e7930914c5a0ccb0b03883531290ac0c2d83b77eb9352b6f9bf4bffae512869b

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
13-07-2024 15:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

422bfafc7047aa1c09436307df236013_JaffaCakes118.exe
Size

313KB
MD5

422bfafc7047aa1c09436307df236013
SHA1

a21d5e055a8ce5d4af0c526af42c5f363a4d8037
SHA256

e7930914c5a0ccb0b03883531290ac0c2d83b77eb9352b6f9bf4bffae512869b
SHA512

e2c625a4abb9bf24cadf8469c09652fdc7c53d40b13504cbb7194f7b20435f9b635f9e222dadb01e0cbd093882b212aded48edbd37d34b8ff39792113f9c8955
SSDEEP

6144:91OgDPdkBAFZWjadD4s0ZzSdDZzNiGa61uPteRt3AmNAu2TGyq:91OgLdaXID7iGa6AVeRt3NNAu2g

Score

7^/10

adware discovery spyware stealer

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
3008	setup.exe

Loads dropped DLL 6 IoCs

pid	Process
2504	422bfafc7047aa1c09436307df236013_JaffaCakes118.exe
3008	setup.exe
3008	setup.exe
3008	setup.exe
3008	setup.exe
3008	setup.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Installs/modifies Browser Helper Object 2 TTPs 4 IoCs

BHOs are DLL modules which act as plugins for Internet Explorer.

stealer adware

Modify Registry

T1112

Browser Extensions

T1176

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{D49F4383-F3D7-29E3-770A-3277AE199101}\ = "Bcool"	setup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{D49F4383-F3D7-29E3-770A-3277AE199101}\NoExplorer = "1"	setup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{D49F4383-F3D7-29E3-770A-3277AE199101}	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{D49F4383-F3D7-29E3-770A-3277AE199101}	setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

NSIS installer 4 IoCs

installer

resource	yara_rule
behavioral1/files/0x0006000000016d2d-30.dat	nsis_installer_1
behavioral1/files/0x0006000000016d2d-30.dat	nsis_installer_2
behavioral1/files/0x0006000000018c2c-99.dat	nsis_installer_1
behavioral1/files/0x0006000000018c2c-99.dat	nsis_installer_2

Modifies registry class 63 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho\CurVer	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D49F4383-F3D7-29E3-770A-3277AE199101}\InprocServer32\ThreadingModel = "Apartment"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0\HELPDIR	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\ = "IInjectorBHO"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\TypeLib\Version = "1.0"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\TypeLib\ = "{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\TypeLib\ = "{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\TypeLib\Version = "1.0"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\ProxyStubClsid32	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho\CLSID	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D49F4383-F3D7-29E3-770A-3277AE199101}\InprocServer32\ = "C:\\ProgramData\\Bcool\\bhoclass.dll"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\ProxyStubClsid32	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\ = "ILocalStorage"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho.1.0\CLSID\ = "{D49F4383-F3D7-29E3-770A-3277AE199101}"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\ = "IInjectorBHO"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\TypeLib	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\TypeLib\ = "{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D49F4383-F3D7-29E3-770A-3277AE199101}	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0\0	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D49F4383-F3D7-29E3-770A-3277AE199101}\VersionIndependentProgID	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0\FLAGS\ = "0"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho.1.0\CLSID	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho\CurVer\ = "bhoclass.bho.1.0"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D49F4383-F3D7-29E3-770A-3277AE199101}\ProgID	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho.1.0	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho\CLSID\ = "{D49F4383-F3D7-29E3-770A-3277AE199101}"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\ProxyStubClsid32	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\ = "ILocalStorage"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\TypeLib\ = "{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D49F4383-F3D7-29E3-770A-3277AE199101}\Programmable	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D49F4383-F3D7-29E3-770A-3277AE199101}\InprocServer32	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0\0\win32	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D49F4383-F3D7-29E3-770A-3277AE199101}\ = "Bcool Class"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D49F4383-F3D7-29E3-770A-3277AE199101}\ProgID\ = "bhoclass.bho.1.0"	setup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D49F4383-F3D7-29E3-770A-3277AE199101}\InprocServer32	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0\HELPDIR\ = "C:\\ProgramData\\Bcool"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	setup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D49F4383-F3D7-29E3-770A-3277AE199101}\ProgID	setup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D49F4383-F3D7-29E3-770A-3277AE199101}	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0\FLAGS	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\ProxyStubClsid32	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\TypeLib\Version = "1.0"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho\ = "Bcool"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\TypeLib	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\TypeLib	setup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D49F4383-F3D7-29E3-770A-3277AE199101}\Programmable	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0\ = "Injector 1.0 Type Library"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\TypeLib\Version = "1.0"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\TypeLib	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho.1.0\ = "Bcool"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D49F4383-F3D7-29E3-770A-3277AE199101}\VersionIndependentProgID\ = "bhoclass.bho"	setup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D49F4383-F3D7-29E3-770A-3277AE199101}\VersionIndependentProgID	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0\0\win32\ = "C:\\ProgramData\\Bcool\\bhoclass.dll"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}	setup.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2504 wrote to memory of 3008	2504	422bfafc7047aa1c09436307df236013_JaffaCakes118.exe	30
PID 2504 wrote to memory of 3008	2504	422bfafc7047aa1c09436307df236013_JaffaCakes118.exe	30
PID 2504 wrote to memory of 3008	2504	422bfafc7047aa1c09436307df236013_JaffaCakes118.exe	30
PID 2504 wrote to memory of 3008	2504	422bfafc7047aa1c09436307df236013_JaffaCakes118.exe	30
PID 2504 wrote to memory of 3008	2504	422bfafc7047aa1c09436307df236013_JaffaCakes118.exe	30
PID 2504 wrote to memory of 3008	2504	422bfafc7047aa1c09436307df236013_JaffaCakes118.exe	30
PID 2504 wrote to memory of 3008	2504	422bfafc7047aa1c09436307df236013_JaffaCakes118.exe	30

System policy modification 1 TTPs 2 IoCs

evasion

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{D49F4383-F3D7-29E3-770A-3277AE199101} = "1"	setup.exe

C:\Users\Admin\AppData\Local\Temp\422bfafc7047aa1c09436307df236013_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\422bfafc7047aa1c09436307df236013_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2504
- C:\Users\Admin\AppData\Local\Temp\7zS96B4.tmp\setup.exe
  .\setup.exe /s
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Installs/modifies Browser Helper Object
  - Modifies registry class
  - System policy modification
  PID:3008

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Browser Extensions

T1176

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Bcool\uninstall.exe

Filesize
46KB

MD5
2628f4240552cc3b2ba04ee51078ae0c

SHA1
5b0cca662149240d1fd4354beac1338e97e334ea

SHA256
03c965d0bd9827a978ef4080139533573aa800c9803599c0ce91da48506ad8f6

SHA512
6ecfcc97126373e82f1edab47020979d7706fc2be39ca792e8f30595133cd762cd4a65a246bee9180713e40e61efa373ecfb5eb72501ee18b38f13e32e61793b

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS96B4.tmp\[email protected]\chrome.manifest

Filesize
114B

MD5
88b9f137bcc61543a5dcfe5b50fbc8f6

SHA1
a6c02c641bb885713215dd5e8a808b220777b721

SHA256
a38ff423bd17bcbcb0b7c20d4016dde67a54fa9245bed207f26e2ebf18944fc7

SHA512
fa4fb6a50b43449ff68524ea430bcfe2cfe6015ec7e252cf4ecc5e1e810300c4e5a26ad6fb43606c5ca8132b49a4f7777eb4c91d9288a0555765dd030eb799ea

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS96B4.tmp\[email protected]\content\indexeddb.js

Filesize
1KB

MD5
b854b12cc6e67a2485580bab2c581917

SHA1
8e3aaee60a923c0be21b678dd1ced8dfa38d2f68

SHA256
582a9acf4f17965dbe6c9c2fc923c8c202433a179e87a98bb96afa0c097c042a

SHA512
7be7fdd5ca19bf18f6ffa2ae8df350a73ae59805d5d566241a3cd95e4be49e0ad28e1d4dd64b2f54679be27be32e0b0985f4bc2fba4cbcc0f4c7b19364141eb6

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS96B4.tmp\[email protected]\content\jquery.js

Filesize
91KB

MD5
4bab8348a52d17428f684ad1ec3a427e

SHA1
56c912a8c8561070aee7b9808c5f3b2abec40063

SHA256
3739b485ac39b157caa066b883e4d9d3f74c50beff0b86cd8a24ce407b179a23

SHA512
a693069c66d8316d73a3c01ed9e6a4553c9b92d98b294f0e170cc9f9f5502c814255f5f92b93aeb07e0d6fe4613f9a1d511e1bfd965634f04e6cf18f191a7480

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS96B4.tmp\[email protected]\content\jsext.js

Filesize
6KB

MD5
6fcb1c56ff7c874aa601223b3203e9d2

SHA1
fd5b9f4a8743aa65dbd9e6dfd17d2f005e370582

SHA256
b3797d717108b5f17ec4c20eade3bbccd23cc8b217146cfdfbeec607629facf7

SHA512
a78f21c5eb2567018b2de84474e5c674fb18b21d66cb0aa017ed5d3ecd18df3da21eebd55153d794fb13b8f7a1d6bea368e4a6270e3ddbcda568960e00dcaa72

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS96B4.tmp\[email protected]\content\lsdb.js

Filesize
1KB

MD5
66b50c883cd394ad9191787ebffa1fde

SHA1
dc6b45840eecb02897d279fa7a029b7d9d7f514e

SHA256
ecd309f8dc899f9ef7c5315728cb353e37ba8259ad25b1648d7fa075a0d42125

SHA512
1adef783c6f0e52972a638b5e803a7f3df81c2c9ee41a9bb3e654ede8902cd51db772dc03984db8783be04857133fac8a47e2fddc9d73f345f6af2f8be77ae2c

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS96B4.tmp\[email protected]\content\prfdb.js

Filesize
1KB

MD5
ba58e1a7d98a613bce9c93171957f671

SHA1
a25456e371e31cacf8d0fd5c654dba41dcee429b

SHA256
fa9b009db6a302b81dd590a317148f9d3dc111c04e99e0524d0ab22cb6a9bad5

SHA512
79d25072ef8a7d270bef61a6041661e204bb38682d434babb8864c3c49d6c2408105d08db86fc9cda10c8418afce17565c02b415c89a6e2e0f018869c9f3fa83

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS96B4.tmp\[email protected]\content\sqlite.js

Filesize
1KB

MD5
c2b9498977c2fb44d2facffbed26c35f

SHA1
525e42a15177f07868bee9c781783cb1c09598ad

SHA256
349218afd37ac256bd64ad0002396b23c7633972674716ed799085ca1c0c6cb9

SHA512
d3f5116f5780ab03c71735315ffbbcbbe6fa4c0325b6738566fad7c7ca1b1f5a4f57b2c60e703b722e891db5f91d089652ce278074054d3b2178fe934e361490

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS96B4.tmp\[email protected]\content\wx.xul

Filesize
228B

MD5
47323f9db3cef311959ec26a77973ab2

SHA1
4860ec94aadc755d9764827135f178dc1653ff15

SHA256
6c80debc9fbd919149ccdfb5cd0f633b7288f4875413affde6e98ce3174b61fc

SHA512
54d4637ae87979e9bb6839b132ca10d9823659d98a3c2602167a7b7f54d8783bc618cec0cc198ca6511b8b5be6ff868974e231d506954e1741c3716b50bc3613

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS96B4.tmp\[email protected]\install.rdf

Filesize
668B

MD5
1ae9c809af293fb21ef1ee27342b1dae

SHA1
dae5a6510aa87a03212163ebffef76a18c911002

SHA256
06eb02d57ab10dc28f1216bf9a1b0c7685bd724eb80bc7315e8167185274756d

SHA512
8bcc4d97acc1e24aa6bcc2fe7fcec81400b6fd852930c85d547a23885b30c8bf23bf7b13b9d62ee2f67d69322e27ec1ab202c5ffe95ad3cbc23518be211254d0

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS96B4.tmp\background.html

Filesize
5KB

MD5
77097c15a2b322aadff5ab7b844212b0

SHA1
6ce0097ecb9a80236dc3f3fa69d788722572f36e

SHA256
1481e75e3864dc60fce204c6dd6ad7793aa9fdfe07252a8c6e8e2784c1d54b46

SHA512
8614bc4f80db39470437d8f4afd27840d85285e0617c262381d975aa5c1ade703d91d2857bf1c7fd6305b2cb968f204770d1297b585c2fd7d877f0d0b1dc903d

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS96B4.tmp\bhoclass.dll

Filesize
137KB

MD5
ac13c733379328f86568f6e514c2f7f8

SHA1
338901240fedcef4e3892fd4c723c89154f4de05

SHA256
7bf09b5c2a9b6348227199c1b3951b57907ca6a5c215a04ad8d5e43232f5b562

SHA512
35f69a82694a2ea4268a3dde7940af6bd1c87a32d93a72723464f90e4e818805be9e80872469d1cc29150a9aac872fc78613a584baa1327dfa8478c2de5672c4

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS96B4.tmp\content.js

Filesize
386B

MD5
3fcec8fa38a822627d4ecf2359868c49

SHA1
490e2ed58feb64ff77c11047ef9345ce99068da7

SHA256
6b866a3fb717c3b73357309c25c0e53060addd3fc529f0662397c869155e8b89

SHA512
a7eac0ae9b1171c02296a1dacbc82bf1d93657d75bcc86cba7041e90d82d177f50e4366e55ffa9246e5f3d7b409e7d24f25ad4eef2dbb1b29a3ba32011a6bbb2

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS96B4.tmp\dmdndinpdfcfkonfddlldpomibedclji.crx

Filesize
37KB

MD5
70177b29bbf68c772c076b583e049223

SHA1
85661e9e5957d73a47593e61721584cd7bd11780

SHA256
6f010e689d40e12d785f150cf92d9f02962dcc4e1fa7d3b8ddd0233b9496bc2b

SHA512
332f65cb5fab8e42bcab863e1012f0a9275e974a0169980bd18df7f5ce44ac97875d7ef6774f2f65d5c2150def3aa8d9fe247c65bff3efc59166bd1b95edc407

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS96B4.tmp\settings.ini

Filesize
592B

MD5
a91718991b66add0745be69e5a168949

SHA1
c09c6d8661f017b180f91f691dea0110194214f9

SHA256
3e121e9b285c1cc833ce857420fd9842598225a0f57afc89c7b57e99e6e6de6a

SHA512
4a72fe911a9a4ad63a30ae6b179c501a7a036d58a2c2b7bfdce98d8af43ca8a924811da8be297f66ab1a211dc9b42645d97d9cc2cf3b8696f828bb1f13079689

Download Submit
\Users\Admin\AppData\Local\Temp\7zS96B4.tmp\setup.exe

Filesize
61KB

MD5
201d2311011ffdf6c762fd46cdeb52ab

SHA1
65c474ca42a337745e288be0e21f43ceaafd5efe

SHA256
15c0e4fd6091cda70fa308ea5ee956996f6eb23d24e44700bd5c74bf111cf2aa

SHA512
235d70114f391d9e7a319d94bdfc49665d147723379de7487ef76cfc968f7faa3191153b32ba1ab466caeeeeef4852381529a168c3acca9a8d5a26dfe0436f6b

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads