Overview

overview

7

Static

static

3

012098a2b4...18.exe

windows7-x64

7

012098a2b4...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    91s
  • max time network
    141s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/06/2024, 23:21

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    012098a2b4740639d894b1f99ea01129_JaffaCakes118.exe

  • Size

    22KB

  • MD5

    012098a2b4740639d894b1f99ea01129

  • SHA1

    b3a87fba564e17f399c40119ea6db8f17192574f

  • SHA256

    9e1e1d1db069b3c9a1855818482c0eebb0321cb888c2208fca284e0650fc59c6

  • SHA512

    028221b58d474d8bb951898a0f090dc247b38d873559b8285b15368a0e3f54e30c6b48383fdd56b26bc59cde615f736c04b0de2ab91be55660766db0bd9a4f94

  • SSDEEP

    384:a1zF1yF0+uzchCDJWM2XbiKmFSmmNoqdZao8W9sWzShkCd/Q2Z7vE62LqYf5w:oHyCnNDJ7FuBF6WmCCd/QO7KLxi

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Drops file in System32 directory 6 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 30 IoCs
    adwarespyware
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\012098a2b4740639d894b1f99ea01129_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\012098a2b4740639d894b1f99ea01129_JaffaCakes118.exe"
    1⤵
    • Checks computer location settings
    • Drops file in System32 directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:4780
    • C:\program files\Internet Explorer\IEXPLORE.EXE
      "C:\program files\Internet Explorer\IEXPLORE.EXE"
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3868
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3868 CREDAT:17410 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:3428
    • C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\system32\cmd.exe" /c del C:\Users\Admin\AppData\Local\Temp\012098~1.EXE > nul
      2⤵
        PID:2640

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
            Filesize

            471B

            MD5

            a20dcdd581a69f44e7dcbeeab5084fb4

            SHA1

            61e152b89ab8a04af1843bbfee557d193924ec51

            SHA256

            009768e52ded8da33ac7d96d521e882eef9765278997f2ce47311f637696d9c7

            SHA512

            77de84bf9c5480e704991bc16d8f555dc10891e3a5a7044fe2b133cc49d20ebb78c68bbdd4c9a4acd8e7424bce28a00bd3651f3b852a2a726f3f879a741cc7ae

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
            Filesize

            404B

            MD5

            9f89667806f112ded04241db20e52a1a

            SHA1

            babce39140fbc65df8e32a465c0626ad3c86dfce

            SHA256

            06179da5bb5eb7c1ac8342cc8f4a239729f923d0d5c339410c5688dde732c5fb

            SHA512

            1096bafbe234115a0ab08e0e1637a8fa4bada5323b9a7b30aee76d0a6f61ab63cc52f65a253eefb4ac5100dd92985f8d3e17b2cd4288265b18a837f30574ff6d

            Download Submit

          • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\NA35E2FV\suggestions[1].en-US
            Filesize

            17KB

            MD5

            5a34cb996293fde2cb7a4ac89587393a

            SHA1

            3c96c993500690d1a77873cd62bc639b3a10653f

            SHA256

            c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

            SHA512

            e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

            Download Submit