77a11bcd468dae1f5e8c31b34927b69ddb35bc87cc83381f2ce2c97acecb22c7

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
04/10/2024, 01:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1136b4a0555ec3e9169a850b00e69b60_JaffaCakes118.exe
Size

240KB
MD5

1136b4a0555ec3e9169a850b00e69b60
SHA1

8b0a7b89adffff4e95e3f1e5797a28d9b29bbcf1
SHA256

77a11bcd468dae1f5e8c31b34927b69ddb35bc87cc83381f2ce2c97acecb22c7
SHA512

251164d0c2332bb3ad780cc90a435f2b3892b0a1871a3cce085bf27838f495b04de1cf17ab28b05b957270410a73b70e31197d22a1baa2f4065d6e1ca59d882b
SSDEEP

6144:h1OgDPdkBAFZWjadD4s5Z/IyiBWDpyjfLlSUDCP0l:h1OgLdaOStWDULDFl

Score

7^/10

adware discovery stealer

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2524	5076e7c9b22d1.exe

Loads dropped DLL 4 IoCs

pid	Process
1728	1136b4a0555ec3e9169a850b00e69b60_JaffaCakes118.exe
2524	5076e7c9b22d1.exe
2524	5076e7c9b22d1.exe
2524	5076e7c9b22d1.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Installs/modifies Browser Helper Object 2 TTPs 4 IoCs

BHOs are DLL modules which act as plugins for Internet Explorer.

stealer adware

Modify Registry

T1112

Browser Extensions

T1176

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{1A49215F-6C7F-BD98-E4D8-072C99DC6839}	5076e7c9b22d1.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{1A49215F-6C7F-BD98-E4D8-072C99DC6839}\ = "wxDownload"	5076e7c9b22d1.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{1A49215F-6C7F-BD98-E4D8-072C99DC6839}\NoExplorer = "1"	5076e7c9b22d1.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{1A49215F-6C7F-BD98-E4D8-072C99DC6839}	5076e7c9b22d1.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1136b4a0555ec3e9169a850b00e69b60_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	5076e7c9b22d1.exe

NSIS installer 4 IoCs

installer

resource	yara_rule
behavioral1/files/0x0006000000018741-13.dat	nsis_installer_1
behavioral1/files/0x0006000000018741-13.dat	nsis_installer_2
behavioral1/files/0x0005000000019d5c-49.dat	nsis_installer_1
behavioral1/files/0x0005000000019d5c-49.dat	nsis_installer_2

Modifies registry class 63 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\5076e7c9b230a.ocx.5076e7c9b230a.ocx\CLSID\ = "{1A49215F-6C7F-BD98-E4D8-072C99DC6839}"	5076e7c9b22d1.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1A49215F-6C7F-BD98-E4D8-072C99DC6839}\VersionIndependentProgID\ = "5076e7c9b230a.ocx"	5076e7c9b22d1.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1A49215F-6C7F-BD98-E4D8-072C99DC6839}\InprocServer32\ThreadingModel = "Apartment"	5076e7c9b22d1.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\FLAGS\ = "0"	5076e7c9b22d1.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ProxyStubClsid32	5076e7c9b22d1.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}	5076e7c9b22d1.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib\ = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}"	5076e7c9b22d1.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\5076e7c9b230a.ocx.5076e7c9b230a.ocx.4	5076e7c9b22d1.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\5076e7c9b230a.ocx.5076e7c9b230a.ocx.4\CLSID\ = "{1A49215F-6C7F-BD98-E4D8-072C99DC6839}"	5076e7c9b22d1.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\5076e7c9b230a.ocx.5076e7c9b230a.ocx\CLSID	5076e7c9b22d1.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1A49215F-6C7F-BD98-E4D8-072C99DC6839}	5076e7c9b22d1.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1A49215F-6C7F-BD98-E4D8-072C99DC6839}\VersionIndependentProgID	5076e7c9b22d1.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	5076e7c9b22d1.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib\Version = "1.0"	5076e7c9b22d1.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\5076e7c9b230a.ocx.5076e7c9b230a.ocx.4\ = "wxDownload"	5076e7c9b22d1.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1A49215F-6C7F-BD98-E4D8-072C99DC6839}\InprocServer32\ = "C:\\ProgramData\\wxDownload\\5076e7c9b230a.ocx"	5076e7c9b22d1.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib	5076e7c9b22d1.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\5076e7c9b230a.ocx.5076e7c9b230a.ocx\CurVer\ = "5076e7c9b230a.ocx.4"	5076e7c9b22d1.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1A49215F-6C7F-BD98-E4D8-072C99DC6839}\InprocServer32	5076e7c9b22d1.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ = "IIEPluginBHO"	5076e7c9b22d1.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib\ = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}"	5076e7c9b22d1.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1A49215F-6C7F-BD98-E4D8-072C99DC6839}\Programmable	5076e7c9b22d1.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\FLAGS	5076e7c9b22d1.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ProxyStubClsid32	5076e7c9b22d1.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1A49215F-6C7F-BD98-E4D8-072C99DC6839}\Programmable	5076e7c9b22d1.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\ = "IEPluginLib"	5076e7c9b22d1.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1A49215F-6C7F-BD98-E4D8-072C99DC6839}\InprocServer32	5076e7c9b22d1.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib	5076e7c9b22d1.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib\Version = "1.0"	5076e7c9b22d1.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ProxyStubClsid32	5076e7c9b22d1.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib	5076e7c9b22d1.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib\Version = "1.0"	5076e7c9b22d1.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1A49215F-6C7F-BD98-E4D8-072C99DC6839}\VersionIndependentProgID	5076e7c9b22d1.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\0\win32\ = "C:\\ProgramData\\wxDownload\\5076e7c9b230a.ocx"	5076e7c9b22d1.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	5076e7c9b22d1.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}	5076e7c9b22d1.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ProxyStubClsid32	5076e7c9b22d1.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib\ = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}"	5076e7c9b22d1.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1A49215F-6C7F-BD98-E4D8-072C99DC6839}\ = "wxDownload Class"	5076e7c9b22d1.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1A49215F-6C7F-BD98-E4D8-072C99DC6839}\ProgID	5076e7c9b22d1.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	5076e7c9b22d1.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\5076e7c9b230a.ocx.5076e7c9b230a.ocx\CurVer	5076e7c9b22d1.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1A49215F-6C7F-BD98-E4D8-072C99DC6839}\ProgID	5076e7c9b22d1.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\0	5076e7c9b22d1.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib	5076e7c9b22d1.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ = "IIEPluginStorage"	5076e7c9b22d1.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1A49215F-6C7F-BD98-E4D8-072C99DC6839}\ProgID\ = "5076e7c9b230a.ocx.4"	5076e7c9b22d1.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}	5076e7c9b22d1.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\HELPDIR\ = "C:\\ProgramData\\wxDownload"	5076e7c9b22d1.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib\ = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}"	5076e7c9b22d1.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}	5076e7c9b22d1.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\5076e7c9b230a.ocx.5076e7c9b230a.ocx.4\CLSID	5076e7c9b22d1.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ = "IIEPluginBHO"	5076e7c9b22d1.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\5076e7c9b230a.ocx.5076e7c9b230a.ocx	5076e7c9b22d1.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\0\win32	5076e7c9b22d1.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\HELPDIR	5076e7c9b22d1.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\5076e7c9b230a.ocx.5076e7c9b230a.ocx\ = "wxDownload"	5076e7c9b22d1.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib\Version = "1.0"	5076e7c9b22d1.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ = "IIEPluginStorage"	5076e7c9b22d1.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1A49215F-6C7F-BD98-E4D8-072C99DC6839}	5076e7c9b22d1.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0	5076e7c9b22d1.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	5076e7c9b22d1.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}	5076e7c9b22d1.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1728 wrote to memory of 2524	1728	1136b4a0555ec3e9169a850b00e69b60_JaffaCakes118.exe	30
PID 1728 wrote to memory of 2524	1728	1136b4a0555ec3e9169a850b00e69b60_JaffaCakes118.exe	30
PID 1728 wrote to memory of 2524	1728	1136b4a0555ec3e9169a850b00e69b60_JaffaCakes118.exe	30
PID 1728 wrote to memory of 2524	1728	1136b4a0555ec3e9169a850b00e69b60_JaffaCakes118.exe	30
PID 1728 wrote to memory of 2524	1728	1136b4a0555ec3e9169a850b00e69b60_JaffaCakes118.exe	30
PID 1728 wrote to memory of 2524	1728	1136b4a0555ec3e9169a850b00e69b60_JaffaCakes118.exe	30
PID 1728 wrote to memory of 2524	1728	1136b4a0555ec3e9169a850b00e69b60_JaffaCakes118.exe	30

System policy modification 1 TTPs 2 IoCs

evasion

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID	5076e7c9b22d1.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{1A49215F-6C7F-BD98-E4D8-072C99DC6839} = "1"	5076e7c9b22d1.exe

C:\Users\Admin\AppData\Local\Temp\1136b4a0555ec3e9169a850b00e69b60_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\1136b4a0555ec3e9169a850b00e69b60_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:1728
- C:\Users\Admin\AppData\Local\Temp\7zSB625.tmp\5076e7c9b22d1.exe
  .\5076e7c9b22d1.exe /s
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Installs/modifies Browser Helper Object
  - System Location Discovery: System Language Discovery
  - Modifies registry class
  - System policy modification
  PID:2524

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Browser Extensions

T1176

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\wxDownload\uninstall.exe

Filesize
48KB

MD5
602aa39f9ab3b6685bee71c67dc485c5

SHA1
69cd0d6f9ce55a5e5d3d3559d31422303dc6def1

SHA256
d8fb9c21b350a06449c7e6934a3c2d971d20851ce73938bbc5f79349f970721c

SHA512
3bb5a0bf89da8993ae2801b41f7644ec39fc418ac0553bc67ed4f36ad413f3c2237ff9bcdd4a1ca64ad546b30e6445d3f6f1fa3af0f34faf1841da306e81ea94

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSB625.tmp\5076e7c9b22d1.exe

Filesize
65KB

MD5
6fce522ef2543f1cd8812f45c8718ba6

SHA1
270c89c05963c0f24f976f6b75aa4d12ade4c837

SHA256
d75c34545066eb787ed671c6d4ce4f4c6267637518ca683dfefb79f95f14226b

SHA512
a0a486b95aeb9c059f23e639e16abdbfe94b041f33309b44e95743bf5a82f92d3c444c025b6c36a0dc296add3c2bc4f6affcf130014f16968be0afa8e0007880

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSB625.tmp\5076e7c9b230a.ocx

Filesize
126KB

MD5
d637295a8426c7c4a8e9ef3e584839a2

SHA1
55b64f53328498d22d269de2e65be2feeba7da00

SHA256
5cbd7f4b8f991ccab51cfc1fd0a5437013c5196f3c636632d691103aa3708adb

SHA512
f60f908b9f0efd4762255c9c71559bbd554714170262dd556353ddda55789d21cc3a8ade239cdf51da38dfa4e92714749c217095bccac19590ef8347ca501c8c

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSB625.tmp\5076e7c9b2343.html

Filesize
4KB

MD5
ef028c393e5cb754453a155a5704add3

SHA1
2000add39277c4dbd116f66a9cec0ee4312daa45

SHA256
5c173aabee353d74fe2cef6618288c074eb3a2d31eaa9874db9695bda478224b

SHA512
3c1beb85a67cd22fa37b38c686f9607d68bbcd65481ed9c290d20482b70da5b8e98a0a88d0cb78ede95b7b0831914d64b25f52cdc6c0cb08a54f7305db388f5f

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSB625.tmp\5076e7c9b237c.js

Filesize
9B

MD5
99fa5d714d971a49b67de27e0d8871be

SHA1
d0621e846ea60fa8d0b2c8e622e495af49cd7359

SHA256
f560d76474380da948a0c5ab8682dc026822d9685268c592f315224b1b968bf6

SHA512
2fec19e4f2a974227922a7e057890141523ae73fbfa127f9e8cd00dff71b29abb93cb865c6d74ecf3df8bca440c558d4fbf2f80e82cc9636320ab5edb95ebad5

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSB625.tmp\settings.ini

Filesize
753B

MD5
4932873b69256cf55ffd0cdf4384a644

SHA1
9ce05e7d7a55a88cd9ee0538c0ee26735a21ccb4

SHA256
0e32e36c011163e5921d44e440829caed18953b7f884068522527891ee5f26d4

SHA512
a38a82ee98a29076305f6e51f78f66580ec9f2515eaf2af2177f1034aed28249b8a02ff5e11b7632f6123b63780e43d32a08c932617e17baaf470c8282afa4aa

Download Submit
\Users\Admin\AppData\Local\Temp\nstB684.tmp\UserInfo.dll

Filesize
4KB

MD5
7579ade7ae1747a31960a228ce02e666

SHA1
8ec8571a296737e819dcf86353a43fcf8ec63351

SHA256
564c80dec62d76c53497c40094db360ff8a36e0dc1bda8383d0f9583138997f5

SHA512
a88bc56e938374c333b0e33cb72951635b5d5a98b9cb2d6785073cbcad23bf4c0f9f69d3b7e87b46c76eb03ced9bb786844ce87656a9e3df4ca24acf43d7a05b

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads