Overview

overview

7

Static

static

7

e75925bd0b...18.exe

windows7-x64

7

e75925bd0b...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08/04/2024, 11:25

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    e75925bd0b5a71eefc710c994d1c5840_JaffaCakes118.exe

  • Size

    51KB

  • MD5

    e75925bd0b5a71eefc710c994d1c5840

  • SHA1

    7d5aeaf365c03d4b593f81b875c48d8f96a35199

  • SHA256

    abb4ff92e64a7e5af45ad8fb321b15151ca7c8bc994227d7080338ad5e002b39

  • SHA512

    f064fd0fc4130b21bf5dc4587d0ea3ccf586203b5e52458ae24261534c3ba8f4df4d289c53e2886efb92d4093af1d5289d24f1f0522168ebb1db0f3734535890

  • SSDEEP

    1536:xPcVo6r7S/rabo+trbmWdzPl29OBee06QFnouy8y6zMnO:i7cWboarbzKOBj0Zdoutv

Score
7/10
spywarestealerupx

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 2 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops desktop.ini file(s) 2 IoCs
  • Drops file in System32 directory 7 IoCs
  • Drops file in Program Files directory 59 IoCs
  • Drops file in Windows directory 64 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies registry class 1 IoCs
  • Suspicious behavior: AddClipboardFormatListener 2 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e75925bd0b5a71eefc710c994d1c5840_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\e75925bd0b5a71eefc710c994d1c5840_JaffaCakes118.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:1324
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\449A.tmp\open_file.bat" "
      2⤵
      • Checks computer location settings
      • Drops desktop.ini file(s)
      • Drops file in System32 directory
      • Drops file in Program Files directory
      • Drops file in Windows directory
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:924
      • C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
        "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\anchetaIncalzire.doc" /o ""
        3⤵
        • Checks processor information in registry
        • Enumerates system info in registry
        • Suspicious behavior: AddClipboardFormatListener
        • Suspicious use of SetWindowsHookEx
        PID:2556

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\449A.tmp\open_file.bat
          Filesize

          1KB

          MD5

          d9e5cef23580f946e6fe5ee5b94ef9dc

          SHA1

          9257eb4d327e877d27a49753e8d31b5c92fade5f

          SHA256

          36c86e8058fc3cb38b154b13cc58e6f31d951a14ed76ec9b1be3bee576dbeaca

          SHA512

          d824b3cf9ced89379105b5494f2eed8de13aae6c48a66eecc7dd8fe5000ef3ce1b93804f0e187b4c33f5b8a1615623481b7199596911dc54e6e94d735fc52654

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\anchetaIncalzire.doc
          Filesize

          321KB

          MD5

          18f33ed8dc03c8729099e213669cc903

          SHA1

          9b8dfe72e5a6d4e27ec46d6a018bbeedb76c86ab

          SHA256

          ce25177ed0e2cd9f8f4faa450004df2a3120a86d549d0c5fad7eee287abcda6e

          SHA512

          d78a5ba6ccfda70a846e3111871e418daea42fe01746d751bd8dd8c686cfe50782b96ed627d56d3341bbef1145ea62831a468ca8d68c6fec86844157090ea394

          Download Submit

        • memory/1324-0-0x0000000000400000-0x0000000000465000-memory.dmp

          Filesize

          404KB

          Download

        • memory/1324-81-0x0000000000400000-0x0000000000465000-memory.dmp

          Filesize

          404KB

          Download

        • memory/1324-38-0x0000000000400000-0x0000000000465000-memory.dmp

          Filesize

          404KB

          Download

        • memory/2556-23-0x00007FFD896F0000-0x00007FFD89700000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2556-26-0x00007FFDCB890000-0x00007FFDCBA85000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/2556-12-0x00007FFD8B910000-0x00007FFD8B920000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2556-15-0x00007FFD8B910000-0x00007FFD8B920000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2556-14-0x00007FFD8B910000-0x00007FFD8B920000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2556-16-0x00007FFDCB890000-0x00007FFDCBA85000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/2556-17-0x00007FFDCB890000-0x00007FFDCBA85000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/2556-18-0x00007FFDCB890000-0x00007FFDCBA85000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/2556-20-0x00007FFDCB890000-0x00007FFDCBA85000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/2556-19-0x00007FFD896F0000-0x00007FFD89700000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2556-21-0x00007FFDCB890000-0x00007FFDCBA85000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/2556-11-0x00007FFD8B910000-0x00007FFD8B920000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2556-22-0x00007FFDCB890000-0x00007FFDCBA85000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/2556-24-0x00007FFDCB890000-0x00007FFDCBA85000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/2556-25-0x00007FFDCB890000-0x00007FFDCBA85000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/2556-13-0x00007FFDCB890000-0x00007FFDCBA85000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/2556-28-0x00007FFDCB890000-0x00007FFDCBA85000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/2556-29-0x00007FFDCB890000-0x00007FFDCBA85000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/2556-10-0x00007FFDCB890000-0x00007FFDCBA85000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/2556-45-0x00007FFDCB890000-0x00007FFDCBA85000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/2556-46-0x00007FFDCB890000-0x00007FFDCBA85000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/2556-47-0x00007FFDCB890000-0x00007FFDCBA85000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/2556-75-0x00007FFD8B910000-0x00007FFD8B920000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2556-76-0x00007FFD8B910000-0x00007FFD8B920000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2556-77-0x00007FFD8B910000-0x00007FFD8B920000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2556-78-0x00007FFD8B910000-0x00007FFD8B920000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2556-80-0x00007FFDCB890000-0x00007FFDCBA85000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/2556-79-0x00007FFDCB890000-0x00007FFDCBA85000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/2556-9-0x00007FFD8B910000-0x00007FFD8B920000-memory.dmp

          Filesize

          64KB

          Download