51bd245f8cb24c624674cd2bebcad4152d83273dab4d1ee7d982e74a0548890b

Analysis

max time kernel
121s
max time network
135s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
20-12-2024 20:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

RippleSpoofer.exe
Size

15.6MB
MD5

76ed914a265f60ff93751afe02cf35a4
SHA1

4f8ea583e5999faaec38be4c66ff4849fcf715c6
SHA256

51bd245f8cb24c624674cd2bebcad4152d83273dab4d1ee7d982e74a0548890b
SHA512

83135f8b040b68cafb896c4624bd66be1ae98857907b9817701d46952d4be9aaf7ad1ab3754995363bb5192fa2c669c26f526cafc6c487b061c2edcceebde6ac
SSDEEP

393216:QAiUmWQEnjaa4cqmAa4ICSSF1a0HPRV8gtFlSiZh5ZlZ:bhnGhMAXSmHXFA+

Score

9^/10

discovery evasion themida trojan

Malware Config

Signatures

Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs

evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	RippleSpoofer.exe

Checks BIOS information in registry 2 TTPs 2 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	RippleSpoofer.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	RippleSpoofer.exe

Themida packer 3 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
behavioral1/memory/2380-5-0x00000000010D0000-0x0000000002D50000-memory.dmp	themida
behavioral1/memory/2380-6-0x00000000010D0000-0x0000000002D50000-memory.dmp	themida
behavioral1/memory/2380-14-0x00000000010D0000-0x0000000002D50000-memory.dmp	themida

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	RippleSpoofer.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs

Web Service

T1102

flow	ioc
15	discord.com
16	discord.com
17	discord.com
18	discord.com

Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

pid	Process
2380	RippleSpoofer.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 39 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DOMStorage\discord.com\NumberOfSubdomains = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{154DB241-BF13-11EF-8B05-6E295C7D81A3} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 40005bec1f53db01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DOMStorage	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000f57221660abc724380ade033cfa8e5f600000000020000000000106600000001000020000000c19c2945581d1d190e0119e99311d9aed3a41f147ec8fbee83be1648964133d1000000000e8000000002000020000000c68adbfc964987d87b8384bf73a153f9ed60bc2f1785732f741b869cd69d5ba02000000002657a54f4ad4ed2e83a77755aca1ff7e415a5d60fe5dbcf4f3491703ed5abb0400000003e7cbc40deec95239ff2a624722e79825d5134f11ad31175294287a402210822a14a1959523e5e838a9ad428ca61093ecc86ebc6d7865e02482dcc45df3f15de	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "440889283"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000f57221660abc724380ade033cfa8e5f60000000002000000000010660000000100002000000047c4e8ff4b7b859b3b5dc0ead24dac76547c32aed3c08449ede8eaa9a5d5c524000000000e8000000002000020000000d62ddac7ab2d15f1e9a94a30b11e1c00a4a4fc677b8c0cc1d794206b03b2efa090000000eeff6445561e585008556da54724abe2743c9ccd1a0fec138f2af171aa7ba0a39384f84ef28e18d3067df41c81f5a202cba37042363bbf8eea7e82010cb9d3ba7fc4f5fd2071563e645c64654fb39712c36fe2452f713cbf1824bc3fe6c48fdb8ef125fc727e301a028bfd1584d429cc15f7cd254c1ff644ad67fa383bb60287a9d5c2d4cd145dc4b860467a6c7ddbc6400000006f5769835bb5695997943645f36c19d9636ef6ae0b23213529f77e9d2846e81491ad34c00e61536837b458ff7e1cf46ffb078e19b23e01a94f68609ef492aaad	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DOMStorage\discord.com	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2380	RippleSpoofer.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2124	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2124	iexplore.exe
2124	iexplore.exe
2684	IEXPLORE.EXE
2684	IEXPLORE.EXE
2684	IEXPLORE.EXE
2684	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2380 wrote to memory of 2124	2380	RippleSpoofer.exe	28
PID 2380 wrote to memory of 2124	2380	RippleSpoofer.exe	28
PID 2380 wrote to memory of 2124	2380	RippleSpoofer.exe	28
PID 2124 wrote to memory of 2684	2124	iexplore.exe	29
PID 2124 wrote to memory of 2684	2124	iexplore.exe	29
PID 2124 wrote to memory of 2684	2124	iexplore.exe	29
PID 2124 wrote to memory of 2684	2124	iexplore.exe	29

C:\Users\Admin\AppData\Local\Temp\RippleSpoofer.exe
"C:\Users\Admin\AppData\Local\Temp\RippleSpoofer.exe"
1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2380
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe" https://discord.gg/Qt5NMSgdzU
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2124
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2124 CREDAT:275457 /prefetch:2
    3⤵
    - System Location Discovery: System Language Discovery
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:2684

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
2c113b7cc8da3fa46c7d704bf6daaf66

SHA1
1de10f92a07b03f73947efffd82d786e2a74138a

SHA256
f0003f850f79ee700ee3d78a9a0208dac7af5798d917e77d3a18da6acc582f23

SHA512
e6a048cd19cf8a22dc76a7c89b66e45c92e6c7f8085e9793019beeb41959d32ddc1078be031722fadffcc79b2a04acf84b79fcfbba2a47cd435a078caaacd476

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
79e1a302ce175328c0fee76b4261f383

SHA1
dda598b31d422133ab431565bcdff6e740361c22

SHA256
6d1b4736742c8fae75372beb4d14d90282da15457266cc180a15d8bb119126ec

SHA512
f2f3fb1f06d330249deac71a43b662a857f481467eaac51bbbfb4aff7c73e842ce64e7a81e09e758efb674403822d2d398a6044cb10d8d7ac6c8b208c786e021

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
945c2728ec2135ad2995c25ef566ca83

SHA1
5fbe78dcc4e2641927c4e3f3f627a7fd53a40f72

SHA256
f98c6767c8e8912f56f167dc941b639d95c27576768b90b3b9cfd71e01cad940

SHA512
1070ec4a3ba4cf1d67545f044412ddc630ce5eba2688e9ff450c9113ebf7beeebcb96faca6fc5a490d43baac0f818d420065bdbe30f90896d24264f92673f73b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
27f090ec8dc4beb2431824b4d4054a28

SHA1
995af943a17583957cace43556d10bed9cea5fc9

SHA256
06ebaba3aa9d7844b14a2304771472c97bef2ab93783e02a464a920a4413dafb

SHA512
d2072f3381d600b213c7cb8246fa1d3ec5ba157abbe769d755db8de33e8d180cc33cd4bdb76458424b528a266b7fa905d2c4be5576175f73c2943593c155859b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9b96667e95262292ec15a7785109229a

SHA1
c9f9bbabdaf9bf31ec2fb9376c4be1f0138d74d7

SHA256
ecb2d165bfe42a620d385af263d93ca3bbca1ff64bebc6bc0e732eaf4e0d3051

SHA512
12caf62c1a25d7e76dd097cd2911ef4707430027448b457d98220f898b560b119caa4f3124764e5ea398a38e26b2055f22737d0aec55afcbfa7c9d0432e1e0a9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d0989eb713751052b248df9e73c0e1f4

SHA1
b21f63f6b034fcb837da7f805bf67e5aaf22e6c8

SHA256
d81cf2defa65c632f91d2d8be32137d597996841f7cb30a160451c041c646cb1

SHA512
8c8dbacd7742fc8f56120f796c4a313953aef27c9e3018116dc7eacf1f087aceab73e60bd028795d351ab86a5fa7a11b24f941a423b9eddc7a38ed4c532bc3da

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
810db865ceb4367462f6e00bd82dc797

SHA1
230e9f4710333d4dd11c336d190b00d95ef08308

SHA256
ca4325c738c238f0f66db9d838cb447c3c1ab09a4973946639725ca951d215d0

SHA512
482f28e9db33ad454591f1a94d731ce7a99edbf876e225a0e94fa61adb43b4e62cf09a855ade8434e83cf992c61b213644afcf35ba7b8f605575178c8deed144

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
13429913aa01185a13d2aa4b7d147436

SHA1
aef063beffb65f69633cf6d5c320856b671ab145

SHA256
940c4993d9a568f54250b33ca70ee8e7192b2df1d6494ed57c9b2b601c51cea5

SHA512
6f417207aa03ff335b8a9ed69e1f0c43d271dcd848a1a141c0aa87706a86cb3f3458432de1e8ab6b77a14f42c01ef1ea296d27017818df8cd374fb6f23250783

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
eac3fd962a42a350ddedb63ded0b1d2f

SHA1
e606d37dd9ea1c4c728018e4f51ddec55c2192a5

SHA256
a2881380e2541e28be7e7b454c94ca0ceea63aa138a8f442f5faa44bdc5b3bf4

SHA512
b6efdca230c22c7b31dbd4794e1b8c8cba0a8b7e56df06a7284c1f3c853c8c936e0fe3f76fbbd49d0985d4e858a25ca5baacf6cc832d6a878890bc5c0789ec75

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
08e0866d6447683a311956b3d3d26a9c

SHA1
caa40920f27b1b79698405e4b307d310f840cc87

SHA256
dde49a0d1b4d2086ce4787432fca3fdc0b68d4b36ee803370bde411468ae2aea

SHA512
bcac64f45ede829c1bad6ca3b4077954eb4aba3d3a598f7e52ed51c8e46e48ff4dc28f5157f4480739e0a1fef5610a15ac0740fb9353b555530c0abae486cb39

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ad47ef21cc3598fbd09d912d316c9b82

SHA1
6559374b058ffef0c185a683f88a5e5bddbc5adc

SHA256
8ff02c6aeffe1219fcb433a094f78a444dfbf6c3524332551ddc1af9fdb3d924

SHA512
074e8363abf5d237a810500a0b9292d3c3a4f2fcf31ae35d5350481bc228ee585b0bdffd6c33eb8cdb877750be7ddc0791e3f299e725899865a18562442e18c6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7763b8d815c30ce81cad419ae3a37a4b

SHA1
322e6c34a06143162c60085db5c68d0fb8f40d8e

SHA256
80a1b3499699824eed428821453201244cfa9a5aea4af69e6b999571ebf2c6ab

SHA512
2bf07e71dbe08c348a3f07e987f2d95558f8327e0eb44f88ad4cc083bbec1b4a5fcf754584e1ccdad414391e4c74449820e6bb0f5843af2a3fdb29b47e5da0a2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cf7e82b3d58305229ccda048f62b4ebf

SHA1
b5bf1992b89610e1c6a92cdcffd9543177792921

SHA256
09ce2eb41694898ab5a614158b93e9a08eb82f4a51b8a9d7a994e28738a25c9b

SHA512
ac887d79dc0c8940e4a9e43a7f45638b626585b3bf4e62b52dfa14aa1a19bc597d08ce9777311d0c22d8abe2f610032b106838e8f6198fa487ee09e17f4d61f5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fa06da0579b466cb437af0f6251000cc

SHA1
b01549c9a92de2f064b9aff31182d64b43b623a1

SHA256
ca85ba7bf2cabc331aac088de1a1e3aaf2bcfabfe394f7c7f3a16eae52fb4338

SHA512
b60084f989b568e34ff1d4f4d2b3e3ff4b15e89f2900e9f0774baf1d03b181d7688b8615621743f4c50857b521b89a9339b9258f02dd4019b4e1110f4aee8cc1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
72f39a9bf08279a7f29aa12e3241376f

SHA1
6e5b9bcbc8c6350467199dceb62a12532c4c06bf

SHA256
c25e382b34ec26a24cca42b841b34f4271b1ba014d6192e64b6c23c9ad7b3853

SHA512
f775363f0fb7c42ae4940851145a7afc9b4c0f817286790f1e95255217565c3adfe9f44c04899359421e19ac09e3588e4703dbe985ecc50ea3f0ed4540ff2a2c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
17d3dacba6924651f6ae2575b9eb8b21

SHA1
af0ced533ae2bdc8b522afd486bbeae29b73f710

SHA256
43b68b3be2de34eed92be5698d39ad006ff4c6f83d5dbb633f56401a90101132

SHA512
b8fddb9aa45be6c98c95b255f81cb61fc071657cb5373c8327ccc74563e3d178fe282b4cbdbc119d282b1ec00e6d9899ac9b6d884823e9f92c390d45c928cdf4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
78469799cb157d2a6599af622512fd5b

SHA1
b5f049fa50b9beeac6f17d8b6f08f77428e419ab

SHA256
194e642fd7020687f41dadb90cccbca5dc1415b1fb50e70019ddccfb7fd36b64

SHA512
b87265befbb846a1ad18d1bb3832acea2c58e00f64b8a7ae3ef81165a9820e7cf25983d5a5db2a07a7cbd06d94fa60f05a2d8d42449b66a2b41851140edb53dc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ddd4af797adcfe8d3bb1ad3d124a2fec

SHA1
e543b53c22fcac40b1475410dcbafab90bdd41c8

SHA256
6d7f9820251da83ddb646d650a229e9aa96a06a1c89dda5c187494ea0fee98ce

SHA512
74d91489dab944ea7eb089b4d2b9b09026562d817a953cc8123b98de10c2e28cf832e71c0503ff61fe2822ca70dadfba40f0e0cfaf55078121d6013afbd0f671

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a790058bbb011e8ce9c72a04a9030435

SHA1
0969ce3380d995e362c0b9aa0f5cc235d5b27a8a

SHA256
ff3b7b3b8c12fa7256f497a1318f4108acecaa739633566d64cecab2935884b5

SHA512
93af4b5f0234c98ae45c474463ebcccfa2326d200f92c76268f437cc20f6ac18ddd09df5b96691e8c111645c3819bc7c7e66a590d0be63feae304636af1ab6cd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ff83c3a72ed07975d8088b47beeccdd5

SHA1
b2dbdb7aebc3d8ab3e5b71e03668e3b4492d9e45

SHA256
6c6f7b4afe358332c36a143b62954fa0d8d25356ce5206c7e63ef30fa17c6ec7

SHA512
963bd4b99f1353dbb201ae3d52edc16e26e4349b184c4a7a413c1c1f70c8b6488de02c661b9c3b830cf3691166f87dc9e3773b37772b775a4fd993819e4fbe3d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ed703bbb7dfc57b0db2234b9d20ee245

SHA1
392ffd5cfe558f8459446dacad59fc8ff5760a0b

SHA256
510bce2c48c42cc8679a47b4e6b6bc771f1e16d106a228228ee742d88c4b8c43

SHA512
7b5126a76816677b0fced3551009b0cd4bb8f9141c12bb20aee3bbd2cb435d1b055bb9d03a284ed63b674478999f43c88baca0fb66f6db917bff7494723dc54a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
29405a83931e320b67d5343c3f4e3806

SHA1
640d8e22d72a25d59294064a6ca0aedfcc62477e

SHA256
e9847ed86af384eefef12c76243a6cd6a4afbf874b4df3868b7cd297156a7486

SHA512
0b9d616496e8d205f43aa5d470589af1164a4f1090d4db85ff3eb01686e1f8ad90c034edc1c906dcc299098e5cb12836fa27cb44f09819bb65d95dd644fb3386

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
0160af0dde3391aa59cad15bc5706513

SHA1
f7553842f98a0d21659a2f205a6cc37683b18dd4

SHA256
1b6832a61dd39bf1d2c31bd91b264009da62b980065430f2b11ed0e61026f4ae

SHA512
2931998139e40301902521681f5de445f178b3c04502332c5e24fcca9569e0d8233c208e829d7a20dfeff2f2130bc838921b041d3eca4b70b3365ede6881bf80

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\yiu0yt6\imagestore.dat

Filesize
24KB

MD5
38140c4c6287dfbe9dfcc2b8e97218b7

SHA1
1e97abf0c87870246181af9462e891d52959dea1

SHA256
cddd5e3731be003d4d2927fbd064bd9563c1e045bb2bb5a5a90251f5afa42722

SHA512
0730e26a101c30ce78ca392adbefe0b84d4dc6c0fa913ea0a76c0fddfa95662cec1fed9f6a9b45c0cab839a0c163668b2655cdde0d9c6b66dd35528480c439c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DJB1KT77\favicon[1].ico

Filesize
23KB

MD5
ec2c34cadd4b5f4594415127380a85e6

SHA1
e7e129270da0153510ef04a148d08702b980b679

SHA256
128e20b3b15c65dd470cb9d0dc8fe10e2ff9f72fac99ee621b01a391ef6b81c7

SHA512
c1997779ff5d0f74a7fbb359606dab83439c143fbdb52025495bdc3a7cb87188085eaf12cc434cbf63b3f8da5417c8a03f2e64f751c0a63508e4412ea4e7425c

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabCC84.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarCC87.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
memory/2380-10-0x000000001DE40000-0x000000001DEF2000-memory.dmp

Filesize
712KB

Download
memory/2380-0-0x00000000010D0000-0x0000000002D50000-memory.dmp

Filesize
28.5MB

Download
memory/2380-13-0x000007FEFD290000-0x000007FEFD2FC000-memory.dmp

Filesize
432KB

Download
memory/2380-11-0x00000000010D0000-0x0000000002D50000-memory.dmp

Filesize
28.5MB

Download
memory/2380-14-0x00000000010D0000-0x0000000002D50000-memory.dmp

Filesize
28.5MB

Download
memory/2380-9-0x000007FEFD290000-0x000007FEFD2FC000-memory.dmp

Filesize
432KB

Download
memory/2380-8-0x0000000000560000-0x0000000000561000-memory.dmp

Filesize
4KB

Download
memory/2380-6-0x00000000010D0000-0x0000000002D50000-memory.dmp

Filesize
28.5MB

Download
memory/2380-5-0x00000000010D0000-0x0000000002D50000-memory.dmp

Filesize
28.5MB

Download
memory/2380-4-0x000007FEFD290000-0x000007FEFD2FC000-memory.dmp

Filesize
432KB

Download
memory/2380-1-0x000007FEFD2A3000-0x000007FEFD2A4000-memory.dmp

Filesize
4KB

Download
memory/2380-2-0x000007FEFD290000-0x000007FEFD2FC000-memory.dmp

Filesize
432KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads