e370082f8dc09c4efecdc6fa57fde07de582e8dc264522ca8d64755e0da2016a

Analysis

max time kernel
14s
max time network
18s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
01/08/2024, 22:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

82037ed4059ad5dba01a5fa9bf9215f3_JaffaCakes118.exe
Size

496KB
MD5

82037ed4059ad5dba01a5fa9bf9215f3
SHA1

1f8df9c1b381b6a6c7622a39035ecc669a2801a9
SHA256

e370082f8dc09c4efecdc6fa57fde07de582e8dc264522ca8d64755e0da2016a
SHA512

c75cdd7bca28d84dac761749a89b63685451448835ca63e898532c09787f6fb69fcf36e98b64935dd527ea8bbf2690b6a5583c1789c49d0742f590c3ff36d4f8
SSDEEP

12288:91OgLdaVzQX3X9p1quHttHecmtAM1r3XQYOYXZSdjbkxeCu:91OYdalQnX9p1quHttHecWrgY7ujbHd

Score

7^/10

adware discovery spyware stealer

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2984	setup.exe

Loads dropped DLL 6 IoCs

pid	Process
2052	82037ed4059ad5dba01a5fa9bf9215f3_JaffaCakes118.exe
2984	setup.exe
2984	setup.exe
2984	setup.exe
2984	setup.exe
2984	setup.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Installs/modifies Browser Helper Object 2 TTPs 4 IoCs

BHOs are DLL modules which act as plugins for Internet Explorer.

stealer adware

Modify Registry

T1112

Browser Extensions

T1176

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{45F44DC6-E07A-BE70-45DA-B6F3988AB30D}	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{45F44DC6-E07A-BE70-45DA-B6F3988AB30D}\ = "Codecv"	setup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{45F44DC6-E07A-BE70-45DA-B6F3988AB30D}\NoExplorer = "1"	setup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{45F44DC6-E07A-BE70-45DA-B6F3988AB30D}	setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	82037ed4059ad5dba01a5fa9bf9215f3_JaffaCakes118.exe

NSIS installer 4 IoCs

installer

resource	yara_rule
behavioral1/files/0x00050000000194cc-30.dat	nsis_installer_1
behavioral1/files/0x00050000000194cc-30.dat	nsis_installer_2
behavioral1/files/0x0005000000019624-99.dat	nsis_installer_1
behavioral1/files/0x0005000000019624-99.dat	nsis_installer_2

Modifies registry class 63 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho.1.0\CLSID	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{45F44DC6-E07A-BE70-45DA-B6F3988AB30D}\VersionIndependentProgID	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\ProxyStubClsid32	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\TypeLib\ = "{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{45F44DC6-E07A-BE70-45DA-B6F3988AB30D}\ProgID	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0\HELPDIR	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\TypeLib\Version = "1.0"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho\ = "Codecv"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho\CLSID\ = "{45F44DC6-E07A-BE70-45DA-B6F3988AB30D}"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{45F44DC6-E07A-BE70-45DA-B6F3988AB30D}\InprocServer32\ = "C:\\ProgramData\\Codecv\\bhoclass.dll"	setup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{45F44DC6-E07A-BE70-45DA-B6F3988AB30D}\InprocServer32	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho	setup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{45F44DC6-E07A-BE70-45DA-B6F3988AB30D}\ProgID	setup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{45F44DC6-E07A-BE70-45DA-B6F3988AB30D}	setup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{45F44DC6-E07A-BE70-45DA-B6F3988AB30D}\VersionIndependentProgID	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0\ = "Injector 1.0 Type Library"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\ = "IInjectorBHO"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{45F44DC6-E07A-BE70-45DA-B6F3988AB30D}	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\TypeLib	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{45F44DC6-E07A-BE70-45DA-B6F3988AB30D}\Programmable	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0\0\win32	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\TypeLib\Version = "1.0"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\ = "ILocalStorage"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0\FLAGS	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\ = "IInjectorBHO"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\TypeLib	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\TypeLib\ = "{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho.1.0\CLSID\ = "{45F44DC6-E07A-BE70-45DA-B6F3988AB30D}"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{45F44DC6-E07A-BE70-45DA-B6F3988AB30D}\InprocServer32	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\TypeLib\Version = "1.0"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\ProxyStubClsid32	setup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{45F44DC6-E07A-BE70-45DA-B6F3988AB30D}\Programmable	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\TypeLib\ = "{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0\0\win32\ = "C:\\ProgramData\\Codecv\\bhoclass.dll"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0\HELPDIR\ = "C:\\ProgramData\\Codecv"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho.1.0\ = "Codecv"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho\CurVer\ = "bhoclass.bho.1.0"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\TypeLib	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{45F44DC6-E07A-BE70-45DA-B6F3988AB30D}\InprocServer32\ThreadingModel = "Apartment"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0\FLAGS\ = "0"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\ = "ILocalStorage"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\TypeLib\ = "{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho.1.0	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho\CurVer	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0\0	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\ProxyStubClsid32	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\ProxyStubClsid32	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho\CLSID	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{45F44DC6-E07A-BE70-45DA-B6F3988AB30D}\ = "Codecv Class"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{45F44DC6-E07A-BE70-45DA-B6F3988AB30D}\ProgID\ = "bhoclass.bho.1.0"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{45F44DC6-E07A-BE70-45DA-B6F3988AB30D}\VersionIndependentProgID\ = "bhoclass.bho"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\TypeLib\Version = "1.0"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\TypeLib	setup.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2052 wrote to memory of 2984	2052	82037ed4059ad5dba01a5fa9bf9215f3_JaffaCakes118.exe	30
PID 2052 wrote to memory of 2984	2052	82037ed4059ad5dba01a5fa9bf9215f3_JaffaCakes118.exe	30
PID 2052 wrote to memory of 2984	2052	82037ed4059ad5dba01a5fa9bf9215f3_JaffaCakes118.exe	30
PID 2052 wrote to memory of 2984	2052	82037ed4059ad5dba01a5fa9bf9215f3_JaffaCakes118.exe	30
PID 2052 wrote to memory of 2984	2052	82037ed4059ad5dba01a5fa9bf9215f3_JaffaCakes118.exe	30
PID 2052 wrote to memory of 2984	2052	82037ed4059ad5dba01a5fa9bf9215f3_JaffaCakes118.exe	30
PID 2052 wrote to memory of 2984	2052	82037ed4059ad5dba01a5fa9bf9215f3_JaffaCakes118.exe	30

System policy modification 1 TTPs 2 IoCs

evasion

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{45F44DC6-E07A-BE70-45DA-B6F3988AB30D} = "1"	setup.exe

C:\Users\Admin\AppData\Local\Temp\82037ed4059ad5dba01a5fa9bf9215f3_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\82037ed4059ad5dba01a5fa9bf9215f3_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2052
- C:\Users\Admin\AppData\Local\Temp\7zS847B.tmp\setup.exe
  .\setup.exe /s
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Installs/modifies Browser Helper Object
  - System Location Discovery: System Language Discovery
  - Modifies registry class
  - System policy modification
  PID:2984

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Browser Extensions

T1176

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Codecv\bhoclass.dll

Filesize
521KB

MD5
489fc1a1f5dce2adc842b4a68e67f0cb

SHA1
e73fb5755f4bc109e08f4c3c286438a0dbd02084

SHA256
24833c00ddea6a060d5b398c5667c200cb957e37269d1fc90b6b1eb5e3130f7a

SHA512
ba3d7773466d0ed856afa09c76b9266f4454e268bc2f67ccf903a85fe4986b9886d5a1210aa1c561da3bf69956ffe5a1357154f637ed952b73060f794b215104

Download Submit
C:\ProgramData\Codecv\uninstall.exe

Filesize
46KB

MD5
2628f4240552cc3b2ba04ee51078ae0c

SHA1
5b0cca662149240d1fd4354beac1338e97e334ea

SHA256
03c965d0bd9827a978ef4080139533573aa800c9803599c0ce91da48506ad8f6

SHA512
6ecfcc97126373e82f1edab47020979d7706fc2be39ca792e8f30595133cd762cd4a65a246bee9180713e40e61efa373ecfb5eb72501ee18b38f13e32e61793b

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS847B.tmp\[email protected]\chrome.manifest

Filesize
114B

MD5
cc7bb1d68ed2e2fc3e6ed0ccad280b9e

SHA1
5c1f5ebc3cacc8f7855e7e5d013c28117908cb21

SHA256
166752359242c220dd85c98fd3ea52ba24dfa459bce1d7620fb9a23a52f677dc

SHA512
4c07dd6e56ef7dcace3ad45e19af8dabd941cda6f7720354b5f58487efe47de302d3549d4c909bac77516c9b251a80cd4c9b467c45ffde723349e8b0ceb579a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS847B.tmp\[email protected]\content\indexeddb.js

Filesize
1KB

MD5
491a7387ef7680e6012522b277801268

SHA1
c03677b9fe02a9c1ce826e69a638030e48c94e9b

SHA256
be3dc859e6ad3490bd5306ef370f02141c1a19243c252ca1d9ee092f131f7a9f

SHA512
65e5ca8396abd5a6a004900bb19c290d470870a8b442de592751841da361a645bbc629c5946e9cfea603a70a65700b23879684d465a5272717eae2014adcf0bf

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS847B.tmp\[email protected]\content\jquery.js

Filesize
91KB

MD5
4bab8348a52d17428f684ad1ec3a427e

SHA1
56c912a8c8561070aee7b9808c5f3b2abec40063

SHA256
3739b485ac39b157caa066b883e4d9d3f74c50beff0b86cd8a24ce407b179a23

SHA512
a693069c66d8316d73a3c01ed9e6a4553c9b92d98b294f0e170cc9f9f5502c814255f5f92b93aeb07e0d6fe4613f9a1d511e1bfd965634f04e6cf18f191a7480

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS847B.tmp\[email protected]\content\jsext.js

Filesize
6KB

MD5
4cf53453e678656a2628213325654256

SHA1
ba27b2c9aec0c0dbe9f7cb520667cb1567c88d0f

SHA256
76f0f2606ae8c19b588a9346171408bad28cdd4055c0ebe9d89015c059e529e6

SHA512
384fc5bf9fa8056ad3425ea0e87b7e8a6b299764ad6cdbd4796519f99fc009cacd9a621f5728d8b1471d6cd5b0bf0fdc8ae2a73c59698cb7c876f1542966672d

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS847B.tmp\[email protected]\content\lsdb.js

Filesize
1KB

MD5
beec9e5e620796bd07895575b24a317b

SHA1
155c9ac0fcecafb6cbd55eba4b05d70ba8291410

SHA256
ce4daa1c990e305c2f27968556baa5288e7ac09ea71fec888ab66e01f1d10136

SHA512
03e51bd38dcac94fcbcffbb1a46d83d26356404a459d85a56f5207b595b19eed1b9b86c859e709176c3a9faf06e646d4c176188aef3810f5ca02420a96ec83e8

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS847B.tmp\[email protected]\content\prfdb.js

Filesize
1KB

MD5
99a191d5c3419ccd6bbef4a36b71671b

SHA1
23308c6c342e8b11152476cc4140709a4e088721

SHA256
1fa15deeb0328ac55b028d9bbe4087b2ee2e954175ca4c390cf8c34fb87b2fa1

SHA512
112c2fb8969e1299287f14fa1472a3a5806315020db2dc69d329849ce17963b158e9a5f8a10cfeb98d04813951e9629d44afc891047cc4a096c9a5fbeedbabcc

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS847B.tmp\[email protected]\content\sqlite.js

Filesize
1KB

MD5
1023cb401380a3765319d295ded5a4fe

SHA1
3e9d34ba5b2cef8517b37cf420961c8a748048da

SHA256
0a2586481017dfec8596af287e4c925cbdc193ceb33d7c5a67ce8e74b38c9969

SHA512
ebb5f5f41e5c54571f3f51a27079fa0a21cf74ca4d33b507724bdbc1e2f5d9cce48c2a53dd8c9178445bf4522dbe981592d1328fdc77ecb9812d8b58815f3081

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS847B.tmp\[email protected]\content\wx.xul

Filesize
228B

MD5
8b116724ab21b231ae5b1cc5a634b04a

SHA1
5802f876654ae6e11c07f14f0418fcb2daf14c6e

SHA256
0da5b393771811e8fe98f97b158f17a7ac65cc48402480e7d279d6a3aea9279f

SHA512
d23b0a9c91e4ddb0abd12dd4f0aa6ea1fc67dad3fc7cfae3cd8039ea502e7cfa69aaf719ddf364c221332ea942bc7b2b96bc56b47b5e76535e7bcb9f35e2fa9e

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS847B.tmp\[email protected]\install.rdf

Filesize
676B

MD5
dbc948ce88a1f8f61ad6aefdd0ea8e56

SHA1
888ced3d94901fbf60f262072c9416f8729f8aae

SHA256
7b2b64e4378e2ff19061c3e5bdad8e60d4dba9c42c14ccd99f2920c3c2c06002

SHA512
880f8397159a8382d48102b21a5e3f21e220ae4b53b8b2c862c77acc13ec54009cf47f0c6da35d7f5c17dbb86731a0aaf206a5766e299883c4e1064bf19fb8f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS847B.tmp\background.html

Filesize
5KB

MD5
f1e59b4ad6fd84091b086f061af70300

SHA1
f348cae18cddba295d1709f03be88d3b66700ff9

SHA256
86ad9e408bcc1001a4b4a48706cb22477f411108cfa34ab1c70676d0c5155a6c

SHA512
56cce4e7e01b6e92b3e9683d8f3413863f95dc9892b9f4e07200e67405d6dbbd069930ebb74b354d72f35bdc90b0f7a0424fa272d83c4d63875798f601265ea2

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS847B.tmp\content.js

Filesize
734B

MD5
b1967331e10316faf847727971da30f1

SHA1
efa452122a382ed5cacbf090f967f20ce89429e2

SHA256
b69942f6ef5f000fb282869f559c9cfb42a7374a91a0924b2ac8cf9a0c3c9190

SHA512
7e202c2bcd6a2e4c618f8137bd86e2cc72f99e3b6b0188e100ec592db4c1f9ee1264d6dd4667a0abfa0b7a5bfc2e65373c8574bb39572db4fa53df3bac9740e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS847B.tmp\klhejjdagcechmoohildhfbcpdpgjjjd.crx

Filesize
37KB

MD5
c3726822271b13488e4f589d738c62f6

SHA1
dc1bc1e280527494da1d0f8b2d5e43e4fdb6219c

SHA256
9f76d9c7c4b32dbc0956e1117a55c4043e98c0a9394528105fc1512c2a4e4865

SHA512
9c3441dd28f103332eee779ae5581ca44b0a84d4cb087cc960635ea9f780ed3cd716014d681b9ae6e4992af9f5d3094924b0bc0ac9b43084a6e80c17c427b2b4

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS847B.tmp\settings.ini

Filesize
603B

MD5
1dd6cf475b7df20df7de71b9b44d2f6f

SHA1
01d452cf3bb061b1212e9f4ca621034504153665

SHA256
e95c94ea60519fa8f89258895d82fae003adf490b3a04cecc363a4b46a1db35a

SHA512
0bfb75be5f24679833fed6b00a4566d9114915dda8d5346142b0c3329b81241f3bb1ce1c9e7bb2de56520955317f5dd5a92d5e087f60cac63419d93a3b690f9e

Download Submit
\Users\Admin\AppData\Local\Temp\7zS847B.tmp\setup.exe

Filesize
61KB

MD5
201d2311011ffdf6c762fd46cdeb52ab

SHA1
65c474ca42a337745e288be0e21f43ceaafd5efe

SHA256
15c0e4fd6091cda70fa308ea5ee956996f6eb23d24e44700bd5c74bf111cf2aa

SHA512
235d70114f391d9e7a319d94bdfc49665d147723379de7487ef76cfc968f7faa3191153b32ba1ab466caeeeeef4852381529a168c3acca9a8d5a26dfe0436f6b

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads