f700542746fd65d8f152a3ef51d274a0d2c1c9b9020a6f52ff572b756b3afc2c

Analysis

max time kernel
600s
max time network
458s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
24/06/2024, 15:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1ClipboardSetup.exe
Size

49.8MB
MD5

857de96c602a170f23365ca0a21f23c0
SHA1

5b3e50f947e2e0e7d50711b57ad2547561b31cf7
SHA256

a3425082f63ffb0f7aabfe5c01bbd6346d90acb88366cf293fb55ad2c85d9196
SHA512

c8f48493a4fa2ac847b57298b4310e781450cbe6fc853d6acdee8b010531ae61f40338878f21748cee77be1fe21fb1d624fc85b7e6ef0288dad5964c48960de4
SSDEEP

1572864:3Qm+336u7bj6AW6iN78Rrim79wnukVfGQnlm2nxqqNSWSZa:S57bmAhGABZ9gNGglm2LNS9A

Score

6^/10

discovery persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 3 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\1Clipboard = "\"C:\\Users\\Admin\\AppData\\Local\\1Clipboard\\app-0.1.8\\1Clipboard.exe\""	REG.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\1Clipboard = "\"C:\\Users\\Admin\\AppData\\Local\\1Clipboard\\app-0.1.8\\1Clipboard.exe\""	REG.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\1Clipboard = "\"C:\\Users\\Admin\\AppData\\Local\\1Clipboard\\app-0.1.8\\1Clipboard.exe\""	REG.exe

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Control Panel\International\Geo\Nation	Update.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Executes dropped EXE 13 IoCs

pid	Process
3460	Update.exe
2480	Squirrel.exe
3132	1Clipboard.exe
3512	update.exe
2472	1Clipboard.exe
3408	1Clipboard.exe
3672	Update.exe
1556	1Clipboard.exe
3984	1Clipboard.exe
2180	1Clipboard.exe
3740	Update.exe
3568	1Clipboard.exe
4056	1Clipboard.exe

Loads dropped DLL 35 IoCs

pid	Process
3132	1Clipboard.exe
3132	1Clipboard.exe
3132	1Clipboard.exe
3132	1Clipboard.exe
3132	1Clipboard.exe
3132	1Clipboard.exe
2472	1Clipboard.exe
2472	1Clipboard.exe
2472	1Clipboard.exe
3408	1Clipboard.exe
3408	1Clipboard.exe
3408	1Clipboard.exe
1556	1Clipboard.exe
1556	1Clipboard.exe
1556	1Clipboard.exe
1556	1Clipboard.exe
1556	1Clipboard.exe
1556	1Clipboard.exe
3984	1Clipboard.exe
3984	1Clipboard.exe
3984	1Clipboard.exe
2180	1Clipboard.exe
2180	1Clipboard.exe
2180	1Clipboard.exe
3568	1Clipboard.exe
2180	1Clipboard.exe
3568	1Clipboard.exe
3568	1Clipboard.exe
2180	1Clipboard.exe
2180	1Clipboard.exe
2180	1Clipboard.exe
2180	1Clipboard.exe
4056	1Clipboard.exe
4056	1Clipboard.exe
4056	1Clipboard.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry key 1 TTPs 3 IoCs

Modify Registry

T1112

pid	Process
1920	REG.exe
1856	REG.exe
540	REG.exe

Suspicious behavior: AddClipboardFormatListener 2 IoCs

pid	Process
3132	1Clipboard.exe
1556	1Clipboard.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	3460	Update.exe
Token: SeDebugPrivilege	3740	Update.exe

Suspicious use of FindShellTrayWindow 12 IoCs

pid	Process
3460	Update.exe
3132	1Clipboard.exe
3132	1Clipboard.exe
3132	1Clipboard.exe
3132	1Clipboard.exe
3132	1Clipboard.exe
1556	1Clipboard.exe
1556	1Clipboard.exe
1556	1Clipboard.exe
1556	1Clipboard.exe
1556	1Clipboard.exe
1556	1Clipboard.exe

Suspicious use of SendNotifyMessage 9 IoCs

pid	Process
3132	1Clipboard.exe
3132	1Clipboard.exe
3132	1Clipboard.exe
3132	1Clipboard.exe
1556	1Clipboard.exe
1556	1Clipboard.exe
1556	1Clipboard.exe
1556	1Clipboard.exe
1556	1Clipboard.exe

Suspicious use of WriteProcessMemory 48 IoCs

description	pid	Process	procid_target
PID 3156 wrote to memory of 3460	3156	1ClipboardSetup.exe	85
PID 3156 wrote to memory of 3460	3156	1ClipboardSetup.exe	85
PID 3156 wrote to memory of 3460	3156	1ClipboardSetup.exe	85
PID 3460 wrote to memory of 2480	3460	Update.exe	88
PID 3460 wrote to memory of 2480	3460	Update.exe	88
PID 3460 wrote to memory of 2480	3460	Update.exe	88
PID 3460 wrote to memory of 3132	3460	Update.exe	89
PID 3460 wrote to memory of 3132	3460	Update.exe	89
PID 3460 wrote to memory of 3132	3460	Update.exe	89
PID 3132 wrote to memory of 540	3132	1Clipboard.exe	92
PID 3132 wrote to memory of 540	3132	1Clipboard.exe	92
PID 3132 wrote to memory of 540	3132	1Clipboard.exe	92
PID 3132 wrote to memory of 3512	3132	1Clipboard.exe	93
PID 3132 wrote to memory of 3512	3132	1Clipboard.exe	93
PID 3132 wrote to memory of 3512	3132	1Clipboard.exe	93
PID 3132 wrote to memory of 2472	3132	1Clipboard.exe	95
PID 3132 wrote to memory of 2472	3132	1Clipboard.exe	95
PID 3132 wrote to memory of 2472	3132	1Clipboard.exe	95
PID 3132 wrote to memory of 3408	3132	1Clipboard.exe	96
PID 3132 wrote to memory of 3408	3132	1Clipboard.exe	96
PID 3132 wrote to memory of 3408	3132	1Clipboard.exe	96
PID 3132 wrote to memory of 1920	3132	1Clipboard.exe	97
PID 3132 wrote to memory of 1920	3132	1Clipboard.exe	97
PID 3132 wrote to memory of 1920	3132	1Clipboard.exe	97
PID 3132 wrote to memory of 3672	3132	1Clipboard.exe	98
PID 3132 wrote to memory of 3672	3132	1Clipboard.exe	98
PID 3132 wrote to memory of 3672	3132	1Clipboard.exe	98
PID 3460 wrote to memory of 1556	3460	Update.exe	102
PID 3460 wrote to memory of 1556	3460	Update.exe	102
PID 3460 wrote to memory of 1556	3460	Update.exe	102
PID 1556 wrote to memory of 3984	1556	1Clipboard.exe	103
PID 1556 wrote to memory of 3984	1556	1Clipboard.exe	103
PID 1556 wrote to memory of 3984	1556	1Clipboard.exe	103
PID 1556 wrote to memory of 2180	1556	1Clipboard.exe	104
PID 1556 wrote to memory of 2180	1556	1Clipboard.exe	104
PID 1556 wrote to memory of 2180	1556	1Clipboard.exe	104
PID 1556 wrote to memory of 1856	1556	1Clipboard.exe	105
PID 1556 wrote to memory of 1856	1556	1Clipboard.exe	105
PID 1556 wrote to memory of 1856	1556	1Clipboard.exe	105
PID 1556 wrote to memory of 3740	1556	1Clipboard.exe	106
PID 1556 wrote to memory of 3740	1556	1Clipboard.exe	106
PID 1556 wrote to memory of 3740	1556	1Clipboard.exe	106
PID 1556 wrote to memory of 3568	1556	1Clipboard.exe	109
PID 1556 wrote to memory of 3568	1556	1Clipboard.exe	109
PID 1556 wrote to memory of 3568	1556	1Clipboard.exe	109
PID 1556 wrote to memory of 4056	1556	1Clipboard.exe	110
PID 1556 wrote to memory of 4056	1556	1Clipboard.exe	110
PID 1556 wrote to memory of 4056	1556	1Clipboard.exe	110

C:\Users\Admin\AppData\Local\Temp\1ClipboardSetup.exe
"C:\Users\Admin\AppData\Local\Temp\1ClipboardSetup.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3156
- C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe
  "C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe" --install .
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:3460
- - C:\Users\Admin\AppData\Local\1Clipboard\app-0.1.8\Squirrel.exe
    "C:\Users\Admin\AppData\Local\1Clipboard\app-0.1.8\Squirrel.exe" --updateSelf=C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe
    3⤵
    - Executes dropped EXE
    PID:2480
- - C:\Users\Admin\AppData\Local\1Clipboard\app-0.1.8\1Clipboard.exe
    "C:\Users\Admin\AppData\Local\1Clipboard\app-0.1.8\1Clipboard.exe" --squirrel-install 0.1.8
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious behavior: AddClipboardFormatListener
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:3132
  - - C:\Windows\SysWOW64\REG.exe
      REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v 1Clipboard /t REG_SZ /d "\"C:\Users\Admin\AppData\Local\1Clipboard\app-0.1.8\1Clipboard.exe\"" /f
      4⤵
      Adds Run key to start application
      Modifies registry key
      PID:540
  - - C:\Users\Admin\AppData\Local\1Clipboard\update.exe
      C:\Users\Admin\AppData\Local\1Clipboard\update.exe --createShortcut 1Clipboard.exe
      4⤵
      Executes dropped EXE
      PID:3512
  - - C:\Users\Admin\AppData\Local\1Clipboard\app-0.1.8\1Clipboard.exe
      "C:\Users\Admin\AppData\Local\1Clipboard\app-0.1.8\1Clipboard.exe" --type=renderer --no-sandbox --lang=en-US --node-integration=true --enable-pinch --device-scale-factor=1 --enable-delegated-renderer --num-raster-threads=4 --gpu-rasterization-msaa-sample-count=8 --content-image-texture-target=3553 --video-image-texture-target=3553 --disable-accelerated-video-decode --disable-webrtc-hw-encoding --disable-gpu-compositing --channel="3132.0.267976413\1863567867" /prefetch:673131151
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:2472
  - - C:\Users\Admin\AppData\Local\1Clipboard\app-0.1.8\1Clipboard.exe
      "C:\Users\Admin\AppData\Local\1Clipboard\app-0.1.8\1Clipboard.exe" --type=renderer --no-sandbox --lang=en-US --node-integration=true --enable-pinch --device-scale-factor=1 --enable-delegated-renderer --num-raster-threads=4 --gpu-rasterization-msaa-sample-count=8 --content-image-texture-target=3553 --video-image-texture-target=3553 --disable-accelerated-video-decode --disable-webrtc-hw-encoding --disable-gpu-compositing --channel="3132.1.259961531\771493684" /prefetch:673131151
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:3408
  - - C:\Windows\SysWOW64\REG.exe
      REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v 1Clipboard /t REG_SZ /d "\"C:\Users\Admin\AppData\Local\1Clipboard\app-0.1.8\1Clipboard.exe\"" /f
      4⤵
      Adds Run key to start application
      Modifies registry key
      PID:1920
  - - C:\Users\Admin\AppData\Local\1Clipboard\Update.exe
      C:\Users\Admin\AppData\Local\1Clipboard\Update.exe --download http://1clipboard.io/download/windows
      4⤵
      Executes dropped EXE
      PID:3672
- - C:\Users\Admin\AppData\Local\1Clipboard\app-0.1.8\1Clipboard.exe
    "C:\Users\Admin\AppData\Local\1Clipboard\app-0.1.8\1Clipboard.exe" --squirrel-firstrun
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious behavior: AddClipboardFormatListener
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:1556
  - - C:\Users\Admin\AppData\Local\1Clipboard\app-0.1.8\1Clipboard.exe
      "C:\Users\Admin\AppData\Local\1Clipboard\app-0.1.8\1Clipboard.exe" --type=renderer --no-sandbox --lang=en-US --node-integration=true --enable-pinch --device-scale-factor=1 --enable-delegated-renderer --num-raster-threads=4 --gpu-rasterization-msaa-sample-count=8 --content-image-texture-target=3553 --video-image-texture-target=3553 --disable-accelerated-video-decode --disable-webrtc-hw-encoding --disable-gpu-compositing --channel="1556.0.350538828\1064718180" /prefetch:673131151
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:3984
  - - C:\Users\Admin\AppData\Local\1Clipboard\app-0.1.8\1Clipboard.exe
      "C:\Users\Admin\AppData\Local\1Clipboard\app-0.1.8\1Clipboard.exe" --type=renderer --no-sandbox --lang=en-US --node-integration=true --enable-pinch --device-scale-factor=1 --enable-delegated-renderer --num-raster-threads=4 --gpu-rasterization-msaa-sample-count=8 --content-image-texture-target=3553 --video-image-texture-target=3553 --disable-accelerated-video-decode --disable-webrtc-hw-encoding --disable-gpu-compositing --channel="1556.1.1297927055\475264196" /prefetch:673131151
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:2180
  - - C:\Windows\SysWOW64\REG.exe
      REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v 1Clipboard /t REG_SZ /d "\"C:\Users\Admin\AppData\Local\1Clipboard\app-0.1.8\1Clipboard.exe\"" /f
      4⤵
      Adds Run key to start application
      Modifies registry key
      PID:1856
  - - C:\Users\Admin\AppData\Local\1Clipboard\Update.exe
      C:\Users\Admin\AppData\Local\1Clipboard\Update.exe --download http://1clipboard.io/download/windows
      4⤵
      Executes dropped EXE
      Suspicious use of AdjustPrivilegeToken
      PID:3740
  - - C:\Users\Admin\AppData\Local\1Clipboard\app-0.1.8\1Clipboard.exe
      "C:\Users\Admin\AppData\Local\1Clipboard\app-0.1.8\1Clipboard.exe" --type=renderer --no-sandbox --lang=en-US --node-integration=false --guest-instance-id=1 --enable-pinch --device-scale-factor=1 --enable-delegated-renderer --num-raster-threads=4 --gpu-rasterization-msaa-sample-count=8 --content-image-texture-target=3553 --video-image-texture-target=3553 --disable-accelerated-video-decode --disable-webrtc-hw-encoding --disable-gpu-compositing --channel="1556.2.2137831574\102514208" /prefetch:673131151
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:3568
  - - C:\Users\Admin\AppData\Local\1Clipboard\app-0.1.8\1Clipboard.exe
      "C:\Users\Admin\AppData\Local\1Clipboard\app-0.1.8\1Clipboard.exe" --type=renderer --no-sandbox --lang=en-US --node-integration=false --guest-instance-id=1 --enable-pinch --device-scale-factor=1 --enable-delegated-renderer --num-raster-threads=4 --gpu-rasterization-msaa-sample-count=8 --content-image-texture-target=3553 --video-image-texture-target=3553 --disable-accelerated-video-decode --disable-webrtc-hw-encoding --disable-gpu-compositing --channel="1556.3.1299246867\1283354807" /prefetch:673131151
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:4056

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\1Clipboard\SquirrelSetup.log

Filesize
3KB

MD5
bb88422d4ab03cbf9a64888c349d7bb2

SHA1
6128dc9ba11de846014297eb5a0a81aaaa0f0eba

SHA256
dd639f2e3a163410f4de9d210f334b61ad8d4afd2e37ceb9b6161a7c51bb3d45

SHA512
ec85eb91eae6c9476df9a8cd73c24182d26c3b786a0e344e3f3c8f18498a387527e847651a22e5377fcb6f617b0c9582ada5ae196716846436a7412956d4b5c6

Download Submit
C:\Users\Admin\AppData\Local\1Clipboard\app-0.1.8\1Clipboard.exe

Filesize
48.9MB

MD5
d4cb78b8bd7d44d5a8f3a5f61de124c5

SHA1
817dace9fac423f0b0ed383d80ac9da31ddb593a

SHA256
ffd38c0274ab03c4a191943c89e429d89f31265183af8d177ede5a1185ad00ae

SHA512
194fef269937f22fe600dce66d86a958c12b59834b683848d3233b9bd4ffd80487db57d4775f7a898c8a32ea983aa04e5a9561c37ac858fb26890b7eab2089a7

Download Submit
C:\Users\Admin\AppData\Local\1Clipboard\app-0.1.8\MSVCP120.dll

Filesize
444KB

MD5
fd5cabbe52272bd76007b68186ebaf00

SHA1
efd1e306c1092c17f6944cc6bf9a1bfad4d14613

SHA256
87c42ca155473e4e71857d03497c8cbc28fa8ff7f2c8d72e8a1f39b71078f608

SHA512
1563c8257d85274267089cd4aeac0884a2a300ff17f84bdb64d567300543aa9cd57101d8408d0077b01a600ddf2e804f7890902c2590af103d2c53ff03d9e4a5

Download Submit
C:\Users\Admin\AppData\Local\1Clipboard\app-0.1.8\MSVCR120.dll

Filesize
948KB

MD5
034ccadc1c073e4216e9466b720f9849

SHA1
f19e9d8317161edc7d3e963cc0fc46bd5e4a55a1

SHA256
86e39b5995af0e042fcdaa85fe2aefd7c9ddc7ad65e6327bd5e7058bc3ab615f

SHA512
5f11ef92d936669ee834a5cef5c7d0e7703bf05d03dc4f09b9dcfe048d7d5adfaab6a9c7f42e8080a5e9aad44a35f39f3940d5cca20623d9cafe373c635570f7

Download Submit
C:\Users\Admin\AppData\Local\1Clipboard\app-0.1.8\content_resources_200_percent.pak

Filesize
15B

MD5
7c321056f805aabd5a503821fa1994cd

SHA1
9c690875c9189c66c93ebd4c0971739653bccd19

SHA256
261e6aad3ad0a5f608b5694919ee39026c4c3eb4256540068f7c1aa46be9315a

SHA512
8a5f4b3726e4513251475ac470f86f0daa0d5ae42bb750019ce96ed871cb04a7391cea2cef79e67c585e3a982041575e60d0f79b3a5bb9ad09be53362787f090

Download Submit
C:\Users\Admin\AppData\Local\1Clipboard\app-0.1.8\content_shell.pak

Filesize
8.3MB

MD5
0e3fe447362f4d59d1a24628f6c1c98b

SHA1
7e3a69d9050338faf1af381aeff993136f0a044b

SHA256
101a0cee486efa6e3c4ba9aa075bc6ce0504ea43af3254e1f715a562e3c4ca63

SHA512
6c30d972bf33e859e16cf4799465b62d61553a9385e198bfca467275cd41118da5d52a9bb198fec659cb3c7ddff99d2b96ab6de4577cbf80b24d5445520d3ce8

Download Submit
C:\Users\Admin\AppData\Local\1Clipboard\app-0.1.8\icudtl.dat

Filesize
9.7MB

MD5
970fe088600931d0507605759c6b3679

SHA1
22c8b378d1695e0f94ae8d52c9480eccff92f62c

SHA256
18977bd65e2b2ceb2821db501dfd2bdd920762972e612dd1d8ec45f4a313296f

SHA512
27a3545455432ca2a196621a8968d122da94afc30c3c8e50b2215116f03a7cfd6ef1760372f655888a20355becce6baf324d1621529666f07c964c15cdd975f9

Download Submit
C:\Users\Admin\AppData\Local\1Clipboard\app-0.1.8\natives_blob.bin

Filesize
401KB

MD5
f30185ebe0f0c9e67a2f228a8795b491

SHA1
d04538ee75d54587472ef1bbfe343b087e40d5fd

SHA256
309a304a5e4ed8688ecb60064c4118598a606b7914b37b9cbe577898f9f30e01

SHA512
ab077d79f5e0a1d448363214c8199f9e9a13eb66d860ff3bfb9f9d555cb9054c317175e298b5db31084c836f9ed16e00c662ec9d91523e4eaba4a9d5bcd5d5a9

Download Submit
C:\Users\Admin\AppData\Local\1Clipboard\app-0.1.8\node.dll

Filesize
9.0MB

MD5
c3053ed3acedc6f06c495a3b933e453b

SHA1
88dfef3febdc600c1886215c403a3a1cfbb713be

SHA256
fcd3653d2804a13da3dfef4e36e195caa9308c3387f82e1427e179c7199790cd

SHA512
5073002b1c0a37acbba712479622f7bf8c4ac3bacb6db47292e95c7af80ada2d2cdf30e2f8fdaef6f4758dd0fe92e8d8302b7b02dfb53fc2931a7ea1aaa1c694

Download Submit
C:\Users\Admin\AppData\Local\1Clipboard\app-0.1.8\resources\app.asar

Filesize
32.4MB

MD5
508dbf673d94665c5a63cc469065e28d

SHA1
fea2094e48bb8e0c2f039e41157d405dd4dd49c8

SHA256
b097d51b4b4780ad22159f7945bf9cc71fb5ee6ce870631fcec12d40ac7a6ce7

SHA512
b337ebccf105b75e87860976ccb8fb411479066a935191e3553080cf5f997fa90dec0ff6ac4b56572be7ffcb60baa8fb81c29313c5526a5926a46ce1de114024

Download Submit
C:\Users\Admin\AppData\Local\1Clipboard\app-0.1.8\resources\app.asar.unpacked\node_modules\ffi\build\Release\ffi_bindings.node

Filesize
122KB

MD5
5686784cc804035d788726f242938a55

SHA1
1a6971307aa67cee771dd42f25372bbaa04e49c1

SHA256
b6233bececaf0e0a914520b7965fff51461851bda199a9d541e3a99ea8eb9486

SHA512
e36199c5583a7df2f2c59ae55b5e778fcd5e83e0249f5e02973d7ce332c1d4ef3df07c38e27ac377e29d6c0a00a86eb640a8f9787dd9501eaa8efb7422d4e7e4

Download Submit
C:\Users\Admin\AppData\Local\1Clipboard\app-0.1.8\resources\app.asar.unpacked\node_modules\ffi\node_modules\ref\build\Release\binding.node

Filesize
116KB

MD5
1e31668674847b517ec8995f3234df3a

SHA1
07eac4e79d262498a3596a29063c833630c21e2a

SHA256
90fd2c563094eb58b7626be77880e355fbbbace5fd853ff223724577b0f4fa50

SHA512
98e1c1ab0374f00f488e24137d21a779c8216d627c3cb1d2eb07a99f74a5fb926a7f26b5d0ba1f934e38548fa96e0037f29f9834e6e701f0d0eaad28540cdd98

Download Submit
C:\Users\Admin\AppData\Local\1Clipboard\app-0.1.8\resources\atom.asar

Filesize
152KB

MD5
8242e4688742557c35ed3c8b9b343c54

SHA1
cdd0bc4a5d2de58cc8cce8c102ede68370c0bb1a

SHA256
5a549046a4712ef4faf6a3d3cd75ff233fb8eec2435016186627406ab8f24f9c

SHA512
e1fdaba8734bc9313be0ad9b134bbb1b1d5f89f24364a760d42f1a16ded6b1bf1eabc997b43884aee4e1284779af083d3e8a4c8090021765c10575b88fdff478

Download Submit
C:\Users\Admin\AppData\Local\1Clipboard\app-0.1.8\snapshot_blob.bin

Filesize
452KB

MD5
dba3d9a009a8b61ea0b923236c5386ed

SHA1
1f00f0f424648a1c0b2d790fe22a17d4325c7e84

SHA256
092c2b8e6ecfa11495dd02a26b202f639b07d4335247705f9403a0a13005466e

SHA512
9bfe711d67c0af4a8b176289e91886a1e1ab493aa86d200c18ee189fcc9e337bb6dc1a469f805e202cc768fa575af298c84d5d49238290b20b2d7cd41628bbc9

Download Submit
C:\Users\Admin\AppData\Local\1Clipboard\app-0.1.8\squirrel.exe

Filesize
1.5MB

MD5
c406c039ad7a4b2b5a4da51496132f09

SHA1
2cf99210431b548e0fd877d671775d43cd4a2a25

SHA256
01c08c8987ed4b4bc91c5f334718238f74856967ff6e54ae5d971e37b3843821

SHA512
908a0ef04e01b56ee93df599c6d4aea4d643fe30d5d4f4c0dcda561af2a2d8f844c3acc98fbf99dd699ea2729036cba713f19ba74316f4b88672c26634835222

Download Submit
C:\Users\Admin\AppData\Local\1Clipboard\app-0.1.8\ui_resources_200_percent.pak

Filesize
127KB

MD5
a4e4b6bb9be89d6f37f8bcce42ee8f0d

SHA1
c4ac2b4dcaef4e8d7e8ec393f4c685ffd36df5a1

SHA256
754d12729a317ae2d1170d9b3ebc0e93d4ab0b086451b3dc2e4df342adb5d041

SHA512
c5e560777b7755317384904ea9c572477c0de1f194ee70cd1ed7e086be9d75cc9774a5b1083443e91f41e71e414cf029d450fb8b188efbd9440f16bf0e1bbcd1

Download Submit
C:\Users\Admin\AppData\Local\1Clipboard\app-0.1.8\xcp_win32.dll

Filesize
13KB

MD5
f19ddc9cb21e283540a23e34524673b8

SHA1
287ef05e595cecbf4172db13dda4d553af59ddfd

SHA256
46f65de04ddf2c328edda070fb85456c8aee677facd78507936fe30e6cea5687

SHA512
b36b68cc2ac507e242db7313741639163a1bf8efc9c2dcc0716a0c6b3421cac492f6fdefdc6c4ce2a543ad40ef5fd4619e343d25c950662156ed58084f0ba308

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Update.exe.log

Filesize
1KB

MD5
6eb96c16eb677b6a8c1df381a0497a1a

SHA1
d4596baadc2d4bee89d57e1718ab30c0b7d563ec

SHA256
e96331392d474ca0fbc51036c7d55aa3a37aae6b074d50ebd106a277b0cb4097

SHA512
3d472d56ceb73a3df3f65eff6af088b3a81ab553153cbda925091500a6543cf83e84872f2bc81f218deddecd8f3c9868d784c2fe08ece95f915138becaecfb0b

Download Submit
C:\Users\Admin\AppData\Local\SquirrelTemp\1Clipboard-0.1.8-full.nupkg

Filesize
49.1MB

MD5
8470ee13156423a1ae5eae8d33ba92ea

SHA1
495cfd132711d0efd5e5cbb322f05b0d1a0f62ad

SHA256
38e8e64ebc4a398f015322521fd3a9f8f86177ccaea4218f7b7ed6d26602691c

SHA512
01dd28c7d85b2a2a41b52ba38f560c1141d746cc223f98cbf536da9308e752b0b06ea114c05739a4ceb5c0ece2dedbf4516a7d4e40b4272c64ea7cbf50cc964a

Download Submit
C:\Users\Admin\AppData\Local\SquirrelTemp\RELEASES

Filesize
80B

MD5
b0994329e8a9b037df6255fdd67498e9

SHA1
d9ad49b6f175e74c9df8fe44dac6129896d2dd0b

SHA256
7624ad2c2b9e586f1eb24cfe7b56c64f60d18668d57cd5f0eac2b54684bf3625

SHA512
394df93accf5e59c2d7d0ccf848f297f293fd85bbfe04f96b1f2ed248007b1db1784775b2124377db9434f5de4e3a1dfdbdee470b6b8f42bcc09f25d7020510c

Download Submit
C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe

Filesize
1.5MB

MD5
6da596c88bb4af29fb2fc81f342657bb

SHA1
b0018e50bb19a8bdba8ede847bc18b71ab9d6372

SHA256
470f9839cf83aab68ccbe2c3f175fa1fcd988bc9645224c7a97995132ce81aaf

SHA512
9e80d2b447e4ad1291540c2fc293084ff40e289014c4d3e8116894300959b24bf5dc3579baff0e06130616031475bdcfe669d3153d0edc5f12626c1319799496

Download Submit
C:\Users\Admin\AppData\Local\SquirrelTemp\background.gif

Filesize
12KB

MD5
abdff386b0e923f96645021835d7f625

SHA1
8b386ccddef2335c8a1ea4bacf8e7c0c966d7d84

SHA256
cea4d44b8bd5f7bae9df7f06b7ab98b378daf0f398ab114ad0d3c1e3fa3f6f25

SHA512
db832e6bc90c482c8b2173637aa70dd80b34f8328f5df830a774fd3e84f1e9012079c9c1f556cd380b838ea89b3017382bf0045c13935c7a3579b98bb921e8ee

Download Submit
C:\Users\Admin\AppData\Roaming\1Clipboard\DevTools Extensions

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Roaming\1Clipboard\userdata.json

Filesize
235B

MD5
b84c4763109665fdffbf72614131832d

SHA1
a1e801f7c8bb58068ebac63f8b432520287ecb28

SHA256
3fd37cb73c72531317c70f0ce356f402da05102955752af9f529225e3e37f82f

SHA512
405e040bd8dcaa078434c63b87821479a3acfa1090d2b6f82ddd1bbc1f1cb30dc794525285705ee06172954a1a00c8af1f6e15fa3bbe3208db36810a77b51b4a

Download Submit
memory/1556-222-0x0000000030800000-0x0000000030801000-memory.dmp

Filesize
4KB

Download
memory/2180-252-0x0000000010E00000-0x0000000010E01000-memory.dmp

Filesize
4KB

Download
memory/2472-197-0x0000000030000000-0x0000000030001000-memory.dmp

Filesize
4KB

Download
memory/2480-118-0x0000000000510000-0x0000000000692000-memory.dmp

Filesize
1.5MB

Download
memory/3132-136-0x0000000024C00000-0x0000000024C01000-memory.dmp

Filesize
4KB

Download
memory/3132-135-0x000000003FA00000-0x000000003FA01000-memory.dmp

Filesize
4KB

Download
memory/3408-201-0x000000003E600000-0x000000003E601000-memory.dmp

Filesize
4KB

Download
memory/3460-8-0x00000000000E0000-0x000000000025A000-memory.dmp

Filesize
1.5MB

Download
memory/3460-220-0x000000000A120000-0x000000000A1B2000-memory.dmp

Filesize
584KB

Download
memory/3460-174-0x0000000006160000-0x000000000616E000-memory.dmp

Filesize
56KB

Download
memory/3460-173-0x0000000009CB0000-0x0000000009CE8000-memory.dmp

Filesize
224KB

Download
memory/3460-9-0x0000000073C30000-0x00000000743E0000-memory.dmp

Filesize
7.7MB

Download
memory/3460-7-0x0000000073C3E000-0x0000000073C3F000-memory.dmp

Filesize
4KB

Download
memory/3460-265-0x0000000073C30000-0x00000000743E0000-memory.dmp

Filesize
7.7MB

Download
memory/3512-179-0x0000000005610000-0x0000000005630000-memory.dmp

Filesize
128KB

Download
memory/3568-270-0x000000002B600000-0x000000002B601000-memory.dmp

Filesize
4KB

Download
memory/3740-264-0x0000000006410000-0x000000000693C000-memory.dmp

Filesize
5.2MB

Download
memory/3984-250-0x000000000C800000-0x000000000C801000-memory.dmp

Filesize
4KB

Download
memory/4056-275-0x0000000026900000-0x0000000026901000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads