fc35c05839fc91984fada47d8501b2750cae710b5790b112a594c8d809bd1036

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
01/10/2024, 16:32

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

068b45c30314fc43f645cae2b5aa63f6_JaffaCakes118.exe
Size

249KB
MD5

068b45c30314fc43f645cae2b5aa63f6
SHA1

642765e4118222ee7e7402f374115feb7a803c30
SHA256

fc35c05839fc91984fada47d8501b2750cae710b5790b112a594c8d809bd1036
SHA512

7226b4979a895ef71248fcfa6217934d15bad6e77b974a6113fdd0179c68077556c9a27a5bc68593f29315494893b78fade20f14946fc38938fef3be2a3e1e09
SSDEEP

6144:h1OgDPdkBAFZWjadD4s5GKD8Ll1EqsWfA0C6:h1OgLdaORKldd

Score

7^/10

adware discovery spyware stealer upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral1/files/0x0005000000019625-52.dat	acprotect

Executes dropped EXE 1 IoCs

pid	Process
2832	50e177e580232.exe

Loads dropped DLL 5 IoCs

pid	Process
1992	068b45c30314fc43f645cae2b5aa63f6_JaffaCakes118.exe
2832	50e177e580232.exe
2832	50e177e580232.exe
2832	50e177e580232.exe
2832	50e177e580232.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Installs/modifies Browser Helper Object 2 TTPs 3 IoCs

BHOs are DLL modules which act as plugins for Internet Explorer.

stealer adware

Modify Registry

T1112

Browser Extensions

T1176

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3ADA3E9F-E3DB-D70B-A94C-EEAC24F1801C}	50e177e580232.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{3ADA3E9F-E3DB-D70B-A94C-EEAC24F1801C}\ = "ADDICT-THING"	50e177e580232.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{3ADA3E9F-E3DB-D70B-A94C-EEAC24F1801C}\NoExplorer = "1"	50e177e580232.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x0005000000019625-52.dat	upx
behavioral1/memory/2832-54-0x0000000074A80000-0x0000000074A8A000-memory.dmp	upx

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	068b45c30314fc43f645cae2b5aa63f6_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	50e177e580232.exe

NSIS installer 4 IoCs

installer

resource	yara_rule
behavioral1/files/0x0005000000019494-23.dat	nsis_installer_1
behavioral1/files/0x0005000000019494-23.dat	nsis_installer_2
behavioral1/files/0x0005000000019aee-74.dat	nsis_installer_1
behavioral1/files/0x0005000000019aee-74.dat	nsis_installer_2

Modifies registry class 45 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\FLAGS\ = "0"	50e177e580232.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\0\win32	50e177e580232.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ = "IIEPluginMain"	50e177e580232.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib\ = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}"	50e177e580232.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	50e177e580232.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{3ADA3E9F-E3DB-D70B-A94C-EEAC24F1801C}	50e177e580232.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib	50e177e580232.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib\Version = "1.0"	50e177e580232.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}	50e177e580232.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\ = "IEPluginLib"	50e177e580232.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\HELPDIR\ = "C:\\ProgramData\\ADDICT-THING"	50e177e580232.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}	50e177e580232.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	50e177e580232.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ProxyStubClsid32	50e177e580232.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\0\win32\ = "C:\\ProgramData\\ADDICT-THING\\50e177e58026a.tlb"	50e177e580232.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ = "IIEPluginMain"	50e177e580232.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib	50e177e580232.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}	50e177e580232.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ProxyStubClsid32	50e177e580232.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0	50e177e580232.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\HELPDIR	50e177e580232.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib\ = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}"	50e177e580232.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3ADA3E9F-E3DB-D70B-A94C-EEAC24F1801C}\InProcServer32\ = "C:\\ProgramData\\ADDICT-THING\\50e177e58026a.dll"	50e177e580232.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}	50e177e580232.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	50e177e580232.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ProxyStubClsid32	50e177e580232.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3ADA3E9F-E3DB-D70B-A94C-EEAC24F1801C}\ = "ADDICT-THING"	50e177e580232.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ = "ILocalStorage"	50e177e580232.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib\ = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}"	50e177e580232.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\FLAGS	50e177e580232.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\0	50e177e580232.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ProxyStubClsid32	50e177e580232.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib\Version = "1.0"	50e177e580232.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}	50e177e580232.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib\Version = "1.0"	50e177e580232.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib\Version = "1.0"	50e177e580232.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib	50e177e580232.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{3ADA3E9F-E3DB-D70B-A94C-EEAC24F1801C}\InProcServer32	50e177e580232.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3ADA3E9F-E3DB-D70B-A94C-EEAC24F1801C}\InProcServer32\ThreadingModel = "Apartment"	50e177e580232.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{3ADA3E9F-E3DB-D70B-A94C-EEAC24F1801C}\ProgID	50e177e580232.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3ADA3E9F-E3DB-D70B-A94C-EEAC24F1801C}\ProgID\ = "ADDICT-THING.1"	50e177e580232.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib	50e177e580232.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ = "ILocalStorage"	50e177e580232.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	50e177e580232.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib\ = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}"	50e177e580232.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1992 wrote to memory of 2832	1992	068b45c30314fc43f645cae2b5aa63f6_JaffaCakes118.exe	30
PID 1992 wrote to memory of 2832	1992	068b45c30314fc43f645cae2b5aa63f6_JaffaCakes118.exe	30
PID 1992 wrote to memory of 2832	1992	068b45c30314fc43f645cae2b5aa63f6_JaffaCakes118.exe	30
PID 1992 wrote to memory of 2832	1992	068b45c30314fc43f645cae2b5aa63f6_JaffaCakes118.exe	30
PID 1992 wrote to memory of 2832	1992	068b45c30314fc43f645cae2b5aa63f6_JaffaCakes118.exe	30
PID 1992 wrote to memory of 2832	1992	068b45c30314fc43f645cae2b5aa63f6_JaffaCakes118.exe	30
PID 1992 wrote to memory of 2832	1992	068b45c30314fc43f645cae2b5aa63f6_JaffaCakes118.exe	30

System policy modification 1 TTPs 2 IoCs

evasion

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID	50e177e580232.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{3ADA3E9F-E3DB-D70B-A94C-EEAC24F1801C} = "1"	50e177e580232.exe

C:\Users\Admin\AppData\Local\Temp\068b45c30314fc43f645cae2b5aa63f6_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\068b45c30314fc43f645cae2b5aa63f6_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:1992
- C:\Users\Admin\AppData\Local\Temp\7zS77FD.tmp\50e177e580232.exe
  .\50e177e580232.exe /s
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Installs/modifies Browser Helper Object
  - System Location Discovery: System Language Discovery
  - Modifies registry class
  - System policy modification
  PID:2832

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Browser Extensions

T1176

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\ADDICT-THING\uninstall.exe

Filesize
48KB

MD5
e9c9582996a23b2a49a058dcaa3b5525

SHA1
f527cc64e759f06c011e5eeffbd217d5249c04df

SHA256
43c3e8d7aa00a299f084db17e384aa96de508565f82264ee88bd9c7647fa9fc9

SHA512
665613fc7f20e2c4ea40b7a8f39b4c2ea2a24c5119ee86ef072bbe29f606cd78a43081aa0a89b678a46d34e470e1ed10e31d590d3cb5447e1231707fea8e490f

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS77FD.tmp\[email protected]\bootstrap.js

Filesize
2KB

MD5
8a9cc6d72ae6fb89efa592ce0fc232ca

SHA1
8ef88a0f92ccd28c0f92897fe0c9ccf88eb663c6

SHA256
d1c84df35ad7c7be3c7e6ba98a24353d71cfc5321fe30bfe90b844a69522e323

SHA512
2cfd2f32942c4a9907360c72c41fa31d6b2f223eda0c2908129ca85c6c2af30b90c48dc60e518aa8861d72ebeb56d0db437d783fa90992a2b2d25cd640875bf9

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS77FD.tmp\[email protected]\chrome.manifest

Filesize
116B

MD5
8a49d07e3ee67926d97d7bfc1d8f304c

SHA1
b543e1d3560e4dd65f59e4e2ee8574aeee2504fd

SHA256
9d5303598ba1eb1c3955361ebda258b0b1db0fa42bc75a7e87851958ceccb9c9

SHA512
b3be944f0539b5c38278c6acb64002fd9792c11780cc826278c5f63a2ce8d56efbf9886032f9b20ab7872e93a34123435e48c7bd29176fca5c85c0b0195d438c

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS77FD.tmp\[email protected]\content\bg.js

Filesize
8KB

MD5
b1e3ab76706ffa79e09aa06ef649bddc

SHA1
930f6bc3ad8e5c572f17d58bf8025931ef60a5ea

SHA256
5534fdc38bc2e6f820e3d533cfd99980936b3469e792867de4753c53aa7ccdaa

SHA512
6a5efcf18d945dec7049ca2d98546bd56b591e353a40fbbf3c4cff4454a324f86314c6b3d8d8776af40225369928a906b1923b78cf9cc3df902d2bb413e251b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS77FD.tmp\[email protected]\content\zy.xul

Filesize
225B

MD5
dfea104ae3f667ea9354cebeb561300a

SHA1
be1a3862600af1fe7d9118b50d076a7cd0dd9030

SHA256
2a3e101c201e851a5122a055e0fe0c4527ef866bfb251d7041dca2ffd1db7398

SHA512
0f7ed9c6164a913cc6e5d7f4be72f3dad1bc0db28d03d60d6a4e6a86a74396631fc1566b871ac4affa91b09a3c16bcfed0c4d159f1701c40b6ab2eae92ebb4d0

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS77FD.tmp\[email protected]\install.rdf

Filesize
716B

MD5
a37e9567d55a839fde2ee1ea7e7a89a3

SHA1
79a69770e4d449736577623d3a96e221ed0141a2

SHA256
39a6b3eced302a3f3acacd9d58b01d22eb7dbb19b7aff64ac8d8866794fe3698

SHA512
36bc19b30a26573e4579fb2a4415fbfe648315f58d379595f5e4d750123c3ea33be5360946d342b120e289814ed00295600064975859238e013cf1efdf6af476

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS77FD.tmp\50e177e580232.exe

Filesize
70KB

MD5
ebcc3eb1a7021aaead55fb677465a717

SHA1
3c8347f0fd520ee423a4aafea1112a0b06f4b6c8

SHA256
5e74f0e710c067ad82301c7c14ed6afb138f974f351042cfe0ecd275cea2612c

SHA512
0f18c22e6eff8ec90ccc616e62f32701d046185311e01e5f506778fae0c31f35123c3ce756ff2c0eef6f23e06e280f870b80080d11dc6da3aa25901f5a92d995

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS77FD.tmp\50e177e58026a.dll

Filesize
115KB

MD5
6696822add17061dc0bb8ee5b42cc2d4

SHA1
d4622558ba366f2f94560da301a81c6c16f95a3c

SHA256
73c44d8943947e3cf9ecabdeea4d9a37652614f5490a1f972816be4123795125

SHA512
0f1946ce002441d010f67156f67b9d18e01ba35edfeb66ce8096467d3126b547e5040032253275b173f2dba9bce983775f360d83ec026986b55cb85e4b63f099

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS77FD.tmp\50e177e58026a.tlb

Filesize
2KB

MD5
096a65b8a695249d5d554776f1eeace3

SHA1
2f2506b886a59b4408b23653d8734004ec2dda6d

SHA256
a602c790bcf424c154a082a88a495b256dd5456f627943568c358c74f606c568

SHA512
6e832caff1951b4fdb489997af5736fdbafa1de5573f629fc6798666bffd0ca0715311ce6590202cc970cce4492d94994a588547bb579bf70bc264683bc45cdc

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS77FD.tmp\mbcfiddfboggbmcmmofccabmcahnigcc.crx

Filesize
8KB

MD5
554b3344b248854c41578af0346fb405

SHA1
537f7f325f6398c92df069add0188471ad0fc7a7

SHA256
fa7acf4d24e051dde65d78ed48dbb3d0000543787022ca69848205105230778a

SHA512
2e9479f597c58e7cc769ebebf532e3e45d0c4d7135737cfd7811b5bcb0f195cbc8bf0167358f032a8793174d976f82ac3a6ad713b2b7b1a1666af431cac84dd6

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS77FD.tmp\settings.ini

Filesize
6KB

MD5
1732563230766afe5973be96df69f80c

SHA1
8d4edd74031c2b964751599c21d929e8f2cac2f4

SHA256
e00861820565f2b633703af7cdedaa9ef0446dc6644b38c7ed926c79726a9ee1

SHA512
69556122425b71afb4445627e77ee4fb78c39e579b42487113c240a06d16814eadab3803bd678b44c27a4c98e02e1fa208fe44dba8e51aab1e9006d4323ac0ad

Download Submit
\Users\Admin\AppData\Local\Temp\nsj786C.tmp\UserInfo.dll

Filesize
4KB

MD5
7579ade7ae1747a31960a228ce02e666

SHA1
8ec8571a296737e819dcf86353a43fcf8ec63351

SHA256
564c80dec62d76c53497c40094db360ff8a36e0dc1bda8383d0f9583138997f5

SHA512
a88bc56e938374c333b0e33cb72951635b5d5a98b9cb2d6785073cbcad23bf4c0f9f69d3b7e87b46c76eb03ced9bb786844ce87656a9e3df4ca24acf43d7a05b

Download Submit
\Users\Admin\AppData\Local\Temp\nsj786C.tmp\nsJSON.dll

Filesize
7KB

MD5
b9cd1b0fd3af89892348e5cc3108dce7

SHA1
f7bc59bf631303facfc970c0da67a73568e1dca6

SHA256
49b173504eb9cd07e42a3c4deb84c2cd3f3b49c7fb0858aee43ddfc64660e384

SHA512
fdcbdd21b831a92ca686aab5b240f073a89a08588e42439564747cad9160d79cfa8e3c103b6b4f2917684c1a591880203b4303418b85bc040f9f00b6658b0c90

Download Submit
memory/2832-54-0x0000000074A80000-0x0000000074A8A000-memory.dmp

Filesize
40KB

Download
memory/2832-88-0x0000000074A80000-0x0000000074A89000-memory.dmp

Filesize
36KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads