68fbc05e8ba87a7a1a6e4dd01e64b9092113a99000c31d38c35eac4158039434

Analysis

max time kernel
93s
max time network
95s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
09/10/2024, 03:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

29cff8e374f37036c31b5fad6dd90e40_JaffaCakes118.exe
Size

717KB
MD5

29cff8e374f37036c31b5fad6dd90e40
SHA1

f1125a1658d43462e228c574cf67e8c30300a049
SHA256

68fbc05e8ba87a7a1a6e4dd01e64b9092113a99000c31d38c35eac4158039434
SHA512

f77cb0569e3118235b039a0321b3a22a0db4fee199277daf3ade93c7c8dd2440295dcc74abd766789349dcca269e549d1db5805478f1f532e786718edb8e56cc
SSDEEP

12288:BKnekrL58XUhkwsidswP6e4xIDdfIwjm+7wCz35CopA2srgW11oO49LKv7qHDKUp:OLikKwhjP6x6jm+7wOJCoHW11oO49GIp

Score

7^/10

adware discovery spyware stealer

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1960	Gi48CejNl.exe

Loads dropped DLL 1 IoCs

pid	Process
1960	Gi48CejNl.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops Chrome extension 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcccmffjklegcdacpkkobniflcgkaihn\1.6\manifest.json	Gi48CejNl.exe

Installs/modifies Browser Helper Object 2 TTPs 4 IoCs

BHOs are DLL modules which act as plugins for Internet Explorer.

stealer adware

Modify Registry

T1112

Browser Extensions

T1176

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{557CF7A0-323D-AA68-56D1-2B1C6D87521C}	Gi48CejNl.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{557CF7A0-323D-AA68-56D1-2B1C6D87521C}\ = "DownLoad keepeR"	Gi48CejNl.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{557CF7A0-323D-AA68-56D1-2B1C6D87521C}\NoExplorer = "1"	Gi48CejNl.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{557CF7A0-323D-AA68-56D1-2B1C6D87521C}	Gi48CejNl.exe

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	29cff8e374f37036c31b5fad6dd90e40_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Gi48CejNl.exe

Modifies Internet Explorer settings 1 TTPs 4 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key deleted	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\APPROVEDEXTENSIONSMIGRATION\{557CF7A0-323D-AA68-56D1-2B1C6D87521C}	Gi48CejNl.exe
Key deleted	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Internet Explorer\ApprovedExtensionsMigration	Gi48CejNl.exe
Key created	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Internet Explorer\ApprovedExtensionsMigration	Gi48CejNl.exe
Key created	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Internet Explorer\ApprovedExtensionsMigration\{557CF7A0-323D-AA68-56D1-2B1C6D87521C}	Gi48CejNl.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\keepeer.DioowNlOad	Gi48CejNl.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\keepeer.1.6	Gi48CejNl.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{557CF7A0-323D-AA68-56D1-2B1C6D87521C}\VersionIndependentProgID\ = "DioowNlOad keepeer"	Gi48CejNl.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0	Gi48CejNl.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib\Version = "1.0"	Gi48CejNl.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{557CF7A0-323D-AA68-56D1-2B1C6D87521C}	Gi48CejNl.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ProxyStubClsid32	Gi48CejNl.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	Gi48CejNl.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\keepeer\CLSID\ = "{557CF7A0-323D-AA68-56D1-2B1C6D87521C}"	Gi48CejNl.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	Gi48CejNl.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib\Version = "1.0"	Gi48CejNl.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib	Gi48CejNl.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ProxyStubClsid32	Gi48CejNl.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\keepeer.1.6\ = "DownLoad keepeR"	Gi48CejNl.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\keepeer\CurVer\ = "DioowNlOad keepeer.1.6"	Gi48CejNl.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{557CF7A0-323D-AA68-56D1-2B1C6D87521C}\VersionIndependentProgID	Gi48CejNl.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\HELPDIR	Gi48CejNl.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib\Version = "1.0"	Gi48CejNl.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	Gi48CejNl.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib\ = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}"	Gi48CejNl.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\keepeer.1.6\CLSID\ = "{557CF7A0-323D-AA68-56D1-2B1C6D87521C}"	Gi48CejNl.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\keepeer\ = "DownLoad keepeR"	Gi48CejNl.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{557CF7A0-323D-AA68-56D1-2B1C6D87521C}	Gi48CejNl.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}	Gi48CejNl.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib\ = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}"	Gi48CejNl.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}	Gi48CejNl.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{557CF7A0-323D-AA68-56D1-2B1C6D87521C}\InprocServer32\ = "C:\\ProgramData\\DownLoad keepeR\\HXBwR2Ux.dll"	Gi48CejNl.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}	Gi48CejNl.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ = "ILocalStorage"	Gi48CejNl.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ = "IIEPluginMain"	Gi48CejNl.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	Gi48CejNl.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib\ = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}"	Gi48CejNl.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib	Gi48CejNl.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{557CF7A0-323D-AA68-56D1-2B1C6D87521C}\ProgID\ = "DioowNlOad keepeer.1.6"	Gi48CejNl.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{557CF7A0-323D-AA68-56D1-2B1C6D87521C}\Programmable	Gi48CejNl.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{557CF7A0-323D-AA68-56D1-2B1C6D87521C}\InprocServer32	Gi48CejNl.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{557CF7A0-323D-AA68-56D1-2B1C6D87521C}\InprocServer32\ThreadingModel = "Apartment"	Gi48CejNl.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{557CF7A0-323D-AA68-56D1-2B1C6D87521C}\InprocServer32	Gi48CejNl.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{557CF7A0-323D-AA68-56D1-2B1C6D87521C}\ = "DownLoad keepeR"	Gi48CejNl.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\ = "IEPluginLib"	Gi48CejNl.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\HELPDIR\ = "C:\\ProgramData\\DownLoad keepeR"	Gi48CejNl.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\keepeer	Gi48CejNl.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{557CF7A0-323D-AA68-56D1-2B1C6D87521C}\ProgID	Gi48CejNl.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{557CF7A0-323D-AA68-56D1-2B1C6D87521C}\Programmable	Gi48CejNl.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\FLAGS	Gi48CejNl.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ = "IIEPluginMain"	Gi48CejNl.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\keepeer\CurVer	Gi48CejNl.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib	Gi48CejNl.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ProxyStubClsid32	Gi48CejNl.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\keepeer.1.6\CLSID	Gi48CejNl.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\keepeer\CLSID	Gi48CejNl.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\0	Gi48CejNl.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\0\win32	Gi48CejNl.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib\Version = "1.0"	Gi48CejNl.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ = "ILocalStorage"	Gi48CejNl.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DioowNlOad	Gi48CejNl.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\FLAGS\ = "0"	Gi48CejNl.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\0\win32\ = "C:\\ProgramData\\DownLoad keepeR\\HXBwR2Ux.tlb"	Gi48CejNl.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ProxyStubClsid32	Gi48CejNl.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{557CF7A0-323D-AA68-56D1-2B1C6D87521C}\ProgID	Gi48CejNl.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}	Gi48CejNl.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib\ = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}"	Gi48CejNl.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}	Gi48CejNl.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib	Gi48CejNl.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1148 wrote to memory of 1960	1148	29cff8e374f37036c31b5fad6dd90e40_JaffaCakes118.exe	85
PID 1148 wrote to memory of 1960	1148	29cff8e374f37036c31b5fad6dd90e40_JaffaCakes118.exe	85
PID 1148 wrote to memory of 1960	1148	29cff8e374f37036c31b5fad6dd90e40_JaffaCakes118.exe	85

System policy modification 1 TTPs 1 IoCs

evasion

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{557CF7A0-323D-AA68-56D1-2B1C6D87521C} = "1"	Gi48CejNl.exe

C:\Users\Admin\AppData\Local\Temp\29cff8e374f37036c31b5fad6dd90e40_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\29cff8e374f37036c31b5fad6dd90e40_JaffaCakes118.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:1148
- C:\Users\Admin\AppData\Local\Temp\00294823\Gi48CejNl.exe
  "C:\Users\Admin\AppData\Local\Temp/00294823/Gi48CejNl.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops Chrome extension
  - Installs/modifies Browser Helper Object
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Modifies registry class
  - System policy modification
  PID:1960

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Browser Extensions

T1176

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\00294823\Gi48CejNl.dat

Filesize
5KB

MD5
e7668d2aacc3d6703e13446c46af6b6f

SHA1
44d0d1bb5dd340f0e4d8e089b709089d30863281

SHA256
1af8079e8167233c1669a1cdc8f3004682b40fecde3dc2fc9b1d6f55e8eafc74

SHA512
4715e7394ab0151916c9a907ea4436b2cef8d0eb73769418932994bc3e2f4eb05d3684c348cd79ef8f3c1c74975f1675b38a55e5c7e95265b39cfd54ea774766

Download Submit
C:\Users\Admin\AppData\Local\Temp\00294823\Gi48CejNl.exe

Filesize
334KB

MD5
8300c91b40229b42301aebc6d8859907

SHA1
0b55e56a6add6b4dd4ceff475a0018a203d02a5a

SHA256
f54a6814ac06c70ef5b738eca4855e49039783d96b70ba1ae461bd90877e53b5

SHA512
0863750da143e1707513f4a2efe1ad6cf81f5a819c7d5496d1629745afffcf72338aa9de90479d5e0936e848f9b260c434fd369027c56be175814086cafd4d8f

Download Submit
C:\Users\Admin\AppData\Local\Temp\00294823\HXBwR2Ux.dll

Filesize
222KB

MD5
e9b27306a18f18b88945cdf066de2fc9

SHA1
4d18490fbb336e261301a967047065dd561cc2f2

SHA256
a9880b90d24af3786886306aefe5c79ff3cb2fb7b36ee5fb7bf2af85f240d63c

SHA512
f255e8bfb13cfa070b31f47b12a4aacf9ab75a6a8191b6b83740d02c3f007b6d5255a5c2c12bc7b599996742973d2faccb5463d96d16c7aba40e34776823c706

Download Submit
C:\Users\Admin\AppData\Local\Temp\00294823\HXBwR2Ux.tlb

Filesize
2KB

MD5
39d776f73d1d3f771aaa8c3561367c3a

SHA1
eef842aa02927bd7fbe7d569c5446ef1a2ea065f

SHA256
c2156787eeb818e587529572599fa124773c71330fb93e1c79f4cb9141090941

SHA512
3174095accbf422730e60f61523dec01a9a4519cb4642a641c5f547d530ad41f5386d383b90f7daf34f1f36635775929e99d7fe0030aa24cee30f4de8376eeb3

Download Submit
C:\Users\Admin\AppData\Local\Temp\00294823\[email protected]\bootstrap.js

Filesize
2KB

MD5
1b53c596cfb1aa2209446ff64c17dabd

SHA1
2542da14728dcdbe1763f1ee39fe9ceae38ad414

SHA256
a7dfea4bf7e1d46a8b8e64ccfb2cf35017e3a5b350eead26d6671254d2b3c46f

SHA512
be54481675c38ef6a41697cf8cd3ab5a0b126922b192732a9c587dd8905b74b66c79eb0c849f62bbe8934979a894be63734b0ad59ffae295f5797cbfaa327030

Download Submit
C:\Users\Admin\AppData\Local\Temp\00294823\[email protected]\chrome.manifest

Filesize
110B

MD5
772afd0aacb1d7bb809421b6c6b03eaa

SHA1
51f874d38fed06285e613b2c873a1748841a54b7

SHA256
13377bc92bd3c226d825eb8f9084d798ad2021cf527a673593606a944b27c028

SHA512
c59bee1bb13aff84b1e63e934df9eb099ba39c9f7b499202515eca88b9f209bd1d69db784e2d31926d9f503339ed47b74510de95915010224fd2a492c81d4a14

Download Submit
C:\Users\Admin\AppData\Local\Temp\00294823\[email protected]\content\bg.js

Filesize
9KB

MD5
3bc561153e7f88f8843420db8f8359c1

SHA1
4add8db107611e3fd3c8819067de6177682387ed

SHA256
b66aa166e503f499f05c55c105d7e8662381230c4c9053e74b4a8824d1c8e0e4

SHA512
0276ed7bfe27123940853bda5f90ccc3bdb6ff4282654e9915519fe052fd8bcbc5e49d304925637efdca6cc2009f8810f03ac7bdbc6434ab4fd36f54dcdc4f38

Download Submit
C:\Users\Admin\AppData\Local\Temp\00294823\[email protected]\install.rdf

Filesize
607B

MD5
978de061cbfb9c0eb17c846472d01314

SHA1
6eda6be1ce47895b47a1a5600543ce8a2b0deb3c

SHA256
dc202b6b587ce73f7b382d964007021b9b0e060b31a52e6514787842b24f9971

SHA512
a24729da00ced690ab3140cc192b1f17ba09ce47b3c53e39e3c8e3b2b38d0b7692c08b787d2179f0d60f0962381b320f9da02023944a0c8cdf5ac760fe779c69

Download Submit
C:\Users\Admin\AppData\Local\Temp\00294823\jcccmffjklegcdacpkkobniflcgkaihn\background.html

Filesize
146B

MD5
e3b93336d9263197bcbf21aa3a580d98

SHA1
c840b8f9b2146a534c0488d314092eeaadfc43f2

SHA256
df07723be6d6c7057dda24cc9e6fa865d7d50dd13cd74377cd485878a021ba12

SHA512
a19e258f673924e99dfc1eef58ee5d4c34d41fd1db894f4a392e9ae88fa7ccb91f4e58759a3b7e6811a23b55d5b0b08150a766d2a92e39d917f20f5c0a3dcff9

Download Submit
C:\Users\Admin\AppData\Local\Temp\00294823\jcccmffjklegcdacpkkobniflcgkaihn\content.js

Filesize
197B

MD5
5f9891607f65f433b0690bae7088b2c1

SHA1
b4edb7579dca34dcd00bca5d2c13cbc5c8fac0de

SHA256
fb01e87250ac9985ed08d97f2f99937a52998ea9faebdc88e4071d6517e1ea6b

SHA512
76018b39e4b62ff9ea92709d12b0255f33e8402dfc649ed403382eebc22fb37c347c403534a7792e6b5de0ed0a5d97a09b69f0ffc39031cb0d4c7d79e9440c7c

Download Submit
C:\Users\Admin\AppData\Local\Temp\00294823\jcccmffjklegcdacpkkobniflcgkaihn\fzqSioqqe.js

Filesize
5KB

MD5
05921b430b68efc5c5ff50c4ba14ecb7

SHA1
00abb42c913c30ebb43c6c5ab0dafb0d17973789

SHA256
0fae92270d83b5c541a6108f16bdcce27b9e6ccf1c78f7480fb5f941abf126a7

SHA512
c6c424c713467b87490b94556a7eff026937b3270e464c56f271dfe06f12f15bbb2ec34ab5e02451a0e2db194a328122b03ca93dbbac4adc37abf148968c2b8b

Download Submit
C:\Users\Admin\AppData\Local\Temp\00294823\jcccmffjklegcdacpkkobniflcgkaihn\lsdb.js

Filesize
559B

MD5
209b7ae0b6d8c3f9687c979d03b08089

SHA1
6449f8bff917115eef4e7488fae61942a869200f

SHA256
e3cf0049af8b9f6cb4f0223ccb8438f4b0c75863684c944450015868a0c45704

SHA512
1b38d5509283ef25de550b43ef2535dee1a13eff12ad5093f513165a47eec631bcc993242e2ce640f36c61974431ae2555bd6e2a97aba91eb689b7cd4bf25a25

Download Submit
C:\Users\Admin\AppData\Local\Temp\00294823\jcccmffjklegcdacpkkobniflcgkaihn\manifest.json

Filesize
507B

MD5
5e90943f87898e3958d4f55bbea2d5fe

SHA1
348646f6823098d70c1128e7f6ff4b9cccff1547

SHA256
803af1299724cd9a9708356ab5bede60152b5fc836b45a0f8a971549fc9ff577

SHA512
7b11ee672869b9a6aaa916848038d518bafbfabacfd9c07696cf2131375de2048c1a584cd208363ac384b40a20528bb9c551f8fe9053deea9ce5892c0b06cd89

Download Submit
C:\Users\Admin\AppData\Local\Temp\00294823\jcccmffjklegcdacpkkobniflcgkaihn\sqlite.js

Filesize
1KB

MD5
8cb7378a1d9f7734894c1435f39d6ab3

SHA1
60ac564a20512d6e86e6f7f6514b62c31e653f10

SHA256
329b9200580d37c0c36878501bbf7052dba6d42e1b2e9c0bca8a9b0a44f7f7d4

SHA512
5d1cb93e0acaf3e5debdc7180638c3df9a1e2095be2a5e79d43562c753a464d046cd9834ab1172aa70467041ba85e0e35936f3d9c99c151a9df2fd06af369622

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads