cff25f373e758c9fa3f6018bc23bb1d7569940ab0012198d31b576daa5cbb1db

Analysis

max time kernel
135s
max time network
123s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
22/07/2024, 11:46

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

631af9f7425755bf7a0ce197e6de32ad_JaffaCakes118.exe
Size

257KB
MD5

631af9f7425755bf7a0ce197e6de32ad
SHA1

c888982f57df21103770fae2bfc8905abe39703d
SHA256

cff25f373e758c9fa3f6018bc23bb1d7569940ab0012198d31b576daa5cbb1db
SHA512

4e714b42ded7484abf2cac6fdbbbadc6642e932dd2ea1e25e6c16df191f5a626ed2840197d1756adf7e23e3d04ec06e2a46667ba2e86b09eb1e8d8f48212de08
SSDEEP

6144:91OgDPdkBAFZWjadD4sUa2P0URMhPia53OnEAngdyDi:91OgLdalagfRMhPia532gCi

Score

7^/10

adware discovery spyware stealer

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
840	setup.exe

Loads dropped DLL 2 IoCs

pid	Process
840	setup.exe
840	setup.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Installs/modifies Browser Helper Object 2 TTPs 4 IoCs

BHOs are DLL modules which act as plugins for Internet Explorer.

stealer adware

Modify Registry

T1112

Browser Extensions

T1176

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E5D98E39-A29A-A46A-912E-8E619910B31C}	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E5D98E39-A29A-A46A-912E-8E619910B31C}\ = "wxDfast"	setup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E5D98E39-A29A-A46A-912E-8E619910B31C}\NoExplorer = "1"	setup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E5D98E39-A29A-A46A-912E-8E619910B31C}	setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

NSIS installer 4 IoCs

installer

resource	yara_rule
behavioral2/files/0x000700000002352d-23.dat	nsis_installer_1
behavioral2/files/0x000700000002352d-23.dat	nsis_installer_2
behavioral2/files/0x0007000000023543-84.dat	nsis_installer_1
behavioral2/files/0x0007000000023543-84.dat	nsis_installer_2

Modifies registry class 63 IoCs

description	ioc	Process
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E5D98E39-A29A-A46A-912E-8E619910B31C}\Programmable	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\ = "IInjectorBHO"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\TypeLib\ = "{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.dll.bhoclass.dll	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.dll.bhoclass.dll\CLSID\ = "{E5D98E39-A29A-A46A-912E-8E619910B31C}"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0\0	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0\HELPDIR\ = "C:\\ProgramData\\wxDfast"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\TypeLib	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\TypeLib	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\TypeLib	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0\FLAGS	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.dll.bhoclass.dll.1.0	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E5D98E39-A29A-A46A-912E-8E619910B31C}	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E5D98E39-A29A-A46A-912E-8E619910B31C}\ProgID	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E5D98E39-A29A-A46A-912E-8E619910B31C}\VersionIndependentProgID\ = "bhoclass.dll"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E5D98E39-A29A-A46A-912E-8E619910B31C}\InprocServer32	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0\ = "Injector 1.0 Type Library"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0\FLAGS\ = "0"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\TypeLib\ = "{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\ = "IInjectorBHO"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\ProxyStubClsid32	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\ = "ILocalStorage"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.dll.bhoclass.dll\CurVer\ = "bhoclass.dll.1.0"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\TypeLib\Version = "1.0"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E5D98E39-A29A-A46A-912E-8E619910B31C}\VersionIndependentProgID	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E5D98E39-A29A-A46A-912E-8E619910B31C}\Programmable	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E5D98E39-A29A-A46A-912E-8E619910B31C}\InprocServer32\ = "C:\\ProgramData\\wxDfast\\bhoclass.dll"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0\HELPDIR	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\TypeLib\Version = "1.0"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E5D98E39-A29A-A46A-912E-8E619910B31C}\ = "wxDfast Class"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0\0\win32	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.dll.bhoclass.dll.1.0\CLSID\ = "{E5D98E39-A29A-A46A-912E-8E619910B31C}"	setup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E5D98E39-A29A-A46A-912E-8E619910B31C}	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\TypeLib\Version = "1.0"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.dll.bhoclass.dll.1.0\CLSID	setup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E5D98E39-A29A-A46A-912E-8E619910B31C}\InprocServer32	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\TypeLib\ = "{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.dll.bhoclass.dll\ = "wxDfast"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\ = "ILocalStorage"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.dll.bhoclass.dll\CurVer	setup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E5D98E39-A29A-A46A-912E-8E619910B31C}\ProgID	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0\0\win32\ = "C:\\ProgramData\\wxDfast\\bhoclass.dll"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\TypeLib\ = "{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.dll.bhoclass.dll\CLSID	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E5D98E39-A29A-A46A-912E-8E619910B31C}\ProgID\ = "bhoclass.dll.1.0"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\ProxyStubClsid32	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\TypeLib	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\ProxyStubClsid32	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\TypeLib\Version = "1.0"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.dll.bhoclass.dll.1.0\ = "wxDfast"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E5D98E39-A29A-A46A-912E-8E619910B31C}\InprocServer32\ThreadingModel = "Apartment"	setup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E5D98E39-A29A-A46A-912E-8E619910B31C}\VersionIndependentProgID	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\ProxyStubClsid32	setup.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2528 wrote to memory of 840	2528	631af9f7425755bf7a0ce197e6de32ad_JaffaCakes118.exe	85
PID 2528 wrote to memory of 840	2528	631af9f7425755bf7a0ce197e6de32ad_JaffaCakes118.exe	85
PID 2528 wrote to memory of 840	2528	631af9f7425755bf7a0ce197e6de32ad_JaffaCakes118.exe	85

System policy modification 1 TTPs 2 IoCs

evasion

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{E5D98E39-A29A-A46A-912E-8E619910B31C} = "1"	setup.exe

C:\Users\Admin\AppData\Local\Temp\631af9f7425755bf7a0ce197e6de32ad_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\631af9f7425755bf7a0ce197e6de32ad_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2528
- C:\Users\Admin\AppData\Local\Temp\7zSB2F4.tmp\setup.exe
  .\setup.exe /s
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Installs/modifies Browser Helper Object
  - Modifies registry class
  - System policy modification
  PID:840

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Browser Extensions

T1176

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\wxDfast\bhoclass.dll

Filesize
164KB

MD5
474a025909c75c607905b9e2cae8a56f

SHA1
83ed7383c8aa53c6134a2b0a701b7b272c5c7c1e

SHA256
25ab733f417a9def519ff2443f38cff31baa02743cac803f53f662c875b9be5f

SHA512
29d14b6143a45c76904beb6d7ba2d8020f13cd407c66d6eed8825b9e722138f11945a3747988beda0f5bf33acbcb3fcdf8a411a2fc9b07fe501938dc590d03f1

Download Submit
C:\ProgramData\wxDfast\uninstall.exe

Filesize
48KB

MD5
a724dac649142fef71fe4b529684e969

SHA1
e2878e84886ec53a1332ad969a825062526b5cd4

SHA256
b58c58b5073034d74c5d93902bbb9d402be063e907bdf77115b55bbb99af21dc

SHA512
9f475ad52fa2b7f82e74df87c02e42f937b5e3b62773b7d51cb53facfcc8b4934ad3c2fc21496cfabaa4dd103a309ed5cccad1ad3d6037f6c4f3a540e3e9d5b3

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSB2F4.tmp\[email protected]\bootstrap.js

Filesize
2KB

MD5
b9165e81934c746e3a33afc6bde86143

SHA1
ce38f37d26d5fa6309f4d42cbf470bc4a884b100

SHA256
3edbe3448cc74e7862db06fb08a8250c044a6aadbbea35a365560080eaaa3624

SHA512
fab8731e561554bf3ac4a32950a4111d3bca7d9223727ed6eccca598777bd697606a11f658eae3d28f6dae16faf40fda7387d0e25cd8f3cb750c871f77178bc8

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSB2F4.tmp\[email protected]\chrome.manifest

Filesize
116B

MD5
89da154bf8813dac92eaefbf55ceb507

SHA1
51ccf9180400ac4af880e60084a5c10cfeceb27a

SHA256
19de5f1f8243b4944c82dc2d286f38ba69d6ad07fc4a11b7a4cb24fddc39fc6a

SHA512
a087d02e6022ceea7b3bceb07403d4c715ae3e5cb202b7acb3c802bade7d8c8ba61383b7f15428c361426717bb650d034dab27cebcf19d08b50346a8ee59f29e

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSB2F4.tmp\[email protected]\content\bg.js

Filesize
8KB

MD5
98620f0cd76e022334467bb21d481f71

SHA1
19279d34f46f61a70982c5fd4d00782714f1f941

SHA256
7f20ca9e51fc9ba33b366e2e352fd6fb98210e32c950f99e702b6927235eb28a

SHA512
b5f13597a86f131892f2c05025269a59e39e786b22bb94177c719af0f43ad8a395521e082f969ea2ef165e77ec9e1b3234249b84dde43031575dd40023b18004

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSB2F4.tmp\[email protected]\content\zy.xul

Filesize
225B

MD5
eeae99c171201ccb18c10bad6109c4f1

SHA1
16f8970c32a21ac1a8285480889b59fc546f4559

SHA256
824d65781f16b244866823b1732547d2ecd35c6e3c960f6725e50d3edeb18068

SHA512
a2d6ebfd33380caa2de3cbf04aaa44391913777671e8af7b16ea353eabfac65dc25f3e09ea4548a12f99c302a94a562e6f11969c1b16c69c0b21d80b175cc2d3

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSB2F4.tmp\[email protected]\install.rdf

Filesize
714B

MD5
e7d036454fe32fa6ee233f34eb8a2c39

SHA1
5aec3f55e652543385cd8f9945405a3f63edd38c

SHA256
829f91cb09888b3a5f0f474aaa6cd009008eb4a8f5725578334b6eb007651f7f

SHA512
a7133b215821d2e5a7e1fa47c0c6a95e2d8d0ded0f7e4a28426a17981c01d13559d60e7c0e9823ae84b4aa13caacff8183b7a69aab123b21c60c012b40f519be

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSB2F4.tmp\background.html

Filesize
4KB

MD5
1bf17a6911aac8f212174a93b389115d

SHA1
b44a63ba16456a61e15c575c82706b59f074d9c0

SHA256
f7a239356cad4d4ab0a81cb343439f0f84a8f39c90d4d74572f5e70e8c1b1595

SHA512
1136fc4b7b457bccd388b730a87becc856a1e82654f6293bdc350b9e37b7d01ca9c1cb07377d86c0e518f8e983e79d231a0948404048db80cde3a621d51c738c

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSB2F4.tmp\content.js

Filesize
385B

MD5
4d03176c8312d47977d4ece65aac313c

SHA1
f5f04911e9f76732465a581874f68cde5693fd5c

SHA256
4ddd82cf485ad5cde171f827c012cd9614a151d1bb38567546a42def9548f08d

SHA512
55f25fe499309330ef91f82802a148f5a9a12b2e5d9316116b14855885975286f3a9c5b73e9dfc95a110b98079b40205817949cb4158bc74fd305d96870cd9fc

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSB2F4.tmp\dhopmaeeahlkkjnecifhgemddmgpgepj.crx

Filesize
3KB

MD5
aaee2dd323efcc96ee347edcf59c47e3

SHA1
0231813c7e61e2ede5210ee145661cdcbb95c3dc

SHA256
4abf0f7d5ea84574ea86a5cf7c7c5bd74008556cd825b8b923eea849c8d55f6d

SHA512
2f0ff2f51ed9053c09f5148cec178e43f931c2b3851ee9638f62dc5da7f2495ab9087429774d7f82e4ea44646767ff4bf21330b363e4f5a27663cd4c450c73b8

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSB2F4.tmp\settings.ini

Filesize
892B

MD5
b57cadd8e06e65a57d88da1b30fc5895

SHA1
9a3deee4da4627f62ee2f267d664ed910b4fe86a

SHA256
de69ca997d465ca201cbb71f07d0b19f2d513e55208f1fba7665502c22628797

SHA512
1bb025ae798841c5e2537d104e9cf0e81cd814e10473c345ea5de81dc960ba60a1863a05879e077d7eca7a6948541083a0b91763dd949e738c8e91ca669ff650

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSB2F4.tmp\setup.exe

Filesize
65KB

MD5
4ccf1a317aa8539c857835e4ebe9c806

SHA1
223b73d09d7398f40aff3ccc569e66cae3886ee9

SHA256
4529889c5575cd4e28b3691f0489c806442840292a9e459ada4dab3e024cc242

SHA512
ecab68799b5a51c7d2a3735a9b3c17ba20a315618aa9575a5b02d5d4535716966031a26982012669f069dbfd8a6ab62f95737b7c402bf680f3a498900f627312

Download Submit
C:\Users\Admin\AppData\Local\Temp\nstB48C.tmp\UserInfo.dll

Filesize
4KB

MD5
7579ade7ae1747a31960a228ce02e666

SHA1
8ec8571a296737e819dcf86353a43fcf8ec63351

SHA256
564c80dec62d76c53497c40094db360ff8a36e0dc1bda8383d0f9583138997f5

SHA512
a88bc56e938374c333b0e33cb72951635b5d5a98b9cb2d6785073cbcad23bf4c0f9f69d3b7e87b46c76eb03ced9bb786844ce87656a9e3df4ca24acf43d7a05b

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads