5a8a35d2d8c156d5fb1eaea401d2ba69cf201eb6a55fa7effeecc011e84a9083

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25/12/2023, 03:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

03ff8e73ab121b64b121aec7ea65995f.exe
Size

250KB
MD5

03ff8e73ab121b64b121aec7ea65995f
SHA1

a72ecdfaf8cca67c56bf7e0d25d6646dcbbf0135
SHA256

5a8a35d2d8c156d5fb1eaea401d2ba69cf201eb6a55fa7effeecc011e84a9083
SHA512

d1982c3d0349a3b6c01a63362d6a1951d19df302f55c90a364117b9b6b723200280ad62215c6c545e3d0812fa7fbc231186fe609e6f91012bc8ace337c584237
SSDEEP

6144:h1OgDPdkBAFZWjadD4s5Xb7UNlV/dGDhO:h1OgLdaOX6jJ

Score

7^/10

adware discovery spyware stealer upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral1/files/0x0005000000018770-77.dat	acprotect

Executes dropped EXE 1 IoCs

pid	Process
2776	50f7bba2e8374.exe

Loads dropped DLL 5 IoCs

pid	Process
3008	03ff8e73ab121b64b121aec7ea65995f.exe
2776	50f7bba2e8374.exe
2776	50f7bba2e8374.exe
2776	50f7bba2e8374.exe
2776	50f7bba2e8374.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x0005000000018770-77.dat	upx
behavioral1/memory/2776-80-0x00000000749F0000-0x00000000749FA000-memory.dmp	upx

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops Chrome extension 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\oidddockikfgicjdbkfcndebpehkihno\1\manifest.json	50f7bba2e8374.exe

Installs/modifies Browser Helper Object 2 TTPs 3 IoCs

BHOs are DLL modules which act as plugins for Internet Explorer.

stealer adware

Modify Registry

T1112

Browser Extensions

T1176

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{3C0263FC-CF4F-284C-2CC9-8EA4BCB968CE}\NoExplorer = "1"	50f7bba2e8374.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3C0263FC-CF4F-284C-2CC9-8EA4BCB968CE}	50f7bba2e8374.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{3C0263FC-CF4F-284C-2CC9-8EA4BCB968CE}\ = "Download and Sa"	50f7bba2e8374.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

NSIS installer 4 IoCs

installer

resource	yara_rule
behavioral1/files/0x0006000000016c67-30.dat	nsis_installer_1
behavioral1/files/0x0006000000016c67-30.dat	nsis_installer_2
behavioral1/files/0x000600000001901a-100.dat	nsis_installer_1
behavioral1/files/0x000600000001901a-100.dat	nsis_installer_2

Modifies registry class 45 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\HELPDIR	50f7bba2e8374.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ = "IIEPluginMain"	50f7bba2e8374.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	50f7bba2e8374.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ProxyStubClsid32	50f7bba2e8374.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib	50f7bba2e8374.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib\Version = "1.0"	50f7bba2e8374.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{3C0263FC-CF4F-284C-2CC9-8EA4BCB968CE}	50f7bba2e8374.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3C0263FC-CF4F-284C-2CC9-8EA4BCB968CE}\ = "Download and Sa"	50f7bba2e8374.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\HELPDIR\ = "C:\\ProgramData\\Download and Sa"	50f7bba2e8374.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	50f7bba2e8374.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib\Version = "1.0"	50f7bba2e8374.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	50f7bba2e8374.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ = "ILocalStorage"	50f7bba2e8374.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib\Version = "1.0"	50f7bba2e8374.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3C0263FC-CF4F-284C-2CC9-8EA4BCB968CE}\InProcServer32\ = "C:\\ProgramData\\Download and Sa\\50f7bba2e83a4.dll"	50f7bba2e8374.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3C0263FC-CF4F-284C-2CC9-8EA4BCB968CE}\ProgID\ = "Download and Sa.1"	50f7bba2e8374.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}	50f7bba2e8374.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\ = "IEPluginLib"	50f7bba2e8374.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\0	50f7bba2e8374.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib	50f7bba2e8374.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}	50f7bba2e8374.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib	50f7bba2e8374.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\0\win32\ = "C:\\ProgramData\\Download and Sa\\50f7bba2e83a4.tlb"	50f7bba2e8374.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib\ = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}"	50f7bba2e8374.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}	50f7bba2e8374.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	50f7bba2e8374.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{3C0263FC-CF4F-284C-2CC9-8EA4BCB968CE}\InProcServer32	50f7bba2e8374.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3C0263FC-CF4F-284C-2CC9-8EA4BCB968CE}\InProcServer32\ThreadingModel = "Apartment"	50f7bba2e8374.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{3C0263FC-CF4F-284C-2CC9-8EA4BCB968CE}\ProgID	50f7bba2e8374.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ProxyStubClsid32	50f7bba2e8374.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ProxyStubClsid32	50f7bba2e8374.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}	50f7bba2e8374.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib\ = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}"	50f7bba2e8374.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib\ = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}"	50f7bba2e8374.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0	50f7bba2e8374.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\FLAGS\ = "0"	50f7bba2e8374.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib\ = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}"	50f7bba2e8374.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ = "ILocalStorage"	50f7bba2e8374.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ProxyStubClsid32	50f7bba2e8374.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\FLAGS	50f7bba2e8374.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\0\win32	50f7bba2e8374.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}	50f7bba2e8374.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ = "IIEPluginMain"	50f7bba2e8374.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib\Version = "1.0"	50f7bba2e8374.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib	50f7bba2e8374.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 3008 wrote to memory of 2776	3008	03ff8e73ab121b64b121aec7ea65995f.exe	28
PID 3008 wrote to memory of 2776	3008	03ff8e73ab121b64b121aec7ea65995f.exe	28
PID 3008 wrote to memory of 2776	3008	03ff8e73ab121b64b121aec7ea65995f.exe	28
PID 3008 wrote to memory of 2776	3008	03ff8e73ab121b64b121aec7ea65995f.exe	28
PID 3008 wrote to memory of 2776	3008	03ff8e73ab121b64b121aec7ea65995f.exe	28
PID 3008 wrote to memory of 2776	3008	03ff8e73ab121b64b121aec7ea65995f.exe	28
PID 3008 wrote to memory of 2776	3008	03ff8e73ab121b64b121aec7ea65995f.exe	28

System policy modification 1 TTPs 2 IoCs

evasion

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID	50f7bba2e8374.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{3C0263FC-CF4F-284C-2CC9-8EA4BCB968CE} = "1"	50f7bba2e8374.exe

C:\Users\Admin\AppData\Local\Temp\03ff8e73ab121b64b121aec7ea65995f.exe
"C:\Users\Admin\AppData\Local\Temp\03ff8e73ab121b64b121aec7ea65995f.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:3008
- C:\Users\Admin\AppData\Local\Temp\7zS118E.tmp\50f7bba2e8374.exe
  .\50f7bba2e8374.exe /s
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops Chrome extension
  - Installs/modifies Browser Helper Object
  - Modifies registry class
  - System policy modification
  PID:2776

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Browser Extensions

T1176

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Download and Sa\uninstall.exe

Filesize
48KB

MD5
f3c79bda3fdf7c5dd24d60400a57cadb

SHA1
1adb606aaeedb246a371c8877c737f0f8c798625

SHA256
a76272ed3bbf23308782a308d428ee805ec77fbb622a830af26cb0ddbbf7377b

SHA512
c43cb957bdea357bd016fe03a8004a48d8117a12106f62876394feba05ad01a321ff6017ffb7b926cc77712f5ab63ea2e4b169a419c444c8f62aa4933f289935

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS118E.tmp\[email protected]\bootstrap.js

Filesize
2KB

MD5
e1e8832562e530eb2d708af111bb2b07

SHA1
3df1f7bc3f4df4f3e74d48997625597986803193

SHA256
8a0bb271d94f78a7f2d4affa639afede02f4165c860e781b6c659bc92a6a74cc

SHA512
c837232031ed4e0d5a0dab7f7f68c9799136623deeb62ffa78563af37a63a8447cf59dd186ff5063ed8caf4d31f1dccbaec3fb6c945fe46e1e78446f049f23aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS118E.tmp\[email protected]\chrome.manifest

Filesize
116B

MD5
aee9a231ae4619ab7ee4f871c0fe4a63

SHA1
45109ec54a2c80d97f7a5500cc56b43f6992c165

SHA256
77a34ad434dc5e5ea5cff0b7a88af4f9eab43c45859a72e99f2d2034a7fcb6fe

SHA512
9e97cd3f11e766e3aa92effa67b85a167f2369a62e0cc2e38752b273e2f0b39eff311aa0e1d6ce5ad1f50800b5d008d15dc1dc2db9e78a663697b10122b860ce

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS118E.tmp\[email protected]\content\bg.js

Filesize
8KB

MD5
e130d2229d8168910a869c4a5c367080

SHA1
3a9a618c32bfd27af74e763322b32406b8ee5ee4

SHA256
f2103851f630c9cfc73038f1e355551c73cf8c176b9baf86eb222422b7818691

SHA512
beea8b42297028c15a94acbba9d6645a125266e30234dc36ec8856a5c1462911824753f9f55fee89e9d85357edb73adb916af00ac5dbdc38fa03dc00122323fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS118E.tmp\[email protected]\content\zy.xul

Filesize
225B

MD5
cb4c72506736495f537369dd4ee64914

SHA1
ca426a413b22db1f87004f60e2856844c6885c1c

SHA256
b631f38cd8a7af02c840d6ab996a822128389abeeb1d7c6c19b0af9c2b600be1

SHA512
04b0270b62ca740f4abbeda8cff90977d53ac48243cdf8259dca5763f2826a4f0d715009fd2382b0bb3d0ccfb7a1fe4997e56f114082529fce9153a3f132f33d

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS118E.tmp\[email protected]\install.rdf

Filesize
718B

MD5
261f241dcf5d34d31716b859da2d324e

SHA1
cc956da726e6cf5a72aa117702c852cfa7a9aebd

SHA256
39cac5918329c72bbba2cbcccc0401a0fd2e6e51c1d769a925cfa4bacc9676a8

SHA512
18685722b345220ce0cca55db350de9978fd48bc19482f6ebad745442b9768be7803b4ae4748de4764e81ad6813177d277f0e3f98ded2c85d0df7f560f643130

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS118E.tmp\50f7bba2e83a4.dll

Filesize
116KB

MD5
da161da8bcb9b8032908cc303602f2ee

SHA1
8a2d5e5b32376a40f33d6c9881001425ec025205

SHA256
0648d564b30e13a0819f28e00a9af39a6686a4d29ccd265c7d81548e4fe0f67e

SHA512
39e882a371dbce2484324811bffdd7ae7655b57401d07bf264aced6b5dac0ae326bd1945c536f05d8ab3b92ca03ff056c5a7baf54f7eb477b45fc405ec54052c

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS118E.tmp\50f7bba2e83a4.tlb

Filesize
2KB

MD5
1f14de44d0d63a79f91d3fe90badb5fc

SHA1
7fcc921608d2cf40e81cdd9a98e1a15a6ba1f57e

SHA256
bd3d85c0136a66b2af79d4d91c1c5700c8931937b7e554d5ece946760ef4a99c

SHA512
86eb6ebf9eccf1dcb601db827797ac603c0ebe01b6d73318986275c29bd034c8df5f7c79ddf0b19536faf24bdb11e09ac95ea43e8fe75b0ed3dde76dd139883c

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS118E.tmp\oidddockikfgicjdbkfcndebpehkihno\50f7bba2e81911.18682922.js

Filesize
4KB

MD5
7f4d4476320e15bb520acf2cd50d0ccd

SHA1
924e42c4a56aa26b1dd25a2ec8d492b7a5d443a5

SHA256
038bf3c67f5392e46c7c9c46f5ec7d6ef7fa2f24997fc6cc789819ff7409854f

SHA512
1c723de22aa3b591299553d143acbede6e7c2078396c62cb1f17ec1a95bbacbef65d2a879b5473fcb3372569c6af7102683db435dd7561253c037f661f7b2f74

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS118E.tmp\oidddockikfgicjdbkfcndebpehkihno\background.html

Filesize
161B

MD5
cfdd90eb6de16d92cc81493bcd4f076c

SHA1
064fbc5881de9021e07acdd993497474c2a3bf60

SHA256
ae46f7ca9e6e6ce09013cfe64562793d5f3f51c124c775dcb809a56c9353eb9a

SHA512
f4d62c762ffe6fad8761360f880120c88cdbb08e9d3456e558a118c999288d020840af774ac065620a463ecb50ad06d80f1d7d0a2c8958c41fdb7cff9556cefd

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS118E.tmp\oidddockikfgicjdbkfcndebpehkihno\content.js

Filesize
197B

MD5
5f9891607f65f433b0690bae7088b2c1

SHA1
b4edb7579dca34dcd00bca5d2c13cbc5c8fac0de

SHA256
fb01e87250ac9985ed08d97f2f99937a52998ea9faebdc88e4071d6517e1ea6b

SHA512
76018b39e4b62ff9ea92709d12b0255f33e8402dfc649ed403382eebc22fb37c347c403534a7792e6b5de0ed0a5d97a09b69f0ffc39031cb0d4c7d79e9440c7c

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS118E.tmp\oidddockikfgicjdbkfcndebpehkihno\lsdb.js

Filesize
559B

MD5
209b7ae0b6d8c3f9687c979d03b08089

SHA1
6449f8bff917115eef4e7488fae61942a869200f

SHA256
e3cf0049af8b9f6cb4f0223ccb8438f4b0c75863684c944450015868a0c45704

SHA512
1b38d5509283ef25de550b43ef2535dee1a13eff12ad5093f513165a47eec631bcc993242e2ce640f36c61974431ae2555bd6e2a97aba91eb689b7cd4bf25a25

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS118E.tmp\oidddockikfgicjdbkfcndebpehkihno\manifest.json

Filesize
484B

MD5
3e7ce9d2f8f91ee27c09f98a2a1c1659

SHA1
0fde827400ba70be8b27d55240d2dd2977c77395

SHA256
8d41908ad472fc1e0494cf7b0904595072dfc3628316696c6c0c5632066ce8ca

SHA512
dd2ade7d3a8cd4c8d2bc3a967da30bf5e5726e9aec5b3ed3f754d05421aee38859ecf8f58f8c0cff2c9c96179aef27371c34968964c39ddef39861721afb7901

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS118E.tmp\oidddockikfgicjdbkfcndebpehkihno\sqlite.js

Filesize
1KB

MD5
3e7dee72ca6e28a0473475b44abbd257

SHA1
16af74cb66fe3b8bc3bb9936119ecec1311538d9

SHA256
2bc8701d2d6d8265a0e6279431bec7ce295eca3ce9aaf27932e5899868b9b3ce

SHA512
e71cfa9575a6055b0f14d020e5f622c571733cb8b95249619c6580ea40106729081ca5cfd845588df468104f955ed5eb8d42d7c3a2d96e5aece6a1e36bca8a21

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS118E.tmp\settings.ini

Filesize
6KB

MD5
8a41e7eea5255b764bb5a6ee2c3271f7

SHA1
c0a05c4c709adbcfc0db1e3a64ef59f69412ba95

SHA256
e118125e14efe1774dca6de9b1f170037959cf3679efd46a9f49389f471ebe49

SHA512
f610b95b5e307b976eb3b07ac1124bfc625dc05c1a63bbfa16023d49f273c3717efb46750fc96e33b95f5e880ecefc92d66f4533136a362021004cf66609a1aa

Download Submit
\Users\Admin\AppData\Local\Temp\7zS118E.tmp\50f7bba2e8374.exe

Filesize
71KB

MD5
b78633fae8aaf5f7e99e9c736f44f9c5

SHA1
26fc60e29c459891ac0909470ac6c61a1eca1544

SHA256
d205693516dbaf34cfbd216e825190de4de1412e861bc9cb30ce863907b30d22

SHA512
3885b609269b26918ccfcd9069181168c12f4271b6bdfcc51afe176b2dd242d4c0953ac1a4ddaf25abcfaf28a0b694a6269d96ae39bb7b2db2f0140d2d60cd43

Download Submit
\Users\Admin\AppData\Local\Temp\nst11FC.tmp\UserInfo.dll

Filesize
4KB

MD5
7579ade7ae1747a31960a228ce02e666

SHA1
8ec8571a296737e819dcf86353a43fcf8ec63351

SHA256
564c80dec62d76c53497c40094db360ff8a36e0dc1bda8383d0f9583138997f5

SHA512
a88bc56e938374c333b0e33cb72951635b5d5a98b9cb2d6785073cbcad23bf4c0f9f69d3b7e87b46c76eb03ced9bb786844ce87656a9e3df4ca24acf43d7a05b

Download Submit
\Users\Admin\AppData\Local\Temp\nst11FC.tmp\nsJSON.dll

Filesize
7KB

MD5
b9cd1b0fd3af89892348e5cc3108dce7

SHA1
f7bc59bf631303facfc970c0da67a73568e1dca6

SHA256
49b173504eb9cd07e42a3c4deb84c2cd3f3b49c7fb0858aee43ddfc64660e384

SHA512
fdcbdd21b831a92ca686aab5b240f073a89a08588e42439564747cad9160d79cfa8e3c103b6b4f2917684c1a591880203b4303418b85bc040f9f00b6658b0c90

Download Submit
memory/2776-80-0x00000000749F0000-0x00000000749FA000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads