5c92fc28399217477b270809cf99c6a62b3fccfcb3372b17d038231b130233de

Analysis

max time kernel
117s
max time network
119s
platform
windows7_x64
resource
win7-20241023-en
resource tags

arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
submitted
04/02/2025, 20:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_981dcfb53bd443c8b217ce04951e8e74.exe
Size

249KB
MD5

981dcfb53bd443c8b217ce04951e8e74
SHA1

ddaa1333dc73bd92d26d30472d5df0f857f12063
SHA256

5c92fc28399217477b270809cf99c6a62b3fccfcb3372b17d038231b130233de
SHA512

91eccf961ba401217c9161b8fa3055f42fc0b325c7a283b971e88283dce7e0303749615823a900e7ae3ff75406a10e24f0397694f13f6adfc72cd0447d5e5f50
SSDEEP

3072:hn1/uEAgDPdkBlyFZ+ScjaiKWbETBquAEXlqsUUUFn/WSNFJRQllBG4gzN2AiO0F:h1OgDPdkBAFZWjadD4s5yd7KRIinkxEJ

Score

7^/10

adware discovery spyware stealer upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral1/files/0x0005000000018686-52.dat	acprotect

Executes dropped EXE 1 IoCs

pid	Process
2376	50e566670d65c.exe

Loads dropped DLL 5 IoCs

pid	Process
2624	JaffaCakes118_981dcfb53bd443c8b217ce04951e8e74.exe
2376	50e566670d65c.exe
2376	50e566670d65c.exe
2376	50e566670d65c.exe
2376	50e566670d65c.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Installs/modifies Browser Helper Object 2 TTPs 3 IoCs

BHOs are DLL modules which act as plugins for Internet Explorer.

stealer adware

Modify Registry

T1112

Browser Extensions

T1176

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CAB1AB1D-9111-3676-B761-C3D8EAEB8D73}	50e566670d65c.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{CAB1AB1D-9111-3676-B761-C3D8EAEB8D73}\ = "Zoomex"	50e566670d65c.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{CAB1AB1D-9111-3676-B761-C3D8EAEB8D73}\NoExplorer = "1"	50e566670d65c.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x0005000000018686-52.dat	upx
behavioral1/memory/2376-53-0x00000000747A0000-0x00000000747AA000-memory.dmp	upx

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_981dcfb53bd443c8b217ce04951e8e74.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	50e566670d65c.exe

NSIS installer 4 IoCs

installer

resource	yara_rule
behavioral1/files/0x0007000000015f7b-20.dat	nsis_installer_1
behavioral1/files/0x0007000000015f7b-20.dat	nsis_installer_2
behavioral1/files/0x00050000000186f4-74.dat	nsis_installer_1
behavioral1/files/0x00050000000186f4-74.dat	nsis_installer_2

Modifies registry class 45 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0	50e566670d65c.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\HELPDIR	50e566670d65c.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\HELPDIR\ = "C:\\ProgramData\\Zoomex"	50e566670d65c.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	50e566670d65c.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAB1AB1D-9111-3676-B761-C3D8EAEB8D73}\ProgID\ = "Zoomex.1"	50e566670d65c.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}	50e566670d65c.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\0	50e566670d65c.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\0\win32	50e566670d65c.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\0\win32\ = "C:\\ProgramData\\Zoomex\\50e566670d695.tlb"	50e566670d65c.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ = "IIEPluginMain"	50e566670d65c.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ = "ILocalStorage"	50e566670d65c.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{CAB1AB1D-9111-3676-B761-C3D8EAEB8D73}\ProgID	50e566670d65c.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAB1AB1D-9111-3676-B761-C3D8EAEB8D73}\ = "Zoomex"	50e566670d65c.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\FLAGS\ = "0"	50e566670d65c.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib\Version = "1.0"	50e566670d65c.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ProxyStubClsid32	50e566670d65c.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib	50e566670d65c.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib\ = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}"	50e566670d65c.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}	50e566670d65c.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ProxyStubClsid32	50e566670d65c.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}	50e566670d65c.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ProxyStubClsid32	50e566670d65c.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib\Version = "1.0"	50e566670d65c.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\FLAGS	50e566670d65c.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	50e566670d65c.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib\ = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}"	50e566670d65c.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAB1AB1D-9111-3676-B761-C3D8EAEB8D73}\InProcServer32\ = "C:\\ProgramData\\Zoomex\\50e566670d695.dll"	50e566670d65c.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ProxyStubClsid32	50e566670d65c.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib	50e566670d65c.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib\ = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}"	50e566670d65c.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}	50e566670d65c.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	50e566670d65c.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib\ = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}"	50e566670d65c.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib\Version = "1.0"	50e566670d65c.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}	50e566670d65c.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib\Version = "1.0"	50e566670d65c.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{CAB1AB1D-9111-3676-B761-C3D8EAEB8D73}	50e566670d65c.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAB1AB1D-9111-3676-B761-C3D8EAEB8D73}\InProcServer32\ThreadingModel = "Apartment"	50e566670d65c.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\ = "IEPluginLib"	50e566670d65c.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib	50e566670d65c.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ = "IIEPluginMain"	50e566670d65c.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ = "ILocalStorage"	50e566670d65c.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	50e566670d65c.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib	50e566670d65c.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{CAB1AB1D-9111-3676-B761-C3D8EAEB8D73}\InProcServer32	50e566670d65c.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2624 wrote to memory of 2376	2624	JaffaCakes118_981dcfb53bd443c8b217ce04951e8e74.exe	30
PID 2624 wrote to memory of 2376	2624	JaffaCakes118_981dcfb53bd443c8b217ce04951e8e74.exe	30
PID 2624 wrote to memory of 2376	2624	JaffaCakes118_981dcfb53bd443c8b217ce04951e8e74.exe	30
PID 2624 wrote to memory of 2376	2624	JaffaCakes118_981dcfb53bd443c8b217ce04951e8e74.exe	30
PID 2624 wrote to memory of 2376	2624	JaffaCakes118_981dcfb53bd443c8b217ce04951e8e74.exe	30
PID 2624 wrote to memory of 2376	2624	JaffaCakes118_981dcfb53bd443c8b217ce04951e8e74.exe	30
PID 2624 wrote to memory of 2376	2624	JaffaCakes118_981dcfb53bd443c8b217ce04951e8e74.exe	30

System policy modification 1 TTPs 2 IoCs

defense_evasion

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{CAB1AB1D-9111-3676-B761-C3D8EAEB8D73} = "1"	50e566670d65c.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID	50e566670d65c.exe

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_981dcfb53bd443c8b217ce04951e8e74.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_981dcfb53bd443c8b217ce04951e8e74.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2624
- C:\Users\Admin\AppData\Local\Temp\7zSA332.tmp\50e566670d65c.exe
  .\50e566670d65c.exe /s
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Installs/modifies Browser Helper Object
  - System Location Discovery: System Language Discovery
  - Modifies registry class
  - System policy modification
  PID:2376

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Browser Extensions

T1176

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Zoomex\uninstall.exe

Filesize
48KB

MD5
e9c9582996a23b2a49a058dcaa3b5525

SHA1
f527cc64e759f06c011e5eeffbd217d5249c04df

SHA256
43c3e8d7aa00a299f084db17e384aa96de508565f82264ee88bd9c7647fa9fc9

SHA512
665613fc7f20e2c4ea40b7a8f39b4c2ea2a24c5119ee86ef072bbe29f606cd78a43081aa0a89b678a46d34e470e1ed10e31d590d3cb5447e1231707fea8e490f

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSA332.tmp\[email protected]\bootstrap.js

Filesize
2KB

MD5
af64d2d6f9afdb8a71d45d669ee0342b

SHA1
953ee80c7323dd64757f6c6d147a2af300529342

SHA256
337a652365f7afc22f33a078b21e7bb9ba487c066d0a63b4dd6e16f16f8f9edb

SHA512
3890c506f8c2e2b4d7ea07809f4b71ef943083927da59b05f272204b9e388094410126a68b4499ad8846a3f3b76de1d5dfa4b92868c413e04ce9561c112dec0a

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSA332.tmp\[email protected]\chrome.manifest

Filesize
116B

MD5
7cd48274af3730dfc48f5d8c2e20682c

SHA1
93a331538830c80cbe84554cb8738b2152ca60df

SHA256
2f8961183a530e7e95e29c134117d863bdd1cb214763d18e87cfa0453f3a32d9

SHA512
9174d047591b3b45de4166bc90c766a98a3c46ff7fde48c04bc1fdbab7adf71cbb609939a2abc612f1c79c08011f4087d1bb80cdb3a2b13f09c8429d8faf1005

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSA332.tmp\[email protected]\content\bg.js

Filesize
8KB

MD5
798e6d4dbcb574b5d37c2fcf8da37a09

SHA1
452921e0e042735ff7d3930fe64a90b9d6e9ca27

SHA256
fd5f741c5fb8cb57c053985d3d63c7fda2a4ca0226713f36dffd0d627a4eea09

SHA512
506c99b620088d46e1eadf57f83a090fc916648bca0de467c9f6f171b458c04f11ffa40be87007f963168266818a7eb68f83b540bf7a97d302eddba193156415

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSA332.tmp\[email protected]\content\zy.xul

Filesize
225B

MD5
c315a584160ce9e73e005eb980ec461b

SHA1
0c63378573eb33e8ff77cb4fe13e0444f72138a0

SHA256
143a8a02eaeaeb6d61bc4a8fbcfbbfa06caa0725d949d0e7d5e4a62d1751091b

SHA512
4b2d9e18d94a6e78271f07d705e7dd7242022caadbda434592d983456fd438f61617417eadd011c4e0c807cf06366944ab1fac9a4f036c6c32d2b49bb29fe7a4

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSA332.tmp\[email protected]\install.rdf

Filesize
700B

MD5
f8abb62cfff477911db55334a23c3306

SHA1
2b9df8cee568930663c59a94b3397db6dfaa79ac

SHA256
9b359e4c1a057b3c18e27e11084d180c0cccd8385d87f1214deb6fe355ac2d1d

SHA512
7933327844d0ac7da4367db1052b023bc03ad640546eaf03dd93249c4ab601090f57cfa1f579bc44694b5ed4f1f2fc1a7e81495b413d20bbe8fe9a62c4b75bbe

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSA332.tmp\50e566670d695.dll

Filesize
115KB

MD5
6696822add17061dc0bb8ee5b42cc2d4

SHA1
d4622558ba366f2f94560da301a81c6c16f95a3c

SHA256
73c44d8943947e3cf9ecabdeea4d9a37652614f5490a1f972816be4123795125

SHA512
0f1946ce002441d010f67156f67b9d18e01ba35edfeb66ce8096467d3126b547e5040032253275b173f2dba9bce983775f360d83ec026986b55cb85e4b63f099

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSA332.tmp\50e566670d695.tlb

Filesize
2KB

MD5
096a65b8a695249d5d554776f1eeace3

SHA1
2f2506b886a59b4408b23653d8734004ec2dda6d

SHA256
a602c790bcf424c154a082a88a495b256dd5456f627943568c358c74f606c568

SHA512
6e832caff1951b4fdb489997af5736fdbafa1de5573f629fc6798666bffd0ca0715311ce6590202cc970cce4492d94994a588547bb579bf70bc264683bc45cdc

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSA332.tmp\cpeojjgmlkpgdjkpmlllilcppcneidcm.crx

Filesize
8KB

MD5
f73f67a72c59447d819f5ed9aebd18c8

SHA1
e335f100aa083d7917be39bf4ee5b9db95dfd966

SHA256
2f292e5245bc05a6757333c0c08feace84bba0cbd7ff1dff42d789887341c8bd

SHA512
de99266154de6562d37e8d8f141e3f616e32f6d187d11288793ab5bfa557b784f0776ef8d2db32e6049e9663bbe754fe420d497be8833a2b6f2139c9adae2b76

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSA332.tmp\settings.ini

Filesize
6KB

MD5
f6992fd55432b35d4e33fd565417cf64

SHA1
006b4fa822b6445a03236c6c26bf7499fa0edfae

SHA256
fdf846caafb4f2952c8f47462b58f6c83649bccfa9f0033fc55c7f12fea676c5

SHA512
ced59cdfb256494a5cbf895eda7dbf5792b3de620981f54267951942c2f95f068debc95d8b4a2e63f5b793962761ff63a60b98398c54b6e815e9aecc89382284

Download Submit
\Users\Admin\AppData\Local\Temp\7zSA332.tmp\50e566670d65c.exe

Filesize
70KB

MD5
ebcc3eb1a7021aaead55fb677465a717

SHA1
3c8347f0fd520ee423a4aafea1112a0b06f4b6c8

SHA256
5e74f0e710c067ad82301c7c14ed6afb138f974f351042cfe0ecd275cea2612c

SHA512
0f18c22e6eff8ec90ccc616e62f32701d046185311e01e5f506778fae0c31f35123c3ce756ff2c0eef6f23e06e280f870b80080d11dc6da3aa25901f5a92d995

Download Submit
\Users\Admin\AppData\Local\Temp\nsjA3B0.tmp\UserInfo.dll

Filesize
4KB

MD5
7579ade7ae1747a31960a228ce02e666

SHA1
8ec8571a296737e819dcf86353a43fcf8ec63351

SHA256
564c80dec62d76c53497c40094db360ff8a36e0dc1bda8383d0f9583138997f5

SHA512
a88bc56e938374c333b0e33cb72951635b5d5a98b9cb2d6785073cbcad23bf4c0f9f69d3b7e87b46c76eb03ced9bb786844ce87656a9e3df4ca24acf43d7a05b

Download Submit
\Users\Admin\AppData\Local\Temp\nsjA3B0.tmp\nsJSON.dll

Filesize
7KB

MD5
b9cd1b0fd3af89892348e5cc3108dce7

SHA1
f7bc59bf631303facfc970c0da67a73568e1dca6

SHA256
49b173504eb9cd07e42a3c4deb84c2cd3f3b49c7fb0858aee43ddfc64660e384

SHA512
fdcbdd21b831a92ca686aab5b240f073a89a08588e42439564747cad9160d79cfa8e3c103b6b4f2917684c1a591880203b4303418b85bc040f9f00b6658b0c90

Download Submit
memory/2376-53-0x00000000747A0000-0x00000000747AA000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads