Overview

overview

7

Static

static

3

090d04afd5...18.exe

windows7-x64

7

090d04afd5...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    147s
  • max time network
    160s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24-06-2024 14:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    090d04afd5d5b7df5cc1593fbad9cfed_JaffaCakes118.exe

  • Size

    108KB

  • MD5

    090d04afd5d5b7df5cc1593fbad9cfed

  • SHA1

    2949b43ce077caa4a55ce3e2b282b03334d314e5

  • SHA256

    5bc4a5bfcdb11fc91439c69f8b120badd36f52ba05e50f2476c0094573ec963e

  • SHA512

    213cec24228f4f38494bbb1e0a6d8cd45bd70a9cf529182d0774922c52c5aba7c57a40b32728ecbea47a08b256fac053a4ce9df9f38f2179933dc703dcfbbc77

  • SSDEEP

    1536:UTzE/c8uyy6+aoxx6qljbUZqGt3SvFcT7PeAbCvV011owPR2oJ6iuN:Hpuyy6+aezjbUti9aCN011owPR2ogiuN

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Drops file in Program Files directory 3 IoCs
  • Kills process with taskkill 2 IoCs
    evasion
  • Modifies Internet Explorer settings 1 TTPs 19 IoCs
    adwarespyware
  • Runs ping.exe 1 TTPs 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 31 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\090d04afd5d5b7df5cc1593fbad9cfed_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\090d04afd5d5b7df5cc1593fbad9cfed_JaffaCakes118.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3160
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\\nResurrection.bat
      2⤵
      • Drops file in Program Files directory
      • Suspicious use of WriteProcessMemory
      PID:3040
      • C:\Windows\SysWOW64\PING.EXE
        ping -a 127.1
        3⤵
        • Runs ping.exe
        PID:712
      • C:\Program Files\Microsoft.KuaiLeKuangBen\Hijack.exe
        "C:\Program Files\Microsoft.KuaiLeKuangBen\Hijack.exe"
        3⤵
        • Executes dropped EXE
        • Drops file in Program Files directory
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:3188
        • C:\Program Files\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files\Internet Explorer\IEXPLORE.EXE" ?mac=56-B9-F6-95-16-EA&mdx=c74d97b01eae257e44aa9d5bade97baf96140e1425e9ae5a3dce3927751527d0&ver=53-10-34-65-6
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:2184
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2184 CREDAT:17410 /prefetch:2
            5⤵
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:3720
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2184 CREDAT:17418 /prefetch:2
            5⤵
            • Modifies Internet Explorer settings
            PID:1848
        • C:\Windows\SysWOW64\taskkill.exe
          taskkill /f /pid 2184
          4⤵
          • Kills process with taskkill
          • Suspicious use of AdjustPrivilegeToken
          PID:2644
        • C:\Program Files (x86)\Internet Explorer\iexplore.exe
          "C:\Program Files (x86)\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\download.html
          4⤵
          • Suspicious use of WriteProcessMemory
          PID:3520
          • C:\Program Files\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files\Internet Explorer\IEXPLORE.EXE" C:\Users\Admin\AppData\Local\Temp\download.html
            5⤵
            • Modifies Internet Explorer settings
            PID:4212
        • C:\Windows\SysWOW64\taskkill.exe
          taskkill /f /pid 3520
          4⤵
          • Kills process with taskkill
          • Suspicious use of AdjustPrivilegeToken
          PID:4416
      • C:\Windows\SysWOW64\PING.EXE
        ping 127.1
        3⤵
        • Runs ping.exe
        PID:5084

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files\Microsoft.KuaiLeKuangBen\Hijack.exe
    Filesize

    108KB

    MD5

    090d04afd5d5b7df5cc1593fbad9cfed

    SHA1

    2949b43ce077caa4a55ce3e2b282b03334d314e5

    SHA256

    5bc4a5bfcdb11fc91439c69f8b120badd36f52ba05e50f2476c0094573ec963e

    SHA512

    213cec24228f4f38494bbb1e0a6d8cd45bd70a9cf529182d0774922c52c5aba7c57a40b32728ecbea47a08b256fac053a4ce9df9f38f2179933dc703dcfbbc77

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\7p1qk7k\imagestore.dat
    Filesize

    8KB

    MD5

    c4b8c315462bb9301eef0931b5cb5bab

    SHA1

    b3edb9b646d68144180e35b7cda0996835e5a4ee

    SHA256

    9efd4b96d33645f93f6fe5433a2e9496f26075f9e91b5fd0bf7eec528b978430

    SHA512

    1948b53eee1b4a222e49d571dc795c16291c50d6b612cb1412c54d03795e3c89e480c6b6cb7641e6826da31b78171c5605f0482fb2bdc030d1374c925f0d10fc

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\XIQH11PJ\favicon-trans-bg-blue-mg[1].ico
    Filesize

    4KB

    MD5

    30967b1b52cb6df18a8af8fcc04f83c9

    SHA1

    aaf67cd84fcd64fb2d8974d7135d6f1e4fc03588

    SHA256

    439b6089e45ef1e0c37ef88764d5c99a3b2752609c4e2af3376480d7ffcfaf2e

    SHA512

    7cb3c09a81fbd301741e7cf5296c406baf1c76685d354c54457c87f6471867390a1aeed9f95701eb9361d7dfacce31afd1d240841037fc1de4a120c66c1b088c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nResurrection.bat
    Filesize

    333B

    MD5

    fb1322e0b9c01e35c3fc58a651782d61

    SHA1

    17db04223042ce569b78ff17341596b708837940

    SHA256

    a11da3f06a514aeea67415cec7806b95a08f0f9f18901af642aec95eadad5955

    SHA512

    a01eaa77fc2ace259c899682ae47191e1c9d2611cfef0e3407d42831755774ac649b26e28da015bc1de318d41bd73f464e360939e0c9ab131a986140e2b52400

    Download Submit