0adae1c85dbec856f335d7e5a7848ccae6c1199e7ff743ae8cbae8c4c5a3bd77

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
27/02/2025, 02:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_2a34396cbfb0dd577f2bcef125400543.exe
Size

255KB
MD5

2a34396cbfb0dd577f2bcef125400543
SHA1

76e98ac893fa96d84d6444895505e7fd40bb489f
SHA256

0adae1c85dbec856f335d7e5a7848ccae6c1199e7ff743ae8cbae8c4c5a3bd77
SHA512

e4fff80ef1b293ddae6bfd09643b2bf556bfb050fcafc33d897573e1c5863f4b1179d35954e971197f0a5e45a967b995e993484e2a79f11b035cce191fff20ac
SSDEEP

6144:h1OgDPdkBAFZWjadD4s5+dNtV9ysmRot1tTGuYzeo:h1OgLdaO+dNRysmat1teX

Score

7^/10

adware discovery spyware stealer upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral1/files/0x000500000001a071-77.dat	acprotect

Executes dropped EXE 1 IoCs

pid	Process
2300	51287dd837812.exe

Loads dropped DLL 5 IoCs

pid	Process
1672	JaffaCakes118_2a34396cbfb0dd577f2bcef125400543.exe
2300	51287dd837812.exe
2300	51287dd837812.exe
2300	51287dd837812.exe
2300	51287dd837812.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops Chrome extension 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdjdnbimhdiellapeofdpadeofpjeidi\1\manifest.json	51287dd837812.exe

Installs/modifies Browser Helper Object 2 TTPs 3 IoCs

BHOs are DLL modules which act as plugins for Internet Explorer.

stealer adware

Modify Registry

T1112

Browser Extensions

T1176

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{E0B34250-F0B1-E2D1-1D19-5AFE7AE76F8C}\NoExplorer = "1"	51287dd837812.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E0B34250-F0B1-E2D1-1D19-5AFE7AE76F8C}	51287dd837812.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{E0B34250-F0B1-E2D1-1D19-5AFE7AE76F8C}\ = "Comfy"	51287dd837812.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x000500000001a071-77.dat	upx
behavioral1/memory/2300-81-0x0000000074A40000-0x0000000074A4A000-memory.dmp	upx

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_2a34396cbfb0dd577f2bcef125400543.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	51287dd837812.exe

NSIS installer 4 IoCs

installer

resource	yara_rule
behavioral1/files/0x0005000000019581-30.dat	nsis_installer_1
behavioral1/files/0x0005000000019581-30.dat	nsis_installer_2
behavioral1/files/0x000500000001a355-99.dat	nsis_installer_1
behavioral1/files/0x000500000001a355-99.dat	nsis_installer_2

Modifies registry class 45 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0	51287dd837812.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib\ = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}"	51287dd837812.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}	51287dd837812.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ = "ILocalStorage"	51287dd837812.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\FLAGS	51287dd837812.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}	51287dd837812.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib	51287dd837812.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib\Version = "1.0"	51287dd837812.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib	51287dd837812.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ = "IIEPluginMain"	51287dd837812.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{E0B34250-F0B1-E2D1-1D19-5AFE7AE76F8C}\ProgID	51287dd837812.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	51287dd837812.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ProxyStubClsid32	51287dd837812.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib\Version = "1.0"	51287dd837812.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E0B34250-F0B1-E2D1-1D19-5AFE7AE76F8C}\ = "Comfy"	51287dd837812.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E0B34250-F0B1-E2D1-1D19-5AFE7AE76F8C}\InProcServer32\ThreadingModel = "Apartment"	51287dd837812.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\ = "IEPluginLib"	51287dd837812.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\FLAGS\ = "0"	51287dd837812.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\0\win32\ = "C:\\ProgramData\\Comfy\\51287dd83784b.tlb"	51287dd837812.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ProxyStubClsid32	51287dd837812.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib\Version = "1.0"	51287dd837812.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib\ = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}"	51287dd837812.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{E0B34250-F0B1-E2D1-1D19-5AFE7AE76F8C}	51287dd837812.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E0B34250-F0B1-E2D1-1D19-5AFE7AE76F8C}\ProgID\ = "Comfy.1"	51287dd837812.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib	51287dd837812.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib\Version = "1.0"	51287dd837812.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ = "IIEPluginMain"	51287dd837812.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}	51287dd837812.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{E0B34250-F0B1-E2D1-1D19-5AFE7AE76F8C}\InProcServer32	51287dd837812.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E0B34250-F0B1-E2D1-1D19-5AFE7AE76F8C}\InProcServer32\ = "C:\\ProgramData\\Comfy\\51287dd83784b.dll"	51287dd837812.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\0\win32	51287dd837812.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\HELPDIR	51287dd837812.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\HELPDIR\ = "C:\\ProgramData\\Comfy"	51287dd837812.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}	51287dd837812.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib	51287dd837812.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib\ = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}"	51287dd837812.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	51287dd837812.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ = "ILocalStorage"	51287dd837812.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}	51287dd837812.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\0	51287dd837812.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	51287dd837812.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ProxyStubClsid32	51287dd837812.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ProxyStubClsid32	51287dd837812.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	51287dd837812.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib\ = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}"	51287dd837812.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1672 wrote to memory of 2300	1672	JaffaCakes118_2a34396cbfb0dd577f2bcef125400543.exe	31
PID 1672 wrote to memory of 2300	1672	JaffaCakes118_2a34396cbfb0dd577f2bcef125400543.exe	31
PID 1672 wrote to memory of 2300	1672	JaffaCakes118_2a34396cbfb0dd577f2bcef125400543.exe	31
PID 1672 wrote to memory of 2300	1672	JaffaCakes118_2a34396cbfb0dd577f2bcef125400543.exe	31
PID 1672 wrote to memory of 2300	1672	JaffaCakes118_2a34396cbfb0dd577f2bcef125400543.exe	31
PID 1672 wrote to memory of 2300	1672	JaffaCakes118_2a34396cbfb0dd577f2bcef125400543.exe	31
PID 1672 wrote to memory of 2300	1672	JaffaCakes118_2a34396cbfb0dd577f2bcef125400543.exe	31

System policy modification 1 TTPs 2 IoCs

defense_evasion

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID	51287dd837812.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{E0B34250-F0B1-E2D1-1D19-5AFE7AE76F8C} = "1"	51287dd837812.exe

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_2a34396cbfb0dd577f2bcef125400543.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_2a34396cbfb0dd577f2bcef125400543.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:1672
- C:\Users\Admin\AppData\Local\Temp\7zSE225.tmp\51287dd837812.exe
  .\51287dd837812.exe /s
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops Chrome extension
  - Installs/modifies Browser Helper Object
  - System Location Discovery: System Language Discovery
  - Modifies registry class
  - System policy modification
  PID:2300

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Browser Extensions

T1176

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Comfy\uninstall.exe

Filesize
48KB

MD5
f3c79bda3fdf7c5dd24d60400a57cadb

SHA1
1adb606aaeedb246a371c8877c737f0f8c798625

SHA256
a76272ed3bbf23308782a308d428ee805ec77fbb622a830af26cb0ddbbf7377b

SHA512
c43cb957bdea357bd016fe03a8004a48d8117a12106f62876394feba05ad01a321ff6017ffb7b926cc77712f5ab63ea2e4b169a419c444c8f62aa4933f289935

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSE225.tmp\[email protected]\bootstrap.js

Filesize
2KB

MD5
52101b7592850bb807b4296085e8a8ed

SHA1
911f099f87c66c34caa4e216265a80fa488cd7df

SHA256
e5241fc84440cb555442d4986167c3e6fe59e7570168fc5401cd939632fba2e9

SHA512
c9f76aec4a8e0516ce5d1ef51af2ddab77c134ccd799ba57f2ecbf92a90aa5f1794274942f09494c2c800acb672023583da41fb7799ec60bab6696ce9e50e882

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSE225.tmp\[email protected]\chrome.manifest

Filesize
116B

MD5
0fd36c498c014e323b4d2e0be0653449

SHA1
491cd1957bbde8f89c5a308e74ce6b02823eb177

SHA256
e7c14b6af04641487fe1536976dc351de15d2492f4f3ab2b4211b8855efa0aea

SHA512
7362e1c51d3c0bd10f87e103be4441f86a8234cd4887ffe7bbaf206e52275559d9ca1a4a1e1b2b1de03acbf358022ff595b3c4fcad21dad58ebc2e03cbc9b1f5

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSE225.tmp\[email protected]\content\bg.js

Filesize
8KB

MD5
6103b7f2c3c79c26df4a09e9d1edab26

SHA1
608f452e2aee7d0db45cefc194171d7699ff54f4

SHA256
8b5918a657397aa130fd0c9707f5247a03f5903b232d32e08dfbe6adeb58f2f2

SHA512
8e0097d107118dc5450d17014e41b0a7dc58540dd87008cf8c58a57ff7d3ce07f9baf4c8f69114a3f9718750c1351ee5078d88e8b271a72f631e21a4edceb7f9

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSE225.tmp\[email protected]\content\zy.xul

Filesize
225B

MD5
5a455046e580b29bd2caa81900553ded

SHA1
b4ac0c343c84e7cadacd2ab85d3055b0d38d13dc

SHA256
cd8be2249c2c64205b5b7321bf762c6bf0f3b2242c01b2149b0ba698d0db8c5b

SHA512
ff87ca6d99250a047a7cd6e4e2f752342a049b2c771e3b9373c8d941cf84c517230c872690092e2c4d21df3b91ede4f7f8e2d6ad6c000c697d038eb918c024b5

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSE225.tmp\[email protected]\install.rdf

Filesize
705B

MD5
089b432f278f41b9bd4e6eec64089273

SHA1
7a16d17ea2cfe8e1ce315caa73c12c74de5f950f

SHA256
57e8eada35192753f25e1420b142a7899f2fc65f7cb9b53b7c768048a4acb710

SHA512
e7330abdd22c9cd8b8b49763c3f7aa9c50269fa59a25b6133ba2e2c19812e76dc4082d1e6d3b927118ebf94a5f1a2aaf7de95601e0494e324bdc585112454ace

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSE225.tmp\51287dd83784b.dll

Filesize
115KB

MD5
00ce3831a16a62c6d7ea4b21049e4b22

SHA1
3e48c8d25b196d67722ed20cd36bf3448a4c9136

SHA256
d4bb7937b36973cbf3b12c9500c25ed34103944a69bad9162f3b98f39474529c

SHA512
7633071b26d802aae1250111baa40e5158fb1a1639d76098f2ecd6263adf0e6371d5e9a70d9005b267cb907da84235f4e361f8c8a75b8adbd19a049ab1227619

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSE225.tmp\51287dd83784b.tlb

Filesize
18KB

MD5
d5980ff8eb0ef4276fad96fba8fc5018

SHA1
2cb05f8b43aa3ae2f5492f590997eec6ff808fe2

SHA256
ac3a1daa32b1c489f9c2f4413ab35c4fc90b54a52ede0fb53276666e6eeef16f

SHA512
30404f467dd727a7de132fb08cd3c88abf5fb2e7ef18f24af5371b63fd106d6d5757061ec55c7b54daf9844100280670bf2b22a71c89b160048552b5eec12d0c

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSE225.tmp\jdjdnbimhdiellapeofdpadeofpjeidi\51287dd83763a7.68832046.js

Filesize
4KB

MD5
b44f96b766b8fc4bf6c719906296035f

SHA1
5afe91656ca86a736fa4afc250fe8af3cb4c2bce

SHA256
3f87e387b059d00bdd06e90dfbe24a86d7ae255df70427765a30e60eacf3708d

SHA512
6a2d355722bb6572b422d8124ca784d80751ca8833e39cbb7a90114a7450436122c2563052984b1ba3afcc04ee5afc7ea05447ae144ed991c88e4d13c891781d

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSE225.tmp\jdjdnbimhdiellapeofdpadeofpjeidi\background.html

Filesize
161B

MD5
cc534dd4f0e366f31ab2faa46235ea9d

SHA1
9a530718cf2d0c1b652dc4278fc06551776614c7

SHA256
73c250acedfb54c6178b961fcc6d083363c0be060bc3f6aa0f6ca7d014ead069

SHA512
448246708bf1eb6dd2f70b007157335c52f9a0ac5e1d2fd141b2052d5157a3664dfbdfacef7aa2e90ac284556de603e10cf743959c3867fd93a720c6dd23c13a

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSE225.tmp\jdjdnbimhdiellapeofdpadeofpjeidi\content.js

Filesize
197B

MD5
5f9891607f65f433b0690bae7088b2c1

SHA1
b4edb7579dca34dcd00bca5d2c13cbc5c8fac0de

SHA256
fb01e87250ac9985ed08d97f2f99937a52998ea9faebdc88e4071d6517e1ea6b

SHA512
76018b39e4b62ff9ea92709d12b0255f33e8402dfc649ed403382eebc22fb37c347c403534a7792e6b5de0ed0a5d97a09b69f0ffc39031cb0d4c7d79e9440c7c

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSE225.tmp\jdjdnbimhdiellapeofdpadeofpjeidi\lsdb.js

Filesize
559B

MD5
209b7ae0b6d8c3f9687c979d03b08089

SHA1
6449f8bff917115eef4e7488fae61942a869200f

SHA256
e3cf0049af8b9f6cb4f0223ccb8438f4b0c75863684c944450015868a0c45704

SHA512
1b38d5509283ef25de550b43ef2535dee1a13eff12ad5093f513165a47eec631bcc993242e2ce640f36c61974431ae2555bd6e2a97aba91eb689b7cd4bf25a25

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSE225.tmp\jdjdnbimhdiellapeofdpadeofpjeidi\manifest.json

Filesize
496B

MD5
7e85f90ffdf4ed3844890ba0892e288c

SHA1
587b6b67c6f86970a79ab1616d4fa472fe3e883a

SHA256
7771c51bc839d1df5221d742fa2916668f2618a032469b9cf8e35e4cf7d29ad1

SHA512
dc551da4d116ed4b15b7419b46d71d66dc89777082a8c32270223077f88ebe2128047f37ccb3e1b06d25ac6b2935b88ebc84ab7083f270d0f012401f67ce1e82

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSE225.tmp\jdjdnbimhdiellapeofdpadeofpjeidi\sqlite.js

Filesize
1KB

MD5
defdb6ae760c757442b688e490fcb096

SHA1
93d6918c271f6d931fb15f98ef66b56405b8566c

SHA256
a02dd20b98d4e4561863ab57b475d26c505b3c5a19eeb3b8097ed699d34de614

SHA512
8a9e974c5d18548da19ddfd48bd5be8d0135e9929bb245ef4d15ccd7de2ab6f63c086c9c1fb4a1ea662dbb2d214dfc06fdec6201e9dea981075cc4d0bd6f308d

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSE225.tmp\settings.ini

Filesize
7KB

MD5
c1c5b56152cb7349be297ad02fb1a401

SHA1
1199fe9c274d56fc06ecc3e85d757a3757885ff4

SHA256
b2bdeaad35051a83925c58ec4bfcb66b3f76e0966fc23b6eac39f1c24b696921

SHA512
f2d5932e7cd31f8aaf1096abdd13bc2ce94f01c3e258b59bf9117316f4f6c98644d49c0c8895f6f3430e1c09549563fbc3ee145d7c5e03f3ed396c3b200612f7

Download Submit
\Users\Admin\AppData\Local\Temp\7zSE225.tmp\51287dd837812.exe

Filesize
71KB

MD5
b78633fae8aaf5f7e99e9c736f44f9c5

SHA1
26fc60e29c459891ac0909470ac6c61a1eca1544

SHA256
d205693516dbaf34cfbd216e825190de4de1412e861bc9cb30ce863907b30d22

SHA512
3885b609269b26918ccfcd9069181168c12f4271b6bdfcc51afe176b2dd242d4c0953ac1a4ddaf25abcfaf28a0b694a6269d96ae39bb7b2db2f0140d2d60cd43

Download Submit
\Users\Admin\AppData\Local\Temp\nsjE2C2.tmp\UserInfo.dll

Filesize
4KB

MD5
7579ade7ae1747a31960a228ce02e666

SHA1
8ec8571a296737e819dcf86353a43fcf8ec63351

SHA256
564c80dec62d76c53497c40094db360ff8a36e0dc1bda8383d0f9583138997f5

SHA512
a88bc56e938374c333b0e33cb72951635b5d5a98b9cb2d6785073cbcad23bf4c0f9f69d3b7e87b46c76eb03ced9bb786844ce87656a9e3df4ca24acf43d7a05b

Download Submit
\Users\Admin\AppData\Local\Temp\nsjE2C2.tmp\nsJSON.dll

Filesize
7KB

MD5
b9cd1b0fd3af89892348e5cc3108dce7

SHA1
f7bc59bf631303facfc970c0da67a73568e1dca6

SHA256
49b173504eb9cd07e42a3c4deb84c2cd3f3b49c7fb0858aee43ddfc64660e384

SHA512
fdcbdd21b831a92ca686aab5b240f073a89a08588e42439564747cad9160d79cfa8e3c103b6b4f2917684c1a591880203b4303418b85bc040f9f00b6658b0c90

Download Submit
memory/2300-81-0x0000000074A40000-0x0000000074A4A000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads