Analysis

  • max time kernel
    118s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240419-en
  • resource tags

    arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
  • submitted
    29-04-2024 23:24

General

  • Target

    087ad2e6ca33b8c587dbc2884a034c6e_JaffaCakes118.exe

  • Size

    1.6MB

  • MD5

    087ad2e6ca33b8c587dbc2884a034c6e

  • SHA1

    a88f9e9dda17945f45b12b507f8db71c1dd26b50

  • SHA256

    203fe7d0d3e6b6c4d986da6a02e55a9f8cb6f874d47008edc8fa187b23545c66

  • SHA512

    d5507e37cd97bf69550d804373358346f139b603c0165fccd1dc94b8b3d91167594a33a961972917a85b6a9a0928b21ed8929c8b919bb042adc40a90e3a4ab34

  • SSDEEP

    49152:/jZkjil1jW62ZGAIimn8ul4ry7SpKeQzUWwkTdmGk:hjWFQrquJSpPQ4kq

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 4 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • Registers COM server for autorun 1 TTPs 4 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Drops Chrome extension 3 IoCs
  • Installs/modifies Browser Helper Object 2 TTPs 8 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

  • Drops file in Program Files directory 8 IoCs
  • Modifies Internet Explorer settings 1 TTPs 8 IoCs
  • Modifies registry class 64 IoCs
  • Suspicious use of WriteProcessMemory 21 IoCs
  • System policy modification 1 TTPs 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\087ad2e6ca33b8c587dbc2884a034c6e_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\087ad2e6ca33b8c587dbc2884a034c6e_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2052
    • C:\Users\Admin\AppData\Local\Temp\00294823\ATDuUO.exe
      "C:\Users\Admin\AppData\Local\Temp/00294823/ATDuUO.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops Chrome extension
      • Installs/modifies Browser Helper Object
      • Drops file in Program Files directory
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      • System policy modification
      PID:2780
      • C:\Windows\SysWOW64\regsvr32.exe
        regsvr32.exe /s "C:\Program Files (x86)\YoutubeAdblocker\V2UKJ.x64.dll"
        3⤵
        • Loads dropped DLL
        • Suspicious use of WriteProcessMemory
        PID:2192
        • C:\Windows\system32\regsvr32.exe
          /s "C:\Program Files (x86)\YoutubeAdblocker\V2UKJ.x64.dll"
          4⤵
          • Loads dropped DLL
          • Registers COM server for autorun
          • Installs/modifies Browser Helper Object
          • Modifies Internet Explorer settings
          • Modifies registry class
          PID:1976

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\00294823\ATDuUO.dat

    Filesize

    3KB

    MD5

    32853cf2595f2504042f1473853b4b89

    SHA1

    174580acda0c9b20791ca8be29f132f976dd52df

    SHA256

    5300ca9a380237b9b07da25510a48633043ede0e0caf98aee30a3b4f3b565ebb

    SHA512

    714e0e3f22d54b1f7083ca9bd4d91a00589f7ddfa7957c2c383652b8ec440c90bcb9b68a29967fee0f7a3b850d2faa244a7d829829e0cfb1b64709280ac8743f

  • C:\Users\Admin\AppData\Local\Temp\00294823\V2UKJ.dll

    Filesize

    438KB

    MD5

    34bc1e9d673cfdf64391674c763cdd77

    SHA1

    77e23698847852036381b4e638b5030f6ed6dfea

    SHA256

    349518efa626aa4094c0f00cd06fdd4ca7ce4a4c1e098a9543dd6dd6dfcbefb7

    SHA512

    bd1f39dfd305118ca111e75c9315e1565273ec201ebe8483e3e041a0d614cc223e7fbeae036275559170850f7a3b2bbf5c9c3feb327472f21ad31ae8bd24e737

  • C:\Users\Admin\AppData\Local\Temp\00294823\V2UKJ.tlb

    Filesize

    3KB

    MD5

    0467b2a94e53b5faedf0848d0c2f5d26

    SHA1

    6cf5b04d6bf174f6dc8c370e4daad1bc2a477d81

    SHA256

    6df3477717486828c6bc5928d65be112e55d3259a76a9b2e6302e61e771b1d94

    SHA512

    2ab17e6066f8f942f1329ff8fa3945d423a70d83495ed85a447586f18f96a0ee3cf927c51d937221ac28dc82e1005d128588b227d0dbfe9b0c60e967f97ef687

  • C:\Users\Admin\AppData\Local\Temp\00294823\V2UKJ.x64.dll

    Filesize

    493KB

    MD5

    86caa44adb45c7bb76f01b62d76fed67

    SHA1

    382d2f766a932c0a19b18d305f336f670530d167

    SHA256

    710648d005d01670952b1fabcc9ded81f2bf1d8cd828ad67e6658ab9ab5beb05

    SHA512

    9b305f023d7d7d82758593581d141abe3040b5d3464e40dd5ff2984cb845c973b61d99aae24279c2cac9256d624204e7a5c174932df3946903d712f0176a1497

  • C:\Users\Admin\AppData\Local\Temp\00294823\boldfmnniepmbkbhbjkomnmnkomlhaod\Y7wtR4u.js

    Filesize

    6KB

    MD5

    9bc8559daa104a1ab99f635c8dee4e68

    SHA1

    82cc485a6bc8d67de1706e7c7b22e214d23d9564

    SHA256

    44a39ea63e06b290eac47b86c8de8c402dff5ad2a06bb013e44f1344e4356b8b

    SHA512

    6b6ad295e8ebe3a6635bff4bc243d04ec18232dc7ee8083bdf96dcc92c02403f7e0230815c19c5209010ef9d6d2f3bab9828d91cc93aed39e942b0c09dfba062

  • C:\Users\Admin\AppData\Local\Temp\00294823\boldfmnniepmbkbhbjkomnmnkomlhaod\background.html

    Filesize

    144B

    MD5

    ce3522e275541cf294e32b91b24c1c77

    SHA1

    7bc9b2a0bace141154fc02d2a6b7ae1ad7bdddee

    SHA256

    7794dd05153e8b081a2bf6b61e9a37549270feb93f1a630640f665a7c9f8d8d7

    SHA512

    4764defc4597ab05c76de4ecd323d6dc6a1739767f4ba7d1c68bd12db67f07387cd5f52052b61ed14f039cda4c7ee6a32a3bb76b2ae2b278e2b7d40e79af7ef3

  • C:\Users\Admin\AppData\Local\Temp\00294823\boldfmnniepmbkbhbjkomnmnkomlhaod\content.js

    Filesize

    144B

    MD5

    0654917402505bc71a231599d02e09a2

    SHA1

    e24d4fcf6f136c3be86b4dc01bd3bf446ce462ff

    SHA256

    9577828de9e701114e75cca9918972c9028689518882edcb6aa193f9353c19ae

    SHA512

    3e7077342d4c06d1192898a4ec5c9b19f3ca8883c5fd7c6e2a581d855959b748b5a8c4b07e3468cfc8b79e6abc1595fefccb41011c179da665567d5dc4b2da5d

  • C:\Users\Admin\AppData\Local\Temp\00294823\boldfmnniepmbkbhbjkomnmnkomlhaod\lsdb.js

    Filesize

    531B

    MD5

    36d98318ab2b3b2585a30984db328afb

    SHA1

    f30b85fbe08e1d569ad49dfeafaf7cb2da6585a5

    SHA256

    ea2caf61817c6f7781ee049217e51c1083c8fc4f1e08e07792052dfdfa529ae7

    SHA512

    6f61ccda2eba18369409850b2c91c9817fc741755e29a1579646e3816e0deab80e34a5adb9ff865c773793d32ac338163a224dbf363b46420d6ea42a7bbb2b3a

  • C:\Users\Admin\AppData\Local\Temp\00294823\boldfmnniepmbkbhbjkomnmnkomlhaod\manifest.json

    Filesize

    508B

    MD5

    e2832fbedae560495781610b5c511afa

    SHA1

    95f9c6fe1ea5a6ee009bce1e9c215ef53fb5c108

    SHA256

    6e03e688a9f7cc23a788e004cea4c87ee73e36c1053d2fb34a214bcc597f3ea2

    SHA512

    2e206b58d02a88d21cb0cd74d5523b9f07f4558b4af9a19936befb256c2dc868107ab1716849e09b665721d1ac7b01ba6762bb54822596e39a4cdad763c68cb9

  • C:\Users\Admin\AppData\Local\Temp\00294823\[email protected]\bootstrap.js

    Filesize

    2KB

    MD5

    df13f711e20e9c80171846d4f2f7ae06

    SHA1

    56d29cda58427efe0e21d3880d39eb1b0ef60bee

    SHA256

    6c325461fba531a94cf8cbdcfc52755494973df0629ce0ee3fef734ab0838fc4

    SHA512

    6c51cee3bf13f164c4a5c9884cc6053cbf9db9701d34c07dc5761d2c047d3d1f7a361b32996a430107e9a4ce68a29149d747a84c76778a1e8780719a3d30470e

  • C:\Users\Admin\AppData\Local\Temp\00294823\[email protected]\chrome.manifest

    Filesize

    26B

    MD5

    4ad224c752c56e0b82d452325c80dfd3

    SHA1

    e685fa7cb3a46d805416fd1f72f3b4522df9c56c

    SHA256

    07bf01362953947b2dc34a780c89b75b9f7452a121b3a0e91715a95eee23815e

    SHA512

    944289f554eeed2779236c4406b899ead223c4e5e09b4439aefb061e8fc55fc226489980b126300343f1b59771d169ac4045436cbe98310f4f68775d4858b9a0

  • C:\Users\Admin\AppData\Local\Temp\00294823\[email protected]\content\bg.js

    Filesize

    8KB

    MD5

    43d766520c63334f014e473600fb01c8

    SHA1

    b32b379e5254b4014fa7b80bdf3e8bc14699926e

    SHA256

    99d226daccc91d0c7c6d86fb6a3f09664f03be983ef31c7ee0e0790e93f370b2

    SHA512

    d0e376a5564c4d435ce0648b5e6eb232e49256cccdee2fbc0e16fd180a466ca79f06b23fc813f9127e3bfab29a89484ccae165965fa45e860a107e96063931b4

  • C:\Users\Admin\AppData\Local\Temp\00294823\[email protected]\install.rdf

    Filesize

    610B

    MD5

    ba0b3179a6f36758ab2e1aa82afc6361

    SHA1

    87b9408fc373da37d73cf9b3f8a52c3233b54c92

    SHA256

    8b4dd533d9571d566df8b4f1ae82a272d59881d9fe086002dbc626f4850eca49

    SHA512

    ccfb3d66730bceb86ffd19c59b3fd9ba1dc850e0e1fb98b8d06ce2de71e9f2b51c15131c69eb01eb4cee45b2b71415c145fb9bf31b4297dde1edd88d439bff0a

  • \Users\Admin\AppData\Local\Temp\00294823\ATDuUO.exe

    Filesize

    526KB

    MD5

    926838555c7e13f295fda017b3fa3ea9

    SHA1

    f8947d5c9be8b66e0aa99696bfcee097f1a55403

    SHA256

    67b6ba841d56bef371d7e8c7382df39d2c76f828d6ea7669a6b1099835aaa08d

    SHA512

    409e818552f78ca17720bef89d20c50a402bcedaf8084a8a10c6fb8933a07b7c25acdb21e0b22bb544c9287eb792de1fdbd3ad38e3e29a303049bb472b224be7