d5cb19e8cbd1fa8feeb383a2ea9a929bd1925864ef0ec8c3a8157ec7f912b336

Analysis

max time kernel
96s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
13-09-2024 12:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

de4e31e9076caf8f1645289d800cd7eb_JaffaCakes118.exe
Size

252KB
MD5

de4e31e9076caf8f1645289d800cd7eb
SHA1

922840cfcb7ddf08bc2a563661b001b5096692af
SHA256

d5cb19e8cbd1fa8feeb383a2ea9a929bd1925864ef0ec8c3a8157ec7f912b336
SHA512

195f0dd0fa5d750dfeb80733238b3f5203b17e2cbb2df14ddde9aa9da95d9007b785537670f791ed412e01583a90b3c10da828fe28a9d40adf652ae6cab953d7
SSDEEP

6144:91OgDPdkBAFZWjadD4s04zQ7RSKp7HLi589ikKtC:91OgLdamE/7HLu89ikZ

Score

7^/10

adware discovery spyware stealer

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1840	setup.exe

Loads dropped DLL 1 IoCs

pid	Process
1840	setup.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Installs/modifies Browser Helper Object 2 TTPs 4 IoCs

BHOs are DLL modules which act as plugins for Internet Explorer.

stealer adware

Modify Registry

T1112

Browser Extensions

T1176

description	ioc	Process
Key deleted	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F1DF02C-D5F4-AD00-2300-2720341CD8E9}	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F1DF02C-D5F4-AD00-2300-2720341CD8E9}	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F1DF02C-D5F4-AD00-2300-2720341CD8E9}\ = "wxDfast"	setup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F1DF02C-D5F4-AD00-2300-2720341CD8E9}\NoExplorer = "1"	setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	de4e31e9076caf8f1645289d800cd7eb_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe

NSIS installer 4 IoCs

installer

resource	yara_rule
behavioral2/files/0x000700000002339f-23.dat	nsis_installer_1
behavioral2/files/0x000700000002339f-23.dat	nsis_installer_2
behavioral2/files/0x00070000000233b5-80.dat	nsis_installer_1
behavioral2/files/0x00070000000233b5-80.dat	nsis_installer_2

Modifies registry class 63 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0\0\win32	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\TypeLib\Version = "1.0"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho\ = "wxDfast"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{7F1DF02C-D5F4-AD00-2300-2720341CD8E9}	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0\0	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\ = "IInjectorBHO"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\TypeLib	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho\CLSID\ = "{7F1DF02C-D5F4-AD00-2300-2720341CD8E9}"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho\CLSID	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{7F1DF02C-D5F4-AD00-2300-2720341CD8E9}\ProgID\ = "bhoclass.bho.1.0"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0\FLAGS	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\ProxyStubClsid32	setup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{7F1DF02C-D5F4-AD00-2300-2720341CD8E9}	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\TypeLib\ = "{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho.1.0\ = "wxDfast"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho.1.0\CLSID	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{7F1DF02C-D5F4-AD00-2300-2720341CD8E9}\InprocServer32	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\ProxyStubClsid32	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\ = "IInjectorBHO"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{7F1DF02C-D5F4-AD00-2300-2720341CD8E9}\VersionIndependentProgID	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{7F1DF02C-D5F4-AD00-2300-2720341CD8E9}\VersionIndependentProgID\ = "bhoclass.bho"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{7F1DF02C-D5F4-AD00-2300-2720341CD8E9}\Programmable	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0\0\win32\ = "C:\\ProgramData\\wxDfast\\bhoclass.dll"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho.1.0\CLSID\ = "{7F1DF02C-D5F4-AD00-2300-2720341CD8E9}"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{7F1DF02C-D5F4-AD00-2300-2720341CD8E9}\ProgID	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\TypeLib\Version = "1.0"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho.1.0	setup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{7F1DF02C-D5F4-AD00-2300-2720341CD8E9}\ProgID	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\TypeLib\Version = "1.0"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\ = "ILocalStorage"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{7F1DF02C-D5F4-AD00-2300-2720341CD8E9}\ = "wxDfast Class"	setup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{7F1DF02C-D5F4-AD00-2300-2720341CD8E9}\VersionIndependentProgID	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\ProxyStubClsid32	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\TypeLib\ = "{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho\CurVer\ = "bhoclass.bho.1.0"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\TypeLib\Version = "1.0"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho\CurVer	setup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{7F1DF02C-D5F4-AD00-2300-2720341CD8E9}\Programmable	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0\ = "Injector 1.0 Type Library"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\TypeLib\ = "{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{7F1DF02C-D5F4-AD00-2300-2720341CD8E9}\InprocServer32\ = "C:\\ProgramData\\wxDfast\\bhoclass.dll"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{7F1DF02C-D5F4-AD00-2300-2720341CD8E9}\InprocServer32\ThreadingModel = "Apartment"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0\FLAGS\ = "0"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0\HELPDIR	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\TypeLib	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0\HELPDIR\ = "C:\\ProgramData\\wxDfast"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\TypeLib	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\TypeLib\ = "{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho	setup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{7F1DF02C-D5F4-AD00-2300-2720341CD8E9}\InprocServer32	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\ = "ILocalStorage"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\ProxyStubClsid32	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\TypeLib	setup.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3848 wrote to memory of 1840	3848	de4e31e9076caf8f1645289d800cd7eb_JaffaCakes118.exe	83
PID 3848 wrote to memory of 1840	3848	de4e31e9076caf8f1645289d800cd7eb_JaffaCakes118.exe	83
PID 3848 wrote to memory of 1840	3848	de4e31e9076caf8f1645289d800cd7eb_JaffaCakes118.exe	83

System policy modification 1 TTPs 2 IoCs

evasion

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{7F1DF02C-D5F4-AD00-2300-2720341CD8E9} = "1"	setup.exe

C:\Users\Admin\AppData\Local\Temp\de4e31e9076caf8f1645289d800cd7eb_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\de4e31e9076caf8f1645289d800cd7eb_JaffaCakes118.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:3848
- C:\Users\Admin\AppData\Local\Temp\7zS64D4.tmp\setup.exe
  .\setup.exe /s
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Installs/modifies Browser Helper Object
  - System Location Discovery: System Language Discovery
  - Modifies registry class
  - System policy modification
  PID:1840

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Browser Extensions

T1176

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\wxDfast\uninstall.exe

Filesize
46KB

MD5
8be20144dbd200c6de0c9430ed9280cf

SHA1
b81e3aacaaedd66ef0896acabc6983c94758e2b4

SHA256
634557ab79a29fe800721bc5f146a9b86799b72eb6755e821492f85ca66818a6

SHA512
fd7db954002be6332c8c6f4500fc38c1d5286022bb56f21b97567e837ee3d5a3c6db08cabcd2ffe405e7180918d6bb0b57b330703a9d045851901d01115ff94e

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS64D4.tmp\[email protected]\bootstrap.js

Filesize
2KB

MD5
b9165e81934c746e3a33afc6bde86143

SHA1
ce38f37d26d5fa6309f4d42cbf470bc4a884b100

SHA256
3edbe3448cc74e7862db06fb08a8250c044a6aadbbea35a365560080eaaa3624

SHA512
fab8731e561554bf3ac4a32950a4111d3bca7d9223727ed6eccca598777bd697606a11f658eae3d28f6dae16faf40fda7387d0e25cd8f3cb750c871f77178bc8

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS64D4.tmp\[email protected]\chrome.manifest

Filesize
116B

MD5
e781b2c06cac9e654ec539f91321cc19

SHA1
b63cf36581236662c5c8de8b6cbd26df8128e2aa

SHA256
3d92da704d285d80920714d5d4d56761b63aeffc68672d725a825c783ec74c9b

SHA512
4276c84be6a787974e87d1a30aaeae8c9a31c0af8538df3bf907cfe02582f227332865455d437574557026758cbb5470e12fad55f3027dee08adc2c44048e991

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS64D4.tmp\[email protected]\content\bg.js

Filesize
8KB

MD5
8055a730349dd8823a7eb0217201f10b

SHA1
866ea4baaced91db674919477939dd76f0ef84e2

SHA256
a5392bcb960c4f0394a8a039cf46aa85f4daf0b773f307263e042f662b47d1f6

SHA512
2f2aaa85468a44da813d334d794ca850f4ec92829e0ff3ed8ee727a7b5d9ab8113854282acd41cb11d70803c16dbfd560b42a631275ff67029ce93b94474e0e8

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS64D4.tmp\[email protected]\content\zy.xul

Filesize
225B

MD5
8b0cbc8932da9965723d7133423f7bf1

SHA1
e48f431aaf90b3a9314b88f78ee18172ca90dca8

SHA256
632ece5d81914df63ca3bebf48f493ad5ee5842154e7b8603f9e3977a8fbcc84

SHA512
1c9f1b7405dc724949d7eaa82ae866aaf6f72434c9f38d51f12b3598935353dee57d3702dd08affdcf51cc7d1b3b18eb794025203334d5b4c8e7c9b45dac78ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS64D4.tmp\[email protected]\install.rdf

Filesize
714B

MD5
2214bd8cf0602ee8c6f6383ce8c05668

SHA1
33ee70591480c2d62baddf3741e487e5cc9f8d8a

SHA256
884f60c647fe0ac857737521208fd8d8328e3f6577c7e2116217ba6f9926b1aa

SHA512
887d19560287f62d18a7cda9f54727c6265b25d870ede158da5ca174dcb7673bc0fb451755bb4d7b9316301f49a254779ad3f01ac6d906c5dc34e36862bbe569

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS64D4.tmp\background.html

Filesize
4KB

MD5
73f28c156d882023e22c1f74e3834887

SHA1
9c651ba49b3762a32358d71e3ff7991d00aaa35a

SHA256
55bb22ea9bea08fcba1ad2998c8972597ccccab977262ba3908fd93185831494

SHA512
aeb6108cb7f536149e76ebf70cdac70ffd94e31b7e617e859f97d914aa7ddb9b2d57df935cfd4cbe5bff0276a0bd506d6f5bea1987a956fbb6e13c593b40bef3

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS64D4.tmp\bhoclass.dll

Filesize
139KB

MD5
4b35f6c1f932f52fa9901fbc47b432df

SHA1
8e842bf068b04f36475a3bf86c5ea6a9839bbb5e

SHA256
2b4d643a8a14f060bf3885f872b36e5e1fe1e777ad94783ba9593487c8e1f196

SHA512
8716b9a8e46933bf29348254a68d1a21392bdbbe3b4d5010e55fe638d02cc04eb685e424d440f7c5b58ffbca82e5772dd95bef73fa831595c2ae9599f3b05a99

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS64D4.tmp\content.js

Filesize
386B

MD5
8d13a2987eb94e0b1c55c706ad4e3cec

SHA1
c54b5018a57fbb7a6ed3ea23b71867a2cc5650c9

SHA256
ba4ead1afee87e6a445baa4e13d49f3582377ac9d1b8f482879be5b239862ca0

SHA512
1595889017253cc09415435b1d9bc59ddccfbd4e7dcf350fc62971044226fabdc0eeeaa4ca21b4c930e3ff18880fb5e9e1bde513d75cb674702b74bf42b24837

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS64D4.tmp\onbocpjnpnkblfflljlhknahlihhahne.crx

Filesize
3KB

MD5
4f9f88c2072f9929ff337c8d62e405c6

SHA1
2a33ca9a7899abd6809471467650b21241383868

SHA256
9376370db5325b5beaa0c7d5c0c50bb65a25657fc37fd8352f03d4113818d8d7

SHA512
7c548c4e7970d57542ad5a6e3d41e04ccebf83e4b2ca53295153b6316eb1889d68ab9221bcff7788e7ed058ec83296c76be9b54ebaef2ec0fe65c5f517b13cbc

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS64D4.tmp\settings.ini

Filesize
656B

MD5
a0f6f7851d9779e29834c05b60847e31

SHA1
05ec54f8f6ef51509ab6329f35a0829a3ce521f7

SHA256
890b3efadb797f6b4a2cd474c5ef0db39a9923ea49cbabe423595da582b5a25c

SHA512
f3661e27b872e0ec2e81304a7e3aaab68cbad424d4d048a49c6adc3d6caa24ad4be3b4c60b769f58a7c06caab4253460cac61029fcaade83546e0f04534d40e3

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS64D4.tmp\setup.exe

Filesize
61KB

MD5
16ef6e914973925977cdc5ef6b8b2565

SHA1
4815da2815975b33f5dc94d482e6dbc02588afa6

SHA256
6b9a2b64b90799f1d50458dc38fb4e9e13a8abb37210c8f5d9eeedae84c6912f

SHA512
c74f0e17878c4598b626edb5e75e7ee098b71c0c26454ba709e2ea438517670ce11abf7d909470e6c935a21d0413c0d14b29960af9bd6a423e3261789a35b059

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads