8d28758cb1753cb9ed868da2b221a6f0e3f47ecd3b379979b892802e3d479769

Analysis

max time kernel
94s
max time network
95s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
10-10-2024 14:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

307943ab091a7cbcd914846bd437ea95_JaffaCakes118.exe
Size

664KB
MD5

307943ab091a7cbcd914846bd437ea95
SHA1

bfe3a6932b1898cf457133e5141ede67c2aaa501
SHA256

8d28758cb1753cb9ed868da2b221a6f0e3f47ecd3b379979b892802e3d479769
SHA512

0b6d0c25a93b4177845e355f8b04fcb701fab95df9cc7a5c3c01340c792cc296cec7bf92f7d2037ec055d28c729332f4f84bbe4d70615ab8b9d15637077f6beb
SSDEEP

12288:h1OgLdaOqSRFLS0XZVuIi9B4jCCuMWfGZ:h1OYdaOqSjSw/uIi9BdjGZ

Score

7^/10

adware discovery spyware stealer

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
4792	9pJy.exe

Loads dropped DLL 1 IoCs

pid	Process
4792	9pJy.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops Chrome extension 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfpggkkcfcgdjgonjkiebpkopfgebkli\5.10\manifest.json	9pJy.exe

Installs/modifies Browser Helper Object 2 TTPs 4 IoCs

BHOs are DLL modules which act as plugins for Internet Explorer.

stealer adware

Modify Registry

T1112

Browser Extensions

T1176

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F0E03BCE-A328-B68C-E841-928C9EE5D1E0}	9pJy.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F0E03BCE-A328-B68C-E841-928C9EE5D1E0}\ = "savensharre a"	9pJy.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F0E03BCE-A328-B68C-E841-928C9EE5D1E0}\NoExplorer = "1"	9pJy.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F0E03BCE-A328-B68C-E841-928C9EE5D1E0}	9pJy.exe

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	307943ab091a7cbcd914846bd437ea95_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9pJy.exe

Modifies Internet Explorer settings 1 TTPs 4 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key deleted	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Internet Explorer\ApprovedExtensionsMigration	9pJy.exe
Key created	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Internet Explorer\ApprovedExtensionsMigration	9pJy.exe
Key created	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Internet Explorer\ApprovedExtensionsMigration\{F0E03BCE-A328-B68C-E841-928C9EE5D1E0}	9pJy.exe
Key deleted	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\APPROVEDEXTENSIONSMIGRATION\{F0E03BCE-A328-B68C-E841-928C9EE5D1E0}	9pJy.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\0	9pJy.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\HELPDIR\ = "C:\\ProgramData\\savensharre a"	9pJy.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib\ = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}"	9pJy.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F0E03BCE-A328-B68C-E841-928C9EE5D1E0}	9pJy.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib\Version = "1.0"	9pJy.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ssaVenshhare	9pJy.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\a\CLSID	9pJy.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\a\CurVer\ = "ssaVenshhare a.5.10"	9pJy.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}	9pJy.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\a	9pJy.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F0E03BCE-A328-B68C-E841-928C9EE5D1E0}\VersionIndependentProgID	9pJy.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\a.5.10\CLSID	9pJy.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F0E03BCE-A328-B68C-E841-928C9EE5D1E0}\VersionIndependentProgID	9pJy.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F0E03BCE-A328-B68C-E841-928C9EE5D1E0}\InprocServer32	9pJy.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	9pJy.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib\ = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}"	9pJy.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\a.5.10	9pJy.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F0E03BCE-A328-B68C-E841-928C9EE5D1E0}\ = "savensharre a"	9pJy.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ProxyStubClsid32	9pJy.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib	9pJy.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ = "IIEPluginMain"	9pJy.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	9pJy.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0	9pJy.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F0E03BCE-A328-B68C-E841-928C9EE5D1E0}\ProgID\ = "ssaVenshhare a.5.10"	9pJy.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F0E03BCE-A328-B68C-E841-928C9EE5D1E0}\Programmable	9pJy.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ProxyStubClsid32	9pJy.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ = "ILocalStorage"	9pJy.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib	9pJy.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ = "ILocalStorage"	9pJy.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\a\ = "savensharre a"	9pJy.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\a\CLSID\ = "{F0E03BCE-A328-B68C-E841-928C9EE5D1E0}"	9pJy.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F0E03BCE-A328-B68C-E841-928C9EE5D1E0}\VersionIndependentProgID\ = "ssaVenshhare a"	9pJy.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ = "IIEPluginMain"	9pJy.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\a\CurVer	9pJy.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F0E03BCE-A328-B68C-E841-928C9EE5D1E0}\InprocServer32	9pJy.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F0E03BCE-A328-B68C-E841-928C9EE5D1E0}	9pJy.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\ = "IEPluginLib"	9pJy.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib	9pJy.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib	9pJy.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F0E03BCE-A328-B68C-E841-928C9EE5D1E0}\ProgID	9pJy.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\FLAGS	9pJy.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib\ = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}"	9pJy.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}	9pJy.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib\Version = "1.0"	9pJy.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	9pJy.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\a.ssaVenshhare	9pJy.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F0E03BCE-A328-B68C-E841-928C9EE5D1E0}\ProgID	9pJy.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\0\win32	9pJy.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib\Version = "1.0"	9pJy.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F0E03BCE-A328-B68C-E841-928C9EE5D1E0}\InprocServer32\ = "C:\\ProgramData\\savensharre a\\pql.dll"	9pJy.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}	9pJy.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}	9pJy.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	9pJy.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\a.5.10\ = "savensharre a"	9pJy.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\0\win32\ = "C:\\ProgramData\\savensharre a\\pql.tlb"	9pJy.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}	9pJy.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib\ = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}"	9pJy.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F0E03BCE-A328-B68C-E841-928C9EE5D1E0}\InprocServer32\ThreadingModel = "Apartment"	9pJy.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F0E03BCE-A328-B68C-E841-928C9EE5D1E0}\Programmable	9pJy.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\FLAGS\ = "0"	9pJy.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\HELPDIR	9pJy.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib\Version = "1.0"	9pJy.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ProxyStubClsid32	9pJy.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ProxyStubClsid32	9pJy.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4860 wrote to memory of 4792	4860	307943ab091a7cbcd914846bd437ea95_JaffaCakes118.exe	85
PID 4860 wrote to memory of 4792	4860	307943ab091a7cbcd914846bd437ea95_JaffaCakes118.exe	85
PID 4860 wrote to memory of 4792	4860	307943ab091a7cbcd914846bd437ea95_JaffaCakes118.exe	85

System policy modification 1 TTPs 1 IoCs

evasion

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{F0E03BCE-A328-B68C-E841-928C9EE5D1E0} = "1"	9pJy.exe

C:\Users\Admin\AppData\Local\Temp\307943ab091a7cbcd914846bd437ea95_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\307943ab091a7cbcd914846bd437ea95_JaffaCakes118.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:4860
- C:\Users\Admin\AppData\Local\Temp\7zS9F9B.tmp\9pJy.exe
  .\9pJy.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops Chrome extension
  - Installs/modifies Browser Helper Object
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Modifies registry class
  - System policy modification
  PID:4792

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Browser Extensions

T1176

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\7zS9F9B.tmp\9pJy.exe

Filesize
315KB

MD5
f4225ddadd6ec655eaf1b0d49cf1c513

SHA1
415225afd800a0d4a6d99f465fce670ceb6fcf6f

SHA256
357fd208e3dbbcf4a995b9ddfcf69c4eefa32d46f640328eea368c6ca7d7490b

SHA512
a1decaa9efad16694b5c56e159589f808f49ec6020d7cd1bd872620ae8684b2988b96db585df664a266187117ebcddb1d4254aaecdb884f3893a1b00a194f7e0

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS9F9B.tmp\Preferences.C__Users_Admin_AppData_Local_Google_Chrome_User Data_Default_Preferences

Filesize
7KB

MD5
e8774246f8b533450f339fc86a7d32dd

SHA1
535a38adfad99345da1bc75eed583a6b2e5ee1a2

SHA256
bcc6a56b4843a76a570b03876b787f9504a93716c90085a1d84e4f17e0abb57a

SHA512
11a3282cc181e73445120715194d40593842fad301a4d755b97655846f8ba345aad37c3ed9e9f4e2118335b65e67516a4e0c5d0ef38028ce44b5675347447ef6

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS9F9B.tmp\kfpggkkcfcgdjgonjkiebpkopfgebkli\background.html

Filesize
141B

MD5
ce043a61216dbc6c6957141754ce7eef

SHA1
9bfd0cf2a6a7b9a8062a0bde0ca665b2b160e605

SHA256
8cf303b20f3bb9cb1fb0bb6b87a42b2d6200e960abe91adb0df8c03c0cf53567

SHA512
119585507173539493259c397fa88bcf49e5dd5324aba990e0e883b0336b5c9845f666e07f2dec47703ec8d66d8da4b3e9968e29dc46a95de0151f65cfdd6ca0

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS9F9B.tmp\kfpggkkcfcgdjgonjkiebpkopfgebkli\content.js

Filesize
197B

MD5
5f9891607f65f433b0690bae7088b2c1

SHA1
b4edb7579dca34dcd00bca5d2c13cbc5c8fac0de

SHA256
fb01e87250ac9985ed08d97f2f99937a52998ea9faebdc88e4071d6517e1ea6b

SHA512
76018b39e4b62ff9ea92709d12b0255f33e8402dfc649ed403382eebc22fb37c347c403534a7792e6b5de0ed0a5d97a09b69f0ffc39031cb0d4c7d79e9440c7c

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS9F9B.tmp\kfpggkkcfcgdjgonjkiebpkopfgebkli\lsdb.js

Filesize
559B

MD5
209b7ae0b6d8c3f9687c979d03b08089

SHA1
6449f8bff917115eef4e7488fae61942a869200f

SHA256
e3cf0049af8b9f6cb4f0223ccb8438f4b0c75863684c944450015868a0c45704

SHA512
1b38d5509283ef25de550b43ef2535dee1a13eff12ad5093f513165a47eec631bcc993242e2ce640f36c61974431ae2555bd6e2a97aba91eb689b7cd4bf25a25

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS9F9B.tmp\kfpggkkcfcgdjgonjkiebpkopfgebkli\manifest.json

Filesize
506B

MD5
216068d84d8ae27a75e1829ceecc2637

SHA1
01f7ca9a55fc393ae0cb1eb75b622ca1d8469af3

SHA256
ba56f08e991f933e47733d197ad476f6a21cf1a84ac53906effd55096147336a

SHA512
d90f6f7c2f12bfbb4c5de9c39adf7e22cc78731009e5883b959ca522384b3629cc43188dec17b82148cdd20038eabf08c6dea8ddf1ce5e1221e58592bd082665

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS9F9B.tmp\kfpggkkcfcgdjgonjkiebpkopfgebkli\sqlite.js

Filesize
1KB

MD5
ab71445594cb27ac5109d5058fa4487d

SHA1
f5c0e43ac299b72a95a67921f36833a196de50a7

SHA256
b57b42ba35d20e693fda363417bc287099280da19eb413f1fd9171fd4936bc90

SHA512
158b1728bd66b98fc3b92d4bc84a9904c8bac4ea81e44287a828285061200511873500f5aa4ddfb7e340c093daec3872be677f10daeb37068d56e5e6830f2cf6

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS9F9B.tmp\kfpggkkcfcgdjgonjkiebpkopfgebkli\zNh4.js

Filesize
5KB

MD5
2a780004871fd8ffc8bec03e441992dc

SHA1
13d911734696d852b17abe8455dad878c17fb18f

SHA256
26fd38334069f2cc75de48ba2dd8cce01110da862f20405f8553a4a381341b4e

SHA512
fa43773efff85f915db0b843b9150c5d5a968b517f0ef66405ba93c7aa35e638e944b62eb3e96564fa3b4c553c9ceae2d42f62a75b5e76f894a919a0414e2954

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS9F9B.tmp\pql.dll

Filesize
179KB

MD5
8765a0eb921a1c8179f5b5775cd2ca38

SHA1
20e8c9e17a36043ac922703b987c32b9ade1b9ee

SHA256
259b129b8acac139533bc393e2240f8a09d22a243267523ce46731e42c47f7ab

SHA512
901383c620f9a66bbe8ca1bffea56cc9d6e30a9cd770d49f8ee5e813d17dfdf63c619177808ea320948516f5ba296de1a351c3006c3c6bcd7f339703e0380006

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS9F9B.tmp\pql.tlb

Filesize
2KB

MD5
9d4a903684f51deba560d83602cda670

SHA1
5483d72fa140b86a9e1b53d50288ca0d04e1c950

SHA256
21dfd409775bd7f90fe08fc857d92faa77803f55b23d9cecc0d612ad2eac9d3d

SHA512
7c922f3dc914dc563ebdcae49369dc142c61778a7a517c5df6df63f34a130b33ffccafdba21e26a85b2a681a8fcf62e62cab347ef57aac8156860749d2916de6

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS9F9B.tmp\settings.ini

Filesize
8KB

MD5
9e69c32d9420dae76d5a38dc5d139f87

SHA1
dba2a03dcca175665593b1984283e8fc06bdd845

SHA256
1b74f68b4ad0cf6b3421132b055df68cc82082503d6bb9ef671eb899080b6688

SHA512
3e02207a5ef3cd1d9ffcbce52c6ba5b40a53b2cf3be6c187ce7bd90874dac8d34a4b0ae73c1a6d2db3a60cda81c5437d71ad272ed8a73b931359b25996dc2d46

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS9F9B.tmp\[email protected]\bootstrap.js

Filesize
2KB

MD5
a9ca610c48ce108bf59bd9d0142bf87d

SHA1
44ff5dba79132c523462d9cbc73032fe3e900c72

SHA256
298d072f6f286befedcc84e5eb060e3c179eae6e9bd177ebdcce341bc60a5ee9

SHA512
0816872c28fd56310588b62263f6a7986e3e41afad261cd30a48e3e6e1182462f83955c0d395a5aef0bc17c7681f2b91cedd15bbfa2e36507d00ba728568d577

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS9F9B.tmp\[email protected]\chrome.manifest

Filesize
100B

MD5
c97ad70e28bbaeea9240822d5004dd41

SHA1
106054564811193780f8ebfc47e1ddf9bdef5781

SHA256
5611c2e3552854ad48db1109b3f21eb2239a824bc5c74736d5b105a66cfc8ffe

SHA512
19835a609b556d4ed71ccf75c439f68d371aaf4d8a51d8d2b22be78c68fc2b68bcef90d7017ed1bac7fa1bda8a00ff74f397b50b9cdf120b253a37c81e260701

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS9F9B.tmp\[email protected]\content\bg.js

Filesize
9KB

MD5
1f7d6bce9329dd87aafc60b0caa5ed42

SHA1
bfaa57d522a73c5f64f7363ad3441f285ef5ec65

SHA256
71edbb23f12849ef96f6291dabe572fa0c5460305f45b0fb65a854c633dea4f5

SHA512
bff61d72d0b6c0744dd6ec982b8a7b1293fa5871c0f8098a7fa50c37f4dfa6d41ea7b91a4facadb1b5fa117cad2f059b1715af7fddb41db8df52e4ccc27c12ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS9F9B.tmp\[email protected]\install.rdf

Filesize
612B

MD5
c279bf54961a45d3f626674fd3f649a4

SHA1
6a7ac3c2d3e08e164e561c1bd57d2cbbd071860b

SHA256
33638f2622a9ca1393857d4e07fb55a04da0f368a2831fd8f42d5bb6e8e2e579

SHA512
d4b0f109f9caff2f97c273826e8804e9da765cfa83ba163671162de4e9b5fe4b46f01988053955f4effbdb05bc3a47e2e2218303453b7259ad348ccbc6f65cb6

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads