264e63bf2f1fe49f109a3b4cf265bc0fe1fa1bc5e75f0ac66e26a1230397e2a6

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
13/10/2024, 16:53

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

4100c4c8dc629767495e2e3b38ad7ec2_JaffaCakes118.exe
Size

551KB
MD5

4100c4c8dc629767495e2e3b38ad7ec2
SHA1

bd2122fa830c6ca468eee994aaf37d72dee8108a
SHA256

264e63bf2f1fe49f109a3b4cf265bc0fe1fa1bc5e75f0ac66e26a1230397e2a6
SHA512

28e0fd78702ac1f66aaccdbc147ae01adf0bd56dc6f6b7d9e94f8e27e8210b3801efde174c636b53010c0202b4c38f53d0aa12d6be9b299d392cbff8d0288f03
SSDEEP

12288:h1OgLdaOCWctn+MEfOUgbJuMmFcouJqkN:h1OYdaOCtMOUgJHJJqkN

Score

7^/10

adware discovery stealer

Malware Config

Signatures

Loads dropped DLL 2 IoCs

pid	Process
2956	regsvr32.exe
2956	regsvr32.exe

Drops Chrome extension 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\homobjaefhhjppohngdnaajkecaccacj\5.10\manifest.json	regsvr32.exe

Installs/modifies Browser Helper Object 2 TTPs 4 IoCs

BHOs are DLL modules which act as plugins for Internet Explorer.

stealer adware

Modify Registry

T1112

Browser Extensions

T1176

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{25491CA8-EF4D-C068-FAC3-5F2D25E70B29}\ = "savenshhare"	regsvr32.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{25491CA8-EF4D-C068-FAC3-5F2D25E70B29}\NoExplorer = "1"	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{25491CA8-EF4D-C068-FAC3-5F2D25E70B29}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{25491CA8-EF4D-C068-FAC3-5F2D25E70B29}	regsvr32.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regsvr32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4100c4c8dc629767495e2e3b38ad7ec2_JaffaCakes118.exe

Modifies Internet Explorer settings 1 TTPs 4 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration	regsvr32.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration\{25491CA8-EF4D-C068-FAC3-5F2D25E70B29}	regsvr32.exe
Key deleted	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration\{25491CA8-EF4D-C068-FAC3-5F2D25E70B29}	regsvr32.exe
Key deleted	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration	regsvr32.exe

Modifies registry class 63 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\FLAGS	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ProxyStubClsid32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib\ = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ProxyStubClsid32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{25491CA8-EF4D-C068-FAC3-5F2D25E70B29}\ = "savenshhare"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{25491CA8-EF4D-C068-FAC3-5F2D25E70B29}\InprocServer32\ThreadingModel = "Apartment"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ProxyStubClsid32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\saVensiharee.saVensiharee.5.10\ = "savenshhare"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\0\win32\ = "C:\\ProgramData\\savenshhare\\8ajOLs.tlb"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\saVensiharee.saVensiharee.5.10\CLSID\ = "{25491CA8-EF4D-C068-FAC3-5F2D25E70B29}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{25491CA8-EF4D-C068-FAC3-5F2D25E70B29}\InprocServer32\ = "C:\\ProgramData\\savenshhare\\8ajOLs.dll"	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{25491CA8-EF4D-C068-FAC3-5F2D25E70B29}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\0	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib\Version = "1.0"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\saVensiharee.saVensiharee.5.10\CLSID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\saVensiharee.saVensiharee\CLSID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\saVensiharee.saVensiharee\CurVer	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib\Version = "1.0"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\saVensiharee.saVensiharee.5.10	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{25491CA8-EF4D-C068-FAC3-5F2D25E70B29}\ProgID\ = "saVensiharee.5.10"	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{25491CA8-EF4D-C068-FAC3-5F2D25E70B29}\Programmable	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\FLAGS\ = "0"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\saVensiharee.saVensiharee	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{25491CA8-EF4D-C068-FAC3-5F2D25E70B29}\VersionIndependentProgID	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ = "IIEPluginMain"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ = "ILocalStorage"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib\ = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\saVensiharee.saVensiharee\CLSID\ = "{25491CA8-EF4D-C068-FAC3-5F2D25E70B29}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\HELPDIR	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{25491CA8-EF4D-C068-FAC3-5F2D25E70B29}\Programmable	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{25491CA8-EF4D-C068-FAC3-5F2D25E70B29}\ProgID	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\ = "IEPluginLib"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ = "IIEPluginMain"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{25491CA8-EF4D-C068-FAC3-5F2D25E70B29}\InprocServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\0\win32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\HELPDIR\ = "C:\\ProgramData\\savenshhare"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{25491CA8-EF4D-C068-FAC3-5F2D25E70B29}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{25491CA8-EF4D-C068-FAC3-5F2D25E70B29}\VersionIndependentProgID	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{25491CA8-EF4D-C068-FAC3-5F2D25E70B29}\VersionIndependentProgID\ = "saVensiharee"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ProxyStubClsid32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ = "ILocalStorage"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\saVensiharee.saVensiharee\CurVer\ = "saVensiharee.5.10"	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{25491CA8-EF4D-C068-FAC3-5F2D25E70B29}\ProgID	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib\ = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib\Version = "1.0"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\saVensiharee.saVensiharee\ = "savenshhare"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib\Version = "1.0"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib\ = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}"	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{25491CA8-EF4D-C068-FAC3-5F2D25E70B29}\InprocServer32	regsvr32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2672 wrote to memory of 2956	2672	4100c4c8dc629767495e2e3b38ad7ec2_JaffaCakes118.exe	31
PID 2672 wrote to memory of 2956	2672	4100c4c8dc629767495e2e3b38ad7ec2_JaffaCakes118.exe	31
PID 2672 wrote to memory of 2956	2672	4100c4c8dc629767495e2e3b38ad7ec2_JaffaCakes118.exe	31
PID 2672 wrote to memory of 2956	2672	4100c4c8dc629767495e2e3b38ad7ec2_JaffaCakes118.exe	31
PID 2672 wrote to memory of 2956	2672	4100c4c8dc629767495e2e3b38ad7ec2_JaffaCakes118.exe	31
PID 2672 wrote to memory of 2956	2672	4100c4c8dc629767495e2e3b38ad7ec2_JaffaCakes118.exe	31
PID 2672 wrote to memory of 2956	2672	4100c4c8dc629767495e2e3b38ad7ec2_JaffaCakes118.exe	31

C:\Users\Admin\AppData\Local\Temp\4100c4c8dc629767495e2e3b38ad7ec2_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\4100c4c8dc629767495e2e3b38ad7ec2_JaffaCakes118.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2672
- C:\Windows\SysWOW64\regsvr32.exe
  "C:\Windows\System32\regsvr32.exe" /n /s /i:"" zUT_Us.dll
  2⤵
  - Loads dropped DLL
  - Drops Chrome extension
  - Installs/modifies Browser Helper Object
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Modifies registry class
  PID:2956

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Browser Extensions

T1176

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\7zSE6F5.tmp\8ajOLs.dll

Filesize
180KB

MD5
0e093772550eb9541dd715c016b5584a

SHA1
20338dc859a5652f5661280dc508f4e5b533e76d

SHA256
028999304f35f7a6fc2cf6e360d4ea587612d63ce191fa979cc98ccca46ab149

SHA512
0030b395e2fde6bc9f70f52e71d8e87d306cff8afd2acbad725c4cc92b6d7916a38c1d6d156feaec841966492d32394982ef51989e2b8673d7c00e103f744dd5

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSE6F5.tmp\8ajOLs.tlb

Filesize
2KB

MD5
48e9706fe9f76731f3576122fc3e9e33

SHA1
387c8c4898ead8ace488a7df80fead429eaf167b

SHA256
7bad79916803a14ca817e5c39f5ec2f0f240044d6dc24fb4916c8fda338060f1

SHA512
e9b44a2b1b7a806066182a084ec9df81916fc6db79710256e173377e7cd64a732c006830bbe324a9a734731ecde8b8251cfa995399f6d4df5322faff99c458b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSE6F5.tmp\Preferences.C__Users_Admin_AppData_Local_Google_Chrome_User Data_Default_Preferences

Filesize
5KB

MD5
da1b6146e6eefb12f60ada938c891526

SHA1
79820b20f9a31341c6b9cb0699ee2898b3da4f65

SHA256
e4e7d5a8e268ad49f92b54ec953c6a5941d3084ed7064bdb0c43709cb0246d4b

SHA512
a9973eba7e33f0fa3c4c47dc3eedca40ed66973f822dff117e230131c6dd81b4ca06a31288e2d740160767c5aaea06f403c0bda43a79088bf0d16355dd6645f2

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSE6F5.tmp\[email protected]\bootstrap.js

Filesize
2KB

MD5
067bd74fe9b513998883944a3f5b342e

SHA1
2585475f7ab5cb5b7899ac84022465e83c7777c8

SHA256
881559ac731a77e770a9f880a02bc24f6ef2845c179e4300722054b8940bc320

SHA512
49434a4265ccb429c91f43bc8aeec7b7050d010eca7898f5028e8a927307511edc520f2a19b594b584883e3d3e214c63562d87174685edd16ab1dabd41d22699

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSE6F5.tmp\[email protected]\chrome.manifest

Filesize
106B

MD5
75f7dcf95837e38928048045d3263d25

SHA1
bec33b4f860b7992e3ead9f1f3dc0aeb5f65eff1

SHA256
70810a6ff8d5a1592c5551e021c91c6a86d0b0a8a05487c9ea271e3f177517ce

SHA512
561933028d20b3fc63a43e6a5cb0c5455a551b2e455ec0a85ffb8547ed63dd17b9fbc7a8d1f70d7510378d978e63e3eed5ca9050d598dc792cf14c2a523d26e1

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSE6F5.tmp\[email protected]\content\bg.js

Filesize
9KB

MD5
b49854ab4e74fbc1b12e59caffc248b9

SHA1
6b37a4e92d58c99bed96ad04e0a5b6b52e961b8a

SHA256
dff66707e75989bee561b7bb54ea22b5bdcc4d62b1b0a061bf44e94cb2e52b9a

SHA512
cd41b5b05ae3d11dee0d8d8c15b064e2ec79513661cedb23c2a1d2939b1c4982460925839be9c566e1ed13a7c877022eb9906eec3a55cdf3b8da95f16b93a9d4

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSE6F5.tmp\[email protected]\install.rdf

Filesize
609B

MD5
05742dbd60182ddb284bb361eaa9b856

SHA1
00cdeefbe9cb8ce84700154f576591f911ef0953

SHA256
164aeb8c67576d9b6d1086576b5747d56b9053a835fcbdde6680aa3a7a2032b6

SHA512
76e74aa4da4de402526436603b3f6d8dc58f86204de5cbf9dd74b0eb2d870261ebecb330c510e74f8af02983cb37652112a6f37c545f741d24b0f77cf4019a1c

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSE6F5.tmp\homobjaefhhjppohngdnaajkecaccacj\WF9SHM2.js

Filesize
5KB

MD5
142aea71cd90668826f3bcd30d3403e6

SHA1
62ae5ce4c73e412fe133e7ae6fb00483c6b63969

SHA256
83ac38e6de11bbeedb2bb80535ec83173ec0f1c0002f21496043de1ad54b5782

SHA512
2fdd3c81ca298aac7650d059c13ee5a2a197b2db9494fd215cd2dcafdba8181a9414f32a9acca96c8d7748a191e15e5b2508429f1e4afe65934883108bcdd9cf

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSE6F5.tmp\homobjaefhhjppohngdnaajkecaccacj\background.html

Filesize
144B

MD5
d224159a63481aee918d4dd352bcc711

SHA1
7f57c335c658e39c0dd7e0ab8ad7f99402d9727f

SHA256
ac06570ae37d70c354b191ed21c51dcd3bfb5f6b83630235bed6bb160d787d46

SHA512
f283ffed45fa13bcc1e0058e7d92d694a7c2ca388a0dd4081f0c52ccf75205e78fd97f7dbbf7d992b2fd1ed608d4dea7bfe76be5acd1f18ce04bcf85a334b9af

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSE6F5.tmp\homobjaefhhjppohngdnaajkecaccacj\content.js

Filesize
197B

MD5
5f9891607f65f433b0690bae7088b2c1

SHA1
b4edb7579dca34dcd00bca5d2c13cbc5c8fac0de

SHA256
fb01e87250ac9985ed08d97f2f99937a52998ea9faebdc88e4071d6517e1ea6b

SHA512
76018b39e4b62ff9ea92709d12b0255f33e8402dfc649ed403382eebc22fb37c347c403534a7792e6b5de0ed0a5d97a09b69f0ffc39031cb0d4c7d79e9440c7c

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSE6F5.tmp\homobjaefhhjppohngdnaajkecaccacj\lsdb.js

Filesize
559B

MD5
209b7ae0b6d8c3f9687c979d03b08089

SHA1
6449f8bff917115eef4e7488fae61942a869200f

SHA256
e3cf0049af8b9f6cb4f0223ccb8438f4b0c75863684c944450015868a0c45704

SHA512
1b38d5509283ef25de550b43ef2535dee1a13eff12ad5093f513165a47eec631bcc993242e2ce640f36c61974431ae2555bd6e2a97aba91eb689b7cd4bf25a25

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSE6F5.tmp\homobjaefhhjppohngdnaajkecaccacj\manifest.json

Filesize
505B

MD5
6218ebfcdc966358dabe509f2b2ff9fa

SHA1
994dde46e2a141a57ac342483f68cd83e2b643a9

SHA256
00bdb4805b5bdae1eabfa606af12ea9007a623f0375bb93a005efae70cb369d4

SHA512
8b899ecc9df14446c3f4f7e02db577f3a98d814f9b04a3174966cc9d116b4c561f897cd248cc75a9c56758cc5853bc23f6cbfe22577694d67a141e81f6e5100c

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSE6F5.tmp\homobjaefhhjppohngdnaajkecaccacj\sqlite.js

Filesize
1KB

MD5
bb4621ec644e2922e45e23c84683809d

SHA1
ce5bb9930a2d4f8671cd13bd8af1f87e98f2556c

SHA256
266397b0f478d1c08d8bb3f364512c7c5115b63094986aac5fe0a4c54ba75bea

SHA512
bd67b15cfc1ab3b4d14463381d8d64422ccbd12ecbe7571a6ff97cea9301c3f155d9f5bbb543c7cc61cbae57005a8abc204c3fc66ed59741683c544725c2317e

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSE6F5.tmp\settings.ini

Filesize
7KB

MD5
7a1a8fbbdd8159f1ae9458040f30b641

SHA1
86f517061171302b13700c8a36a823b0daa187b9

SHA256
e1c7d81f3df17c588816a04fa38e058482e50a6e0baedf38353273ce048bf35e

SHA512
a75d796d23f4a5c3e0d7cec57fb4c52d11b215dd98de8e9004ec7c9900e4e20f04e541a549b5680e19b8c89fbbb26c4fe7e9c16d76fc071817a7c7b137bee7ba

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSE6F5.tmp\zUT_Us.dll

Filesize
203KB

MD5
41b13b132cb601ecc466654b90296353

SHA1
245258ddccb48826f22d57444f49fa30be1b36fd

SHA256
7fa4bb68c313e1090587a64b90e87bdcbc14ea3fb7c0e8cff94c657c969b70bf

SHA512
0e8de7bbe3695848e299fe3f3506f2e982a60cf0a0dd11cde86de4af67ef3c7b46458680d7bad9cedaa266ea33cb2e77f2aa83fcf1bdd20bf31d1936f2bd69a6

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads