Overview

overview

7

Static

static

3

b23099f531...18.exe

windows7-x64

7

b23099f531...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    92s
  • max time network
    126s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    16-06-2024 06:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b23099f531746bc4be062e516c4f2a83_JaffaCakes118.exe

  • Size

    160KB

  • MD5

    b23099f531746bc4be062e516c4f2a83

  • SHA1

    61671fa0a3d43b409c1ddf00ae23f5fafdf3adec

  • SHA256

    5524fdb5b6faf9125d367ee5b8626c9e5d5aefc476264c92d4b63254f4a95669

  • SHA512

    4ad9b4562249fffccbdab44b51d701f5317e1f91bcf9058506a051424cb8b69075335e0bf1c05e136f6d897ab95408df9b5113c052b83d486286f4519e92e78f

  • SSDEEP

    3072:kPtvNTB5N47Q9378AJOMYcYYcmXfaAdmzKOTitARFNKDb1VBhAtkpjK0avbDHJ:IPbN58AJO5if6GAjEDbDB+Xvb

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Drops file in System32 directory 5 IoCs
  • Drops file in Program Files directory 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 57 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 13 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b23099f531746bc4be062e516c4f2a83_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\b23099f531746bc4be062e516c4f2a83_JaffaCakes118.exe"
    1⤵
    • Checks computer location settings
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:4532
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://tc.go4321.com/
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1904
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1904 CREDAT:17410 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:4772
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.38522.com/baohanye.html
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3600
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3600 CREDAT:17410 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:3124
    • C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\system32\cmd.exe" /c del C:\Users\Admin\AppData\Local\Temp\B23099~1.EXE > nul
      2⤵
        PID:1236

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
      Filesize

      651B

      MD5

      00faf3eddb8234c67f4fc9dda35f4d0a

      SHA1

      52e9529c3ee40e7c9a8ba710d9bdfee63c00b155

      SHA256

      e0dc28244e3299765be7cd899fbc2e4ea40410ef56e4e03c7d6b397aee5c1e59

      SHA512

      b310067afdc422fe45b98a398cde8e0d62b610a7347f0a5e47a28e0ddbc6ce446e76887a06b1ffc4bb84484885886dc01aa471ec79cc3aeaf7be6c5525c21ae0

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{E4A10FD5-2BAB-11EF-9D11-663BBECB1CCD}.dat
      Filesize

      5KB

      MD5

      d9552291eae41e2de1c8c81a0e4859ff

      SHA1

      ba4c1d6077476b2a5054a365082aa84f96065aad

      SHA256

      007a643302e6fad43972068525a74093ee59fd0ba42ceef53b52d4ef9a455ee9

      SHA512

      b1988ac3057c89b5f7ff03efef20f56a05cf5304bbf129d511119ed952267e8c7eb7315399a1281372aa9ca4481929a9dae42c9a57a2fcf3ab114b2b50db61b8

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{E4A136E5-2BAB-11EF-9D11-663BBECB1CCD}.dat
      Filesize

      3KB

      MD5

      56523d85b75e4190d631c6947069d2b8

      SHA1

      dee88c83f4144d8fe10747490349f209783d6a46

      SHA256

      7d3c8516d71bbeddbf55448dd5285ab37cc4a3cc756c2a7a775f7f5347211c6f

      SHA512

      4a5072996b811de5a5c02b76928271aac7bc60328df6c619604b54b86dfa514e7c4f9dd63ec394fb383d617d07f9a0636eeb3010f5b12705b0c5722e5be25e7a

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\VersionManager\verE196.tmp
      Filesize

      15KB

      MD5

      1a545d0052b581fbb2ab4c52133846bc

      SHA1

      62f3266a9b9925cd6d98658b92adec673cbe3dd3

      SHA256

      557472aeaebf4c1c800b9df14c190f66d62cbabb011300dbedde2dcddd27a6c1

      SHA512

      bd326d111589d87cd6d019378ec725ac9ac7ad4c36f22453941f7d52f90b747ede4783a83dfff6cae1b3bb46690ad49cffa77f2afda019b22863ac485b406e8d

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\8Z1Z4637\suggestions[1].en-US
      Filesize

      17KB

      MD5

      5a34cb996293fde2cb7a4ac89587393a

      SHA1

      3c96c993500690d1a77873cd62bc639b3a10653f

      SHA256

      c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

      SHA512

      e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

      Download Submit

    • C:\Users\Admin\Favorites\¾«²ÊСÓÎÏ·.url
      Filesize

      149B

      MD5

      65489726ce2b055aeeb241b90f230571

      SHA1

      530474d095b2fd606c02f3b85afd4f2908eb0949

      SHA256

      eecd462ec549a3dda64ed3316fb709f91c04dd873b8e35d79004e58ba02dce9a

      SHA512

      1d2d1221c999b7340af2691b578bf85df783330e216ec83755367d5e85d8f04f62ef514503b4bbf8c5336d13428f688d4762a34fbb6d3e6607a45139633a5697

      Download Submit

    • C:\Users\Admin\Favorites\ÍøÖ·´óÈ«.url
      Filesize

      155B

      MD5

      761f5bbcd8993b9db625865bd9a1be41

      SHA1

      dff63c0d8b7b1410d952dc452642f53e10f47f19

      SHA256

      62439cd57973cdfcfa7333551bd496279bb101572b2356f345fc0dd157070c5d

      SHA512

      01efccfee3cd433cfc7c84c136d80ce9fcecb691f02aef9e732c4e921d2ee0b3bc739776f8f80928aba50634a45fb3865d6566ed5aa8c15abde6696ae9943b5d

      Download Submit

    • C:\Users\Admin\Favorites\ÑÔÇéС˵.url
      Filesize

      76B

      MD5

      a5d8afe991a28dcd842fc52a3cb5e9df

      SHA1

      984b4d2ff6ed73516d191cd29b1408e6e26f0f65

      SHA256

      cf4aa8ba3d54066e70453ac006a00fbe45c86ca36970105ec75ed897b0acdefe

      SHA512

      d7fae173c59911e739bce51f18d316f65877d6761643984357ed36a89fbe25dddfbffffffd0a208dff91bc899813af6c7a443256e863c9e803b1d60b92c0a43b

      Download Submit