a642c85f44f60657ad320f9d8d4fc9712df78e3db1fa7db0ae9ad5dce93724c0

Analysis

max time kernel
121s
max time network
126s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
11/03/2024, 12:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c08d5a5763204388f970f50d7d67eabb.exe
Size

251KB
MD5

c08d5a5763204388f970f50d7d67eabb
SHA1

943b44dd5396c5cb3153f1dd80002ab5f5294013
SHA256

a642c85f44f60657ad320f9d8d4fc9712df78e3db1fa7db0ae9ad5dce93724c0
SHA512

72081c1e98039fe461e33801700908b48fe91ed5e8314590b55ad664c59f3e04bbc73dc207902a7eaed1cab2d8402b0b163e3e178e2b59d4bca2ff1de53a6627
SSDEEP

6144:h1OgDPdkBAFZWjadD4s582pm45mnaPWKQXJG1P64Aep8a2joC0HO+:h1OgLdaOp844nGqXY1C40Qu+

Score

7^/10

adware discovery spyware stealer upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral2/files/0x000700000002324a-79.dat	acprotect

Executes dropped EXE 1 IoCs

pid	Process
3448	5112d98fae0d3.exe

Loads dropped DLL 3 IoCs

pid	Process
3448	5112d98fae0d3.exe
3448	5112d98fae0d3.exe
3448	5112d98fae0d3.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/files/0x000700000002324a-79.dat	upx
behavioral2/memory/3448-83-0x0000000074250000-0x000000007425A000-memory.dmp	upx

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops Chrome extension 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpcpmegelpfgdahfaaoeoonojaepkkbb\1\manifest.json	5112d98fae0d3.exe

Installs/modifies Browser Helper Object 2 TTPs 3 IoCs

BHOs are DLL modules which act as plugins for Internet Explorer.

stealer adware

Modify Registry

T1112

Browser Extensions

T1176

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8BCC59FD-969B-6FC9-9132-24DDEE995A99}	5112d98fae0d3.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8BCC59FD-969B-6FC9-9132-24DDEE995A99}\ = "Search-NewTab"	5112d98fae0d3.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8BCC59FD-969B-6FC9-9132-24DDEE995A99}\NoExplorer = "1"	5112d98fae0d3.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

NSIS installer 4 IoCs

installer

resource	yara_rule
behavioral2/files/0x000700000002322f-33.dat	nsis_installer_1
behavioral2/files/0x000700000002322f-33.dat	nsis_installer_2
behavioral2/files/0x000700000002324e-109.dat	nsis_installer_1
behavioral2/files/0x000700000002324e-109.dat	nsis_installer_2

Modifies registry class 45 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\FLAGS\ = "0"	5112d98fae0d3.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	5112d98fae0d3.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib\ = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}"	5112d98fae0d3.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ProxyStubClsid32	5112d98fae0d3.exe
Key created	\REGISTRY\MACHINE\Software\Classes\WOW6432Node\CLSID\{8BCC59FD-969B-6FC9-9132-24DDEE995A99}\InProcServer32	5112d98fae0d3.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}	5112d98fae0d3.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}	5112d98fae0d3.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib	5112d98fae0d3.exe
Key created	\REGISTRY\MACHINE\Software\Classes\WOW6432Node\CLSID\{8BCC59FD-969B-6FC9-9132-24DDEE995A99}	5112d98fae0d3.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}	5112d98fae0d3.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ = "IIEPluginMain"	5112d98fae0d3.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	5112d98fae0d3.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\0	5112d98fae0d3.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\HELPDIR\ = "C:\\ProgramData\\Search-NewTab"	5112d98fae0d3.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib\ = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}"	5112d98fae0d3.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib\Version = "1.0"	5112d98fae0d3.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib\Version = "1.0"	5112d98fae0d3.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib	5112d98fae0d3.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib\Version = "1.0"	5112d98fae0d3.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}	5112d98fae0d3.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ = "ILocalStorage"	5112d98fae0d3.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	5112d98fae0d3.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\ = "IEPluginLib"	5112d98fae0d3.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\FLAGS	5112d98fae0d3.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\0\win32	5112d98fae0d3.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ = "IIEPluginMain"	5112d98fae0d3.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	5112d98fae0d3.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}	5112d98fae0d3.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ = "ILocalStorage"	5112d98fae0d3.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib	5112d98fae0d3.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib\ = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}"	5112d98fae0d3.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib\Version = "1.0"	5112d98fae0d3.exe
Key created	\REGISTRY\MACHINE\Software\Classes\WOW6432Node\CLSID\{8BCC59FD-969B-6FC9-9132-24DDEE995A99}\ProgID	5112d98fae0d3.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8BCC59FD-969B-6FC9-9132-24DDEE995A99}\ProgID\ = "Search-NewTab.1"	5112d98fae0d3.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\HELPDIR	5112d98fae0d3.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib	5112d98fae0d3.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib\ = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}"	5112d98fae0d3.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0	5112d98fae0d3.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\0\win32\ = "C:\\ProgramData\\Search-NewTab\\5112d98fae10b.tlb"	5112d98fae0d3.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ProxyStubClsid32	5112d98fae0d3.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ProxyStubClsid32	5112d98fae0d3.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ProxyStubClsid32	5112d98fae0d3.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8BCC59FD-969B-6FC9-9132-24DDEE995A99}\ = "Search-NewTab"	5112d98fae0d3.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8BCC59FD-969B-6FC9-9132-24DDEE995A99}\InProcServer32\ = "C:\\ProgramData\\Search-NewTab\\5112d98fae10b.dll"	5112d98fae0d3.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8BCC59FD-969B-6FC9-9132-24DDEE995A99}\InProcServer32\ThreadingModel = "Apartment"	5112d98fae0d3.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4612 wrote to memory of 3448	4612	c08d5a5763204388f970f50d7d67eabb.exe	89
PID 4612 wrote to memory of 3448	4612	c08d5a5763204388f970f50d7d67eabb.exe	89
PID 4612 wrote to memory of 3448	4612	c08d5a5763204388f970f50d7d67eabb.exe	89

System policy modification 1 TTPs 2 IoCs

evasion

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID	5112d98fae0d3.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{8BCC59FD-969B-6FC9-9132-24DDEE995A99} = "1"	5112d98fae0d3.exe

C:\Users\Admin\AppData\Local\Temp\c08d5a5763204388f970f50d7d67eabb.exe
"C:\Users\Admin\AppData\Local\Temp\c08d5a5763204388f970f50d7d67eabb.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4612
- C:\Users\Admin\AppData\Local\Temp\7zS3D57.tmp\5112d98fae0d3.exe
  .\5112d98fae0d3.exe /s
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops Chrome extension
  - Installs/modifies Browser Helper Object
  - Modifies registry class
  - System policy modification
  PID:3448

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Browser Extensions

T1176

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Search-NewTab\uninstall.exe

Filesize
48KB

MD5
f3c79bda3fdf7c5dd24d60400a57cadb

SHA1
1adb606aaeedb246a371c8877c737f0f8c798625

SHA256
a76272ed3bbf23308782a308d428ee805ec77fbb622a830af26cb0ddbbf7377b

SHA512
c43cb957bdea357bd016fe03a8004a48d8117a12106f62876394feba05ad01a321ff6017ffb7b926cc77712f5ab63ea2e4b169a419c444c8f62aa4933f289935

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS3D57.tmp\[email protected]\bootstrap.js

Filesize
2KB

MD5
cee8934173941d96b87668d18f89913f

SHA1
6882910d0f7218abd0e20a1f6b97c8d5f24dea0c

SHA256
305e7ab6a298de9ce9f456ae5369f9469f759797686d4477843d4a524a9adb53

SHA512
c6640f69afafd673a5aa4d50d809cb8c225506123db26b47012530f135c5ffc61033a896b1ac7a18c8a579b698fe669feb597fc20a90ae3514dd3931f5d7b53d

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS3D57.tmp\[email protected]\chrome.manifest

Filesize
116B

MD5
286ae423a7f549ec0d4098104fc04963

SHA1
b4a5c0d38dd75df1bdcf0feec1d06c2abb2860e2

SHA256
08ea2171c04b9ae8d5c5e56fe7fdfdc0cb537cd1e072454994e30674d15e8d41

SHA512
62357c961f0b9300dbb5cf7343a49cb225db199be0ef36d3320a7e6e324c77b94259f162abe2c6faca0a58b2887bbb036bbd85b1d63af664a43812de804e05a3

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS3D57.tmp\[email protected]\content\bg.js

Filesize
8KB

MD5
819173b5c5c9954bb34af3e41be5b8db

SHA1
01878aee1de0a53dd2b519d091a9f16d436c2ba6

SHA256
d5902a0461539ae1569c0a3897a7f386ce21b32bbb066db3089de72392fb3203

SHA512
7b8dc85705a5a5aacb559a5f7d3a6eefd9fb684a710532c3ed30667c456b109ad2dd202fc4ca6cfd9984b00ba3ea706addf80d27c2c801e79d3c70610b223859

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS3D57.tmp\[email protected]\content\zy.xul

Filesize
225B

MD5
81994e0e2b435ecdc84a8ef9bf234fbd

SHA1
f0e9584b56700d03cafd6c9b40580d6348d2f808

SHA256
3bafb4bc3b06f2e7b1f3e61b1c720c21f03209cf996c6640805826342d5da1b9

SHA512
3b5070c5267b5636a1dc9db3148c32afc711d517c273ebd835fbba9d96364be5ea9fc307ad041e60c693adc14bc4a28a3a680d421c377ff83f9885e3216d46ca

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS3D57.tmp\[email protected]\install.rdf

Filesize
709B

MD5
f2798152a0acec43e4da55518c8dfe68

SHA1
a7d0cc9e3326d94d930052e90c15afc2195b287b

SHA256
878dc13678bdd75e0c48c2171ef7c67ce59a15c66dd3d528a2c63b034fee3bd0

SHA512
b1039440946c8a03b31ed4a5405203c93fe44dc607428e8fde47b6aba21e4286ca1386b181b148b1261319a5462512883f45154f797bf38e32b34c4e143e93b7

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS3D57.tmp\5112d98fae0d3.exe

Filesize
71KB

MD5
b78633fae8aaf5f7e99e9c736f44f9c5

SHA1
26fc60e29c459891ac0909470ac6c61a1eca1544

SHA256
d205693516dbaf34cfbd216e825190de4de1412e861bc9cb30ce863907b30d22

SHA512
3885b609269b26918ccfcd9069181168c12f4271b6bdfcc51afe176b2dd242d4c0953ac1a4ddaf25abcfaf28a0b694a6269d96ae39bb7b2db2f0140d2d60cd43

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS3D57.tmp\5112d98fae10b.dll

Filesize
118KB

MD5
44f1dc155d3d083b677f20ed0fab8404

SHA1
a696c5a0d50145afde3d3a71f70b1c3006ac2199

SHA256
67014a6fc8a77ae480dae9b09f800a1f40a40399ef967f86843a80eb4c9eb470

SHA512
04a7098abd589eb1a533af6f89d0d982d2faf9c4e7e29d02abaacf81635b789acfb5ca026f7a0c6b4a263934f0425c69f5225488c450e864f8dc8000ffbf94f6

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS3D57.tmp\5112d98fae10b.tlb

Filesize
2KB

MD5
c749bca713cf6481411b5c4eaac4506a

SHA1
539cb813dea7e37eff8c1b696eb0ab42c815ab62

SHA256
0a94d2086eb6ac57ba5ee365d3f6f64f33e7c8d18419f04715460bc04ebddf2d

SHA512
11b3b333b97b1bbbbbf01b6d367188698470877e180a3854ec9762f706755156136b404f2b95a7304a890686d8f5f697232e6c28497aca20e0aa76988b0f179a

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS3D57.tmp\gpcpmegelpfgdahfaaoeoonojaepkkbb\5112d98faded27.68748329.js

Filesize
4KB

MD5
91f7598fcdaf19fb240fe5d0a35b725b

SHA1
4dff0d10efa61ae44251268114827e5bdad0cf42

SHA256
f2212d10a6f162f5a4318603ef2f0b6c2ac636d5ad2696ac30d9f24d4e78d56e

SHA512
21730f62ec98e1ed7db2831806c9334f2276534121092e0203fdf929cc5bab729544c38d13654b59eb594b7a63107141d2521aecbc6785368f3f6bdf736ff89e

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS3D57.tmp\gpcpmegelpfgdahfaaoeoonojaepkkbb\background.html

Filesize
161B

MD5
14b0b1a243c4352d39155da729906032

SHA1
863767088ec7d894ab0036eeb50116d657dd7715

SHA256
c28792bf39ced215ea6eaaf935d5e073eece23a14d3d51d217105f5b3a1e7885

SHA512
0485b8ecf91d9e0acabce818525fb6144077a5dde23dcdf5adc2260d9ee9e3931eb76ead4580f29f494e8837f6e710433c37845c3c1baa7791231b01ef0aa20b

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS3D57.tmp\gpcpmegelpfgdahfaaoeoonojaepkkbb\content.js

Filesize
197B

MD5
5f9891607f65f433b0690bae7088b2c1

SHA1
b4edb7579dca34dcd00bca5d2c13cbc5c8fac0de

SHA256
fb01e87250ac9985ed08d97f2f99937a52998ea9faebdc88e4071d6517e1ea6b

SHA512
76018b39e4b62ff9ea92709d12b0255f33e8402dfc649ed403382eebc22fb37c347c403534a7792e6b5de0ed0a5d97a09b69f0ffc39031cb0d4c7d79e9440c7c

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS3D57.tmp\gpcpmegelpfgdahfaaoeoonojaepkkbb\lsdb.js

Filesize
559B

MD5
209b7ae0b6d8c3f9687c979d03b08089

SHA1
6449f8bff917115eef4e7488fae61942a869200f

SHA256
e3cf0049af8b9f6cb4f0223ccb8438f4b0c75863684c944450015868a0c45704

SHA512
1b38d5509283ef25de550b43ef2535dee1a13eff12ad5093f513165a47eec631bcc993242e2ce640f36c61974431ae2555bd6e2a97aba91eb689b7cd4bf25a25

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS3D57.tmp\gpcpmegelpfgdahfaaoeoonojaepkkbb\manifest.json

Filesize
537B

MD5
32f8c97c22f4d2a57f009329c522113d

SHA1
e21ca181442c6ce6d644cea406251d7966b51ad2

SHA256
6bbac68094658798d59b371f41a4551012da3231babb83cecb05881025c23308

SHA512
d3d3610132fe54cb275a19d8966a1160e3c28bfa4cb926ef1f409db00fd9c24563bfe6a71e07b44029120ac52d5af1a210c6f2b244559d696c03cf790cb991ab

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS3D57.tmp\gpcpmegelpfgdahfaaoeoonojaepkkbb\newtab.html

Filesize
378B

MD5
dec58d62ddd2fbc328a073931ff27b35

SHA1
e44fd4ba51b08d865c09129f7dbc8c445dc35ade

SHA256
bfa3f80964b3aab85ce22249150f5ba5b5154c44e97e321d0ca2db1b607aec13

SHA512
65ec375ea329c5474089a986e5491df66242ce599539dc4dc8e0ca5e2b3dd817a9c5b08526faeecbac80183b0d7582ba074074cea630c97212089db93d0bfeb2

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS3D57.tmp\gpcpmegelpfgdahfaaoeoonojaepkkbb\sqlite.js

Filesize
1KB

MD5
c088b1b95efba1d2a76998b9074d6890

SHA1
697b21dc30d4c3240a322f6543249e0f19619bdc

SHA256
42f25a29955e62652bae420d5f37e03ca38696f22accbafeb2004a7c3f8bce55

SHA512
f2486532f6c3b2f0d432ef88c5645abd0e536f69d31986e7337c6e2128a065566ee2f705f5fa09b05d564f9a42e193fd45b2de9ed34a5d8d8714308e47c07339

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS3D57.tmp\settings.ini

Filesize
7KB

MD5
788975c3fb8661817261ee895ecabc32

SHA1
9d238e10c4679d2279688828eaefc7ea7b697531

SHA256
dc52a1a2085e5863cb96382eba1aac7e2827107beeea44d85c5614e63205bcb7

SHA512
7119c016abcbc2dc7ba7ca16ff3a80895eb6beda3e8cfc6c900c3786e980be347a43fa022f8720d44a5213d351fc52d14d0cce4622fac2bb3c3f8a2c9e098ae6

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm3E33.tmp\UserInfo.dll

Filesize
4KB

MD5
7579ade7ae1747a31960a228ce02e666

SHA1
8ec8571a296737e819dcf86353a43fcf8ec63351

SHA256
564c80dec62d76c53497c40094db360ff8a36e0dc1bda8383d0f9583138997f5

SHA512
a88bc56e938374c333b0e33cb72951635b5d5a98b9cb2d6785073cbcad23bf4c0f9f69d3b7e87b46c76eb03ced9bb786844ce87656a9e3df4ca24acf43d7a05b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm3E33.tmp\nsJSON.dll

Filesize
7KB

MD5
b9cd1b0fd3af89892348e5cc3108dce7

SHA1
f7bc59bf631303facfc970c0da67a73568e1dca6

SHA256
49b173504eb9cd07e42a3c4deb84c2cd3f3b49c7fb0858aee43ddfc64660e384

SHA512
fdcbdd21b831a92ca686aab5b240f073a89a08588e42439564747cad9160d79cfa8e3c103b6b4f2917684c1a591880203b4303418b85bc040f9f00b6658b0c90

Download Submit
memory/3448-83-0x0000000074250000-0x000000007425A000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads