7bdb417a0d3ebe6917b4a6cb90d052a11b49fee750e44d57bc4dd51bd8cf1146

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
23/07/2024, 10:08

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

67256775910b009d4e7c08240ebb044d_JaffaCakes118.exe
Size

251KB
MD5

67256775910b009d4e7c08240ebb044d
SHA1

0ff830d0b164bfc42c0c446a73b4d0b560fed24f
SHA256

7bdb417a0d3ebe6917b4a6cb90d052a11b49fee750e44d57bc4dd51bd8cf1146
SHA512

5661fe8531ef5e013b6b875cac795e216856e831b49731900f83eeedb6863c3792c0d03e4a5496cc9fd1929a02940485c6683c6347e2631fc53e5800f66cdb74
SSDEEP

6144:91OgDPdkBAFZWjadD4sGZKY9m8b0GZuiljYE2NrN61h:91OgLdadK2m84quilkl6z

Score

7^/10

adware discovery spyware stealer

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2112	setup.exe

Loads dropped DLL 6 IoCs

pid	Process
2416	67256775910b009d4e7c08240ebb044d_JaffaCakes118.exe
2112	setup.exe
2112	setup.exe
2112	setup.exe
2112	setup.exe
2112	setup.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Installs/modifies Browser Helper Object 2 TTPs 4 IoCs

BHOs are DLL modules which act as plugins for Internet Explorer.

stealer adware

Modify Registry

T1112

Browser Extensions

T1176

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{6712891B-7E34-6B5C-65E0-90BEBD85AF3E}	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{6712891B-7E34-6B5C-65E0-90BEBD85AF3E}\ = "wxDfast"	setup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{6712891B-7E34-6B5C-65E0-90BEBD85AF3E}\NoExplorer = "1"	setup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{6712891B-7E34-6B5C-65E0-90BEBD85AF3E}	setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

NSIS installer 4 IoCs

installer

resource	yara_rule
behavioral1/files/0x00060000000175f0-22.dat	nsis_installer_1
behavioral1/files/0x00060000000175f0-22.dat	nsis_installer_2
behavioral1/files/0x000500000001944b-79.dat	nsis_installer_1
behavioral1/files/0x000500000001944b-79.dat	nsis_installer_2

Modifies registry class 63 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\ = "IInjectorBHO"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\ProxyStubClsid32	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho.1.0\CLSID	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\ProxyStubClsid32	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\TypeLib\Version = "1.0"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0\0\win32	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\TypeLib\Version = "1.0"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\TypeLib\ = "{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho\CLSID	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho\CurVer\ = "bhoclass.bho.1.0"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6712891B-7E34-6B5C-65E0-90BEBD85AF3E}	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6712891B-7E34-6B5C-65E0-90BEBD85AF3E}\ProgID\ = "bhoclass.bho.1.0"	setup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6712891B-7E34-6B5C-65E0-90BEBD85AF3E}	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\TypeLib\ = "{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\ProxyStubClsid32	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho.1.0\ = "wxDfast"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho\CLSID\ = "{6712891B-7E34-6B5C-65E0-90BEBD85AF3E}"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6712891B-7E34-6B5C-65E0-90BEBD85AF3E}\ = "wxDfast Class"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\TypeLib\Version = "1.0"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho.1.0\CLSID\ = "{6712891B-7E34-6B5C-65E0-90BEBD85AF3E}"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0\ = "Injector 1.0 Type Library"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\TypeLib	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6712891B-7E34-6B5C-65E0-90BEBD85AF3E}\VersionIndependentProgID\ = "bhoclass.bho"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0\FLAGS\ = "0"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\TypeLib\ = "{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho\CurVer	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6712891B-7E34-6B5C-65E0-90BEBD85AF3E}\InprocServer32\ThreadingModel = "Apartment"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0\0\win32\ = "C:\\ProgramData\\wxDfast\\bhoclass.dll"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0\HELPDIR	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\ = "ILocalStorage"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6712891B-7E34-6B5C-65E0-90BEBD85AF3E}\VersionIndependentProgID	setup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6712891B-7E34-6B5C-65E0-90BEBD85AF3E}\ProgID	setup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6712891B-7E34-6B5C-65E0-90BEBD85AF3E}\VersionIndependentProgID	setup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6712891B-7E34-6B5C-65E0-90BEBD85AF3E}\Programmable	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0\HELPDIR\ = "C:\\ProgramData\\wxDfast"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\TypeLib	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\TypeLib	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6712891B-7E34-6B5C-65E0-90BEBD85AF3E}\Programmable	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6712891B-7E34-6B5C-65E0-90BEBD85AF3E}\InprocServer32\ = "C:\\ProgramData\\wxDfast\\bhoclass.dll"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\ = "IInjectorBHO"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\TypeLib\Version = "1.0"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\TypeLib\ = "{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6712891B-7E34-6B5C-65E0-90BEBD85AF3E}\InprocServer32	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0\FLAGS	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}	setup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6712891B-7E34-6B5C-65E0-90BEBD85AF3E}\InprocServer32	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\TypeLib	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\ = "ILocalStorage"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho\ = "wxDfast"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6712891B-7E34-6B5C-65E0-90BEBD85AF3E}\ProgID	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho.1.0	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0\0	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\ProxyStubClsid32	setup.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2416 wrote to memory of 2112	2416	67256775910b009d4e7c08240ebb044d_JaffaCakes118.exe	30
PID 2416 wrote to memory of 2112	2416	67256775910b009d4e7c08240ebb044d_JaffaCakes118.exe	30
PID 2416 wrote to memory of 2112	2416	67256775910b009d4e7c08240ebb044d_JaffaCakes118.exe	30
PID 2416 wrote to memory of 2112	2416	67256775910b009d4e7c08240ebb044d_JaffaCakes118.exe	30
PID 2416 wrote to memory of 2112	2416	67256775910b009d4e7c08240ebb044d_JaffaCakes118.exe	30
PID 2416 wrote to memory of 2112	2416	67256775910b009d4e7c08240ebb044d_JaffaCakes118.exe	30
PID 2416 wrote to memory of 2112	2416	67256775910b009d4e7c08240ebb044d_JaffaCakes118.exe	30

System policy modification 1 TTPs 2 IoCs

evasion

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{6712891B-7E34-6B5C-65E0-90BEBD85AF3E} = "1"	setup.exe

C:\Users\Admin\AppData\Local\Temp\67256775910b009d4e7c08240ebb044d_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\67256775910b009d4e7c08240ebb044d_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2416
- C:\Users\Admin\AppData\Local\Temp\7zS902F.tmp\setup.exe
  .\setup.exe /s
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Installs/modifies Browser Helper Object
  - Modifies registry class
  - System policy modification
  PID:2112

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Browser Extensions

T1176

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\wxDfast\uninstall.exe

Filesize
46KB

MD5
8be20144dbd200c6de0c9430ed9280cf

SHA1
b81e3aacaaedd66ef0896acabc6983c94758e2b4

SHA256
634557ab79a29fe800721bc5f146a9b86799b72eb6755e821492f85ca66818a6

SHA512
fd7db954002be6332c8c6f4500fc38c1d5286022bb56f21b97567e837ee3d5a3c6db08cabcd2ffe405e7180918d6bb0b57b330703a9d045851901d01115ff94e

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS902F.tmp\[email protected]\bootstrap.js

Filesize
2KB

MD5
b9165e81934c746e3a33afc6bde86143

SHA1
ce38f37d26d5fa6309f4d42cbf470bc4a884b100

SHA256
3edbe3448cc74e7862db06fb08a8250c044a6aadbbea35a365560080eaaa3624

SHA512
fab8731e561554bf3ac4a32950a4111d3bca7d9223727ed6eccca598777bd697606a11f658eae3d28f6dae16faf40fda7387d0e25cd8f3cb750c871f77178bc8

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS902F.tmp\[email protected]\chrome.manifest

Filesize
116B

MD5
5f7309c16e34b2e5df03602557c99d49

SHA1
d5dc31f7159e62c9ffc5807b3a19abb652206c18

SHA256
b90231cbe5b7b2d932164105871c7eb4482c0403f299397f740e56dad8be0ad8

SHA512
71a22059f407c9dd5ee41ec098239ae8c37e849cd64883aa0adcca94ca7a4bd0ede46739ed1ec1a1fbd81dcea146d6fd5f3247e90434a8fa4694201d08eb9e5c

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS902F.tmp\[email protected]\content\bg.js

Filesize
8KB

MD5
db557e575880afe1bfac30eba82d56bc

SHA1
ba43bc37b199429fdd16d5c06d94eb3852c17aad

SHA256
57c60234a1c422d1403e5f799d021d7f1854b97c02dc0f52f67d64a9c8441d90

SHA512
0b7825c3c4fca3e8072d2096ce9a484914dfbac3662905d064ae6d0f9cb806b2921fb464bba77bf6ca5eb47d4603d66ce63ca0912786cebf65fe93bbd2bb09ac

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS902F.tmp\[email protected]\content\zy.xul

Filesize
225B

MD5
5f9ae555ef1719d0b5ecdc7793bb193c

SHA1
6fe27ccd2a8c7b4758b830df3f81f390a9815f9c

SHA256
f7d184951418d49cf8ed80998456327d7dc5eaeeaffa03ebc2fed965bd54a789

SHA512
aec12b539f0ca47acbb591764373592e5bb9856a62111c857875b27551ea305136ff685fa2114bd4ccf1cd8580b1e423b14d2645abf260922c07488b91999969

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS902F.tmp\[email protected]\install.rdf

Filesize
714B

MD5
0815f84a36517e911e4949108731b796

SHA1
b8bea4f37f01d720502681d96c3cddca0b8a3e0d

SHA256
6644e002eed2d934474ce5b30d70832a69d740d25c4117ab211dd8c7b7844992

SHA512
cb2480e60fb8bcc123f60aaab0b09242bdcb92d6382aa499feff131074fa7aa71f48d37ec5445b1cb032c02f9c0bd071015d82d0dbe8fcc0a014dcb6a4eeeaf8

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS902F.tmp\background.html

Filesize
4KB

MD5
80ca46937b423eade35c6b0e7a8db0dc

SHA1
4d8177043f7d4bf8a8e60b7cae9fc2e63c0fe317

SHA256
8a72b45ad4ad39e5086d1eec1adc0c0d9460e0184f9c4fe2a7e2213f1be8908c

SHA512
117bed16a6a81e76103619450cfd42306d52c9ad9e5ed67564bcb2d776f8b467cffa5528b300bdb6672988b096847649364425febbaccdd254697a5f844f5414

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS902F.tmp\bhoclass.dll

Filesize
139KB

MD5
4b35f6c1f932f52fa9901fbc47b432df

SHA1
8e842bf068b04f36475a3bf86c5ea6a9839bbb5e

SHA256
2b4d643a8a14f060bf3885f872b36e5e1fe1e777ad94783ba9593487c8e1f196

SHA512
8716b9a8e46933bf29348254a68d1a21392bdbbe3b4d5010e55fe638d02cc04eb685e424d440f7c5b58ffbca82e5772dd95bef73fa831595c2ae9599f3b05a99

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS902F.tmp\content.js

Filesize
386B

MD5
58c59986a31e524ac842f0c152caac7b

SHA1
913550f354845da9eaed2597339b8eae8cce6a0a

SHA256
7a9aa938d25b76ea77793af71f4e8940456c563836245a1727c64a64db9e290d

SHA512
21bcc7b2edb00f6f0cf32b7b695449d8c3943ff6561e6f09a3a74c71d5214ff18f389bba68847bb18c93f0a1a7cff3a51d22dff605888a5e58907f4fa065e9f5

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS902F.tmp\hcjlhdhdniphalcjmmlllfoaifknmiam.crx

Filesize
3KB

MD5
1451f56bd0566fa0f78bbb8a4d388aa7

SHA1
06f886bd96ac703bed448b3d30561414543256c2

SHA256
99edabacb46deb9420a0c5841e8011c02062e8e5581948db3599dec352102720

SHA512
cd7eb4d95b67686fb56662a7da8724e75b00a1c48bd5d1f57f931badd2406db0e0555e64c846d564318ffcc927bdff3be6be36b33481e5f95757b29498ebd367

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS902F.tmp\settings.ini

Filesize
656B

MD5
2cd8d0adfe5596c6db752fc0e89be067

SHA1
59cd970ccabba32996a1959257f1721b8aee1edb

SHA256
ff53878ee581eb9500e17f9df0b20d90a85ca33ddb2c3d4a2589c0997a4cd72f

SHA512
f46543978d557a1378fdd61ea574bd77020bd6a9556f1d6d0360174700f9383b7a586a55fc7cba5e401d4dd6d478f12ce9b83012f21f125b1061d91fbb78faf6

Download Submit
\Users\Admin\AppData\Local\Temp\7zS902F.tmp\setup.exe

Filesize
61KB

MD5
16ef6e914973925977cdc5ef6b8b2565

SHA1
4815da2815975b33f5dc94d482e6dbc02588afa6

SHA256
6b9a2b64b90799f1d50458dc38fb4e9e13a8abb37210c8f5d9eeedae84c6912f

SHA512
c74f0e17878c4598b626edb5e75e7ee098b71c0c26454ba709e2ea438517670ce11abf7d909470e6c935a21d0413c0d14b29960af9bd6a423e3261789a35b059

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads