449a401b880c92cf12952b1f1d337757c5578a88b15e102a14fa669cfcd3e488

Analysis

max time kernel
93s
max time network
95s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
14/07/2024, 09:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

452deaa54c4c2953a47ee9b2f1320e25_JaffaCakes118.exe
Size

315KB
MD5

452deaa54c4c2953a47ee9b2f1320e25
SHA1

eeb0c7cc9f9a30299708bedac629844b922c4559
SHA256

449a401b880c92cf12952b1f1d337757c5578a88b15e102a14fa669cfcd3e488
SHA512

93e9a19956e11f2501392a54333d0f1d49efd269b39a21b4c664272a8241b531df7dd8a11b95c1deaf19027bca298c049638a7439b20a6bf3660c486ab17a063
SSDEEP

6144:91OgDPdkBAFZWjadD4sGHimgNHB9A9lt0aCqbQN8qDlZvDu/EBqf:91OgLdaN008aCuYjX6/y4

Score

7^/10

adware discovery spyware stealer

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
3848	setup.exe

Loads dropped DLL 1 IoCs

pid	Process
3848	setup.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Installs/modifies Browser Helper Object 2 TTPs 4 IoCs

BHOs are DLL modules which act as plugins for Internet Explorer.

stealer adware

Modify Registry

T1112

Browser Extensions

T1176

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C7EB43FF-A23A-9CD9-7161-0537A092E989}	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C7EB43FF-A23A-9CD9-7161-0537A092E989}\ = "wxDfast"	setup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C7EB43FF-A23A-9CD9-7161-0537A092E989}\NoExplorer = "1"	setup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C7EB43FF-A23A-9CD9-7161-0537A092E989}	setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

NSIS installer 4 IoCs

installer

resource	yara_rule
behavioral2/files/0x0007000000023494-31.dat	nsis_installer_1
behavioral2/files/0x0007000000023494-31.dat	nsis_installer_2
behavioral2/files/0x00070000000234ae-100.dat	nsis_installer_1
behavioral2/files/0x00070000000234ae-100.dat	nsis_installer_2

Modifies registry class 63 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C7EB43FF-A23A-9CD9-7161-0537A092E989}	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0\FLAGS	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\TypeLib\ = "{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C7EB43FF-A23A-9CD9-7161-0537A092E989}\ProgID\ = "bhoclass.bho.1.0"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0\0\win32	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0\HELPDIR\ = "C:\\ProgramData\\wxDfast"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\TypeLib\ = "{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho.1.0\CLSID\ = "{C7EB43FF-A23A-9CD9-7161-0537A092E989}"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0\HELPDIR	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C7EB43FF-A23A-9CD9-7161-0537A092E989}\InprocServer32\ = "C:\\ProgramData\\wxDfast\\bhoclass.dll"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0\FLAGS\ = "0"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\TypeLib	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C7EB43FF-A23A-9CD9-7161-0537A092E989}\Programmable	setup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C7EB43FF-A23A-9CD9-7161-0537A092E989}\VersionIndependentProgID	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\ProxyStubClsid32	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\ = "IInjectorBHO"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\TypeLib	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\ProxyStubClsid32	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho\CLSID	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C7EB43FF-A23A-9CD9-7161-0537A092E989}\VersionIndependentProgID\ = "bhoclass.bho"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0\0	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0\0\win32\ = "C:\\ProgramData\\wxDfast\\bhoclass.dll"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\TypeLib\Version = "1.0"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\TypeLib	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho.1.0\CLSID	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C7EB43FF-A23A-9CD9-7161-0537A092E989}\VersionIndependentProgID	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	setup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C7EB43FF-A23A-9CD9-7161-0537A092E989}\ProgID	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0\ = "Injector 1.0 Type Library"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho\CLSID\ = "{C7EB43FF-A23A-9CD9-7161-0537A092E989}"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C7EB43FF-A23A-9CD9-7161-0537A092E989}\ = "wxDfast Class"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho\ = "wxDfast"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\ = "IInjectorBHO"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\ProxyStubClsid32	setup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C7EB43FF-A23A-9CD9-7161-0537A092E989}	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\ = "ILocalStorage"	setup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C7EB43FF-A23A-9CD9-7161-0537A092E989}\Programmable	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\ = "ILocalStorage"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\TypeLib	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\TypeLib\Version = "1.0"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho.1.0\ = "wxDfast"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho\CurVer	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C7EB43FF-A23A-9CD9-7161-0537A092E989}\InprocServer32	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho.1.0	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\TypeLib\Version = "1.0"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\TypeLib\ = "{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\ProxyStubClsid32	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\TypeLib\ = "{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C7EB43FF-A23A-9CD9-7161-0537A092E989}\ProgID	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C7EB43FF-A23A-9CD9-7161-0537A092E989}\InprocServer32\ThreadingModel = "Apartment"	setup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C7EB43FF-A23A-9CD9-7161-0537A092E989}\InprocServer32	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho\CurVer\ = "bhoclass.bho.1.0"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\TypeLib\Version = "1.0"	setup.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3400 wrote to memory of 3848	3400	452deaa54c4c2953a47ee9b2f1320e25_JaffaCakes118.exe	83
PID 3400 wrote to memory of 3848	3400	452deaa54c4c2953a47ee9b2f1320e25_JaffaCakes118.exe	83
PID 3400 wrote to memory of 3848	3400	452deaa54c4c2953a47ee9b2f1320e25_JaffaCakes118.exe	83

System policy modification 1 TTPs 2 IoCs

evasion

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{C7EB43FF-A23A-9CD9-7161-0537A092E989} = "1"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID	setup.exe

C:\Users\Admin\AppData\Local\Temp\452deaa54c4c2953a47ee9b2f1320e25_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\452deaa54c4c2953a47ee9b2f1320e25_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3400
- C:\Users\Admin\AppData\Local\Temp\7zS9A8A.tmp\setup.exe
  .\setup.exe /s
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Installs/modifies Browser Helper Object
  - Modifies registry class
  - System policy modification
  PID:3848

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Browser Extensions

T1176

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\wxDfast\uninstall.exe

Filesize
46KB

MD5
2628f4240552cc3b2ba04ee51078ae0c

SHA1
5b0cca662149240d1fd4354beac1338e97e334ea

SHA256
03c965d0bd9827a978ef4080139533573aa800c9803599c0ce91da48506ad8f6

SHA512
6ecfcc97126373e82f1edab47020979d7706fc2be39ca792e8f30595133cd762cd4a65a246bee9180713e40e61efa373ecfb5eb72501ee18b38f13e32e61793b

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS9A8A.tmp\[email protected]\chrome.manifest

Filesize
114B

MD5
bf518d9abe5623aac370a6442b0a9b16

SHA1
235800c96a07ad25f40732d2da83c5a77f937d24

SHA256
b16c1b20eaaf4f0490000e80b7b157eb31becc979ca60b4de4989ff334a8b840

SHA512
673f903c4133f56cc2a510379472d980e1f5dbc5f6d508e4f66c6e9e46674369196328abc424778bd2e2147e0c605ddc5f070e602d514ccb51911c44afd88991

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS9A8A.tmp\[email protected]\content\indexeddb.js

Filesize
1KB

MD5
e1f9b4e4a801138c1f758d5ea450ed34

SHA1
6a43cabe85972ac53d61dc49b972e8a6935d5b42

SHA256
19a5c5a0fbc2197f888b5169411d8b2b745c391d99b5cc5bda32f741ca17c398

SHA512
9df741ac616289031a3c025c31e4e3ab24939894a2b30fec0ec41d8554fc8f8177444d94a0771dd79b617db8b7602b137925cd60117eccacacdc206485fd87b1

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS9A8A.tmp\[email protected]\content\jquery.js

Filesize
91KB

MD5
4bab8348a52d17428f684ad1ec3a427e

SHA1
56c912a8c8561070aee7b9808c5f3b2abec40063

SHA256
3739b485ac39b157caa066b883e4d9d3f74c50beff0b86cd8a24ce407b179a23

SHA512
a693069c66d8316d73a3c01ed9e6a4553c9b92d98b294f0e170cc9f9f5502c814255f5f92b93aeb07e0d6fe4613f9a1d511e1bfd965634f04e6cf18f191a7480

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS9A8A.tmp\[email protected]\content\jsext.js

Filesize
6KB

MD5
d6d2337aeac4f13165e32b60d9595a49

SHA1
ec242654a010c89ab4c298f4be07d6090c2de4ef

SHA256
1da3e803939fc0e44449026528883ebac6e0e527137cdadc9ac176980b3bc236

SHA512
e835e81eb171f28f225c623852a0395e8f83d147564f89eb3af99aa2ac37920827d4fdf33af959f59a10bd8a16988bd1f790392a3530401dd138d9a37e95b88d

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS9A8A.tmp\[email protected]\content\lsdb.js

Filesize
1KB

MD5
d08a4f305a6ce6e27e668e3c92f37886

SHA1
7e70492239953659305d09975ac073714d677ba7

SHA256
9db0a33ddbe020c45487b7f18b877a495e5f0d1fdf2a4ded2a5728a33a217e0c

SHA512
809a420842737c510249ce61063edf3532754a097ea15dcf7dce99884442953342bfd02ce58f42717acab11b4a8a346762a643c379ed5c8da3f78a7ac1d00d26

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS9A8A.tmp\[email protected]\content\prfdb.js

Filesize
1KB

MD5
66496dff31114cd4001e92d8606b1abf

SHA1
f25dfc248aead602f989edf0eb490707db1d8e63

SHA256
6dafac7acdbdb298cf2f4fd7b151f790d0dd5910091022211a0c7bbc2d34431a

SHA512
42f4c45c1e6a98f8392dc46e179074a69a9074b03ceffdbefe16e70688cacee1e5f381165afe0a809aec722b6099e310e955f82bdfe7646088aa43ab4b3e42e9

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS9A8A.tmp\[email protected]\content\sqlite.js

Filesize
1KB

MD5
21feb672f3bc8b51b5d59d621e804da3

SHA1
a6cf7967eee5f5cf37f027e54532b311eacd9faf

SHA256
430a74d3151f8bf87da3376426c09933ab48f970229be1fb7d05b7069ded3726

SHA512
408e3ee04bbd2bba6a87dd8484e63c49c29c06fb4b4d1b157dae2f81d66591eee3627736fbb5045a0bf0011a895f8fee905291511605d61f8534eea94350abfe

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS9A8A.tmp\[email protected]\content\wx.xul

Filesize
228B

MD5
29ed181088a88be68d38ba950710129c

SHA1
e0d12f91f570db9c218057bec2ed2501619d7a5b

SHA256
495852a260a564f6108e86434607b3d38287c4e0b7fd1d230b748e19bc3522e7

SHA512
8161ada4ebea92dfeb5f52321b21f190715957804e8f58ad8bf1411294fa88304ae6705c06861464d2944251591380dae8ad94acca6eea930bae493e951be9d9

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS9A8A.tmp\[email protected]\install.rdf

Filesize
677B

MD5
33c0dbee594e52e60b7f2c30792c9b14

SHA1
b453c16e093673ba67ce68cd3e33614755ed63e9

SHA256
a3f45d6e0b33b568118c46c82ba1fd134c193b51642d6a85c5054695450182fb

SHA512
1914f9b3ccc19f7245de72490325ee878447ebdc309c3a7e3baf49f2efa10fd440759e21d8e1de83601c1272c4625765f7cae1ec5b09a6cf3b1468c65b1d2952

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS9A8A.tmp\background.html

Filesize
5KB

MD5
95a49eb95cc69057df90938b05927999

SHA1
263b6fa8478ae7cf78496fead424a6b700dcf18d

SHA256
5218bebc4c2671b9f5f5081b635e5f6939cf4d03f3b39980370e8bf408a9faa8

SHA512
1d2e57a36d9617afc4c392d7fbed31b17ec04e8691f0f995267848625a802489269c0f43eef231e4d8270cf804f7c851104f885283bd7a44aa36d7dd45e0c3ea

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS9A8A.tmp\bhoclass.dll

Filesize
139KB

MD5
4b35f6c1f932f52fa9901fbc47b432df

SHA1
8e842bf068b04f36475a3bf86c5ea6a9839bbb5e

SHA256
2b4d643a8a14f060bf3885f872b36e5e1fe1e777ad94783ba9593487c8e1f196

SHA512
8716b9a8e46933bf29348254a68d1a21392bdbbe3b4d5010e55fe638d02cc04eb685e424d440f7c5b58ffbca82e5772dd95bef73fa831595c2ae9599f3b05a99

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS9A8A.tmp\content.js

Filesize
385B

MD5
e5f6e3036a1823858c56688645578c3d

SHA1
41350e7bfb9beeed6446a9641536f9bccb35d581

SHA256
3a60704218d0596690017a34e7dc068cdbdcb62ef48937d26188185fad53360b

SHA512
9256c29395e51fbbfa7d7c821c903beff5b3f59da6a779dc22be67ce2d8fa53b023d1e51315cb82bdc0811e9c034f18f9090e308980a2bb9a5b2dd3aa2bb8349

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS9A8A.tmp\dpgkoeinjnkgcieloaioiohencfcjjjc.crx

Filesize
37KB

MD5
ad13655dcd64d212c8fcadb25920e228

SHA1
b27d7291565bfef51dcb01e993d672c1d21b8d82

SHA256
201f4b083a0f62fc220ab83a018b70cb38d9ecb525ff6c1b41d4df989afa4a77

SHA512
7289374b3f6c05d0cb0c57a4509f558455702a4b795e892a43cbaac32bfb6e883d5bc106e0fa3c6b64e226f2de5bb7fde2622e872c10af9c8e5fea40626d0b64

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS9A8A.tmp\settings.ini

Filesize
599B

MD5
131223450dc8ade34bcd2162294a7696

SHA1
9a82a8aeb8076ccb7c4b9f2b00df95cb6967cb21

SHA256
4298818d4f6a2f939012020850a91d1f63d846d706ef248208d09a377427fbfa

SHA512
ba397d3f6f06b1997e079254157e49d43eb68a05a95966ffd7de4aaaf703a9e35156c46ef75293941d659e3acfe8cbdea553839395f2fdeffc4e085f0c120000

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS9A8A.tmp\setup.exe

Filesize
61KB

MD5
201d2311011ffdf6c762fd46cdeb52ab

SHA1
65c474ca42a337745e288be0e21f43ceaafd5efe

SHA256
15c0e4fd6091cda70fa308ea5ee956996f6eb23d24e44700bd5c74bf111cf2aa

SHA512
235d70114f391d9e7a319d94bdfc49665d147723379de7487ef76cfc968f7faa3191153b32ba1ab466caeeeeef4852381529a168c3acca9a8d5a26dfe0436f6b

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads