Overview

overview

7

Static

static

3

2cb7dcff00...18.exe

windows7-x64

7

2cb7dcff00...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    93s
  • max time network
    97s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240704-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08-07-2024 14:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2cb7dcff00e37426af86a9867460400a_JaffaCakes118.exe

  • Size

    72KB

  • MD5

    2cb7dcff00e37426af86a9867460400a

  • SHA1

    83918e9253438fd37b8e704a5a1b2fe6edca641d

  • SHA256

    c82b6ce1d433560cd76b6539eecab83a2db5c2a3b06696d406f7aa80f4964e7b

  • SHA512

    31df89b8975c8d01e7e06387ef123d3366b86b4a07ba33481a2782915c48dee7aa5a90a97603f3ba63460c4cfa5c98fb94b4f05a86f6deae5dc41cfebb09a073

  • SSDEEP

    1536:sqjOw3yIUwRE8I5R5o8KkJNFaxRmqWa0qG6:vjzO8i5dNJNFoRqk

Score
7/10
adwarestealerupx

Malware Config

Signatures

  • ACProtect 1.3x - 1.4x DLL software 1 IoCs

    Detects file using ACProtect software.

  • Loads dropped DLL 2 IoCs
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Installs/modifies Browser Helper Object 2 TTPs 2 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

    stealeradware
  • Drops file in System32 directory 1 IoCs
  • Drops file in Windows directory 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 4 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2cb7dcff00e37426af86a9867460400a_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\2cb7dcff00e37426af86a9867460400a_JaffaCakes118.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:4272
    • C:\Windows\SysWOW64\regsvr32.exe
      regsvr32.exe /s "C:\Windows\mtbsys3.dll"
      2⤵
      • Loads dropped DLL
      • Installs/modifies Browser Helper Object
      • Drops file in System32 directory
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:3492
      • C:\Windows\SysWOW64\regsvr32.exe
        regsvr32.exe /s "C:\Windows\system32\iacad.dll"
        3⤵
        • Loads dropped DLL
        • Installs/modifies Browser Helper Object
        • Modifies registry class
        PID:2700

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\iacad.dll
    Filesize

    12KB

    MD5

    3d21f928aaebd1503761d2711bde4a7a

    SHA1

    c26f4394250ae5f771a9ab71c1d36834594c853b

    SHA256

    2e99027f5c5c6c22789228c75fdfe143af1a55482b0ebed07539fef9713154d8

    SHA512

    91772bf1443729c6106a58108eda76bf8721c71e452383927f1d2744a2ebf9ae4c47c6e920ba7c8bce39ec9c68e3d2183a24db2da0bb2acc46ba3adad165ec90

    Download Submit

  • C:\Windows\mtbsys3.dll
    Filesize

    68KB

    MD5

    aa9af3fd5a42df334b626426474aa7ef

    SHA1

    aa0f802be3f55c5188058c7ae2105f0e7607885d

    SHA256

    dfeb865325adb9393242677633f410e6be8bbd638ad5db2196bd919b84b481c1

    SHA512

    e7dfc84da6ee0b072d4a4098858a5f94cab887f80eb363aec1fc0396d2daf2611f46313363ced854a4280b2dec4d158498861ffe4e7be577fa34d3ea2c87c2f9

    Download Submit

  • memory/2700-6-0x0000000010000000-0x000000001000C000-memory.dmp

    Filesize

    48KB

    Download