Overview

overview

7

Static

static

3

2b087f6c94...18.exe

windows7-x64

7

2b087f6c94...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    142s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09/05/2024, 17:19

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    2b087f6c94a85a42edfe267cdafc05e0_JaffaCakes118.exe

  • Size

    1.1MB

  • MD5

    2b087f6c94a85a42edfe267cdafc05e0

  • SHA1

    b2a40a9a98ec4023ec8e481f233b074edb3d5fd2

  • SHA256

    015fe958dc556ebda808ace4681c03a9b2f2800bb00eaec1ee9f813586fedd00

  • SHA512

    19d525c9d5a3b6be3be810f571f4b0f7be8206c24c6180cf3ac8c3081de1d7791279f33770766e2bc901e650af5bcef71235c788188a794ea4465cba8bc856c2

  • SSDEEP

    12288:GsM+aTA3c+FK1vrlVYBVignBtZnfVq4cz1i5pP9kPQL:9V4W8hqBYgnBLfVqx1Wjkm

Score
7/10
discovery

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 37 IoCs
    adwarespyware
  • Modifies Internet Explorer start page 1 TTPs 1 IoCs
    stealer
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2b087f6c94a85a42edfe267cdafc05e0_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\2b087f6c94a85a42edfe267cdafc05e0_JaffaCakes118.exe"
    1⤵
    • Checks computer location settings
    • Modifies Internet Explorer settings
    • Modifies Internet Explorer start page
    • Suspicious use of WriteProcessMemory
    PID:1616
    • C:\Program Files\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -noframemerging
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:4120
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4120 CREDAT:17410 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1504
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5292 --field-trial-handle=2280,i,4114443225282860369,4764091921472631035,262144 --variations-seed-version /prefetch:8
    1⤵
      PID:2872

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
            Filesize

            471B

            MD5

            dddc1fca6dedb2cef3771073e423642b

            SHA1

            51f2fa9aef24520957add501834f221dcaf12188

            SHA256

            b866cd5b457ab2976b47e6ab4e8f4639f10916dde2933fa2aea7c74c93001f2e

            SHA512

            4693a68cf76ed95b49776946bce5d2d4a0282a697443f6843205a69bf1568400b5f00ae88849ff6ecff2b3edb0e3dd662d6992a568e5438c726b00e1acfdacb0

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
            Filesize

            404B

            MD5

            50c808d406ca69cb6aa18d215ed211f6

            SHA1

            a5e17173278431607294822dfa7b683441fe2e8c

            SHA256

            b097917e92daeca1e7b17d88d5b3e6d93ddec635ae660c11ac4c5d25168d8adb

            SHA512

            c5d5a17fef31bf693d86a6212caca50ccb6ee7471ee1b0b5d4b5b5952a742a7c87b577b94849704280613b6c93e81a082019785e7b107362e722241678e71d7b

            Download Submit

          • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\X0OFMNIL\suggestions[1].en-US
            Filesize

            17KB

            MD5

            5a34cb996293fde2cb7a4ac89587393a

            SHA1

            3c96c993500690d1a77873cd62bc639b3a10653f

            SHA256

            c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

            SHA512

            e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

            Download Submit