e823f12c245a82a9c421678f960d9590ef8ac2de786442c966fd829a5e1a2152

Analysis

max time kernel
120s
max time network
141s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
08-10-2024 23:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

26fedfe9ca4855a8bbdd4bbc61fe06e6_JaffaCakes118.exe
Size

32KB
MD5

26fedfe9ca4855a8bbdd4bbc61fe06e6
SHA1

c695bc1d78b5bbd27d61650643b9402667b12023
SHA256

e823f12c245a82a9c421678f960d9590ef8ac2de786442c966fd829a5e1a2152
SHA512

53fc529a0058bb87b666d7e91e96b1745f42137f9a9afee668ae2389cb73e97578d8b5090948d1e4c77efd796af6d48072d14ddadd0f1d45757ec9c9e3030954
SSDEEP

768:OIMGlhBxtzSlG3XV2scACW3TftY3lf93LS36HMZT:OgTB+lmV22j3i/S6HMB

Score

7^/10

adware discovery stealer upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral1/files/0x0007000000012117-7.dat	acprotect

Loads dropped DLL 3 IoCs

pid	Process
2848	IEXPLORE.EXE
2848	IEXPLORE.EXE
2848	IEXPLORE.EXE

Installs/modifies Browser Helper Object 2 TTPs 1 IoCs

BHOs are DLL modules which act as plugins for Internet Explorer.

stealer adware

Modify Registry

T1112

Browser Extensions

T1176

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7BA20B89-F3D4-40F3-9A31-D6C6F0542DAC}	26fedfe9ca4855a8bbdd4bbc61fe06e6_JaffaCakes118.exe

Drops file in System32 directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\msdaeiag.dll	26fedfe9ca4855a8bbdd4bbc61fe06e6_JaffaCakes118.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1964-0-0x0000000000400000-0x0000000000414000-memory.dmp	upx
behavioral1/memory/1964-1-0x0000000000400000-0x0000000000414000-memory.dmp	upx
behavioral1/files/0x0007000000012117-7.dat	upx
behavioral1/memory/1964-24-0x0000000000400000-0x0000000000414000-memory.dmp	upx

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	26fedfe9ca4855a8bbdd4bbc61fe06e6_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 42 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "434615950"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main	26fedfe9ca4855a8bbdd4bbc61fe06e6_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{D7A9A081-8604-11EF-948A-7A9F8CACAEA3} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b3e8f15f634dfc43bfa5c3a2648d88c4000000000200000000001066000000010000200000003863698d31721a80570a2afdca85f15b324f61e2bf16bfe0fd88fed487536db7000000000e80000000020000200000002e9508b76f5e2d926c08125158155ad06721f1f3ff10e483c8956e93e8b368c82000000090d509521ca6015307976230a6dfd4b8eb598f853d92594596a8b9d8b2f77ebe400000006bca615abb7d73e77eda0dd321f57210e05c2b65fa898a4bfa05f127b0f79d18910a1a5f6aae41571b84541d08b2b0eabd71a7a90f8865b46a111bc8e6dd9af3	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c00000000000000010000000083ffff0083ffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\SOFTWARE\Microsoft\Internet Explorer\Main	26fedfe9ca4855a8bbdd4bbc61fe06e6_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\MAO Settings\DiscardLoadTimes = 208da99b111adb01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\WebPrefix = "25679 - winrar"	26fedfe9ca4855a8bbdd4bbc61fe06e6_JaffaCakes118.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\Offline Folder = "157D254C-9B90-444C-94B6-2994A9079645"	26fedfe9ca4855a8bbdd4bbc61fe06e6_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Toolbar	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\MAO Settings	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b3e8f15f634dfc43bfa5c3a2648d88c400000000020000000000106600000001000020000000ce604721cc85e6d641dbb7053c6c9ad8ae1764dfe98be2c28e7332168339cea3000000000e8000000002000020000000a5dae31a16738511c0788f801decb36207a791ee08fa03e6956745e50b991395900000008f1ec841493f63b8a05ca8b6151f5b066879910b92e310524bd05ef0842607c2f1b7a3fb09f1e09220c7b3107b4e00dda523aa0cace1f220dc23d80ba6f88c13b8b5855e968f7e3059b1d3bc8a98517cf87c6fb8ea22fc24b48e7687006c5551ee63cede20d6b9db67ff9513a7bc20811679acb5a86782a22f7f2a699c6ed40e8e6907228b90b1c59b6b2b54b610b0ec4000000000aabe8bba566d7df8ba19b5ae5c00181d784cbc7c521cf32f00b622c7b6423a3f517a7e4def9b3f2a185db68a391c732b2792cd178fb71cc338e97c34283083	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\Enable Browser Extensions = "yes"	26fedfe9ca4855a8bbdd4bbc61fe06e6_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 5085baad111adb01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe

Modifies registry class 6 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7BA20B89-F3D4-40F3-9A31-D6C6F0542DAC}\InprocServer32	26fedfe9ca4855a8bbdd4bbc61fe06e6_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node	26fedfe9ca4855a8bbdd4bbc61fe06e6_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID	26fedfe9ca4855a8bbdd4bbc61fe06e6_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7BA20B89-F3D4-40F3-9A31-D6C6F0542DAC}	26fedfe9ca4855a8bbdd4bbc61fe06e6_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7BA20B89-F3D4-40F3-9A31-D6C6F0542DAC}\InprocServer32\ = "C:\\Windows\\SysWow64\\msdaeiag.dll"	26fedfe9ca4855a8bbdd4bbc61fe06e6_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7BA20B89-F3D4-40F3-9A31-D6C6F0542DAC}\InprocServer32\ThreadingModel = "Apartment"	26fedfe9ca4855a8bbdd4bbc61fe06e6_JaffaCakes118.exe

Modifies system certificate store 2 TTPs 2 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8	26fedfe9ca4855a8bbdd4bbc61fe06e6_JaffaCakes118.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	26fedfe9ca4855a8bbdd4bbc61fe06e6_JaffaCakes118.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2540	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2540	iexplore.exe
2540	iexplore.exe
2848	IEXPLORE.EXE
2848	IEXPLORE.EXE
2848	IEXPLORE.EXE
2848	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 1964 wrote to memory of 2540	1964	26fedfe9ca4855a8bbdd4bbc61fe06e6_JaffaCakes118.exe	30
PID 1964 wrote to memory of 2540	1964	26fedfe9ca4855a8bbdd4bbc61fe06e6_JaffaCakes118.exe	30
PID 1964 wrote to memory of 2540	1964	26fedfe9ca4855a8bbdd4bbc61fe06e6_JaffaCakes118.exe	30
PID 1964 wrote to memory of 2540	1964	26fedfe9ca4855a8bbdd4bbc61fe06e6_JaffaCakes118.exe	30
PID 2540 wrote to memory of 2848	2540	iexplore.exe	31
PID 2540 wrote to memory of 2848	2540	iexplore.exe	31
PID 2540 wrote to memory of 2848	2540	iexplore.exe	31
PID 2540 wrote to memory of 2848	2540	iexplore.exe	31

C:\Users\Admin\AppData\Local\Temp\26fedfe9ca4855a8bbdd4bbc61fe06e6_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\26fedfe9ca4855a8bbdd4bbc61fe06e6_JaffaCakes118.exe"
1⤵
- Installs/modifies Browser Helper Object
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Modifies registry class
- Modifies system certificate store
- Suspicious use of WriteProcessMemory
PID:1964
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe" http://winrar-download.net/danke.html
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2540
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2540 CREDAT:275457 /prefetch:2
    3⤵
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:2848

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Browser Extensions

T1176

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
b757c68f284e0f232c17223716fd15e5

SHA1
18b23fa95856b52679ddc4725e67a6ccb608471c

SHA256
9ce6797e0964c6594e033c58b2c9e46a5301043788342f64353bf2c22cd65a18

SHA512
dc9a7117aa438f212cbd735fe2c7cd6fc6a368bca0814ac2e3a18c28bfe822c19695ff8f0c4a313b6b61d3adaf279f43c550fb121045040389c26cd4c352da61

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
996439eb0ca45d6c86c6a2aad119222a

SHA1
c496918bcd822138a7a1f12cec7bb2bb8b095388

SHA256
212da265808a5b34c14321100122d7a908229ada182048ed5bb5fe3328c03a56

SHA512
8a3fdc9e0ffdc323caacf624759e72684fab5f666051880cfe9308546391679e0d150d6f97fb3f6a78624ad1258a833c5a02513a328188705871524016df8438

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
773e34c70c63740fecca44771b6e05fe

SHA1
be1fb20047022888d2047bda817f74491a207f07

SHA256
ae7684b73338b978f37dd3fc1e56eb918580fe0507572ed287dd70191849c89e

SHA512
b7d8e1cc842e0b52011aaafe639786dd7864bf56b431bf25bbc88f148108e093c4d128fb15611717d446435270c91010cfc63ca3a07eab83ea6d27bed3a58184

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2ab20b7c77ce615a9d637dd31e42ec5e

SHA1
af492aae4a6f3f1d7a34a9d12620be0523b83b1f

SHA256
3a96d09a4ee6c0c466e0a9fbfa954102d5a277c5821009fdbf7cdf10f4c75079

SHA512
c79bd187410745603a2500f7623e0e68d78079c09562d7fc17f1420517898dd6dad68919a20a5139d6a988e58097a723611f01eae4925e54ccbf12b44d5dcb8a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
11470a395cf783eaf406b00ee2b0781f

SHA1
8f330673341a6edd2e7b431d4103a8b4c7410a83

SHA256
8fb32d004a9cd4604ac743a29f296326422b620e8ace117dcf342e22c7f63d3f

SHA512
b7b9bbc9964d7f963167d6b54b962187deb407135fc9aff563dc5f78096a64189cda3b7314ce934960df7365986827be9eaa13515f574fddcd2a73e419aadf9e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d84c08418895ef0ec8ba7f558dad39ec

SHA1
abae2f458057edf7429c3795eb20ce5d125235d5

SHA256
80dab17f9a971a8019bb16194a7b5ce6475aa8383bce134a50fe40c9d964198e

SHA512
169d3eae4aee4651e8ef1ed9a4e0c9d246801cd7f312b1a95b5ba77d24a69689349d7862ad11c778bddc3c77f95963531bdaaba3521ccf131025440c30819aac

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
01b66e6a325991069833b3715fd7d498

SHA1
287d89099618067e01da0a9c27c973d42dcde537

SHA256
5cb5c20928992dba1c290a758121be82796229210faa23baf50f9897acf3e520

SHA512
01d4630715df322d7cd3741b2f2fd058561f26e516a5439d403c971365711f104357397a7c4c2730d128dcb02e247608e5c27155f3cf758f79d6beac6c5ffcdf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0993c985afd9730dd181b3dd06e1d851

SHA1
7426e6bda75abca98018bb2b6c4d525a63f5654e

SHA256
ef8bbe4190ca8405dd9cf9e587030b16ac0fc3e4a3ca8998573644cb1d3c20b7

SHA512
baa73ea2c7a47efe1c52e2c0a6037e25bb8dc309344b699a178f6044dc5c19ae53ec3d8a2ca526d0092aef1c8fb49d23daf1e3f58f2a6389de8975c51a6de44a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
015b7cae672320a044e39903d1ace644

SHA1
ed9fad15a52866115096617265b65543d6e0fa24

SHA256
94e1c7d3b1e642e2fac4c1f8c54602f11e535d43f6ebcd67e0c95447de1970a7

SHA512
a204a53a05b303997df11e87ea8c05ddc839abc511568f1af97b8ea2f9d8683c5dbf611afc8b241b31e166a20e0c653a6b09bf783e8e7c23a8ae06d4c878f16b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
53e255e19a1be85642d4307f4efc1452

SHA1
784ef345542ec9b25344156daf9e3535dd483856

SHA256
ddc4f2eed97131565325b47bdb5124f929ed028b2d32bf8fbe3d6dd502b0c1bb

SHA512
c0f3acb1bc6ec99e3c431f440e8d64a9dd4af2001f4f33166893326ee36f3cd9ff0c259235dd4703d49610ba0660271e5b67c5b837c39d45145e78d02d223f05

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
70c9bcd7b3c7aafcc9882796a9f4e879

SHA1
7101cefc6205e6bace70a4b0660430621b2bfc81

SHA256
a13bec862a486e651695ce8dce2ecb9e6ac21e00fed2c57e80443136989824b1

SHA512
8e9c2766c72bbe5a7b8322a299b31fefdaea42a3577d40527048a58a4069f3030faa14cf8cdc7116ae955dd50c9c3590ac0dc80e87ac5bc71c1f65153827d3f1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cae79f721cb5be4265616f28c07c7a26

SHA1
0b15156615d8dbe200ecc9a07d0c0f7e71ad2b61

SHA256
cf4f3efcfaa27b70ae4f6375903d2c9852b34cc0e716a4983f855979cf28c7a6

SHA512
6a5266b4352a69b342f16eafde6f12feddc7b057fda9c212813d72f1741068dcdd77e8c9cfb06656ea1b1c8bd76cfd0de485ef864163f74ef92da8927bb3103e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
02c5b775a39e7f3680132d54f0e3b8f1

SHA1
35fb9cfff3a2c5c3c874944db7d62be141aa2e85

SHA256
5894aa4c3f3d65ddd7ab7b662fb6e13cdcb8d3928a1721689bb215050047e392

SHA512
88ded9ea3453c8db21ca723b1175faff26a41e1d22243d38841627939c70e459f85c871275519a106929c86e400e3439962cede416967761b045879016671a29

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
71f4980ad00ee48d8ae28334979b676b

SHA1
68873384ff90280c3112316edd3a759ec97c69c0

SHA256
e10d98e59fcba23037c389c2ebd7f09f1d14faf4591666620ff937aada2bccd3

SHA512
af38df8e94420eef948f09f56960c57a01887656614aaa110802c839ae4c5bad9486d78f85364951575c2790c130263e34429fa5a7e8dda72b30921d2661e214

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2dd48ebd327c59bd0d7b1cf497240136

SHA1
99b641eb6693237ae36f72dbe0f2ea04f83b833e

SHA256
86d7a78790c5b576264a0eef531c3f38c3074526c4047873d397c9838f4427ac

SHA512
9c0a1d38ad1f419933567a28f0d444a95c82a1b00aa1f8d1b589172c42d4508231f2eda6bfb51525a7f3225ad991b3d10b165555565e47d7b1c90fd7eb09abb2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
81527aa80782d2330e46ed5dcc5c568d

SHA1
504adf9b1a38674b76e4cff8540d538df1cafdec

SHA256
4afc1c279efd25ae571e969ddc9dc866b02e79c3204ef8c2bbf4d6d4895457a4

SHA512
d370a1e597cbc2c7c18ae23d44ed831a9714fd4cdb0b96f7c2cacfc326f619947584faa858217cfa2f3275b2dda28d49113b68d8e4af9674d913a1394866e26f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f819b2b0e76e9c565230d8ecae0f4809

SHA1
c59a7e1f70e3c4fd6d5884dc2a816d8603309fce

SHA256
d3e195984b5578eb4c136f201e058ce208872ddd5e8f00dc37a90766f9869078

SHA512
b57c2a36bae66dd15e719fb8a2a054bcbd292547011b5d3dca665715f3fbc62f987c6e82902d39181d4843040729339ea6c2c6cd97f1c705fe62f7e938c3edcb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3a218b0d3efde01d2c3e8ed87d42c476

SHA1
f849d572a93506c13c0df4a414ad7e5ffc093837

SHA256
ffa8d032311f3f7956da0fd1f0019ed2a1a2bb9000ddb755e2328bd47b7d7a37

SHA512
bc4078cda09aa65b3c48dd7a62d5a41834a0b261384503f3450a81aa9adb732013f8b3d0e62dad1ff220e0f26a79e32a9576e4c0299ab5527eafc6e778a6b4a4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1e246afc3ddcac98c254ca32adde403a

SHA1
51563d48cd1e95f015861ac32d71e4d8e15ce081

SHA256
b3716ee02e383a5cf3bb58c748f83eead46b53715766b862b79ba8e44eb8491a

SHA512
58013f1017d0f465288b2f4a0cdab312fc91252fe36dfd087350e230193198ef74da8371b18ee0757ca9a5d465f8f2e17e55e8051119ad4fa28b9c8358689c8d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
37f56edb345b920d5168c05b37ac05bf

SHA1
d16bea0f8dcbda530870b0d491cda9ae058719e3

SHA256
a376b4c2172c7abec8b10d87c430e8d03e05b62f7fc11d73d2052c96d5c9b818

SHA512
c7339b3f7e8fc963383e5ca7bd6d16b6664a533b315319fa916b05821779f27506cc68e2bf188c80eb463464ff92ef88036fd598c67ddc9d0e95dd5cd9ac4167

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
ae83e21f6352f95e093bb6863a2b9c64

SHA1
ac6448820f806b64facc005618bdc8e65bd3163a

SHA256
e4a4ced66ec681ae4a228bc204ac37e431a9c4c206d30af295ce8baf9dfdb739

SHA512
cbccfe326022e5408a53abafa3ebb0ba3f6500303a0a2eb91f1f596780b988d9066c5993b6879a4620664a48fe6738e5a1af5970dc03a429274534f5ddedfa2a

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabD78C.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarD78E.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
\Windows\SysWOW64\msdaeiag.dll

Filesize
11KB

MD5
6f1c18079a0d3323330e35bb107b03b0

SHA1
9db5cbef7d1ae7745004e7300013439eb13ce1e4

SHA256
fa9405d6a7d5976e6d32deb6ed5d27954ae31819b2b930663fa78e2387403169

SHA512
0b0a462d659a012e15fe87422f0007f8f2cf8fb9c0effc9d3d2f25ae470fb31c8e6010053b59c02fefc44facd1b04d9476bfa1b5b49c254b98916e81c6c9c8f7

Download Submit
memory/1964-24-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/1964-0-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/1964-1-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads