a8c0000cccea652864c0bd5eae58f0a37453f91633f15ce5e5cd343d123b6f11

Analysis

max time kernel
93s
max time network
94s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
04/10/2024, 12:57

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

13729f408b2f6b90266f9d49a260a645_JaffaCakes118.exe
Size

551KB
MD5

13729f408b2f6b90266f9d49a260a645
SHA1

b608bd81ce8369dd7f3f1532ae48c769a48c2329
SHA256

a8c0000cccea652864c0bd5eae58f0a37453f91633f15ce5e5cd343d123b6f11
SHA512

ad3aa7ac3f8932b5b5c6193649483fd0cb9f679641a62014391739d3dcab6f697a647d8a1d6fbf835f1d0eb9747156f853d14cdaf4f3bf923ff6e130b3299847
SSDEEP

12288:h1OgLdaOKkgbJuMmFcouJqkXWctn+MEfOh:h1OYdaOKkgJHJJqkXtMOh

Score

7^/10

adware discovery stealer

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\Control Panel\International\Geo\Nation	13729f408b2f6b90266f9d49a260a645_JaffaCakes118.exe

Loads dropped DLL 2 IoCs

pid	Process
4468	regsvr32.exe
4468	regsvr32.exe

Drops Chrome extension 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cabfloegeefjenmdhhhkglbofldhmgkk\5.10\manifest.json	regsvr32.exe

Installs/modifies Browser Helper Object 2 TTPs 4 IoCs

BHOs are DLL modules which act as plugins for Internet Explorer.

stealer adware

Modify Registry

T1112

Browser Extensions

T1176

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3F64F62C-84F9-5FDA-5374-7027749C6A66}\NoExplorer = "1"	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3F64F62C-84F9-5FDA-5374-7027749C6A66}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3F64F62C-84F9-5FDA-5374-7027749C6A66}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3F64F62C-84F9-5FDA-5374-7027749C6A66}\ = "SavenshoaRie"	regsvr32.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	13729f408b2f6b90266f9d49a260a645_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regsvr32.exe

Modifies Internet Explorer settings 1 TTPs 4 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\SOFTWARE\Microsoft\Internet Explorer\ApprovedExtensionsMigration	regsvr32.exe
Key created	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\SOFTWARE\Microsoft\Internet Explorer\ApprovedExtensionsMigration\{3F64F62C-84F9-5FDA-5374-7027749C6A66}	regsvr32.exe
Key deleted	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\APPROVEDEXTENSIONSMIGRATION\{3F64F62C-84F9-5FDA-5374-7027749C6A66}	regsvr32.exe
Key deleted	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\SOFTWARE\Microsoft\Internet Explorer\ApprovedExtensionsMigration	regsvr32.exe

Modifies registry class 63 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\saVensharE.saVensharE.5.10	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\FLAGS	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\0	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\0\win32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib\ = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib\Version = "1.0"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ProxyStubClsid32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\saVensharE.saVensharE.5.10\ = "SavenshoaRie"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\saVensharE.saVensharE.5.10\CLSID	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3F64F62C-84F9-5FDA-5374-7027749C6A66}\VersionIndependentProgID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\saVensharE.saVensharE\CurVer	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3F64F62C-84F9-5FDA-5374-7027749C6A66}\Programmable	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3F64F62C-84F9-5FDA-5374-7027749C6A66}\InprocServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ = "IIEPluginMain"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ = "ILocalStorage"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3F64F62C-84F9-5FDA-5374-7027749C6A66}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3F64F62C-84F9-5FDA-5374-7027749C6A66}\InprocServer32\ = "C:\\ProgramData\\SavenshoaRie\\uOQtur.dll"	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3F64F62C-84F9-5FDA-5374-7027749C6A66}\ProgID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ProxyStubClsid32	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3F64F62C-84F9-5FDA-5374-7027749C6A66}\Programmable	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\ = "IEPluginLib"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib\ = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\saVensharE.saVensharE\ = "SavenshoaRie"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3F64F62C-84F9-5FDA-5374-7027749C6A66}\ProgID\ = "saVensharE.5.10"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3F64F62C-84F9-5FDA-5374-7027749C6A66}\VersionIndependentProgID	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3F64F62C-84F9-5FDA-5374-7027749C6A66}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ProxyStubClsid32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\saVensharE.saVensharE\CurVer\ = "saVensharE.5.10"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ = "IIEPluginMain"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\saVensharE.saVensharE.5.10\CLSID\ = "{3F64F62C-84F9-5FDA-5374-7027749C6A66}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3F64F62C-84F9-5FDA-5374-7027749C6A66}\ProgID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ProxyStubClsid32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\saVensharE.saVensharE	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3F64F62C-84F9-5FDA-5374-7027749C6A66}\InprocServer32\ThreadingModel = "Apartment"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\HELPDIR	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ = "ILocalStorage"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib\ = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\saVensharE.saVensharE\CLSID	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3F64F62C-84F9-5FDA-5374-7027749C6A66}\ = "SavenshoaRie"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\FLAGS\ = "0"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib\ = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib\Version = "1.0"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\0\win32\ = "C:\\ProgramData\\SavenshoaRie\\uOQtur.tlb"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\HELPDIR\ = "C:\\ProgramData\\SavenshoaRie"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib\Version = "1.0"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\saVensharE.saVensharE\CLSID\ = "{3F64F62C-84F9-5FDA-5374-7027749C6A66}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3F64F62C-84F9-5FDA-5374-7027749C6A66}\VersionIndependentProgID\ = "saVensharE"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3F64F62C-84F9-5FDA-5374-7027749C6A66}\InprocServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib\Version = "1.0"	regsvr32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2988 wrote to memory of 4468	2988	13729f408b2f6b90266f9d49a260a645_JaffaCakes118.exe	82
PID 2988 wrote to memory of 4468	2988	13729f408b2f6b90266f9d49a260a645_JaffaCakes118.exe	82
PID 2988 wrote to memory of 4468	2988	13729f408b2f6b90266f9d49a260a645_JaffaCakes118.exe	82

C:\Users\Admin\AppData\Local\Temp\13729f408b2f6b90266f9d49a260a645_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\13729f408b2f6b90266f9d49a260a645_JaffaCakes118.exe"
1⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2988
- C:\Windows\SysWOW64\regsvr32.exe
  "C:\Windows\System32\regsvr32.exe" /n /s /i:"" HrxKhG.dll
  2⤵
  - Loads dropped DLL
  - Drops Chrome extension
  - Installs/modifies Browser Helper Object
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Modifies registry class
  PID:4468

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Browser Extensions

T1176

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\7zS60AE.tmp\HrxKhG.dll

Filesize
203KB

MD5
41b13b132cb601ecc466654b90296353

SHA1
245258ddccb48826f22d57444f49fa30be1b36fd

SHA256
7fa4bb68c313e1090587a64b90e87bdcbc14ea3fb7c0e8cff94c657c969b70bf

SHA512
0e8de7bbe3695848e299fe3f3506f2e982a60cf0a0dd11cde86de4af67ef3c7b46458680d7bad9cedaa266ea33cb2e77f2aa83fcf1bdd20bf31d1936f2bd69a6

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS60AE.tmp\Preferences.C__Users_Admin_AppData_Local_Google_Chrome_User Data_Default_Preferences

Filesize
7KB

MD5
2906d3636ee07a4ddc46b8cd0c361e37

SHA1
febb9ae014f0cbae0166a26b500f62461386f635

SHA256
e3016c92754587184650d93e226deee8ff246b2efd056e0d60e58849d048f1ee

SHA512
1fa2268ef39242372cb3ae64dcab25c19dbb389e92a910c6409a1f9511cdd44c6e733c7cf504702e27d5fa5168539b7c0a8e9342d95e96a09eeb647857c4c151

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS60AE.tmp\cabfloegeefjenmdhhhkglbofldhmgkk\background.html

Filesize
144B

MD5
6ebb117f577e548d1aaa0da1429bc8e1

SHA1
883e9c1a8c70637ddf2924cd3d9bead3abca0b74

SHA256
42250e00b5b0daab8033e0f4c348ddd004afea6ea0eecac16b1f27c7479a3f21

SHA512
ecff5dac3d0f568fac06674adab69f5fdeaef0a47fc32c44b67cd3c6200ef7e10c670bd77f0e239580586153004ecaba301e3d465a58639f4afebc0c54d7bd35

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS60AE.tmp\cabfloegeefjenmdhhhkglbofldhmgkk\content.js

Filesize
197B

MD5
5f9891607f65f433b0690bae7088b2c1

SHA1
b4edb7579dca34dcd00bca5d2c13cbc5c8fac0de

SHA256
fb01e87250ac9985ed08d97f2f99937a52998ea9faebdc88e4071d6517e1ea6b

SHA512
76018b39e4b62ff9ea92709d12b0255f33e8402dfc649ed403382eebc22fb37c347c403534a7792e6b5de0ed0a5d97a09b69f0ffc39031cb0d4c7d79e9440c7c

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS60AE.tmp\cabfloegeefjenmdhhhkglbofldhmgkk\ftvLTaQ.js

Filesize
5KB

MD5
0f3fc7b108dc4919fcc2354f503f68c7

SHA1
81b681a8c401e977217388695cfde72d6ae3e517

SHA256
747c6234c2ff74ffd4a06f549a4c55d37e5c84d3581f1733eec74fd6cf3afd04

SHA512
3e8a85220b71ec43818b3a8cc7e90512549d326e609b2560b65905d6d67c575d2b71ff88e9d0d9ff0e9214c36c9a1ee8d5cc18a9576199d38bb1d8a884feccd1

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS60AE.tmp\cabfloegeefjenmdhhhkglbofldhmgkk\lsdb.js

Filesize
559B

MD5
209b7ae0b6d8c3f9687c979d03b08089

SHA1
6449f8bff917115eef4e7488fae61942a869200f

SHA256
e3cf0049af8b9f6cb4f0223ccb8438f4b0c75863684c944450015868a0c45704

SHA512
1b38d5509283ef25de550b43ef2535dee1a13eff12ad5093f513165a47eec631bcc993242e2ce640f36c61974431ae2555bd6e2a97aba91eb689b7cd4bf25a25

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS60AE.tmp\cabfloegeefjenmdhhhkglbofldhmgkk\manifest.json

Filesize
506B

MD5
d0e72fa47ce7bb6d4e0049cb5478b799

SHA1
a2c1810c3339638b094b8dddfd87d1914d009937

SHA256
378c3aceaa0ebb6a05c0d4ae738686c3a966c99a499ab1ae5d341b7b3df239b7

SHA512
7ae8ee0bb3ee3c716f8f982f33cb48b6668c08c337c7ba50daa67b2b72ae1b12f34923b02b378667bd905c07cb4f496d8345998c80e1754817800bfb7e7af011

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS60AE.tmp\cabfloegeefjenmdhhhkglbofldhmgkk\sqlite.js

Filesize
1KB

MD5
ef34f279fe3e3b4d7f5c4bc38a381af1

SHA1
6d3f236c5d5d3a4c7913386e3d9174dc90f64feb

SHA256
b6dccf29219c7a6550963e813f8a388f9882e31c22b0273dd42a07ae43ac1687

SHA512
dc63a728e26ff0603d82c1a9fcc37c1b2b4ee000befeb28bd2606cba4817e95d047188e067cb09b2431a34aba2df9d072f1b435d28dcf7c5d79e0cb33c4d7249

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS60AE.tmp\settings.ini

Filesize
7KB

MD5
bf58faeecf0f729a0b4864e8750efee5

SHA1
8b286649ebe3e14727c5cb7e431f70388aceda1f

SHA256
e0d8e306386bb53d1db150d8a4990abe7c66bf1ba9ec2c46a339f252ff54b5a3

SHA512
811dcc1390d37cf079b52c72329829a81fd5817a264ca9e4f7c6e4137b74dadea4e6f6e944feb6a6da36b836d86f4687b26b5c0b8f7d7c865fc3989ea3c38f9d

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS60AE.tmp\uOQtur.dll

Filesize
180KB

MD5
0e093772550eb9541dd715c016b5584a

SHA1
20338dc859a5652f5661280dc508f4e5b533e76d

SHA256
028999304f35f7a6fc2cf6e360d4ea587612d63ce191fa979cc98ccca46ab149

SHA512
0030b395e2fde6bc9f70f52e71d8e87d306cff8afd2acbad725c4cc92b6d7916a38c1d6d156feaec841966492d32394982ef51989e2b8673d7c00e103f744dd5

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS60AE.tmp\uOQtur.tlb

Filesize
2KB

MD5
48e9706fe9f76731f3576122fc3e9e33

SHA1
387c8c4898ead8ace488a7df80fead429eaf167b

SHA256
7bad79916803a14ca817e5c39f5ec2f0f240044d6dc24fb4916c8fda338060f1

SHA512
e9b44a2b1b7a806066182a084ec9df81916fc6db79710256e173377e7cd64a732c006830bbe324a9a734731ecde8b8251cfa995399f6d4df5322faff99c458b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS60AE.tmp\[email protected]\bootstrap.js

Filesize
2KB

MD5
0112600a2e209308fbeae99350c4e304

SHA1
7f8211257258a93d6b685be7256bc537e568420f

SHA256
11e1e6d88bfabdc47135f2da67a2d5ea2a78fa2320bfa96602ee3c97687dc419

SHA512
dd29f33d05e8f85fefd26808bb62d68afd08dbd02c124cee0c26ec92d3deca8bf338dcef03b55d1d7117fd1eedf987a2cdd6e69160edaf0c403c64abaa091754

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS60AE.tmp\[email protected]\chrome.manifest

Filesize
106B

MD5
ef2862aa078cfd567267e1cd6a77df37

SHA1
06ad64290671e6d62d1f3b025d718e88021171aa

SHA256
92515b0c668025252baea34dbcd2f5e9fc546195ddb2c3746a0a49d5414e796e

SHA512
3e81eababd80afbaad91aba788b862caf17c1221b07614f94538fd0785e4aafc0c8c0106bfa5c431041962d198ef7e9920e58c688c01f8f43c7910700b943da6

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS60AE.tmp\[email protected]\content\bg.js

Filesize
9KB

MD5
e203a8d7e2233c091e6a6872e5f0fd21

SHA1
2ceeeb3083b3152e4bd207ad5efe7f03375d454f

SHA256
804e909424cf344e6a5f4105068ee902ce74bd6b43343c91bd0116f2c24afe3e

SHA512
23dd2c8c3065b8e98d6ff1adc58c9d6774609ad579aff8b1261e3ad8c240e020a78120699a08dbc900163926df7542322c5d24679317242e4025ff97d957f4b2

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS60AE.tmp\[email protected]\install.rdf

Filesize
612B

MD5
3e03bc47eb4840e4105e7b85c83975e2

SHA1
1a9bc21a748019f9a157db2ae50b9bcacdb64207

SHA256
e7c7b6d29b344ef1de6a269cff473f544acbfc061587a10a1ec24f3b38d31ac1

SHA512
3040d0dd654aa840dbbf15608667b883498337892f81c71037eb8c882803abe1246a5dfad0d0879c0273e0bd389c79f79ac0771f41c9c6fa157a7f28c7fc3c02

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads