dd5fab735808e209b96021243749badac8d75f802bd536c84716339e36fab2b9

Analysis

max time kernel
119s
max time network
147s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
12/10/2024, 04:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

38732787483c93079da4bb4bff0c80bb_JaffaCakes118.exe
Size

138KB
MD5

38732787483c93079da4bb4bff0c80bb
SHA1

a97ce375f9f399ad9a7c9862afc99a4dc99e881d
SHA256

dd5fab735808e209b96021243749badac8d75f802bd536c84716339e36fab2b9
SHA512

8f5bbda98614165ff5aedfb83ea849e5da3b4f9483f058164b5c26f329a696a9d76aa96adca600f568e259713cf66629e2f12884e2082de643d396dc7f9a3079
SSDEEP

3072:+T2kCVFrrj9uLRA7VlXiA33hlk7BIKTcykn:+TortugVt3fkqKLK

Score

6^/10

discovery persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Windows\CurrentVersion\Run\explorer = "C:\\MessengerPlus\\explore.exe"	38732787483c93079da4bb4bff0c80bb_JaffaCakes118.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Windows\CurrentVersion\Run\wmplayer = "C:\\MessengerPlus\\wmplayer.exe"	38732787483c93079da4bb4bff0c80bb_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	38732787483c93079da4bb4bff0c80bb_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 39 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Download\RunInvalidSignatures = "00000001"	38732787483c93079da4bb4bff0c80bb_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E90B7CD1-8853-11EF-A5D6-7E6174361434} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e78a69453f00554b9c7935775bae7b96000000000200000000001066000000010000200000005eeb8dceddbbd9c7ea6e486add2614cbae5d6bb7fe6c3c996265f0485dcc17e5000000000e80000000020000200000008f88605c428f2ea2574bd8b2f82ac076539f9460b97f58d7d6af10015624591b200000008e30376a4528e2ae796e938fad037655bc3fbb97c1e8a8fd355396cdda84ce0b40000000c763f22d0d487265056739f9c5ccda1bd97c4002f9401906ae5250e118b084ead9729bf506df2f7174a63dae803a6a5c3f0cc42b41de854f229de670187d256e	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "434869813"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Download\CheckExeSignatures = "no"	38732787483c93079da4bb4bff0c80bb_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 80e232c0601cdb01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Download	38732787483c93079da4bb4bff0c80bb_JaffaCakes118.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e78a69453f00554b9c7935775bae7b9600000000020000000000106600000001000020000000c1f3186dee19cee1b4c814506d420a9b3642668909777c9a95fd9ea23e13eafa000000000e8000000002000020000000492698ecf022a36ca6969b33a16141d0f2a77b4275a41053acec43e08d68adad90000000f06efa14f171ae7f7cac205f0687064420731127a2a0ba3a5e488c27c2417b060b99be91a0e193e6cbcbb2780ce5e37df5babfc085314600fed3bb48df514f36182612b1b957035df2958c7a4872dd0ffafff133b9e1a08e1e63fc8e115a3287ad3c4f7e0517d8b99168b5eb8cbaf5476df8a711f6578db011a4ad6ca4b8824d37027af8bf3afdbf3497c5ad5dcdf9b640000000f4681242913da2fe3349ad8e471b7b62cfaffdb660546ef0c19a6332d1eaf28540bed00f2b6cd8d2667b5d6dd2789ed604e47862d76a66fea6bd83d8ce5a8e55	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2456	iexplore.exe

Suspicious use of SetWindowsHookEx 7 IoCs

pid	Process
2844	38732787483c93079da4bb4bff0c80bb_JaffaCakes118.exe
2456	iexplore.exe
2456	iexplore.exe
2496	IEXPLORE.EXE
2496	IEXPLORE.EXE
2496	IEXPLORE.EXE
2496	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2844 wrote to memory of 2456	2844	38732787483c93079da4bb4bff0c80bb_JaffaCakes118.exe	28
PID 2844 wrote to memory of 2456	2844	38732787483c93079da4bb4bff0c80bb_JaffaCakes118.exe	28
PID 2844 wrote to memory of 2456	2844	38732787483c93079da4bb4bff0c80bb_JaffaCakes118.exe	28
PID 2844 wrote to memory of 2456	2844	38732787483c93079da4bb4bff0c80bb_JaffaCakes118.exe	28
PID 2456 wrote to memory of 2496	2456	iexplore.exe	29
PID 2456 wrote to memory of 2496	2456	iexplore.exe	29
PID 2456 wrote to memory of 2496	2456	iexplore.exe	29
PID 2456 wrote to memory of 2496	2456	iexplore.exe	29

C:\Users\Admin\AppData\Local\Temp\38732787483c93079da4bb4bff0c80bb_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\38732787483c93079da4bb4bff0c80bb_JaffaCakes118.exe"
1⤵
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2844
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe" http://www.youtube.com/v/1qfZWTD1-Qk&hl=pt-br&fs=1
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2456
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2456 CREDAT:275457 /prefetch:2
    3⤵
    - System Location Discovery: System Language Discovery
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:2496

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a7e8a435f2a124f52b8180a23f078b8d

SHA1
1a012b303a0c0ce13c76060386ee180b833f8eab

SHA256
1496e4d812f8c43fe53123097e69cb82aae8b8ef83fe480974c53509280c81c7

SHA512
ccef4fb949adbd2c949fc93e4bfa206a890d6ebd6fe5b50485366bf885e29b9ec90430e9f022364c0b26eff08605e83cb558abe803b0ee5a3e41b8e0a9e29111

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a8957ada128d2159506c28c365ffb34e

SHA1
42974b78b33de6bb5f6df82d4e69c51c4e852619

SHA256
36ba883e475116db84e43cffa0d49102fb0c8a75b4977b03efb832e2d8bb9627

SHA512
8ac15f1dca794f45a8f3bec371674ac4246db88f941a57785e6473142ff1cb96e12cbbd44c4ebdcffbc4bfb65b41fe11da7c99d1f4960faa946cf123e70fc7c0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
70fcaa828b02f72be0a8f39ad7d2cf06

SHA1
4270559a89f923bd1596b421108c176ed9837b96

SHA256
daec8a39797ddf04d64b8a537640c6fd04b9d16a5c5895a9551ab07337c80053

SHA512
a455802446e5d0515a0d093c487e5147d05670d95433fe6fef3779dbb29952c5484f21169022adac35c4b9e22aca5d24c57c962c299195cc0a25d5ce4c113c8f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8ef99370c5c4255c34e172083d21e663

SHA1
541b6b7528d25e9ef04a2a67781f1d3324ccfa96

SHA256
61b56b99e7f820bc7a331b8a087e3de0b8e5ae4ae9efd8b3f7437a0250e9b5b1

SHA512
59717b88bb3c763be561230f32087ef2cbecc3fb3a1cf983bb7436851549abf1fd2dab8213e0a9955c10634df244eb596887060f6dcef8dec41d48732fb40ce9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2cd98c64debd9bb2ff8bf93365a95cdf

SHA1
6a4409203fb92b42925d61a0da81a29c35645a77

SHA256
efb3c1d15833798f1d52e0af798e732b78e82aab558269f192b5fc8cd245223f

SHA512
0913ff37d82fdd27ce48ee129902c51b8b8e0174817391edcea5a814585591cba5fcb4be1bcc5bab8d62127fda66be2057c7fff2cf0bd859f11290a05f7732b6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
edd19ffc59643d3c4a7e11ca4d63c613

SHA1
f9aef5e76dea2fde34947c4001484671f061e793

SHA256
75d87a8f99e3a14c5f1af7ec8b6d9c928138243823c27e02c4a426427cc468b1

SHA512
090b7fe08e96fd72a3539275b75b7f0413613f63218e9f1212e81983a11ba733b2c44cd522253365f60df6c09a6136459a5cb5b7119fe550f2e74b22b7cc135f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9deb6443f68bbde346380c7f41296688

SHA1
f43353ab2064844972d0964db09e979975745306

SHA256
f149b4a0b9234f2e6c34dd520ad935b7d7f3b8e7effac479355eba253517cfda

SHA512
a62fd7ca886ecd45c68a08e4220b7b44f6b7184642ac364d43351abbc1e1a4bfede6f6daedfc0004323750945289eb05e43582dc4a0d61e1a985c168e4173c63

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9bf17b744e511f378c57a0064e779383

SHA1
429b9bbab21f58aafc0c2cbdd8ca0c63006cbab2

SHA256
edc840f29e3ee6ea57b4d2fb12c75064f2c4cf72ead6a5e5f0a501a5bf352385

SHA512
51a02cc3b425d2b4391d3f9183e3a5f35888edd4054bda322f81e7cd53234bf8fd7a4402399a76ff3a6eaeb9c296047b6ce05054f32d8d8652f2507de297c2f6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ffafb1eea479c49f473910bc51af2a85

SHA1
697e06054323cdd09b84e470a3a9d1803044a833

SHA256
ecfe29257d36000d95a19de4680d92b218a8756e38d4b839b5d60f4af9fc8c33

SHA512
c12838c6fdc67f978fa0b78e95343dfbf2ced18c4b1d8fce9059b48b409e8ee2d6bf7ecb8d0ccc5f399fa7336fa5f2c92d756455501a1522826582f0620bc1f0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f881ff7be38df13e7f2f7846f92409d5

SHA1
645e4af208612d98d745b3e675ec476887852448

SHA256
f32e15e5e590066ce7a7ca698aa5711e28df3e2a582ecf56db654733a76cb424

SHA512
f7ae50ba17193f52e362ed540f6e9015f3067ed554619737b5491b6e3db2ba7ba9d3dbe6e6d6ec8f5bfe0e7b43bb0621bde5885f85d82c67ac06030930e817e1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b1748e41f4eeda3f6e788e5e1efe631e

SHA1
aa92c969b54aebfa052515882f24ca57dc4c0c36

SHA256
8f24f0f1260d006b053ce676bb091ed516add3f1b03b2d809f7390acd1673469

SHA512
13bf631461fbf22c64102cd6300266371553e131b928f46c84192b4c25119c3e9b101dd063a6d8464a0df56766597f6cdc7e0e6c7be56f5081f81d441d3ea480

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
73fd8c2fff3fd0ce2ddfb3a54c1dd98e

SHA1
74cc5e4370515a5d21244ed84e36eaa4e6ae4d88

SHA256
9646ea2fba6e2d4ddd961be372076607094f5d56e80a937f12fdb9a846cb3168

SHA512
ef75bf1c7bf255a18af8a8b732567ae7a160ae105b9d7979dc2d86f9dd746891b330fb3b95af3dc6b6ae9ddb83c346e79188416e9e32803bdac0fb54f9d8a3ad

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5d5ba8c5824dabe3b16af670bcbc07f9

SHA1
238ceebb7991c2c20c7a96caa5a3afefb169dd4d

SHA256
3e16aa1153c9c1ede0d703a47180c56dbe58fe844d36c3bd1ff0831ce85ba358

SHA512
9f93ea3114598a7cd3126d051d58cf58663153fc6eb26d1ef1fe51e5cd6e94b2df0b0c86bbf74bb6a94228419f2633267d89fb313b68a2fdb9bd88f6753b35a4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8424bf9f3b3ae1124209b9d75f862433

SHA1
8433054badbcc2086c45ebfecb51410e95c50845

SHA256
3ae0f6aa009c978fc9fb6b0854dbb9c6142a1a5320b75be932f1ee1e50e65936

SHA512
7087dc57460a264a2deee9f4e464bdaafde615d762f21b497a24689c142f716549b91b3bc48eb2c6caf2828d3829dc928f40c9769ef31b5a305e716db41f364b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ae5c400efb9917c31a54ef0fb6eb6257

SHA1
ef9c72da0a8196a009550c1d612597997e8b7c62

SHA256
20db6a2fd7edf939b723c66748eff5b1f8e5d9faae338a5e3e600b1f247f0eab

SHA512
32c679530e288bbb4943b36c285589459c5266427041cb430cd47a4e301042993fdc5be431019e53bacefc95bf76137cb9e3c1ff7ccbabe2ff70b2576ad17573

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0bf8d156b8a021e2d29cfd649f2c7d1e

SHA1
5871db33de4ef3aee719ac866741048c3f2489c8

SHA256
0eee0e9ddcabc95d7c35e5b9bf1e997577bd26e393d01064f028a035b1235159

SHA512
864ad89b8ef1ef370b970c10009c3ba2a18db529979d19f8b96e4c8bfc9b5874587b5dc09bf67b072bd7996d5a99dac97331416203f35d661bba2b45602a9755

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
57eb8e757a86b66bc89ad83d3e433974

SHA1
2a06afa2b852b4ee9eb0f0fba9a0ae90f0c7db10

SHA256
a10cf33fd2ec05ca6632e6af9170400b974ddc7c171c944558101e8df775ffa9

SHA512
cdd0b3ebe0f9114970b6ff99db9e2191adc1d0e14a6cb361d0d9556c98e3c568570b64ea696a038894d7e6030fb370f91bd6a10f14cb2dd8e198d0219de8518a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
059a3f0cf2da783bb1716c36ecbfe428

SHA1
13d190ff7df24a2472efab21c93e1e0703a2f09f

SHA256
2ddaa78e236bd3d9bb17ac27162101efadac33d831067630054629025114b516

SHA512
c5b79ce986e9e6b275e8e936104dd55682f03a0bbf0d77c68c184cbeac2ad181ae683c07b798e48632e25c67f3bb03dc05c8d48a757aac72dd559357df47f570

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
91d13b5c16a213624648287359891fa0

SHA1
546fcd54ee05d715aefde16411fab60558af78e9

SHA256
286f0406728155371148c2884c0409f2ddc289b495da48552df2511b6bab632a

SHA512
f55fd3f468ca5fc6e403cf2ac98cf34a72d0cce4eb4c2f118cb7339a21c39d80ab4b61868fcd6252950ab2207e01b5b2b203630fd13e474ca8b30fce719856be

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
24112918d39598cecdcd29035ffc0abf

SHA1
e21e51dda8f6d403916edf892b6605ae8bacf3c6

SHA256
edb7759eb52f67d7e15fd44b93ad8ff7e3a854ab7c9e6958c3fe28b1f19dc400

SHA512
cf40a00bd1cb5bc7e1aec3d58fdec24558366a6d82e0d81168abc9355647e4b4257d69ee0ec70853c64f3fd605eeb3cb30dc1154c3af5e3b261530da88bbcc9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\z8d0nzh\imagestore.dat

Filesize
5KB

MD5
f8e8dd732d7ff437fa1242501b943132

SHA1
a748b16b928a53f989ba2a8e1a2f5dbe798ead99

SHA256
cfb3aecc38007b18f603fc9149f619c21b9afb945922c3f3ecd3d6f4b8384736

SHA512
2be4aa5d0c0838847de845bb5a168bbc855a7b41a8ba7efdcd96ea08f2c752a622f7677daae4369d18a9d0eafd43f8dadc5d04d6907514506ea37c9f717eda38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K0PVW9XR\favicon[1].ico

Filesize
5KB

MD5
f3418a443e7d841097c714d69ec4bcb8

SHA1
49263695f6b0cdd72f45cf1b775e660fdc36c606

SHA256
6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770

SHA512
82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabD808.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarD80B.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
memory/2844-0-0x0000000000020000-0x0000000000021000-memory.dmp

Filesize
4KB

Download
memory/2844-2-0x0000000000270000-0x00000000002B6000-memory.dmp

Filesize
280KB

Download
memory/2844-1-0x0000000000400000-0x0000000000498000-memory.dmp

Filesize
608KB

Download
memory/2844-3-0x0000000000400000-0x0000000000498000-memory.dmp

Filesize
608KB

Download
memory/2844-8-0x0000000000400000-0x0000000000498000-memory.dmp

Filesize
608KB

Download
memory/2844-7-0x0000000000270000-0x00000000002B6000-memory.dmp

Filesize
280KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads