04075eeb85cb7dc7417d20fea378aea3303e0d2f20e1d3a6155238ddc885f6c0

Analysis

max time kernel
93s
max time network
143s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
30-09-2024 16:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

02433b273826472ed3d70bbf6de86647_JaffaCakes118.exe
Size

1.1MB
MD5

02433b273826472ed3d70bbf6de86647
SHA1

8f57e8ea301653c0232f28b3d9d4ab3a6b02bd9d
SHA256

04075eeb85cb7dc7417d20fea378aea3303e0d2f20e1d3a6155238ddc885f6c0
SHA512

b466bf1efdbf166421528b261e1fd0c5bfc12e68636ffb3ebd92a369f423aaacf2a63dee6c5849fa0e6afeb378d53b19db1de7ab22dc24607c9954fc3d076c4f
SSDEEP

24576:h1OYdaOoOBsFEt5hDG0SAMs9jR/jaJnTJdwY68+UhnWb3aQ3:h1OsdOEt5hDG0SAMs9j8nTJ2Y68hWGQ3

Score

7^/10

adware discovery spyware stealer

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
4204	qUot.exe

Loads dropped DLL 1 IoCs

pid	Process
4204	qUot.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops Chrome extension 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbbihpfneblajdfkbaaalhnaamddbmpj\1.5\manifest.json	qUot.exe

Installs/modifies Browser Helper Object 2 TTPs 4 IoCs

BHOs are DLL modules which act as plugins for Internet Explorer.

stealer adware

Modify Registry

T1112

Browser Extensions

T1176

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6273DEF3-CF77-3348-A64D-B6EF59C687CF}\NoExplorer = "1"	qUot.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6273DEF3-CF77-3348-A64D-B6EF59C687CF}	qUot.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6273DEF3-CF77-3348-A64D-B6EF59C687CF}	qUot.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6273DEF3-CF77-3348-A64D-B6EF59C687CF}\ = "MaGnIPico"	qUot.exe

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	02433b273826472ed3d70bbf6de86647_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	qUot.exe

Modifies Internet Explorer settings 1 TTPs 4 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\SOFTWARE\Microsoft\Internet Explorer\ApprovedExtensionsMigration\{6273DEF3-CF77-3348-A64D-B6EF59C687CF}	qUot.exe
Key deleted	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\APPROVEDEXTENSIONSMIGRATION\{6273DEF3-CF77-3348-A64D-B6EF59C687CF}	qUot.exe
Key deleted	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\SOFTWARE\Microsoft\Internet Explorer\ApprovedExtensionsMigration	qUot.exe
Key created	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\SOFTWARE\Microsoft\Internet Explorer\ApprovedExtensionsMigration	qUot.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}	qUot.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{6273DEF3-CF77-3348-A64D-B6EF59C687CF}\Implemented Categories	qUot.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{6273DEF3-CF77-3348-A64D-B6EF59C687CF}\Programmable	qUot.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib\Version = "1.0"	qUot.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}	qUot.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ = "ILocalStorage"	qUot.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MagniPeic.MagniPeic.1.5\ = "MaGnIPico"	qUot.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MagniPeic.MagniPeic	qUot.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{6273DEF3-CF77-3348-A64D-B6EF59C687CF}	qUot.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{6273DEF3-CF77-3348-A64D-B6EF59C687CF}\VersionIndependentProgID	qUot.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib\ = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}"	qUot.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ProxyStubClsid32	qUot.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ = "IIEPluginMain"	qUot.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MagniPeic.MagniPeic.1.5\CLSID\ = "{6273DEF3-CF77-3348-A64D-B6EF59C687CF}"	qUot.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{6273DEF3-CF77-3348-A64D-B6EF59C687CF}\VersionIndependentProgID	qUot.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ProxyStubClsid32	qUot.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{6273DEF3-CF77-3348-A64D-B6EF59C687CF}\ProgID	qUot.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\0\win32	qUot.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib\Version = "1.0"	qUot.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MagniPeic.MagniPeic\CLSID	qUot.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MagniPeic.MagniPeic\CLSID\ = "{6273DEF3-CF77-3348-A64D-B6EF59C687CF}"	qUot.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MagniPeic.MagniPeic\CurVer\ = "MagniPeic.1.5"	qUot.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{6273DEF3-CF77-3348-A64D-B6EF59C687CF}\ProgID\ = "MagniPeic.1.5"	qUot.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{6273DEF3-CF77-3348-A64D-B6EF59C687CF}\InprocServer32\ = "C:\\ProgramData\\MaGnIPico\\fef.dll"	qUot.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0	qUot.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\ = "IEPluginLib"	qUot.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	qUot.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{6273DEF3-CF77-3348-A64D-B6EF59C687CF}\ = "MaGnIPico"	qUot.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{6273DEF3-CF77-3348-A64D-B6EF59C687CF}\VersionIndependentProgID\ = "MagniPeic"	qUot.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{6273DEF3-CF77-3348-A64D-B6EF59C687CF}	qUot.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\FLAGS	qUot.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\HELPDIR\ = "C:\\ProgramData\\MaGnIPico"	qUot.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ = "IIEPluginMain"	qUot.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	qUot.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib	qUot.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib\ = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}"	qUot.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MagniPeic.MagniPeic\ = "MaGnIPico"	qUot.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MagniPeic.MagniPeic\CurVer	qUot.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}	qUot.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{6273DEF3-CF77-3348-A64D-B6EF59C687CF}\Implemented Categories\{59FB2056-D625-48D0-A944-1A85B5AB2640}	qUot.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\0\win64\ = "C:\\ProgramData\\MaGnIPico\\fef.tlb"	qUot.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}	qUot.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib\Version = "1.0"	qUot.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ProxyStubClsid32	qUot.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\FLAGS\ = "0"	qUot.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	qUot.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{6273DEF3-CF77-3348-A64D-B6EF59C687CF}\Programmable	qUot.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{6273DEF3-CF77-3348-A64D-B6EF59C687CF}\InprocServer32	qUot.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}	qUot.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ = "ILocalStorage"	qUot.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib	qUot.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\0\win64	qUot.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MagniPeic.MagniPeic.1.5\CLSID	qUot.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\0	qUot.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\0\win32\ = "C:\\ProgramData\\MaGnIPico\\fef.dll"	qUot.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib	qUot.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ProxyStubClsid32	qUot.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib	qUot.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib\ = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}"	qUot.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{6273DEF3-CF77-3348-A64D-B6EF59C687CF}\InprocServer32\ThreadingModel = "Apartment"	qUot.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	qUot.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib\ = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}"	qUot.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MagniPeic.MagniPeic.1.5	qUot.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{6273DEF3-CF77-3348-A64D-B6EF59C687CF}\ProgID	qUot.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2548 wrote to memory of 4204	2548	02433b273826472ed3d70bbf6de86647_JaffaCakes118.exe	82
PID 2548 wrote to memory of 4204	2548	02433b273826472ed3d70bbf6de86647_JaffaCakes118.exe	82
PID 2548 wrote to memory of 4204	2548	02433b273826472ed3d70bbf6de86647_JaffaCakes118.exe	82

System policy modification 1 TTPs 1 IoCs

evasion

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{6273DEF3-CF77-3348-A64D-B6EF59C687CF} = "1"	qUot.exe

C:\Users\Admin\AppData\Local\Temp\02433b273826472ed3d70bbf6de86647_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\02433b273826472ed3d70bbf6de86647_JaffaCakes118.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2548
- C:\Users\Admin\AppData\Local\Temp\7zS81F1.tmp\qUot.exe
  .\qUot.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops Chrome extension
  - Installs/modifies Browser Helper Object
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Modifies registry class
  - System policy modification
  PID:4204

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Browser Extensions

T1176

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\7zS81F1.tmp\598234813.log

Filesize
6KB

MD5
117d3bfbd1a722cc0e4988e0d305addd

SHA1
bda64e25e6f2735242ecdeed72abc7d3866ac4d0

SHA256
d2d5d0c9070e89cc5deb58d7a028bf0b46b68563d7ba14b083b2619b291524aa

SHA512
106e4e955af193fb569f84a337f3cd63f6045a4206b82d621adb28b6f9df811b8041dbe9d1df842943568326f92a00a860c6e255915dd242208253f1a3d2e2e3

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS81F1.tmp\cbbihpfneblajdfkbaaalhnaamddbmpj\bVFy.js

Filesize
5KB

MD5
df672599f8f11fe6eb4ab85a512541c0

SHA1
50127d324d388a1cd10e42a44f2c1d37573517bd

SHA256
d3a6764e0bbd2212ed3f65a9b2ecea9feaa4bd282bfc3cc67347d1158ae4f884

SHA512
3ccb5ea3b51b89bf9f08daf011d3211a95b33885ac78a92ae397bcb5bc7c27215358a510fdf52fb44dfa4e751fad7536b2f80b5af77f0b9cd23a21fff74e4dfb

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS81F1.tmp\cbbihpfneblajdfkbaaalhnaamddbmpj\background.html

Filesize
141B

MD5
905a958e93edfdf9011556d01479e68b

SHA1
aeac8a69c642fdb47f43ece124fb888a5ed51dd6

SHA256
c3c0a18eb9ad758a146dbe35b0f8b4bc8cb2f6055399b3ec7e9a9b37eb0d4b2a

SHA512
a8b5212d6909fb5408807e64bed76d54ddead1c3b4436e2f3de04678df8241647baad2545374e91385463a6f0b6a351c4787a63a8fbc5478d1baec0710952d5d

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS81F1.tmp\cbbihpfneblajdfkbaaalhnaamddbmpj\content.js

Filesize
197B

MD5
5f9891607f65f433b0690bae7088b2c1

SHA1
b4edb7579dca34dcd00bca5d2c13cbc5c8fac0de

SHA256
fb01e87250ac9985ed08d97f2f99937a52998ea9faebdc88e4071d6517e1ea6b

SHA512
76018b39e4b62ff9ea92709d12b0255f33e8402dfc649ed403382eebc22fb37c347c403534a7792e6b5de0ed0a5d97a09b69f0ffc39031cb0d4c7d79e9440c7c

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS81F1.tmp\cbbihpfneblajdfkbaaalhnaamddbmpj\lsdb.js

Filesize
559B

MD5
209b7ae0b6d8c3f9687c979d03b08089

SHA1
6449f8bff917115eef4e7488fae61942a869200f

SHA256
e3cf0049af8b9f6cb4f0223ccb8438f4b0c75863684c944450015868a0c45704

SHA512
1b38d5509283ef25de550b43ef2535dee1a13eff12ad5093f513165a47eec631bcc993242e2ce640f36c61974431ae2555bd6e2a97aba91eb689b7cd4bf25a25

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS81F1.tmp\cbbihpfneblajdfkbaaalhnaamddbmpj\manifest.json

Filesize
501B

MD5
f5dbd216e880626f2ae740cf47091898

SHA1
10c9782764f7c31707f76ce42453226348973be2

SHA256
b72f75ab3bedc9d7dd33f10bdc7eddcfeae7627e108bb9c30051054e12e82acb

SHA512
561e98283d78d00c4bd2cfb252c9314b7607adc8c045f1eac82d4a12fc9b8244cc74046a22044789516e5981348a738c18c38a0ae928a538997eaadd253aee39

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS81F1.tmp\cbbihpfneblajdfkbaaalhnaamddbmpj\sqlite.js

Filesize
1KB

MD5
8aec9abeec424562462c002188658484

SHA1
ec3f67f83802b4c7341d6ee994a933a32405c9fb

SHA256
a2da0d9c770f6bd2bcc626446dd17b832b6f87d8dde3970d2b32ee3eea58493d

SHA512
e0ed6afadb5ef70bd8585c4c42ae9718ae3abc110345f0269b2d5d56fecb7dfbd16287785649d631bb1231719f97aedb0b820153057bf55ef93a38c42bc3c594

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS81F1.tmp\fef.dll

Filesize
258KB

MD5
e1d10cccd5dde588af8ee2cb7309523c

SHA1
0b9e805077320b0ce1e6620488bd34f1c4d7827e

SHA256
9900e517bfd4b39bd7af4bb360af52f6c95ef9b3e7ef36d2633485c58bef9a1a

SHA512
a929eaae12f5cb28e224fc31298af2808f995c5a06bc6f47d95879703dbb9369e2e35b4e50a452e91741e6a949336220348dbb3c389c46ea2e0ca41f592dcaa0

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS81F1.tmp\fef.tlb

Filesize
2KB

MD5
9156db5f76d48049dbc41fd1b58b3f34

SHA1
5eb1df59f9b5b06ab00137fc9e6451e323d3102c

SHA256
66fab808188a98ba49d99b723a181aa6626197d50bd2d5e15e076dcbc6fbb2cc

SHA512
742a77e71c34632146e16acadb6b381694072c7f4c2dea1df1dfc645ed42673ba153c832d167474dc41f9b608142a8c41b4aecda1efdab90d87d4f5c718bf149

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS81F1.tmp\fef.x64.dll

Filesize
319KB

MD5
4f5c722b8686afbea6f09c53171d44ca

SHA1
184c60aafbb12d1023b1ce2aff4d3708607a75a1

SHA256
870c280ea861313edda0bd3950dc738ea68d006f315888d66023b54e5f98f0ea

SHA512
e471a86079a16d129ea0c01878af77d1aa132e629832d3f0f3d1f8a3dd250ed41c8d2f37403a10c8061fff07c07dda926ba7ffcc417c6e0100005a0f2721417a

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS81F1.tmp\qUot.dat

Filesize
5KB

MD5
9ae2c14aba6f8d91ab03954dfa030b98

SHA1
5f1e96c663ada81943577bd27c286eb1b5ef3d7b

SHA256
c3f81b5216c5e9888c2fc06d03fbb46c3b8d36aece86e6aa3687a113ee7ff53b

SHA512
9b3bd51228ca809d991d998c00c281cafbae2ec4a47d11e75bc08304420031d718b8b5e212e896380e767a6a6db81c96a98c3e5cdff07369becfe85060bf9c90

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS81F1.tmp\qUot.exe

Filesize
334KB

MD5
8300c91b40229b42301aebc6d8859907

SHA1
0b55e56a6add6b4dd4ceff475a0018a203d02a5a

SHA256
f54a6814ac06c70ef5b738eca4855e49039783d96b70ba1ae461bd90877e53b5

SHA512
0863750da143e1707513f4a2efe1ad6cf81f5a819c7d5496d1629745afffcf72338aa9de90479d5e0936e848f9b260c434fd369027c56be175814086cafd4d8f

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS81F1.tmp\[email protected]\bootstrap.js

Filesize
2KB

MD5
1b53c596cfb1aa2209446ff64c17dabd

SHA1
2542da14728dcdbe1763f1ee39fe9ceae38ad414

SHA256
a7dfea4bf7e1d46a8b8e64ccfb2cf35017e3a5b350eead26d6671254d2b3c46f

SHA512
be54481675c38ef6a41697cf8cd3ab5a0b126922b192732a9c587dd8905b74b66c79eb0c849f62bbe8934979a894be63734b0ad59ffae295f5797cbfaa327030

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS81F1.tmp\[email protected]\chrome.manifest

Filesize
100B

MD5
41c92e79ec3b1f070bd727fa5252d6f3

SHA1
f3c92dc3b2340e0b8314d0c3385210779d708b65

SHA256
3d95e64831feffae88e1f136728dca1d9bf23e452794256b821c35f1131d56b0

SHA512
0205ad78db85e16602572bd6da6d9d67a032b7a88a9c531aa6659a3889a9616e921704d7c08b384c63046400f1fccc10007a29d71221504dfeec1c2bcf9f7c59

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS81F1.tmp\[email protected]\content\bg.js

Filesize
9KB

MD5
d13fcdd3754070ff8fb3608beae82688

SHA1
95a876c95dafbedde0973deae306b96a5223cb46

SHA256
c06d2075885e4bb983b6492c46c297b7d0b65b1b47a57c8e58e94c674e0b7905

SHA512
f29b869ad28924726eeddd8e9e39a5acab31949ae4f2b8ba894ec9ad961443102d25be56c876fb54f1b948c0e9e619466d818dac0f536409313dfc3055874403

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS81F1.tmp\[email protected]\install.rdf

Filesize
607B

MD5
ba2bc529ca516a7ccfc36474435d2058

SHA1
c1e34d0a34f170ef70c2eb13261fe15e29b59f59

SHA256
d37d2ab243406d33884a2ef430628e1f27eedd4b2b5086d63b33dfe09bada4fe

SHA512
88c38810d93ce63471acac4562ab133bde881116343a84f6eaff83a8bfa765a623084cbc0cbda708409cdcc19a1668d2875af37874376a93825aeaf618e1dbff

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads