20f4280f8ac312a0bdd2887a7cad554f3786fa2c3dfb5964f6a9c9f1a4ef7083

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
08/10/2024, 20:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

25551fb53a939da08ff2899c0ac64676_JaffaCakes118.exe
Size

551KB
MD5

25551fb53a939da08ff2899c0ac64676
SHA1

9da7bf230e76435cfb7659b3fb08df2a643caf40
SHA256

20f4280f8ac312a0bdd2887a7cad554f3786fa2c3dfb5964f6a9c9f1a4ef7083
SHA512

3caa80bac696aca3907f15b0fb0fc08d057a258fdf3103f5ba2fa7d991bfe8883a9ffbf7f072513251623ce94173ec8ddd9fce346d2feea6b8038b301bddcd6e
SSDEEP

12288:h1OgLdaOYgbJuMmFcouJqkXWctn+MEfO6:h1OYdaOYgJHJJqkXtMO6

Score

7^/10

adware discovery stealer

Malware Config

Signatures

Loads dropped DLL 2 IoCs

pid	Process
2904	regsvr32.exe
2904	regsvr32.exe

Drops Chrome extension 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jijndhbaengbjaklpiobdphhhjlmclel\1.5\manifest.json	regsvr32.exe

Installs/modifies Browser Helper Object 2 TTPs 4 IoCs

BHOs are DLL modules which act as plugins for Internet Explorer.

stealer adware

Modify Registry

T1112

Browser Extensions

T1176

description	ioc	Process
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{BC51F06E-EC7F-10C8-BC81-4D7FD83BA0F7}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{BC51F06E-EC7F-10C8-BC81-4D7FD83BA0F7}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{BC51F06E-EC7F-10C8-BC81-4D7FD83BA0F7}\ = "saFe save"	regsvr32.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{BC51F06E-EC7F-10C8-BC81-4D7FD83BA0F7}\NoExplorer = "1"	regsvr32.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	25551fb53a939da08ff2899c0ac64676_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regsvr32.exe

Modifies Internet Explorer settings 1 TTPs 4 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration	regsvr32.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration\{BC51F06E-EC7F-10C8-BC81-4D7FD83BA0F7}	regsvr32.exe
Key deleted	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration\{BC51F06E-EC7F-10C8-BC81-4D7FD83BA0F7}	regsvr32.exe
Key deleted	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration	regsvr32.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ssafe	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BC51F06E-EC7F-10C8-BC81-4D7FD83BA0F7}\InprocServer32\ThreadingModel = "Apartment"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\HELPDIR\ = "C:\\ProgramData\\saFe save"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ProxyStubClsid32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib\ = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\save\CLSID\ = "{BC51F06E-EC7F-10C8-BC81-4D7FD83BA0F7}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BC51F06E-EC7F-10C8-BC81-4D7FD83BA0F7}\ProgID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\HELPDIR	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\save.1.5	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BC51F06E-EC7F-10C8-BC81-4D7FD83BA0F7}\InprocServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\FLAGS\ = "0"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ = "ILocalStorage"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\save.ssafe	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\FLAGS	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\save.1.5\CLSID\ = "{BC51F06E-EC7F-10C8-BC81-4D7FD83BA0F7}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ProxyStubClsid32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib\Version = "1.0"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BC51F06E-EC7F-10C8-BC81-4D7FD83BA0F7}\Programmable	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BC51F06E-EC7F-10C8-BC81-4D7FD83BA0F7}\ProgID	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ = "IIEPluginMain"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib\Version = "1.0"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib\ = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\save\CurVer\ = "ssafe save.1.5"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BC51F06E-EC7F-10C8-BC81-4D7FD83BA0F7}\ = "saFe save"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib\Version = "1.0"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ = "ILocalStorage"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ProxyStubClsid32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\save\CurVer	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BC51F06E-EC7F-10C8-BC81-4D7FD83BA0F7}\Programmable	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BC51F06E-EC7F-10C8-BC81-4D7FD83BA0F7}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\0\win32\ = "C:\\ProgramData\\saFe save\\zVm.tlb"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ProxyStubClsid32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\save.1.5\CLSID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\save\CLSID	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BC51F06E-EC7F-10C8-BC81-4D7FD83BA0F7}\ProgID\ = "ssafe save.1.5"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BC51F06E-EC7F-10C8-BC81-4D7FD83BA0F7}\VersionIndependentProgID	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\ = "IEPluginLib"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\0\win32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib\ = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BC51F06E-EC7F-10C8-BC81-4D7FD83BA0F7}\InprocServer32\ = "C:\\ProgramData\\saFe save\\zVm.dll"	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BC51F06E-EC7F-10C8-BC81-4D7FD83BA0F7}\InprocServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\save\ = "saFe save"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib\ = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib\Version = "1.0"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BC51F06E-EC7F-10C8-BC81-4D7FD83BA0F7}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BC51F06E-EC7F-10C8-BC81-4D7FD83BA0F7}\VersionIndependentProgID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\0	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\save	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BC51F06E-EC7F-10C8-BC81-4D7FD83BA0F7}\VersionIndependentProgID\ = "ssafe save"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ = "IIEPluginMain"	regsvr32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1192 wrote to memory of 2904	1192	25551fb53a939da08ff2899c0ac64676_JaffaCakes118.exe	30
PID 1192 wrote to memory of 2904	1192	25551fb53a939da08ff2899c0ac64676_JaffaCakes118.exe	30
PID 1192 wrote to memory of 2904	1192	25551fb53a939da08ff2899c0ac64676_JaffaCakes118.exe	30
PID 1192 wrote to memory of 2904	1192	25551fb53a939da08ff2899c0ac64676_JaffaCakes118.exe	30
PID 1192 wrote to memory of 2904	1192	25551fb53a939da08ff2899c0ac64676_JaffaCakes118.exe	30
PID 1192 wrote to memory of 2904	1192	25551fb53a939da08ff2899c0ac64676_JaffaCakes118.exe	30
PID 1192 wrote to memory of 2904	1192	25551fb53a939da08ff2899c0ac64676_JaffaCakes118.exe	30

C:\Users\Admin\AppData\Local\Temp\25551fb53a939da08ff2899c0ac64676_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\25551fb53a939da08ff2899c0ac64676_JaffaCakes118.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:1192
- C:\Windows\SysWOW64\regsvr32.exe
  "C:\Windows\System32\regsvr32.exe" /n /s /i:"" tua.dll
  2⤵
  - Loads dropped DLL
  - Drops Chrome extension
  - Installs/modifies Browser Helper Object
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Modifies registry class
  PID:2904

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Browser Extensions

T1176

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\7zS9A0E.tmp\Preferences.C__Users_Admin_AppData_Local_Google_Chrome_User Data_Default_Preferences

Filesize
5KB

MD5
2556475c92e67808f82792ae9514201d

SHA1
15e41efbcd6827bac7006e64a067bd1b70dc8012

SHA256
44d2f09c5a87cbe94c408da8398b30eaf8f6b9ba75b4adeed842aaa970c3d543

SHA512
f8ebbcc2aacac0793e0aa333a5e04ba24850acdd5d86b5cb8a7c11cc3ab173c74dafb6944e53ee1291f9cd3da09c0adae4c5f646f748e3374ead54341243d7dd

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS9A0E.tmp\[email protected]\bootstrap.js

Filesize
2KB

MD5
a5f0f5f4d3b2214883ad36cac4c3f6a1

SHA1
78abb6361771466f884896da4147759ce7460567

SHA256
8edf4350e4d105bcaf8e783645a306f1a9b96f76a9b932f540ae1b09a131ae74

SHA512
be535d67df8bd6e6b9ef90dbed0d646c4367aed0854c594b07767c0611d0208c78c36ed7d3bab5fd97f064c37cb329d3cb9cc1ee3fb88bcc297bf6a94dc60299

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS9A0E.tmp\[email protected]\chrome.manifest

Filesize
100B

MD5
c63d2a3529e54a9290eb5aefe5117646

SHA1
45ae5c4694e4007d326a95b93f8937252a33c423

SHA256
3bc051bcc48372261c03009032505562a59d3997bdb941ae530d526a7b123229

SHA512
32db35d385bd6dd054f6eb3a240a802d954608c392ba43211e139600f7d5190dd548243b2ff62023d5453d0aed083704b259645ec41a31ed587822c719a1600e

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS9A0E.tmp\[email protected]\content\bg.js

Filesize
9KB

MD5
6e860560e79828d3d77faa703622d22b

SHA1
f62479ebaaa19c17fe872b67b56f12fa380b7558

SHA256
bb10cdd15ca043b9df0ae85d9751aeea976e37328154b91f0d3b39e6cb4330f9

SHA512
9e54b2ee7712e7c9543aaa68506c7797c765e75627642ec1a34f981a3acc83c0f8331e439fa84f0931f8af2d0a13962f9a8ff3d83751fcbfc072e17cfaa15888

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS9A0E.tmp\[email protected]\install.rdf

Filesize
596B

MD5
c033945a1a2fa94d7097fb7315c61eab

SHA1
93b7bf3266f2512f3a61891e06f589c3cbf8f2e1

SHA256
9f937a13996f9786dd6aa8dc1e719d116ce28b78bdee6895ce1db35c66aefba1

SHA512
6d2048c4915224142967f5592073d2e2d2139922963d353418a4be0aab104190bd443d3d0100ae441af1edb65b022950edced6bc5358bc748f869de6dfbec920

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS9A0E.tmp\jijndhbaengbjaklpiobdphhhjlmclel\background.html

Filesize
141B

MD5
85d61009862eab961084ceecdefb8228

SHA1
829145039a499e852d50716701cde675f03ac332

SHA256
1552b3e6c0c28b7e47537b5d20a584c526bf0328f0499cb09cead1174dd725f8

SHA512
49901cf3288c19602e8336e9ee5a5450580e0d2de83ae2607662f9f82e70544e774efd0e996881d5c8916628b3f9c33234f1358d1b368a1d65a2881c11423f7f

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS9A0E.tmp\jijndhbaengbjaklpiobdphhhjlmclel\content.js

Filesize
197B

MD5
5f9891607f65f433b0690bae7088b2c1

SHA1
b4edb7579dca34dcd00bca5d2c13cbc5c8fac0de

SHA256
fb01e87250ac9985ed08d97f2f99937a52998ea9faebdc88e4071d6517e1ea6b

SHA512
76018b39e4b62ff9ea92709d12b0255f33e8402dfc649ed403382eebc22fb37c347c403534a7792e6b5de0ed0a5d97a09b69f0ffc39031cb0d4c7d79e9440c7c

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS9A0E.tmp\jijndhbaengbjaklpiobdphhhjlmclel\fIMK.js

Filesize
5KB

MD5
9a39f938044aeb68b6687d38fe13d809

SHA1
f2979b550c6e243d9b86e6ec4db910a2ffd821d2

SHA256
6dc714e4cc4592862de3396fea690c867b025e0ef89f0f38ecf2b683473b30f6

SHA512
fe526d3549f6667aec403871c8192e53b0421cc76b9db955240af1efeac8cb2690c358038acc695b5316d996cc4c0cf37eaa3034068b31bc40079bfbf64c6e39

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS9A0E.tmp\jijndhbaengbjaklpiobdphhhjlmclel\lsdb.js

Filesize
559B

MD5
209b7ae0b6d8c3f9687c979d03b08089

SHA1
6449f8bff917115eef4e7488fae61942a869200f

SHA256
e3cf0049af8b9f6cb4f0223ccb8438f4b0c75863684c944450015868a0c45704

SHA512
1b38d5509283ef25de550b43ef2535dee1a13eff12ad5093f513165a47eec631bcc993242e2ce640f36c61974431ae2555bd6e2a97aba91eb689b7cd4bf25a25

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS9A0E.tmp\jijndhbaengbjaklpiobdphhhjlmclel\manifest.json

Filesize
501B

MD5
b8f05183ccdf73d0e05bc17d1c3ee02f

SHA1
5b94c5190d73f2d1ada61177c6a6968615f10414

SHA256
d598244e595d227f0717611fb7cbcb93c0bd4e264f2830fb775f56c1d30edf72

SHA512
0e3caf99abefe810969fbef40333217b18ab50cd31ca50e2c6c9b0cc452155424d3266b3545768db7e782fff13a5aa923c1a1c61f280c33c7b37b9b2022006ff

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS9A0E.tmp\jijndhbaengbjaklpiobdphhhjlmclel\sqlite.js

Filesize
1KB

MD5
845259dd8295e8a84313a92f3b4ca7f5

SHA1
817054628d3d62d1989c18496abb36b742650c2b

SHA256
f7c934e82ba4dc76752d191ee73b66c7291ba2e627c8e266816b1ba6540a6b36

SHA512
493838d148b6292aa295110812de43cc05554a441353d0aa7bb7ceb6bd58a6a02bdbdd830876c69c31ba27e554d02bf8343f311feb13f0265841f78f55184962

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS9A0E.tmp\settings.ini

Filesize
7KB

MD5
6eba6b0474309c117672b6f0fb80a36b

SHA1
baa61dc0d6e1208dec4c86c198cb04b046af2535

SHA256
b26e3433562e9b56f3a44e407eac961fb642aa5faf870d41a8fe388a8c45a9e2

SHA512
52587abff0ab5bf9ec5a26806126249e2108a27cd6cbadc3e797ca0b07b65f1e14e9e050621dc8e5f1699b5860555ec04e0f5428d63bee2ec95b18182ddb6bc8

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS9A0E.tmp\tua.dll

Filesize
203KB

MD5
41b13b132cb601ecc466654b90296353

SHA1
245258ddccb48826f22d57444f49fa30be1b36fd

SHA256
7fa4bb68c313e1090587a64b90e87bdcbc14ea3fb7c0e8cff94c657c969b70bf

SHA512
0e8de7bbe3695848e299fe3f3506f2e982a60cf0a0dd11cde86de4af67ef3c7b46458680d7bad9cedaa266ea33cb2e77f2aa83fcf1bdd20bf31d1936f2bd69a6

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS9A0E.tmp\zVm.dll

Filesize
180KB

MD5
0e093772550eb9541dd715c016b5584a

SHA1
20338dc859a5652f5661280dc508f4e5b533e76d

SHA256
028999304f35f7a6fc2cf6e360d4ea587612d63ce191fa979cc98ccca46ab149

SHA512
0030b395e2fde6bc9f70f52e71d8e87d306cff8afd2acbad725c4cc92b6d7916a38c1d6d156feaec841966492d32394982ef51989e2b8673d7c00e103f744dd5

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS9A0E.tmp\zVm.tlb

Filesize
2KB

MD5
48e9706fe9f76731f3576122fc3e9e33

SHA1
387c8c4898ead8ace488a7df80fead429eaf167b

SHA256
7bad79916803a14ca817e5c39f5ec2f0f240044d6dc24fb4916c8fda338060f1

SHA512
e9b44a2b1b7a806066182a084ec9df81916fc6db79710256e173377e7cd64a732c006830bbe324a9a734731ecde8b8251cfa995399f6d4df5322faff99c458b6

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads