e084e01b9bafb6dd48dc0a0375e43b6eda18e45784ad2dc18a554a34b6bca63d

Analysis

max time kernel
13s
max time network
19s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
08/10/2024, 23:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

26fc489f9e882f3725bf9954181b243f_JaffaCakes118.exe
Size

313KB
MD5

26fc489f9e882f3725bf9954181b243f
SHA1

2061a1d17176c972a744f392b23f7106b9901ea1
SHA256

e084e01b9bafb6dd48dc0a0375e43b6eda18e45784ad2dc18a554a34b6bca63d
SHA512

cccbed865f64b9f278e80123c67b39973d0dd103987fd2764cab2a6a2e0282c3c86f2d063e937307c9d6355a2e9263c3273677fea0fc147d10988ede29b923fc
SSDEEP

6144:91OgDPdkBAFZWjadD4sxAGuzKTVwk4Ayv4+7W391OG:91OgLdaz0VwkZF+7Y3

Score

7^/10

adware discovery spyware stealer

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2796	setup.exe

Loads dropped DLL 6 IoCs

pid	Process
1288	26fc489f9e882f3725bf9954181b243f_JaffaCakes118.exe
2796	setup.exe
2796	setup.exe
2796	setup.exe
2796	setup.exe
2796	setup.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Installs/modifies Browser Helper Object 2 TTPs 4 IoCs

BHOs are DLL modules which act as plugins for Internet Explorer.

stealer adware

Modify Registry

T1112

Browser Extensions

T1176

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{364D4CC6-DA76-ABB8-84CC-A5B9E1F4988B}	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{364D4CC6-DA76-ABB8-84CC-A5B9E1F4988B}\ = "ADDICT-THING"	setup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{364D4CC6-DA76-ABB8-84CC-A5B9E1F4988B}\NoExplorer = "1"	setup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{364D4CC6-DA76-ABB8-84CC-A5B9E1F4988B}	setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	26fc489f9e882f3725bf9954181b243f_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe

NSIS installer 4 IoCs

installer

resource	yara_rule
behavioral1/files/0x0005000000018ffa-30.dat	nsis_installer_1
behavioral1/files/0x0005000000018ffa-30.dat	nsis_installer_2
behavioral1/files/0x000f000000018afc-99.dat	nsis_installer_1
behavioral1/files/0x000f000000018afc-99.dat	nsis_installer_2

Modifies registry class 63 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\TypeLib\ = "{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\TypeLib\ = "{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\ = "ILocalStorage"	setup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{364D4CC6-DA76-ABB8-84CC-A5B9E1F4988B}\InprocServer32	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{364D4CC6-DA76-ABB8-84CC-A5B9E1F4988B}\InprocServer32\ThreadingModel = "Apartment"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\TypeLib\Version = "1.0"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\TypeLib\Version = "1.0"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho.1.0\CLSID\ = "{364D4CC6-DA76-ABB8-84CC-A5B9E1F4988B}"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{364D4CC6-DA76-ABB8-84CC-A5B9E1F4988B}\Programmable	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0\FLAGS	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0\HELPDIR\ = "C:\\ProgramData\\ADDICT-THING"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\TypeLib\Version = "1.0"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{364D4CC6-DA76-ABB8-84CC-A5B9E1F4988B}	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\TypeLib	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho\ = "ADDICT-THING"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{364D4CC6-DA76-ABB8-84CC-A5B9E1F4988B}\InprocServer32\ = "C:\\ProgramData\\ADDICT-THING\\bhoclass.dll"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{364D4CC6-DA76-ABB8-84CC-A5B9E1F4988B}\VersionIndependentProgID	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\ = "ILocalStorage"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\TypeLib\ = "{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho.1.0\CLSID	setup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{364D4CC6-DA76-ABB8-84CC-A5B9E1F4988B}\ProgID	setup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{364D4CC6-DA76-ABB8-84CC-A5B9E1F4988B}\VersionIndependentProgID	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0\ = "Injector 1.0 Type Library"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0\FLAGS\ = "0"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0\HELPDIR	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{364D4CC6-DA76-ABB8-84CC-A5B9E1F4988B}\ProgID\ = "bhoclass.bho.1.0"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{364D4CC6-DA76-ABB8-84CC-A5B9E1F4988B}\InprocServer32	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\ProxyStubClsid32	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\ = "IInjectorBHO"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\TypeLib	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho\CLSID	setup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{364D4CC6-DA76-ABB8-84CC-A5B9E1F4988B}\Programmable	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho\CurVer	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho\CLSID\ = "{364D4CC6-DA76-ABB8-84CC-A5B9E1F4988B}"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\TypeLib	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho.1.0\ = "ADDICT-THING"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\ProxyStubClsid32	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0\0\win32	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{364D4CC6-DA76-ABB8-84CC-A5B9E1F4988B}\VersionIndependentProgID\ = "bhoclass.bho"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0\0	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\TypeLib\Version = "1.0"	setup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{364D4CC6-DA76-ABB8-84CC-A5B9E1F4988B}	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\ProxyStubClsid32	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho.1.0	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\ = "IInjectorBHO"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{364D4CC6-DA76-ABB8-84CC-A5B9E1F4988B}\ = "ADDICT-THING Class"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{364D4CC6-DA76-ABB8-84CC-A5B9E1F4988B}\ProgID	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0\0\win32\ = "C:\\ProgramData\\ADDICT-THING\\bhoclass.dll"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\TypeLib\ = "{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\TypeLib	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\ProxyStubClsid32	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho\CurVer\ = "bhoclass.bho.1.0"	setup.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1288 wrote to memory of 2796	1288	26fc489f9e882f3725bf9954181b243f_JaffaCakes118.exe	29
PID 1288 wrote to memory of 2796	1288	26fc489f9e882f3725bf9954181b243f_JaffaCakes118.exe	29
PID 1288 wrote to memory of 2796	1288	26fc489f9e882f3725bf9954181b243f_JaffaCakes118.exe	29
PID 1288 wrote to memory of 2796	1288	26fc489f9e882f3725bf9954181b243f_JaffaCakes118.exe	29
PID 1288 wrote to memory of 2796	1288	26fc489f9e882f3725bf9954181b243f_JaffaCakes118.exe	29
PID 1288 wrote to memory of 2796	1288	26fc489f9e882f3725bf9954181b243f_JaffaCakes118.exe	29
PID 1288 wrote to memory of 2796	1288	26fc489f9e882f3725bf9954181b243f_JaffaCakes118.exe	29

System policy modification 1 TTPs 2 IoCs

evasion

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{364D4CC6-DA76-ABB8-84CC-A5B9E1F4988B} = "1"	setup.exe

C:\Users\Admin\AppData\Local\Temp\26fc489f9e882f3725bf9954181b243f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\26fc489f9e882f3725bf9954181b243f_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:1288
- C:\Users\Admin\AppData\Local\Temp\7zSA3E.tmp\setup.exe
  .\setup.exe /s
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Installs/modifies Browser Helper Object
  - System Location Discovery: System Language Discovery
  - Modifies registry class
  - System policy modification
  PID:2796

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Browser Extensions

T1176

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\ADDICT-THING\uninstall.exe

Filesize
46KB

MD5
2628f4240552cc3b2ba04ee51078ae0c

SHA1
5b0cca662149240d1fd4354beac1338e97e334ea

SHA256
03c965d0bd9827a978ef4080139533573aa800c9803599c0ce91da48506ad8f6

SHA512
6ecfcc97126373e82f1edab47020979d7706fc2be39ca792e8f30595133cd762cd4a65a246bee9180713e40e61efa373ecfb5eb72501ee18b38f13e32e61793b

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSA3E.tmp\[email protected]\chrome.manifest

Filesize
114B

MD5
dbb45569e0a34666615c5e25db53b41a

SHA1
3a7f283f88b70055b3411059a54507ed39a1bc70

SHA256
3cca2cdc99b69f8d6c1f9ad49f5dc4df2774d2ff8eae8589565f200a661fef5d

SHA512
e7ac0c71582e1e0b2f7e9c1edad2baaf9f24957540890f2423c750246402207581c11afc53bf834dc6f0134c26daa9c8bff4d707f883aa7e9d54046106990123

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSA3E.tmp\[email protected]\content\indexeddb.js

Filesize
1KB

MD5
e15db4205cad8a8b4228af3e93db51de

SHA1
ba7c62e6d03deb2a19b53d67e92bc25980cdce24

SHA256
32c4e468faee804de47c6425f218e5a5b13e737bbc3e64c450519126eaf4df4c

SHA512
3ae08ff83bd1ee9637fa201d71b14d780b9bb1425fd56e475c347d15ec20ce35db3e6bd8c6467e5d10377030c3b5234bb0aa9a9177f81c53bc80e38d695c5782

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSA3E.tmp\[email protected]\content\jquery.js

Filesize
91KB

MD5
4bab8348a52d17428f684ad1ec3a427e

SHA1
56c912a8c8561070aee7b9808c5f3b2abec40063

SHA256
3739b485ac39b157caa066b883e4d9d3f74c50beff0b86cd8a24ce407b179a23

SHA512
a693069c66d8316d73a3c01ed9e6a4553c9b92d98b294f0e170cc9f9f5502c814255f5f92b93aeb07e0d6fe4613f9a1d511e1bfd965634f04e6cf18f191a7480

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSA3E.tmp\[email protected]\content\jsext.js

Filesize
6KB

MD5
edaa5d85784eaefafffe89d91fe87d11

SHA1
a99343c0fe4d448b4ae36eb21e97376bfe5c1f62

SHA256
b80262e8d8d0a3764ef1103199b887e492b48626902c1dd745ce3046228bf30d

SHA512
a14c7a5785de3d3ae32ceea2431df5286c737bbaaa44c7f341ee313e4ab3affdd96797b2ffb3440213a65b88d9fbe1aad99b0575c5d85a0bee0ad4f77918dac7

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSA3E.tmp\[email protected]\content\lsdb.js

Filesize
1KB

MD5
395b18c1319d6b543f584cd8648d1f70

SHA1
f4c1e909ba4ff8fe9f46af2e1d7ab6607d2eb44e

SHA256
dbd51d11e7459fc4c2c0b6a722d745b9a6f27819f69292c0748d48a3e57a606f

SHA512
25ba105ee332e21cdacc2523ad40e0bb3be60fbdddb3bb32597f5ec32db8da3482d462e31336ab003011a62124a0577bcb45bf38a319c75e349eb0ab9e4dcc70

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSA3E.tmp\[email protected]\content\prfdb.js

Filesize
1KB

MD5
1c08bcfd716d8eaf5a7f4236fed1c82c

SHA1
3f6a24516901c95aca0ad3112751590660e52f8a

SHA256
be8467a1c3d9a9e71a393c73de8b71c80fc8ef100559c6ffbf97d11d0a28f098

SHA512
4b933a27e51022435a63c267a12bb33726c94b8009fcc63a6e4202d5a4a506e126037e3cdc562643f2c914b354cee69c7bc9556f9e2a4a398130ab82b514d732

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSA3E.tmp\[email protected]\content\sqlite.js

Filesize
1KB

MD5
60d385a34903449e912b6df5e44587f5

SHA1
02a12f2e65dd07a295cc2c3e69553c4331ff7e5d

SHA256
bb963a915cbc6178d7d3fd1718d79a06f6bb9612616963907b4c3e93d11bb7e5

SHA512
12d935479b12f8d90ec2c4e15417c464c78ec8d1cf1acc0032d24eba61a83310bb04561684285df010e6d6eca08b7c0c5a11fd575b8def67b4f56960224ce33c

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSA3E.tmp\[email protected]\content\wx.xul

Filesize
228B

MD5
b5600c53354a9dde3767fe5f7b663ac0

SHA1
948c841ca9f1fa1a50210e9caee186c721373e83

SHA256
60095139617bf10b0a8b6e80f4b844dbe1ed64c87f957cfae2f4464388282e9a

SHA512
1d2cae2a79b4b7019054d5b2442c6385dd4403f4ac58781fb926fcc4d57761d972d3677f31183732efcc2881b78398dbf0946fecf1738252fa9533c97318013c

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSA3E.tmp\[email protected]\install.rdf

Filesize
677B

MD5
a084525d2a351aee7b0bd6da0bd6324c

SHA1
65eab6ff34cb5b1ef998080549156a49cd09cb6c

SHA256
1d5e156c765dbed6b322a490b6eed1dec16a8ef64cc409e48d49b5b47bef03d4

SHA512
3e224cce181a90fa12ac05994fac0516fe7b951e291568ade352f2434a01da681f4442ba822cc7cc334a36410756041219e25bdf6a26cbc0c37c636ee6419634

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSA3E.tmp\background.html

Filesize
4KB

MD5
be6132b2102e6a6efcf3ace0e4f3e63e

SHA1
a83a6373164d71e4d18e911f17be9249650d8972

SHA256
de086eae27ecacb64887ade2f7862ef796091cd1587fc55c3519b56661919fbc

SHA512
efab3b9734c7ec25e16523275654eab17eb6593bfc729141764a20493e056c8d824ee88b9d390370c80f25165c63215fca530f32300b27ade8c68f9b59e8887f

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSA3E.tmp\bhoclass.dll

Filesize
137KB

MD5
ac13c733379328f86568f6e514c2f7f8

SHA1
338901240fedcef4e3892fd4c723c89154f4de05

SHA256
7bf09b5c2a9b6348227199c1b3951b57907ca6a5c215a04ad8d5e43232f5b562

SHA512
35f69a82694a2ea4268a3dde7940af6bd1c87a32d93a72723464f90e4e818805be9e80872469d1cc29150a9aac872fc78613a584baa1327dfa8478c2de5672c4

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSA3E.tmp\bnabibgnfcnkfndoipbgeabmpambafcm.crx

Filesize
37KB

MD5
01502dc0383d9bb9078b5903a75836fb

SHA1
86ee6324ab4558982fb7b7e708eaf1f4bab228a4

SHA256
966f5de99937903c2312b887e487280cc6ded6103981fce7196feef76c977f49

SHA512
065f42b91b2a374d2e3115fe660cb1c7049862f77076876e794461c88c516a284d09e25c15707547319c0731db2dba369dc9a81f29e8b8c4d5d79b40a5774392

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSA3E.tmp\content.js

Filesize
388B

MD5
ad75401dc13030acedd406956e73effa

SHA1
c87755958833702c1b84269e77311140c7f6d76c

SHA256
a0e250f59d3e547ae3ebaf0f81af9d99f843681a19e37fb61d2af176d8906799

SHA512
45fc8f2b7d14c11d0dbe2f6df6f72db8ad26bf92098871e9daa323952b2d9865adb7314c61ae2f7fe95200f224fdd504f1abbc1bfae47fc46b57d4c9d7f2bf76

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSA3E.tmp\settings.ini

Filesize
610B

MD5
f8d5699812dcf8db8c43442465a8430d

SHA1
2799ef96417520f522e4ba8456ce7218eddc52ce

SHA256
522db1da3ea806676a036efa9c4cb384b67498738e7bfaa5293d1acabdd97969

SHA512
ec4d7d7e780082b484de2eef316e3368186e3d905579238d308e337d0e481e2a514e4dbf98efb5f4f9b6fe43059a7db7671afe8438a86385f8b306e0250fb8fe

Download Submit
\Users\Admin\AppData\Local\Temp\7zSA3E.tmp\setup.exe

Filesize
61KB

MD5
201d2311011ffdf6c762fd46cdeb52ab

SHA1
65c474ca42a337745e288be0e21f43ceaafd5efe

SHA256
15c0e4fd6091cda70fa308ea5ee956996f6eb23d24e44700bd5c74bf111cf2aa

SHA512
235d70114f391d9e7a319d94bdfc49665d147723379de7487ef76cfc968f7faa3191153b32ba1ab466caeeeeef4852381529a168c3acca9a8d5a26dfe0436f6b

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads