1aa7dd6a2ad2944f68ebf2e6aad1d33f72d6eeb3c126236fc21e17e04b2d7bd6

Analysis

max time kernel
44s
max time network
48s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
29/10/2022, 18:24

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

1aa7dd6a2ad2944f68ebf2e6aad1d33f72d6eeb3c126236fc21e17e04b2d7bd6.exe
Size

250KB
MD5

83d4af6bbb2a951d5b47eb056de489c0
SHA1

a4c677044653af879ddc9dac4cdd3c5abff579a3
SHA256

1aa7dd6a2ad2944f68ebf2e6aad1d33f72d6eeb3c126236fc21e17e04b2d7bd6
SHA512

af938713c928d3d2affb8e1ae0738427b182bfc54a1133ff4819a39050a04d6de632bb2cd658601a1e11b7aaaf774da17a7d215ab5d256a700996e15ac06e05c
SSDEEP

6144:h1OgDPdkBAFZWjadD4s5qpDz+bCq8LatY3r:h1OgLdaOCD6bD82tY7

Score

9^/10

adware discovery spyware stealer upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral1/files/0x0006000000014ab0-73.dat	acprotect

Executes dropped EXE 1 IoCs

pid	Process
2020	510db3b85f65f.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x0006000000014ab0-73.dat	upx
behavioral1/memory/2020-77-0x0000000075140000-0x000000007514A000-memory.dmp	upx

Loads dropped DLL 5 IoCs

pid	Process
1664	1aa7dd6a2ad2944f68ebf2e6aad1d33f72d6eeb3c126236fc21e17e04b2d7bd6.exe
2020	510db3b85f65f.exe
2020	510db3b85f65f.exe
2020	510db3b85f65f.exe
2020	510db3b85f65f.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops Chrome extension 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmplobmbfepamoblkjinkfjpbeigocfm\1\manifest.json	510db3b85f65f.exe

Installs/modifies Browser Helper Object 2 TTPs 3 IoCs

BHOs are DLL modules which act as plugins for Internet Explorer.

stealer adware

Modify Registry

T1112

Browser Extensions

T1176

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{001692EB-2860-B42A-9C2A-9789FB311BF1}	510db3b85f65f.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{001692EB-2860-B42A-9C2A-9789FB311BF1}\ = "Search-NewTab"	510db3b85f65f.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{001692EB-2860-B42A-9C2A-9789FB311BF1}\NoExplorer = "1"	510db3b85f65f.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

NSIS installer 8 IoCs

installer

resource	yara_rule
behavioral1/files/0x00070000000139db-55.dat	nsis_installer_1
behavioral1/files/0x00070000000139db-55.dat	nsis_installer_2
behavioral1/files/0x00070000000139db-57.dat	nsis_installer_1
behavioral1/files/0x00070000000139db-57.dat	nsis_installer_2
behavioral1/files/0x00070000000139db-59.dat	nsis_installer_1
behavioral1/files/0x00070000000139db-59.dat	nsis_installer_2
behavioral1/files/0x0006000000014c4a-78.dat	nsis_installer_1
behavioral1/files/0x0006000000014c4a-78.dat	nsis_installer_2

Modifies registry class 45 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib	510db3b85f65f.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib\Version = "1.0"	510db3b85f65f.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ProxyStubClsid32	510db3b85f65f.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib\Version = "1.0"	510db3b85f65f.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\FLAGS	510db3b85f65f.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\0	510db3b85f65f.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ = "IIEPluginMain"	510db3b85f65f.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib	510db3b85f65f.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ = "ILocalStorage"	510db3b85f65f.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{001692EB-2860-B42A-9C2A-9789FB311BF1}\InProcServer32\ = "C:\\ProgramData\\Search-NewTab\\510db3b85f698.dll"	510db3b85f65f.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{001692EB-2860-B42A-9C2A-9789FB311BF1}\ProgID	510db3b85f65f.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\0\win32	510db3b85f65f.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\HELPDIR\ = "C:\\ProgramData\\Search-NewTab"	510db3b85f65f.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ProxyStubClsid32	510db3b85f65f.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{001692EB-2860-B42A-9C2A-9789FB311BF1}\ = "Search-NewTab"	510db3b85f65f.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{001692EB-2860-B42A-9C2A-9789FB311BF1}\InProcServer32\ThreadingModel = "Apartment"	510db3b85f65f.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{001692EB-2860-B42A-9C2A-9789FB311BF1}\ProgID\ = "Search-NewTab.1"	510db3b85f65f.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\HELPDIR	510db3b85f65f.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib	510db3b85f65f.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\FLAGS\ = "0"	510db3b85f65f.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\0\win32\ = "C:\\ProgramData\\Search-NewTab\\510db3b85f698.tlb"	510db3b85f65f.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}	510db3b85f65f.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib\ = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}"	510db3b85f65f.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}	510db3b85f65f.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}	510db3b85f65f.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0	510db3b85f65f.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib\Version = "1.0"	510db3b85f65f.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib\ = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}"	510db3b85f65f.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ = "ILocalStorage"	510db3b85f65f.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib	510db3b85f65f.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib\ = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}"	510db3b85f65f.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{001692EB-2860-B42A-9C2A-9789FB311BF1}	510db3b85f65f.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\ = "IEPluginLib"	510db3b85f65f.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib\ = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}"	510db3b85f65f.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib\Version = "1.0"	510db3b85f65f.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{001692EB-2860-B42A-9C2A-9789FB311BF1}\InProcServer32	510db3b85f65f.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ = "IIEPluginMain"	510db3b85f65f.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	510db3b85f65f.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}	510db3b85f65f.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	510db3b85f65f.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}	510db3b85f65f.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ProxyStubClsid32	510db3b85f65f.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	510db3b85f65f.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ProxyStubClsid32	510db3b85f65f.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	510db3b85f65f.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1664 wrote to memory of 2020	1664	1aa7dd6a2ad2944f68ebf2e6aad1d33f72d6eeb3c126236fc21e17e04b2d7bd6.exe	28
PID 1664 wrote to memory of 2020	1664	1aa7dd6a2ad2944f68ebf2e6aad1d33f72d6eeb3c126236fc21e17e04b2d7bd6.exe	28
PID 1664 wrote to memory of 2020	1664	1aa7dd6a2ad2944f68ebf2e6aad1d33f72d6eeb3c126236fc21e17e04b2d7bd6.exe	28
PID 1664 wrote to memory of 2020	1664	1aa7dd6a2ad2944f68ebf2e6aad1d33f72d6eeb3c126236fc21e17e04b2d7bd6.exe	28
PID 1664 wrote to memory of 2020	1664	1aa7dd6a2ad2944f68ebf2e6aad1d33f72d6eeb3c126236fc21e17e04b2d7bd6.exe	28
PID 1664 wrote to memory of 2020	1664	1aa7dd6a2ad2944f68ebf2e6aad1d33f72d6eeb3c126236fc21e17e04b2d7bd6.exe	28
PID 1664 wrote to memory of 2020	1664	1aa7dd6a2ad2944f68ebf2e6aad1d33f72d6eeb3c126236fc21e17e04b2d7bd6.exe	28

System policy modification 1 TTPs 2 IoCs

evasion

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID	510db3b85f65f.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{001692EB-2860-B42A-9C2A-9789FB311BF1} = "1"	510db3b85f65f.exe

C:\Users\Admin\AppData\Local\Temp\1aa7dd6a2ad2944f68ebf2e6aad1d33f72d6eeb3c126236fc21e17e04b2d7bd6.exe
"C:\Users\Admin\AppData\Local\Temp\1aa7dd6a2ad2944f68ebf2e6aad1d33f72d6eeb3c126236fc21e17e04b2d7bd6.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1664
- C:\Users\Admin\AppData\Local\Temp\7zSF0E5.tmp\510db3b85f65f.exe
  .\510db3b85f65f.exe /s
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops Chrome extension
  - Installs/modifies Browser Helper Object
  - Modifies registry class
  - System policy modification
  PID:2020

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Browser Extensions

T1176

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials in Files

T1081

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\7zSF0E5.tmp\[email protected]\bootstrap.js

Filesize
2KB

MD5
0775199b9d231937f6740c8fa3320841

SHA1
c5b6ed449e498e20e54b9a7d29b214a773f08aa3

SHA256
42d0fc98c2ac3b9497ab30dbf59d4b26adbae212d03fee8922886be2bac48974

SHA512
beab72bdb5d11d267faad2ecff941ba593d3b15217d286f308bb833d8e5255072f6a602d7aac3d428bdb88e702236a8e4187d7a56e2f8531f1e1bfdf1883856c

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSF0E5.tmp\[email protected]\chrome.manifest

Filesize
116B

MD5
ab3d0471a06b9fa4c7f0e33ec6b4fc4f

SHA1
bad25f2e7e896a178764d217ae15bb91217e3f0c

SHA256
0636a2fc3ab52a54edd09171d9102df33685b03351c01119ced924128ea53275

SHA512
3c72b5eedaee412ce2df2c457640c2b5bfbc473ca9dfbd04b01fb08ec9e6dc70d2a82a06109fe0b608cc7186def199dfa150132e18d9fed4e3b5499f9a3b1108

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSF0E5.tmp\[email protected]\content\bg.js

Filesize
8KB

MD5
adb13371e653653f400ecc2c9e228e8f

SHA1
8e59d38756bf868b48ff30d4f86af5c71057c550

SHA256
4756ccbf8cd561f9991bc62754f7067cc29a2b76f3c5e41481e9e978d47846d0

SHA512
f0cdaf26a935d6d6d1f81f4a59dc137d55ba907f0caa8e1c96c38d8290724d823fcf810fbd59f6f4dfee6875ff8b042158b4cf4c5a9059de11aac45f21b9cf35

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSF0E5.tmp\[email protected]\content\zy.xul

Filesize
225B

MD5
06a4903d09a6685a2469dce96e2fd0de

SHA1
e7b8d87e18dbb89231d1ef9a34cd0fcaf24bfc26

SHA256
80a010b612d49b17a35d5cf59c2f6f89e7a205718bcbfb1034e7815bc62ec1ca

SHA512
f5af26166f68a8e303104861f5e2a0b7cee5b5658a6a5974feaf61d4323e5583ae1c50d9c34d0eed1651515b74765b9331ccaf674b0d50c08d5b5359382bd081

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSF0E5.tmp\[email protected]\install.rdf

Filesize
709B

MD5
2c4e8794651c199e30b9637bb0d58e2e

SHA1
bcfe4568262f6b729520772231482f57ca444ba1

SHA256
faffeb9e13550996df72995fe27f29b5dd730e36cb683ff073dfa48976726f93

SHA512
59108d3ded59290141a45a779d13a563337cd9b305c7ae286e750ddfd157c9edccfb731c4dd82283afcfee2aa7a3ddbc3543279434bb5af6572951bfc412aabd

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSF0E5.tmp\510db3b85f65f.exe

Filesize
71KB

MD5
b78633fae8aaf5f7e99e9c736f44f9c5

SHA1
26fc60e29c459891ac0909470ac6c61a1eca1544

SHA256
d205693516dbaf34cfbd216e825190de4de1412e861bc9cb30ce863907b30d22

SHA512
3885b609269b26918ccfcd9069181168c12f4271b6bdfcc51afe176b2dd242d4c0953ac1a4ddaf25abcfaf28a0b694a6269d96ae39bb7b2db2f0140d2d60cd43

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSF0E5.tmp\510db3b85f65f.exe

Filesize
71KB

MD5
b78633fae8aaf5f7e99e9c736f44f9c5

SHA1
26fc60e29c459891ac0909470ac6c61a1eca1544

SHA256
d205693516dbaf34cfbd216e825190de4de1412e861bc9cb30ce863907b30d22

SHA512
3885b609269b26918ccfcd9069181168c12f4271b6bdfcc51afe176b2dd242d4c0953ac1a4ddaf25abcfaf28a0b694a6269d96ae39bb7b2db2f0140d2d60cd43

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSF0E5.tmp\510db3b85f698.dll

Filesize
118KB

MD5
44f1dc155d3d083b677f20ed0fab8404

SHA1
a696c5a0d50145afde3d3a71f70b1c3006ac2199

SHA256
67014a6fc8a77ae480dae9b09f800a1f40a40399ef967f86843a80eb4c9eb470

SHA512
04a7098abd589eb1a533af6f89d0d982d2faf9c4e7e29d02abaacf81635b789acfb5ca026f7a0c6b4a263934f0425c69f5225488c450e864f8dc8000ffbf94f6

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSF0E5.tmp\510db3b85f698.tlb

Filesize
2KB

MD5
c749bca713cf6481411b5c4eaac4506a

SHA1
539cb813dea7e37eff8c1b696eb0ab42c815ab62

SHA256
0a94d2086eb6ac57ba5ee365d3f6f64f33e7c8d18419f04715460bc04ebddf2d

SHA512
11b3b333b97b1bbbbbf01b6d367188698470877e180a3854ec9762f706755156136b404f2b95a7304a890686d8f5f697232e6c28497aca20e0aa76988b0f179a

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSF0E5.tmp\mmplobmbfepamoblkjinkfjpbeigocfm\510db3b85f46e4.45770387.js

Filesize
4KB

MD5
3de881b8ea938de985c72b370d9122df

SHA1
34ea8ee684e407a8c97633bfe3d999e22bf2b2ad

SHA256
8aa8f6038f8b5ff3a37186de194bed39224ab8fdf771530325badfbe1aa6f4f0

SHA512
925bbcc16367d53830d3f76db0fe666e834155fa54ba60ce54faabbdc53637f35e4e9fbc048aeff413ccdad4f1601fa1f08bb9af508592f46839dcd8e65bb963

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSF0E5.tmp\mmplobmbfepamoblkjinkfjpbeigocfm\background.html

Filesize
161B

MD5
92a0d07a561ac1406115f955fd88883f

SHA1
53b0c40c6481c47165fe586ca2ab5440cb1bcfc9

SHA256
b9b1145e84d5708068e89b0b90a741643e10f09711045ec844fa02c067896358

SHA512
1595cc7afb0cfcb3e3ba96b8b8768fc62a84e9821a5eaf22ca58c100503cdca27e5d4ba898776d1ad6021cba6a4cf07e8ff0c2d1d8bada46495d6e76d73b67fc

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSF0E5.tmp\mmplobmbfepamoblkjinkfjpbeigocfm\content.js

Filesize
197B

MD5
5f9891607f65f433b0690bae7088b2c1

SHA1
b4edb7579dca34dcd00bca5d2c13cbc5c8fac0de

SHA256
fb01e87250ac9985ed08d97f2f99937a52998ea9faebdc88e4071d6517e1ea6b

SHA512
76018b39e4b62ff9ea92709d12b0255f33e8402dfc649ed403382eebc22fb37c347c403534a7792e6b5de0ed0a5d97a09b69f0ffc39031cb0d4c7d79e9440c7c

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSF0E5.tmp\mmplobmbfepamoblkjinkfjpbeigocfm\lsdb.js

Filesize
559B

MD5
209b7ae0b6d8c3f9687c979d03b08089

SHA1
6449f8bff917115eef4e7488fae61942a869200f

SHA256
e3cf0049af8b9f6cb4f0223ccb8438f4b0c75863684c944450015868a0c45704

SHA512
1b38d5509283ef25de550b43ef2535dee1a13eff12ad5093f513165a47eec631bcc993242e2ce640f36c61974431ae2555bd6e2a97aba91eb689b7cd4bf25a25

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSF0E5.tmp\mmplobmbfepamoblkjinkfjpbeigocfm\manifest.json

Filesize
486B

MD5
02fcbb7dbf50d44d9d184388e9c49161

SHA1
05df03ea369cbe9dba18283ebe0b40d8475b18e3

SHA256
4d59d1c1143bca06dcdc8ddc3255268cf7d94adcfe553dc0ae5fc4758d0cb2a7

SHA512
2575f23304dca1d52dcf7b5c657cd74a850e7de6a0595d3b23043aa6aa11569a13f5d53367c0851ddf14ad4a33c5379803c10a0ab78abefd75582269cb4732a6

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSF0E5.tmp\mmplobmbfepamoblkjinkfjpbeigocfm\sqlite.js

Filesize
1KB

MD5
09733030d0842071a1629ef3e8eeee23

SHA1
b01bd26c2987a4920e8863b86dd532d219920666

SHA256
4b918fe6422294bd11cca24007eec7775ed8fafce547335386809b469ed21a5d

SHA512
d43b26bb2e14fead8ebe0f61a269e386356e746b15e710cf0adebb276271641d3d9f716580b3a0087e0d3ce3f01fa8db0fccd82849a8bf3abd7978dcff9b8a23

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSF0E5.tmp\settings.ini

Filesize
6KB

MD5
c06b2f5d35bee0ea728c26424d1e9c50

SHA1
53862c56bbff24eebcc029b30a4bed69c54336a7

SHA256
bd0442751b6895a6848c1e6cdf7a7a4a9ec51bdadd80dcdac84e12633a26db49

SHA512
193c1e5fcc609d4c80ba5fa00d9689a58452f1576a0e2e3d6cd7ac2cbaa2b779100a699d9a5a81fe3fabcdf06434e8e7ca49df0c90f74dc05bb20492848c6a3c

Download Submit
\ProgramData\Search-NewTab\510db3b85f698.dll

Filesize
118KB

MD5
44f1dc155d3d083b677f20ed0fab8404

SHA1
a696c5a0d50145afde3d3a71f70b1c3006ac2199

SHA256
67014a6fc8a77ae480dae9b09f800a1f40a40399ef967f86843a80eb4c9eb470

SHA512
04a7098abd589eb1a533af6f89d0d982d2faf9c4e7e29d02abaacf81635b789acfb5ca026f7a0c6b4a263934f0425c69f5225488c450e864f8dc8000ffbf94f6

Download Submit
\ProgramData\Search-NewTab\uninstall.exe

Filesize
48KB

MD5
f3c79bda3fdf7c5dd24d60400a57cadb

SHA1
1adb606aaeedb246a371c8877c737f0f8c798625

SHA256
a76272ed3bbf23308782a308d428ee805ec77fbb622a830af26cb0ddbbf7377b

SHA512
c43cb957bdea357bd016fe03a8004a48d8117a12106f62876394feba05ad01a321ff6017ffb7b926cc77712f5ab63ea2e4b169a419c444c8f62aa4933f289935

Download Submit
\Users\Admin\AppData\Local\Temp\7zSF0E5.tmp\510db3b85f65f.exe

Filesize
71KB

MD5
b78633fae8aaf5f7e99e9c736f44f9c5

SHA1
26fc60e29c459891ac0909470ac6c61a1eca1544

SHA256
d205693516dbaf34cfbd216e825190de4de1412e861bc9cb30ce863907b30d22

SHA512
3885b609269b26918ccfcd9069181168c12f4271b6bdfcc51afe176b2dd242d4c0953ac1a4ddaf25abcfaf28a0b694a6269d96ae39bb7b2db2f0140d2d60cd43

Download Submit
\Users\Admin\AppData\Local\Temp\nsdF2AA.tmp\UserInfo.dll

Filesize
4KB

MD5
7579ade7ae1747a31960a228ce02e666

SHA1
8ec8571a296737e819dcf86353a43fcf8ec63351

SHA256
564c80dec62d76c53497c40094db360ff8a36e0dc1bda8383d0f9583138997f5

SHA512
a88bc56e938374c333b0e33cb72951635b5d5a98b9cb2d6785073cbcad23bf4c0f9f69d3b7e87b46c76eb03ced9bb786844ce87656a9e3df4ca24acf43d7a05b

Download Submit
\Users\Admin\AppData\Local\Temp\nsdF2AA.tmp\nsJSON.dll

Filesize
7KB

MD5
b9cd1b0fd3af89892348e5cc3108dce7

SHA1
f7bc59bf631303facfc970c0da67a73568e1dca6

SHA256
49b173504eb9cd07e42a3c4deb84c2cd3f3b49c7fb0858aee43ddfc64660e384

SHA512
fdcbdd21b831a92ca686aab5b240f073a89a08588e42439564747cad9160d79cfa8e3c103b6b4f2917684c1a591880203b4303418b85bc040f9f00b6658b0c90

Download Submit
memory/1664-54-0x0000000076181000-0x0000000076183000-memory.dmp

Filesize
8KB

Download
memory/2020-77-0x0000000075140000-0x000000007514A000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads