5d3ff47821a82604ac3ad7b2dca2095dfe105c508dcd6d300519ebe1ec016bf0

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
30-09-2024 15:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

02062e5aaa6a9adc62e0b94623ee3fca_JaffaCakes118.exe
Size

552KB
MD5

02062e5aaa6a9adc62e0b94623ee3fca
SHA1

1eed8ae30539935b4009963a7eb9df41f0208349
SHA256

5d3ff47821a82604ac3ad7b2dca2095dfe105c508dcd6d300519ebe1ec016bf0
SHA512

e8e621235f40560aeaa0918102af4d108f3bbd61c3cd6933fd163b2edd5f8678834c4ad57ada5bbe2a56e488c7bebe95dfae4e44017a8daa5f86750da86b2dca
SSDEEP

12288:h1OgLdaOtWctn+MEfOUgbJuMmFcouJqkX:h1OYdaOttMOUgJHJJqkX

Score

7^/10

adware discovery stealer

Malware Config

Signatures

Loads dropped DLL 2 IoCs

pid	Process
2940	regsvr32.exe
2940	regsvr32.exe

Drops Chrome extension 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbajcigpglilcmfoaocomfhjodefmihn\5.10\manifest.json	regsvr32.exe

Installs/modifies Browser Helper Object 2 TTPs 4 IoCs

BHOs are DLL modules which act as plugins for Internet Explorer.

stealer adware

Modify Registry

T1112

Browser Extensions

T1176

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{AFC177BF-CC78-8242-D345-AC7BFCFC5973}\NoExplorer = "1"	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{AFC177BF-CC78-8242-D345-AC7BFCFC5973}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{AFC177BF-CC78-8242-D345-AC7BFCFC5973}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{AFC177BF-CC78-8242-D345-AC7BFCFC5973}\ = "ssaivienShare"	regsvr32.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	02062e5aaa6a9adc62e0b94623ee3fca_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regsvr32.exe

Modifies Internet Explorer settings 1 TTPs 4 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration\{AFC177BF-CC78-8242-D345-AC7BFCFC5973}	regsvr32.exe
Key deleted	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration\{AFC177BF-CC78-8242-D345-AC7BFCFC5973}	regsvr32.exe
Key deleted	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration	regsvr32.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration	regsvr32.exe

Modifies registry class 63 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib\ = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}"	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{AFC177BF-CC78-8242-D345-AC7BFCFC5973}\Programmable	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\FLAGS	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{AFC177BF-CC78-8242-D345-AC7BFCFC5973}\InprocServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{AFC177BF-CC78-8242-D345-AC7BFCFC5973}\ProgID\ = "saovenshare.5.10"	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{AFC177BF-CC78-8242-D345-AC7BFCFC5973}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\saovenshare.saovenshare\CurVer\ = "saovenshare.5.10"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{AFC177BF-CC78-8242-D345-AC7BFCFC5973}\VersionIndependentProgID\ = "saovenshare"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{AFC177BF-CC78-8242-D345-AC7BFCFC5973}\Programmable	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib\Version = "1.0"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib\ = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib\Version = "1.0"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ProxyStubClsid32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib\Version = "1.0"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{AFC177BF-CC78-8242-D345-AC7BFCFC5973}\ProgID	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\HELPDIR\ = "C:\\ProgramData\\ssaivienShare"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ProxyStubClsid32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\0\win32\ = "C:\\ProgramData\\ssaivienShare\\d4l5y1X.tlb"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ = "IIEPluginMain"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\saovenshare.saovenshare.5.10\CLSID\ = "{AFC177BF-CC78-8242-D345-AC7BFCFC5973}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\saovenshare.saovenshare\CurVer	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\FLAGS\ = "0"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ProxyStubClsid32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ = "ILocalStorage"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\saovenshare.saovenshare.5.10	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{AFC177BF-CC78-8242-D345-AC7BFCFC5973}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{AFC177BF-CC78-8242-D345-AC7BFCFC5973}\VersionIndependentProgID	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\ = "IEPluginLib"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\saovenshare.saovenshare\CLSID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib\ = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{AFC177BF-CC78-8242-D345-AC7BFCFC5973}\InprocServer32\ = "C:\\ProgramData\\ssaivienShare\\d4l5y1X.dll"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\saovenshare.saovenshare\CLSID\ = "{AFC177BF-CC78-8242-D345-AC7BFCFC5973}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib\Version = "1.0"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\saovenshare.saovenshare.5.10\CLSID	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ProxyStubClsid32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{AFC177BF-CC78-8242-D345-AC7BFCFC5973}\InprocServer32\ThreadingModel = "Apartment"	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{AFC177BF-CC78-8242-D345-AC7BFCFC5973}\ProgID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{AFC177BF-CC78-8242-D345-AC7BFCFC5973}\InprocServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\HELPDIR	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\0	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{AFC177BF-CC78-8242-D345-AC7BFCFC5973}\VersionIndependentProgID	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ = "ILocalStorage"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\saovenshare.saovenshare\ = "ssaivienShare"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\0\win32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\saovenshare.saovenshare	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{AFC177BF-CC78-8242-D345-AC7BFCFC5973}\ = "ssaivienShare"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ = "IIEPluginMain"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib\ = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\saovenshare.saovenshare.5.10\ = "ssaivienShare"	regsvr32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 3004 wrote to memory of 2940	3004	02062e5aaa6a9adc62e0b94623ee3fca_JaffaCakes118.exe	30
PID 3004 wrote to memory of 2940	3004	02062e5aaa6a9adc62e0b94623ee3fca_JaffaCakes118.exe	30
PID 3004 wrote to memory of 2940	3004	02062e5aaa6a9adc62e0b94623ee3fca_JaffaCakes118.exe	30
PID 3004 wrote to memory of 2940	3004	02062e5aaa6a9adc62e0b94623ee3fca_JaffaCakes118.exe	30
PID 3004 wrote to memory of 2940	3004	02062e5aaa6a9adc62e0b94623ee3fca_JaffaCakes118.exe	30
PID 3004 wrote to memory of 2940	3004	02062e5aaa6a9adc62e0b94623ee3fca_JaffaCakes118.exe	30
PID 3004 wrote to memory of 2940	3004	02062e5aaa6a9adc62e0b94623ee3fca_JaffaCakes118.exe	30

C:\Users\Admin\AppData\Local\Temp\02062e5aaa6a9adc62e0b94623ee3fca_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\02062e5aaa6a9adc62e0b94623ee3fca_JaffaCakes118.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:3004
- C:\Windows\SysWOW64\regsvr32.exe
  "C:\Windows\System32\regsvr32.exe" /n /s /i:"" qvJeUFe.dll
  2⤵
  - Loads dropped DLL
  - Drops Chrome extension
  - Installs/modifies Browser Helper Object
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Modifies registry class
  PID:2940

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Browser Extensions

T1176

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\7zSB3C5.tmp\Preferences.C__Users_Admin_AppData_Local_Google_Chrome_User Data_Default_Preferences

Filesize
5KB

MD5
d052f3f95c1db59837bd67bca6ceaeee

SHA1
2f12cb68e9bf4ba8db3de2ad096fb95cf5be9d5b

SHA256
55a3a0bedc292972522940e9242f70d2e54a78d7fe5dcdee2926c17fba5b5068

SHA512
1ee354cfcb7280cd9bd62d44a2101c9a9608b8c6a797ec8d6a3da38606b09e026d34a41aa64d6379e96f5e2e363cdcbea60b043a98eb9c3d2bfad0090860ff33

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSB3C5.tmp\d4l5y1X.dll

Filesize
180KB

MD5
0e093772550eb9541dd715c016b5584a

SHA1
20338dc859a5652f5661280dc508f4e5b533e76d

SHA256
028999304f35f7a6fc2cf6e360d4ea587612d63ce191fa979cc98ccca46ab149

SHA512
0030b395e2fde6bc9f70f52e71d8e87d306cff8afd2acbad725c4cc92b6d7916a38c1d6d156feaec841966492d32394982ef51989e2b8673d7c00e103f744dd5

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSB3C5.tmp\d4l5y1X.tlb

Filesize
2KB

MD5
48e9706fe9f76731f3576122fc3e9e33

SHA1
387c8c4898ead8ace488a7df80fead429eaf167b

SHA256
7bad79916803a14ca817e5c39f5ec2f0f240044d6dc24fb4916c8fda338060f1

SHA512
e9b44a2b1b7a806066182a084ec9df81916fc6db79710256e173377e7cd64a732c006830bbe324a9a734731ecde8b8251cfa995399f6d4df5322faff99c458b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSB3C5.tmp\fbajcigpglilcmfoaocomfhjodefmihn\bH6jncez.js

Filesize
5KB

MD5
a2c62932abe5e880282040009f8d812a

SHA1
e35d877961629844d51663960ecf6292f242ea3c

SHA256
3f28226cdffc1f81a999c9f56c5d790cd6ec9a82cc467513a40f92e8bb219c5f

SHA512
96efb3d34f87448435676e73fe48f98d7fe11fcd4ff537cf15da8da9fc688366de9cfcfe01d0aa9c98e44cd4495e428f636c759d105c7133b0bc6ebffcbce53f

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSB3C5.tmp\fbajcigpglilcmfoaocomfhjodefmihn\background.html

Filesize
145B

MD5
38715e97da736dc84452b084ae4d290e

SHA1
09377889305b688fa23b7fad6707345378c7536e

SHA256
47c4b77fc477b6c6cac29de0e89e657fb0ad99c8973b82c957199ffbeef8dd37

SHA512
d1a6ae03d6e8d165973babd4cefcd087ea1acf68c05172db651a4a6d9bbeb071ad597127de95cc6c0bb1b89c6ee7917f175171c7f7ff66b4fef2319384a3d57c

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSB3C5.tmp\fbajcigpglilcmfoaocomfhjodefmihn\content.js

Filesize
197B

MD5
5f9891607f65f433b0690bae7088b2c1

SHA1
b4edb7579dca34dcd00bca5d2c13cbc5c8fac0de

SHA256
fb01e87250ac9985ed08d97f2f99937a52998ea9faebdc88e4071d6517e1ea6b

SHA512
76018b39e4b62ff9ea92709d12b0255f33e8402dfc649ed403382eebc22fb37c347c403534a7792e6b5de0ed0a5d97a09b69f0ffc39031cb0d4c7d79e9440c7c

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSB3C5.tmp\fbajcigpglilcmfoaocomfhjodefmihn\lsdb.js

Filesize
559B

MD5
209b7ae0b6d8c3f9687c979d03b08089

SHA1
6449f8bff917115eef4e7488fae61942a869200f

SHA256
e3cf0049af8b9f6cb4f0223ccb8438f4b0c75863684c944450015868a0c45704

SHA512
1b38d5509283ef25de550b43ef2535dee1a13eff12ad5093f513165a47eec631bcc993242e2ce640f36c61974431ae2555bd6e2a97aba91eb689b7cd4bf25a25

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSB3C5.tmp\fbajcigpglilcmfoaocomfhjodefmihn\manifest.json

Filesize
507B

MD5
e1310610a0d233997d769add22eb436a

SHA1
7e96cfceb86efc949bb6871318ab3c5c73c802b0

SHA256
ced81daceacc630ba12d0739159be0e05e76fa9f0fe1a22b17c3a9c62ea62204

SHA512
25a1f92103dee460d607581cfe4d74cc3dfb1805f4cc202b7c743b5f2c0e990cde378ff7f24fba16c502aecc5d76528011ca1b35b519d6ef783233fa04803009

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSB3C5.tmp\fbajcigpglilcmfoaocomfhjodefmihn\sqlite.js

Filesize
1KB

MD5
efe6316b507208a05ed4e01837c5d701

SHA1
748f6880a74234b26169591ae5760da25ac20e48

SHA256
7d1a052f123115710f2184378160729e131772fe956cfb0d31f75ef2223ce765

SHA512
9792e83a2751582204f3ebf0f05e00da971de4d8c609ee1e588d30366c84c560d6aff3361ef049276942080c5b1e2fa5fb89c4a0ab498d66956f883283c69bd1

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSB3C5.tmp\[email protected]\bootstrap.js

Filesize
2KB

MD5
7bd15f88eda023a9b80cd80264f07b96

SHA1
16c47a48909de87012950163e0914ceb879a29b4

SHA256
de6f50080cd44d00c2478e068651d38e8c5ef1de4c751a20936e2c521e16b5fb

SHA512
d19ba9abdb0c9635468c38e702df5c1b243aeeeacde7eea29062ecf0b57861aa30a5368b9ad4fce89d3dda77402abd0bc3eab508565530fa2c65d12db75cc755

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSB3C5.tmp\[email protected]\chrome.manifest

Filesize
108B

MD5
eb6952507ac23684b52f11799d850da9

SHA1
8c01a96029d1bba9c6124ac46ca0f4fc37d39cb4

SHA256
da9a38034d5f754077fdb634e4e90bafb26279b1798ce4ead67b6d0342cef04a

SHA512
4e941c24e56fe4da0d516b6f85458509740dec5ce3918a566ac9b7237f89a9238f4132f94b6fcbd57799d565829448b0a300a66412352e82360c99524d284bca

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSB3C5.tmp\[email protected]\content\bg.js

Filesize
9KB

MD5
4ca753d3b3bb532e4a110ff3bf0eb156

SHA1
390e1dd0c0fe33e8183de449c3813c0f6857cdd5

SHA256
b742b498657ecc2562bd2878cf525079b07e36193f37c81aea0d254e11b9331e

SHA512
a31b427e5fc796d272b90340a381c190e75a4d3e776643a871b2ee4a4b723b073e534b0eae680c2483a7ee0ad8907a59cba7ec12f9130a3d9352b75532d70661

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSB3C5.tmp\[email protected]\install.rdf

Filesize
614B

MD5
2d4dcd754989ac0894bcd82032ddae1b

SHA1
bf38d134152e51d0b5e8e2fd8e4823e090c0d900

SHA256
7613cfdfa07325e8259087606ae6b0bd08a0e3d649bc865e774219c3c939181f

SHA512
d1b848dc4de4a821ef8e83b0a1a600d3e38324b46f076d10dd2e7117c0f394057faed48d04b13ce2f4434d4211b1941477313d4535984cf22edb604ab6b07663

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSB3C5.tmp\settings.ini

Filesize
7KB

MD5
9d955d0e19ab2b3eb1ebd5405c197ffd

SHA1
80c94e5605ecb8dd698ea5b8e6822503d810f214

SHA256
16465ec99e1a72b04524fe3dc5e6dbdac9650e778453593441766ca5b9961f20

SHA512
5b38fd849af74679bd99cb91b1e3b781771d1a0d2a4cd6c8901fdfe34a12237f889155d1fe0212f0c131f5948b941f98214aab5163a01893d3443b35ba3d09ca

Download Submit
\Users\Admin\AppData\Local\Temp\7zSB3C5.tmp\qvJeUFe.dll

Filesize
203KB

MD5
41b13b132cb601ecc466654b90296353

SHA1
245258ddccb48826f22d57444f49fa30be1b36fd

SHA256
7fa4bb68c313e1090587a64b90e87bdcbc14ea3fb7c0e8cff94c657c969b70bf

SHA512
0e8de7bbe3695848e299fe3f3506f2e982a60cf0a0dd11cde86de4af67ef3c7b46458680d7bad9cedaa266ea33cb2e77f2aa83fcf1bdd20bf31d1936f2bd69a6

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads