3f32163494234820be894729a3aa6cd433f228e8188ad295bed3deb9dd03ae1e

Analysis

max time kernel
121s
max time network
123s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
10-07-2024 02:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

32e2d96bb50973d44cafef01ddad65d9_JaffaCakes118.exe
Size

252KB
MD5

32e2d96bb50973d44cafef01ddad65d9
SHA1

86f15fd4baf644d191ad9ddfc83f9a828fc799cf
SHA256

3f32163494234820be894729a3aa6cd433f228e8188ad295bed3deb9dd03ae1e
SHA512

1a8fd9aad26ecfd901496387f38a50a50e1d3051a131c4d779e94837334ef2350c3cb9ede7b1b40b02e84885737f6ab94f98d17ea7113aa7f2ec74b3a1298467
SSDEEP

6144:91OgDPdkBAFZWjadD4s5Im3MuSZhp1ykTExpcTvtPK:91OgLda+I8MrDfT5PK

Score

7^/10

adware discovery spyware stealer

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1808	setup.exe

Loads dropped DLL 6 IoCs

pid	Process
2548	32e2d96bb50973d44cafef01ddad65d9_JaffaCakes118.exe
1808	setup.exe
1808	setup.exe
1808	setup.exe
1808	setup.exe
1808	setup.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Installs/modifies Browser Helper Object 2 TTPs 4 IoCs

BHOs are DLL modules which act as plugins for Internet Explorer.

stealer adware

Modify Registry

T1112

Browser Extensions

T1176

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{03CA9774-98F7-1DBC-556E-D7451A7D9389}	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{03CA9774-98F7-1DBC-556E-D7451A7D9389}\ = "ADDICT-THING"	setup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{03CA9774-98F7-1DBC-556E-D7451A7D9389}\NoExplorer = "1"	setup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{03CA9774-98F7-1DBC-556E-D7451A7D9389}	setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

NSIS installer 4 IoCs

installer

resource	yara_rule
behavioral1/files/0x00060000000174af-22.dat	nsis_installer_1
behavioral1/files/0x00060000000174af-22.dat	nsis_installer_2
behavioral1/files/0x0005000000019361-79.dat	nsis_installer_1
behavioral1/files/0x0005000000019361-79.dat	nsis_installer_2

Modifies registry class 63 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0\HELPDIR	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\TypeLib	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{03CA9774-98F7-1DBC-556E-D7451A7D9389}	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0\0\win32	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{03CA9774-98F7-1DBC-556E-D7451A7D9389}\Programmable	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\ProxyStubClsid32	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\TypeLib\Version = "1.0"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\ = "IInjectorBHO"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\ProxyStubClsid32	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{03CA9774-98F7-1DBC-556E-D7451A7D9389}\VersionIndependentProgID	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho\CLSID	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{03CA9774-98F7-1DBC-556E-D7451A7D9389}\VersionIndependentProgID\ = "bhoclass.bho"	setup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{03CA9774-98F7-1DBC-556E-D7451A7D9389}\ProgID	setup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{03CA9774-98F7-1DBC-556E-D7451A7D9389}\Programmable	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0\HELPDIR\ = "C:\\ProgramData\\ADDICT-THING"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho.1.0\CLSID\ = "{03CA9774-98F7-1DBC-556E-D7451A7D9389}"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\ = "IInjectorBHO"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\ = "ILocalStorage"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{03CA9774-98F7-1DBC-556E-D7451A7D9389}\ProgID	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{03CA9774-98F7-1DBC-556E-D7451A7D9389}\InprocServer32	setup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{03CA9774-98F7-1DBC-556E-D7451A7D9389}\VersionIndependentProgID	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0\0\win32\ = "C:\\ProgramData\\ADDICT-THING\\bhoclass.dll"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\TypeLib\ = "{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho\CLSID\ = "{03CA9774-98F7-1DBC-556E-D7451A7D9389}"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\ProxyStubClsid32	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{03CA9774-98F7-1DBC-556E-D7451A7D9389}\InprocServer32\ = "C:\\ProgramData\\ADDICT-THING\\bhoclass.dll"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho\CurVer\ = "bhoclass.bho.1.0"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{03CA9774-98F7-1DBC-556E-D7451A7D9389}\ = "ADDICT-THING Class"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0\FLAGS	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\ProxyStubClsid32	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\TypeLib\Version = "1.0"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho\ = "ADDICT-THING"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\TypeLib	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0\FLAGS\ = "0"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\TypeLib\ = "{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\TypeLib\Version = "1.0"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\TypeLib\ = "{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{03CA9774-98F7-1DBC-556E-D7451A7D9389}\ProgID\ = "bhoclass.bho.1.0"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0\ = "Injector 1.0 Type Library"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\ = "ILocalStorage"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho.1.0	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\TypeLib	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho.1.0\CLSID	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{03CA9774-98F7-1DBC-556E-D7451A7D9389}\InprocServer32\ThreadingModel = "Apartment"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\TypeLib\ = "{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho\CurVer	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0\0	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\TypeLib\Version = "1.0"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\TypeLib	setup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{03CA9774-98F7-1DBC-556E-D7451A7D9389}\InprocServer32	setup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{03CA9774-98F7-1DBC-556E-D7451A7D9389}	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho.1.0\ = "ADDICT-THING"	setup.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2548 wrote to memory of 1808	2548	32e2d96bb50973d44cafef01ddad65d9_JaffaCakes118.exe	30
PID 2548 wrote to memory of 1808	2548	32e2d96bb50973d44cafef01ddad65d9_JaffaCakes118.exe	30
PID 2548 wrote to memory of 1808	2548	32e2d96bb50973d44cafef01ddad65d9_JaffaCakes118.exe	30
PID 2548 wrote to memory of 1808	2548	32e2d96bb50973d44cafef01ddad65d9_JaffaCakes118.exe	30
PID 2548 wrote to memory of 1808	2548	32e2d96bb50973d44cafef01ddad65d9_JaffaCakes118.exe	30
PID 2548 wrote to memory of 1808	2548	32e2d96bb50973d44cafef01ddad65d9_JaffaCakes118.exe	30
PID 2548 wrote to memory of 1808	2548	32e2d96bb50973d44cafef01ddad65d9_JaffaCakes118.exe	30

System policy modification 1 TTPs 2 IoCs

evasion

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{03CA9774-98F7-1DBC-556E-D7451A7D9389} = "1"	setup.exe

C:\Users\Admin\AppData\Local\Temp\32e2d96bb50973d44cafef01ddad65d9_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\32e2d96bb50973d44cafef01ddad65d9_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2548
- C:\Users\Admin\AppData\Local\Temp\7zSA64D.tmp\setup.exe
  .\setup.exe /s
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Installs/modifies Browser Helper Object
  - Modifies registry class
  - System policy modification
  PID:1808

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Browser Extensions

T1176

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\ADDICT-THING\uninstall.exe

Filesize
46KB

MD5
8be20144dbd200c6de0c9430ed9280cf

SHA1
b81e3aacaaedd66ef0896acabc6983c94758e2b4

SHA256
634557ab79a29fe800721bc5f146a9b86799b72eb6755e821492f85ca66818a6

SHA512
fd7db954002be6332c8c6f4500fc38c1d5286022bb56f21b97567e837ee3d5a3c6db08cabcd2ffe405e7180918d6bb0b57b330703a9d045851901d01115ff94e

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSA64D.tmp\[email protected]\bootstrap.js

Filesize
2KB

MD5
f0ded83c97e0190109bc35e59c3a86a3

SHA1
8ba0d099b3ae07ed479f45000f422f78a579254f

SHA256
9301e5cd5c9018835f5656cdbc01e62968d2cdc305f4230fdd2b12e256463484

SHA512
6a437fc06c2db07568606e8a9561f51e6d038d8afb2c05608167e42c5c134290d96a8be80851b01175e579f07685dc49ac1921f497f2f384670ccb24a1cbbb52

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSA64D.tmp\[email protected]\chrome.manifest

Filesize
116B

MD5
a22a8a089601ede9411991bfb3de8029

SHA1
ad1ac25e24e77eb498571cdcb7547b9474e30ea6

SHA256
43112dc9864773f6675788c48c425abe8ebc5fa6e522cafcc9bb7234a1b5506b

SHA512
a2c6e94a3c81edbaad222e9eaafd81c1df6ab39180728ce878cb0222acd8b60073180770cad9ac343c6eac2df7fbf62cc1f1d385ccb9d9ddc19c33ca64940d46

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSA64D.tmp\[email protected]\content\bg.js

Filesize
8KB

MD5
29c549e2d3c38db0bd2fdf04e9ac4e97

SHA1
30195539c9613c986620cce7baaa4bebc3a37613

SHA256
35c98a44fcf8a5a5dc7c923242a19c7735c01c3d031ed14498b8d3d903e3715e

SHA512
600d73e86e5c65c8e8c3e3930609e79eddadfa6354906db78e71cb12972c50a9907a2b09ccf7dff3fd05130023dbc2fa9aacdb8416ec147da50309fe4ed1ba9c

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSA64D.tmp\[email protected]\content\zy.xul

Filesize
225B

MD5
6c784a22cec85ed7d0fdb75895f43397

SHA1
fad1f1ecc9e2179be71a5423ae25ccc79252de29

SHA256
3f3d5b55db333b5242e745030186d3f334fa498d67729a4ef3892869b6bd3395

SHA512
d30f40f938051be2d991cf576375d670423a5a220cd272b8ef6fc88ea04ba060b4dc9407e16b900c0076f91c3a9969d478eba92642b46590c75887988ae27bdc

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSA64D.tmp\[email protected]\install.rdf

Filesize
714B

MD5
8be359e8d7096d1fd0e63bac42beed1b

SHA1
98f398124dd624d90de83834561e0f31e0471ed5

SHA256
af8035a32ea8bcbdb3a13a7136ddfcbd75fc46304027533435e08b7315b969d5

SHA512
4fe19bf6311701bdb8c9ae623ba105bba522c9a0e6bc92a0180d6eb2a631ce1090412e099ef78445895fd5ebbe5c1ab3f57fef32c8ce0d1890a6471864e10037

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSA64D.tmp\background.html

Filesize
4KB

MD5
4a6729115f4dfc9fff744425d6e7ee2e

SHA1
86990929485f467b8c8ae2e8fc2650b8f4f6e2ca

SHA256
773f2481998fc59e744d39bbedf80f69259d1b7be682b2340e4b20bf294712c1

SHA512
412a4ec874f4b978e9da36063d7ee20b4e27e17f106cd287cc954d35f2977f7ec1137631de11d3a0ecbcb2ff67aa8a86ba002e5a599bf30052168c6ac9571aeb

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSA64D.tmp\bhoclass.dll

Filesize
139KB

MD5
4b35f6c1f932f52fa9901fbc47b432df

SHA1
8e842bf068b04f36475a3bf86c5ea6a9839bbb5e

SHA256
2b4d643a8a14f060bf3885f872b36e5e1fe1e777ad94783ba9593487c8e1f196

SHA512
8716b9a8e46933bf29348254a68d1a21392bdbbe3b4d5010e55fe638d02cc04eb685e424d440f7c5b58ffbca82e5772dd95bef73fa831595c2ae9599f3b05a99

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSA64D.tmp\content.js

Filesize
387B

MD5
689e93343cbc9ce86d70bebe4b1c5511

SHA1
feb1f356fb4b34f68bc225ecdac2e763ce714437

SHA256
892a5599aa41669101e41ac2510812c55af10180b9e6af7185a41a49349c65d5

SHA512
24478c321e3a2ae5d0d18c99e7657e44c9259a3d678b1b2d07aae7e54bbdb2bd674bb0e7172ff94af99bb594dde140aec64bd765832bfba9cd3b9836bb0152b1

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSA64D.tmp\obiffbpipjmdgabmiehoddigkihpjhjn.crx

Filesize
3KB

MD5
d9ee716863f87ead13dcb3cdf1de37d4

SHA1
4b5df7e9d9aaac1a9e2d52caf5a4fdb82a5c8101

SHA256
6e610443c608f920fb5091117f398c235e2ed077ac5f14e7500622b1fe412b39

SHA512
7edf87f8cf0c4ae5972e2bec672c99c56d85b5574bcd07518ad4605b127613350f2e33d3798874811a28959161fd43ee9f1c89c25295e44009a59c630f9b651a

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSA64D.tmp\settings.ini

Filesize
667B

MD5
00e305907ac4c84c67dcd18dc09739c4

SHA1
07f68bde9d366c98e91c21f1d1e16b3d3c3a7edf

SHA256
0affcacb815701c0faea16f68c8162cdb4b74c92b9bb864eac26a921095144e2

SHA512
4f652d6481dcbb682c3516a668174bcd3f48d73d852d4a56593cf946948a874581b184233aa884f8fd5b51d605d1bd83164a9062ba2acadea5ccf622497f469c

Download Submit
\Users\Admin\AppData\Local\Temp\7zSA64D.tmp\setup.exe

Filesize
61KB

MD5
16ef6e914973925977cdc5ef6b8b2565

SHA1
4815da2815975b33f5dc94d482e6dbc02588afa6

SHA256
6b9a2b64b90799f1d50458dc38fb4e9e13a8abb37210c8f5d9eeedae84c6912f

SHA512
c74f0e17878c4598b626edb5e75e7ee098b71c0c26454ba709e2ea438517670ce11abf7d909470e6c935a21d0413c0d14b29960af9bd6a423e3261789a35b059

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads