8a5081a959384f25a65cf84809edbc78dc9b6967b87b1de0d3de97a3e5274c77

Analysis

max time kernel
96s
max time network
98s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
01/10/2024, 08:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

04f9a8e47ce9295dd2afb2706562cd52_JaffaCakes118.exe
Size

717KB
MD5

04f9a8e47ce9295dd2afb2706562cd52
SHA1

68d9086e128bd418956461533b2e059c0a26090b
SHA256

8a5081a959384f25a65cf84809edbc78dc9b6967b87b1de0d3de97a3e5274c77
SHA512

8d01987ef7441847bc2f7cf511a5c54d6e539b9184a1dd8a2fc81b963553cfbd387a1f60f50b6b31236af0a07b6d397e550740f6d14088199fdf4abaab4bb8c7
SSDEEP

12288:BKnekrL58BVdbJXgfTN7lV60gGx4khq9mY4zdrWcFn9VtFuuvTAwdY98:OLiBVd6rN7+0gGRq2z1WcFn9VXTNdf

Score

7^/10

adware discovery spyware stealer

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1944	fzJiuW5W.exe

Loads dropped DLL 1 IoCs

pid	Process
1944	fzJiuW5W.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops Chrome extension 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lnogfnjdfbbgedmlajnpbmkgncildiol\1.6\manifest.json	fzJiuW5W.exe

Installs/modifies Browser Helper Object 2 TTPs 4 IoCs

BHOs are DLL modules which act as plugins for Internet Explorer.

stealer adware

Modify Registry

T1112

Browser Extensions

T1176

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{256EBBA4-B483-BC81-E638-3DF41E460BD4}\ = "Dowwnload keepeer"	fzJiuW5W.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{256EBBA4-B483-BC81-E638-3DF41E460BD4}\NoExplorer = "1"	fzJiuW5W.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{256EBBA4-B483-BC81-E638-3DF41E460BD4}	fzJiuW5W.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{256EBBA4-B483-BC81-E638-3DF41E460BD4}	fzJiuW5W.exe

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	04f9a8e47ce9295dd2afb2706562cd52_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	fzJiuW5W.exe

Modifies Internet Explorer settings 1 TTPs 4 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\SOFTWARE\Microsoft\Internet Explorer\ApprovedExtensionsMigration	fzJiuW5W.exe
Key created	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\SOFTWARE\Microsoft\Internet Explorer\ApprovedExtensionsMigration\{256EBBA4-B483-BC81-E638-3DF41E460BD4}	fzJiuW5W.exe
Key deleted	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\APPROVEDEXTENSIONSMIGRATION\{256EBBA4-B483-BC81-E638-3DF41E460BD4}	fzJiuW5W.exe
Key deleted	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\SOFTWARE\Microsoft\Internet Explorer\ApprovedExtensionsMigration	fzJiuW5W.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{256EBBA4-B483-BC81-E638-3DF41E460BD4}\ProgID\ = "DowwNload keeper.1.6"	fzJiuW5W.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{256EBBA4-B483-BC81-E638-3DF41E460BD4}\InprocServer32\ = "C:\\ProgramData\\Dowwnload keepeer\\CnBtxGr.dll"	fzJiuW5W.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{256EBBA4-B483-BC81-E638-3DF41E460BD4}\VersionIndependentProgID	fzJiuW5W.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib\Version = "1.0"	fzJiuW5W.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{256EBBA4-B483-BC81-E638-3DF41E460BD4}\ProgID	fzJiuW5W.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{256EBBA4-B483-BC81-E638-3DF41E460BD4}\InprocServer32	fzJiuW5W.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\0\win32	fzJiuW5W.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ = "IIEPluginMain"	fzJiuW5W.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ProxyStubClsid32	fzJiuW5W.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\keeper.1.6	fzJiuW5W.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\keeper\CLSID\ = "{256EBBA4-B483-BC81-E638-3DF41E460BD4}"	fzJiuW5W.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{256EBBA4-B483-BC81-E638-3DF41E460BD4}	fzJiuW5W.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{256EBBA4-B483-BC81-E638-3DF41E460BD4}\Programmable	fzJiuW5W.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib	fzJiuW5W.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib\Version = "1.0"	fzJiuW5W.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}	fzJiuW5W.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\keeper\CurVer	fzJiuW5W.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{256EBBA4-B483-BC81-E638-3DF41E460BD4}\ = "Dowwnload keepeer"	fzJiuW5W.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib\ = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}"	fzJiuW5W.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib\Version = "1.0"	fzJiuW5W.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib\Version = "1.0"	fzJiuW5W.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib	fzJiuW5W.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\0\win32\ = "C:\\ProgramData\\Dowwnload keepeer\\CnBtxGr.tlb"	fzJiuW5W.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\HELPDIR\ = "C:\\ProgramData\\Dowwnload keepeer"	fzJiuW5W.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ProxyStubClsid32	fzJiuW5W.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	fzJiuW5W.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{256EBBA4-B483-BC81-E638-3DF41E460BD4}\VersionIndependentProgID\ = "DowwNload keeper"	fzJiuW5W.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DowwNload	fzJiuW5W.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib	fzJiuW5W.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	fzJiuW5W.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\keeper.DowwNload	fzJiuW5W.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\keeper\CLSID	fzJiuW5W.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ProxyStubClsid32	fzJiuW5W.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ = "ILocalStorage"	fzJiuW5W.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib\ = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}"	fzJiuW5W.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\keeper	fzJiuW5W.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\FLAGS\ = "0"	fzJiuW5W.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ = "IIEPluginMain"	fzJiuW5W.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib\ = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}"	fzJiuW5W.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{256EBBA4-B483-BC81-E638-3DF41E460BD4}\VersionIndependentProgID	fzJiuW5W.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{256EBBA4-B483-BC81-E638-3DF41E460BD4}\InprocServer32\ThreadingModel = "Apartment"	fzJiuW5W.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\FLAGS	fzJiuW5W.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\HELPDIR	fzJiuW5W.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}	fzJiuW5W.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\keeper.1.6\CLSID	fzJiuW5W.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\keeper.1.6\CLSID\ = "{256EBBA4-B483-BC81-E638-3DF41E460BD4}"	fzJiuW5W.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\keeper\CurVer\ = "DowwNload keeper.1.6"	fzJiuW5W.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{256EBBA4-B483-BC81-E638-3DF41E460BD4}\ProgID	fzJiuW5W.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0	fzJiuW5W.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	fzJiuW5W.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}	fzJiuW5W.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ = "ILocalStorage"	fzJiuW5W.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\keeper.1.6\ = "Dowwnload keepeer"	fzJiuW5W.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}	fzJiuW5W.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ProxyStubClsid32	fzJiuW5W.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib\ = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}"	fzJiuW5W.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\keeper\ = "Dowwnload keepeer"	fzJiuW5W.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{256EBBA4-B483-BC81-E638-3DF41E460BD4}\InprocServer32	fzJiuW5W.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\ = "IEPluginLib"	fzJiuW5W.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}	fzJiuW5W.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\0	fzJiuW5W.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	fzJiuW5W.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{256EBBA4-B483-BC81-E638-3DF41E460BD4}\Programmable	fzJiuW5W.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{256EBBA4-B483-BC81-E638-3DF41E460BD4}	fzJiuW5W.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1632 wrote to memory of 1944	1632	04f9a8e47ce9295dd2afb2706562cd52_JaffaCakes118.exe	82
PID 1632 wrote to memory of 1944	1632	04f9a8e47ce9295dd2afb2706562cd52_JaffaCakes118.exe	82
PID 1632 wrote to memory of 1944	1632	04f9a8e47ce9295dd2afb2706562cd52_JaffaCakes118.exe	82

System policy modification 1 TTPs 1 IoCs

evasion

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{256EBBA4-B483-BC81-E638-3DF41E460BD4} = "1"	fzJiuW5W.exe

C:\Users\Admin\AppData\Local\Temp\04f9a8e47ce9295dd2afb2706562cd52_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\04f9a8e47ce9295dd2afb2706562cd52_JaffaCakes118.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:1632
- C:\Users\Admin\AppData\Local\Temp\00294823\fzJiuW5W.exe
  "C:\Users\Admin\AppData\Local\Temp/00294823/fzJiuW5W.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops Chrome extension
  - Installs/modifies Browser Helper Object
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Modifies registry class
  - System policy modification
  PID:1944

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Browser Extensions

T1176

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\00294823\CnBtxGr.dll

Filesize
222KB

MD5
e9b27306a18f18b88945cdf066de2fc9

SHA1
4d18490fbb336e261301a967047065dd561cc2f2

SHA256
a9880b90d24af3786886306aefe5c79ff3cb2fb7b36ee5fb7bf2af85f240d63c

SHA512
f255e8bfb13cfa070b31f47b12a4aacf9ab75a6a8191b6b83740d02c3f007b6d5255a5c2c12bc7b599996742973d2faccb5463d96d16c7aba40e34776823c706

Download Submit
C:\Users\Admin\AppData\Local\Temp\00294823\CnBtxGr.tlb

Filesize
2KB

MD5
39d776f73d1d3f771aaa8c3561367c3a

SHA1
eef842aa02927bd7fbe7d569c5446ef1a2ea065f

SHA256
c2156787eeb818e587529572599fa124773c71330fb93e1c79f4cb9141090941

SHA512
3174095accbf422730e60f61523dec01a9a4519cb4642a641c5f547d530ad41f5386d383b90f7daf34f1f36635775929e99d7fe0030aa24cee30f4de8376eeb3

Download Submit
C:\Users\Admin\AppData\Local\Temp\00294823\fzJiuW5W.dat

Filesize
5KB

MD5
eeac3b40d3322c2b578a8b7380a4d480

SHA1
5526c955254a8ea779837abd835235da31aba5b8

SHA256
b336999ed1b6e30bdc2c7ff83cc335c292b8047ee9dbae646a22d0fd8135e4d7

SHA512
ac95b3d89711e56a0a813a42e238a8ff10f02008dff2e1af36165fcc5f37941d38618f2592f021ba559554f38b9b9007cc0a962215c8caf46237e344fb9d7a1b

Download Submit
C:\Users\Admin\AppData\Local\Temp\00294823\fzJiuW5W.exe

Filesize
334KB

MD5
8300c91b40229b42301aebc6d8859907

SHA1
0b55e56a6add6b4dd4ceff475a0018a203d02a5a

SHA256
f54a6814ac06c70ef5b738eca4855e49039783d96b70ba1ae461bd90877e53b5

SHA512
0863750da143e1707513f4a2efe1ad6cf81f5a819c7d5496d1629745afffcf72338aa9de90479d5e0936e848f9b260c434fd369027c56be175814086cafd4d8f

Download Submit
C:\Users\Admin\AppData\Local\Temp\00294823\lnogfnjdfbbgedmlajnpbmkgncildiol\background.html

Filesize
145B

MD5
28cbbcd965945a92f4eac3fb34c8f767

SHA1
480de07de9f8edcd3c73f667e31810aa4a14c1ea

SHA256
6e2609cb6cd432cce905ba376fbc5fbb194f3eebffe3bb4104ab38a5b784945c

SHA512
2ee02587a987a2d228a5684d5d9062367d28b46be509c5c9b76d4d9f06fbeab7f2d64f330a9a8671079fe8648f6d221a010b9e34d6f7d9799f10baffd8f3ed0a

Download Submit
C:\Users\Admin\AppData\Local\Temp\00294823\lnogfnjdfbbgedmlajnpbmkgncildiol\content.js

Filesize
197B

MD5
5f9891607f65f433b0690bae7088b2c1

SHA1
b4edb7579dca34dcd00bca5d2c13cbc5c8fac0de

SHA256
fb01e87250ac9985ed08d97f2f99937a52998ea9faebdc88e4071d6517e1ea6b

SHA512
76018b39e4b62ff9ea92709d12b0255f33e8402dfc649ed403382eebc22fb37c347c403534a7792e6b5de0ed0a5d97a09b69f0ffc39031cb0d4c7d79e9440c7c

Download Submit
C:\Users\Admin\AppData\Local\Temp\00294823\lnogfnjdfbbgedmlajnpbmkgncildiol\gAhcxll9.js

Filesize
5KB

MD5
5c3c24733b11f932f292e04da3217e51

SHA1
2c1bbc2a538d7ce9939bb59a9f4643b5272c62a9

SHA256
bdefff8db99b4141be31462de3e5389dba3758399439c5c43c25314321cd4be3

SHA512
4acc143d0897174a143ac126ef0a1275c54261e29bce1e3c84a7caabeb2898847eab9fb7a5791595f1fd22991121a876f3d7fbcf304f4df87a9795a8ed48575d

Download Submit
C:\Users\Admin\AppData\Local\Temp\00294823\lnogfnjdfbbgedmlajnpbmkgncildiol\lsdb.js

Filesize
559B

MD5
209b7ae0b6d8c3f9687c979d03b08089

SHA1
6449f8bff917115eef4e7488fae61942a869200f

SHA256
e3cf0049af8b9f6cb4f0223ccb8438f4b0c75863684c944450015868a0c45704

SHA512
1b38d5509283ef25de550b43ef2535dee1a13eff12ad5093f513165a47eec631bcc993242e2ce640f36c61974431ae2555bd6e2a97aba91eb689b7cd4bf25a25

Download Submit
C:\Users\Admin\AppData\Local\Temp\00294823\lnogfnjdfbbgedmlajnpbmkgncildiol\manifest.json

Filesize
509B

MD5
52a2ba993b34563e232d41f697afffaf

SHA1
fcb2ac6be7fff89890377cc3d81b0170c364ab01

SHA256
7b5800dfdbf6f93585fb062fc854ec22026498d263f86c8fbfccf36eaf19bd48

SHA512
eddf32f449e1221c8d2bba8cc2877b9ab93a17ed51439efd1397007cd58c7ec7a05af1470d82a2c91469712115fca60dd2dc3b512d5eebab0a84f55ee0cc2958

Download Submit
C:\Users\Admin\AppData\Local\Temp\00294823\lnogfnjdfbbgedmlajnpbmkgncildiol\sqlite.js

Filesize
1KB

MD5
a36d6a2dcc3fba9c2aa1380bc7e3384d

SHA1
fa42a9025c9a38cd6ad724da50bc28d9c498460f

SHA256
29c6c957350c9750c5d946db2edefcf44072e30419f80cb7573dd410f629a2b8

SHA512
1594ec665a3d5228bda4867cefd1bc7c8be22f04b7ffc3d460be30efa0fe83b770be35de819da868b0c37814e91ae5448448187cd768ba6aeee24d1ec2b59d58

Download Submit
C:\Users\Admin\AppData\Local\Temp\00294823\[email protected]\bootstrap.js

Filesize
2KB

MD5
1b53c596cfb1aa2209446ff64c17dabd

SHA1
2542da14728dcdbe1763f1ee39fe9ceae38ad414

SHA256
a7dfea4bf7e1d46a8b8e64ccfb2cf35017e3a5b350eead26d6671254d2b3c46f

SHA512
be54481675c38ef6a41697cf8cd3ab5a0b126922b192732a9c587dd8905b74b66c79eb0c849f62bbe8934979a894be63734b0ad59ffae295f5797cbfaa327030

Download Submit
C:\Users\Admin\AppData\Local\Temp\00294823\[email protected]\chrome.manifest

Filesize
108B

MD5
3e74d14ec5e6119e75bbbfdb5a36c915

SHA1
49dddc456b66f66909b08f9316f78d19282aef2b

SHA256
37eaa1788f83ce7a3ae7db68b2b968e8085cb9d48e2b1e0d2db9093315b4d677

SHA512
c6809b9bee235608f9bfb4aa2199f4c6598a76b55f03fa2ec02a97e888a7bfc2275494c865deaefc6e6ad67b269ad163cd8879835427ad2269a3a4c2a8481a6d

Download Submit
C:\Users\Admin\AppData\Local\Temp\00294823\[email protected]\content\bg.js

Filesize
9KB

MD5
cdf8ae0d35fc40734242b9618e514ed2

SHA1
32e94d542f9f185a8ee896d6e83aca0514ca4f0b

SHA256
fb1483e7d2c7533f830bf57005ed8358ba00ae4f5eae9687fc1088b5eced73f6

SHA512
5d52fa6d0c158a2586afab8e4675c89dff2cdb6bbc336c68948d3ce7b2db036c0edadf59e4c862ffc4a924de4673ed3322f9ed84d9466a877b6d0e2fa8eae31b

Download Submit
C:\Users\Admin\AppData\Local\Temp\00294823\[email protected]\install.rdf

Filesize
606B

MD5
89b45e5cf2a125b2b7904df56589b07a

SHA1
fa5326db546212cdfd2a4f3b87dbac13575f638b

SHA256
f4c22efe49b129e502a930e9c4c1556b5a1539c99c78515fcc8f2438b4e9a25a

SHA512
47efb89a930bd36ab7f094e64396b2bb6454b115fb1c1be3822a560893afe9e3a78a68b731107aa951e3a22d35fc69f205deb1ee59e82a43233bb967dbd7dc0b

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads