2240bf5fb5d80938b0676c46ef9f84bc1739c32f60c473ff85e530ae0eca2818

Analysis

max time kernel
111s
max time network
116s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
30-08-2024 14:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

XMouseButtonControlSetup.2.20.5.exe
Size

2.9MB
MD5

2e9725bc1d71ad1b8006dfc5a2510f88
SHA1

6e1f7d12881696944bf5e030a7d131b969de0c6c
SHA256

2240bf5fb5d80938b0676c46ef9f84bc1739c32f60c473ff85e530ae0eca2818
SHA512

62bd9cde806f83f911f1068b452084ef2adc01bc0dec2d0f668a781cc0d94e39f6e35618264d8796ca205724725abd40429f463017e6ca5caf7d683429f82d39
SSDEEP

49152:n65SJw48kZN+nCYk7c44+Y0hdwn4Km2A5aT/pVE0hYYajihV2Qso0SWMrboF:tfpeno4oY0QZm2dlNJsrHM4

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 4 IoCs

pid	Process
1980	XMouseButtonControlSetup.2.20.5.exe
1980	XMouseButtonControlSetup.2.20.5.exe
1980	XMouseButtonControlSetup.2.20.5.exe
1980	XMouseButtonControlSetup.2.20.5.exe

Drops desktop.ini file(s) 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Videos\Captures\desktop.ini	svchost.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	XMouseButtonControlSetup.2.20.5.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	svchost.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	svchost.exe

Enumerates system info in registry 2 TTPs 12 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	quickassist.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	quickassist.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	quickassist.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	quickassist.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	quickassist.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	quickassist.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	quickassist.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemVersion	quickassist.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	quickassist.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	quickassist.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemVersion	quickassist.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	quickassist.exe

Modifies Internet Explorer settings 1 TTPs 12 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\remoteassistance.support.services.microsoft.com\ = "0"	quickassist.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\microsoft.com\Total = "0"	quickassist.exe
Key created	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Software\Microsoft\Internet Explorer\DOMStorage\microsoft.com	quickassist.exe
Key created	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage	quickassist.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\microsoft.com\NumberOfSubdomains = "1"	quickassist.exe
Key created	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total	quickassist.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "22"	quickassist.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "0"	quickassist.exe
Key created	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\microsoft.com	quickassist.exe
Key created	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Software\Microsoft\Internet Explorer\DOMStorage\remoteassistance.support.services.microsoft.com	quickassist.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\remoteassistance.support.services.microsoft.com\ = "22"	quickassist.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\microsoft.com\Total = "22"	quickassist.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1302416131-1437503476-2806442725-1000\{30DDB639-F778-4741-8C4A-208683DF89BB}	svchost.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
3960	quickassist.exe
3960	quickassist.exe
620	quickassist.exe
620	quickassist.exe

C:\Users\Admin\AppData\Local\Temp\XMouseButtonControlSetup.2.20.5.exe
"C:\Users\Admin\AppData\Local\Temp\XMouseButtonControlSetup.2.20.5.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:1980

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService
1⤵
- Drops desktop.ini file(s)
- Checks processor information in registry
- Modifies registry class
PID:216

C:\Windows\system32\quickassist.exe
"C:\Windows\system32\quickassist.exe"
1⤵
- Enumerates system info in registry
- Suspicious use of SetWindowsHookEx
PID:3960

C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\968e61d3e7f04712ad2889c4f9ee6879 /t 2140 /p 3960
1⤵
PID:3580

C:\Windows\system32\quickassist.exe
"C:\Windows\system32\quickassist.exe"
1⤵
- Enumerates system info in registry
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:620

C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\bfbf4ab771db474c8c4719619ca4e42b /t 4668 /p 620
1⤵
PID:4680

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04

Filesize
471B

MD5
09cb140f8efc30f653f3860ce881ce5c

SHA1
e46e5b8e1ab13eca28d6f7cb4d9e24ece7929257

SHA256
a54ab75bb3da30f57d1e4ccbd3401fc2506697519dbfcf0981a3152cf3fac6f9

SHA512
f0711fcac6883324f65013e28fd48dd500466dfca80d0799e9e848b16eb32019d80e16b052d369c2be6092981d1844ac8cb3a559acf2a69fb24da573d89982bc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_0FB9553B978E7F00C6B2309507DEB64A

Filesize
471B

MD5
e46b46b59dc77964cdb0a8bf09cb153e

SHA1
5693601040eb8ceff683d48671a7f6307678e13c

SHA256
470691c2b256d7d3f7e3826889a2d5cb4c0b811e8cf48d2c2c43364192531c54

SHA512
b793890c2ca102b88acb9a2a993607a75d015e1dd11265fa781bd31027a0960f40407596219b25952b1b31c9c2fe8e94b7a35aee6e1b01f54f2663c2d28430f8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_363582827213C09529A76F35FB615187

Filesize
471B

MD5
67d730dcfee7d20dc8d86f4dd6dc2649

SHA1
0f88455f0350ba1cc15de87ce4bb1fa21ddfb607

SHA256
7d4bd760d9f85f4d1ce9df6690017180f30b7f6e8589ce93a0e6a6cc83c56e2b

SHA512
15cf261bc1f1cee82017492a402f8756f9f93899a7e45aab304878208ee17a97e03c1e248be721236388da64329bd00c5a7216fea05aa0a5c9e78f14344b2f6c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_CBDCCBFE4F7A916411C1E69BDD97BB04

Filesize
471B

MD5
77cf7f2653860b2e4c0c04e1179b7184

SHA1
ed70eef2af9042080d1b4c97e141723311910a84

SHA256
3fe7a0353aa3f311df1dff6eb574da5e4c981ddacf116abab74b75ac7f0b8bee

SHA512
9ef407bc5959da4afb2b0aafa38039d478f257f15a3d9a88b10c79807ef21012b857889c181981ab42ceb196b4b3dd9ea25462675144d745d37727ed1a0700c0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04

Filesize
400B

MD5
66cb56a8bcd322e25cd38ed590a6d126

SHA1
9369ffe2ae4747c8972c33471b2944ab994d2e9c

SHA256
b6f65cf9636257c0f7797a3eb0665817176f769ab72e4d63de0cd851fc6e441e

SHA512
fe24d0d68ee4b63596af6c9dc6a9bf51820464e940f197d4c0a31636c60b23092a15a6ef85458a2451b0328d74230de4303fbad21c9a2c6022c123d321b0dc04

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_0FB9553B978E7F00C6B2309507DEB64A

Filesize
412B

MD5
bef30a793f9ad2fd0b10cc51c97cba23

SHA1
e1b83599667c0baf2a0f7355b877d42f901f2a58

SHA256
dd1abc5fe97a830cba7e406e7a8ca883ad2a30e5e3eace788c7049fbac25e9cd

SHA512
a31cebd89462280b379484bab8460da6610accab2cbfa73098945e061575d3dec9eeb5562e83f1b55bbb2118c2bcec649b7e20eb6e08e3940a35fcd77dc6e7f2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_363582827213C09529A76F35FB615187

Filesize
412B

MD5
879f8c6eba7751e0799beb27e469b5c5

SHA1
f8f2311b1ad40dcd173af1336b0f3200b0c2332b

SHA256
d190d387e129fa66866f40842061748f8db6274e4d31fd6a750148983138d48f

SHA512
50b30b9e028184f67cda505ad49799f0844115b831029ea0c742a388215bc79f4622399afffd1bdf6233ca0ac064473f4d015733cf9a595751d434b5f6e98d6e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_CBDCCBFE4F7A916411C1E69BDD97BB04

Filesize
412B

MD5
e799e6306d7903ba5a1f8b4d431778bb

SHA1
da1bebc355175baf1a8bea14577593243ab47e70

SHA256
f608826de1975683f720e676cd172d2dc54074bd643faa59507183f81e2ba60b

SHA512
1b27b827fa60f5e747d47412fda3fa20728bc57a75761d6f954443bba2de7f2be5e7a5e911bf61ee8581e3dad2919eb00e082af237123935255ce4fd5739020a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\GQ9QS10Z\remoteassistance.support.services.microsoft[1].xml

Filesize
13B

MD5
c1ddea3ef6bbef3e7060a1a9ad89e4c5

SHA1
35e3224fcbd3e1af306f2b6a2c6bbea9b0867966

SHA256
b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db

SHA512
6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\G40JFEW9\2b-8e0ae6[1].js

Filesize
134KB

MD5
b9c3e4320db870036919f1ee117bda6e

SHA1
29b5a9066b5b1f1fe5afe7ee986e80a49e86606a

SHA256
a1fe019388875b696edb373b51a51c0a8e3bad52cd489617d042c0722bdb1e48

SHA512
a878b55e8c65d880cdf14850baee1f82254c797c3284485498368f9128e42dca46f54d9d92750eeeb547c42cab9a9823aa9afab7d881090ebbfa1135cdd410b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\G40JFEW9\ca-ae3ce4[1].css

Filesize
167KB

MD5
b7af9fb8eb3f12d3baa37641537bedc2

SHA1
a3fbb622fd4d19cdb371f0b71146dd9f2605d8a4

SHA256
928acfba36ccd911340d2753db52423f0c7f6feaa72824e2a1ef6f5667ed4a71

SHA512
1023c4d81f68c73e247850f17bf048615ddabb69acf2429644bdaf8dc2a95930f7a29ceae6fbd985e1162897483a860c8248557cda2f1f3d3ff0589158625a49

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\G40JFEW9\mainapp[1].js

Filesize
352KB

MD5
c9e34559f52b0640f3245a6f22cf2610

SHA1
993882f09e26e87334c8dba81c9a4b344010f1a4

SHA256
31165c37b96a9c11315dd97201f5e61b1e0d9066f35d0f9de3de1e564fc83c2a

SHA512
1de7058a078ec8231fc9a9d008c412cf17400f54c942a976c5ebbb0ae164a857e8c84bdae424e5960f1a32c2c1524aa8ce0d87af8d8b7dbc5c4852481aab8570

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\G40JFEW9\stylesheetsltr[1].css

Filesize
367KB

MD5
01744d4a890102480e23097012a944de

SHA1
11adfda7024bfd2dc5cba67408cd632ebadacb22

SHA256
6606c87b3a6c6f9de694f69c9f72b490a0ecb7f5d682e8c3c125935a640e5ff7

SHA512
d95e047beaf4d278ca4685e3479b583b0a2513f9e54dfd82b03d483f9a3135ecf5815918384d3bd8b505676f619f4070159f9b6f61481221bc48ccbd8abeed1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\KDOTUZKP\RE1Mu3b[1].png

Filesize
3KB

MD5
9f14c20150a003d7ce4de57c298f0fba

SHA1
daa53cf17cc45878a1b153f3c3bf47dc9669d78f

SHA256
112fec798b78aa02e102a724b5cb1990c0f909bc1d8b7b1fa256eab41bbc0960

SHA512
d4f6e49c854e15fe48d6a1f1a03fda93218ab8fcdb2c443668e7df478830831acc2b41daefc25ed38fcc8d96c4401377374fed35c36a5017a11e63c8dae5c487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\KDOTUZKP\WebCore.4.5.0.ltr.light.min[1].css

Filesize
203KB

MD5
68d1e63075aff6752cfa626a4679effa

SHA1
4ecfe21dd7f9eda91085fb9e4fba044a235b8bac

SHA256
98a5e851c90a905afb08d99d0d247ce3995b130efbe8f120d21aeaf020b04e3d

SHA512
10d66a20c3221fc98bb2b8ea21de80b78d0e331bc72193324bc84f3e242eb5a411050d68476f16ad713bbb83f68c9e8cb943e42ac404566bc8537406dc28acfb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\KDOTUZKP\angularwithmsal[1].js

Filesize
241KB

MD5
4f54d3286c02d3bcf4575533ccb431b9

SHA1
a9b332d4a141a88f917b0a821b88706c7879a858

SHA256
f05335cf68cdcf5bff97e68a5d58150601bab3424fb37d7eef74faec31a2565f

SHA512
fc768145f772c9388514f660e0e04060bebade369a43a588a9a754af6851cd97920ef602002ca896e5410397d23c3018406f5ab079be18233d9d85c0e95eabfb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\KDOTUZKP\md5[1].js

Filesize
4KB

MD5
f4c13236c5f7ed68bf3bb839ee8b0ebf

SHA1
fce716468aa9a448d79c4f235656394aadcb881b

SHA256
2e982274f669350505e03c70d40c0263140d1adabbd543ecc314ecc4a8a38096

SHA512
155917acaa590be492d30b2bba939cc6017a6d4133ca8c117b8150faf2b1017058a5d68b1c02e18efb22cf57d6de1044b33a2d28a0c36a4b48fbf9a1247a7546

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\KDOTUZKP\stylesheets[1].css

Filesize
50KB

MD5
c80a0c56512ba344c6bdb9cbf7cc0a51

SHA1
963a93605e71739d0503ce9950fe82b5184dcb40

SHA256
cfbe6633934adb179c1c00ad3f52f56adbf2f5035a2d98509dac289308f0d5b6

SHA512
fd5225fbfa9f8263b34563c8359e505d53401403d5265a4d5c561519248ad23b9595afa947388d1a768d8249d5d30a78f0d7273220c614de887fcdf536eab46e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\NMN7D09E\UNU72-ZA7U7-2Y9FA-VR46A-U3RRR[1].js

Filesize
205KB

MD5
fa4c76a7fde62b18054cf7eb8e946012

SHA1
b20150066a879d2b78dd3d4908f4acd148ee66f8

SHA256
09ebd7f407439990aac227e70da23e1a819e8e30282928e324370805f480bec4

SHA512
d72f5d078675c7adbf6bfc1980712542a10668aec9163137a2ec70a5e117f8ffdd0f06a6c4c6636e35c04f2754f33d40c65c59d452afaa8ea4a382f24f200abd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\NMN7D09E\ms.analytics-web-3.min[1].js

Filesize
137KB

MD5
94feec31f6fd531c80b08fae26eb275c

SHA1
96f904fc6d751f8cfba18d506cb1067cb0ac25fc

SHA256
1569dd95c870f769b2bc3909c52c08303956bef7dfc288402d3b8bb13148bc10

SHA512
ebfc643c65ea79f4930ae22aa752c79252b91d97b0a5bb4407d262baf76c2ba84a05d0064e095d4dfc9bbe727b38428ff1d741c045f0b5a85ed38ed0a1a3c3c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\NMN7D09E\ocv[1].js

Filesize
14KB

MD5
ca4549169e43de50b1d20c84f8337b07

SHA1
76d34aa5db15d87c1ec51b6e8ac477fd1dd27ded

SHA256
599644ec66c04eea4dd122b5b3ded8846e5c9bfbf22de5a479e5924a40cb041b

SHA512
8b88554b41dceb634d8ccc0ab1a12279615e168f75f9d57b9d19c59638bb8d45bd82119accbae118296408480783fb55fc184e915273e76744b266ea208a417d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\NMN7D09E\wcp-consent[1].js

Filesize
272KB

MD5
5f524e20ce61f542125454baf867c47b

SHA1
7e9834fd30dcfd27532ce79165344a438c31d78b

SHA256
c688d3f2135b6b51617a306a0b1a665324402a00a6bceba475881af281503ad9

SHA512
224a6e2961c75be0236140fed3606507bca49eb10cb13f7df2bcfbb3b12ebeced7107de7aa8b2b2bb3fc2aa07cd4f057739735c040ef908381be5bc86e0479b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\O8WYVOD7\crypto[1].js

Filesize
13KB

MD5
2dca7c9776bd23070fc8378560ad3ade

SHA1
575556adfd677ce6f408230fb31c0a8d360033c7

SHA256
b57603ded6c2bafd359c0930ea70bc2f608744a9e10e85e6260a112917b79e3b

SHA512
fd8b87576aaf70bf801086e623b3412a5a056c778fd4f8809917732c4b8288df67f99a9242d7849d6894612e7cc29d56b8a0013daac12ed173468102214c382d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\O8WYVOD7\jquery[1].js

Filesize
87KB

MD5
c3871c2aaafa825ebf17784aa37f98dd

SHA1
485d6ff2d87fcb3ed5b936fb2e67a71961dccb1b

SHA256
d292f77399f788ca9e40e7551de3edb34cdbb6165c47a64a489299b87bb9eb6b

SHA512
85789b964238c56732f03e88b00f1832859f5a56570c8167163fbb2ccb5bc8fce86d133a5b8a2fa9bc2302a9713ac885c2fb1689e8d43b76ee22e1044ebe24e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\O8WYVOD7\meversion[1].js

Filesize
29KB

MD5
3857d47dddf1a50a6795b96d7f0e061d

SHA1
3b987fde465c7d85b03d9b6d166ac0f4f1c3f11b

SHA256
9f8dd86f504651509c4b8222479201b9b147beaeac86c2f00b362e3263a01d4e

SHA512
a0541e837909b4a2102f2aa80bddd629ee534f8c66fea6838f91bf29b4edb28fd59a7ace28e7496ac4f67d58aaebc61dd32bb8dd03db64b2a4cf33529ef74d45

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\O8WYVOD7\msal-browser.min[1].js

Filesize
366KB

MD5
0877f3f2247c97b64357d6d062635d54

SHA1
41b8613d934f18d416909ad0b5555dbd28eb0209

SHA256
8e7d8e1726319ae7ac9b83ef38b4df91c8537cacb7891a95176455ee054fa65d

SHA512
033986f5108e137a4f7046cf6856ca139b3e3ff55c0158357b87716999975a7742a7053ec8ddd8bbdd72ec07de04361e4e040c156fd46deaf0a7012f47e56f86

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\O8WYVOD7\oneds[1].js

Filesize
54KB

MD5
99da93a3eae430b9683609dbfc5de38b

SHA1
bc436b4650b83d800949f032436e8e7f05d67a0e

SHA256
e2239ee60a1e779e5f53c42e28d78b33b1a275cef011fac3028ee95a8042a983

SHA512
1b6c815bdb98b054a11e49e7b6501eb3f6792a00205f86bb4252b2ed45c87c71093d293aa3cf36ad2ef0e25d259e7f56621ddc3ea058ad992acaf8dc66b2871b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsg8956.tmp\InstallOptions.dll

Filesize
14KB

MD5
d753362649aecd60ff434adf171a4e7f

SHA1
3b752ad064e06e21822c8958ae22e9a6bb8cf3d0

SHA256
8f24c6cf0b06d18f3c07e7bfca4e92afce71834663746cfaa9ddf52a25d5c586

SHA512
41bf41add275867553fa3bd8835cd7e2a2a362a2d5670ccbfad23700448bad9fe0f577fb6ee9d4eb81dfc10d463b325b8a873fe5912eb580936d4ad96587aa6d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsg8956.tmp\System.dll

Filesize
10KB

MD5
56a321bd011112ec5d8a32b2f6fd3231

SHA1
df20e3a35a1636de64df5290ae5e4e7572447f78

SHA256
bb6df93369b498eaa638b0bcdc4bb89f45e9b02ca12d28bcedf4629ea7f5e0f1

SHA512
5354890cbc53ce51081a78c64ba9c4c8c4dc9e01141798c1e916e19c5776dac7c82989fad0f08c73e81aaba332dad81205f90d0663119af45550b97b338b9cc3

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsg8956.tmp\ioSpecial.ini

Filesize
726B

MD5
0a529ac50670007eb2a9f0808b3c42e7

SHA1
97725bdfa21d56d439c9ee6c4b8429bbd06019a5

SHA256
f6ab00c5e684232ebc6e21ecb42e47c0e51ec988f7cd8b4d52a4ab3954b47c33

SHA512
6cd5bd3a43256ff83c625e6880e06dc777f4fb83ffa537e83019e0078d9c207e3da64c4d23fff61c8b506058bfde61f362179e9e011ae1f0b596099af79451b2

Download Submit
C:\Users\Admin\Videos\Captures\desktop.ini

Filesize
190B

MD5
b0d27eaec71f1cd73b015f5ceeb15f9d

SHA1
62264f8b5c2f5034a1e4143df6e8c787165fbc2f

SHA256
86d9f822aeb989755fac82929e8db369b3f5f04117ef96fd76e3d5f920a501d2

SHA512
7b5c9783a0a14b600b156825639d24cbbc000f5066c48ce9fecc195255603fc55129aaaca336d7ce6ad4e941d5492b756562f2c7a1d151fcfc2dabac76f3946c

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads