Overview

overview

7

Static

static

3

b7fd0ea6a9...18.exe

windows7-x64

7

b7fd0ea6a9...18.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    150s
  • max time network
    152s
  • platform
    windows7_x64
  • resource
    win7-20240611-en
  • resource tags

    arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
  • submitted
    17/06/2024, 09:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b7fd0ea6a92209a34e49b0563f63977c_JaffaCakes118.exe

  • Size

    177KB

  • MD5

    b7fd0ea6a92209a34e49b0563f63977c

  • SHA1

    b2982a96eafee70b762435ab6f1adb80055ca762

  • SHA256

    fa065eebc31c2e62315a443f32d8afe75d487ded72571adc014bdb9ee365e246

  • SHA512

    d66b7b06a9ac4e206d138a68fb0c042a2ef9017b84685923fb480a5be92d9df3df268469e4e58ef54f5178fad03338614c007474978e61eabd69ce72cfb39993

  • SSDEEP

    3072:y5VT52dzJpdQ12drw4GwLW+ICXeMie6C2ot5TU1D7YUZrGhjAtzMO4GUF+G8oiA3:yAdzDq/31oM1D7YU0Iz54GUFgxAxqG42

Score
7/10
persistencespywarestealer

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Reads WinSCP keys stored on the system 2 TTPs

    Tries to access WinSCP stored sessions.

    spywarestealer
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Suspicious use of SetThreadContext 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 2 IoCs
    adwarespyware
  • NTFS ADS 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 30 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SendNotifyMessage 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 48 IoCs

Processes

  • C:\Windows\system32\taskhost.exe
    "taskhost.exe"
    1⤵
      PID:1096
    • C:\Windows\system32\Dwm.exe
      "C:\Windows\system32\Dwm.exe"
      1⤵
        PID:1168
      • C:\Windows\Explorer.EXE
        C:\Windows\Explorer.EXE
        1⤵
          PID:1216
          • C:\Users\Admin\AppData\Local\Temp\b7fd0ea6a92209a34e49b0563f63977c_JaffaCakes118.exe
            "C:\Users\Admin\AppData\Local\Temp\b7fd0ea6a92209a34e49b0563f63977c_JaffaCakes118.exe"
            2⤵
            • Loads dropped DLL
            • Suspicious use of SetThreadContext
            • Modifies Internet Explorer settings
            • Suspicious use of AdjustPrivilegeToken
            • Suspicious use of WriteProcessMemory
            PID:2436
            • C:\Users\Admin\AppData\Roaming\Iwyci\itask.exe
              "C:\Users\Admin\AppData\Roaming\Iwyci\itask.exe"
              3⤵
              • Executes dropped EXE
              • Adds Run key to start application
              • Suspicious behavior: EnumeratesProcesses
              • Suspicious use of AdjustPrivilegeToken
              • Suspicious use of WriteProcessMemory
              PID:2748
            • C:\Windows\SysWOW64\cmd.exe
              "C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\tmpfdc3376a.bat"
              3⤵
              • Deletes itself
              PID:868
        • C:\Windows\system32\DllHost.exe
          C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
          1⤵
            PID:1788
          • C:\Program Files\Windows Mail\WinMail.exe
            "C:\Program Files\Windows Mail\WinMail.exe" -Embedding
            1⤵
            • NTFS ADS
            • Suspicious use of AdjustPrivilegeToken
            • Suspicious use of FindShellTrayWindow
            • Suspicious use of SendNotifyMessage
            • Suspicious use of SetWindowsHookEx
            PID:2900
          • C:\Windows\system32\DllHost.exe
            C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
            1⤵
              PID:1196
            • C:\Windows\system32\DllHost.exe
              C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}
              1⤵
                PID:1088

              Network

              MITRE ATT&CK Enterprise v15

              Replay Monitor

              Loading Replay Monitor...

              Downloads

              • C:\Users\Admin\AppData\Local\Microsoft\Windows Mail\edb.log
                Filesize

                2.0MB

                MD5

                1e47c3336b69ccd1e4185513e88c1093

                SHA1

                acaf41a0fed99632d03fc8f6db5e89b35cdfa448

                SHA256

                525f44945519cb9216fe0a7be46c1e743213f995823d06c04aee76490d39fef7

                SHA512

                d9626d2dac668743e3f3742005fe88108f4a1de27e9c56d7b5860e62d8b577992a6c3adcbc15ba9279d81a4469aa6db1b982d63a647b76d0bef03993ceffea81

                Download Submit

              • C:\Users\Admin\AppData\Local\Temp\tmpfdc3376a.bat
                Filesize

                271B

                MD5

                f462b0ea9d7e8db6e54de179f6d40674

                SHA1

                5ad8be7a141d5dc83cb66fd7cbfdf1725ae85602

                SHA256

                4c6616b047355661256a7728f41aeb0090495eaddb642b1ba026b58f6a3d61de

                SHA512

                23a28a0df4edb79b99bc764053d07a8891bd8be09345cc07d3638d7a782b83be658c7826b0daa77498ce7ce9809b61a43bb9e600464ae582b27cb10f6dc0b336

                Download Submit

              • C:\Users\Admin\AppData\Roaming\Zadide\ifeqq.xey
                Filesize

                380B

                MD5

                5de89d40c72f435fbc49107409496415

                SHA1

                32a1bf2c86ce7269d3f650792a3fb8e5f303606b

                SHA256

                9e4749c39b56885dd4fd15391135f9d3291d5f995872312fb80deb815af7a0b9

                SHA512

                eda4cdcfbbaf4b0121037c97a66444c89580cb70599eaa93a5b3b57030fd4ccb101552ce51923adaa87924c597b89f7e7ce95805b3af67c49907a7c66c2e01b4

                Download Submit

              • C:\debug.txt
                Filesize

                2KB

                MD5

                1e01526d977267da96d821bb67e8039e

                SHA1

                ecc2b10c68cc0b8cf6a00d9c2230b08c7c0dfa3f

                SHA256

                ca22628c2fe20ff538d6834be7079e66aedea2039996405db32f45a53e54e5ce

                SHA512

                43851f26fdac83b20dc8382afe1257f718169e611182844a7b730d13426364b5e66fe14a3429e3cb5c5cd397d9042835266f5615491b9a3d6984078d06c47944

                Download Submit

              • C:\debug.txt
                Filesize

                12KB

                MD5

                b417863a7a5848c6b0ca683d068b7061

                SHA1

                efe8cb66e7b10461a6f790cdfb26f3cea6ad72fc

                SHA256

                bbdd7764a455ce461c773d16c09bdc969e8a48060ac3ce66908dece4931e2157

                SHA512

                00c7720f68912ce546b9f1d81419f9861499d5b709fc8ec5f1757b767de442ed2754976de182428ef8415fb88e18f71ea8fef5090134a9c6a1c39906cf461567

                Download Submit

              • C:\debug.txt
                Filesize

                13KB

                MD5

                aa462dbd9fe075ea80736efa90d881fb

                SHA1

                a7e376220fc1a040c7e26758787447a8acaa219f

                SHA256

                619f066cf6c74379740390b501712d857abb645b6a4ee340057955ce234cb5c4

                SHA512

                4170ec96b944f724d90cf5afda6f58de22cf90b21ade925a842965b30fbc387fbae311650b79b244779a6064bc2e3d554df7748091f1880174d1774316cfc0aa

                Download Submit

              • C:\debug.txt
                Filesize

                15KB

                MD5

                0e268fd984890313775a468711ab040c

                SHA1

                7823ecfa67f03a2e89d68192f10f79c9b703768f

                SHA256

                6a5eb74a8077842d9c16a126e64f449c9b1efc3fd1b55bbe06be3e1202e79588

                SHA512

                1467239519573d25f8477beeb5c8327670449f6735421c008a7008b41588b6245e4a0f6fd1b0a8d3043a83c775397b976f85c49693d4103dd2ca67b1b18b3d67

                Download Submit

              • C:\debug.txt
                Filesize

                16KB

                MD5

                b3bec1aa912775dd9b3dd341335be6ba

                SHA1

                2baf5f4e191050dbb9eefd6f0419cf027b5f357b

                SHA256

                9e82403d5d9c9760ed893bc296da9a650ba8a6be80b43444c40c390c80019d25

                SHA512

                e2137bf20ec122a281d9cf17fb934bf87c02a2d01a218fb156efc48f00458599ffaf9e59eefe2f86e68e2f698e9d750f3fd41effa11649c3a85244e4fd9c0c80

                Download Submit

              • C:\debug.txt
                Filesize

                7KB

                MD5

                7ab2732e45867d2c26cd33a79e88265a

                SHA1

                6e6ab3f0c06e8561a1c14a1db75412c21a26c75b

                SHA256

                9bb46f88d5803b7b164b2ae1cdd595f7e0ae9a7403762e8f79efd8f72eee2b3f

                SHA512

                5b1ffae079d2abba7ca00ee679b6a961e0e20cc8c77291cfd5b952078790e414f21c19f5587145601795cd0cca754c3b513ba68f7e247c9e7acc6c001312c975

                Download Submit

              • \Users\Admin\AppData\Roaming\Iwyci\itask.exe
                Filesize

                177KB

                MD5

                4295f7253c77162c519741315948712f

                SHA1

                154abeac6ca9fab66fcdb9548f65231e85d9c88f

                SHA256

                d299b4d4a2f8bd7c8fc96749a3fe22d32ddbad7eb5b0148d9b34137215eb9b4e

                SHA512

                68c9cbbb267a109b308d2326c6c461d929e2fdfb6978e6805b3311fb5a7244acaccdbb2e2ff8c0f6da6e0e72ff3c9207e955f7d41fedd71b3adba760e5f84ca0

                Download Submit

              • memory/1096-41-0x0000000001C20000-0x0000000001C51000-memory.dmp

                Filesize

                196KB

                Download

              • memory/1096-43-0x0000000001C20000-0x0000000001C51000-memory.dmp

                Filesize

                196KB

                Download

              • memory/1096-45-0x0000000001C20000-0x0000000001C51000-memory.dmp

                Filesize

                196KB

                Download

              • memory/1096-47-0x0000000001C20000-0x0000000001C51000-memory.dmp

                Filesize

                196KB

                Download

              • memory/1096-39-0x0000000001C20000-0x0000000001C51000-memory.dmp

                Filesize

                196KB

                Download

              • memory/1168-57-0x0000000000230000-0x0000000000261000-memory.dmp

                Filesize

                196KB

                Download

              • memory/1168-54-0x0000000000230000-0x0000000000261000-memory.dmp

                Filesize

                196KB

                Download

              • memory/1168-55-0x0000000000230000-0x0000000000261000-memory.dmp

                Filesize

                196KB

                Download

              • memory/1168-56-0x0000000000230000-0x0000000000261000-memory.dmp

                Filesize

                196KB

                Download

              • memory/1216-63-0x0000000002A50000-0x0000000002A81000-memory.dmp

                Filesize

                196KB

                Download

              • memory/1216-64-0x0000000002A50000-0x0000000002A81000-memory.dmp

                Filesize

                196KB

                Download

              • memory/1216-65-0x0000000002A50000-0x0000000002A81000-memory.dmp

                Filesize

                196KB

                Download

              • memory/1216-66-0x0000000002A50000-0x0000000002A81000-memory.dmp

                Filesize

                196KB

                Download

              • memory/1788-73-0x0000000000240000-0x0000000000271000-memory.dmp

                Filesize

                196KB

                Download

              • memory/1788-75-0x0000000000240000-0x0000000000271000-memory.dmp

                Filesize

                196KB

                Download

              • memory/1788-72-0x0000000000240000-0x0000000000271000-memory.dmp

                Filesize

                196KB

                Download

              • memory/1788-74-0x0000000000240000-0x0000000000271000-memory.dmp

                Filesize

                196KB

                Download

              • memory/2436-112-0x00000000002F0000-0x00000000002F1000-memory.dmp

                Filesize

                4KB

                Download

              • memory/2436-82-0x0000000000390000-0x00000000003C1000-memory.dmp

                Filesize

                196KB

                Download

              • memory/2436-81-0x0000000000390000-0x00000000003C1000-memory.dmp

                Filesize

                196KB

                Download

              • memory/2436-83-0x0000000000390000-0x00000000003C1000-memory.dmp

                Filesize

                196KB

                Download

              • memory/2436-84-0x0000000000390000-0x00000000003C1000-memory.dmp

                Filesize

                196KB

                Download

              • memory/2436-85-0x0000000000390000-0x00000000003C1000-memory.dmp

                Filesize

                196KB

                Download

              • memory/2436-92-0x00000000002F0000-0x00000000002F1000-memory.dmp

                Filesize

                4KB

                Download

              • memory/2436-94-0x00000000002F0000-0x00000000002F1000-memory.dmp

                Filesize

                4KB

                Download

              • memory/2436-96-0x00000000002F0000-0x00000000002F1000-memory.dmp

                Filesize

                4KB

                Download

              • memory/2436-98-0x00000000002F0000-0x00000000002F1000-memory.dmp

                Filesize

                4KB

                Download

              • memory/2436-100-0x00000000002F0000-0x00000000002F1000-memory.dmp

                Filesize

                4KB

                Download

              • memory/2436-102-0x00000000002F0000-0x00000000002F1000-memory.dmp

                Filesize

                4KB

                Download

              • memory/2436-104-0x00000000002F0000-0x00000000002F1000-memory.dmp

                Filesize

                4KB

                Download

              • memory/2436-108-0x0000000000390000-0x00000000003C1000-memory.dmp

                Filesize

                196KB

                Download

              • memory/2436-109-0x0000000077AB0000-0x0000000077AB1000-memory.dmp

                Filesize

                4KB

                Download

              • memory/2436-110-0x00000000002F0000-0x00000000002F1000-memory.dmp

                Filesize

                4KB

                Download

              • memory/2436-114-0x00000000002F0000-0x00000000002F1000-memory.dmp

                Filesize

                4KB

                Download

              • memory/2436-116-0x00000000002F0000-0x00000000002F1000-memory.dmp

                Filesize

                4KB

                Download

              • memory/2436-118-0x00000000002F0000-0x00000000002F1000-memory.dmp

                Filesize

                4KB

                Download

              • memory/2436-120-0x00000000002F0000-0x00000000002F1000-memory.dmp

                Filesize

                4KB

                Download

              • memory/2436-122-0x00000000002F0000-0x00000000002F1000-memory.dmp

                Filesize

                4KB

                Download

              • memory/2436-124-0x00000000002F0000-0x00000000002F1000-memory.dmp

                Filesize

                4KB

                Download

              • memory/2436-357-0x0000000000390000-0x00000000003C1000-memory.dmp

                Filesize

                196KB

                Download

              • memory/2436-188-0x00000000002F0000-0x00000000002F1000-memory.dmp

                Filesize

                4KB

                Download

              • memory/2436-126-0x00000000002F0000-0x00000000002F1000-memory.dmp

                Filesize

                4KB

                Download

              • memory/2436-106-0x00000000002F0000-0x00000000002F1000-memory.dmp

                Filesize

                4KB

                Download