Analysis

  • max time kernel
    15s
  • max time network
    18s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    08/07/2024, 17:43

General

  • Target

    2d3f9dbd08b8268df4a228deb847f74d_JaffaCakes118.exe

  • Size

    315KB

  • MD5

    2d3f9dbd08b8268df4a228deb847f74d

  • SHA1

    af7244ac23b99bb23fa2a25af0e90967ca26ad92

  • SHA256

    e2beb70d9220a2ff1aa218bc96aa9472a432fe086f2ec66f91eb4ca9dff42ca9

  • SHA512

    778fe285de9e8911a743e0b9e72e1ec425eab7b197bde607242f3f6fe4b482ae57b353397e737c460af2c8734126c9995488395ae728eb966bf7292625000c18

  • SSDEEP

    6144:91OgDPdkBAFZWjadD4sUzJWK0SCRLIyqid782T22P2mDRAnX5tL6tNsPBcSCt:91OgLdaHVWK0pRlqClTjnDRAnHLSa5/I

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 6 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Installs/modifies Browser Helper Object 2 TTPs 4 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • NSIS installer 4 IoCs
  • Modifies registry class 63 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs
  • System policy modification 1 TTPs 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2d3f9dbd08b8268df4a228deb847f74d_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\2d3f9dbd08b8268df4a228deb847f74d_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2876
    • C:\Users\Admin\AppData\Local\Temp\7zSA296.tmp\setup.exe
      .\setup.exe /s
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Installs/modifies Browser Helper Object
      • Modifies registry class
      • System policy modification
      PID:2824

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\ProgramData\Codecv\uninstall.exe

          Filesize

          46KB

          MD5

          2628f4240552cc3b2ba04ee51078ae0c

          SHA1

          5b0cca662149240d1fd4354beac1338e97e334ea

          SHA256

          03c965d0bd9827a978ef4080139533573aa800c9803599c0ce91da48506ad8f6

          SHA512

          6ecfcc97126373e82f1edab47020979d7706fc2be39ca792e8f30595133cd762cd4a65a246bee9180713e40e61efa373ecfb5eb72501ee18b38f13e32e61793b

        • C:\Users\Admin\AppData\Local\Temp\7zSA296.tmp\[email protected]\chrome.manifest

          Filesize

          114B

          MD5

          b158f70e6d5e34d7e2b6f74d3ed4878f

          SHA1

          020f1762dd937c4da1ec263a7a4d1069ab7d176c

          SHA256

          d1ee5e14ab3c3d58e2c74e23188d6144332a810c9548c023be676f9639da3692

          SHA512

          187e0eb9844873409bf87a3b9928967c7f126d06ed0d20e38ef63cfa32196c5c90816a89c7c77618effb5544e969080371b82d7e28101a035b542fda2d557984

        • C:\Users\Admin\AppData\Local\Temp\7zSA296.tmp\[email protected]\content\indexeddb.js

          Filesize

          1KB

          MD5

          1109cbe7c7c0e17697a2af10aa5bd129

          SHA1

          eb1d54d13a78099fc98012b7bf0ae9bf8eafaee6

          SHA256

          4e8509fe7af643ae5b229cf98e1a8c5a042dc9ef8fe72faa268a1152a676bcf1

          SHA512

          ce352e73def467f0614872ba3ed945ab406f03a0c0bf61e306442a1143f93ef9aac56867433aaf253d187620d13c439abec0a5ee62db8f347e0a5d278b6158d3

        • C:\Users\Admin\AppData\Local\Temp\7zSA296.tmp\[email protected]\content\jquery.js

          Filesize

          91KB

          MD5

          4bab8348a52d17428f684ad1ec3a427e

          SHA1

          56c912a8c8561070aee7b9808c5f3b2abec40063

          SHA256

          3739b485ac39b157caa066b883e4d9d3f74c50beff0b86cd8a24ce407b179a23

          SHA512

          a693069c66d8316d73a3c01ed9e6a4553c9b92d98b294f0e170cc9f9f5502c814255f5f92b93aeb07e0d6fe4613f9a1d511e1bfd965634f04e6cf18f191a7480

        • C:\Users\Admin\AppData\Local\Temp\7zSA296.tmp\[email protected]\content\jsext.js

          Filesize

          6KB

          MD5

          eb6830d2a7444c6589cc5d6c411fe398

          SHA1

          1d1bb5e02b1763a806e71750f3506ac0f7f63f16

          SHA256

          0f5afedc2e7ef1cf54e4dfd7887b5d0b9d8eadaac1f215af8960613fa5f64e3e

          SHA512

          bd5dbbd01469cfe45038cc449ee6173fdd1b6751a5c2b82d2d453cc636041c3941ef9487a849dc6ed2e44c583dcb003b505cc0083f091234f10ce3238d5a3b6c

        • C:\Users\Admin\AppData\Local\Temp\7zSA296.tmp\[email protected]\content\lsdb.js

          Filesize

          1KB

          MD5

          bb21eb6e0f73c4e4ef4f35f653542611

          SHA1

          2f142f501f91a40d7c1988c5f6fc2ae8f2378bbc

          SHA256

          fdb33abf0bcb985c17e1792b4e8edce52ddc6f51c878e0677c71d8653c1edcc0

          SHA512

          42522d715e846a359b0caffb816bff3600393b7e4585e458baf20ae2cbe03f2e9ca2581922c8473a7d9b182a0a64fedd6012b74ec3406cecb12bec98ef9acdaa

        • C:\Users\Admin\AppData\Local\Temp\7zSA296.tmp\[email protected]\content\prfdb.js

          Filesize

          1KB

          MD5

          c533288a81a909d74008773581f93d7d

          SHA1

          002cb33965be08872681ce1463c1651e0c9231f4

          SHA256

          efb0da80c2f162049bb7169c5086169fd8d45010a7d493683ad6b39b67b5fe47

          SHA512

          7767a142ffa560d7c1a524a22d77c8eb1a41c8627790d4aa59371aca180f081ab09762380ac8c813d7c3fc4c39af6a46abae2e0c815a94224fed36f6dc386a2f

        • C:\Users\Admin\AppData\Local\Temp\7zSA296.tmp\[email protected]\content\sqlite.js

          Filesize

          1KB

          MD5

          2adda5f2e732ec09cdaa7ea11b3996c7

          SHA1

          5d9e462c7632ff3e425e95b6b28619f1ca695ee7

          SHA256

          092a42051a5ec64c27c83b742ece4636299157e594f7393d1dc135ad07d0cfb7

          SHA512

          d3c6f2aa8cf38e766843fbef373be0767d6ed49cba2c638ef194cd1cfd39f60f2215e7337e6f46bd0d09a4654047a2e6ca43b7799fd960cd5a4a075f629c1404

        • C:\Users\Admin\AppData\Local\Temp\7zSA296.tmp\[email protected]\content\wx.xul

          Filesize

          228B

          MD5

          eae5d3ca685fc373d2fc006faaaa4ecf

          SHA1

          9470e55262172bf94789d08fbde7c1aee7b83bef

          SHA256

          b43ed590dac434c68ba670b8b33e0819413f8504943f4565673c4112bfd70624

          SHA512

          ba4f73eb0d645dd66a378c969eb227690d8b6a1938151ef3471ef7c8318e6050f66c57780a12036673c586652a1af69e716bd9f96556e09bffc3867f45493267

        • C:\Users\Admin\AppData\Local\Temp\7zSA296.tmp\[email protected]\install.rdf

          Filesize

          676B

          MD5

          c399305ce1af49a54ab247c57292b59e

          SHA1

          787e988f036cca6d913acf951647f16baea36e04

          SHA256

          9b8c72911ba3b52c211f85a6135b16aab9f8de0d1068e0c7197e9af46b737091

          SHA512

          88f52547ba45f27da66a0ab119edef8a7e19138b8e5fbc7352128c852931e871cdc3f8f454c4d47ab528e088335d8799ed3ffa90d52ec8bdedcd473f495b5c7c

        • C:\Users\Admin\AppData\Local\Temp\7zSA296.tmp\background.html

          Filesize

          5KB

          MD5

          121e3cef9d99a77b44b911e44c7aca30

          SHA1

          34803635ee769caca05879dcb99adce31dedd80d

          SHA256

          faeb4b1554747210f6dff16f4629a1c1b7e2228058d6c385bdc85e2ede9065d4

          SHA512

          32143c746c067ff1f88e36e198bc64d87eb8d03f660c220cc95a1c7833f3cc09baa693cf3334cc217a1475626d355e359b6b57e567da22742f1b4ff53f35ee0e

        • C:\Users\Admin\AppData\Local\Temp\7zSA296.tmp\bhoclass.dll

          Filesize

          139KB

          MD5

          4b35f6c1f932f52fa9901fbc47b432df

          SHA1

          8e842bf068b04f36475a3bf86c5ea6a9839bbb5e

          SHA256

          2b4d643a8a14f060bf3885f872b36e5e1fe1e777ad94783ba9593487c8e1f196

          SHA512

          8716b9a8e46933bf29348254a68d1a21392bdbbe3b4d5010e55fe638d02cc04eb685e424d440f7c5b58ffbca82e5772dd95bef73fa831595c2ae9599f3b05a99

        • C:\Users\Admin\AppData\Local\Temp\7zSA296.tmp\content.js

          Filesize

          734B

          MD5

          60361dfd2711ba40256a8edd4873d1ed

          SHA1

          b8f70f6eb5047bc5ba282a823fcc1716ca3612f3

          SHA256

          c1d01f1d6bc9b8533eb4353523f4f8dcb3f8b394cc091a43fd8a17dd3915cd75

          SHA512

          efe542c116992bb6ef8da22ebbd055c7ed5681e23a3547730b04c66755e330c409782144cb78cd21a58f2c9ce08c66791acfe49e9702c19671ab14a5db6f62e5

        • C:\Users\Admin\AppData\Local\Temp\7zSA296.tmp\pnmihgaecpokeehplpiobjangpngmene.crx

          Filesize

          37KB

          MD5

          4ff9fb5fb7aba04502dd718314879eda

          SHA1

          d6da429b6336b88225700e3b5fc41b3b9c59bba1

          SHA256

          5010ffade1b1cf1e808e407cf41af159ea30df5cd62234903eb7772b1bd50387

          SHA512

          60b866dc5d2fb06e40bc2832e82a072595b522981db45acc55b7912b998433a32f1baef3ee2a2a968bc38b4b45e164290e2b7487c5e8200f8c63d89afdd16db0

        • C:\Users\Admin\AppData\Local\Temp\7zSA296.tmp\settings.ini

          Filesize

          603B

          MD5

          44c7fafebdadba83a192b67a315ecb12

          SHA1

          6eec4a97ab8d484b0e4bc9eb364e87cb57b545ed

          SHA256

          ce0c285e2ee8fea0d05cd5d10de4953d75008e129c72fcac16b83b38fca2f8a1

          SHA512

          60d6166c3e084fce9bf8bf2aada512421c04d889ac8a071c4d99e67c4218f62a2eda9d7b34a44e54fd622764a5e1296b0ae64503e5cca014f368b4c01d3eacc4

        • \Users\Admin\AppData\Local\Temp\7zSA296.tmp\setup.exe

          Filesize

          61KB

          MD5

          201d2311011ffdf6c762fd46cdeb52ab

          SHA1

          65c474ca42a337745e288be0e21f43ceaafd5efe

          SHA256

          15c0e4fd6091cda70fa308ea5ee956996f6eb23d24e44700bd5c74bf111cf2aa

          SHA512

          235d70114f391d9e7a319d94bdfc49665d147723379de7487ef76cfc968f7faa3191153b32ba1ab466caeeeeef4852381529a168c3acca9a8d5a26dfe0436f6b