15ae5860621acb630a6c66eaf2f1962a3daeead53fbad5db62ed7cf9308a049e

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
09/10/2024, 07:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2d42f86ea518fb8bff627468404cf7ae_JaffaCakes118.exe
Size

725KB
MD5

2d42f86ea518fb8bff627468404cf7ae
SHA1

a4d56ab36979e75baeda3ec21f9ca956d01ac96d
SHA256

15ae5860621acb630a6c66eaf2f1962a3daeead53fbad5db62ed7cf9308a049e
SHA512

c3abfae5e5202522f2381dccdcb45a0e852c5f29f2482f34988791089075de29bc15df4c33cadf8b0752176fe822a2b4ba30067a3d00d6dcb1836ce7d0b7e7f3
SSDEEP

12288:h1OgLdaO5o99/rsFEt5hDG0SAMs9jR/jeRJKu9TJdwYGZtyjTje5jOSpJmC:h1OYdaO5OBsFEt5hDG0SAMs9jR/jaJnW

Score

7^/10

adware discovery spyware stealer

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2360	0GLgstSmS_.exe

Loads dropped DLL 2 IoCs

pid	Process
3056	2d42f86ea518fb8bff627468404cf7ae_JaffaCakes118.exe
2360	0GLgstSmS_.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops Chrome extension 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldmddblebabaelebagfbjfcgendkmdja\5.10\manifest.json	0GLgstSmS_.exe

Installs/modifies Browser Helper Object 2 TTPs 4 IoCs

BHOs are DLL modules which act as plugins for Internet Explorer.

stealer adware

Modify Registry

T1112

Browser Extensions

T1176

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{FBB9E9C8-AAFF-4AFA-78E0-21302EC211D9}	0GLgstSmS_.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{FBB9E9C8-AAFF-4AFA-78E0-21302EC211D9}\ = "savenshaaRe."	0GLgstSmS_.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{FBB9E9C8-AAFF-4AFA-78E0-21302EC211D9}\NoExplorer = "1"	0GLgstSmS_.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{FBB9E9C8-AAFF-4AFA-78E0-21302EC211D9}	0GLgstSmS_.exe

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2d42f86ea518fb8bff627468404cf7ae_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	0GLgstSmS_.exe

Modifies Internet Explorer settings 1 TTPs 4 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key deleted	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration\{FBB9E9C8-AAFF-4AFA-78E0-21302EC211D9}	0GLgstSmS_.exe
Key deleted	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration	0GLgstSmS_.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration	0GLgstSmS_.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration\{FBB9E9C8-AAFF-4AFA-78E0-21302EC211D9}	0GLgstSmS_.exe

Modifies registry class 63 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\saiVeNshare.saiVeNshare	0GLgstSmS_.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\0	0GLgstSmS_.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ = "IIEPluginMain"	0GLgstSmS_.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ = "ILocalStorage"	0GLgstSmS_.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\saiVeNshare.saiVeNshare.5.10	0GLgstSmS_.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\saiVeNshare.saiVeNshare.5.10\CLSID\ = "{FBB9E9C8-AAFF-4AFA-78E0-21302EC211D9}"	0GLgstSmS_.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\saiVeNshare.saiVeNshare\CurVer	0GLgstSmS_.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{FBB9E9C8-AAFF-4AFA-78E0-21302EC211D9}\InprocServer32\ = "C:\\ProgramData\\savenshaaRe\\mDgdT1yxb.dll"	0GLgstSmS_.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\0\win32	0GLgstSmS_.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{FBB9E9C8-AAFF-4AFA-78E0-21302EC211D9}\InprocServer32	0GLgstSmS_.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{FBB9E9C8-AAFF-4AFA-78E0-21302EC211D9}\ProgID	0GLgstSmS_.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ProxyStubClsid32	0GLgstSmS_.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib\Version = "1.0"	0GLgstSmS_.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\FLAGS	0GLgstSmS_.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}	0GLgstSmS_.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib	0GLgstSmS_.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib\Version = "1.0"	0GLgstSmS_.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}	0GLgstSmS_.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{FBB9E9C8-AAFF-4AFA-78E0-21302EC211D9}\VersionIndependentProgID	0GLgstSmS_.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\ = "IEPluginLib"	0GLgstSmS_.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib\Version = "1.0"	0GLgstSmS_.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ProxyStubClsid32	0GLgstSmS_.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{FBB9E9C8-AAFF-4AFA-78E0-21302EC211D9}\InprocServer32	0GLgstSmS_.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}	0GLgstSmS_.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{FBB9E9C8-AAFF-4AFA-78E0-21302EC211D9}\VersionIndependentProgID	0GLgstSmS_.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{FBB9E9C8-AAFF-4AFA-78E0-21302EC211D9}	0GLgstSmS_.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0	0GLgstSmS_.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	0GLgstSmS_.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{FBB9E9C8-AAFF-4AFA-78E0-21302EC211D9}\Programmable	0GLgstSmS_.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ = "IIEPluginMain"	0GLgstSmS_.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	0GLgstSmS_.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}	0GLgstSmS_.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\saiVeNshare.saiVeNshare.5.10\ = "savenshaaRe."	0GLgstSmS_.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\saiVeNshare.saiVeNshare\CurVer\ = "saiVeNshare.5.10"	0GLgstSmS_.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{FBB9E9C8-AAFF-4AFA-78E0-21302EC211D9}	0GLgstSmS_.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{FBB9E9C8-AAFF-4AFA-78E0-21302EC211D9}\ProgID	0GLgstSmS_.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{FBB9E9C8-AAFF-4AFA-78E0-21302EC211D9}\ProgID\ = "saiVeNshare.5.10"	0GLgstSmS_.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib	0GLgstSmS_.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib\ = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}"	0GLgstSmS_.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\saiVeNshare.saiVeNshare.5.10\CLSID	0GLgstSmS_.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\saiVeNshare.saiVeNshare\ = "savenshaaRe."	0GLgstSmS_.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\0\win32\ = "C:\\ProgramData\\savenshaaRe\\mDgdT1yxb.tlb"	0GLgstSmS_.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\HELPDIR	0GLgstSmS_.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}	0GLgstSmS_.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\FLAGS\ = "0"	0GLgstSmS_.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib\ = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}"	0GLgstSmS_.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib\ = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}"	0GLgstSmS_.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{FBB9E9C8-AAFF-4AFA-78E0-21302EC211D9}\ = "savenshaaRe."	0GLgstSmS_.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ProxyStubClsid32	0GLgstSmS_.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ProxyStubClsid32	0GLgstSmS_.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib\ = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}"	0GLgstSmS_.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\saiVeNshare.saiVeNshare\CLSID\ = "{FBB9E9C8-AAFF-4AFA-78E0-21302EC211D9}"	0GLgstSmS_.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{FBB9E9C8-AAFF-4AFA-78E0-21302EC211D9}\InprocServer32\ThreadingModel = "Apartment"	0GLgstSmS_.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	0GLgstSmS_.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	0GLgstSmS_.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib	0GLgstSmS_.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\saiVeNshare.saiVeNshare\CLSID	0GLgstSmS_.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{FBB9E9C8-AAFF-4AFA-78E0-21302EC211D9}\VersionIndependentProgID\ = "saiVeNshare"	0GLgstSmS_.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{FBB9E9C8-AAFF-4AFA-78E0-21302EC211D9}\Programmable	0GLgstSmS_.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\HELPDIR\ = "C:\\ProgramData\\savenshaaRe"	0GLgstSmS_.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib\Version = "1.0"	0GLgstSmS_.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ = "ILocalStorage"	0GLgstSmS_.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib	0GLgstSmS_.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 3056 wrote to memory of 2360	3056	2d42f86ea518fb8bff627468404cf7ae_JaffaCakes118.exe	30
PID 3056 wrote to memory of 2360	3056	2d42f86ea518fb8bff627468404cf7ae_JaffaCakes118.exe	30
PID 3056 wrote to memory of 2360	3056	2d42f86ea518fb8bff627468404cf7ae_JaffaCakes118.exe	30
PID 3056 wrote to memory of 2360	3056	2d42f86ea518fb8bff627468404cf7ae_JaffaCakes118.exe	30
PID 3056 wrote to memory of 2360	3056	2d42f86ea518fb8bff627468404cf7ae_JaffaCakes118.exe	30
PID 3056 wrote to memory of 2360	3056	2d42f86ea518fb8bff627468404cf7ae_JaffaCakes118.exe	30
PID 3056 wrote to memory of 2360	3056	2d42f86ea518fb8bff627468404cf7ae_JaffaCakes118.exe	30

System policy modification 1 TTPs 2 IoCs

evasion

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{FBB9E9C8-AAFF-4AFA-78E0-21302EC211D9} = "1"	0GLgstSmS_.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID	0GLgstSmS_.exe

C:\Users\Admin\AppData\Local\Temp\2d42f86ea518fb8bff627468404cf7ae_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\2d42f86ea518fb8bff627468404cf7ae_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:3056
- C:\Users\Admin\AppData\Local\Temp\7zS8CE4.tmp\0GLgstSmS_.exe
  .\0GLgstSmS_.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops Chrome extension
  - Installs/modifies Browser Helper Object
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Modifies registry class
  - System policy modification
  PID:2360

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Browser Extensions

T1176

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\7zS8CE4.tmp\0GLgstSmS_.dat

Filesize
7KB

MD5
00296a7ef72d4665e4c9a6c1fd87a3f2

SHA1
0709b9c0666569a25c2a95c1227cbc94f7e0e25d

SHA256
cdd443c951200ef5dc457ee2564053878457cf61d0dfe6030a0b6f85334a9ca1

SHA512
b0375a74515ef818ebff005f22585b500706ce527be08ddd67748ad9657a32fbe0501871f7aa33dc8c97ac35c29313559da13c0decba0f7c10c6c5b5cc5fa1cb

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8CE4.tmp\3446355568264673843.log

Filesize
3KB

MD5
a93599c274162aa2e65a13898a3ec9be

SHA1
cc3d2a2d86c81d47053996881feb8b63ae6fe82e

SHA256
70b4a07b76a94b6426fe1aa48576519708571dd6a6c8bc701ed6dc0d83518295

SHA512
0163c947c88368ff8117c8c3be7a78c5d33281d772d328f801f525638484bef239aff5e926918023f59e15cb970f85c48c1e066a2c69b2d6ac6e882370873b22

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8CE4.tmp\[email protected]\bootstrap.js

Filesize
2KB

MD5
1b53c596cfb1aa2209446ff64c17dabd

SHA1
2542da14728dcdbe1763f1ee39fe9ceae38ad414

SHA256
a7dfea4bf7e1d46a8b8e64ccfb2cf35017e3a5b350eead26d6671254d2b3c46f

SHA512
be54481675c38ef6a41697cf8cd3ab5a0b126922b192732a9c587dd8905b74b66c79eb0c849f62bbe8934979a894be63734b0ad59ffae295f5797cbfaa327030

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8CE4.tmp\[email protected]\chrome.manifest

Filesize
112B

MD5
a48385217ecb6bc9eb5f9eed13f89c98

SHA1
ba923b15406168d3c686f0f0f376431741eddff9

SHA256
4a8c826d2c9cece808b4b406ef511e91c49ff0b0d13446d9ea419f373ae1f7bf

SHA512
998da83189bef3b60ddca5945273bc13afb61d2262b756a3b5ca42607ed69a71bbfcdf6afdd37dba763d8068d32521f22db2b5a8cb123f07d19955ef2bf2fea0

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8CE4.tmp\[email protected]\content\bg.js

Filesize
9KB

MD5
597d6cfc5385dae90bebe149cebff687

SHA1
5f8764f678a6abdd922e669d0d1869a3996099d4

SHA256
f987363c9f943bec8d3661965399d08954b25ebfef7a7f2e6618bb47f7683d34

SHA512
b7b4beee62f5daf42be441a23d46931b07e6eac9f9a9e4d62bba47c0287583fbad2042aba3c4e6bb07b6c89a0c40207a7829b1d6b6015f7032de94a05a753257

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8CE4.tmp\[email protected]\install.rdf

Filesize
608B

MD5
5fafa236400ce9b56dd0e6c45876a60b

SHA1
c6445fc2ec1bd490d5e9d0ce4e31b2527f9044ab

SHA256
742ed5890d554436ce36ac6e9ed0418297b795deef305d56502074e7c44ecf4d

SHA512
b6681c4bced4c4b73ca59624cb7f4b9b99c693b5aacadb65b193fdcbe140a49c0ba496cb6927e66373c58a178585fda7bb66f7edede23c45d4723adf8c46fb2e

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8CE4.tmp\ldmddblebabaelebagfbjfcgendkmdja\PxKF_phQHM.js

Filesize
5KB

MD5
814fe1ff9f58aa94498d38bacc5d2c57

SHA1
68102368b963840746c3128d6a9702ea725f273b

SHA256
04c595d056e8ff9355be51f9fa3dc7d63c7d36d8b10811d211707225851b7aa0

SHA512
72a8c3a4d918f2033673c5d652eb0d41205b3926ae4ee7e0075cad04bf3683c8a26d94acdfd7cc80ccbfb0e09b6ff3e5468a02d61c54db2333065e6552ee064b

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8CE4.tmp\ldmddblebabaelebagfbjfcgendkmdja\background.html

Filesize
147B

MD5
69cd2df4c2e842a5f5cb3e77bb916a32

SHA1
99b8aed19448725335a570ed5ddf6b1319feeab8

SHA256
c83744af5a1b275ff117d996255bb001efd5ebbed00dcbc13ea9eef2fa1ff0e5

SHA512
a7e3adbb8706d42c8f7361271dd60775a049b145cb94b4267dd3c2579d308a6142c28d681c32b2d13f279f0af5818dae176fd650846e9ba24b7df19a9316e051

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8CE4.tmp\ldmddblebabaelebagfbjfcgendkmdja\content.js

Filesize
197B

MD5
5f9891607f65f433b0690bae7088b2c1

SHA1
b4edb7579dca34dcd00bca5d2c13cbc5c8fac0de

SHA256
fb01e87250ac9985ed08d97f2f99937a52998ea9faebdc88e4071d6517e1ea6b

SHA512
76018b39e4b62ff9ea92709d12b0255f33e8402dfc649ed403382eebc22fb37c347c403534a7792e6b5de0ed0a5d97a09b69f0ffc39031cb0d4c7d79e9440c7c

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8CE4.tmp\ldmddblebabaelebagfbjfcgendkmdja\lsdb.js

Filesize
559B

MD5
209b7ae0b6d8c3f9687c979d03b08089

SHA1
6449f8bff917115eef4e7488fae61942a869200f

SHA256
e3cf0049af8b9f6cb4f0223ccb8438f4b0c75863684c944450015868a0c45704

SHA512
1b38d5509283ef25de550b43ef2535dee1a13eff12ad5093f513165a47eec631bcc993242e2ce640f36c61974431ae2555bd6e2a97aba91eb689b7cd4bf25a25

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8CE4.tmp\ldmddblebabaelebagfbjfcgendkmdja\manifest.json

Filesize
506B

MD5
6f54732725e2a8b389151b483bd731e7

SHA1
c89d1e85f1a564b855772402d8f3bd8384791bb2

SHA256
6427d5f7e24f973fabd5709c189933ba6e84790217b536ad6809a214bf9cbb01

SHA512
d4a252a88074004174da68043234c87e0e9ae3e403f62e6987cf1ae25f4f97b856cc1f9131a625d1519118ce21c583f3881b3a0da4d3b3770b629829ceb79bab

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8CE4.tmp\ldmddblebabaelebagfbjfcgendkmdja\sqlite.js

Filesize
1KB

MD5
64094f792b8a254b8c43fb0900642887

SHA1
292f81be9afc0122cef2f9df12bc10900c2f5f06

SHA256
85b23d91803b28d599f4329988d46f487f9f542d4fa59416703abebcc62c5bd1

SHA512
1b14c74af1fd450c77be65c390e01624f3390b16800581dfec3e50e05d7b3862d8d1a9180ae60c147edc6486b80f29c2292abcd69750f42d4fdddf925b622202

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8CE4.tmp\mDgdT1yxb.dll

Filesize
222KB

MD5
e9b27306a18f18b88945cdf066de2fc9

SHA1
4d18490fbb336e261301a967047065dd561cc2f2

SHA256
a9880b90d24af3786886306aefe5c79ff3cb2fb7b36ee5fb7bf2af85f240d63c

SHA512
f255e8bfb13cfa070b31f47b12a4aacf9ab75a6a8191b6b83740d02c3f007b6d5255a5c2c12bc7b599996742973d2faccb5463d96d16c7aba40e34776823c706

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8CE4.tmp\mDgdT1yxb.tlb

Filesize
2KB

MD5
39d776f73d1d3f771aaa8c3561367c3a

SHA1
eef842aa02927bd7fbe7d569c5446ef1a2ea065f

SHA256
c2156787eeb818e587529572599fa124773c71330fb93e1c79f4cb9141090941

SHA512
3174095accbf422730e60f61523dec01a9a4519cb4642a641c5f547d530ad41f5386d383b90f7daf34f1f36635775929e99d7fe0030aa24cee30f4de8376eeb3

Download Submit
\Users\Admin\AppData\Local\Temp\7zS8CE4.tmp\0GLgstSmS_.exe

Filesize
334KB

MD5
8300c91b40229b42301aebc6d8859907

SHA1
0b55e56a6add6b4dd4ceff475a0018a203d02a5a

SHA256
f54a6814ac06c70ef5b738eca4855e49039783d96b70ba1ae461bd90877e53b5

SHA512
0863750da143e1707513f4a2efe1ad6cf81f5a819c7d5496d1629745afffcf72338aa9de90479d5e0936e848f9b260c434fd369027c56be175814086cafd4d8f

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads