b65a7b147b025ffd37b25b1d7a5a66260f5d1efe27042408f5c5a1057cb595b4

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
02-10-2024 01:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0856f988aa572da11cabc633d67b1734_JaffaCakes118.exe
Size

725KB
MD5

0856f988aa572da11cabc633d67b1734
SHA1

a03a7514b28fc1be520fa7641a5f1156a7dea7c1
SHA256

b65a7b147b025ffd37b25b1d7a5a66260f5d1efe27042408f5c5a1057cb595b4
SHA512

b699a0396a1abfe9e5220273f6b3a782e0676deece4b6064514c6c657f36e91125829bbc79e0cabc953679a9ecbbd328ddb66f7eff621830c292ad86373488e6
SSDEEP

12288:h1OgLdaOYo99/rsFEt5hDG0SAMs9jR/jeRJKu9TJdwYGZtyjTje5jOSpJ3:h1OYdaOYOBsFEt5hDG0SAMs9jR/jaJnm

Score

7^/10

adware discovery spyware stealer

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2672	MwySv5ZP.exe

Loads dropped DLL 2 IoCs

pid	Process
2932	0856f988aa572da11cabc633d67b1734_JaffaCakes118.exe
2672	MwySv5ZP.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops Chrome extension 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkcmeghmmkihplfgbedoeakdhoamhnkf\5.10\manifest.json	MwySv5ZP.exe

Installs/modifies Browser Helper Object 2 TTPs 4 IoCs

BHOs are DLL modules which act as plugins for Internet Explorer.

stealer adware

Modify Registry

T1112

Browser Extensions

T1176

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{2365D2D1-3A14-6F22-3664-0BD0DFC38094}\ = "saavEnshare"	MwySv5ZP.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{2365D2D1-3A14-6F22-3664-0BD0DFC38094}\NoExplorer = "1"	MwySv5ZP.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{2365D2D1-3A14-6F22-3664-0BD0DFC38094}	MwySv5ZP.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{2365D2D1-3A14-6F22-3664-0BD0DFC38094}	MwySv5ZP.exe

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	0856f988aa572da11cabc633d67b1734_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MwySv5ZP.exe

Modifies Internet Explorer settings 1 TTPs 4 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration	MwySv5ZP.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration\{2365D2D1-3A14-6F22-3664-0BD0DFC38094}	MwySv5ZP.exe
Key deleted	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration\{2365D2D1-3A14-6F22-3664-0BD0DFC38094}	MwySv5ZP.exe
Key deleted	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration	MwySv5ZP.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\HELPDIR	MwySv5ZP.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\e.savEnshAre	MwySv5ZP.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\e.5.10\CLSID\ = "{2365D2D1-3A14-6F22-3664-0BD0DFC38094}"	MwySv5ZP.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2365D2D1-3A14-6F22-3664-0BD0DFC38094}\VersionIndependentProgID\ = "savEnshAre e"	MwySv5ZP.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\e.5.10\ = "saavEnshare"	MwySv5ZP.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2365D2D1-3A14-6F22-3664-0BD0DFC38094}\InprocServer32\ = "C:\\ProgramData\\saavEnshare\\_SuWBZg.dll"	MwySv5ZP.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2365D2D1-3A14-6F22-3664-0BD0DFC38094}\InprocServer32\ThreadingModel = "Apartment"	MwySv5ZP.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib\ = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}"	MwySv5ZP.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ = "ILocalStorage"	MwySv5ZP.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}	MwySv5ZP.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	MwySv5ZP.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ProxyStubClsid32	MwySv5ZP.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2365D2D1-3A14-6F22-3664-0BD0DFC38094}	MwySv5ZP.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2365D2D1-3A14-6F22-3664-0BD0DFC38094}\VersionIndependentProgID	MwySv5ZP.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0	MwySv5ZP.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\e\ = "saavEnshare"	MwySv5ZP.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\0\win32\ = "C:\\ProgramData\\saavEnshare\\_SuWBZg.tlb"	MwySv5ZP.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}	MwySv5ZP.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2365D2D1-3A14-6F22-3664-0BD0DFC38094}\InprocServer32	MwySv5ZP.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib\ = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}"	MwySv5ZP.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2365D2D1-3A14-6F22-3664-0BD0DFC38094}\ProgID\ = "savEnshAre e.5.10"	MwySv5ZP.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2365D2D1-3A14-6F22-3664-0BD0DFC38094}\VersionIndependentProgID	MwySv5ZP.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ = "IIEPluginMain"	MwySv5ZP.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib\ = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}"	MwySv5ZP.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}	MwySv5ZP.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\e.5.10	MwySv5ZP.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\e	MwySv5ZP.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\e\CurVer	MwySv5ZP.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib\ = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}"	MwySv5ZP.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	MwySv5ZP.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib	MwySv5ZP.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib\Version = "1.0"	MwySv5ZP.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ProxyStubClsid32	MwySv5ZP.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\e\CLSID\ = "{2365D2D1-3A14-6F22-3664-0BD0DFC38094}"	MwySv5ZP.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ProxyStubClsid32	MwySv5ZP.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	MwySv5ZP.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib	MwySv5ZP.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib\Version = "1.0"	MwySv5ZP.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2365D2D1-3A14-6F22-3664-0BD0DFC38094}\ProgID	MwySv5ZP.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\FLAGS\ = "0"	MwySv5ZP.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ProxyStubClsid32	MwySv5ZP.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}	MwySv5ZP.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2365D2D1-3A14-6F22-3664-0BD0DFC38094}\ProgID	MwySv5ZP.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib	MwySv5ZP.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib	MwySv5ZP.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\FLAGS	MwySv5ZP.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	MwySv5ZP.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\savEnshAre	MwySv5ZP.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\e.5.10\CLSID	MwySv5ZP.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2365D2D1-3A14-6F22-3664-0BD0DFC38094}	MwySv5ZP.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2365D2D1-3A14-6F22-3664-0BD0DFC38094}\Programmable	MwySv5ZP.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ = "ILocalStorage"	MwySv5ZP.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\0\win32	MwySv5ZP.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\HELPDIR\ = "C:\\ProgramData\\saavEnshare"	MwySv5ZP.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ = "IIEPluginMain"	MwySv5ZP.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2365D2D1-3A14-6F22-3664-0BD0DFC38094}\ = "saavEnshare"	MwySv5ZP.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2365D2D1-3A14-6F22-3664-0BD0DFC38094}\InprocServer32	MwySv5ZP.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\ = "IEPluginLib"	MwySv5ZP.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\e\CLSID	MwySv5ZP.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib\Version = "1.0"	MwySv5ZP.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\0	MwySv5ZP.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib\Version = "1.0"	MwySv5ZP.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\e\CurVer\ = "savEnshAre e.5.10"	MwySv5ZP.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2365D2D1-3A14-6F22-3664-0BD0DFC38094}\Programmable	MwySv5ZP.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2932 wrote to memory of 2672	2932	0856f988aa572da11cabc633d67b1734_JaffaCakes118.exe	31
PID 2932 wrote to memory of 2672	2932	0856f988aa572da11cabc633d67b1734_JaffaCakes118.exe	31
PID 2932 wrote to memory of 2672	2932	0856f988aa572da11cabc633d67b1734_JaffaCakes118.exe	31
PID 2932 wrote to memory of 2672	2932	0856f988aa572da11cabc633d67b1734_JaffaCakes118.exe	31
PID 2932 wrote to memory of 2672	2932	0856f988aa572da11cabc633d67b1734_JaffaCakes118.exe	31
PID 2932 wrote to memory of 2672	2932	0856f988aa572da11cabc633d67b1734_JaffaCakes118.exe	31
PID 2932 wrote to memory of 2672	2932	0856f988aa572da11cabc633d67b1734_JaffaCakes118.exe	31

System policy modification 1 TTPs 2 IoCs

evasion

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID	MwySv5ZP.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{2365D2D1-3A14-6F22-3664-0BD0DFC38094} = "1"	MwySv5ZP.exe

C:\Users\Admin\AppData\Local\Temp\0856f988aa572da11cabc633d67b1734_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\0856f988aa572da11cabc633d67b1734_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2932
- C:\Users\Admin\AppData\Local\Temp\7zSEC33.tmp\MwySv5ZP.exe
  .\MwySv5ZP.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops Chrome extension
  - Installs/modifies Browser Helper Object
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Modifies registry class
  - System policy modification
  PID:2672

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Browser Extensions

T1176

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\7zSEC33.tmp\[email protected]\bootstrap.js

Filesize
2KB

MD5
1b53c596cfb1aa2209446ff64c17dabd

SHA1
2542da14728dcdbe1763f1ee39fe9ceae38ad414

SHA256
a7dfea4bf7e1d46a8b8e64ccfb2cf35017e3a5b350eead26d6671254d2b3c46f

SHA512
be54481675c38ef6a41697cf8cd3ab5a0b126922b192732a9c587dd8905b74b66c79eb0c849f62bbe8934979a894be63734b0ad59ffae295f5797cbfaa327030

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSEC33.tmp\[email protected]\chrome.manifest

Filesize
108B

MD5
5c5a5f0adeb9513c7db1040d3efaa303

SHA1
113f24b84f6e6109af26d988eaba3500849fe3b6

SHA256
f1bdbd9ad6f09d0f8229210f19458ca7bc4823763baed788aa081e804fefea76

SHA512
7158a1f7e91eec43a63be015bff913482906f327522c7c2e5e622c2eba7779c4e081781bc44605fc67be76c8453ce662e2b0200035a96747d175ff9b2daae804

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSEC33.tmp\[email protected]\content\bg.js

Filesize
9KB

MD5
4f1edd1d173c664d927a8af9a8acc342

SHA1
91d68fd1ee2b86b785e39539aa60bb2bae317709

SHA256
200ca7d7542b6b8d911224a8124619abcb026fe141c0dee19a6c669841ce7d99

SHA512
0c20d23f1daa770f4caa4ce034e657ca5ece9877a8c6423d3dd04c4833089d6b5755d418fd05a497694a3a31e92614ab4c0f689befc50c0600cb1587945cbf44

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSEC33.tmp\[email protected]\install.rdf

Filesize
605B

MD5
450898dd75e71f58f910f611f11d9048

SHA1
2c14688bff5b2602bdbebf3a9033480daae0996c

SHA256
375c1e0f08d123228b39caa174ef057d54961bac8b4ae1b0673449de9d092e77

SHA512
38e35e49d3227b19db152267d03cb8ff599f75dc2ba10549997b56a08ca86cecbdfa6c697369a3490a8bb45d8f45c7b24997f551c583338a92efbc456b716c0b

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSEC33.tmp\6709291903563458768.log

Filesize
3KB

MD5
4fe9eb7b103ed19901cf5c6820987f18

SHA1
d972b7b111faad4ee68d366b6fef3ccf7756e96b

SHA256
945b9934864387e88a0b9a42b290d4b56123f65dd24c3efdf033addfc17e9faa

SHA512
eefa3699414706eec8a473a2affab916883a54c59427c1eef216c4b506dd14f53eefd19aa1d08af36a2de3142fa0186e4feccc5f595fa074ccde0b237c3d019f

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSEC33.tmp\MwySv5ZP.dat

Filesize
7KB

MD5
d1920b4d7f6235284a2eb1ab5db996d9

SHA1
7a30edf45e29c7db0ad408b4f3ad8a54ae7a8e5d

SHA256
b86cea16e8d3a38ffc802fefda04f1dff5eb96617f5bf19a06a96fd3fd33de24

SHA512
7d341535f5e70e2c3b1d0b4d7500862da61325f3274f02500508777f78df1fe249fb38b7d2bcb32c9851a12ff9a9a92989d07adb57cb2584dbf36cf6268e1c24

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSEC33.tmp\MwySv5ZP.exe

Filesize
334KB

MD5
8300c91b40229b42301aebc6d8859907

SHA1
0b55e56a6add6b4dd4ceff475a0018a203d02a5a

SHA256
f54a6814ac06c70ef5b738eca4855e49039783d96b70ba1ae461bd90877e53b5

SHA512
0863750da143e1707513f4a2efe1ad6cf81f5a819c7d5496d1629745afffcf72338aa9de90479d5e0936e848f9b260c434fd369027c56be175814086cafd4d8f

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSEC33.tmp\_SuWBZg.dll

Filesize
222KB

MD5
e9b27306a18f18b88945cdf066de2fc9

SHA1
4d18490fbb336e261301a967047065dd561cc2f2

SHA256
a9880b90d24af3786886306aefe5c79ff3cb2fb7b36ee5fb7bf2af85f240d63c

SHA512
f255e8bfb13cfa070b31f47b12a4aacf9ab75a6a8191b6b83740d02c3f007b6d5255a5c2c12bc7b599996742973d2faccb5463d96d16c7aba40e34776823c706

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSEC33.tmp\_SuWBZg.tlb

Filesize
2KB

MD5
39d776f73d1d3f771aaa8c3561367c3a

SHA1
eef842aa02927bd7fbe7d569c5446ef1a2ea065f

SHA256
c2156787eeb818e587529572599fa124773c71330fb93e1c79f4cb9141090941

SHA512
3174095accbf422730e60f61523dec01a9a4519cb4642a641c5f547d530ad41f5386d383b90f7daf34f1f36635775929e99d7fe0030aa24cee30f4de8376eeb3

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSEC33.tmp\lkcmeghmmkihplfgbedoeakdhoamhnkf\background.html

Filesize
145B

MD5
b829a4165844e3bc02db6ce84a31a336

SHA1
84e9caddc3deac875e524ef451fccde1030ae23c

SHA256
507ac4ef47950d37ae7494f968418697d78083ee3d3b235afefdeea6edc9c029

SHA512
a98ba827efe32eb5378bd8072b1387e81595a909e208a5b8d7fe7f86c884224d29683e2e5220fa40a0b75aca56990f37bb923ff7704f94dfcae6499cf77c5ac3

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSEC33.tmp\lkcmeghmmkihplfgbedoeakdhoamhnkf\content.js

Filesize
197B

MD5
5f9891607f65f433b0690bae7088b2c1

SHA1
b4edb7579dca34dcd00bca5d2c13cbc5c8fac0de

SHA256
fb01e87250ac9985ed08d97f2f99937a52998ea9faebdc88e4071d6517e1ea6b

SHA512
76018b39e4b62ff9ea92709d12b0255f33e8402dfc649ed403382eebc22fb37c347c403534a7792e6b5de0ed0a5d97a09b69f0ffc39031cb0d4c7d79e9440c7c

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSEC33.tmp\lkcmeghmmkihplfgbedoeakdhoamhnkf\lsdb.js

Filesize
559B

MD5
209b7ae0b6d8c3f9687c979d03b08089

SHA1
6449f8bff917115eef4e7488fae61942a869200f

SHA256
e3cf0049af8b9f6cb4f0223ccb8438f4b0c75863684c944450015868a0c45704

SHA512
1b38d5509283ef25de550b43ef2535dee1a13eff12ad5093f513165a47eec631bcc993242e2ce640f36c61974431ae2555bd6e2a97aba91eb689b7cd4bf25a25

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSEC33.tmp\lkcmeghmmkihplfgbedoeakdhoamhnkf\manifest.json

Filesize
505B

MD5
85ef1420d140c13a06e9c58958e008c9

SHA1
5c11b1cda98b87e610260593b3f0833a97da6b8e

SHA256
89a3642a99c31663dc7540b41d84055ebb12dad410098620defa832aa207dcf7

SHA512
d922c75c30bf58a3e71cf5a5733fda4bf9bfbe0993b97d3ef3b86c46fd08ab4106162962a2d0c9c35061c002070eca49fe585142fa395f93866cdf32a89c0bfb

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSEC33.tmp\lkcmeghmmkihplfgbedoeakdhoamhnkf\nHuY0ZDG.js

Filesize
5KB

MD5
c025517859418014ade5914aba290571

SHA1
894b179b9f33ac0aeb25cf8fc953cb03208011fb

SHA256
35c0230ebfd87b4404356d56db70917fbaea77196a1d3edec758167eb15f8272

SHA512
ae248cedad8ad486d4a98365956ffcf15cb6bc13a31b27cc026093a5f360dbe6bcf9db67e2fa9d59196363411134c1a9efe3151df8ab9dd99637e3ab9b580c5e

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSEC33.tmp\lkcmeghmmkihplfgbedoeakdhoamhnkf\sqlite.js

Filesize
1KB

MD5
adb6386215af17a4f81343616a6a7b05

SHA1
27b4a3212f18ac26dd443bccbdf8b2743f891de5

SHA256
1b9fbed941fc61e528632006b3e2731777626d338b0cd501784dc5011772e332

SHA512
93fa0ef4fc415a5e64289e9d7b5734ee398692dfa1e981edd29c0847098a6259c07451a393b621f164077de5a047a2aeb4be5deb7fc3871509ad47eb7a28556d

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads