Overview

overview

7

Static

static

1

330dce3e0c...18.exe

windows7-x64

7

330dce3e0c...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    117s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    11/05/2024, 05:53

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    330dce3e0cee2761bd14069c8f1a1ded_JaffaCakes118.exe

  • Size

    1.3MB

  • MD5

    330dce3e0cee2761bd14069c8f1a1ded

  • SHA1

    f4804bc00b5fb11332d18a3d59d5a2165b515029

  • SHA256

    139f1ecb5ae9ff0282af8ff5d7c06f2fe444f13db55adf0d720b2721fd9f4795

  • SHA512

    3c17671e40a2f45893d44c694249008ea8e73cd49ed8c33379d8acea1047c1c740707dbe1c53ecba1bfce6b571164d3bceef8d956b600c0a02357966b657a0b9

  • SSDEEP

    24576:/AuOVglTUt1RBO8kp98R64TBwUItmhw9DCPBdjht0OAQL:G+lTUtpMp98wEyUZ6CD9+OAs

Score
7/10
discoveryevasionspywarestealertrojan

Malware Config

Signatures

  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 3 IoCs
    adwarespyware
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\330dce3e0cee2761bd14069c8f1a1ded_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\330dce3e0cee2761bd14069c8f1a1ded_JaffaCakes118.exe"
    1⤵
    • Checks whether UAC is enabled
    • Modifies Internet Explorer settings
    • Suspicious use of SetWindowsHookEx
    PID:2856

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\sixtu3u\gui\3968.html
          Filesize

          19KB

          MD5

          b277bae2e481626b36a47408964e6272

          SHA1

          56ceabd31db33a60d01d59281e9a660055347e10

          SHA256

          114a09b47475369d366ad33511c64c23208a9dfe7a312bd3dfcd899c045a3b12

          SHA512

          043d65ad06fcfe9b7453434b27942de67ce242a7cd40e94b703fe8d3e7487edab2d3466049d13cc50dcfc6a98faaa65da90fbd592031d21fb5f07ec40e8d61e8

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\sixtu3u\gui\page_3973_attr_3.png
          Filesize

          6KB

          MD5

          58979c541147a84cbe53efafef2dda24

          SHA1

          b6a97e5be9ae7b977920d509393315c3f8406522

          SHA256

          650c29daea12f595c3f57e826c0ac9fd30fc65d5c631340bc9175797bfdd3f5a

          SHA512

          d54448e57fd55d411f80ec31c9292cbc8d43e345b34488b5114c3262e7622e6b57474a20c2c60ab77848860480c8677392208f2ef42f284234193ad7577fdf9a

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\sixtu3u\gui\page_3973_attr_46.bmp
          Filesize

          41KB

          MD5

          19cafe521085d306aa66d256bce120c6

          SHA1

          a41ae63f80dc451fb68a34f64aa86867f2cdbd6e

          SHA256

          ce22b3fa0bb7ad842657737c51a287caea2623019fcefbea4906462f49e31894

          SHA512

          936e0ca8f2accfaba11dc190e89ae3d19e2ba0963824e87c24ab7e1cc006cc7232163c90924a1e93abe7d602b64b4b5543544e114d9059ea56b6f28535c8527d

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\sixtu3u\wizard.xml
          Filesize

          7KB

          MD5

          cb1f825e1e0bb6299211cd4396f39d69

          SHA1

          a45d01d6494825d8f461b6331f4c7a799a6c4102

          SHA256

          5a0000ba64313a69e050897a7af18436b7333c4403a61cbbe120f0f73b59173d

          SHA512

          e6d927081a3417eb33c4b0429c2f91a9064b3b8e43c27c6ad3b83826ecc6dad6d8fca5bdcecac78b66aca144115165ef9a6ff46ebdfd975b6dc4952d9c50913d

          Download Submit

        • memory/2856-1-0x0000000002990000-0x0000000002B3F000-memory.dmp

          Filesize

          1.7MB

          Download

        • memory/2856-88-0x0000000000C10000-0x0000000000C11000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2856-164-0x0000000000C10000-0x0000000000C11000-memory.dmp

          Filesize

          4KB

          Download