Overview

overview

7

Static

static

3

02aea393d0...18.exe

windows7-x64

7

02aea393d0...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    139s
  • max time network
    147s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    20/06/2024, 04:08

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    02aea393d02e1aa8db1ffefeda93067b_JaffaCakes118.exe

  • Size

    69KB

  • MD5

    02aea393d02e1aa8db1ffefeda93067b

  • SHA1

    205c032c69e860d6dc3227b0ded4f94a823cefaa

  • SHA256

    5dbd65f2584be715835c0ea8717cbd0517ae4c3f16b0f3d328705ff1c2cc7f41

  • SHA512

    4f58411108400070f242c65dbd80aca162e34ddb533f9339fd7db472266db6a1482db94fa701d2e68325322f89d47aa20c3b4b886e7c26fb37e154e8859862e1

  • SSDEEP

    768:9YMHSV9C0wh8PCnXnDqn+3h2qvdxnacva8/0xO/SV/lV/+V/:9cC0S1nXn+n+3AgJacD0lzQ

Score
7/10
persistence

Malware Config

Signatures

  • Loads dropped DLL 6 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Drops file in System32 directory 11 IoCs
  • Modifies Internet Explorer settings 1 TTPs 16 IoCs
    adwarespyware
  • Modifies Internet Explorer start page 1 TTPs 1 IoCs
    stealer
  • Modifies data under HKEY_USERS 27 IoCs
  • Modifies registry class 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\02aea393d02e1aa8db1ffefeda93067b_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\02aea393d02e1aa8db1ffefeda93067b_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Drops file in System32 directory
    • Modifies Internet Explorer settings
    • Modifies Internet Explorer start page
    • Modifies data under HKEY_USERS
    • Modifies registry class
    PID:1728

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • \Windows\SysWOW64\ivedpi-2-.dll
          Filesize

          9KB

          MD5

          8dd6fc2bfd42216ef8cfe3074272f6dd

          SHA1

          0a6ab097c20caa4855770958f07bed987ecedb62

          SHA256

          007c032174c60f93be73ddad07587e0eb4ed4626868b7c04f5cb4e2d4cebc988

          SHA512

          307df36c4653d560fdda37cc7a0028c43dd4eb311346d17e00d0248adfd5dc4f393516cea7d6ddfbfc77b4d4fecf0ef39575eeb98c08c66ca70ea089d8af8ec3

          Download Submit

        • \Windows\SysWOW64\ldpms-w.dll
          Filesize

          4KB

          MD5

          486f17c9477593d38a840dda7f222b13

          SHA1

          d4e4725323efb19c738490ceff523a2e6004cba0

          SHA256

          d32cc6f742a70a3d2a2cd3fd065bf74d7c4afb9aac6ac93d30d4ad2d07bcd8aa

          SHA512

          ec8e6de35b25a2df512c31b6422095262de97ab6647eec02b820ea9e243fd256a9b6bd25be2dd44abcc6b64410b02c1906e541abd7cf817bb07af92c55abf994

          Download Submit

        • \Windows\SysWOW64\luiTa-1-0.dll
          Filesize

          4KB

          MD5

          1fcc1602769673ea789a9e4dae8503c6

          SHA1

          cfb5c9d668c37509c01b85b50ee8978da83bbb58

          SHA256

          c2e04aa975466a1c885f418b98e950f4bd07bd082f120aecd8c043e0b9ff070d

          SHA512

          08f39c25b97151d38345fab03f868fcd8815ab960af66fd4ab07b991baa608ee4c4c83dd2fe31b1274cc3fea7d3b2f0eac340393757fc6d9a3f89ec668b9c9a1

          Download Submit

        • \Windows\SysWOW64\meIdPviap.dll
          Filesize

          4KB

          MD5

          01bfb490a852e1279df166097d1dca3f

          SHA1

          3d206848af8e1c46d0cfad357aec468ffe1ce767

          SHA256

          a6c6e151e08befa8c1806b9d43ef0ceac6b214886765b5bae1e69971074d9d77

          SHA512

          be0947893676cc7675b2d3a654cf1e27bb026f260355efb8175c054be66497ba04dc4e20a58a53fb247c14caf912e6b77831085e93bae6d529f62b94bcfddecc

          Download Submit

        • \Windows\SysWOW64\mstrtsch.dll
          Filesize

          4KB

          MD5

          abdb64e2e7f7a8eb624d38e722ada09c

          SHA1

          4c7dc1d3952201492c3b471e130e870a04283eac

          SHA256

          56d3b76972b36b71011c8d826b3ff40a38519473f23ac3ec6db09b923b10d14c

          SHA512

          abe143c65fa5fb5d4e1066d42bc10bd8cc8e1da00f08f31e4e01e037abf429355042a069d298cc8a744111fa1f7f519f385fb95f1da46d148dced0b8cfaee4f3

          Download Submit

        • \Windows\SysWOW64\nteonwin.dll
          Filesize

          1KB

          MD5

          eedb624e3357efe3cda6e00c75ebfdf8

          SHA1

          24fe87d3d66382e3985b08d133f3a84220130655

          SHA256

          7a6c3c6b87f74deb741c8a5839c6fa41c7c2d93b83c29569c2f80961449cde8c

          SHA512

          590d80cfea7a10480be97bce4512f34cbf25d9e0f5dd2b6ba6920c2169a39e430ba1d2a94cfeb0dc25c29b67eab354a7b62b2789832cbd407e6528f4162a361d

          Download Submit

        • memory/1728-13-0x0000000010000000-0x0000000010003000-memory.dmp

          Filesize

          12KB

          Download

        • memory/1728-17-0x0000000001DD1000-0x0000000001DD2000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1728-16-0x0000000001DD0000-0x0000000001DD4000-memory.dmp

          Filesize

          16KB

          Download