605dd94802f60ab85aec6e20530b334ae0584eb028ebc25f5a1c9c1f0e4ef26cd3675ae2d00c568ad57fbb1b93f9857caf15d0db4955c5837787ccef25bb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8df228c3cce9c38cc9bd7d3232294396

SHA1
45cb04267f719869428e131b8fd7113314b27c50

SHA256
78b8921d0c112e89f5e297971567ac8c0b9284db850eabb5ad7f4426654592f9

SHA512
d2e7f781b854051d872bae59d2452173800d17844b13ce3bc90d9b261eacbfa3eb20d58342502836dacaafc7899d258c6c7b8a3974438b8f538f04c0e912bdb7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9096f7eb7aacabf8cd6c293406ca2ef9

SHA1
b9d608df3df95e1efe6cfc1628ec17429025e0fb

SHA256
041e5e9e175b11b1e8eedf0497c68f75aa4a9a863c3598bf1aaeec3c7f3eca78

SHA512
00b425890526cc3a59b43374167d0558cab04f556cd013669fa4119e839931425c7e0f15dfdb109b26031504060b6e07edc6004e499776a004fd86ff515445b5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3fd549709a2541a37f20d262171c6be3

SHA1
4fcf8cc23cb72030dbad8624ea8642c68b8cc75b

SHA256
8db967a6d3853632449b61c04f1248f8d2641949041de6a1bc168e574ac7c1e8

SHA512
ef2b5f7402569c18082a8fe5ac0d08e7cd430d2cce73f795bcacee6caebcf1c36b43e0d4e2a877b09f405c2df0096de60614dbba818755c2ce3766cd59f92c06

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9a4f2b09375e6e6534320d241e880c0a

SHA1
b0d29891bb9944c3872acbb44a4a14b99644ac6f

SHA256
2677e43be93395ffe095b0f8cc951e259bdb64e4189e08904b79e23692156144

SHA512
d2b0c9d94fc1a3954a660778455bf3823a40032eeae869e56619847ea374fe7160585ff397fce0855f6c0c8d0a1f12030106e2508873d9dc92002d0bffbde111

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3c2169707031d787427beb6caaf311a7

SHA1
f5d26256035b71172a44f3799023d435d4c49a13

SHA256
2b37c330e2bc4fbba3849a97509ded7de409ee97641fdef24ea95bf8a53d4686

SHA512
b09a446aa5d8e4bd4f7e27cb5aecac50f1155570a52e29ab697cba0aca46c4c0f4b84e35f2d66aeddc4bac70f6801ad963b7c84670604449df0feee077767598

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c0cbb65c03d3726993ac3a5883f54652

SHA1
3e2e442b4f9c55de64b95d6c57b200bbbd7b1067

SHA256
0c08913445077b088cfd36f38326621d2c8f37247c4a61949d8628296824de5a

SHA512
851ebef0d045d0fd76ef465a6dbc0f6a6005de3d816e47fa04a62cb43fbac18b683959d489d1cddfaf55384bfd76eb8b253d5b963ae711f9c7bf2daa9f1d6093

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4db0f12e5c4365babc23229125f2c6cf

SHA1
8cb8951387e30939a8592b2d2408e362c6976225

SHA256
6d725060ebafedf95bfed249fc347a56699df127e00fe030a46853ef2ec696a7

SHA512
086fadbf2d7371e5016662d386cb5af376b0c750ca2e859fc7eb57f330419873feb3075cc179888318758e1068f464f70bc850f6212917b6e305d783a0b51439

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
181658000a30d16493fb88db0d7d32a7

SHA1
a56241a236eeb7eadccba0f0e2b1595b55b7ae8e

SHA256
d5d306261bbd6ce869f9736d5c505abbc0d9a8e00bd7b0113f8d556d119cc891

SHA512
99790f2f6e5e12df4e27a6c225fcb24cfa7735221f88d6a5850a423f87766e999889268159e2c7ececdc2c92831126651779914cf06962e496dbd757a09c0e61

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
345159788136ae3e777681c282ce47ec

SHA1
cb41649bcf48bdb6d5b9a8f876e387aea945f41a

SHA256
57b5118cc75f57f31e5d9f5f10cc69539dc9e9d00b3e0e95c76a615534e95fd0

SHA512
c6c8975d9569e868540f50b831e071ab5f92f01ab54310fdd6765702c103862f4fe6dd125308bab583c7829d4dcf5da740277862c38cf0657e7285dd021b6559

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
710a1e518f6c5ee104a3faac6340b439

SHA1
9b7576e10847ed6b0f6bbf1b2b58a7a09345c1c6

SHA256
d6da98677245f1d7983c3c528fcba97c0501400ccc3f3d3a5599ec62e9960226

SHA512
ad8c97035760308987607d9a8a7cdcda87969d8fad0119024bc3e3eeb101cdfe465544ad6d0d75cb535dbb48cf466e8d2b979211c665189d11d1d9273376bfbd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3f119a0161a019f82528fc2970afc6eb

SHA1
b8ccfb4aacaacd1d57803352baa438afb2ecb382

SHA256
9203bb12791013df801818dd8ca265e95f301e714ec8479e13abbdeb88b23af1

SHA512
cc6428d54bab44bbc979d0499c90c4ca3a582d0c14b382b64af86d6fab4acbde08938c2a276d734395a835e63bcd92d4d616cf5735e8371246310607b44f3745

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a2ca40426f4ea4e4e5fdbbb0c5e29458

SHA1
2dcfe30fc283653476409b96f472190625f924be

SHA256
de20197de820deb9abe44f98b4d8257d2ad81e633fb68166418e085e045f0feb

SHA512
f765b13c40be828c3a308233b14e87fbe7f88a2d86586d090fc3ca5a5693916659b82e4fd2a7d5e828439decd4985334ef686fd6dc70c6acfc49723adf8fe0e0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0e2e6177d38a2d8f1dc55982c4d9347d

SHA1
58c9964e45dfdf73b09378d665cddc998058e292

SHA256
a6fa3563cab1cd341788385dbce9ff9b422851ee92090c68ee8facc019a3ae3e

SHA512
cc81b36f9cf34d20bf71eed25640608d0f1ca9931946058517c903de917ddcb79dc28fe5fe8529cf36f839107d4b01822c96f957bd483ddaeb2f0ab70e090a9f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
29efdec1cca299b4b41813257de2db9c

SHA1
6f0a5cbfe56e019179a4b5edc94feebb995a6ca6

SHA256
f173b42b2356563cef0c429898883d7098db37e44eb90c92c85c0bc40ca8ee5a

SHA512
f6cb26dcd0c43823ab77a20d2d42c1969aa0bf441b063162a640c004eef7b0d5b503fa7cff6c4368a39a8cf43d1620582e048455cc7d715509c540e1536bccc8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a55978a3b63a713e881664e09e9b4ce3

SHA1
d56441ba6caa9f1687c3ce6d41a38e91589b1e0d

SHA256
fe02aae29173a184e905db997eb80af81ff029d3b0013cf668db98eedf423d81

SHA512
5b84fb249260e05dbb37078b39af0d1ce1db0414d8ef235729d627ab9dc3f0a41139e4c4c57cb24638c7bc4180743e081615eee0cb3f16c568761ea91a400b19

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabF451.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarF4A2.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Windows\SysWOW64\pop1.vbs

Filesize
216B

MD5
1fe47a988c978d68e86019de56b29bda

SHA1
6904ea05d6d22e1d5fac34dd28d8455a37cd8820

SHA256
58ef16f24f50009390d92e9bd4172c02f3e4c213151bbef7033bad535ea41f43

SHA512
6f8a401d310243ed54b68c10c582808a5d3f5ea89746b5d9cc67df7d11bec6fd2467b726df9c0198f21b8c5afd1d2bbb75405c8693cd2b1451b179ee0fbc45c6

Download Submit
\Program Files (x86)\installer\svchost.exe

Filesize
138KB

MD5
d1ab72db2bedd2f255d35da3da0d4b16

SHA1
860265276b29b42b8c4b077e5c651def9c81b6e9

SHA256
047f3c5a7ab0ea05f35b2ca8037bf62dd4228786d07707064dbd0d46569305d0

SHA512
b46830742eebc85e731c14f7dc72cc6734fcc79aab46f6080c95589c438c4cca0a069027badc0a8a78e4deeb31cdf38df3d63db679b793212a32efdad7bb8185

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads