51bd245f8cb24c624674cd2bebcad4152d83273dab4d1ee7d982e74a0548890b

Analysis

max time kernel
83s
max time network
84s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
23-01-2025 20:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

RippleSpoofer.exe
Size

15.6MB
MD5

76ed914a265f60ff93751afe02cf35a4
SHA1

4f8ea583e5999faaec38be4c66ff4849fcf715c6
SHA256

51bd245f8cb24c624674cd2bebcad4152d83273dab4d1ee7d982e74a0548890b
SHA512

83135f8b040b68cafb896c4624bd66be1ae98857907b9817701d46952d4be9aaf7ad1ab3754995363bb5192fa2c669c26f526cafc6c487b061c2edcceebde6ac
SSDEEP

393216:QAiUmWQEnjaa4cqmAa4ICSSF1a0HPRV8gtFlSiZh5ZlZ:bhnGhMAXSmHXFA+

Score

9^/10

defense_evasion discovery themida trojan

Malware Config

Signatures

Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs

defense_evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	RippleSpoofer.exe

Checks BIOS information in registry 2 TTPs 2 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	RippleSpoofer.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	RippleSpoofer.exe

Themida packer 3 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
behavioral1/memory/2816-7-0x0000000001280000-0x0000000002F00000-memory.dmp	themida
behavioral1/memory/2816-8-0x0000000001280000-0x0000000002F00000-memory.dmp	themida
behavioral1/memory/2816-22-0x0000000001280000-0x0000000002F00000-memory.dmp	themida

Checks whether UAC is enabled 1 TTPs 1 IoCs

defense_evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	RippleSpoofer.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs

Web Service

T1102

flow	ioc
15	discord.com
16	discord.com
17	discord.com
18	discord.com

Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

pid	Process
2816	RippleSpoofer.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 39 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000076326132b2e3324fa11073c0492eda0a00000000020000000000106600000001000020000000c170fd8ec4f00d1931e25644573fd206335bb6653d6739d9a1e42f75f7051649000000000e8000000002000020000000885877b084d0047e4c84ab019587b4d6f8d0bca0bf4a32b283ac119d68253448200000002782277b6c25940262f9ae0d1552610204fc9583fca8ab14f83b4ccf6d8a414840000000b3452074d6816332d29af36606586c02bcbac73743aa082d707abb4061ad3e1b831255f5364cf6584a7b90975ec1cedfde1c90f6fa4c5853c2f099c0046fe7d3	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 60ba629fd96ddb01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "443827773"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\DOMStorage\discord.com	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000076326132b2e3324fa11073c0492eda0a00000000020000000000106600000001000020000000964b48a72e65733108fa66e8a4db3db8a46f34cf85114757fdd79cb82c25810e000000000e800000000200002000000076e685cbb23b7f799c597fb422f909046f287ac5238fb3e06f968b67353fe8429000000051b1f8ba27e5d5074d6306d3daea80989fc19cf0dbb5bc994621b1d87c3c593b093e215ed63a75823c7aef512b972753c2242e05dd18008a2eab3a339856491633daf0ac4cd0bc3c96eb6eb5e7f7f85f0288046372aa294e0ae7ce4f69b1cd83cb610f67f3065d3545de392e4e9120a34d82dea085a2bbe590ffcc6f2b42b1c9018468da360c29ab7fd9cfa855fedbb94000000063d4f1bc12c1307f2d0d367b43808582b06cf96cfcbd25ef72b617f7339d6598397448621c1ca64a6aed7c950c275a58dcbcdffeac3afc4160e7520c088598c3	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\DOMStorage\discord.com\NumberOfSubdomains = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{C9B36DF1-D9CC-11EF-82B6-5EE01BAFE073} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\DOMStorage	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2816	RippleSpoofer.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2684	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2684	iexplore.exe
2684	iexplore.exe
2660	IEXPLORE.EXE
2660	IEXPLORE.EXE
2660	IEXPLORE.EXE
2660	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2816 wrote to memory of 2684	2816	RippleSpoofer.exe	30
PID 2816 wrote to memory of 2684	2816	RippleSpoofer.exe	30
PID 2816 wrote to memory of 2684	2816	RippleSpoofer.exe	30
PID 2684 wrote to memory of 2660	2684	iexplore.exe	31
PID 2684 wrote to memory of 2660	2684	iexplore.exe	31
PID 2684 wrote to memory of 2660	2684	iexplore.exe	31
PID 2684 wrote to memory of 2660	2684	iexplore.exe	31

C:\Users\Admin\AppData\Local\Temp\RippleSpoofer.exe
"C:\Users\Admin\AppData\Local\Temp\RippleSpoofer.exe"
1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2816
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe" https://discord.gg/Qt5NMSgdzU
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2684
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2684 CREDAT:275457 /prefetch:2
    3⤵
    - System Location Discovery: System Language Discovery
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:2660

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
0f07945b8d6abb0b9cb34bf3315754a2

SHA1
b21c1d35d716b5e9ee4ab5e9ca1bd092127daea1

SHA256
51096fee29e878d0eeb52ffa3e869e30ff1779b9d6db4cbe4f22fa6eea61c7f1

SHA512
50ef8cffa2c3f106e85fe998dc5b9755ddfbdaaaf7d1b6aec31dbe6a7b94b5054edee5e9b8db03dca533b4111f374b7308cf2b3659544e1fa68d7d93a7fc8942

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f277d668d07659a400ae3cd241e51b08

SHA1
5716827548a1317d7a4ac3f5f42699826596eb46

SHA256
fea2530379e8dc74a90e10da0b131c046da9b1f4ac151f7731499d94e44c72a4

SHA512
178dc9d2632fb7a207fd2f1724ff97154af833dc83fd211ef663abf11f6b53057d517371083bf04ca3a42259e18433c473e2fee24b721833004d117f9b685ade

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
426050cb8db5723fd9da4051fea8295f

SHA1
e7e641856feb158593ca957396de95df1426d9d4

SHA256
575410c09bc36bbf013e850752aeecc2935e9dee57510b789b150ff227c8ff7e

SHA512
69326a0c1151516c60cb3800ca84fdd6a573d97930d5eefc1205183c643e20352cad8a3928cd69ffcae562f90498dadc4bbbfdd09cafabced64b1485e5783d6b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
70f2082c79b2d2ca4ca725ea1451becc

SHA1
c0eba767cb9150250eb58cf1b5e4ba090f6322e0

SHA256
3a513d94805d3097667732dc90808206db5b40623ed0d4b0013a5e4d9ba11671

SHA512
4e50c0589494f9ae96ea33777fca735872bf1c3e45ccd16c7b7989ee4b21f61ef697162fb48abcd49e8b127479200bac9af46cdfe2aef4fa5bb7fc12fabf9b27

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
731145a3a5d6c6c3aedb76a40b5cb32f

SHA1
83d6baf545622ff70c540792ac69fece2540c781

SHA256
85af615576264c6f561b48b3010d13b9511d47ce02015aec6d25c643ce766cda

SHA512
9f0fc472a27d21ad4dbcadd908878a7018a3268d592819dab48c072ee0c2431accdd9d649253ee820edc90a88520dd5bf0d74fd4ca8a53fa5ddf35b51cac5894

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ac06e1b67de355e730d8eda779df3f7b

SHA1
584d812d33ab1503610e0a53429d17c6ca98f580

SHA256
c92d1643353b0f840dc0624b3b9a6a5a7c965798b2c957396c6ac8be61e17f5a

SHA512
c51e40cafbd1e7ee7204021cc6181b1b0cc63ac1c2604c13b782c53958667c9609f09d0380171a555888d00c018e66b213f3a2c9f61931879d37f56dd0839a64

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6f9a79ee374dbfd92136da0239588104

SHA1
cc423450843a05ed954f73efcf778ff2e702cb47

SHA256
e305a1d86df84156d6dbf63cc05c8ee36a65f1863bbf621a10c5b44a66ae8dfb

SHA512
8291ecefbb8db092c593a28208bd47a6fc6eb65aef0383db64d59cb9b8ccacb000f1570603f3e037565c3dea9a3ab5ad6fe7147e6acacb7c80f7b9ee704d9201

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
214ca615155107dfd855b7abb1ec4f8e

SHA1
8bd3f89bb33cd3dac974861c3485e89406d18a6f

SHA256
f9a32102e9b59cbc0141e1538118eaa19bdd74e7890339e8be60b6a230ef5f35

SHA512
426730420e399bd9850c51e0b81403a7f460e9c9d5aca5cf7ec598e0a3258ce6bd7a230bea31367b89bff1e113f5d304502627a8acff8af42657545e6ba0c0a0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b9c987a2d27ee85061d37197091c0bdc

SHA1
53f8cb84643fab599e2522522c19d72fa568e2fa

SHA256
5f630707b9fc5360b219eb7dec35f5f0c16e42096fbab174f9ae78289c873547

SHA512
4e030e641bd49a22e6dd671de8b5bb997466645458c53013c421db51d7d16c5ac4a13efca875f76f0a6c94fcb5e2c6a7a614ed260e9e07f3a362bf1c31c9969c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b4e419215392cf5e9f9342c917f263c7

SHA1
11f77214c660589359da510cefb6a9c2a0d42519

SHA256
2067359363740e77c3751c52853680bedcff95a6cd1b4c4b3670213aa3ce62c3

SHA512
f73ac8eb124bf876dc9b48d55e01602c09ebb72cdae4acb4d6eac87b18f682ddb3a2f4a158fbc3dd128caa81233d1281bac8c562924e0d3b0184f40f6c7194c4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2303944c09a093da6cb555b3cd94f3eb

SHA1
e5a2f001f228cddbff81d2b731c7de3aa2b260e5

SHA256
8e2f0d8ded8b0913deb556858d4746590fa49cd304cec5e3e42394976efe3fd4

SHA512
9ace76ea45622f75b7da7acca284d37b59330f153043991b576bf742cbd37b4c08672f5a2b86eb372425cb2cc05fb8bf129e80d24ff23870d6f23478d5c21179

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0ae463f02bfa23d8ed51ba7d1ebc1e73

SHA1
04793fa35048560b8cc4d12298934689f2b26732

SHA256
af2e5e7b16a807af8a36ec10ad8dbf6f9833b93813ceb1f08fbd1628699bf960

SHA512
4168c113f2c1c0ff329f9dec783aa7d9629e2e228bed12136bb5dd4d4658298ac25ba33a44908bf05a6f809a6a4966dd30180ed5f3e86377b9ce368203627d38

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
87c0a5959f0097a1afa73b04aec5aa8a

SHA1
d043c69be4cde0a09a3d061c6c7e163e3be47e87

SHA256
82ca77134959a0724fcd8e41e5ec6d22959d9b85290215890f83f0328e856617

SHA512
7b7ec4bdc3dc1cadaba808c18a8ff9cb2435d59baa7ffaac6f8738d4335598d20e69776abdc1d4dac5f8100245fb5e917765ede220d78c8d2053e7b470655eee

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3a9ddbcebcb61b29edccc661fb1e5e3b

SHA1
a3d06911a89f0ff5a5516cc0f450ed10da60f19c

SHA256
ce38e6306fe3f2c2915e9b43991e58f513bf310a2c84a9df36a5e0eaae9ab5b6

SHA512
f1a89b6399146288f75eaeb1cd2b56bc50fe4b84b7e17d82d34aa5e3021d52ef76e1ab211d993b52f0b897348bf4ecc5c4c08caa57d128d11ff0e9043f134b62

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9b78592374c5f8f47cae92468eeb6e1a

SHA1
72f2a4d48e8fa045d6522d3f4e48c4dc5336c4a3

SHA256
a14e172561339d33e6400536e7f180aa25182e210d97895a152415118c820634

SHA512
3a9cda92712140790b09d023dcf5a69dc48004e2d309b5a48cae7517fa76b91a39d782e959e1f416498f1fc40979e2c7de8b5a59e6e08fd471e82dde4aba765a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7c50143d5e5496774342ef67a2af5611

SHA1
3a07fe45ca5a3257cc6d83e89e0f6f90b17312c4

SHA256
1f763f247fb9a2dc88151be6385ecccbb432cee7a119e67ce38d50a22f48e499

SHA512
d3912cc39777e752e583fa7137feef4885811fdec7fdbaa59a6c82cd2dafad70684859b5c0b6c9975cb313327a0d8a20fde38f2220bbf0d98b0ca1591a946ba7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b839e91320ca9c055b947dcdbe0f2c08

SHA1
ce8974141647c984698a76530f6f5f819614a6e2

SHA256
e1069bf8c45bcc7a3255bce0174b18757c4c086ab171727887355507d51bc6ec

SHA512
c26e81a22cbdc4957d66ec5b319e6e5e93d48437113ba46ce5daceb02eea7568e51cf5f4dfeb53ef3ca820308f579d03a8ed6d7676f051616060335bcc37c6ca

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f0ed2d0d0757fddfd990fa8c3690ee44

SHA1
81b22b370b32622e580e7b854a11afe3301f20f2

SHA256
fed22c0d13d69c8138f8cb10179577714912dfebecf5f40a805cba0d2352a34f

SHA512
1f9bf23a6bd793dd10295be90d4620c8f7ed51b3f26d0a236cb32028b8b0b713e6a8184c9fef0760204a72f7b4bd2d842a85c53cba279406cb1082ce7149506b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
db91555d1dcb5ff8b5128dfe1e328b08

SHA1
6a5af2da6abd07fe22cbe46d004a58620b6fbdf6

SHA256
62d3e6521c437279380e1ba1e4084347c7a2c1912ca54d93237c1861c8c00a14

SHA512
f971407578a2033c5aaefe25edf1b87052f34fa648904216f64ab26baa123208264e6b01a4b5d84ddc7bc57fb2ebd30c81e6ce33a2c6931b1cd359a5df32882e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d54b30c5baaf6be06b7d30afd92fa69f

SHA1
4e4de362b2cc88e724df5e2642b9bb86f57c81fe

SHA256
f01c95c23f57e9d199f189230be1b8aa7d9b140031af92b6a6824bf3b8cb4cd6

SHA512
1c139857233050b9cc3696547a58b70b1afb68d70a6fb8423c388908b04f6a78905ef7b143cec2977e043007b8d6d484383523560dc8130eedef7912dcf25069

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a4ed2fe3cae84fe3a0fb50ff8720434a

SHA1
d81f23c454c13d650e732511636c4c9a128ceebd

SHA256
4c5474760758835fb0d442aa3dfd2324ae49ecbb2ab1a1546931c65c17d0e846

SHA512
ab139a43e47295a9fbf3a040714494c352ea2f4696b3264d67511a93010c4ca54dcaef0c1c777a232debcbae51205988cdc1e64becfee1488d493b400b4ae091

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
23b9bc975125272cab649d7f073920ec

SHA1
fb893af4f4550e3217722ddaa496d671dadf4b87

SHA256
061c0d36fdcd98eef099f098a70c6bf60d9f12f119950b17f2c4bb5c563e3c66

SHA512
66b89e177b0457a4ea18dbb75771b236347f9c7d8edbb28d5c5f96e3e2adbb76800f7a0d377a44b087fd1afb5cc04445403f500edfeb526c71ccb855db7c2c6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\anyweax\imagestore.dat

Filesize
24KB

MD5
a840b5f384523ac908a50d6ff69212c0

SHA1
3c4fbda1713da4ef37a06e5cabdc32ec9aac89e5

SHA256
cb479fa15fe5db3d40a277d52f05d12b1aaa360ceb31213f9ee7b9c5cb56b4dc

SHA512
b2aed4663d8394d2c7a21b0dc13fa78233ec902a2b48d2a4f1fd4db5cd53fca416b2f637c3d2800b8fc09005c88c2c4d044e1be4b0358cb2f1907595abf8efde

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y8UFEBH5\favicon[1].ico

Filesize
23KB

MD5
ec2c34cadd4b5f4594415127380a85e6

SHA1
e7e129270da0153510ef04a148d08702b980b679

SHA256
128e20b3b15c65dd470cb9d0dc8fe10e2ff9f72fac99ee621b01a391ef6b81c7

SHA512
c1997779ff5d0f74a7fbb359606dab83439c143fbdb52025495bdc3a7cb87188085eaf12cc434cbf63b3f8da5417c8a03f2e64f751c0a63508e4412ea4e7425c

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabCD30.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarCD32.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
memory/2816-11-0x000007FEFDA50000-0x000007FEFDABC000-memory.dmp

Filesize
432KB

Download
memory/2816-7-0x0000000001280000-0x0000000002F00000-memory.dmp

Filesize
28.5MB

Download
memory/2816-14-0x000007FEFDA63000-0x000007FEFDA64000-memory.dmp

Filesize
4KB

Download
memory/2816-13-0x0000000001280000-0x0000000002F00000-memory.dmp

Filesize
28.5MB

Download
memory/2816-12-0x000000001DF30000-0x000000001DFE2000-memory.dmp

Filesize
712KB

Download
memory/2816-16-0x000007FEFDA50000-0x000007FEFDABC000-memory.dmp

Filesize
432KB

Download
memory/2816-10-0x00000000005E0000-0x00000000005E1000-memory.dmp

Filesize
4KB

Download
memory/2816-8-0x0000000001280000-0x0000000002F00000-memory.dmp

Filesize
28.5MB

Download
memory/2816-18-0x000007FEFDA50000-0x000007FEFDABC000-memory.dmp

Filesize
432KB

Download
memory/2816-15-0x000007FEFDA50000-0x000007FEFDABC000-memory.dmp

Filesize
432KB

Download
memory/2816-5-0x000007FEFDA50000-0x000007FEFDABC000-memory.dmp

Filesize
432KB

Download
memory/2816-1-0x000007FEFDA63000-0x000007FEFDA64000-memory.dmp

Filesize
4KB

Download
memory/2816-2-0x000007FEFDA50000-0x000007FEFDABC000-memory.dmp

Filesize
432KB

Download
memory/2816-3-0x000007FEFDA50000-0x000007FEFDABC000-memory.dmp

Filesize
432KB

Download
memory/2816-19-0x000007FEFDA50000-0x000007FEFDABC000-memory.dmp

Filesize
432KB

Download
memory/2816-4-0x000007FEFDA50000-0x000007FEFDABC000-memory.dmp

Filesize
432KB

Download
memory/2816-21-0x000007FEFDA50000-0x000007FEFDABC000-memory.dmp

Filesize
432KB

Download
memory/2816-22-0x0000000001280000-0x0000000002F00000-memory.dmp

Filesize
28.5MB

Download
memory/2816-0-0x0000000001280000-0x0000000002F00000-memory.dmp

Filesize
28.5MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads