a08a98bc149a27bc5e64f1766b2e3ed500ca32fd46a2ca74df9672860269f396

Analysis

max time kernel
140s
max time network
87s
platform
windows7_x64
resource
win7-20240729-en
submitted
25/11/2024, 15:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9c437863ce287dbe91d54c9d8a06d226_JaffaCakes118.exe
Size

6.1MB
MD5

9c437863ce287dbe91d54c9d8a06d226
SHA1

dface0d050c8010765d3efc8c3940e47bd230a11
SHA256

a08a98bc149a27bc5e64f1766b2e3ed500ca32fd46a2ca74df9672860269f396
SHA512

f83da58a21c3ac8a5d169426e29d9cdb0ce9e3a6eaef700e686ed884f224bf3817e9fcf1f4e1e2fee790eae589418d6afc541ab9d08eee14db447745cbf9b239
SSDEEP

98304:JotyK3buHcaUbxL/EnRJ2VFHFJcPFJPMuG+ZYvZVEfCcfnA9Qzd3cQAspTXoB:EaHS/sMFliN5vtUf4fzfAsdoB

Score

7^/10

discovery persistence privilege_escalation

Malware Config

Signatures

Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
persistence privilege_escalation

Component Object Model Hijacking
T1546.015

Executes dropped EXE 1 IoCs

pid	Process
1424	supercopier.exe

Loads dropped DLL 40 IoCs

pid	Process
1164	9c437863ce287dbe91d54c9d8a06d226_JaffaCakes118.exe
1164	9c437863ce287dbe91d54c9d8a06d226_JaffaCakes118.exe
1164	9c437863ce287dbe91d54c9d8a06d226_JaffaCakes118.exe
1164	9c437863ce287dbe91d54c9d8a06d226_JaffaCakes118.exe
1164	9c437863ce287dbe91d54c9d8a06d226_JaffaCakes118.exe
332	regsvr32.exe
1164	9c437863ce287dbe91d54c9d8a06d226_JaffaCakes118.exe
1164	9c437863ce287dbe91d54c9d8a06d226_JaffaCakes118.exe
988	regsvr32.exe
1164	9c437863ce287dbe91d54c9d8a06d226_JaffaCakes118.exe
1164	9c437863ce287dbe91d54c9d8a06d226_JaffaCakes118.exe
1424	supercopier.exe
1424	supercopier.exe
1424	supercopier.exe
1424	supercopier.exe
1424	supercopier.exe
1424	supercopier.exe
1424	supercopier.exe
1424	supercopier.exe
1424	supercopier.exe
1424	supercopier.exe
1424	supercopier.exe
1424	supercopier.exe
1424	supercopier.exe
1424	supercopier.exe
1424	supercopier.exe
1424	supercopier.exe
1424	supercopier.exe
1424	supercopier.exe
1424	supercopier.exe
1424	supercopier.exe
1424	supercopier.exe
1424	supercopier.exe
1424	supercopier.exe
1424	supercopier.exe
1424	supercopier.exe
1424	supercopier.exe
1424	supercopier.exe
1168	regsvr32.exe
816	regsvr32.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Run\ultracopier = "\"C:\\Program Files\\Supercopier\\supercopier.exe\""	supercopier.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Supercopier\CopyEngine\Ultracopier\Languages\fr\translation.qm	9c437863ce287dbe91d54c9d8a06d226_JaffaCakes118.exe
File created	C:\Program Files\Supercopier\CopyEngine\Ultracopier\Languages\hu\translation.qm	9c437863ce287dbe91d54c9d8a06d226_JaffaCakes118.exe
File created	C:\Program Files\Supercopier\Languages\ar\translation.qm	9c437863ce287dbe91d54c9d8a06d226_JaffaCakes118.exe
File created	C:\Program Files\Supercopier\Languages\fr\flag.png	9c437863ce287dbe91d54c9d8a06d226_JaffaCakes118.exe
File created	C:\Program Files\Supercopier\PluginLoader\catchcopy-v0002\Languages\it\translation.qm	9c437863ce287dbe91d54c9d8a06d226_JaffaCakes118.exe
File created	C:\Program Files\Supercopier\Themes\Windows\Languages\en\translation.qm	9c437863ce287dbe91d54c9d8a06d226_JaffaCakes118.exe
File created	C:\Program Files\Supercopier\CopyEngine\Ultracopier\Languages\zh\translation.qm	9c437863ce287dbe91d54c9d8a06d226_JaffaCakes118.exe
File created	C:\Program Files\Supercopier\Languages\es\flag.png	9c437863ce287dbe91d54c9d8a06d226_JaffaCakes118.exe
File created	C:\Program Files\Supercopier\Languages\es\qt.qm	9c437863ce287dbe91d54c9d8a06d226_JaffaCakes118.exe
File created	C:\Program Files\Supercopier\Languages\ko\flag.png	9c437863ce287dbe91d54c9d8a06d226_JaffaCakes118.exe
File created	C:\Program Files\Supercopier\Languages\pt\informations.xml	9c437863ce287dbe91d54c9d8a06d226_JaffaCakes118.exe
File created	C:\Program Files\Supercopier\PluginLoader\catchcopy-v0002\Languages\hu\translation.qm	9c437863ce287dbe91d54c9d8a06d226_JaffaCakes118.exe
File created	C:\Program Files\Supercopier\Themes\Clean\Languages\el\translation.qm	9c437863ce287dbe91d54c9d8a06d226_JaffaCakes118.exe
File created	C:\Program Files\Supercopier\Themes\Teracopy\Languages\ko\translation.qm	9c437863ce287dbe91d54c9d8a06d226_JaffaCakes118.exe
File created	C:\Program Files\Supercopier\Languages\ja\informations.xml	9c437863ce287dbe91d54c9d8a06d226_JaffaCakes118.exe
File created	C:\Program Files\Supercopier\Languages\th\translation.qm	9c437863ce287dbe91d54c9d8a06d226_JaffaCakes118.exe
File created	C:\Program Files\Supercopier\PluginLoader\catchcopy-v0002\Languages\hi\translation.qm	9c437863ce287dbe91d54c9d8a06d226_JaffaCakes118.exe
File created	C:\Program Files\Supercopier\PluginLoader\catchcopy-v0002\Languages\ru\translation.qm	9c437863ce287dbe91d54c9d8a06d226_JaffaCakes118.exe
File created	C:\Program Files\Supercopier\Qt5Gui.dll	9c437863ce287dbe91d54c9d8a06d226_JaffaCakes118.exe
File created	C:\Program Files\Supercopier\Languages\fr\translation.qm	9c437863ce287dbe91d54c9d8a06d226_JaffaCakes118.exe
File created	C:\Program Files\Supercopier\Listener\catchcopy-v0002\listener.dll	9c437863ce287dbe91d54c9d8a06d226_JaffaCakes118.exe
File created	C:\Program Files\Supercopier\PluginLoader\catchcopy-v0002\Languages\de\translation.qm	9c437863ce287dbe91d54c9d8a06d226_JaffaCakes118.exe
File created	C:\Program Files\Supercopier\Themes\Clean\interface.dll	9c437863ce287dbe91d54c9d8a06d226_JaffaCakes118.exe
File created	C:\Program Files\Supercopier\Themes\Clean\Languages\hi\translation.qm	9c437863ce287dbe91d54c9d8a06d226_JaffaCakes118.exe
File created	C:\Program Files\Supercopier\Themes\Teracopy\Languages\zh\translation.qm	9c437863ce287dbe91d54c9d8a06d226_JaffaCakes118.exe
File created	C:\Program Files\Supercopier\Themes\Windows\Languages\ko\translation.qm	9c437863ce287dbe91d54c9d8a06d226_JaffaCakes118.exe
File created	C:\Program Files\Supercopier\PluginLoader\catchcopy-v0002\Languages\zh\translation.qm	9c437863ce287dbe91d54c9d8a06d226_JaffaCakes118.exe
File created	C:\Program Files\Supercopier\Themes\Clean\Languages\de\translation.qm	9c437863ce287dbe91d54c9d8a06d226_JaffaCakes118.exe
File created	C:\Program Files\Supercopier\Themes\Clean\Languages\en\translation.qm	9c437863ce287dbe91d54c9d8a06d226_JaffaCakes118.exe
File created	C:\Program Files\Supercopier\Themes\Supercopier\interface.dll	9c437863ce287dbe91d54c9d8a06d226_JaffaCakes118.exe
File created	C:\Program Files\Supercopier\Languages\ru\translation.qm	9c437863ce287dbe91d54c9d8a06d226_JaffaCakes118.exe
File created	C:\Program Files\Supercopier\Themes\Windows\informations.xml	9c437863ce287dbe91d54c9d8a06d226_JaffaCakes118.exe
File created	C:\Program Files\Supercopier\CopyEngine\Ultracopier\Languages\th\translation.qm	9c437863ce287dbe91d54c9d8a06d226_JaffaCakes118.exe
File created	C:\Program Files\Supercopier\Languages\ru\informations.xml	9c437863ce287dbe91d54c9d8a06d226_JaffaCakes118.exe
File created	C:\Program Files\Supercopier\Themes\Teracopy\Languages\de\translation.qm	9c437863ce287dbe91d54c9d8a06d226_JaffaCakes118.exe
File created	C:\Program Files\Supercopier\Themes\Teracopy\Languages\hu\translation.qm	9c437863ce287dbe91d54c9d8a06d226_JaffaCakes118.exe
File created	C:\Program Files\Supercopier\CopyEngine\Ultracopier\Languages\de\translation.qm	9c437863ce287dbe91d54c9d8a06d226_JaffaCakes118.exe
File created	C:\Program Files\Supercopier\CopyEngine\Ultracopier\Languages\pl\translation.qm	9c437863ce287dbe91d54c9d8a06d226_JaffaCakes118.exe
File created	C:\Program Files\Supercopier\Themes\Clean\Languages\nl\translation.qm	9c437863ce287dbe91d54c9d8a06d226_JaffaCakes118.exe
File created	C:\Program Files\Supercopier\Themes\Supercopier\Languages\ru\translation.qm	9c437863ce287dbe91d54c9d8a06d226_JaffaCakes118.exe
File created	C:\Program Files\Supercopier\qt-plugins\platforms\qwindows.dll	9c437863ce287dbe91d54c9d8a06d226_JaffaCakes118.exe
File created	C:\Program Files\Supercopier\Languages\zh\informations.xml	9c437863ce287dbe91d54c9d8a06d226_JaffaCakes118.exe
File created	C:\Program Files\Supercopier\CopyEngine\Ultracopier\Languages\el\translation.qm	9c437863ce287dbe91d54c9d8a06d226_JaffaCakes118.exe
File created	C:\Program Files\Supercopier\CopyEngine\Ultracopier\Languages\ko\translation.qm	9c437863ce287dbe91d54c9d8a06d226_JaffaCakes118.exe
File created	C:\Program Files\Supercopier\Languages\hu\translation.qm	9c437863ce287dbe91d54c9d8a06d226_JaffaCakes118.exe
File created	C:\Program Files\Supercopier\Languages\id\informations.xml	9c437863ce287dbe91d54c9d8a06d226_JaffaCakes118.exe
File created	C:\Program Files\Supercopier\Languages\ko\translation.qm	9c437863ce287dbe91d54c9d8a06d226_JaffaCakes118.exe
File created	C:\Program Files\Supercopier\SessionLoader\Windows\sessionLoader.dll	9c437863ce287dbe91d54c9d8a06d226_JaffaCakes118.exe
File created	C:\Program Files\Supercopier\Themes\Clean\informations.xml	9c437863ce287dbe91d54c9d8a06d226_JaffaCakes118.exe
File created	C:\Program Files\Supercopier\PluginLoader\catchcopy-v0002\Languages\ja\translation.qm	9c437863ce287dbe91d54c9d8a06d226_JaffaCakes118.exe
File created	C:\Program Files\Supercopier\CopyEngine\Ultracopier\Languages\pt\translation.qm	9c437863ce287dbe91d54c9d8a06d226_JaffaCakes118.exe
File created	C:\Program Files\Supercopier\Languages\pt\flag.png	9c437863ce287dbe91d54c9d8a06d226_JaffaCakes118.exe
File created	C:\Program Files\Supercopier\Languages\es\informations.xml	9c437863ce287dbe91d54c9d8a06d226_JaffaCakes118.exe
File created	C:\Program Files\Supercopier\Languages\ru\qt.qm	9c437863ce287dbe91d54c9d8a06d226_JaffaCakes118.exe
File created	C:\Program Files\Supercopier\PluginLoader\catchcopy-v0002\Languages\nl\translation.qm	9c437863ce287dbe91d54c9d8a06d226_JaffaCakes118.exe
File created	C:\Program Files\Supercopier\Themes\Windows\Languages\fr\translation.qm	9c437863ce287dbe91d54c9d8a06d226_JaffaCakes118.exe
File created	C:\Program Files\Supercopier\Languages\es\translation.qm	9c437863ce287dbe91d54c9d8a06d226_JaffaCakes118.exe
File created	C:\Program Files\Supercopier\Languages\hi\translation.qm	9c437863ce287dbe91d54c9d8a06d226_JaffaCakes118.exe
File created	C:\Program Files\Supercopier\Languages\zh\flag.png	9c437863ce287dbe91d54c9d8a06d226_JaffaCakes118.exe
File created	C:\Program Files\Supercopier\Themes\Clean\Languages\fr\translation.qm	9c437863ce287dbe91d54c9d8a06d226_JaffaCakes118.exe
File created	C:\Program Files\Supercopier\Themes\Clean\Languages\ja\translation.qm	9c437863ce287dbe91d54c9d8a06d226_JaffaCakes118.exe
File created	C:\Program Files\Supercopier\Themes\Teracopy\Languages\ja\translation.qm	9c437863ce287dbe91d54c9d8a06d226_JaffaCakes118.exe
File created	C:\Program Files\Supercopier\Themes\Clean\Languages\th\translation.qm	9c437863ce287dbe91d54c9d8a06d226_JaffaCakes118.exe
File created	C:\Program Files\Supercopier\uninst.exe	9c437863ce287dbe91d54c9d8a06d226_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regsvr32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9c437863ce287dbe91d54c9d8a06d226_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regsvr32.exe

Modifies registry class 61 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{68D44A27-FFB6-4B89-A3E5-7B0E50A7AB33}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{68FF37C4-51BC-4c2a-A992-7E39BC0E706F}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{68FF37C4-51BC-4c2a-A992-7E39BC0E706F}\InprocServer32\ThreadingModel = "Apartment"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\CatchCopy\ = "{68D44A27-FFB6-4B89-A3E5-7B0E50A7AB33}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{68D44A27-FFB6-4B89-A3E5-7B0E50A7AB33}\ = "CatchCopy Class"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\textfile\shellex\DragDropHandlers\CatchCopy\ = "{68D44A27-FFB6-4B89-A3E5-7B0E50A7AB33}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{68FF37C4-51BC-4c2a-A992-7E39BC0E706F}\InprocServer32\ThreadingModel = "Apartment"	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{68FF37C4-51BC-4c2a-A992-7E39BC0E706F}\InprocServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\CatchCopy	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\ShellEx\DragDropHandlers\CatchCopy\ = "{68D44A27-FFB6-4B89-A3E5-7B0E50A7AB33}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{68FF37C4-51BC-4c2a-A992-7E39BC0E706F}\InprocServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\ShellEx\DragDropHandlers\CatchCopy64	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{68D44A27-FFB6-4B89-A3E5-7B0E50A7AB33}\InprocServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\textfile\shellex	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{68FF37C4-51BC-4c2a-A992-7E39BC0E706F}\ = "CatchCopy Class"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{68FF37C4-51BC-4c2a-A992-7E39BC0E706F}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{68FF37C4-51BC-4c2a-A992-7E39BC0E706F}\ = "CatchCopy Class"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\CatchCopy64\ = "{68FF37C4-51BC-4c2a-A992-7E39BC0E706F}"	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\CatchCopy64	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\CatchCopy64\ = "{68FF37C4-51BC-4c2a-A992-7E39BC0E706F}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\CatchCopy	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\textfile\shellex\DragDropHandlers	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\CatchCopy	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\ShellEx\DragDropHandlers\CatchCopy64\ = "{68FF37C4-51BC-4c2a-A992-7E39BC0E706F}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{68D44A27-FFB6-4B89-A3E5-7B0E50A7AB33}\InprocServer32\ = "C:\\Program Files\\Supercopier\\PluginLoader\\catchcopy-v0002\\catchcopy32.dll"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\CatchCopy	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\CatchCopy\ = "{68D44A27-FFB6-4B89-A3E5-7B0E50A7AB33}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\ShellEx\DragDropHandlers\CatchCopy	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\CatchCopy64	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{68FF37C4-51BC-4c2a-A992-7E39BC0E706F}\InprocServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\CatchCopy64	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\ShellEx\DragDropHandlers\CatchCopy64	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{68D44A27-FFB6-4B89-A3E5-7B0E50A7AB33}\InprocServer32\ThreadingModel = "Apartment"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\textfile\shellex\DragDropHandlers\CatchCopy	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\CatchCopy64	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{68D44A27-FFB6-4B89-A3E5-7B0E50A7AB33}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{68D44A27-FFB6-4B89-A3E5-7B0E50A7AB33}\InprocServer32\ThreadingModel = "Apartment"	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\CatchCopy	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\ShellEx\DragDropHandlers\CatchCopy64\ = "{68FF37C4-51BC-4c2a-A992-7E39BC0E706F}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{68D44A27-FFB6-4B89-A3E5-7B0E50A7AB33}\InprocServer32\ = "C:\\Program Files\\Supercopier\\PluginLoader\\catchcopy-v0002\\catchcopy32.dll"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\textfile\shellex\DragDropHandlers\CatchCopy	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\ShellEx\DragDropHandlers\CatchCopy	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{68D44A27-FFB6-4B89-A3E5-7B0E50A7AB33}\InprocServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\CatchCopy64\ = "{68FF37C4-51BC-4c2a-A992-7E39BC0E706F}"	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{68FF37C4-51BC-4c2a-A992-7E39BC0E706F}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{68D44A27-FFB6-4B89-A3E5-7B0E50A7AB33}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\CatchCopy64\ = "{68FF37C4-51BC-4c2a-A992-7E39BC0E706F}"	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\ShellEx\DragDropHandlers\CatchCopy64	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\textfile\shellex\DragDropHandlers\CatchCopy	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\CatchCopy	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\CatchCopy\ = "{68D44A27-FFB6-4B89-A3E5-7B0E50A7AB33}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{68FF37C4-51BC-4c2a-A992-7E39BC0E706F}\InprocServer32\ = "C:\\Program Files\\Supercopier\\PluginLoader\\catchcopy-v0002\\catchcopy64.dll"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{68FF37C4-51BC-4c2a-A992-7E39BC0E706F}\InprocServer32\ = "C:\\Program Files\\Supercopier\\PluginLoader\\catchcopy-v0002\\catchcopy64.dll"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\CatchCopy\ = "{68D44A27-FFB6-4B89-A3E5-7B0E50A7AB33}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\ShellEx\DragDropHandlers\CatchCopy	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\CatchCopy64	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\CatchCopy64	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{68D44A27-FFB6-4B89-A3E5-7B0E50A7AB33}\InprocServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\ShellEx\DragDropHandlers\CatchCopy\ = "{68D44A27-FFB6-4B89-A3E5-7B0E50A7AB33}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{68D44A27-FFB6-4B89-A3E5-7B0E50A7AB33}\ = "CatchCopy Class"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\textfile\shellex\DragDropHandlers\CatchCopy\ = "{68D44A27-FFB6-4B89-A3E5-7B0E50A7AB33}"	regsvr32.exe

Suspicious use of FindShellTrayWindow 15 IoCs

pid	Process
1424	supercopier.exe
1424	supercopier.exe
1424	supercopier.exe
1424	supercopier.exe
1424	supercopier.exe
1424	supercopier.exe
1424	supercopier.exe
1424	supercopier.exe
1424	supercopier.exe
1424	supercopier.exe
1424	supercopier.exe
1424	supercopier.exe
1424	supercopier.exe
1424	supercopier.exe
1424	supercopier.exe

Suspicious use of SendNotifyMessage 15 IoCs

pid	Process
1424	supercopier.exe
1424	supercopier.exe
1424	supercopier.exe
1424	supercopier.exe
1424	supercopier.exe
1424	supercopier.exe
1424	supercopier.exe
1424	supercopier.exe
1424	supercopier.exe
1424	supercopier.exe
1424	supercopier.exe
1424	supercopier.exe
1424	supercopier.exe
1424	supercopier.exe
1424	supercopier.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
1424	supercopier.exe
1424	supercopier.exe
1424	supercopier.exe
1424	supercopier.exe

Suspicious use of WriteProcessMemory 42 IoCs

description	pid	Process	procid_target
PID 1164 wrote to memory of 2260	1164	9c437863ce287dbe91d54c9d8a06d226_JaffaCakes118.exe	29
PID 1164 wrote to memory of 2260	1164	9c437863ce287dbe91d54c9d8a06d226_JaffaCakes118.exe	29
PID 1164 wrote to memory of 2260	1164	9c437863ce287dbe91d54c9d8a06d226_JaffaCakes118.exe	29
PID 1164 wrote to memory of 2260	1164	9c437863ce287dbe91d54c9d8a06d226_JaffaCakes118.exe	29
PID 1164 wrote to memory of 2260	1164	9c437863ce287dbe91d54c9d8a06d226_JaffaCakes118.exe	29
PID 1164 wrote to memory of 2260	1164	9c437863ce287dbe91d54c9d8a06d226_JaffaCakes118.exe	29
PID 1164 wrote to memory of 2260	1164	9c437863ce287dbe91d54c9d8a06d226_JaffaCakes118.exe	29
PID 2260 wrote to memory of 332	2260	regsvr32.exe	30
PID 2260 wrote to memory of 332	2260	regsvr32.exe	30
PID 2260 wrote to memory of 332	2260	regsvr32.exe	30
PID 2260 wrote to memory of 332	2260	regsvr32.exe	30
PID 2260 wrote to memory of 332	2260	regsvr32.exe	30
PID 2260 wrote to memory of 332	2260	regsvr32.exe	30
PID 2260 wrote to memory of 332	2260	regsvr32.exe	30
PID 1164 wrote to memory of 988	1164	9c437863ce287dbe91d54c9d8a06d226_JaffaCakes118.exe	31
PID 1164 wrote to memory of 988	1164	9c437863ce287dbe91d54c9d8a06d226_JaffaCakes118.exe	31
PID 1164 wrote to memory of 988	1164	9c437863ce287dbe91d54c9d8a06d226_JaffaCakes118.exe	31
PID 1164 wrote to memory of 988	1164	9c437863ce287dbe91d54c9d8a06d226_JaffaCakes118.exe	31
PID 1164 wrote to memory of 988	1164	9c437863ce287dbe91d54c9d8a06d226_JaffaCakes118.exe	31
PID 1164 wrote to memory of 988	1164	9c437863ce287dbe91d54c9d8a06d226_JaffaCakes118.exe	31
PID 1164 wrote to memory of 988	1164	9c437863ce287dbe91d54c9d8a06d226_JaffaCakes118.exe	31
PID 1164 wrote to memory of 1424	1164	9c437863ce287dbe91d54c9d8a06d226_JaffaCakes118.exe	33
PID 1164 wrote to memory of 1424	1164	9c437863ce287dbe91d54c9d8a06d226_JaffaCakes118.exe	33
PID 1164 wrote to memory of 1424	1164	9c437863ce287dbe91d54c9d8a06d226_JaffaCakes118.exe	33
PID 1164 wrote to memory of 1424	1164	9c437863ce287dbe91d54c9d8a06d226_JaffaCakes118.exe	33
PID 1424 wrote to memory of 1168	1424	supercopier.exe	34
PID 1424 wrote to memory of 1168	1424	supercopier.exe	34
PID 1424 wrote to memory of 1168	1424	supercopier.exe	34
PID 1424 wrote to memory of 1168	1424	supercopier.exe	34
PID 1424 wrote to memory of 1168	1424	supercopier.exe	34
PID 1424 wrote to memory of 1764	1424	supercopier.exe	35
PID 1424 wrote to memory of 1764	1424	supercopier.exe	35
PID 1424 wrote to memory of 1764	1424	supercopier.exe	35
PID 1424 wrote to memory of 1764	1424	supercopier.exe	35
PID 1424 wrote to memory of 1764	1424	supercopier.exe	35
PID 1764 wrote to memory of 816	1764	regsvr32.exe	36
PID 1764 wrote to memory of 816	1764	regsvr32.exe	36
PID 1764 wrote to memory of 816	1764	regsvr32.exe	36
PID 1764 wrote to memory of 816	1764	regsvr32.exe	36
PID 1764 wrote to memory of 816	1764	regsvr32.exe	36
PID 1764 wrote to memory of 816	1764	regsvr32.exe	36
PID 1764 wrote to memory of 816	1764	regsvr32.exe	36

C:\Users\Admin\AppData\Local\Temp\9c437863ce287dbe91d54c9d8a06d226_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\9c437863ce287dbe91d54c9d8a06d226_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:1164
- C:\Windows\system32\regsvr32.exe
  "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files\Supercopier\PluginLoader\catchcopy-v0002\catchcopy32.dll"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2260
- - C:\Windows\SysWOW64\regsvr32.exe
    /s "C:\Program Files\Supercopier\PluginLoader\catchcopy-v0002\catchcopy32.dll"
    3⤵
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Modifies registry class
    PID:332
- C:\Windows\system32\regsvr32.exe
  "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files\Supercopier\PluginLoader\catchcopy-v0002\catchcopy64.dll"
  2⤵
  - Loads dropped DLL
  - Modifies registry class
  PID:988
- C:\Program Files\Supercopier\supercopier.exe
  "C:\Program Files\Supercopier\supercopier.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Adds Run key to start application
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1424
- - C:\Windows\system32\regsvr32.exe
    regsvr32 /s "C:/Program Files/Supercopier\PluginLoader\catchcopy-v0002\catchcopy64.dll"
    3⤵
    - Loads dropped DLL
    - Modifies registry class
    PID:1168
- - C:\Windows\system32\regsvr32.exe
    regsvr32 /s "C:/Program Files/Supercopier\PluginLoader\catchcopy-v0002\catchcopy32.dll"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:1764
  - - C:\Windows\SysWOW64\regsvr32.exe
      /s "C:/Program Files/Supercopier\PluginLoader\catchcopy-v0002\catchcopy32.dll"
      4⤵
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Modifies registry class
      PID:816

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Supercopier\CopyEngine\Ultracopier\Languages\ja\translation.qm

Filesize
327B

MD5
18770de3f96bac1e75e588015024fcf8

SHA1
e6254c054edef68f9c27059efd82eeaa69c863b5

SHA256
257e81e6819f72b7a38099365e27a76faf9b2b5081290730f4784045ecc2df40

SHA512
fcb76291a73d7f2e30f4266ea8f0dfa2d9e203cf9770fb7ffd73cc1994502992fabd0803224c1e1155c1e4b678b5af0e8b3aec114beb1f02299e8885d5a61d0a

Download Submit
C:\Program Files\Supercopier\CopyEngine\Ultracopier\informations.xml

Filesize
1KB

MD5
a2c1b521b30cbdbb199f7feefc7e17dd

SHA1
523a481d35ab57553f4f42d4e61efa44fc3814d3

SHA256
64f4235a2e3aca2d252eafa840392fb539f98cf2e1a9287e1247deeb550b117d

SHA512
c95a813822252dcf8f689a86f232d56537510ce317609588291ee885473847029300ff7a32c8c9294880b97ce46991318d1f46ce677d19016273fe28af8c4273

Download Submit
C:\Program Files\Supercopier\Languages\ar\informations.xml

Filesize
2KB

MD5
85256c44a8a1154e3334e53b8a4642f5

SHA1
e9431a86ae542c404afb204c973abfb28695cb15

SHA256
9d7ccddc5e79298ca2231a699695531201397a77ee53121e0062f6ef20000ab6

SHA512
479410b0296f61b6309257d05207fd5271970556d84bd6e537414769baf7f119c9b798f21228bec5b778b12af6558ce085a408656fbc7106a4c2d341ccd99a4a

Download Submit
C:\Program Files\Supercopier\Languages\de\informations.xml

Filesize
2KB

MD5
d88715fb0de32d3dbf15c02c000faaa8

SHA1
eb3572ffeae9505e40faaa9ad645bf97274b1a8d

SHA256
8e56fd7821fddd9c0ce3d78ea83547c3be353775357c5b647f6187d7327432f4

SHA512
47caf42a7c5bce9a61f2e4bd085a0848758736d0e53dd5e80ea2c0dd575b98b6f71369097110b772fafc9eaf1ebd3c1c73f54c922fa02d17d584a0b468cd766d

Download Submit
C:\Program Files\Supercopier\Languages\el\informations.xml

Filesize
2KB

MD5
3555d1abc169172c904ad862424018aa

SHA1
f49eeb5693b1d4ee097a92a5063b299f2f6e8572

SHA256
72c9f3a0ae53b95c06e22357474c797d585b98090aa52089150807f4ec18eb42

SHA512
1a0863b8bc7d2b4e2f77506d25b6313a2521dcb832202700b872a6eafd89230ae04a7111644ae7a340819b41a772ac10a1ea8add3492740f2f4fa2d4d3353497

Download Submit
C:\Program Files\Supercopier\Languages\es\informations.xml

Filesize
2KB

MD5
1cfe5d8e48c591c867eab2964f0afeff

SHA1
8d1bee77c607573605dd64443e2b95e80a297838

SHA256
9617014ed0dddaeb0b8eb75fc9b895ead01b1b5873bcc79e4003be43c1a9392f

SHA512
a22b214d58002c1d75d8d88a8177c02d51afade44fa4d4f6fa267b17a078ab9575f5d0878ffbf050053262ee8e5cee402e903a53f920580f534ef987e3303e08

Download Submit
C:\Program Files\Supercopier\Languages\fr\informations.xml

Filesize
2KB

MD5
25cbdf207f22069c04df8980ffa0ffd7

SHA1
4bfbb8b2e1a02dac822743c1a171cb39839ded6a

SHA256
ae31a26bb5c0ff223ff69b54d5c46ddc24673db3fe13096136dc8d1f1cdad9c1

SHA512
eacd08c39ae9a47586806e1ef1c2e1e179e1147bab585fe4f12c24ec2f162befcbc1df6a719de3db154443936021de3d4cba5c52a3f0988fe5869c7aed0d74b6

Download Submit
C:\Program Files\Supercopier\Languages\hi\informations.xml

Filesize
2KB

MD5
4c55a381d00fbfde180623c52fe1e193

SHA1
b9f555be405daeb092d7f6d99fcb0928a881a326

SHA256
feef6741cc976bec51cf46b8ca7e6ed7d94c867557fa5cec9019f8106dcaceee

SHA512
f3a74301e38d308ce2a94c54f01f9240ee1e388ef1ac8a5786df4a1ce878b985acdd7a3a48db39e7b80787ebe8d7a496d0c37eeae63034f402c5fa4d2438d9af

Download Submit
C:\Program Files\Supercopier\Languages\hu\informations.xml

Filesize
1KB

MD5
ec247db40ef9839e777bf081c4d6fc2f

SHA1
2fda39998f0cec78f0e8285f39ef6b112479e58a

SHA256
15785e30bbf306fa44f444a746bbc3211a0d9a11a731c3353e041ef3b9fb304f

SHA512
8e42de15802cd8a6c5da1948a97c66059d6ca82ed211210719750e4c32c7990abf9b91cad0c334719bccca07746be625a450b3a00680814851593d9e6e73247f

Download Submit
C:\Program Files\Supercopier\Languages\id\informations.xml

Filesize
2KB

MD5
b422d876c50776794e300d116c1942a7

SHA1
8bda9e881fb903a66a13744fb11cd095418a9bce

SHA256
3929de168ff12ee878a56229b1d974a1ec7a74cf42c73972803a0b3d78efa24e

SHA512
e1ac73ef33c479bf90121c5b765397a371989d2875423af23680688fc0ff8af2fb415fd73590986d3f2fd2177623eb0f8d3609c51578eb4ca379a0d599059ce8

Download Submit
C:\Program Files\Supercopier\Languages\it\informations.xml

Filesize
2KB

MD5
c2b8e33dfaa67956eca93890a4a955bd

SHA1
bf1a1ce8ede1aec6f1f52c40416aad835426f743

SHA256
a951d2772b9208f072993c23432f152ea63681e7e597b03dc0428f3cc25a54bd

SHA512
968f04524d6c85328c889f4b98e1bb7a49b88c68f94a3da1120a150df22d72c4e8caaabd32590bf1dd0cbb0bc7b35718b2fcc74209e8a86b92cd138df4e14686

Download Submit
C:\Program Files\Supercopier\Languages\ja\informations.xml

Filesize
2KB

MD5
d0f45100736a34b4a37a4731de3f06f0

SHA1
eb1fbf55dc0385ae8f40e66401ad37b0ee45efcd

SHA256
510b001a221b9f49d9191ac56234a6f5e294cf96f5f4bfc0f57babc0aca98609

SHA512
6dc9e6432c697ec32fb0a801b14615869d9a63960bccee0baaa0ab5fb915668e88dc15dcfd8d91bc22ccb02166f74037eb9eb70499c056db6c2c744291bd7bda

Download Submit
C:\Program Files\Supercopier\Languages\ko\informations.xml

Filesize
2KB

MD5
aca0ddd59ab032a50d418b44ee835804

SHA1
81191f91290d7f2216c66da980aa91a09d5b63bf

SHA256
e6eb3710361b2abe854944bf810f19f9d3ccb88d37ce98981bb41562efbc8355

SHA512
6a4b4d152bdd2620d5dc7e78766d759af43d775ec486cf79a46bf6d97d3d370190f997cf92a8a53eff4e6c2f597b28890d0d7e2bcab5584386ea8e92116bd0f7

Download Submit
C:\Program Files\Supercopier\Languages\nl\informations.xml

Filesize
2KB

MD5
f1bd1eea1262ca0280f735384358cfaa

SHA1
1077792a443e45b9a2f953c85ef8d9ef59c46dc1

SHA256
2af9c934bc4cdf978ad4652035386bee1c4bc97314bff665e882a1a32138cb93

SHA512
f38b4d7300f3713884b822c5cf5d5e408292a22d906612001e497566c475db4b3492b58b874914885fbbbcc6c3ecdc5b0d51b1fa464a3aa2f257c9e7ed538e34

Download Submit
C:\Program Files\Supercopier\Languages\no\informations.xml

Filesize
2KB

MD5
21d7ec2bd85e741d0363ae1dd1923404

SHA1
7875d9e39f1eb7a440a330065db480478fb9e18f

SHA256
2855bc8701ef680123b26427cd9f650d12aaab9b08048020bb394c672f670b97

SHA512
5f1ba75d544d5d6fb929c95e40372ce58fd35d937fd7fd68209b281d68e3d3b69d3d55a820615966b9aa6a127fa30027361226687733efaf4666dfb69e809aab

Download Submit
C:\Program Files\Supercopier\Languages\pl\informations.xml

Filesize
2KB

MD5
3f74240600f89ef23656ad9441163abe

SHA1
fb95058907105c38e8093f0f380ffe14b4de6b52

SHA256
6387522ebe903f6c406047318427584f4f46aa84791f69f40b1a20b47aeca7b5

SHA512
5de1b02ed7da4c3e9a468aecf9d103fe39c4a24e586991085d7886575ad61ad83874a04a547a4e104e16c4cd1f8d663bbb3ceacf445b8d267ca4bafc4275f4c0

Download Submit
C:\Program Files\Supercopier\Languages\pt\informations.xml

Filesize
2KB

MD5
20ba8ae503282446b3bae28928c7e309

SHA1
b2996340475e60f938eb46e4963f2799732f3dec

SHA256
72db695aaf960ee4fd828fab54d3f03865c067a3d47b8f1e6cda01fd3fdffde3

SHA512
3e98e8b8d72265d98997d026640c39ee916293b0bffcdddcfec207d700a649fcff14b38731ff8e8887a02d433c0dedad9c034eb155ae1c7cb000a105418728f9

Download Submit
C:\Program Files\Supercopier\Languages\ru\informations.xml

Filesize
2KB

MD5
94b5229f88de6fa0470dfcc15d3c0047

SHA1
2892cb796b25e3641023db7190bb913de3f7eb7e

SHA256
ffa44f35acc4bf8ef9649fecebc7f5907cd1f20dd2d1860c192ed1f816efe041

SHA512
104cf0cb98f9b97d83f26063cac58b3694b3e5c7919e64ab56622f3d84efc12d7bd3f78aa93d35b4f1e160b46ddf614298abd1cabc9fc61bef14e26c67af4052

Download Submit
C:\Program Files\Supercopier\Languages\th\informations.xml

Filesize
2KB

MD5
afbec8cf0f20119f7f4d2b1ed61539e9

SHA1
73cae0d81d1bfed1673c8fd5f7379e3523544267

SHA256
df7065487e58eace1e96d9ba868b9e6228e8ca0a893b79f42f90b80ef6fe5114

SHA512
75cef3b6b78c14482ca60324be14ec1b95800af4d77788b8db7cae274462126c50ff896c65126fa5da3bda21218de852f9882745bbe1a2206d853b9fccb7cd60

Download Submit
C:\Program Files\Supercopier\Languages\tr\informations.xml

Filesize
2KB

MD5
ba92e68e222d71b1f7dbc95cb8cbe7d2

SHA1
f65fb7c2b2cdf1464d2d75a6f1e7063d80be6b74

SHA256
94b7f8429f39d23780cfdd4b2b46502f3f4b0bed908045d885f44fdef9e09da3

SHA512
b673cc02cc955fe00f7ee3ed2dc4c5b8ff0d0629f6732471bb1f3bf82a5ca26bedbfac181a1271a243e9824ea8cf28ad51818d32f159f538923fff218c3efe27

Download Submit
C:\Program Files\Supercopier\Languages\zh\informations.xml

Filesize
2KB

MD5
d50f2b30614fba2730c7b716d717c426

SHA1
d9c539cccb29afd49845446f0abf291299becd91

SHA256
ded43dd6660ed945ce4490c0985e2b6b261649fe83d5dda0dde3c120f68ddc72

SHA512
39227d46885081271a097d398eb020f9004d3369b33e634d2333fe260f97252061018500e00f39a932c0c87b160374a218ece161fcb7334bb4362263eb32a65e

Download Submit
C:\Program Files\Supercopier\Listener\catchcopy-v0002\informations.xml

Filesize
2KB

MD5
d51391bd145cdd4046bf2a413ac91d04

SHA1
597e9aac552026f818b8b83c266b71c7b34fc818

SHA256
59db6616267a4497c41e9338ef9f227ba990dcf264c2dd5840843c9b47d6c5a0

SHA512
baf59ed14b2cdab8afe76ee3c20a233045e2d9ea1613648d0c0cda1e859fa478f6a344eae3c3cf852972a63ca3563c7d7c1cf6087ed4952eed6f69b0cc8cb062

Download Submit
C:\Program Files\Supercopier\PluginLoader\catchcopy-v0002\informations.xml

Filesize
2KB

MD5
d85030352a1cac7efce37734cde5872f

SHA1
a3d9dcc4ba1c49cc184725b24b4059dd6751d400

SHA256
db3007839e3b65fe1daf07a4cb3ee386699b01b6c62a52ed92878bb69e76eaf3

SHA512
2a2310449780e0b483c37fae9d01332c773ac436a3a5b514bdd39575005fa0bfb55e00329d18ba2281ff77cf82fa71c0b9b5cd126bb696f7cecbf2cdd51dbecb

Download Submit
C:\Program Files\Supercopier\SessionLoader\Windows\informations.xml

Filesize
1KB

MD5
f6be7ad15f9f5dc052afa7b6c633acaf

SHA1
e293eaee4c56984b99e433436900ffa60aa49cdb

SHA256
2dc1f8370c442c1bced1756c8e209d16632652a31bc292c57e49856b29fde3f5

SHA512
3fed35c5b3a2f624b2cff9f338f200011ea1a6c836d9878cafc8378533080c953dd5e2065775cff1e342d440cc24166b06423d8ab71687a59056b3e45b18503a

Download Submit
C:\Program Files\Supercopier\Themes\Clean\informations.xml

Filesize
1KB

MD5
ae8e00d3b0bb02d4a3e5c0ed329567ff

SHA1
0e339c7981047cb65817cbbdd227e632ddf24630

SHA256
eb550c8cfd98ba30d6468d452aad1e83734f2083bb03a21827c6cd481c49157d

SHA512
9039cfeb50942b33f61232d8bce45d660cf8821b5e9a9bf1a8ef16e5b4f7302cbebe748221d7218501019d72ba6d7f557a2d48f05484d314816b9377ba476947

Download Submit
C:\Program Files\Supercopier\Themes\Clean\interface.dll

Filesize
123KB

MD5
f5a72df864d4fa6aaa5efc06d152163d

SHA1
8b346ad30c015053428ee0d86eabf11c2986b1e9

SHA256
3f3a80d236142e356df06ad7fa7ce25525f23a86b0fe52b89d676ae81eca3e62

SHA512
f1efd78cc4347c261a2c725f9055782ab5bf2d5a44c19340532b78d1ee1d4aa705a9e04782f70bf0ba34a8d8a0deae4f27f7794a52fbe313e128dc8cd25d81e5

Download Submit
C:\Program Files\Supercopier\Themes\Supercopier\Languages\en\translation.qm

Filesize
334B

MD5
d36fe6147829a72b42e054a5db27d270

SHA1
80779a8eb37d8bb1d5fcc594576f80dbd61fac98

SHA256
8e1016c2d749cfd1eb2eb870b90c2b662f0bf7e14f8c14a7be140aa649d33af3

SHA512
94224816f757241b3a6d19788225378ae070fc62b4620e11e10a033e3be5d9cc858cd9e669cc275b1fa82e57094d0df13a6d9868cf00afaa17cf2ec0193acd74

Download Submit
C:\Program Files\Supercopier\Themes\Supercopier\informations.xml

Filesize
1KB

MD5
1d7d8c4d71b012ffb32fe1ae880e4efe

SHA1
d1f16e06067188d105614ce2fe68cb529d653fa3

SHA256
7fdf6a9de31374a9f0bbbc65c1a9ca3f0d199906c84df9fdfb734380421213a5

SHA512
d8aa99b9b08d19d753e5b96b05d3d09218244476e2796ed838d578b49b337eded6b8b915b1ab092753d7aec7acc4ceae28cecf888a3946ea8fed171b51386607

Download Submit
C:\Program Files\Supercopier\Themes\Supercopier\interface.dll

Filesize
376KB

MD5
3de494f84d9d8ff33433dec3348b0cd5

SHA1
8ee2bd6a37ffa3cfa550f5493f7b1f3c71033249

SHA256
c6f14df8b988d8bb8d32187a0218328ae57176ecc1a4ebe46721e667ee760c27

SHA512
8d3f65230a2f19a8abde264a48cff0d8e7e062d9b4d7e10498bb786030b2b4a673ba56db3580f5bd972a01e03aaf24531bd5b28da7136ec74d9f04d661b4dabf

Download Submit
C:\Program Files\Supercopier\Themes\Teracopy\informations.xml

Filesize
1KB

MD5
459929702921615016565703b6400475

SHA1
5ebee332c013ae5b00ea1c5e358f1d44e8b777b7

SHA256
09f30a01e612d774b73a2c0995ae3a45f03e3c490d8e33b52fac01864bff96ac

SHA512
96ec2f1a87c074fbcf810352920973d58d2ccedfc3361d8dfd5467733143ed1deece229b1ecdbd75f9d100f8bf1e585173d4510bbe479e140e82cfd4ed38384b

Download Submit
C:\Program Files\Supercopier\Themes\Windows\informations.xml

Filesize
1KB

MD5
562d15acb76e733b43903e05151b6de2

SHA1
d39c0a12db69ad52d7bf252cfe9e4d4f91cc8593

SHA256
769d317d0eabf51f5535e15bd77216157e40a2833a32f29634a7f4addf73e017

SHA512
54b3622ced4836c6738da2d684b5f89aabe4517f9dd3c8bdf0bd80a676c8bd0be8794d796237bd0347cdc5a022e9c531e8f648b2b43b6ef38fcd98111e33c184

Download Submit
C:\Program Files\Supercopier\qt-plugins\platforms\qwindows.dll

Filesize
820KB

MD5
87c5a068279d935dc0b52837a71fc05a

SHA1
ddf62af8b9addd6a855cf8663ba382532377da3a

SHA256
ecff373cad8405b8d694df799da817d960d74d871f5d17d779408821bab1f5cb

SHA512
cfd5623684e8858854e48bf853254aecc06a4a2a3035eeb2235791d60c4923928c8ee7e6425237e86ee571f30f0789c6e78f50c223d6923912591c4a2e53bd6b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nse6F1A.tmp\ioSpecial.ini

Filesize
687B

MD5
ec2fc4dda9da04af17497c35c220197d

SHA1
d7d7c864ceced0a4c1fbf97c0dc5f9a2ca9396a0

SHA256
1eb2f82e9193c361825c482ccff67b1e959756b65ad2162de12f0bd86645af5b

SHA512
03cfb01d1d01bb44b685c70a8f04e6f7b384ef0be0d0cf4a041fd50304d4d33fb6dd05dda5e67e4f5d92e37dd85914c234cfc02ef9fad8a29ef1ebf76f9d121f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nse6F1A.tmp\ioSpecial.ini

Filesize
745B

MD5
04159dbed42a7958545f9e7f48426d5e

SHA1
93441394bebde0d9ba29a3e3fc2842674ea3f472

SHA256
4415a6bad2fad4ee002dfa38dcac82916909aed46b5c2513ae945e11bccfc3df

SHA512
53ffee26ec926a809f2931a28a765d09e7c2d9d6bc5f157b490cce71e66778f9b5b689a0ff2bc2d0e14c07851896807a57909d91d4057855eca53371b9f2f84b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nse6F1A.tmp\ioSpecial.ini

Filesize
706B

MD5
33e797f1c4d895c8a926a5d7f454cb46

SHA1
959b54cd9c7f863210efecb92174b671a957d9cf

SHA256
d7ec12e9c31bfeb34311d170b0dfbde82207161c1b134cc35be41ca0466d19bf

SHA512
c012d879d29232702cbbc19dfcacefc275d92603f14a07afd109345bec277a05310bfb3776c06147f58ca64ef15190c9fedbd4f3c1a89006539c659b32e28ae6

Download Submit
\Program Files\Supercopier\PluginLoader\catchcopy-v0002\catchcopy32.dll

Filesize
94KB

MD5
afab0674f49b13307a56d07327ef03c6

SHA1
757489b971660708c4bb1447a6130467ed9e2ab1

SHA256
53f8b1ce31eedd2bee69ce1b638cdd6e6b4fec09b7642c2b5a41ebadaaf5c191

SHA512
677501a993afd883a441ba70089dc8b5de55c7258d217443e0ed6427012ff34e8c9a5c818fa05f93dd50a1f196c84aedf096e5fd367b0cfb68fbd505781e846b

Download Submit
\Program Files\Supercopier\PluginLoader\catchcopy-v0002\catchcopy64.dll

Filesize
113KB

MD5
793380b335e348c41b7c2837ee1d4b16

SHA1
019d6f2fe6e582edf34cda3f38449bd70474a1b9

SHA256
16ea035b6f49a4c58e392d447a371d443f78d74cf752e765065846eb5e5c29dc

SHA512
c1e2a79b8d6e1f408aa7c94cbcb14a5748a0c4c79b4dc2792850fb65426da67fd2fd6f891db5f9e122b3d4c9276284f9bef77683cee4fb0fab93a99df4cc60af

Download Submit
\Program Files\Supercopier\Qt5Core.dll

Filesize
4.3MB

MD5
11b4e2656ee53749e957b6afe955ad20

SHA1
4ca93e7e038a5c9e1fb387432048b08f3f252f7f

SHA256
38223bc55472838e8df49c0a3620254dc871959280e7fdde41055304e7c44296

SHA512
56212d7affc21a4d881b36169dfb0cdc5fda315f3abf49135846c11359bb9f2b31f163fc0dbd51e1f13d3b57ad07e2366e5592cccc736894fe13f619be2ba9ad

Download Submit
\Program Files\Supercopier\Qt5Gui.dll

Filesize
2.4MB

MD5
93c5d793ced80f20b7bbb781a94798fd

SHA1
7735e255035f7ab95606cbbc559681980fb72ef4

SHA256
e00e1c1f44402ffba8532335ecc95b08015f0eb4e3a688b5257f6329b241fc92

SHA512
407bbd86c1042fd57e635cfb2c77d367178c64ff722f6a61c4a5c8b101ccde761944a661d07343686db0b6898c6434a16a30c8cb39734571362def956003780e

Download Submit
\Program Files\Supercopier\Qt5Network.dll

Filesize
756KB

MD5
9f0e53fc2f0be427c892a6ee9790a1af

SHA1
dc83540fab9f595a93ebb5a7f6e1b123b4698ced

SHA256
5238f8d8d318d33c5ce52bb45a91be24f393560783c02e1401eccb4d95022e60

SHA512
b4f2602c2c1b576b33f8cb4ce44f4ba164dfd8f7ab583a560f0c4e55bce6052b94e8f8bac33d89b4bb986962f12957cd717c28ae31e7f4d802afbb4888d9527e

Download Submit
\Program Files\Supercopier\Qt5Widgets.dll

Filesize
4.0MB

MD5
4fd0f7ec0fa0044f62d9f2c28cc5f29b

SHA1
6a7532c614c560d11c1eed849e358c1210391137

SHA256
9a7a50e6c82e4b1e34c672361eac7b3d4097132597b0f534604000238a1937eb

SHA512
ef2eba77a10a935b246aeb49610b6ebf75de63f9724db0c8a24b99088efacdf6e6ab1f242939ed54b831bd2b92178e115479655b538eeef5aeb8ba554b3757ed

Download Submit
\Program Files\Supercopier\Qt5Xml.dll

Filesize
179KB

MD5
3421d1ba17a27af922c65c63e5dc3663

SHA1
09b9c3a981f5edbbc9f2a80753e706904b5791f6

SHA256
c58674a895f8e5a2541b4823774b869f26ae9446f3dd282dea94712a0a1142cf

SHA512
16df400d4c713f26992bb06565b714347032d732112d0609488307d9def39cdeda55b63e0e059bfba975271325a58b9884a409e907f7f0a6656ed5a611499edc

Download Submit
\Program Files\Supercopier\libgcc_s_sjlj-1.dll

Filesize
98KB

MD5
06de37e494422eace2a31e917eb90cad

SHA1
f4fa57573edbf7332468161b8d55c305b6769795

SHA256
8b921520d61d8e291520544a3387bcca162200a9764c0da9425a2a48410c1176

SHA512
e25b366060d450dbbbd71459d58e279f68909f2ecfa5e675cd462a53d8486682ec25704f394b45070e25fe5098a5d2844a442fba41d2aecf62cca586c45f8336

Download Submit
\Program Files\Supercopier\libstdc++-6.dll

Filesize
1.0MB

MD5
08ae623d202400b3e23a920cc475c4b9

SHA1
76aac4f12f64e065f123b238563c4d9954febe93

SHA256
3c6ad971154e6d5d6a0fcb2893cdb0db3237a66570924606d16000147f114c8c

SHA512
bbed98118a0044348b91908eeafa4bd36f5db0a981f9b731b37bbd82d3c3f7596f51bfa8cbee2a02f2ce2621e2de9b3427a969b0be9c254e0902ac1056c7c993

Download Submit
\Program Files\Supercopier\libwinpthread-1.dll

Filesize
71KB

MD5
ee98891d7937cf20829ba13142754030

SHA1
76594d12f7d4583e7ee058d1b116a94ba8473d8f

SHA256
c2ca4f97aecc6546b4f1fe32935c72beb5185c6a3105f6014f298c4e01553445

SHA512
0ba4571cae390be9e47ddc725cd48e34427dc8b726ef53f53fa689a3a3a17cd3c8e52c0ecd33749ff1dbc3145248d599be8cadd841122dcba6e8861ec5281048

Download Submit
\Program Files\Supercopier\supercopier.exe

Filesize
1.0MB

MD5
b7722163c3012288641f00e859bd268b

SHA1
09d93e49b8e6b82c34d69171efd58c3bcd39510c

SHA256
776e8a6a905b4d17b4507522e3308fd2f3a8b56c61c235080f6593d2b23b4600

SHA512
e84c07b3ba8153990b9c1240872dd0841086379ad54503707e263bc5c5d3881d656b54dd73ceee3ec27cb9c93677a3dea231319f7097cbba37867773fe1d205b

Download Submit
\Users\Admin\AppData\Local\Temp\nse6F1A.tmp\InstallOptions.dll

Filesize
14KB

MD5
325b008aec81e5aaa57096f05d4212b5

SHA1
27a2d89747a20305b6518438eff5b9f57f7df5c3

SHA256
c9cd5c9609e70005926ae5171726a4142ffbcccc771d307efcd195dafc1e6b4b

SHA512
18362b3aee529a27e85cc087627ecf6e2d21196d725f499c4a185cb3a380999f43ff1833a8ebec3f5ba1d3a113ef83185770e663854121f2d8b885790115afdf

Download Submit
\Users\Admin\AppData\Local\Temp\nse6F1A.tmp\System.dll

Filesize
11KB

MD5
c17103ae9072a06da581dec998343fc1

SHA1
b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

SHA256
dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

SHA512
d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

Download Submit
memory/1424-494-0x000000006FC40000-0x000000006FD4C000-memory.dmp

Filesize
1.0MB

Download
memory/1424-493-0x0000000064940000-0x000000006495B000-memory.dmp

Filesize
108KB

Download
memory/1424-492-0x000000006CEC0000-0x000000006CEE1000-memory.dmp

Filesize
132KB

Download
memory/1424-491-0x0000000000400000-0x0000000000513000-memory.dmp

Filesize
1.1MB

Download
memory/1424-507-0x0000000067740000-0x0000000067757000-memory.dmp

Filesize
92KB

Download
memory/1424-509-0x000000006CA40000-0x000000006CA68000-memory.dmp

Filesize
160KB

Download
memory/1424-508-0x0000000069A80000-0x0000000069B98000-memory.dmp

Filesize
1.1MB

Download
memory/1424-506-0x000000006AEC0000-0x000000006AEEF000-memory.dmp

Filesize
188KB

Download
memory/1424-505-0x0000000062C40000-0x0000000062C62000-memory.dmp

Filesize
136KB

Download
memory/1424-504-0x0000000000340000-0x0000000000376000-memory.dmp

Filesize
216KB

Download
memory/1424-503-0x00000000002E0000-0x000000000031B000-memory.dmp

Filesize
236KB

Download
memory/1424-502-0x0000000000620000-0x0000000000687000-memory.dmp

Filesize
412KB

Download
memory/1424-501-0x0000000064F00000-0x0000000064F28000-memory.dmp

Filesize
160KB

Download
memory/1424-500-0x000000006A880000-0x000000006A956000-memory.dmp

Filesize
856KB

Download
memory/1424-499-0x0000000066C00000-0x0000000066C35000-memory.dmp

Filesize
212KB

Download
memory/1424-498-0x0000000061DC0000-0x00000000621BC000-memory.dmp

Filesize
4.0MB

Download
memory/1424-497-0x0000000069700000-0x00000000697C8000-memory.dmp

Filesize
800KB

Download
memory/1424-496-0x0000000061940000-0x0000000061BB2000-memory.dmp

Filesize
2.4MB

Download
memory/1424-495-0x0000000068880000-0x0000000068CCC000-memory.dmp

Filesize
4.3MB

Download
memory/1424-515-0x0000000061940000-0x0000000061BB2000-memory.dmp

Filesize
2.4MB

Download
memory/1424-534-0x0000000061940000-0x0000000061BB2000-memory.dmp

Filesize
2.4MB

Download
memory/1424-553-0x0000000061940000-0x0000000061BB2000-memory.dmp

Filesize
2.4MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads