Overview

overview

7

Static

static

3

0455c01a66...18.exe

windows7-x64

7

0455c01a66...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    134s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    28/04/2024, 04:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0455c01a665c97c3eda086033ce883f1_JaffaCakes118.exe

  • Size

    9.8MB

  • MD5

    0455c01a665c97c3eda086033ce883f1

  • SHA1

    f10cf61641897b5368dc6e7b25e20eff45244849

  • SHA256

    7717e734290dd3c62e044998f66afc5bc9bbef025cb2f460837402a13b452970

  • SHA512

    05822f7ab2101d88cff3ddd7541ada6fb9120cf4a47f731d28ddf65e71363bb53a76cf3c9fed19344d91b740ccaa1ffe0d8c1c048d605d4f9391cd766b17f90f

  • SSDEEP

    98304:9wIDQAiikwIDQAiiaYwIDQAiikwIDQAiia:CuQIuQJuQIuQ

Score
7/10
persistencespywarestealer

Malware Config

Signatures

  • Drops startup file 6 IoCs
  • Executes dropped EXE 9 IoCs
  • Loads dropped DLL 18 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Adds Run key to start application 2 TTPs 10 IoCs
    persistence
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 64 IoCs
  • NTFS ADS 10 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 36 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0455c01a665c97c3eda086033ce883f1_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\0455c01a665c97c3eda086033ce883f1_JaffaCakes118.exe"
    1⤵
    • Drops startup file
    • Loads dropped DLL
    • Adds Run key to start application
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • NTFS ADS
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2960
    • C:\Users\Admin\AppData\Local\Temp\348.#.exe
      C:\Users\Admin\AppData\Local\Temp\348.#.exe
      2⤵
      • Drops startup file
      • Executes dropped EXE
      • Loads dropped DLL
      • Adds Run key to start application
      • Drops file in Program Files directory
      • NTFS ADS
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3044
      • C:\Users\Admin\AppData\Local\Temp\513.#.exe
        C:\Users\Admin\AppData\Local\Temp\513.#.exe
        3⤵
        • Drops startup file
        • Executes dropped EXE
        • Loads dropped DLL
        • Adds Run key to start application
        • Drops file in Program Files directory
        • Drops file in Windows directory
        • NTFS ADS
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2116
        • C:\Users\Admin\AppData\Local\Temp\289.#.exe
          C:\Users\Admin\AppData\Local\Temp\289.#.exe
          4⤵
          • Drops startup file
          • Executes dropped EXE
          • Loads dropped DLL
          • Adds Run key to start application
          • Drops file in Program Files directory
          • NTFS ADS
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:2396
          • C:\Users\Admin\AppData\Local\Temp\913.#.exe
            C:\Users\Admin\AppData\Local\Temp\913.#.exe
            5⤵
            • Drops startup file
            • Executes dropped EXE
            • Loads dropped DLL
            • Adds Run key to start application
            • Drops file in Program Files directory
            • Drops file in Windows directory
            • NTFS ADS
            • Suspicious use of SetWindowsHookEx
            • Suspicious use of WriteProcessMemory
            PID:1604
            • C:\Users\Admin\AppData\Local\Temp\912.#.exe
              C:\Users\Admin\AppData\Local\Temp\912.#.exe
              6⤵
              • Executes dropped EXE
              • Loads dropped DLL
              • Adds Run key to start application
              • Drops file in Program Files directory
              • NTFS ADS
              • Suspicious use of SetWindowsHookEx
              • Suspicious use of WriteProcessMemory
              PID:1572
              • C:\Users\Admin\AppData\Local\Temp\741.#.exe
                C:\Users\Admin\AppData\Local\Temp\741.#.exe
                7⤵
                • Drops startup file
                • Executes dropped EXE
                • Loads dropped DLL
                • Adds Run key to start application
                • Drops file in Program Files directory
                • Drops file in Windows directory
                • NTFS ADS
                • Suspicious use of SetWindowsHookEx
                • Suspicious use of WriteProcessMemory
                PID:2284
                • C:\Users\Admin\AppData\Local\Temp\877.#.exe
                  C:\Users\Admin\AppData\Local\Temp\877.#.exe
                  8⤵
                  • Executes dropped EXE
                  • Loads dropped DLL
                  • Adds Run key to start application
                  • Drops file in Program Files directory
                  • NTFS ADS
                  • Suspicious use of SetWindowsHookEx
                  • Suspicious use of WriteProcessMemory
                  PID:2608
                  • C:\Users\Admin\AppData\Local\Temp\596.#.exe
                    C:\Users\Admin\AppData\Local\Temp\596.#.exe
                    9⤵
                    • Executes dropped EXE
                    • Loads dropped DLL
                    • Adds Run key to start application
                    • Drops file in Program Files directory
                    • NTFS ADS
                    • Suspicious use of SetWindowsHookEx
                    • Suspicious use of WriteProcessMemory
                    PID:1464
                    • C:\Users\Admin\AppData\Local\Temp\345.#.exe
                      C:\Users\Admin\AppData\Local\Temp\345.#.exe
                      10⤵
                      • Executes dropped EXE
                      • Adds Run key to start application
                      • NTFS ADS
                      • Suspicious use of SetWindowsHookEx
                      PID:780
                      • C:\Users\Admin\AppData\Local\Temp\221.#.exe
                        C:\Users\Admin\AppData\Local\Temp\221.#.exe
                        11⤵
                          PID:2724
                          • C:\Users\Admin\AppData\Local\Temp\218.#.exe
                            C:\Users\Admin\AppData\Local\Temp\218.#.exe
                            12⤵
                              PID:2420

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        Filesize

        10.1MB

        MD5

        2e8db501a6a81ca468ada7f17d5a78dd

        SHA1

        850847fef4c7e774555aeb60ed973cc2c4c4a3e1

        SHA256

        5e57e13a5056f32a3a870a4e1e9f0bbb0ee2ebcd7b94a4ea9249e92087b64985

        SHA512

        5baa96f47ec53ae01f5c296d1f0bebab8dcd1ed69d9c932413ef0e2325ae777afa553c00519d4cceba663df1a01bc82badb4df47a7161f2b815101fa2ed10721

        Download Submit

      • C:\Program Files\Java\jre7\bin\pack200.exe$
        Filesize

        9.8MB

        MD5

        811a66469d27d5b71245b2acbe19a0a6

        SHA1

        63245c3b4001ef501f6029132426f244526e8617

        SHA256

        72ec3d5a243f8c910618cc894c8ae5ec17321a2fe46fb3133942f97ec5aab1d0

        SHA512

        31c0f73e2632a6b61187efb6ea8408ff24390a5573773586e4918989afee6f4578befbacdf0dec5428c3bbbe35082b38001c74500bb708767cdb2c2113edd0ac

        Download Submit

      • C:\Program Files\Java\jre7\bin\servertool.exe$
        Filesize

        9.8MB

        MD5

        786dcfd90a48e00ad2f0b6bd7bbac000

        SHA1

        893389176617b9e1081b72017b38b7ebddaf03b4

        SHA256

        53f538fc399f7f8bbea0ed63b192f15aff24b3dcc1496ef0b1c22ea7e6319bed

        SHA512

        d56dbe333f96ddc290d61b1102c51e2bd0273f879f201ec90d0f807be09caaef849e6fef1f727184a74ee3c9008259e4ec5eca6eec9aa7b455316bb5eed446ab

        Download Submit

      • C:\Windows\assembly\GAC_MSIL\Narrator\6.1.0.0__31bf3856ad364e35\Narrator.exe$
        Filesize

        9.9MB

        MD5

        c1caca0171a6b58b390cd26f9799f191

        SHA1

        61ffa6e1529a93d399abfa57fc9e43ee33b1d6fa

        SHA256

        bb252fe553ff3762c14e5e286b1464d2652ede6baa938ea7ad8a0f577af72d3a

        SHA512

        8807ad00941f9f6dcef999dd1f662c4651c874e50b5715b2c46135a30598ddc2127cc5d3c6f3c8cdcbe9713b99043ec8d6f6e460cbe9322a9961f6d589c435f9

        Download Submit

      • \Users\Admin\AppData\Local\Temp\348.#.exe
        Filesize

        9.8MB

        MD5

        0455c01a665c97c3eda086033ce883f1

        SHA1

        f10cf61641897b5368dc6e7b25e20eff45244849

        SHA256

        7717e734290dd3c62e044998f66afc5bc9bbef025cb2f460837402a13b452970

        SHA512

        05822f7ab2101d88cff3ddd7541ada6fb9120cf4a47f731d28ddf65e71363bb53a76cf3c9fed19344d91b740ccaa1ffe0d8c1c048d605d4f9391cd766b17f90f

        Download Submit