a31ad6e5eddfa686c051dc2424d9336a67ada39516cb1e4990a9ef1cccaad7e5

Analysis

max time kernel
118s
max time network
118s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
03/10/2024, 19:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

103dbe92b3bc8a29ffe0e87b0981ae73_JaffaCakes118.exe
Size

252KB
MD5

103dbe92b3bc8a29ffe0e87b0981ae73
SHA1

7c443e543499f871d5dd11e742fb8029ef19359a
SHA256

a31ad6e5eddfa686c051dc2424d9336a67ada39516cb1e4990a9ef1cccaad7e5
SHA512

055d0f9956e6b626264ce89ac8f98ea14c39327d6410f063ffaeb4a6d128a0bcfa23d35f55f4551ca8e9fc0b6aee3a6dbee94361acc1c673391a5bd4df9ce93f
SSDEEP

6144:91OgDPdkBAFZWjadD4siDyhJ2XTCVdKA/iOt:91OgLdaJUJ2XT0Mny

Score

7^/10

adware discovery spyware stealer

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2768	setup.exe

Loads dropped DLL 6 IoCs

pid	Process
2628	103dbe92b3bc8a29ffe0e87b0981ae73_JaffaCakes118.exe
2768	setup.exe
2768	setup.exe
2768	setup.exe
2768	setup.exe
2768	setup.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Installs/modifies Browser Helper Object 2 TTPs 4 IoCs

BHOs are DLL modules which act as plugins for Internet Explorer.

stealer adware

Modify Registry

T1112

Browser Extensions

T1176

description	ioc	Process
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{3A7B4758-BFEA-53A7-7A26-73203350CACB}	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{3A7B4758-BFEA-53A7-7A26-73203350CACB}	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{3A7B4758-BFEA-53A7-7A26-73203350CACB}\ = "DownloadnSave"	setup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{3A7B4758-BFEA-53A7-7A26-73203350CACB}\NoExplorer = "1"	setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	103dbe92b3bc8a29ffe0e87b0981ae73_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe

NSIS installer 4 IoCs

installer

resource	yara_rule
behavioral1/files/0x000500000001967d-22.dat	nsis_installer_1
behavioral1/files/0x000500000001967d-22.dat	nsis_installer_2
behavioral1/files/0x000500000001a441-79.dat	nsis_installer_1
behavioral1/files/0x000500000001a441-79.dat	nsis_installer_2

Modifies registry class 63 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho.1.0\CLSID	setup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3A7B4758-BFEA-53A7-7A26-73203350CACB}\VersionIndependentProgID	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0\FLAGS\ = "0"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0\HELPDIR	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho\ = "DownloadnSave"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3A7B4758-BFEA-53A7-7A26-73203350CACB}\ = "DownloadnSave Class"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\TypeLib	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3A7B4758-BFEA-53A7-7A26-73203350CACB}\VersionIndependentProgID	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3A7B4758-BFEA-53A7-7A26-73203350CACB}\InprocServer32	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho\CurVer	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3A7B4758-BFEA-53A7-7A26-73203350CACB}\ProgID\ = "bhoclass.bho.1.0"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3A7B4758-BFEA-53A7-7A26-73203350CACB}\VersionIndependentProgID\ = "bhoclass.bho"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3A7B4758-BFEA-53A7-7A26-73203350CACB}\InprocServer32\ThreadingModel = "Apartment"	setup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3A7B4758-BFEA-53A7-7A26-73203350CACB}\InprocServer32	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\TypeLib\Version = "1.0"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho.1.0\CLSID\ = "{3A7B4758-BFEA-53A7-7A26-73203350CACB}"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho\CLSID\ = "{3A7B4758-BFEA-53A7-7A26-73203350CACB}"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0\FLAGS	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0\0\win32	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho.1.0\ = "DownloadnSave"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho\CurVer\ = "bhoclass.bho.1.0"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3A7B4758-BFEA-53A7-7A26-73203350CACB}\ProgID	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\ = "IInjectorBHO"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\TypeLib\Version = "1.0"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3A7B4758-BFEA-53A7-7A26-73203350CACB}\Programmable	setup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3A7B4758-BFEA-53A7-7A26-73203350CACB}	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\TypeLib\Version = "1.0"	setup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3A7B4758-BFEA-53A7-7A26-73203350CACB}\Programmable	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\ = "ILocalStorage"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho.1.0	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0\ = "Injector 1.0 Type Library"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0\0\win32\ = "C:\\ProgramData\\DownloadnSave\\bhoclass.dll"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\TypeLib	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0\HELPDIR\ = "C:\\ProgramData\\DownloadnSave"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\TypeLib\ = "{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\ = "ILocalStorage"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\ProxyStubClsid32	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3A7B4758-BFEA-53A7-7A26-73203350CACB}	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3A7B4758-BFEA-53A7-7A26-73203350CACB}\InprocServer32\ = "C:\\ProgramData\\DownloadnSave\\bhoclass.dll"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0\0	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\ = "IInjectorBHO"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\TypeLib\ = "{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\ProxyStubClsid32	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\TypeLib\ = "{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\ProxyStubClsid32	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\TypeLib	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\TypeLib\Version = "1.0"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\ProxyStubClsid32	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\TypeLib	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\TypeLib\ = "{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho\CLSID	setup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3A7B4758-BFEA-53A7-7A26-73203350CACB}\ProgID	setup.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2628 wrote to memory of 2768	2628	103dbe92b3bc8a29ffe0e87b0981ae73_JaffaCakes118.exe	30
PID 2628 wrote to memory of 2768	2628	103dbe92b3bc8a29ffe0e87b0981ae73_JaffaCakes118.exe	30
PID 2628 wrote to memory of 2768	2628	103dbe92b3bc8a29ffe0e87b0981ae73_JaffaCakes118.exe	30
PID 2628 wrote to memory of 2768	2628	103dbe92b3bc8a29ffe0e87b0981ae73_JaffaCakes118.exe	30
PID 2628 wrote to memory of 2768	2628	103dbe92b3bc8a29ffe0e87b0981ae73_JaffaCakes118.exe	30
PID 2628 wrote to memory of 2768	2628	103dbe92b3bc8a29ffe0e87b0981ae73_JaffaCakes118.exe	30
PID 2628 wrote to memory of 2768	2628	103dbe92b3bc8a29ffe0e87b0981ae73_JaffaCakes118.exe	30

System policy modification 1 TTPs 2 IoCs

evasion

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{3A7B4758-BFEA-53A7-7A26-73203350CACB} = "1"	setup.exe

C:\Users\Admin\AppData\Local\Temp\103dbe92b3bc8a29ffe0e87b0981ae73_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\103dbe92b3bc8a29ffe0e87b0981ae73_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2628
- C:\Users\Admin\AppData\Local\Temp\7zS8B8.tmp\setup.exe
  .\setup.exe /s
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Installs/modifies Browser Helper Object
  - System Location Discovery: System Language Discovery
  - Modifies registry class
  - System policy modification
  PID:2768

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Browser Extensions

T1176

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\DownloadnSave\uninstall.exe

Filesize
46KB

MD5
2628f4240552cc3b2ba04ee51078ae0c

SHA1
5b0cca662149240d1fd4354beac1338e97e334ea

SHA256
03c965d0bd9827a978ef4080139533573aa800c9803599c0ce91da48506ad8f6

SHA512
6ecfcc97126373e82f1edab47020979d7706fc2be39ca792e8f30595133cd762cd4a65a246bee9180713e40e61efa373ecfb5eb72501ee18b38f13e32e61793b

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8B8.tmp\[email protected]\bootstrap.js

Filesize
2KB

MD5
e16c50c73ad0c26bbd7593f325288ea8

SHA1
283626b095dbfd2fa285cc8ddcc104ce994a5a62

SHA256
bba9d13c3738ea9a3541dc9cd59950f0ebac4e73380a7ef0e9a42228346c3d62

SHA512
ac53acc63bdd53ee79648029fde8f00ce982d591de6d98a92303da495af797e9ea8818e2d5e9aed695bc72cd7741366ae992550b1b12db809252acd1729a6b8a

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8B8.tmp\[email protected]\chrome.manifest

Filesize
116B

MD5
af42c8a3e5e85e0905aa8cf17467af42

SHA1
6c3bd77e96f8f156a8bd6fbf881648362440e4b5

SHA256
1be5131b225ca269fa756897d30a0ecf872aed653582fc758ca509a545bf5ccb

SHA512
6cfca40000e38dc87f2693d40fdf7b49d8f5c7acfd702fd81e900607bc5113e4639164b9451b06fe4006f3bde5bcd42271a0bcde3dcd816ef05d032a2d70afc9

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8B8.tmp\[email protected]\content\bg.js

Filesize
8KB

MD5
066829c7832417a6dccf418306807bdf

SHA1
52ee00528424d759fd9170badd940b2d3b1c85c1

SHA256
4d2693545b1edafe3177f165272e47a83d183d7bc850959e716710404f0b0066

SHA512
b451ab6ece79b044a55c7ab691fa443fd6e2975031a4ae31b4e14c241bbea9bd473c205dbc606981e25d83b55040ccb9e059556003312e0452281d08e653030d

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8B8.tmp\[email protected]\content\zy.xul

Filesize
225B

MD5
d5a69761ea09259e552953dec2da0b74

SHA1
1a6b664e980f70bc8a79c8d51b6310185200d53a

SHA256
de0cb98ec69d763e85d2d423d5b945f1692a3e95d704623212c9a3378e5e6206

SHA512
739c9a6df2d50f5e8b995b3ad0a5b0b7947895fd44ce2ef67bc65c82b344ba7e1141f048795bd616b9d403d91e6c5a06516a145d42890da78c61acaf5cf0fb88

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8B8.tmp\[email protected]\install.rdf

Filesize
720B

MD5
e7c93e4e4d985a3119088af4d04b1b5e

SHA1
db088d2b70e0d1e0c69922b41a82c89d6222f024

SHA256
70020b5c1ac3ea0c4566f4dae6e1365a9ab85b7669f89892de891d3bcae11b9a

SHA512
e9fcaf83981fca3992fa829c07ac8a9ad5694d5e628a34c456dbf1c9e8f66cafe67801694e29c735c7391f4e5f2006451f1adcf06b008b61e4da38edf478a3b4

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8B8.tmp\background.html

Filesize
5KB

MD5
836e64bb86ca57d89e82f3cda3263927

SHA1
523a0cc2be5ff54a2c222aa3c394e959623c58ed

SHA256
ca6eee521e55731d18f14836eba0c4f34c716e450e67319ad13ac41b7e532e6a

SHA512
0e7b7eeea94811d8d0365105f14e1ff51d50801dcb98baaad69b1f6bc81b64e5f6cf736ff83ca0f44d15c2e5af9cbc71afcf8074b6f17b301652580eb3326859

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8B8.tmp\bhoclass.dll

Filesize
139KB

MD5
4b35f6c1f932f52fa9901fbc47b432df

SHA1
8e842bf068b04f36475a3bf86c5ea6a9839bbb5e

SHA256
2b4d643a8a14f060bf3885f872b36e5e1fe1e777ad94783ba9593487c8e1f196

SHA512
8716b9a8e46933bf29348254a68d1a21392bdbbe3b4d5010e55fe638d02cc04eb685e424d440f7c5b58ffbca82e5772dd95bef73fa831595c2ae9599f3b05a99

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8B8.tmp\content.js

Filesize
388B

MD5
3a27f7e877806a7f35b0c66f0e790417

SHA1
46743e5372e99b7ce6e70e28bd3bdac488afc729

SHA256
b4f1a4c9be9b3b1eb78e619a07a5e70372ed4727c29171372f3b248a6afb8551

SHA512
6e6762bd92494cd64792b69fb39b5d2836df4c479cf210e9b016e8ca40f7c450af9283fc9733cb3366c0109ab28c968ab5822c205fb36aceb7e7c163abd79081

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8B8.tmp\gepnflhjoklaahcbkbimlckmihanmaac.crx

Filesize
3KB

MD5
5e04d4e024c493f114ec0a81002bfeac

SHA1
5aeeab61d04341adfe4fe32340ab309e4adb043f

SHA256
1c1a1981d866e423c3726b957cb47fab1a11b4baedb3701662fe9f2a33402df7

SHA512
21740bdffc3a3dfded58798a1baee3505de793c5039eafa1c6b88180abf7144c653cb4cc3923f3121ee960091f6493c61dd4406fad14052292b7935bdd608210

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8B8.tmp\settings.ini

Filesize
675B

MD5
a59e2483827a1ef8ae6ffef9cc7b61b5

SHA1
dc5508697bbc2d45ed8281277d7a7f1ed3eb6ef3

SHA256
ed7339b6925784f7d6be182e1e7d8b2417f696b1a221c3cde6cfe2c9fff2346c

SHA512
1894433b9f89ea65e7b6f24de2150d5a412ae9eae9aad924206b32c3d08be4ec1ffbd853b3167ef2ebce4f1a45a8036386ffdb44bb8160dfca8282074d463456

Download Submit
\Users\Admin\AppData\Local\Temp\7zS8B8.tmp\setup.exe

Filesize
61KB

MD5
201d2311011ffdf6c762fd46cdeb52ab

SHA1
65c474ca42a337745e288be0e21f43ceaafd5efe

SHA256
15c0e4fd6091cda70fa308ea5ee956996f6eb23d24e44700bd5c74bf111cf2aa

SHA512
235d70114f391d9e7a319d94bdfc49665d147723379de7487ef76cfc968f7faa3191153b32ba1ab466caeeeeef4852381529a168c3acca9a8d5a26dfe0436f6b

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads