488c94694cd1117a023d0ffa3f5783b2e9ee411cf490869a1ac19be8c6d3271f

Analysis

max time kernel
94s
max time network
143s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
30-09-2024 13:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

01a4e24a170e93a2277287235b863c4e_JaffaCakes118.exe
Size

552KB
MD5

01a4e24a170e93a2277287235b863c4e
SHA1

81a9046ef796d8f67767b41e2672e014866c3940
SHA256

488c94694cd1117a023d0ffa3f5783b2e9ee411cf490869a1ac19be8c6d3271f
SHA512

95243af51ab500643859169f5c8e450b4742bab61b12bd9ddf901d02013953ea93f4810ef484edcb90f077caea8781742b2b6a5dc473c6de6179b970bf3ec700
SSDEEP

12288:h1OgLdaOmWctn+MEfOUgbJuMmFcouJqkq:h1OYdaOmtMOUgJHJJqkq

Score

7^/10

adware discovery stealer

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\Control Panel\International\Geo\Nation	01a4e24a170e93a2277287235b863c4e_JaffaCakes118.exe

Loads dropped DLL 2 IoCs

pid	Process
708	regsvr32.exe
708	regsvr32.exe

Drops Chrome extension 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkiocklhbhojnhmpfbbjfidclgebphoa\5.10\manifest.json	regsvr32.exe

Installs/modifies Browser Helper Object 2 TTPs 4 IoCs

BHOs are DLL modules which act as plugins for Internet Explorer.

stealer adware

Modify Registry

T1112

Browser Extensions

T1176

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3423A5FF-3357-10CE-FF9D-62CE7BD11C22}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3423A5FF-3357-10CE-FF9D-62CE7BD11C22}\ = "sAvenshoare"	regsvr32.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3423A5FF-3357-10CE-FF9D-62CE7BD11C22}\NoExplorer = "1"	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3423A5FF-3357-10CE-FF9D-62CE7BD11C22}	regsvr32.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	01a4e24a170e93a2277287235b863c4e_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regsvr32.exe

Modifies Internet Explorer settings 1 TTPs 4 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\SOFTWARE\Microsoft\Internet Explorer\ApprovedExtensionsMigration	regsvr32.exe
Key created	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\SOFTWARE\Microsoft\Internet Explorer\ApprovedExtensionsMigration\{3423A5FF-3357-10CE-FF9D-62CE7BD11C22}	regsvr32.exe
Key deleted	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\APPROVEDEXTENSIONSMIGRATION\{3423A5FF-3357-10CE-FF9D-62CE7BD11C22}	regsvr32.exe
Key deleted	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\SOFTWARE\Microsoft\Internet Explorer\ApprovedExtensionsMigration	regsvr32.exe

Modifies registry class 63 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib\ = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ProxyStubClsid32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3423A5FF-3357-10CE-FF9D-62CE7BD11C22}\ProgID\ = "sAvvenshare.5.10"	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3423A5FF-3357-10CE-FF9D-62CE7BD11C22}\VersionIndependentProgID	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib\ = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib\Version = "1.0"	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3423A5FF-3357-10CE-FF9D-62CE7BD11C22}\ProgID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3423A5FF-3357-10CE-FF9D-62CE7BD11C22}\Programmable	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ProxyStubClsid32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\sAvvenshare.sAvvenshare\CLSID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3423A5FF-3357-10CE-FF9D-62CE7BD11C22}\ProgID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3423A5FF-3357-10CE-FF9D-62CE7BD11C22}\InprocServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib\Version = "1.0"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3423A5FF-3357-10CE-FF9D-62CE7BD11C22}\ = "sAvenshoare"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\sAvvenshare.sAvvenshare.5.10\CLSID\ = "{3423A5FF-3357-10CE-FF9D-62CE7BD11C22}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3423A5FF-3357-10CE-FF9D-62CE7BD11C22}\InprocServer32\ = "C:\\ProgramData\\sAvenshoare\\kH7codvHK.dll"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\FLAGS\ = "0"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\HELPDIR	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\sAvvenshare.sAvvenshare.5.10	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\sAvvenshare.sAvvenshare.5.10\ = "sAvenshoare"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ = "ILocalStorage"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ProxyStubClsid32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib\ = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3423A5FF-3357-10CE-FF9D-62CE7BD11C22}\VersionIndependentProgID\ = "sAvvenshare"	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3423A5FF-3357-10CE-FF9D-62CE7BD11C22}\Programmable	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\0\win32\ = "C:\\ProgramData\\sAvenshoare\\kH7codvHK.tlb"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ = "IIEPluginMain"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ = "IIEPluginMain"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\sAvvenshare.sAvvenshare\CurVer	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3423A5FF-3357-10CE-FF9D-62CE7BD11C22}\InprocServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\0\win32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib\Version = "1.0"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3423A5FF-3357-10CE-FF9D-62CE7BD11C22}\InprocServer32\ThreadingModel = "Apartment"	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3423A5FF-3357-10CE-FF9D-62CE7BD11C22}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ProxyStubClsid32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ = "ILocalStorage"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib\Version = "1.0"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\sAvvenshare.sAvvenshare	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\sAvvenshare.sAvvenshare\CurVer\ = "sAvvenshare.5.10"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\ = "IEPluginLib"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\HELPDIR\ = "C:\\ProgramData\\sAvenshoare"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib\ = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3423A5FF-3357-10CE-FF9D-62CE7BD11C22}\VersionIndependentProgID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\0	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\sAvvenshare.sAvvenshare\CLSID\ = "{3423A5FF-3357-10CE-FF9D-62CE7BD11C22}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3423A5FF-3357-10CE-FF9D-62CE7BD11C22}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\FLAGS	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\sAvvenshare.sAvvenshare.5.10\CLSID	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\sAvvenshare.sAvvenshare\ = "sAvenshoare"	regsvr32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4856 wrote to memory of 708	4856	01a4e24a170e93a2277287235b863c4e_JaffaCakes118.exe	82
PID 4856 wrote to memory of 708	4856	01a4e24a170e93a2277287235b863c4e_JaffaCakes118.exe	82
PID 4856 wrote to memory of 708	4856	01a4e24a170e93a2277287235b863c4e_JaffaCakes118.exe	82

C:\Users\Admin\AppData\Local\Temp\01a4e24a170e93a2277287235b863c4e_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\01a4e24a170e93a2277287235b863c4e_JaffaCakes118.exe"
1⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:4856
- C:\Windows\SysWOW64\regsvr32.exe
  "C:\Windows\System32\regsvr32.exe" /n /s /i:"" sE2NjjBQl.dll
  2⤵
  - Loads dropped DLL
  - Drops Chrome extension
  - Installs/modifies Browser Helper Object
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Modifies registry class
  PID:708

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Browser Extensions

T1176

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\7zS7BA8.tmp\Preferences.C__Users_Admin_AppData_Local_Google_Chrome_User Data_Default_Preferences

Filesize
7KB

MD5
7d9b5f08cd85f72f1b788e52c26f2483

SHA1
37c1009f6c9201310c65ca9fc7a3e659f7d805ac

SHA256
5d7606098c17c63746342d74953619ddd9aa353015791ca45817b4904a251eb2

SHA512
ddd7eed320db0480ad08f408e887f3327d8f9c13b0ffe786d005fc49f16d4e76f3d5a9482f18aeacfe5cc9ead89a28e458c941d77b9136b3659cf91c439aff3c

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS7BA8.tmp\[email protected]\bootstrap.js

Filesize
2KB

MD5
7f551be86d483136bbc83719c5957f6a

SHA1
ce00879f913a96fa18a5cc246e17919d1a4cd5ef

SHA256
ee2529a9c4737c961b28421714a3bb040973951daa209e430109daa0a803d665

SHA512
1407b2a262e25c543f4f75e29666929c65b6348f0bc32d869533ed89d422caf75698b8f2044b16fd8f17b32b7451951d26674903130a36755076b06eab744ddb

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS7BA8.tmp\[email protected]\chrome.manifest

Filesize
112B

MD5
2af326d2b5e2c3db42eb0fe3a445224c

SHA1
0e9ae507c14616a95bfa4133ccd3372ff1098575

SHA256
04c6bb1494d301df9d1556e8da034fe291e0bce0e19e73746cae8e8b8ee64864

SHA512
f4a5f18a76efd3c8a756ca26f35ab0e6ca23f8903d1a4b1f920876d9490301af30cc29a074ae86a8456cf0df55483dd8af573ad4cc5a15c8ba092950849ca489

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS7BA8.tmp\[email protected]\content\bg.js

Filesize
9KB

MD5
d93f1de581cfcc87f7fe89a042c9feca

SHA1
fe3f1f29065219cb3998021347da8d9aa696907b

SHA256
edbb4d8e3f9ca6353e93120c102aab08d968626c833ed8d822f04c3128d0b4d6

SHA512
1deab8a2f7bb4e4becf03c86eafbbf8c91d890ff10ea04bbc561414337a5e23d72ac29f0aaccd37f99573fc766f685bd2cb8c84c72da47db067d6f432d1ba24a

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS7BA8.tmp\[email protected]\install.rdf

Filesize
604B

MD5
8700000678c18f7da60aa52c2cbe2232

SHA1
5a66716ca1c215989f7b3988412107c7aada0631

SHA256
7d4cc71c847bbaccbd1c97b7f2d6d0eee12e1a61142492e0ea29e1812f02ff5b

SHA512
55aea1722d0045ec1dca6c2a592a0aefe6fdef4ad4fbd6887d3f4d535661eb0cb0d34639fde90b3fa2f149502b6432f6ed0664b3c001706dbd727c672f2fd216

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS7BA8.tmp\fkiocklhbhojnhmpfbbjfidclgebphoa\PU1ynlCJRv.js

Filesize
5KB

MD5
4022c0a7b2ba422b41a0d97694f34dc9

SHA1
cdcf473bba618800054c7c16a81c2f6edfc65fa2

SHA256
d30c6157e7511a7b88f8e37ef79ad5054fa2e8c2524c5e2af2339bc38f5a9631

SHA512
0ec11ee88f8aeb402788842d80ddba70b7cab268784cd02da8104c698217edaffdeb91bc582d9508d9e9d261000d58c05ffb71285ad4ebd659dd37f5a6b08812

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS7BA8.tmp\fkiocklhbhojnhmpfbbjfidclgebphoa\background.html

Filesize
147B

MD5
5d9493f876f3a6b5569a89dcb141f2c4

SHA1
4dc14a6c9f046c52f19210f531dcd978817c2ac4

SHA256
c4bef4bc15cb6a9dd9cd8e25817347c5d2b128b1cdcbc1f6af5883649c18779a

SHA512
ed25229851c76f20e02697b67f525a308a6b08c4f11ed3b9c6eb326a70e2672973dcc251fceb9ee265a607a0a273abc153f085ddaceab7c5b235bdbfccf7b834

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS7BA8.tmp\fkiocklhbhojnhmpfbbjfidclgebphoa\content.js

Filesize
197B

MD5
5f9891607f65f433b0690bae7088b2c1

SHA1
b4edb7579dca34dcd00bca5d2c13cbc5c8fac0de

SHA256
fb01e87250ac9985ed08d97f2f99937a52998ea9faebdc88e4071d6517e1ea6b

SHA512
76018b39e4b62ff9ea92709d12b0255f33e8402dfc649ed403382eebc22fb37c347c403534a7792e6b5de0ed0a5d97a09b69f0ffc39031cb0d4c7d79e9440c7c

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS7BA8.tmp\fkiocklhbhojnhmpfbbjfidclgebphoa\lsdb.js

Filesize
559B

MD5
209b7ae0b6d8c3f9687c979d03b08089

SHA1
6449f8bff917115eef4e7488fae61942a869200f

SHA256
e3cf0049af8b9f6cb4f0223ccb8438f4b0c75863684c944450015868a0c45704

SHA512
1b38d5509283ef25de550b43ef2535dee1a13eff12ad5093f513165a47eec631bcc993242e2ce640f36c61974431ae2555bd6e2a97aba91eb689b7cd4bf25a25

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS7BA8.tmp\fkiocklhbhojnhmpfbbjfidclgebphoa\manifest.json

Filesize
505B

MD5
9f5e337c5987f275039c6ea0c481fc51

SHA1
3dbac5dd5cb63e00e6ee61ff9d5405717ba0d206

SHA256
703a77517d4ef06675e5ab0afb477f94b3e73f678020fd8793c15546806171dd

SHA512
863bea275b60c44dacf9bd909097d16f19a2aab2a30ab2d35b4960dc1a37361e6dd56610f90a6f084f4b453344064b05275df1606785dcef77926fb4f837f8d6

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS7BA8.tmp\fkiocklhbhojnhmpfbbjfidclgebphoa\sqlite.js

Filesize
1KB

MD5
0df73d2858e503e169f41c1d4a068fe6

SHA1
0d590d5f75f081ec7c451bddc3b8d258d07d8c1b

SHA256
d9991ac9bebaaa511653da91e5504ca5f916d195dcc207a0a09dcbffe7e26e44

SHA512
bdd0c26d81f1468076ba8893deb9be51f2e5e895a8efe7274adc47590b8cc8ee64902b19189fb13b2ed9685db0ea258c2f18c311b479b168da15337a74c9274e

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS7BA8.tmp\kH7codvHK.dll

Filesize
180KB

MD5
0e093772550eb9541dd715c016b5584a

SHA1
20338dc859a5652f5661280dc508f4e5b533e76d

SHA256
028999304f35f7a6fc2cf6e360d4ea587612d63ce191fa979cc98ccca46ab149

SHA512
0030b395e2fde6bc9f70f52e71d8e87d306cff8afd2acbad725c4cc92b6d7916a38c1d6d156feaec841966492d32394982ef51989e2b8673d7c00e103f744dd5

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS7BA8.tmp\kH7codvHK.tlb

Filesize
2KB

MD5
48e9706fe9f76731f3576122fc3e9e33

SHA1
387c8c4898ead8ace488a7df80fead429eaf167b

SHA256
7bad79916803a14ca817e5c39f5ec2f0f240044d6dc24fb4916c8fda338060f1

SHA512
e9b44a2b1b7a806066182a084ec9df81916fc6db79710256e173377e7cd64a732c006830bbe324a9a734731ecde8b8251cfa995399f6d4df5322faff99c458b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS7BA8.tmp\sE2NjjBQl.dll

Filesize
203KB

MD5
41b13b132cb601ecc466654b90296353

SHA1
245258ddccb48826f22d57444f49fa30be1b36fd

SHA256
7fa4bb68c313e1090587a64b90e87bdcbc14ea3fb7c0e8cff94c657c969b70bf

SHA512
0e8de7bbe3695848e299fe3f3506f2e982a60cf0a0dd11cde86de4af67ef3c7b46458680d7bad9cedaa266ea33cb2e77f2aa83fcf1bdd20bf31d1936f2bd69a6

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS7BA8.tmp\settings.ini

Filesize
7KB

MD5
31c3ed93dc5851ffe89f5b49fe460e28

SHA1
ab9ab53533f9dabf5219ad9b62963183e0ff0952

SHA256
94111c7f7c46e3a8b14f70f69325a147c78ef1ad26be08db1b254d904ec97a9a

SHA512
8829fb8042ba4679486987dc39969a124c0765b6a740226017869eeba4f20e9ef1ced116ca9ff2d3776a961f5c705339360a004ef22ed1001faeaa7e978e6be2

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads