Overview

overview

7

Static

static

3

23eb060633...18.exe

windows7-x64

7

23eb060633...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    93s
  • max time network
    143s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03/07/2024, 23:55

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    23eb0606337e465b935f2a658a79c2f7_JaffaCakes118.exe

  • Size

    710KB

  • MD5

    23eb0606337e465b935f2a658a79c2f7

  • SHA1

    d22cecd84490c81346ce91ed73bb463ca4ec71cd

  • SHA256

    e6960a78f226ab8745fb699c0370a83125495f4a9746e049d7fcc3f7a70e7d4c

  • SHA512

    2c5186c8b0741257248aaa217235dff3d671ea5ea8ae6d2c47d76eb066fc88e99ee4aad541c408e6e6a24d0dd1f37b6253283331cf59081afbb677c8a1bde4db

  • SSDEEP

    12288:K24Fgorajo1spSFEbSZd/rwkbvaJZg57slaBwhWvN4PeaJQhK:KLOorowFEe5waycolXMvN4Gns

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Drops file in System32 directory 2 IoCs
  • Suspicious use of SetThreadContext 2 IoCs
  • Drops file in Program Files directory 3 IoCs
  • Program crash 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 30 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 17 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\23eb0606337e465b935f2a658a79c2f7_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\23eb0606337e465b935f2a658a79c2f7_JaffaCakes118.exe"
    1⤵
    • Drops file in Program Files directory
    • Suspicious use of WriteProcessMemory
    PID:1876
    • C:\Program Files\Common Files\Microsoft Shared\MSINFO\hake.exe
      "C:\Program Files\Common Files\Microsoft Shared\MSINFO\hake.exe"
      2⤵
      • Executes dropped EXE
      • Drops file in System32 directory
      • Suspicious use of SetThreadContext
      • Suspicious use of WriteProcessMemory
      PID:2836
      • C:\Windows\SysWOW64\calc.exe
        "C:\Windows\system32\calc.exe"
        3⤵
          PID:224
          • C:\Windows\SysWOW64\WerFault.exe
            C:\Windows\SysWOW64\WerFault.exe -u -p 224 -s 12
            4⤵
            • Program crash
            PID:1572
        • C:\program files\internet explorer\IEXPLORE.EXE
          "C:\program files\internet explorer\IEXPLORE.EXE"
          3⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:4680
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4680 CREDAT:17410 /prefetch:2
            4⤵
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:1268
      • C:\Windows\SysWOW64\cmd.exe
        C:\Windows\system32\cmd.exe /c ""C:\Program Files\Common Files\Microsoft Shared\MSINFO\Delet.bat""
        2⤵
          PID:2780
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 224 -ip 224
        1⤵
          PID:3772

        Network

              MITRE ATT&CK Enterprise v15

              Replay Monitor

              Loading Replay Monitor...

              Downloads

              • C:\Program Files\Common Files\Microsoft Shared\MSINFO\Delet.bat
                Filesize

                212B

                MD5

                eae7a71d200930670779f22e7f6fa100

                SHA1

                b595d77a1d2c7410797bc880902c10495abf3b2e

                SHA256

                ecaeeb3f053c017f978a1bd7f2e0eabd5cc9409c1cbb9faa9e6aeeca07e89288

                SHA512

                c19b6c64cede2516be849ded28e43b6c4fff00b760601c7b74be8195aad49aa01419ead6e838adeee0e66114ad513b7a0651f0ed26b8d558231345b06d5f11da

                Download Submit

              • C:\Program Files\Common Files\microsoft shared\MSInfo\hake.exe
                Filesize

                710KB

                MD5

                23eb0606337e465b935f2a658a79c2f7

                SHA1

                d22cecd84490c81346ce91ed73bb463ca4ec71cd

                SHA256

                e6960a78f226ab8745fb699c0370a83125495f4a9746e049d7fcc3f7a70e7d4c

                SHA512

                2c5186c8b0741257248aaa217235dff3d671ea5ea8ae6d2c47d76eb066fc88e99ee4aad541c408e6e6a24d0dd1f37b6253283331cf59081afbb677c8a1bde4db

                Download Submit

              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
                Filesize

                471B

                MD5

                63a2d2b4cdc269762fe4bdb8cdfde7f8

                SHA1

                5cce14e5285ce9844b164d37de9f4ad0acc7880f

                SHA256

                8e323e0354939fd301d8db011a0b007476c93e0e048100922e3e59e34b04f716

                SHA512

                db3b35b23c3088fdf8f5215d8f9149e717d871be0c7b69541aba232e6f829e18d9d074b53f173387985a3ba4df1c016ec5b75f4387d6123c6c1ba3113c43dec9

                Download Submit

              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
                Filesize

                404B

                MD5

                7fe8300240b4bf4f21c396877759b6e8

                SHA1

                ff88303deab30627a970ff0e6703adee0cef9824

                SHA256

                3668293b22291c99c8cdccf79e97d425db9d6489c1e21237b9440268a23d0cd4

                SHA512

                6086a5757c75dda0389b2cc270691a2bbad962d4826a1b0f8c6c61d3d75445f7b25c180010f11db49f274a6b74d3865f703c4e64f3959dea99d026625fb3ce55

                Download Submit

              • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\VLW1SL5J\suggestions[1].en-US
                Filesize

                17KB

                MD5

                5a34cb996293fde2cb7a4ac89587393a

                SHA1

                3c96c993500690d1a77873cd62bc639b3a10653f

                SHA256

                c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

                SHA512

                e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

                Download Submit

              • memory/224-9-0x0000000000400000-0x00000000004B8000-memory.dmp

                Filesize

                736KB

                Download

              • memory/1876-0-0x0000000002120000-0x0000000002121000-memory.dmp

                Filesize

                4KB

                Download

              • memory/1876-15-0x0000000000400000-0x00000000004B8000-memory.dmp

                Filesize

                736KB

                Download

              • memory/2836-8-0x0000000002210000-0x0000000002211000-memory.dmp

                Filesize

                4KB

                Download

              • memory/2836-14-0x0000000000400000-0x00000000004B8000-memory.dmp

                Filesize

                736KB

                Download

              • memory/4680-11-0x0000000000A70000-0x0000000000B28000-memory.dmp

                Filesize

                736KB

                Download