c3626378638fb0df73aeddf04a7da5341992afed767e149f7aec63863fb5664e

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
27-07-2024 02:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

76aa2b6c818db74f7d31f0818671e50c_JaffaCakes118.exe
Size

313KB
MD5

76aa2b6c818db74f7d31f0818671e50c
SHA1

e98b1a6688aba6421ff4f5c070c0b49bd4063826
SHA256

c3626378638fb0df73aeddf04a7da5341992afed767e149f7aec63863fb5664e
SHA512

3aab57365b2e8c316cedf7c38ed291ca5ebbb83f25d5a361de8c394e0191a1a5a22c89c6d3b65a0ca5ceb7253554ccd99b8101d562a0a20df07eb3562925fc8d
SSDEEP

6144:91OgDPdkBAFZWjadD4s/xuz+3sdW0ShYpu1YiBb+YrTWoAih/EXpr1K:91OgLdaWAmQrWYiNZrxfhsXpr1K

Score

7^/10

adware discovery spyware stealer

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2908	setup.exe

Loads dropped DLL 6 IoCs

pid	Process
1824	76aa2b6c818db74f7d31f0818671e50c_JaffaCakes118.exe
2908	setup.exe
2908	setup.exe
2908	setup.exe
2908	setup.exe
2908	setup.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Installs/modifies Browser Helper Object 2 TTPs 4 IoCs

BHOs are DLL modules which act as plugins for Internet Explorer.

stealer adware

Modify Registry

T1112

Browser Extensions

T1176

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{1D08B5D3-3E14-77B2-A440-905B763E6838}	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{1D08B5D3-3E14-77B2-A440-905B763E6838}\ = "Bcool"	setup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{1D08B5D3-3E14-77B2-A440-905B763E6838}\NoExplorer = "1"	setup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{1D08B5D3-3E14-77B2-A440-905B763E6838}	setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	76aa2b6c818db74f7d31f0818671e50c_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe

NSIS installer 4 IoCs

installer

resource	yara_rule
behavioral1/files/0x00050000000194bb-30.dat	nsis_installer_1
behavioral1/files/0x00050000000194bb-30.dat	nsis_installer_2
behavioral1/files/0x000500000001a41b-99.dat	nsis_installer_1
behavioral1/files/0x000500000001a41b-99.dat	nsis_installer_2

Modifies registry class 63 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho\CLSID\ = "{1D08B5D3-3E14-77B2-A440-905B763E6838}"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0\FLAGS	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0\FLAGS\ = "0"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\ProxyStubClsid32	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\TypeLib	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0\0\win32\ = "C:\\ProgramData\\Bcool\\bhoclass.dll"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\TypeLib\ = "{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\TypeLib\Version = "1.0"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1D08B5D3-3E14-77B2-A440-905B763E6838}\InprocServer32	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho\ = "Bcool"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\ = "IInjectorBHO"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\TypeLib	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0\0\win32	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho.1.0\CLSID	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1D08B5D3-3E14-77B2-A440-905B763E6838}	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\TypeLib\Version = "1.0"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho.1.0\CLSID\ = "{1D08B5D3-3E14-77B2-A440-905B763E6838}"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho\CurVer	setup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1D08B5D3-3E14-77B2-A440-905B763E6838}\InprocServer32	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\TypeLib	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\ = "IInjectorBHO"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho	setup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1D08B5D3-3E14-77B2-A440-905B763E6838}	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\TypeLib\Version = "1.0"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\TypeLib	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho\CLSID	setup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1D08B5D3-3E14-77B2-A440-905B763E6838}\VersionIndependentProgID	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0\ = "Injector 1.0 Type Library"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\TypeLib\Version = "1.0"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0\0	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1D08B5D3-3E14-77B2-A440-905B763E6838}\VersionIndependentProgID\ = "bhoclass.bho"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0\HELPDIR	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0\HELPDIR\ = "C:\\ProgramData\\Bcool"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\ProxyStubClsid32	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho.1.0	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1D08B5D3-3E14-77B2-A440-905B763E6838}\InprocServer32\ThreadingModel = "Apartment"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\ = "ILocalStorage"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho.1.0\ = "Bcool"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1D08B5D3-3E14-77B2-A440-905B763E6838}\ = "Bcool Class"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\ProxyStubClsid32	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\TypeLib\ = "{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho\CurVer\ = "bhoclass.bho.1.0"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1D08B5D3-3E14-77B2-A440-905B763E6838}\Programmable	setup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1D08B5D3-3E14-77B2-A440-905B763E6838}\ProgID	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1D08B5D3-3E14-77B2-A440-905B763E6838}\ProgID	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1D08B5D3-3E14-77B2-A440-905B763E6838}\ProgID\ = "bhoclass.bho.1.0"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\TypeLib\ = "{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\ = "ILocalStorage"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\TypeLib\ = "{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1D08B5D3-3E14-77B2-A440-905B763E6838}\VersionIndependentProgID	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1D08B5D3-3E14-77B2-A440-905B763E6838}\InprocServer32\ = "C:\\ProgramData\\Bcool\\bhoclass.dll"	setup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1D08B5D3-3E14-77B2-A440-905B763E6838}\Programmable	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\ProxyStubClsid32	setup.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1824 wrote to memory of 2908	1824	76aa2b6c818db74f7d31f0818671e50c_JaffaCakes118.exe	30
PID 1824 wrote to memory of 2908	1824	76aa2b6c818db74f7d31f0818671e50c_JaffaCakes118.exe	30
PID 1824 wrote to memory of 2908	1824	76aa2b6c818db74f7d31f0818671e50c_JaffaCakes118.exe	30
PID 1824 wrote to memory of 2908	1824	76aa2b6c818db74f7d31f0818671e50c_JaffaCakes118.exe	30
PID 1824 wrote to memory of 2908	1824	76aa2b6c818db74f7d31f0818671e50c_JaffaCakes118.exe	30
PID 1824 wrote to memory of 2908	1824	76aa2b6c818db74f7d31f0818671e50c_JaffaCakes118.exe	30
PID 1824 wrote to memory of 2908	1824	76aa2b6c818db74f7d31f0818671e50c_JaffaCakes118.exe	30

System policy modification 1 TTPs 2 IoCs

evasion

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{1D08B5D3-3E14-77B2-A440-905B763E6838} = "1"	setup.exe

C:\Users\Admin\AppData\Local\Temp\76aa2b6c818db74f7d31f0818671e50c_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\76aa2b6c818db74f7d31f0818671e50c_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:1824
- C:\Users\Admin\AppData\Local\Temp\7zS7964.tmp\setup.exe
  .\setup.exe /s
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Installs/modifies Browser Helper Object
  - System Location Discovery: System Language Discovery
  - Modifies registry class
  - System policy modification
  PID:2908

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Browser Extensions

T1176

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Bcool\uninstall.exe

Filesize
46KB

MD5
2628f4240552cc3b2ba04ee51078ae0c

SHA1
5b0cca662149240d1fd4354beac1338e97e334ea

SHA256
03c965d0bd9827a978ef4080139533573aa800c9803599c0ce91da48506ad8f6

SHA512
6ecfcc97126373e82f1edab47020979d7706fc2be39ca792e8f30595133cd762cd4a65a246bee9180713e40e61efa373ecfb5eb72501ee18b38f13e32e61793b

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS7964.tmp\[email protected]\chrome.manifest

Filesize
114B

MD5
ae33a14c98df10054d51d4bea7833c56

SHA1
1131ef26b9f482bd63935972ac2c205faae8e7a3

SHA256
1176e9ceb3854d04073a5449e363ebbc4a6586e13066b34c61e675a22984eeda

SHA512
3e0a35ecf9ddc8d4a7036b5bd50755a1edeea97ba607212609e9e200ca8cb333a3924ff2796df9c9fcd21d1c674a2367190951df7938f1384717f2fd2aa40006

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS7964.tmp\[email protected]\content\indexeddb.js

Filesize
1KB

MD5
0a13a63268b1e57470d8d379418e775a

SHA1
110b67905609dccf2cf631af7c46e37e8654a76b

SHA256
e58a2ab57b3a189fc73529d3c3c5061ab208470a7283e01f78a161c8a0fe17e5

SHA512
adc3408ce8c537c7c5b23637be128b5cb0dae85b2ef6bb213913d8e539c4436dbda51850d07e256a9c6c3fdec49d3b4e82ba06d324698ebc35c940f660980d94

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS7964.tmp\[email protected]\content\jquery.js

Filesize
91KB

MD5
4bab8348a52d17428f684ad1ec3a427e

SHA1
56c912a8c8561070aee7b9808c5f3b2abec40063

SHA256
3739b485ac39b157caa066b883e4d9d3f74c50beff0b86cd8a24ce407b179a23

SHA512
a693069c66d8316d73a3c01ed9e6a4553c9b92d98b294f0e170cc9f9f5502c814255f5f92b93aeb07e0d6fe4613f9a1d511e1bfd965634f04e6cf18f191a7480

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS7964.tmp\[email protected]\content\jsext.js

Filesize
6KB

MD5
5dfc75f250b203e99252730b1e06fdb7

SHA1
8368bb3ae04f1b386eb44e10628359d1bdc45bc5

SHA256
78ae2684b56f62a1ed9482bba64c51e58d16e8295ce2757219e29fe72be88214

SHA512
6cd53a015f1a8a8702049ba412636fd93956255a4da348d1a431289901051814bf3b175a3ffadfd44fa998a98d7ac83a968a8fed8675d25f7d7bbda711c80972

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS7964.tmp\[email protected]\content\lsdb.js

Filesize
1KB

MD5
2caefea7d5978ad5ed608c09ce7841d3

SHA1
3627a53d0df21b19f67c51784c0b18847054a1d3

SHA256
cb3bceda3464a89ccc9aa458e578fcc1d9a0206f9d1b759dcb1d2ece6e5531e4

SHA512
42378a058a165498f2bd0e595c1a60f5a283df08cb37819e4e2c5c66a9a88f8ed29bdc72c0f81a88a8029f078bc49547e2f8ee45534c233a7bc1041582a35252

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS7964.tmp\[email protected]\content\prfdb.js

Filesize
1KB

MD5
8196db9a225d11ba41f167f4322be837

SHA1
22a12fb47d14374cf9f070e6cc975fc5a27a4074

SHA256
32f9bbcc0fed22a3614eb8a76e1ae3701a592bf92caa8de625550eb3f44e44a6

SHA512
a769c879edeb9827c429496a0ccc9c4a793acdcd438eb715fbdd0418bb732df5271536303949d2f92ea51b519b5ddd4d7e2a3c68ab34a2855505e4b2f9c20b4c

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS7964.tmp\[email protected]\content\sqlite.js

Filesize
1KB

MD5
111b3907e90802f0d181e2b6a0094738

SHA1
77fc8f8bed913d2ab53c34669169c9dc666abc78

SHA256
91cdbefa69d4e62b9300d10e94a647182ee98adb61036aa1d89655f47dbc158a

SHA512
4aa0a6209136c9e2c31888f41f3dfa6a4f385862090c4e2ca69f6ab117abd0a5fa069661a239d93f6704dbfc996b3e341e393a66ee3a7503012255f7009d2f0d

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS7964.tmp\[email protected]\content\wx.xul

Filesize
228B

MD5
850fcfb1a7ae18fb20e801aa111c5cb8

SHA1
a9fda7a48c575105b8a0cf06b3173d3d8b5ecc4f

SHA256
3a3380e5597d96671dcc18f153de485a908f37d3779c652b22f24e92accf8cdd

SHA512
e37d6f8eec8c40816d5e80d7beaea7f0b8a51bba56ace2c2a08f45a98bba40d3f94674755ebda8117d5ebf0b171b160cc44e55b63537c2c806d9ea984bec6fa6

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS7964.tmp\[email protected]\install.rdf

Filesize
668B

MD5
7ea92af16491882aa0216def13bf39bd

SHA1
747d54c38f4c4a5cbecd3feb6a754af67159f600

SHA256
f9da53e196bb934efc77c81a1f3fa572299d14d72f9de83c03452e5f1bf05f14

SHA512
4e1dee750165c967f151e620503825be74d5407f3fc87fac38f40719dba62dd35bd831703678649d1ef88d2f83d73c2f61e9f85f44cc51391af1344073b70981

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS7964.tmp\background.html

Filesize
5KB

MD5
9828649ea4821304a74b6b0a00fe9a7a

SHA1
69a2c4010922c414064c0d6ff98bf08c2f58dc32

SHA256
48ac59bb9ee3f3cdac853e38c8f0bc9183224483553d7e22cb258ec8f933a17d

SHA512
16183e2d6b112c4e4e3f8122e0511621786e5738047cdb1d20524d9e64d53429c3f9c87ed6aceb3aea8a73849c1802eae2afc0d115f07121084de51aa56e9841

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS7964.tmp\bhoclass.dll

Filesize
137KB

MD5
ac13c733379328f86568f6e514c2f7f8

SHA1
338901240fedcef4e3892fd4c723c89154f4de05

SHA256
7bf09b5c2a9b6348227199c1b3951b57907ca6a5c215a04ad8d5e43232f5b562

SHA512
35f69a82694a2ea4268a3dde7940af6bd1c87a32d93a72723464f90e4e818805be9e80872469d1cc29150a9aac872fc78613a584baa1327dfa8478c2de5672c4

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS7964.tmp\content.js

Filesize
386B

MD5
3fcec8fa38a822627d4ecf2359868c49

SHA1
490e2ed58feb64ff77c11047ef9345ce99068da7

SHA256
6b866a3fb717c3b73357309c25c0e53060addd3fc529f0662397c869155e8b89

SHA512
a7eac0ae9b1171c02296a1dacbc82bf1d93657d75bcc86cba7041e90d82d177f50e4366e55ffa9246e5f3d7b409e7d24f25ad4eef2dbb1b29a3ba32011a6bbb2

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS7964.tmp\pflfkdaflpglplbinmkdcajeopmfenek.crx

Filesize
37KB

MD5
d5512bb513e1b68b9e82e99896c96db4

SHA1
4f2376e514881df8988fd65b11018eb5c15035df

SHA256
90edc59fabb36aa4e6d82e1f263532fe4f583d39b61fac09dc9a5ec1b2322944

SHA512
94ee45d4f7270acc8fe26dbd930db868f4eab9396f7881e69258a37ecd58e3a859fe37dec10af499d53f79b696a744e4afd27a94b48c1e338e2f3a239c7f4258

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS7964.tmp\settings.ini

Filesize
592B

MD5
9095a48e65ad24e1f0d4099a6a3cf5ac

SHA1
6a10e6675c1c6d1143b5dddd46f6abedf0a1fd36

SHA256
55b156077a0fbd033e64b4d80fe1d9ee7a791e4d9e9ea7a6cbf7b06f3a133a36

SHA512
b206fb70b3f5d3e0158fa1001646104b339207dc4358e27da57e6ba609b4616984714633581aee387552043b3c03f8d1df564e67156dd36d663f48de3f197fb9

Download Submit
\Users\Admin\AppData\Local\Temp\7zS7964.tmp\setup.exe

Filesize
61KB

MD5
201d2311011ffdf6c762fd46cdeb52ab

SHA1
65c474ca42a337745e288be0e21f43ceaafd5efe

SHA256
15c0e4fd6091cda70fa308ea5ee956996f6eb23d24e44700bd5c74bf111cf2aa

SHA512
235d70114f391d9e7a319d94bdfc49665d147723379de7487ef76cfc968f7faa3191153b32ba1ab466caeeeeef4852381529a168c3acca9a8d5a26dfe0436f6b

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads