Overview

overview

7

Static

static

3

254b3e6dca...18.exe

windows7-x64

7

254b3e6dca...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    141s
  • max time network
    147s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    08/05/2024, 14:34

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    254b3e6dca44ff69cc40688aadb88c45_JaffaCakes118.exe

  • Size

    547KB

  • MD5

    254b3e6dca44ff69cc40688aadb88c45

  • SHA1

    21c227a18f4b01789bfd12074cebef5e3b7ed2ee

  • SHA256

    fbfe85bf45dd9197f58fa9295211bbfa36b81a16ce6d762898b35397349f3c85

  • SHA512

    c337d15752ce6024e23ba144256baaf6467a70ddb4ef66c3b5ae9626196827013c5c65d5625136199a2a9bc8ee78f27a4135e9c435db1dd57bc7212fdba158a9

  • SSDEEP

    12288:w/mzmQT7eaitUMKDBalz2m10NPtIzidNCN1yQ3uVPZNste0d65:wucaity1aliZdOaCNdlU665

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 24 IoCs
    adwarespyware
  • Modifies system certificate store 2 TTPs 2 IoCs
    evasionspywaretrojan
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\254b3e6dca44ff69cc40688aadb88c45_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\254b3e6dca44ff69cc40688aadb88c45_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Modifies system certificate store
    • Suspicious use of WriteProcessMemory
    PID:2512
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c copy /b "C:\Users\Admin\AppData\Local\Temp\nsi1DA0.tmp\SoHuVA_4.5.77.0-c207715-nti-ng-tp-s.exe" + "C:\Windows\Fonts\gulim.ttc" "C:\Users\Admin\AppData\Local\Temp\nsi1DA0.tmp\SoHuVA_4.5.77.0-c207715-nti-ng-tp-s.exe"
      2⤵
        PID:2480
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://120.26.154.44/254b3e6dca44ff69cc40688aadb88c45_JaffaCakes118.exe/40.html
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2096
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2096 CREDAT:275457 /prefetch:2
          3⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:992

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\Local\Temp\nsi1DA0.tmp\1.ico
            Filesize

            144KB

            MD5

            175945d5c411523fa8385a8a55c1b4e7

            SHA1

            f880b88af38ebd3f792f20009ddc1b0c7c9982f0

            SHA256

            00510b32f7495ee1be02aa72227ef24e4e143d9b7c52a7f8d80b70b4bbe0514e

            SHA512

            bfba5ee12ae4dd817b867673721f29894928ab894647dd75d5961a196aa12287b1b2da6f2327a4bb66920caa91073b93b2eebce2f71397e9f72add376a8eb4c6

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\nsi1DA0.tmp\1.zip
            Filesize

            72B

            MD5

            a602ac9d03cffedc03fa841c9a12df5a

            SHA1

            e42f39093e29f5c6c7aad8a973d69035e860659e

            SHA256

            f5d09365810dd11ef1204b35bfede3158a07d5592a9c9cfa449dd534f9964aa9

            SHA512

            78d0f33871a43d65abc4156fb3518190d5dd80c260a88a3de4e0ad4c129cfddafa3286af42d6748b7f16a6eb124a24d24d6025d1f3bf7ebc201403c431a013dc

            Download Submit

          • \Users\Admin\AppData\Local\Temp\nsi1DA0.tmp\System.dll
            Filesize

            11KB

            MD5

            535501f2cec26becb4c704e6c54604bd

            SHA1

            1227b0660de525a98d1056845d55928502d11c0e

            SHA256

            6887e6328885d1cb97abb9f87418ae722103f6b909cdfdc2c30f7c3493de4b88

            SHA512

            72c25244ae2aa875d5e845960d67439dbc7dab7d8ec5bc8ef22b1991dec02fe635535bcd7145584fbf67083b1214c2c534ad47ffd5eb7a33dc3ceef689341540

            Download Submit

          • \Users\Admin\AppData\Local\Temp\nsi1DA0.tmp\nsExec.dll
            Filesize

            6KB

            MD5

            f5193c3c9d1506d4dab391ca01b9b710

            SHA1

            88c3ef8adca644b864b7bcc1d0e2ccdd7b37a441

            SHA256

            b11f7cddf77436d2d9a64e859d21d14dc37a8fd7a39bb11e036edfa04ee0df23

            SHA512

            2a8fa55cba37148f20dc6fe644dbee531aa2c275a90b5e1c19a7430062286b9386dfd57ec4bba815fcc4b38806360fe5deb6d02ce8738bae6e21e92965509b86

            Download Submit