Overview

overview

7

Static

static

3

31479a16d5...18.exe

windows7-x64

7

31479a16d5...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    94s
  • max time network
    123s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09-07-2024 17:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    31479a16d53e965fbb43902ddae0beb9_JaffaCakes118.exe

  • Size

    472KB

  • MD5

    31479a16d53e965fbb43902ddae0beb9

  • SHA1

    c9c740ac217a33596d73db68bf5d85a425c1bd1a

  • SHA256

    57f69785ad393bc02a027a6f9128edd297705edcc416af2e110650387ce8ea7d

  • SHA512

    dd46224baf7b838b353c8a3181e5868e350a9c020b1f65d1bc459ca828bf4722483999e134376cc414edc229efba58a8c4f03f6e1fe8f7b89edb32518161a5d8

  • SSDEEP

    12288:vTOAkRj7IqoRHaxYmzzxrFdLh/20lRSgi:v6AkRjyaxYmdxdLxt

Score
7/10
adwarediscoverystealer

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Installs/modifies Browser Helper Object 2 TTPs 2 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

    stealeradware
  • Drops file in Program Files directory 4 IoCs
  • Modifies Internet Explorer settings 1 TTPs 2 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\31479a16d53e965fbb43902ddae0beb9_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\31479a16d53e965fbb43902ddae0beb9_JaffaCakes118.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4004
    • C:\Users\Admin\AppData\Local\Temp\bar.0\A5SETUP.EXE
      "C:\Users\Admin\AppData\Local\Temp\bar.0\A5SETUP.EXE" "C:\Users\Admin\AppData\Local\Temp\31479a16d53e965fbb43902ddae0beb9_JaffaCakes118.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Installs/modifies Browser Helper Object
      • Drops file in Program Files directory
      • Modifies Internet Explorer settings
      • Modifies registry class
      PID:1900
    • C:\Users\Admin\AppData\Local\Temp\bar.0\A5SRCSP.EXE
      "C:\Users\Admin\AppData\Local\Temp\bar.0\A5SRCSP.EXE" "C:\Users\Admin\AppData\Local\Temp\31479a16d53e965fbb43902ddae0beb9_JaffaCakes118.exe"
      2⤵
      • Executes dropped EXE
      PID:3512

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\AskTBar\bar\1.bin\A5POPSWT.DLL
    Filesize

    116KB

    MD5

    69a3eb924678bb23047e6248648e6534

    SHA1

    844949940edfa51d38c5fa3294892b92c8d3cf8e

    SHA256

    8150669b6e743bdc725abfd4e51c3da721e4b1a2a86ee2cda4d61f8e2bbee851

    SHA512

    6f3c3b4a81965a6cf462943f1c0b0c8db1fbe7b89e24459411dc279cb18d534568c2cf0097bfea6848ceca9818bf10f86c1ea4aaf601f1b1e42dbd9ec696dd06

    Download Submit

  • C:\Program Files (x86)\AskTBar\bar\1.bin\ASKTBAR.DLL
    Filesize

    240KB

    MD5

    59dbfe16aa20144cb11e7fc8b2d21eaa

    SHA1

    b4403810c1db8482c5a26b418499a8643e4a6410

    SHA256

    809bbfa3fb67c79f1901b159b754dd955c5defe28d5879f91972d269d706d55c

    SHA512

    83ce6c1631d36ebc19be3fc178932f41fdef7c7f8a9dd5d3631527a25f894936477a053ad96d65ba58b8775732741b52af1edc390b260009775406b05df36297

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\bar.0\A5SETUP.EXE
    Filesize

    376KB

    MD5

    f90f8e211bb2ba49218188caa1dc2f3a

    SHA1

    8a18eb5ec6f37f9c4f0654069815f30f651b1d8c

    SHA256

    024fe6f1d33edbdb2a9064564273db5e4e2bf87fa6b6380b8a118a7b110b7035

    SHA512

    107889d1a470a4a622a3a09ee39077d12a444c6bb90e2897e56720c722db8e926f0853bc5cbc435d211105335ea0db1d334f8811c2c6d5ad63b7072742eb4f7e

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\bar.0\A5SRCSP.EXE
    Filesize

    76KB

    MD5

    e7d9ce28eae7d5ce00878a39a7d2584f

    SHA1

    73b4be59997f90e3bb3e87df47efe76b10fa6a92

    SHA256

    87f40724067f8e3bfbb2d78962f9925ec77b83fb7763513387a016b6b1683439

    SHA512

    c7bffecd908007e2b53e83f444e3a685f525c022f12d8e2e3733a47f64c00e2165737450ccca4d86738c79d2104cf3ed6652803eb8fd78f36a2a26423600acd5

    Download Submit