ada1f60b55545c1f8a59fd28d2a5fd37d9655e9f059857121e1d493fada33750

Resubmissions

05/03/2024, 20:45

240305-zjqfasgh5w 8

05/03/2024, 20:41

05/03/2024, 20:40

05/03/2024, 20:37

05/03/2024, 20:34

05/03/2024, 20:31

05/03/2024, 20:27

Analysis

max time kernel
77s
max time network
80s
platform
windows10-1703_x64
resource
win10-20240221-en
resource tags

arch:x64arch:x86image:win10-20240221-enlocale:en-usos:windows10-1703-x64system
submitted
05/03/2024, 20:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

OperaGXSetup.exe
Size

3.4MB
MD5

b16754e31096ff084460514287187a29
SHA1

149d9d7bc7bfa0ee218e55eb3778ea3cf6184dc7
SHA256

ada1f60b55545c1f8a59fd28d2a5fd37d9655e9f059857121e1d493fada33750
SHA512

86fad8a6ee5660aac5a0fa172d6094585793cc6b86996941211292a9e91fc2571c8fa807a3021561909c841491400991f152f18c8e1d247c663ff600643224f7
SSDEEP

98304:TWo5jp/vdcY8uC+gOhUL+byztZXlAuoVGmKeLEcjXXV9bA:TP59/VcYZCOW+bO+5Eo9c

Score

8^/10

spyware stealer upx

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 1 IoCs

pid	Process
2836	OperaGXSetup.exe

Loads dropped DLL 3 IoCs

pid	Process
292	OperaGXSetup.exe
4888	OperaGXSetup.exe
2836	OperaGXSetup.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

UPX packed file 7 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/292-3-0x0000000001220000-0x00000000017E1000-memory.dmp	upx
behavioral1/memory/4888-5-0x0000000001220000-0x00000000017E1000-memory.dmp	upx
behavioral1/files/0x000600000001ac37-12.dat	upx
behavioral1/memory/2836-14-0x0000000000AA0000-0x0000000001061000-memory.dmp	upx
behavioral1/memory/2836-17-0x0000000000AA0000-0x0000000001061000-memory.dmp	upx
behavioral1/memory/4888-126-0x0000000001220000-0x00000000017E1000-memory.dmp	upx
behavioral1/memory/292-136-0x0000000001220000-0x00000000017E1000-memory.dmp	upx

Enumerates connected drives 3 TTPs 2 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\D:	OperaGXSetup.exe
File opened (read-only)	\??\F:	OperaGXSetup.exe

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-682446400-748730298-2471801445-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	424	firefox.exe
Token: SeDebugPrivilege	424	firefox.exe

Suspicious use of FindShellTrayWindow 4 IoCs

pid	Process
424	firefox.exe
424	firefox.exe
424	firefox.exe
424	firefox.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
424	firefox.exe
424	firefox.exe
424	firefox.exe

Suspicious use of SetWindowsHookEx 12 IoCs

pid	Process
292	OperaGXSetup.exe
424	firefox.exe
424	firefox.exe
424	firefox.exe
424	firefox.exe
292	OperaGXSetup.exe
424	firefox.exe
424	firefox.exe
424	firefox.exe
424	firefox.exe
424	firefox.exe
424	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 292 wrote to memory of 4888	292	OperaGXSetup.exe	75
PID 292 wrote to memory of 4888	292	OperaGXSetup.exe	75
PID 292 wrote to memory of 4888	292	OperaGXSetup.exe	75
PID 292 wrote to memory of 2836	292	OperaGXSetup.exe	76
PID 292 wrote to memory of 2836	292	OperaGXSetup.exe	76
PID 292 wrote to memory of 2836	292	OperaGXSetup.exe	76
PID 4076 wrote to memory of 424	4076	firefox.exe	79
PID 4076 wrote to memory of 424	4076	firefox.exe	79
PID 4076 wrote to memory of 424	4076	firefox.exe	79
PID 4076 wrote to memory of 424	4076	firefox.exe	79
PID 4076 wrote to memory of 424	4076	firefox.exe	79
PID 4076 wrote to memory of 424	4076	firefox.exe	79
PID 4076 wrote to memory of 424	4076	firefox.exe	79
PID 4076 wrote to memory of 424	4076	firefox.exe	79
PID 4076 wrote to memory of 424	4076	firefox.exe	79
PID 4076 wrote to memory of 424	4076	firefox.exe	79
PID 4076 wrote to memory of 424	4076	firefox.exe	79
PID 424 wrote to memory of 4512	424	firefox.exe	80
PID 424 wrote to memory of 4512	424	firefox.exe	80
PID 424 wrote to memory of 4416	424	firefox.exe	81
PID 424 wrote to memory of 4416	424	firefox.exe	81
PID 424 wrote to memory of 4416	424	firefox.exe	81
PID 424 wrote to memory of 4416	424	firefox.exe	81
PID 424 wrote to memory of 4416	424	firefox.exe	81
PID 424 wrote to memory of 4416	424	firefox.exe	81
PID 424 wrote to memory of 4416	424	firefox.exe	81
PID 424 wrote to memory of 4416	424	firefox.exe	81
PID 424 wrote to memory of 4416	424	firefox.exe	81
PID 424 wrote to memory of 4416	424	firefox.exe	81
PID 424 wrote to memory of 4416	424	firefox.exe	81
PID 424 wrote to memory of 4416	424	firefox.exe	81
PID 424 wrote to memory of 4416	424	firefox.exe	81
PID 424 wrote to memory of 4416	424	firefox.exe	81
PID 424 wrote to memory of 4416	424	firefox.exe	81
PID 424 wrote to memory of 4416	424	firefox.exe	81
PID 424 wrote to memory of 4416	424	firefox.exe	81
PID 424 wrote to memory of 4416	424	firefox.exe	81
PID 424 wrote to memory of 4416	424	firefox.exe	81
PID 424 wrote to memory of 4416	424	firefox.exe	81
PID 424 wrote to memory of 4416	424	firefox.exe	81
PID 424 wrote to memory of 4416	424	firefox.exe	81
PID 424 wrote to memory of 4416	424	firefox.exe	81
PID 424 wrote to memory of 4416	424	firefox.exe	81
PID 424 wrote to memory of 4416	424	firefox.exe	81
PID 424 wrote to memory of 4416	424	firefox.exe	81
PID 424 wrote to memory of 4416	424	firefox.exe	81
PID 424 wrote to memory of 4416	424	firefox.exe	81
PID 424 wrote to memory of 4416	424	firefox.exe	81
PID 424 wrote to memory of 4416	424	firefox.exe	81
PID 424 wrote to memory of 4416	424	firefox.exe	81
PID 424 wrote to memory of 4416	424	firefox.exe	81
PID 424 wrote to memory of 4416	424	firefox.exe	81
PID 424 wrote to memory of 4416	424	firefox.exe	81
PID 424 wrote to memory of 4416	424	firefox.exe	81
PID 424 wrote to memory of 4416	424	firefox.exe	81
PID 424 wrote to memory of 4416	424	firefox.exe	81
PID 424 wrote to memory of 4416	424	firefox.exe	81
PID 424 wrote to memory of 4416	424	firefox.exe	81
PID 424 wrote to memory of 4416	424	firefox.exe	81
PID 424 wrote to memory of 4416	424	firefox.exe	81
PID 424 wrote to memory of 4416	424	firefox.exe	81
PID 424 wrote to memory of 4416	424	firefox.exe	81
PID 424 wrote to memory of 4416	424	firefox.exe	81
PID 424 wrote to memory of 4416	424	firefox.exe	81

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\OperaGXSetup.exe
"C:\Users\Admin\AppData\Local\Temp\OperaGXSetup.exe"
1⤵
- Loads dropped DLL
- Enumerates connected drives
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:292
- C:\Users\Admin\AppData\Local\Temp\OperaGXSetup.exe
  C:\Users\Admin\AppData\Local\Temp\OperaGXSetup.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=107.0.5045.37 --initial-client-data=0x2c0,0x2c4,0x2c8,0x29c,0x2cc,0x744d61e4,0x744d61f0,0x744d61fc
  2⤵
  - Loads dropped DLL
  PID:4888
- C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup.exe
  "C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup.exe" --version
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2836

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4076
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:424
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="424.0.54609687\533440253" -parentBuildID 20221007134813 -prefsHandle 1752 -prefMapHandle 1740 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {47af8890-3aa7-4de3-97e7-97bd3409be43} 424 "\\.\pipe\gecko-crash-server-pipe.424" 1592 1f34f604758 gpu
    3⤵
    PID:4512
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="424.1.387427298\658180903" -parentBuildID 20221007134813 -prefsHandle 2152 -prefMapHandle 2148 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {de894cef-dd85-4bea-98f6-32c7f3c51bc1} 424 "\\.\pipe\gecko-crash-server-pipe.424" 2180 1f3433e4458 socket
    3⤵
    PID:4416
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="424.2.1940557936\559068381" -childID 1 -isForBrowser -prefsHandle 2832 -prefMapHandle 2760 -prefsLen 20931 -prefMapSize 233444 -jsInitHandle 1108 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a2413f94-76ba-49cf-957b-dc0b46a56ec3} 424 "\\.\pipe\gecko-crash-server-pipe.424" 2784 1f3526c9258 tab
    3⤵
    PID:3644
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="424.3.1728230452\168311489" -childID 2 -isForBrowser -prefsHandle 3540 -prefMapHandle 3536 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1108 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {41c93303-3b12-4b86-a33e-39a2beb1fa35} 424 "\\.\pipe\gecko-crash-server-pipe.424" 3552 1f343362858 tab
    3⤵
    PID:4020
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="424.4.1882829622\1506079084" -childID 3 -isForBrowser -prefsHandle 3984 -prefMapHandle 3980 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1108 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e5fbf030-8ecd-44bd-be8d-bc966c88752a} 424 "\\.\pipe\gecko-crash-server-pipe.424" 3996 1f3538d7458 tab
    3⤵
    PID:1340
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="424.5.1666468128\1572589149" -childID 4 -isForBrowser -prefsHandle 4868 -prefMapHandle 4876 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1108 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {feff90ca-4823-40ae-9b3e-4723ceb20879} 424 "\\.\pipe\gecko-crash-server-pipe.424" 4872 1f3433e4758 tab
    3⤵
    PID:1236
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="424.6.2059982388\1182240621" -childID 5 -isForBrowser -prefsHandle 5008 -prefMapHandle 5012 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1108 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c59a50b6-bbfa-45a7-a0b7-1ff9c9efa13e} 424 "\\.\pipe\gecko-crash-server-pipe.424" 5092 1f3546d8558 tab
    3⤵
    PID:1492
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="424.7.1364323535\309389072" -childID 6 -isForBrowser -prefsHandle 5208 -prefMapHandle 5212 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1108 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1f46601c-5cff-424e-924f-868cacfbfbbc} 424 "\\.\pipe\gecko-crash-server-pipe.424" 5200 1f3548fab58 tab
    3⤵
    PID:3804
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="424.8.245596682\6360773" -childID 7 -isForBrowser -prefsHandle 5440 -prefMapHandle 5012 -prefsLen 26641 -prefMapSize 233444 -jsInitHandle 1108 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e97e6ad2-8995-493d-9963-a5ce60a0db56} 424 "\\.\pipe\gecko-crash-server-pipe.424" 5212 1f357769b58 tab
    3⤵
    PID:4368
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="424.9.1222575125\1008500773" -childID 8 -isForBrowser -prefsHandle 6032 -prefMapHandle 4568 -prefsLen 27081 -prefMapSize 233444 -jsInitHandle 1108 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c09d4af9-9669-4550-a415-8487a0d01bd3} 424 "\\.\pipe\gecko-crash-server-pipe.424" 6040 1f350e1a958 tab
    3⤵
    PID:2960
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="424.10.54330532\2063490916" -childID 9 -isForBrowser -prefsHandle 6356 -prefMapHandle 6352 -prefsLen 27081 -prefMapSize 233444 -jsInitHandle 1108 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2a52a57c-3769-4eeb-8b06-6a38b7476b04} 424 "\\.\pipe\gecko-crash-server-pipe.424" 5624 1f34332db58 tab
    3⤵
    PID:6060

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vxeeit4v.default-release\cache2\doomed\264

Filesize
12KB

MD5
23af743ef4ef358366f883c53c8640bd

SHA1
030ba10022672a6261614551f89e32632acd2df7

SHA256
63f656396f1bddbfd89a6af5cafc898c9412f7ac24518d0fb7369eac024de9f1

SHA512
a78648cfd7a8bcc25c2391bbc272929a7b8f8645a81c689eafc8a01614403899afe72401c1ead70ca62db98d6418255b022fa68f45ddf9306597a9fde78a1241

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup.exe

Filesize
3.4MB

MD5
b16754e31096ff084460514287187a29

SHA1
149d9d7bc7bfa0ee218e55eb3778ea3cf6184dc7

SHA256
ada1f60b55545c1f8a59fd28d2a5fd37d9655e9f059857121e1d493fada33750

SHA512
86fad8a6ee5660aac5a0fa172d6094585793cc6b86996941211292a9e91fc2571c8fa807a3021561909c841491400991f152f18c8e1d247c663ff600643224f7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vxeeit4v.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
4d0ba93fded70a3e93a46bf18fa6b54c

SHA1
4a48b160a2e3d774698c5e7d73d84a840f1b400e

SHA256
f31aad8f5ecc81f54ffe087c603d03421d03326c041bfff902fdd324a785a9e2

SHA512
be05455d8afd5b7391eed8e532d37e29c56d48e4c667c6314124819a8700b9fdb68c39c7f190534ac3a7b295b5cbd7a88362f91a9ac207a2372d2bd2c48eaa29

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vxeeit4v.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
efa781175d0f06861278ed4ce6377e8c

SHA1
69b12d551f6c9b72830d9f50783b0997aa3f3ed8

SHA256
76dd679bf4b1e20a683e0f64092759f422926c80d51ed0c0d7d5971e2a058e24

SHA512
17c8e686f0d873e3cbe42db482ed7c0781e0dfee4845396da8a671684d41027ad1696ea11ae13958216c45354147c52fc66b49acc7061ed696ae88e5eabd01c2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vxeeit4v.default-release\datareporting\glean\pending_pings\74cccaad-50ee-4fd2-a444-1e0ef367e4b6

Filesize
746B

MD5
408e5991e4d944b34495871c8c7c4e2d

SHA1
5afdac93d9c83072f4d80f99465efbfab1784714

SHA256
337fe81532e690103f555a5e7a7e194d12a3f82ec7997533e6158388d7cd172d

SHA512
6d8da7d64ce3832b5c2636eec906d302b98bbe63aab9b1938379b2cc5a1e751666bdbedb4743b695a987177eaf8dc34b53d6342c66935a342f150c40c5b54f9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vxeeit4v.default-release\datareporting\glean\pending_pings\d3b0bba1-ef77-4210-832d-825675149fd5

Filesize
9KB

MD5
32c4937579ce3fce101254b7bf36eec9

SHA1
483d9dadc94f4756716ab5a2bf8be18cb7fa4cd1

SHA256
2c954a8c2ef20d7be981cd3fef2e6ebababccc3bbd5c43d0ada63e0e6b8e5048

SHA512
3eb77fa2e0a9ed1a673a0bc7e2aca9dc31f168e9684ec855719c40b809f91d6482cc24e5c04167730a3a104c99797412379225bb8c712d1d0d1cd3d62793bde4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vxeeit4v.default-release\prefs-1.js

Filesize
6KB

MD5
d47b195a748d98f9daa4584d36dbc349

SHA1
f8d7af26c5ccf224afcd5b3b5890147ae3bdd465

SHA256
190ce33c34c7d1c96724b331ff63bd22b65909456755ebeaaea0536bba24ff59

SHA512
f48646876486d59e7d0cf37c1005070536b44e7da4bef531c92406f82bb67163b370dca566f083816b3255750322fa616d81f030854455a1262e3078576ae882

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vxeeit4v.default-release\prefs-1.js

Filesize
6KB

MD5
500bbb238d521f6ba0525c6482014c75

SHA1
8fd07459318f55c6fe0baf0aa3874db28b1c1c17

SHA256
68fee352d7cdfe7e22a9404dc84dd00cc1bf25b563baacd05ef162649f8e3c5f

SHA512
293b4bd1c2f52082748252c52720875e7570ad29fc662af8ce52f226dcfa4e3628d44672f55718f3cce9720b210737e38195c7b32b04bdb4499bddd28586056d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vxeeit4v.default-release\prefs-1.js

Filesize
6KB

MD5
d6a249fdf8cb4f4a602646d279c84c6b

SHA1
cca356b0a5b60eee8396607c454c78fdc85dd910

SHA256
be9839c4d4b20a295407686747dedf3b819af70719e95dd794914f79ae01c33a

SHA512
a774d68df5823305aaa7cbe6a07aa59ae54947574c5862cdbfbc110131e5b33ee95e4cabc0591ec6faff19a6b0370ed7485e72057a30e2e3fbf3f9b64054e3eb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vxeeit4v.default-release\prefs.js

Filesize
6KB

MD5
f03d51cd08f5ff2de10697be1799fbd0

SHA1
9f606d7f9a8878fca116c65eb4d82e2775a9ff55

SHA256
33810bb846caa448bc3fb99245f822ac5ee832daac4853c740da63dfb9c32672

SHA512
f028b18e9a9833928249916fc1a72c12343419325cd6fca262fe92af477b81b3f7210f2188686d3be970098f6ab50112ef86459b1ba120ceb891ca7ffe4c5d5a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vxeeit4v.default-release\prefs.js

Filesize
6KB

MD5
24cbcd3d03e652248f744852289be363

SHA1
ddde8f42e38987c0a5c74a780a437a7269b7828c

SHA256
30edfcfa67cbfe91e63bd77bf4e11085e2b2e3ebeb97a43b0e139a4308ea49f4

SHA512
06e4b281a3658dc3bb6cdf4135d39e90b4d37a14b02818cd0bb5e1e6d0ff0142864f3b939aa23d4397a3af876b70b1f4b13bce8a50f033d2567f681f4184817d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vxeeit4v.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
5KB

MD5
405b4a14c7fafbe23b2f967a3641e056

SHA1
ad535c1f7cf4d57af4c7b798a4e434fc510e1b9a

SHA256
92af630e23d96c7034d84a3472f6a12302a5bb034fcf751cbdc6a4b8e57854b3

SHA512
0334660f05a17e53261d8fac0d17b299eed10210df2d9832fc926215e0a1b1ebf6d31deec6ff0dca20af8b3dd98ef13d8c103a98d575de7ef9b5c34ecf96cb6d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vxeeit4v.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
56acc6122b51ea346bd7f77c57b2aa19

SHA1
fc3ec3eeb263aa1fbc77809089b3d7ccebb1a2d6

SHA256
245410efd547b6c37f427ee5d231e8d250bcadd6b15438a3fdad436e5dec092a

SHA512
1dbd88f872dd82faa7660cc303ac43c784ab91017ae70791ab7894f9a5eaed310f494b9bb88ab6ef49ff2a06ca7fe18e7cace0a6b640b18ad0b546f85db79fbe

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vxeeit4v.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
9KB

MD5
56bc0d224b088d5a1cbb9a83a83572f6

SHA1
d06a045c9b635149839fe51f5f4139c8ed5e76b9

SHA256
3bbdac663a1cfa194ecd7d302a41fa3aed3f6259a5cb4b7114fab4783064bbc5

SHA512
b79cb588d662468f666deedde9f11611508f14ec24269347229811896131fcc0cf5b5539244907e5c238951cb11ffeaffc75958245de54c7a9da71109efa9674

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vxeeit4v.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
5KB

MD5
c4eac038d665b36fa2cc99d36f482279

SHA1
a780071379e1d5d762e192bffd672384013c16b4

SHA256
f39a12adbc70673cd3b7cff93d12779d55f9be3e1fde35acc0b60d297411991a

SHA512
1193cdc3c06e327377d8496921185d8466c09c3ad6d062afad8c65665f1e7a1a74f4afb9362e7c0ff76fd96106ae07891a8dc6988c77101fa54d1ae5cf348fb5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vxeeit4v.default-release\weave\toFetch\tabs.json.tmp

Filesize
10B

MD5
f20674a0751f58bbd67ada26a34ad922

SHA1
72a8da9e69d207c3b03adcd315cab704d55d5d5f

SHA256
8f05bafd61f29998ca102b333f853628502d4e45d53cff41148d6dd15f011792

SHA512
2bce112a766304daa2725740622d2afb6fe2221b242e4cb0276a8665d631109fbd498a57ca43f9ca67b14e52402abe900f5bac9502eac819a6617d133c1ba6a3

Download Submit
\Users\Admin\AppData\Local\Temp\Opera_installer_240305204515278292.dll

Filesize
4.0MB

MD5
c401957057c48b7f7d8cd0a87d25ef5e

SHA1
d60b03e5bbfac929f85a31b09fed47121611550b

SHA256
6a0fc90666cc553d8fb15fa4020d14133fe3d6bef9786d8969e4bb99539461e2

SHA512
fc7ce7afcd507d6197929ef27fee5148f3a18fd9233b1af136cc38bdf41aa8994f0ba9f8a22c71d9ae3fbaab7d217e96a94d86ab6a50ba46fe5a9ede12a4e555

Download Submit
\Users\Admin\AppData\Local\Temp\Opera_installer_2403052045155434888.dll

Filesize
2.8MB

MD5
d0dcc2ef2e4e1709e55119f58c687118

SHA1
80ac82d12534b4f8742442226205312b1a46b053

SHA256
ad22151b8a6ac381718f80f9940df3851fb0e3e6d5a594f8584a0d31852ee75d

SHA512
adf60b02b38e6fd6b4dff821068480f133b0942a7f33e3dbb3c90be56381997bd5ecaa83890f00c9302311e3d2292d7871e175dd9101c2bc65c608aaae87d7f1

Download Submit
\Users\Admin\AppData\Local\Temp\Opera_installer_2403052045164652836.dll

Filesize
5.2MB

MD5
2e9e548040cbc282125031030041b2a9

SHA1
a84b26339be4cdd889ac806227c3260d57296605

SHA256
b44501388ac04d3db78e167cc1dc4daea68aa5c7140a2976b5a8e04f6d2438eb

SHA512
8be8af00aabe5e5ccac38faaf9ed499ea9c84d6a180a3cbce81297b58e1b4cfff5597638587c8f81058f59e19f87ac4bcdacfb34e1fce7ac61128837e39d3e7b

Download Submit
memory/292-3-0x0000000001220000-0x00000000017E1000-memory.dmp

Filesize
5.8MB

Download
memory/292-136-0x0000000001220000-0x00000000017E1000-memory.dmp

Filesize
5.8MB

Download
memory/2836-17-0x0000000000AA0000-0x0000000001061000-memory.dmp

Filesize
5.8MB

Download
memory/2836-14-0x0000000000AA0000-0x0000000001061000-memory.dmp

Filesize
5.8MB

Download
memory/4888-5-0x0000000001220000-0x00000000017E1000-memory.dmp

Filesize
5.8MB

Download
memory/4888-126-0x0000000001220000-0x00000000017E1000-memory.dmp

Filesize
5.8MB

Download

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads