7da049f0f71e8f7efcef398ef39fce5d8f2c500bcc73d7007a08f4315c6f531e

Analysis

max time kernel
120s
max time network
125s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30-12-2023 14:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1b2a52507cdbfcd6a7e54916e2a95c04.exe
Size

313KB
MD5

1b2a52507cdbfcd6a7e54916e2a95c04
SHA1

51ed8ae635f1a1e4821fed9ce1f74339bd494236
SHA256

7da049f0f71e8f7efcef398ef39fce5d8f2c500bcc73d7007a08f4315c6f531e
SHA512

a87d09a99a2df6b01bfd89f657509f9caf041697378032a18065bc7a196fa18dbd1a6933ea4cbe02566728d405e14437742dde3ec458834d84e8b955678bdc58
SSDEEP

6144:91OgDPdkBAFZWjadD4slUdKMtoe1Cxupm3auwi7mhwxscqMmA2v7Uf:91OgLdabdKMtsVKZi7mhwxv2Yf

Score

7^/10

adware discovery spyware stealer

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2824	setup.exe

Loads dropped DLL 6 IoCs

pid	Process
1304	1b2a52507cdbfcd6a7e54916e2a95c04.exe
2824	setup.exe
2824	setup.exe
2824	setup.exe
2824	setup.exe
2824	setup.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Installs/modifies Browser Helper Object 2 TTPs 4 IoCs

BHOs are DLL modules which act as plugins for Internet Explorer.

stealer adware

Modify Registry

T1112

Browser Extensions

T1176

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{801CC464-1F9D-926C-2074-6DD62C1B7DE2}	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{801CC464-1F9D-926C-2074-6DD62C1B7DE2}\ = "TheBflix"	setup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{801CC464-1F9D-926C-2074-6DD62C1B7DE2}\NoExplorer = "1"	setup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{801CC464-1F9D-926C-2074-6DD62C1B7DE2}	setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

NSIS installer 4 IoCs

installer

resource	yara_rule
behavioral1/files/0x0006000000016259-30.dat	nsis_installer_1
behavioral1/files/0x0006000000016259-30.dat	nsis_installer_2
behavioral1/files/0x003000000001530e-99.dat	nsis_installer_1
behavioral1/files/0x003000000001530e-99.dat	nsis_installer_2

Modifies registry class 63 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{801CC464-1F9D-926C-2074-6DD62C1B7DE2}\Programmable	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0\ = "Injector 1.0 Type Library"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\ProxyStubClsid32	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho.5.1\ = "TheBflix"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho.5.1\CLSID\ = "{801CC464-1F9D-926C-2074-6DD62C1B7DE2}"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{801CC464-1F9D-926C-2074-6DD62C1B7DE2}\ = "TheBflix Class"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0\0	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0\0\win32\ = "C:\\ProgramData\\TheBflix\\bhoclass.dll"	setup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{801CC464-1F9D-926C-2074-6DD62C1B7DE2}	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\TypeLib	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho\ = "TheBflix"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho\CLSID\ = "{801CC464-1F9D-926C-2074-6DD62C1B7DE2}"	setup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{801CC464-1F9D-926C-2074-6DD62C1B7DE2}\VersionIndependentProgID	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0\HELPDIR	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\TypeLib\ = "{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{801CC464-1F9D-926C-2074-6DD62C1B7DE2}\VersionIndependentProgID\ = "bhoclass.bho"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0\FLAGS	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0\FLAGS\ = "0"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho.5.1	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\TypeLib\ = "{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho\CLSID	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho\CurVer	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{801CC464-1F9D-926C-2074-6DD62C1B7DE2}\ProgID	setup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{801CC464-1F9D-926C-2074-6DD62C1B7DE2}\Programmable	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\ = "IInjectorBHO"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\ProxyStubClsid32	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\TypeLib\Version = "1.0"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{801CC464-1F9D-926C-2074-6DD62C1B7DE2}\InprocServer32\ThreadingModel = "Apartment"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\TypeLib	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\TypeLib\Version = "1.0"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\TypeLib\Version = "1.0"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0\0\win32	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\ = "ILocalStorage"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\TypeLib\ = "{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\TypeLib\Version = "1.0"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0\HELPDIR\ = "C:\\ProgramData\\TheBflix"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\ProxyStubClsid32	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho.5.1\CLSID	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{801CC464-1F9D-926C-2074-6DD62C1B7DE2}	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\TypeLib\ = "{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho\CurVer\ = "bhoclass.bho.5.1"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{801CC464-1F9D-926C-2074-6DD62C1B7DE2}\InprocServer32\ = "C:\\ProgramData\\TheBflix\\bhoclass.dll"	setup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{801CC464-1F9D-926C-2074-6DD62C1B7DE2}\ProgID	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{801CC464-1F9D-926C-2074-6DD62C1B7DE2}\VersionIndependentProgID	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\ProxyStubClsid32	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{801CC464-1F9D-926C-2074-6DD62C1B7DE2}\ProgID\ = "bhoclass.bho.5.1"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\ = "IInjectorBHO"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\TypeLib	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\TypeLib	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\ = "ILocalStorage"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{801CC464-1F9D-926C-2074-6DD62C1B7DE2}\InprocServer32	setup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{801CC464-1F9D-926C-2074-6DD62C1B7DE2}\InprocServer32	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	setup.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1304 wrote to memory of 2824	1304	1b2a52507cdbfcd6a7e54916e2a95c04.exe	28
PID 1304 wrote to memory of 2824	1304	1b2a52507cdbfcd6a7e54916e2a95c04.exe	28
PID 1304 wrote to memory of 2824	1304	1b2a52507cdbfcd6a7e54916e2a95c04.exe	28
PID 1304 wrote to memory of 2824	1304	1b2a52507cdbfcd6a7e54916e2a95c04.exe	28
PID 1304 wrote to memory of 2824	1304	1b2a52507cdbfcd6a7e54916e2a95c04.exe	28
PID 1304 wrote to memory of 2824	1304	1b2a52507cdbfcd6a7e54916e2a95c04.exe	28
PID 1304 wrote to memory of 2824	1304	1b2a52507cdbfcd6a7e54916e2a95c04.exe	28

System policy modification 1 TTPs 2 IoCs

evasion

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{801CC464-1F9D-926C-2074-6DD62C1B7DE2} = "1"	setup.exe

C:\Users\Admin\AppData\Local\Temp\1b2a52507cdbfcd6a7e54916e2a95c04.exe
"C:\Users\Admin\AppData\Local\Temp\1b2a52507cdbfcd6a7e54916e2a95c04.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1304
- C:\Users\Admin\AppData\Local\Temp\7zS4183.tmp\setup.exe
  .\setup.exe /s
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Installs/modifies Browser Helper Object
  - Modifies registry class
  - System policy modification
  PID:2824

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Browser Extensions

T1176

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\TheBflix\uninstall.exe

Filesize
46KB

MD5
2628f4240552cc3b2ba04ee51078ae0c

SHA1
5b0cca662149240d1fd4354beac1338e97e334ea

SHA256
03c965d0bd9827a978ef4080139533573aa800c9803599c0ce91da48506ad8f6

SHA512
6ecfcc97126373e82f1edab47020979d7706fc2be39ca792e8f30595133cd762cd4a65a246bee9180713e40e61efa373ecfb5eb72501ee18b38f13e32e61793b

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS4183.tmp\[email protected]\chrome.manifest

Filesize
114B

MD5
1dc9a2e7bd772895a7ca4114d8cc3f59

SHA1
45455d649356928ab3c6d7c3e7ed2b0daca3b891

SHA256
efddd2f1829fdaa4016c53c6776c09f46bdba0cf7e30a55ff565bd97cd1142f5

SHA512
f8c6d9d537ace5fa02179e61760e37bf8cf30d1e3264f9c81e1b451e9f8cdc2db11ea00b34653717aefb081e3bc9efa308d7c567710a1b061086b1e42168e4a0

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS4183.tmp\[email protected]\content\indexeddb.js

Filesize
1KB

MD5
1bd9510a4c1856c63fab6eec31dd6dd5

SHA1
64cf5a1cedfa3a46070ab990dae65c8232103ecb

SHA256
6c52b10acf6031e21f8b3a09fec13b48a3c8464597622a218fdf5785e2639860

SHA512
1a31a366631ecf6b772642d4b3fdefb6051a5d2a9ac5632d9f08f3f169fdfb390f3cee1df739d3454601cc5fd3b8397d18af203ddab803aaf67e307de0357b98

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS4183.tmp\[email protected]\content\jquery.js

Filesize
91KB

MD5
4bab8348a52d17428f684ad1ec3a427e

SHA1
56c912a8c8561070aee7b9808c5f3b2abec40063

SHA256
3739b485ac39b157caa066b883e4d9d3f74c50beff0b86cd8a24ce407b179a23

SHA512
a693069c66d8316d73a3c01ed9e6a4553c9b92d98b294f0e170cc9f9f5502c814255f5f92b93aeb07e0d6fe4613f9a1d511e1bfd965634f04e6cf18f191a7480

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS4183.tmp\[email protected]\content\jsext.js

Filesize
6KB

MD5
15b4bd04cf6a61965e98ddf65f8ec023

SHA1
6ab43f649339c9aa543be4545ed74521a4cbfa44

SHA256
11749f867d32e3a8955689ab0ec4b458fd2fd936f861d9cd167c924b112c77c4

SHA512
99526a74a7afb9d2e571de5f0c95c9d11fdf77c9f8bfc4feccf1790ad62b33e36a2dc3f6eee49e07fbbcf23c0263658374a1e6b64304448e3a8178f8819cff54

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS4183.tmp\[email protected]\content\lsdb.js

Filesize
1KB

MD5
a5d7e6bdb164f8f0e03c3a366d796ef3

SHA1
11f34363d0f6affe45d46f3bf6d49d1e2a495731

SHA256
2cbcd3215cb34fa6877424cdfa75e1d5c0c979e26f7115f580bf8215d548b1d5

SHA512
0ca223f2fb38de2dbf0b8079774ac7823708fdfee6b3fd2a07b2a0ee755c1506454378351a9166c0d9d0d010e420076faf769cd40d3be6deb5b50427f5c65eaf

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS4183.tmp\[email protected]\content\prfdb.js

Filesize
1KB

MD5
691b62a71fd565086ee7705ae5ea50cd

SHA1
d4ecba20595942e75a09fc49a56cf6f45642c61a

SHA256
f4294dfe9f8690efe4d74cddff46270f4f7b1da585f4f36dfb382ddf8bb5bf92

SHA512
b8f8ecccfed28af371203072d86d729c3f6ac313355a42d3f3af1a2f4f7f0e6c86d5b25f718048290cfc2ffe63453264c42bd2499af0f8c8dfb040cdf9835857

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS4183.tmp\[email protected]\content\sqlite.js

Filesize
1KB

MD5
21c3bccbb60b6f09645bef1197782e68

SHA1
69c9f358c0ab4999f74612ab4b730d97ca5dc2e8

SHA256
c8c9ac3aff364742cd3332a68633db68ac837fcd09a93e8df93201ea303b9b0c

SHA512
808e91f4e30385477473d77828efe8cb10c9393455e996112734dda30ac268a48c5eb5c7a17d1d9daf466fbb11314ad99e40275673b6b1e5399c671e29716be1

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS4183.tmp\[email protected]\content\wx.xul

Filesize
228B

MD5
9ac98226bc7ccb477df286693ac2b93e

SHA1
72306f33f95777e6eb085436f2b0a5e49940165a

SHA256
ee3f1f9a4ea0a7525117cc5f28c8c6ad98783debfbd3cb8ad2524003d3c8661b

SHA512
199c6f34d3fe19eec271645a2d6db6c87c0e9675bc495b24fd74b321d631bddcc2a95a672f313880cd41e01fd3c4ebd16df63cdefb19297131ab1a09d5c98f05

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS4183.tmp\[email protected]\install.rdf

Filesize
694B

MD5
3a5fd46bdf2dd57be9e8f224bec4ba71

SHA1
44ddc5fc9145cce00c1c8e11c48e2c988ae010fb

SHA256
0d00d4b9f76a3dcfa4dcf6ccfc1db7b3063133afceb268e11b61f353b2dfeef8

SHA512
fde669d5e3c79042ef66c59da19e6dc7875efe5983f5ae78bc9a81aa921c453a8dff9534d1bc006b2e05908a798de0f62484e51475e7df53afecb16c75ca4206

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS4183.tmp\background.html

Filesize
4KB

MD5
bba43f182fc2e15491458be343a8cb9f

SHA1
329340de101a7e36e5a5bfa104cb48c28945d734

SHA256
5bd101dea0777de6acc5e42d7840ec36bea9a503e370ddb597d16694273c900a

SHA512
068c411aba83c3e9a8a8821cdf172edbbe13688b79501edd9c7299cbbcdfe7b755d0ba6e2b97614ac97595f16c7cbc8d3b1c86a8f42cd81c49f492bdbb61ce09

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS4183.tmp\bhoclass.dll

Filesize
137KB

MD5
ac13c733379328f86568f6e514c2f7f8

SHA1
338901240fedcef4e3892fd4c723c89154f4de05

SHA256
7bf09b5c2a9b6348227199c1b3951b57907ca6a5c215a04ad8d5e43232f5b562

SHA512
35f69a82694a2ea4268a3dde7940af6bd1c87a32d93a72723464f90e4e818805be9e80872469d1cc29150a9aac872fc78613a584baa1327dfa8478c2de5672c4

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS4183.tmp\content.js

Filesize
388B

MD5
d3ff8ab55eeaadaf70fee7a121ebfa58

SHA1
b85995bed69fd7fcba6b93b778ac30d5a1b66584

SHA256
2d07a5ade080e54df4978da67c370bfa314caa1514d5f76266b9a743f1abb011

SHA512
e3a0cecc603c242592fe9b4ca8654b0738e7eaeae6a7dcbf60cb76f6ab079200bb39a79e96a7bdd29c5cf1cf9c3d3a82a30013fb9a06d10e41132d9c629bd474

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS4183.tmp\fgdimjiihkmkbblmiendfpgennkbebke.crx

Filesize
37KB

MD5
79eebd3fd7f425ffcac3959e98fb699d

SHA1
57d37e83fd2fc1f774069a2b083cd8a5dc6e1d2a

SHA256
7ebc1ef14e4d2bf84200570b6e12ac6143e91b48d4278d2f5d0a06d30fd224e6

SHA512
0a491a0283296dfb106fe95d664b04ee762941e71bf1c29399f9177b81484575f18a32118ff5f115aabe056d8c4db37a18ab4a54d421986f94d50ac1661a136d

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS4183.tmp\settings.ini

Filesize
595B

MD5
841c1338948728c71201795a303fac34

SHA1
48ba02610eb09049f547bbddef9f996447369747

SHA256
7dd4ea5fdd1699c9ecb925a6b481f65f8fc3cd9ad3aa584401a4286f285586fa

SHA512
22329f28ef58db175779b1cec620c9793d0a8aa221fa441967abbc5d927cb9ad0813a8449b62d54848d59db17c139b1808b985604f86f653abae9a6da768ac32

Download Submit
\Users\Admin\AppData\Local\Temp\7zS4183.tmp\setup.exe

Filesize
61KB

MD5
201d2311011ffdf6c762fd46cdeb52ab

SHA1
65c474ca42a337745e288be0e21f43ceaafd5efe

SHA256
15c0e4fd6091cda70fa308ea5ee956996f6eb23d24e44700bd5c74bf111cf2aa

SHA512
235d70114f391d9e7a319d94bdfc49665d147723379de7487ef76cfc968f7faa3191153b32ba1ab466caeeeeef4852381529a168c3acca9a8d5a26dfe0436f6b

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads