d27d0586fe712ea42438ea801b1e12c56ca576203d415df624288506f75a3a19

Analysis

max time kernel
93s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
13/10/2024, 16:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

40f80de5aef8a671aa555fc161b48185_JaffaCakes118.exe
Size

725KB
MD5

40f80de5aef8a671aa555fc161b48185
SHA1

4f4a5c2915f22d07926caa756c5c3766625f4673
SHA256

d27d0586fe712ea42438ea801b1e12c56ca576203d415df624288506f75a3a19
SHA512

0e7e9078141288218b6a42c52392dc134e6cc65eb0587d4e4cc1960a7f2fb693e4619349384b5690716077c31fcd06b72235a812be8138d82dc3e65c278cd213
SSDEEP

12288:h1OgLdaOxo99/rsFEt5hDG0SAMs9jR/jeRJKu9TJdwYGZtyjTje5jOSpJZ:h1OYdaOxOBsFEt5hDG0SAMs9jR/jaJnm

Score

7^/10

adware discovery spyware stealer

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
4372	kOePCpk.exe

Loads dropped DLL 1 IoCs

pid	Process
4372	kOePCpk.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops Chrome extension 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcibibdpnhjmeaebjpphldjghkpcjjfc\5.10\manifest.json	kOePCpk.exe

Installs/modifies Browser Helper Object 2 TTPs 4 IoCs

BHOs are DLL modules which act as plugins for Internet Explorer.

stealer adware

Modify Registry

T1112

Browser Extensions

T1176

description	ioc	Process
Key deleted	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{445B00C3-89F8-006C-FC02-6E91B725C9F2}	kOePCpk.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{445B00C3-89F8-006C-FC02-6E91B725C9F2}	kOePCpk.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{445B00C3-89F8-006C-FC02-6E91B725C9F2}\ = "saavvenshare"	kOePCpk.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{445B00C3-89F8-006C-FC02-6E91B725C9F2}\NoExplorer = "1"	kOePCpk.exe

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	40f80de5aef8a671aa555fc161b48185_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	kOePCpk.exe

Modifies Internet Explorer settings 1 TTPs 4 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key deleted	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\APPROVEDEXTENSIONSMIGRATION\{445B00C3-89F8-006C-FC02-6E91B725C9F2}	kOePCpk.exe
Key deleted	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\Microsoft\Internet Explorer\ApprovedExtensionsMigration	kOePCpk.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\Microsoft\Internet Explorer\ApprovedExtensionsMigration	kOePCpk.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\Microsoft\Internet Explorer\ApprovedExtensionsMigration\{445B00C3-89F8-006C-FC02-6E91B725C9F2}	kOePCpk.exe

Modifies registry class 63 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	kOePCpk.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SavensHare.SavensHare.5.10	kOePCpk.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SavensHare.SavensHare.5.10\ = "saavvenshare"	kOePCpk.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{445B00C3-89F8-006C-FC02-6E91B725C9F2}\ProgID	kOePCpk.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{445B00C3-89F8-006C-FC02-6E91B725C9F2}	kOePCpk.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib\ = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}"	kOePCpk.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib\Version = "1.0"	kOePCpk.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	kOePCpk.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}	kOePCpk.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SavensHare.SavensHare.5.10\CLSID	kOePCpk.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SavensHare.SavensHare\ = "saavvenshare"	kOePCpk.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SavensHare.SavensHare\CurVer\ = "SavensHare.5.10"	kOePCpk.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{445B00C3-89F8-006C-FC02-6E91B725C9F2}\InprocServer32	kOePCpk.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{445B00C3-89F8-006C-FC02-6E91B725C9F2}\InprocServer32	kOePCpk.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ = "IIEPluginMain"	kOePCpk.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	kOePCpk.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ProxyStubClsid32	kOePCpk.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SavensHare.SavensHare\CLSID\ = "{445B00C3-89F8-006C-FC02-6E91B725C9F2}"	kOePCpk.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SavensHare.SavensHare\CurVer	kOePCpk.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\HELPDIR	kOePCpk.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	kOePCpk.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib	kOePCpk.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{445B00C3-89F8-006C-FC02-6E91B725C9F2}\ProgID	kOePCpk.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{445B00C3-89F8-006C-FC02-6E91B725C9F2}\InprocServer32\ThreadingModel = "Apartment"	kOePCpk.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib	kOePCpk.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}	kOePCpk.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib	kOePCpk.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ = "ILocalStorage"	kOePCpk.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib	kOePCpk.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{445B00C3-89F8-006C-FC02-6E91B725C9F2}\VersionIndependentProgID	kOePCpk.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SavensHare.SavensHare	kOePCpk.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib\Version = "1.0"	kOePCpk.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib\ = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}"	kOePCpk.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{445B00C3-89F8-006C-FC02-6E91B725C9F2}\InprocServer32\ = "C:\\ProgramData\\saavvenshare\\2IXvsF.dll"	kOePCpk.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib\ = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}"	kOePCpk.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib\Version = "1.0"	kOePCpk.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{445B00C3-89F8-006C-FC02-6E91B725C9F2}\VersionIndependentProgID\ = "SavensHare"	kOePCpk.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}	kOePCpk.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\FLAGS	kOePCpk.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ = "IIEPluginMain"	kOePCpk.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SavensHare.SavensHare\CLSID	kOePCpk.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{445B00C3-89F8-006C-FC02-6E91B725C9F2}\ = "saavvenshare"	kOePCpk.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ProxyStubClsid32	kOePCpk.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{445B00C3-89F8-006C-FC02-6E91B725C9F2}\Programmable	kOePCpk.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\HELPDIR\ = "C:\\ProgramData\\saavvenshare"	kOePCpk.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib\Version = "1.0"	kOePCpk.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ProxyStubClsid32	kOePCpk.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ProxyStubClsid32	kOePCpk.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ = "ILocalStorage"	kOePCpk.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0	kOePCpk.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\FLAGS\ = "0"	kOePCpk.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\0	kOePCpk.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SavensHare.SavensHare.5.10\CLSID\ = "{445B00C3-89F8-006C-FC02-6E91B725C9F2}"	kOePCpk.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\ = "IEPluginLib"	kOePCpk.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\0\win32	kOePCpk.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}	kOePCpk.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{445B00C3-89F8-006C-FC02-6E91B725C9F2}\ProgID\ = "SavensHare.5.10"	kOePCpk.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{445B00C3-89F8-006C-FC02-6E91B725C9F2}\VersionIndependentProgID	kOePCpk.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib\ = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}"	kOePCpk.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{445B00C3-89F8-006C-FC02-6E91B725C9F2}	kOePCpk.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{445B00C3-89F8-006C-FC02-6E91B725C9F2}\Programmable	kOePCpk.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\0\win32\ = "C:\\ProgramData\\saavvenshare\\2IXvsF.tlb"	kOePCpk.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}	kOePCpk.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2420 wrote to memory of 4372	2420	40f80de5aef8a671aa555fc161b48185_JaffaCakes118.exe	83
PID 2420 wrote to memory of 4372	2420	40f80de5aef8a671aa555fc161b48185_JaffaCakes118.exe	83
PID 2420 wrote to memory of 4372	2420	40f80de5aef8a671aa555fc161b48185_JaffaCakes118.exe	83

System policy modification 1 TTPs 1 IoCs

evasion

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{445B00C3-89F8-006C-FC02-6E91B725C9F2} = "1"	kOePCpk.exe

C:\Users\Admin\AppData\Local\Temp\40f80de5aef8a671aa555fc161b48185_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\40f80de5aef8a671aa555fc161b48185_JaffaCakes118.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2420
- C:\Users\Admin\AppData\Local\Temp\7zSAB34.tmp\kOePCpk.exe
  .\kOePCpk.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops Chrome extension
  - Installs/modifies Browser Helper Object
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Modifies registry class
  - System policy modification
  PID:4372

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Browser Extensions

T1176

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\7zSAB34.tmp\2IXvsF.dll

Filesize
222KB

MD5
e9b27306a18f18b88945cdf066de2fc9

SHA1
4d18490fbb336e261301a967047065dd561cc2f2

SHA256
a9880b90d24af3786886306aefe5c79ff3cb2fb7b36ee5fb7bf2af85f240d63c

SHA512
f255e8bfb13cfa070b31f47b12a4aacf9ab75a6a8191b6b83740d02c3f007b6d5255a5c2c12bc7b599996742973d2faccb5463d96d16c7aba40e34776823c706

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSAB34.tmp\2IXvsF.tlb

Filesize
2KB

MD5
39d776f73d1d3f771aaa8c3561367c3a

SHA1
eef842aa02927bd7fbe7d569c5446ef1a2ea065f

SHA256
c2156787eeb818e587529572599fa124773c71330fb93e1c79f4cb9141090941

SHA512
3174095accbf422730e60f61523dec01a9a4519cb4642a641c5f547d530ad41f5386d383b90f7daf34f1f36635775929e99d7fe0030aa24cee30f4de8376eeb3

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSAB34.tmp\3857345978640299457.log

Filesize
6KB

MD5
c5b6d5f626fea0e6098edd9868d7da6a

SHA1
4cf550ff5f5a279d04aff9d509929fc125b3b2d6

SHA256
4a6f2b1b4f1efcc8583e371b0eaef97da7325acddce7ef7c74c99acf32421dda

SHA512
b4c5c570bb821d64da39c182dec3f5c377c6d4ba5c0f047f56c521ce05aa1d529b1148adafdce97f447c065c8b93e5c11d593dc2ae9d70c922cf90cd5d3d6593

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSAB34.tmp\fcibibdpnhjmeaebjpphldjghkpcjjfc\background.html

Filesize
144B

MD5
b623dba1d1ee2391b6307fbaa53d4f44

SHA1
0346726f1238340b8c5109e39f834bdd3ac092c1

SHA256
0b0310e08d34644180250bdf99a444d1bd3d581362c96cb80759b691ab99bd01

SHA512
61c6fb2193c385498643c8bfc59c3f3a32e651e1a0bf6d582b3f1adacd1a55d8f42d1c1b1046cbd8009e2c4e1b3c96c05b0ecc354eb947781eac94d25eb05436

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSAB34.tmp\fcibibdpnhjmeaebjpphldjghkpcjjfc\content.js

Filesize
197B

MD5
5f9891607f65f433b0690bae7088b2c1

SHA1
b4edb7579dca34dcd00bca5d2c13cbc5c8fac0de

SHA256
fb01e87250ac9985ed08d97f2f99937a52998ea9faebdc88e4071d6517e1ea6b

SHA512
76018b39e4b62ff9ea92709d12b0255f33e8402dfc649ed403382eebc22fb37c347c403534a7792e6b5de0ed0a5d97a09b69f0ffc39031cb0d4c7d79e9440c7c

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSAB34.tmp\fcibibdpnhjmeaebjpphldjghkpcjjfc\lsdb.js

Filesize
559B

MD5
209b7ae0b6d8c3f9687c979d03b08089

SHA1
6449f8bff917115eef4e7488fae61942a869200f

SHA256
e3cf0049af8b9f6cb4f0223ccb8438f4b0c75863684c944450015868a0c45704

SHA512
1b38d5509283ef25de550b43ef2535dee1a13eff12ad5093f513165a47eec631bcc993242e2ce640f36c61974431ae2555bd6e2a97aba91eb689b7cd4bf25a25

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSAB34.tmp\fcibibdpnhjmeaebjpphldjghkpcjjfc\mB4lukW.js

Filesize
5KB

MD5
8a298510fa0f50517a9bb7ad589fe3a3

SHA1
2adca3090e8b9120968b461ee7dc4cc7cb639b91

SHA256
2f6256e1510e6e5ceabce95f5847297fe48a85fcfc577883380d12f278f2b804

SHA512
de5a1246efdd49f293ca70a4efeee608838fbc120cae57b32a2ac4d2f6e30678b0560ff988430e6864468d39e9a015d88dcf06a5745b866d78a75bd436306491

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSAB34.tmp\fcibibdpnhjmeaebjpphldjghkpcjjfc\manifest.json

Filesize
506B

MD5
17180f151a8539fb955b2f1b8543d05c

SHA1
2396553c15e3b23a0429311a87a42ebe4b29ab9d

SHA256
b3ff3ae4e54ded46249574d46cce8307a09171bb3d8fb1f970f17f84d56b3225

SHA512
ab93f8e1641c5b411b5df01f23aea457b157c668e22dfd7b67ac81abf137b5295441d7a0db6d59fd9d046c7f590354fc56882249ebf137a83247d8b70c55181e

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSAB34.tmp\fcibibdpnhjmeaebjpphldjghkpcjjfc\sqlite.js

Filesize
1KB

MD5
2e90306f54638cfbddb930c14050ed8d

SHA1
4dbffb71831b6a0fa84ac839bdfecf986a5a3b30

SHA256
c08b750f5faed3dc4c86e179f14470d96111801e690d88cc74bdaa72a02e7bdf

SHA512
9830cf57d5fd8c45aee8696c35f0c93af8c0073b5412a33f83e9a15e6b6c26f8e33bc6ec37492edeff91398f412d545075e597792fa2ee3c7610b78ae80241a7

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSAB34.tmp\kOePCpk.dat

Filesize
7KB

MD5
fdc2dbebf5f376fe5fd5002ed9823df3

SHA1
8b9bfd48ee6e420764de426ae9846a90e50063a3

SHA256
09cdd59db7efa365f07941d166a2a6730f750a489018b006c0dce49cf059dbb4

SHA512
5aab5c77de62a68938a75445ffc600ebc8a1d517760bab7c326bfbca41ac2c937ba8c6ded9829279d165209088da01563fb7cdf4013f6888eaa675f78f85cc4b

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSAB34.tmp\kOePCpk.exe

Filesize
334KB

MD5
8300c91b40229b42301aebc6d8859907

SHA1
0b55e56a6add6b4dd4ceff475a0018a203d02a5a

SHA256
f54a6814ac06c70ef5b738eca4855e49039783d96b70ba1ae461bd90877e53b5

SHA512
0863750da143e1707513f4a2efe1ad6cf81f5a819c7d5496d1629745afffcf72338aa9de90479d5e0936e848f9b260c434fd369027c56be175814086cafd4d8f

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSAB34.tmp\[email protected]\bootstrap.js

Filesize
2KB

MD5
1b53c596cfb1aa2209446ff64c17dabd

SHA1
2542da14728dcdbe1763f1ee39fe9ceae38ad414

SHA256
a7dfea4bf7e1d46a8b8e64ccfb2cf35017e3a5b350eead26d6671254d2b3c46f

SHA512
be54481675c38ef6a41697cf8cd3ab5a0b126922b192732a9c587dd8905b74b66c79eb0c849f62bbe8934979a894be63734b0ad59ffae295f5797cbfaa327030

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSAB34.tmp\[email protected]\chrome.manifest

Filesize
106B

MD5
2e5fc32292018aad03da0add555316dd

SHA1
8106062453cbdcd84168a2d02cedf6d40b473f66

SHA256
048dfe0a1f13f919a9d7e73557598121d0e229062bd66b7aa2e9a276016bff70

SHA512
0e857fb1c9d27fd6c760b17538e83d326fe263977ffcdfe9afa35669dab45a1d8560e8291fccd16a75950d3088f08f3c5769389f3b9811bdcf848fdb4e571c80

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSAB34.tmp\[email protected]\content\bg.js

Filesize
9KB

MD5
c8699b12aa5469b0737fd34d5f8823d5

SHA1
ee00fac0dcbeff65247a7d45961d803c97cae56e

SHA256
a0341f822811cad852c26fee03e5a92ca9be29ba970a721660750c6df4e46206

SHA512
4ed6a68c3cf2889d07d0757a8c3cb2a152e149fdd95f7c66d640db2220c16d411f1fa9060ebec6e94062957ee180a2ec532684cae7bed35a65f60ad31240dcfd

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSAB34.tmp\[email protected]\install.rdf

Filesize
608B

MD5
a649d7ad7f8a234faf6d601d5b4d3ac7

SHA1
638eb77c36dbe9fd13e59c2434bb4572bfd09a8b

SHA256
7514184ffa3269555119a0063b3decaf01ff05218a544a0b6ef7ab19fa691770

SHA512
f66a66d0d8a6b35a367debfcb52a8f0a9ac2f604c8a76a1fd5844928c864f18b3ed97e05e4b3ba310936860b87662979c2f37649937c56aead42005d47f7e3a8

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads