Overview

overview

7

Static

static

7

feb5902be9...18.exe

windows7-x64

7

feb5902be9...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240412-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21-04-2024 06:58

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    feb5902be9ad996e9eb74a23e13ad97b_JaffaCakes118.exe

  • Size

    29KB

  • MD5

    feb5902be9ad996e9eb74a23e13ad97b

  • SHA1

    3fbf6e70865206390fd20c60a627384ab1a582b1

  • SHA256

    c51e7a1b519dc82267d31ce397a45bb5ca76cfff0c6c8ea5a75149cc84209e77

  • SHA512

    b06d6b1cbd59016973b70d393bace5f592c64beeeaba4a9a0b0dc197ceb260ee7d53dfa5dab65043c9d903b88f57b9eee506c4b27acf5c026695752d3445591d

  • SSDEEP

    384:z2INS2vraohrKbSC05Hk/HNWdqLcIrPxctRe8l9dMNV/ubgpY5RAtAD+nVp72SyQ:HTYSVHSNWgLGtbcIbgpYLQJnSSs9z

Score
7/10
upx

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 44 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\feb5902be9ad996e9eb74a23e13ad97b_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\feb5902be9ad996e9eb74a23e13ad97b_JaffaCakes118.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:3140
    • C:\Windows\SysWOW64\wscript.exe
      "C:\Windows\system32\wscript.exe" //B "C:\Users\Admin\AppData\Local\Temp\OGkaFYVQtC.js" "C:\Users\Admin\AppData\Local\Temp\feb5902be9ad996e9eb74a23e13ad97b_JaffaCakes118.exe"
      2⤵
        PID:4652
    • C:\Program Files (x86)\Internet Explorer\ielowutil.exe
      "C:\Program Files (x86)\Internet Explorer\ielowutil.exe" -CLSID:{0002DF01-0000-0000-C000-000000000046} -Embedding
      1⤵
        PID:3252
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
        1⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:5064
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5064 CREDAT:17410 /prefetch:2
          2⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:4260
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5064 CREDAT:17414 /prefetch:2
          2⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2000

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\3QXWJL5S\adult.oo[1].xml
        Filesize

        13B

        MD5

        c1ddea3ef6bbef3e7060a1a9ad89e4c5

        SHA1

        35e3224fcbd3e1af306f2b6a2c6bbea9b0867966

        SHA256

        b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db

        SHA512

        6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

        Download Submit

      • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\UM8YFV59\favicon[1].htm
        Filesize

        291B

        MD5

        b73189024a094989653a1002fb6a790b

        SHA1

        0c44f096cd1fec253c1fe2fcfcd3c58fe05c402d

        SHA256

        014c471c07b2bc1b90cf5b46eb8eb60abe3ac278e43cd8fcc7c4e6c8950c592d

        SHA512

        1bca726835d33847812060c968e5306535f513429de5c90d66942155fd42ff75508dba97da8ca36c6d6e6a8df5a2602fe3be047bb5612ad4e367c6c00e1e50a3

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\OGkaFYVQtC.js
        Filesize

        8KB

        MD5

        eb3bcee780153421578a57c8bcebea2a

        SHA1

        73bf49285833a1511c6798050e5e666e8009492a

        SHA256

        3404e1c05ad761ebe2fba552650bbe49d0dc565e25abac7b333aa9405997f1e2

        SHA512

        acb3dbd472c921932c28b48316d7daf2f616c3a5ce3c0109725485b5e467a45a8260bd8044f317f47cae56f48ca51253f45ad491c242e40e15a338cfef55ce77

        Download Submit

      • memory/3140-0-0x0000000000010000-0x0000000000029000-memory.dmp

        Filesize

        100KB

        Download

      • memory/3140-3-0x0000000000010000-0x0000000000029000-memory.dmp

        Filesize

        100KB

        Download

      • memory/3140-4-0x0000000000010000-0x0000000000029000-memory.dmp

        Filesize

        100KB

        Download