64b6232aa8e9f455bfe9255665fb4b050caf35d7af3cac63484f8a0c972897e1

Analysis

max time kernel
149s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
27/06/2024, 12:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

16006e486b7a3add1a1fd8cf2c190737_JaffaCakes118.exe
Size

313KB
MD5

16006e486b7a3add1a1fd8cf2c190737
SHA1

2a737c5d3210393e242d4d8a3b1fad28b28cf5bf
SHA256

64b6232aa8e9f455bfe9255665fb4b050caf35d7af3cac63484f8a0c972897e1
SHA512

bead3b90ea736d526574a322bf1486c0926c4310c02d28032871d98d7e697e85a5abfe4f2720702712938702f57369d194db9b1d3814759b2030a222801da301
SSDEEP

6144:91OgDPdkBAFZWjadD4s0E+H1STjf8j2nVAGgZJ9Cu0OyNsLEeGLT6pdrF:91OgLdauc1mf8K1gZJ9WOyNsLEeEwr

Score

7^/10

adware discovery spyware stealer

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
3680	setup.exe

Loads dropped DLL 1 IoCs

pid	Process
3680	setup.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Installs/modifies Browser Helper Object 2 TTPs 4 IoCs

BHOs are DLL modules which act as plugins for Internet Explorer.

stealer adware

Modify Registry

T1112

Browser Extensions

T1176

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EF4AE399-219B-B0E4-9506-E0AA686D813B}\NoExplorer = "1"	setup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EF4AE399-219B-B0E4-9506-E0AA686D813B}	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EF4AE399-219B-B0E4-9506-E0AA686D813B}	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EF4AE399-219B-B0E4-9506-E0AA686D813B}\ = "wxDfast"	setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

NSIS installer 4 IoCs

installer

resource	yara_rule
behavioral2/files/0x0007000000023449-31.dat	nsis_installer_1
behavioral2/files/0x0007000000023449-31.dat	nsis_installer_2
behavioral2/files/0x0007000000023464-100.dat	nsis_installer_1
behavioral2/files/0x0007000000023464-100.dat	nsis_installer_2

Modifies registry class 63 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EF4AE399-219B-B0E4-9506-E0AA686D813B}\VersionIndependentProgID	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0\0\win32	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho\CLSID\ = "{EF4AE399-219B-B0E4-9506-E0AA686D813B}"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EF4AE399-219B-B0E4-9506-E0AA686D813B}\InprocServer32\ = "C:\\ProgramData\\wxDfast\\bhoclass.dll"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EF4AE399-219B-B0E4-9506-E0AA686D813B}\InprocServer32\ThreadingModel = "Apartment"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\ = "IInjectorBHO"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\ProxyStubClsid32	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\ProxyStubClsid32	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\TypeLib\ = "{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho.1.0\CLSID	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EF4AE399-219B-B0E4-9506-E0AA686D813B}\ProgID\ = "bhoclass.bho.1.0"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0\HELPDIR	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho.1.0	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho\CLSID	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EF4AE399-219B-B0E4-9506-E0AA686D813B}\VersionIndependentProgID\ = "bhoclass.bho"	setup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EF4AE399-219B-B0E4-9506-E0AA686D813B}	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho\ = "wxDfast"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho\CurVer\ = "bhoclass.bho.1.0"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EF4AE399-219B-B0E4-9506-E0AA686D813B}\ = "wxDfast Class"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0\ = "Injector 1.0 Type Library"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0\0	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0\0\win32\ = "C:\\ProgramData\\wxDfast\\bhoclass.dll"	setup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EF4AE399-219B-B0E4-9506-E0AA686D813B}\Programmable	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\ = "IInjectorBHO"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\ = "ILocalStorage"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\TypeLib\ = "{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EF4AE399-219B-B0E4-9506-E0AA686D813B}	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EF4AE399-219B-B0E4-9506-E0AA686D813B}\ProgID	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EF4AE399-219B-B0E4-9506-E0AA686D813B}\Programmable	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\TypeLib\Version = "1.0"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\TypeLib\Version = "1.0"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\ProxyStubClsid32	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho.1.0\CLSID\ = "{EF4AE399-219B-B0E4-9506-E0AA686D813B}"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\TypeLib	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0\FLAGS	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\ProxyStubClsid32	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EF4AE399-219B-B0E4-9506-E0AA686D813B}\InprocServer32	setup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EF4AE399-219B-B0E4-9506-E0AA686D813B}\InprocServer32	setup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EF4AE399-219B-B0E4-9506-E0AA686D813B}\VersionIndependentProgID	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\TypeLib	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0\HELPDIR\ = "C:\\ProgramData\\wxDfast"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\ = "ILocalStorage"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho.1.0\ = "wxDfast"	setup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EF4AE399-219B-B0E4-9506-E0AA686D813B}\ProgID	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\TypeLib	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\TypeLib	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\TypeLib\ = "{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\TypeLib\Version = "1.0"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\TypeLib\ = "{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\TypeLib\Version = "1.0"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho\CurVer	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0\FLAGS\ = "0"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	setup.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3580 wrote to memory of 3680	3580	16006e486b7a3add1a1fd8cf2c190737_JaffaCakes118.exe	80
PID 3580 wrote to memory of 3680	3580	16006e486b7a3add1a1fd8cf2c190737_JaffaCakes118.exe	80
PID 3580 wrote to memory of 3680	3580	16006e486b7a3add1a1fd8cf2c190737_JaffaCakes118.exe	80

System policy modification 1 TTPs 2 IoCs

evasion

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{EF4AE399-219B-B0E4-9506-E0AA686D813B} = "1"	setup.exe

C:\Users\Admin\AppData\Local\Temp\16006e486b7a3add1a1fd8cf2c190737_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\16006e486b7a3add1a1fd8cf2c190737_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3580
- C:\Users\Admin\AppData\Local\Temp\7zS48B1.tmp\setup.exe
  .\setup.exe /s
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Installs/modifies Browser Helper Object
  - Modifies registry class
  - System policy modification
  PID:3680

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Browser Extensions

T1176

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\wxDfast\uninstall.exe

Filesize
46KB

MD5
2628f4240552cc3b2ba04ee51078ae0c

SHA1
5b0cca662149240d1fd4354beac1338e97e334ea

SHA256
03c965d0bd9827a978ef4080139533573aa800c9803599c0ce91da48506ad8f6

SHA512
6ecfcc97126373e82f1edab47020979d7706fc2be39ca792e8f30595133cd762cd4a65a246bee9180713e40e61efa373ecfb5eb72501ee18b38f13e32e61793b

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS48B1.tmp\[email protected]\chrome.manifest

Filesize
114B

MD5
6d9b8bd9b4a894bf6ecbb488b7a03ddb

SHA1
3ea1dc04980981e43bea6fbe9fa302959bcf078e

SHA256
eaf2d9dee70ae30d02a019bec57d47b89d843f76f62ddfde24aa361179d1bdc2

SHA512
4ab7e53fc3226d93a6f60f646d838ba5119f242f0115bbc0d82ec32169c8ebf43a8be5f562aec42a850c45440cec155d553eb03fb743d21701de08fa2c8332df

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS48B1.tmp\[email protected]\content\indexeddb.js

Filesize
1KB

MD5
f1ae557a21c0b6539e6a93fd9b3cdc07

SHA1
d789b4523a4035b2ca79b646202d116690c02520

SHA256
0347b953452e79992f71648092340bccf0498167e0459fd546909cc918b1a8b5

SHA512
f8512de948f0f0ba5f90466949fdf781b9d309271d3ba602d4d3c538a68f21210efc0fefcd66d1051b28da7f638a31b409d6f2205e3ae3a6839e68014f2cb66f

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS48B1.tmp\[email protected]\content\jquery.js

Filesize
91KB

MD5
4bab8348a52d17428f684ad1ec3a427e

SHA1
56c912a8c8561070aee7b9808c5f3b2abec40063

SHA256
3739b485ac39b157caa066b883e4d9d3f74c50beff0b86cd8a24ce407b179a23

SHA512
a693069c66d8316d73a3c01ed9e6a4553c9b92d98b294f0e170cc9f9f5502c814255f5f92b93aeb07e0d6fe4613f9a1d511e1bfd965634f04e6cf18f191a7480

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS48B1.tmp\[email protected]\content\jsext.js

Filesize
6KB

MD5
ad23d5b6c393b74098b8b169579a193b

SHA1
278eab566613cbe4aa7489b21072f5a2e471ec02

SHA256
91fdd849f1c69df71f8a5c1808fea3a02c28243c84b6368421cac4e563a7a8d6

SHA512
bd8143e0a1ea3ecbd2fee9e62d892951ae5e377b4d8ad83bd3c88644ca03826aaf558117f38c83266e6f43a5f44eb7364bf595704c69c76f813b28747702da0c

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS48B1.tmp\[email protected]\content\lsdb.js

Filesize
1KB

MD5
a68ae8db4a58eaaacbe4174e118d147b

SHA1
3a2211dfd48e5d5bc28085a5a7fc46db1f7afd22

SHA256
d3768a88299ebdb98a3db29869c3ccf508b47b1c66ad81a2b5c30673a65671c9

SHA512
26cb4aa48d76f4f3745dd3a13c9bcf687a73147de83ebf0dcde85299fa78645f9eaed33e3f497f08bb8956983d9e66fe16d0d5ea0b89b44f7050b07077084b83

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS48B1.tmp\[email protected]\content\prfdb.js

Filesize
1KB

MD5
a05df4b30ba7c6661f92cebf18c03c24

SHA1
84cd3e02dfbf745303767f4ab11b015610b205fd

SHA256
4237409cd92dfdef90a39028044fd2c191f8d6d61edfa45b035f949f1ad4d701

SHA512
d2ca3aad414e72d083718bd81c987b05efc6f6ce085bb8e7cb66ed4cbe29170dcca9c4e69c6973f44702a2bd824d123b3580056cacf6644ce3bf820d04478487

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS48B1.tmp\[email protected]\content\sqlite.js

Filesize
1KB

MD5
9179c8f492fa5c2ed9996b4209604077

SHA1
f2cb3271b2926a1c6585bfb2887628f12c182c58

SHA256
eee5a0398d5108febaba041a5e9ae836c479bcb95f0af78db0be97da83ae2756

SHA512
098167953f3f79d5cd5a8a200e02f55be600159877f6f8dbd3a1265831c53d9375b27b543303aa8aa423aa772e725094c8d7f38437c92d119c4a7d4d292cd2d4

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS48B1.tmp\[email protected]\content\wx.xul

Filesize
228B

MD5
8634fa0cd4ded1eb92fc28e2bc5f3331

SHA1
e1c4e54942afcfcd0f51b99d4ceb4cb106e74013

SHA256
b281cebccf4044c68634d45584105be7820d2d091f40719d0574834841b36108

SHA512
f07869b192abe3697c9e2b6b0835d2ca19b6856fb397148c7f5c9e09a83819cb1dab70d7bb4b9a8502847797e241fdc333d84afe06cf9ccc7aa06f890787ce79

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS48B1.tmp\[email protected]\install.rdf

Filesize
677B

MD5
0c42126948e0a0e4ae9b2d28354a7b45

SHA1
5c3166dc81027cae50d9cdc54d3fb94d2523c4fd

SHA256
d8b9f5709120f26f2410e56027d260409b7a9398f70775f8fe73d79565168c1f

SHA512
4af91fcf6a454705866201aca84aefaf375045a0bc7c0ec3aa39d34afab5216fe97d8aec8ed45804e56ac5b4bea589fdc1d729c1c12e50fb6aa81f17b3205943

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS48B1.tmp\background.html

Filesize
5KB

MD5
5f21e193d79737bf020d8a29b35cea51

SHA1
29801591aed2130fd15c474a12323b0e66d85d98

SHA256
ede109168a12d03def4276e368b19d8f99ca7a73d49e946946ce32fb4879a1a7

SHA512
fe7d73994215f29699970e404014dfa335ff1d587192128f8f5b3e582298a9be0a576f3e4e363a001f8c12b877b886d139a1e42276114d0d8f9c31cbeae9be17

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS48B1.tmp\bhoclass.dll

Filesize
137KB

MD5
ac13c733379328f86568f6e514c2f7f8

SHA1
338901240fedcef4e3892fd4c723c89154f4de05

SHA256
7bf09b5c2a9b6348227199c1b3951b57907ca6a5c215a04ad8d5e43232f5b562

SHA512
35f69a82694a2ea4268a3dde7940af6bd1c87a32d93a72723464f90e4e818805be9e80872469d1cc29150a9aac872fc78613a584baa1327dfa8478c2de5672c4

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS48B1.tmp\content.js

Filesize
386B

MD5
9ab47c1a69db9a2cb1b73e3870dad030

SHA1
b352d52809dce6faca5a8b0db6cd416e891b0dc6

SHA256
e2cfc28ae4f4a98d88cc028f4b2f71244e6dee1d693b863bdaf73c93c653a455

SHA512
aba7649f15f245cc9743204ecf558312019f12bd48e5915cb01a252dadbb8c67ed9f7460697da68084c6fc4b7e02fffa6673930909c0ab83c9729f537acf2529

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS48B1.tmp\jgknecleienboocapoddjlolbfnmllnk.crx

Filesize
37KB

MD5
dab62ae48fb7451382c4ec9bc568ca86

SHA1
348015e80123f61a66ed310553834cd73656d756

SHA256
b4b8c3f08e9bd617507f8308c8b94e45824e0f00cdb994ba1d0d92a2c86fcbca

SHA512
105dcd59e7ab548f49263b0b6234e23134cae3d40981a9bd7aeba985c3a7e5b4a283d0b3aa42aedc5b7c5dc4271fbf2bd4aee22423fe864505f7c2b587813afc

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS48B1.tmp\settings.ini

Filesize
599B

MD5
a9ec27e00696bc3c2565b1a04128bc1b

SHA1
5fcf0459d466f25c8577b26d0f975264cab17119

SHA256
90741d28e4bdaf40dd99c40f8b7d50bd1f767eea01f688332e4345e1962924f4

SHA512
cda485930893d2d1d10f3a33ae5d17d3268b2160df8db1880c446f3bdc2dde79db5d192a9bb041fb5da6a4071576ed1348c3ba0bc6dbed34c852f7bc1f4836bf

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS48B1.tmp\setup.exe

Filesize
61KB

MD5
201d2311011ffdf6c762fd46cdeb52ab

SHA1
65c474ca42a337745e288be0e21f43ceaafd5efe

SHA256
15c0e4fd6091cda70fa308ea5ee956996f6eb23d24e44700bd5c74bf111cf2aa

SHA512
235d70114f391d9e7a319d94bdfc49665d147723379de7487ef76cfc968f7faa3191153b32ba1ab466caeeeeef4852381529a168c3acca9a8d5a26dfe0436f6b

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads