Overview

overview

7

Static

static

7

2ca3014e26...18.exe

windows7-x64

7

2ca3014e26...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    125s
  • max time network
    131s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240704-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08/07/2024, 14:06

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    2ca3014e26b5cdbb4d3dbafd4a813640_JaffaCakes118.exe

  • Size

    72KB

  • MD5

    2ca3014e26b5cdbb4d3dbafd4a813640

  • SHA1

    253aa9f7b630fe94e40dc66abf52cb0774b12a7d

  • SHA256

    9ee2cd6500b34005f3a325b767f40ff13cc89d733f705b1a313a12bb8fad251a

  • SHA512

    b892010dc675c971cead07d5b000face6e2311f15a26af46ac61deded76c01758878dcd3c9a0c3cb63ca76c98ad9f9c049aabc0d77d7e6edf60b3639a67a8fb1

  • SSDEEP

    1536:hBkfZtbajYeRX8FHyaiIImPrxsa7yreeH92PMKFusz4M20/m:0Rda0eRMFHyaietT7oeuKF92

Score
7/10
discoveryspywarestealerupx

Malware Config

Signatures

  • ACProtect 1.3x - 1.4x DLL software 1 IoCs

    Detects file using ACProtect software.

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in Program Files directory 8 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Modifies data under HKEY_USERS 64 IoCs
  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2ca3014e26b5cdbb4d3dbafd4a813640_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\2ca3014e26b5cdbb4d3dbafd4a813640_JaffaCakes118.exe"
    1⤵
    • Checks computer location settings
    • Loads dropped DLL
    • Drops file in Program Files directory
    • Modifies Internet Explorer settings
    • Modifies data under HKEY_USERS
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:656
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\wewt0.bat" "
      2⤵
        PID:3088
    • C:\Program Files (x86)\Internet Explorer\ielowutil.exe
      "C:\Program Files (x86)\Internet Explorer\ielowutil.exe" -CLSID:{0002DF01-0000-0000-C000-000000000046} -Embedding
      1⤵
        PID:3376
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
        1⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:832
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:832 CREDAT:17410 /prefetch:2
          2⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:1144
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=3904,i,12101950716832706950,8384629015980369538,262144 --variations-seed-version --mojo-platform-channel-handle=4508 /prefetch:8
        1⤵
          PID:3096

        Network

              MITRE ATT&CK Enterprise v15

              Replay Monitor

              Loading Replay Monitor...

              Downloads

              • C:\Program Files (x86)\Applications\iebr.dll
                Filesize

                16KB

                MD5

                fcbc2a30381e82ef802cff4e27cc5ab9

                SHA1

                6d0f6d18f2d7df6bd786ecd2b0b94ad035c8ff68

                SHA256

                950e6f73f9ef974a8708d00897ef963af9760420854356e973e063e6af26be5c

                SHA512

                4f628229380a5b8c2a72ff8b8f28039a00f6de3ced013b95565b118e17a36e608445ffd147daeccdcd5d5551ba3d9ef5151e5fffc284d4e1b57d8ffe93b03688

                Download Submit

              • C:\ProgramData\Microsoft\Windows\Start Menu\Antivirus Scan.url
                Filesize

                134B

                MD5

                d0ffed9df9cd68ec850f27e3bbe69bc0

                SHA1

                f8b8eeb6822085a1203a68acf5a5fc266b13b0ff

                SHA256

                4a50d423342059699b501eebb9401c1456eac17e5d1a6b9020aac7d1b3e4ab1f

                SHA512

                e5afdc7f0d1b4117de4c40feb003b061b31e1cf43e610953cb98a92083dc4abad4f0c05775bde116b56d2ce88a69bd357299e7d05010ddac289d9a7eee86ff4e

                Download Submit

              • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\T3O0220F\suggestions[1].en-US
                Filesize

                17KB

                MD5

                5a34cb996293fde2cb7a4ac89587393a

                SHA1

                3c96c993500690d1a77873cd62bc639b3a10653f

                SHA256

                c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

                SHA512

                e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

                Download Submit

              • C:\Users\Admin\AppData\Local\Temp\wewt0.bat
                Filesize

                302B

                MD5

                c190dc4606fc9400ce93f3c111316d9c

                SHA1

                67780e844932938025e59fa3af048c7ec0a7fbda

                SHA256

                49b688f775e994af9582523edd290fc6ddd09edb4ea5b69f7de635411feb00c1

                SHA512

                c416b630aae65ea2bcf3347514db0f5475a7fbe4513bfa170c35a8adff2761ca923ce37f4c23b8c592cec604191da92816d43b28aa750b215ef4f88a28d52078

                Download Submit

              • C:\Users\Public\Desktop\Antivirus Scan.url
                Filesize

                134B

                MD5

                1a0c0d8d391c9af28d21f8055cd98832

                SHA1

                0bac90cec918a6ad28a366d19c2951b49e354086

                SHA256

                5a317bc67f1472e0734564eae5e76da4e7b6b602296152727efa4b30ba1eda0b

                SHA512

                e2014cec8d39265fb8b799159c0a66be9beb9bf66ea59e0d100fadf7d39733d74c2d4615217bcbf8445146b41684b7da43a0903af0514f35c221da4770a301d0

                Download Submit

              • memory/656-0-0x0000000000400000-0x0000000000427000-memory.dmp

                Filesize

                156KB

                Download

              • memory/656-6-0x0000000010000000-0x0000000010021000-memory.dmp

                Filesize

                132KB

                Download

              • memory/656-45-0x0000000000400000-0x0000000000427000-memory.dmp

                Filesize

                156KB

                Download