Overview

overview

7

Static

static

3

0543e7ac31...18.exe

windows7-x64

7

0543e7ac31...18.exe

windows10-2004-x64

7

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDIR/UAC.dll

windows7-x64

3

$PLUGINSDIR/UAC.dll

windows10-2004-x64

3

$PLUGINSDIR/inetc.dll

windows7-x64

3

$PLUGINSDIR/inetc.dll

windows10-2004-x64

3

chrome/con...nts.js

windows7-x64

1

chrome/con...nts.js

windows10-2004-x64

1

chrome/con...ion.js

windows7-x64

1

chrome/con...ion.js

windows10-2004-x64

1

chrome/con...sts.js

windows7-x64

1

chrome/con...sts.js

windows10-2004-x64

1

chrome/con...ics.js

windows7-x64

1

chrome/con...ics.js

windows10-2004-x64

1

chrome/con...mat.js

windows7-x64

1

chrome/con...mat.js

windows10-2004-x64

1

chrome/con...min.js

windows7-x64

1

chrome/con...min.js

windows10-2004-x64

1

chrome/con...ain.js

windows7-x64

1

chrome/con...ain.js

windows10-2004-x64

1

chrome/con...est.js

windows7-x64

1

chrome/con...est.js

windows10-2004-x64

1

chrome/con...ipt.js

windows7-x64

1

chrome/con...ipt.js

windows10-2004-x64

1

chrome/con...ats.js

windows7-x64

1

chrome/con...ats.js

windows10-2004-x64

1

chrome/con...age.js

windows7-x64

1

chrome/con...age.js

windows10-2004-x64

1

Analysis

  • max time kernel
    119s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240215-en
  • resource tags

    arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
  • submitted
    28-04-2024 13:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0543e7ac313b3445d749bec7aa96325d_JaffaCakes118.exe

  • Size

    561KB

  • MD5

    0543e7ac313b3445d749bec7aa96325d

  • SHA1

    034ad5993fbfeecac3e1668dcba6a839b7249b86

  • SHA256

    d11ecfdc1f5d350ff4ff2d1aa08d4e72b0eb424203aee450d39a63c21e489146

  • SHA512

    378449930dae4b69bd8b08d68d30e89ff50b71fca404f12fcafcb7a5a2a0f2a81fb31620233c5125d02ba0f9098f830776951d4d02a6ea5161c25c7b39c64ba0

  • SSDEEP

    12288:NxBQrt3Cy7V0h1QWmojX+7oRwm2hRo0sf/bmHr8u8CfiLs08aQNn:N7ct3Cx1mdowmgNsnbmL8u8CfiLs08n

Score
7/10
adwarediscoveryspywarestealer

Malware Config

Signatures

  • Drops startup file 1 IoCs
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 11 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Installs/modifies Browser Helper Object 2 TTPs 2 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

    stealeradware
  • Drops file in Program Files directory 5 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of WriteProcessMemory 14 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0543e7ac313b3445d749bec7aa96325d_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\0543e7ac313b3445d749bec7aa96325d_JaffaCakes118.exe"
    1⤵
    • Drops startup file
    • Loads dropped DLL
    • Installs/modifies Browser Helper Object
    • Drops file in Program Files directory
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:2388
    • C:\Users\Admin\AppData\Local\Temp\InstallUtil.exe
      "C:\Users\Admin\AppData\Local\Temp\InstallUtil.exe" glupgrade
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:2576
    • C:\Program Files (x86)\PricePeep\PricePeepUpdater.exe
      "C:\Program Files (x86)\PricePeep\PricePeepUpdater.exe"
      2⤵
      • Executes dropped EXE
      PID:2800

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\glupgrade\consts.js
    Filesize

    1KB

    MD5

    96903b256e7fa960e394eb79a9b1ee10

    SHA1

    dc718012a19faa823a3d258cb0d8196eca522eb1

    SHA256

    2cf2d8968e9e3b831f4b98af59f8f1518e3bf218729787e765253d94c29b6fb5

    SHA512

    0e41e356206d5a0ffc77560da126ca6cb91c82c6f732e719ec4732cd37f5e78f8f7a2171353c5b7b3f27cc1f7521cd3f80c993b9a17e0d7f022a7dfffccd7c16

    Download Submit

  • \Program Files (x86)\PricePeep\PricePeepUpdater.exe
    Filesize

    310KB

    MD5

    cb477977a329b902f324ec34ef866199

    SHA1

    e8943e53c46b6baa13dfb97966fea0c3aca61703

    SHA256

    9affebeda6460dac1591bdda4142c5b5beede0cbb78b60da2641d188893414bc

    SHA512

    7e44726ca70c52d5abdbd2faff38bfc6582f72a943b83eb1fb8779633d53de14fd00343f94ac569d3a63325c17a0d0eb577c37079ac68a6f4afe50a8cf8b26c4

    Download Submit

  • \Program Files (x86)\PricePeep\pricepeep.dll
    Filesize

    440KB

    MD5

    b766a1cb57ccf5a3376b06c54f947779

    SHA1

    99c429ca2d4891fd8aa6646f2e6f88e0314234cf

    SHA256

    75c6b4c747c3a42bbfecaf39819add2519692d5b54726b0f1de371e58cbf9794

    SHA512

    9fd46b9d6194505a0111e39ce038169a669b7270f74f776e911da59ca7755e13fa6386875f13d33ce1aaf62ef29997131b21054c3da7871b3848dd2a865fe315

    Download Submit

  • \Users\Admin\AppData\Local\Temp\InstallUtil.exe
    Filesize

    209KB

    MD5

    0a454a58844a365049c68103dc8f4361

    SHA1

    4980d5db14b3525f359c63670bd3f0370d0e9321

    SHA256

    18c32b49f76a6dff12047d7ece8f81be3a02ca59248f9b4d73b974ab93c5b2c2

    SHA512

    d971ed82ee45c5c457b2d7eb4d3f59400c897350411220b5d0673966451918f1847a9c9a4cd037f95076a7a7e4acb388410da9b601c185ea6b688f10927092f3

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nstD1D.tmp\System.dll
    Filesize

    11KB

    MD5

    c17103ae9072a06da581dec998343fc1

    SHA1

    b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

    SHA256

    dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

    SHA512

    d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nstD1D.tmp\UAC.dll
    Filesize

    17KB

    MD5

    88ad3fd90fc52ac3ee0441a38400a384

    SHA1

    08bc9e1f5951b54126b5c3c769e3eaed42f3d10b

    SHA256

    e58884695378cf02715373928bb8ade270baf03144369463f505c3b3808cbc42

    SHA512

    359496f571e6fa2ec4c5ab5bd1d35d1330586f624228713ae55c65a69e07d8623022ef54337c22c3aab558a9b74d9977c8436f5fea4194899d9ef3ffd74e7dbb

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nstD1D.tmp\inetc.dll
    Filesize

    20KB

    MD5

    4c01fdfd2b57b32046b3b3635a4f4df8

    SHA1

    e0af8e418cbe2b2783b5de93279a3b5dcb73490e

    SHA256

    b98e21645910f82b328f30c644b86c112969b42697e797671647b09eb40ad014

    SHA512

    cbd354536e2a970d31ba69024208673b1dc56603ad604ff17c5840b4371958fc22bafd90040ae3fb19ae9c248b2cfce08d0bc73cc93481f02c73b86dbc0697b2

    Download Submit

  • memory/2800-96-0x0000000000170000-0x0000000000171000-memory.dmp

    Filesize

    4KB

    Download