gozi | fd778cd2f02d549347df0cae2f1a55cfc2d6f73e975d8b88489d04d2447f7ebc

Analysis

max time kernel
147s
max time network
147s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
13-12-2024 23:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ed380a4338d439ca09a6e375501a72c8_JaffaCakes118.exe
Size

52KB
MD5

ed380a4338d439ca09a6e375501a72c8
SHA1

11b4d0d7a4fc1294c4a26a12f491f1019c9b9c17
SHA256

fd778cd2f02d549347df0cae2f1a55cfc2d6f73e975d8b88489d04d2447f7ebc
SHA512

2e1a7c539ee1386141da7954de7e090e70018140c143dcc039c9463738a7893a45a657655ee81d0791624344c3bc36112e0df93503ab0d9f477a8879c37d2ae2
SSDEEP

1536:fmJOqW9qZG4Gz5lNjSnoQc064Me59jCfrCwuv9T:uo9rz5lNjSno6dMebWuwuv9

Score

10^/10

gozi 86920234 banker discovery rm3 trojan

Malware Config

Extracted

Family

gozi

Attributes

exe_type
loader

Extracted

Family

gozi

Botnet

86920234

https://susanslewis.xyz

Attributes

build
300898
exe_type
loader
server_id
12
url_path
index.htm

rsa_pubkey.plain

serpent.plain

Signatures

Gozi
Gozi is a well-known and widely distributed banking trojan.
banker trojan gozi
Gozi family
gozi

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ed380a4338d439ca09a6e375501a72c8_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 37 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{24E52A81-B9AA-11EF-8C8D-7E918DD97D05} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "440294456"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000000000001000000ffffffffffffffffffffffffffffffff3d0000003d000000c3040000a2020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e0b31d8e5b6e4c498d50bf90062047da0000000002000000000010660000000100002000000037d30d08c3f23243386553388afeb628c29b030040c12c17982d51189ca5fc1d000000000e80000000020000200000003de30cef88c6958642bda92b03edfb043e2e891caacc80544f6bb22d1e5a3b8d20000000aa99be00f83362c0f54e5b23f68ff19955f7a8a857b4a1118bf0a28e51706f1240000000b765940bef298812efada7843100ddd78a7a281a5cadc12ae400b4620a893795422355b71d893347428b3e37fda1e1419129f780b0424f13a7990288cd982bca	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e0b31d8e5b6e4c498d50bf90062047da000000000200000000001066000000010000200000004b0a39f8d717132cb46f99bafc9ff68ac776aea70715f249eb634bf377efff0f000000000e8000000002000020000000ab8ea80442387f6ea269e9080ddf4f0b696f9474bc23858d920b5625e0419e19900000006105bc9a14723e77cd65eb425f776af859a6c8de1acf30f773079dc25418f854a50e18a1ba8e9799bdfdd4571a6f6e87d321761f58d5e45a12c22e4926f75e79ba075fe500c20789715c8b5f5994fe720170fe352b0b63a4c0bf8c0dda00f410891e81bc6a2aa63f6bf4efe97bf6c76ca7985f801d7ce0364f6cbb726cf6d44d656b46b5af54476ab7bbabf361435e4a40000000ba8e70bfe7fa902ab53ce24e764e40cb0c4c62d59f79acd08d9ebfca5465aea32714b0fde0360c4a3b057ab1dc5a5916cca1480c7163c31c0dcb5e5f151ac70a	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 90c4a2efb64ddb01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe

Suspicious use of FindShellTrayWindow 6 IoCs

pid	Process
2228	iexplore.exe
2228	iexplore.exe
2228	iexplore.exe
2228	iexplore.exe
2228	iexplore.exe
2228	iexplore.exe

Suspicious use of SetWindowsHookEx 24 IoCs

pid	Process
2228	iexplore.exe
2228	iexplore.exe
2836	IEXPLORE.EXE
2836	IEXPLORE.EXE
2228	iexplore.exe
2228	iexplore.exe
3056	IEXPLORE.EXE
3056	IEXPLORE.EXE
2228	iexplore.exe
2228	iexplore.exe
2836	IEXPLORE.EXE
2836	IEXPLORE.EXE
2228	iexplore.exe
2228	iexplore.exe
2836	IEXPLORE.EXE
2836	IEXPLORE.EXE
2228	iexplore.exe
2228	iexplore.exe
2836	IEXPLORE.EXE
2836	IEXPLORE.EXE
2228	iexplore.exe
2228	iexplore.exe
2836	IEXPLORE.EXE
2836	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2228 wrote to memory of 2836	2228	iexplore.exe	34
PID 2228 wrote to memory of 2836	2228	iexplore.exe	34
PID 2228 wrote to memory of 2836	2228	iexplore.exe	34
PID 2228 wrote to memory of 2836	2228	iexplore.exe	34
PID 2228 wrote to memory of 3056	2228	iexplore.exe	36
PID 2228 wrote to memory of 3056	2228	iexplore.exe	36
PID 2228 wrote to memory of 3056	2228	iexplore.exe	36
PID 2228 wrote to memory of 3056	2228	iexplore.exe	36

C:\Users\Admin\AppData\Local\Temp\ed380a4338d439ca09a6e375501a72c8_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\ed380a4338d439ca09a6e375501a72c8_JaffaCakes118.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:2480

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2228
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2228 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2836
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2228 CREDAT:537614 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:3056

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6210c71c9d527ea3d976ba99a3a1627b

SHA1
0935de0483d8110139987993842531a60202eadd

SHA256
458e0895f114a5ee22d15ccb695ad804ebc03d57100641ba0e2581da0ee5bc6b

SHA512
48e1fd25c04e8aeef95c12dd121d7fcaf02f8a63b191dcd82ae050cd7e94542a508b4b151abd228412b778fc329e5d4260dc33870b120fd315aa2046d2df68ba

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b79d43d992a69e69f8067143e7636f4f

SHA1
2e0b7e25a0d5c92ad02f488bd104ba86ffd1b932

SHA256
f34ceebc368324ef1da0d289d28b9b7974acbf05666a838adf02adf4f05b200e

SHA512
b1d57f8acb418ce46381d2bde39b696ac6b7dba1305f3f4ee554c0cc401680a463aa84b28c68e6351dc6bce7893835f04851a206b7179d17961b123a19438b43

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c5fe4624b3b7bb6c2e6fc75b736bc757

SHA1
de7e3a939579bcc41d706eeee92770cfc7aef488

SHA256
26425239adec7729c75e6f1dac35763c8ff8597d803469a237de6617b16edfe3

SHA512
a6d48ef7bc0833d9b7931dd0554e32bcc42268ee8aceda006797b9835346a8e70ea83282fbd24f629582802dc428d895b845c9b6559c3df64332ff81ee4932e2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c6dfd6c0958b0ba063c796dadf60336a

SHA1
18c9f2a5be5d0c441d56d89e2c4ad6d0ada31ffd

SHA256
bd19341924d9c55b51f91c3ae6efa815cb5c0939c43f555f07659d3e7aea64d8

SHA512
c90cf727bf5483862169d23c50f00dca25faf61890762e28c4331325af6b3e3a1ea35cdf5e6c1bfc994b6040a9107b28fb6675cdf24999bb3f3ba161b4863355

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5a7cf105d250974132110173fad2b14b

SHA1
b811c9f290e6963126e49633108f9074cb6cfd39

SHA256
e74b9a48266d386f080635cb1947af1698e64c26dbfd6d4952869dd8f1deafca

SHA512
5328a007fdaa907efd044d7fc883dc810e19e7b3de35fdb3b1e6f8c940da40e154bd9052b60e3ee9b4416137cc9e2843e62bdc80855325cf05588e7d4ff34763

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e216b31316a1c448f702174a1067d45d

SHA1
df44adc6aee78567b96ffa3981cd97ff17843cc7

SHA256
8f1534845d8e8e60618df90dfc2d53b0deb45b296417067863d78270762898f4

SHA512
fbfe0b6e6ea49558dce42924eaa131a93072c0200ad757b4a8d15890500febb81b4e3c2f212b3a1ca08299d3af28d328ffc02d16dfdad974766d1f1c7ef47dd8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e682826bfdb28ef0338f38514dd0fc1c

SHA1
c87f05f8acce7f529d6809c43e2f13b84381145b

SHA256
bfe69518a070dae104cfa9834cf1e1dfa0db470bba5f75d1293c24ac01b2e1c2

SHA512
ced40ac85880892f7a9611f3d9487825d5251519903305047acd57adcb3dbc248ed76e1d30ea308bececd95a31c74cec839bb6f59ce5fabe1203df72d72b01d9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b58169d0a02700470be8d70881e91cb1

SHA1
73fbb210923ab3face07737a2b9bd800fedbbdea

SHA256
6e4eae1776848606b54e44783d082ce02ab7d45f2eef73b835e697eb598b53d9

SHA512
51405c0a19b8508b5b8b3014c5c3712075293dbcffc58032aa92fa5f0fcf6a99f835856c90fdcf0f5067e438252f51a7bc370d3dc6e124418eb7d2ffc0289733

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f7adc02d19c8d421036c2f597f66fb62

SHA1
7b6a2f96fceef304c701474d2d7804f71c3ad99c

SHA256
087322b717d8ff399d252098dd2298a8e2fd954bba6a3f4a35b23e3f82c195a2

SHA512
373d84e20e6699db31e8b706da7d20941805b3450949c0cd9ef417133561228563023bb495ee4c2044b8a04767935b5dbe2e3a6a7851bfefc77de06c018cb6b1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4a6fe2e86261fcd7734e714f49fab8b5

SHA1
feafab9e000e63d57fc71b0c19fe33cbdb0d21e0

SHA256
f0e2022461c807d2c54de467e6b147222d643d5fbcd4fefa2b997ff3865838a0

SHA512
aef04b1aa1814c27ccb2b0f5a86b27788550029305c9fe8a65f2cb3474a2fdf3a1f9fe910b5c307f9e41ab3ef03a2a6a5f5fe7a5e52d8a76c3cf380d113dd43a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ca81e7c8a8d00b0f999e1101bdca81f3

SHA1
bff06952e0e6a14302ff0ac61f4f40a0a796aef5

SHA256
4569d39220392cb60f12397cd89d81f9ff8e9ad868e1a28cca9315e081c8041f

SHA512
b2d8d609c9dbb9fd75eacb82c664fa01525abb57826137986edbb258d0a401e44999fec7b50e6102e177b0e73ee02c4eda92dcb05d9ac31aa45904aa4430bd73

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5031b53b93902b061c957b5e36a605ef

SHA1
828087bff2df7d7d19d2b2e0eab5240f5a0e1684

SHA256
dbad4dbafa119eb4b76289392c8dec4c01ee4b1e5db3d5e8e73a93091f6d86a7

SHA512
de73ee8c30f2a9138bd91c3c74103c9df558de454743b1490dd0c2cc76d0fe569c5fe1c3230700bf23f39d7618436cf1a9da19bbef88024583aeb081b2593489

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b835653db651c5d74219f63bca402356

SHA1
37c46394806cd734479cafc6c59352f977665df8

SHA256
7606f10b776f46dec7aae7218d9c3f0448aca334ae02edb6037f3e73a92101f4

SHA512
f6cccd3b57086758574ddb489bb38f38a6538fd14d79a5bee00268dd90c645af429c7381299aaa29c6d743a1ab75aea6685f075bf13c1d205b29a557a0b5548c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fbc8a5d137ca0918f2286e0ccef385ec

SHA1
209d9ce336e4f51cabda5a8b9b74657bf6feaf3f

SHA256
268a550c79e7086db8407607a339003cd62347d5a2dbe2af4a49f6c7a49afcf9

SHA512
d6631b52eadb09e8b0279efa2efac010f2aac723816bd364a1ed14df055aa51f026981c79ba860e465889f346bdbe09a083addbc567fd8cabe0ef9238feceaaf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
10e23aa6ed22dc5a2a083cfe6d824c4b

SHA1
982b4eea48423860b7c2339d270f1e1ba61c3572

SHA256
68b8be9c9d7c5d5837ba0967abe650af939f7434c3b56906acf4158934dbdc33

SHA512
c62156f8a92a23183f259a72aa70f28b7fd1ad221b214cdc25e0bc41652c81649c1629d66067f633bf24df12a5c788ebdf3a3c29e651882b14b01226ded9fcf3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c958024f4e67ec6d4b9f33ecbddc9a0a

SHA1
87a282429417f04df97c27b92882cd83936c81fd

SHA256
63830d05063dc697423b86d5f61bf627ba5253da79f62aa11d83ec3a178fd117

SHA512
d1bb2798c8686c4b86221cde533bfab6856a445dd6217dd1db9740e4227006c7ea58909a080c0e00b9652441206185345569c5d7697971dfe4145865b8723c96

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1c5ef509fa63ed20c3e0f5f54ef835b8

SHA1
b43f6f99ad430a1ef924034c850df0ad3b3f2209

SHA256
a04f06203a02955cca5028d2f4d2137669d1a9302d5c2297b5f856ba510cfc23

SHA512
23bff6f6be61c33ad17d0b2311d7e1b7a1466da94b646549261c29bcb662d771ebea9106a12e63d03020c43269dd8e011091b3fb207fe4e43b527096ebebb3cd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7f71216f1594a1b4218395d9c1d64680

SHA1
9fbf789756a1a351c8de87220f875a4e41113711

SHA256
6d0a17989056ddc7afd2268712864b74de9943a937c3a2e6f07a12771462fa14

SHA512
2e29655653b968e0398931125f38ce2985390bc0a037fce95f5b4e9ba1a510c38c7291fcc559fe3cc3370d53912a3a6eddd28d1e30b2a79a772d5158f4bec026

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7180a385f8f695b1baae9a1d18bec8b3

SHA1
1d7d5ef314d24968f5211ed94ba3d40d767eff25

SHA256
1d0c5a3cf6e4c5f823c53db73d6128bc4659906cbbbafa60d448b47eb01f6e4b

SHA512
3e7fe47984f5139a5ff07c4b4e74c09cc771b95050410e17fcce9b0d5d52a3247ca5f3993540e9b55000ce8e1b98b459d4e52d2893a7f7b693c0bb6243be5c44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9UR26M8S\NewErrorPageTemplate[1]

Filesize
1KB

MD5
cdf81e591d9cbfb47a7f97a2bcdb70b9

SHA1
8f12010dfaacdecad77b70a3e781c707cf328496

SHA256
204d95c6fb161368c795bb63e538fe0b11f9e406494bb5758b3b0d60c5f651bd

SHA512
977dcc2c6488acaf0e5970cef1a7a72c9f9dc6bb82da54f057e0853c8e939e4ab01b163eb7a5058e093a8bc44ecad9d06880fdc883e67e28ac67fee4d070a4cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AS91FDNI\errorPageStrings[1]

Filesize
2KB

MD5
e3e4a98353f119b80b323302f26b78fa

SHA1
20ee35a370cdd3a8a7d04b506410300fd0a6a864

SHA256
9466d620dc57835a2475f8f71e304f54aee7160e134ba160baae0f19e5e71e66

SHA512
d8e4d73c76804a5abebd5dbc3a86dcdb6e73107b873175a8de67332c113fb7c4899890bf7972e467866fa4cd100a7e2a10a770e5a9c41cbf23b54351b771dcee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S8GI6B9B\dnserror[1]

Filesize
1KB

MD5
73c70b34b5f8f158d38a94b9d7766515

SHA1
e9eaa065bd6585a1b176e13615fd7e6ef96230a9

SHA256
3ebd34328a4386b4eba1f3d5f1252e7bd13744a6918720735020b4689c13fcf4

SHA512
927dcd4a8cfdeb0f970cb4ee3f059168b37e1e4e04733ed3356f77ca0448d2145e1abdd4f7ce1c6ca23c1e3676056894625b17987cc56c84c78e73f60e08fc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZKZ95V4R\httpErrorPagesScripts[1]

Filesize
8KB

MD5
3f57b781cb3ef114dd0b665151571b7b

SHA1
ce6a63f996df3a1cccb81720e21204b825e0238c

SHA256
46e019fa34465f4ed096a9665d1827b54553931ad82e98be01edb1ddbc94d3ad

SHA512
8cbf4ef582332ae7ea605f910ad6f8a4bc28513482409fa84f08943a72cac2cf0fa32b6af4c20c697e1fac2c5ba16b5a64a23af0c11eefbf69625b8f9f90c8fa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab3F73.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar3FE4.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Users\Admin\AppData\Local\Temp\~DF000F549E87E28732.TMP

Filesize
16KB

MD5
9d82cf87b43e1a3bf1bc319a9b5b2ca3

SHA1
4cbc4545506f7d5e479acba0ced0d995736284a1

SHA256
13348f6e83e4169d9085bd2c378608e64b7154819d3e13dfd2588083d2b0fb80

SHA512
bf3c7f08091636ba602fcea6d5bdb7982f2352ef9590c2a6da35565bf0f077e1db1030dff31bfcc0566cd9e3a077bafd330063a93478e90bc8f26273031182c2

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\28c8b86deab549a1.customDestinations-ms

Filesize
3KB

MD5
bf4a703ceee925c8c2ff2058fd317129

SHA1
56446c5515a3ea5b8e204b6b0a4116b1a595156b

SHA256
f7f09c4047785cbbba2379c31e76ce824c9f3c34bf9d968a40b202b607e2497d

SHA512
76d5574298d2f98738f556ef2ba2353d3892bc3f08e47fed00699a9be0475be66e2b02edbe782010901f19c6a19c8a6975015176a7bb2d5ebde723a3edea4e3d

Download Submit
memory/2480-0-0x0000000000020000-0x0000000000036000-memory.dmp

Filesize
88KB

Download
memory/2480-6-0x0000000000810000-0x0000000000812000-memory.dmp

Filesize
8KB

Download

Analysis

Sharing

General

Malware Config

Extracted

Extracted

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads