0f5f6a4d09e14c56eb1f009a043cc93a22cac5a71813587543bf31df4572b601

Analysis

max time kernel
104s
max time network
137s
platform
windows10-2004_x64
resource
win10v2004-20250313-en
resource tags

arch:x64arch:x86image:win10v2004-20250313-enlocale:en-usos:windows10-2004-x64system
submitted
28/03/2025, 14:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_8ac9393fae2660b30946addceceb5a3b.exe
Size

255KB
MD5

8ac9393fae2660b30946addceceb5a3b
SHA1

e074ba2518861de8badba25a070fddb6ca2ddb97
SHA256

0f5f6a4d09e14c56eb1f009a043cc93a22cac5a71813587543bf31df4572b601
SHA512

801da32018ae870df4d3cdbc2b07a53764d3f53b982668446139125b0f00cd8c886d00e45034dc6a32484d6d67f9390546d9f95a1a2fc7f55ea113e87916a5dd
SSDEEP

6144:h1OgDPdkBAFZWjadD4s55MSrA6LPGv8VdPAhlrzqGwB2vjWQtD:h1OgLdaO5MSr1iv5rPIB2vjpD

Score

7^/10

adware discovery spyware stealer upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral2/files/0x00070000000242af-69.dat	acprotect

Executes dropped EXE 1 IoCs

pid	Process
640	5167be961cf11.exe

Loads dropped DLL 3 IoCs

pid	Process
640	5167be961cf11.exe
640	5167be961cf11.exe
640	5167be961cf11.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops Chrome extension 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cakpicfjacphhiieckmfiidlebmdjkfp\1\manifest.json	5167be961cf11.exe

Installs/modifies Browser Helper Object 2 TTPs 3 IoCs

BHOs are DLL modules which act as plugins for Internet Explorer.

stealer adware

Modify Registry

T1112

Browser Extensions

T1176

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{982E2616-8C0F-38C3-CDC2-A412024B307D}	5167be961cf11.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{982E2616-8C0F-38C3-CDC2-A412024B307D}\ = "GenIUsCoupoNu "	5167be961cf11.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{982E2616-8C0F-38C3-CDC2-A412024B307D}\NoExplorer = "1"	5167be961cf11.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/640-73-0x0000000073F60000-0x0000000073F6A000-memory.dmp	upx
behavioral2/files/0x00070000000242af-69.dat	upx

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_8ac9393fae2660b30946addceceb5a3b.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	5167be961cf11.exe

NSIS installer 4 IoCs

installer

resource	yara_rule
behavioral2/files/0x0007000000024297-30.dat	nsis_installer_1
behavioral2/files/0x0007000000024297-30.dat	nsis_installer_2
behavioral2/files/0x00070000000242b3-97.dat	nsis_installer_1
behavioral2/files/0x00070000000242b3-97.dat	nsis_installer_2

Modifies registry class 45 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib	5167be961cf11.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib\Version = "1.0"	5167be961cf11.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib\ = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}"	5167be961cf11.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib\Version = "1.0"	5167be961cf11.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0	5167be961cf11.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\HELPDIR	5167be961cf11.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}	5167be961cf11.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ProxyStubClsid32	5167be961cf11.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}	5167be961cf11.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ = "ILocalStorage"	5167be961cf11.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ProxyStubClsid32	5167be961cf11.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib\ = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}"	5167be961cf11.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\0\win32\ = "C:\\ProgramData\\GenIUsCoupoNu\\5167be961cf4a.tlb"	5167be961cf11.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib\ = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}"	5167be961cf11.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{982E2616-8C0F-38C3-CDC2-A412024B307D}\ = "GenIUsCoupoNu "	5167be961cf11.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{982E2616-8C0F-38C3-CDC2-A412024B307D}\InProcServer32\ThreadingModel = "Apartment"	5167be961cf11.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\0	5167be961cf11.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\HELPDIR\ = "C:\\ProgramData\\GenIUsCoupoNu"	5167be961cf11.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	5167be961cf11.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ProxyStubClsid32	5167be961cf11.exe
Key created	\REGISTRY\MACHINE\Software\Classes\WOW6432Node\CLSID\{982E2616-8C0F-38C3-CDC2-A412024B307D}	5167be961cf11.exe
Key created	\REGISTRY\MACHINE\Software\Classes\WOW6432Node\CLSID\{982E2616-8C0F-38C3-CDC2-A412024B307D}\InProcServer32	5167be961cf11.exe
Key created	\REGISTRY\MACHINE\Software\Classes\WOW6432Node\CLSID\{982E2616-8C0F-38C3-CDC2-A412024B307D}\ProgID	5167be961cf11.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib\Version = "1.0"	5167be961cf11.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\ = "IEPluginLib"	5167be961cf11.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}	5167be961cf11.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ = "IIEPluginMain"	5167be961cf11.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	5167be961cf11.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib\Version = "1.0"	5167be961cf11.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{982E2616-8C0F-38C3-CDC2-A412024B307D}\ProgID\ = "GenIUsCoupoNu .1"	5167be961cf11.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}	5167be961cf11.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	5167be961cf11.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\FLAGS	5167be961cf11.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\0\win32	5167be961cf11.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib\ = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}"	5167be961cf11.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{982E2616-8C0F-38C3-CDC2-A412024B307D}\InProcServer32\ = "C:\\ProgramData\\GenIUsCoupoNu\\5167be961cf4a.dll"	5167be961cf11.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	5167be961cf11.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib	5167be961cf11.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ = "ILocalStorage"	5167be961cf11.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib	5167be961cf11.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib	5167be961cf11.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}	5167be961cf11.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\FLAGS\ = "0"	5167be961cf11.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ = "IIEPluginMain"	5167be961cf11.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ProxyStubClsid32	5167be961cf11.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4984 wrote to memory of 640	4984	JaffaCakes118_8ac9393fae2660b30946addceceb5a3b.exe	86
PID 4984 wrote to memory of 640	4984	JaffaCakes118_8ac9393fae2660b30946addceceb5a3b.exe	86
PID 4984 wrote to memory of 640	4984	JaffaCakes118_8ac9393fae2660b30946addceceb5a3b.exe	86

System policy modification 1 TTPs 2 IoCs

defense_evasion

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID	5167be961cf11.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{982E2616-8C0F-38C3-CDC2-A412024B307D} = "1"	5167be961cf11.exe

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8ac9393fae2660b30946addceceb5a3b.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8ac9393fae2660b30946addceceb5a3b.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:4984
- C:\Users\Admin\AppData\Local\Temp\7zSA930.tmp\5167be961cf11.exe
  .\5167be961cf11.exe /s
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops Chrome extension
  - Installs/modifies Browser Helper Object
  - System Location Discovery: System Language Discovery
  - Modifies registry class
  - System policy modification
  PID:640

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Browser Extensions

T1176

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\GenIUsCoupoNu\uninstall.exe

Filesize
48KB

MD5
f3c79bda3fdf7c5dd24d60400a57cadb

SHA1
1adb606aaeedb246a371c8877c737f0f8c798625

SHA256
a76272ed3bbf23308782a308d428ee805ec77fbb622a830af26cb0ddbbf7377b

SHA512
c43cb957bdea357bd016fe03a8004a48d8117a12106f62876394feba05ad01a321ff6017ffb7b926cc77712f5ab63ea2e4b169a419c444c8f62aa4933f289935

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSA930.tmp\5167be961cf11.exe

Filesize
71KB

MD5
b78633fae8aaf5f7e99e9c736f44f9c5

SHA1
26fc60e29c459891ac0909470ac6c61a1eca1544

SHA256
d205693516dbaf34cfbd216e825190de4de1412e861bc9cb30ce863907b30d22

SHA512
3885b609269b26918ccfcd9069181168c12f4271b6bdfcc51afe176b2dd242d4c0953ac1a4ddaf25abcfaf28a0b694a6269d96ae39bb7b2db2f0140d2d60cd43

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSA930.tmp\5167be961cf4a.dll

Filesize
115KB

MD5
00ce3831a16a62c6d7ea4b21049e4b22

SHA1
3e48c8d25b196d67722ed20cd36bf3448a4c9136

SHA256
d4bb7937b36973cbf3b12c9500c25ed34103944a69bad9162f3b98f39474529c

SHA512
7633071b26d802aae1250111baa40e5158fb1a1639d76098f2ecd6263adf0e6371d5e9a70d9005b267cb907da84235f4e361f8c8a75b8adbd19a049ab1227619

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSA930.tmp\5167be961cf4a.tlb

Filesize
18KB

MD5
d5980ff8eb0ef4276fad96fba8fc5018

SHA1
2cb05f8b43aa3ae2f5492f590997eec6ff808fe2

SHA256
ac3a1daa32b1c489f9c2f4413ab35c4fc90b54a52ede0fb53276666e6eeef16f

SHA512
30404f467dd727a7de132fb08cd3c88abf5fb2e7ef18f24af5371b63fd106d6d5757061ec55c7b54daf9844100280670bf2b22a71c89b160048552b5eec12d0c

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSA930.tmp\cakpicfjacphhiieckmfiidlebmdjkfp\5167be961cd041.28354602.js

Filesize
4KB

MD5
fd625cd658591d9b3283c8c6b3cec6ce

SHA1
c5f8c640dc57f2ae981602f0cdc4610c092e67eb

SHA256
3c1e1eeffc65edc41ccbd4d17cf65d541e0954bad6ff0074099ea0ef48efe410

SHA512
3013f05aca477b884ffa65e3f2fdc933a40f1ff5d9cd156aced791da2d61aba5bf9d5ec2b93ccbcadfe973cae3a5abcb47d27030a52f2ef1b6bcb255b4415cec

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSA930.tmp\cakpicfjacphhiieckmfiidlebmdjkfp\background.html

Filesize
161B

MD5
ad081a503fb5fb1cfa4353f95c82f6ed

SHA1
39cbd51efbfca2c9e39bb2a9261253be1adf99ae

SHA256
1d948cfa9521f0ce974300eb5ef7946d54b791847ac769bdf8c6d70e4731c6c4

SHA512
a81b122b96e53c7f8594d393c298fe5973d1a2568b7c2c586574ede1262a093c3346305d92e72e0f07a23312230ec2742c301fb7536f0d0f9fe6f9f431600a64

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSA930.tmp\cakpicfjacphhiieckmfiidlebmdjkfp\content.js

Filesize
197B

MD5
5f9891607f65f433b0690bae7088b2c1

SHA1
b4edb7579dca34dcd00bca5d2c13cbc5c8fac0de

SHA256
fb01e87250ac9985ed08d97f2f99937a52998ea9faebdc88e4071d6517e1ea6b

SHA512
76018b39e4b62ff9ea92709d12b0255f33e8402dfc649ed403382eebc22fb37c347c403534a7792e6b5de0ed0a5d97a09b69f0ffc39031cb0d4c7d79e9440c7c

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSA930.tmp\cakpicfjacphhiieckmfiidlebmdjkfp\lsdb.js

Filesize
559B

MD5
209b7ae0b6d8c3f9687c979d03b08089

SHA1
6449f8bff917115eef4e7488fae61942a869200f

SHA256
e3cf0049af8b9f6cb4f0223ccb8438f4b0c75863684c944450015868a0c45704

SHA512
1b38d5509283ef25de550b43ef2535dee1a13eff12ad5093f513165a47eec631bcc993242e2ce640f36c61974431ae2555bd6e2a97aba91eb689b7cd4bf25a25

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSA930.tmp\cakpicfjacphhiieckmfiidlebmdjkfp\manifest.json

Filesize
507B

MD5
46fa0c2e9465c6b079abd919c69c7c28

SHA1
dce1dc3a2dea3b66850829e7282c6322f5850e4c

SHA256
08ed2677e731270025a10e5ffceb1b74c99a6f71f3be9d43912755e5b0d79aac

SHA512
e9c91b6d5f149bc1f606bbc0cc6fd31312c355411a647ddf0d39cdcfbde20d3fa23fd0b76388259f9e8c2d0d6f226c65f50851e5fd654288c7189833afb59540

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSA930.tmp\cakpicfjacphhiieckmfiidlebmdjkfp\sqlite.js

Filesize
1KB

MD5
68d9d9a71b5472ca9c9b56fdcaeaef74

SHA1
85dfe601d6028a6686eb0766b39ac2c75ee4385b

SHA256
3885cf36fa72ae3f5203146cd03eb88f873869807471eddf6ac15f3c6fb5a3eb

SHA512
b84e2ed34081e977046a7dde18295acd5df6f4606ed8916f0c9438312e4780be36de186f097756408e1624299e2e9cbc6995fbae833108826e6248b86e5977bb

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSA930.tmp\[email protected]\bootstrap.js

Filesize
2KB

MD5
52d90607f1115eaf4313dc4c4871a8eb

SHA1
1a504f66103b56f1f6d28a9fa776cec7c3d7f584

SHA256
0fe7be5f6472621062ec2b9b61cda96d2a4255b9558a1a682449ddd7ede27f05

SHA512
5bb05ebe446e39f657d82f64089838bc812eab78a716b842e1af90062a3547a164949cb2884b26213fa71ec134c799570acb235647f536ae00d5e201202bf2e5

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSA930.tmp\[email protected]\chrome.manifest

Filesize
116B

MD5
00b661348068cb47b24e9e6c6d72a357

SHA1
3147c784c5af6735b40d45c82307bf53ef01b79d

SHA256
27ebf7a1658555ba2b9c9748b6b81ec14f20893654226562da131f5b6932820c

SHA512
b123e642a6ae65075be4a21acee8858b32fe8f8515c15d811e09fc9e76f61b2980b3ffb7715ea0829accce5feaf01244bf396c6af4bc537d3fe7514c5dc01e51

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSA930.tmp\[email protected]\content\bg.js

Filesize
8KB

MD5
2ad8666a9bac4c4d57f881d944d864e2

SHA1
85d5720f9b9d2c45fb4e87253176a755e7388db2

SHA256
1daa27594f1d96f9edd911ee43452716d5fbcbe1b755746f5a3853ad7e86bc9e

SHA512
a74164f84892679d52ccd50c3371877446f96abb4fc04f8308442bd2537b6eb4640c1636b6d230a73a96dfdcbfe7fc8600cc42ada4050581b0ff1626ba808bf5

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSA930.tmp\[email protected]\install.rdf

Filesize
604B

MD5
c68f685fa8f4115ed7b73eab2b9cfc02

SHA1
0f18b56e167a993cf3e3190ae683cd1bd3efb600

SHA256
23949931f576cd0085b23ef6e779fa3ae5b7924f80d7d0df27615aaefd1a04d2

SHA512
8e725377e98e7cd7d5bcb06244169dc35a23128d7b6eb0649eda7fd14b20449dbc5e94c5721d28ea0663f112b0e7cd8416d2f252a377b5fc010e811558b2d576

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSA930.tmp\settings.ini

Filesize
6KB

MD5
4de93fa9a583eca81062da3823b7be0d

SHA1
13b9bb6c83a831931ff664cb39cf996544b8f7ff

SHA256
29cfcc5f5b98564dc901d2547ac97c348cbefa046fe9728aae9bb7f50d71f0fb

SHA512
417981df6f399c22198271363b73a72c33e59f7412172af7751e40f7faf94a2358069bde91b3a552135ab4d681cfe984a911496d8abe94c75531eeb7d5ec24c3

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjAA0C.tmp\UserInfo.dll

Filesize
4KB

MD5
7579ade7ae1747a31960a228ce02e666

SHA1
8ec8571a296737e819dcf86353a43fcf8ec63351

SHA256
564c80dec62d76c53497c40094db360ff8a36e0dc1bda8383d0f9583138997f5

SHA512
a88bc56e938374c333b0e33cb72951635b5d5a98b9cb2d6785073cbcad23bf4c0f9f69d3b7e87b46c76eb03ced9bb786844ce87656a9e3df4ca24acf43d7a05b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjAA0C.tmp\nsJSON.dll

Filesize
7KB

MD5
b9cd1b0fd3af89892348e5cc3108dce7

SHA1
f7bc59bf631303facfc970c0da67a73568e1dca6

SHA256
49b173504eb9cd07e42a3c4deb84c2cd3f3b49c7fb0858aee43ddfc64660e384

SHA512
fdcbdd21b831a92ca686aab5b240f073a89a08588e42439564747cad9160d79cfa8e3c103b6b4f2917684c1a591880203b4303418b85bc040f9f00b6658b0c90

Download Submit
memory/640-73-0x0000000073F60000-0x0000000073F6A000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads