95238a13c254a07d3002679e9c6c9454bd02e78f8f6fc0e1c17a4723a9dd9249

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
04-07-2024 05:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

24bc095d85bbfe947df8db27b7648b0b_JaffaCakes118.exe
Size

252KB
MD5

24bc095d85bbfe947df8db27b7648b0b
SHA1

1f841afe0d302a91fc11e089c8b06dd991db780b
SHA256

95238a13c254a07d3002679e9c6c9454bd02e78f8f6fc0e1c17a4723a9dd9249
SHA512

a720a700c946ee831d386eb71045222220a5020ad31c01b4a9deee483d59d4a25c025cb93a67d13b2aaf7b6be5c860d088fb5392a8968bbd82db3862cb2cdf33
SSDEEP

6144:91OgDPdkBAFZWjadD4se2wY7bAkEWJecG:91OgLdax2T70kHJjG

Score

7^/10

adware discovery spyware stealer

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1256	setup.exe

Loads dropped DLL 1 IoCs

pid	Process
1256	setup.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Installs/modifies Browser Helper Object 2 TTPs 4 IoCs

BHOs are DLL modules which act as plugins for Internet Explorer.

stealer adware

Modify Registry

T1112

Browser Extensions

T1176

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{322B9D04-4BDD-3766-92D0-4624530A6B08}	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{322B9D04-4BDD-3766-92D0-4624530A6B08}\ = "wxDfast"	setup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{322B9D04-4BDD-3766-92D0-4624530A6B08}\NoExplorer = "1"	setup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{322B9D04-4BDD-3766-92D0-4624530A6B08}	setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

NSIS installer 4 IoCs

installer

resource	yara_rule
behavioral2/files/0x0007000000023570-23.dat	nsis_installer_1
behavioral2/files/0x0007000000023570-23.dat	nsis_installer_2
behavioral2/files/0x0007000000023586-80.dat	nsis_installer_1
behavioral2/files/0x0007000000023586-80.dat	nsis_installer_2

Modifies registry class 63 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\TypeLib\Version = "1.0"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\ = "IInjectorBHO"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho\CurVer\ = "bhoclass.bho.1.0"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{322B9D04-4BDD-3766-92D0-4624530A6B08}\Programmable	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0\0\win32	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\ = "IInjectorBHO"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\ = "ILocalStorage"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\TypeLib	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho\CLSID	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0\HELPDIR	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\TypeLib\ = "{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho.1.0\CLSID\ = "{322B9D04-4BDD-3766-92D0-4624530A6B08}"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}	setup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{322B9D04-4BDD-3766-92D0-4624530A6B08}\Programmable	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0\FLAGS\ = "0"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\TypeLib\Version = "1.0"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho.1.0\CLSID	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0\0\win32\ = "C:\\ProgramData\\wxDfast\\bhoclass.dll"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\ = "ILocalStorage"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho.1.0	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0\FLAGS	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\ProxyStubClsid32	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\TypeLib\ = "{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\ProxyStubClsid32	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\TypeLib	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho.1.0\ = "wxDfast"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\TypeLib\Version = "1.0"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0\ = "Injector 1.0 Type Library"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0\0	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0\HELPDIR\ = "C:\\ProgramData\\wxDfast"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{322B9D04-4BDD-3766-92D0-4624530A6B08}\ = "wxDfast Class"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\TypeLib\ = "{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}"	setup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{322B9D04-4BDD-3766-92D0-4624530A6B08}\VersionIndependentProgID	setup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{322B9D04-4BDD-3766-92D0-4624530A6B08}\InprocServer32	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho\ = "wxDfast"	setup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{322B9D04-4BDD-3766-92D0-4624530A6B08}	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{322B9D04-4BDD-3766-92D0-4624530A6B08}\InprocServer32\ = "C:\\ProgramData\\wxDfast\\bhoclass.dll"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{322B9D04-4BDD-3766-92D0-4624530A6B08}\VersionIndependentProgID\ = "bhoclass.bho"	setup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{322B9D04-4BDD-3766-92D0-4624530A6B08}\ProgID	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\ProxyStubClsid32	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho\CurVer	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{322B9D04-4BDD-3766-92D0-4624530A6B08}\VersionIndependentProgID	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{322B9D04-4BDD-3766-92D0-4624530A6B08}\InprocServer32\ThreadingModel = "Apartment"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\TypeLib	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\TypeLib\Version = "1.0"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\TypeLib	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{322B9D04-4BDD-3766-92D0-4624530A6B08}\ProgID	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{322B9D04-4BDD-3766-92D0-4624530A6B08}\ProgID\ = "bhoclass.bho.1.0"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\ProxyStubClsid32	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{322B9D04-4BDD-3766-92D0-4624530A6B08}	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{322B9D04-4BDD-3766-92D0-4624530A6B08}\InprocServer32	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\TypeLib\ = "{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho\CLSID\ = "{322B9D04-4BDD-3766-92D0-4624530A6B08}"	setup.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2308 wrote to memory of 1256	2308	24bc095d85bbfe947df8db27b7648b0b_JaffaCakes118.exe	83
PID 2308 wrote to memory of 1256	2308	24bc095d85bbfe947df8db27b7648b0b_JaffaCakes118.exe	83
PID 2308 wrote to memory of 1256	2308	24bc095d85bbfe947df8db27b7648b0b_JaffaCakes118.exe	83

System policy modification 1 TTPs 2 IoCs

evasion

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{322B9D04-4BDD-3766-92D0-4624530A6B08} = "1"	setup.exe

C:\Users\Admin\AppData\Local\Temp\24bc095d85bbfe947df8db27b7648b0b_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\24bc095d85bbfe947df8db27b7648b0b_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2308
- C:\Users\Admin\AppData\Local\Temp\7zS3D18.tmp\setup.exe
  .\setup.exe /s
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Installs/modifies Browser Helper Object
  - Modifies registry class
  - System policy modification
  PID:1256

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Browser Extensions

T1176

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\wxDfast\uninstall.exe

Filesize
46KB

MD5
8be20144dbd200c6de0c9430ed9280cf

SHA1
b81e3aacaaedd66ef0896acabc6983c94758e2b4

SHA256
634557ab79a29fe800721bc5f146a9b86799b72eb6755e821492f85ca66818a6

SHA512
fd7db954002be6332c8c6f4500fc38c1d5286022bb56f21b97567e837ee3d5a3c6db08cabcd2ffe405e7180918d6bb0b57b330703a9d045851901d01115ff94e

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS3D18.tmp\[email protected]\bootstrap.js

Filesize
2KB

MD5
b9165e81934c746e3a33afc6bde86143

SHA1
ce38f37d26d5fa6309f4d42cbf470bc4a884b100

SHA256
3edbe3448cc74e7862db06fb08a8250c044a6aadbbea35a365560080eaaa3624

SHA512
fab8731e561554bf3ac4a32950a4111d3bca7d9223727ed6eccca598777bd697606a11f658eae3d28f6dae16faf40fda7387d0e25cd8f3cb750c871f77178bc8

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS3D18.tmp\[email protected]\chrome.manifest

Filesize
116B

MD5
3c4ee09ae154714f3b4f68411f0b0c21

SHA1
449ea877982a4a5c3038d3f911c4a701d4d41936

SHA256
d1d495a4a9da8a44ba79a8c72d874ca324a5925de97db50ce6ded085b3941957

SHA512
4d2b03f0f93c3c2807f0aae177975dba3575f21be86f0310f8e6eee6e7e1d9ec7ddbad25423a3d47c38766d7e9a179d917ce17659cdbca576a0b4af65959ef1f

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS3D18.tmp\[email protected]\content\bg.js

Filesize
8KB

MD5
1674b0f3ba41ce0a24525a53ef4e7b09

SHA1
095c7ef4a59fe6336bfd7d98cad58fcfaed5dcc3

SHA256
4044dc09a625f3f385ab858485b0782621dbbf739055735f194dec4ce4522bc3

SHA512
109e16d9eb91da8fab54477e8e7e3b9ba58729210a04b95a59aa4066241c70f724906ba45599e5e46b1d670f0d281bb4061ee65f5d2612aa8e4d3f3ea2f63908

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS3D18.tmp\[email protected]\content\zy.xul

Filesize
225B

MD5
2a799312663cec7cf9b031124a8a84fb

SHA1
f5a8177a04e372f72c63319df75bb50d9d3aac34

SHA256
0e43278247884745ea407f96fd6ad4ac2f5506550d9cd8a7025e5c0f3c2e7944

SHA512
31a81cc5d36d6994eb3b187ee83a19aacaa7b0ad13b7901439cbb2ab7b4379aaef09ee5d19ab12a64db47c861c61ebf5cf39be51f2379c556eb27c9fa413d3a1

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS3D18.tmp\[email protected]\install.rdf

Filesize
714B

MD5
abf7a733158ad7d8d7a9ef3b88f7bf27

SHA1
350e6fbb9f4ed791c1b3c695b430510388a76c03

SHA256
61be80e1d9e08999697bf9514d6278efc09b51676e93bec96ea57b81b6e3df14

SHA512
6f81aac15510067720039e8dc4212c38e170d5ad1229761a098f5c2031cc797506ecc328c649b40533f4ffa2e3aa710a6c13cc840175586b0bf3e2b9651497ef

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS3D18.tmp\background.html

Filesize
4KB

MD5
fbc914428e292eb32e330784ec2be055

SHA1
923f466b5c022359356d4923c422f06c7d4fad6a

SHA256
89ec09138684d118a177090f83543b83cd7ebe15e80cf51de46ffe0c44037197

SHA512
5234e4c8c945bcdbb899513bda58c57651bd544342513292f29ec34fbf2706a955d7abc530a563826bef7531646ba4b0815ee5db83da26840be907dbd27edad6

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS3D18.tmp\bhoclass.dll

Filesize
139KB

MD5
4b35f6c1f932f52fa9901fbc47b432df

SHA1
8e842bf068b04f36475a3bf86c5ea6a9839bbb5e

SHA256
2b4d643a8a14f060bf3885f872b36e5e1fe1e777ad94783ba9593487c8e1f196

SHA512
8716b9a8e46933bf29348254a68d1a21392bdbbe3b4d5010e55fe638d02cc04eb685e424d440f7c5b58ffbca82e5772dd95bef73fa831595c2ae9599f3b05a99

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS3D18.tmp\content.js

Filesize
385B

MD5
2f37c5103d46140bfccbf6d2dbf54413

SHA1
407dfd56c1e1ddf4ac7d6776894631a070264947

SHA256
38940b0b4cf2751cef1d56ea5351e3237971a0a42db5daf16ed425e3fd9ff119

SHA512
b6d243e91135d2ae4addbf6823b844dcda47c0eae74284e4d01ffd2bcdded8b867c6f4dcb55db8296bbd8639585ab2ed5cd62e9525a93de894cfebfe85d2eb78

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS3D18.tmp\oppblbnaminegepclgolkgnkpaconnji.crx

Filesize
3KB

MD5
e5608961a45fbc8790982fb6eee52b2c

SHA1
548554f760b0304a6efcbac89c844db23b50f572

SHA256
8bde9381c6d51fc1781eed6d8b07dea9edc88d4786cdbe9ac2548b3cf7111ed6

SHA512
b35a5fffc5ede9a38602b3108ff58144d141d6330056355b4cbcf2603469fc8f28ca85bdfd2f2faf5caac683770ff11864846547b45656a97b9dd8f2f2face94

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS3D18.tmp\settings.ini

Filesize
656B

MD5
e703b68fa477d2de71d2d284516a3e09

SHA1
6fb66b7e7d8fc155000e1d538cf93baf2535448e

SHA256
fa60a8aa4ce867e83e541779800eeaf3c7eecab032f9079fe0bb573209341c64

SHA512
8490ce1927cf82bb1113bb19c28ae3bfcdb73eab8c471443a8d7bff082cab7daa3befca68907ad671e4f5e066057856107cccb45d686a81460ccf81eb9a81093

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS3D18.tmp\setup.exe

Filesize
61KB

MD5
16ef6e914973925977cdc5ef6b8b2565

SHA1
4815da2815975b33f5dc94d482e6dbc02588afa6

SHA256
6b9a2b64b90799f1d50458dc38fb4e9e13a8abb37210c8f5d9eeedae84c6912f

SHA512
c74f0e17878c4598b626edb5e75e7ee098b71c0c26454ba709e2ea438517670ce11abf7d909470e6c935a21d0413c0d14b29960af9bd6a423e3261789a35b059

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads