6865944fe02c51e5ed1c05c562f582794e8f97c2391264ce9464b973884f18fc

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
30-09-2024 13:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

018adda24cbad244666ce8f0efcc08c3_JaffaCakes118.exe
Size

551KB
MD5

018adda24cbad244666ce8f0efcc08c3
SHA1

2883d259324715778a0863b426b81d51477f4dd3
SHA256

6865944fe02c51e5ed1c05c562f582794e8f97c2391264ce9464b973884f18fc
SHA512

a9dc1d34857931128f4464f5f46a5f7dee1e71a65db26b5386623afea64f275f8b20c327174048acade1f571784f15773bb70ab6ca5fb7abd8b5ca0fabdc4edc
SSDEEP

12288:h1OgLdaOlWctn+MEfOUgbJuMmFcouJqkB:h1OYdaOltMOUgJHJJqkB

Score

7^/10

adware discovery stealer

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\Control Panel\International\Geo\Nation	018adda24cbad244666ce8f0efcc08c3_JaffaCakes118.exe

Loads dropped DLL 2 IoCs

pid	Process
552	regsvr32.exe
552	regsvr32.exe

Drops Chrome extension 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mipbfoejiicgaljmcilpbppekanfoaac\3.8\manifest.json	regsvr32.exe

Installs/modifies Browser Helper Object 2 TTPs 4 IoCs

BHOs are DLL modules which act as plugins for Internet Explorer.

stealer adware

Modify Registry

T1112

Browser Extensions

T1176

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D47C3C36-E205-DAC8-D124-9A22A739DCC1}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D47C3C36-E205-DAC8-D124-9A22A739DCC1}\ = "Broowse2savee"	regsvr32.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D47C3C36-E205-DAC8-D124-9A22A739DCC1}\NoExplorer = "1"	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D47C3C36-E205-DAC8-D124-9A22A739DCC1}	regsvr32.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	018adda24cbad244666ce8f0efcc08c3_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regsvr32.exe

Modifies Internet Explorer settings 1 TTPs 4 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\SOFTWARE\Microsoft\Internet Explorer\ApprovedExtensionsMigration	regsvr32.exe
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\SOFTWARE\Microsoft\Internet Explorer\ApprovedExtensionsMigration\{D47C3C36-E205-DAC8-D124-9A22A739DCC1}	regsvr32.exe
Key deleted	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\APPROVEDEXTENSIONSMIGRATION\{D47C3C36-E205-DAC8-D124-9A22A739DCC1}	regsvr32.exe
Key deleted	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\SOFTWARE\Microsoft\Internet Explorer\ApprovedExtensionsMigration	regsvr32.exe

Modifies registry class 63 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\BrowSe2ssave.BrowSe2ssave.3.8	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib\Version = "1.0"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BrowSe2ssave.BrowSe2ssave.3.8\ = "Broowse2savee"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BrowSe2ssave.BrowSe2ssave\CurVer\ = "BrowSe2ssave.3.8"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\0	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\0\win32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\HELPDIR\ = "C:\\ProgramData\\Broowse2savee"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib\ = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BrowSe2ssave.BrowSe2ssave\CLSID\ = "{D47C3C36-E205-DAC8-D124-9A22A739DCC1}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D47C3C36-E205-DAC8-D124-9A22A739DCC1}\VersionIndependentProgID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\0\win32\ = "C:\\ProgramData\\Broowse2savee\\KM9sJN.tlb"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\BrowSe2ssave.BrowSe2ssave.3.8\CLSID	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BrowSe2ssave.BrowSe2ssave.3.8\CLSID\ = "{D47C3C36-E205-DAC8-D124-9A22A739DCC1}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\BrowSe2ssave.BrowSe2ssave	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\BrowSe2ssave.BrowSe2ssave\CurVer	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D47C3C36-E205-DAC8-D124-9A22A739DCC1}\ProgID\ = "BrowSe2ssave.3.8"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\FLAGS\ = "0"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib\ = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D47C3C36-E205-DAC8-D124-9A22A739DCC1}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib\Version = "1.0"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D47C3C36-E205-DAC8-D124-9A22A739DCC1}\ProgID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D47C3C36-E205-DAC8-D124-9A22A739DCC1}\InprocServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib\Version = "1.0"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib\ = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D47C3C36-E205-DAC8-D124-9A22A739DCC1}\ProgID	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\ = "IEPluginLib"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib\Version = "1.0"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib\ = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D47C3C36-E205-DAC8-D124-9A22A739DCC1}\Programmable	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D47C3C36-E205-DAC8-D124-9A22A739DCC1}\InprocServer32\ = "C:\\ProgramData\\Broowse2savee\\KM9sJN.dll"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ProxyStubClsid32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BrowSe2ssave.BrowSe2ssave\ = "Broowse2savee"	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D47C3C36-E205-DAC8-D124-9A22A739DCC1}\InprocServer32	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D47C3C36-E205-DAC8-D124-9A22A739DCC1}\VersionIndependentProgID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\FLAGS	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ProxyStubClsid32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ProxyStubClsid32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\BrowSe2ssave.BrowSe2ssave\CLSID	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D47C3C36-E205-DAC8-D124-9A22A739DCC1}\VersionIndependentProgID\ = "BrowSe2ssave"	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D47C3C36-E205-DAC8-D124-9A22A739DCC1}\Programmable	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D47C3C36-E205-DAC8-D124-9A22A739DCC1}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D47C3C36-E205-DAC8-D124-9A22A739DCC1}\ = "Broowse2savee"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D47C3C36-E205-DAC8-D124-9A22A739DCC1}\InprocServer32\ThreadingModel = "Apartment"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\HELPDIR	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ = "ILocalStorage"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ProxyStubClsid32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ = "IIEPluginMain"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ = "IIEPluginMain"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ = "ILocalStorage"	regsvr32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2696 wrote to memory of 552	2696	018adda24cbad244666ce8f0efcc08c3_JaffaCakes118.exe	82
PID 2696 wrote to memory of 552	2696	018adda24cbad244666ce8f0efcc08c3_JaffaCakes118.exe	82
PID 2696 wrote to memory of 552	2696	018adda24cbad244666ce8f0efcc08c3_JaffaCakes118.exe	82

C:\Users\Admin\AppData\Local\Temp\018adda24cbad244666ce8f0efcc08c3_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\018adda24cbad244666ce8f0efcc08c3_JaffaCakes118.exe"
1⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2696
- C:\Windows\SysWOW64\regsvr32.exe
  "C:\Windows\System32\regsvr32.exe" /n /s /i:"" wZT2KS.dll
  2⤵
  - Loads dropped DLL
  - Drops Chrome extension
  - Installs/modifies Browser Helper Object
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Modifies registry class
  PID:552

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Browser Extensions

T1176

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\7zS785C.tmp\KM9sJN.dll

Filesize
180KB

MD5
0e093772550eb9541dd715c016b5584a

SHA1
20338dc859a5652f5661280dc508f4e5b533e76d

SHA256
028999304f35f7a6fc2cf6e360d4ea587612d63ce191fa979cc98ccca46ab149

SHA512
0030b395e2fde6bc9f70f52e71d8e87d306cff8afd2acbad725c4cc92b6d7916a38c1d6d156feaec841966492d32394982ef51989e2b8673d7c00e103f744dd5

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS785C.tmp\KM9sJN.tlb

Filesize
2KB

MD5
48e9706fe9f76731f3576122fc3e9e33

SHA1
387c8c4898ead8ace488a7df80fead429eaf167b

SHA256
7bad79916803a14ca817e5c39f5ec2f0f240044d6dc24fb4916c8fda338060f1

SHA512
e9b44a2b1b7a806066182a084ec9df81916fc6db79710256e173377e7cd64a732c006830bbe324a9a734731ecde8b8251cfa995399f6d4df5322faff99c458b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS785C.tmp\Preferences.C__Users_Admin_AppData_Local_Google_Chrome_User Data_Default_Preferences

Filesize
7KB

MD5
f24c7157443b01995e311459da4e338b

SHA1
4fa0f0750ffe4d0590aa88d67256132df271c409

SHA256
c6244f857580bb05e4cd5d43afff56748faf54ce7ed8b88e9da5ec08e602eb0e

SHA512
4261dc0d6037db299b66bbed94719ecc9412340c970879545ac1014dc32ab4b6cb7aeff2b4d452d5b5798c748191eecaabedd2c7682c41600b23309235624fba

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS785C.tmp\[email protected]\bootstrap.js

Filesize
2KB

MD5
0fd7a81007f1a0285f7c59c199738873

SHA1
b2d8188cc30d5bb0fcb0e0a5ae93eb27d09afc56

SHA256
4e3f90353251834c5ea62267221692cad8646d872b17edeb1ce39a7f70c8f287

SHA512
1bc2d6149cdfc58a3d9e017c63371b9ebac6d29d1d3af3402a86532f1ce661f8ce030239c1f03007778a40bf8450e3acae5f8a5f60d55a8069144462d0a055a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS785C.tmp\[email protected]\chrome.manifest

Filesize
106B

MD5
1b4a3f3c5f5f7f6b51f1fe695c832495

SHA1
e7de37370761901616588d0030c86b4c9d22e369

SHA256
5b07e443d502d3a5aa52ef9094548e46e03a90377ec2c7cba47317d96e1d263f

SHA512
f59426018a03802ae924bc1138543b6cbafd14a3fa29c7e021c4db39c3bb2561c24d0fda0c13e62fcb1d95972bea5b028ff0f1ffdb9d3be16fe6ae3c92660815

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS785C.tmp\[email protected]\content\bg.js

Filesize
9KB

MD5
81684b80dfdcbca5d67bc94fb80ca068

SHA1
a7fc0b59f8a995ab8bb9f881e391bb858f118e42

SHA256
ad16b2db4bb6a6d3f134780bcec81636311060ce34f6888bba9c79512cef589b

SHA512
48f9daf2b2df3e25e64800918ddae06ba97cddddfefb71346af4ad3faf5cf2339a75315a30a50435d5c25a8466fbfd58f14eac575f4e32b3a13f88f95a21fd0c

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS785C.tmp\[email protected]\install.rdf

Filesize
604B

MD5
637adf62efd20e0d0faf068d7158a8b7

SHA1
3ce07037170532e53df5b854763dd9117b4bafff

SHA256
a99d12df24e7475c03da2986962586561c36c11e10ee50fa419c95f22d6f075b

SHA512
6ae355468140abb7ab0758ffc9ea8198f1c4b9c7bbf0b89d024a7479d3c0af514eb2e5fc18db5771f0abf3504366b7c86c58e1bb72d8adcd6e9f91e2a421c1e9

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS785C.tmp\mipbfoejiicgaljmcilpbppekanfoaac\DDQMJiQ.js

Filesize
5KB

MD5
c1b4b107eb1b39a93ed89b73384b75aa

SHA1
f8ad12ec01757c719bdd75f6f5455d1f42af1afe

SHA256
97d764df1859beba02cb15e2cf7a42e935caa9c34ba8f0ae5fc091d5b22429c7

SHA512
1540c90858f6768d7886e95bc1377ae5207f96937404585019b8e4515f21b31f0da8b9ba943fdff4ebc8651f4900734dc814c00e6495cd5cfd5ea6606bb8f333

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS785C.tmp\mipbfoejiicgaljmcilpbppekanfoaac\background.html

Filesize
144B

MD5
601c1b37058a981f5668fa8775426f4e

SHA1
144f336c4d13bae9962ff47077fe3f14b084e07a

SHA256
c2461a5286072041f6975a5b4b80f263d45caf37dcf261202a92bb130e73b8bb

SHA512
64b70fc5b56e3517878aa0017854a17aae587db0150434610605040ab2c73220e8bed32f1fc4326bc75b715e8ecfa2f1af5bad1e14e24999d015df7f68b92b0e

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS785C.tmp\mipbfoejiicgaljmcilpbppekanfoaac\content.js

Filesize
197B

MD5
5f9891607f65f433b0690bae7088b2c1

SHA1
b4edb7579dca34dcd00bca5d2c13cbc5c8fac0de

SHA256
fb01e87250ac9985ed08d97f2f99937a52998ea9faebdc88e4071d6517e1ea6b

SHA512
76018b39e4b62ff9ea92709d12b0255f33e8402dfc649ed403382eebc22fb37c347c403534a7792e6b5de0ed0a5d97a09b69f0ffc39031cb0d4c7d79e9440c7c

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS785C.tmp\mipbfoejiicgaljmcilpbppekanfoaac\lsdb.js

Filesize
559B

MD5
209b7ae0b6d8c3f9687c979d03b08089

SHA1
6449f8bff917115eef4e7488fae61942a869200f

SHA256
e3cf0049af8b9f6cb4f0223ccb8438f4b0c75863684c944450015868a0c45704

SHA512
1b38d5509283ef25de550b43ef2535dee1a13eff12ad5093f513165a47eec631bcc993242e2ce640f36c61974431ae2555bd6e2a97aba91eb689b7cd4bf25a25

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS785C.tmp\mipbfoejiicgaljmcilpbppekanfoaac\manifest.json

Filesize
505B

MD5
4b0b8e4d8bbf1fd44b3ccee1e5ca895a

SHA1
b7a1ae2194156a0ebcae675f916d8784008699ab

SHA256
68e7b093e16fc9bba7003ac14f94e51acffadc7470a3fb2b47fc5a1e0ecb81ac

SHA512
bcc5cfeab752704fc26a4330aa2442f2a77837c902e847bed67ca5fc40483f9a65a2c857fd107e9916cea8e95a0ed0c060297edb2d999d9343d56570df17ee0f

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS785C.tmp\mipbfoejiicgaljmcilpbppekanfoaac\sqlite.js

Filesize
1KB

MD5
b6b177a9b6ee04146ed4b4dddbeaead3

SHA1
3094cbea5ce2b7c2dd3cae2c4fa0f77be15bfa03

SHA256
0d4a85607c40179d04a79276f6cc672df5c878de609f90e58a00120a8d5bdd70

SHA512
be19c26790744be6e958c64ceaac1148ceb87eb8805c14e52c67c3e97283710bec76914387a497195ef3abe12b95641a4d74bb6f51988a42127affeb571c0a7f

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS785C.tmp\settings.ini

Filesize
7KB

MD5
aaaf2900507357e6cadf619e39f33f15

SHA1
a3c7b93799ff46d1b98d5b91c962c1d1f706d90f

SHA256
3c1de4d42296aeddc5d2e557fda5b9e2a2a0ac5a8a863ca940f215820ab404d9

SHA512
cbb99d710c3afbe40b4db9b80e9b1ca1e061df0e68126e4e041096f75f4d32e79fc899be19a999887eab94e0bd10d467087b9f0a3cbd057966278474797754fa

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS785C.tmp\wZT2KS.dll

Filesize
203KB

MD5
41b13b132cb601ecc466654b90296353

SHA1
245258ddccb48826f22d57444f49fa30be1b36fd

SHA256
7fa4bb68c313e1090587a64b90e87bdcbc14ea3fb7c0e8cff94c657c969b70bf

SHA512
0e8de7bbe3695848e299fe3f3506f2e982a60cf0a0dd11cde86de4af67ef3c7b46458680d7bad9cedaa266ea33cb2e77f2aa83fcf1bdd20bf31d1936f2bd69a6

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads