8b48e3c623ad628bf9f204f480f80944b68e19e8c4394baaf48c5279083faae3

Analysis

max time kernel
93s
max time network
95s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
02-10-2024 01:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

083a502a5abf059d598631500a148413_JaffaCakes118.exe
Size

255KB
MD5

083a502a5abf059d598631500a148413
SHA1

8c269689fcb5b20f5325111614abc9761081a922
SHA256

8b48e3c623ad628bf9f204f480f80944b68e19e8c4394baaf48c5279083faae3
SHA512

8287be52b2b8f21c8bd316ef02298e9e78f05d4f3810df645f82c361dd6df54bde86bfdc0821a6a0b3fe75b0ea927d6a77a387301c9f1ae48f2057104dd42d59
SSDEEP

6144:h1OgDPdkBAFZWjadD4s5CDoA6tm3yBE79pfgmP9z8vn:h1OgLdaOCMAEm+O9pImRA

Score

7^/10

adware discovery spyware stealer upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral2/files/0x0007000000023462-74.dat	acprotect

Executes dropped EXE 1 IoCs

pid	Process
2972	513c4c8e0974b.exe

Loads dropped DLL 3 IoCs

pid	Process
2972	513c4c8e0974b.exe
2972	513c4c8e0974b.exe
2972	513c4c8e0974b.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops Chrome extension 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\peocloedoldmnemgmpgkdcnmldleopok\1\manifest.json	513c4c8e0974b.exe

Installs/modifies Browser Helper Object 2 TTPs 3 IoCs

BHOs are DLL modules which act as plugins for Internet Explorer.

stealer adware

Modify Registry

T1112

Browser Extensions

T1176

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7783383-C4E7-5761-3FB0-6D134B6688B9}	513c4c8e0974b.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7783383-C4E7-5761-3FB0-6D134B6688B9}\ = "CouponnIt"	513c4c8e0974b.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7783383-C4E7-5761-3FB0-6D134B6688B9}\NoExplorer = "1"	513c4c8e0974b.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/files/0x0007000000023462-74.dat	upx
behavioral2/memory/2972-77-0x00000000747F0000-0x00000000747FA000-memory.dmp	upx

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	083a502a5abf059d598631500a148413_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	513c4c8e0974b.exe

NSIS installer 4 IoCs

installer

resource	yara_rule
behavioral2/files/0x0007000000023448-31.dat	nsis_installer_1
behavioral2/files/0x0007000000023448-31.dat	nsis_installer_2
behavioral2/files/0x0007000000023467-103.dat	nsis_installer_1
behavioral2/files/0x0007000000023467-103.dat	nsis_installer_2

Modifies registry class 45 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}	513c4c8e0974b.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\FLAGS\ = "0"	513c4c8e0974b.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\HELPDIR	513c4c8e0974b.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ProxyStubClsid32	513c4c8e0974b.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib\ = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}"	513c4c8e0974b.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib\ = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}"	513c4c8e0974b.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}	513c4c8e0974b.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ = "ILocalStorage"	513c4c8e0974b.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	513c4c8e0974b.exe
Key created	\REGISTRY\MACHINE\Software\Classes\WOW6432Node\CLSID\{E7783383-C4E7-5761-3FB0-6D134B6688B9}	513c4c8e0974b.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\0\win32\ = "C:\\ProgramData\\CouponnIt\\513c4c8e09784.tlb"	513c4c8e0974b.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib\Version = "1.0"	513c4c8e0974b.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}	513c4c8e0974b.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib\Version = "1.0"	513c4c8e0974b.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib	513c4c8e0974b.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib\Version = "1.0"	513c4c8e0974b.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib	513c4c8e0974b.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ProxyStubClsid32	513c4c8e0974b.exe
Key created	\REGISTRY\MACHINE\Software\Classes\WOW6432Node\CLSID\{E7783383-C4E7-5761-3FB0-6D134B6688B9}\ProgID	513c4c8e0974b.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E7783383-C4E7-5761-3FB0-6D134B6688B9}\ProgID\ = "CouponnIt.1"	513c4c8e0974b.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0	513c4c8e0974b.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\0	513c4c8e0974b.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}	513c4c8e0974b.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}	513c4c8e0974b.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ProxyStubClsid32	513c4c8e0974b.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib	513c4c8e0974b.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib\ = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}"	513c4c8e0974b.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E7783383-C4E7-5761-3FB0-6D134B6688B9}\ = "CouponnIt"	513c4c8e0974b.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E7783383-C4E7-5761-3FB0-6D134B6688B9}\InProcServer32\ = "C:\\ProgramData\\CouponnIt\\513c4c8e09784.dll"	513c4c8e0974b.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E7783383-C4E7-5761-3FB0-6D134B6688B9}\InProcServer32\ThreadingModel = "Apartment"	513c4c8e0974b.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\0\win32	513c4c8e0974b.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\HELPDIR\ = "C:\\ProgramData\\CouponnIt"	513c4c8e0974b.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ = "IIEPluginMain"	513c4c8e0974b.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ = "ILocalStorage"	513c4c8e0974b.exe
Key created	\REGISTRY\MACHINE\Software\Classes\WOW6432Node\CLSID\{E7783383-C4E7-5761-3FB0-6D134B6688B9}\InProcServer32	513c4c8e0974b.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	513c4c8e0974b.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib\ = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}"	513c4c8e0974b.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	513c4c8e0974b.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ = "IIEPluginMain"	513c4c8e0974b.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	513c4c8e0974b.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ProxyStubClsid32	513c4c8e0974b.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\ = "IEPluginLib"	513c4c8e0974b.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\FLAGS	513c4c8e0974b.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib	513c4c8e0974b.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib\Version = "1.0"	513c4c8e0974b.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3400 wrote to memory of 2972	3400	083a502a5abf059d598631500a148413_JaffaCakes118.exe	82
PID 3400 wrote to memory of 2972	3400	083a502a5abf059d598631500a148413_JaffaCakes118.exe	82
PID 3400 wrote to memory of 2972	3400	083a502a5abf059d598631500a148413_JaffaCakes118.exe	82

System policy modification 1 TTPs 2 IoCs

evasion

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID	513c4c8e0974b.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{E7783383-C4E7-5761-3FB0-6D134B6688B9} = "1"	513c4c8e0974b.exe

C:\Users\Admin\AppData\Local\Temp\083a502a5abf059d598631500a148413_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\083a502a5abf059d598631500a148413_JaffaCakes118.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:3400
- C:\Users\Admin\AppData\Local\Temp\7zS8A8D.tmp\513c4c8e0974b.exe
  .\513c4c8e0974b.exe /s
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops Chrome extension
  - Installs/modifies Browser Helper Object
  - System Location Discovery: System Language Discovery
  - Modifies registry class
  - System policy modification
  PID:2972

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Browser Extensions

T1176

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\CouponnIt\uninstall.exe

Filesize
48KB

MD5
f3c79bda3fdf7c5dd24d60400a57cadb

SHA1
1adb606aaeedb246a371c8877c737f0f8c798625

SHA256
a76272ed3bbf23308782a308d428ee805ec77fbb622a830af26cb0ddbbf7377b

SHA512
c43cb957bdea357bd016fe03a8004a48d8117a12106f62876394feba05ad01a321ff6017ffb7b926cc77712f5ab63ea2e4b169a419c444c8f62aa4933f289935

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8A8D.tmp\513c4c8e0974b.exe

Filesize
71KB

MD5
b78633fae8aaf5f7e99e9c736f44f9c5

SHA1
26fc60e29c459891ac0909470ac6c61a1eca1544

SHA256
d205693516dbaf34cfbd216e825190de4de1412e861bc9cb30ce863907b30d22

SHA512
3885b609269b26918ccfcd9069181168c12f4271b6bdfcc51afe176b2dd242d4c0953ac1a4ddaf25abcfaf28a0b694a6269d96ae39bb7b2db2f0140d2d60cd43

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8A8D.tmp\513c4c8e09784.dll

Filesize
115KB

MD5
00ce3831a16a62c6d7ea4b21049e4b22

SHA1
3e48c8d25b196d67722ed20cd36bf3448a4c9136

SHA256
d4bb7937b36973cbf3b12c9500c25ed34103944a69bad9162f3b98f39474529c

SHA512
7633071b26d802aae1250111baa40e5158fb1a1639d76098f2ecd6263adf0e6371d5e9a70d9005b267cb907da84235f4e361f8c8a75b8adbd19a049ab1227619

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8A8D.tmp\513c4c8e09784.tlb

Filesize
18KB

MD5
d5980ff8eb0ef4276fad96fba8fc5018

SHA1
2cb05f8b43aa3ae2f5492f590997eec6ff808fe2

SHA256
ac3a1daa32b1c489f9c2f4413ab35c4fc90b54a52ede0fb53276666e6eeef16f

SHA512
30404f467dd727a7de132fb08cd3c88abf5fb2e7ef18f24af5371b63fd106d6d5757061ec55c7b54daf9844100280670bf2b22a71c89b160048552b5eec12d0c

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8A8D.tmp\[email protected]\bootstrap.js

Filesize
2KB

MD5
a81930ec075b4acab4241c9f19236080

SHA1
7d5748de63623fd45b2b024633dd19a9d1b38e8b

SHA256
5af1c4e98aec5c68ff40aeda0fb3d69befccefca05cb1a3cc37cb48b091e3491

SHA512
6a2179093d9f9d298f247ff3b88d0be55df9508472b39bb990cf907c88196bbb64d8073f21f793b992e22e00a961f8bc07970718f0fc81cd11f3fdbebcf5a829

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8A8D.tmp\[email protected]\chrome.manifest

Filesize
116B

MD5
338ee608a3dc86a14e6feec1632165ac

SHA1
a5a8cae0c22e6dee82ae0b0be1b402630319f6dc

SHA256
7679c72f65a4b4c664704a8faeea452cf0923f096b2a851d22775c896e7f0b7e

SHA512
3186073dc4abf036a433f18ba184bef1b63922437afb8fe2b2f02de1fa3a4fca7e132619d895b6beb0baade6f1df9a193f9c6fab853aa59e8af4a732483a65ba

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8A8D.tmp\[email protected]\content\bg.js

Filesize
8KB

MD5
3a00f7763aa50063c79652e90147958d

SHA1
8a625dc800b488532c81cd746b45f718952b0736

SHA256
44c474489d78e3391f90b52a14b8ae4cb1f75e4e95a479974f316903b4a692fa

SHA512
ee5ecf47d5bd205c64dacd70f5e12f9e998afb76e250fd88a7ddc47d367e50854b1fec2afc92fef94b23f4065f76eea277bf9b65f41f69cfdfd4b4bf0b5f2e9a

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8A8D.tmp\[email protected]\content\zy.xul

Filesize
225B

MD5
82885147b4020b54ae4d19ae5e04100f

SHA1
1f050e38728402ea14a3d2666124c5f0dd61eb36

SHA256
40f0e2af75c7ea28d745a3f79dc2e3ded8268220f3d01b763309d282fc7305c8

SHA512
384c1e6d77f83d294e16e9787f16d3cc2c4b491daf87ae8496117702b024fe2d21cb5fac3b45dda8820c04f5b87f6e6649f765119bef83be6de8eb148849e38a

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8A8D.tmp\[email protected]\install.rdf

Filesize
612B

MD5
b01d627f8df1db385c71ef18e9776a5b

SHA1
e850586e18e64c9911082fc076b6ab12c8e08ca6

SHA256
1afdd1d71c075d8bc4400a26bf777447bf01f26969688b2290d985d5cc49b3a6

SHA512
ac8bdd88fd72425e473dbeb39a655007b1121b96a13aa53aa24320e0439aec41f08dc82a69068cebc76503cacd78edd7e79c5fdef5fde43a4a980dd4566ff1ec

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8A8D.tmp\peocloedoldmnemgmpgkdcnmldleopok\513c4c8e0954d1.39598031.js

Filesize
4KB

MD5
f04cff7c61f3570d9fa965dc5d743fed

SHA1
85225f1d3b0aa1894a937a1202ae4629070c5e59

SHA256
d1bcc52819f0b81ad46dbfabb5b65b06cc4a06a6d2a0aaef2234edf6d2c4d9d4

SHA512
36236c123b5d6bf0b63e80e84122c6a824b5d4830b5edeb038d7099244c6dcf17308824a29620d53722163c25d95109d0d9f615dbdb4cd8d6e59248f4a8cb697

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8A8D.tmp\peocloedoldmnemgmpgkdcnmldleopok\background.html

Filesize
161B

MD5
4ff8b31cb9eef0a6be46e9dfd3bb3e2d

SHA1
7282581ec521fca970142a37b28b8a6fe453bf84

SHA256
f40914e15be45faa92c62b09655ee23ec22f51a37dfdce4a2fb69be727099f4f

SHA512
95a3ba8e99a2a4ffa9a0701fc436041514ab4b18a03db0c84a983d40d6b5ce8acad16004e581b99ef449ed9d25982914dc262023d4361ddf692129ea1c31d5d8

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8A8D.tmp\peocloedoldmnemgmpgkdcnmldleopok\content.js

Filesize
197B

MD5
5f9891607f65f433b0690bae7088b2c1

SHA1
b4edb7579dca34dcd00bca5d2c13cbc5c8fac0de

SHA256
fb01e87250ac9985ed08d97f2f99937a52998ea9faebdc88e4071d6517e1ea6b

SHA512
76018b39e4b62ff9ea92709d12b0255f33e8402dfc649ed403382eebc22fb37c347c403534a7792e6b5de0ed0a5d97a09b69f0ffc39031cb0d4c7d79e9440c7c

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8A8D.tmp\peocloedoldmnemgmpgkdcnmldleopok\lsdb.js

Filesize
559B

MD5
209b7ae0b6d8c3f9687c979d03b08089

SHA1
6449f8bff917115eef4e7488fae61942a869200f

SHA256
e3cf0049af8b9f6cb4f0223ccb8438f4b0c75863684c944450015868a0c45704

SHA512
1b38d5509283ef25de550b43ef2535dee1a13eff12ad5093f513165a47eec631bcc993242e2ce640f36c61974431ae2555bd6e2a97aba91eb689b7cd4bf25a25

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8A8D.tmp\peocloedoldmnemgmpgkdcnmldleopok\manifest.json

Filesize
502B

MD5
e1cd61bce7ce799757b7d9c0ba847446

SHA1
952124225b204125254d6df073c1cfe68005fa49

SHA256
6c99893f305f80c96908703f37580f48e461e8b384374667d08760621de7c2bd

SHA512
d2e64685f1f1896554c12d7d169ccfe8e2fa1370043ead31c3fad932da36906f5fd4ba6bc9231b2b7778faaf282fdb55f8b82e2123cb0274fcdae46e3faef098

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8A8D.tmp\peocloedoldmnemgmpgkdcnmldleopok\sqlite.js

Filesize
1KB

MD5
eca6466b664a20d54f7dd50c58dfb825

SHA1
8b9169cf7f61bfd8fc8ca8714321738c7111d6fb

SHA256
f17710dbfef06ef4271377f5c4ad1e1fde2c9d0d1af84551a2ce309a2e276315

SHA512
05b9e3e088f5ca4d4863bd1856f0b7660b36356e24729f94f2afa63b95824918954d2ff9e1897f1fb2f7326e2ed2963d32650b12a15bb35e13953e7775fd240e

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8A8D.tmp\settings.ini

Filesize
6KB

MD5
693e942f560584fd2b1bc7090ae6cada

SHA1
4a6570f26ebaee7667471ac69970f109f15a300a

SHA256
8197accbeecde0332d6dc89cd851a97d3085054a52998e8bc4d6518f56133337

SHA512
811965cab1cb31d5245fd12f5847e7caef2ba0cc6e93b08330a9282c0c9aafe21f819dbd3a1e3236c41c2c9806e4c8ab07c31e507661ddafb60c1bffd5098bad

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr8B68.tmp\UserInfo.dll

Filesize
4KB

MD5
7579ade7ae1747a31960a228ce02e666

SHA1
8ec8571a296737e819dcf86353a43fcf8ec63351

SHA256
564c80dec62d76c53497c40094db360ff8a36e0dc1bda8383d0f9583138997f5

SHA512
a88bc56e938374c333b0e33cb72951635b5d5a98b9cb2d6785073cbcad23bf4c0f9f69d3b7e87b46c76eb03ced9bb786844ce87656a9e3df4ca24acf43d7a05b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr8B68.tmp\nsJSON.dll

Filesize
7KB

MD5
b9cd1b0fd3af89892348e5cc3108dce7

SHA1
f7bc59bf631303facfc970c0da67a73568e1dca6

SHA256
49b173504eb9cd07e42a3c4deb84c2cd3f3b49c7fb0858aee43ddfc64660e384

SHA512
fdcbdd21b831a92ca686aab5b240f073a89a08588e42439564747cad9160d79cfa8e3c103b6b4f2917684c1a591880203b4303418b85bc040f9f00b6658b0c90

Download Submit
memory/2972-77-0x00000000747F0000-0x00000000747FA000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads