fee7667ef95398ab50092518c73c82b1f5a72b6a4bc3a350fffa6d9e752cfe6c

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
02-10-2024 01:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

083919338a4dec4456187c7aef10a932_JaffaCakes118.exe
Size

717KB
MD5

083919338a4dec4456187c7aef10a932
SHA1

e4e3633a1885836348e66b0d33540e2120f9a604
SHA256

fee7667ef95398ab50092518c73c82b1f5a72b6a4bc3a350fffa6d9e752cfe6c
SHA512

c87fd77f45d7bf1583fbfcbc6ae0f0585cd850bdc26fd11a21fcbd48f3914dd9bbb5fb7792a2a19eac6396acf336f1ad734c033d807f2bf5bf0761244a5449bb
SSDEEP

12288:UKnekrL58wdX5Ig7aaBSzkMbGVBBgvtqpUsU3WRtQ+UUf0qYnz5YNJiQ:9Lic5IzacWb5pTU30Nt2nzmNYQ

Score

7^/10

adware discovery spyware stealer

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1812	4Qq.exe

Loads dropped DLL 2 IoCs

pid	Process
2504	083919338a4dec4456187c7aef10a932_JaffaCakes118.exe
1812	4Qq.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops Chrome extension 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nppnaeljkgimmaamaphibmkcidkbikfd\1.0\manifest.json	4Qq.exe

Installs/modifies Browser Helper Object 2 TTPs 4 IoCs

BHOs are DLL modules which act as plugins for Internet Explorer.

stealer adware

Modify Registry

T1112

Browser Extensions

T1176

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{000DA77A-EEF0-8DD1-9FAD-C9E0461EAC4C}\ = "SearchNewTab"	4Qq.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{000DA77A-EEF0-8DD1-9FAD-C9E0461EAC4C}\NoExplorer = "1"	4Qq.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{000DA77A-EEF0-8DD1-9FAD-C9E0461EAC4C}	4Qq.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{000DA77A-EEF0-8DD1-9FAD-C9E0461EAC4C}	4Qq.exe

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	083919338a4dec4456187c7aef10a932_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4Qq.exe

Modifies Internet Explorer settings 1 TTPs 4 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration	4Qq.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration\{000DA77A-EEF0-8DD1-9FAD-C9E0461EAC4C}	4Qq.exe
Key deleted	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration\{000DA77A-EEF0-8DD1-9FAD-C9E0461EAC4C}	4Qq.exe
Key deleted	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration	4Qq.exe

Modifies registry class 63 IoCs

description	ioc	Process
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{000DA77A-EEF0-8DD1-9FAD-C9E0461EAC4C}\InprocServer32	4Qq.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{000DA77A-EEF0-8DD1-9FAD-C9E0461EAC4C}\VersionIndependentProgID	4Qq.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}	4Qq.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SearchNewTab.SearchNewTab.1.0\ = "SearchNewTab"	4Qq.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SearchNewTab.SearchNewTab\CLSID	4Qq.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\0	4Qq.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ = "ILocalStorage"	4Qq.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SearchNewTab.SearchNewTab.1.0	4Qq.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib	4Qq.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib\Version = "1.0"	4Qq.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ProxyStubClsid32	4Qq.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{000DA77A-EEF0-8DD1-9FAD-C9E0461EAC4C}\ProgID	4Qq.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\0\win32\ = "C:\\ProgramData\\SearchNewTab\\GJ.tlb"	4Qq.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SearchNewTab.SearchNewTab\ = "SearchNewTab"	4Qq.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}	4Qq.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\0\win32	4Qq.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib\Version = "1.0"	4Qq.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{000DA77A-EEF0-8DD1-9FAD-C9E0461EAC4C}\InprocServer32\ = "C:\\ProgramData\\SearchNewTab\\GJ.dll"	4Qq.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0	4Qq.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}	4Qq.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SearchNewTab.SearchNewTab.1.0\CLSID	4Qq.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{000DA77A-EEF0-8DD1-9FAD-C9E0461EAC4C}\ProgID\ = "SearchNewTab.1.0"	4Qq.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	4Qq.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{000DA77A-EEF0-8DD1-9FAD-C9E0461EAC4C}\VersionIndependentProgID	4Qq.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ = "IIEPluginMain"	4Qq.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ProxyStubClsid32	4Qq.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib	4Qq.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	4Qq.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib	4Qq.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib\Version = "1.0"	4Qq.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}	4Qq.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib	4Qq.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SearchNewTab.SearchNewTab\CurVer	4Qq.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{000DA77A-EEF0-8DD1-9FAD-C9E0461EAC4C}\InprocServer32\ThreadingModel = "Apartment"	4Qq.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{000DA77A-EEF0-8DD1-9FAD-C9E0461EAC4C}\InprocServer32	4Qq.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\HELPDIR	4Qq.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}	4Qq.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{000DA77A-EEF0-8DD1-9FAD-C9E0461EAC4C}	4Qq.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{000DA77A-EEF0-8DD1-9FAD-C9E0461EAC4C}\ProgID	4Qq.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\FLAGS\ = "0"	4Qq.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib\ = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}"	4Qq.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib\Version = "1.0"	4Qq.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	4Qq.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ = "ILocalStorage"	4Qq.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SearchNewTab.SearchNewTab\CLSID\ = "{000DA77A-EEF0-8DD1-9FAD-C9E0461EAC4C}"	4Qq.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{000DA77A-EEF0-8DD1-9FAD-C9E0461EAC4C}\Programmable	4Qq.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\FLAGS	4Qq.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	4Qq.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{000DA77A-EEF0-8DD1-9FAD-C9E0461EAC4C}\Programmable	4Qq.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\ = "IEPluginLib"	4Qq.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ProxyStubClsid32	4Qq.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib\ = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}"	4Qq.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SearchNewTab.SearchNewTab.1.0\CLSID\ = "{000DA77A-EEF0-8DD1-9FAD-C9E0461EAC4C}"	4Qq.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SearchNewTab.SearchNewTab	4Qq.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{000DA77A-EEF0-8DD1-9FAD-C9E0461EAC4C}\VersionIndependentProgID\ = "SearchNewTab"	4Qq.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{000DA77A-EEF0-8DD1-9FAD-C9E0461EAC4C}	4Qq.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\HELPDIR\ = "C:\\ProgramData\\SearchNewTab"	4Qq.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ = "IIEPluginMain"	4Qq.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ProxyStubClsid32	4Qq.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib\ = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}"	4Qq.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SearchNewTab.SearchNewTab\CurVer\ = "SearchNewTab.1.0"	4Qq.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{000DA77A-EEF0-8DD1-9FAD-C9E0461EAC4C}\ = "SearchNewTab"	4Qq.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib\ = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}"	4Qq.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2504 wrote to memory of 1812	2504	083919338a4dec4456187c7aef10a932_JaffaCakes118.exe	30
PID 2504 wrote to memory of 1812	2504	083919338a4dec4456187c7aef10a932_JaffaCakes118.exe	30
PID 2504 wrote to memory of 1812	2504	083919338a4dec4456187c7aef10a932_JaffaCakes118.exe	30
PID 2504 wrote to memory of 1812	2504	083919338a4dec4456187c7aef10a932_JaffaCakes118.exe	30
PID 2504 wrote to memory of 1812	2504	083919338a4dec4456187c7aef10a932_JaffaCakes118.exe	30
PID 2504 wrote to memory of 1812	2504	083919338a4dec4456187c7aef10a932_JaffaCakes118.exe	30
PID 2504 wrote to memory of 1812	2504	083919338a4dec4456187c7aef10a932_JaffaCakes118.exe	30

System policy modification 1 TTPs 2 IoCs

evasion

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID	4Qq.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{000DA77A-EEF0-8DD1-9FAD-C9E0461EAC4C} = "1"	4Qq.exe

C:\Users\Admin\AppData\Local\Temp\083919338a4dec4456187c7aef10a932_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\083919338a4dec4456187c7aef10a932_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2504
- C:\Users\Admin\AppData\Local\Temp\00294823\4Qq.exe
  "C:\Users\Admin\AppData\Local\Temp/00294823/4Qq.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops Chrome extension
  - Installs/modifies Browser Helper Object
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Modifies registry class
  - System policy modification
  PID:1812

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Browser Extensions

T1176

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\00294823\4Qq.dat

Filesize
5KB

MD5
d46314d6a2c419f8df073529e776793d

SHA1
ce646d20cde14fd5f505e9de7bc6b4cedd4db086

SHA256
a09894f0436889a0ccaf9f62e9c6fa0b03e699b3ef05f0aa69df88e125fb9ac5

SHA512
c6ce87074039ef1d9d74db7014233064b8d7b5f761b149a43d34b5ae2e76c2112ead0be48f5f1cf8ba370c75997f43ae29c5c4237689deacd10a779ce6529eb7

Download Submit
C:\Users\Admin\AppData\Local\Temp\00294823\GJ.dll

Filesize
222KB

MD5
e9b27306a18f18b88945cdf066de2fc9

SHA1
4d18490fbb336e261301a967047065dd561cc2f2

SHA256
a9880b90d24af3786886306aefe5c79ff3cb2fb7b36ee5fb7bf2af85f240d63c

SHA512
f255e8bfb13cfa070b31f47b12a4aacf9ab75a6a8191b6b83740d02c3f007b6d5255a5c2c12bc7b599996742973d2faccb5463d96d16c7aba40e34776823c706

Download Submit
C:\Users\Admin\AppData\Local\Temp\00294823\GJ.tlb

Filesize
2KB

MD5
39d776f73d1d3f771aaa8c3561367c3a

SHA1
eef842aa02927bd7fbe7d569c5446ef1a2ea065f

SHA256
c2156787eeb818e587529572599fa124773c71330fb93e1c79f4cb9141090941

SHA512
3174095accbf422730e60f61523dec01a9a4519cb4642a641c5f547d530ad41f5386d383b90f7daf34f1f36635775929e99d7fe0030aa24cee30f4de8376eeb3

Download Submit
C:\Users\Admin\AppData\Local\Temp\00294823\[email protected]\bootstrap.js

Filesize
2KB

MD5
1b53c596cfb1aa2209446ff64c17dabd

SHA1
2542da14728dcdbe1763f1ee39fe9ceae38ad414

SHA256
a7dfea4bf7e1d46a8b8e64ccfb2cf35017e3a5b350eead26d6671254d2b3c46f

SHA512
be54481675c38ef6a41697cf8cd3ab5a0b126922b192732a9c587dd8905b74b66c79eb0c849f62bbe8934979a894be63734b0ad59ffae295f5797cbfaa327030

Download Submit
C:\Users\Admin\AppData\Local\Temp\00294823\[email protected]\chrome.manifest

Filesize
98B

MD5
b44c82e849a95d3e54a43a746a10c2ea

SHA1
036a0492fbf3f4db80df593a59338856ebbc19ae

SHA256
49ba52ac8c19de8606b3e2655c7d591dfaeceb64b74627c87797daa448d4ef08

SHA512
5f835f5b5a67a5736e82a85fd10d4c9ee15685029bc462b1f0fe16ca805335b1811e7431caab18dd225ab8ce69de0b99b73d8e946c39112ca28f2d67a245947c

Download Submit
C:\Users\Admin\AppData\Local\Temp\00294823\[email protected]\content\bg.js

Filesize
9KB

MD5
f519d34ddb93caee5f9235e64649aa28

SHA1
ba72188abe18a66d33040d906a26000e59725f53

SHA256
fa0e710ad33a2bdf631575691758fa9be7e8013043620ca2e55971a22ede4c34

SHA512
d4482f472a43e7c813393aa81450825e46cd5be8d307b1a480c8e1802a2de0e5bd6505da5483afae8e5adc73c5154ef31e2b7a4f48970f234cef2e1f281654fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\00294823\[email protected]\install.rdf

Filesize
603B

MD5
c5a78add0c5f9ecbaa6d692d27430b77

SHA1
e9ea956be7622183d3beee7a0a3390c5495128c6

SHA256
b3b83202b0c083e02f9fc2cff8ee77aa0cc0626d7e2bf7d42ba707c2966ad85c

SHA512
8d8ef7776385714dcebd2e00fb1e5dcde7e9632b3684b4b975b2fcbe2f412a5c19afbcfee7ebfd18daa6ed7d1fa126843317e53c8af97f50d0e8c984cb0e9709

Download Submit
C:\Users\Admin\AppData\Local\Temp\00294823\nppnaeljkgimmaamaphibmkcidkbikfd\1Te.js

Filesize
5KB

MD5
3ed32ecfbf530c93ff4e271ea636a789

SHA1
b540c23def9addf0a70681fc9f2b0f1ca64f7f80

SHA256
20e2be719d8233a2ae2916f7a442120576a30bc1817072c9044f23fd3e7d1318

SHA512
542c0285df474cdf8388793127d310dd2bdfce0d3659f566e9c7de7b53730c3c7e67f9cd35ac7abfafe27fa1e953ff41855887ced298d979c2a74561910bf3ea

Download Submit
C:\Users\Admin\AppData\Local\Temp\00294823\nppnaeljkgimmaamaphibmkcidkbikfd\background.html

Filesize
140B

MD5
0b4c32c01bd76075f00efeb569fc2c52

SHA1
96d6d5bc564f8289e3cf86bf18b87d6054274637

SHA256
a90725cc0c8bd888da1bc6e32d60d95eef236a83c0770d6d519002338fbb88a6

SHA512
dcc2747e012a413e09eccd9f55fc04d287086dcad6bd61f069f178254ce4a9d53c18e4b5c8699cc071eeef97eb46c9acf548bccc7a9a59c6445871c93306dfbf

Download Submit
C:\Users\Admin\AppData\Local\Temp\00294823\nppnaeljkgimmaamaphibmkcidkbikfd\content.js

Filesize
197B

MD5
5f9891607f65f433b0690bae7088b2c1

SHA1
b4edb7579dca34dcd00bca5d2c13cbc5c8fac0de

SHA256
fb01e87250ac9985ed08d97f2f99937a52998ea9faebdc88e4071d6517e1ea6b

SHA512
76018b39e4b62ff9ea92709d12b0255f33e8402dfc649ed403382eebc22fb37c347c403534a7792e6b5de0ed0a5d97a09b69f0ffc39031cb0d4c7d79e9440c7c

Download Submit
C:\Users\Admin\AppData\Local\Temp\00294823\nppnaeljkgimmaamaphibmkcidkbikfd\lsdb.js

Filesize
559B

MD5
209b7ae0b6d8c3f9687c979d03b08089

SHA1
6449f8bff917115eef4e7488fae61942a869200f

SHA256
e3cf0049af8b9f6cb4f0223ccb8438f4b0c75863684c944450015868a0c45704

SHA512
1b38d5509283ef25de550b43ef2535dee1a13eff12ad5093f513165a47eec631bcc993242e2ce640f36c61974431ae2555bd6e2a97aba91eb689b7cd4bf25a25

Download Submit
C:\Users\Admin\AppData\Local\Temp\00294823\nppnaeljkgimmaamaphibmkcidkbikfd\manifest.json

Filesize
504B

MD5
64a50cfa61c46058e2b31bc0aa209fef

SHA1
23d088ca274aa7aa237ef8c1cf3882da2a9b5d8a

SHA256
ec42ce0c8fce105097ccf84464a6c27d0c3fdc3f80d3b0a8d992a9c8378f1875

SHA512
b63b486c6588a8d701e3a7e6c6846b3aa338767a3173d6d2549cc14fce43ad54b3de225267317770c5b104a20aeee8e6af4ce74e4e8e12e0e075a5bd9bdd774a

Download Submit
C:\Users\Admin\AppData\Local\Temp\00294823\nppnaeljkgimmaamaphibmkcidkbikfd\sqlite.js

Filesize
1KB

MD5
345c5627c16538c3b5d36a80cd15e41f

SHA1
f8980fda93158072295d0fe7d34ca92e44d04359

SHA256
5d4810c5f890820d527c17aa9f046790b02b88cd4b90c4d6361cacbe0494630d

SHA512
9dc08d3bd2ad443532a57d8f252e4ec8cbb6e02318f7d534de96f6c95c547008ec95adbbebc10483aed2c4fa1d766ed26e7d56b296c3edba7c3ecdd5bae35834

Download Submit
\Users\Admin\AppData\Local\Temp\00294823\4Qq.exe

Filesize
334KB

MD5
8300c91b40229b42301aebc6d8859907

SHA1
0b55e56a6add6b4dd4ceff475a0018a203d02a5a

SHA256
f54a6814ac06c70ef5b738eca4855e49039783d96b70ba1ae461bd90877e53b5

SHA512
0863750da143e1707513f4a2efe1ad6cf81f5a819c7d5496d1629745afffcf72338aa9de90479d5e0936e848f9b260c434fd369027c56be175814086cafd4d8f

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads