baaaf5cec6cda5010d2c652347513168149b9b495e4e031a25bee612db1a4126

Analysis

max time kernel
120s
max time network
124s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
06/06/2024, 05:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-06-06_935463e9ff431d3b234e061d615cafca_mafia.exe
Size

2.2MB
MD5

935463e9ff431d3b234e061d615cafca
SHA1

6ad80809c06642ae31c88f6b43e02e66d1ef571e
SHA256

baaaf5cec6cda5010d2c652347513168149b9b495e4e031a25bee612db1a4126
SHA512

036262b38165ddedaf14aa514b2c89b1515fafbe520e7e19cfc19a17d455dda8a01c17897c729b703e01405643d72d6d5b4e1f7e8c6a2ef4efc7aa7314c35e4e
SSDEEP

49152:Z/I3Cf9S251VfogxifwOd5gDFmiirf908vu3AjmZI5GwCz8ETGP3yFLCsabSTl02:dIZ2LV1ifwOdeFmisf908vu3AjmZIFXq

Score

9^/10

Malware Config

Signatures

UPX dump on OEP (original entry point) 1 IoCs

resource	yara_rule
behavioral1/files/0x000400000001e807-931.dat	UPX

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 3 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main	2024-06-06_935463e9ff431d3b234e061d615cafca_mafia.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	2024-06-06_935463e9ff431d3b234e061d615cafca_mafia.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	2024-06-06_935463e9ff431d3b234e061d615cafca_mafia.exe

Modifies system certificate store 2 TTPs 6 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8	2024-06-06_935463e9ff431d3b234e061d615cafca_mafia.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	2024-06-06_935463e9ff431d3b234e061d615cafca_mafia.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13	2024-06-06_935463e9ff431d3b234e061d615cafca_mafia.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 0f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d0b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b66053030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c1320000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510	2024-06-06_935463e9ff431d3b234e061d615cafca_mafia.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 1900000001000000100000006cf252fec3e8f20996de5d4dd9aef424030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c131d00000001000000100000004558d512eecb27464920897de7b66053140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc41560858910090000000100000016000000301406082b0601050507030406082b060105050703010b000000010000001e000000440053005400200052006f006f00740020004300410020005800330000000f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d20000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510	2024-06-06_935463e9ff431d3b234e061d615cafca_mafia.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 040000000100000010000000410352dc0ff7501b16f0028eba6f45c50f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d0b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b66053030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c131900000001000000100000006cf252fec3e8f20996de5d4dd9aef42420000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510	2024-06-06_935463e9ff431d3b234e061d615cafca_mafia.exe

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
2232	2024-06-06_935463e9ff431d3b234e061d615cafca_mafia.exe
2232	2024-06-06_935463e9ff431d3b234e061d615cafca_mafia.exe
2232	2024-06-06_935463e9ff431d3b234e061d615cafca_mafia.exe
2232	2024-06-06_935463e9ff431d3b234e061d615cafca_mafia.exe
2232	2024-06-06_935463e9ff431d3b234e061d615cafca_mafia.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-06_935463e9ff431d3b234e061d615cafca_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-06-06_935463e9ff431d3b234e061d615cafca_mafia.exe"
1⤵
- Modifies Internet Explorer settings
- Modifies system certificate store
- Suspicious use of SetWindowsHookEx
PID:2232

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4429b645ff67d1a536155bad937f6db6

SHA1
7416033c406a9eb3c161a4b48801fc356166a557

SHA256
589ba92904f4782badc376193dc37f2116ab363ede973c3dbf8a64557ec925ee

SHA512
db30e700d1861ef589beb69d5455783f03ae4c693eb683e6e618d9d8b3060817ef310940ff8272de3abf1403d72ac3399a7a9d3911763894ef66f8714efa8f33

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
a51469374d4e4834484585e578b87a2f

SHA1
754987849fccce0bdd57e97860f6fd9e2ed452a6

SHA256
ec59dd1aafe76351774aa4bf8aa96a8b444a08d0fa4286ee0515c1ca76664b17

SHA512
a1aebf223b99352e1cf711fce0c719075f274bf279c0cc843c81ccf9fca13aee9e7a5fd9e6c41d5ff1892e48b8ff6b7b178cc9b3022b6a1577154e5b48e2e905

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AEVKZNPV\v;V-+6&3']e1a+T7YxJSxdr[1]

Filesize
928B

MD5
a2be49fadf6feab56f57dd504f18e994

SHA1
fc722762f434d7edf7321102695dd21e3e5a7b15

SHA256
0f72d700fbb45a98f5179308df5e099271c4d044b4f324912727d06388aa6004

SHA512
d8fbb5499b9748913433a291d39d9def6acc8775e25c30baa0a1e6c90f13630b910908c0c0fe6ba8b1160b717decde6e6f17c9bd4b2bd2a79300f92b84d47863

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EAGP779D\;%25s7M+PX%25Q7bhK}`,3wo3%20q[1]

Filesize
5KB

MD5
4d9a7804f3d1c683e1c12f239af8a775

SHA1
066322d5c7c6a8fa7418d6d0c792b2ae413ca581

SHA256
b3153122bd13ff5c763c9d316c7debd419e867112bb57a5b609c009872b02113

SHA512
d05ba680d599c0f84fd26fc6bf52fea2290eccc6a9ffe7c89eb9d03001e11d12e0a686cd9cb9c245d07bebc9ff7cd082d595a9a606cf559be05013cc760bf06a

Download Submit
C:\Users\Admin\AppData\Local\Temp\DevIL.dll

Filesize
128KB

MD5
48615d6fd7eee43635df97d9a0f9bccb

SHA1
e95ba488ec510877a233913a5bd6aeeca8ef6dc5

SHA256
72d9cbf9121c2a642abe13c4a00e4b583ae2a491722f9adb353f87fe968e2902

SHA512
8a3f7b8c36712b979b502a59a8f6851b5b30fdfa84669128d53a973cbf7a030a226bd05067c98e1102075e77ff5b2a900c8eacb4fa88f855dd5efd27b97bb8b4

Download Submit
C:\Users\Admin\AppData\Local\Temp\GamBit-conf-1.-0.dll

Filesize
2KB

MD5
44dbdc457aedd6fe908335a9e28dd8ee

SHA1
1bb5846fe2f6ac8a3c01ffddcf294a25729c4c5f

SHA256
3ef5740682cf0f579f12bdecf5010a0bd262ad4e5f6eddf1a4aebd27586025bc

SHA512
e21648944773f4a55c5e972cea6f51eb2d5a2456d350838f60718df8fd79fc90cda12b622996b50f4e6d47a8b473fb2db8ba482d70e2abf507b077bda1592e6c

Download Submit
C:\Users\Admin\AppData\Local\Temp\GameGuard.des

Filesize
448KB

MD5
031392315dd7bbf99b912743a915e6f7

SHA1
48e00142c945ef6d65fc37d61ba0d2b5dc6a2ce8

SHA256
dfa3ca0dbcfb66f11813e99a3c11df3853a214e4ff766cfa11c015f1a60db3a0

SHA512
0f26907d767ef47042aa210733940effafea9f16fc047ccd21a6fab0f61fb39e8711461f264d33fa43a1f1160e3316b2f565aea2c8d485c8b51985c5f54d7a3b

Download Submit
C:\Users\Admin\AppData\Local\Temp\ILU.dll

Filesize
80KB

MD5
cdadb36a554694ec6d723ab33088a93b

SHA1
1dbcf543e1960fbe67bbeedbcbdb38311e19a218

SHA256
4d89c82352a058b111ece0a7f618c6b661208c42e06b4e7a3175e457721f23b6

SHA512
4790fa7d1a1eb8d1c6ee36182c4f8199d84e5c91fd47fa231db6d03fad0e751d73e361f31de3e33003cd643bb3f052da6819ec1bdd978567d0a1af2c0eef6bb4

Download Submit
C:\Users\Admin\AppData\Local\Temp\ILUT.dll

Filesize
36KB

MD5
fcefe07a8a97e5e92cf2ca52c69a36ad

SHA1
62cb63116542b46d3d571c3110d09357a2399cd8

SHA256
fea47a8399fd5db956c60aa38a0a64cf598bb2a045e6802a3d3d5a6b73b5fdcd

SHA512
60ba532bece0943e2d79b6ab14d367afac52d586e9de916f7f9959d96b126f30f0bf8164f05b3d5538f1976e6524165cd468b86034f97c6f8f19507309ab9e4b

Download Submit
C:\Users\Admin\AppData\Local\Temp\LBIndustrialCtrls.dll

Filesize
56KB

MD5
9c4b1f728e732562c545845555bdaec6

SHA1
ee5d73842571c205f9a001a84618eea20ba80cf6

SHA256
fda561c1ebcc5cbe73581389c93b9b0034b67c2d1ef717e059d5b14750b9bc4e

SHA512
254228488815d80c7d7c23225450eb9f628f255584a7cf6868548dd1d55611de3efdf83fa0f15f44b1cf0e42d987589dd7bb11ece5fe92261046c1f0bf2ce284

Download Submit
C:\Users\Admin\AppData\Local\Temp\SFrama.exe

Filesize
448KB

MD5
74174737a08f5f516327df4e28b823f6

SHA1
ca9f134b866c829474fea5537af300b108d409a8

SHA256
83169c33dc3a313ab6539af156e344a6864d963e8ff79380c596d0f5e7de84fa

SHA512
45061e09dd1f09790cf37219bbd8b3d6b2ce2b0b87cbc1f7fa5e5ef8aff13ff499bb4baccec53abc8646a3c72c855be83d49ccd769ead7cf6d7cc315010ad4b1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar16FF.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Users\Admin\AppData\Local\Temp\audiere.dll

Filesize
128KB

MD5
8e13dc6d6c969215e74f6b06a9d3eab2

SHA1
5c7bde19e5ca60223e7e1396ad7c5c556c517d9d

SHA256
b6bc1421b6b89b22e931b914831a54367d930c8c24268c33324aa36833536b8e

SHA512
fbd877b9ba073eeba8c0531c5ba79e5d9cecb9332989c42ac26396d278aabffd515d656cbf64a4d1404b19092d2dd29e84bcdd19374f34933df025f763665521

Download Submit
C:\Users\Admin\AppData\Local\Temp\dbghelp.dll

Filesize
448KB

MD5
adc6637c1b59b620e0fba7afdd27b27d

SHA1
4c42aaba436ec29908a7d403a3a1bd7dc7e46eb1

SHA256
361896cd7362c66d29d7b527fe4a90b23326272ba7ae47a13ee9af1a1666addf

SHA512
848e6ff57760be15b99867380250e2d1fac9628b83f9023a8b2c855fea0b7c7d1570910c619f7a649cb5b33ea2b92f155df28de486ab5833c8c7861cfdc215a7

Download Submit
C:\Users\Admin\AppData\Local\Temp\freetype6.dll

Filesize
128KB

MD5
c15292f8eec4b7758c54eea871dbabe1

SHA1
8cf8880182fbcb99b18646f118d31a0f545ff27b

SHA256
01f3d70205a234db23105314c67326e66bb206e7b1768a7d0bd646883a2a049e

SHA512
8bc28c09dadc385fb3d313fee96340aa6575e0ff227dbe0f74e8b75dd244360ed6d762738e9a2305da17d025e090dc84039af1cd3a19bfcbb23d8ca6b8a4970e

Download Submit
C:\Users\Admin\AppData\Local\Temp\intl.dll

Filesize
148KB

MD5
eb2d4c4d4a527bc88a69a16cc99afcf5

SHA1
b326ec4919e1ec9595c064b24853b1e6b71530a3

SHA256
682d4277092472cac940558f9e679b44a6394159e49c9bbda299e33bfc6fdc92

SHA512
009f31cd68a87a40aef4be07af805ab50fac03f4c621144b170d9d3313b1b6a73415f6dd878b048f85afc1b662659a88e4cc89e9a8c76f631f6f1b79d57fd0b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\libcairo-2.dll

Filesize
448KB

MD5
2285deab50a9d991e153a56ac76e0a63

SHA1
9cda62fa1db06290497918ffa3ab2b186707b144

SHA256
3dfb9c111d06cbe505a48a32539df905a1f5d28a78308f5e047f8a4cf93087e7

SHA512
ea29172060f95294f376523b60ba30cad7d345b434b0fdfcc6ef27cbbd2fd6091a63be48d0452eb9cd1273050a95c92f974b2f7402982469ec56c53405ea9e2b

Download Submit
C:\Users\Admin\AppData\Local\Temp\libexpat-1.dll

Filesize
139KB

MD5
701659d3689bf4a8265b669b7d774255

SHA1
ab32887ca7a9f1601eef4910954e023cfb1b2075

SHA256
f2e500f501c03d3d09609c6d0b2ea4c51bb433762d9c8f82ac6163877a780bc8

SHA512
34df12fc988cc12e50e2c046ecf1427b0413cd6d5721847c99aa31f91f4aee7b171956776431ed362fb60b2dcc2c082a3d44abb377f5c2bc5c7db67ad26fe4e1

Download Submit
C:\Users\Admin\AppData\Local\Temp\libexpat.dll

Filesize
144KB

MD5
952bfa893477f97a0f254d82d38f45d4

SHA1
e789e8ce3ecb2218bc51882568488a0a69539427

SHA256
09072c6dba447d66d1a591bdfa9306a6887668c999bc5ffbcfc697bd8f831e70

SHA512
e664adc347f0a53d89049e160fc69fa1cc8bb25a99c7783b08174a0f10c03f26097ac3a00d8d31665a42d4d24226ca4078de4710ef7be2fc46286d5f957b4564

Download Submit
C:\Users\Admin\AppData\Local\Temp\libfontconfig-1.dll

Filesize
272KB

MD5
dd583bedc5efe7bbd21a8ef107dec88d

SHA1
24d852d57e5f1ff2ce0803e3484941a18b8a501a

SHA256
1c0a17ef42755d653d496dd7f52a4a2ca488b89ea1cf0df08f7fa32216f4c051

SHA512
63f4061043eb8e5550f646116f07c37e5207a29ec7d1980c502c311e827b273d2894e3ec503f7e229def71783e1eae1af79356d00be8bae7993732e67ff5b042

Download Submit
C:\Users\Admin\AppData\Local\Temp\libgio-2.0-0.dll

Filesize
436KB

MD5
5d1c26c12b2b83dfa25bfe93ca2db490

SHA1
b1f56dd1ef1937493a0c644cf29789e084705c65

SHA256
3ce5725a81e95a2853810a6c1eb93f5cbe56e49257051a3aa2cdd27779a3fabf

SHA512
46b24af898c985d85141184eb2256fbe6ba6269598a4af6cf17049f3b608ff89d89cc7b62b20289382a55089278e109f913dc58004060cc67fb93b50afbb9b6d

Download Submit
C:\Users\Admin\AppData\Local\Temp\libglib-2.0-0.dll

Filesize
448KB

MD5
fd19f33beb7696e16f1f3103d95f9f4e

SHA1
0ce8389fc15ad723ec93aa6e54937bb22ca84ea8

SHA256
7e3653221cfb7ad7a33f9fc3bf99ee4f3ba980547f641388b04d315296d39451

SHA512
0cb259eaff4c27b83ebc227db9a2ba6f6012ca503f76befa723cf93e9d5cef40d625fed1ba6c29c3219659022eb5b606449d7f86cfc10dde1b494257f84b5852

Download Submit
C:\Users\Admin\AppData\Local\Temp\libgmodule-2.0-0.dll

Filesize
36KB

MD5
b0b2396fc6413016a45a5e8ca2ea8152

SHA1
d9d2311d1619c1f51b406fee1a17529d3de21124

SHA256
1e2332ed84bb447fe814e9201effe88e682fd9b2da89e2b1a27aef1c786b6589

SHA512
496c8d905a481c3bcacee2a54e0a27cb8605a62d36668dbb61dbb4e23fecb83efe92c4cbb16df0b7276f8938cb66879dddff03c4fca50ca5dd504814982041c8

Download Submit
C:\Users\Admin\AppData\Local\Temp\libgobject-2.0-0.dll

Filesize
333KB

MD5
356d697647a480562c4e2e921b13f8ed

SHA1
1218243c9b4e8e6fabcc5f2eac1adb78002b01c2

SHA256
75b4e8a0757f7db26ef195f3c5e2da5770d95c3af081c2cdae0ec15b460aa9ea

SHA512
4ef4ad1648f508cb3ad5ab446196d351219a28083df096353a343b81a6d699691bb8a77158a6085d00d4c9eae408a0193dac7e3b806156d62bb6ee552dc8095a

Download Submit
C:\Users\Admin\AppData\Local\Temp\libgthread-2.0-0.dll

Filesize
43KB

MD5
7ad6f303082b382bff7bafbab246c61f

SHA1
8d94c4d4b0633a80e28504a3c694dd2bae252854

SHA256
ee2e8485fdbfb2c5626099ccafcdc41ac60414dffd5c6c3befaf786634baf5c3

SHA512
eee840f217ff65b22efd16e78fb898990116efdfb6ee1cbf9d9fb64b9f3209f18860f6477c1df60352fb242671d973dcac043134748f823d210fc393ed4e2598

Download Submit
C:\Users\Admin\AppData\Local\Temp\libiconv2.dll

Filesize
448KB

MD5
c9fe266d793e343dd192aaf50a7790c5

SHA1
9df8ad585142af07931daaf8dfab18d87597f2a2

SHA256
f29e4f1cc6c7aa026382aa75739610df43ee0bd0abe3033c455e517941855e6c

SHA512
3cd25a1e74cf98bf835600d6eb394f8bb16d04f178699a1f029309cf497576e65ba2ca449903b5f2cafdaae960f67db1a8801288c685018bc8f1319a87e30749

Download Submit
C:\Users\Admin\AppData\Local\Temp\libpango-1.0-0.dll

Filesize
325KB

MD5
5a14efd93ee27cfe960220fe4a904911

SHA1
2ba671366367dc85e50bfa4618e4bcaec568e418

SHA256
cbd61867459abd458b5de5b6f3213f864cb11db52986e39631a643da7c3844de

SHA512
bfacb68580240f6e44cc8a79905e9a32be9c97bb673babc90275d969863a8fc017fd57a53f09d564a59c17205fc07145be6d58ade9179cfd12f9a8e1760e8479

Download Submit
C:\Users\Admin\AppData\Local\Temp\libpangocairo-1.0-0.dll

Filesize
102KB

MD5
d3ad38599649097a3645777ff95be08e

SHA1
3289e80df068042e30c1f5afe5ca453d81618dd5

SHA256
29e2828266d52c4be341e6212fa22bf54b509fb8e0c2057385667d6b5073c38e

SHA512
257ab847d03028e51abd3eaba6be1073482731e2f02414e879ad3b42c3233aed8468b541ded0d3da3c190d940cab589fd2e854aa8cd108743e29013554007349

Download Submit
C:\Users\Admin\AppData\Local\Temp\libpangoft2-1.0-0.dll

Filesize
128KB

MD5
732ca1fbc39bb95231aed332a6452a09

SHA1
45c145872e18a9082b414b20c4e6e112a3d94307

SHA256
08c4efada802c2d2f948695c3dae3fa1b570b5032c1a33c18c7f4eedc0ef7aee

SHA512
6f3b7635f22060c06d618b7e0fe7a63bc06b6f1c4530ca8f28d487449fcf69733bb8b4ffb0ff2d26799c703502b9e241aeb19e36b05b971cc3fec0ac11a8ce0b

Download Submit
C:\Users\Admin\AppData\Local\Temp\libpangowin32-1.0-0.dll

Filesize
106KB

MD5
d07f128828225b7cc38e9e590eb3ba8a

SHA1
28b95f9db31af83a631697f79ecc8961643258be

SHA256
0a52dc82c58ee95b6d311f3936701593af2ef7055fb12eadaa489574f39a96e0

SHA512
937ebf63002d26befc52d06d168dd16895876478fd61de52297bc03d5d05ad26b804c3b6f0d14ba3c24b9ae2b06e53f70bf630051cda49506ea60c9596a31136

Download Submit
C:\Users\Admin\AppData\Local\Temp\libpng12-0.dll

Filesize
198KB

MD5
440d117c536ae88f540ecfb0e496c869

SHA1
724ba0199d97c1e5e092382ef6e6dcbd6518d61e

SHA256
1ac171d55301bafb73bf467bec612217da0690afa0a8e0a7e59674879796dc30

SHA512
00231743e0d1ba7232f8cfdd4fd4800e3bdb531324971522c11c542e064475816a5bde7b1404275f3d861ad59cd73f07ab283a948ae5772511d58769aa3d919d

Download Submit
C:\Users\Admin\AppData\Local\Temp\libpng14-14.dll

Filesize
225KB

MD5
f3a15497e25baaa721f96638d7a4d2f8

SHA1
a5450c9fb0789f9f3b62e8f5bbc047c7a9209f9f

SHA256
7644c698cb5c823b9fd238d9e88b25d14e04816a0a2c77c48170309957c69efd

SHA512
5662fda61b4985a77aaf6bd1e91cb1d4bddfde1d8d9d278bb19c0c347cb0a5cbb936f3e279346e253ecebb602a5cc6bf90acd4d677ce982c51e813ae0769b763

Download Submit
C:\Users\Admin\AppData\Local\Temp\lua5.1.dll

Filesize
192KB

MD5
09da50f282aa5a18cf471da1cbc642b1

SHA1
49cec5d85bb96ef43cfc98a54e018b3039339daf

SHA256
bc30ea68cbe4bc83a68cdad786601106b9ee15902253f55681a215972afa4b3a

SHA512
a44d4dac4185e98de4148415b3bbb146877ad319704b9961b8cd613cc8670ab184bdb90433e8f3b6b29ca0656d24e3f962956e0841620356775c03ce5b2e0003

Download Submit
C:\Users\Admin\AppData\Local\Temp\mscorlib.dll

Filesize
448KB

MD5
c3994790a25182e2d9275eac11eae73e

SHA1
151042f8915a82f6385d8baadc10af901f02181a

SHA256
9a53bde5d2928a6a9a7cedf6fb499cf5249c4bc1d09d9b3e4df4730c2a2a4573

SHA512
a31bb3789992d7a376bf4a570f796d8f9b686a5fc62afcef3ce30fe40d6206a4a9d277336fa8867f62d8d73751a097f02b25f71bc5f2f984f69ca7b6cbdec0b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\mss32.dll

Filesize
377KB

MD5
e55d16ccb331bb2a17e36be320f784e5

SHA1
0b0765edb84f085d529e2d81c4c574f41e25928c

SHA256
44ceeffd9cb85845d1e068b45f7cc571e4f314c5328b00721d5bcfd3e26b45b8

SHA512
73a2edbac4fc6d6960a03d2e136a7a8e395daf764e04da40cc0837756c1845ff2d19f4d153fc8ca84c1f07bca067b612848d439c7564cdb4a3af2928d39a0003

Download Submit
C:\Users\Admin\AppData\Local\Temp\zlib1.dll

Filesize
98KB

MD5
d90dad5eea33a178bac56fff2847d4c2

SHA1
cbbce727fd8447487c7fc68051b24df17d043649

SHA256
104162a59e7784e1fe2ec0b7db8836e1eb905abfd1602a05d86debe930b40cbf

SHA512
8dbe57e32554d049a0779c40645dfbad2eaa1eeaf746898cd44f8686265f1fd4f84d6f857ba40644294d817d5c5eab6ba6271df55c56047fd16c10b8478184eb

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads