c7222db77594ae766f3f1cbb8c2ae3ac858e4fc767e0e462ce8bad291f7db0d8

Analysis

max time kernel
94s
max time network
95s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
08/10/2024, 22:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2655922258ad4ea5e1bcd303508cb141_JaffaCakes118.exe
Size

249KB
MD5

2655922258ad4ea5e1bcd303508cb141
SHA1

5032eb9c1bec5d83c9cb3c6323494192119804be
SHA256

c7222db77594ae766f3f1cbb8c2ae3ac858e4fc767e0e462ce8bad291f7db0d8
SHA512

7af48b9feaca89f7986dfc2d2fb7d6a13cff1df0b8ecb3105b82845d153a9b75595de66a4b39ff6107e02eb71a26cad251aee37202a1a3712b6793c895dad47c
SSDEEP

6144:h1OgDPdkBAFZWjadD4s5zZV/48cS81gYr74N0q:h1OgLdaOz74bzgYHW0q

Score

7^/10

adware discovery spyware stealer upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral2/files/0x0007000000023cc5-49.dat	acprotect

Executes dropped EXE 1 IoCs

pid	Process
4488	50e1476248ce0.exe

Loads dropped DLL 3 IoCs

pid	Process
4488	50e1476248ce0.exe
4488	50e1476248ce0.exe
4488	50e1476248ce0.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Installs/modifies Browser Helper Object 2 TTPs 3 IoCs

BHOs are DLL modules which act as plugins for Internet Explorer.

stealer adware

Modify Registry

T1112

Browser Extensions

T1176

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BF7C47EB-AA75-11FA-803A-5113652F441B}	50e1476248ce0.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BF7C47EB-AA75-11FA-803A-5113652F441B}\ = "Zoomex"	50e1476248ce0.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BF7C47EB-AA75-11FA-803A-5113652F441B}\NoExplorer = "1"	50e1476248ce0.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/files/0x0007000000023cc5-49.dat	upx
behavioral2/memory/4488-53-0x00000000742A0000-0x00000000742AA000-memory.dmp	upx

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2655922258ad4ea5e1bcd303508cb141_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	50e1476248ce0.exe

NSIS installer 4 IoCs

installer

resource	yara_rule
behavioral2/files/0x0007000000023cb3-22.dat	nsis_installer_1
behavioral2/files/0x0007000000023cb3-22.dat	nsis_installer_2
behavioral2/files/0x0007000000023cc9-78.dat	nsis_installer_1
behavioral2/files/0x0007000000023cc9-78.dat	nsis_installer_2

Modifies registry class 45 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	50e1476248ce0.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib\Version = "1.0"	50e1476248ce0.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib	50e1476248ce0.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib\ = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}"	50e1476248ce0.exe
Key created	\REGISTRY\MACHINE\Software\Classes\WOW6432Node\CLSID\{BF7C47EB-AA75-11FA-803A-5113652F441B}\InProcServer32	50e1476248ce0.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{BF7C47EB-AA75-11FA-803A-5113652F441B}\ProgID\ = "Zoomex.1"	50e1476248ce0.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\ = "IEPluginLib"	50e1476248ce0.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ = "IIEPluginMain"	50e1476248ce0.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib\Version = "1.0"	50e1476248ce0.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ProxyStubClsid32	50e1476248ce0.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ = "ILocalStorage"	50e1476248ce0.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib	50e1476248ce0.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{BF7C47EB-AA75-11FA-803A-5113652F441B}\ = "Zoomex"	50e1476248ce0.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0	50e1476248ce0.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\FLAGS\ = "0"	50e1476248ce0.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	50e1476248ce0.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib\ = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}"	50e1476248ce0.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}	50e1476248ce0.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\FLAGS	50e1476248ce0.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}	50e1476248ce0.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib\ = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}"	50e1476248ce0.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}	50e1476248ce0.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ProxyStubClsid32	50e1476248ce0.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}	50e1476248ce0.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\HELPDIR	50e1476248ce0.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib	50e1476248ce0.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	50e1476248ce0.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{BF7C47EB-AA75-11FA-803A-5113652F441B}\InProcServer32\ThreadingModel = "Apartment"	50e1476248ce0.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\0	50e1476248ce0.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib\ = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}"	50e1476248ce0.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ProxyStubClsid32	50e1476248ce0.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\0\win32	50e1476248ce0.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ = "IIEPluginMain"	50e1476248ce0.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ProxyStubClsid32	50e1476248ce0.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib	50e1476248ce0.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib\Version = "1.0"	50e1476248ce0.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	50e1476248ce0.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib\Version = "1.0"	50e1476248ce0.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{BF7C47EB-AA75-11FA-803A-5113652F441B}\InProcServer32\ = "C:\\ProgramData\\Zoomex\\50e1476248d1a.dll"	50e1476248ce0.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\HELPDIR\ = "C:\\ProgramData\\Zoomex"	50e1476248ce0.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}	50e1476248ce0.exe
Key created	\REGISTRY\MACHINE\Software\Classes\WOW6432Node\CLSID\{BF7C47EB-AA75-11FA-803A-5113652F441B}	50e1476248ce0.exe
Key created	\REGISTRY\MACHINE\Software\Classes\WOW6432Node\CLSID\{BF7C47EB-AA75-11FA-803A-5113652F441B}\ProgID	50e1476248ce0.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\0\win32\ = "C:\\ProgramData\\Zoomex\\50e1476248d1a.tlb"	50e1476248ce0.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ = "ILocalStorage"	50e1476248ce0.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 116 wrote to memory of 4488	116	2655922258ad4ea5e1bcd303508cb141_JaffaCakes118.exe	84
PID 116 wrote to memory of 4488	116	2655922258ad4ea5e1bcd303508cb141_JaffaCakes118.exe	84
PID 116 wrote to memory of 4488	116	2655922258ad4ea5e1bcd303508cb141_JaffaCakes118.exe	84

System policy modification 1 TTPs 2 IoCs

evasion

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID	50e1476248ce0.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{BF7C47EB-AA75-11FA-803A-5113652F441B} = "1"	50e1476248ce0.exe

C:\Users\Admin\AppData\Local\Temp\2655922258ad4ea5e1bcd303508cb141_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\2655922258ad4ea5e1bcd303508cb141_JaffaCakes118.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:116
- C:\Users\Admin\AppData\Local\Temp\7zSB342.tmp\50e1476248ce0.exe
  .\50e1476248ce0.exe /s
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Installs/modifies Browser Helper Object
  - System Location Discovery: System Language Discovery
  - Modifies registry class
  - System policy modification
  PID:4488

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Browser Extensions

T1176

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Zoomex\uninstall.exe

Filesize
48KB

MD5
e9c9582996a23b2a49a058dcaa3b5525

SHA1
f527cc64e759f06c011e5eeffbd217d5249c04df

SHA256
43c3e8d7aa00a299f084db17e384aa96de508565f82264ee88bd9c7647fa9fc9

SHA512
665613fc7f20e2c4ea40b7a8f39b4c2ea2a24c5119ee86ef072bbe29f606cd78a43081aa0a89b678a46d34e470e1ed10e31d590d3cb5447e1231707fea8e490f

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSB342.tmp\[email protected]\bootstrap.js

Filesize
2KB

MD5
9f664c9787cdf15ceb39be0e7db07f30

SHA1
6c98f435aee764af2754f716746bd05451b89c23

SHA256
17dc1945bd820aceb5256964fede6bfd207e8e6d269fa5912fa9e8bb2c1d2377

SHA512
ebe8ee14b78a8b04d3d8065cd163795b5131a0840fe2d25e00fe4f390fd3457d75077375189130990b5d789d78c3be83c818fb97a1897d6d05a4e23e3a04877e

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSB342.tmp\[email protected]\chrome.manifest

Filesize
116B

MD5
e92aa975e633aafeedff2dad55116738

SHA1
41f464a886fea1e5224a54d555ba16349924f5df

SHA256
554039defd9497508fb345ff239fef26f231b01e068506c357fe417c93c9c03f

SHA512
9a039741d945b3fb656268882e1e8fd74cacbaff40245ae2df91af2f31d162be0af1686053fd9fce6f5e112113b93fe63b58e2a7ce09a57d42fc39863161778a

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSB342.tmp\[email protected]\content\bg.js

Filesize
8KB

MD5
d4ac46c0e36e11b52a0f4bc7294feb9e

SHA1
2f47b7be0ba17f43a2f82330d6da898921852baa

SHA256
8397c777cb5fbeb9155c7b4bb3af216251aee5418c9ba24049fced788143d554

SHA512
bf9b1a17a51404e1a87b0b3284445bf4cb3aeab4d2f26429e0046a2a72488e4547feb579031cb9acf317cffdbcf400b1d0fe825e243e9fa8b6a67cb59419ee7b

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSB342.tmp\[email protected]\content\zy.xul

Filesize
225B

MD5
8fc05f78656e26ed57500146b62b1c29

SHA1
d0e7cc62bfbcb372094547682a819a8d22b35d46

SHA256
cfb37d0abe4a928b70da45f4f94def9297871591a5a31bac574cf7c63e018c45

SHA512
6639ecbd00e01986c2102eea71b48a77c3ebaafe2e60d959ac996820e9745715b67400fef26477c199778cc2081ca173997ea041e069f9264ee99ebeb1b12c89

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSB342.tmp\[email protected]\install.rdf

Filesize
700B

MD5
a2de10fd3ccdb8e7b331494ce89bbfa9

SHA1
2dcef20df3850383ff87825466eec53ce15cec06

SHA256
4da1ed15183307984bc6913eac229aac4a17935cd5ec16687c2cf106dc483633

SHA512
94b7d8195aeb2ffe414d2b5e817b72ec1df861e1c0cd56ed021c57b3c6b5ba212fc8967aafb99d8bfa924a0158b62a5aff3b1558be5602310f82d31a3e353552

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSB342.tmp\50e1476248ce0.exe

Filesize
70KB

MD5
ebcc3eb1a7021aaead55fb677465a717

SHA1
3c8347f0fd520ee423a4aafea1112a0b06f4b6c8

SHA256
5e74f0e710c067ad82301c7c14ed6afb138f974f351042cfe0ecd275cea2612c

SHA512
0f18c22e6eff8ec90ccc616e62f32701d046185311e01e5f506778fae0c31f35123c3ce756ff2c0eef6f23e06e280f870b80080d11dc6da3aa25901f5a92d995

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSB342.tmp\50e1476248d1a.dll

Filesize
115KB

MD5
6696822add17061dc0bb8ee5b42cc2d4

SHA1
d4622558ba366f2f94560da301a81c6c16f95a3c

SHA256
73c44d8943947e3cf9ecabdeea4d9a37652614f5490a1f972816be4123795125

SHA512
0f1946ce002441d010f67156f67b9d18e01ba35edfeb66ce8096467d3126b547e5040032253275b173f2dba9bce983775f360d83ec026986b55cb85e4b63f099

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSB342.tmp\50e1476248d1a.tlb

Filesize
2KB

MD5
096a65b8a695249d5d554776f1eeace3

SHA1
2f2506b886a59b4408b23653d8734004ec2dda6d

SHA256
a602c790bcf424c154a082a88a495b256dd5456f627943568c358c74f606c568

SHA512
6e832caff1951b4fdb489997af5736fdbafa1de5573f629fc6798666bffd0ca0715311ce6590202cc970cce4492d94994a588547bb579bf70bc264683bc45cdc

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSB342.tmp\mongmjombmiloagogpnbidonkjkfmmpb.crx

Filesize
8KB

MD5
15525fccea9c56aa410b95448e38157e

SHA1
19c0155f2a38b6d316c01e2b55f111c6ec75f7d1

SHA256
1ae68d9324078c16cfa859b3cfdbd3c198ccc4a5346c6bf3e1eaac9c98f60793

SHA512
e1e2c273adbaab5f928b2efc4012770a94f0a701bc6be906c31c9062eb50aa4ae72478d596db04072096298b0583c57827754b9803687e7e617fbb29534d3e4f

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSB342.tmp\settings.ini

Filesize
6KB

MD5
566a00d174974c84f1e54ec51cec494a

SHA1
92b5a767e72bc5f9cd356819012b1924f638a75b

SHA256
dce6b5960c0ed2b3a1caf95bab4933c79a9e8b6672bfe94e1fc96f65dfb0c7d4

SHA512
fcb296256b693c50cc4093446059b99eaa52b92dbee4b98b22a53b9bc021351c046da7d31fe127a079354da1aaf5c3ef0cbfec9565a06f6da0353a691c6bbba6

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsdB42E.tmp\UserInfo.dll

Filesize
4KB

MD5
7579ade7ae1747a31960a228ce02e666

SHA1
8ec8571a296737e819dcf86353a43fcf8ec63351

SHA256
564c80dec62d76c53497c40094db360ff8a36e0dc1bda8383d0f9583138997f5

SHA512
a88bc56e938374c333b0e33cb72951635b5d5a98b9cb2d6785073cbcad23bf4c0f9f69d3b7e87b46c76eb03ced9bb786844ce87656a9e3df4ca24acf43d7a05b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsdB42E.tmp\nsJSON.dll

Filesize
7KB

MD5
b9cd1b0fd3af89892348e5cc3108dce7

SHA1
f7bc59bf631303facfc970c0da67a73568e1dca6

SHA256
49b173504eb9cd07e42a3c4deb84c2cd3f3b49c7fb0858aee43ddfc64660e384

SHA512
fdcbdd21b831a92ca686aab5b240f073a89a08588e42439564747cad9160d79cfa8e3c103b6b4f2917684c1a591880203b4303418b85bc040f9f00b6658b0c90

Download Submit
memory/4488-53-0x00000000742A0000-0x00000000742AA000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads