20430909b0e7b429a18f9821b40ef0526cef479815b108c9f9d833739eb611e0

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
14/05/2024, 15:01

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

41ec99568224cb884af62c8847189d04_JaffaCakes118.exe
Size

716KB
MD5

41ec99568224cb884af62c8847189d04
SHA1

f5a88cabf8cd9ebbe30d85addc00a2f572aebea1
SHA256

20430909b0e7b429a18f9821b40ef0526cef479815b108c9f9d833739eb611e0
SHA512

fca1aa71ab248f47e5e445c8a310710cfd2f52c063aa2a4e2194b74fac80a858dd8e489bdf195e8af5cba0c3cab4059d3236d4626c25b8a13d8682fd2bf9c1a0
SSDEEP

12288:2KnekrL58zLDignOKDLXskCWAuSS/Kfz1RVJyZq0Py8B9/iW229e4N1Si12w:fLizLDvfn2W/SxBRryfNb/iW2MN19v

Score

7^/10

adware discovery spyware stealer

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
3412	A59L.exe

Loads dropped DLL 1 IoCs

pid	Process
3412	A59L.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops Chrome extension 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfimhmjkghejgcmcndomioodecjdmaeb\1.0\manifest.json	A59L.exe

Installs/modifies Browser Helper Object 2 TTPs 4 IoCs

BHOs are DLL modules which act as plugins for Internet Explorer.

stealer adware

Modify Registry

T1112

Browser Extensions

T1176

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DB7C3B2B-F4E3-EBD3-B1C8-61016B33EBEE}	A59L.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DB7C3B2B-F4E3-EBD3-B1C8-61016B33EBEE}\ = "SearchNewTab"	A59L.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DB7C3B2B-F4E3-EBD3-B1C8-61016B33EBEE}\NoExplorer = "1"	A59L.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DB7C3B2B-F4E3-EBD3-B1C8-61016B33EBEE}	A59L.exe

Modifies Internet Explorer settings 1 TTPs 4 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\SOFTWARE\Microsoft\Internet Explorer\ApprovedExtensionsMigration\{DB7C3B2B-F4E3-EBD3-B1C8-61016B33EBEE}	A59L.exe
Key deleted	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\APPROVEDEXTENSIONSMIGRATION\{DB7C3B2B-F4E3-EBD3-B1C8-61016B33EBEE}	A59L.exe
Key deleted	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\SOFTWARE\Microsoft\Internet Explorer\ApprovedExtensionsMigration	A59L.exe
Key created	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\SOFTWARE\Microsoft\Internet Explorer\ApprovedExtensionsMigration	A59L.exe

Modifies registry class 63 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{DB7C3B2B-F4E3-EBD3-B1C8-61016B33EBEE}\VersionIndependentProgID\ = "SearchNewTab"	A59L.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ = "IIEPluginMain"	A59L.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ProxyStubClsid32	A59L.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib\Version = "1.0"	A59L.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SearchNewTab.SearchNewTab.1.0\ = "SearchNewTab"	A59L.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SearchNewTab.SearchNewTab\CLSID\ = "{DB7C3B2B-F4E3-EBD3-B1C8-61016B33EBEE}"	A59L.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{DB7C3B2B-F4E3-EBD3-B1C8-61016B33EBEE}\VersionIndependentProgID	A59L.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{DB7C3B2B-F4E3-EBD3-B1C8-61016B33EBEE}\Programmable	A59L.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{DB7C3B2B-F4E3-EBD3-B1C8-61016B33EBEE}\InprocServer32	A59L.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{DB7C3B2B-F4E3-EBD3-B1C8-61016B33EBEE}\VersionIndependentProgID	A59L.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\0\win32	A59L.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib	A59L.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib\ = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}"	A59L.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib	A59L.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SearchNewTab.SearchNewTab	A59L.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{DB7C3B2B-F4E3-EBD3-B1C8-61016B33EBEE}\InprocServer32\ = "C:\\ProgramData\\SearchNewTab\\WzU.dll"	A59L.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\0\win32\ = "C:\\ProgramData\\SearchNewTab\\WzU.tlb"	A59L.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ProxyStubClsid32	A59L.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SearchNewTab.SearchNewTab.1.0\CLSID\ = "{DB7C3B2B-F4E3-EBD3-B1C8-61016B33EBEE}"	A59L.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	A59L.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ProxyStubClsid32	A59L.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib\ = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}"	A59L.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib\Version = "1.0"	A59L.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{DB7C3B2B-F4E3-EBD3-B1C8-61016B33EBEE}\ProgID\ = "SearchNewTab.1.0"	A59L.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\HELPDIR\ = "C:\\ProgramData\\SearchNewTab"	A59L.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib	A59L.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}	A59L.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ = "ILocalStorage"	A59L.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib\Version = "1.0"	A59L.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}	A59L.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SearchNewTab.SearchNewTab\CLSID	A59L.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}	A59L.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SearchNewTab.SearchNewTab.1.0\CLSID	A59L.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SearchNewTab.SearchNewTab\CurVer	A59L.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\HELPDIR	A59L.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib\ = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}"	A59L.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	A59L.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SearchNewTab.SearchNewTab\ = "SearchNewTab"	A59L.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\ = "IEPluginLib"	A59L.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\FLAGS	A59L.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}	A59L.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	A59L.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SearchNewTab.SearchNewTab.1.0	A59L.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{DB7C3B2B-F4E3-EBD3-B1C8-61016B33EBEE}\InprocServer32	A59L.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SearchNewTab.SearchNewTab\CurVer\ = "SearchNewTab.1.0"	A59L.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	A59L.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib\Version = "1.0"	A59L.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{DB7C3B2B-F4E3-EBD3-B1C8-61016B33EBEE}\ = "SearchNewTab"	A59L.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{DB7C3B2B-F4E3-EBD3-B1C8-61016B33EBEE}\InprocServer32\ThreadingModel = "Apartment"	A59L.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{DB7C3B2B-F4E3-EBD3-B1C8-61016B33EBEE}	A59L.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0	A59L.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\FLAGS\ = "0"	A59L.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ProxyStubClsid32	A59L.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}	A59L.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{DB7C3B2B-F4E3-EBD3-B1C8-61016B33EBEE}	A59L.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\0	A59L.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib\ = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}"	A59L.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{DB7C3B2B-F4E3-EBD3-B1C8-61016B33EBEE}\ProgID	A59L.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib	A59L.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ = "ILocalStorage"	A59L.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{DB7C3B2B-F4E3-EBD3-B1C8-61016B33EBEE}\ProgID	A59L.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{DB7C3B2B-F4E3-EBD3-B1C8-61016B33EBEE}\Programmable	A59L.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ = "IIEPluginMain"	A59L.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3920 wrote to memory of 3412	3920	41ec99568224cb884af62c8847189d04_JaffaCakes118.exe	84
PID 3920 wrote to memory of 3412	3920	41ec99568224cb884af62c8847189d04_JaffaCakes118.exe	84
PID 3920 wrote to memory of 3412	3920	41ec99568224cb884af62c8847189d04_JaffaCakes118.exe	84

System policy modification 1 TTPs 1 IoCs

evasion

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{DB7C3B2B-F4E3-EBD3-B1C8-61016B33EBEE} = "1"	A59L.exe

C:\Users\Admin\AppData\Local\Temp\41ec99568224cb884af62c8847189d04_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\41ec99568224cb884af62c8847189d04_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3920
- C:\Users\Admin\AppData\Local\Temp\00294823\A59L.exe
  "C:\Users\Admin\AppData\Local\Temp/00294823/A59L.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops Chrome extension
  - Installs/modifies Browser Helper Object
  - Modifies Internet Explorer settings
  - Modifies registry class
  - System policy modification
  PID:3412

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Browser Extensions

T1176

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\00294823\A59L.dat

Filesize
5KB

MD5
00b6aefc50766bb3b18f6e58ab1c985b

SHA1
284cfb4c6e2082c4b56e82b4a677e770b7215113

SHA256
cf17383ba59c894de1dd3bb321eaab0cace7260920c535475594abae1baddb62

SHA512
c284e7e67aa4004396b35a765644d536eec73ba12dda68a00a615c6c0b3bb8f6c461e9abbf849ba23c5cbb4047cfdf3e9b2565486818685cda1cd40e0eab59a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\00294823\A59L.exe

Filesize
334KB

MD5
8300c91b40229b42301aebc6d8859907

SHA1
0b55e56a6add6b4dd4ceff475a0018a203d02a5a

SHA256
f54a6814ac06c70ef5b738eca4855e49039783d96b70ba1ae461bd90877e53b5

SHA512
0863750da143e1707513f4a2efe1ad6cf81f5a819c7d5496d1629745afffcf72338aa9de90479d5e0936e848f9b260c434fd369027c56be175814086cafd4d8f

Download Submit
C:\Users\Admin\AppData\Local\Temp\00294823\WzU.dll

Filesize
222KB

MD5
e9b27306a18f18b88945cdf066de2fc9

SHA1
4d18490fbb336e261301a967047065dd561cc2f2

SHA256
a9880b90d24af3786886306aefe5c79ff3cb2fb7b36ee5fb7bf2af85f240d63c

SHA512
f255e8bfb13cfa070b31f47b12a4aacf9ab75a6a8191b6b83740d02c3f007b6d5255a5c2c12bc7b599996742973d2faccb5463d96d16c7aba40e34776823c706

Download Submit
C:\Users\Admin\AppData\Local\Temp\00294823\WzU.tlb

Filesize
2KB

MD5
39d776f73d1d3f771aaa8c3561367c3a

SHA1
eef842aa02927bd7fbe7d569c5446ef1a2ea065f

SHA256
c2156787eeb818e587529572599fa124773c71330fb93e1c79f4cb9141090941

SHA512
3174095accbf422730e60f61523dec01a9a4519cb4642a641c5f547d530ad41f5386d383b90f7daf34f1f36635775929e99d7fe0030aa24cee30f4de8376eeb3

Download Submit
C:\Users\Admin\AppData\Local\Temp\00294823\bfimhmjkghejgcmcndomioodecjdmaeb\background.html

Filesize
141B

MD5
9790b685caf5343f213baa88c6b60a68

SHA1
5695a0d895036cba37624d2a1127e8130ffbdd3f

SHA256
d4c0a9a2ddfb7abd1dfbf5f0bd227274ab585c51b71aa514d099a4b22aca4b5c

SHA512
91ba9c43badcc7c3a9533b5ca010ff13b511fc40aadac7428b1f6df2446d734fb1603cc29a824e8266164d657981f0ff20cc8e2a89b048ba7966eb26d5b3277a

Download Submit
C:\Users\Admin\AppData\Local\Temp\00294823\bfimhmjkghejgcmcndomioodecjdmaeb\content.js

Filesize
197B

MD5
5f9891607f65f433b0690bae7088b2c1

SHA1
b4edb7579dca34dcd00bca5d2c13cbc5c8fac0de

SHA256
fb01e87250ac9985ed08d97f2f99937a52998ea9faebdc88e4071d6517e1ea6b

SHA512
76018b39e4b62ff9ea92709d12b0255f33e8402dfc649ed403382eebc22fb37c347c403534a7792e6b5de0ed0a5d97a09b69f0ffc39031cb0d4c7d79e9440c7c

Download Submit
C:\Users\Admin\AppData\Local\Temp\00294823\bfimhmjkghejgcmcndomioodecjdmaeb\lsdb.js

Filesize
559B

MD5
209b7ae0b6d8c3f9687c979d03b08089

SHA1
6449f8bff917115eef4e7488fae61942a869200f

SHA256
e3cf0049af8b9f6cb4f0223ccb8438f4b0c75863684c944450015868a0c45704

SHA512
1b38d5509283ef25de550b43ef2535dee1a13eff12ad5093f513165a47eec631bcc993242e2ce640f36c61974431ae2555bd6e2a97aba91eb689b7cd4bf25a25

Download Submit
C:\Users\Admin\AppData\Local\Temp\00294823\bfimhmjkghejgcmcndomioodecjdmaeb\manifest.json

Filesize
552B

MD5
8071a311337c0df23f4b7d417f6db406

SHA1
b8ee3931a76a601ca8da7a58a939dca9b308da41

SHA256
77c6657c4667649aff331bf26872dc7d1d7377c34567edc8cb995141698bcef0

SHA512
339fc43b3f56beca9e486ba457c7f567020d883e750f644b2dfe7a7d1949c1ef7ce409220686cc3732ebc5da61ba084a90fc659356ae649fb6c71c364c37ed9b

Download Submit
C:\Users\Admin\AppData\Local\Temp\00294823\bfimhmjkghejgcmcndomioodecjdmaeb\newtab.html

Filesize
377B

MD5
3f7de07e5dc144b3bdc98e22f7b33fd1

SHA1
1e8ab39c43bf19c9a8fd0ecd657e4a60f1cc9c5b

SHA256
0b91a72d58b9e36ba4688ea8ab535c697137138a7b8c04eb918921102b841555

SHA512
9a86d9dc93d2589138beb57f62ac5c7b1fdeaedc840ce1c270ac4d6d8aa35d676f7b604fee30512eef86c6b4e7b9b57f904d238a085ad967407d94a2f7b6cf02

Download Submit
C:\Users\Admin\AppData\Local\Temp\00294823\bfimhmjkghejgcmcndomioodecjdmaeb\sqlite.js

Filesize
1KB

MD5
d4652e0c94fc75c7be61a8c254f28c2f

SHA1
79be52d2cebf4849993a3413fac17e554be7265e

SHA256
cd5005d76963b55123da65df80542cfb8615c3210eb1dfcbff4cbb8d577173e2

SHA512
b2e72871a7ac2807361ff7afa83ac5fc5f0a529379bd4c685436633ac45dc4e998beba092195c7fc1cb3c985fbbdb7f487318b555a61de7f210c73294ac8e584

Download Submit
C:\Users\Admin\AppData\Local\Temp\00294823\bfimhmjkghejgcmcndomioodecjdmaeb\xfrK.js

Filesize
5KB

MD5
1745fc90ff21b327068f896f1be10918

SHA1
b6f909358b5a6c636fd48681ba3bf1c5cafdae45

SHA256
03ddc430c9ebddda4602032ada2b3c8af8766149001cef7d6468c9f06adee01a

SHA512
03ae5cbe6fab7c17ee67500a0933ee7426e73ddbeae876ce9348812501021cb9e94d205e847956161aae81174664a61a9961fac751d1844c24d06ea20191d7bc

Download Submit
C:\Users\Admin\AppData\Local\Temp\00294823\[email protected]\bootstrap.js

Filesize
2KB

MD5
1b53c596cfb1aa2209446ff64c17dabd

SHA1
2542da14728dcdbe1763f1ee39fe9ceae38ad414

SHA256
a7dfea4bf7e1d46a8b8e64ccfb2cf35017e3a5b350eead26d6671254d2b3c46f

SHA512
be54481675c38ef6a41697cf8cd3ab5a0b126922b192732a9c587dd8905b74b66c79eb0c849f62bbe8934979a894be63734b0ad59ffae295f5797cbfaa327030

Download Submit
C:\Users\Admin\AppData\Local\Temp\00294823\[email protected]\chrome.manifest

Filesize
100B

MD5
4090e0b7b64465fa38dbc88865f6475d

SHA1
1512b30bf77686aae7bb4a2d96c51be6e0ffb976

SHA256
7c526eb0b07e384db3270c688b4a8ba79dbd86ad5065a70214d1e730d31f2e95

SHA512
245d1f301e3a6aa15eb9f0e0441b89a48525ab867bc0dd4f37f1e6cfc9722f6609dae41700037fe6e96b823eae56030ed0d352385a5666713c7d46902867ea5d

Download Submit
C:\Users\Admin\AppData\Local\Temp\00294823\[email protected]\content\bg.js

Filesize
9KB

MD5
9898da533c6da039b9f6c5bf6a9b71d3

SHA1
9b8285d308886d1538bb3083d8fec5139ea6d6ac

SHA256
28c0d9beb0cb8c8461b91e774d04fbdb828021cb02e197459c3594af43d106d3

SHA512
d5f867c4c60bb68d4d02d037725afad413d0455f6be318b07545a26ced5e5495495b09c5331b64082e8e0f151296fb7142c63ea767fe3fee8be13256535025dc

Download Submit
C:\Users\Admin\AppData\Local\Temp\00294823\[email protected]\install.rdf

Filesize
605B

MD5
7c4b73c136b89d94daef5cd790b18d79

SHA1
dd1b66734cfe4331d5831945b375fa881ecda4b3

SHA256
7a95476a7cfbceb0177b9554b82a55c14ec4d7c5172b88bca847dfd22fd0497c

SHA512
8462f27780b24c2d5e94cba2d4958aee035f082e5dd8fa25c53df51b7592c22e150994ba6278fb9f26c02826c69fe391f076974147ef4ab36a93d1319cfb4fff

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads