a04dd408c82e792f11b1951395079ec7ff19511ec41266b70460721a23d70b6b

Analysis

max time kernel
79s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20250217-en
resource tags

arch:x64arch:x86image:win10v2004-20250217-enlocale:en-usos:windows10-2004-x64system
submitted
05/03/2025, 12:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_520575bc8e60c01cbd305bbcc44a5c31.exe
Size

580KB
MD5

520575bc8e60c01cbd305bbcc44a5c31
SHA1

30f332e5007fec206ecfb77a761054bc227b5867
SHA256

a04dd408c82e792f11b1951395079ec7ff19511ec41266b70460721a23d70b6b
SHA512

fd67c191bd196b931a425994843fcd6ab5991433e90e8fa39013b58104634c0b1237179a0c897989edbf764e436c20adb95981e703a8055a343cba03002bee5e
SSDEEP

12288:HGHVITPouQ52nHno3BfxmD64xF/DYgAinnylCKH6pTa6XJoS:HUVCouQ52nHngJbMFLYgAWnyt8O+

Score

8^/10

discovery persistence upx

Malware Config

Signatures

Drops file in Drivers directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\drivers\CCZOSVZC.sys	JaffaCakes118_520575bc8e60c01cbd305bbcc44a5c31.exe
File created	C:\Windows\SysWOW64\drivers\SFDTZBHC.sys	svchoppp.exe

Sets service image path in registry 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\CCZOSVZC\ImagePath = "\\??\\C:\\Windows\\system32\\drivers\\CCZOSVZC.sys"	JaffaCakes118_520575bc8e60c01cbd305bbcc44a5c31.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SFDTZBHC\ImagePath = "\\??\\C:\\Windows\\system32\\drivers\\SFDTZBHC.sys"	svchoppp.exe

Executes dropped EXE 1 IoCs

pid	Process
4724	svchoppp.exe

Drops file in System32 directory 1 IoCs

description	ioc	Process
File created	C:\WINDOWS\SysWOW64\svchoppp.exe	JaffaCakes118_520575bc8e60c01cbd305bbcc44a5c31.exe

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1776-0-0x0000000000400000-0x000000000052B000-memory.dmp	upx
behavioral2/files/0x000500000001da5b-5.dat	upx
behavioral2/memory/4724-6-0x0000000000400000-0x00000000004B3000-memory.dmp	upx
behavioral2/memory/1776-214-0x0000000000400000-0x000000000052B000-memory.dmp	upx
behavioral2/memory/4724-215-0x0000000000400000-0x00000000004B3000-memory.dmp	upx

Program crash 2 IoCs

pid	pid_target	Process	procid_target
4504	4724	WerFault.exe	89
4744	1776	WerFault.exe	87

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_520575bc8e60c01cbd305bbcc44a5c31.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	svchoppp.exe

Modifies Internet Explorer settings 1 TTPs 32 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1161330783-2912525651-1278508834-1000\Software\Microsoft\Internet Explorer\DOMStorage\2345.com	JaffaCakes118_520575bc8e60c01cbd305bbcc44a5c31.exe
Key created	\REGISTRY\USER\S-1-5-21-1161330783-2912525651-1278508834-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\2345.com	JaffaCakes118_520575bc8e60c01cbd305bbcc44a5c31.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1161330783-2912525651-1278508834-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\2345.com\NumberOfSubdomains = "1"	JaffaCakes118_520575bc8e60c01cbd305bbcc44a5c31.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1161330783-2912525651-1278508834-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\2345.com\Total = "37"	svchoppp.exe
Key created	\REGISTRY\USER\S-1-5-21-1161330783-2912525651-1278508834-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total	JaffaCakes118_520575bc8e60c01cbd305bbcc44a5c31.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1161330783-2912525651-1278508834-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.2345.com\ = "21510"	JaffaCakes118_520575bc8e60c01cbd305bbcc44a5c31.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1161330783-2912525651-1278508834-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "38311"	JaffaCakes118_520575bc8e60c01cbd305bbcc44a5c31.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1161330783-2912525651-1278508834-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\2345.com\Total = "38311"	JaffaCakes118_520575bc8e60c01cbd305bbcc44a5c31.exe
Key created	\REGISTRY\USER\S-1-5-21-1161330783-2912525651-1278508834-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.2345.com	svchoppp.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1161330783-2912525651-1278508834-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "16838"	svchoppp.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1161330783-2912525651-1278508834-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\2345.com\Total = "42946"	JaffaCakes118_520575bc8e60c01cbd305bbcc44a5c31.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1161330783-2912525651-1278508834-1000\SOFTWARE\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	JaffaCakes118_520575bc8e60c01cbd305bbcc44a5c31.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1161330783-2912525651-1278508834-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.2345.com\ = "37"	svchoppp.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1161330783-2912525651-1278508834-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\2345.com\Total = "21473"	svchoppp.exe
Key created	\REGISTRY\USER\S-1-5-21-1161330783-2912525651-1278508834-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.2345.com	JaffaCakes118_520575bc8e60c01cbd305bbcc44a5c31.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1161330783-2912525651-1278508834-1000\SOFTWARE\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	JaffaCakes118_520575bc8e60c01cbd305bbcc44a5c31.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1161330783-2912525651-1278508834-1000\SOFTWARE\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	JaffaCakes118_520575bc8e60c01cbd305bbcc44a5c31.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1161330783-2912525651-1278508834-1000\SOFTWARE\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	JaffaCakes118_520575bc8e60c01cbd305bbcc44a5c31.exe
Key created	\REGISTRY\USER\S-1-5-21-1161330783-2912525651-1278508834-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total	svchoppp.exe
Key created	\REGISTRY\USER\S-1-5-21-1161330783-2912525651-1278508834-1000\Software\Microsoft\Internet Explorer\DOMStorage\2345.com	svchoppp.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1161330783-2912525651-1278508834-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "21510"	JaffaCakes118_520575bc8e60c01cbd305bbcc44a5c31.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1161330783-2912525651-1278508834-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.2345.com\ = "42946"	JaffaCakes118_520575bc8e60c01cbd305bbcc44a5c31.exe
Key created	\REGISTRY\USER\S-1-5-21-1161330783-2912525651-1278508834-1000\Software\Microsoft\Internet Explorer\International\CpMRU	JaffaCakes118_520575bc8e60c01cbd305bbcc44a5c31.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1161330783-2912525651-1278508834-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "21473"	svchoppp.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1161330783-2912525651-1278508834-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.2345.com\ = "38311"	JaffaCakes118_520575bc8e60c01cbd305bbcc44a5c31.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1161330783-2912525651-1278508834-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.2345.com\ = "16838"	svchoppp.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1161330783-2912525651-1278508834-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\2345.com\Total = "16838"	svchoppp.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1161330783-2912525651-1278508834-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "42946"	JaffaCakes118_520575bc8e60c01cbd305bbcc44a5c31.exe
Key created	\REGISTRY\USER\S-1-5-21-1161330783-2912525651-1278508834-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage	JaffaCakes118_520575bc8e60c01cbd305bbcc44a5c31.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1161330783-2912525651-1278508834-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "37"	svchoppp.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1161330783-2912525651-1278508834-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.2345.com\ = "21473"	svchoppp.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1161330783-2912525651-1278508834-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\2345.com\Total = "21510"	JaffaCakes118_520575bc8e60c01cbd305bbcc44a5c31.exe

Suspicious behavior: LoadsDriver 2 IoCs

pid	Process
656	Process not Found
656	Process not Found

Suspicious use of SetWindowsHookEx 8 IoCs

pid	Process
1776	JaffaCakes118_520575bc8e60c01cbd305bbcc44a5c31.exe
1776	JaffaCakes118_520575bc8e60c01cbd305bbcc44a5c31.exe
1776	JaffaCakes118_520575bc8e60c01cbd305bbcc44a5c31.exe
1776	JaffaCakes118_520575bc8e60c01cbd305bbcc44a5c31.exe
4724	svchoppp.exe
4724	svchoppp.exe
4724	svchoppp.exe
4724	svchoppp.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1776 wrote to memory of 4724	1776	JaffaCakes118_520575bc8e60c01cbd305bbcc44a5c31.exe	89
PID 1776 wrote to memory of 4724	1776	JaffaCakes118_520575bc8e60c01cbd305bbcc44a5c31.exe	89
PID 1776 wrote to memory of 4724	1776	JaffaCakes118_520575bc8e60c01cbd305bbcc44a5c31.exe	89

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_520575bc8e60c01cbd305bbcc44a5c31.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_520575bc8e60c01cbd305bbcc44a5c31.exe"
1⤵
- Drops file in Drivers directory
- Sets service image path in registry
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1776
- C:\WINDOWS\SysWOW64\svchoppp.exe
  C:\WINDOWS\system32\svchoppp.exe
  2⤵
  - Drops file in Drivers directory
  - Sets service image path in registry
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:4724
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4724 -s 2724
    3⤵
    - Program crash
    PID:4504
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1776 -s 2608
  2⤵
  - Program crash
  PID:4744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 1776 -ip 1776
1⤵
PID:4300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 4724 -ip 4724
1⤵
PID:4272

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\07CEF2F654E3ED6050FFC9B6EB844250_4A1922226EBB524B6C75122B69BB3FBF

Filesize
2KB

MD5
8fbb346cb900f696a11995b9336948c9

SHA1
d3eef5a2ed78997f82841016288c0db459a3a0e2

SHA256
e7e17ba68707c40277791199b778da4cfb486c64b492a077555df0f9d8b94f80

SHA512
2a275ab57769f85d5244deaa319ac81a657a2d173d1c7e4bac0c284c5c0757ad7687cb59d203ab242cb0391dfbbbedaf95d7df8e3e85d013f89b41fa44f0e30f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\07CEF2F654E3ED6050FFC9B6EB844250_C57D2B8B27AF8C8DD8DF4E8AA58AF73C

Filesize
2KB

MD5
375396a3fc222a8b0ca8b062599d290a

SHA1
f8422b0ad79215eba936d40487aaa27eaeb29814

SHA256
7717a2aee5498343344b46bc6ebc32d1d800062f26df2f3c6311e31be536541f

SHA512
bec2d50648be64959a6b1e15713243c326e3fb3e0f7f770e2afe993cf51f3969e2f7b8cb99855c72ac22b9e298633899ea4b0492a3e2df6010679a27b7ef4e8a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\712CE989DF9A2038D47AF529DFCCAF75

Filesize
472B

MD5
2bfeadb384a6c2162d7335d48f81b3c0

SHA1
d620ed8f5ba8806e5d6abdd1a9d2ef1e31299aa9

SHA256
b73aebb7c1244c254f1ccef6b262e243e2e59f3fc103269b7c15f56dcac8907b

SHA512
2b3460a51f7d33645afd4aaf029bb5f218e9476f751b8431eacf260540bf85686c3af852e51da409869706f9395861e1481e06d269e13796586538e36712bcd9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E

Filesize
1KB

MD5
1fa6f56b0795a3c8e47a5b5a17211e2b

SHA1
4b1b7bafe7ee74b58a68a8f1d009b2a39799f1b5

SHA256
2c5782070e65310143825492b9f176918fbe69118ae998b88075fefe19841c5d

SHA512
8e54b30e3ede0c0cb4b3d58aa71c5fa88f34c9e7959d88ada9e1379dabafbd4266bc68cc379dff28759650310d4a84385746a9719f34f42bb19abe5a763648d4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\07CEF2F654E3ED6050FFC9B6EB844250_4A1922226EBB524B6C75122B69BB3FBF

Filesize
484B

MD5
d915541fbb5d1f7dda53fda51563dbbc

SHA1
4ee46e259a8393d75c4dabc4d9d0fa5b68f666f3

SHA256
1ab29c82fbd55a7f72109b5515d84a5a3763cc37f1f7521010a8f25f8d5a5de1

SHA512
5476c776b1c4d3a3e6e04c2c54cd4461bba0e16087784f0fb0d3599aff58ab3f66e32cee03a69926f2fa5629a1c70f841ea28a97cd00df50bd42332e891afed7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\07CEF2F654E3ED6050FFC9B6EB844250_C57D2B8B27AF8C8DD8DF4E8AA58AF73C

Filesize
484B

MD5
d51eb98789494ba633a674a03cf6af60

SHA1
158516fc4b6f9863c23c95fadc85c4a5129252b6

SHA256
ea50841a3136d92bd9eba5f4b39ddc591cfddd47b8d4694ee4845c15f6ef0542

SHA512
7d03b43a96909d6ffed57b579e572766e7e1d51ef473aedac5c3ddee88c74e72ca873e6c0a04cc36b84996358ee7970eff364e0c34ce3195822c5e56d7b0a1ed

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\712CE989DF9A2038D47AF529DFCCAF75

Filesize
494B

MD5
b08e374e619358bdfd5baed22ea1f490

SHA1
1bd1428f0df8a0164413e9f37f47a8fdb5905779

SHA256
4e45610bce82eaa5b1cc205c0c693edc6fc012424098cefe85aecf2cf981480c

SHA512
22b7dc43058be430ddec62f2191841123edd64c7b8b2f66907e476e0bee922bcb20423256e77dff9c267bf51d423ce34f65df79cc55cccc3c846050fb682126e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E

Filesize
482B

MD5
0deec8c94609272b14dfa8cfc04503b9

SHA1
4dbba577507e477a462482446a950da05361b324

SHA256
88bafd550e157eafa362385a699a1d7336916552ce7842e9ee4cfee6ea64e7ca

SHA512
97000d05d039b9b3297c8d74aa8f03cd6e3629b8897b7e098ac9a287d77aa63f6d859cc4533293b1fcc2f56afa52e533d8732ed024cd5058a65f898b420d932c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E

Filesize
482B

MD5
8ac08872a9f6e347e442e72fa52148ba

SHA1
db6cf698d6c9e83d236a0d4c488d16b467c0752d

SHA256
997cf74c0a6906e2cb42777a0e665c343e0f3ffd188d0f3a29034b420bd43ac0

SHA512
2b926a4eb5b9379775ffe8db76caf6408d4ea42263a7fd9c2db73d6b527d40f333b24307241ce2c4fa2a2bbc39088bd281c880c0c52be10f03b8e446f0d20173

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\HQJ1J2Z6\www.2345[1].xml

Filesize
13B

MD5
c1ddea3ef6bbef3e7060a1a9ad89e4c5

SHA1
35e3224fcbd3e1af306f2b6a2c6bbea9b0867966

SHA256
b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db

SHA512
6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\HQJ1J2Z6\www.2345[1].xml

Filesize
40KB

MD5
2f6b3fdeba3df1cb47fde3d317ebe1da

SHA1
56b79878c6d6e482d9803c3f3fd54f8ef9258c64

SHA256
35065777a3eeda8d6c141d57be695d34c17618066e44fa5e5fe656157768b898

SHA512
694f29cedddba5c436249a1865cadbc3a1ca8c19801d25af97476eb50409a9f187248b8e190f0878729d2da44bb0111a2f1e5a822cf4bdc4c9959a6f6ee2442c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\HQJ1J2Z6\www.2345[1].xml

Filesize
40KB

MD5
a1b8c99ee624c8c90a572314fd054d1c

SHA1
680339f153d21be79860a409db42cb3439d5fbfb

SHA256
b734e8c725ab08d4a641be2992c85134ffa4bb76621d77b31759c622168cfe03

SHA512
85b612ab7666826081fda91d9bbc8ed7d4f06e5a7e3cad0937ecb22b7c2c158c320c23c3bd80140cf651f7e7f2514bcc337cb10ab105e244188668dcb158d7a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\7CPZATFC\jquery-1.8-dd39d1759b.3.min[1].js

Filesize
91KB

MD5
8711f5a64d367737c1cbb4f01c969cb8

SHA1
5fe2bb33dde5be9c2a3bd162c5ccbc05fefe4761

SHA256
da31d46eb60b6a03e82d3b47f9a19a96e67512ded3813cfa1ac413b948b65154

SHA512
3f93322df1920bdc9c8892cd670559e3a2ea9fc3564a805580163dc70428b46d1cacc13eba865dbd8f24bb4e29017734fb2df6955a2a9a1972d63d40c1fd87b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\7CPZATFC\public-db6736da96[1].js

Filesize
3KB

MD5
43a56a974e7fd0b3c4347451d2c00afd

SHA1
99c504fcf7134b6da946b62c1aa50fb4fcbd4ad7

SHA256
7d79f8a52c06aa28c45d1380530d856c70f30f6934900e732006bb13116f7b5b

SHA512
058ddc44fc3b90a85d2e3ce685ca28fa622cb9742e3c261d65dc7ae2c9d254ba42cc7ada74cc10e84b5589f3dd6ebdf4ee7185fff83ae6b83be1d6bb46e7bf42

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\7CPZATFC\report-78677e5cc9[1].js

Filesize
1KB

MD5
091fa66f55ddc2d5c067cb768baa97ef

SHA1
9da5bf3cac4df6c25fbe6b3d44c77a51478408c3

SHA256
c67d66f80f2b2bd24af669eb4a328e2ea3593511d5fe1e4c8145feddb94fbb7a

SHA512
d9c919327590deb877a0b1668374a999c52b9b64995540135e1e771e85a84eb40c2e84a36cd9a43a9d0b7732126e0dd9d3fb76f22810c7c0fc54844068b7a242

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\7CPZATFC\sentry-ab9c6e157e[1].js

Filesize
351B

MD5
fd19690e71165f2188f67f5aa47b2dc9

SHA1
0bf53b11784fe2988270ec15a3d02760e7a4bbf3

SHA256
bc05db7082d9a4d2940f92bf5ec527195153a8e93966c268c662c8d5bb3b876f

SHA512
38c26f8979045b62f45f7f62d60538b5d5101a80bd46e26ed2330030a3059b21c42a140fbb8b553d347da2053db8a4d9e48b71a3b1c74108a01abe7c2b0b0532

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\7CPZATFC\zjsVer2[1].js

Filesize
1KB

MD5
4cafc6751bcacd58216b710ea89e9885

SHA1
6028d929f26a0c61accc8fd3a2b329f272a6d13f

SHA256
4283717fcbb345be55730d685ae81dd7e63ca8e94adb55f7e4e2507e6b9d64af

SHA512
80401c5e0f78734e1a47c1aa0f4a3d67c2efe37e16e713e648ea962197e775e14fe4de9c0c1922ddbbcb8cc910338f19313462426514370ac6047521bb4a8152

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\CLUS4WRN\abtest_js-7a7017a86d[1].js

Filesize
1KB

MD5
a1e9c5cbf22e9c98260278a8188490bf

SHA1
ccecb0a0225e908c1b3c5167bf1d1df9ca18fe66

SHA256
12efb334b66d191573c05631f4e567c32500512a1015a890960c6b1c90ed94a6

SHA512
734eb82b313ad31accc319ac7dcc4fa573c2d38ef21c26a6c0814c59dbd5feec7c1d2e6f519a756112c7e4b0f09088fbc8495eb81e016bbcac61d0f7946bfb98

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\CLUS4WRN\common_js-70843daa51[1].js

Filesize
65KB

MD5
d27bdad1c28540d1f95b94d694f3f0e0

SHA1
84bc2328fbfc17206ba76bf17af430505e89141d

SHA256
23b02916a78e97f545a907b4e1f1e95c9e0bebb8c933c62558c5931718fe9f54

SHA512
5021b2c70373f0e4f74716d094e3ed8a592b9be928399ba424e9de62950ae3fa97acac49442b945dbae7a578f4abf0bff9a2c0d78133f98dc92ebd06f4994db1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\CLUS4WRN\jquery-287fd3cff5.xdomainrequest.min[1].js

Filesize
1KB

MD5
0e6315ec561555fac2f641ce98b37b2d

SHA1
89a4e6015ae6e38669e0933885435b05c48c2026

SHA256
3a52f0e331a6226ac42e04468e30ae65a6b87f4a2b02b652aaa451d22dc0bfea

SHA512
c6e5ace92503a4741fc57a50a195ff3954fda65fb10c099f480384e9b6d41f40cfd58a3f1c9c3107c6d3d24bcc1df9c0e5926e8b1410193cc8cdcd772425c906

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\CLUS4WRN\zjsVer2[2].js

Filesize
89B

MD5
1db938a1fd49052207f3417e61562761

SHA1
7c055226f4d919bc055b5c0d3b7160c433fdce1c

SHA256
252b48c6fee5049466db6e724731ab45a5959906a4b915e3ba372b3eb18213de

SHA512
a5fd744da32346d1c39d50a6b6c1ac0638e18796c964c384a2bc70edab72d0bac7a0595b41c622f18e6152367dcaad8027f4cef0b0f2d814f2aa34c6f6088bc1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\EEUCUS8F\base64-5bca38624a.min[1].js

Filesize
884B

MD5
7efb21b001045b0279a5d197e9f0abbf

SHA1
9632328036a7248b6d5c51ab32f1ae8dbafaa9e1

SHA256
251f0f4377d27c4354ff7acb610ba42ae0aeaf3662a0f6202a954dd92c3fe8d8

SHA512
8dbf42fced37d154f4a92ba4df204bc2f4df16eea50d6868cb49eb1144d3ee5d45613a08e0c9d8cc3e892afab190e989a9a5940613cc7fcaf3fd5d902104feab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\EEUCUS8F\config_js-ab3ffdf9d2[1].js

Filesize
732B

MD5
7ac22bd6bc1845eed0b09208b855bea9

SHA1
c87b8582f2040d0e4e3de64c3b01d9da6f4230e5

SHA256
3e871e6455b04649562e6d65bb6e4a8107fce39157440006df98906d0a80b50b

SHA512
83eecc810643df1c16cdcbba04537934ebf561e6a8899d06e9a63511fd0be4f71371f1c72a844feb3a8074a2017d33c5bf8c55f73e37b6010654607c85790e6a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\EEUCUS8F\index_v1-18509e6dbb.2_20210817_v3[1].css

Filesize
275KB

MD5
18509e6dbbd82379fd2067f6af8a5791

SHA1
a6485a2cc0e1b4c019e9816e5bdbc5281cab6c09

SHA256
1a2b7b33cde4569db5830fded7591494782e79979624dd48897e2418e62d8bd2

SHA512
fc3e3c7648456056126b2ddc4c658c9fe29bdbf086da4c4368722aa86791b73feccd0e5e1fbee87762ae526112d71e050ce02fa1c2a17b17ecbcd659baddca4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\EEUCUS8F\lib-c188d07b15.sentry[1].js

Filesize
59KB

MD5
89677dc62cdb2c95395f47e240dc1839

SHA1
81a7d03ad9127345bc4d9a6b2d3795d74a2a5391

SHA256
90662822cfdf95f11541c1d98089d3114c918b569590b38c6440285757c92e10

SHA512
82b6d0015e09aa26b9f8d1fc2426ad4214ff4eaf26b0a3ac686c2361309c8a4ba98a243630b75872da6b72a6ba300bf205c10de969c51456972a66a65f4d51e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\L98UNP4Z\js-a93551cfaf.cookie[1].js

Filesize
2KB

MD5
2c87e7b72f93a02ac2fc932a7302ba88

SHA1
ef4d16ab6fec376774de6f38d459ae135c5ef714

SHA256
4cab65a8301bc49e1e24886da61bc71159e2f29d5f69fe05247550235d55bee7

SHA512
31d3c15e6cbc24608bfeb2e41a5a73b55764a76093948c1335272d5c5395fb478dcb4877ae98fcbbba872b099247c34914da1f2e6ca57a6a27fe729c83899f88

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\L98UNP4Z\moment-6e68074f83.min[1].js

Filesize
51KB

MD5
7f5017073004b3affc58fb645d54371c

SHA1
d258f73e023c2dc55e4c1178c3114ef01a1d9d25

SHA256
6de2ca9da9ecfddf0779498458b35a5101b7ff1593943428d1ef98b94bd6da5f

SHA512
8a42ca02e6f315e3adba3bfba9d680b008b544e2ad2996699121c64f1689c8166ec44510903dd9cb0209922e25d513a974c7d79155cca3bb6438e43035f731a2

Download Submit
C:\Windows\SysWOW64\svchoppp.exe

Filesize
248KB

MD5
c8205ccac2d2647fb307a707c06fdd5f

SHA1
b9ff7d48c97e9e82d5f72b4d50c63dba9812a3b6

SHA256
0dc59262cb34f8323a79e63cc7a78cb29f8222de8fe9d814ce5054b33e77a530

SHA512
6d2266cfb91257f56b3cea43eb4d7df38f758cdcae871e8f032021ee49bc9be8e6b3d95e9cf4d68b5edd398a2d3accf6373aaf3d2a881d3113ebec861e290f7e

Download Submit
memory/1776-0-0x0000000000400000-0x000000000052B000-memory.dmp

Filesize
1.2MB

Download
memory/1776-214-0x0000000000400000-0x000000000052B000-memory.dmp

Filesize
1.2MB

Download
memory/4724-6-0x0000000000400000-0x00000000004B3000-memory.dmp

Filesize
716KB

Download
memory/4724-215-0x0000000000400000-0x00000000004B3000-memory.dmp

Filesize
716KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads