b28829086f60d7e0fc2de9b6e91e7db6cb250cb74d17ff6929b94ce005ac0bb0

Analysis

max time kernel
122s
max time network
127s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
01/10/2024, 15:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

064f2fe69dcada2ed820955a05eab695_JaffaCakes118.exe
Size

249KB
MD5

064f2fe69dcada2ed820955a05eab695
SHA1

84835356d9a0a0d31edca24e2b5d87712af242b2
SHA256

b28829086f60d7e0fc2de9b6e91e7db6cb250cb74d17ff6929b94ce005ac0bb0
SHA512

7873981cb6768abe963bb195bad8a693cac8aba4bfa193719931838cc35c4ac87376c8a1b728f646eea074c7b29e5499f3e6fbd48e9c32545a0b8fda9f762ddf
SSDEEP

6144:h1OgDPdkBAFZWjadD4s5zBUpXWBPoYtrj59:h1OgLdaO9UUBvlT

Score

7^/10

adware discovery spyware stealer upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral1/files/0x0005000000018fc4-77.dat	acprotect

Executes dropped EXE 1 IoCs

pid	Process
2716	50ea8991f2216.exe

Loads dropped DLL 5 IoCs

pid	Process
3028	064f2fe69dcada2ed820955a05eab695_JaffaCakes118.exe
2716	50ea8991f2216.exe
2716	50ea8991f2216.exe
2716	50ea8991f2216.exe
2716	50ea8991f2216.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops Chrome extension 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lijkibfbkkiigojdjgkmolohjdiomlhc\1\manifest.json	50ea8991f2216.exe

Installs/modifies Browser Helper Object 2 TTPs 3 IoCs

BHOs are DLL modules which act as plugins for Internet Explorer.

stealer adware

Modify Registry

T1112

Browser Extensions

T1176

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C8BA7200-EF93-BBCA-AC0B-520765BFDBAF}	50ea8991f2216.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{C8BA7200-EF93-BBCA-AC0B-520765BFDBAF}\ = "Zoomex"	50ea8991f2216.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{C8BA7200-EF93-BBCA-AC0B-520765BFDBAF}\NoExplorer = "1"	50ea8991f2216.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2716-80-0x0000000074750000-0x000000007475A000-memory.dmp	upx
behavioral1/files/0x0005000000018fc4-77.dat	upx

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	50ea8991f2216.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	064f2fe69dcada2ed820955a05eab695_JaffaCakes118.exe

NSIS installer 4 IoCs

installer

resource	yara_rule
behavioral1/files/0x0005000000018e25-30.dat	nsis_installer_1
behavioral1/files/0x0005000000018e25-30.dat	nsis_installer_2
behavioral1/files/0x0005000000018fe2-100.dat	nsis_installer_1
behavioral1/files/0x0005000000018fe2-100.dat	nsis_installer_2

Modifies registry class 45 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}	50ea8991f2216.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\0\win32\ = "C:\\ProgramData\\Zoomex\\50ea8991f224d.tlb"	50ea8991f2216.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\HELPDIR	50ea8991f2216.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ = "ILocalStorage"	50ea8991f2216.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\ = "IEPluginLib"	50ea8991f2216.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ = "IIEPluginMain"	50ea8991f2216.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ = "ILocalStorage"	50ea8991f2216.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	50ea8991f2216.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib\Version = "1.0"	50ea8991f2216.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib\Version = "1.0"	50ea8991f2216.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	50ea8991f2216.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib\Version = "1.0"	50ea8991f2216.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C8BA7200-EF93-BBCA-AC0B-520765BFDBAF}\ = "Zoomex"	50ea8991f2216.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0	50ea8991f2216.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\FLAGS	50ea8991f2216.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\HELPDIR\ = "C:\\ProgramData\\Zoomex"	50ea8991f2216.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib	50ea8991f2216.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C8BA7200-EF93-BBCA-AC0B-520765BFDBAF}\InProcServer32\ThreadingModel = "Apartment"	50ea8991f2216.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{C8BA7200-EF93-BBCA-AC0B-520765BFDBAF}\ProgID	50ea8991f2216.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{C8BA7200-EF93-BBCA-AC0B-520765BFDBAF}	50ea8991f2216.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{C8BA7200-EF93-BBCA-AC0B-520765BFDBAF}\InProcServer32	50ea8991f2216.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}	50ea8991f2216.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib	50ea8991f2216.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}	50ea8991f2216.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib	50ea8991f2216.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\FLAGS\ = "0"	50ea8991f2216.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\0	50ea8991f2216.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ = "IIEPluginMain"	50ea8991f2216.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}	50ea8991f2216.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib\ = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}"	50ea8991f2216.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ProxyStubClsid32	50ea8991f2216.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib\Version = "1.0"	50ea8991f2216.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib\ = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}"	50ea8991f2216.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\0\win32	50ea8991f2216.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ProxyStubClsid32	50ea8991f2216.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}	50ea8991f2216.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ProxyStubClsid32	50ea8991f2216.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C8BA7200-EF93-BBCA-AC0B-520765BFDBAF}\InProcServer32\ = "C:\\ProgramData\\Zoomex\\50ea8991f224d.dll"	50ea8991f2216.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C8BA7200-EF93-BBCA-AC0B-520765BFDBAF}\ProgID\ = "Zoomex.1"	50ea8991f2216.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib\ = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}"	50ea8991f2216.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ProxyStubClsid32	50ea8991f2216.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	50ea8991f2216.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib\ = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}"	50ea8991f2216.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	50ea8991f2216.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib	50ea8991f2216.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 3028 wrote to memory of 2716	3028	064f2fe69dcada2ed820955a05eab695_JaffaCakes118.exe	30
PID 3028 wrote to memory of 2716	3028	064f2fe69dcada2ed820955a05eab695_JaffaCakes118.exe	30
PID 3028 wrote to memory of 2716	3028	064f2fe69dcada2ed820955a05eab695_JaffaCakes118.exe	30
PID 3028 wrote to memory of 2716	3028	064f2fe69dcada2ed820955a05eab695_JaffaCakes118.exe	30
PID 3028 wrote to memory of 2716	3028	064f2fe69dcada2ed820955a05eab695_JaffaCakes118.exe	30
PID 3028 wrote to memory of 2716	3028	064f2fe69dcada2ed820955a05eab695_JaffaCakes118.exe	30
PID 3028 wrote to memory of 2716	3028	064f2fe69dcada2ed820955a05eab695_JaffaCakes118.exe	30

System policy modification 1 TTPs 2 IoCs

evasion

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID	50ea8991f2216.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{C8BA7200-EF93-BBCA-AC0B-520765BFDBAF} = "1"	50ea8991f2216.exe

C:\Users\Admin\AppData\Local\Temp\064f2fe69dcada2ed820955a05eab695_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\064f2fe69dcada2ed820955a05eab695_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:3028
- C:\Users\Admin\AppData\Local\Temp\7zS3D8D.tmp\50ea8991f2216.exe
  .\50ea8991f2216.exe /s
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops Chrome extension
  - Installs/modifies Browser Helper Object
  - System Location Discovery: System Language Discovery
  - Modifies registry class
  - System policy modification
  PID:2716

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Browser Extensions

T1176

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Zoomex\uninstall.exe

Filesize
48KB

MD5
f3c79bda3fdf7c5dd24d60400a57cadb

SHA1
1adb606aaeedb246a371c8877c737f0f8c798625

SHA256
a76272ed3bbf23308782a308d428ee805ec77fbb622a830af26cb0ddbbf7377b

SHA512
c43cb957bdea357bd016fe03a8004a48d8117a12106f62876394feba05ad01a321ff6017ffb7b926cc77712f5ab63ea2e4b169a419c444c8f62aa4933f289935

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS3D8D.tmp\[email protected]\bootstrap.js

Filesize
2KB

MD5
ce1e99d086409539fa87eec25a2b1f6c

SHA1
f97f78f0990e26fa61b3eb01951dbdc583b2a247

SHA256
0d8ab095eb0d8e3d538f27fac6b4534c6726456e9e084fad41bd58a99cf53ce6

SHA512
461785334bda6a6763daf129b82524c36d766a7030c1e9dc33872796e8126924817964f8f4826d93b6bdced241e5584947b955748d1e644c8b034f85c4d260dd

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS3D8D.tmp\[email protected]\chrome.manifest

Filesize
116B

MD5
698d61d03085e306d3a109ba08388fb9

SHA1
dce52a85970bba91309bd8032a07640406a42775

SHA256
957b4cc9382de06a103f834f6f778b70cea29dd65fd2d1d04e574e835ec9f9e5

SHA512
65d9ba2eb247f85a67543c6f17a520b2b9075fe36ac67fac177ae23ac99ad2a70f24357bc0dc494826a3450188c9d1f6b6e2d0ffbd2066f7cdcaa2efef964c8d

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS3D8D.tmp\[email protected]\content\bg.js

Filesize
8KB

MD5
f1a4cef9837e726e12b654690d34436e

SHA1
bd796b306943d9f16dac967066b55818fe29c381

SHA256
7e600d28a4149f85f44c334d0358adfbab57faf071203bf3a383f62f1271e1c5

SHA512
a7ab2bc996b34570ce9e647c07365b56490b1e859dd64501eccc190bd801b58aae939a5f1440158c8dce4afcdfe060e135c19b032fe8a3a1b64fbb7a3cc0226c

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS3D8D.tmp\[email protected]\content\zy.xul

Filesize
225B

MD5
65b8e9e3c774c90da6246029e343f99d

SHA1
b80b51eb6cb346766125b8a878e2b66c4c7c424b

SHA256
aa9051a09e460ddbb709c053d556c32acd94eb6960c91b8ce39b776429bd8759

SHA512
af5d1d246dd1b0f412af0d9c51bece89a43b8d1ce29534d4172bdcaf89e9387cefa27f09a18381d547a432488ef4850a2343f4b2b193b24263fa41f4e7e91a53

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS3D8D.tmp\[email protected]\install.rdf

Filesize
700B

MD5
5e3d7532723f782f46705b3e854a471e

SHA1
8463de6b9360aee4b01e0179a47297dc5883bc0a

SHA256
98184ebef5df5319db77d49bb8e2475c96ec70c4404c3482158ffc4e06b7acbb

SHA512
0963a9ee6331b9e03ac87c73c4cdfb0102fb4fab5836fc93e336e8b19be11f48ffc1c3bf112355f9137dc3bcd54ac25758b703422f97818c13b929de4bdc2fac

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS3D8D.tmp\50ea8991f224d.dll

Filesize
115KB

MD5
6696822add17061dc0bb8ee5b42cc2d4

SHA1
d4622558ba366f2f94560da301a81c6c16f95a3c

SHA256
73c44d8943947e3cf9ecabdeea4d9a37652614f5490a1f972816be4123795125

SHA512
0f1946ce002441d010f67156f67b9d18e01ba35edfeb66ce8096467d3126b547e5040032253275b173f2dba9bce983775f360d83ec026986b55cb85e4b63f099

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS3D8D.tmp\50ea8991f224d.tlb

Filesize
2KB

MD5
096a65b8a695249d5d554776f1eeace3

SHA1
2f2506b886a59b4408b23653d8734004ec2dda6d

SHA256
a602c790bcf424c154a082a88a495b256dd5456f627943568c358c74f606c568

SHA512
6e832caff1951b4fdb489997af5736fdbafa1de5573f629fc6798666bffd0ca0715311ce6590202cc970cce4492d94994a588547bb579bf70bc264683bc45cdc

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS3D8D.tmp\lijkibfbkkiigojdjgkmolohjdiomlhc\50ea8991f203e5.80946549.js

Filesize
4KB

MD5
2c03a69b31645568e8e22911d2156f8a

SHA1
5981be42178561428f91f07e9fdf40c09a46ee20

SHA256
5fe5f8080edc81e600dbf4a1d2f07da3f2488436b5793222d8a437e71b87fa5a

SHA512
3fc4190fbf474102d8ce95db554b00294ec64224ce72a71effeb6746d305da2adc0de6e9a33a528704443d10ff2bfafd155d89a7e2f7fefb21a9468ef62df825

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS3D8D.tmp\lijkibfbkkiigojdjgkmolohjdiomlhc\background.html

Filesize
161B

MD5
2e3c88e5d9533e543f7844951a9a0db1

SHA1
e5906640ff9b5f5bd022323b730384715b4b70d4

SHA256
fb4409d881dc080455e7f0d3c96b919e71cbae2eabb24a86f33b5bbb9bcd4761

SHA512
0553ea681ba7841f00220277db1b1584943a293a892cf1d34703ec1e75de3065aa3c813648e8941ed48248f878138978591c8e893b98c4ce1a5d70a39c9afe2c

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS3D8D.tmp\lijkibfbkkiigojdjgkmolohjdiomlhc\content.js

Filesize
197B

MD5
5f9891607f65f433b0690bae7088b2c1

SHA1
b4edb7579dca34dcd00bca5d2c13cbc5c8fac0de

SHA256
fb01e87250ac9985ed08d97f2f99937a52998ea9faebdc88e4071d6517e1ea6b

SHA512
76018b39e4b62ff9ea92709d12b0255f33e8402dfc649ed403382eebc22fb37c347c403534a7792e6b5de0ed0a5d97a09b69f0ffc39031cb0d4c7d79e9440c7c

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS3D8D.tmp\lijkibfbkkiigojdjgkmolohjdiomlhc\lsdb.js

Filesize
559B

MD5
209b7ae0b6d8c3f9687c979d03b08089

SHA1
6449f8bff917115eef4e7488fae61942a869200f

SHA256
e3cf0049af8b9f6cb4f0223ccb8438f4b0c75863684c944450015868a0c45704

SHA512
1b38d5509283ef25de550b43ef2535dee1a13eff12ad5093f513165a47eec631bcc993242e2ce640f36c61974431ae2555bd6e2a97aba91eb689b7cd4bf25a25

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS3D8D.tmp\lijkibfbkkiigojdjgkmolohjdiomlhc\manifest.json

Filesize
475B

MD5
95b6b9aa3a3730d6d373a68eb5b411c9

SHA1
05cc71bfa2d2a2a18e169def790cca29f757dd3e

SHA256
5ac43caaa60d48d2c5bc8059dc845eb344b31c088207c8da714f7a36d500c69e

SHA512
5a178056071d0c94d2cfdf72a60403fbf9703cc28abe560f1f04fc2e073188f595c6bb3b687c7e2654899e103a229fe123c41af8aebbe189c9854ed71d8c672e

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS3D8D.tmp\lijkibfbkkiigojdjgkmolohjdiomlhc\sqlite.js

Filesize
1KB

MD5
e53473498d949b7c649f6c620110d56c

SHA1
fa072fad4d2389c95baac66a0bd1e2342d30082f

SHA256
b2465ff0a0e9ca1982c4ddf7839050551e75a7a9340ff9da01d7efe5b9eab0f1

SHA512
80dee2b9e3b19292a41ab4dcac0b60c006974aea73a67e9830e29d274ed0e43f0224d3b65f200fdef387f1deab6192d35415313e77ffff47d9d25e5451ef3387

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS3D8D.tmp\settings.ini

Filesize
6KB

MD5
a6a26cf15298a71a3d26904b93c20321

SHA1
3cf7a026373a45b4de80402a7fc823b5299c5a10

SHA256
fb9fad1041481b5cf77de070794c23f64b1bb065ae2347857cff2d82fdf9dd63

SHA512
bf0bee06e6d23ccce208d5b82dd14cf697bfca2a18de6d1f28fa6d6e81a46afa8ae7bea7d5231111682fd73598deb491ebf70f0636899879eccfd091f1ae1e09

Download Submit
\Users\Admin\AppData\Local\Temp\7zS3D8D.tmp\50ea8991f2216.exe

Filesize
71KB

MD5
b78633fae8aaf5f7e99e9c736f44f9c5

SHA1
26fc60e29c459891ac0909470ac6c61a1eca1544

SHA256
d205693516dbaf34cfbd216e825190de4de1412e861bc9cb30ce863907b30d22

SHA512
3885b609269b26918ccfcd9069181168c12f4271b6bdfcc51afe176b2dd242d4c0953ac1a4ddaf25abcfaf28a0b694a6269d96ae39bb7b2db2f0140d2d60cd43

Download Submit
\Users\Admin\AppData\Local\Temp\nsy3F23.tmp\UserInfo.dll

Filesize
4KB

MD5
7579ade7ae1747a31960a228ce02e666

SHA1
8ec8571a296737e819dcf86353a43fcf8ec63351

SHA256
564c80dec62d76c53497c40094db360ff8a36e0dc1bda8383d0f9583138997f5

SHA512
a88bc56e938374c333b0e33cb72951635b5d5a98b9cb2d6785073cbcad23bf4c0f9f69d3b7e87b46c76eb03ced9bb786844ce87656a9e3df4ca24acf43d7a05b

Download Submit
\Users\Admin\AppData\Local\Temp\nsy3F23.tmp\nsJSON.dll

Filesize
7KB

MD5
b9cd1b0fd3af89892348e5cc3108dce7

SHA1
f7bc59bf631303facfc970c0da67a73568e1dca6

SHA256
49b173504eb9cd07e42a3c4deb84c2cd3f3b49c7fb0858aee43ddfc64660e384

SHA512
fdcbdd21b831a92ca686aab5b240f073a89a08588e42439564747cad9160d79cfa8e3c103b6b4f2917684c1a591880203b4303418b85bc040f9f00b6658b0c90

Download Submit
memory/2716-80-0x0000000074750000-0x000000007475A000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads