ab31033b8a1444d11dcdf84974ef90a864dfbcac3611f5ec28338aa93498d0d5

Analysis

max time kernel
121s
max time network
121s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
05/10/2024, 02:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

15df64a1fa92a32c8e1b2a970e85fd35_JaffaCakes118.exe
Size

255KB
MD5

15df64a1fa92a32c8e1b2a970e85fd35
SHA1

d2fc6fae216ed92b74e68f9b51129203748fc4a2
SHA256

ab31033b8a1444d11dcdf84974ef90a864dfbcac3611f5ec28338aa93498d0d5
SHA512

4ebd9c4455342a1dc0792821eee15463e8d671aea5756b2f14ec9a27985eceff539667d152937db88341d36fb2942fe8c936752b142f78dfec147ae351f6e686
SSDEEP

6144:h1OgDPdkBAFZWjadD4s5eWKsgvAkQ3rR+fA0wdtaY:h1OgLdaOCvFQ3sott

Score

7^/10

adware discovery spyware stealer upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral1/files/0x0005000000019513-72.dat	acprotect

Executes dropped EXE 1 IoCs

pid	Process
2960	51e39c15d4b40.exe

Loads dropped DLL 5 IoCs

pid	Process
540	15df64a1fa92a32c8e1b2a970e85fd35_JaffaCakes118.exe
2960	51e39c15d4b40.exe
2960	51e39c15d4b40.exe
2960	51e39c15d4b40.exe
2960	51e39c15d4b40.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops Chrome extension 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\afegdiiehgmbnkmdeiikcmpmmfjpebkb\1\manifest.json	51e39c15d4b40.exe

Installs/modifies Browser Helper Object 2 TTPs 3 IoCs

BHOs are DLL modules which act as plugins for Internet Explorer.

stealer adware

Modify Registry

T1112

Browser Extensions

T1176

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FCA8204-0C41-A5C6-C871-3B71EC35F945}	51e39c15d4b40.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{0FCA8204-0C41-A5C6-C871-3B71EC35F945}\ = "ssayfe savve"	51e39c15d4b40.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{0FCA8204-0C41-A5C6-C871-3B71EC35F945}\NoExplorer = "1"	51e39c15d4b40.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2960-82-0x0000000074830000-0x000000007483A000-memory.dmp	upx
behavioral1/files/0x0005000000019513-72.dat	upx

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	15df64a1fa92a32c8e1b2a970e85fd35_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	51e39c15d4b40.exe

NSIS installer 4 IoCs

installer

resource	yara_rule
behavioral1/files/0x0005000000019268-28.dat	nsis_installer_1
behavioral1/files/0x0005000000019268-28.dat	nsis_installer_2
behavioral1/files/0x000500000001964a-94.dat	nsis_installer_1
behavioral1/files/0x000500000001964a-94.dat	nsis_installer_2

Modifies registry class 45 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ = "IIEPluginMain"	51e39c15d4b40.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	51e39c15d4b40.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib\ = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}"	51e39c15d4b40.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	51e39c15d4b40.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ = "ILocalStorage"	51e39c15d4b40.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	51e39c15d4b40.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0FCA8204-0C41-A5C6-C871-3B71EC35F945}\InProcServer32\ = "C:\\ProgramData\\ssayfe savve\\51e39c15d4b83.dll"	51e39c15d4b40.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\FLAGS\ = "0"	51e39c15d4b40.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\HELPDIR\ = "C:\\ProgramData\\ssayfe savve"	51e39c15d4b40.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ProxyStubClsid32	51e39c15d4b40.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	51e39c15d4b40.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib\Version = "1.0"	51e39c15d4b40.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib\ = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}"	51e39c15d4b40.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}	51e39c15d4b40.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}	51e39c15d4b40.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib\ = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}"	51e39c15d4b40.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib\Version = "1.0"	51e39c15d4b40.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{0FCA8204-0C41-A5C6-C871-3B71EC35F945}	51e39c15d4b40.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\0	51e39c15d4b40.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib\Version = "1.0"	51e39c15d4b40.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0FCA8204-0C41-A5C6-C871-3B71EC35F945}\InProcServer32\ThreadingModel = "Apartment"	51e39c15d4b40.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{0FCA8204-0C41-A5C6-C871-3B71EC35F945}\ProgID	51e39c15d4b40.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\ = "IEPluginLib"	51e39c15d4b40.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib	51e39c15d4b40.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\HELPDIR	51e39c15d4b40.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib	51e39c15d4b40.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ = "IIEPluginMain"	51e39c15d4b40.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ProxyStubClsid32	51e39c15d4b40.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0FCA8204-0C41-A5C6-C871-3B71EC35F945}\ = "ssayfe savve"	51e39c15d4b40.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0	51e39c15d4b40.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\FLAGS	51e39c15d4b40.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\0\win32	51e39c15d4b40.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}	51e39c15d4b40.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib	51e39c15d4b40.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{0FCA8204-0C41-A5C6-C871-3B71EC35F945}\InProcServer32	51e39c15d4b40.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0FCA8204-0C41-A5C6-C871-3B71EC35F945}\ProgID\ = "ssayfe savve.1"	51e39c15d4b40.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib	51e39c15d4b40.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}	51e39c15d4b40.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\0\win32\ = "C:\\ProgramData\\ssayfe savve\\51e39c15d4b83.tlb"	51e39c15d4b40.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib\Version = "1.0"	51e39c15d4b40.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ProxyStubClsid32	51e39c15d4b40.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}	51e39c15d4b40.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ = "ILocalStorage"	51e39c15d4b40.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ProxyStubClsid32	51e39c15d4b40.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib\ = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}"	51e39c15d4b40.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 540 wrote to memory of 2960	540	15df64a1fa92a32c8e1b2a970e85fd35_JaffaCakes118.exe	31
PID 540 wrote to memory of 2960	540	15df64a1fa92a32c8e1b2a970e85fd35_JaffaCakes118.exe	31
PID 540 wrote to memory of 2960	540	15df64a1fa92a32c8e1b2a970e85fd35_JaffaCakes118.exe	31
PID 540 wrote to memory of 2960	540	15df64a1fa92a32c8e1b2a970e85fd35_JaffaCakes118.exe	31
PID 540 wrote to memory of 2960	540	15df64a1fa92a32c8e1b2a970e85fd35_JaffaCakes118.exe	31
PID 540 wrote to memory of 2960	540	15df64a1fa92a32c8e1b2a970e85fd35_JaffaCakes118.exe	31
PID 540 wrote to memory of 2960	540	15df64a1fa92a32c8e1b2a970e85fd35_JaffaCakes118.exe	31

System policy modification 1 TTPs 2 IoCs

evasion

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID	51e39c15d4b40.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{0FCA8204-0C41-A5C6-C871-3B71EC35F945} = "1"	51e39c15d4b40.exe

C:\Users\Admin\AppData\Local\Temp\15df64a1fa92a32c8e1b2a970e85fd35_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\15df64a1fa92a32c8e1b2a970e85fd35_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:540
- C:\Users\Admin\AppData\Local\Temp\7zSD52A.tmp\51e39c15d4b40.exe
  .\51e39c15d4b40.exe /s
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops Chrome extension
  - Installs/modifies Browser Helper Object
  - System Location Discovery: System Language Discovery
  - Modifies registry class
  - System policy modification
  PID:2960

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Browser Extensions

T1176

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\ssayfe savve\uninstall.exe

Filesize
48KB

MD5
f3c79bda3fdf7c5dd24d60400a57cadb

SHA1
1adb606aaeedb246a371c8877c737f0f8c798625

SHA256
a76272ed3bbf23308782a308d428ee805ec77fbb622a830af26cb0ddbbf7377b

SHA512
c43cb957bdea357bd016fe03a8004a48d8117a12106f62876394feba05ad01a321ff6017ffb7b926cc77712f5ab63ea2e4b169a419c444c8f62aa4933f289935

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSD52A.tmp\51e39c15d4b83.dll

Filesize
116KB

MD5
05234975b085632d70d89c2f420c5107

SHA1
078fb2a3e5de54c3737a4541242a4725c02c6b9c

SHA256
a758ad4fdc8949ea005258075457a972eb0672d69d98d688117b85221fca096a

SHA512
f9fa6aee142e32875127feadebbe235f4f376b0c3b7415036b8afc81c0a09a8ba0c5ec9e1703f1a34b220b7646caa1ca02629918185c4afbafe6926014044c4e

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSD52A.tmp\51e39c15d4b83.tlb

Filesize
18KB

MD5
c1e296ff01d3cf37f91c7473bdd9de52

SHA1
832e3d1ddeb5a0ceb5b13c1ee271eb94bf9bf2a6

SHA256
a8e54ad3e1fbc91d5a7b02bf177a24a02f2558419ce46859bf15859b81478492

SHA512
aeb1f3962746caa3858c27b4753959d5ec9db2727e94642d5db2710633a96e7ceef5f9c0ff3b358f83143b6594459b5d9a94e095fed7a5d1fa97ae6a3c4e564c

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSD52A.tmp\afegdiiehgmbnkmdeiikcmpmmfjpebkb\51e39c15d492b0.07850321.js

Filesize
4KB

MD5
95c61e8c0c7afb5810df3b1e3b4479c2

SHA1
f34beb6ee85247a5c49c7112e479205626562434

SHA256
87aa72bbc6b8b8017a54098359a5ac8ccb926c7d673ee470f49decd8fa0f60f0

SHA512
3fcf9271f6c7e159351194c892537dbee64bdd87d3f244048965b2cd6cc296e1f92f4211d85e0fd085faa84a233bd545f9e8486d67d803b1145a231fbd0ffc5d

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSD52A.tmp\afegdiiehgmbnkmdeiikcmpmmfjpebkb\background.html

Filesize
161B

MD5
97624b616ef0513384f4344df299278b

SHA1
a9970190804eed8ed6510deaf0df46c18df1e0a6

SHA256
21da812c172c4695238ea96b99cc4469813cbae646acee5edad766ab29fdbd81

SHA512
b4b1e52948529a78637a4736307bfd1e060a549eb55a7c459d56ec73648180566857df19b870fa33963099b56f0a0ce0e01e1f9069d9148ecc043c69167de139

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSD52A.tmp\afegdiiehgmbnkmdeiikcmpmmfjpebkb\content.js

Filesize
197B

MD5
5f9891607f65f433b0690bae7088b2c1

SHA1
b4edb7579dca34dcd00bca5d2c13cbc5c8fac0de

SHA256
fb01e87250ac9985ed08d97f2f99937a52998ea9faebdc88e4071d6517e1ea6b

SHA512
76018b39e4b62ff9ea92709d12b0255f33e8402dfc649ed403382eebc22fb37c347c403534a7792e6b5de0ed0a5d97a09b69f0ffc39031cb0d4c7d79e9440c7c

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSD52A.tmp\afegdiiehgmbnkmdeiikcmpmmfjpebkb\lsdb.js

Filesize
559B

MD5
209b7ae0b6d8c3f9687c979d03b08089

SHA1
6449f8bff917115eef4e7488fae61942a869200f

SHA256
e3cf0049af8b9f6cb4f0223ccb8438f4b0c75863684c944450015868a0c45704

SHA512
1b38d5509283ef25de550b43ef2535dee1a13eff12ad5093f513165a47eec631bcc993242e2ce640f36c61974431ae2555bd6e2a97aba91eb689b7cd4bf25a25

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSD52A.tmp\afegdiiehgmbnkmdeiikcmpmmfjpebkb\manifest.json

Filesize
504B

MD5
987b8c2fddffb31fb1fea3a78604201e

SHA1
cb0abe3acb47fe2a5310e77003b0648c85d49f99

SHA256
a0518009eb9e9bb1cb60b872dc1096a7e5c7d1af5b13e671f3a06ecae4cbfe43

SHA512
d3e1e6e4056abfc8d74e5932d77423da730c1440c158055f865e57155ac68a68d666103708e5a19d0a84341ce0c944049d17da5573f445367b7f0b7b95c771b2

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSD52A.tmp\afegdiiehgmbnkmdeiikcmpmmfjpebkb\sqlite.js

Filesize
1KB

MD5
0aefcc92ea1cf5fb04c4e0a0d2059a74

SHA1
28f30c79bea13d5fb658d6d9b25072b54dd607f7

SHA256
900a3a57a0e2b918362d9c3a7019f0b0aaf4513f0a068d9bc83431c1ae851052

SHA512
6d516384521030040c6a25458a1cd48b77f95ac2a0e868bdda5d7262496fa5ed851dcc4756bd55a21478b033fa18df4247aa5592f6b4d8559fedd74bd13b2213

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSD52A.tmp\[email protected]\bootstrap.js

Filesize
2KB

MD5
eb74f251e30bdb0242a6fa6b5cebff1a

SHA1
524ed0294842bc07d6dfc5b774bea918dbef1eca

SHA256
d08a25f0b2f4de3c794e948e00dbe46f4026618d8f3ca453b5f6db30575193f4

SHA512
e0fda28b77536602dd0b5bd7b1334bad8cd7f85b3691e44d51855632987e236131cb090b57a47fb63f0781edc8a1172ac3d8746fa0d7bd9af56a379bf2390793

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSD52A.tmp\[email protected]\chrome.manifest

Filesize
116B

MD5
c299a5a4f9d48b4091b0ecfc59fe1cdb

SHA1
f949d41116d61ad4268c8a64e0ecd0a3b4c006d4

SHA256
57906b11bb1c2a9831cf8c819678af79124900117975088c2476804b022f8d18

SHA512
af856add8f65d949086c7afde4a8fe8be2d82793763b5c90eaad055e3e52b23464d0a3ee426545143bba74c636a36ac0b2e54101e70bde69b34bf9dc3e934c5d

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSD52A.tmp\[email protected]\content\bg.js

Filesize
8KB

MD5
d65602caf150501052752e80b76abdf5

SHA1
d32be9d909a0748100caf88829846ab268a0e0b2

SHA256
4d68f4d6b7b23517ef48b29fd5fd0649a58e15965defcc7ad7c39a366b21fcfd

SHA512
a51ec9775937667035b9d5250e140490ad4f5932c02cb750edaaccf3701d709617be8be056307c73b877fbc45c2b368a4e9f58fa415686dc2a9e1ba1ca8355cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSD52A.tmp\[email protected]\install.rdf

Filesize
609B

MD5
1c5ebb4d76f976d6986eaf41e2d2ae86

SHA1
e8140e63ad79ea28e6eb38d177ca7f677674c589

SHA256
5b4f216d27bf8c607721a92baefed73793d50530733f935a90c29524233f9ec3

SHA512
1580035f6c0a89743362f9a8f39bab74a6cae6c8268ee2641a160e6186b22262f03d14d25affbf996a6fe674938cc290d6ed33cb2c51e2a1be11a10876c02341

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSD52A.tmp\settings.ini

Filesize
6KB

MD5
57b122d436273948272f68258bb4c9a2

SHA1
be95d41993c2b991012e4b09eadb99e456269b34

SHA256
cbf739c8948a9cd47b7d39b2d560852e35da844ff96bd1549ce0b70e449b2490

SHA512
a9ba1273784a5ed7d6ccf8821f8da0f3e139de24b1da8e949aa3f76116575f51d25b73681f2795dfefafa4c6ec40b39ce20a1dca45f5174253d3b2feae1070c3

Download Submit
\Users\Admin\AppData\Local\Temp\7zSD52A.tmp\51e39c15d4b40.exe

Filesize
71KB

MD5
b78633fae8aaf5f7e99e9c736f44f9c5

SHA1
26fc60e29c459891ac0909470ac6c61a1eca1544

SHA256
d205693516dbaf34cfbd216e825190de4de1412e861bc9cb30ce863907b30d22

SHA512
3885b609269b26918ccfcd9069181168c12f4271b6bdfcc51afe176b2dd242d4c0953ac1a4ddaf25abcfaf28a0b694a6269d96ae39bb7b2db2f0140d2d60cd43

Download Submit
\Users\Admin\AppData\Local\Temp\nsdD588.tmp\UserInfo.dll

Filesize
4KB

MD5
7579ade7ae1747a31960a228ce02e666

SHA1
8ec8571a296737e819dcf86353a43fcf8ec63351

SHA256
564c80dec62d76c53497c40094db360ff8a36e0dc1bda8383d0f9583138997f5

SHA512
a88bc56e938374c333b0e33cb72951635b5d5a98b9cb2d6785073cbcad23bf4c0f9f69d3b7e87b46c76eb03ced9bb786844ce87656a9e3df4ca24acf43d7a05b

Download Submit
\Users\Admin\AppData\Local\Temp\nsdD588.tmp\nsJSON.dll

Filesize
7KB

MD5
b9cd1b0fd3af89892348e5cc3108dce7

SHA1
f7bc59bf631303facfc970c0da67a73568e1dca6

SHA256
49b173504eb9cd07e42a3c4deb84c2cd3f3b49c7fb0858aee43ddfc64660e384

SHA512
fdcbdd21b831a92ca686aab5b240f073a89a08588e42439564747cad9160d79cfa8e3c103b6b4f2917684c1a591880203b4303418b85bc040f9f00b6658b0c90

Download Submit
memory/2960-82-0x0000000074830000-0x000000007483A000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads