02ab2b9dc85c7a24a3cc0dfe9105e2832fd326261dace49d30e5c05a92e2585d

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
27-06-2024 16:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

16ab38d59ced6eaef4cea396f5a4fb92_JaffaCakes118.exe
Size

281KB
MD5

16ab38d59ced6eaef4cea396f5a4fb92
SHA1

ec0d7a90538f5cc5473a1bbf9cf541289bb2a850
SHA256

02ab2b9dc85c7a24a3cc0dfe9105e2832fd326261dace49d30e5c05a92e2585d
SHA512

e6e1d3ab88f700fb26d55003b1bf60b8fa7b2995e299cec441a6be323b438e96649d49ddb3ba756d1aad48489bb36310c36ef8e71304353092ea0742d67f6583
SSDEEP

6144:91OgDPdkBAFZWjadD4s2YRz2lWZLZ2FzqCPEM8PRDgGaZCF:91OgLdap0N8F1PE5POGaZCF

Score

7^/10

adware discovery spyware stealer

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
5044	setup.exe

Loads dropped DLL 1 IoCs

pid	Process
5044	setup.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Installs/modifies Browser Helper Object 2 TTPs 4 IoCs

BHOs are DLL modules which act as plugins for Internet Explorer.

stealer adware

Modify Registry

T1112

Browser Extensions

T1176

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B02BE2BB-BEE0-7272-6682-5A1E0AB391A6}	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B02BE2BB-BEE0-7272-6682-5A1E0AB391A6}\ = "DownloadnSave"	setup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B02BE2BB-BEE0-7272-6682-5A1E0AB391A6}\NoExplorer = "1"	setup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B02BE2BB-BEE0-7272-6682-5A1E0AB391A6}	setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

NSIS installer 4 IoCs

installer

resource	yara_rule
behavioral2/files/0x000700000002342a-31.dat	nsis_installer_1
behavioral2/files/0x000700000002342a-31.dat	nsis_installer_2
behavioral2/files/0x0007000000023444-100.dat	nsis_installer_1
behavioral2/files/0x0007000000023444-100.dat	nsis_installer_2

Modifies registry class 63 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho.1.0\CLSID	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho.1.0\CLSID\ = "{B02BE2BB-BEE0-7272-6682-5A1E0AB391A6}"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho\CLSID\ = "{B02BE2BB-BEE0-7272-6682-5A1E0AB391A6}"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\TypeLib	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\TypeLib\Version = "1.0"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0\0	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\ProxyStubClsid32	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho\CLSID	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\ = "IInjectorBHO"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\TypeLib\ = "{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0\HELPDIR\ = "C:\\ProgramData\\DownloadnSave"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B02BE2BB-BEE0-7272-6682-5A1E0AB391A6}	setup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B02BE2BB-BEE0-7272-6682-5A1E0AB391A6}\InprocServer32	setup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B02BE2BB-BEE0-7272-6682-5A1E0AB391A6}\VersionIndependentProgID	setup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B02BE2BB-BEE0-7272-6682-5A1E0AB391A6}	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho.1.0	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0\ = "Injector 1.0 Type Library"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0\FLAGS	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\ProxyStubClsid32	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\TypeLib\Version = "1.0"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho\CurVer\ = "bhoclass.bho.1.0"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B02BE2BB-BEE0-7272-6682-5A1E0AB391A6}\Programmable	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B02BE2BB-BEE0-7272-6682-5A1E0AB391A6}\InprocServer32	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0\0\win32\ = "C:\\ProgramData\\DownloadnSave\\bhoclass.dll"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\TypeLib\ = "{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\TypeLib	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\TypeLib\ = "{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho\CurVer	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B02BE2BB-BEE0-7272-6682-5A1E0AB391A6}\ = "DownloadnSave Class"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0\FLAGS\ = "0"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0\HELPDIR	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\ = "ILocalStorage"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\ProxyStubClsid32	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\ = "ILocalStorage"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B02BE2BB-BEE0-7272-6682-5A1E0AB391A6}\VersionIndependentProgID\ = "bhoclass.bho"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B02BE2BB-BEE0-7272-6682-5A1E0AB391A6}\InprocServer32\ = "C:\\ProgramData\\DownloadnSave\\bhoclass.dll"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0\0\win32	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\TypeLib\Version = "1.0"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B02BE2BB-BEE0-7272-6682-5A1E0AB391A6}\ProgID	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B02BE2BB-BEE0-7272-6682-5A1E0AB391A6}\VersionIndependentProgID	setup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B02BE2BB-BEE0-7272-6682-5A1E0AB391A6}\ProgID	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\TypeLib	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\TypeLib\ = "{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\TypeLib	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\TypeLib\Version = "1.0"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho.1.0\ = "DownloadnSave"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho\ = "DownloadnSave"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\ProxyStubClsid32	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\ = "IInjectorBHO"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B02BE2BB-BEE0-7272-6682-5A1E0AB391A6}\ProgID\ = "bhoclass.bho.1.0"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B02BE2BB-BEE0-7272-6682-5A1E0AB391A6}\InprocServer32\ThreadingModel = "Apartment"	setup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B02BE2BB-BEE0-7272-6682-5A1E0AB391A6}\Programmable	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	setup.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2528 wrote to memory of 5044	2528	16ab38d59ced6eaef4cea396f5a4fb92_JaffaCakes118.exe	82
PID 2528 wrote to memory of 5044	2528	16ab38d59ced6eaef4cea396f5a4fb92_JaffaCakes118.exe	82
PID 2528 wrote to memory of 5044	2528	16ab38d59ced6eaef4cea396f5a4fb92_JaffaCakes118.exe	82

System policy modification 1 TTPs 2 IoCs

evasion

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{B02BE2BB-BEE0-7272-6682-5A1E0AB391A6} = "1"	setup.exe

C:\Users\Admin\AppData\Local\Temp\16ab38d59ced6eaef4cea396f5a4fb92_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\16ab38d59ced6eaef4cea396f5a4fb92_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2528
- C:\Users\Admin\AppData\Local\Temp\7zS3B44.tmp\setup.exe
  .\setup.exe /s
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Installs/modifies Browser Helper Object
  - Modifies registry class
  - System policy modification
  PID:5044

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Browser Extensions

T1176

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\DownloadnSave\uninstall.exe

Filesize
46KB

MD5
2628f4240552cc3b2ba04ee51078ae0c

SHA1
5b0cca662149240d1fd4354beac1338e97e334ea

SHA256
03c965d0bd9827a978ef4080139533573aa800c9803599c0ce91da48506ad8f6

SHA512
6ecfcc97126373e82f1edab47020979d7706fc2be39ca792e8f30595133cd762cd4a65a246bee9180713e40e61efa373ecfb5eb72501ee18b38f13e32e61793b

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS3B44.tmp\[email protected]\chrome.manifest

Filesize
114B

MD5
52be23488a6a16c7911c2a09c0884fa5

SHA1
fde9ef666413536321c22cd8e3c7cad22ce86e4f

SHA256
650bf75c34c299c07480d76206dee95381623d309931e36b5d6fb75a9cc48646

SHA512
b430f6f07cd9ec5c6a0c9fb10df151d3d6f3805a6d6e2a5a9dacab74af312cd9c23c5b30d5441e93794bcdf8ad0beeeec428fc05a43bc94c6406675abd483262

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS3B44.tmp\[email protected]\content\indexeddb.js

Filesize
1KB

MD5
c445682edb05163c89747c9ec9cf9f4f

SHA1
bb0ad928fa57342a555232d196e0a0cec1350ecf

SHA256
915741b8e1faff00252199082134318853926f4d103882b26b56763172a4db4e

SHA512
e0d9eba53024ce52cbd327f4255e68ac3770362a9c251b18ef49e278c7ca91a24634c705ce3b8788d8887b0103dfcc1913f93319ff1f2fc3f2bd710d3b17a2db

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS3B44.tmp\[email protected]\content\jquery.js

Filesize
91KB

MD5
4bab8348a52d17428f684ad1ec3a427e

SHA1
56c912a8c8561070aee7b9808c5f3b2abec40063

SHA256
3739b485ac39b157caa066b883e4d9d3f74c50beff0b86cd8a24ce407b179a23

SHA512
a693069c66d8316d73a3c01ed9e6a4553c9b92d98b294f0e170cc9f9f5502c814255f5f92b93aeb07e0d6fe4613f9a1d511e1bfd965634f04e6cf18f191a7480

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS3B44.tmp\[email protected]\content\jsext.js

Filesize
6KB

MD5
1d6b3f7c660354b3318df6d414dfff4f

SHA1
bfa6c574f4113b0846593f9c3e73724ea2928438

SHA256
de975c508c14c27d0e26a29bb4b0c422b5762933e0497d6348af04bd4ba0ea3e

SHA512
ee1638555b4a57efdcd7444bbeab3bd97e16ab1213457f74ed6f53f7b5d3d639281ae857bbe9e0c83e228ba5dda064860f611c340bce0632deeeae3e04fece3c

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS3B44.tmp\[email protected]\content\lsdb.js

Filesize
1KB

MD5
194561cd5ae855e53ccd640b1ade952d

SHA1
a60293a9b1dc1f52d571b52a78ffcf0bdab60256

SHA256
080ba0d5134352c042457475f7efbb16fc7bf3cd6508425139bad5cd633da1ea

SHA512
5f9bcafc951ffc7edca0e4b240e588ee93662c8ce8893fcc651ddee700b11a0ae2c6ba6e01a2d7940a27d154f695af76351579336b41ead28e0b488a834dfb10

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS3B44.tmp\[email protected]\content\prfdb.js

Filesize
1KB

MD5
39546fc1800a05814cc6922203d374cd

SHA1
14f57ea1205628cd55b860fbd49597769ab44959

SHA256
29fa1f00fa6ac281a4f50c5929c037a28911495196447cc7e9b676326259815d

SHA512
61eb0953cd7f20238184590f78372b411ee852f1f3f7fa1d12816250ca362f28d6884f71f7310ef9ae76453b9020830ac81cf5ce4d86fa1a3033e53a28a5392d

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS3B44.tmp\[email protected]\content\sqlite.js

Filesize
1KB

MD5
1a576145f694637a8f41bd54d4de98a8

SHA1
ec306dde2545a6c640e33446d861d9148477a2e7

SHA256
c2b8edf4ac079674fbd4862d1d1281071ea5f93fefd6262a5f6f7fb0052542de

SHA512
a021ad4a723fd5c24964e3e4933c84af1030267de202437fa712aee346d3e3c9c34e578eb28d59f6f1b9b40250c3b4060bfdeb29e210f9672b3e570930424391

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS3B44.tmp\[email protected]\content\wx.xul

Filesize
228B

MD5
03e331f6bc4af0b031cb623eb06eb749

SHA1
9de7038465b8ccfc2dc8676ad54d6a5f4dbeaf5e

SHA256
40e525cd6f977e6accf41a9391ecbab8a893fa88e5407cdb041b00657b939d75

SHA512
a6114aba1d5bf9d79db4c6574a657398c2e6de8bf611d26beab805d897ef9c13b1f02ed5bc18d874bfd6c32385d6b3b77da04c11c0da1f2d93a6c6195278e4b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS3B44.tmp\[email protected]\install.rdf

Filesize
683B

MD5
a0391fd859bb5532d8df68b702a8e56c

SHA1
9db041c042249b4acc3a56f237d2013d7a92bfbd

SHA256
a277aca09c079708af754e5d515be29aa72dd1635be1b91c9b98993f1cae0c2c

SHA512
187683aaa49bb1ff29b585733cbc50dc758118e87f410e27f1aa932581d3121c53dfbe5d50ae49bc70422c2c58d80b64201f3c7391e54033d685fb2b928706a6

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS3B44.tmp\background.html

Filesize
5KB

MD5
b8f79542a4af721267264b8b532841cb

SHA1
c62c6bf693ac110ba19e2fb89d52dab1d802de01

SHA256
251a28043f6e5ea71829a22a27aa509a30cce27c0e5bbf9f8359d8a98f4ccd3d

SHA512
8efe123cce733456e07cc32efde88dc9e4c09ff23315bd5590ef7a254be4cee3f5eca75bad5b24293295398200bd7e6d71921533e36f7f63f8442a61a42ba36e

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS3B44.tmp\bhoclass.dll

Filesize
139KB

MD5
4b35f6c1f932f52fa9901fbc47b432df

SHA1
8e842bf068b04f36475a3bf86c5ea6a9839bbb5e

SHA256
2b4d643a8a14f060bf3885f872b36e5e1fe1e777ad94783ba9593487c8e1f196

SHA512
8716b9a8e46933bf29348254a68d1a21392bdbbe3b4d5010e55fe638d02cc04eb685e424d440f7c5b58ffbca82e5772dd95bef73fa831595c2ae9599f3b05a99

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS3B44.tmp\content.js

Filesize
387B

MD5
eee1153a5e21c1f09e0f59eab4af7ce2

SHA1
a546e9ac11c11fb1cec1a346aa5dce18906c45b5

SHA256
5dc1f11f291c24a4045fec6d50ad45cc59c414490846904b03b2f7be5eacf745

SHA512
9067a47255097f2445d4bd5996a5e6de0e7b0318422623557864ae228124e113d5a76a0bdcc1703604e4397ae310e27c829e4bff6c67765e0b5b2ae2c245d27b

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS3B44.tmp\hmlhloljkipkadoagilogbcghkkhhdff.crx

Filesize
3KB

MD5
281c91e4d9cc77eb4d75c2597d5e23e7

SHA1
f0368161340194026ab8e39e75e6d829b4a7ed7c

SHA256
37330c59a2e46f2cecf3cd4c088f1e056694a4c97a8ac12c69e5fe67a6f0f74f

SHA512
22483079a02d145a5626a567429e5a95fbba242d3b33b5482e9304e2f099fd94955029cb859fb3e61c1322bde11891a25785d467a8d3426e62aa982a59eb36ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS3B44.tmp\settings.ini

Filesize
675B

MD5
2987d296673d144c29022c113dfb0de7

SHA1
eaa5d6cf3178ced610ad4a72579b75d37f9bead8

SHA256
3d5a8a151a5f4d88555f96d2d80d03c7bac49cb2b70e7cb868749d8a0cddcf34

SHA512
2bf29b6ce11c0b9630926a82dab055fdad7d5d4d9867d02f10cc6925533a08bbe6d6f143d9d7453984a1b05a5c890f03ef196bedfc5bd387f2f86caac46c3fa0

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS3B44.tmp\setup.exe

Filesize
61KB

MD5
201d2311011ffdf6c762fd46cdeb52ab

SHA1
65c474ca42a337745e288be0e21f43ceaafd5efe

SHA256
15c0e4fd6091cda70fa308ea5ee956996f6eb23d24e44700bd5c74bf111cf2aa

SHA512
235d70114f391d9e7a319d94bdfc49665d147723379de7487ef76cfc968f7faa3191153b32ba1ab466caeeeeef4852381529a168c3acca9a8d5a26dfe0436f6b

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads