Overview

overview

7

Static

static

3

2f711b6459...18.exe

windows7-x64

7

2f711b6459...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    121s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    09-07-2024 07:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2f711b6459f62b699e04b09110b05286_JaffaCakes118.exe

  • Size

    258KB

  • MD5

    2f711b6459f62b699e04b09110b05286

  • SHA1

    64cdf1ef477dff22c53d3843b6bd829e7d127758

  • SHA256

    9371d4f137b3a7ea0ea83654828eb66192adf99c4a5fea4aeb92789e450d9831

  • SHA512

    8ef42ad75b2ca968920bba22097c5ee9d3b142a7b8fd6b1090cfd1982619eaac3c4f36f389dc452ccf7e910b0caa1b1e0d39ab363b93af1824a2914fcb3a92e8

  • SSDEEP

    6144:9QqmCtAbzwr4rtlz6a5A/eQDdpBHSwomwkeCj:iCtAAcwa5AeeftNjj

Score
7/10
adwarediscoverystealer

Malware Config

Signatures

  • Loads dropped DLL 2 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Installs/modifies Browser Helper Object 2 TTPs 8 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

    stealeradware
  • Drops file in Windows directory 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 64 IoCs
  • Suspicious use of WriteProcessMemory 14 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2f711b6459f62b699e04b09110b05286_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\2f711b6459f62b699e04b09110b05286_JaffaCakes118.exe"
    1⤵
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:2564
    • C:\Windows\SysWOW64\regsvr32.exe
      regsvr32.exe /s "C:\Windows\$KAHBLTLL$\butfc.dll"
      2⤵
      • Loads dropped DLL
      • Installs/modifies Browser Helper Object
      • Modifies registry class
      PID:2944
    • C:\Windows\SysWOW64\regsvr32.exe
      regsvr32.exe /s "C:\Windows\$KAHBLTLL$\gqpwk.dll"
      2⤵
      • Loads dropped DLL
      • Installs/modifies Browser Helper Object
      • Modifies registry class
      PID:3032

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\$KAHBLTLL$\gqpwk.dll
    Filesize

    284KB

    MD5

    a604a413255803756fee02e221604460

    SHA1

    f1676e71ede1305e192d1af5aa75c12d7e073ef5

    SHA256

    de83c043724b59216d2968e8bf735d0670d5ddcfd87b7e274a7ff52f797ef9cd

    SHA512

    9f522f0356e849507582cbec5712adae0c5f609f8729fa4c0ce3bc645b93dcad9123f9a0b3c3d55a590b629e735a3db762305e14f875158c020e78e59c23ef5c

    Download Submit

  • \Windows\$KAHBLTLL$\butfc.dll
    Filesize

    235KB

    MD5

    f4e17dd5b099184e19bdb3518f1829f3

    SHA1

    81856982429f8bfea37ab93add8cfeb348a45a9e

    SHA256

    7cc68b309bb5b49a0967b22b2a38752a47eb6fff4e70406676f3667e791c30f2

    SHA512

    305abc93c0369367f76701fd616ac73f46bf5aff0c5e6e34e27794ce66e6cbccc367640e8768d901b6cc12dd5fd8b67cafc9f20dcae91482de6f5bf316e6403b

    Download Submit