6f42cd8a697f91d57904c62d0751af54598e593f511ee8bdeb95eba307742478

Analysis

max time kernel
94s
max time network
98s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
05-10-2024 07:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

16d50f8772a4bad0b065b0eb9bb5f748_JaffaCakes118.exe
Size

552KB
MD5

16d50f8772a4bad0b065b0eb9bb5f748
SHA1

e8b149e1a43962d2f7f9b3ef03820ecc0005abd8
SHA256

6f42cd8a697f91d57904c62d0751af54598e593f511ee8bdeb95eba307742478
SHA512

4b963a961bf91b2f2cec14950c452e028e993b7a181e7c9bf25b7c3b72c0e7f6db681cfaaebb4be4a944c4addfa1643622497f42a4e0f375f37f5cd118ee0e73
SSDEEP

12288:h1OgLdaO4Wctn+MEfOUgbJuMmFcouJqkl:h1OYdaO4tMOUgJHJJqkl

Score

7^/10

adware discovery stealer

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\Control Panel\International\Geo\Nation	16d50f8772a4bad0b065b0eb9bb5f748_JaffaCakes118.exe

Loads dropped DLL 2 IoCs

pid	Process
4032	regsvr32.exe
4032	regsvr32.exe

Drops Chrome extension 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmkmilaincooamjoimnbacdpahanoipb\1.0\manifest.json	regsvr32.exe

Installs/modifies Browser Helper Object 2 TTPs 4 IoCs

BHOs are DLL modules which act as plugins for Internet Explorer.

stealer adware

Modify Registry

T1112

Browser Extensions

T1176

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{217951D4-D261-3047-CB7D-24AB5500B7D8}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{217951D4-D261-3047-CB7D-24AB5500B7D8}\ = "SearchNewTab"	regsvr32.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{217951D4-D261-3047-CB7D-24AB5500B7D8}\NoExplorer = "1"	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{217951D4-D261-3047-CB7D-24AB5500B7D8}	regsvr32.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	16d50f8772a4bad0b065b0eb9bb5f748_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regsvr32.exe

Modifies Internet Explorer settings 1 TTPs 4 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\SOFTWARE\Microsoft\Internet Explorer\ApprovedExtensionsMigration	regsvr32.exe
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\SOFTWARE\Microsoft\Internet Explorer\ApprovedExtensionsMigration\{217951D4-D261-3047-CB7D-24AB5500B7D8}	regsvr32.exe
Key deleted	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\APPROVEDEXTENSIONSMIGRATION\{217951D4-D261-3047-CB7D-24AB5500B7D8}	regsvr32.exe
Key deleted	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\SOFTWARE\Microsoft\Internet Explorer\ApprovedExtensionsMigration	regsvr32.exe

Modifies registry class 63 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SearchNewTab.SearchNewTab	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\ = "IEPluginLib"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\FLAGS\ = "0"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\0\win32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{217951D4-D261-3047-CB7D-24AB5500B7D8}\InprocServer32\ = "C:\\ProgramData\\SearchNewTab\\L4E8w2Fvk.dll"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{217951D4-D261-3047-CB7D-24AB5500B7D8}\InprocServer32\ThreadingModel = "Apartment"	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{217951D4-D261-3047-CB7D-24AB5500B7D8}\VersionIndependentProgID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib\Version = "1.0"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SearchNewTab.SearchNewTab.1.0	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SearchNewTab.SearchNewTab\CurVer\ = "SearchNewTab.1.0"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ = "IIEPluginMain"	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{217951D4-D261-3047-CB7D-24AB5500B7D8}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\0\win32\ = "C:\\ProgramData\\SearchNewTab\\L4E8w2Fvk.tlb"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SearchNewTab.SearchNewTab.1.0\CLSID	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SearchNewTab.SearchNewTab\CLSID\ = "{217951D4-D261-3047-CB7D-24AB5500B7D8}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SearchNewTab.SearchNewTab.1.0\CLSID\ = "{217951D4-D261-3047-CB7D-24AB5500B7D8}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ProxyStubClsid32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\HELPDIR\ = "C:\\ProgramData\\SearchNewTab"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ = "IIEPluginMain"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib\Version = "1.0"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SearchNewTab.SearchNewTab\CurVer	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\FLAGS	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ = "ILocalStorage"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SearchNewTab.SearchNewTab\ = "SearchNewTab"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ProxyStubClsid32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ProxyStubClsid32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{217951D4-D261-3047-CB7D-24AB5500B7D8}\ProgID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\HELPDIR	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{217951D4-D261-3047-CB7D-24AB5500B7D8}\Programmable	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib\Version = "1.0"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{217951D4-D261-3047-CB7D-24AB5500B7D8}\ProgID\ = "SearchNewTab.1.0"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{217951D4-D261-3047-CB7D-24AB5500B7D8}\VersionIndependentProgID\ = "SearchNewTab"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib\ = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{217951D4-D261-3047-CB7D-24AB5500B7D8}\Programmable	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{217951D4-D261-3047-CB7D-24AB5500B7D8}\InprocServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib\ = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib\Version = "1.0"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{217951D4-D261-3047-CB7D-24AB5500B7D8}\VersionIndependentProgID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ProxyStubClsid32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{217951D4-D261-3047-CB7D-24AB5500B7D8}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{217951D4-D261-3047-CB7D-24AB5500B7D8}\ = "SearchNewTab"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{217951D4-D261-3047-CB7D-24AB5500B7D8}\ProgID	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib\ = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ = "ILocalStorage"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SearchNewTab.SearchNewTab.1.0\ = "SearchNewTab"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SearchNewTab.SearchNewTab\CLSID	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib\ = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}"	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{217951D4-D261-3047-CB7D-24AB5500B7D8}\InprocServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\0	regsvr32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1660 wrote to memory of 4032	1660	16d50f8772a4bad0b065b0eb9bb5f748_JaffaCakes118.exe	81
PID 1660 wrote to memory of 4032	1660	16d50f8772a4bad0b065b0eb9bb5f748_JaffaCakes118.exe	81
PID 1660 wrote to memory of 4032	1660	16d50f8772a4bad0b065b0eb9bb5f748_JaffaCakes118.exe	81

C:\Users\Admin\AppData\Local\Temp\16d50f8772a4bad0b065b0eb9bb5f748_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\16d50f8772a4bad0b065b0eb9bb5f748_JaffaCakes118.exe"
1⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:1660
- C:\Windows\SysWOW64\regsvr32.exe
  "C:\Windows\System32\regsvr32.exe" /n /s /i:"" u5DQOjcCu.dll
  2⤵
  - Loads dropped DLL
  - Drops Chrome extension
  - Installs/modifies Browser Helper Object
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Modifies registry class
  PID:4032

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Browser Extensions

T1176

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\7zS12A8.tmp\L4E8w2Fvk.dll

Filesize
180KB

MD5
0e093772550eb9541dd715c016b5584a

SHA1
20338dc859a5652f5661280dc508f4e5b533e76d

SHA256
028999304f35f7a6fc2cf6e360d4ea587612d63ce191fa979cc98ccca46ab149

SHA512
0030b395e2fde6bc9f70f52e71d8e87d306cff8afd2acbad725c4cc92b6d7916a38c1d6d156feaec841966492d32394982ef51989e2b8673d7c00e103f744dd5

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS12A8.tmp\L4E8w2Fvk.tlb

Filesize
2KB

MD5
48e9706fe9f76731f3576122fc3e9e33

SHA1
387c8c4898ead8ace488a7df80fead429eaf167b

SHA256
7bad79916803a14ca817e5c39f5ec2f0f240044d6dc24fb4916c8fda338060f1

SHA512
e9b44a2b1b7a806066182a084ec9df81916fc6db79710256e173377e7cd64a732c006830bbe324a9a734731ecde8b8251cfa995399f6d4df5322faff99c458b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS12A8.tmp\Preferences.C__Users_Admin_AppData_Local_Google_Chrome_User Data_Default_Preferences

Filesize
7KB

MD5
acb40f53fe6226e011a6c84fd6d899f7

SHA1
0142039e59f9a32b154e5b77fe42cf4252abca12

SHA256
d7c0d673a005e9ca5b0a50097bcd8ab38f1fbe793eeb06befa6b9e8a815aeb7f

SHA512
1c3c2a8b9970430be5d54f4d76d076f84f893b971e4453b5f6e66840c92eb22e8b07aaf68939fabb4257730dac296b10932f1d1a7ad74334924874f5aa8e8ee4

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS12A8.tmp\cmkmilaincooamjoimnbacdpahanoipb\_cLcNSkvKU.js

Filesize
5KB

MD5
85923e67485c4f33aaf0714fe542fd27

SHA1
f09ffcd80704328ecd7b6cc8d936e54348dde4b9

SHA256
588c838b1d304a5b0475ef13c65e2e38faf71a5672e3cfc2d57879562a6c8085

SHA512
36a9034670e2699eee788b80fd9e552713c030a61685b2d0f9c064469d39fba8d6ad795464dff9eb89a778c6c299fac3a0e587bece05a0ab8a775a3c89acfcaa

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS12A8.tmp\cmkmilaincooamjoimnbacdpahanoipb\background.html

Filesize
147B

MD5
d492664aa120f542da625719ec0519d7

SHA1
493012c6ee2d3869671147758cfa300a32515f6d

SHA256
78dc5744550811b38eee9f7d01910c26d88235bd3b3d22ddfff9f791e2a35f6c

SHA512
c6752dec378eeee0d0a4c304aa120297beb4e74d7a12c6687c836e0d5deb110d3539f633904d0474bb602c1519f70b6d42dadb610d8a74fb02d7cf025ae404b7

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS12A8.tmp\cmkmilaincooamjoimnbacdpahanoipb\content.js

Filesize
197B

MD5
5f9891607f65f433b0690bae7088b2c1

SHA1
b4edb7579dca34dcd00bca5d2c13cbc5c8fac0de

SHA256
fb01e87250ac9985ed08d97f2f99937a52998ea9faebdc88e4071d6517e1ea6b

SHA512
76018b39e4b62ff9ea92709d12b0255f33e8402dfc649ed403382eebc22fb37c347c403534a7792e6b5de0ed0a5d97a09b69f0ffc39031cb0d4c7d79e9440c7c

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS12A8.tmp\cmkmilaincooamjoimnbacdpahanoipb\lsdb.js

Filesize
559B

MD5
209b7ae0b6d8c3f9687c979d03b08089

SHA1
6449f8bff917115eef4e7488fae61942a869200f

SHA256
e3cf0049af8b9f6cb4f0223ccb8438f4b0c75863684c944450015868a0c45704

SHA512
1b38d5509283ef25de550b43ef2535dee1a13eff12ad5093f513165a47eec631bcc993242e2ce640f36c61974431ae2555bd6e2a97aba91eb689b7cd4bf25a25

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS12A8.tmp\cmkmilaincooamjoimnbacdpahanoipb\manifest.json

Filesize
552B

MD5
8071a311337c0df23f4b7d417f6db406

SHA1
b8ee3931a76a601ca8da7a58a939dca9b308da41

SHA256
77c6657c4667649aff331bf26872dc7d1d7377c34567edc8cb995141698bcef0

SHA512
339fc43b3f56beca9e486ba457c7f567020d883e750f644b2dfe7a7d1949c1ef7ce409220686cc3732ebc5da61ba084a90fc659356ae649fb6c71c364c37ed9b

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS12A8.tmp\cmkmilaincooamjoimnbacdpahanoipb\newtab.html

Filesize
369B

MD5
33515f9770c59ec14741a8383bd3a993

SHA1
de5cfe7e9e7647ffa6a08066c14abe5ef35bfde8

SHA256
7b58c89bc5909090875452f4b4a7115d061ce1a06e5c332d5ad29638abd9e897

SHA512
9c31f5157490c7890a7434831a3b33b59bbcfe3a02410a5eb5e354a454e28fa206048aa1c6533dbf54551fd2913b13e5ad1b6567defa8943eb92bde3ad6dcd01

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS12A8.tmp\cmkmilaincooamjoimnbacdpahanoipb\sqlite.js

Filesize
1KB

MD5
b732da6727b543a55ed14f67af0512e3

SHA1
0793b9af8e547e1292f55030ccd197799ee26750

SHA256
6acb5ec2a3b9ef3e175a77b51ba4e5f08b1ed01c92fbc621d1aba93f40ddb364

SHA512
e6d8f33c285a8ef466c76c977536cc14bb1fbe0a3a3cccb04c47546ccef9b5947dfc22e070a2db692d3331a7b03a3c1e640b6763aca57fc2a7dbd8e59a9da53d

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS12A8.tmp\[email protected]\bootstrap.js

Filesize
2KB

MD5
6a2ce28daede7d495b77487a5406decc

SHA1
4334d4091ff6a959e0651275707b2d8ee1cbe5db

SHA256
bfa14c9dedceafa14877e355ba832ccbce39db07be2814371c1a9249c3eb7204

SHA512
9bcd42f69bf7640e72466269833e64f8198f2eb4b97ecf2977292e6c53ba7f143fefbfb5cab9ece233a813efc7f2e802f1216b7f1d91728b643bb75f628c356d

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS12A8.tmp\[email protected]\chrome.manifest

Filesize
112B

MD5
d029fa837d62e42b335a1eb15c4a3123

SHA1
80e5d6ccd550fa91a12b08b7d20bdf49c9f549de

SHA256
ab78a862609726454b98fd48f7623b54565ce29fe7a9cfdaea9a2011a31ed7a1

SHA512
7cdce6e883c9c20e737277c5a9010c1ec826ace6edba1e8657acd18c27758327943016b160e226c37f6d7724b04f31cc06eaad000c23879270a10bf724c69765

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS12A8.tmp\[email protected]\content\bg.js

Filesize
9KB

MD5
c9fa18bcfcef020f4ed21f87f426198f

SHA1
134d8ddc42f3583c24b0bd6339375203b91244cd

SHA256
df536ed84f442d1c1fcc2d38445f6362d0b644763b01f1e81842eee4698ce625

SHA512
07759dd13398633e41c78d4ef44f5c0c4f1be08554f62f844c4a7556fe0ad1f2a74fb3e02d1e039e19aef573998ac32509ea891e4b06225341ef53685deed840

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS12A8.tmp\[email protected]\install.rdf

Filesize
610B

MD5
bc1fd41e790e3386646bf50baaa9bdcc

SHA1
18a5cb2d1bc33a2edab0e71380966474195e1213

SHA256
29341dbbd4969cbbf942cc3197eaf6419d51f8e9ef7e457a893388e8a080bc43

SHA512
3ba92198c6350775b1cbb7b8d8475e1538474941a241b0543f317a01a4cb4d3215583bb66c3fbb50af7132865ec9bb069336619f10711b3429de71eb5b3dfe62

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS12A8.tmp\settings.ini

Filesize
7KB

MD5
9143ea90c49e0a788ccefbe5c3c039cf

SHA1
fe2cd284a3bf69d74d4201c0725a9cbcf36a95ff

SHA256
f4d012dcc05e858f82660c51e8c19f578776f38e36b5b2ceb77c651a7dbd8e21

SHA512
29390f9166031ce15d9b267d23a93ab700d96c1489a97a2abdab5312e988137253ac8387fef8131eb0c219578c66141344c5aed9f81ec2e5bf5902838ad40d7d

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS12A8.tmp\u5DQOjcCu.dll

Filesize
203KB

MD5
41b13b132cb601ecc466654b90296353

SHA1
245258ddccb48826f22d57444f49fa30be1b36fd

SHA256
7fa4bb68c313e1090587a64b90e87bdcbc14ea3fb7c0e8cff94c657c969b70bf

SHA512
0e8de7bbe3695848e299fe3f3506f2e982a60cf0a0dd11cde86de4af67ef3c7b46458680d7bad9cedaa266ea33cb2e77f2aa83fcf1bdd20bf31d1936f2bd69a6

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads