46d262566fe2e9518136f466df0058659ccc34b9817c640c0e09c80522388bd4

Analysis

max time kernel
122s
max time network
128s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
13-10-2024 05:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3e2ca0fb2dbd74c8ff1bbc3fcdbc737a_JaffaCakes118.exe
Size

551KB
MD5

3e2ca0fb2dbd74c8ff1bbc3fcdbc737a
SHA1

0196b87ee947801105f923fb1a0b88fb6378072f
SHA256

46d262566fe2e9518136f466df0058659ccc34b9817c640c0e09c80522388bd4
SHA512

1b8357b6410308b09b09e284e19c23e6c7c97b8572c5ba47a0a1dbad957e1699d04589a70e238ef8bb34e71d48a716c859de33a2b7136bfaa91a822f127e4d0e
SSDEEP

12288:h1OgLdaOOWctn+MEfOUgbJuMmFcouJqk8:h1OYdaOOtMOUgJHJJqk8

Score

7^/10

adware discovery stealer

Malware Config

Signatures

Loads dropped DLL 2 IoCs

pid	Process
2952	regsvr32.exe
2952	regsvr32.exe

Drops Chrome extension 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlcbfdcgleeoodjfgoilmnnjopfjfiko\1.5\manifest.json	regsvr32.exe

Installs/modifies Browser Helper Object 2 TTPs 4 IoCs

BHOs are DLL modules which act as plugins for Internet Explorer.

stealer adware

Modify Registry

T1112

Browser Extensions

T1176

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{CB99459F-9CE3-1271-3831-ECE29B9C9117}\NoExplorer = "1"	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{CB99459F-9CE3-1271-3831-ECE29B9C9117}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{CB99459F-9CE3-1271-3831-ECE29B9C9117}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{CB99459F-9CE3-1271-3831-ECE29B9C9117}\ = "ssafe sauvee"	regsvr32.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	3e2ca0fb2dbd74c8ff1bbc3fcdbc737a_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regsvr32.exe

Modifies Internet Explorer settings 1 TTPs 4 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration\{CB99459F-9CE3-1271-3831-ECE29B9C9117}	regsvr32.exe
Key deleted	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration\{CB99459F-9CE3-1271-3831-ECE29B9C9117}	regsvr32.exe
Key deleted	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration	regsvr32.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration	regsvr32.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ = "IIEPluginMain"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib\ = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib\ = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\savaee.1.5\ = "ssafe sauvee"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\savaee	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\savaee\CLSID	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CB99459F-9CE3-1271-3831-ECE29B9C9117}\ = "ssafe sauvee"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ProxyStubClsid32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\savaee.1.5\CLSID	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CB99459F-9CE3-1271-3831-ECE29B9C9117}\VersionIndependentProgID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CB99459F-9CE3-1271-3831-ECE29B9C9117}\InprocServer32\ = "C:\\ProgramData\\ssafe sauvee\\G7idHzz.dll"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\HELPDIR\ = "C:\\ProgramData\\ssafe sauvee"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\savaee.1.5	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib\Version = "1.0"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\FLAGS	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib\Version = "1.0"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CB99459F-9CE3-1271-3831-ECE29B9C9117}\VersionIndependentProgID	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CB99459F-9CE3-1271-3831-ECE29B9C9117}\ProgID	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\ = "IEPluginLib"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ProxyStubClsid32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\savaee\CurVer	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CB99459F-9CE3-1271-3831-ECE29B9C9117}\Programmable	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\HELPDIR	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\FLAGS\ = "0"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ = "ILocalStorage"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ProxyStubClsid32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\savaee.siafe	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CB99459F-9CE3-1271-3831-ECE29B9C9117}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\0	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\savaee.1.5\CLSID\ = "{CB99459F-9CE3-1271-3831-ECE29B9C9117}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\savaee\ = "ssafe sauvee"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CB99459F-9CE3-1271-3831-ECE29B9C9117}\Programmable	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\0\win32\ = "C:\\ProgramData\\ssafe sauvee\\G7idHzz.tlb"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\savaee\CurVer\ = "siafe savaee.1.5"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CB99459F-9CE3-1271-3831-ECE29B9C9117}\ProgID\ = "siafe savaee.1.5"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CB99459F-9CE3-1271-3831-ECE29B9C9117}\InprocServer32\ThreadingModel = "Apartment"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib\Version = "1.0"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\savaee\CLSID\ = "{CB99459F-9CE3-1271-3831-ECE29B9C9117}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CB99459F-9CE3-1271-3831-ECE29B9C9117}\ProgID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\0\win32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib\Version = "1.0"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib\ = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CB99459F-9CE3-1271-3831-ECE29B9C9117}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CB99459F-9CE3-1271-3831-ECE29B9C9117}\VersionIndependentProgID\ = "siafe savaee"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ = "IIEPluginMain"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ = "ILocalStorage"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib\ = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ProxyStubClsid32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\siafe	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CB99459F-9CE3-1271-3831-ECE29B9C9117}\InprocServer32	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CB99459F-9CE3-1271-3831-ECE29B9C9117}\InprocServer32	regsvr32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2868 wrote to memory of 2952	2868	3e2ca0fb2dbd74c8ff1bbc3fcdbc737a_JaffaCakes118.exe	30
PID 2868 wrote to memory of 2952	2868	3e2ca0fb2dbd74c8ff1bbc3fcdbc737a_JaffaCakes118.exe	30
PID 2868 wrote to memory of 2952	2868	3e2ca0fb2dbd74c8ff1bbc3fcdbc737a_JaffaCakes118.exe	30
PID 2868 wrote to memory of 2952	2868	3e2ca0fb2dbd74c8ff1bbc3fcdbc737a_JaffaCakes118.exe	30
PID 2868 wrote to memory of 2952	2868	3e2ca0fb2dbd74c8ff1bbc3fcdbc737a_JaffaCakes118.exe	30
PID 2868 wrote to memory of 2952	2868	3e2ca0fb2dbd74c8ff1bbc3fcdbc737a_JaffaCakes118.exe	30
PID 2868 wrote to memory of 2952	2868	3e2ca0fb2dbd74c8ff1bbc3fcdbc737a_JaffaCakes118.exe	30

C:\Users\Admin\AppData\Local\Temp\3e2ca0fb2dbd74c8ff1bbc3fcdbc737a_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3e2ca0fb2dbd74c8ff1bbc3fcdbc737a_JaffaCakes118.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2868
- C:\Windows\SysWOW64\regsvr32.exe
  "C:\Windows\System32\regsvr32.exe" /n /s /i:"" GHdbC5i.dll
  2⤵
  - Loads dropped DLL
  - Drops Chrome extension
  - Installs/modifies Browser Helper Object
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Modifies registry class
  PID:2952

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Browser Extensions

T1176

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\7zS3228.tmp\G7idHzz.dll

Filesize
180KB

MD5
0e093772550eb9541dd715c016b5584a

SHA1
20338dc859a5652f5661280dc508f4e5b533e76d

SHA256
028999304f35f7a6fc2cf6e360d4ea587612d63ce191fa979cc98ccca46ab149

SHA512
0030b395e2fde6bc9f70f52e71d8e87d306cff8afd2acbad725c4cc92b6d7916a38c1d6d156feaec841966492d32394982ef51989e2b8673d7c00e103f744dd5

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS3228.tmp\G7idHzz.tlb

Filesize
2KB

MD5
48e9706fe9f76731f3576122fc3e9e33

SHA1
387c8c4898ead8ace488a7df80fead429eaf167b

SHA256
7bad79916803a14ca817e5c39f5ec2f0f240044d6dc24fb4916c8fda338060f1

SHA512
e9b44a2b1b7a806066182a084ec9df81916fc6db79710256e173377e7cd64a732c006830bbe324a9a734731ecde8b8251cfa995399f6d4df5322faff99c458b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS3228.tmp\GHdbC5i.dll

Filesize
203KB

MD5
41b13b132cb601ecc466654b90296353

SHA1
245258ddccb48826f22d57444f49fa30be1b36fd

SHA256
7fa4bb68c313e1090587a64b90e87bdcbc14ea3fb7c0e8cff94c657c969b70bf

SHA512
0e8de7bbe3695848e299fe3f3506f2e982a60cf0a0dd11cde86de4af67ef3c7b46458680d7bad9cedaa266ea33cb2e77f2aa83fcf1bdd20bf31d1936f2bd69a6

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS3228.tmp\Preferences.C__Users_Admin_AppData_Local_Google_Chrome_User Data_Default_Preferences

Filesize
4KB

MD5
9807f0baf1edf99fd697d7f0b6488a44

SHA1
312be5d95134d4b53062976076ce51bbe104c4dd

SHA256
523b605c5470b9a7e49ef25c420da0892876b55c00ad2dbbfb9459505c34173c

SHA512
5a1fb7629e16e2842dbed4b571a26fbeeae16b6fc18d8624a49bea018fa6108b2d0a009cdaf5db9ae34e297da944ca221ab658c2dff81714d9364080e873f1ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS3228.tmp\[email protected]\bootstrap.js

Filesize
2KB

MD5
786be29dc9ff465ce2da49434283cee2

SHA1
d5f9ae8840d28f043932b6e3901c1acdde51b5d6

SHA256
fc3636aa0033c40be4abf40f361bce385f2946ace814347c86537f98c9876ec4

SHA512
a5e552a896b7be809958d3e52ce2af7b1303e25133ba2ab5cdbd4169a42124b7360ae434b71bfeede8fd2c3abc3f3a949ca130d718c8803efb37fb7b30bfc2c4

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS3228.tmp\[email protected]\chrome.manifest

Filesize
108B

MD5
65360fd9aabacbf1ce717638b3c07451

SHA1
8009077ddf6974ed78dac418e42c18b73e15c240

SHA256
a324134236d575be36f796b35b34f7dae686bf79f0bbe5dd487508a75355ec74

SHA512
9fbc738cf745358db6b01c957dc4b9e7e8a89224613d702dcd62f869bfdf3170bccdf5e9e46031fe0c62d2034816576edd351e9cf7518561ebac2462f8951099

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS3228.tmp\[email protected]\content\bg.js

Filesize
9KB

MD5
ac941636af817305486728c4eabc2ee4

SHA1
008554e158f595b6af384f5fd17231cd985e87c1

SHA256
5b1498f582578284adc6edc34f70951b11eae946af92e88baf64ba614614002b

SHA512
2d5c61b9dbcedebad9778a63644fd8dc21da525e2046bdab760273c9864efd4eb3e1f12075458f5076ec6dbee729a1eea6f25fa43e63ede0353f5dd8d617153e

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS3228.tmp\[email protected]\install.rdf

Filesize
606B

MD5
4c0af39ebb8446e37d0999cc8279c4dc

SHA1
9345c5a8457999459f9461a26423d67139bf3596

SHA256
2e9ce10fd8c7cff5ed984fc628c4839615f87cd43d9269cf81543f5621f917a6

SHA512
52cc4738a7bacb71445130629abd4bb455fd9aef07747227993409c4d395a091794ca6d6039f5e69136e1bad37a785e6a1290003ef5a934db227448dc1344022

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS3228.tmp\jlcbfdcgleeoodjfgoilmnnjopfjfiko\background.html

Filesize
145B

MD5
3f2bef471d9e659c50591c60e53dc569

SHA1
6279f6dbd80ff8c03e95a061cdff50916dc4e4a7

SHA256
ed5b5ac092ef6e6a7888bdd984212f9ff778d6f5c4df58b41a03f6555bfe64a4

SHA512
859ff414d3f9091ed2ebf016b6f8a95543f62f25ee05348aa254a70fef75b36c1054841f8724250e91c855303400f0544e5a293e2f68f499c7c7be5629a472f9

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS3228.tmp\jlcbfdcgleeoodjfgoilmnnjopfjfiko\content.js

Filesize
197B

MD5
5f9891607f65f433b0690bae7088b2c1

SHA1
b4edb7579dca34dcd00bca5d2c13cbc5c8fac0de

SHA256
fb01e87250ac9985ed08d97f2f99937a52998ea9faebdc88e4071d6517e1ea6b

SHA512
76018b39e4b62ff9ea92709d12b0255f33e8402dfc649ed403382eebc22fb37c347c403534a7792e6b5de0ed0a5d97a09b69f0ffc39031cb0d4c7d79e9440c7c

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS3228.tmp\jlcbfdcgleeoodjfgoilmnnjopfjfiko\eqoMKN0N.js

Filesize
5KB

MD5
4a1dacb962d34bae733705177f0def22

SHA1
fc6d35a5c04bc240052aa9f8fc86ca562cdcccdc

SHA256
812ef3b4fa7b8e78312bfa25ff510e53f633f117ce6c1cc5257deeee67ac2444

SHA512
c507ca6c49859d973443fcbbd6dd9f48707fd6648413828272fe49daf7dd9729dcced9f4e449fd4e9c8a813633bf11e3d980c731b880f5f1363427a4caa9ac60

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS3228.tmp\jlcbfdcgleeoodjfgoilmnnjopfjfiko\lsdb.js

Filesize
559B

MD5
209b7ae0b6d8c3f9687c979d03b08089

SHA1
6449f8bff917115eef4e7488fae61942a869200f

SHA256
e3cf0049af8b9f6cb4f0223ccb8438f4b0c75863684c944450015868a0c45704

SHA512
1b38d5509283ef25de550b43ef2535dee1a13eff12ad5093f513165a47eec631bcc993242e2ce640f36c61974431ae2555bd6e2a97aba91eb689b7cd4bf25a25

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS3228.tmp\jlcbfdcgleeoodjfgoilmnnjopfjfiko\manifest.json

Filesize
504B

MD5
556e74c79a280353b4de8eac4dbf6b47

SHA1
aad640fe6b5dc8bdfc6401b8ad6bd5176de761cd

SHA256
43ca120f735e86b699a29d6e71e94c08a1d1af2ed8b6aec05966973f1a5e5ab2

SHA512
26afc28a3506aaa602509fa9681bd53c3410ae683029eed048e0ed6635b729c4ea0ac9cb6983df588b0eb53b6305567454dcbac8e7e42ef92cbdb8226196ae36

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS3228.tmp\jlcbfdcgleeoodjfgoilmnnjopfjfiko\sqlite.js

Filesize
1KB

MD5
78558d540591aa064f5bdc6cc957848a

SHA1
b191b030d5cd9fe4096af3c37ea49c3287b784fe

SHA256
f34fc10e83c8b9476387cb6159adcf08ecb2b09a3881cb82b4406341b2a31eb1

SHA512
f236925063dc1f142d6e16221ca3cfb0afd97b04101b8a0fe9d747f3a07bda82f9fcfd1dc3c3cb7abdbfda1dffa8ed75d5e3be76fe35ee83ba3ebdd074ff75b3

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS3228.tmp\settings.ini

Filesize
7KB

MD5
1c238d3c012594b962b98fbae29a9845

SHA1
02e5f377cce4afa3e572a61bdc06f20ed58399fe

SHA256
88936d21fd839391b8a57e22b8c15fe8235e11d0f9c90adc0dc47b2039d3a4e9

SHA512
32c4c3c62ba4a710fe5e38be5bebda2c132cdf7b258d12155380afa6b7d76d4027beee6d72b0b7209c73293e9626abc660eecb81211f0e5f74b76dae6c881d76

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads