c05bc1809a4ec81c5bf0113664296db29dd086a4da6e8b9faa49cfb9fba5b0b9

Analysis

max time kernel
121s
max time network
129s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
30-11-2024 05:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b4edbedb8d7a1237625fa90f6b9450cf_JaffaCakes118.exe
Size

536KB
MD5

b4edbedb8d7a1237625fa90f6b9450cf
SHA1

7dd288f4f5dd030e7486f9fd1f77fbd6bce6a4f8
SHA256

c05bc1809a4ec81c5bf0113664296db29dd086a4da6e8b9faa49cfb9fba5b0b9
SHA512

2d55e1cf2759cd162c54783c3fc5e8efb19bc962698971b0f746741ac5f22a9d70e8dbc33d58d0f8f69cc1d9e591e974d8e1caf6e0720cbe229dc0605db169b1
SSDEEP

6144:45ewZXoTPcnS0b9VqwciMwbr6IQJh5URGWHcy0DV5t7gAHL9txnwCjrc5O1AUwRH:45PFoXHA

Score

6^/10

discovery persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Windows\CurrentVersion\Run\wmplayer = "C:\\MessengerPlus\\wmplayer.exe"	b4edbedb8d7a1237625fa90f6b9450cf_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	b4edbedb8d7a1237625fa90f6b9450cf_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 39 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Download	b4edbedb8d7a1237625fa90f6b9450cf_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Download\CheckExeSignatures = "no"	b4edbedb8d7a1237625fa90f6b9450cf_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{8DF08871-AED9-11EF-B5A6-7A9F8CACAEA3} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000078a0cc6b0b830b4fbbc12dd3fac6f5420000000002000000000010660000000100002000000042c2c632243239e4c59baed8e32f2e23a51cd0bfea451746070a6e5497b0b88c000000000e800000000200002000000038243294e20519effb8b45387f16693b0f5b12ec828b04f2d47f8a263c962c01200000006470bc29e996f043afd109fe9f7d642ea65a720502452d70d5404ea0142ae4c1400000000e2cf2ebc0c395067d57b24eb5758523ea72faeab665b407d6cd0c0621c38a821c26a67dc2160c44a250256d7406b3d58c896514e41cb5a5f24c9889c8fd3ef3	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "439105356"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Download\RunInvalidSignatures = "00000001"	b4edbedb8d7a1237625fa90f6b9450cf_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000078a0cc6b0b830b4fbbc12dd3fac6f542000000000200000000001066000000010000200000002bfe96fb8b5923b562bf80a8ef1b4b8f47df675dc0cdfc29503a3b740c657af4000000000e8000000002000020000000e55a09561e4e198ca4566353069e0caec097fe33331e56d991a4c19083944b8e90000000e10b3d510d64d6dfa81d7db127bdfc633d350f58713238de86279accf6c095b64723571ec757932cf0f98783c00574d57961167b2ca78c8d3b54add7a500f86ea3301bed02c4d25c5ef04d7153828cde97b1d1a3b965df1699384a2b552d3252cb55514c693b6544c050f62597462d5af22faf7d9c81f6add1aab76fac51f8b8c1ec7cea5cf749da8b8b0e60c82eb51a4000000003cd9b0cbe6359c94f46ac24b7c69896b84b51d3425e15e77122e329ff74480f5e8a17e58ab0476d65829f6570d6b25e34eff7bf6e77beb647d2605cd28e0c5b	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 20b7b864e642db01	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1640	iexplore.exe

Suspicious use of SetWindowsHookEx 7 IoCs

pid	Process
2372	b4edbedb8d7a1237625fa90f6b9450cf_JaffaCakes118.exe
1640	iexplore.exe
1640	iexplore.exe
944	IEXPLORE.EXE
944	IEXPLORE.EXE
944	IEXPLORE.EXE
944	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2372 wrote to memory of 1640	2372	b4edbedb8d7a1237625fa90f6b9450cf_JaffaCakes118.exe	30
PID 2372 wrote to memory of 1640	2372	b4edbedb8d7a1237625fa90f6b9450cf_JaffaCakes118.exe	30
PID 2372 wrote to memory of 1640	2372	b4edbedb8d7a1237625fa90f6b9450cf_JaffaCakes118.exe	30
PID 2372 wrote to memory of 1640	2372	b4edbedb8d7a1237625fa90f6b9450cf_JaffaCakes118.exe	30
PID 1640 wrote to memory of 944	1640	iexplore.exe	31
PID 1640 wrote to memory of 944	1640	iexplore.exe	31
PID 1640 wrote to memory of 944	1640	iexplore.exe	31
PID 1640 wrote to memory of 944	1640	iexplore.exe	31

C:\Users\Admin\AppData\Local\Temp\b4edbedb8d7a1237625fa90f6b9450cf_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\b4edbedb8d7a1237625fa90f6b9450cf_JaffaCakes118.exe"
1⤵
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2372
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe" http://www.youtube.com/watch?v=tkFQS92d6gw
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1640
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1640 CREDAT:275457 /prefetch:2
    3⤵
    - System Location Discovery: System Language Discovery
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:944

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
88161be5df2bc6a233d28ff314fd64be

SHA1
9ecf0fbb076d46524f1afb4d4f8f0d96a2f93b63

SHA256
f91a3c6b3ebc50e0b5172eae75cc3eb71412aa83aaa38d76f61c97ab90a67c98

SHA512
6925670d524eaa6047fc796daac9ea9056843a42f348e2cb166d62df9c427884daf5af7c1bf054d61571514fdec171d3cb9108bc3aceb211ee3631df0ca856e4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
216ee5a3947b9bf3dc05ae5587fac0fe

SHA1
44fadbf34f3705b43f19636f0364756da5c0d34f

SHA256
676e2e0da1cc07cdf6ded51b6957f1390a538948987122bc9c9c681dc563ddd3

SHA512
0ddf5c7e3c6b02a27980598613e8d8445f733a63cf5078cb6885993c69f1cb731675ebac9b541dbf342a18c68770ac0a356e5d96ae484b8c0b7d7bc677fdad95

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6333bc0cc6dc260a23c850d4cc8fabf3

SHA1
855f979966f6b7636575d113b1a16cc6b0ddcce4

SHA256
09c67abfe069568e65273875c40e89a89a888002982772c71091cb56ffa7f7a4

SHA512
95c77737d35db10ab9165b728a862689c36bd185d4dd6edef728367e6644ceb22c1cd2bf03304aecff046049b900c9b8675bbe22447c990595f9a6400254901f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2eeedf122d65384a26a23fcfb3617a7f

SHA1
597d10fcbc190548bb1b906b7e6ca34586479519

SHA256
541bb601b6ac02908ad7e8fe72558b5143e7806fc8de39330e5df27f6030c3af

SHA512
55617bcd95ecad15f4e0e76c53c4e3214639060020fa3e00e3fb91a05c8be445b308fd47ea6aa2997fb09636ad77b9d701e03bf3683efcc9ba8ddc6a58bd6191

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1316d085e97baeca6d41b48185708466

SHA1
c39f1407781d65be13c068261cba92fc98bce40f

SHA256
bfe09f30bf60fb34a002c3f5328f226da85381539dd2251d1cab80cef5191127

SHA512
f0305bf2e7e22c7390aa218798032344d9b302c418c756305d971eeeb3147e9abd8a97494bceef42342db9625a030fd4d69280195cf0a3193d85e5325859337b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ff933441381f0248be7061bcde270a2f

SHA1
d49d0a395790b9a12f3e80292c9d7105ca508e66

SHA256
1fea05bf2b17046a02f8659d4090e919e9105f467ee37bf07035179a112c8dba

SHA512
37e35b52596f6a886ae6d45191d73b40524c161320c086b0c21fdf608f5d74ea5e465f21c0964d82e1db1dbc3d06ed075b484b38038ab3a2c8d11639e49a0a00

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cd64636e3fd61b5b91bac794717ba7eb

SHA1
3a8ce4f7581520928bd5ca11610ac29981a6ad79

SHA256
236c6f632b3396c40528f8d599b0695d1c2f56cb08e8f39dd4a28754cbabae68

SHA512
0fd1fbb856243f37f0434c260c982004549f213bda0f028746c32d4558ea2960d0113887a25d81fa7ca289496525dbadeffa5e1a7b5d9a0847ceb6058dc5ef96

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4bbfbad8af94100f27d5a59110fe52b9

SHA1
1fb4e5afb0f67bc8d05d4a6f92cbfb26f95cb2e1

SHA256
cf3030b41327e4fdbae4e4b6de5b1283593d60cea69621a4c442ed0bb716b8e8

SHA512
60bea8bef7d759a101301f8154ea17c2df894c2e880691dad93ec3bd4dd9a232c8a590ca1a9a0ea6d2d28d2a2c84e3d67773cf000034b9ebbdd1aec11232aaba

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
22d80554b98b5343ed3d6f06b909bde1

SHA1
8749acd95d75f258acc7192357e77609f1099569

SHA256
bd4ef57433e9f27f693e32e6fa5152ebbf6442119f2b99a50c4b3fa2d4aa01f1

SHA512
498de2fbcb7a5eab128089543839bab714032cfa8eaffc803621b28d5e8fb0cc97776ee9e0b0abbc2aaaee5d571f781d9ddc26d244a366ade279a8eb1332d840

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2732146f41a1c4692f4cd99a63c060ca

SHA1
e8118c43cb1d72c79891e2a42394ec89c5dfe725

SHA256
475e8027950fd6dc11045042bbca786e4aac3d066d52e2e967f90604e36eb9f0

SHA512
773222539cd2f84e41b31e6940755c847bf2b2d8c558cb350f90db23400de3aa908cfc3b6724e7049f7fae87808685e1c1987bdd299f81eee7a536e7ce65071d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
260d6843c0d06864435329f3bfba4795

SHA1
4ccb349b6c9f2a4b2fd440b646797fbc7c40a9f8

SHA256
807a0d0531c5d7c54a0fb9c1a7bd92a497bc4a165ba236aada09bc973149dd6d

SHA512
3d23a1205f5b2267d82ba6a02a335177368317cff9017c29d103beea1840c2e7dae21e0362c48385469d3da679779bf266d6021b48aa62c36cb9c42486bd3c95

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0644ebbb89c72e8ff6e3e74d7b4f0d02

SHA1
46d70c9524acfecb3a380448d54ecbf49a0c9f18

SHA256
46c5d94401e29abb31faf19c5a5a2eb5f2905a0680d39501ac4fad460b5cb33e

SHA512
8d3f8c5be6be43308d4f525717cf4c0264b44f7f1db250939ef1cf99093977a77e728bfc182ed676d23f8d45a5305d83d137d53ff86d55ebad726d60b20a2f68

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9b22af7539105e3dd16e53774b47faa9

SHA1
b25846ba26c42a6a57cfbac1ce65f5887249a8d7

SHA256
a979ea7918303adc5fd872f51cd24f30e53006049abf1167172be2ba1fb147e9

SHA512
762976da3ee7ed1191336760673ec59516644b0c792b48ecf2a70ccdb30bdf2f75bce32d46e272b9fac28ce88abfee439210463ce0c4456975328121755d2db9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
380d6bbe26bcd8651490895905ddff80

SHA1
48688640575aeb7c9049d1e276631f3d5c9a4def

SHA256
f7b95c66bc67e2b0685729b75adfcf7c659460d8b7824b092f477331a96c3563

SHA512
3a825338240321fc51624618196816a5fb94b333c6f7982caf12fec687f51b99cc075a923cd539507dcd7529bce501d2bc39233364a6ed22e0724e9c1bdb789f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
89fecc38557475640fea67744f37aeba

SHA1
90af8899393974dbfb32699289bc23fd1c26104f

SHA256
fed0861ae830cd04b63c0a75224dc6b594474e61b3eac4ee5bcf51662cbc86ca

SHA512
0f7df14eac5015d7a73ab4aba4a2e3a3599669aea83e4cc4c5a4b041c88c6549f7ed822f805c6dc84510e1f4986170f7016263f0a386ad8055a23f7ba854b99d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6c30b5ba99458d1fec3029ece6c037f2

SHA1
6e5ae26001a4dc432a6c3dc7b19ef3280a6688af

SHA256
4cb6bf2dedadcc90b7ae110d77266a14e01714571181f53ae7bdb6920e7c276c

SHA512
f989d9b644b9a9d82d14b0891499a8bb3d8d67ca5a9d7b0d05293d42fb15c777c55353e46e3746f9db8d1879f4daf9e3a38154b3fbda79d96d09ffc608d2f983

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
211b186a24f5ab84429650f19852fac7

SHA1
70f8afcb6d882af06b7222b92fa24d69e23c89b7

SHA256
480cf69e480b835031c34d4fd80f2eae32db2033b15455d27aeb3fd6e300cf69

SHA512
2eb7e9223202355a000c8abe1318f05dafd60abaec6a73e9b2db03c8da7efd6c97fd9d3a8c1571d5ead46b04b92213f2cb005ebb4b77678072197a3a018d4936

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5fffeb4a60463d506dc84ca6d8dba23d

SHA1
9448715ea369b2f302cd94450dbb62a4a65f0d10

SHA256
9445db8dd53971f2bf6bb5c5bc3cc1a54f4a211b6ac566f045187ef24ed4b662

SHA512
f6117b32c4ea743915756d5afc232a35c7e0a8594cfe123204d70d63bfbee52eb5b39c0ef17ec1ac4c2256e1c5c15f4b8daa803e1a6cff6752ac8b5ce506f703

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7e20d7fb1785584284d3d2ab0f7c3e89

SHA1
876ef6d0f97a16f46265b10395247cdcdbbf483c

SHA256
ae0b21c60f8659f88fe0a4f203aabd51121b444fe0e7118e04abb150231abf95

SHA512
4f2a33068443087b119e2a58c57e6bff742ea5a387a6abada053e3d4bc01cc70ce594f1d9a6c1deb82a18e97610a7dc2c0728cb3cad266300ce2db1c115ad5cb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
df3f77a3df0baf01cb237f1735e28b6a

SHA1
83fd01a82d14281f0c59bb0887fe3c23b2b5468a

SHA256
6176a7647fb345de708d4e134f25c092d5fa9513e669b60ecc826e8856e754a3

SHA512
656c5fb6d28e6eff2131c1aca4e176f3ea9aba6c7f76e3178bd74c3b5fc011208d04a05774ac75b6e7f46e9ef6ecf95c1c9d114772e900aca1b74edd1209a5b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\bl977i7\imagestore.dat

Filesize
1KB

MD5
5efefa668aef9289a77781616bdcdbba

SHA1
f116df4edc141d4a41fd293993c090bd4f57ab91

SHA256
ea7f8225985e94bacc42e0c5e20c8a42fb5463ff9e778b61e74a09c476a03191

SHA512
c641c59c9a0a7a1acb19d6d4c78ac7ce02ab395fd4fe2fb02a1d0a024a57d0417be4cd60f5d37229a04fb3032e55c71cafb1dd0386f88d0d4d526cced618b0da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y1738IZL\favicon[1].ico

Filesize
1KB

MD5
f2a495d85735b9a0ac65deb19c129985

SHA1
f2e22853e5da3e1017d5e1e319eeefe4f622e8c8

SHA256
8bb1d0fa43a17436d59dd546f6f74c76dc44735def7522c22d8031166db8911d

SHA512
6ca6a89de3fa98ca1efcf0b19b8a80420e023f38ed00f4496dc0f821cea23d24fb0992cee58c6d089f093fdefca42b60bb3a0a0b16c97b9862d75b269ae8463b

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabEDF9.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarEDFB.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
memory/2372-1-0x0000000000400000-0x0000000000486000-memory.dmp

Filesize
536KB

Download
memory/2372-3-0x0000000000400000-0x0000000000486000-memory.dmp

Filesize
536KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads