Overview

overview

7

Static

static

3

5e162f7af7...18.exe

windows7-x64

7

5e162f7af7...18.exe

windows10-2004-x64

7

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDIR/inetc.dll

windows7-x64

3

$PLUGINSDIR/inetc.dll

windows10-2004-x64

3

$PLUGINSDIR/nsWeb.dll

windows7-x64

3

$PLUGINSDIR/nsWeb.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    149s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20/05/2024, 08:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5e162f7af7768f8c0271a5e17e0d27f4_JaffaCakes118.exe

  • Size

    60KB

  • MD5

    5e162f7af7768f8c0271a5e17e0d27f4

  • SHA1

    99a38bdf4bf4047ab0b1181197a026d471035c08

  • SHA256

    1a59752f1910e31941b5e21cee8344261da40d6baae65e8fea9ec67d0b8226ec

  • SHA512

    b6c7a8f808afd23409e467ce9d3eed104f36fe307b40bc05ae4721f26e62f37c8edad91c5466c6cc7d434eec73db074aa0d84f0ae0df3e8d422cfeb206ca180b

  • SSDEEP

    1536:doLDYsacy7mHMowHjXJrM5S46GxpGOlrXdwdvFltBihCY:doPyys5jXJrM5qGxVpudvFD+/

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 6 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 46 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5e162f7af7768f8c0271a5e17e0d27f4_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\5e162f7af7768f8c0271a5e17e0d27f4_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    PID:1752
  • C:\Program Files (x86)\Internet Explorer\ielowutil.exe
    "C:\Program Files (x86)\Internet Explorer\ielowutil.exe" -CLSID:{0002DF01-0000-0000-C000-000000000046} -Embedding
    1⤵
      PID:5020
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:4876
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4876 CREDAT:17410 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:4724
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4876 CREDAT:82946 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:4140

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
      Filesize

      471B

      MD5

      50beaeb29c1828aa58b55057a8017095

      SHA1

      307492f413ef87df41277ca164eea78626e75381

      SHA256

      18d22ed4722a234c4d0213522c955b6e447564401621c1ba843f2a91ce4a3492

      SHA512

      9ef69f048bcdfa7b18c192977d15ec6477748cc697bbed97ab5ae1a3b1871d7d06613011b310eecd2bc32512d80214cb0784a1d9b6f9dd766367ef593fedaccb

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
      Filesize

      404B

      MD5

      8e8dce3e221fd3174b7a787eaca7ec6b

      SHA1

      6cc7ed804dca93c20cd25c7b811cd822efa56d0b

      SHA256

      93758efd53da241fd29d2a79601f4372fd44d2fac74738954f62f2c4b6380d4f

      SHA512

      545919ff7e146e05e5e4a34bfc8660a6b7a89178f901fb8fb6b09a194dc3bc3b1d638016e1011284de1e86018889ed793770e295ccbec4bc9564c5438b66d544

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\VersionManager\versionlist.xml
      Filesize

      15KB

      MD5

      1a545d0052b581fbb2ab4c52133846bc

      SHA1

      62f3266a9b9925cd6d98658b92adec673cbe3dd3

      SHA256

      557472aeaebf4c1c800b9df14c190f66d62cbabb011300dbedde2dcddd27a6c1

      SHA512

      bd326d111589d87cd6d019378ec725ac9ac7ad4c36f22453941f7d52f90b747ede4783a83dfff6cae1b3bb46690ad49cffa77f2afda019b22863ac485b406e8d

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\CMMYN4JX\suggestions[1].en-US
      Filesize

      17KB

      MD5

      5a34cb996293fde2cb7a4ac89587393a

      SHA1

      3c96c993500690d1a77873cd62bc639b3a10653f

      SHA256

      c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

      SHA512

      e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\nsy36F0.tmp\inetc.dll
      Filesize

      21KB

      MD5

      d7a3fa6a6c738b4a3c40d5602af20b08

      SHA1

      34fc75d97f640609cb6cadb001da2cb2c0b3538a

      SHA256

      67eff17c53a78c8ec9a28f392b9bb93df3e74f96f6ecd87a333a482c36546b3e

      SHA512

      75cf123448567806be5f852ebf70f398da881e89994b82442a1f4bc6799894e799f979f5ab1cc9ba12617e48620e6c34f71e23259da498da37354e5fd3c0f934

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\nsy36F0.tmp\nsWeb.dll
      Filesize

      8KB

      MD5

      84bcf3c71e70d5a6e9dc07d70466bdc3

      SHA1

      31603a1afc2d767a3392d363ff61533beaa25359

      SHA256

      7d4da7469d00e98f863b78caece3f2b753e26d7ce0ca9916c0802c35d7d22bcf

      SHA512

      61aefa3c22d2f66053f568a4cc3a5fc1cf9deb514213b550e5182edcecd88fadf0cb78e7a593e6d4b7261ed1238e7693f1d38170c84a68baf4943c3b9584d48e

      Download Submit