b26a6b3a14460aca11b172d892972317d9d5bae8b5f9f0ca703ab74fc7309e71

Analysis

max time kernel
150s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20240910-en
resource tags

arch:x64arch:x86image:win10v2004-20240910-enlocale:en-usos:windows10-2004-x64system
submitted
04/10/2024, 22:30

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

1525ca05d6cd7b4d42fc0c5da09865d2_JaffaCakes118.exe
Size

255KB
MD5

1525ca05d6cd7b4d42fc0c5da09865d2
SHA1

f4b7bdb81ce56300ded5a9fa2e00862962a600b1
SHA256

b26a6b3a14460aca11b172d892972317d9d5bae8b5f9f0ca703ab74fc7309e71
SHA512

e2711bb0a4acde51ebf5a5f8cb3bb717f8f911f9b1aa1fac7f4242d5088ad68d2638f5ac0f187ab41433ef3d0d863b19fbbb975302d6585fd0976ac27736e22c
SSDEEP

6144:h1OgDPdkBAFZWjadD4s5q8I7nWPwjoJhBtwJDp:h1OgLdaOMnqBOP

Score

7^/10

adware discovery spyware stealer upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral2/files/0x0007000000023cec-74.dat	acprotect

Executes dropped EXE 1 IoCs

pid	Process
3540	51e16161c1165.exe

Loads dropped DLL 3 IoCs

pid	Process
3540	51e16161c1165.exe
3540	51e16161c1165.exe
3540	51e16161c1165.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops Chrome extension 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfknnjlcocgnemcapkjhoeegddnohkdp\1\manifest.json	51e16161c1165.exe

Installs/modifies Browser Helper Object 2 TTPs 3 IoCs

BHOs are DLL modules which act as plugins for Internet Explorer.

stealer adware

Modify Registry

T1112

Browser Extensions

T1176

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8594BC43-86A7-325F-4F16-E447FC7F6E2E}	51e16161c1165.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8594BC43-86A7-325F-4F16-E447FC7F6E2E}\ = "SearchNewTab"	51e16161c1165.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8594BC43-86A7-325F-4F16-E447FC7F6E2E}\NoExplorer = "1"	51e16161c1165.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/files/0x0007000000023cec-74.dat	upx
behavioral2/memory/3540-78-0x0000000074A30000-0x0000000074A3A000-memory.dmp	upx

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1525ca05d6cd7b4d42fc0c5da09865d2_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	51e16161c1165.exe

NSIS installer 4 IoCs

installer

resource	yara_rule
behavioral2/files/0x0007000000023cd3-31.dat	nsis_installer_1
behavioral2/files/0x0007000000023cd3-31.dat	nsis_installer_2
behavioral2/files/0x0007000000023cf0-103.dat	nsis_installer_1
behavioral2/files/0x0007000000023cf0-103.dat	nsis_installer_2

Modifies registry class 45 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\0\win32\ = "C:\\ProgramData\\SearchNewTab\\51e16161c119e.tlb"	51e16161c1165.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\HELPDIR\ = "C:\\ProgramData\\SearchNewTab"	51e16161c1165.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	51e16161c1165.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ProxyStubClsid32	51e16161c1165.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\HELPDIR	51e16161c1165.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ProxyStubClsid32	51e16161c1165.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	51e16161c1165.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib\Version = "1.0"	51e16161c1165.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib\ = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}"	51e16161c1165.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib\Version = "1.0"	51e16161c1165.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}	51e16161c1165.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\ = "IEPluginLib"	51e16161c1165.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\0\win32	51e16161c1165.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib\ = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}"	51e16161c1165.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib\Version = "1.0"	51e16161c1165.exe
Key created	\REGISTRY\MACHINE\Software\Classes\WOW6432Node\CLSID\{8594BC43-86A7-325F-4F16-E447FC7F6E2E}\InProcServer32	51e16161c1165.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\FLAGS\ = "0"	51e16161c1165.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	51e16161c1165.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib	51e16161c1165.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}	51e16161c1165.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib	51e16161c1165.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}	51e16161c1165.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	51e16161c1165.exe
Key created	\REGISTRY\MACHINE\Software\Classes\WOW6432Node\CLSID\{8594BC43-86A7-325F-4F16-E447FC7F6E2E}	51e16161c1165.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ = "IIEPluginMain"	51e16161c1165.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib\ = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}"	51e16161c1165.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ = "ILocalStorage"	51e16161c1165.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ProxyStubClsid32	51e16161c1165.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8594BC43-86A7-325F-4F16-E447FC7F6E2E}\ = "SearchNewTab"	51e16161c1165.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ProxyStubClsid32	51e16161c1165.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ = "ILocalStorage"	51e16161c1165.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}	51e16161c1165.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8594BC43-86A7-325F-4F16-E447FC7F6E2E}\InProcServer32\ThreadingModel = "Apartment"	51e16161c1165.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib\Version = "1.0"	51e16161c1165.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0	51e16161c1165.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\FLAGS	51e16161c1165.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\0	51e16161c1165.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}	51e16161c1165.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ = "IIEPluginMain"	51e16161c1165.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib	51e16161c1165.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib	51e16161c1165.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib\ = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}"	51e16161c1165.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8594BC43-86A7-325F-4F16-E447FC7F6E2E}\InProcServer32\ = "C:\\ProgramData\\SearchNewTab\\51e16161c119e.dll"	51e16161c1165.exe
Key created	\REGISTRY\MACHINE\Software\Classes\WOW6432Node\CLSID\{8594BC43-86A7-325F-4F16-E447FC7F6E2E}\ProgID	51e16161c1165.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8594BC43-86A7-325F-4F16-E447FC7F6E2E}\ProgID\ = "SearchNewTab.1"	51e16161c1165.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2836 wrote to memory of 3540	2836	1525ca05d6cd7b4d42fc0c5da09865d2_JaffaCakes118.exe	84
PID 2836 wrote to memory of 3540	2836	1525ca05d6cd7b4d42fc0c5da09865d2_JaffaCakes118.exe	84
PID 2836 wrote to memory of 3540	2836	1525ca05d6cd7b4d42fc0c5da09865d2_JaffaCakes118.exe	84

System policy modification 1 TTPs 2 IoCs

evasion

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID	51e16161c1165.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{8594BC43-86A7-325F-4F16-E447FC7F6E2E} = "1"	51e16161c1165.exe

C:\Users\Admin\AppData\Local\Temp\1525ca05d6cd7b4d42fc0c5da09865d2_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\1525ca05d6cd7b4d42fc0c5da09865d2_JaffaCakes118.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2836
- C:\Users\Admin\AppData\Local\Temp\7zSD7B3.tmp\51e16161c1165.exe
  .\51e16161c1165.exe /s
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops Chrome extension
  - Installs/modifies Browser Helper Object
  - System Location Discovery: System Language Discovery
  - Modifies registry class
  - System policy modification
  PID:3540

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Browser Extensions

T1176

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\SearchNewTab\uninstall.exe

Filesize
48KB

MD5
f3c79bda3fdf7c5dd24d60400a57cadb

SHA1
1adb606aaeedb246a371c8877c737f0f8c798625

SHA256
a76272ed3bbf23308782a308d428ee805ec77fbb622a830af26cb0ddbbf7377b

SHA512
c43cb957bdea357bd016fe03a8004a48d8117a12106f62876394feba05ad01a321ff6017ffb7b926cc77712f5ab63ea2e4b169a419c444c8f62aa4933f289935

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSD7B3.tmp\51e16161c1165.exe

Filesize
71KB

MD5
b78633fae8aaf5f7e99e9c736f44f9c5

SHA1
26fc60e29c459891ac0909470ac6c61a1eca1544

SHA256
d205693516dbaf34cfbd216e825190de4de1412e861bc9cb30ce863907b30d22

SHA512
3885b609269b26918ccfcd9069181168c12f4271b6bdfcc51afe176b2dd242d4c0953ac1a4ddaf25abcfaf28a0b694a6269d96ae39bb7b2db2f0140d2d60cd43

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSD7B3.tmp\51e16161c119e.dll

Filesize
116KB

MD5
05234975b085632d70d89c2f420c5107

SHA1
078fb2a3e5de54c3737a4541242a4725c02c6b9c

SHA256
a758ad4fdc8949ea005258075457a972eb0672d69d98d688117b85221fca096a

SHA512
f9fa6aee142e32875127feadebbe235f4f376b0c3b7415036b8afc81c0a09a8ba0c5ec9e1703f1a34b220b7646caa1ca02629918185c4afbafe6926014044c4e

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSD7B3.tmp\51e16161c119e.tlb

Filesize
18KB

MD5
c1e296ff01d3cf37f91c7473bdd9de52

SHA1
832e3d1ddeb5a0ceb5b13c1ee271eb94bf9bf2a6

SHA256
a8e54ad3e1fbc91d5a7b02bf177a24a02f2558419ce46859bf15859b81478492

SHA512
aeb1f3962746caa3858c27b4753959d5ec9db2727e94642d5db2710633a96e7ceef5f9c0ff3b358f83143b6594459b5d9a94e095fed7a5d1fa97ae6a3c4e564c

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSD7B3.tmp\hfknnjlcocgnemcapkjhoeegddnohkdp\51e16161c0f512.07788085.js

Filesize
4KB

MD5
0dc74e7b168398c1d946055c117b1f9c

SHA1
045cf51301981f699deb161a8d2d7304c304c036

SHA256
c63c99c255f91c70fc44de29a289f06b5d136d24fbf5dbab6bcf29ceb4f7b831

SHA512
43b645a998bccbf062e6ef1391927b5a668c3e3ae27c68072c1ee7f1134fb5a32bfce0defe683ac0b3c37a69194d85448a110e641cb89683c5065464d0c73da3

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSD7B3.tmp\hfknnjlcocgnemcapkjhoeegddnohkdp\background.html

Filesize
161B

MD5
88a6fc194f27a01a93e1baa7cca214ff

SHA1
7bd0252015408f6f11dc46ba0313da58fe0d6dec

SHA256
8c49b74cd1d559ea2f1c02691564cbc3fb3c754ac0e99b61ae16d58cc77ff495

SHA512
ba8428a4fdfc943517129f7dfa800ec952359e4b1f271edeb164faf226daed15228c959a12a5800a6525718beb57766ccf28467bea2803272bdc6c05a5a6341c

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSD7B3.tmp\hfknnjlcocgnemcapkjhoeegddnohkdp\content.js

Filesize
197B

MD5
5f9891607f65f433b0690bae7088b2c1

SHA1
b4edb7579dca34dcd00bca5d2c13cbc5c8fac0de

SHA256
fb01e87250ac9985ed08d97f2f99937a52998ea9faebdc88e4071d6517e1ea6b

SHA512
76018b39e4b62ff9ea92709d12b0255f33e8402dfc649ed403382eebc22fb37c347c403534a7792e6b5de0ed0a5d97a09b69f0ffc39031cb0d4c7d79e9440c7c

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSD7B3.tmp\hfknnjlcocgnemcapkjhoeegddnohkdp\lsdb.js

Filesize
559B

MD5
209b7ae0b6d8c3f9687c979d03b08089

SHA1
6449f8bff917115eef4e7488fae61942a869200f

SHA256
e3cf0049af8b9f6cb4f0223ccb8438f4b0c75863684c944450015868a0c45704

SHA512
1b38d5509283ef25de550b43ef2535dee1a13eff12ad5093f513165a47eec631bcc993242e2ce640f36c61974431ae2555bd6e2a97aba91eb689b7cd4bf25a25

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSD7B3.tmp\hfknnjlcocgnemcapkjhoeegddnohkdp\manifest.json

Filesize
555B

MD5
b43fc93b920a4acbd657869fd8926b7b

SHA1
5c167d5778482b59777743af4d49982f8c6804d8

SHA256
03661b8e5ce1e7c8ab167e91b7929c432bcb7295963dff40b8ed0f4283e8af41

SHA512
e6d96dc06cb39ff30f49b67d03dc9f3ea60cce71a06c656112397ca2f2d4cc2b39e0cc009b96918c6b8fc9119f6fe53272bc52c55e5e7929231a8d533ddae8ea

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSD7B3.tmp\hfknnjlcocgnemcapkjhoeegddnohkdp\newtab.html

Filesize
368B

MD5
047a2ab34306fa66de95c7c8ac05d66c

SHA1
92957dadf01d9a8e64d9554bc4c8a865e82cb096

SHA256
40bf2a5f2224d9552ad29578c3227d555f6fbc1e1af0b316d4b1fb5d48f6eb3c

SHA512
d4106eb36ca97d1b703a1c2a5608f45be8dfa62f55cafad59723349df2144035477b256a67298bba22bd98eba6f540ceb4637b848dd3d2ce31dcf85d9990b120

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSD7B3.tmp\hfknnjlcocgnemcapkjhoeegddnohkdp\sqlite.js

Filesize
1KB

MD5
49a0ef760f62d8d554797f3630aa4641

SHA1
590ab4954c970cf1cf53b593815189ce6206c68b

SHA256
2e2c1b00e51f46e93c51bdcbb8d2590c855857b74fb4351878fe86b064b0b50b

SHA512
471eb32b9374ba2db40f0f6eb4064dca9762ad71206434a6705a1867420d915730c487e85cc496bd74ecf4417c46b7690ca2a11c547287d2d90ce178a385ffa3

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSD7B3.tmp\settings.ini

Filesize
7KB

MD5
651a415baf04ce59c7bae9090a98e674

SHA1
41587beffb32877a983de21645d6ae8a8cafe52f

SHA256
7e3b7fd4047d5ff80f28a776d5868f2c79d055ee05d3ea1c6786f35656c6209d

SHA512
2edd3f52ad2b73e13ee3eb047cbd56539256724515498eee12b0ceb2e5fa23e79386c573b3bb3cf865f31d39a3d7c57f0b6d8dd44bf4c92e8c3133bf5957276e

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSD7B3.tmp\[email protected]\bootstrap.js

Filesize
2KB

MD5
1cb4c3a279b1ca9238c4670b73d977fa

SHA1
b35c065a4d38c77290c393814ad222ac67474e61

SHA256
b66d4780535cc97b091aaeaf169996164cd5ae07b0673ac0aa9925698d3675e7

SHA512
f16d06e4b620e6ae0e76bb0a6eadf18721c55a9d737a2c41eae3fc4f19114edc96bed74f3538b5b0048dc89bd8b3085dae5e39187cf7e87e43a8d44320873395

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSD7B3.tmp\[email protected]\chrome.manifest

Filesize
116B

MD5
6c59e51001544ea6cf2578330058a36d

SHA1
61499a8075cf7e893488bb68eb850810919c689d

SHA256
38cc29f401b96be53ea21b679fd53e06d1686f9b245d20ef5abd5d025a221055

SHA512
12a74f879be4eb68d0377765b5a23304e72d73daf8f82d78312975f0a9e1169e927a89e59320d8a4a2c4aad71554786136993ee4d89e8dc07c0c9a1a5f122881

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSD7B3.tmp\[email protected]\content\bg.js

Filesize
8KB

MD5
319ba08612c332676b58b79d189a2d8d

SHA1
c22adb8a41e9a23d44e57ac346a8c49b1def4d91

SHA256
3671bc74f4b4d0ccb9df77f597da29242c0c2cc0c85f76de81ecf0a4467618e7

SHA512
cffa355c273b87d2db81ca6bb582cfd5496092413e1755dd2e5919de7dcd5905f8c1be24011af84a1b7a0bb64678dce4cd819776d4f12775e317c98faa15c73c

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSD7B3.tmp\[email protected]\install.rdf

Filesize
606B

MD5
82f7285e00e9dfb4fd1f7ac7cf69ab12

SHA1
10071f84a9c0cbca6beadc646c9a2ea0d4d1383c

SHA256
083beaaaedd84892bb32d0cd63694db5087acc07c72a161329ce6741a2c824f8

SHA512
20e46710f0229f369b609070aab56215e7ad70ac11e642cc3678203fa2397053ebd8ff04d10edd7866c4f8090624e694c47df8ef9ea765b064909f9c2a62c5ab

Download Submit
C:\Users\Admin\AppData\Local\Temp\nscD91B.tmp\UserInfo.dll

Filesize
4KB

MD5
7579ade7ae1747a31960a228ce02e666

SHA1
8ec8571a296737e819dcf86353a43fcf8ec63351

SHA256
564c80dec62d76c53497c40094db360ff8a36e0dc1bda8383d0f9583138997f5

SHA512
a88bc56e938374c333b0e33cb72951635b5d5a98b9cb2d6785073cbcad23bf4c0f9f69d3b7e87b46c76eb03ced9bb786844ce87656a9e3df4ca24acf43d7a05b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nscD91B.tmp\nsJSON.dll

Filesize
7KB

MD5
b9cd1b0fd3af89892348e5cc3108dce7

SHA1
f7bc59bf631303facfc970c0da67a73568e1dca6

SHA256
49b173504eb9cd07e42a3c4deb84c2cd3f3b49c7fb0858aee43ddfc64660e384

SHA512
fdcbdd21b831a92ca686aab5b240f073a89a08588e42439564747cad9160d79cfa8e3c103b6b4f2917684c1a591880203b4303418b85bc040f9f00b6658b0c90

Download Submit
memory/3540-78-0x0000000074A30000-0x0000000074A3A000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads