05b9b42be478a79e6b06a61db08145d2ceda69678733192418f9eb6bfd458668

Analysis

max time kernel
95s
max time network
102s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
12-10-2024 12:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3a00617215d9016cdf3a79bd21be4b4d_JaffaCakes118.exe
Size

724KB
MD5

3a00617215d9016cdf3a79bd21be4b4d
SHA1

b0096448d2784a6c50314593d07cb536e57ab537
SHA256

05b9b42be478a79e6b06a61db08145d2ceda69678733192418f9eb6bfd458668
SHA512

93d3fcfaa446b7d151f9288afcb10d59f99807457841cdb2ba0971ae22b02931b3115eedb662ba0e9a83ba15ca417405cf4be217409bcf2a663c2c430ed4c57d
SSDEEP

12288:h1OgLdaORo99/rsFEt5hDG0SAMs9jR/jeRJKu9TJdwYGZtyjTje5jOSpJy:h1OYdaOROBsFEt5hDG0SAMs9jR/jaJnr

Score

7^/10

adware discovery spyware stealer

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1884	Tsxw_PXOq.exe

Loads dropped DLL 1 IoCs

pid	Process
1884	Tsxw_PXOq.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops Chrome extension 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgjijpiabchkdfclimadcilnbcblgmbm\5.10\manifest.json	Tsxw_PXOq.exe

Installs/modifies Browser Helper Object 2 TTPs 4 IoCs

BHOs are DLL modules which act as plugins for Internet Explorer.

stealer adware

Modify Registry

T1112

Browser Extensions

T1176

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{96C31ECD-9EDD-172E-F270-D9AE9FEDA56F}	Tsxw_PXOq.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{96C31ECD-9EDD-172E-F270-D9AE9FEDA56F}\ = "sAAvenshare"	Tsxw_PXOq.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{96C31ECD-9EDD-172E-F270-D9AE9FEDA56F}\NoExplorer = "1"	Tsxw_PXOq.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{96C31ECD-9EDD-172E-F270-D9AE9FEDA56F}	Tsxw_PXOq.exe

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	3a00617215d9016cdf3a79bd21be4b4d_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Tsxw_PXOq.exe

Modifies Internet Explorer settings 1 TTPs 4 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Internet Explorer\ApprovedExtensionsMigration\{96C31ECD-9EDD-172E-F270-D9AE9FEDA56F}	Tsxw_PXOq.exe
Key deleted	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\APPROVEDEXTENSIONSMIGRATION\{96C31ECD-9EDD-172E-F270-D9AE9FEDA56F}	Tsxw_PXOq.exe
Key deleted	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Internet Explorer\ApprovedExtensionsMigration	Tsxw_PXOq.exe
Key created	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Internet Explorer\ApprovedExtensionsMigration	Tsxw_PXOq.exe

Modifies registry class 63 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib\ = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}"	Tsxw_PXOq.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}	Tsxw_PXOq.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ProxyStubClsid32	Tsxw_PXOq.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib\Version = "1.0"	Tsxw_PXOq.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{96C31ECD-9EDD-172E-F270-D9AE9FEDA56F}\InprocServer32\ = "C:\\ProgramData\\sAAvenshare\\J2yGJjLh.dll"	Tsxw_PXOq.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\HELPDIR\ = "C:\\ProgramData\\sAAvenshare"	Tsxw_PXOq.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ = "IIEPluginMain"	Tsxw_PXOq.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	Tsxw_PXOq.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\savEnshaRRe.savEnshaRRe\CLSID	Tsxw_PXOq.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\savEnshaRRe.savEnshaRRe\CLSID\ = "{96C31ECD-9EDD-172E-F270-D9AE9FEDA56F}"	Tsxw_PXOq.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{96C31ECD-9EDD-172E-F270-D9AE9FEDA56F}\InprocServer32	Tsxw_PXOq.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\FLAGS\ = "0"	Tsxw_PXOq.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\savEnshaRRe.savEnshaRRe\CurVer\ = "savEnshaRRe.5.10"	Tsxw_PXOq.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{96C31ECD-9EDD-172E-F270-D9AE9FEDA56F}\VersionIndependentProgID	Tsxw_PXOq.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ = "ILocalStorage"	Tsxw_PXOq.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\0	Tsxw_PXOq.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib\ = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}"	Tsxw_PXOq.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\savEnshaRRe.savEnshaRRe.5.10\ = "sAAvenshare"	Tsxw_PXOq.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\savEnshaRRe.savEnshaRRe	Tsxw_PXOq.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{96C31ECD-9EDD-172E-F270-D9AE9FEDA56F}\ProgID	Tsxw_PXOq.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{96C31ECD-9EDD-172E-F270-D9AE9FEDA56F}\ProgID\ = "savEnshaRRe.5.10"	Tsxw_PXOq.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{96C31ECD-9EDD-172E-F270-D9AE9FEDA56F}\VersionIndependentProgID	Tsxw_PXOq.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{96C31ECD-9EDD-172E-F270-D9AE9FEDA56F}\Programmable	Tsxw_PXOq.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib	Tsxw_PXOq.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib\Version = "1.0"	Tsxw_PXOq.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}	Tsxw_PXOq.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\savEnshaRRe.savEnshaRRe.5.10\CLSID	Tsxw_PXOq.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ProxyStubClsid32	Tsxw_PXOq.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ = "ILocalStorage"	Tsxw_PXOq.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib\ = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}"	Tsxw_PXOq.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{96C31ECD-9EDD-172E-F270-D9AE9FEDA56F}	Tsxw_PXOq.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0	Tsxw_PXOq.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}	Tsxw_PXOq.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	Tsxw_PXOq.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib	Tsxw_PXOq.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\savEnshaRRe.savEnshaRRe.5.10	Tsxw_PXOq.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\0\win32	Tsxw_PXOq.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\HELPDIR	Tsxw_PXOq.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib\Version = "1.0"	Tsxw_PXOq.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib\ = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}"	Tsxw_PXOq.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\FLAGS	Tsxw_PXOq.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{96C31ECD-9EDD-172E-F270-D9AE9FEDA56F}\ProgID	Tsxw_PXOq.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{96C31ECD-9EDD-172E-F270-D9AE9FEDA56F}\Programmable	Tsxw_PXOq.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib	Tsxw_PXOq.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\savEnshaRRe.savEnshaRRe.5.10\CLSID\ = "{96C31ECD-9EDD-172E-F270-D9AE9FEDA56F}"	Tsxw_PXOq.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\savEnshaRRe.savEnshaRRe\CurVer	Tsxw_PXOq.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ProxyStubClsid32	Tsxw_PXOq.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ = "IIEPluginMain"	Tsxw_PXOq.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib\Version = "1.0"	Tsxw_PXOq.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ProxyStubClsid32	Tsxw_PXOq.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\savEnshaRRe.savEnshaRRe\ = "sAAvenshare"	Tsxw_PXOq.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{96C31ECD-9EDD-172E-F270-D9AE9FEDA56F}\InprocServer32	Tsxw_PXOq.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\ = "IEPluginLib"	Tsxw_PXOq.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}	Tsxw_PXOq.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	Tsxw_PXOq.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib	Tsxw_PXOq.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}	Tsxw_PXOq.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\0\win32\ = "C:\\ProgramData\\sAAvenshare\\J2yGJjLh.tlb"	Tsxw_PXOq.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{96C31ECD-9EDD-172E-F270-D9AE9FEDA56F}\VersionIndependentProgID\ = "savEnshaRRe"	Tsxw_PXOq.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{96C31ECD-9EDD-172E-F270-D9AE9FEDA56F}\ = "sAAvenshare"	Tsxw_PXOq.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{96C31ECD-9EDD-172E-F270-D9AE9FEDA56F}\InprocServer32\ThreadingModel = "Apartment"	Tsxw_PXOq.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{96C31ECD-9EDD-172E-F270-D9AE9FEDA56F}	Tsxw_PXOq.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	Tsxw_PXOq.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4728 wrote to memory of 1884	4728	3a00617215d9016cdf3a79bd21be4b4d_JaffaCakes118.exe	83
PID 4728 wrote to memory of 1884	4728	3a00617215d9016cdf3a79bd21be4b4d_JaffaCakes118.exe	83
PID 4728 wrote to memory of 1884	4728	3a00617215d9016cdf3a79bd21be4b4d_JaffaCakes118.exe	83

System policy modification 1 TTPs 1 IoCs

evasion

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{96C31ECD-9EDD-172E-F270-D9AE9FEDA56F} = "1"	Tsxw_PXOq.exe

C:\Users\Admin\AppData\Local\Temp\3a00617215d9016cdf3a79bd21be4b4d_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3a00617215d9016cdf3a79bd21be4b4d_JaffaCakes118.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:4728
- C:\Users\Admin\AppData\Local\Temp\7zS9FDA.tmp\Tsxw_PXOq.exe
  .\Tsxw_PXOq.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops Chrome extension
  - Installs/modifies Browser Helper Object
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Modifies registry class
  - System policy modification
  PID:1884

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Browser Extensions

T1176

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\7zS9FDA.tmp\2389368123.log

Filesize
6KB

MD5
c8c6bf8dea8df9984179bd1b1bcae496

SHA1
0c0079e02e819816a3d63c51c9b305c45447dbf3

SHA256
d5db8ae50a7280df70ae135839c0dc80d230fced266f563b272b42f9cdfb57c7

SHA512
2da2bca4f2873c6f6483bd799b3c153fc77c12f508d09df876fe65db537c272a24ad3b1def0fee093e6a96759f1e271be42ac5489375f31916e290bf7a647976

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS9FDA.tmp\J2yGJjLh.dll

Filesize
222KB

MD5
e9b27306a18f18b88945cdf066de2fc9

SHA1
4d18490fbb336e261301a967047065dd561cc2f2

SHA256
a9880b90d24af3786886306aefe5c79ff3cb2fb7b36ee5fb7bf2af85f240d63c

SHA512
f255e8bfb13cfa070b31f47b12a4aacf9ab75a6a8191b6b83740d02c3f007b6d5255a5c2c12bc7b599996742973d2faccb5463d96d16c7aba40e34776823c706

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS9FDA.tmp\J2yGJjLh.tlb

Filesize
2KB

MD5
39d776f73d1d3f771aaa8c3561367c3a

SHA1
eef842aa02927bd7fbe7d569c5446ef1a2ea065f

SHA256
c2156787eeb818e587529572599fa124773c71330fb93e1c79f4cb9141090941

SHA512
3174095accbf422730e60f61523dec01a9a4519cb4642a641c5f547d530ad41f5386d383b90f7daf34f1f36635775929e99d7fe0030aa24cee30f4de8376eeb3

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS9FDA.tmp\Tsxw_PXOq.dat

Filesize
7KB

MD5
4d2bb4db34aa1ef0338534e8d6a5129b

SHA1
cb17370491bdd9737cf13a575c0de6d74f916f48

SHA256
e4bb1985a6a172339f45dc77c77b63a5adaaf6c19439bbd98e8f4d9fe8fe19a5

SHA512
9804026935e2f0548e765c4a2ad42a4ee538ea33cf8ecc915adab96858d98433f769d518a7dd94b96600afe80ebac171dc28afaa9004216c89203190c1c86d82

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS9FDA.tmp\Tsxw_PXOq.exe

Filesize
334KB

MD5
8300c91b40229b42301aebc6d8859907

SHA1
0b55e56a6add6b4dd4ceff475a0018a203d02a5a

SHA256
f54a6814ac06c70ef5b738eca4855e49039783d96b70ba1ae461bd90877e53b5

SHA512
0863750da143e1707513f4a2efe1ad6cf81f5a819c7d5496d1629745afffcf72338aa9de90479d5e0936e848f9b260c434fd369027c56be175814086cafd4d8f

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS9FDA.tmp\[email protected]\bootstrap.js

Filesize
2KB

MD5
1b53c596cfb1aa2209446ff64c17dabd

SHA1
2542da14728dcdbe1763f1ee39fe9ceae38ad414

SHA256
a7dfea4bf7e1d46a8b8e64ccfb2cf35017e3a5b350eead26d6671254d2b3c46f

SHA512
be54481675c38ef6a41697cf8cd3ab5a0b126922b192732a9c587dd8905b74b66c79eb0c849f62bbe8934979a894be63734b0ad59ffae295f5797cbfaa327030

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS9FDA.tmp\[email protected]\chrome.manifest

Filesize
110B

MD5
dd3267cab6065439fd591f3660556e13

SHA1
626982e6682eba112aef23b170a5264b3c9cb0a5

SHA256
9305ece60debf861787bec8285592d62579fa08c470f421158fd3cdc27ee232f

SHA512
b7694bb8c4f350aecc7d99d8edbe7c707e7b169fc77ac6fb5632825fd458af1e966894ee377b83720991ce670595548ba880f26b8a93e818337bf812dc6942bd

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS9FDA.tmp\[email protected]\content\bg.js

Filesize
9KB

MD5
49cb9e5de82ddc9e9fe48784c2827959

SHA1
fb8bf16edfc58e8746e883d0470e9ee41ec867a3

SHA256
0ffc9792f0d534d7c418e06df29ff11b74ea01e37461e06f6e5c4d29a6b02939

SHA512
c8a6278c5638065278faeb5cb4d6f4f295830549fb73594f0cc0278e8877a4f6339952ce632ddbe3b504970bae6f2c32536b54b4dbb371d412d7f505cd160c31

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS9FDA.tmp\[email protected]\install.rdf

Filesize
605B

MD5
7d3ba012762fc6b5f1dd79717b2143ab

SHA1
6185d1014059c30d5e83c5d623acc5a316f71b3d

SHA256
ce2917734f104e0c0993b41008c73eb34aae07f3e7a38a4d486a15390a7a0cd1

SHA512
2931598b3722e304d5a9f67fbc1a150eb62f049bb53d5cab49ed621d2d4ebf0deebafeae47f32025a6488db4d0819ec8d62d10f584afc25bc27edb86a4d5451c

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS9FDA.tmp\mgjijpiabchkdfclimadcilnbcblgmbm\background.html

Filesize
146B

MD5
d0b6c14a01228106a7ecf92c18fb6e93

SHA1
0e104a39b3a631f46e475c3978c0c1210dc22288

SHA256
84d47f41f93af43881aa8f07ca474d7be00910d9682389b56d791a4af4d0b406

SHA512
5ddf62df8f25c0938daf8970d3e32d77491e0672849856b4421b8ddab372e752b06f014400e531bbca2442ece5ad5223f0225b1d1b6752c8db6c2a1cf783898c

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS9FDA.tmp\mgjijpiabchkdfclimadcilnbcblgmbm\content.js

Filesize
197B

MD5
5f9891607f65f433b0690bae7088b2c1

SHA1
b4edb7579dca34dcd00bca5d2c13cbc5c8fac0de

SHA256
fb01e87250ac9985ed08d97f2f99937a52998ea9faebdc88e4071d6517e1ea6b

SHA512
76018b39e4b62ff9ea92709d12b0255f33e8402dfc649ed403382eebc22fb37c347c403534a7792e6b5de0ed0a5d97a09b69f0ffc39031cb0d4c7d79e9440c7c

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS9FDA.tmp\mgjijpiabchkdfclimadcilnbcblgmbm\lsdb.js

Filesize
559B

MD5
209b7ae0b6d8c3f9687c979d03b08089

SHA1
6449f8bff917115eef4e7488fae61942a869200f

SHA256
e3cf0049af8b9f6cb4f0223ccb8438f4b0c75863684c944450015868a0c45704

SHA512
1b38d5509283ef25de550b43ef2535dee1a13eff12ad5093f513165a47eec631bcc993242e2ce640f36c61974431ae2555bd6e2a97aba91eb689b7cd4bf25a25

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS9FDA.tmp\mgjijpiabchkdfclimadcilnbcblgmbm\manifest.json

Filesize
505B

MD5
b14006bf65f18f895d8d937ba5bb15d5

SHA1
4edb5f6977707ef7da599be19b1ee04c95f8583d

SHA256
a7beca25bedef8bd66430e985711ce085eea3c3f5a0440e036b29f5583cc3652

SHA512
c4e3f3ebb5de30a9a1a5e133be8bbb0f75ed8cbbc48339660913de1854e0614a05a3acc31bb36f6e58e479b447db57175b9ef3a62fea033c8fd1b1590edf9c23

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS9FDA.tmp\mgjijpiabchkdfclimadcilnbcblgmbm\qmjF67d_e.js

Filesize
5KB

MD5
4a9028f86af3ea311c3a75e0d5de98b0

SHA1
a09ab7c6bd9d3e335caf6e486023119152bd4851

SHA256
2a93f55539a32190efd868b0f7bfe590fe95ff7f12fb0890b31dbe5913f4da5f

SHA512
d291b6a2cc41bd69b7740aa561e66045947ac1e35e1a4eb67e0a622635649cfea7cd12c332274bc0ec58c3f5a1eab437b62fda805df1c7fb730bff297d746978

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS9FDA.tmp\mgjijpiabchkdfclimadcilnbcblgmbm\sqlite.js

Filesize
1KB

MD5
326e0a007815123513b654b1e8567d28

SHA1
6cd636f18f6b3a9d315d543496fb0e79b0324999

SHA256
d468efdea2bd87c01a41460ebf2a95d24a2817775eef42fa23d611c962664acd

SHA512
c600a5d5b43f9337bdeccb176d98c33b9b7dc93073606c4ce708b1e5f340724da7315e7c1e7a639c77f80b9c4558ebc96ca4c6a27231ded0bc28098e7e801fb6

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads