17eae4f4cff1a761dc553a58407a1c9a1d0c8458fac5e8c0d27a13827e08dc93

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
30-11-2024 05:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b4efb4a1dae40d30135a1d1b43850843_JaffaCakes118.exe
Size

551KB
MD5

b4efb4a1dae40d30135a1d1b43850843
SHA1

26c94aeb1b1eb266553051131a84f55876d4181a
SHA256

17eae4f4cff1a761dc553a58407a1c9a1d0c8458fac5e8c0d27a13827e08dc93
SHA512

eb8fa2a12e03020d2ae7bd91ca2f119ee13f977d4682cab657fc4eb9da6acbc9838812606041608952b154df7efd28f07e339aaa042dc280ae5ed015c76d97ae
SSDEEP

12288:h1OgLdaOAWctn+MEfOUgbJuMmFcouJqkG:h1OYdaOAtMOUgJHJJqkG

Score

7^/10

adware discovery stealer

Malware Config

Signatures

Loads dropped DLL 2 IoCs

pid	Process
2268	regsvr32.exe
2268	regsvr32.exe

Drops Chrome extension 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gphmciglkgiekpejdlhpomcccnkodeib\5.10\manifest.json	regsvr32.exe

Installs/modifies Browser Helper Object 2 TTPs 4 IoCs

BHOs are DLL modules which act as plugins for Internet Explorer.

stealer adware

Modify Registry

T1112

Browser Extensions

T1176

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{77A1DDC0-2A32-ADB7-5AD3-D3B6F971C717}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{77A1DDC0-2A32-ADB7-5AD3-D3B6F971C717}\ = "savenshaRe"	regsvr32.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{77A1DDC0-2A32-ADB7-5AD3-D3B6F971C717}\NoExplorer = "1"	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{77A1DDC0-2A32-ADB7-5AD3-D3B6F971C717}	regsvr32.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	b4efb4a1dae40d30135a1d1b43850843_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regsvr32.exe

Modifies Internet Explorer settings 1 TTPs 4 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration	regsvr32.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration\{77A1DDC0-2A32-ADB7-5AD3-D3B6F971C717}	regsvr32.exe
Key deleted	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration\{77A1DDC0-2A32-ADB7-5AD3-D3B6F971C717}	regsvr32.exe
Key deleted	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration	regsvr32.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\0\win32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ = "ILocalStorage"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\u\CLSID	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{77A1DDC0-2A32-ADB7-5AD3-D3B6F971C717}\InprocServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\u.5.10\ = "savenshaRe"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\u	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\FLAGS	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{77A1DDC0-2A32-ADB7-5AD3-D3B6F971C717}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\ = "IEPluginLib"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\FLAGS\ = "0"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ProxyStubClsid32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib\Version = "1.0"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\savenshare	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{77A1DDC0-2A32-ADB7-5AD3-D3B6F971C717}\ProgID\ = "savenshare u.5.10"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{77A1DDC0-2A32-ADB7-5AD3-D3B6F971C717}\InprocServer32\ThreadingModel = "Apartment"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\HELPDIR	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ = "IIEPluginMain"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ = "IIEPluginMain"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib\Version = "1.0"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib\ = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\u.savenshare	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\u.5.10\CLSID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib\ = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}"	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{77A1DDC0-2A32-ADB7-5AD3-D3B6F971C717}\ProgID	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\0\win32\ = "C:\\ProgramData\\savenshaRe\\CzEee.tlb"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\HELPDIR\ = "C:\\ProgramData\\savenshaRe"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ProxyStubClsid32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib\Version = "1.0"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\u\ = "savenshaRe"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\u\CurVer\ = "savenshare u.5.10"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{77A1DDC0-2A32-ADB7-5AD3-D3B6F971C717}\ = "savenshaRe"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib\ = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ProxyStubClsid32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{77A1DDC0-2A32-ADB7-5AD3-D3B6F971C717}\VersionIndependentProgID\ = "savenshare u"	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{77A1DDC0-2A32-ADB7-5AD3-D3B6F971C717}\VersionIndependentProgID	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib\Version = "1.0"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\u\CLSID\ = "{77A1DDC0-2A32-ADB7-5AD3-D3B6F971C717}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{77A1DDC0-2A32-ADB7-5AD3-D3B6F971C717}\InprocServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\u.5.10\CLSID\ = "{77A1DDC0-2A32-ADB7-5AD3-D3B6F971C717}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\u\CurVer	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib\ = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ = "ILocalStorage"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{77A1DDC0-2A32-ADB7-5AD3-D3B6F971C717}\ProgID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{77A1DDC0-2A32-ADB7-5AD3-D3B6F971C717}\VersionIndependentProgID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\0	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{77A1DDC0-2A32-ADB7-5AD3-D3B6F971C717}\Programmable	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{77A1DDC0-2A32-ADB7-5AD3-D3B6F971C717}\Programmable	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\u.5.10	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{77A1DDC0-2A32-ADB7-5AD3-D3B6F971C717}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{77A1DDC0-2A32-ADB7-5AD3-D3B6F971C717}\InprocServer32\ = "C:\\ProgramData\\savenshaRe\\CzEee.dll"	regsvr32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2324 wrote to memory of 2268	2324	b4efb4a1dae40d30135a1d1b43850843_JaffaCakes118.exe	31
PID 2324 wrote to memory of 2268	2324	b4efb4a1dae40d30135a1d1b43850843_JaffaCakes118.exe	31
PID 2324 wrote to memory of 2268	2324	b4efb4a1dae40d30135a1d1b43850843_JaffaCakes118.exe	31
PID 2324 wrote to memory of 2268	2324	b4efb4a1dae40d30135a1d1b43850843_JaffaCakes118.exe	31
PID 2324 wrote to memory of 2268	2324	b4efb4a1dae40d30135a1d1b43850843_JaffaCakes118.exe	31
PID 2324 wrote to memory of 2268	2324	b4efb4a1dae40d30135a1d1b43850843_JaffaCakes118.exe	31
PID 2324 wrote to memory of 2268	2324	b4efb4a1dae40d30135a1d1b43850843_JaffaCakes118.exe	31

C:\Users\Admin\AppData\Local\Temp\b4efb4a1dae40d30135a1d1b43850843_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\b4efb4a1dae40d30135a1d1b43850843_JaffaCakes118.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2324
- C:\Windows\SysWOW64\regsvr32.exe
  "C:\Windows\System32\regsvr32.exe" /n /s /i:"" ymIw8.dll
  2⤵
  - Loads dropped DLL
  - Drops Chrome extension
  - Installs/modifies Browser Helper Object
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Modifies registry class
  PID:2268

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Browser Extensions

T1176

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\7zSD691.tmp\CzEee.dll

Filesize
180KB

MD5
0e093772550eb9541dd715c016b5584a

SHA1
20338dc859a5652f5661280dc508f4e5b533e76d

SHA256
028999304f35f7a6fc2cf6e360d4ea587612d63ce191fa979cc98ccca46ab149

SHA512
0030b395e2fde6bc9f70f52e71d8e87d306cff8afd2acbad725c4cc92b6d7916a38c1d6d156feaec841966492d32394982ef51989e2b8673d7c00e103f744dd5

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSD691.tmp\CzEee.tlb

Filesize
2KB

MD5
48e9706fe9f76731f3576122fc3e9e33

SHA1
387c8c4898ead8ace488a7df80fead429eaf167b

SHA256
7bad79916803a14ca817e5c39f5ec2f0f240044d6dc24fb4916c8fda338060f1

SHA512
e9b44a2b1b7a806066182a084ec9df81916fc6db79710256e173377e7cd64a732c006830bbe324a9a734731ecde8b8251cfa995399f6d4df5322faff99c458b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSD691.tmp\Preferences.C__Users_Admin_AppData_Local_Google_Chrome_User Data_Default_Preferences

Filesize
5KB

MD5
c6a2621df6fc50d1a59170885bd16da9

SHA1
509e9d8b46a404018611575d07f646d284e451a1

SHA256
eee541a4364d2ca754835743b8211090ce160e6f0b8ddd2ca7e2eb91b562fbbc

SHA512
8a10bfeaee65bc6aac2351d41dbe4eb429a6e7deb282b0f90ab11a64a34246e2b5d6addbeabfaf9aa565a6d148cf6d0be4168535a365cecb0d1a92b9e2e062b8

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSD691.tmp\gphmciglkgiekpejdlhpomcccnkodeib\1QD4qR.js

Filesize
5KB

MD5
c509658f6b291c6102100bf31e0cddd1

SHA1
6c99323d3639d92058dd3c7e8efeba9568152306

SHA256
9a48ce4d4998e61c6bc032c63b81a956dcbe67d580a07f14c2418ba975ab22c9

SHA512
c7721cde381bf1a3bd27a150ba3c4a834729db3b1b3179e7a766b13fe5a669fedbff41ae152cf3753fce9f5e32d20677caa8eb77f55d62180eca3d32286fc1b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSD691.tmp\gphmciglkgiekpejdlhpomcccnkodeib\background.html

Filesize
143B

MD5
3483a387ffc3ff3332d01faa27dd0580

SHA1
3e7bb624a021fa97fadd3c84b2a0d6e57eda0698

SHA256
131487c353324d662245b9ad868cd7a7825b53576e1ffafd67aa598b5f96a098

SHA512
022d72824d12e222808665644488a67d5176ed53d04ed531c85119cfea4761538404c84e8f32d90b08aa407c2d8e7a719c70f82301ba31b02b5138f048c1766a

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSD691.tmp\gphmciglkgiekpejdlhpomcccnkodeib\content.js

Filesize
197B

MD5
5f9891607f65f433b0690bae7088b2c1

SHA1
b4edb7579dca34dcd00bca5d2c13cbc5c8fac0de

SHA256
fb01e87250ac9985ed08d97f2f99937a52998ea9faebdc88e4071d6517e1ea6b

SHA512
76018b39e4b62ff9ea92709d12b0255f33e8402dfc649ed403382eebc22fb37c347c403534a7792e6b5de0ed0a5d97a09b69f0ffc39031cb0d4c7d79e9440c7c

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSD691.tmp\gphmciglkgiekpejdlhpomcccnkodeib\lsdb.js

Filesize
559B

MD5
209b7ae0b6d8c3f9687c979d03b08089

SHA1
6449f8bff917115eef4e7488fae61942a869200f

SHA256
e3cf0049af8b9f6cb4f0223ccb8438f4b0c75863684c944450015868a0c45704

SHA512
1b38d5509283ef25de550b43ef2535dee1a13eff12ad5093f513165a47eec631bcc993242e2ce640f36c61974431ae2555bd6e2a97aba91eb689b7cd4bf25a25

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSD691.tmp\gphmciglkgiekpejdlhpomcccnkodeib\manifest.json

Filesize
504B

MD5
6610f4b84abc00b40d687b134437e6ed

SHA1
3057cddd0f90462386226cc6f7f75eb079eca179

SHA256
97b5bab313f4e66d72410eccd244e0a68a65dbeeae19b7638ec9ba13a11f6ac0

SHA512
f79f14dd5fa6710cf44f28ce80ff60afa09e350ae7db5858e2959dba65ee9f5cb26d584d6a282bb71df33de76419ccec9f9585ee41cad2cb3b1841a680dc9317

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSD691.tmp\gphmciglkgiekpejdlhpomcccnkodeib\sqlite.js

Filesize
1KB

MD5
ac1302325c58c68043a708ba5c063f8b

SHA1
c3fe9a6eca77abf6fcf76637f3e3b7c962a3d2f0

SHA256
8135d8558929627fb548714ff6a9e77c8dcbba57b5ae5359fc6a31c180e191cd

SHA512
88c92d17313c500225dbd53a99089d19e19a5b3a7527a57cf89b84cc52d2c17a7f1945862daf24a677983328531300fa340f6671d0003197743b66b76d4b2ba9

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSD691.tmp\[email protected]\bootstrap.js

Filesize
2KB

MD5
18c5885c5d15c0c4ab02528db1b825e2

SHA1
b87b2f280ee833a407825012e1b887575494c8fa

SHA256
c956e463f6237761acb1ff2f57ed4d2b465851e63d0a998cbba88194b8b9bffd

SHA512
8afd289ec79a0fb6bd060fdb3b979e388b5ca9b323236ba9d001de9ee334e382b31e73d2df23283ee19d5ec59cc4ea8aca31518f45cad6fc9954174745772f36

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSD691.tmp\[email protected]\chrome.manifest

Filesize
104B

MD5
87bc039aaf60f14e6d38206ea4e01752

SHA1
a261806216918cb8642fd03aa2b327cf9267b45c

SHA256
8be837776513822db35c8bc49a1f5a879710f7d0a367e9149702a76f048c98fc

SHA512
b1563baf123c0b9236ce0e2a092e0748f5e9eb8dc1ae5001dd917931c22737d5e3e42d7d618bfa1f2cbfdf8404a5b7cd665c8c4b64871a87b6625f924a40a6c3

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSD691.tmp\[email protected]\content\bg.js

Filesize
9KB

MD5
b16ccb2a0e7a7080b0eaa30b4ceadbe0

SHA1
95f518c760d962d751e79823f2d239fd9dd6cfca

SHA256
dc4b3bcd39cc2a18cf67202624f4af09fc3ce6e67107681439bb00d5dfce0b37

SHA512
2b34033b3fafc701bd5cda0eca9931f434f43f72e2457c231b49534551f2ae874fbe7b328353951a6c0889118ee162b2c6ed8332bf4789fbf7aa073aa6f15604

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSD691.tmp\[email protected]\install.rdf

Filesize
611B

MD5
d69bc313cbd28aebf3b7618aedfdcdee

SHA1
46a19a56020d8722a4faccc4db0db6c1c034afc1

SHA256
a8a0c4aeb9158c1f81c388ac1223b041daaf7c4ec2d75e42107d23f94e25c3ed

SHA512
a5c39488958192b781dbe39ed17f930d403aa143f11866daf38fd63d4a2a90e5ef4d99bca4f1ae8fe859bedb1c138ecd6d0421cbc50ec3deba8dd46f7ec73324

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSD691.tmp\settings.ini

Filesize
7KB

MD5
75d262c974f6629979a5afedbd5e3931

SHA1
c459caad88de9afcffab5cb74b89b9950c07b066

SHA256
801456587c91e7483f16ce0ac1c70fecb9a1d25a6979e3c8f0f1fb02e1338675

SHA512
8677bacb14742ce3940e46c6c5b5f75bb15b27ae203626144f5d7e8e0a4e2a74f2eb19a8f28f3485fca4a56e24ca96c59c8d3ae5ebff6a60197936edb622daea

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSD691.tmp\ymIw8.dll

Filesize
203KB

MD5
41b13b132cb601ecc466654b90296353

SHA1
245258ddccb48826f22d57444f49fa30be1b36fd

SHA256
7fa4bb68c313e1090587a64b90e87bdcbc14ea3fb7c0e8cff94c657c969b70bf

SHA512
0e8de7bbe3695848e299fe3f3506f2e982a60cf0a0dd11cde86de4af67ef3c7b46458680d7bad9cedaa266ea33cb2e77f2aa83fcf1bdd20bf31d1936f2bd69a6

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads