Overview

overview

7

Static

static

3

03623e2a9b...18.exe

windows7-x64

7

03623e2a9b...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    85s
  • max time network
    94s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240419-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27/04/2024, 13:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    03623e2a9b8389078df3960a8002e937_JaffaCakes118.exe

  • Size

    389KB

  • MD5

    03623e2a9b8389078df3960a8002e937

  • SHA1

    17ae5b3796a8fa39b887aea99c94bdb52fbdb081

  • SHA256

    137e8a1b62cadf4475e77b7fe4d3c2827afa6f54a1df2016e8168f787602cfe2

  • SHA512

    a99f0d4407fb85775f9175d50345e107b46310388ee51191d63efac9387e10736d9ec5e9becb9bc95160b5390f20e180e0dfdac23d9fde40e8cee6aedf02f5c6

  • SSDEEP

    6144:G+fadogFuO9ik96bDMe2mqVzNudSNbzag1HqxWJkD7vL373adHzsKIZTmbnN2KoK:GfdrX96P499hBWeKxX7r2BE4bYKohr8

Score
7/10

Malware Config

Signatures

  • ACProtect 1.3x - 1.4x DLL software 1 IoCs

    Detects file using ACProtect software.

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 22 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 5 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\03623e2a9b8389078df3960a8002e937_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\03623e2a9b8389078df3960a8002e937_JaffaCakes118.exe"
    1⤵
    • Checks computer location settings
    • Loads dropped DLL
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1656
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://qqgame.qq.com
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3680
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3680 CREDAT:17410 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2200

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\sfi35B6.tmp
    Filesize

    172KB

    MD5

    685f1cbd4af30a1d0c25f252d399a666

    SHA1

    6a1b978f5e6150b88c8634146f1406ed97d2f134

    SHA256

    0e478c95a7a07570a69e6061e7c1da9001bccad9cc454f2ed4da58824a13e0f4

    SHA512

    6555ad6b4f4f26105ca8aad64501d74519a3e091f559b4b563d6ffb20a2ddfcde65e4fe94971a9bc65e86db577f2548ca00f9920d341c8ea808b04c0947d61d9

    Download Submit

  • memory/1656-0-0x0000000000400000-0x0000000000439000-memory.dmp

    Filesize

    228KB

    Download

  • memory/1656-7-0x0000000002190000-0x0000000002203000-memory.dmp

    Filesize

    460KB

    Download

  • memory/1656-8-0x0000000002190000-0x0000000002203000-memory.dmp

    Filesize

    460KB

    Download

  • memory/1656-10-0x0000000000400000-0x0000000000439000-memory.dmp

    Filesize

    228KB

    Download

  • memory/1656-11-0x0000000002190000-0x0000000002203000-memory.dmp

    Filesize

    460KB

    Download