967586df006026c5b1859c1cc818e8b5aad72dee31bf705d12132f6a82f79d65

Analysis

max time kernel
95s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
12/10/2024, 10:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

399e3f80c3752199fd9b0691494ce99f_JaffaCakes118.exe
Size

255KB
MD5

399e3f80c3752199fd9b0691494ce99f
SHA1

bde719e8b58f34812452d4390b809fd6b8530144
SHA256

967586df006026c5b1859c1cc818e8b5aad72dee31bf705d12132f6a82f79d65
SHA512

4e2b8db09624db5de704841e9d0ca545cfaa088aad720e2d4ee419274e6c586c6ca573c99c6ce2cbe636fbadafb1d8787223b76ecb70c35ea2eacf20c545a2c9
SSDEEP

6144:h1OgDPdkBAFZWjadD4s59eYyRQh50/v+WWGgMR:h1OgLdaO9eYyRQb5oR

Score

7^/10

adware discovery spyware stealer upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral2/files/0x0007000000023c8a-74.dat	acprotect

Executes dropped EXE 1 IoCs

pid	Process
3484	511d65ac3d864.exe

Loads dropped DLL 3 IoCs

pid	Process
3484	511d65ac3d864.exe
3484	511d65ac3d864.exe
3484	511d65ac3d864.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops Chrome extension 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gooipnphgmapjkahnphacdoofjdljijg\1\manifest.json	511d65ac3d864.exe

Installs/modifies Browser Helper Object 2 TTPs 3 IoCs

BHOs are DLL modules which act as plugins for Internet Explorer.

stealer adware

Modify Registry

T1112

Browser Extensions

T1176

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{164A3139-14F0-8656-D343-659C92B1C8EE}	511d65ac3d864.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{164A3139-14F0-8656-D343-659C92B1C8EE}\ = "bit coupon"	511d65ac3d864.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{164A3139-14F0-8656-D343-659C92B1C8EE}\NoExplorer = "1"	511d65ac3d864.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/files/0x0007000000023c8a-74.dat	upx
behavioral2/memory/3484-75-0x0000000074480000-0x000000007448A000-memory.dmp	upx

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	399e3f80c3752199fd9b0691494ce99f_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	511d65ac3d864.exe

NSIS installer 4 IoCs

installer

resource	yara_rule
behavioral2/files/0x0007000000023c70-31.dat	nsis_installer_1
behavioral2/files/0x0007000000023c70-31.dat	nsis_installer_2
behavioral2/files/0x0007000000023c8e-103.dat	nsis_installer_1
behavioral2/files/0x0007000000023c8e-103.dat	nsis_installer_2

Modifies registry class 45 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\0	511d65ac3d864.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ = "ILocalStorage"	511d65ac3d864.exe
Key created	\REGISTRY\MACHINE\Software\Classes\WOW6432Node\CLSID\{164A3139-14F0-8656-D343-659C92B1C8EE}\ProgID	511d65ac3d864.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{164A3139-14F0-8656-D343-659C92B1C8EE}\ = "bit coupon"	511d65ac3d864.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	511d65ac3d864.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib\Version = "1.0"	511d65ac3d864.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ProxyStubClsid32	511d65ac3d864.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	511d65ac3d864.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib	511d65ac3d864.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib\Version = "1.0"	511d65ac3d864.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\FLAGS\ = "0"	511d65ac3d864.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}	511d65ac3d864.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib\ = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}"	511d65ac3d864.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib\Version = "1.0"	511d65ac3d864.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}	511d65ac3d864.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\HELPDIR	511d65ac3d864.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib\ = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}"	511d65ac3d864.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	511d65ac3d864.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{164A3139-14F0-8656-D343-659C92B1C8EE}\InProcServer32\ = "C:\\ProgramData\\bit coupon\\511d65ac3d89a.dll"	511d65ac3d864.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0	511d65ac3d864.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\HELPDIR\ = "C:\\ProgramData\\bit coupon"	511d65ac3d864.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib	511d65ac3d864.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	511d65ac3d864.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ = "ILocalStorage"	511d65ac3d864.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ProxyStubClsid32	511d65ac3d864.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib\Version = "1.0"	511d65ac3d864.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib\ = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}"	511d65ac3d864.exe
Key created	\REGISTRY\MACHINE\Software\Classes\WOW6432Node\CLSID\{164A3139-14F0-8656-D343-659C92B1C8EE}\InProcServer32	511d65ac3d864.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{164A3139-14F0-8656-D343-659C92B1C8EE}\ProgID\ = "bit coupon.1"	511d65ac3d864.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}	511d65ac3d864.exe
Key created	\REGISTRY\MACHINE\Software\Classes\WOW6432Node\CLSID\{164A3139-14F0-8656-D343-659C92B1C8EE}	511d65ac3d864.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\ = "IEPluginLib"	511d65ac3d864.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\0\win32\ = "C:\\ProgramData\\bit coupon\\511d65ac3d89a.tlb"	511d65ac3d864.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ProxyStubClsid32	511d65ac3d864.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib	511d65ac3d864.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib	511d65ac3d864.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib\ = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}"	511d65ac3d864.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{164A3139-14F0-8656-D343-659C92B1C8EE}\InProcServer32\ThreadingModel = "Apartment"	511d65ac3d864.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ProxyStubClsid32	511d65ac3d864.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}	511d65ac3d864.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\FLAGS	511d65ac3d864.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\0\win32	511d65ac3d864.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ = "IIEPluginMain"	511d65ac3d864.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}	511d65ac3d864.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ = "IIEPluginMain"	511d65ac3d864.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4028 wrote to memory of 3484	4028	399e3f80c3752199fd9b0691494ce99f_JaffaCakes118.exe	84
PID 4028 wrote to memory of 3484	4028	399e3f80c3752199fd9b0691494ce99f_JaffaCakes118.exe	84
PID 4028 wrote to memory of 3484	4028	399e3f80c3752199fd9b0691494ce99f_JaffaCakes118.exe	84

System policy modification 1 TTPs 2 IoCs

evasion

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID	511d65ac3d864.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{164A3139-14F0-8656-D343-659C92B1C8EE} = "1"	511d65ac3d864.exe

C:\Users\Admin\AppData\Local\Temp\399e3f80c3752199fd9b0691494ce99f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\399e3f80c3752199fd9b0691494ce99f_JaffaCakes118.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:4028
- C:\Users\Admin\AppData\Local\Temp\7zS8E84.tmp\511d65ac3d864.exe
  .\511d65ac3d864.exe /s
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops Chrome extension
  - Installs/modifies Browser Helper Object
  - System Location Discovery: System Language Discovery
  - Modifies registry class
  - System policy modification
  PID:3484

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Browser Extensions

T1176

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\bit coupon\uninstall.exe

Filesize
48KB

MD5
f3c79bda3fdf7c5dd24d60400a57cadb

SHA1
1adb606aaeedb246a371c8877c737f0f8c798625

SHA256
a76272ed3bbf23308782a308d428ee805ec77fbb622a830af26cb0ddbbf7377b

SHA512
c43cb957bdea357bd016fe03a8004a48d8117a12106f62876394feba05ad01a321ff6017ffb7b926cc77712f5ab63ea2e4b169a419c444c8f62aa4933f289935

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8E84.tmp\[email protected]\bootstrap.js

Filesize
2KB

MD5
eea6fca5d63b788f7f16bc9c9bbf9ff5

SHA1
d660003687459a601b41ad32057d271ab78de844

SHA256
259129e8005dedfc1aa7274006498da7471d88b72141fbf627204301b9896a5f

SHA512
3e835e4d40ad461668d44e3c7ab3da791c7a6c0239433eb5b52475fc9f28b6bb7549dfbf27af7d9d40ee24ec7a9bb54468be0eebf02ad771c57fbbd8b53d7ad2

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8E84.tmp\[email protected]\chrome.manifest

Filesize
116B

MD5
c98ee6506877029692c7cef430aed8d8

SHA1
68356d9912262531f94bd4b27f6a33642b77dbeb

SHA256
d6a2bdf8cc747b23b51b63e7c4cf973abebb954966c4e919507bba3bbaaefeea

SHA512
f764653ac0828ba669edefe42f73df929e718b1f7e19fec8072393d3882303c75bffd89520fa1dcc0973000412403156c13b9d2d09afb22a9ffe8dabfcf4562d

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8E84.tmp\[email protected]\content\bg.js

Filesize
8KB

MD5
9e37ed5cfc5333661ee791f8ff43addd

SHA1
b17689ae286a1a3a26ca19e888eccdfd75c2dcb8

SHA256
d124ae050eb210775614a4eff599a742168168be144366d5d4020709305b8df1

SHA512
cdfccd8ea07032ec1011dd74439892efb527ac66be8e4de91e97cf04c2f0676a660a1ee88847cea2050f78df121e3d3ef9a8b53d0fafa97a19d4bfeb3c55909f

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8E84.tmp\[email protected]\content\zy.xul

Filesize
225B

MD5
8ececb672c20d0aa99b8aab30b476b4d

SHA1
5a60476f263274c6fdc909b06da59c17274e4824

SHA256
ebf683484f8fe1da556f7e8667efd0ac5e49140e9978ad4a8a6e8d9af331648d

SHA512
0db7826573dc53aad05b97021fe30fe810c8197cd9487d357a230f76e8bf52e7d3ad494031d868750a823d512288776f8cacf494f943131a87610872080ad75d

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8E84.tmp\[email protected]\install.rdf

Filesize
716B

MD5
180e0b8807edc37d9bfb9ceea3d0fe1e

SHA1
ff2f8bce169b8961b825e3cac05a67a2eeeafa40

SHA256
f138479498605581eb781bd3273a95bd359eb0747cb0a5ad6e04c6c98a20654b

SHA512
77553261daab386b6335783b33603c900f73d15ab4b53a1315bb20f26490359be5a86f61cb5ccebf3ba207607a136c14b0cda9ac908cad00cda78b6cffd21cac

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8E84.tmp\511d65ac3d864.exe

Filesize
71KB

MD5
b78633fae8aaf5f7e99e9c736f44f9c5

SHA1
26fc60e29c459891ac0909470ac6c61a1eca1544

SHA256
d205693516dbaf34cfbd216e825190de4de1412e861bc9cb30ce863907b30d22

SHA512
3885b609269b26918ccfcd9069181168c12f4271b6bdfcc51afe176b2dd242d4c0953ac1a4ddaf25abcfaf28a0b694a6269d96ae39bb7b2db2f0140d2d60cd43

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8E84.tmp\511d65ac3d89a.dll

Filesize
115KB

MD5
00ce3831a16a62c6d7ea4b21049e4b22

SHA1
3e48c8d25b196d67722ed20cd36bf3448a4c9136

SHA256
d4bb7937b36973cbf3b12c9500c25ed34103944a69bad9162f3b98f39474529c

SHA512
7633071b26d802aae1250111baa40e5158fb1a1639d76098f2ecd6263adf0e6371d5e9a70d9005b267cb907da84235f4e361f8c8a75b8adbd19a049ab1227619

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8E84.tmp\511d65ac3d89a.tlb

Filesize
18KB

MD5
d5980ff8eb0ef4276fad96fba8fc5018

SHA1
2cb05f8b43aa3ae2f5492f590997eec6ff808fe2

SHA256
ac3a1daa32b1c489f9c2f4413ab35c4fc90b54a52ede0fb53276666e6eeef16f

SHA512
30404f467dd727a7de132fb08cd3c88abf5fb2e7ef18f24af5371b63fd106d6d5757061ec55c7b54daf9844100280670bf2b22a71c89b160048552b5eec12d0c

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8E84.tmp\gooipnphgmapjkahnphacdoofjdljijg\511d65ac3d68f7.34344950.js

Filesize
4KB

MD5
f9683976f0fa2012affd8ba6c311b9d1

SHA1
6601bd28f55e554b0196f6b1d22d87bc98d2b0f7

SHA256
50202bbd225ce91adcc882258b1e2b3778f5844ea4101d50cc557c60071b2abf

SHA512
39d84891a2b45979675baa0669639515e33dbffefaf955bcbb31000e44a66a70732ca7ab8be591fe140c1e749071aa9c3b7353d1057030c805bd8fbfed668c74

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8E84.tmp\gooipnphgmapjkahnphacdoofjdljijg\background.html

Filesize
161B

MD5
4d71d3d6f1d2e12aee65c9895d203ef6

SHA1
b7fa78ba582bb861c527b909cbe75d1b336e3288

SHA256
e396c3a40f5f4fc80d8c424a220739c23700bca63ef1008ce62440402c345a66

SHA512
738b6f3cce80095c643ea79c74552d71f8ab365fa6de427e55a606951c4cef3b8a71194fbb88fe6ace2089d50d19a6b1e4f543e5b0dfd589b67643b881101d51

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8E84.tmp\gooipnphgmapjkahnphacdoofjdljijg\content.js

Filesize
197B

MD5
5f9891607f65f433b0690bae7088b2c1

SHA1
b4edb7579dca34dcd00bca5d2c13cbc5c8fac0de

SHA256
fb01e87250ac9985ed08d97f2f99937a52998ea9faebdc88e4071d6517e1ea6b

SHA512
76018b39e4b62ff9ea92709d12b0255f33e8402dfc649ed403382eebc22fb37c347c403534a7792e6b5de0ed0a5d97a09b69f0ffc39031cb0d4c7d79e9440c7c

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8E84.tmp\gooipnphgmapjkahnphacdoofjdljijg\lsdb.js

Filesize
559B

MD5
209b7ae0b6d8c3f9687c979d03b08089

SHA1
6449f8bff917115eef4e7488fae61942a869200f

SHA256
e3cf0049af8b9f6cb4f0223ccb8438f4b0c75863684c944450015868a0c45704

SHA512
1b38d5509283ef25de550b43ef2535dee1a13eff12ad5093f513165a47eec631bcc993242e2ce640f36c61974431ae2555bd6e2a97aba91eb689b7cd4bf25a25

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8E84.tmp\gooipnphgmapjkahnphacdoofjdljijg\manifest.json

Filesize
502B

MD5
cde8e7e6238e372dd9c74a1cecfd34a9

SHA1
ee09e96a0dc36ac11b98f68070e29bdd7bdaa24d

SHA256
a7e9d02d262d091004bece5cfb80dac96d904742af48414ef7096d97aa2702c9

SHA512
1ea7ebf8122e737c5276ff7ef5f5750e7616a3b82334a3383dd59de047d5ff13c9ebfce2ffb7786e80561fe4deb9560dcd8cf0085eefc08a7941081bd0b395fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8E84.tmp\gooipnphgmapjkahnphacdoofjdljijg\sqlite.js

Filesize
1KB

MD5
fa95d308cff97caa7b021f906bf8c5de

SHA1
709c6474890e7efa67da2b7adb3e757b5b199030

SHA256
8a47ac90227a10fb2fcadc07ed2d09ff8bd17a9bad3b8df5c7aaf02d7137b313

SHA512
4548778f48de914bcfad0a4a0fec816c5f369943ec30f64914dd8f4b4b99b2ece15d87d87ce8db7dc43de97c7e31e1be6563dc1f903297f08e3084ffee5ca2b5

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8E84.tmp\settings.ini

Filesize
6KB

MD5
027f9d63d94e79e97aa2a5da96c8f487

SHA1
506721edc6ae4856e1b69f9633284c980fb1c270

SHA256
63e3d39dfd404325a79a4cd6593ae1ed5e9dc18a9764740033d20944c5bf9d9c

SHA512
04f136d268418b0655344f6a1d008cc329bfa85b9cab79c14a21dc5d884df2f2415e73cbb8aa7b590b4238e8437b7ffa867a2529adc7c7c8946dd2b3e735bfc3

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsd8F50.tmp\UserInfo.dll

Filesize
4KB

MD5
7579ade7ae1747a31960a228ce02e666

SHA1
8ec8571a296737e819dcf86353a43fcf8ec63351

SHA256
564c80dec62d76c53497c40094db360ff8a36e0dc1bda8383d0f9583138997f5

SHA512
a88bc56e938374c333b0e33cb72951635b5d5a98b9cb2d6785073cbcad23bf4c0f9f69d3b7e87b46c76eb03ced9bb786844ce87656a9e3df4ca24acf43d7a05b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsd8F50.tmp\nsJSON.dll

Filesize
7KB

MD5
b9cd1b0fd3af89892348e5cc3108dce7

SHA1
f7bc59bf631303facfc970c0da67a73568e1dca6

SHA256
49b173504eb9cd07e42a3c4deb84c2cd3f3b49c7fb0858aee43ddfc64660e384

SHA512
fdcbdd21b831a92ca686aab5b240f073a89a08588e42439564747cad9160d79cfa8e3c103b6b4f2917684c1a591880203b4303418b85bc040f9f00b6658b0c90

Download Submit
memory/3484-75-0x0000000074480000-0x000000007448A000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads