15ebf60cd115b865988aaaf4f3306c2c78ee6a89dd91ce2ea36e75227f5b2904

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
31-10-2024 08:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

827250ee4dd85635f705c89f0af6fd99_JaffaCakes118.exe
Size

551KB
MD5

827250ee4dd85635f705c89f0af6fd99
SHA1

e173ae69f0bf16a987b237149069656952ffbdcc
SHA256

15ebf60cd115b865988aaaf4f3306c2c78ee6a89dd91ce2ea36e75227f5b2904
SHA512

ad97df5ccee5aec04f8a8302537301c275a279174d342ccd1eaa1bbd539cd82c6d84fa3d52a9f811d9f6df7fe78f235eb17ea7a4d08607e98d7db01685d23437
SSDEEP

12288:h1OgLdaOUWctn+MEfOUgbJuMmFcouJqkR:h1OYdaOUtMOUgJHJJqkR

Score

7^/10

adware discovery stealer

Malware Config

Signatures

Loads dropped DLL 2 IoCs

pid	Process
1552	regsvr32.exe
1552	regsvr32.exe

Drops Chrome extension 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfnejjaecjdcnjllkikgjbpekhpcbdhg\3.8\manifest.json	regsvr32.exe

Installs/modifies Browser Helper Object 2 TTPs 4 IoCs

BHOs are DLL modules which act as plugins for Internet Explorer.

stealer adware

Modify Registry

T1112

Browser Extensions

T1176

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{0E356C1B-84BE-7874-CCFD-BB8A5C025362}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{0E356C1B-84BE-7874-CCFD-BB8A5C025362}\ = "Browse2savei"	regsvr32.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{0E356C1B-84BE-7874-CCFD-BB8A5C025362}\NoExplorer = "1"	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{0E356C1B-84BE-7874-CCFD-BB8A5C025362}	regsvr32.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	827250ee4dd85635f705c89f0af6fd99_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regsvr32.exe

Modifies Internet Explorer settings 1 TTPs 4 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration\{0E356C1B-84BE-7874-CCFD-BB8A5C025362}	regsvr32.exe
Key deleted	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration\{0E356C1B-84BE-7874-CCFD-BB8A5C025362}	regsvr32.exe
Key deleted	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration	regsvr32.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration	regsvr32.exe

Modifies registry class 63 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\BRoowsE2save.BRoowsE2save.3.8\CLSID	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ = "ILocalStorage"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BRoowsE2save.BRoowsE2save.3.8\CLSID\ = "{0E356C1B-84BE-7874-CCFD-BB8A5C025362}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BRoowsE2save.BRoowsE2save\CLSID\ = "{0E356C1B-84BE-7874-CCFD-BB8A5C025362}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0E356C1B-84BE-7874-CCFD-BB8A5C025362}\InprocServer32\ = "C:\\ProgramData\\Browse2savei\\iS.dll"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ProxyStubClsid32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ = "ILocalStorage"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0E356C1B-84BE-7874-CCFD-BB8A5C025362}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0E356C1B-84BE-7874-CCFD-BB8A5C025362}\ = "Browse2savei"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BRoowsE2save.BRoowsE2save\CurVer\ = "BRoowsE2save.3.8"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0E356C1B-84BE-7874-CCFD-BB8A5C025362}\ProgID	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ = "IIEPluginMain"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib\Version = "1.0"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ = "IIEPluginMain"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ProxyStubClsid32	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0E356C1B-84BE-7874-CCFD-BB8A5C025362}\VersionIndependentProgID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ProxyStubClsid32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BRoowsE2save.BRoowsE2save.3.8\ = "Browse2savei"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BRoowsE2save.BRoowsE2save\ = "Browse2savei"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0E356C1B-84BE-7874-CCFD-BB8A5C025362}\InprocServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\ = "IEPluginLib"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib\ = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\0	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib\Version = "1.0"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib\ = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ProxyStubClsid32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\BRoowsE2save.BRoowsE2save\CLSID	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0E356C1B-84BE-7874-CCFD-BB8A5C025362}\ProgID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\HELPDIR	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\HELPDIR\ = "C:\\ProgramData\\Browse2savei"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\BRoowsE2save.BRoowsE2save.3.8	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0E356C1B-84BE-7874-CCFD-BB8A5C025362}\InprocServer32\ThreadingModel = "Apartment"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\FLAGS\ = "0"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib\Version = "1.0"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0E356C1B-84BE-7874-CCFD-BB8A5C025362}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\0\win32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib\ = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\BRoowsE2save.BRoowsE2save	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\BRoowsE2save.BRoowsE2save\CurVer	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0E356C1B-84BE-7874-CCFD-BB8A5C025362}\ProgID\ = "BRoowsE2save.3.8"	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0E356C1B-84BE-7874-CCFD-BB8A5C025362}\Programmable	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\FLAGS	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0E356C1B-84BE-7874-CCFD-BB8A5C025362}\VersionIndependentProgID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0E356C1B-84BE-7874-CCFD-BB8A5C025362}\Programmable	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib\Version = "1.0"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0E356C1B-84BE-7874-CCFD-BB8A5C025362}\VersionIndependentProgID\ = "BRoowsE2save"	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0E356C1B-84BE-7874-CCFD-BB8A5C025362}\InprocServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\0\win32\ = "C:\\ProgramData\\Browse2savei\\iS.tlb"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib\ = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}"	regsvr32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2664 wrote to memory of 1552	2664	827250ee4dd85635f705c89f0af6fd99_JaffaCakes118.exe	31
PID 2664 wrote to memory of 1552	2664	827250ee4dd85635f705c89f0af6fd99_JaffaCakes118.exe	31
PID 2664 wrote to memory of 1552	2664	827250ee4dd85635f705c89f0af6fd99_JaffaCakes118.exe	31
PID 2664 wrote to memory of 1552	2664	827250ee4dd85635f705c89f0af6fd99_JaffaCakes118.exe	31
PID 2664 wrote to memory of 1552	2664	827250ee4dd85635f705c89f0af6fd99_JaffaCakes118.exe	31
PID 2664 wrote to memory of 1552	2664	827250ee4dd85635f705c89f0af6fd99_JaffaCakes118.exe	31
PID 2664 wrote to memory of 1552	2664	827250ee4dd85635f705c89f0af6fd99_JaffaCakes118.exe	31

C:\Users\Admin\AppData\Local\Temp\827250ee4dd85635f705c89f0af6fd99_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\827250ee4dd85635f705c89f0af6fd99_JaffaCakes118.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2664
- C:\Windows\SysWOW64\regsvr32.exe
  "C:\Windows\System32\regsvr32.exe" /n /s /i:"" tw.dll
  2⤵
  - Loads dropped DLL
  - Drops Chrome extension
  - Installs/modifies Browser Helper Object
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Modifies registry class
  PID:1552

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Browser Extensions

T1176

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\7zSD421.tmp\Preferences.C__Users_Admin_AppData_Local_Google_Chrome_User Data_Default_Preferences

Filesize
5KB

MD5
e3ee78a1ea3b4ed469184a2f4a9c200b

SHA1
9e66c69796ab17b4ae5906df2638a78b987afeb9

SHA256
e6391e7f9c885dac819351d31f9cbfbd84ed73fdf89e121fec59068b9621e556

SHA512
7b6c2ae3c0567528a0c18f12cdfb6932cb06b8afc6070c0352daeccae5c2000fdd99208c4afdbc7c735e3601138a0383be987b30738e114246de4b87f63cf3b4

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSD421.tmp\hfnejjaecjdcnjllkikgjbpekhpcbdhg\B2X.js

Filesize
5KB

MD5
2f542fb9e228d9eeaa2c076fbd088bf0

SHA1
c68bb819bbc4d934b945c197cc0185c3ebceeef4

SHA256
a6c2117775984ca42408a1abc758052b5e17f54cf743bdb1b5e21e99be9f26e8

SHA512
b4e325f8c905d355453de572010c250ff777b343df5573f2e59b1ca121272718ecc78cc6241ef1ad9f803152553499b27861c2826ec63807c4678b7e92bc901d

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSD421.tmp\hfnejjaecjdcnjllkikgjbpekhpcbdhg\background.html

Filesize
140B

MD5
743bba8389307479d3a6ee9d5bbfa7d2

SHA1
dd4f0c5f69cae09566e4bf0125a630c2087a1c40

SHA256
b362e33b275bcdd82bfaa258cb6e6a9a5ff7b3e5b815adaf2410f51d8e4920e4

SHA512
6aef9d26221e11a10dcd3bc00c51f2ba9395580a2a965e2dec47af7d09fed9055db004cf9ef5d8c67838f08ecef9e6d0a39e5d94e6445f1199abce540ccaea21

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSD421.tmp\hfnejjaecjdcnjllkikgjbpekhpcbdhg\content.js

Filesize
197B

MD5
5f9891607f65f433b0690bae7088b2c1

SHA1
b4edb7579dca34dcd00bca5d2c13cbc5c8fac0de

SHA256
fb01e87250ac9985ed08d97f2f99937a52998ea9faebdc88e4071d6517e1ea6b

SHA512
76018b39e4b62ff9ea92709d12b0255f33e8402dfc649ed403382eebc22fb37c347c403534a7792e6b5de0ed0a5d97a09b69f0ffc39031cb0d4c7d79e9440c7c

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSD421.tmp\hfnejjaecjdcnjllkikgjbpekhpcbdhg\lsdb.js

Filesize
559B

MD5
209b7ae0b6d8c3f9687c979d03b08089

SHA1
6449f8bff917115eef4e7488fae61942a869200f

SHA256
e3cf0049af8b9f6cb4f0223ccb8438f4b0c75863684c944450015868a0c45704

SHA512
1b38d5509283ef25de550b43ef2535dee1a13eff12ad5093f513165a47eec631bcc993242e2ce640f36c61974431ae2555bd6e2a97aba91eb689b7cd4bf25a25

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSD421.tmp\hfnejjaecjdcnjllkikgjbpekhpcbdhg\manifest.json

Filesize
504B

MD5
c3c9087ef070b00a541fc3e4f8042072

SHA1
7e5178f5d3dd2a670ecef8a551e0f8efcd886905

SHA256
815a973802960bf9879727af9abbb781632e9957294d32784604fd424fc23818

SHA512
02a73a70272ad239f797a685d04245fa4620236afcce4207d8ad85e713e8e5f1559fc072183403c00dc0e5c3175ddbabc831fb34da5e43fe46325941f5c8955c

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSD421.tmp\hfnejjaecjdcnjllkikgjbpekhpcbdhg\sqlite.js

Filesize
1KB

MD5
240f81dc75ead78e9446d4f34fdc04c7

SHA1
3458949c42554503696b0ab76733f91b9e46df4c

SHA256
a769ee51d6ba3cb6ef05f582f4997f55d8c098109fe57fe9e322fd1ff94f1224

SHA512
e620da8897941eab4ed570300965a50bd1efcd3dfcaa23aeb1d448bf6d3443e669486d87a7ebed2bdbefd9b2ac7d49dae5d16b65a8674ad2817bc4d16c06fd54

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSD421.tmp\iS.dll

Filesize
180KB

MD5
0e093772550eb9541dd715c016b5584a

SHA1
20338dc859a5652f5661280dc508f4e5b533e76d

SHA256
028999304f35f7a6fc2cf6e360d4ea587612d63ce191fa979cc98ccca46ab149

SHA512
0030b395e2fde6bc9f70f52e71d8e87d306cff8afd2acbad725c4cc92b6d7916a38c1d6d156feaec841966492d32394982ef51989e2b8673d7c00e103f744dd5

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSD421.tmp\iS.tlb

Filesize
2KB

MD5
48e9706fe9f76731f3576122fc3e9e33

SHA1
387c8c4898ead8ace488a7df80fead429eaf167b

SHA256
7bad79916803a14ca817e5c39f5ec2f0f240044d6dc24fb4916c8fda338060f1

SHA512
e9b44a2b1b7a806066182a084ec9df81916fc6db79710256e173377e7cd64a732c006830bbe324a9a734731ecde8b8251cfa995399f6d4df5322faff99c458b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSD421.tmp\[email protected]\bootstrap.js

Filesize
2KB

MD5
2ab7566d40ff3447f4d500605c7b0dbb

SHA1
3d68c5f590f2227b98d271d70fc924e29149c80a

SHA256
28143245f1b1e8b4831962539e23cfbcd2ca5b33820462c1e96162254002de43

SHA512
9d3d26d0ef26ad8a22d7e43fe5aad3a2da032daf9c8d537b3de72931e6e02fce19fcd103414eaf448ca7652673f699fa03b7d5c6fbb950a33f8cfc255d8c9eec

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSD421.tmp\[email protected]\chrome.manifest

Filesize
98B

MD5
339c7fb5d406596356f67fb1d6e9bb0c

SHA1
684498228fd8b36791c0bd35aa4c78f000ad25ac

SHA256
3a1aece3809c5124b3ebf4237ec7196f79044193f1787040e73bcd0a47d5190b

SHA512
41b98eaff3b76e4daea6373396cecd93f8a7f124667fc2761d565165169939f954e1aa25a8fd605d78af3ed96b385e8b69bfe69c67811c8c1204f7fed814550d

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSD421.tmp\[email protected]\content\bg.js

Filesize
9KB

MD5
fa5ac1110cf54bc10cb4a80f779faac7

SHA1
b76098a90346d708b6fc83dc623b1126a735a667

SHA256
164055e3a08abd5b474cc23c5f08c0c32893a3f44003ddff8299a338ecc9798f

SHA512
d5f88c758f27e29163e50dd8f8c301e16362c1b05c09af553525e990c2f8a8c9a102d89b458fd6ed18139720ae2d3159badf614d6c8a9cee3b5fd5877ad7f31c

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSD421.tmp\[email protected]\install.rdf

Filesize
612B

MD5
6fc155a252aced5a8fa92e3844d6af85

SHA1
c6ff2cf9e62cebb18e64c29c7b1ab4cbd7d2ae54

SHA256
55444412214c1c59d125f4e076eced729d54b26d72faaddae22275476c917ead

SHA512
3f6fd46b872eeefaaaef4c3f8d0ce2ad695fc888caf78ceb67fccfb16a84c42c41075be251327b425625523d41223beb8fa267521e3eee5529cea56e80448ffe

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSD421.tmp\settings.ini

Filesize
7KB

MD5
1f4aa24b6c39788d0c440ce9c2dd98dc

SHA1
c6b3b457e70f2f81c5e5590b36ab39d143fe3b3c

SHA256
270603ec7fc0529bff598c1d3dc5cbfe52850ddb95d820f8ac340ac816e47b86

SHA512
5eca7c906a46b16bcf8186990bfed2caf7c92c63247a2e0803077a74bed0084d14f1bd0d4c9047aed9630c5213a31d96abd26d45a14830f1f7fc7500b10f4934

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSD421.tmp\tw.dll

Filesize
203KB

MD5
41b13b132cb601ecc466654b90296353

SHA1
245258ddccb48826f22d57444f49fa30be1b36fd

SHA256
7fa4bb68c313e1090587a64b90e87bdcbc14ea3fb7c0e8cff94c657c969b70bf

SHA512
0e8de7bbe3695848e299fe3f3506f2e982a60cf0a0dd11cde86de4af67ef3c7b46458680d7bad9cedaa266ea33cb2e77f2aa83fcf1bdd20bf31d1936f2bd69a6

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads