f3dad4ff5277e499b9b606b015d6ce9ece8a6bb7c565c9c9196ccc0d79362dcb

Analysis

max time kernel
120s
max time network
125s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
11/08/2024, 09:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

89d2462d203145c071c26bfa01e09a57_JaffaCakes118.exe
Size

313KB
MD5

89d2462d203145c071c26bfa01e09a57
SHA1

491185b3f1b6819fd6a1a6d0a6baaa3012618b86
SHA256

f3dad4ff5277e499b9b606b015d6ce9ece8a6bb7c565c9c9196ccc0d79362dcb
SHA512

3d61fd5fb7a8953221955493807949a2d6d85ffd46c92e3f39d092a130e76a35916cf9cc96599da43d212f4aedc12d186fe8b8dcfbec745d4b67aeb36f31f984
SSDEEP

6144:91OgDPdkBAFZWjadD4sc7Ffeyx2wmvwGRppShQXOsFop:91OgLdaJ9hJvGRpkCX9mp

Score

7^/10

adware discovery spyware stealer

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2152	setup.exe

Loads dropped DLL 6 IoCs

pid	Process
2356	89d2462d203145c071c26bfa01e09a57_JaffaCakes118.exe
2152	setup.exe
2152	setup.exe
2152	setup.exe
2152	setup.exe
2152	setup.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Installs/modifies Browser Helper Object 2 TTPs 4 IoCs

BHOs are DLL modules which act as plugins for Internet Explorer.

stealer adware

Modify Registry

T1112

Browser Extensions

T1176

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{121015BC-559F-2F68-FAA4-7C34F6F05736}	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{121015BC-559F-2F68-FAA4-7C34F6F05736}\ = "wxDfast"	setup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{121015BC-559F-2F68-FAA4-7C34F6F05736}\NoExplorer = "1"	setup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{121015BC-559F-2F68-FAA4-7C34F6F05736}	setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	89d2462d203145c071c26bfa01e09a57_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe

NSIS installer 4 IoCs

installer

resource	yara_rule
behavioral1/files/0x0005000000018fb6-30.dat	nsis_installer_1
behavioral1/files/0x0005000000018fb6-30.dat	nsis_installer_2
behavioral1/files/0x0005000000019f50-99.dat	nsis_installer_1
behavioral1/files/0x0005000000019f50-99.dat	nsis_installer_2

Modifies registry class 63 IoCs

description	ioc	Process
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{121015BC-559F-2F68-FAA4-7C34F6F05736}	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0\FLAGS\ = "0"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0\0\win32	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0\HELPDIR	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\ProxyStubClsid32	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho.1.0	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\TypeLib\Version = "1.0"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\ProxyStubClsid32	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\TypeLib\Version = "1.0"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{121015BC-559F-2F68-FAA4-7C34F6F05736}\ProgID	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{121015BC-559F-2F68-FAA4-7C34F6F05736}\InprocServer32	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0\0\win32\ = "C:\\ProgramData\\wxDfast\\bhoclass.dll"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\ = "ILocalStorage"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho.1.0\CLSID\ = "{121015BC-559F-2F68-FAA4-7C34F6F05736}"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho\CurVer\ = "bhoclass.bho.1.0"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{121015BC-559F-2F68-FAA4-7C34F6F05736}\VersionIndependentProgID	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{121015BC-559F-2F68-FAA4-7C34F6F05736}\InprocServer32\ThreadingModel = "Apartment"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{121015BC-559F-2F68-FAA4-7C34F6F05736}\InprocServer32\ = "C:\\ProgramData\\wxDfast\\bhoclass.dll"	setup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{121015BC-559F-2F68-FAA4-7C34F6F05736}\VersionIndependentProgID	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0\ = "Injector 1.0 Type Library"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho\ = "wxDfast"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0\FLAGS	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\ = "IInjectorBHO"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\TypeLib\ = "{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\ = "ILocalStorage"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\TypeLib\ = "{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\ = "IInjectorBHO"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\TypeLib	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{121015BC-559F-2F68-FAA4-7C34F6F05736}	setup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{121015BC-559F-2F68-FAA4-7C34F6F05736}\InprocServer32	setup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{121015BC-559F-2F68-FAA4-7C34F6F05736}\ProgID	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0\HELPDIR\ = "C:\\ProgramData\\wxDfast"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\ProxyStubClsid32	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho.1.0\ = "wxDfast"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho.1.0\CLSID	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{121015BC-559F-2F68-FAA4-7C34F6F05736}\Programmable	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\TypeLib\ = "{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\TypeLib	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho\CLSID	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho\CLSID\ = "{121015BC-559F-2F68-FAA4-7C34F6F05736}"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0\0	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho\CurVer	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{121015BC-559F-2F68-FAA4-7C34F6F05736}\ProgID\ = "bhoclass.bho.1.0"	setup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{121015BC-559F-2F68-FAA4-7C34F6F05736}\Programmable	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\ProxyStubClsid32	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\TypeLib\ = "{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{121015BC-559F-2F68-FAA4-7C34F6F05736}\ = "wxDfast Class"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\TypeLib\Version = "1.0"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\TypeLib	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\TypeLib\Version = "1.0"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{121015BC-559F-2F68-FAA4-7C34F6F05736}\VersionIndependentProgID\ = "bhoclass.bho"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\TypeLib	setup.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2356 wrote to memory of 2152	2356	89d2462d203145c071c26bfa01e09a57_JaffaCakes118.exe	30
PID 2356 wrote to memory of 2152	2356	89d2462d203145c071c26bfa01e09a57_JaffaCakes118.exe	30
PID 2356 wrote to memory of 2152	2356	89d2462d203145c071c26bfa01e09a57_JaffaCakes118.exe	30
PID 2356 wrote to memory of 2152	2356	89d2462d203145c071c26bfa01e09a57_JaffaCakes118.exe	30
PID 2356 wrote to memory of 2152	2356	89d2462d203145c071c26bfa01e09a57_JaffaCakes118.exe	30
PID 2356 wrote to memory of 2152	2356	89d2462d203145c071c26bfa01e09a57_JaffaCakes118.exe	30
PID 2356 wrote to memory of 2152	2356	89d2462d203145c071c26bfa01e09a57_JaffaCakes118.exe	30

System policy modification 1 TTPs 2 IoCs

evasion

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{121015BC-559F-2F68-FAA4-7C34F6F05736} = "1"	setup.exe

C:\Users\Admin\AppData\Local\Temp\89d2462d203145c071c26bfa01e09a57_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\89d2462d203145c071c26bfa01e09a57_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2356
- C:\Users\Admin\AppData\Local\Temp\7zS1D8F.tmp\setup.exe
  .\setup.exe /s
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Installs/modifies Browser Helper Object
  - System Location Discovery: System Language Discovery
  - Modifies registry class
  - System policy modification
  PID:2152

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Browser Extensions

T1176

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\wxDfast\uninstall.exe

Filesize
46KB

MD5
2628f4240552cc3b2ba04ee51078ae0c

SHA1
5b0cca662149240d1fd4354beac1338e97e334ea

SHA256
03c965d0bd9827a978ef4080139533573aa800c9803599c0ce91da48506ad8f6

SHA512
6ecfcc97126373e82f1edab47020979d7706fc2be39ca792e8f30595133cd762cd4a65a246bee9180713e40e61efa373ecfb5eb72501ee18b38f13e32e61793b

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS1D8F.tmp\[email protected]\chrome.manifest

Filesize
114B

MD5
782882b1a08f6d8b189c71b52588ac3a

SHA1
1fdb65b08222bf56821dfe82098f1a125ee443b2

SHA256
e0afc71ede4b796ee0f98746781a2c3356222435f3d3ec7b1b81901e9f08300a

SHA512
5ffe3dc838aa7b8a40346ca0c4ea97c85225d7c286cd25bdcfd04026caee5696c7713318a25ed68cfe7a4c9ec14f82f27309e43d3be52addeab3f6d31f1056ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS1D8F.tmp\[email protected]\content\indexeddb.js

Filesize
1KB

MD5
a5dea2e005337c58e6259033efcde5aa

SHA1
3bba3f61f45ef900ac1d11d17a6ba2ff5c9a4c30

SHA256
992f3e5a6ddce53be3629e9b47076dc0ec012c29a067e1f073abb86d381c9e46

SHA512
207c727afbf92aeb4c8cd2bca428bab07c64ce639fcad4331281b6a4847b103208b68d9f038362b6c5cbea501d9bee6ec603c974c9de2dbd669812c7fb14acd8

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS1D8F.tmp\[email protected]\content\jquery.js

Filesize
91KB

MD5
4bab8348a52d17428f684ad1ec3a427e

SHA1
56c912a8c8561070aee7b9808c5f3b2abec40063

SHA256
3739b485ac39b157caa066b883e4d9d3f74c50beff0b86cd8a24ce407b179a23

SHA512
a693069c66d8316d73a3c01ed9e6a4553c9b92d98b294f0e170cc9f9f5502c814255f5f92b93aeb07e0d6fe4613f9a1d511e1bfd965634f04e6cf18f191a7480

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS1D8F.tmp\[email protected]\content\jsext.js

Filesize
6KB

MD5
76ad0c5e0de660b1530c89fce48a59c0

SHA1
f15ecce1c35fae3a84b40549bef0d12ec589b696

SHA256
6e8545f66d88ee1584ef40ec33120654b450c6ddebf34cd95931e5b007b3d4dd

SHA512
7895a62fb0028161d70f7ba4d7031fd65e41a1edef1ed60e8d7efaa367553f36949ab5a12d8e19d1f73ead4d81014ec052dd32b4f5fee48c3d32e0339ae465b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS1D8F.tmp\[email protected]\content\lsdb.js

Filesize
1KB

MD5
8a093c66e261c59e122fcccafd7ea0ba

SHA1
2d499c9551bef148425e54abecd73af6599b4ec0

SHA256
fc918c08fa15a4346f7e80a7e8e425eb63ef141120b10398310402fe6645007e

SHA512
3a83ff240399f6565c48f8e02f2a172bfd5c34f05f1049317686c5333309ccae34e03ddb89523b21c0b9a0a476d60165a996718648e90af7d60a4ff7f581f356

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS1D8F.tmp\[email protected]\content\prfdb.js

Filesize
1KB

MD5
d126445c542a7eaf89c0d6b8748ffe3f

SHA1
4f48d20f2a869c3430102282714470798742ee09

SHA256
8361cd8d6cb28664ef78b350b1ff317cedda1955f129349f5a20b210ad1623fa

SHA512
744bbb11201d29980e7592e6ee82194911e60bf33482550d15985f282f92f53518b83cf69aaac0ae8b2c69dea883106dace13ee6a4021d635fb8d1578291e40f

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS1D8F.tmp\[email protected]\content\sqlite.js

Filesize
1KB

MD5
fe3a6230a2eb9bfca684b75ffc979718

SHA1
17313fac4dcec70d12928c7b844dbc1dca517a3c

SHA256
2fbeadaaa1ac033256faad9aa3df2816b90761674147b22b94bba1e02d97039e

SHA512
c6d3bff4f860c269b4f8c88847553a7b52bfd88ba326aacd765697234f96118e1b9f86dfbbf8bef65fd0c29effb8d753f915fb81198a8570d4cea960e5007485

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS1D8F.tmp\[email protected]\content\wx.xul

Filesize
228B

MD5
8bdc081eed4091b8818352e3bc60442d

SHA1
7e60a2f77d0451fc4b51b54ead9a20c3cf787676

SHA256
e25dad39a6a7dc6a5916317c9de565fe8c623ee8c33b44f058cb8ce82d7da31a

SHA512
36e6a0737d84f05c623750a08ae1e7d2e83aaa706763b69f863c65264f33aab2d3ed194d5c8263a8a3065d867fece2007a50cc60bce5c21d51bfc9c49970cecb

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS1D8F.tmp\[email protected]\install.rdf

Filesize
677B

MD5
a63cb87b844b278251bfd80722231e45

SHA1
21ac32c61d19307f0600718cf7acf349b64c540d

SHA256
ddf4bec664dc0d73d2b4c82250cd353bd1a34f40d9130ed8e25ca86c9e7d62ed

SHA512
7b443ce591b3d711be150fcd482644387e84711c47beb8c286cda019f2448fd710af2a9f3d8e44bd945c386ff422c8f657a027871f9bc3ce130cedcf7516598b

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS1D8F.tmp\background.html

Filesize
5KB

MD5
17fd9875b961194c283c9a51d9032c44

SHA1
bbc72d13865d60935ca3783e55286d389d14433b

SHA256
b124f32d2f7be082e6f4da9141a3caad930a70e268e56a713c7e3a810470353c

SHA512
63d03c67d08c931c9b8ed55d99b1ff2952a88d7691f27337c4007705f80cb166e433634612c68e78bcf894918c502ff644b6b99ff2b66e4ac061be2ee364788b

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS1D8F.tmp\bhoclass.dll

Filesize
137KB

MD5
ac13c733379328f86568f6e514c2f7f8

SHA1
338901240fedcef4e3892fd4c723c89154f4de05

SHA256
7bf09b5c2a9b6348227199c1b3951b57907ca6a5c215a04ad8d5e43232f5b562

SHA512
35f69a82694a2ea4268a3dde7940af6bd1c87a32d93a72723464f90e4e818805be9e80872469d1cc29150a9aac872fc78613a584baa1327dfa8478c2de5672c4

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS1D8F.tmp\content.js

Filesize
385B

MD5
e5f6e3036a1823858c56688645578c3d

SHA1
41350e7bfb9beeed6446a9641536f9bccb35d581

SHA256
3a60704218d0596690017a34e7dc068cdbdcb62ef48937d26188185fad53360b

SHA512
9256c29395e51fbbfa7d7c821c903beff5b3f59da6a779dc22be67ce2d8fa53b023d1e51315cb82bdc0811e9c034f18f9090e308980a2bb9a5b2dd3aa2bb8349

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS1D8F.tmp\obnfmcmdlmjhdpfjndfncfenkhbednnf.crx

Filesize
37KB

MD5
8120841615963de690b62d88ac45a76a

SHA1
1495ea831e36711407c8740c935fa276275fc853

SHA256
e9522794aec41cd9043f50442e5f1debf0f9e8e6e31403dc2c08ee72914cd2ef

SHA512
ac8c167c5f358681f8d663997aa070cd861bcc1e94b2a2a17e92b2baebc56d9572e5dda5a72689a232ce206bb4585a127a13c38cca68c1a9d02ae72290c55c75

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS1D8F.tmp\settings.ini

Filesize
599B

MD5
22d407ab67c4d47a5695211e8b7148d5

SHA1
5c76d8ed7e27bc6349589317eb3f0c217541e408

SHA256
864285c6dbf8a23a0113719477de2c6c217ca7fb11ce99673e80cb6c7bc66365

SHA512
63275e9f0bc9cc495f33756250c4a87fb405b11fc75ba35157e5f72ff38424f1bb839389efab42c01557f879c6d9d8a63f406339ad97504c3b9ed14442d37fcc

Download Submit
\Users\Admin\AppData\Local\Temp\7zS1D8F.tmp\setup.exe

Filesize
61KB

MD5
201d2311011ffdf6c762fd46cdeb52ab

SHA1
65c474ca42a337745e288be0e21f43ceaafd5efe

SHA256
15c0e4fd6091cda70fa308ea5ee956996f6eb23d24e44700bd5c74bf111cf2aa

SHA512
235d70114f391d9e7a319d94bdfc49665d147723379de7487ef76cfc968f7faa3191153b32ba1ab466caeeeeef4852381529a168c3acca9a8d5a26dfe0436f6b

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads