9f56c71bc5d4a778b4d0f5efe4744ad61e62bb9fced14cba7ff4809d45add281

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
11-07-2024 03:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3777f9d74351353daeab8d257e5a3615_JaffaCakes118.exe
Size

251KB
MD5

3777f9d74351353daeab8d257e5a3615
SHA1

8847da8147b31e68fb0cb147b8387a1cf2f17187
SHA256

9f56c71bc5d4a778b4d0f5efe4744ad61e62bb9fced14cba7ff4809d45add281
SHA512

7fcfe916ea1ba78b987594a9590ecfe895b01c43dedb94eb00a2ef60a83b9b4d0561431dbc18490750c43bbbce68c486764f6f8fe4986c006fba5d85f416398f
SSDEEP

6144:91OgDPdkBAFZWjadD4seE5e58/FjEvrKpHBrr6:91OgLdar8NGKZBrr6

Score

7^/10

adware discovery spyware stealer

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2844	setup.exe

Loads dropped DLL 6 IoCs

pid	Process
2724	3777f9d74351353daeab8d257e5a3615_JaffaCakes118.exe
2844	setup.exe
2844	setup.exe
2844	setup.exe
2844	setup.exe
2844	setup.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Installs/modifies Browser Helper Object 2 TTPs 4 IoCs

BHOs are DLL modules which act as plugins for Internet Explorer.

stealer adware

Modify Registry

T1112

Browser Extensions

T1176

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{7888353E-7A52-A92B-B26A-3B0FBB3003E5}	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{7888353E-7A52-A92B-B26A-3B0FBB3003E5}\ = "wxDfast"	setup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{7888353E-7A52-A92B-B26A-3B0FBB3003E5}\NoExplorer = "1"	setup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{7888353E-7A52-A92B-B26A-3B0FBB3003E5}	setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

NSIS installer 4 IoCs

installer

resource	yara_rule
behavioral1/files/0x0006000000016de1-22.dat	nsis_installer_1
behavioral1/files/0x0006000000016de1-22.dat	nsis_installer_2
behavioral1/files/0x0006000000018d6b-79.dat	nsis_installer_1
behavioral1/files/0x0006000000018d6b-79.dat	nsis_installer_2

Modifies registry class 63 IoCs

description	ioc	Process
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7888353E-7A52-A92B-B26A-3B0FBB3003E5}	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\ProxyStubClsid32	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\TypeLib\ = "{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0\HELPDIR	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\TypeLib	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\TypeLib\Version = "1.0"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7888353E-7A52-A92B-B26A-3B0FBB3003E5}\VersionIndependentProgID\ = "bhoclass.bho"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7888353E-7A52-A92B-B26A-3B0FBB3003E5}\InprocServer32	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7888353E-7A52-A92B-B26A-3B0FBB3003E5}\InprocServer32\ = "C:\\ProgramData\\wxDfast\\bhoclass.dll"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7888353E-7A52-A92B-B26A-3B0FBB3003E5}\InprocServer32\ThreadingModel = "Apartment"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0\ = "Injector 1.0 Type Library"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0\FLAGS	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\TypeLib\Version = "1.0"	setup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7888353E-7A52-A92B-B26A-3B0FBB3003E5}\VersionIndependentProgID	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho.1.0\CLSID\ = "{7888353E-7A52-A92B-B26A-3B0FBB3003E5}"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho\CLSID	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7888353E-7A52-A92B-B26A-3B0FBB3003E5}\Programmable	setup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7888353E-7A52-A92B-B26A-3B0FBB3003E5}\ProgID	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\TypeLib	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\TypeLib\ = "{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho.1.0	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho\CurVer\ = "bhoclass.bho.1.0"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7888353E-7A52-A92B-B26A-3B0FBB3003E5}	setup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7888353E-7A52-A92B-B26A-3B0FBB3003E5}\Programmable	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho\CurVer	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0\0	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0\HELPDIR\ = "C:\\ProgramData\\wxDfast"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\TypeLib\ = "{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\ProxyStubClsid32	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7888353E-7A52-A92B-B26A-3B0FBB3003E5}\ProgID\ = "bhoclass.bho.1.0"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0\FLAGS\ = "0"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0\0\win32	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\ProxyStubClsid32	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\TypeLib	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0\0\win32\ = "C:\\ProgramData\\wxDfast\\bhoclass.dll"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\ = "IInjectorBHO"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\ProxyStubClsid32	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\TypeLib	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7888353E-7A52-A92B-B26A-3B0FBB3003E5}\ProgID	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}	setup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7888353E-7A52-A92B-B26A-3B0FBB3003E5}\InprocServer32	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho\CLSID\ = "{7888353E-7A52-A92B-B26A-3B0FBB3003E5}"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\ = "ILocalStorage"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\TypeLib\ = "{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho.1.0\ = "wxDfast"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho\ = "wxDfast"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7888353E-7A52-A92B-B26A-3B0FBB3003E5}\ = "wxDfast Class"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho.1.0\CLSID	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\ = "IInjectorBHO"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\TypeLib\Version = "1.0"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7888353E-7A52-A92B-B26A-3B0FBB3003E5}\VersionIndependentProgID	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\TypeLib\Version = "1.0"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\ = "ILocalStorage"	setup.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2724 wrote to memory of 2844	2724	3777f9d74351353daeab8d257e5a3615_JaffaCakes118.exe	30
PID 2724 wrote to memory of 2844	2724	3777f9d74351353daeab8d257e5a3615_JaffaCakes118.exe	30
PID 2724 wrote to memory of 2844	2724	3777f9d74351353daeab8d257e5a3615_JaffaCakes118.exe	30
PID 2724 wrote to memory of 2844	2724	3777f9d74351353daeab8d257e5a3615_JaffaCakes118.exe	30
PID 2724 wrote to memory of 2844	2724	3777f9d74351353daeab8d257e5a3615_JaffaCakes118.exe	30
PID 2724 wrote to memory of 2844	2724	3777f9d74351353daeab8d257e5a3615_JaffaCakes118.exe	30
PID 2724 wrote to memory of 2844	2724	3777f9d74351353daeab8d257e5a3615_JaffaCakes118.exe	30

System policy modification 1 TTPs 2 IoCs

evasion

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{7888353E-7A52-A92B-B26A-3B0FBB3003E5} = "1"	setup.exe

C:\Users\Admin\AppData\Local\Temp\3777f9d74351353daeab8d257e5a3615_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3777f9d74351353daeab8d257e5a3615_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2724
- C:\Users\Admin\AppData\Local\Temp\7zS4FA6.tmp\setup.exe
  .\setup.exe /s
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Installs/modifies Browser Helper Object
  - Modifies registry class
  - System policy modification
  PID:2844

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Browser Extensions

T1176

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\wxDfast\uninstall.exe

Filesize
46KB

MD5
8be20144dbd200c6de0c9430ed9280cf

SHA1
b81e3aacaaedd66ef0896acabc6983c94758e2b4

SHA256
634557ab79a29fe800721bc5f146a9b86799b72eb6755e821492f85ca66818a6

SHA512
fd7db954002be6332c8c6f4500fc38c1d5286022bb56f21b97567e837ee3d5a3c6db08cabcd2ffe405e7180918d6bb0b57b330703a9d045851901d01115ff94e

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS4FA6.tmp\[email protected]\bootstrap.js

Filesize
2KB

MD5
45ef3fd7a0a271a25309e3e53ff89021

SHA1
62c9c7630d31acd60f03dd3c0276cc1edf98a8fc

SHA256
ebab0953e71a77d5a6f87f1cdb39a6df3a15d87756514960c71b81c7a6ff19a3

SHA512
020c0872ac02db63ec36b2dd992647f9beed33c59679b91228a6b133908444acb04a8d86f2a1622c435235f65e43a61bfb18a4a4e5f0ad53b2b30f02a33771b4

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS4FA6.tmp\[email protected]\chrome.manifest

Filesize
116B

MD5
5c05674d022463c60368f541caa68ef4

SHA1
4ec3e400efcfe53bbcc5c5ef9d8b0501c4dfecaf

SHA256
c2009c23f4f6339038a5b232e32d08dffa2f5da3518a8584b77c7a9cfa046330

SHA512
5902fa6e785541896b1b2ad75305d64386b92dbce380667e6973bf04e3049f22ff71301d73c5383719df017e5819128342965e58891aa913e48b1c2514cfeca1

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS4FA6.tmp\[email protected]\content\bg.js

Filesize
8KB

MD5
00bb9dff319b84c848415b833937b405

SHA1
2e21e503c9f5d43fea95b35bc41a3b310d91969d

SHA256
24e5e16028263430cefc1604392d4371f631e48207416d03b10ee9350cd25cc6

SHA512
11a3fb22bce55d0544768a000947c79be3ab2b5dffee9efcdec99e3bb14b8f7ab25c5f045e7825aa83ab2a348afa3e1cfb95b8bea63a9074d7f0d12d7add3a6b

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS4FA6.tmp\[email protected]\content\zy.xul

Filesize
225B

MD5
b9737bb6d9a0429cd007a362633d4610

SHA1
8cc2cfc040372b43aec49ea39e68c875eaa18b04

SHA256
0b7ed0ef82d2870a725f6e57a8d97f734099fe7067208f16b2e632413af3c7cf

SHA512
4e16bf5447e23d2a3c6ec2471e7fd90e67a3d63894a288270213d453874003d1b2af31ae3b4e7e26c5507d9dfe1a986d650d058f37b9d1486f3a139ae31e44a4

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS4FA6.tmp\[email protected]\install.rdf

Filesize
714B

MD5
66d89e8ee208e834cdab3ac0e73191ef

SHA1
1a40b9fc6c99303fa72d014f3180770565b7d16d

SHA256
09f64f458511eb5202f0533a7f8d4d4afab2dd96db183df78285996f6c348bc5

SHA512
6d20a86906eda7af3607b7e3ec286ffd056a7fccd7491fb8475bd075fc66ddb49117a0e3b396b17843e110d85f8bd8bcc38a90f250981fef60e738d3afa76b9c

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS4FA6.tmp\background.html

Filesize
4KB

MD5
01bdcddf76f1d0650d2d505f0bddf717

SHA1
fda4a12740d7909ecdd359b6edd7cfed2d3630c9

SHA256
d1eea0af5d3dc0b579911ce4bc6cdcaec56121be2f2687e363eb2aea721654f8

SHA512
f76d230b6c2c4a775442c7c1e78513ecf7be4c09f3cdb245c3061164cc8261032a75143f3ce7f3664398b6293008e65f29215bbd32f8f53fddbacc322bda252a

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS4FA6.tmp\bhoclass.dll

Filesize
139KB

MD5
4b35f6c1f932f52fa9901fbc47b432df

SHA1
8e842bf068b04f36475a3bf86c5ea6a9839bbb5e

SHA256
2b4d643a8a14f060bf3885f872b36e5e1fe1e777ad94783ba9593487c8e1f196

SHA512
8716b9a8e46933bf29348254a68d1a21392bdbbe3b4d5010e55fe638d02cc04eb685e424d440f7c5b58ffbca82e5772dd95bef73fa831595c2ae9599f3b05a99

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS4FA6.tmp\content.js

Filesize
389B

MD5
3f0570b4e48a6a150f0a2d765e8a9a3b

SHA1
5318ef80f33a96f4c4bbd658652204efcac018b6

SHA256
accbab1701547620a21b9622f463fc6006a0ba770beac249442ebde7941eedd3

SHA512
085b11e9c21ee492bd296d7fe3c17bd00c247164b97683960985caf6573dec5fbe7f1c2064df8ab85dc0720a5933c6e16afe0ea3690fbd46dfc21817f2fb9cbb

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS4FA6.tmp\dbaeghdijnlkkjjjhjoebckkciiigjhf.crx

Filesize
3KB

MD5
ee055ea61cd45a6497d17f797f2a7272

SHA1
8c9a4477b1cb1e400fb2b053dcb250adc71a570f

SHA256
b42b19fd5aad5e592207826963fd6378e78af0697a6d10d49e7dfbbb0b165a2b

SHA512
766829197ab1166c70f70479de3fab43bf6573e37c14882cb4fa6ec0d2f9ed284e1daea6cbd10f501cc9bbcb29a030fee4702cecf7dec4d3d63e819c278821f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS4FA6.tmp\settings.ini

Filesize
660B

MD5
d88308a8ffdba8b6d5576e3510c799fa

SHA1
4f3d983ae65038c66ffffe68d403bd8b2b275ef7

SHA256
94c7199c802a0e9cb6d6c7294c874754d422f282a230ad0d88c2a0694eac5cda

SHA512
2a8a7205863945fd33e494a717437367f90026d3121e99b603a2e97669e5eaef52344b5dcd1331f112ba151e23ac180b2ae948cfb980954c89929ce75fdd2e80

Download Submit
\Users\Admin\AppData\Local\Temp\7zS4FA6.tmp\setup.exe

Filesize
61KB

MD5
16ef6e914973925977cdc5ef6b8b2565

SHA1
4815da2815975b33f5dc94d482e6dbc02588afa6

SHA256
6b9a2b64b90799f1d50458dc38fb4e9e13a8abb37210c8f5d9eeedae84c6912f

SHA512
c74f0e17878c4598b626edb5e75e7ee098b71c0c26454ba709e2ea438517670ce11abf7d909470e6c935a21d0413c0d14b29960af9bd6a423e3261789a35b059

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads