325bfa27cbb319eb7cc4092946f4a6bcd98cb737709a281d9626bcd0bf9b8342

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
17/10/2024, 21:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

53c701d69195dbc887d95f1314964119_JaffaCakes118.exe
Size

255KB
MD5

53c701d69195dbc887d95f1314964119
SHA1

509b6c98b80ab3b96f412d838563e4984be64fb8
SHA256

325bfa27cbb319eb7cc4092946f4a6bcd98cb737709a281d9626bcd0bf9b8342
SHA512

37b4c2a68a80afd33bb66d8b2eadda0235d65388482d3fdeb4211809be340b22ad5cd7b07864408589ac3acff4e7d69ebb9063fefa6a1d3cfc5d339bc5074b5d
SSDEEP

6144:h1OgDPdkBAFZWjadD4s5WkH0dGva3k3K5VfvPuC:h1OgLdaOW7dGva3DaC

Score

7^/10

adware discovery spyware stealer upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral1/files/0x000500000001960f-72.dat	acprotect

Executes dropped EXE 1 IoCs

pid	Process
2404	51c402e7ea6ac.exe

Loads dropped DLL 5 IoCs

pid	Process
2524	53c701d69195dbc887d95f1314964119_JaffaCakes118.exe
2404	51c402e7ea6ac.exe
2404	51c402e7ea6ac.exe
2404	51c402e7ea6ac.exe
2404	51c402e7ea6ac.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops Chrome extension 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbaaackgllkdkjenipflohfglnedppik\1\manifest.json	51c402e7ea6ac.exe

Installs/modifies Browser Helper Object 2 TTPs 3 IoCs

BHOs are DLL modules which act as plugins for Internet Explorer.

stealer adware

Modify Registry

T1112

Browser Extensions

T1176

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5299CD72-898D-D046-86DE-372152FACF4F}	51c402e7ea6ac.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{5299CD72-898D-D046-86DE-372152FACF4F}\ = "ssAoffe ssavie"	51c402e7ea6ac.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{5299CD72-898D-D046-86DE-372152FACF4F}\NoExplorer = "1"	51c402e7ea6ac.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2404-75-0x0000000074870000-0x000000007487A000-memory.dmp	upx
behavioral1/files/0x000500000001960f-72.dat	upx

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	53c701d69195dbc887d95f1314964119_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	51c402e7ea6ac.exe

NSIS installer 4 IoCs

installer

resource	yara_rule
behavioral1/files/0x0005000000018784-28.dat	nsis_installer_1
behavioral1/files/0x0005000000018784-28.dat	nsis_installer_2
behavioral1/files/0x0005000000019617-94.dat	nsis_installer_1
behavioral1/files/0x0005000000019617-94.dat	nsis_installer_2

Modifies registry class 45 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\0\win32\ = "C:\\ProgramData\\ssAoffe ssavie\\51c402e7ea6c7.tlb"	51c402e7ea6ac.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	51c402e7ea6ac.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib\ = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}"	51c402e7ea6ac.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{5299CD72-898D-D046-86DE-372152FACF4F}\ProgID	51c402e7ea6ac.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5299CD72-898D-D046-86DE-372152FACF4F}\ProgID\ = "ssAoffe ssavie.1"	51c402e7ea6ac.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib\Version = "1.0"	51c402e7ea6ac.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}	51c402e7ea6ac.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ = "IIEPluginMain"	51c402e7ea6ac.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ProxyStubClsid32	51c402e7ea6ac.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	51c402e7ea6ac.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}	51c402e7ea6ac.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ = "ILocalStorage"	51c402e7ea6ac.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\FLAGS\ = "0"	51c402e7ea6ac.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ProxyStubClsid32	51c402e7ea6ac.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	51c402e7ea6ac.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib\ = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}"	51c402e7ea6ac.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ = "ILocalStorage"	51c402e7ea6ac.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ProxyStubClsid32	51c402e7ea6ac.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib	51c402e7ea6ac.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	51c402e7ea6ac.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib\Version = "1.0"	51c402e7ea6ac.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ProxyStubClsid32	51c402e7ea6ac.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5299CD72-898D-D046-86DE-372152FACF4F}\ = "ssAoffe ssavie"	51c402e7ea6ac.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{5299CD72-898D-D046-86DE-372152FACF4F}	51c402e7ea6ac.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{5299CD72-898D-D046-86DE-372152FACF4F}\InProcServer32	51c402e7ea6ac.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\0	51c402e7ea6ac.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\0\win32	51c402e7ea6ac.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\HELPDIR\ = "C:\\ProgramData\\ssAoffe ssavie"	51c402e7ea6ac.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib	51c402e7ea6ac.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib\ = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}"	51c402e7ea6ac.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib\Version = "1.0"	51c402e7ea6ac.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\HELPDIR	51c402e7ea6ac.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib\Version = "1.0"	51c402e7ea6ac.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}	51c402e7ea6ac.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ = "IIEPluginMain"	51c402e7ea6ac.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5299CD72-898D-D046-86DE-372152FACF4F}\InProcServer32\ = "C:\\ProgramData\\ssAoffe ssavie\\51c402e7ea6c7.dll"	51c402e7ea6ac.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0	51c402e7ea6ac.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\ = "IEPluginLib"	51c402e7ea6ac.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib	51c402e7ea6ac.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}	51c402e7ea6ac.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\FLAGS	51c402e7ea6ac.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}	51c402e7ea6ac.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib	51c402e7ea6ac.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib\ = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}"	51c402e7ea6ac.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5299CD72-898D-D046-86DE-372152FACF4F}\InProcServer32\ThreadingModel = "Apartment"	51c402e7ea6ac.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2524 wrote to memory of 2404	2524	53c701d69195dbc887d95f1314964119_JaffaCakes118.exe	30
PID 2524 wrote to memory of 2404	2524	53c701d69195dbc887d95f1314964119_JaffaCakes118.exe	30
PID 2524 wrote to memory of 2404	2524	53c701d69195dbc887d95f1314964119_JaffaCakes118.exe	30
PID 2524 wrote to memory of 2404	2524	53c701d69195dbc887d95f1314964119_JaffaCakes118.exe	30
PID 2524 wrote to memory of 2404	2524	53c701d69195dbc887d95f1314964119_JaffaCakes118.exe	30
PID 2524 wrote to memory of 2404	2524	53c701d69195dbc887d95f1314964119_JaffaCakes118.exe	30
PID 2524 wrote to memory of 2404	2524	53c701d69195dbc887d95f1314964119_JaffaCakes118.exe	30

System policy modification 1 TTPs 2 IoCs

evasion

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID	51c402e7ea6ac.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{5299CD72-898D-D046-86DE-372152FACF4F} = "1"	51c402e7ea6ac.exe

C:\Users\Admin\AppData\Local\Temp\53c701d69195dbc887d95f1314964119_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\53c701d69195dbc887d95f1314964119_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2524
- C:\Users\Admin\AppData\Local\Temp\7zS88CF.tmp\51c402e7ea6ac.exe
  .\51c402e7ea6ac.exe /s
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops Chrome extension
  - Installs/modifies Browser Helper Object
  - System Location Discovery: System Language Discovery
  - Modifies registry class
  - System policy modification
  PID:2404

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Browser Extensions

T1176

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\ssAoffe ssavie\uninstall.exe

Filesize
48KB

MD5
f3c79bda3fdf7c5dd24d60400a57cadb

SHA1
1adb606aaeedb246a371c8877c737f0f8c798625

SHA256
a76272ed3bbf23308782a308d428ee805ec77fbb622a830af26cb0ddbbf7377b

SHA512
c43cb957bdea357bd016fe03a8004a48d8117a12106f62876394feba05ad01a321ff6017ffb7b926cc77712f5ab63ea2e4b169a419c444c8f62aa4933f289935

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS88CF.tmp\51c402e7ea6c7.dll

Filesize
116KB

MD5
05234975b085632d70d89c2f420c5107

SHA1
078fb2a3e5de54c3737a4541242a4725c02c6b9c

SHA256
a758ad4fdc8949ea005258075457a972eb0672d69d98d688117b85221fca096a

SHA512
f9fa6aee142e32875127feadebbe235f4f376b0c3b7415036b8afc81c0a09a8ba0c5ec9e1703f1a34b220b7646caa1ca02629918185c4afbafe6926014044c4e

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS88CF.tmp\51c402e7ea6c7.tlb

Filesize
18KB

MD5
c1e296ff01d3cf37f91c7473bdd9de52

SHA1
832e3d1ddeb5a0ceb5b13c1ee271eb94bf9bf2a6

SHA256
a8e54ad3e1fbc91d5a7b02bf177a24a02f2558419ce46859bf15859b81478492

SHA512
aeb1f3962746caa3858c27b4753959d5ec9db2727e94642d5db2710633a96e7ceef5f9c0ff3b358f83143b6594459b5d9a94e095fed7a5d1fa97ae6a3c4e564c

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS88CF.tmp\[email protected]\bootstrap.js

Filesize
2KB

MD5
19eabb112f81574ac10c5bf67145a1d9

SHA1
e11090773d9f12b8cee9c95facf93c1bfc6162b5

SHA256
4a33d1699a9c98b03efee1269d4ba199c66c8ddd9d42f5859f7f289a214e41e1

SHA512
2eab6bfbc44f95101d65c49769ac0aee01a48322768ff86fc7ed4ffcb2d080d242d719f60f382a5d0bcf6cdabda772f4655804a78a286fd7052d43562c45192e

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS88CF.tmp\[email protected]\chrome.manifest

Filesize
116B

MD5
bbcea5752035e825e29d3380153e9b9f

SHA1
6a11d96392fbecb6c6665d8050e751db4b884244

SHA256
3a66c0dba319485be0f98551c7d5acc9c5ba7cc64b8721857f2ae6312ed3ac6c

SHA512
f3aad30a0f2887b13bfc8a4cdce5a6f330a1434963010aa8739f588080631a5c4cb970cf626a6ec64f5d50a55e4ced27f5d619a0c6ec08f37ed3562dd24bb225

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS88CF.tmp\[email protected]\content\bg.js

Filesize
8KB

MD5
81490aa684617fc0f55a838314e10815

SHA1
a8edc5cca4997c4227298bf8a25071a6cc3dbb4d

SHA256
11e9ec57022e68f5e3558a0e8965aac8eeb2f34a41dcd40df4e976e09b96cc08

SHA512
ac4b3de2a9b9c7446d5d5c4dcc3cfdb016134071320c9bd8498178e39d57ae698f1a15129ff4e48f065ab35b373c45d5f16d3f6bdf99db5ebaafb6301d40e0fb

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS88CF.tmp\[email protected]\install.rdf

Filesize
609B

MD5
9df67a83bd9b4a3daeee8884430c7ac3

SHA1
ffa593636d06bfe5c685c7464601b35e15d8430c

SHA256
b9442017f06fd2c3bafafcfce1d1d5d01a85419d68c7e4203514e0a741190e2c

SHA512
f68796fe106f994393b5daeced5e5a7e204862f7433bbad655e4c4335d5248819e313f583c0018c9ef62eec88b724360131f0abdab75432a7624c7b2128cdc86

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS88CF.tmp\kbaaackgllkdkjenipflohfglnedppik\51c402e7ea4e77.74231611.js

Filesize
4KB

MD5
7f79b9ab09dc97dd1634c254f2eacc54

SHA1
22e2b9183bc9a9d1819fdf697dc52e5c5e384280

SHA256
6fc2bdc0a366813d5a82496690840e650bcb28898e9270d37542e91d1b32f1ca

SHA512
1e58caeae48b87694e3ef1d35abe40fc388fd4f5a537ea326342a42cb628c46bd5431e6fbe2cd469c70c9c4f1db71b6f1141a969d89812f6e26cfa491de87813

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS88CF.tmp\kbaaackgllkdkjenipflohfglnedppik\background.html

Filesize
161B

MD5
29770703e6d84078dec81cb00f2998d3

SHA1
ff6a211d6ae42e7686fa2b28eb08d8ed33504503

SHA256
28b6c9a2b4c54eed22df01173bab61b33df6e0954516ba98a22445e02750dc15

SHA512
c47efb7d2dacb4ebb0e2c5e5c95d1ab78a15a32c1ff57675a5ecc65a48f21142e1ed7562269ea777a60735f5a5c20d06bf8fc784e5361ef6f38ba9324ead5032

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS88CF.tmp\kbaaackgllkdkjenipflohfglnedppik\content.js

Filesize
197B

MD5
5f9891607f65f433b0690bae7088b2c1

SHA1
b4edb7579dca34dcd00bca5d2c13cbc5c8fac0de

SHA256
fb01e87250ac9985ed08d97f2f99937a52998ea9faebdc88e4071d6517e1ea6b

SHA512
76018b39e4b62ff9ea92709d12b0255f33e8402dfc649ed403382eebc22fb37c347c403534a7792e6b5de0ed0a5d97a09b69f0ffc39031cb0d4c7d79e9440c7c

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS88CF.tmp\kbaaackgllkdkjenipflohfglnedppik\lsdb.js

Filesize
559B

MD5
209b7ae0b6d8c3f9687c979d03b08089

SHA1
6449f8bff917115eef4e7488fae61942a869200f

SHA256
e3cf0049af8b9f6cb4f0223ccb8438f4b0c75863684c944450015868a0c45704

SHA512
1b38d5509283ef25de550b43ef2535dee1a13eff12ad5093f513165a47eec631bcc993242e2ce640f36c61974431ae2555bd6e2a97aba91eb689b7cd4bf25a25

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS88CF.tmp\kbaaackgllkdkjenipflohfglnedppik\manifest.json

Filesize
506B

MD5
9c4679c5c86140b8de01464179784de1

SHA1
acd4d885186f8166dcc9bcf467457808d6ce3663

SHA256
b9cfa353c03b84a3e6eab0bd0a08fb2f0dcda26a2b91b3a04e41518420075c02

SHA512
b57b939a7c1535cbbaa2344d6c4af6fbbeccb6c43e52c1305ab90652478c3c592825318d3f9e51039f7bc1cef4c76d0249152a3f6ba1d05b21a1d53f7d9cbcd4

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS88CF.tmp\kbaaackgllkdkjenipflohfglnedppik\sqlite.js

Filesize
1KB

MD5
28aa1462de07fd09c1df14a1d60f9165

SHA1
4c7a4f3b8d6bf09cb26b4f224487b2a35589b800

SHA256
334d7d7d78ce9b72ad7d93b50e966b81afe45da3a0dcb5d961284741831bffa8

SHA512
6cfd43f6a261e6a3a85af6199e1075fd558d63acd49c75fe8871df3baeab3c645e833b21a6090353f93bb26b5c663a7129945b20bdde710193b4fbe9c986a2ba

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS88CF.tmp\settings.ini

Filesize
6KB

MD5
a6f51f2532213d94c9fa7d0eb6d553e2

SHA1
d62dcbfc61fc7df89251b2aedd34b9904e7cb328

SHA256
2468ce0cfe8d8c2496920b95477510b8356e3996aa046ab354dc1df00b667901

SHA512
b8262f92ca792f9c26188d6d6212169fb08766d50d84fd05f281d0577ff7679f0b1529e0f226a33c81f4fd2f1beaeb634e936e80064675485384310ffce601dd

Download Submit
\Users\Admin\AppData\Local\Temp\7zS88CF.tmp\51c402e7ea6ac.exe

Filesize
71KB

MD5
b78633fae8aaf5f7e99e9c736f44f9c5

SHA1
26fc60e29c459891ac0909470ac6c61a1eca1544

SHA256
d205693516dbaf34cfbd216e825190de4de1412e861bc9cb30ce863907b30d22

SHA512
3885b609269b26918ccfcd9069181168c12f4271b6bdfcc51afe176b2dd242d4c0953ac1a4ddaf25abcfaf28a0b694a6269d96ae39bb7b2db2f0140d2d60cd43

Download Submit
\Users\Admin\AppData\Local\Temp\nso894D.tmp\UserInfo.dll

Filesize
4KB

MD5
7579ade7ae1747a31960a228ce02e666

SHA1
8ec8571a296737e819dcf86353a43fcf8ec63351

SHA256
564c80dec62d76c53497c40094db360ff8a36e0dc1bda8383d0f9583138997f5

SHA512
a88bc56e938374c333b0e33cb72951635b5d5a98b9cb2d6785073cbcad23bf4c0f9f69d3b7e87b46c76eb03ced9bb786844ce87656a9e3df4ca24acf43d7a05b

Download Submit
\Users\Admin\AppData\Local\Temp\nso894D.tmp\nsJSON.dll

Filesize
7KB

MD5
b9cd1b0fd3af89892348e5cc3108dce7

SHA1
f7bc59bf631303facfc970c0da67a73568e1dca6

SHA256
49b173504eb9cd07e42a3c4deb84c2cd3f3b49c7fb0858aee43ddfc64660e384

SHA512
fdcbdd21b831a92ca686aab5b240f073a89a08588e42439564747cad9160d79cfa8e3c103b6b4f2917684c1a591880203b4303418b85bc040f9f00b6658b0c90

Download Submit
memory/2404-75-0x0000000074870000-0x000000007487A000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads