d145080d6d26bc9436877c0242cfbf56212738c82497ccad0d34a438452cea48

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
09/10/2024, 06:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2c6f1526bf290fc61dde7b1bb3f4ea1b_JaffaCakes118.exe
Size

1.0MB
MD5

2c6f1526bf290fc61dde7b1bb3f4ea1b
SHA1

4472070cc24f191d4c677d99f16489711efd7cee
SHA256

d145080d6d26bc9436877c0242cfbf56212738c82497ccad0d34a438452cea48
SHA512

e1f300d9a908faceea8e612e6e2f5e1bf69b6be3564aae139af697a4767c05d90958b36a3489dac58bdb9b055ebf322f7dc465d44f942a6ae0b76c08b7f57a9d
SSDEEP

24576:4Li8hu4d+8riq7ki0Mk+gk1yKSTYhU1nYm+jiz1LE4Uz895rKg:4L/dd+8rzaMRgk136hYz+EdzKrKg

Score

7^/10

adware discovery spyware stealer

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2812	yg3yGq.exe

Loads dropped DLL 2 IoCs

pid	Process
2648	2c6f1526bf290fc61dde7b1bb3f4ea1b_JaffaCakes118.exe
2812	yg3yGq.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops Chrome extension 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjjndjminfeckikahfddnbfopeadkggb\1.6\manifest.json	yg3yGq.exe

Installs/modifies Browser Helper Object 2 TTPs 4 IoCs

BHOs are DLL modules which act as plugins for Internet Explorer.

stealer adware

Modify Registry

T1112

Browser Extensions

T1176

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{A6FA95B4-C500-EB0E-DA7C-C68BD98648D8}	yg3yGq.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{A6FA95B4-C500-EB0E-DA7C-C68BD98648D8}\ = "DDownload keeper"	yg3yGq.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{A6FA95B4-C500-EB0E-DA7C-C68BD98648D8}\NoExplorer = "1"	yg3yGq.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{A6FA95B4-C500-EB0E-DA7C-C68BD98648D8}	yg3yGq.exe

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2c6f1526bf290fc61dde7b1bb3f4ea1b_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	yg3yGq.exe

Modifies Internet Explorer settings 1 TTPs 4 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration	yg3yGq.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration\{A6FA95B4-C500-EB0E-DA7C-C68BD98648D8}	yg3yGq.exe
Key deleted	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration\{A6FA95B4-C500-EB0E-DA7C-C68BD98648D8}	yg3yGq.exe
Key deleted	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration	yg3yGq.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DOWnlOad	yg3yGq.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	yg3yGq.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\0\win64\ = "C:\\ProgramData\\DDownload keeper\\k7wZV.tlb"	yg3yGq.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\keeper\CurVer\ = "DOWnlOad keeper.1.6"	yg3yGq.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\FLAGS\ = "0"	yg3yGq.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib\ = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}"	yg3yGq.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\0	yg3yGq.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib\ = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}"	yg3yGq.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib\ = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}"	yg3yGq.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}	yg3yGq.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\0\win64	yg3yGq.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\keeper.1.6\CLSID\ = "{A6FA95B4-C500-EB0E-DA7C-C68BD98648D8}"	yg3yGq.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib\ = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}"	yg3yGq.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A6FA95B4-C500-EB0E-DA7C-C68BD98648D8}\InprocServer32	yg3yGq.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A6FA95B4-C500-EB0E-DA7C-C68BD98648D8}\InprocServer32\ = "C:\\ProgramData\\DDownload keeper\\k7wZV.dll"	yg3yGq.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A6FA95B4-C500-EB0E-DA7C-C68BD98648D8}\ProgID	yg3yGq.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\0\win32	yg3yGq.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	yg3yGq.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}	yg3yGq.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib\Version = "1.0"	yg3yGq.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ = "IIEPluginMain"	yg3yGq.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ProxyStubClsid32	yg3yGq.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ProxyStubClsid32	yg3yGq.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}	yg3yGq.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\keeper	yg3yGq.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A6FA95B4-C500-EB0E-DA7C-C68BD98648D8}\ = "DDownload keeper"	yg3yGq.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A6FA95B4-C500-EB0E-DA7C-C68BD98648D8}\ProgID\ = "DOWnlOad keeper.1.6"	yg3yGq.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}	yg3yGq.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0	yg3yGq.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\ = "IEPluginLib"	yg3yGq.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\FLAGS	yg3yGq.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	yg3yGq.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A6FA95B4-C500-EB0E-DA7C-C68BD98648D8}\Implemented Categories\{59FB2056-D625-48D0-A944-1A85B5AB2640}	yg3yGq.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\keeper\CLSID\ = "{A6FA95B4-C500-EB0E-DA7C-C68BD98648D8}"	yg3yGq.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A6FA95B4-C500-EB0E-DA7C-C68BD98648D8}\VersionIndependentProgID\ = "DOWnlOad keeper"	yg3yGq.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\0\win32\ = "C:\\ProgramData\\DDownload keeper\\k7wZV.dll"	yg3yGq.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ProxyStubClsid32	yg3yGq.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ = "ILocalStorage"	yg3yGq.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\keeper\CurVer	yg3yGq.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A6FA95B4-C500-EB0E-DA7C-C68BD98648D8}	yg3yGq.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A6FA95B4-C500-EB0E-DA7C-C68BD98648D8}\ProgID	yg3yGq.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A6FA95B4-C500-EB0E-DA7C-C68BD98648D8}\Programmable	yg3yGq.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\HELPDIR\ = "C:\\ProgramData\\DDownload keeper"	yg3yGq.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	yg3yGq.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\keeper.1.6\ = "DDownload keeper"	yg3yGq.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib\Version = "1.0"	yg3yGq.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ = "IIEPluginMain"	yg3yGq.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib\Version = "1.0"	yg3yGq.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ = "ILocalStorage"	yg3yGq.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A6FA95B4-C500-EB0E-DA7C-C68BD98648D8}\Implemented Categories	yg3yGq.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\keeper.1.6\CLSID	yg3yGq.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\keeper\ = "DDownload keeper"	yg3yGq.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\keeper\CLSID	yg3yGq.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\keeper.1.6	yg3yGq.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A6FA95B4-C500-EB0E-DA7C-C68BD98648D8}\VersionIndependentProgID	yg3yGq.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A6FA95B4-C500-EB0E-DA7C-C68BD98648D8}	yg3yGq.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib\Version = "1.0"	yg3yGq.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A6FA95B4-C500-EB0E-DA7C-C68BD98648D8}\InprocServer32\ThreadingModel = "Apartment"	yg3yGq.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A6FA95B4-C500-EB0E-DA7C-C68BD98648D8}\InprocServer32	yg3yGq.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\keeper.DOWnlOad	yg3yGq.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A6FA95B4-C500-EB0E-DA7C-C68BD98648D8}\VersionIndependentProgID	yg3yGq.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\HELPDIR	yg3yGq.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib	yg3yGq.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}	yg3yGq.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2648 wrote to memory of 2812	2648	2c6f1526bf290fc61dde7b1bb3f4ea1b_JaffaCakes118.exe	30
PID 2648 wrote to memory of 2812	2648	2c6f1526bf290fc61dde7b1bb3f4ea1b_JaffaCakes118.exe	30
PID 2648 wrote to memory of 2812	2648	2c6f1526bf290fc61dde7b1bb3f4ea1b_JaffaCakes118.exe	30
PID 2648 wrote to memory of 2812	2648	2c6f1526bf290fc61dde7b1bb3f4ea1b_JaffaCakes118.exe	30
PID 2648 wrote to memory of 2812	2648	2c6f1526bf290fc61dde7b1bb3f4ea1b_JaffaCakes118.exe	30
PID 2648 wrote to memory of 2812	2648	2c6f1526bf290fc61dde7b1bb3f4ea1b_JaffaCakes118.exe	30
PID 2648 wrote to memory of 2812	2648	2c6f1526bf290fc61dde7b1bb3f4ea1b_JaffaCakes118.exe	30

System policy modification 1 TTPs 2 IoCs

evasion

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{A6FA95B4-C500-EB0E-DA7C-C68BD98648D8} = "1"	yg3yGq.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID	yg3yGq.exe

C:\Users\Admin\AppData\Local\Temp\2c6f1526bf290fc61dde7b1bb3f4ea1b_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\2c6f1526bf290fc61dde7b1bb3f4ea1b_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2648
- C:\Users\Admin\AppData\Local\Temp\00294823\yg3yGq.exe
  "C:\Users\Admin\AppData\Local\Temp/00294823/yg3yGq.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops Chrome extension
  - Installs/modifies Browser Helper Object
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Modifies registry class
  - System policy modification
  PID:2812

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Browser Extensions

T1176

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\00294823\[email protected]\bootstrap.js

Filesize
2KB

MD5
1b53c596cfb1aa2209446ff64c17dabd

SHA1
2542da14728dcdbe1763f1ee39fe9ceae38ad414

SHA256
a7dfea4bf7e1d46a8b8e64ccfb2cf35017e3a5b350eead26d6671254d2b3c46f

SHA512
be54481675c38ef6a41697cf8cd3ab5a0b126922b192732a9c587dd8905b74b66c79eb0c849f62bbe8934979a894be63734b0ad59ffae295f5797cbfaa327030

Download Submit
C:\Users\Admin\AppData\Local\Temp\00294823\[email protected]\chrome.manifest

Filesize
104B

MD5
2aaa0cc6db9ef7a0085173684789e652

SHA1
8a0aefdaf782a7559b9558ec088f2df6c115c581

SHA256
daf6f68b4934b685200f6146352814badc84897cb9e19a3e7dbb95b2571bf8b2

SHA512
603541a8ae232f7d294a270ad2fcc2387e3059723f4e682bdeab97047a1e22a12635ff444620e3f2f4312aaa4acf0c22081dbe857b128926746e340113bca545

Download Submit
C:\Users\Admin\AppData\Local\Temp\00294823\[email protected]\content\bg.js

Filesize
9KB

MD5
72202990967d1204dab3171f0b98d124

SHA1
43c6aa2a948455f797776a099272e961e57a82dc

SHA256
bc37d9fec124da5e1bf712bf29f9452d78177f277e0ec9b1242e500ec5a2386d

SHA512
d085e9c9e757ebab68f673fec9d574fd1b30e375d4cbb1f42288718494cdea9f78676ec2b75977e639c3924125c09c8202066f23b7aadb285d8a06b7a383279b

Download Submit
C:\Users\Admin\AppData\Local\Temp\00294823\[email protected]\install.rdf

Filesize
615B

MD5
fda74ba8c3c3e011be8ff16bca768903

SHA1
18eb7395f7bbf9db0a6ae84434a548fb93560fd8

SHA256
3bb08e8222914bd29933dcfd5ea63a94e320262e0f6a728c422edad48b8c5b52

SHA512
3436622983275a9fe4c9527a940835d9a402dc5969f27c4864e89ff6d14c7fccd8fea0e7edca2c596e1f6ed44a219d2de902910beb55153b9b7cc550c7b27d9b

Download Submit
C:\Users\Admin\AppData\Local\Temp\00294823\cjjndjminfeckikahfddnbfopeadkggb\background.html

Filesize
143B

MD5
0081ca3032b436084bf1ef23f36894fd

SHA1
4a80e8241b274bbeaa8e3e2a336605008d130976

SHA256
5ede3620351470e7fe1289b90042c0e3a2b6127e14e4d1a1bc139689bcadfeae

SHA512
ec865e83808114f41a43e4f088813172b941a8471e977bdc4f9cf1899481c16329d82253db360c302179e4096a4a54eb5808428d5db9bcde4329dc2369032acc

Download Submit
C:\Users\Admin\AppData\Local\Temp\00294823\cjjndjminfeckikahfddnbfopeadkggb\content.js

Filesize
197B

MD5
5f9891607f65f433b0690bae7088b2c1

SHA1
b4edb7579dca34dcd00bca5d2c13cbc5c8fac0de

SHA256
fb01e87250ac9985ed08d97f2f99937a52998ea9faebdc88e4071d6517e1ea6b

SHA512
76018b39e4b62ff9ea92709d12b0255f33e8402dfc649ed403382eebc22fb37c347c403534a7792e6b5de0ed0a5d97a09b69f0ffc39031cb0d4c7d79e9440c7c

Download Submit
C:\Users\Admin\AppData\Local\Temp\00294823\cjjndjminfeckikahfddnbfopeadkggb\hRDK2f.js

Filesize
5KB

MD5
a8fb2bebd2d698f426f95e3032d34a07

SHA1
655e88faa4b04c9c2d15c2023e94414fb050d057

SHA256
458a0294d17a979fc75a6f4f5e0365fe21d5db31f1b4349730c946074a9d5c22

SHA512
56b6d977d7890f233af3fd2af8dd8cf22606d829895bb537dc7495a561064db1d6f1283872eef87fefa6c8f81da789867a6ddc0d8aeff0e3b887459d3d3a9313

Download Submit
C:\Users\Admin\AppData\Local\Temp\00294823\cjjndjminfeckikahfddnbfopeadkggb\lsdb.js

Filesize
559B

MD5
209b7ae0b6d8c3f9687c979d03b08089

SHA1
6449f8bff917115eef4e7488fae61942a869200f

SHA256
e3cf0049af8b9f6cb4f0223ccb8438f4b0c75863684c944450015868a0c45704

SHA512
1b38d5509283ef25de550b43ef2535dee1a13eff12ad5093f513165a47eec631bcc993242e2ce640f36c61974431ae2555bd6e2a97aba91eb689b7cd4bf25a25

Download Submit
C:\Users\Admin\AppData\Local\Temp\00294823\cjjndjminfeckikahfddnbfopeadkggb\manifest.json

Filesize
508B

MD5
b25600a61f77f011ea43537036869f94

SHA1
ca53323365463499ef909b6eab00ef1118b6ca71

SHA256
c248bd28bdd19aa211f99135198a9367bd1aa8606e35c164fb58348e06918e65

SHA512
099db4b5e9b245247da24321d37072f3e08d2a5f16642b121587729fd532ac37741a66e01f5ee39a5a7549663bb353dc095594af04fd16010f2b1921eaeb22c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\00294823\cjjndjminfeckikahfddnbfopeadkggb\sqlite.js

Filesize
1KB

MD5
7452fe3a2b2c12186062f4f255723cb4

SHA1
8e7911baf87dafd4dd6ada5a9d99b2d92b3b6d06

SHA256
0cecc30f54840f3de528737db6e26c519062eaa13efe57fa84d34ef17ec6fa6a

SHA512
109b1ae7fcecd90bf04267e9b684ce47568e632bf05a478114983d5d06c79ba26be756ea25af414e68b616b6e4ac7bd6163711db88db37a0fea5fe96e9a87df9

Download Submit
C:\Users\Admin\AppData\Local\Temp\00294823\k7wZV.dll

Filesize
258KB

MD5
e1d10cccd5dde588af8ee2cb7309523c

SHA1
0b9e805077320b0ce1e6620488bd34f1c4d7827e

SHA256
9900e517bfd4b39bd7af4bb360af52f6c95ef9b3e7ef36d2633485c58bef9a1a

SHA512
a929eaae12f5cb28e224fc31298af2808f995c5a06bc6f47d95879703dbb9369e2e35b4e50a452e91741e6a949336220348dbb3c389c46ea2e0ca41f592dcaa0

Download Submit
C:\Users\Admin\AppData\Local\Temp\00294823\k7wZV.tlb

Filesize
2KB

MD5
9156db5f76d48049dbc41fd1b58b3f34

SHA1
5eb1df59f9b5b06ab00137fc9e6451e323d3102c

SHA256
66fab808188a98ba49d99b723a181aa6626197d50bd2d5e15e076dcbc6fbb2cc

SHA512
742a77e71c34632146e16acadb6b381694072c7f4c2dea1df1dfc645ed42673ba153c832d167474dc41f9b608142a8c41b4aecda1efdab90d87d4f5c718bf149

Download Submit
C:\Users\Admin\AppData\Local\Temp\00294823\k7wZV.x64.dll

Filesize
319KB

MD5
4f5c722b8686afbea6f09c53171d44ca

SHA1
184c60aafbb12d1023b1ce2aff4d3708607a75a1

SHA256
870c280ea861313edda0bd3950dc738ea68d006f315888d66023b54e5f98f0ea

SHA512
e471a86079a16d129ea0c01878af77d1aa132e629832d3f0f3d1f8a3dd250ed41c8d2f37403a10c8061fff07c07dda926ba7ffcc417c6e0100005a0f2721417a

Download Submit
C:\Users\Admin\AppData\Local\Temp\00294823\yg3yGq.dat

Filesize
3KB

MD5
a24ac5088f09cb374c506b87d99f8fa1

SHA1
68dd08f0bafb43be64773da8bb144b3900749e95

SHA256
67116407b1e8b49d63ef0de0fc0a42c4d065e86a657a68b0720499cefbd7731e

SHA512
ba28865bc76215c4f7608ab7351e3efb2049cfc956fce7e3505a130d0c96e98313b7c3390b13ab008db7ce73b85c1d5fbf1317200653615f35939480abbd1b70

Download Submit
\Users\Admin\AppData\Local\Temp\00294823\yg3yGq.exe

Filesize
334KB

MD5
8300c91b40229b42301aebc6d8859907

SHA1
0b55e56a6add6b4dd4ceff475a0018a203d02a5a

SHA256
f54a6814ac06c70ef5b738eca4855e49039783d96b70ba1ae461bd90877e53b5

SHA512
0863750da143e1707513f4a2efe1ad6cf81f5a819c7d5496d1629745afffcf72338aa9de90479d5e0936e848f9b260c434fd369027c56be175814086cafd4d8f

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads