4de8fb160b2e41adf42fbfbc231416c7fd9869540d90abf3b3e7babd5d3bc1b5

Analysis

max time kernel
16s
max time network
16s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
29/09/2024, 23:10

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

ff774242805a1041aa0dd3228be69aa4_JaffaCakes118.exe
Size

313KB
MD5

ff774242805a1041aa0dd3228be69aa4
SHA1

2bfc9284709bed41ec9fa0dfff3120f51eff71f5
SHA256

4de8fb160b2e41adf42fbfbc231416c7fd9869540d90abf3b3e7babd5d3bc1b5
SHA512

22cb29299a8bbf57b424f60e55a0d9a35520f059587861cd7a3c1db4c371826f50f37e20fdd775601671272683ee06a7927e7ca6292cd45fe41ac6e367009576
SSDEEP

6144:91OgDPdkBAFZWjadD4szA3ImRl18UjxSAoW9muaZO1zNdD1h58ZfWRSh+D:91OgLda8wImOU1AW9mq1zNfh58Ziqu

Score

7^/10

adware discovery spyware stealer

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2832	setup.exe

Loads dropped DLL 6 IoCs

pid	Process
2536	ff774242805a1041aa0dd3228be69aa4_JaffaCakes118.exe
2832	setup.exe
2832	setup.exe
2832	setup.exe
2832	setup.exe
2832	setup.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Installs/modifies Browser Helper Object 2 TTPs 4 IoCs

BHOs are DLL modules which act as plugins for Internet Explorer.

stealer adware

Modify Registry

T1112

Browser Extensions

T1176

description	ioc	Process
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{2A659135-7786-2AB9-C56A-ED60D6518B7E}	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{2A659135-7786-2AB9-C56A-ED60D6518B7E}	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{2A659135-7786-2AB9-C56A-ED60D6518B7E}\ = "ADDICT-THING"	setup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{2A659135-7786-2AB9-C56A-ED60D6518B7E}\NoExplorer = "1"	setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ff774242805a1041aa0dd3228be69aa4_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe

NSIS installer 4 IoCs

installer

resource	yara_rule
behavioral1/files/0x000600000001756f-30.dat	nsis_installer_1
behavioral1/files/0x000600000001756f-30.dat	nsis_installer_2
behavioral1/files/0x0005000000019516-99.dat	nsis_installer_1
behavioral1/files/0x0005000000019516-99.dat	nsis_installer_2

Modifies registry class 63 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho.1.0\ = "ADDICT-THING"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\ = "IInjectorBHO"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\TypeLib\ = "{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0\FLAGS	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\ = "ILocalStorage"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\ProxyStubClsid32	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\ = "ILocalStorage"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2A659135-7786-2AB9-C56A-ED60D6518B7E}	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2A659135-7786-2AB9-C56A-ED60D6518B7E}\VersionIndependentProgID	setup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2A659135-7786-2AB9-C56A-ED60D6518B7E}	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\ = "IInjectorBHO"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\TypeLib\Version = "1.0"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\TypeLib\Version = "1.0"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho.1.0\CLSID\ = "{2A659135-7786-2AB9-C56A-ED60D6518B7E}"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2A659135-7786-2AB9-C56A-ED60D6518B7E}\ProgID\ = "bhoclass.bho.1.0"	setup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2A659135-7786-2AB9-C56A-ED60D6518B7E}\ProgID	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\TypeLib	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\ProxyStubClsid32	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho\CLSID\ = "{2A659135-7786-2AB9-C56A-ED60D6518B7E}"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2A659135-7786-2AB9-C56A-ED60D6518B7E}\InprocServer32\ = "C:\\ProgramData\\ADDICT-THING\\bhoclass.dll"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2A659135-7786-2AB9-C56A-ED60D6518B7E}\InprocServer32\ThreadingModel = "Apartment"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2A659135-7786-2AB9-C56A-ED60D6518B7E}\ProgID	setup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2A659135-7786-2AB9-C56A-ED60D6518B7E}\Programmable	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\TypeLib\ = "{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2A659135-7786-2AB9-C56A-ED60D6518B7E}\Programmable	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\TypeLib	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\TypeLib\ = "{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho.1.0	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho\CLSID	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0\HELPDIR	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\ProxyStubClsid32	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\TypeLib\Version = "1.0"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho\CurVer	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho.1.0\CLSID	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2A659135-7786-2AB9-C56A-ED60D6518B7E}\InprocServer32	setup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2A659135-7786-2AB9-C56A-ED60D6518B7E}\InprocServer32	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0\0	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\TypeLib\ = "{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho\ = "ADDICT-THING"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho\CurVer\ = "bhoclass.bho.1.0"	setup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2A659135-7786-2AB9-C56A-ED60D6518B7E}\VersionIndependentProgID	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0\0\win32	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0\ = "Injector 1.0 Type Library"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0\FLAGS\ = "0"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0\HELPDIR\ = "C:\\ProgramData\\ADDICT-THING"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2A659135-7786-2AB9-C56A-ED60D6518B7E}\ = "ADDICT-THING Class"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2A659135-7786-2AB9-C56A-ED60D6518B7E}\VersionIndependentProgID\ = "bhoclass.bho"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0\0\win32\ = "C:\\ProgramData\\ADDICT-THING\\bhoclass.dll"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\ProxyStubClsid32	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\TypeLib\Version = "1.0"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\TypeLib	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\TypeLib	setup.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2536 wrote to memory of 2832	2536	ff774242805a1041aa0dd3228be69aa4_JaffaCakes118.exe	29
PID 2536 wrote to memory of 2832	2536	ff774242805a1041aa0dd3228be69aa4_JaffaCakes118.exe	29
PID 2536 wrote to memory of 2832	2536	ff774242805a1041aa0dd3228be69aa4_JaffaCakes118.exe	29
PID 2536 wrote to memory of 2832	2536	ff774242805a1041aa0dd3228be69aa4_JaffaCakes118.exe	29
PID 2536 wrote to memory of 2832	2536	ff774242805a1041aa0dd3228be69aa4_JaffaCakes118.exe	29
PID 2536 wrote to memory of 2832	2536	ff774242805a1041aa0dd3228be69aa4_JaffaCakes118.exe	29
PID 2536 wrote to memory of 2832	2536	ff774242805a1041aa0dd3228be69aa4_JaffaCakes118.exe	29

System policy modification 1 TTPs 2 IoCs

evasion

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{2A659135-7786-2AB9-C56A-ED60D6518B7E} = "1"	setup.exe

C:\Users\Admin\AppData\Local\Temp\ff774242805a1041aa0dd3228be69aa4_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\ff774242805a1041aa0dd3228be69aa4_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2536
- C:\Users\Admin\AppData\Local\Temp\7zS4164.tmp\setup.exe
  .\setup.exe /s
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Installs/modifies Browser Helper Object
  - System Location Discovery: System Language Discovery
  - Modifies registry class
  - System policy modification
  PID:2832

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Browser Extensions

T1176

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\ADDICT-THING\uninstall.exe

Filesize
46KB

MD5
2628f4240552cc3b2ba04ee51078ae0c

SHA1
5b0cca662149240d1fd4354beac1338e97e334ea

SHA256
03c965d0bd9827a978ef4080139533573aa800c9803599c0ce91da48506ad8f6

SHA512
6ecfcc97126373e82f1edab47020979d7706fc2be39ca792e8f30595133cd762cd4a65a246bee9180713e40e61efa373ecfb5eb72501ee18b38f13e32e61793b

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS4164.tmp\[email protected]\chrome.manifest

Filesize
114B

MD5
bd081a69026ad907ddb38e575f0284ef

SHA1
e111af56ad58cc27e8937f4ca999d44e84f6522a

SHA256
289e783f98075a05843965d4686fec29e02105e77f30e6aca0fe65222b6967d7

SHA512
8fe7ddf4497fa297732aaad3aada4246b475cc188073a6dad5f7586eaa6b4a6063cb083c51ffdff0380e16c942b439feaa006ce04eeb89aa3bb5cb35e3dd15e9

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS4164.tmp\[email protected]\content\indexeddb.js

Filesize
1KB

MD5
04f0d1fe3db26bd83cb79ce319b0cc7c

SHA1
b38a3880f9f1f4a73bd8d9d4cf5a79a59143c895

SHA256
f5dd6416069ddf211072bce66ca0d9cf090ebf41d402feb22efc1297697cb716

SHA512
d979ddaba8805bc19659a9211d8c77dc9cc9ed417ef0b70fdfb5b4dd5d94fc7d0449a11863b04152bc36b2d48433c2dc408884e4fe6f0a015eb4439c892875a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS4164.tmp\[email protected]\content\jquery.js

Filesize
91KB

MD5
4bab8348a52d17428f684ad1ec3a427e

SHA1
56c912a8c8561070aee7b9808c5f3b2abec40063

SHA256
3739b485ac39b157caa066b883e4d9d3f74c50beff0b86cd8a24ce407b179a23

SHA512
a693069c66d8316d73a3c01ed9e6a4553c9b92d98b294f0e170cc9f9f5502c814255f5f92b93aeb07e0d6fe4613f9a1d511e1bfd965634f04e6cf18f191a7480

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS4164.tmp\[email protected]\content\jsext.js

Filesize
6KB

MD5
3b8c96c24d8fa815b6b59f325905ae8e

SHA1
306ba3c86743fa09122110606cfc13f26f7aac69

SHA256
6aba015b2c91e06ac2ed8ea169094eff726d528a28f8261604527b7e800ea41a

SHA512
1054a13e300e643a383f64012169768e68176478c93a1b1db3e83fc5832a659dd8c6f15c31c82920e1b7b95cf86f646669546f88713e0d4cd7153016c27b0ea0

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS4164.tmp\[email protected]\content\lsdb.js

Filesize
1KB

MD5
b7cbb3ca5c44de158f6ce0793046ebff

SHA1
1212f51fb49570aa729aba0fadadd593c5af0201

SHA256
3089c7e0d1ae795144c28853c2d874e16299eefbde66ea46f073f084f77159ee

SHA512
df63c550f253db25b0ccf0544aea939930d5c3f1a11ba827c95d1480c96d33a1b5fbe4768781ce18bc024efa8a27974102cc205028f9bc2b5410b6c10718999f

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS4164.tmp\[email protected]\content\prfdb.js

Filesize
1KB

MD5
864240a2c7c8585d5726a53a6fc5800b

SHA1
69932608ceae63931e0ea7ed36a43411a50a91f4

SHA256
c837d98116fa1a255617cbdddb73254fc2f994c59c8d2e606870628c0aeef410

SHA512
277a3b149ea0802c0fc23084ebbc02e661284431e5a765cf7dc807f27fd49b043baec0cc553dd84ae4a3076a87c6f92f3a755e600d47f08b235386506b724925

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS4164.tmp\[email protected]\content\sqlite.js

Filesize
1KB

MD5
97142632aedea498ec304ffde749d3a6

SHA1
3ffcef98685bd13db52ae1e2b4ba875e24545550

SHA256
9e8d9f0b894c79d966ec4922be467915353e8010c2b898308d2e49e07d5ca9a2

SHA512
8007f15c506dc7aade2fdf6be8c10db7228192177cdb4fc50ff90c8326e1416996d74eb908ed656095bd76d43911f448986d87c6c5242c08bc75f28cfde8e8fb

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS4164.tmp\[email protected]\content\wx.xul

Filesize
228B

MD5
480bb5aebd6b448ce9b8ac27586f0524

SHA1
4bee7dd53f69f5e62fbe926b4953f472c77ad842

SHA256
200c150b701374927442cd0639e9af1e4ab0f0502e5fe65cf2bfe9db651d5c0c

SHA512
81ca843502d19105468cc88af376518c4384c1d08b7e1664ce51352ea0e2891db63f6fdd893b53804d470b805968d6ecbd09558482db26d2c8b94902445bebf2

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS4164.tmp\[email protected]\install.rdf

Filesize
677B

MD5
400b2849f96124d09b75623fbb4f3d2f

SHA1
8d31ab2ce4041608a9b94b3f1aeceba345b9e613

SHA256
1515e7794755cd0aa3f82bdda6d2e67ab73e932d43e306fc50c4acfdcd0c110d

SHA512
e42cc55e053bee5df45c70c5b41c676e507eba95985e5d2ba0d45d01640aab223385dee3716ff6ce908ab0a5d9b54120c763164e15828855996a92ff28c5020d

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS4164.tmp\background.html

Filesize
4KB

MD5
46884bbdfa95c80bf04e98f872e64940

SHA1
2ceb4cec1cdc56bd3613de04dac56e16dbd30993

SHA256
85fd6855b560d837eed94a29e1c0a40849bd41a9db6ec97c1b947808a6d3a7bd

SHA512
8ee19183827f1fbbf22d5252eb7343ce15f8228d4e7289886d6644862bf44dbed74b258f1b1c4450967e54c625b4eaa20e96be4d216ab864b627efcfb368de2c

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS4164.tmp\bhoclass.dll

Filesize
137KB

MD5
ac13c733379328f86568f6e514c2f7f8

SHA1
338901240fedcef4e3892fd4c723c89154f4de05

SHA256
7bf09b5c2a9b6348227199c1b3951b57907ca6a5c215a04ad8d5e43232f5b562

SHA512
35f69a82694a2ea4268a3dde7940af6bd1c87a32d93a72723464f90e4e818805be9e80872469d1cc29150a9aac872fc78613a584baa1327dfa8478c2de5672c4

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS4164.tmp\content.js

Filesize
388B

MD5
c9933a5d0a26079d548a15d7ed2adbfe

SHA1
88da90285e2aefc77af1c6860ae868522b1406d2

SHA256
f0e124c35a5deb5364ed5d69a564ae437f4cece638c2cfbedde2cd5add1ee917

SHA512
a93fec1bab59cd51e898d25f8d966ae27dd066bca9c514e831e7ffadc2ba6b3f65197f8157c06945028d1a6d599589490c647a63283a27dbc31d91550251d5cf

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS4164.tmp\phbjlfpdjmiemnomnlfojdomplapakgm.crx

Filesize
37KB

MD5
f9c09c62a72403905cd2536f3099627a

SHA1
b1f9a0b0aae9f7dc33d5df033792f7490cc26bfb

SHA256
2aa03a001dcabbd79155a00d9e8ee8569e4f5fa8363591c1d0a0d684cdb8fc89

SHA512
990445fa242d3e11f2ced76a769339fdcd487d9acbe646aaec6d0b821a5f8dac19369543e5e6189053d069005923fb75b40ac14a0e86004511811399faaf920e

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS4164.tmp\settings.ini

Filesize
610B

MD5
4fdf1c7b29ea8c88948e78fcb6f0dd7d

SHA1
2defafb9d44a5af421bc6341838063d4eba0adf4

SHA256
776b0bec402068460f818d02533ba490ec2ebba508e15366c677d694127fb6f4

SHA512
4366eabeb1de1d3a760cdd907a5823d43ad8011161ef3995456a9decc30d8cce0938fdbe0c58679d5113f860bc0c2127b0e64953db886332f94d28cb38b5f959

Download Submit
\Users\Admin\AppData\Local\Temp\7zS4164.tmp\setup.exe

Filesize
61KB

MD5
201d2311011ffdf6c762fd46cdeb52ab

SHA1
65c474ca42a337745e288be0e21f43ceaafd5efe

SHA256
15c0e4fd6091cda70fa308ea5ee956996f6eb23d24e44700bd5c74bf111cf2aa

SHA512
235d70114f391d9e7a319d94bdfc49665d147723379de7487ef76cfc968f7faa3191153b32ba1ab466caeeeeef4852381529a168c3acca9a8d5a26dfe0436f6b

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads