84a05ee7f116ce811fdb13f70056dca5c0daed0e495d0835d8ad9a847dbaa9a1

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
08-07-2024 20:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2daab4163f0d5768c86e7a55c76a525f_JaffaCakes118.exe
Size

252KB
MD5

2daab4163f0d5768c86e7a55c76a525f
SHA1

25a023aa653386fadb59a5399b3e32fa15b1baee
SHA256

84a05ee7f116ce811fdb13f70056dca5c0daed0e495d0835d8ad9a847dbaa9a1
SHA512

45719f562c70e6fc0257c3f4b4772d174a55787da8ca15b733aefc97aaef599ddd0549b00dc06c0c429bd920688b8df638d464fcafe47035b95f0190bdbae8fa
SSDEEP

6144:91OgDPdkBAFZWjadD4sL9LWkovkiqE5+e2aBsE:91OgLda4ZnovxqEQESE

Score

7^/10

adware discovery spyware stealer

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1412	setup.exe

Loads dropped DLL 6 IoCs

pid	Process
1604	2daab4163f0d5768c86e7a55c76a525f_JaffaCakes118.exe
1412	setup.exe
1412	setup.exe
1412	setup.exe
1412	setup.exe
1412	setup.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Installs/modifies Browser Helper Object 2 TTPs 4 IoCs

BHOs are DLL modules which act as plugins for Internet Explorer.

stealer adware

Modify Registry

T1112

Browser Extensions

T1176

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{0D1EFA67-C15B-9004-1FEA-47439B6463E4}	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{0D1EFA67-C15B-9004-1FEA-47439B6463E4}\ = "wxDfast"	setup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{0D1EFA67-C15B-9004-1FEA-47439B6463E4}\NoExplorer = "1"	setup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{0D1EFA67-C15B-9004-1FEA-47439B6463E4}	setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

NSIS installer 4 IoCs

installer

resource	yara_rule
behavioral1/files/0x00050000000194e5-22.dat	nsis_installer_1
behavioral1/files/0x00050000000194e5-22.dat	nsis_installer_2
behavioral1/files/0x000500000001970b-79.dat	nsis_installer_1
behavioral1/files/0x000500000001970b-79.dat	nsis_installer_2

Modifies registry class 63 IoCs

description	ioc	Process
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0D1EFA67-C15B-9004-1FEA-47439B6463E4}\VersionIndependentProgID	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0\ = "Injector 1.0 Type Library"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\TypeLib\ = "{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0D1EFA67-C15B-9004-1FEA-47439B6463E4}\InprocServer32\ThreadingModel = "Apartment"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0\0\win32\ = "C:\\ProgramData\\wxDfast\\bhoclass.dll"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\ProxyStubClsid32	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0D1EFA67-C15B-9004-1FEA-47439B6463E4}\VersionIndependentProgID\ = "bhoclass.bho"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0\0	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\ = "IInjectorBHO"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\TypeLib\Version = "1.0"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0D1EFA67-C15B-9004-1FEA-47439B6463E4}\ProgID	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0\FLAGS	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\TypeLib\ = "{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\TypeLib	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho.1.0\ = "wxDfast"	setup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0D1EFA67-C15B-9004-1FEA-47439B6463E4}\Programmable	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\TypeLib	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\TypeLib\Version = "1.0"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\ = "ILocalStorage"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho\CLSID	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\TypeLib	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0D1EFA67-C15B-9004-1FEA-47439B6463E4}\InprocServer32	setup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0D1EFA67-C15B-9004-1FEA-47439B6463E4}	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho\CurVer	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0\0\win32	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\TypeLib\Version = "1.0"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\TypeLib\Version = "1.0"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0D1EFA67-C15B-9004-1FEA-47439B6463E4}\Programmable	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0D1EFA67-C15B-9004-1FEA-47439B6463E4}\ = "wxDfast Class"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\TypeLib\ = "{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho\CLSID\ = "{0D1EFA67-C15B-9004-1FEA-47439B6463E4}"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0D1EFA67-C15B-9004-1FEA-47439B6463E4}\InprocServer32\ = "C:\\ProgramData\\wxDfast\\bhoclass.dll"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0\HELPDIR\ = "C:\\ProgramData\\wxDfast"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0D1EFA67-C15B-9004-1FEA-47439B6463E4}\VersionIndependentProgID	setup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0D1EFA67-C15B-9004-1FEA-47439B6463E4}\InprocServer32	setup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0D1EFA67-C15B-9004-1FEA-47439B6463E4}\ProgID	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0\HELPDIR	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\ProxyStubClsid32	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\ProxyStubClsid32	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho.1.0\CLSID\ = "{0D1EFA67-C15B-9004-1FEA-47439B6463E4}"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0D1EFA67-C15B-9004-1FEA-47439B6463E4}\ProgID\ = "bhoclass.bho.1.0"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\ = "IInjectorBHO"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\TypeLib\ = "{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho\ = "wxDfast"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\ProxyStubClsid32	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho.1.0\CLSID	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\TypeLib	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\ = "ILocalStorage"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho\CurVer\ = "bhoclass.bho.1.0"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0\FLAGS\ = "0"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho.1.0	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0D1EFA67-C15B-9004-1FEA-47439B6463E4}	setup.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1604 wrote to memory of 1412	1604	2daab4163f0d5768c86e7a55c76a525f_JaffaCakes118.exe	30
PID 1604 wrote to memory of 1412	1604	2daab4163f0d5768c86e7a55c76a525f_JaffaCakes118.exe	30
PID 1604 wrote to memory of 1412	1604	2daab4163f0d5768c86e7a55c76a525f_JaffaCakes118.exe	30
PID 1604 wrote to memory of 1412	1604	2daab4163f0d5768c86e7a55c76a525f_JaffaCakes118.exe	30
PID 1604 wrote to memory of 1412	1604	2daab4163f0d5768c86e7a55c76a525f_JaffaCakes118.exe	30
PID 1604 wrote to memory of 1412	1604	2daab4163f0d5768c86e7a55c76a525f_JaffaCakes118.exe	30
PID 1604 wrote to memory of 1412	1604	2daab4163f0d5768c86e7a55c76a525f_JaffaCakes118.exe	30

System policy modification 1 TTPs 2 IoCs

evasion

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{0D1EFA67-C15B-9004-1FEA-47439B6463E4} = "1"	setup.exe

C:\Users\Admin\AppData\Local\Temp\2daab4163f0d5768c86e7a55c76a525f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\2daab4163f0d5768c86e7a55c76a525f_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1604
- C:\Users\Admin\AppData\Local\Temp\7zSA0F1.tmp\setup.exe
  .\setup.exe /s
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Installs/modifies Browser Helper Object
  - Modifies registry class
  - System policy modification
  PID:1412

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Browser Extensions

T1176

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\wxDfast\uninstall.exe

Filesize
46KB

MD5
8be20144dbd200c6de0c9430ed9280cf

SHA1
b81e3aacaaedd66ef0896acabc6983c94758e2b4

SHA256
634557ab79a29fe800721bc5f146a9b86799b72eb6755e821492f85ca66818a6

SHA512
fd7db954002be6332c8c6f4500fc38c1d5286022bb56f21b97567e837ee3d5a3c6db08cabcd2ffe405e7180918d6bb0b57b330703a9d045851901d01115ff94e

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSA0F1.tmp\[email protected]\bootstrap.js

Filesize
2KB

MD5
b9165e81934c746e3a33afc6bde86143

SHA1
ce38f37d26d5fa6309f4d42cbf470bc4a884b100

SHA256
3edbe3448cc74e7862db06fb08a8250c044a6aadbbea35a365560080eaaa3624

SHA512
fab8731e561554bf3ac4a32950a4111d3bca7d9223727ed6eccca598777bd697606a11f658eae3d28f6dae16faf40fda7387d0e25cd8f3cb750c871f77178bc8

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSA0F1.tmp\[email protected]\chrome.manifest

Filesize
116B

MD5
28ffbc843b50a797b9b8d32cdc7f6372

SHA1
2b6d0935eb411e2426573dbe756b8b09a9dfb29b

SHA256
9a6aec58de52cf3111b0ebfe1be9f354b62973583d0994531b52c93b6aadcd5a

SHA512
bcf14486ac194b471e22db26b4a310b36f4688cb6f756f8114e327cb9d72e3ba8a051a297ab95d3337bbd73f933017b3243368a8d7354fb0edb12bb1425428d4

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSA0F1.tmp\[email protected]\content\bg.js

Filesize
8KB

MD5
be2768e54d9cdc039c3c54bed9b6b671

SHA1
2f4e02bc1ae7e2a74b0439e4b8d140710ea7b54f

SHA256
d84c931fe482837ede51990a6d9887c92964650700773bae8de20745c1d0a0d9

SHA512
e165a02a2d928999d46f6d78148698e180937946c4dd7258216869bd75fe86d575dc4abaef0128f60847caab32781734bd68f45a3a1b9406090751797ba7c0df

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSA0F1.tmp\[email protected]\content\zy.xul

Filesize
225B

MD5
236105ff0e16fa616c6484d8d48c68b2

SHA1
7f5c98ce2df5de205447ed3c909e77ddceb1a410

SHA256
1314da3f98036c05b674d1496f36865ad81c00aeea781b289e490d99e2aa4b75

SHA512
bbc3bb8b5b693c407fdcf4aeae6f3a8c02f79e0228266d638cc7d12d386d7ee46a052bd069e61737d852ac65e48a4c840bf21cccddb8d16caf2bd9d872ca51bd

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSA0F1.tmp\[email protected]\install.rdf

Filesize
714B

MD5
f16ccd3ad24186928e2cdbee161e27b4

SHA1
d89fe8c809698a27749709c6373e4a40140e5279

SHA256
e9439c90657eb01c2413b786da323931326d19d1810bcc8577ad92ae81ecc704

SHA512
c33048b1dcf5c5a064436e7819046e0afe353d527a7357c52da70a12c765823545e9dd877d159b515b7fde78b7b5dbeb00fbc1043be054cd5e0b6753a7fc8315

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSA0F1.tmp\background.html

Filesize
4KB

MD5
6f841cb89bd4753424fd3d1c7af2afa2

SHA1
169cabce0e9256f7d57f8ca15eab1fe14924fbcc

SHA256
e2c3565d90f37ac2400756b7037b3235925b0a1635787bce337bbd95130c7358

SHA512
42c9654f57d2b6d9526a045bc3ce001996d8fda1ff23d5e892a7e2225b768d619bae478e6f64ca0696c8872d227c07df59cd197c497a21d9f9d16528b94776c9

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSA0F1.tmp\bhoclass.dll

Filesize
139KB

MD5
4b35f6c1f932f52fa9901fbc47b432df

SHA1
8e842bf068b04f36475a3bf86c5ea6a9839bbb5e

SHA256
2b4d643a8a14f060bf3885f872b36e5e1fe1e777ad94783ba9593487c8e1f196

SHA512
8716b9a8e46933bf29348254a68d1a21392bdbbe3b4d5010e55fe638d02cc04eb685e424d440f7c5b58ffbca82e5772dd95bef73fa831595c2ae9599f3b05a99

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSA0F1.tmp\content.js

Filesize
386B

MD5
93c5fbe6d6302ba7887b6317e5cbc763

SHA1
a911cf96a227bdb0178a570609015ab2ca8cf0b8

SHA256
d8f1e33981f3dbba02b63f08b359b38397d3974010668cff2d45a976985cad90

SHA512
fcf9bdb51cc9e45068fd74784ea9b819ac84152cc80b10e97b425029dec18dff0f01705ed53555400c9d1a4b620d61f09c158a72e637c13b29efd5da7b29ccf3

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSA0F1.tmp\gegopagafhcnmphamdhabpchoehmophe.crx

Filesize
3KB

MD5
837e3caf7601488a1c525f4532a5ebf5

SHA1
8856d0e53bd481331511f4f1f5acefd4999fadc3

SHA256
43bc9e0c3bc00044b334fd9ba89d54b66919dece4e564158ffdf256a62d94b2c

SHA512
84689a8e233a5caec4085fc4f9e9eb7156d64e8565201151618a3d8b86aafb3b14a762e386d08d1464fdbc3734e51e9075f99fbc5930b418c8b82f5f71878ae9

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSA0F1.tmp\settings.ini

Filesize
656B

MD5
666e557f9caf77590dc04a95ac6e5ec6

SHA1
1d511d496f604fadb057559c4420fad47820039c

SHA256
27e3cb4c9c51e444c9779ba8db95d9e4fddc473dd2a772e00262fe67606329dd

SHA512
bcba21a54ac7fe1f10834b97b0957bd587a98ec8078ec45e857e771426525aae097407a6ea43ce6c7b9e2cea1a953ec0ccc3d078aa05cf03494787fbedad16e0

Download Submit
\Users\Admin\AppData\Local\Temp\7zSA0F1.tmp\setup.exe

Filesize
61KB

MD5
16ef6e914973925977cdc5ef6b8b2565

SHA1
4815da2815975b33f5dc94d482e6dbc02588afa6

SHA256
6b9a2b64b90799f1d50458dc38fb4e9e13a8abb37210c8f5d9eeedae84c6912f

SHA512
c74f0e17878c4598b626edb5e75e7ee098b71c0c26454ba709e2ea438517670ce11abf7d909470e6c935a21d0413c0d14b29960af9bd6a423e3261789a35b059

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads