fb287c16a916eaacb3780b73943dba9bfe42e58c2dab0708e175cffc1c2a7fe1

Analysis

max time kernel
135s
max time network
134s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
05/10/2024, 07:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

16b7b830069f2537fc920c4dbbd13981_JaffaCakes118.exe
Size

86KB
MD5

16b7b830069f2537fc920c4dbbd13981
SHA1

56b27c92299b08342a33550fbb74672eaab4102c
SHA256

fb287c16a916eaacb3780b73943dba9bfe42e58c2dab0708e175cffc1c2a7fe1
SHA512

220130536311773bf373101bea51cefeacaea1f3b43c0080447a1ecf96a11b39724234dd41ddc02f573f0df6adc330cb20f69ecbb44b1d6323e107e7e7605ed3
SSDEEP

1536:01Rjr6PKT/wJNr0aCraUFMM40dE6N9gE1QetDwOpF0Sj:01RjuW/sCWUF+0/9TQcDwO3Nj

Score

7^/10

discovery persistence

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2304	server.exe

Loads dropped DLL 2 IoCs

pid	Process
2108	16b7b830069f2537fc920c4dbbd13981_JaffaCakes118.exe
2108	16b7b830069f2537fc920c4dbbd13981_JaffaCakes118.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\RegistryKey = "C:\\Users\\Admin\\AppData\\Local\\server.exe"	server.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Windows\CurrentVersion\Run\RegistryKey = "C:\\Users\\Admin\\AppData\\Local\\server.exe"	server.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2304 set thread context of 2352	2304	server.exe	31

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	16b7b830069f2537fc920c4dbbd13981_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	server.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 28 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "434274955"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E608CFB1-82EA-11EF-A7B7-7ED3796B1EC0} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeDebugPrivilege	2108	16b7b830069f2537fc920c4dbbd13981_JaffaCakes118.exe
Token: SeDebugPrivilege	2108	16b7b830069f2537fc920c4dbbd13981_JaffaCakes118.exe
Token: SeDebugPrivilege	2304	server.exe
Token: SeDebugPrivilege	2304	server.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2352	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2352	iexplore.exe
2352	iexplore.exe
2964	IEXPLORE.EXE
2964	IEXPLORE.EXE
2964	IEXPLORE.EXE
2964	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 13 IoCs

description	pid	Process	procid_target
PID 2108 wrote to memory of 2304	2108	16b7b830069f2537fc920c4dbbd13981_JaffaCakes118.exe	30
PID 2108 wrote to memory of 2304	2108	16b7b830069f2537fc920c4dbbd13981_JaffaCakes118.exe	30
PID 2108 wrote to memory of 2304	2108	16b7b830069f2537fc920c4dbbd13981_JaffaCakes118.exe	30
PID 2108 wrote to memory of 2304	2108	16b7b830069f2537fc920c4dbbd13981_JaffaCakes118.exe	30
PID 2304 wrote to memory of 2352	2304	server.exe	31
PID 2304 wrote to memory of 2352	2304	server.exe	31
PID 2304 wrote to memory of 2352	2304	server.exe	31
PID 2304 wrote to memory of 2352	2304	server.exe	31
PID 2304 wrote to memory of 2352	2304	server.exe	31
PID 2352 wrote to memory of 2964	2352	iexplore.exe	32
PID 2352 wrote to memory of 2964	2352	iexplore.exe	32
PID 2352 wrote to memory of 2964	2352	iexplore.exe	32
PID 2352 wrote to memory of 2964	2352	iexplore.exe	32

C:\Users\Admin\AppData\Local\Temp\16b7b830069f2537fc920c4dbbd13981_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\16b7b830069f2537fc920c4dbbd13981_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2108
- C:\Users\Admin\AppData\Local\server.exe
  -r
  2⤵
  - Executes dropped EXE
  - Adds Run key to start application
  - Suspicious use of SetThreadContext
  - System Location Discovery: System Language Discovery
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:2304
- - C:\Program Files\Internet Explorer\iexplore.exe
    -r
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2352
  - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2352 CREDAT:275457 /prefetch:2
      4⤵
      System Location Discovery: System Language Discovery
      Modifies Internet Explorer settings
      Suspicious use of SetWindowsHookEx
      PID:2964

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
22e3abf9504476e88a223d3dccadf439

SHA1
6ccc38fc857fcb0e78310e7bfc35721a2c6c356e

SHA256
603a4eec445ef1640c8b19c43b1d85628c5ff33d8a5cdd949920f25a1ed0a6b1

SHA512
7daac52095ae59bc2f9339a5960cae93cd4c94d304e2256cbb7b5f064173984acba2964ac78714fa9f2aba4ea81d3ee9a169dbacd968950c5bfb3005966f54f1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0e59eb4d9419c47064afcb56ba76554d

SHA1
6722fdabcfcd8fc03873347f879e99c409b1fad0

SHA256
f9bdf6b140531cff94ef561c0d52370c6cf6e67ed653fcbc6f0ff7e3a5ab25cf

SHA512
28ed14e02f013fb9fd330d888b9d4dcd3cf5035ea8582cf2ae97bb95734bf1578c0791ded7232db8c158ed21c851646b78378485927700d4adac155994a9f30a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fc51f942b82577ade7125d4309b415cc

SHA1
9f4f19584324b34e3b37607bad943e3647b7a877

SHA256
bd58b3849e76ae155f867bf1ba4e95c5cb4a45f922e2567bae22ab63c2d6ead7

SHA512
8d896ab10ebf6331d7e706d7f2ee54ca9f275ccdcd05b4f8054d492f5dd845db8eb32ff020e043bd3606ca183242b67edef926edeca21c84bf6c943f352d8cfc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5f8552a5a5b0bd9e03b148f83cf6f3dc

SHA1
0a4743fdc99b7e05562ad2755bf5a697678877c9

SHA256
f2844ca34165fb6f242685efd459321a595f5b3e6959f6e5fc7eab75d276bab1

SHA512
b050053a83ddb627534c7428b3bd688124df74c954667ee05c564e94b6c7f17ae467ea2958822839aaea823ab79c8fd1826b4b7fc39fa9f3e92414b01626e126

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d159198eaf05dc3258682558a8043595

SHA1
1c3926c2f74d1ed597f35975e7c61e682e16989b

SHA256
cc613a7323f080b06ded30678b6c4f05ada4e6f206f534abedbc7a568cf424a5

SHA512
314e743afd5b7e623f8073a1117d5f6d6d7d3007f8ff67a8cc67a0120dd6636498f67a8127c0cba753595cb3988f96c3608be9310d29ddc97843aaf58727ed8f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b08a8c7dac50f7d0fe54cda5c81f82ff

SHA1
35b13362f9c9a969063817f1c0f601095d3de5d6

SHA256
7d361b9efc1f6851ec1c984ac48f81bbaa822105c5808379ba541554102f65c1

SHA512
19e7b950942890c411efe815839e03242739ad6c6167daa910fc4968ac996e63af4c33e724d92e69dda22ea97f2e65cf3c5738469ad428da5551bed7133cb0d5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9b9ea4969f26bd99c09855fa804f3df4

SHA1
8e63280d4ed59bf39b7c92db8e36c34713e49445

SHA256
4dc80e5544cc0f3383a30be441884a49d26f6e47671981b1468aff32efdba12a

SHA512
1d4022869fb879fb593012820fc5f219bdca9399d89262d6c387778be99646aa8736b0a3cd66216f299c422f92a9f4b5b4b8a1945e62a1333b10e9eb47b0b6bd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4ea891859d28edbc6706c42734e88a33

SHA1
f7b071fe9bb0763d435e03e97d54ec82755b660f

SHA256
6768546e1288f8cc7a28908fb5097275c162d051c4171fb6ddca754a2325510c

SHA512
b62bf2defcb968e68c78b863d3c509db3238f07583ef55e6a02b4b48048e76851dfb91f30124dcb4e8d5b84e45c4d2d72cb54eecd60bdee05ac2c98efe6e67eb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5d44ac671ccf019a0702e6807d86e1bb

SHA1
4e01d410c30d8ca231a757d2b1ed9c85f36cb0e6

SHA256
c90e08b8243058e3580419e8a3294dea9f39c18fd5050f0d91a5c8c895a9eb75

SHA512
f7974da6f41fc026272e91155d68f2daef84102c9a979bb2942b5d6d7c04d0c9620af764ccf2229272d6f487cc93fd994bf3bedd72f060ccc3432128723bb4a9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d6808687a48c66ea066900cf12f9781b

SHA1
72859c3e09dbc63a85c6c1a68e5a75edacb79c60

SHA256
fb0a6b9c30549122e2a828a9153fd04b29361ed7dc495e4421264be2621ef9b5

SHA512
e575b1fdb13347f34235a7ba32bd036619ca5adba56164adfadba46d9da676720517b8ade1f3ae9f2a74193a8f1ddf7f6dc26447ba08926623fc507d76bc5a90

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
052c38aa8f0be1a688a883470ec510a2

SHA1
8519ecc00480a2d3a4b9f554cdb3a2e6cebb4d9d

SHA256
18c24be2c09da3df1ab8df25a8377cf0bee7cf55db8c33449caecc87bb4ed123

SHA512
bb3db27bf2db2ffabaa3ba689b12dad5208e98526bd7ea614dfce33190f38e878816e1bfdb0ce524171f69a3dc434899ee3efa2b5c6f75ef7675d4305acc107d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
394ccf058b37a89087a6bc7dfad0ce81

SHA1
426c8b75ea815b042b337289b8b7d09b9fcf525a

SHA256
af3cf8056721c4e543e204bbaca2786417cfb61db180de4ccbcd3dd334343974

SHA512
acc4db16dda673f9e581d44a4a0bffc9e281a4042803913f0966633124378b95046ca045c524d9be2c2d83cd1dc18c22fab3e304626a9b1899e5d86936c89c11

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7dbb0c290cd44bfb37743048a32254ea

SHA1
373b7a253a609b4d8a4845dc73df8fa5684da4a0

SHA256
2d750d3ed9064c9b76f2ec34a987ef232e63046d9ff6f300e961331433d44d74

SHA512
638a1362f0b1fb0cfaf26adbd2b346bdbdc144ec23bf8bb36731ded6e1889ab4946e7251c9819ca7c5ec77ea88cade199097f281e2f49275f94af06a0e52d28a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
65f78dc3f3937767c2eba23f5488a3a8

SHA1
829df10ccbe0ef148a03a2f57e652a63a30469bc

SHA256
ca20b38cc07ce3e9fd074288c6dc7f11ed18d5741cd5d5bbb5ea26f33ce1043d

SHA512
36e5f77359fd1967931d2cde702e988d4bc548c92cfc2945514745d9fd261fb9268c399ad08ed5e396838ae6c9dd2b06b21ecf79dc696939c7312db390d60992

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
49bc0e41a50115bf841a0a871a635e81

SHA1
d7922f6cbca04ddbd7f9030f37b2e2ae8e945ae8

SHA256
7c0ee785003f2771dcf272cd6777a6535b9daee1a513441f44a7903fea8a0ad4

SHA512
1676a89fb69d2f812342382e25f65830b7fae46948cbff6f60d04102f31c369a71e3c96a9e745deb6bceb5fe288c621483ac850fafd0edcfe0c87c7cac32405d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d0736d3162d108a21e384035d40b909e

SHA1
5deb3b0056243da55f7cdf219fc02fb248d72a6a

SHA256
0fecc7e36b10d4b3f12c9f6e29fcbe7b05861d82ddbe74b644d15b6c45bb2307

SHA512
c57a523548cfbb4e20b41d0a7eff85590919ddd454a49d26870e4cf87ecd0b478d0e3200c5f227858e27983540b745241c8f9fddba7cca8baf853f1b6b3af42c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b37a51c2204913c158499dd131e2fa68

SHA1
97fd274eaa7b949c8840cd3d2a0d02fb5a0bea53

SHA256
a105be35aacb937c02800b2d93ee9b29c2d7074d61057bf875dedcfedcc99419

SHA512
8e38ab96f15f90be1f896cb85eaf63854d6133322f2627badcdd44c2f20758fdd912e4e78b21eab45c2aaac74bde49ddcd359d16aafe5493855883e18c254558

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
395b46edf81446d6d4d1da1f14e83f71

SHA1
20e1843c80382ca9dfea10bf3385524fd2008aaf

SHA256
be7cd54a5e45504321b6bc9326a316277343c5c2ec4a6f882fbefb8e4177cd6e

SHA512
8d9fe2db78152642e75d4b2968e790e232dbb66e9dafdebb230c32e209e71149cfb61ebab25ea1c875323bb362eddb83f429e4a4535793e0211ebe2bcb0c65f0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
300fc1e4cefa865623e968b40f19921c

SHA1
fa3e09d4a186480c255b47d3c78db2eeddb507df

SHA256
0f3aa7a43156ccf1478f24deb97dd4c7145c0bb5dd9f9c3713074f175ce735c7

SHA512
4007888ebc142e1dd312e7b61ebd3c160a3436df3ff8ede606bcd20fe4fad41778c3d011e97c929396c3a4484b01c3303c1e3d511a6e25f8b970738add297132

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1aec0acdd9654a4d488c86db355f19df

SHA1
ed7e36ede0399fbf144745c8cee8decaec21d7ea

SHA256
c59599d45e9a587574d7da57eef4009c13439b284073c7fdbc2a080114a913ee

SHA512
17ad02714b9c5ff7f6472d48b80838cc494d8cf2c23fd95e9e1c7c2f2b8c6eeaa567bc32a9b28d0d9f9ef51b8451e3ea87f7e0682429a5c02ba3fc764cbf6dd0

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabF93F.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarFA2D.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
\Users\Admin\AppData\Local\server.exe

Filesize
86KB

MD5
16b7b830069f2537fc920c4dbbd13981

SHA1
56b27c92299b08342a33550fbb74672eaab4102c

SHA256
fb287c16a916eaacb3780b73943dba9bfe42e58c2dab0708e175cffc1c2a7fe1

SHA512
220130536311773bf373101bea51cefeacaea1f3b43c0080447a1ecf96a11b39724234dd41ddc02f573f0df6adc330cb20f69ecbb44b1d6323e107e7e7605ed3

Download Submit
memory/2108-8-0x0000000030000000-0x000000003001D000-memory.dmp

Filesize
116KB

Download
memory/2304-11-0x0000000030000000-0x000000003001D000-memory.dmp

Filesize
116KB

Download
memory/2352-10-0x0000000030000000-0x000000003001D000-memory.dmp

Filesize
116KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads