3959d5acedd8aec497f626124d1544d7e6859e648c05d7bea0d14a32e1198ebe

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
19/07/2024, 09:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5b6f135d70fba8944d423ce199dfea2b_JaffaCakes118.exe
Size

313KB
MD5

5b6f135d70fba8944d423ce199dfea2b
SHA1

7b4e0a6643d386642f7c79eed366b427ba57ed36
SHA256

3959d5acedd8aec497f626124d1544d7e6859e648c05d7bea0d14a32e1198ebe
SHA512

8b08942c68dea9791e71c68ba7c0eaabbdd4cb3bc2f0733221516e2b2fa995b8f871a8011d6f3f2c4bdfc607cedceb63564b9d0ca5b83316bccee0af637c61f0
SSDEEP

6144:91OgDPdkBAFZWjadD4sqfmJa/LbZWaZSRvPXxUJqrfK+y4xW:91OgLdaJdZWastX0qrS4xW

Score

7^/10

adware discovery spyware stealer

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2692	setup.exe

Loads dropped DLL 6 IoCs

pid	Process
2116	5b6f135d70fba8944d423ce199dfea2b_JaffaCakes118.exe
2692	setup.exe
2692	setup.exe
2692	setup.exe
2692	setup.exe
2692	setup.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Installs/modifies Browser Helper Object 2 TTPs 4 IoCs

BHOs are DLL modules which act as plugins for Internet Explorer.

stealer adware

Modify Registry

T1112

Browser Extensions

T1176

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{4166304C-1F1B-A3F3-FCAD-C18CA98188B7}	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{4166304C-1F1B-A3F3-FCAD-C18CA98188B7}\ = "ADDICT-THING"	setup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{4166304C-1F1B-A3F3-FCAD-C18CA98188B7}\NoExplorer = "1"	setup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{4166304C-1F1B-A3F3-FCAD-C18CA98188B7}	setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

NSIS installer 4 IoCs

installer

resource	yara_rule
behavioral1/files/0x0005000000019506-30.dat	nsis_installer_1
behavioral1/files/0x0005000000019506-30.dat	nsis_installer_2
behavioral1/files/0x0005000000019dc7-99.dat	nsis_installer_1
behavioral1/files/0x0005000000019dc7-99.dat	nsis_installer_2

Modifies registry class 63 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho\CLSID	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4166304C-1F1B-A3F3-FCAD-C18CA98188B7}\ = "ADDICT-THING Class"	setup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4166304C-1F1B-A3F3-FCAD-C18CA98188B7}\Programmable	setup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4166304C-1F1B-A3F3-FCAD-C18CA98188B7}\VersionIndependentProgID	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho\CLSID\ = "{4166304C-1F1B-A3F3-FCAD-C18CA98188B7}"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4166304C-1F1B-A3F3-FCAD-C18CA98188B7}\ProgID	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4166304C-1F1B-A3F3-FCAD-C18CA98188B7}\VersionIndependentProgID\ = "bhoclass.bho"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4166304C-1F1B-A3F3-FCAD-C18CA98188B7}\InprocServer32\ = "C:\\ProgramData\\ADDICT-THING\\bhoclass.dll"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0\HELPDIR\ = "C:\\ProgramData\\ADDICT-THING"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\ = "IInjectorBHO"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\TypeLib\ = "{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\TypeLib\ = "{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\TypeLib	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\ProxyStubClsid32	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho.1.0\CLSID	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\TypeLib\ = "{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4166304C-1F1B-A3F3-FCAD-C18CA98188B7}\ProgID\ = "bhoclass.bho.1.0"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0\0	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\ProxyStubClsid32	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0\0\win32	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0\HELPDIR	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4166304C-1F1B-A3F3-FCAD-C18CA98188B7}\VersionIndependentProgID	setup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4166304C-1F1B-A3F3-FCAD-C18CA98188B7}	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\TypeLib\Version = "1.0"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho.1.0\CLSID\ = "{4166304C-1F1B-A3F3-FCAD-C18CA98188B7}"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0\FLAGS	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\TypeLib	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho\ = "ADDICT-THING"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4166304C-1F1B-A3F3-FCAD-C18CA98188B7}	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4166304C-1F1B-A3F3-FCAD-C18CA98188B7}\Programmable	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4166304C-1F1B-A3F3-FCAD-C18CA98188B7}\InprocServer32	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\ = "IInjectorBHO"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho.1.0\ = "ADDICT-THING"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0\ = "Injector 1.0 Type Library"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\TypeLib\Version = "1.0"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\TypeLib\Version = "1.0"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho.1.0	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho\CurVer\ = "bhoclass.bho.1.0"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\TypeLib	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\TypeLib\Version = "1.0"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4166304C-1F1B-A3F3-FCAD-C18CA98188B7}\InprocServer32\ThreadingModel = "Apartment"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\ = "ILocalStorage"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\TypeLib	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho\CurVer	setup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4166304C-1F1B-A3F3-FCAD-C18CA98188B7}\InprocServer32	setup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4166304C-1F1B-A3F3-FCAD-C18CA98188B7}\ProgID	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0\FLAGS\ = "0"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\ = "ILocalStorage"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0\0\win32\ = "C:\\ProgramData\\ADDICT-THING\\bhoclass.dll"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\ProxyStubClsid32	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\TypeLib\ = "{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\ProxyStubClsid32	setup.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2116 wrote to memory of 2692	2116	5b6f135d70fba8944d423ce199dfea2b_JaffaCakes118.exe	30
PID 2116 wrote to memory of 2692	2116	5b6f135d70fba8944d423ce199dfea2b_JaffaCakes118.exe	30
PID 2116 wrote to memory of 2692	2116	5b6f135d70fba8944d423ce199dfea2b_JaffaCakes118.exe	30
PID 2116 wrote to memory of 2692	2116	5b6f135d70fba8944d423ce199dfea2b_JaffaCakes118.exe	30
PID 2116 wrote to memory of 2692	2116	5b6f135d70fba8944d423ce199dfea2b_JaffaCakes118.exe	30
PID 2116 wrote to memory of 2692	2116	5b6f135d70fba8944d423ce199dfea2b_JaffaCakes118.exe	30
PID 2116 wrote to memory of 2692	2116	5b6f135d70fba8944d423ce199dfea2b_JaffaCakes118.exe	30

System policy modification 1 TTPs 2 IoCs

evasion

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{4166304C-1F1B-A3F3-FCAD-C18CA98188B7} = "1"	setup.exe

C:\Users\Admin\AppData\Local\Temp\5b6f135d70fba8944d423ce199dfea2b_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5b6f135d70fba8944d423ce199dfea2b_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2116
- C:\Users\Admin\AppData\Local\Temp\7zSA12F.tmp\setup.exe
  .\setup.exe /s
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Installs/modifies Browser Helper Object
  - Modifies registry class
  - System policy modification
  PID:2692

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Browser Extensions

T1176

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\ADDICT-THING\uninstall.exe

Filesize
46KB

MD5
2628f4240552cc3b2ba04ee51078ae0c

SHA1
5b0cca662149240d1fd4354beac1338e97e334ea

SHA256
03c965d0bd9827a978ef4080139533573aa800c9803599c0ce91da48506ad8f6

SHA512
6ecfcc97126373e82f1edab47020979d7706fc2be39ca792e8f30595133cd762cd4a65a246bee9180713e40e61efa373ecfb5eb72501ee18b38f13e32e61793b

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSA12F.tmp\[email protected]\chrome.manifest

Filesize
114B

MD5
04403ced98872da6fee442f517833ae2

SHA1
7ee11c396ae495d5f0e94f94987536268c11673f

SHA256
234adb0556aec6078b59c026b9084180864b13ec29fc238263ae4c1645d71b1f

SHA512
86fe5654c575cd255558bf529f20f366890da53b3364f1936c0af0d1cb2bb9d08eeacec826600e4a16c95fbfd904e464c9391eedd0106500ed4f4d97b60a9db2

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSA12F.tmp\[email protected]\content\indexeddb.js

Filesize
1KB

MD5
6519522141dc2e23d6ca9817e5825d69

SHA1
8d27d53854b8f804b2337a91ddad81dd10dfde39

SHA256
139f768c20af209021d5390eea62aa1e8d5ec4bb57158b114728a8a57361340f

SHA512
0fd7516c8dac3fb9431d5aca93924e09e3a7115f56b84b1de3c2b74e95ea5a7e6e1263155e8ba78ff90e2249847818fc8ebc4c65930b94a5b78633433fdc203f

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSA12F.tmp\[email protected]\content\jquery.js

Filesize
91KB

MD5
4bab8348a52d17428f684ad1ec3a427e

SHA1
56c912a8c8561070aee7b9808c5f3b2abec40063

SHA256
3739b485ac39b157caa066b883e4d9d3f74c50beff0b86cd8a24ce407b179a23

SHA512
a693069c66d8316d73a3c01ed9e6a4553c9b92d98b294f0e170cc9f9f5502c814255f5f92b93aeb07e0d6fe4613f9a1d511e1bfd965634f04e6cf18f191a7480

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSA12F.tmp\[email protected]\content\jsext.js

Filesize
6KB

MD5
7d0d055a9b7d4d530a1b6f017318bde6

SHA1
8caa098897a604c6680778800aa26ab88bfaeb35

SHA256
76ed8888b450af3edf415dbe1d81169fdee0182813463905ac7d8f8a474f63e8

SHA512
4aa62f10130708e118fcf912a52a5b76c10261ba9be519ecb435dc2855a39c3ae7a3652dfa80b2967059d0b2f1db95d2f0931c9ab04c91c36cd02c02dd88d813

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSA12F.tmp\[email protected]\content\lsdb.js

Filesize
1KB

MD5
3cb548b687318fb2851f70455e498445

SHA1
97b3c50400ccaada01bb58d9048f7bb5ba3b6a8c

SHA256
f949364e70d8671caa6c5e12e2879c331e42c5886af75e80c1d61c952274af81

SHA512
10ecb6889a3cb558f0405f03d1cee10f1622a8827c6607dc46e398e3f70998d4feb6bdec2839f480595acc3d38a90e8b2169df6b8c2fb89065769f92cecf662f

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSA12F.tmp\[email protected]\content\prfdb.js

Filesize
1KB

MD5
7f9cc18ed5ea9438a258f361fdfe68c2

SHA1
822222a01fed5c6651b509ff876d0a11629c8386

SHA256
5691f11587190e38c7dc0b0dd6589b34b156b31a29ff0dbd95195f8cdaaafd1f

SHA512
faf297cf99ce6e52e80ce0f9267040978b8c40e8b54188524847dd6e5ae47fc773a5910d6f0b1bd1030d1f2e83f22fdeb96d115c61713e168b66fa1de8f731d7

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSA12F.tmp\[email protected]\content\sqlite.js

Filesize
1KB

MD5
cf040bf2f0cc28135b183974f51ae6bc

SHA1
00a10e9dc898c4f9f6fddaaa49a682401a8c4e4f

SHA256
16dfb77e88c4d5cf866e0d253a9799ad72f14d8770c31b3aa072c8fa641969b2

SHA512
dee7d679d09ad6c7b940726bff77c4ff17e5629cee8644f2e54f06fdfbbc2d65b0efd250ed7f69fb3ea484f0a2dc1096a7f4217ff4db8b3645863f5dc17fb52a

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSA12F.tmp\[email protected]\content\wx.xul

Filesize
228B

MD5
3aa030434c9fdccd284b57e09358d01b

SHA1
b0933922767785c46b945960e1a4bf3195c988d2

SHA256
fe510fafbf10dee3ef7de81e6b3d0b961f661f04917c2a679787fa0d5c729701

SHA512
5ba427b8c918a5d492cb0b5502501deb860cf7a693180e210b7b0cda552669f1ad4c4388f11a8433e8d65b921608f5300f5244e65bd2c982312c4f5315942d56

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSA12F.tmp\[email protected]\install.rdf

Filesize
677B

MD5
526c36f1e43a09a7ca8879756f3d88da

SHA1
f1ab54b325b6bcda5d77a3ae6bbf7180b0da863f

SHA256
1e33c1ca0fb0a1af3683bd432c27ea382312f47ce4c45e3592bf599e7a9275ee

SHA512
933d368b3ee1f588e097e7e58dfd184432ec182c31dd16d5897e0dbd8fdf88c78944487f0850b23751dc125c9a1559707d61e34668ea47d3e591c7b54804a97a

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSA12F.tmp\background.html

Filesize
5KB

MD5
ad2d19121f83fdc25366098ee278dfa1

SHA1
4be0724ccdaf400de0022a3b93afa2cf73ea79e7

SHA256
9521d20a9e36ba7be56bccf1f7e9edead99652695a26ec6d1e75cfe5c5b131b7

SHA512
cdc08daca7ef8b4576fc742cd6dd30f4fd7c8929aac29bcc512975dca33f217395e91a3e368a0f6ccc74a004d6c640d32d77aa9b17d5bb123349b7af45d1a59c

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSA12F.tmp\content.js

Filesize
387B

MD5
23786cb0611cbcab8ba2530b702ffc3b

SHA1
35eacee6a39c3d431003a7ffe926e1d9702c9302

SHA256
4a50309baaa1a2e1170d21b497831337008db1a02d2010129a9cb7c7e8a6d293

SHA512
d428bf986362323c589d50ac33d82f93a96e9a2d30e81c6a148f2e7e8573fa64a8e5bfa4b6619af5292c27ea4805e2d01d1a559af9a610e546214c4b5e369186

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSA12F.tmp\hhooipdpdpedcnfddjajefbnglogjjke.crx

Filesize
37KB

MD5
da69e00229e292716124a00e9a726a8d

SHA1
cb4c1a40c451ffb0190782e76aa23b4cec2a605c

SHA256
7f1a14690d500aacf4af6d7c391fa225336bdfff29edd2b1da9af0a75caae207

SHA512
bc5dfb50e155fb8905d8efe88b8a506524b71ad7661a1b4dc50b012b01cedd2b121a810d37dac8cd85ffa1b40170586e184351305445d20ebda87f883d92646f

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSA12F.tmp\settings.ini

Filesize
610B

MD5
fae4c9e854dcd37cc20d9db53bc6c3ef

SHA1
6e59da458783b89c2d17150f440cf59d207aaa48

SHA256
8960a5211fce4cca7655879f0b8ead3d1152606c04664f78e7d0df23c16cf7f7

SHA512
95f9653e845dcc64f67b7f4813fb4f7ae10c7d621805e8d7f3aa36b2413832a682285363db4e0fef444d985478bfebd7287d6f33bd97e2cc4972ad87ca4d19f4

Download Submit
\ProgramData\ADDICT-THING\bhoclass.dll

Filesize
137KB

MD5
ac13c733379328f86568f6e514c2f7f8

SHA1
338901240fedcef4e3892fd4c723c89154f4de05

SHA256
7bf09b5c2a9b6348227199c1b3951b57907ca6a5c215a04ad8d5e43232f5b562

SHA512
35f69a82694a2ea4268a3dde7940af6bd1c87a32d93a72723464f90e4e818805be9e80872469d1cc29150a9aac872fc78613a584baa1327dfa8478c2de5672c4

Download Submit
\Users\Admin\AppData\Local\Temp\7zSA12F.tmp\setup.exe

Filesize
61KB

MD5
201d2311011ffdf6c762fd46cdeb52ab

SHA1
65c474ca42a337745e288be0e21f43ceaafd5efe

SHA256
15c0e4fd6091cda70fa308ea5ee956996f6eb23d24e44700bd5c74bf111cf2aa

SHA512
235d70114f391d9e7a319d94bdfc49665d147723379de7487ef76cfc968f7faa3191153b32ba1ab466caeeeeef4852381529a168c3acca9a8d5a26dfe0436f6b

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads