0eaa77bf8d51e547cdb0f7d23bef0187690f2dc6670aa8013a1eecdd4f70c88e

Analysis

max time kernel
94s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
05/10/2024, 10:08

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

173fd1263227b2abb8c40b18eabdbac7_JaffaCakes118.exe
Size

552KB
MD5

173fd1263227b2abb8c40b18eabdbac7
SHA1

29fc2a497f35f0ee9d3cd8ece3eebaf6074cba79
SHA256

0eaa77bf8d51e547cdb0f7d23bef0187690f2dc6670aa8013a1eecdd4f70c88e
SHA512

78e49fcf77639222ccfbe2548b91b1ee40be38313fcc10c9e608cd194fe18caa7a1c2d0271f5d3935c5d7b4571fe485ef7fda029551907b67ec1e34f2bd6f8bb
SSDEEP

12288:h1OgLdaOUgbJuMmFcouJqkXWctn+MEfOt:h1OYdaOUgJHJJqkXtMOt

Score

7^/10

adware discovery stealer

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\Control Panel\International\Geo\Nation	173fd1263227b2abb8c40b18eabdbac7_JaffaCakes118.exe

Loads dropped DLL 2 IoCs

pid	Process
3076	regsvr32.exe
3076	regsvr32.exe

Drops Chrome extension 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pngkmpfnklcfeljfadbkoemknohlkmee\1.0\manifest.json	regsvr32.exe

Installs/modifies Browser Helper Object 2 TTPs 4 IoCs

BHOs are DLL modules which act as plugins for Internet Explorer.

stealer adware

Modify Registry

T1112

Browser Extensions

T1176

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F341C2CE-5230-34F9-F0E4-543F3283B9FE}\NoExplorer = "1"	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F341C2CE-5230-34F9-F0E4-543F3283B9FE}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F341C2CE-5230-34F9-F0E4-543F3283B9FE}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F341C2CE-5230-34F9-F0E4-543F3283B9FE}\ = "Suearch-NeWTab"	regsvr32.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	173fd1263227b2abb8c40b18eabdbac7_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regsvr32.exe

Modifies Internet Explorer settings 1 TTPs 4 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\SOFTWARE\Microsoft\Internet Explorer\ApprovedExtensionsMigration	regsvr32.exe
Key created	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\SOFTWARE\Microsoft\Internet Explorer\ApprovedExtensionsMigration\{F341C2CE-5230-34F9-F0E4-543F3283B9FE}	regsvr32.exe
Key deleted	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\APPROVEDEXTENSIONSMIGRATION\{F341C2CE-5230-34F9-F0E4-543F3283B9FE}	regsvr32.exe
Key deleted	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\SOFTWARE\Microsoft\Internet Explorer\ApprovedExtensionsMigration	regsvr32.exe

Modifies registry class 63 IoCs

description	ioc	Process
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F341C2CE-5230-34F9-F0E4-543F3283B9FE}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\0\win32\ = "C:\\ProgramData\\Suearch-NeWTab\\fO.tlb"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SEaRch-NewTaab.SEaRch-NewTaab\CurVer\ = "SEaRch-NewTaab.1.0"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\HELPDIR	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib\Version = "1.0"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SEaRch-NewTaab.SEaRch-NewTaab\ = "Suearch-NeWTab"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F341C2CE-5230-34F9-F0E4-543F3283B9FE}\ProgID	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\ = "IEPluginLib"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ = "IIEPluginMain"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib\ = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SEaRch-NewTaab.SEaRch-NewTaab\CLSID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F341C2CE-5230-34F9-F0E4-543F3283B9FE}\VersionIndependentProgID	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F341C2CE-5230-34F9-F0E4-543F3283B9FE}\Programmable	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F341C2CE-5230-34F9-F0E4-543F3283B9FE}\VersionIndependentProgID	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\HELPDIR\ = "C:\\ProgramData\\Suearch-NeWTab"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ = "ILocalStorage"	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F341C2CE-5230-34F9-F0E4-543F3283B9FE}\InprocServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib\Version = "1.0"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib\Version = "1.0"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F341C2CE-5230-34F9-F0E4-543F3283B9FE}\InprocServer32\ = "C:\\ProgramData\\Suearch-NeWTab\\fO.dll"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ProxyStubClsid32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SEaRch-NewTaab.SEaRch-NewTaab.1.0\ = "Suearch-NeWTab"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\FLAGS	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ = "IIEPluginMain"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F341C2CE-5230-34F9-F0E4-543F3283B9FE}\ProgID\ = "SEaRch-NewTaab.1.0"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F341C2CE-5230-34F9-F0E4-543F3283B9FE}\InprocServer32\ThreadingModel = "Apartment"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ProxyStubClsid32	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F341C2CE-5230-34F9-F0E4-543F3283B9FE}\ProgID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ProxyStubClsid32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F341C2CE-5230-34F9-F0E4-543F3283B9FE}\ = "Suearch-NeWTab"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ProxyStubClsid32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib\Version = "1.0"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SEaRch-NewTaab.SEaRch-NewTaab.1.0	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SEaRch-NewTaab.SEaRch-NewTaab.1.0\CLSID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SEaRch-NewTaab.SEaRch-NewTaab\CurVer	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F341C2CE-5230-34F9-F0E4-543F3283B9FE}\VersionIndependentProgID\ = "SEaRch-NewTaab"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SEaRch-NewTaab.SEaRch-NewTaab.1.0\CLSID\ = "{F341C2CE-5230-34F9-F0E4-543F3283B9FE}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SEaRch-NewTaab.SEaRch-NewTaab	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SEaRch-NewTaab.SEaRch-NewTaab\CLSID\ = "{F341C2CE-5230-34F9-F0E4-543F3283B9FE}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\0\win32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib\ = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib\ = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F341C2CE-5230-34F9-F0E4-543F3283B9FE}\Programmable	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib\ = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F341C2CE-5230-34F9-F0E4-543F3283B9FE}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F341C2CE-5230-34F9-F0E4-543F3283B9FE}\InprocServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\FLAGS\ = "0"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\0	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ = "ILocalStorage"	regsvr32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 508 wrote to memory of 3076	508	173fd1263227b2abb8c40b18eabdbac7_JaffaCakes118.exe	82
PID 508 wrote to memory of 3076	508	173fd1263227b2abb8c40b18eabdbac7_JaffaCakes118.exe	82
PID 508 wrote to memory of 3076	508	173fd1263227b2abb8c40b18eabdbac7_JaffaCakes118.exe	82

C:\Users\Admin\AppData\Local\Temp\173fd1263227b2abb8c40b18eabdbac7_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\173fd1263227b2abb8c40b18eabdbac7_JaffaCakes118.exe"
1⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:508
- C:\Windows\SysWOW64\regsvr32.exe
  "C:\Windows\System32\regsvr32.exe" /n /s /i:"" 7q.dll
  2⤵
  - Loads dropped DLL
  - Drops Chrome extension
  - Installs/modifies Browser Helper Object
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Modifies registry class
  PID:3076

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Browser Extensions

T1176

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\7zSA325.tmp\7q.dll

Filesize
203KB

MD5
41b13b132cb601ecc466654b90296353

SHA1
245258ddccb48826f22d57444f49fa30be1b36fd

SHA256
7fa4bb68c313e1090587a64b90e87bdcbc14ea3fb7c0e8cff94c657c969b70bf

SHA512
0e8de7bbe3695848e299fe3f3506f2e982a60cf0a0dd11cde86de4af67ef3c7b46458680d7bad9cedaa266ea33cb2e77f2aa83fcf1bdd20bf31d1936f2bd69a6

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSA325.tmp\Preferences.C__Users_Admin_AppData_Local_Google_Chrome_User Data_Default_Preferences

Filesize
7KB

MD5
efedd5f51f737d33d359c5f156531a11

SHA1
6ef7508fe024f03d9ceeaa65db835ea3e4940955

SHA256
b6237d7586b24e7f2f2ef543bb699bdabbbe5317d67a1d1179cf5bea409bab2f

SHA512
16eac04343c10521b59541eebfc0d4346d19cfbbca02ffc99634521cd7f7ff75856a7d685fe5c401bec1be5da28e23ea26c3b5e8e85b68be22867d192b48fe88

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSA325.tmp\[email protected]\bootstrap.js

Filesize
2KB

MD5
51ecf868c3128376fb9958826578c9a1

SHA1
a8d07545a6a042cbed8b225348f5df95c1d2e922

SHA256
fed78196c3e0c185bba28f7fc8244f2c0aef4232e38339d5a8f19718d1587b94

SHA512
933d583b8f6395b3ab429aa45c610a58b882ba3490ed88636b01e4104c8d4cae4ae6a28c5a03c4000fdd2dfa3ac72c4abd8e6a0165559900b2dc0a1631569453

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSA325.tmp\[email protected]\chrome.manifest

Filesize
98B

MD5
b28b5e2f4d5387fe9f531463bc20a78c

SHA1
3684961fe7137065cd2da3181a517d5ab7813402

SHA256
522e38df3a5ceaed06b1cefed03c01797000d0ddfd17d3fc3f167be2514faef7

SHA512
1450181288caab6b0e8e16c6c8688939f52f0d6db0948d0d958439c981de7ddc42e7684900460ed7939520d6593e71d8e3bc22fe2b11cbdafecef23fa2a295eb

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSA325.tmp\[email protected]\content\bg.js

Filesize
9KB

MD5
42b5a9ba33d2c21bb7f99544a3bd2fcd

SHA1
0ce188fab086a7e4caeaf43bb1fd6dc94c98c03d

SHA256
50c2825ff514d2a164e28664ccd49ae78fcccdd19915184b107c076de5d5fdb6

SHA512
273a78fac92be3c729717a9d30bbd099ce89e86c48b490e5b723f8276fb247fbf5855413d181106875d6df3715c6d47665038e0ac5d115652407c92e39c7b9a3

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSA325.tmp\[email protected]\install.rdf

Filesize
610B

MD5
f12e0cd35b85350d1c3c5019805607a2

SHA1
b367a733ad8304354e8faf9617f143f5d95d4d16

SHA256
3e299a4743f92a4c75f205a8b10b7cca5f1a4292f8b74a5141440106d4a47a60

SHA512
12465540429d9c57aedf072118c5e2c5818d31e94feb42b403478d0d2aef4c925da6ae2802188578a9f12d792429daf9b44953a54e11ba29bf743215e52a8ec7

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSA325.tmp\fO.dll

Filesize
180KB

MD5
0e093772550eb9541dd715c016b5584a

SHA1
20338dc859a5652f5661280dc508f4e5b533e76d

SHA256
028999304f35f7a6fc2cf6e360d4ea587612d63ce191fa979cc98ccca46ab149

SHA512
0030b395e2fde6bc9f70f52e71d8e87d306cff8afd2acbad725c4cc92b6d7916a38c1d6d156feaec841966492d32394982ef51989e2b8673d7c00e103f744dd5

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSA325.tmp\fO.tlb

Filesize
2KB

MD5
48e9706fe9f76731f3576122fc3e9e33

SHA1
387c8c4898ead8ace488a7df80fead429eaf167b

SHA256
7bad79916803a14ca817e5c39f5ec2f0f240044d6dc24fb4916c8fda338060f1

SHA512
e9b44a2b1b7a806066182a084ec9df81916fc6db79710256e173377e7cd64a732c006830bbe324a9a734731ecde8b8251cfa995399f6d4df5322faff99c458b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSA325.tmp\pngkmpfnklcfeljfadbkoemknohlkmee\A2K.js

Filesize
5KB

MD5
68079ba122f1e8e995d0ebdac9b97abb

SHA1
f6efe2126120076be89cc6174610f033bca2c5f9

SHA256
ffea8217161291cc77276c36226424f33a2f32c0ff5c88f7f9535b8f0e97bb00

SHA512
8e1e67f153bb6748e442a17851ce354dba96e28bde93f87eaa719ce22c89d426160689d8bca7a833ed587ac7daeaf6545814dee85335e699f3bb716765a4c641

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSA325.tmp\pngkmpfnklcfeljfadbkoemknohlkmee\background.html

Filesize
140B

MD5
8fdacb147f3f929e9f899125266ed6a8

SHA1
6e75d0597826a0b127b26aaef2a594540376c43a

SHA256
3ef06e6574b927d6d65cbc59a30cda63a331b34c87bcd635f1994e4e24b99584

SHA512
3a59a6f7e15fdbb1369265bd78f584f18b67278b9f09850e382db819826afbe111aed23f3c74a918489f0d649be049dc3b37dff3fb2ab1b46528b398fce209fe

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSA325.tmp\pngkmpfnklcfeljfadbkoemknohlkmee\content.js

Filesize
197B

MD5
5f9891607f65f433b0690bae7088b2c1

SHA1
b4edb7579dca34dcd00bca5d2c13cbc5c8fac0de

SHA256
fb01e87250ac9985ed08d97f2f99937a52998ea9faebdc88e4071d6517e1ea6b

SHA512
76018b39e4b62ff9ea92709d12b0255f33e8402dfc649ed403382eebc22fb37c347c403534a7792e6b5de0ed0a5d97a09b69f0ffc39031cb0d4c7d79e9440c7c

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSA325.tmp\pngkmpfnklcfeljfadbkoemknohlkmee\lsdb.js

Filesize
559B

MD5
209b7ae0b6d8c3f9687c979d03b08089

SHA1
6449f8bff917115eef4e7488fae61942a869200f

SHA256
e3cf0049af8b9f6cb4f0223ccb8438f4b0c75863684c944450015868a0c45704

SHA512
1b38d5509283ef25de550b43ef2535dee1a13eff12ad5093f513165a47eec631bcc993242e2ce640f36c61974431ae2555bd6e2a97aba91eb689b7cd4bf25a25

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSA325.tmp\pngkmpfnklcfeljfadbkoemknohlkmee\manifest.json

Filesize
554B

MD5
8e16db44ee1896d4ea711484e414a3ef

SHA1
692622462f131ef8b9a38b7bd14ccce5c5040b62

SHA256
0e9d2469f17378fc160a50bd78514392ddbaa97f5fc98f6c35d7ffa911ba46f8

SHA512
88fcef35260efea005320e09f6c5042b1e1e6367f7f2478108dae390cf7700f876c4888ca0f60ef32bb01bee1b17f1f60a9c649e81bfbaef5fc9aab622df12d4

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSA325.tmp\pngkmpfnklcfeljfadbkoemknohlkmee\newtab.html

Filesize
365B

MD5
5a6c0a6dd7f84564c3b16004f24cfc36

SHA1
12724b60c326f26742071550d6c4d4be541b19fa

SHA256
9dcde6e777bf168d82eefa78f8f023f4e6051811f4e0ec793f51819405a4c661

SHA512
68b88e42663f04acc713265834b69dc4afae05c6b0851c66450b0b64534a2b2af06b8914ca2287d60491bb3cfb5a042d9db6c648b495aedd61f88d0a6e868cae

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSA325.tmp\pngkmpfnklcfeljfadbkoemknohlkmee\sqlite.js

Filesize
1KB

MD5
0d091bad4b387e91f50f3455b0472940

SHA1
0d1e2beda3f305e7f426ae2f0cb72238b2fde1aa

SHA256
ab4db5d21428402abc8c2a9b331cc2149aef09bdadcd54517781969a4d18c720

SHA512
1ab4425642e27187938fb91850cd49cb265250d95cff5e1b2fa0761bef54124380cca42d4b62c2f832b749934b4855525f608b7717fe6e764456cfc9e97ff02f

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSA325.tmp\settings.ini

Filesize
7KB

MD5
49bb373f0f88c88e64cd698db91657e3

SHA1
2a90ac629cfca78bb54e91f6f4ab331f1eac6a28

SHA256
65a665f2053381e102ceeb756e6e57864f61c8dba8053abd194704973d4f8752

SHA512
0ed392bd782f6a9aa61a5865dedcb861eb9cd4b360d2be93c3ba1bfa9683c300df4b95fafeb0cf111946ff3636bbde0012bdcc882031b78c251276331a9242dd

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads