81419b0d534e4a4ce5412bfb8d391227865d4203590192144f3d50d34f1bb169

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
28/03/2025, 14:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_8ac6da2de298a3a6c3e07304629716dc.exe
Size

255KB
MD5

8ac6da2de298a3a6c3e07304629716dc
SHA1

6489d4c6d61e70424a1b79895241750f3c47a474
SHA256

81419b0d534e4a4ce5412bfb8d391227865d4203590192144f3d50d34f1bb169
SHA512

ae18f0d7d92b26e00724780a617cae78c1ef164131c49caea9f15a8230a9423a3d7ba6d468f4d942ad9c95be43acc887969f052c2c251ef1d176b40edcbf49e1
SSDEEP

3072:hn1/uEAgDPdkBlyFZ+ScjaiKWbETBquAEXlqsUUcLqnzVqJ8JUb05i1unfdgBh5Y:h1OgDPdkBAFZWjadD4s5fzNJUb/EfdD

Score

7^/10

adware discovery spyware stealer upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral1/files/0x000500000001953a-77.dat	acprotect

Executes dropped EXE 1 IoCs

pid	Process
2684	5154b9e5961c0.exe

Loads dropped DLL 5 IoCs

pid	Process
2720	JaffaCakes118_8ac6da2de298a3a6c3e07304629716dc.exe
2684	5154b9e5961c0.exe
2684	5154b9e5961c0.exe
2684	5154b9e5961c0.exe
2684	5154b9e5961c0.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops Chrome extension 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\npidkjafhaipnjcchhfkninljjnfobml\1\manifest.json	5154b9e5961c0.exe

Installs/modifies Browser Helper Object 2 TTPs 3 IoCs

BHOs are DLL modules which act as plugins for Internet Explorer.

stealer adware

Modify Registry

T1112

Browser Extensions

T1176

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9086D8CD-F5F8-A3A7-1FBF-E7D14352FC62}	5154b9e5961c0.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{9086D8CD-F5F8-A3A7-1FBF-E7D14352FC62}\ = "Broewse2ysuave"	5154b9e5961c0.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{9086D8CD-F5F8-A3A7-1FBF-E7D14352FC62}\NoExplorer = "1"	5154b9e5961c0.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x000500000001953a-77.dat	upx
behavioral1/memory/2684-80-0x00000000742C0000-0x00000000742CA000-memory.dmp	upx

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_8ac6da2de298a3a6c3e07304629716dc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	5154b9e5961c0.exe

NSIS installer 4 IoCs

installer

resource	yara_rule
behavioral1/files/0x0005000000019241-30.dat	nsis_installer_1
behavioral1/files/0x0005000000019241-30.dat	nsis_installer_2
behavioral1/files/0x000500000001961f-99.dat	nsis_installer_1
behavioral1/files/0x000500000001961f-99.dat	nsis_installer_2

Modifies registry class 45 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\ = "IEPluginLib"	5154b9e5961c0.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\HELPDIR	5154b9e5961c0.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	5154b9e5961c0.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	5154b9e5961c0.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ProxyStubClsid32	5154b9e5961c0.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9086D8CD-F5F8-A3A7-1FBF-E7D14352FC62}\InProcServer32\ThreadingModel = "Apartment"	5154b9e5961c0.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\FLAGS	5154b9e5961c0.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib\Version = "1.0"	5154b9e5961c0.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}	5154b9e5961c0.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ = "ILocalStorage"	5154b9e5961c0.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib\ = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}"	5154b9e5961c0.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{9086D8CD-F5F8-A3A7-1FBF-E7D14352FC62}\InProcServer32	5154b9e5961c0.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib\ = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}"	5154b9e5961c0.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib\ = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}"	5154b9e5961c0.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9086D8CD-F5F8-A3A7-1FBF-E7D14352FC62}\ = "Broewse2ysuave"	5154b9e5961c0.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\HELPDIR\ = "C:\\ProgramData\\Broewse2ysuave"	5154b9e5961c0.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}	5154b9e5961c0.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ProxyStubClsid32	5154b9e5961c0.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib\ = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}"	5154b9e5961c0.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ProxyStubClsid32	5154b9e5961c0.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib	5154b9e5961c0.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib\Version = "1.0"	5154b9e5961c0.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{9086D8CD-F5F8-A3A7-1FBF-E7D14352FC62}\ProgID	5154b9e5961c0.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib	5154b9e5961c0.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{9086D8CD-F5F8-A3A7-1FBF-E7D14352FC62}	5154b9e5961c0.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9086D8CD-F5F8-A3A7-1FBF-E7D14352FC62}\InProcServer32\ = "C:\\ProgramData\\Broewse2ysuave\\5154b9e5961f9.dll"	5154b9e5961c0.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}	5154b9e5961c0.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\FLAGS\ = "0"	5154b9e5961c0.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\0	5154b9e5961c0.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\0\win32\ = "C:\\ProgramData\\Broewse2ysuave\\5154b9e5961f9.tlb"	5154b9e5961c0.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ = "IIEPluginMain"	5154b9e5961c0.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib	5154b9e5961c0.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}	5154b9e5961c0.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ = "IIEPluginMain"	5154b9e5961c0.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\0\win32	5154b9e5961c0.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib\Version = "1.0"	5154b9e5961c0.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ = "ILocalStorage"	5154b9e5961c0.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	5154b9e5961c0.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib	5154b9e5961c0.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9086D8CD-F5F8-A3A7-1FBF-E7D14352FC62}\ProgID\ = "Broewse2ysuave.1"	5154b9e5961c0.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0	5154b9e5961c0.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}	5154b9e5961c0.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ProxyStubClsid32	5154b9e5961c0.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	5154b9e5961c0.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib\Version = "1.0"	5154b9e5961c0.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2720 wrote to memory of 2684	2720	JaffaCakes118_8ac6da2de298a3a6c3e07304629716dc.exe	30
PID 2720 wrote to memory of 2684	2720	JaffaCakes118_8ac6da2de298a3a6c3e07304629716dc.exe	30
PID 2720 wrote to memory of 2684	2720	JaffaCakes118_8ac6da2de298a3a6c3e07304629716dc.exe	30
PID 2720 wrote to memory of 2684	2720	JaffaCakes118_8ac6da2de298a3a6c3e07304629716dc.exe	30
PID 2720 wrote to memory of 2684	2720	JaffaCakes118_8ac6da2de298a3a6c3e07304629716dc.exe	30
PID 2720 wrote to memory of 2684	2720	JaffaCakes118_8ac6da2de298a3a6c3e07304629716dc.exe	30
PID 2720 wrote to memory of 2684	2720	JaffaCakes118_8ac6da2de298a3a6c3e07304629716dc.exe	30

System policy modification 1 TTPs 2 IoCs

defense_evasion

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID	5154b9e5961c0.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{9086D8CD-F5F8-A3A7-1FBF-E7D14352FC62} = "1"	5154b9e5961c0.exe

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8ac6da2de298a3a6c3e07304629716dc.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8ac6da2de298a3a6c3e07304629716dc.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2720
- C:\Users\Admin\AppData\Local\Temp\7zS623C.tmp\5154b9e5961c0.exe
  .\5154b9e5961c0.exe /s
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops Chrome extension
  - Installs/modifies Browser Helper Object
  - System Location Discovery: System Language Discovery
  - Modifies registry class
  - System policy modification
  PID:2684

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Browser Extensions

T1176

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Broewse2ysuave\uninstall.exe

Filesize
48KB

MD5
f3c79bda3fdf7c5dd24d60400a57cadb

SHA1
1adb606aaeedb246a371c8877c737f0f8c798625

SHA256
a76272ed3bbf23308782a308d428ee805ec77fbb622a830af26cb0ddbbf7377b

SHA512
c43cb957bdea357bd016fe03a8004a48d8117a12106f62876394feba05ad01a321ff6017ffb7b926cc77712f5ab63ea2e4b169a419c444c8f62aa4933f289935

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS623C.tmp\5154b9e5961f9.dll

Filesize
115KB

MD5
00ce3831a16a62c6d7ea4b21049e4b22

SHA1
3e48c8d25b196d67722ed20cd36bf3448a4c9136

SHA256
d4bb7937b36973cbf3b12c9500c25ed34103944a69bad9162f3b98f39474529c

SHA512
7633071b26d802aae1250111baa40e5158fb1a1639d76098f2ecd6263adf0e6371d5e9a70d9005b267cb907da84235f4e361f8c8a75b8adbd19a049ab1227619

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS623C.tmp\5154b9e5961f9.tlb

Filesize
18KB

MD5
d5980ff8eb0ef4276fad96fba8fc5018

SHA1
2cb05f8b43aa3ae2f5492f590997eec6ff808fe2

SHA256
ac3a1daa32b1c489f9c2f4413ab35c4fc90b54a52ede0fb53276666e6eeef16f

SHA512
30404f467dd727a7de132fb08cd3c88abf5fb2e7ef18f24af5371b63fd106d6d5757061ec55c7b54daf9844100280670bf2b22a71c89b160048552b5eec12d0c

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS623C.tmp\[email protected]\bootstrap.js

Filesize
2KB

MD5
fc3b4de99509921f8871b8fa8372a088

SHA1
fc626bd6bd34a3e6111ba8f87df5f919fc78230e

SHA256
ab0f85ff50a4e4bfa12f1356dfa46d8f0f60c1e2ae315ff21099579721e37d02

SHA512
956893cc0d3ff545389304211aab8ca214abd194b1b24390884069eb505836e03c255d9fbc57dd9a96116409b12ef61c22f886e37362e6a12e35646abc6963fc

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS623C.tmp\[email protected]\chrome.manifest

Filesize
116B

MD5
21990d42fd6dd31ce5fc23b3cfcf30a2

SHA1
55f4ec9566c96fae83c35811c1f3f4fb2a646259

SHA256
eaa3211878762abe3d5c97a7d99d922db381d98ec6fb5b46058cdfd0f2a84372

SHA512
40e9f69ce0074d42c335a4e60c5ad05d05e647b5deee264390a431b59a68dec48a7158880b8a0dfd49ca790af8befd0a23ee85c68d1a90f47d491ab5a6db152b

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS623C.tmp\[email protected]\content\bg.js

Filesize
8KB

MD5
b3017aa570d1bab64229ff4667e959df

SHA1
d51da772c1d497d41a7199987578b8dc7aa9af98

SHA256
e61024c3ed07c4e6063392981f4da2c106cdb7bc1c9d9d4b8a7a0eaa0023dad5

SHA512
bfa7a0eec99e46cac4af14f5c66b5b3952f5d7b023afcd660bf891c4d675fb6a0d9a6edc4a3d6c03baffa7223641c3b0621a351a27e0aa6fb10bf4c7813e5314

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS623C.tmp\[email protected]\content\zy.xul

Filesize
225B

MD5
998188f6a646d7dbcaa5efc837e777ff

SHA1
7c94767aeda1a175d51a4c8715558083dadfe47d

SHA256
c7ac328cd31bcf531df5ad871ea64bf38e21752fe9550046e232143bbba90e63

SHA512
660b9beede5ba95893786b6e7575679a649fbe7af8bcf367764bcbadacfb088dcec953d0a9237bc92bb86b8961a577d1e8d4f2c02607e35f39b012cb33c056d4

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS623C.tmp\[email protected]\install.rdf

Filesize
613B

MD5
299bc76a88e9ea8af79468352364fa7c

SHA1
78f464c5f23644c46de9a8a59cf243cac66aed01

SHA256
c420ecb8cebded6f59f94b5c05348a7ae0128ef316f6b2870c71ba67f2e9bc99

SHA512
dee1024de62f6513c2c09a0c1e463a7abfe7d2f66a675bec886c6948c33f7562518bde71bd78b19050b88de137c860fa43e17ebf154cee084c7b72103a2057b1

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS623C.tmp\npidkjafhaipnjcchhfkninljjnfobml\5154b9e595fad6.72837599.js

Filesize
4KB

MD5
8cb574358c1c5485d5bf1f8a11d41b99

SHA1
c8c8e5a387d3da235fd8cd95fd0e781c750f0e8f

SHA256
697bd279f7dd15ccb9ca27f2c2cb184f8d17b8d13c1df4160aea7d44ba6b4640

SHA512
e376468f1a6f997d434d95c84c98db0174bc976c5d92322f436a55602cc094b058426d7b21ffe22e696e5ee45150290761fe08a8760f52ef2caff76f35a8f688

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS623C.tmp\npidkjafhaipnjcchhfkninljjnfobml\background.html

Filesize
161B

MD5
50fbcad0a07e779749f20b43c7896e3e

SHA1
04d3a7097627d48689612ba77607a5f232241ce6

SHA256
31b7ab0f286cf0033a04270641dd983994c4b927524aee3d256f51904705ea22

SHA512
cfa490bd8cc1a9c63ff94d5f778253552211659dae9e99face16254259ecb359a8d72ec38d1f15587b90a7d6b37ca505d469af1d65b67685f981f941729d0328

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS623C.tmp\npidkjafhaipnjcchhfkninljjnfobml\content.js

Filesize
197B

MD5
5f9891607f65f433b0690bae7088b2c1

SHA1
b4edb7579dca34dcd00bca5d2c13cbc5c8fac0de

SHA256
fb01e87250ac9985ed08d97f2f99937a52998ea9faebdc88e4071d6517e1ea6b

SHA512
76018b39e4b62ff9ea92709d12b0255f33e8402dfc649ed403382eebc22fb37c347c403534a7792e6b5de0ed0a5d97a09b69f0ffc39031cb0d4c7d79e9440c7c

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS623C.tmp\npidkjafhaipnjcchhfkninljjnfobml\lsdb.js

Filesize
559B

MD5
209b7ae0b6d8c3f9687c979d03b08089

SHA1
6449f8bff917115eef4e7488fae61942a869200f

SHA256
e3cf0049af8b9f6cb4f0223ccb8438f4b0c75863684c944450015868a0c45704

SHA512
1b38d5509283ef25de550b43ef2535dee1a13eff12ad5093f513165a47eec631bcc993242e2ce640f36c61974431ae2555bd6e2a97aba91eb689b7cd4bf25a25

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS623C.tmp\npidkjafhaipnjcchhfkninljjnfobml\manifest.json

Filesize
506B

MD5
6d4189795c835b60ce4662f3315f2acc

SHA1
4ff38e23223272106fde01207fd520695b9cf0f5

SHA256
a690ffa81d3590f1660de6b581c0fa67f6826870953144212dac4974d8cf34c1

SHA512
90808c19ec30c504adffd72a2b4be280c4bfe9ae7a42d87344d100dfb7462ecb929993c52b2089304ea5d1d95ed372483fc98e1c65afa9c4c35e0ad22423f0db

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS623C.tmp\npidkjafhaipnjcchhfkninljjnfobml\sqlite.js

Filesize
1KB

MD5
e1ae7259d52db38f1b128e92fe4e5ef7

SHA1
b453fdd7962bcebcab9b17b3b888e92bf22f1cd7

SHA256
c54508ef6bc94ae5fd172413a08b3034198c987cd40ba0d38e3c5fa729874775

SHA512
46ae77b08a0dd080d66f14811fc6cd8851b18ccc74ccc7b39372f69b0080f215bd4262f89548422da0d367494575c25ca2738974e082675d26786faf13a47c4f

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS623C.tmp\settings.ini

Filesize
7KB

MD5
d40b1840989ce97d3bd0c883fe1e4ff4

SHA1
f36e7af62fc0c16ef2300f8be58a4cc625d7008a

SHA256
7c50d2bc8a2b90d5aa22de1169fa334921b1217b5cd62f4bc2980c9b80c26a1b

SHA512
0e0a01559ae41c721b074b13e5d10909beabf3b1a88fb04bf98944430f623000eb3de8a69787ee5acc58d5441d0ec95f254340914fa2934a971c5c5abbd22308

Download Submit
\Users\Admin\AppData\Local\Temp\7zS623C.tmp\5154b9e5961c0.exe

Filesize
71KB

MD5
b78633fae8aaf5f7e99e9c736f44f9c5

SHA1
26fc60e29c459891ac0909470ac6c61a1eca1544

SHA256
d205693516dbaf34cfbd216e825190de4de1412e861bc9cb30ce863907b30d22

SHA512
3885b609269b26918ccfcd9069181168c12f4271b6bdfcc51afe176b2dd242d4c0953ac1a4ddaf25abcfaf28a0b694a6269d96ae39bb7b2db2f0140d2d60cd43

Download Submit
\Users\Admin\AppData\Local\Temp\nso629B.tmp\UserInfo.dll

Filesize
4KB

MD5
7579ade7ae1747a31960a228ce02e666

SHA1
8ec8571a296737e819dcf86353a43fcf8ec63351

SHA256
564c80dec62d76c53497c40094db360ff8a36e0dc1bda8383d0f9583138997f5

SHA512
a88bc56e938374c333b0e33cb72951635b5d5a98b9cb2d6785073cbcad23bf4c0f9f69d3b7e87b46c76eb03ced9bb786844ce87656a9e3df4ca24acf43d7a05b

Download Submit
\Users\Admin\AppData\Local\Temp\nso629B.tmp\nsJSON.dll

Filesize
7KB

MD5
b9cd1b0fd3af89892348e5cc3108dce7

SHA1
f7bc59bf631303facfc970c0da67a73568e1dca6

SHA256
49b173504eb9cd07e42a3c4deb84c2cd3f3b49c7fb0858aee43ddfc64660e384

SHA512
fdcbdd21b831a92ca686aab5b240f073a89a08588e42439564747cad9160d79cfa8e3c103b6b4f2917684c1a591880203b4303418b85bc040f9f00b6658b0c90

Download Submit
memory/2684-80-0x00000000742C0000-0x00000000742CA000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads