8f6e28c271eb2b8d7aa84b48d2a08b4f3b78948e2e66a3943724a62ac81dee43

Analysis

max time kernel
121s
max time network
123s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
08/10/2024, 23:20

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

26f5746bcf7f27c4f7062ee2c1eb0c6e_JaffaCakes118.exe
Size

551KB
MD5

26f5746bcf7f27c4f7062ee2c1eb0c6e
SHA1

5eab25551220a7911eaa19297ce88b54421dc6a9
SHA256

8f6e28c271eb2b8d7aa84b48d2a08b4f3b78948e2e66a3943724a62ac81dee43
SHA512

0a3459a77094b02fe73f626b92152a51b655e2891d5e89508dd4ac855f9269188816696e5ef3b4eb398c3cf4f0c9a39cc5bd202cdc575231436c760ae1964cc8
SSDEEP

12288:h1OgLdaORvoNhWctn+MEfOUgbJuMmFcouJqkp:h1OYdaO9oNhtMOUgJHJJqkp

Score

7^/10

adware discovery stealer

Malware Config

Signatures

Loads dropped DLL 2 IoCs

pid	Process
3060	regsvr32.exe
3060	regsvr32.exe

Drops Chrome extension 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\olepbhifllkcbhcjfaphjlpgpgfefepm\5.10\manifest.json	regsvr32.exe

Installs/modifies Browser Helper Object 2 TTPs 4 IoCs

BHOs are DLL modules which act as plugins for Internet Explorer.

stealer adware

Modify Registry

T1112

Browser Extensions

T1176

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{474E0D67-D0EF-288A-4DCB-F19EA2B89CF7}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{474E0D67-D0EF-288A-4DCB-F19EA2B89CF7}\ = "saveNNSharoe"	regsvr32.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{474E0D67-D0EF-288A-4DCB-F19EA2B89CF7}\NoExplorer = "1"	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{474E0D67-D0EF-288A-4DCB-F19EA2B89CF7}	regsvr32.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	26f5746bcf7f27c4f7062ee2c1eb0c6e_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regsvr32.exe

Modifies Internet Explorer settings 1 TTPs 4 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key deleted	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration\{474E0D67-D0EF-288A-4DCB-F19EA2B89CF7}	regsvr32.exe
Key deleted	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration	regsvr32.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration	regsvr32.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration\{474E0D67-D0EF-288A-4DCB-F19EA2B89CF7}	regsvr32.exe

Modifies registry class 63 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\HELPDIR\ = "C:\\ProgramData\\saveNNSharoe"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ProxyStubClsid32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib\ = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\saavvensHaRe!.saavvensHaRe!.5.10	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\saavvensHaRe!.saavvensHaRe!	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\saavvensHaRe!.saavvensHaRe!\CurVer\ = "saavvensHaRe!.5.10"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\ = "IEPluginLib"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib\Version = "1.0"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{474E0D67-D0EF-288A-4DCB-F19EA2B89CF7}	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{474E0D67-D0EF-288A-4DCB-F19EA2B89CF7}\InprocServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ProxyStubClsid32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib\ = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\saavvensHaRe!.saavvensHaRe!\CurVer	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{474E0D67-D0EF-288A-4DCB-F19EA2B89CF7}\VersionIndependentProgID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{474E0D67-D0EF-288A-4DCB-F19EA2B89CF7}\Programmable	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ = "ILocalStorage"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\FLAGS	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ = "IIEPluginMain"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{474E0D67-D0EF-288A-4DCB-F19EA2B89CF7}\InprocServer32\ThreadingModel = "Apartment"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\FLAGS\ = "0"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{474E0D67-D0EF-288A-4DCB-F19EA2B89CF7}\InprocServer32	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{474E0D67-D0EF-288A-4DCB-F19EA2B89CF7}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ = "IIEPluginMain"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{474E0D67-D0EF-288A-4DCB-F19EA2B89CF7}\ProgID\ = "saavvensHaRe!.5.10"	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{474E0D67-D0EF-288A-4DCB-F19EA2B89CF7}\ProgID	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\0\win32\ = "C:\\ProgramData\\saveNNSharoe\\F_zUHSJ.tlb"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib\Version = "1.0"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\saavvensHaRe!.saavvensHaRe!\ = "saveNNSharoe"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\0	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\HELPDIR	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ProxyStubClsid32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{474E0D67-D0EF-288A-4DCB-F19EA2B89CF7}\ProgID	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{474E0D67-D0EF-288A-4DCB-F19EA2B89CF7}\VersionIndependentProgID	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib\Version = "1.0"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib\Version = "1.0"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ProxyStubClsid32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\saavvensHaRe!.saavvensHaRe!\CLSID\ = "{474E0D67-D0EF-288A-4DCB-F19EA2B89CF7}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{474E0D67-D0EF-288A-4DCB-F19EA2B89CF7}\VersionIndependentProgID\ = "saavvensHaRe!"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{474E0D67-D0EF-288A-4DCB-F19EA2B89CF7}\InprocServer32\ = "C:\\ProgramData\\saveNNSharoe\\F_zUHSJ.dll"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\saavvensHaRe!.saavvensHaRe!.5.10\ = "saveNNSharoe"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\saavvensHaRe!.saavvensHaRe!.5.10\CLSID	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\saavvensHaRe!.saavvensHaRe!.5.10\CLSID\ = "{474E0D67-D0EF-288A-4DCB-F19EA2B89CF7}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{474E0D67-D0EF-288A-4DCB-F19EA2B89CF7}\ = "saveNNSharoe"	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{474E0D67-D0EF-288A-4DCB-F19EA2B89CF7}\Programmable	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\0\win32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib\ = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\saavvensHaRe!.saavvensHaRe!\CLSID	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib\ = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ = "ILocalStorage"	regsvr32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2292 wrote to memory of 3060	2292	26f5746bcf7f27c4f7062ee2c1eb0c6e_JaffaCakes118.exe	28
PID 2292 wrote to memory of 3060	2292	26f5746bcf7f27c4f7062ee2c1eb0c6e_JaffaCakes118.exe	28
PID 2292 wrote to memory of 3060	2292	26f5746bcf7f27c4f7062ee2c1eb0c6e_JaffaCakes118.exe	28
PID 2292 wrote to memory of 3060	2292	26f5746bcf7f27c4f7062ee2c1eb0c6e_JaffaCakes118.exe	28
PID 2292 wrote to memory of 3060	2292	26f5746bcf7f27c4f7062ee2c1eb0c6e_JaffaCakes118.exe	28
PID 2292 wrote to memory of 3060	2292	26f5746bcf7f27c4f7062ee2c1eb0c6e_JaffaCakes118.exe	28
PID 2292 wrote to memory of 3060	2292	26f5746bcf7f27c4f7062ee2c1eb0c6e_JaffaCakes118.exe	28

C:\Users\Admin\AppData\Local\Temp\26f5746bcf7f27c4f7062ee2c1eb0c6e_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\26f5746bcf7f27c4f7062ee2c1eb0c6e_JaffaCakes118.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2292
- C:\Windows\SysWOW64\regsvr32.exe
  "C:\Windows\System32\regsvr32.exe" /n /s /i:"" L65teOd.dll
  2⤵
  - Loads dropped DLL
  - Drops Chrome extension
  - Installs/modifies Browser Helper Object
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Modifies registry class
  PID:3060

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Browser Extensions

T1176

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\7zS9E81.tmp\F_zUHSJ.dll

Filesize
180KB

MD5
0e093772550eb9541dd715c016b5584a

SHA1
20338dc859a5652f5661280dc508f4e5b533e76d

SHA256
028999304f35f7a6fc2cf6e360d4ea587612d63ce191fa979cc98ccca46ab149

SHA512
0030b395e2fde6bc9f70f52e71d8e87d306cff8afd2acbad725c4cc92b6d7916a38c1d6d156feaec841966492d32394982ef51989e2b8673d7c00e103f744dd5

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS9E81.tmp\F_zUHSJ.tlb

Filesize
2KB

MD5
48e9706fe9f76731f3576122fc3e9e33

SHA1
387c8c4898ead8ace488a7df80fead429eaf167b

SHA256
7bad79916803a14ca817e5c39f5ec2f0f240044d6dc24fb4916c8fda338060f1

SHA512
e9b44a2b1b7a806066182a084ec9df81916fc6db79710256e173377e7cd64a732c006830bbe324a9a734731ecde8b8251cfa995399f6d4df5322faff99c458b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS9E81.tmp\L65teOd.dll

Filesize
203KB

MD5
41b13b132cb601ecc466654b90296353

SHA1
245258ddccb48826f22d57444f49fa30be1b36fd

SHA256
7fa4bb68c313e1090587a64b90e87bdcbc14ea3fb7c0e8cff94c657c969b70bf

SHA512
0e8de7bbe3695848e299fe3f3506f2e982a60cf0a0dd11cde86de4af67ef3c7b46458680d7bad9cedaa266ea33cb2e77f2aa83fcf1bdd20bf31d1936f2bd69a6

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS9E81.tmp\Preferences.C__Users_Admin_AppData_Local_Google_Chrome_User Data_Default_Preferences

Filesize
5KB

MD5
015be28c39fba3c1fa69556415607a71

SHA1
01a3e729d58678a21faaf7d29399e2b0c7d064dd

SHA256
2bb9c49db2355df8d0630fca55052746c55499f1fb11022f4a6cff6349444b02

SHA512
99213564e9de638909a589009a2436ee436d9e668a5140e45bf98f2a1fc6e722584400e681ad6d0d4a468572e490448470079ee3654b9bbe7c59a0e98564a876

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS9E81.tmp\olepbhifllkcbhcjfaphjlpgpgfefepm\H9jDWUEI.js

Filesize
5KB

MD5
b80dafaa042a5efeb0df5c2104f1d5f4

SHA1
4bc9718a0bdacf6ba60fe5477ec7a8203e232078

SHA256
5f738cd5d5ec2e65d083b94331bd07d470b8414b62746327a7b2d94adc4a2a62

SHA512
1d94a9e6ae46bc0fe82233ab735c4eeb1211b7c34ee8bfee1de49bc542a7af790c1e9648b30e4f1432de74809eda1d82cca3adf683bdf620b78e0d4afbc60fdb

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS9E81.tmp\olepbhifllkcbhcjfaphjlpgpgfefepm\background.html

Filesize
145B

MD5
7cbcf5c73b09c73f1e10162fbbd60a64

SHA1
9fa94b64177b237f13ed818162c84bc2c972e4f4

SHA256
d5faebf688404454502fe82031495204431db7c410155d1c1c284d92f3be4d7b

SHA512
34cdc1efbd54d85c02d68da8caeee8bd1e49664f513f7797f2c84818e97e6c162608b9920f4ed6fa28dae88b892d52b83dafe7dbe3bb53be63feab8b6766b536

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS9E81.tmp\olepbhifllkcbhcjfaphjlpgpgfefepm\content.js

Filesize
197B

MD5
5f9891607f65f433b0690bae7088b2c1

SHA1
b4edb7579dca34dcd00bca5d2c13cbc5c8fac0de

SHA256
fb01e87250ac9985ed08d97f2f99937a52998ea9faebdc88e4071d6517e1ea6b

SHA512
76018b39e4b62ff9ea92709d12b0255f33e8402dfc649ed403382eebc22fb37c347c403534a7792e6b5de0ed0a5d97a09b69f0ffc39031cb0d4c7d79e9440c7c

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS9E81.tmp\olepbhifllkcbhcjfaphjlpgpgfefepm\lsdb.js

Filesize
559B

MD5
209b7ae0b6d8c3f9687c979d03b08089

SHA1
6449f8bff917115eef4e7488fae61942a869200f

SHA256
e3cf0049af8b9f6cb4f0223ccb8438f4b0c75863684c944450015868a0c45704

SHA512
1b38d5509283ef25de550b43ef2535dee1a13eff12ad5093f513165a47eec631bcc993242e2ce640f36c61974431ae2555bd6e2a97aba91eb689b7cd4bf25a25

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS9E81.tmp\olepbhifllkcbhcjfaphjlpgpgfefepm\manifest.json

Filesize
506B

MD5
0b558fff902a1568838772d929ce3e97

SHA1
6fa5fe9a074205d2d2546165248187b350db93c0

SHA256
c1dfa8317847a38f64334c0b379d30cdf550f9e8e24c3c72ef1aef2f8207d8c6

SHA512
a7e0c55cdddc213a1ef654507a807d79ef480fcef80603ede7ed8fd605e386059144471afbc17a97df8e8542777cbbcee475d5a8b8c928fb8f03a1c2934df8a3

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS9E81.tmp\olepbhifllkcbhcjfaphjlpgpgfefepm\sqlite.js

Filesize
1KB

MD5
90d92d014c3b02325fcc27c2e93688ba

SHA1
7f3efb88fc1e5681d8cb5a14ffa4e53374f9ce25

SHA256
380c71fed78508c0cef056a145449341381bb6bca196826f326170975a4c86b9

SHA512
e5b1368a008de85a4c5d77946d9ab537585c133ba01c74bc4d28f4c0802ec27fce3ba3a50da7e4bf783997b985aadcebe25279144d9855a281328f8cc1a4c8a3

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS9E81.tmp\settings.ini

Filesize
7KB

MD5
9a54c40b8e0fc98d92507d290d2522b8

SHA1
4378a00164ce9eb75895fe9c05b0b750fcf133c4

SHA256
b1cf15f0bf0ee6e218cbbdcf0fe6c1eb544aaf46cb2f5997cc7367c814c2abe9

SHA512
a7827944e8a81a99385c4d6e112d1b40a1347722cb15f2ced18cf7560c1b86d24d2ed2e120264190380f44ba49fda3b5d3bfb61602c7f1f1de641b16e9a2fb87

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS9E81.tmp\[email protected]\bootstrap.js

Filesize
2KB

MD5
35feba69206fc65a415cf1e9759e39b1

SHA1
e6447a326a823ab948d4346280fd4338bb925c55

SHA256
1544df68e5a18852ef5bf53c01c7a70cbab56485046f69d4db55d60a4a41cbf9

SHA512
c12c8b6d1ee305b4ccbfff5d3bb776cd22146ee92e67f4c3f4cd58ab3475e294b86674fb675b014de1f0abbacdf7d114208e0277540ef5273059e25d67b54e4d

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS9E81.tmp\[email protected]\chrome.manifest

Filesize
108B

MD5
138bec20d745b7f04676e8d8a2204a79

SHA1
321ee635067c0132f874fbd2957a6ca8de32f626

SHA256
52e17de72fb38d05a30889aba9ba571dafdd33e8059eef6487e184b33f01d4d2

SHA512
7b7e75920fe74fcc369378de7e3805664c5d2762197b3e19b1da8764cc0698753bab32c765463a7f11287195090fc41086c3ceeceb7eb933573bb11e4322dfc4

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS9E81.tmp\[email protected]\content\bg.js

Filesize
9KB

MD5
b4ec13cf90c7df67a020cf2cf5548755

SHA1
e803faecbd5c88fd0065bbeaaec39c7a7849a57d

SHA256
ce407978dea212676a2add55350c45f51c878b3e97c44044f720ae1be8889b7e

SHA512
305cd230ddc83925188dcc645409dde7ca9935a002c7f392a4b9de8fca0d27914fa85c8259e0680b03f0eae42003a5223f461340a3f96d0144a1de9441de6dd2

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS9E81.tmp\[email protected]\install.rdf

Filesize
607B

MD5
daa094d19d27bee5f69ee755273c9b5d

SHA1
fef666f530855a694441c9e9726c5548157b499d

SHA256
9a2cf5a88f0c53cd270a25516398fe7edfc820f7eddd069f1b7923f3fff75137

SHA512
2c6f6e97f1bb34e97ca0a450c384adb4cb4a674597db31a38259d19d4ef9122232ac79452239739a7b693c9152be1b3eefe5cb9b27fc3e7f3ceb4225e40750f7

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads