79600d2963e316e6a0589507a75ab0de9436ba61e6bdf0378c07d99264b5f39b

Analysis

max time kernel
117s
max time network
117s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
27/09/2024, 05:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f9cf5ab74f2243e64e718c2a248dc3a9_JaffaCakes118.exe
Size

252KB
MD5

f9cf5ab74f2243e64e718c2a248dc3a9
SHA1

4df9f9d6c5fe4df7213e76b5f73910a0363d210d
SHA256

79600d2963e316e6a0589507a75ab0de9436ba61e6bdf0378c07d99264b5f39b
SHA512

08d38e21c02de0418c06845333bf50b6c707196a7b255d7578c39174aa18eda032a0ca52e1acea364926330aa13aed95c7c8e17e5e157ee90d42dd39fbe060e8
SSDEEP

6144:91OgDPdkBAFZWjadD4s2yHXRJag9tHGE/6SGphdxZVKugEVAVH:91OgLda4XXR7HP/q0IkH

Score

7^/10

adware discovery spyware stealer

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2840	setup.exe

Loads dropped DLL 6 IoCs

pid	Process
2196	f9cf5ab74f2243e64e718c2a248dc3a9_JaffaCakes118.exe
2840	setup.exe
2840	setup.exe
2840	setup.exe
2840	setup.exe
2840	setup.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Installs/modifies Browser Helper Object 2 TTPs 4 IoCs

BHOs are DLL modules which act as plugins for Internet Explorer.

stealer adware

Modify Registry

T1112

Browser Extensions

T1176

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{6C30AD05-D43F-E2E0-0075-37F5BD3D0BDC}\NoExplorer = "1"	setup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{6C30AD05-D43F-E2E0-0075-37F5BD3D0BDC}	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{6C30AD05-D43F-E2E0-0075-37F5BD3D0BDC}	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{6C30AD05-D43F-E2E0-0075-37F5BD3D0BDC}\ = "ADDICT-THING"	setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f9cf5ab74f2243e64e718c2a248dc3a9_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe

NSIS installer 4 IoCs

installer

resource	yara_rule
behavioral1/files/0x0005000000019d44-22.dat	nsis_installer_1
behavioral1/files/0x0005000000019d44-22.dat	nsis_installer_2
behavioral1/files/0x000500000001a4b5-79.dat	nsis_installer_1
behavioral1/files/0x000500000001a4b5-79.dat	nsis_installer_2

Modifies registry class 63 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\ProxyStubClsid32	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho.1.0\CLSID	setup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6C30AD05-D43F-E2E0-0075-37F5BD3D0BDC}\Programmable	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6C30AD05-D43F-E2E0-0075-37F5BD3D0BDC}\ProgID	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0\0	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\TypeLib\ = "{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\TypeLib	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6C30AD05-D43F-E2E0-0075-37F5BD3D0BDC}\ProgID\ = "bhoclass.bho.1.0"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho\ = "ADDICT-THING"	setup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6C30AD05-D43F-E2E0-0075-37F5BD3D0BDC}\VersionIndependentProgID	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0\HELPDIR	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\TypeLib\Version = "1.0"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho.1.0	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho\CurVer	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\TypeLib\ = "{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho.1.0\CLSID\ = "{6C30AD05-D43F-E2E0-0075-37F5BD3D0BDC}"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0\FLAGS\ = "0"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6C30AD05-D43F-E2E0-0075-37F5BD3D0BDC}\InprocServer32\ = "C:\\ProgramData\\ADDICT-THING\\bhoclass.dll"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\TypeLib\Version = "1.0"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6C30AD05-D43F-E2E0-0075-37F5BD3D0BDC}\ = "ADDICT-THING Class"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6C30AD05-D43F-E2E0-0075-37F5BD3D0BDC}\VersionIndependentProgID\ = "bhoclass.bho"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\TypeLib\ = "{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\ = "ILocalStorage"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6C30AD05-D43F-E2E0-0075-37F5BD3D0BDC}\VersionIndependentProgID	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0\0\win32	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho.1.0\ = "ADDICT-THING"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0\FLAGS	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6C30AD05-D43F-E2E0-0075-37F5BD3D0BDC}\InprocServer32\ThreadingModel = "Apartment"	setup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6C30AD05-D43F-E2E0-0075-37F5BD3D0BDC}	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0\ = "Injector 1.0 Type Library"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho\CLSID	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6C30AD05-D43F-E2E0-0075-37F5BD3D0BDC}\Programmable	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\TypeLib\Version = "1.0"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\ = "IInjectorBHO"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\TypeLib	setup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6C30AD05-D43F-E2E0-0075-37F5BD3D0BDC}\InprocServer32	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\ProxyStubClsid32	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\TypeLib	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\ = "ILocalStorage"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\TypeLib	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\ProxyStubClsid32	setup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6C30AD05-D43F-E2E0-0075-37F5BD3D0BDC}\ProgID	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6C30AD05-D43F-E2E0-0075-37F5BD3D0BDC}\InprocServer32	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0\HELPDIR\ = "C:\\ProgramData\\ADDICT-THING"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\ProxyStubClsid32	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\TypeLib\Version = "1.0"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho\CLSID\ = "{6C30AD05-D43F-E2E0-0075-37F5BD3D0BDC}"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6C30AD05-D43F-E2E0-0075-37F5BD3D0BDC}	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\TypeLib\ = "{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\ = "IInjectorBHO"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho\CurVer\ = "bhoclass.bho.1.0"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0\0\win32\ = "C:\\ProgramData\\ADDICT-THING\\bhoclass.dll"	setup.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2196 wrote to memory of 2840	2196	f9cf5ab74f2243e64e718c2a248dc3a9_JaffaCakes118.exe	31
PID 2196 wrote to memory of 2840	2196	f9cf5ab74f2243e64e718c2a248dc3a9_JaffaCakes118.exe	31
PID 2196 wrote to memory of 2840	2196	f9cf5ab74f2243e64e718c2a248dc3a9_JaffaCakes118.exe	31
PID 2196 wrote to memory of 2840	2196	f9cf5ab74f2243e64e718c2a248dc3a9_JaffaCakes118.exe	31
PID 2196 wrote to memory of 2840	2196	f9cf5ab74f2243e64e718c2a248dc3a9_JaffaCakes118.exe	31
PID 2196 wrote to memory of 2840	2196	f9cf5ab74f2243e64e718c2a248dc3a9_JaffaCakes118.exe	31
PID 2196 wrote to memory of 2840	2196	f9cf5ab74f2243e64e718c2a248dc3a9_JaffaCakes118.exe	31

System policy modification 1 TTPs 2 IoCs

evasion

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{6C30AD05-D43F-E2E0-0075-37F5BD3D0BDC} = "1"	setup.exe

C:\Users\Admin\AppData\Local\Temp\f9cf5ab74f2243e64e718c2a248dc3a9_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\f9cf5ab74f2243e64e718c2a248dc3a9_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2196
- C:\Users\Admin\AppData\Local\Temp\7zSCCC1.tmp\setup.exe
  .\setup.exe /s
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Installs/modifies Browser Helper Object
  - System Location Discovery: System Language Discovery
  - Modifies registry class
  - System policy modification
  PID:2840

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Browser Extensions

T1176

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\ADDICT-THING\uninstall.exe

Filesize
46KB

MD5
8be20144dbd200c6de0c9430ed9280cf

SHA1
b81e3aacaaedd66ef0896acabc6983c94758e2b4

SHA256
634557ab79a29fe800721bc5f146a9b86799b72eb6755e821492f85ca66818a6

SHA512
fd7db954002be6332c8c6f4500fc38c1d5286022bb56f21b97567e837ee3d5a3c6db08cabcd2ffe405e7180918d6bb0b57b330703a9d045851901d01115ff94e

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCCC1.tmp\[email protected]\bootstrap.js

Filesize
2KB

MD5
f0ded83c97e0190109bc35e59c3a86a3

SHA1
8ba0d099b3ae07ed479f45000f422f78a579254f

SHA256
9301e5cd5c9018835f5656cdbc01e62968d2cdc305f4230fdd2b12e256463484

SHA512
6a437fc06c2db07568606e8a9561f51e6d038d8afb2c05608167e42c5c134290d96a8be80851b01175e579f07685dc49ac1921f497f2f384670ccb24a1cbbb52

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCCC1.tmp\[email protected]\chrome.manifest

Filesize
116B

MD5
6c36e7c159675c419ba8c4e75d4a1d03

SHA1
d05e22836044eefef7a2723f476477926ce7b0df

SHA256
19512d39bcded18b88bd09c3183ae7ab4e9f845c495cc2efefbf9ce081e7e56f

SHA512
e443bb1981d78ef34adf9fa5539c33c3adea3d9fa923c5f7d8a2f25ad3294eea2812234901174a1a6601957dac2d8da3434da5f171f3f55d54f3720ca19457cf

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCCC1.tmp\[email protected]\content\bg.js

Filesize
8KB

MD5
a54db5a4efa3d8212ea115d065cd4f73

SHA1
730ed54f95f2cff7eac08286b8920e0255cf3865

SHA256
af4a6aa586838c89012d9f1787f568d3408eec8eb0bb7b9fad8951259851f92f

SHA512
052ec65176885e9e98a69aa4c1031e0d3cb0cda24dd10f4629a052692559834e65272c1789db3e2557eb2c539e0d1b22fd928f4c19633c8f641eadbe3828eb8c

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCCC1.tmp\[email protected]\content\zy.xul

Filesize
225B

MD5
89f1d72603dc31eb0803694ccdb9c759

SHA1
2bb48ac2bcd7b52a7df35a68949cb31341469017

SHA256
60e4c568b3e37251e988f8e477f72e0773c5ec2a2bc2d456789fb58d28fde6a1

SHA512
620b35606a5f76532ac855176b9560066269b7ed5d826defd4e3e3c3337af0e213a150ffaea7362079a39db406488cea9f3f5f755bf3a375c740659e645b0b84

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCCC1.tmp\[email protected]\install.rdf

Filesize
714B

MD5
b761d375214686a92c0cc7cdca28d975

SHA1
3b66113dc38b2ff31f9d2b03d3848615f98c681a

SHA256
4a3a05d243f642954fb1253cd5b98c611a88ace41130173a9cb54aac902d640a

SHA512
fb21ce2983f89d9f4373d220aba5e1b406a03bbffacc088a310995f9ba1ede5118f43e19b8e9a945b1fbb2c4576fceee9b551ee80c5b0191b8940c6e497393ab

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCCC1.tmp\background.html

Filesize
4KB

MD5
a90a08313b73a355e796c95bec7f20ce

SHA1
3f4b153c7aa328ad6e49f3dc011103df51f4ae4f

SHA256
d022ab58c7aea6c181413fe2cb307631a4db13c8aebfb82c2b3adec07cfdb0d4

SHA512
824d95fe11cdd398937af3611e5f679c2a60527b7c092c8236538f9ffdd7559111fe104200f08f17a30e00a99a6398c4608e03f5fae10f3868ddac6d7997c2fc

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCCC1.tmp\bhoclass.dll

Filesize
139KB

MD5
4b35f6c1f932f52fa9901fbc47b432df

SHA1
8e842bf068b04f36475a3bf86c5ea6a9839bbb5e

SHA256
2b4d643a8a14f060bf3885f872b36e5e1fe1e777ad94783ba9593487c8e1f196

SHA512
8716b9a8e46933bf29348254a68d1a21392bdbbe3b4d5010e55fe638d02cc04eb685e424d440f7c5b58ffbca82e5772dd95bef73fa831595c2ae9599f3b05a99

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCCC1.tmp\content.js

Filesize
388B

MD5
c9933a5d0a26079d548a15d7ed2adbfe

SHA1
88da90285e2aefc77af1c6860ae868522b1406d2

SHA256
f0e124c35a5deb5364ed5d69a564ae437f4cece638c2cfbedde2cd5add1ee917

SHA512
a93fec1bab59cd51e898d25f8d966ae27dd066bca9c514e831e7ffadc2ba6b3f65197f8157c06945028d1a6d599589490c647a63283a27dbc31d91550251d5cf

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCCC1.tmp\midenngedahnflbiikiibjddjilbokjf.crx

Filesize
3KB

MD5
70b7a00cb499088d13ecf098eec48ecd

SHA1
67b522973f3fc3eb41b0a47cc8c86a9cac7257a4

SHA256
e2cb7a2a1dfaac4d51668ec9a9c93f1eea2b63c7711b3f2811ba8fe1fa67e3f2

SHA512
e82aa854721286984dc33d9f343b57a77ad3964a2466050396dcfe594bf6ad1a4a149f114a0f59393bb13e89b401f38ccca185446ab804f08fc271e1bd579faa

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCCC1.tmp\settings.ini

Filesize
667B

MD5
d1f631b837e17ec603c3b2ec5a531f7a

SHA1
bb57a66d426dbbba88ae5e7a9d89f6249644d1c3

SHA256
d860f034c8eaa3e1723bcfba9ed06f396965535aba130403849a11e53933838a

SHA512
ba797cb31f42cb33da81a71bf51e05483018c693cc8f7d512e0684eaa601e192dabfd1a9777a15bb9f43a79b651a75672608ba868e251f002a03628f308998a9

Download Submit
\Users\Admin\AppData\Local\Temp\7zSCCC1.tmp\setup.exe

Filesize
61KB

MD5
16ef6e914973925977cdc5ef6b8b2565

SHA1
4815da2815975b33f5dc94d482e6dbc02588afa6

SHA256
6b9a2b64b90799f1d50458dc38fb4e9e13a8abb37210c8f5d9eeedae84c6912f

SHA512
c74f0e17878c4598b626edb5e75e7ee098b71c0c26454ba709e2ea438517670ce11abf7d909470e6c935a21d0413c0d14b29960af9bd6a423e3261789a35b059

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads