01da0487befd3feb380da7434a1aa5d6e5218f0d13fe758972e378c18c7dc949

Analysis

max time kernel
146s
max time network
120s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
12/10/2024, 19:41

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

3bbf5da4b58bb4b82cc4568f1274a64b_JaffaCakes118.exe
Size

87KB
MD5

3bbf5da4b58bb4b82cc4568f1274a64b
SHA1

8d8de65d72239e0ed3e9091ebc7545351da65ce6
SHA256

01da0487befd3feb380da7434a1aa5d6e5218f0d13fe758972e378c18c7dc949
SHA512

66d76ccba58d380ecf7fd585f62e91e3e62431cda1d2878b64d616d951cc5f30c65c5a6cf905e46b24575533e30ed95f2a1d53a7eba13042e72527a33b19574e
SSDEEP

768:14NZ90caYDpWhuxKWnfx5Tn06S6bnU+5XCRhvhHIFoAOoYsiLNSTignVL+Wa2zWk:GZVrDsAfEunU2XCfvWFo1rBdgnV6d+

Score

6^/10

discovery persistence upx

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Adobe_Reader = "c:\\program files (x86)\\internet explorer\\wmpscfgs.exe"	3bbf5da4b58bb4b82cc4568f1274a64b_jaffacakes118 .exe

UPX packed file 8 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2052-0-0x0000000000400000-0x0000000000414000-memory.dmp	upx
behavioral1/memory/2052-1-0x0000000000400000-0x0000000000414000-memory.dmp	upx
behavioral1/memory/2052-2-0x0000000000400000-0x0000000000414000-memory.dmp	upx
behavioral1/memory/2052-3-0x0000000000400000-0x0000000000414000-memory.dmp	upx
behavioral1/memory/2052-5-0x0000000000400000-0x0000000000414000-memory.dmp	upx
behavioral1/memory/2052-6-0x0000000000400000-0x0000000000414000-memory.dmp	upx
behavioral1/memory/2296-13-0x0000000000400000-0x0000000000414000-memory.dmp	upx
behavioral1/memory/2296-36-0x0000000000400000-0x0000000000414000-memory.dmp	upx

Drops file in Program Files directory 5 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\259432189.dat	3bbf5da4b58bb4b82cc4568f1274a64b_jaffacakes118 .exe
File created	C:\Program Files (x86)\259432704.dat	3bbf5da4b58bb4b82cc4568f1274a64b_jaffacakes118 .exe
File created	\??\c:\program files (x86)\microsoft office\office14\bcssync.exe	3bbf5da4b58bb4b82cc4568f1274a64b_jaffacakes118 .exe
File created	\??\c:\program files (x86)\internet explorer\js.mui	3bbf5da4b58bb4b82cc4568f1274a64b_jaffacakes118 .exe
File created	\??\c:\program files (x86)\internet explorer\wmpscfgs.exe	3bbf5da4b58bb4b82cc4568f1274a64b_jaffacakes118 .exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	3bbf5da4b58bb4b82cc4568f1274a64b_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 39 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000953bd8210872ea40aad5946cc0771cd300000000020000000000106600000001000020000000bd96f70824d590bd8a9922e07d59800c30f838cbacb3ef56cafe08b4f80f5113000000000e8000000002000020000000a0df80e5090894ed1dac3b033ea545617104d4c55c2165be198f8eedbdf88df090000000c2aee6d0d009411d3c6cbac89fecb2f8a48e8378fe98acbd0fecc016a0ea26851c222f9cc70f8fb838d9034d6c5120a9e7815b6d4d74fd482130c026342698b15fc308620a405962c025e47e540b84dd74758780e6f10bf360715ad229b5ea41cd66464cea29acbf1e13e2733f300d460739963a1429f30ebb6d131d05f76db70e9c76c75eb8a70c19d8d4e93fa110b740000000e8cc328c8fcca6bc9c09ae002176d598af6bbdec36dfe92f0e72179231e89af1ca64642e7bf26f2fd834f8c1c8707543140d4df27bd7586817bda6bf30f28775	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000953bd8210872ea40aad5946cc0771cd3000000000200000000001066000000010000200000005b9d5459bdd6a0177e4e3848214fbf3f8294ba0b036e03e6e22eb4e213bb96e4000000000e8000000002000020000000bf02ce303807135d4c9c2ef7f32f2a7094aa87f3a92155990628782dc8b6ab152000000084ae43d6da956003234641cb22c5229636e88fc94c52829ed162c09673e5397e40000000dfcea80452afc6b65832fbcff7271cb8f1b62de1f0e3979e0707971458754ae4e5c632e773d9c2ca081036aaf3a06325025d386efbd2af2dbc14a91df679da32	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\Enable Browser Extensions = "no"	3bbf5da4b58bb4b82cc4568f1274a64b_jaffacakes118 .exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{04F50961-88D2-11EF-B895-D686196AC2C0} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d0a453cdde1cdb01	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\Enable Browser Extensions = "yes"	3bbf5da4b58bb4b82cc4568f1274a64b_jaffacakes118 .exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "434923975"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000000000001000000ffffffffffffffffffffffffffffffff3d0000003d000000c3040000a2020000	iexplore.exe

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2052	3bbf5da4b58bb4b82cc4568f1274a64b_JaffaCakes118.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2296	3bbf5da4b58bb4b82cc4568f1274a64b_jaffacakes118 .exe

Suspicious use of FindShellTrayWindow 3 IoCs

pid	Process
2576	iexplore.exe
2576	iexplore.exe
2576	iexplore.exe

Suspicious use of SetWindowsHookEx 12 IoCs

pid	Process
2576	iexplore.exe
2576	iexplore.exe
2600	IEXPLORE.EXE
2600	IEXPLORE.EXE
2576	iexplore.exe
2576	iexplore.exe
2804	IEXPLORE.EXE
2804	IEXPLORE.EXE
2576	iexplore.exe
2576	iexplore.exe
2600	IEXPLORE.EXE
2600	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 2052 wrote to memory of 2296	2052	3bbf5da4b58bb4b82cc4568f1274a64b_JaffaCakes118.exe	28
PID 2052 wrote to memory of 2296	2052	3bbf5da4b58bb4b82cc4568f1274a64b_JaffaCakes118.exe	28
PID 2052 wrote to memory of 2296	2052	3bbf5da4b58bb4b82cc4568f1274a64b_JaffaCakes118.exe	28
PID 2052 wrote to memory of 2296	2052	3bbf5da4b58bb4b82cc4568f1274a64b_JaffaCakes118.exe	28
PID 2576 wrote to memory of 2600	2576	iexplore.exe	32
PID 2576 wrote to memory of 2600	2576	iexplore.exe	32
PID 2576 wrote to memory of 2600	2576	iexplore.exe	32
PID 2576 wrote to memory of 2600	2576	iexplore.exe	32
PID 2576 wrote to memory of 2804	2576	iexplore.exe	34
PID 2576 wrote to memory of 2804	2576	iexplore.exe	34
PID 2576 wrote to memory of 2804	2576	iexplore.exe	34
PID 2576 wrote to memory of 2804	2576	iexplore.exe	34

C:\Users\Admin\AppData\Local\Temp\3bbf5da4b58bb4b82cc4568f1274a64b_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3bbf5da4b58bb4b82cc4568f1274a64b_JaffaCakes118.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: RenamesItself
- Suspicious use of WriteProcessMemory
PID:2052
- C:\Users\Admin\appdata\local\temp\3bbf5da4b58bb4b82cc4568f1274a64b_jaffacakes118 .exe
  "C:\Users\Admin\appdata\local\temp\3bbf5da4b58bb4b82cc4568f1274a64b_jaffacakes118 .exe"
  2⤵
  - Adds Run key to start application
  - Drops file in Program Files directory
  - Modifies Internet Explorer settings
  - Suspicious use of AdjustPrivilegeToken
  PID:2296

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2576
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2576 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2600
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2576 CREDAT:537615 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2804

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
31321fe1c1a7245e84faf27df1ba9dc4

SHA1
658a88774732f5aeca1b546100c79767ad5ebd24

SHA256
a539e368fd31e71d7937677be7f150794dd706c1fa044bae19da25065b8f30ec

SHA512
dc5d48473677f4f05ca534288c141fd69a16402ad7133fc4d2d3c5973c23ccfe27ae880da859938bd1fb126c881e12362d4c285f03d50bb50b4cf3991f30d11f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
778e109d2338ef13195cfa2b5fa7e462

SHA1
920eb42c1a699f1b2f92718076d09659978ae99a

SHA256
0adbe94de04157afc0fa2bf4d265d6af42f11c254f2e408a9ba788f2c1c7d366

SHA512
68f61e8a33756f4baa1b7830d7152a36a3b90a5a588c108f8fb91fbd41100ad0c2fa5a4d6378e1843a6e7e6bd779127cca07c8ad990a15dba6a814d0bf9601ef

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ece0cb2c1121f98e15226d99f1bf319d

SHA1
fa3d3b7da73ea79152414ddee0c6a0819a3430ca

SHA256
99e292e51dacfa3a26bdfd2d93478658bbe707e8b80b8d7bc97c2db8bb998942

SHA512
23fcdd4a09c75ee272b264a41e9caabeb08cbd7b38ecfcf2ae28d57dbc8a6313a9b043d5d564ff913f64f84ba7cc414ef251050df70b21636e168600ceb11152

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
53b6c8c2dd6ee521f1ee7a9ec49643e6

SHA1
d64d833bc3211858e725de9b0cd46f27b067b3fc

SHA256
1c8921b61db42ca93e6b7af9a5b1f3dd99e2a79706f0505fc8b79e2c2a767983

SHA512
a1c04e2c93d40c250f3e974e9846549ca1e4bf6e389061b6a30bad3cbbfe738292728675202345b2457b51a5edbe5b8e1b2c963ea6fa225901099f4e2b6612d9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6ecb91735ff95006b29a09bbb352c472

SHA1
a82841fff4ccd0525c42f19d2bae2b72fb5d3b48

SHA256
003ba8b0d271f402f18b3817b71c41ebf2b83602cd507bc256c05f4ad88ae2d5

SHA512
3e1e3ae70097ab577659da46da29a952489a2fe75fd30cfe756ef8a04e945c6cac4ef1794d311d319b6bf1c41b955c79199c0a2a8230fcd0dfbc8c5665a3da34

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
23f491e7c723849344baac37857cbf58

SHA1
86ca9d06b21fb020c7b20a5d93dcbe0b8aac5cc7

SHA256
f7c21f5503dba7578662748acdea44eaf389ef4e2ab8202575d693e7ff3727de

SHA512
89767c53a2d39d91afca8fab467ab36dbc3eac3c636804bbbbdda685ae15d6febabe287e28df005eaa1bca7642a0cb99d5487d15f5e078d6838fcc4e8eaa4ebc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6bd0ce5b047a92e2f93230401dea8bea

SHA1
56358661cdb5402d330d87f96e20a8b1d0dc737f

SHA256
74dcd12a27522cba0fa71f59e47df3882a0d39044a7a665804a416b670c37400

SHA512
c79a45405dad44b6c924f6a3d6cffd9307bcef351f2a8bf1f54539ed0fadd62b08d610c107e57ab1cd47c7cf1a46d95ac8b1e4da5c9c1d4b232cf7720a8c39ac

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ab49ca1509cc12183ccb5a432f35ce3b

SHA1
d4c67ce996dd3fd290b0e22bb019f426d7d289ff

SHA256
b75a079d1bdebb13141b8860b834d157f10702b330e9b0a3cbf183d7a10b89d2

SHA512
ae0c867eca418cb071c279d6cb84b44abdf8d093c11aeaabd85255aa2e77d5371af84de64a53c025dcf084298114cc4e4c3d4cc40aec3aa2c64252ee400bf569

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1056bd3a7c16ef369115a48722f293ed

SHA1
4f1a930d3d5d64a2558a0d54531fc37c0b902cd8

SHA256
8e5dc6021dfbf1e862a2b4a8e4edda95335c6fbbe5d7c890f104bfa615418b74

SHA512
8eba49f93fc6b7f30b0c0d2ab9741d5e5e0707a1c96fcc8860e1c2a89e9796e506264154a37cefda85db75b6e736a92539bbc3eedff1c072d845d8f8cc830aed

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1e0d00988d71060e7c7d5a4826e1d84b

SHA1
74dfae79d92ae14e5dd01b65b56b9a2dbb7c0d56

SHA256
141fe070361dad4ecc2159ec2f16b93b63e8065caad1b4b353adb90056b34394

SHA512
b9d0234fe6cd4a8e4e5ead0d79e2427781113fd1e77897f1b9256d03dce73373e583f4b3465034af6f452d4254aa2e576f5d346d4fe0d815d017c12d93b2098c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
226722faa810c2453186b5ec1f4bdcf6

SHA1
759923974eacc629cffe0d882b533ce1e1aaa1b3

SHA256
6e06a256ef71a46ef63fc19d7b3c77500aea180bd3ccdcb6bb70c11af3912a57

SHA512
e92c252a28af81f8ef33a01c2d89a0228d0ce425b6c5b9f540c1f5b45a9add3699503828437a2b398eb1b40b536c7f7244783c6468a17d559aa20d36df281d9d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
dd0b94b57134449a23687551dfe51645

SHA1
44648ad34f15ffc44d79c1068165921d7ab22854

SHA256
fba319951934ed489eb6a6abc39e67bf4735ea8eb860ec8b7d782f1fefba0595

SHA512
d01bb008061593ada38a8f740766f134e6a346e26b08f4f37d170ff7c287bac74bed901c4c81167eadb191c928733afbda27129007082c7149271a4e6d3522c7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6d1896d03c6674394b63ccde49e044e6

SHA1
f5c5c8052d1d6fa8e34ce27398b49c70096e00d4

SHA256
598387e45b786b536653fad083da625fa59bbf0bab07b828f46817e0ab9bf47d

SHA512
ff21b558d51bc82de6d7a3f472210e63e770f4b97e8b1651c07a5e2321d63fe2de550f7b48b8fe42d69977b141ddf6631fe8ec06b53a8f99538c07f8089c6d80

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
51d8b6ba59357aa380763be8a241abf6

SHA1
41bca73222fc767e4f8770192e7202b70614b97f

SHA256
043b315b35c709699234b6dd588f8b44e902e48c489322c20d0e347664718877

SHA512
0d066d2da8e3de8e00bb6bff41717b7ffd82ca0980b9c8c022e55fec5bf85b288e4ae74ee7e61f6c97aea9b14fd8b72f417d5cd484bf52bccf665a74c704223a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
84746be7a4bf70d0c535f90140145ac6

SHA1
5f648df7f9a30724e5a2e2aa5619ac6663fc6a10

SHA256
e59dc81734354a2852f6faab97216d2d67d22a6ef4eb6f6f1e4c442ee8f812a9

SHA512
1dec1a0b52d02f249508f6840c0a9f3181df84e24afd6143f5ffb704932172ed36901b94c65dd278415adc15aa2cef525fdfac2880c131a251a8a4cb1a8216fc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a43253ce20e57b58a43838b8022d7edc

SHA1
5f1d28231983aca7c3ced4e94a5d5e4ea8c6efd5

SHA256
6893749937a1e8d2c3b0f53b4fe36f7097aa3c8291366ace735188ce738bad5d

SHA512
2e36881f6c726350f848738df5d982d0f1d7da9ffdf7bcf744153c32e2681819f501c05d28ebd7259be7b7ad5c4bbdf33d40d0380b7a0a672127ad1213ca398d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c9f991c98d29f0eb1752f5d41ee83a69

SHA1
8adb0390382fbf92347ada1bad898470dfb39d55

SHA256
0772fb0557831e3baeade5d1f603ded1ad83a51d7a7f055b1406d23084145b9d

SHA512
735c8f83cdaac1d9f0b83d356b0084b534c4e44ad94c8d61a6186118a19939a540676944e5697d38c318d6712df4d78b418b240e226118251b503beac14c176d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
70b5d2348eeda37b87371224c80f9150

SHA1
46b34a92e9f4fdd53be6d67eb77b4d099fdccefc

SHA256
6a3bde8fc41350f602de9cc334a1ee6a9c0b9cdfbe05c0dbbdbe3e78572710b5

SHA512
0dabd93624e4e22e0227d60ddeef507665158681e5fb11fa723da5b7b4ae603dd7e7687b399a3e11174876f6cf80ce4d2eeb346c7f24d4d2585a77d4f61d966f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
398d3d455d97c87e8edb4dce77d28260

SHA1
03a3f08881af3407f3d8819fb7f5a07627ca3b4f

SHA256
6b72d608440a3d850007ec51ce20d7ae49c97139ed7bdb8c5706be69f982391a

SHA512
ed75b9f9f7d4c101b02179d73d5dba43525d072e578f62b597ef8e4ff2fad088037166125925de03e5e7456071ad05b89c3e3d0f245d01b2240de81aec7e03c5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4df5de8c138fdbfb3aeff9d388bc1eee

SHA1
ea855942a0f119a7d86df80bc4211dad4f882960

SHA256
f3e7a1719a2530fdedae0c8f1b079af9df72247fc7664bb87e0ca8abf4036532

SHA512
66ecf8d80f9e05cdbbc619f87411228dec17cb17004495cc4ed152fdbcb66088c8dd2c8420d7fca64a27da725d2aa12b47c0981e5f17e393da3e9e64036083bf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5c1f0eaadd1ba7bb4a38799e5235f149

SHA1
c35fe56aecf5e7d492a266eee12fcd6de7c350e0

SHA256
1cc16d050b2ebea697edc1815a4841965cd660819ec532c23fc9c3d661804f61

SHA512
b9c233f462d26586f08aded609b5b3374fa3eef462229ceaf9d904443fa743d8e3293aee8c73d614ed3fc48dfa73cef7dd61fa9a90399597a634d287425c2502

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
9b318405ad3865de71c0478368a7ecef

SHA1
9fbc6fbfd2638ca222e12820b5913e7a89961de8

SHA256
b12eb199c32e7144be95260598cba2e26700ed3e95e5d31df34087b3ceede181

SHA512
ca450c50af567070c6614d5b0f6ac04b92d2e11ff1a5760cbb9a422fbac906031063828d483ebfe8b6a909142269009fb9dc3fb54a69c026a4494b9e2a780d29

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabC91.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarC94.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
memory/2052-0-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/2052-5-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/2052-6-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/2052-3-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/2052-2-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/2052-1-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/2296-13-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/2296-20-0x0000000000360000-0x0000000000362000-memory.dmp

Filesize
8KB

Download
memory/2296-36-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads