d36c6d2528a05dfbcb9b4ba248a0396084995ba6b2c6394c09ea321ddc316414

Analysis

max time kernel
121s
max time network
121s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
19-08-2024 22:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

acd5094127155f3b23841443a8649490_JaffaCakes118.exe
Size

252KB
MD5

acd5094127155f3b23841443a8649490
SHA1

e36952757bd4891edfab2a2856795b4cae15a10f
SHA256

d36c6d2528a05dfbcb9b4ba248a0396084995ba6b2c6394c09ea321ddc316414
SHA512

7d9433c318c4139abed9bcf882259d60a037964b324904fb5a28fb13addafd1a0fb5bac576370ca61dd0db53a5d8f12bb74e11e84d3bf438703f5b0bd9e83d3c
SSDEEP

6144:91OgDPdkBAFZWjadD4s/geMXQf2lXlOrSjm+:91OgLdaeMAOSrS6+

Score

7^/10

adware discovery spyware stealer

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2952	setup.exe

Loads dropped DLL 6 IoCs

pid	Process
2452	acd5094127155f3b23841443a8649490_JaffaCakes118.exe
2952	setup.exe
2952	setup.exe
2952	setup.exe
2952	setup.exe
2952	setup.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Installs/modifies Browser Helper Object 2 TTPs 4 IoCs

BHOs are DLL modules which act as plugins for Internet Explorer.

stealer adware

Modify Registry

T1112

Browser Extensions

T1176

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{F7833E6B-DEAE-6DCD-2B59-CBBCE04A66C7}\NoExplorer = "1"	setup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{F7833E6B-DEAE-6DCD-2B59-CBBCE04A66C7}	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{F7833E6B-DEAE-6DCD-2B59-CBBCE04A66C7}	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{F7833E6B-DEAE-6DCD-2B59-CBBCE04A66C7}\ = "ADDICT-THING"	setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	acd5094127155f3b23841443a8649490_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe

NSIS installer 4 IoCs

installer

resource	yara_rule
behavioral1/files/0x0005000000019309-87.dat	nsis_installer_1
behavioral1/files/0x0005000000019309-87.dat	nsis_installer_2
behavioral1/files/0x0006000000018c25-29.dat	nsis_installer_1
behavioral1/files/0x0006000000018c25-29.dat	nsis_installer_2

Modifies registry class 63 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0\0\win32	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F7833E6B-DEAE-6DCD-2B59-CBBCE04A66C7}\Programmable	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F7833E6B-DEAE-6DCD-2B59-CBBCE04A66C7}\InprocServer32	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\TypeLib\Version = "1.0"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\TypeLib	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\TypeLib	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho\ = "ADDICT-THING"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho\CLSID\ = "{F7833E6B-DEAE-6DCD-2B59-CBBCE04A66C7}"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\ = "IInjectorBHO"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\ProxyStubClsid32	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0\FLAGS	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\ProxyStubClsid32	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\TypeLib\Version = "1.0"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho\CLSID	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F7833E6B-DEAE-6DCD-2B59-CBBCE04A66C7}\InprocServer32\ = "C:\\ProgramData\\ADDICT-THING\\bhoclass.dll"	setup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F7833E6B-DEAE-6DCD-2B59-CBBCE04A66C7}\VersionIndependentProgID	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0\0	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\ = "IInjectorBHO"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\ProxyStubClsid32	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F7833E6B-DEAE-6DCD-2B59-CBBCE04A66C7}\VersionIndependentProgID\ = "bhoclass.bho"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F7833E6B-DEAE-6DCD-2B59-CBBCE04A66C7}\InprocServer32\ThreadingModel = "Apartment"	setup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F7833E6B-DEAE-6DCD-2B59-CBBCE04A66C7}\ProgID	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\ = "ILocalStorage"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho.1.0\CLSID	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F7833E6B-DEAE-6DCD-2B59-CBBCE04A66C7}\ProgID	setup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F7833E6B-DEAE-6DCD-2B59-CBBCE04A66C7}\Programmable	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\TypeLib\Version = "1.0"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho\CurVer\ = "bhoclass.bho.1.0"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\TypeLib	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\TypeLib	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho.1.0\ = "ADDICT-THING"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho.1.0\CLSID\ = "{F7833E6B-DEAE-6DCD-2B59-CBBCE04A66C7}"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho.1.0	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho\CurVer	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F7833E6B-DEAE-6DCD-2B59-CBBCE04A66C7}\ProgID\ = "bhoclass.bho.1.0"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0\HELPDIR	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\ = "ILocalStorage"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F7833E6B-DEAE-6DCD-2B59-CBBCE04A66C7}\ = "ADDICT-THING Class"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\TypeLib\ = "{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0\FLAGS\ = "0"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0\0\win32\ = "C:\\ProgramData\\ADDICT-THING\\bhoclass.dll"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\ProxyStubClsid32	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F7833E6B-DEAE-6DCD-2B59-CBBCE04A66C7}\VersionIndependentProgID	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0\HELPDIR\ = "C:\\ProgramData\\ADDICT-THING"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\TypeLib\ = "{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\TypeLib\Version = "1.0"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\TypeLib\ = "{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho	setup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F7833E6B-DEAE-6DCD-2B59-CBBCE04A66C7}\InprocServer32	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\TypeLib\ = "{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F7833E6B-DEAE-6DCD-2B59-CBBCE04A66C7}	setup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F7833E6B-DEAE-6DCD-2B59-CBBCE04A66C7}	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0\ = "Injector 1.0 Type Library"	setup.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2452 wrote to memory of 2952	2452	acd5094127155f3b23841443a8649490_JaffaCakes118.exe	30
PID 2452 wrote to memory of 2952	2452	acd5094127155f3b23841443a8649490_JaffaCakes118.exe	30
PID 2452 wrote to memory of 2952	2452	acd5094127155f3b23841443a8649490_JaffaCakes118.exe	30
PID 2452 wrote to memory of 2952	2452	acd5094127155f3b23841443a8649490_JaffaCakes118.exe	30
PID 2452 wrote to memory of 2952	2452	acd5094127155f3b23841443a8649490_JaffaCakes118.exe	30
PID 2452 wrote to memory of 2952	2452	acd5094127155f3b23841443a8649490_JaffaCakes118.exe	30
PID 2452 wrote to memory of 2952	2452	acd5094127155f3b23841443a8649490_JaffaCakes118.exe	30

System policy modification 1 TTPs 2 IoCs

evasion

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{F7833E6B-DEAE-6DCD-2B59-CBBCE04A66C7} = "1"	setup.exe

C:\Users\Admin\AppData\Local\Temp\acd5094127155f3b23841443a8649490_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\acd5094127155f3b23841443a8649490_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2452
- C:\Users\Admin\AppData\Local\Temp\7zSA998.tmp\setup.exe
  .\setup.exe /s
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Installs/modifies Browser Helper Object
  - System Location Discovery: System Language Discovery
  - Modifies registry class
  - System policy modification
  PID:2952

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Browser Extensions

T1176

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\ADDICT-THING\bhoclass.dll

Filesize
139KB

MD5
4b35f6c1f932f52fa9901fbc47b432df

SHA1
8e842bf068b04f36475a3bf86c5ea6a9839bbb5e

SHA256
2b4d643a8a14f060bf3885f872b36e5e1fe1e777ad94783ba9593487c8e1f196

SHA512
8716b9a8e46933bf29348254a68d1a21392bdbbe3b4d5010e55fe638d02cc04eb685e424d440f7c5b58ffbca82e5772dd95bef73fa831595c2ae9599f3b05a99

Download Submit
C:\ProgramData\ADDICT-THING\settings.ini

Filesize
667B

MD5
5ee90acc7501b612889810c13fa8d36b

SHA1
c4ae72c1ffe8f6a0cbf5a49fcffab09e57ce1a8c

SHA256
cf8c87d2f449016994b47a9554d8739a58cb6035140620f87e83e36f7c4ddffc

SHA512
dac35d9a5ae11cfa3d2dbabfde67c225cbd2630187fdd2cb8450449dae33f1fbbd728f05d7588d27330323a108dea13e8cb50f107933156db4a48a66efdd1f10

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSA998.tmp\[email protected]\bootstrap.js

Filesize
2KB

MD5
f0ded83c97e0190109bc35e59c3a86a3

SHA1
8ba0d099b3ae07ed479f45000f422f78a579254f

SHA256
9301e5cd5c9018835f5656cdbc01e62968d2cdc305f4230fdd2b12e256463484

SHA512
6a437fc06c2db07568606e8a9561f51e6d038d8afb2c05608167e42c5c134290d96a8be80851b01175e579f07685dc49ac1921f497f2f384670ccb24a1cbbb52

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSA998.tmp\[email protected]\chrome.manifest

Filesize
116B

MD5
b62cd612648643924bdbb11fbedae52c

SHA1
d3e6724d5b392e898b25eeabc45f8b1175273271

SHA256
90fff1b30b9223149b29b0cce12ff7aa216bef5f0387037a5ceb8c055daeedd0

SHA512
929a18c28a5aeee73bffe64e71985789a2592f9169e007f6684277b9262adf7427d4b83d951b81b0a23469523f8628ec15b77663f8d2ee0ba89a253448ad7dfe

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSA998.tmp\[email protected]\content\bg.js

Filesize
8KB

MD5
6e7f99cb3ab6cb54f338148cfcb3d0b1

SHA1
9a1ce552af4d88fe0a58fa79b28bcde5a4981767

SHA256
d083b3b1124d131c7e20d403eb8e7006459b52b6245327e390a25181499fb2aa

SHA512
00d427f9c576a449f733915f7850d64f67d38087a31676b427396c276cf0bd0fc87917e44d6da5f2a87bedd6a3bb29bba87c9dfc28fd4fe249b69a663d0a6393

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSA998.tmp\[email protected]\content\zy.xul

Filesize
225B

MD5
094e8e7666db119c912d7aaae1271dd6

SHA1
f72bd32f6b392849bc7876cf95a350453ec9d56a

SHA256
4c2bd2ac1e0f466bac131a3ea7ea977cef0317420bc0a551e5c2573bb8610a40

SHA512
9e90d246993a64bcf05ca1b3bf7e055c149a21aa330e5db59e94159a7a34ea5254196614cc33ca00c5aecd887349d249b8e3b0a064750cb421b6432c060a35e8

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSA998.tmp\[email protected]\install.rdf

Filesize
714B

MD5
f19ab229a28379ccc40cb1bcee94712d

SHA1
47ee899a6114a4df47154c7494e0aeab2eca4644

SHA256
bbe9c083bb55e158da4f6a8e80bb096a2c9ecdf63dfcf78d8ba1208eb89844e0

SHA512
35bc0971cbaafeac8ec3b336a14d9879943858abad5bcddab94cfd744c0af585dd330e2ee58bd2837517c6b152070730385b7d078189a25a52bf978711abd3c5

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSA998.tmp\background.html

Filesize
5KB

MD5
bc594785cdae7aa90e00f6755053e36a

SHA1
a199658b4fe145d0b64dcec99b22890e6f66427d

SHA256
d7286832af5a46ff3444454308ddfedec34d2373f11bd98766cd9de02fe3f7c1

SHA512
d0f8ada42b5663721c0294acf36dca84ec554c6bdd78a4c050e16a6762e8b976493869ce9f950338e63294ab1023123ff56c55706caf81e6e27d340e87cd31a2

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSA998.tmp\content.js

Filesize
387B

MD5
749c2595971cffe58a70e2343e05b853

SHA1
ec7c56cbadcd36ede358e136160c7f41a03273da

SHA256
17da6f9efe405368074aacd8e02e2e2b575ddc039d52e696f964c3f8864a83be

SHA512
031b98504c7383b4224703ec956a443dcf732c6988aed0bd2fb2462f4c112cb9df21fae712c5b8c41ea6ca52486fa0cd6d8cd4950713dd68dcf88910877b7ad4

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSA998.tmp\kjkooopaehlkcamkbhofdnenfnioclja.crx

Filesize
3KB

MD5
56286f2ec0f200bbbfaacf99e9e6c285

SHA1
a67f79c6fa5774b5710117c8f40babff3e0085b0

SHA256
86c18e9fe5b4a74a98f0987327dc62e90dd6b09e45da7c7a75be67d6d16fa7c1

SHA512
a9499a494d6f02f29ea7cdb5d8e950ad2f60dd7af04045049685f7cf016232be9158ee8099e36cddb4d491e8e37e7ecc6ca7f8318fc63d03d81f30ca03ad3bcb

Download Submit
\ProgramData\ADDICT-THING\uninstall.exe

Filesize
46KB

MD5
2628f4240552cc3b2ba04ee51078ae0c

SHA1
5b0cca662149240d1fd4354beac1338e97e334ea

SHA256
03c965d0bd9827a978ef4080139533573aa800c9803599c0ce91da48506ad8f6

SHA512
6ecfcc97126373e82f1edab47020979d7706fc2be39ca792e8f30595133cd762cd4a65a246bee9180713e40e61efa373ecfb5eb72501ee18b38f13e32e61793b

Download Submit
\Users\Admin\AppData\Local\Temp\7zSA998.tmp\setup.exe

Filesize
61KB

MD5
201d2311011ffdf6c762fd46cdeb52ab

SHA1
65c474ca42a337745e288be0e21f43ceaafd5efe

SHA256
15c0e4fd6091cda70fa308ea5ee956996f6eb23d24e44700bd5c74bf111cf2aa

SHA512
235d70114f391d9e7a319d94bdfc49665d147723379de7487ef76cfc968f7faa3191153b32ba1ab466caeeeeef4852381529a168c3acca9a8d5a26dfe0436f6b

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads