Overview

overview

10

Static

static

7

2ad90eb5c2...18.exe

windows7-x64

10

2ad90eb5c2...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    140s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    08/07/2024, 03:36

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    2ad90eb5c25cff5533eefbabd75a0ced_JaffaCakes118.exe

  • Size

    31KB

  • MD5

    2ad90eb5c25cff5533eefbabd75a0ced

  • SHA1

    06263ba435b3af9a86a8b2bfe8b6f34a0668a3dd

  • SHA256

    f1125a96bfaf5593315ab70d94458fdae936882f83a30b9b0b48a0a4d1c2984e

  • SHA512

    fbafba1678dc090f6e27ebdb776197d5e8fbf015234d40b137d167fffc234e181148180ed1b55c8e8eec611b800ab25f408fb0417a190a84d2fbe01c97f48953

  • SSDEEP

    768:Rx1c2kbCkcXcsYK5/dQI+0MahTVLAxsCBiWXwV8+Wh/Z37:RGukc/YM/db+DahRLCBiWV+WPr

Score
10/10
persistenceupx

Malware Config

Signatures

  • Modifies WinLogon for persistence 2 TTPs 1 IoCs
    persistence
  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 7 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 2 IoCs
  • Modifies Internet Explorer settings 1 TTPs 3 IoCs
    adwarespyware
  • Modifies Internet Explorer start page 1 TTPs 1 IoCs
    stealer
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2ad90eb5c25cff5533eefbabd75a0ced_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\2ad90eb5c25cff5533eefbabd75a0ced_JaffaCakes118.exe"
    1⤵
    • Modifies WinLogon for persistence
    • Loads dropped DLL
    • Drops file in Program Files directory
    • Suspicious use of WriteProcessMemory
    PID:1068
    • C:\Program Files\Common Files\Microsoft Shared\MSINFO\iejore.exe
      "C:\Program Files\Common Files\Microsoft Shared\MSINFO\iejore.exe"
      2⤵
      • Executes dropped EXE
      • Modifies Internet Explorer settings
      • Modifies Internet Explorer start page
      PID:2184
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c ""C:\Program Files\Common Files\Microsoft Shared\MSINFO\Del.bat""
      2⤵
      • Deletes itself
      PID:2860

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Program Files\Common Files\Microsoft Shared\MSInfo\Del.bat
          Filesize

          212B

          MD5

          be1001be2f14d2c31e2c359ab54c1f01

          SHA1

          dd255e403504e892db47fdba1417f30f8849322f

          SHA256

          0a73971071427db2e4c683809bd5612ee85a43d39cc92a54a0733aca6827bb54

          SHA512

          c73e405cf7c92bf3ff7f9e82d92a16e0955bdfb2e1a7ae80c75ea7f8dd453d2d6a2d20a1ac6420183c4921b255addb4fe299075e98236f5a664fb91a5dcdd0bd

          Download Submit

        • \Program Files\Common Files\Microsoft Shared\MSInfo\iejore.exe
          Filesize

          31KB

          MD5

          2ad90eb5c25cff5533eefbabd75a0ced

          SHA1

          06263ba435b3af9a86a8b2bfe8b6f34a0668a3dd

          SHA256

          f1125a96bfaf5593315ab70d94458fdae936882f83a30b9b0b48a0a4d1c2984e

          SHA512

          fbafba1678dc090f6e27ebdb776197d5e8fbf015234d40b137d167fffc234e181148180ed1b55c8e8eec611b800ab25f408fb0417a190a84d2fbe01c97f48953

          Download Submit

        • memory/1068-3-0x0000000000400000-0x000000000041A000-memory.dmp

          Filesize

          104KB

          Download

        • memory/1068-12-0x0000000000270000-0x000000000028A000-memory.dmp

          Filesize

          104KB

          Download

        • memory/1068-11-0x0000000000270000-0x000000000028A000-memory.dmp

          Filesize

          104KB

          Download

        • memory/1068-28-0x0000000000400000-0x000000000041A000-memory.dmp

          Filesize

          104KB

          Download

        • memory/2184-14-0x0000000000400000-0x000000000041A000-memory.dmp

          Filesize

          104KB

          Download

        • memory/2184-30-0x0000000000400000-0x000000000041A000-memory.dmp

          Filesize

          104KB

          Download

        • memory/2184-36-0x0000000000400000-0x000000000041A000-memory.dmp

          Filesize

          104KB

          Download

        • memory/2184-44-0x0000000000400000-0x000000000041A000-memory.dmp

          Filesize

          104KB

          Download