1b91853b925ed7b92a47f3c825c384a0aecb6b22ff06429ea046736c76decc1b

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
05/10/2024, 07:27

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

16baba1579de333a878ffc1a26db4b7c_JaffaCakes118.exe
Size

725KB
MD5

16baba1579de333a878ffc1a26db4b7c
SHA1

75356a0595265ee450dca8bef97e75d68c9d29f7
SHA256

1b91853b925ed7b92a47f3c825c384a0aecb6b22ff06429ea046736c76decc1b
SHA512

5f3918e4e8bd177eb3fa24454b649d9559fef245c12d9e789d5f27a4416f1dd8406f1030a0c99fbb6b10bc5e2e19ae3c9abcd7c507875d9f9c71b59aee64b2d1
SSDEEP

12288:h1OgLdaOgo99/rsFEt5hDG0SAMs9jR/jeRJKu9TJdwYGZtyjTje5jOSpJk:h1OYdaOgOBsFEt5hDG0SAMs9jR/jaJnT

Score

7^/10

adware discovery spyware stealer

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1960	OYN.exe

Loads dropped DLL 1 IoCs

pid	Process
1960	OYN.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops Chrome extension 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkeneknfbkeobjfmdfnmnepiecfbgeen\5.10\manifest.json	OYN.exe

Installs/modifies Browser Helper Object 2 TTPs 4 IoCs

BHOs are DLL modules which act as plugins for Internet Explorer.

stealer adware

Modify Registry

T1112

Browser Extensions

T1176

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E88E2FB-F402-BDC3-E9CA-6FD9147FD4EF}	OYN.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E88E2FB-F402-BDC3-E9CA-6FD9147FD4EF}\ = "saovvenshAre i"	OYN.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E88E2FB-F402-BDC3-E9CA-6FD9147FD4EF}\NoExplorer = "1"	OYN.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E88E2FB-F402-BDC3-E9CA-6FD9147FD4EF}	OYN.exe

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	16baba1579de333a878ffc1a26db4b7c_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	OYN.exe

Modifies Internet Explorer settings 1 TTPs 4 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\SOFTWARE\Microsoft\Internet Explorer\ApprovedExtensionsMigration	OYN.exe
Key created	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\SOFTWARE\Microsoft\Internet Explorer\ApprovedExtensionsMigration\{8E88E2FB-F402-BDC3-E9CA-6FD9147FD4EF}	OYN.exe
Key deleted	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\APPROVEDEXTENSIONSMIGRATION\{8E88E2FB-F402-BDC3-E9CA-6FD9147FD4EF}	OYN.exe
Key deleted	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\SOFTWARE\Microsoft\Internet Explorer\ApprovedExtensionsMigration	OYN.exe

Modifies registry class 63 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\saavenasahaaree.saavenasahaaree.5.10\CLSID\ = "{8E88E2FB-F402-BDC3-E9CA-6FD9147FD4EF}"	OYN.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\saavenasahaaree.saavenasahaaree\ = "saovvenshAre i"	OYN.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ProxyStubClsid32	OYN.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\saavenasahaaree.saavenasahaaree.5.10\CLSID	OYN.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8E88E2FB-F402-BDC3-E9CA-6FD9147FD4EF}\ProgID\ = "saavenasahaaree.5.10"	OYN.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8E88E2FB-F402-BDC3-E9CA-6FD9147FD4EF}\InprocServer32	OYN.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\ = "IEPluginLib"	OYN.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib\ = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}"	OYN.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\saavenasahaaree.saavenasahaaree\CurVer\ = "saavenasahaaree.5.10"	OYN.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\saavenasahaaree.saavenasahaaree.5.10\ = "saovvenshAre i"	OYN.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\saavenasahaaree.saavenasahaaree\CLSID\ = "{8E88E2FB-F402-BDC3-E9CA-6FD9147FD4EF}"	OYN.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\0\win32	OYN.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\HELPDIR	OYN.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib\Version = "1.0"	OYN.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib\Version = "1.0"	OYN.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ = "ILocalStorage"	OYN.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\saavenasahaaree.saavenasahaaree.5.10	OYN.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8E88E2FB-F402-BDC3-E9CA-6FD9147FD4EF}	OYN.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8E88E2FB-F402-BDC3-E9CA-6FD9147FD4EF}\ProgID	OYN.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\FLAGS\ = "0"	OYN.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib	OYN.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	OYN.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\saavenasahaaree.saavenasahaaree\CurVer	OYN.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}	OYN.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\FLAGS	OYN.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}	OYN.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib\ = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}"	OYN.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8E88E2FB-F402-BDC3-E9CA-6FD9147FD4EF}\Programmable	OYN.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}	OYN.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8E88E2FB-F402-BDC3-E9CA-6FD9147FD4EF}\VersionIndependentProgID	OYN.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8E88E2FB-F402-BDC3-E9CA-6FD9147FD4EF}\ = "saovvenshAre i"	OYN.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	OYN.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib	OYN.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib\Version = "1.0"	OYN.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}	OYN.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8E88E2FB-F402-BDC3-E9CA-6FD9147FD4EF}\VersionIndependentProgID\ = "saavenasahaaree"	OYN.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib	OYN.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ = "ILocalStorage"	OYN.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\HELPDIR\ = "C:\\ProgramData\\saovvenshAre i"	OYN.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\0	OYN.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ = "IIEPluginMain"	OYN.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ProxyStubClsid32	OYN.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8E88E2FB-F402-BDC3-E9CA-6FD9147FD4EF}\VersionIndependentProgID	OYN.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}	OYN.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ProxyStubClsid32	OYN.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ProxyStubClsid32	OYN.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0	OYN.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8E88E2FB-F402-BDC3-E9CA-6FD9147FD4EF}\InprocServer32\ = "C:\\ProgramData\\saovvenshAre i\\pR.dll"	OYN.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ = "IIEPluginMain"	OYN.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib	OYN.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8E88E2FB-F402-BDC3-E9CA-6FD9147FD4EF}\ProgID	OYN.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	OYN.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8E88E2FB-F402-BDC3-E9CA-6FD9147FD4EF}\InprocServer32\ThreadingModel = "Apartment"	OYN.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8E88E2FB-F402-BDC3-E9CA-6FD9147FD4EF}	OYN.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\0\win32\ = "C:\\ProgramData\\saovvenshAre i\\pR.tlb"	OYN.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib\ = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}"	OYN.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib\ = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}"	OYN.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib\Version = "1.0"	OYN.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8E88E2FB-F402-BDC3-E9CA-6FD9147FD4EF}\Programmable	OYN.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\saavenasahaaree.saavenasahaaree\CLSID	OYN.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8E88E2FB-F402-BDC3-E9CA-6FD9147FD4EF}\InprocServer32	OYN.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	OYN.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\saavenasahaaree.saavenasahaaree	OYN.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3752 wrote to memory of 1960	3752	16baba1579de333a878ffc1a26db4b7c_JaffaCakes118.exe	82
PID 3752 wrote to memory of 1960	3752	16baba1579de333a878ffc1a26db4b7c_JaffaCakes118.exe	82
PID 3752 wrote to memory of 1960	3752	16baba1579de333a878ffc1a26db4b7c_JaffaCakes118.exe	82

System policy modification 1 TTPs 1 IoCs

evasion

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{8E88E2FB-F402-BDC3-E9CA-6FD9147FD4EF} = "1"	OYN.exe

C:\Users\Admin\AppData\Local\Temp\16baba1579de333a878ffc1a26db4b7c_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\16baba1579de333a878ffc1a26db4b7c_JaffaCakes118.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:3752
- C:\Users\Admin\AppData\Local\Temp\7zS9B65.tmp\OYN.exe
  .\OYN.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops Chrome extension
  - Installs/modifies Browser Helper Object
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Modifies registry class
  - System policy modification
  PID:1960

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Browser Extensions

T1176

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\7zS9B65.tmp\10652019070159731310.log

Filesize
6KB

MD5
dbd008076debaa1bd5126d6bc36ae443

SHA1
bf753418c77095af02f758abcff8d967071cd2cd

SHA256
608f8c0d4c99f037fd29d0a26e63cacf02b93ae203f8e93722753344c5a079c0

SHA512
1fc6ac508ba4a7dc50285665ca91b7e54fe6499826bc837d46870f057987052aa892fdd71bdb6a40dd8be71420a707f832e2cf8376796638edbde67819a3e560

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS9B65.tmp\OYN.dat

Filesize
7KB

MD5
91a047fe6747bec2f45c0d25df124e03

SHA1
957bffc21e38500152ddec93a26a64ea359398bf

SHA256
04ef1fc5229cdbfda755b463222f12349da32a883e562e76c0c9c1ec24fe2f92

SHA512
24dbbad15d6811dd67664568708c24b9fe0f0eabe909a4326eb7384509f1a0b2a26bf9a7f68dbd560d77e8b14674817ba9e773c1cd325dea21678e217050fd2e

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS9B65.tmp\OYN.exe

Filesize
334KB

MD5
8300c91b40229b42301aebc6d8859907

SHA1
0b55e56a6add6b4dd4ceff475a0018a203d02a5a

SHA256
f54a6814ac06c70ef5b738eca4855e49039783d96b70ba1ae461bd90877e53b5

SHA512
0863750da143e1707513f4a2efe1ad6cf81f5a819c7d5496d1629745afffcf72338aa9de90479d5e0936e848f9b260c434fd369027c56be175814086cafd4d8f

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS9B65.tmp\kkeneknfbkeobjfmdfnmnepiecfbgeen\background.html

Filesize
140B

MD5
15672f421da9117f2f26cb9ea80721b8

SHA1
f750399bfc4ae154e9315ee5561045345c860592

SHA256
09fb45279ed5dc93b65b40318ffc7f49c5eb72b7b82e5595a2a583e9adad97a9

SHA512
29df05ca46903ddfb2f22dbf25930aa3f4ea4054c9ceaf42c5eadae81e71df35b28974da8354312f9ba190388a90117d83bd687d1e267fa974a0b0e09e651fa3

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS9B65.tmp\kkeneknfbkeobjfmdfnmnepiecfbgeen\content.js

Filesize
197B

MD5
5f9891607f65f433b0690bae7088b2c1

SHA1
b4edb7579dca34dcd00bca5d2c13cbc5c8fac0de

SHA256
fb01e87250ac9985ed08d97f2f99937a52998ea9faebdc88e4071d6517e1ea6b

SHA512
76018b39e4b62ff9ea92709d12b0255f33e8402dfc649ed403382eebc22fb37c347c403534a7792e6b5de0ed0a5d97a09b69f0ffc39031cb0d4c7d79e9440c7c

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS9B65.tmp\kkeneknfbkeobjfmdfnmnepiecfbgeen\hjg.js

Filesize
5KB

MD5
1c89a1458631184eb27893ca9873e04f

SHA1
2dd2947824516dae3ee4d14a5608080b314c9ea2

SHA256
3979fbf83d7c0e0f1b4eeb4b1fef04ae10652aa21dff57e4156fca086cf1a628

SHA512
d795746dcbff37c185ec8cb7e55d182d44c93a464748614c5849eb39e167c45e49054fc55279de7a30ea56fbf95a96edc7694bfd4c2329524fd3f2060f34824c

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS9B65.tmp\kkeneknfbkeobjfmdfnmnepiecfbgeen\lsdb.js

Filesize
559B

MD5
209b7ae0b6d8c3f9687c979d03b08089

SHA1
6449f8bff917115eef4e7488fae61942a869200f

SHA256
e3cf0049af8b9f6cb4f0223ccb8438f4b0c75863684c944450015868a0c45704

SHA512
1b38d5509283ef25de550b43ef2535dee1a13eff12ad5093f513165a47eec631bcc993242e2ce640f36c61974431ae2555bd6e2a97aba91eb689b7cd4bf25a25

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS9B65.tmp\kkeneknfbkeobjfmdfnmnepiecfbgeen\manifest.json

Filesize
507B

MD5
0e837ce28d1b98e6a9351324e6bb8fd0

SHA1
5152700f95a822b8c0d52c008e9ad397a9cdea4e

SHA256
929980ba64457dc3ca28cf590b565469fa35c146cdd0d3c5c44d90f4d2fdcc28

SHA512
f4e49530caa73065985c30773080723a03fcb6e5bd6accc2ce00e6ac8ba336aecfc33b98be3e8baa06a928e9eaf8417cea00300a8a4702b3495d01e23ae7e21b

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS9B65.tmp\kkeneknfbkeobjfmdfnmnepiecfbgeen\sqlite.js

Filesize
1KB

MD5
b9d4d440f38fcb5d90b41c88f84c0577

SHA1
cba2ecd32f1fbe5864b128d2c6bbc9594c1e7081

SHA256
20e7a1a489212362127afbb974aead47ef1540613fff7c829c336481214353a7

SHA512
6ed5610fcf8f636caf868e6b6956e0801186f91d29205bb99016360846af05c4053ce9941214daff7363b477ede5b17f0ed8b1277dc823281e2625a6c50f69d8

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS9B65.tmp\[email protected]\bootstrap.js

Filesize
2KB

MD5
1b53c596cfb1aa2209446ff64c17dabd

SHA1
2542da14728dcdbe1763f1ee39fe9ceae38ad414

SHA256
a7dfea4bf7e1d46a8b8e64ccfb2cf35017e3a5b350eead26d6671254d2b3c46f

SHA512
be54481675c38ef6a41697cf8cd3ab5a0b126922b192732a9c587dd8905b74b66c79eb0c849f62bbe8934979a894be63734b0ad59ffae295f5797cbfaa327030

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS9B65.tmp\[email protected]\chrome.manifest

Filesize
98B

MD5
6dd7512c7ff1193983a951e4223eaaf7

SHA1
7b835a5c256af6d9eb4419200461bc1669427fb5

SHA256
d852b909609377d5b9028ccc21c629de8554f620042ded7b1f1ae94a3fa53cb5

SHA512
3b79405bd7155878fbcfb327c8453f107d901b6a20c78504ccf4d6be5890be1260eca8afc6187418c86337393ac425cd255ba2bba4a0225bf5eba427cf1b2035

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS9B65.tmp\[email protected]\content\bg.js

Filesize
9KB

MD5
4a58afd12626999c13e663dea9ddb3c3

SHA1
46a3f08f91837844eaa42ac3411eb26b29f9cb80

SHA256
c3d12451f57f136a891492f7ef7044b5e454942a9f508096d8f1f57af264f22a

SHA512
412cba7bb0840a7f7f3c59ec7b587e649366de5ad7877473a35240fd19b5363c752805ba9e1fb738532851d7a06b0aff1919f3163d876d1af8094d66f3c6d3f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS9B65.tmp\[email protected]\install.rdf

Filesize
614B

MD5
cb582b2745b8d8bbced4997e51a6dc05

SHA1
5ccfcdea3509404473b417c499c08c4b1a0ed0d7

SHA256
d191458f66245cd5cbe46ec14ffe15a98b04eb785cd214090c1701d5793754db

SHA512
6c9ee67a118210bde50e720ce1233531c284f0cfc97864566be16b867ab59234c4cfc2fd307e0db3fcb01eb21f1717b885efcff1c96df25270df2bc1c4bfc225

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS9B65.tmp\pR.dll

Filesize
222KB

MD5
e9b27306a18f18b88945cdf066de2fc9

SHA1
4d18490fbb336e261301a967047065dd561cc2f2

SHA256
a9880b90d24af3786886306aefe5c79ff3cb2fb7b36ee5fb7bf2af85f240d63c

SHA512
f255e8bfb13cfa070b31f47b12a4aacf9ab75a6a8191b6b83740d02c3f007b6d5255a5c2c12bc7b599996742973d2faccb5463d96d16c7aba40e34776823c706

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS9B65.tmp\pR.tlb

Filesize
2KB

MD5
39d776f73d1d3f771aaa8c3561367c3a

SHA1
eef842aa02927bd7fbe7d569c5446ef1a2ea065f

SHA256
c2156787eeb818e587529572599fa124773c71330fb93e1c79f4cb9141090941

SHA512
3174095accbf422730e60f61523dec01a9a4519cb4642a641c5f547d530ad41f5386d383b90f7daf34f1f36635775929e99d7fe0030aa24cee30f4de8376eeb3

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads