dbf774bca5740e8a8465217f9b2fa03463c263749395c43ab55a10bd1915d5eb

Analysis

max time kernel
119s
max time network
137s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
14/10/2024, 13:27 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

428c40c1b21a5ed517e7f167043493ba_JaffaCakes118.exe
Size

1.8MB
MD5

428c40c1b21a5ed517e7f167043493ba
SHA1

4aed0b0b17abab078e96e3fd28047b140d32bb1c
SHA256

dbf774bca5740e8a8465217f9b2fa03463c263749395c43ab55a10bd1915d5eb
SHA512

91be39eed110e919e7e01ef11152ba6ff852970a6d4c6ca43bbdf4dd3feadd4484b50aeca817035d550047b3e47ce3fc732adf4511197bc4f84d554b7de5b945
SSDEEP

49152:9uXkf/O3Brp5iIjRo88nQzD8dMnrmnNJp2QGz6C71XuHE:9uUO3tiIjRo/nDdKgfBGGG1t

Score

3^/10

discovery

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	428c40c1b21a5ed517e7f167043493ba_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WScript.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 38 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d793ad506ece624c80bd99362738d90700000000020000000000106600000001000020000000ce62f1d563942247e9c0347eb0d8fd7d7de6d3cd1836c9c3c670db8c999ce26b000000000e8000000002000020000000b457d7843d50daa2b3ecc3cf83fed26fba83d207f8500602763fdcc797aa19ae9000000090d9b960b994ec4adc526b9dfd7c570a018b7e8b7fcb8e6da319ccd8e170a433d669ecefe35f3f076f4fdc31be181513ac0e698be74b29bad06c0405b5182fcf5346856897cb0c82aad62104e1ba4215ed9651095d213a435da9feffce28ea1081becada2538e3ff192f64bbb2817395f76db57c13e2aa287f231d9b07af236ce51a4d6f299fa298664dcba6dcf5974340000000b56382ed256c5f5a08ebc21b243fdc879ea975fa68f109546b65439d108a70f240ddf34dcd21700f25d93b7bc0690e4386e2c8a2518775fc93b1a94584740a83	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 2040fcd93c1edb01	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "435074325"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{144D9211-8A30-11EF-8BDE-523A95B0E536} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d793ad506ece624c80bd99362738d90700000000020000000000106600000001000020000000ebb3a75e6faba78157454043e359b704de0538f57ba85d60e508b002743b7610000000000e8000000002000020000000e79c13608e9f63ee5aef3bf9c44be31a55666906503f122de6e5e09c9dac73a420000000f5456c4bec02d42db1effae68909f7d3ba4391abe509333d91c16a6391884d4840000000bb225079514afe46f9988a25f5d0651a0986c07946aa79d6d4d9f53830519bfb10dbd9e54bdf987e1901db8281ea64e85de393ea1bf6e97c9a1067f9d1fe4e68	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
2720	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2720	iexplore.exe

Suspicious use of SetWindowsHookEx 12 IoCs

pid	Process
2720	iexplore.exe
2720	iexplore.exe
2580	IEXPLORE.EXE
2580	IEXPLORE.EXE
2292	IEXPLORE.EXE
2292	IEXPLORE.EXE
2292	IEXPLORE.EXE
2292	IEXPLORE.EXE
2996	IEXPLORE.EXE
2996	IEXPLORE.EXE
2996	IEXPLORE.EXE
2996	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 32 IoCs

description	pid	Process	procid_target
PID 2848 wrote to memory of 2620	2848	428c40c1b21a5ed517e7f167043493ba_JaffaCakes118.exe	31
PID 2848 wrote to memory of 2620	2848	428c40c1b21a5ed517e7f167043493ba_JaffaCakes118.exe	31
PID 2848 wrote to memory of 2620	2848	428c40c1b21a5ed517e7f167043493ba_JaffaCakes118.exe	31
PID 2848 wrote to memory of 2620	2848	428c40c1b21a5ed517e7f167043493ba_JaffaCakes118.exe	31
PID 2848 wrote to memory of 2620	2848	428c40c1b21a5ed517e7f167043493ba_JaffaCakes118.exe	31
PID 2848 wrote to memory of 2620	2848	428c40c1b21a5ed517e7f167043493ba_JaffaCakes118.exe	31
PID 2848 wrote to memory of 2620	2848	428c40c1b21a5ed517e7f167043493ba_JaffaCakes118.exe	31
PID 2620 wrote to memory of 2720	2620	WScript.exe	32
PID 2620 wrote to memory of 2720	2620	WScript.exe	32
PID 2620 wrote to memory of 2720	2620	WScript.exe	32
PID 2620 wrote to memory of 2720	2620	WScript.exe	32
PID 2720 wrote to memory of 2580	2720	iexplore.exe	33
PID 2720 wrote to memory of 2580	2720	iexplore.exe	33
PID 2720 wrote to memory of 2580	2720	iexplore.exe	33
PID 2720 wrote to memory of 2580	2720	iexplore.exe	33
PID 2720 wrote to memory of 2580	2720	iexplore.exe	33
PID 2720 wrote to memory of 2580	2720	iexplore.exe	33
PID 2720 wrote to memory of 2580	2720	iexplore.exe	33
PID 2720 wrote to memory of 2292	2720	iexplore.exe	35
PID 2720 wrote to memory of 2292	2720	iexplore.exe	35
PID 2720 wrote to memory of 2292	2720	iexplore.exe	35
PID 2720 wrote to memory of 2292	2720	iexplore.exe	35
PID 2720 wrote to memory of 2292	2720	iexplore.exe	35
PID 2720 wrote to memory of 2292	2720	iexplore.exe	35
PID 2720 wrote to memory of 2292	2720	iexplore.exe	35
PID 2720 wrote to memory of 2996	2720	iexplore.exe	36
PID 2720 wrote to memory of 2996	2720	iexplore.exe	36
PID 2720 wrote to memory of 2996	2720	iexplore.exe	36
PID 2720 wrote to memory of 2996	2720	iexplore.exe	36
PID 2720 wrote to memory of 2996	2720	iexplore.exe	36
PID 2720 wrote to memory of 2996	2720	iexplore.exe	36
PID 2720 wrote to memory of 2996	2720	iexplore.exe	36

C:\Users\Admin\AppData\Local\Temp\428c40c1b21a5ed517e7f167043493ba_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\428c40c1b21a5ed517e7f167043493ba_JaffaCakes118.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2848
- C:\Windows\SysWOW64\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Windows\temp\tc.vbs"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:2620
- - C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" http://www.97dn.com/?tc
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2720
  - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2720 CREDAT:275457 /prefetch:2
      4⤵
      System Location Discovery: System Language Discovery
      Modifies Internet Explorer settings
      Suspicious use of SetWindowsHookEx
      PID:2580
  - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2720 CREDAT:406537 /prefetch:2
      4⤵
      System Location Discovery: System Language Discovery
      Modifies Internet Explorer settings
      Suspicious use of SetWindowsHookEx
      PID:2292
  - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2720 CREDAT:1127448 /prefetch:2
      4⤵
      System Location Discovery: System Language Discovery
      Modifies Internet Explorer settings
      Suspicious use of SetWindowsHookEx
      PID:2996

Network

DNS

www.97dn.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

www.97dn.com

IN A

Response
DNS

www.97wg.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

www.97wg.com

IN A

Response

www.97wg.com

IN A

13.248.169.48

www.97wg.com

IN A

76.223.54.146
DNS

www.97wg.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

www.97wg.com

IN A

Response

www.97wg.com

IN A

76.223.54.146

www.97wg.com

IN A

13.248.169.48
GET

http://www.97wg.com/lander?tc

IEXPLORE.EXE

Remote address:

76.223.54.146:80

Request

GET /lander?tc HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Referer: http://www.97wg.com/?tc
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.97wg.com
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Server: openresty
Date: Mon, 14 Oct 2024 13:27:45 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 65
Connection: keep-alive
Location: https://www.97wg.com/lander?tc
GET

http://www.97wg.com/?tc

IEXPLORE.EXE

Remote address:

76.223.54.146:80

Request

GET /?tc HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.97wg.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Server: openresty
Date: Mon, 14 Oct 2024 13:27:45 GMT
Content-Type: text/html
Content-Length: 117
Connection: keep-alive
GET

http://www.97wg.com/favicon.ico

IEXPLORE.EXE

Remote address:

76.223.54.146:80

Request

GET /favicon.ico HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: www.97wg.com
Connection: Keep-Alive

Response

HTTP/1.1 204 No Content

Server: openresty
Date: Mon, 14 Oct 2024 13:27:45 GMT
Connection: keep-alive
DNS

www.wgxzb.net

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

www.wgxzb.net

IN A

Response

76.223.54.146:80

http://www.97wg.com/lander?tc

http

IEXPLORE.EXE

566 B
493 B
6
5

HTTP Request

GET http://www.97wg.com/lander?tc

HTTP Response

301
76.223.54.146:80

http://www.97wg.com/favicon.ico

http

IEXPLORE.EXE

766 B
621 B
7
6

HTTP Request

GET http://www.97wg.com/?tc

HTTP Response

200

HTTP Request

GET http://www.97wg.com/favicon.ico

HTTP Response

204
76.223.54.146:443

www.97wg.com

tls

IEXPLORE.EXE

675 B
3.7kB
8
7
76.223.54.146:443

www.97wg.com

tls

IEXPLORE.EXE

675 B
3.8kB
8
8
76.223.54.146:443

www.97wg.com

tls

IEXPLORE.EXE

675 B
3.7kB
8
7
76.223.54.146:443

www.97wg.com

tls

IEXPLORE.EXE

675 B
3.7kB
8
7
204.79.197.200:443

ieonline.microsoft.com

tls

iexplore.exe

753 B
7.9kB
9
13
204.79.197.200:443

ieonline.microsoft.com

tls

iexplore.exe

753 B
7.9kB
9
13
204.79.197.200:443

ieonline.microsoft.com

tls

iexplore.exe

779 B
7.8kB
9
12

8.8.8.8:53

www.97dn.com

dns

IEXPLORE.EXE

58 B
108 B
1
1

DNS Request

www.97dn.com
8.8.8.8:53

www.97wg.com

dns

IEXPLORE.EXE

58 B
90 B
1
1

DNS Request

www.97wg.com

DNS Response

13.248.169.48

76.223.54.146
8.8.8.8:53

www.97wg.com

dns

IEXPLORE.EXE

58 B
90 B
1
1

DNS Request

www.97wg.com

DNS Response

76.223.54.146

13.248.169.48
8.8.8.8:53

www.wgxzb.net

dns

IEXPLORE.EXE

59 B
132 B
1
1

DNS Request

www.wgxzb.net

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fd4f62f00c984b0eed5647dc19cf90fd

SHA1
39dc1f7f99f2f4b9c0b8a4ca494bf159b558094e

SHA256
e704d11acd52774194b2951e32fbe6b3ec31fec9f0b3e04bf1eb3e18d0ebe319

SHA512
a1d70a7eeb50f353dab60ed6480a36c00f20e04769e56118d323f04fc6edf908b66c6f60f9716a470e37f4bed026784575f97c803ad03486e379ab2b9b098337

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f1a9509ff5e6e2e1cb79f40a0bfb50ac

SHA1
f0b05d47cb6e42b82d78ee0886e6dbf4674fb1eb

SHA256
d0b65ca3cd99a25729687d8033904c2c9b7e5c8e4a7975b94056f5022b83d50f

SHA512
6ffa50d92e4e6049c5ddc66dae621696737d26ef9e26613387232345ac2d23e4817a03d684e722879cf7c585891529aac276c3db1b394e56b68d8b38c3ce3cf6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c575550bde9460145890c0fa71dd78e1

SHA1
0a87a9abe4bef398df6e06ea0d01de485d006b0e

SHA256
5500c38e45f121534572efb758a6ffda14bf4f22e443767e5685b55c7ac9e84d

SHA512
eb947320b42068d9b33bc63c8d04d436962b3a426d220f4555f5b4b270e5bf8475f135c1b227df423c083f13b8d5965245916e5465c640adc5d91fa05f622a28

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
22f4ecb44c0030ba9afaf052f4ced354

SHA1
680f512c341a1ec52105a1b93d4129591cfdb1f6

SHA256
66c2f5b42673e7466798e716fede0a903c23be2cf4ce356bdfefeea7869dcf31

SHA512
4e5ae0bf411fd4a421b74c6e3a7cda995ad5d7d7ae54f8c3e07358c3e80448b603ac3480db2a992c99a6ef79a805070b0ec7333b8818be471b5854bda41a595c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6ac71ff2853774b25c2f4ea17337c788

SHA1
b8f17577cdc795abf3dbb2dce428a05ca9897298

SHA256
060ecf2a0d00a85f1701660a69987e7037dc328b59119a3a2c79db55d8523c94

SHA512
92faab09d28e857e9c0432542af0352fc1d640e3ca4e84856e0aaf74d9a47bbbfa1d2132e07706f97d0662652772cbf9a80f5896bdd5f803cb435ffdef568808

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9f3e10697de82276961f97f7f612c32e

SHA1
f85f30087a23933a1666175542f4698474d6a392

SHA256
709ca589fe79acd61433d7863772e963c0a4f9867f3f2a89aee8b04605b9f8fe

SHA512
9d528b61199cab552a81f4490dd30d2c3846d359fd9eac7230b75ff7504f58d5336c4a778df24bd5649e5a6a5dc683025d0606b45d1a158fe6a8e547401f16be

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5271039a4f8f58fdeb36223009ff177f

SHA1
1c9f44abe13bb3c9f13e6393e8d85577c00b764d

SHA256
b8d7f5a82bffcfae480973b301ef1cdd5de7cbca8824835e30b63d76e8bf78c9

SHA512
1587e1f40a3df41ad68c8ba38b0bb4f9c4573c4ac01b1fbd891d7d0bb764e0d70b5fb35da5dd7d8baa9b66f9380cd18840dca64b3ebe805e63f7d3691c880969

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bf9cba1e7399681e9aba775c527957f7

SHA1
95ff9703ce53ca840d2e0bb30adc7624c03fba44

SHA256
d6139ab02e1573c8a62e82628bf86bc635dac9210f5b93c543e1215391a63564

SHA512
288e3205e20734ec5d0f6d118ec8f87140b7a6385001d394838aefc0835f6a41dccd8377aa444b7aeac83222ddaf16547138213411b4ffdae5230e2ab89bab06

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ca114f4101785713ba22a267565b1853

SHA1
ef55dacc5637b723a47cc40bcbaa26c343dc98a5

SHA256
5cca80bdfc24ee7c1048063bd657744370b43d7d10e97d1c6e51602e17ea3b7c

SHA512
98cdfef4149901111a579a7760398c3e033f0db27b81f748908a5b6ece23baf7c749287729b9efee4fc96ba2d641e47f83e67a2f3d1aa6cdefcf1ffd1b742e73

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f5de21774e850b9422f4fe4bffaaa03f

SHA1
3e4db4546483029de55233e3791f1c04656ade84

SHA256
a9c88a2aba6b0b152c53daac6bbc47c3e040c09d83988ea24b0354177558f995

SHA512
f77fa3f26f58c72ed287e41e92e71af9ee49598132d2881e2a20fa2a3171b768a4acf0643af1c9578993e87438ba124a2d859fa964c6f6f60c6585706a507f72

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e02a4fe09413609bc0fefbb21f4cd5d7

SHA1
ac0799c083a39dbb7ce9218242c0783015ac6ce8

SHA256
a7be5ae08c3ded835bb68f8c5b7d3d43b2963ad60df06c7ddeb588eaea3aed10

SHA512
107f8da60e12d6ba22f86afec2fe2a9723845f469cd0289ee99a2d67e623ec8dd6c8ace6813e7e296a6e12803ac1c1d95609945153c87d01f46fc2a65d4e978b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4fe74150ff7257b6167e808f113ad08a

SHA1
ce77735cf2f0fe0d35036ffe758c736b13f7fee2

SHA256
930e46a35e8b480ffd2be8c7dd6b542e51bad61aeeebf38d82914588666e038e

SHA512
83d71c44c92f487b6f0473668eb970c17666b7d07daf66d8d33716eb4f0b462e8370628808f394f54f10be7f87158700d1d1c900d2efe994947bacfd2bd8f400

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a699a69c61f2dd3e66817368e583e7c9

SHA1
7bc3ec819284b3a83b8fb253b8d85e923f36ddd8

SHA256
6a650d4fad77fa2f9a8f29bd9b206f1afbd243d5ed09bff458cafae0a5118433

SHA512
99fc2d0693beafeae96bf6cc1e3cbd6e6f9a1f86ae75ffbaaeebde6c1c65def88e53050dc3e5862def1dae35a3421e52b7702d997a46e242b107ae75105a7949

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d9457b91cde1dd0e5edb868545ed21f5

SHA1
924d35198df75c6a7d1b8e7d325cbfcdce5bb0d1

SHA256
56eae44c942119ec0b9a12589b6ba7d5ce13643f7bccd7fe1ce97db33684a3ec

SHA512
8cdc39fab0c17c02adba5bc2371f5090045c95c2a25ec15284bec4ffe2ad7c3d670380072a321dc5339bad6d44dbbf5fc0cfe067a6f90dae3e6582de6061ce3f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5b0a778c0693793711e4fd6c9a3a3694

SHA1
241c3751fe5fb8952cf79f1933cb3d2e10d7a236

SHA256
799842e07beccbbce25602fceec12ef580abf168b211e2d2dc9657d366b88292

SHA512
ac3a250a63588eb2cd93238b6d338140c23722bb73fd82461c3a51d32bf62a73efda8840a5b230fc603c1bd3bc22c12d32c1dd725620a247d5b2c9bb1b320047

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
093382f9a535fb2fa127cd585ab82d3a

SHA1
023ea347b428c3a99df4d24acb108f9f27998e66

SHA256
2de273b115ba1b535750afad7f9939e0f863bf6fa302b972fa2faf5bc5a2ba24

SHA512
939aa8883123cf4c72a577c126fd3126febd125ec7bc74c7f1f9fb157e7b285d040fec314bfe06aa84f7c4ad47c8a786b1497f03df2e45caa990abefc4eafacd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
05d57aba46d637dd9aac1e26c3b99a7d

SHA1
71d7fe1247eaa41b9834eb1a740a4795e25fbcc7

SHA256
5d5e596365709a0b1fa221d84c6d299346514e69bbfe65a66b6d520c44b2b6b9

SHA512
0600fbf430986db214f097fa46d3dcda319cabe8eb638ea757dd9942833a63d85e74ae12639537a8030812eb7419bfde5cacf83a4e4adf5d869c6c6bbcf463df

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6e21902b57b0876429d08400a11b6898

SHA1
289ccaf847caa768485d5152551b8af44a7f1c84

SHA256
cac8d193b72344448313ff17c56cd5267ddc62f5313c2a9a27b988cc9e571075

SHA512
4163530e6925c5e8d15c69fac1094c38f13414ceebebb66b409c1e7019535431aff164beb2a58e90d82bcaee8179ee66c8355cf634bb1efd8c526aa04ea2c65e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
508b304522a1b753c5a4899304e1b418

SHA1
a385253457d20d81a8f3bccd0c7f8f433d095a5f

SHA256
10f6d079b009b1869a238b179d278316492658590748eb5c13897ce53fc770f8

SHA512
dd86d72364c230065d087e92e1ad7b4d4d0bfa781acfc85cdff0bd6504e22808b6966cafaff71c4aebe252f16108d57bc365fbcda7a1dd4e373912888b6eebdd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
84bf5629ec9f9a6646cb4f111165e12c

SHA1
576dbdd2000f884363ddd52eed5283da9c688111

SHA256
58fce8f3286c7ae2afa6aec01d8dda44821078504f0c0f77f8a112dc7cb5aee6

SHA512
b0fbce1df08f81cedd16d62453ba99b5167e12a1e7eafc7782edc940cdd6bbed284f2c940eb666c099224d2957dd86e690ac13200c84d57faf772c7691113703

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabA269.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarA27C.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Windows\temp\tc.vbs

Filesize
534B

MD5
76da5805a167c985041e3e4153f88939

SHA1
8c8e6732979e8da3bede00917d7c2022f0160ce4

SHA256
1494601d2a69cddc7c76336c026080a422892711438a532447b7e22eaa30cde4

SHA512
3a4b94c5d3f14fecbe360a5b9506bc25110ada3049834ab7dcb0c1fef83731d61e5d05e763623caa56319b053f79114a306fbba575ab106fc13bb939d42de7a1

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.