bb0525f22db2676c78615f02e2a85ada46ccf71427ecaabf81f29ed1615ac311

Analysis

max time kernel
121s
max time network
123s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
18/10/2024, 11:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5737bce298b2a2618b6eb8ee99adf732_JaffaCakes118.exe
Size

250KB
MD5

5737bce298b2a2618b6eb8ee99adf732
SHA1

df446a3744d19d7537b7c7ddc07552fd019aa161
SHA256

bb0525f22db2676c78615f02e2a85ada46ccf71427ecaabf81f29ed1615ac311
SHA512

83e17a6dcc292d6750a98ee54fa160fb08299b5e58467398e60ac3faec5bda89fe8e3233f33c442edd488c04725edc2f2ac29073db34e432a00e0329c392bed2
SSDEEP

6144:h1OgDPdkBAFZWjadD4s5hdxl/8/uMEXN8AC8:h1OgLdaOhHF8/SXNTC8

Score

7^/10

adware discovery spyware stealer upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral1/files/0x0005000000019fb9-77.dat	acprotect

Executes dropped EXE 1 IoCs

pid	Process
2768	50fdbc81a0e2e.exe

Loads dropped DLL 5 IoCs

pid	Process
1832	5737bce298b2a2618b6eb8ee99adf732_JaffaCakes118.exe
2768	50fdbc81a0e2e.exe
2768	50fdbc81a0e2e.exe
2768	50fdbc81a0e2e.exe
2768	50fdbc81a0e2e.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops Chrome extension 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\eieophfpcfdbbgjghdecilcbmcppmomg\1\manifest.json	50fdbc81a0e2e.exe

Installs/modifies Browser Helper Object 2 TTPs 3 IoCs

BHOs are DLL modules which act as plugins for Internet Explorer.

stealer adware

Modify Registry

T1112

Browser Extensions

T1176

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{314368BB-A2EE-6E46-4490-AF9D37B5A470}	50fdbc81a0e2e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{314368BB-A2EE-6E46-4490-AF9D37B5A470}\ = "bit coupon"	50fdbc81a0e2e.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{314368BB-A2EE-6E46-4490-AF9D37B5A470}\NoExplorer = "1"	50fdbc81a0e2e.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x0005000000019fb9-77.dat	upx
behavioral1/memory/2768-79-0x0000000074F80000-0x0000000074F8A000-memory.dmp	upx

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	5737bce298b2a2618b6eb8ee99adf732_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	50fdbc81a0e2e.exe

NSIS installer 4 IoCs

installer

resource	yara_rule
behavioral1/files/0x00050000000194f3-30.dat	nsis_installer_1
behavioral1/files/0x00050000000194f3-30.dat	nsis_installer_2
behavioral1/files/0x000500000001a301-100.dat	nsis_installer_1
behavioral1/files/0x000500000001a301-100.dat	nsis_installer_2

Modifies registry class 45 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ProxyStubClsid32	50fdbc81a0e2e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib\Version = "1.0"	50fdbc81a0e2e.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ProxyStubClsid32	50fdbc81a0e2e.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{314368BB-A2EE-6E46-4490-AF9D37B5A470}	50fdbc81a0e2e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{314368BB-A2EE-6E46-4490-AF9D37B5A470}\ProgID\ = "bit coupon.1"	50fdbc81a0e2e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib\Version = "1.0"	50fdbc81a0e2e.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\HELPDIR	50fdbc81a0e2e.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ProxyStubClsid32	50fdbc81a0e2e.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}	50fdbc81a0e2e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib\ = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}"	50fdbc81a0e2e.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\0\win32	50fdbc81a0e2e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\ = "IEPluginLib"	50fdbc81a0e2e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib\ = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}"	50fdbc81a0e2e.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}	50fdbc81a0e2e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib\Version = "1.0"	50fdbc81a0e2e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ = "ILocalStorage"	50fdbc81a0e2e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	50fdbc81a0e2e.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{314368BB-A2EE-6E46-4490-AF9D37B5A470}\InProcServer32	50fdbc81a0e2e.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}	50fdbc81a0e2e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\HELPDIR\ = "C:\\ProgramData\\bit coupon"	50fdbc81a0e2e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib\ = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}"	50fdbc81a0e2e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ = "IIEPluginMain"	50fdbc81a0e2e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	50fdbc81a0e2e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ = "ILocalStorage"	50fdbc81a0e2e.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib	50fdbc81a0e2e.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\FLAGS	50fdbc81a0e2e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	50fdbc81a0e2e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	50fdbc81a0e2e.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib	50fdbc81a0e2e.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}	50fdbc81a0e2e.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{314368BB-A2EE-6E46-4490-AF9D37B5A470}\ProgID	50fdbc81a0e2e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ = "IIEPluginMain"	50fdbc81a0e2e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\0\win32\ = "C:\\ProgramData\\bit coupon\\50fdbc81a0e67.tlb"	50fdbc81a0e2e.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}	50fdbc81a0e2e.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ProxyStubClsid32	50fdbc81a0e2e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib\ = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}"	50fdbc81a0e2e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{314368BB-A2EE-6E46-4490-AF9D37B5A470}\InProcServer32\ = "C:\\ProgramData\\bit coupon\\50fdbc81a0e67.dll"	50fdbc81a0e2e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{314368BB-A2EE-6E46-4490-AF9D37B5A470}\InProcServer32\ThreadingModel = "Apartment"	50fdbc81a0e2e.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\0	50fdbc81a0e2e.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib	50fdbc81a0e2e.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib	50fdbc81a0e2e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{314368BB-A2EE-6E46-4490-AF9D37B5A470}\ = "bit coupon"	50fdbc81a0e2e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\FLAGS\ = "0"	50fdbc81a0e2e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib\Version = "1.0"	50fdbc81a0e2e.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0	50fdbc81a0e2e.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1832 wrote to memory of 2768	1832	5737bce298b2a2618b6eb8ee99adf732_JaffaCakes118.exe	30
PID 1832 wrote to memory of 2768	1832	5737bce298b2a2618b6eb8ee99adf732_JaffaCakes118.exe	30
PID 1832 wrote to memory of 2768	1832	5737bce298b2a2618b6eb8ee99adf732_JaffaCakes118.exe	30
PID 1832 wrote to memory of 2768	1832	5737bce298b2a2618b6eb8ee99adf732_JaffaCakes118.exe	30
PID 1832 wrote to memory of 2768	1832	5737bce298b2a2618b6eb8ee99adf732_JaffaCakes118.exe	30
PID 1832 wrote to memory of 2768	1832	5737bce298b2a2618b6eb8ee99adf732_JaffaCakes118.exe	30
PID 1832 wrote to memory of 2768	1832	5737bce298b2a2618b6eb8ee99adf732_JaffaCakes118.exe	30

System policy modification 1 TTPs 2 IoCs

evasion

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{314368BB-A2EE-6E46-4490-AF9D37B5A470} = "1"	50fdbc81a0e2e.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID	50fdbc81a0e2e.exe

C:\Users\Admin\AppData\Local\Temp\5737bce298b2a2618b6eb8ee99adf732_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5737bce298b2a2618b6eb8ee99adf732_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:1832
- C:\Users\Admin\AppData\Local\Temp\7zSB1B3.tmp\50fdbc81a0e2e.exe
  .\50fdbc81a0e2e.exe /s
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops Chrome extension
  - Installs/modifies Browser Helper Object
  - System Location Discovery: System Language Discovery
  - Modifies registry class
  - System policy modification
  PID:2768

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Browser Extensions

T1176

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\bit coupon\uninstall.exe

Filesize
48KB

MD5
f3c79bda3fdf7c5dd24d60400a57cadb

SHA1
1adb606aaeedb246a371c8877c737f0f8c798625

SHA256
a76272ed3bbf23308782a308d428ee805ec77fbb622a830af26cb0ddbbf7377b

SHA512
c43cb957bdea357bd016fe03a8004a48d8117a12106f62876394feba05ad01a321ff6017ffb7b926cc77712f5ab63ea2e4b169a419c444c8f62aa4933f289935

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSB1B3.tmp\[email protected]\bootstrap.js

Filesize
2KB

MD5
d657f4e42af840de56b61d255c29224c

SHA1
24e05f1ca26f7592b7eb4488e7b0a7bd25f0ca62

SHA256
58a172caed34da2b7f55957a1259c468141e8fc38434d5203b61bfa7376a4829

SHA512
930b21b6589ffb318f3048af4dae5ddfe21d47a9a327ccdb6120dce36ccc9ee8f67d3b4727a0e1d3b38f839eb1311b7670e19b0232f2f0615502f134bf7e3855

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSB1B3.tmp\[email protected]\chrome.manifest

Filesize
116B

MD5
78257424afaa985f50d986b3cdae6729

SHA1
ec1f20ea152eb46577ceb982cbb53b0c4ae66b19

SHA256
bc82eacc266e846639e53e103858f6a418a204fc1da2752d617c779ea98950c6

SHA512
a708eac797772f82f65644a40238ffa9e98c5e425e9cdf69236a56b90d7667b158f6bbd72475654fe72e27d364485b9670baab5b1e711bc3a4d620f60cff9143

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSB1B3.tmp\[email protected]\content\bg.js

Filesize
8KB

MD5
a1bfa88c6b03160feb6894be27eab393

SHA1
0254b94f3dea93d04d6c409b600a47bbfd47af7a

SHA256
98f8c96db8c47cef183842dd5c215f68abcfd4e56603e18c0c334fefdb645957

SHA512
a3124f2549e6769c5db21fac297d0a3928febc2334f2019f20d6e679e78281f8a678967bce6eaf9027405274e24e94d9ffc63ada0576eb49801a1010c91e15ad

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSB1B3.tmp\[email protected]\content\zy.xul

Filesize
225B

MD5
0bcba4b2726c3555fa5f15755c1832c2

SHA1
c5629fd3c93f16308b00e225e98b50d17ad59341

SHA256
da35af4d497c4093a5912e44c311f905b7fe1e2b81fe73e9a8f0111c1c0cb114

SHA512
0344e87ba6b96447741557cdf8500f041eed66df69561c7d074a13490c65c956a497f64042f7c4445892d2ad7143c8a5176e546e47e0eb912642efac42388257

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSB1B3.tmp\[email protected]\install.rdf

Filesize
716B

MD5
408bacfca39249143337e4e29892b018

SHA1
c9627b23bb0003ca3850143d7f73c032e3ebe26a

SHA256
108db62e8f45c546299a6222c421dba211d622c5c5893b91bee82e3e2bc3a17b

SHA512
5595e7bfeb68b5dccf780f93846fc2e55250acb45fe30d421167a876fbe08b7dd9014b79a15f8d59e61382cedbc43ed203ccbc114f76a69b1fd37e0edd1d757f

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSB1B3.tmp\50fdbc81a0e67.dll

Filesize
118KB

MD5
44f1dc155d3d083b677f20ed0fab8404

SHA1
a696c5a0d50145afde3d3a71f70b1c3006ac2199

SHA256
67014a6fc8a77ae480dae9b09f800a1f40a40399ef967f86843a80eb4c9eb470

SHA512
04a7098abd589eb1a533af6f89d0d982d2faf9c4e7e29d02abaacf81635b789acfb5ca026f7a0c6b4a263934f0425c69f5225488c450e864f8dc8000ffbf94f6

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSB1B3.tmp\50fdbc81a0e67.tlb

Filesize
2KB

MD5
c749bca713cf6481411b5c4eaac4506a

SHA1
539cb813dea7e37eff8c1b696eb0ab42c815ab62

SHA256
0a94d2086eb6ac57ba5ee365d3f6f64f33e7c8d18419f04715460bc04ebddf2d

SHA512
11b3b333b97b1bbbbbf01b6d367188698470877e180a3854ec9762f706755156136b404f2b95a7304a890686d8f5f697232e6c28497aca20e0aa76988b0f179a

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSB1B3.tmp\eieophfpcfdbbgjghdecilcbmcppmomg\50fdbc81a0c3c0.14068562.js

Filesize
4KB

MD5
0fb6bccc8805d5accc48150ef86fa348

SHA1
7773ee8f0cce9636ce5397dcf4d98c8c526d0489

SHA256
4b2534990b3290c4f4861f48c12b84fd6981c8e2662ee4fb5522bcea220e12a3

SHA512
16efccae4efa034245862ba5873656c0ec3620e0db05a8a74d0c417398777e6cd32a6bc366cc6d0792c457f6ce9220ab3da9507a32fc910c9d1005de9c977762

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSB1B3.tmp\eieophfpcfdbbgjghdecilcbmcppmomg\background.html

Filesize
161B

MD5
e238cc3fe460bd30b360c1d13aa59de6

SHA1
532be51c0bc3a3c393298f19cdb3e9214969d39e

SHA256
3e9d647beca0262df6f3e4ad2899f7f2cc04a39c323c42426081fabff1c36f3a

SHA512
5f6dbedd1d3320223a1910385e6d91b1007a980ba71e452a3f56a26a106f08b584c523a820573ee7b4553c791f9a305d1c76f409d09b24f598f5a9277394a253

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSB1B3.tmp\eieophfpcfdbbgjghdecilcbmcppmomg\content.js

Filesize
197B

MD5
5f9891607f65f433b0690bae7088b2c1

SHA1
b4edb7579dca34dcd00bca5d2c13cbc5c8fac0de

SHA256
fb01e87250ac9985ed08d97f2f99937a52998ea9faebdc88e4071d6517e1ea6b

SHA512
76018b39e4b62ff9ea92709d12b0255f33e8402dfc649ed403382eebc22fb37c347c403534a7792e6b5de0ed0a5d97a09b69f0ffc39031cb0d4c7d79e9440c7c

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSB1B3.tmp\eieophfpcfdbbgjghdecilcbmcppmomg\lsdb.js

Filesize
559B

MD5
209b7ae0b6d8c3f9687c979d03b08089

SHA1
6449f8bff917115eef4e7488fae61942a869200f

SHA256
e3cf0049af8b9f6cb4f0223ccb8438f4b0c75863684c944450015868a0c45704

SHA512
1b38d5509283ef25de550b43ef2535dee1a13eff12ad5093f513165a47eec631bcc993242e2ce640f36c61974431ae2555bd6e2a97aba91eb689b7cd4bf25a25

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSB1B3.tmp\eieophfpcfdbbgjghdecilcbmcppmomg\manifest.json

Filesize
483B

MD5
a2a81cfb7b2bdc6854e849395d951bca

SHA1
bec805f578fbddd1ad2758d2c916e1a065361aff

SHA256
66f001d92bd4fc83138078479b05b9b838f2ead9aee94862563c811fb16a7443

SHA512
941f7fad6c6bff2968fb8fd98f1a7d5458c39793ab01cff534e1deab33835f532b40b901ec558e67478122581f897d0044732d9a16c759e8e8c949f40b975972

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSB1B3.tmp\eieophfpcfdbbgjghdecilcbmcppmomg\sqlite.js

Filesize
1KB

MD5
0e3ed13ee79c57f7a425cb553cb8f1a6

SHA1
b80cbbe57bede6b1620be134479d1acebdc8e7ee

SHA256
2fbb8507d2b662c6706b572857acaf176fe76ba0bc9789f1c2de4ea72507d265

SHA512
3fdd26fb0790ff2e0d809462adb7ebfc0c4b085decf66a23159effa1eab0c46de1b0543b7a7e48acc6543a47bcb3f5ca64298e013b83cb2213f225d852ce725c

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSB1B3.tmp\settings.ini

Filesize
6KB

MD5
66dfd77a1b2c2891702d41c58bce51be

SHA1
cfb38acc590ab1894710b8fef5c68a6630eae950

SHA256
303161e529e1cf8b43648e0089c2cd1723ad8cd5fc935cfb3b3ba0a91f257da6

SHA512
d804d5aebb92d2c6936a5ebd253c20a2b74f7563b3441f940fff1bcaf31ce767563c9d6a6b57cc76c0d19dfa9d9cc291fa187b44d912da3d71fe8bc7af3a3aa9

Download Submit
\Users\Admin\AppData\Local\Temp\7zSB1B3.tmp\50fdbc81a0e2e.exe

Filesize
71KB

MD5
b78633fae8aaf5f7e99e9c736f44f9c5

SHA1
26fc60e29c459891ac0909470ac6c61a1eca1544

SHA256
d205693516dbaf34cfbd216e825190de4de1412e861bc9cb30ce863907b30d22

SHA512
3885b609269b26918ccfcd9069181168c12f4271b6bdfcc51afe176b2dd242d4c0953ac1a4ddaf25abcfaf28a0b694a6269d96ae39bb7b2db2f0140d2d60cd43

Download Submit
\Users\Admin\AppData\Local\Temp\nsoB221.tmp\UserInfo.dll

Filesize
4KB

MD5
7579ade7ae1747a31960a228ce02e666

SHA1
8ec8571a296737e819dcf86353a43fcf8ec63351

SHA256
564c80dec62d76c53497c40094db360ff8a36e0dc1bda8383d0f9583138997f5

SHA512
a88bc56e938374c333b0e33cb72951635b5d5a98b9cb2d6785073cbcad23bf4c0f9f69d3b7e87b46c76eb03ced9bb786844ce87656a9e3df4ca24acf43d7a05b

Download Submit
\Users\Admin\AppData\Local\Temp\nsoB221.tmp\nsJSON.dll

Filesize
7KB

MD5
b9cd1b0fd3af89892348e5cc3108dce7

SHA1
f7bc59bf631303facfc970c0da67a73568e1dca6

SHA256
49b173504eb9cd07e42a3c4deb84c2cd3f3b49c7fb0858aee43ddfc64660e384

SHA512
fdcbdd21b831a92ca686aab5b240f073a89a08588e42439564747cad9160d79cfa8e3c103b6b4f2917684c1a591880203b4303418b85bc040f9f00b6658b0c90

Download Submit
memory/2768-79-0x0000000074F80000-0x0000000074F8A000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads