Overview

overview

7

Static

static

3

3b30485a7f...18.exe

windows7-x64

7

3b30485a7f...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    53s
  • max time network
    54s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    11/07/2024, 23:44

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    3b30485a7f67c3c169a83bb7f2c64595_JaffaCakes118.exe

  • Size

    41KB

  • MD5

    3b30485a7f67c3c169a83bb7f2c64595

  • SHA1

    19940d7fa89c0cdc1acb37562fe85912fb6b8876

  • SHA256

    d22ff8d20c53e629c02a21ed2538afdad8724ed9da95722c9811915f5f5415d7

  • SHA512

    dd27ee2816000dbbc09f07ff540246c2ed7ed37b8158a26e0532d90399643899801662cad5398db1f00db7464f20a053cc4ca5229ef1786bbb3c75c88370ae0f

  • SSDEEP

    768:O9wlvxXCRAIprsTMrOlEP+GFOwA0V/sP7pCUQjhriON/wNo4:OwtcrhrOOWqV/S+jdiOO

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in System32 directory 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 33 IoCs
    adwarespyware
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3b30485a7f67c3c169a83bb7f2c64595_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\3b30485a7f67c3c169a83bb7f2c64595_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in System32 directory
    • Suspicious use of WriteProcessMemory
    PID:1756
    • C:\Windows\SysWOW64\xflash.exe
      "C:\Windows\system32\xflash.exe"
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious use of AdjustPrivilegeToken
      PID:2888
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2288
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2288 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2900

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          a9fdb319de911e08a72a6f8adae4add9

          SHA1

          1571a9cae83713110deca923549a24b8194dcd1b

          SHA256

          f2c40a502a78770f80194d5fecda14178af6f71d5810c1387f56296dc3a9f796

          SHA512

          4e9ad2bbb4ce7a34cd19e269605da28e845b0474697593f67a029ef563c572e405922a83c69b92db499686f84dc7d93249a10d858fa695c37db595c6a962c0b7

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          4c34448e8537cfa4cc47690eeec2e9c3

          SHA1

          383a7749982508b8f8f1068e01000448a988cc28

          SHA256

          9ba99003c244273339c2b9b0977f9ddabec9a79898bd25f92bc90dc2aa728c13

          SHA512

          b4468851f07d6fb68b759e33c130e30d98be19e50e78cbed9bc6821b082aaaacb4ef440495f4a3f4c7a8c8bc838d4eb4dfe1227f670f031c72043624b5aa038e

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          d6078fd996809223bccc56fb95455d85

          SHA1

          f4387bdf634087031b38bdadd1fea0572b88b3f3

          SHA256

          dad12b40aa38e2079a23f6dc5075d6ac2ee5f06b97e193454e69af41b39e408e

          SHA512

          a2fa2717cb59a5af4f14bd5c609a83af5734afe48a6bf1386a247519ad80c70bb4e52eaf305061b6bba7cc83f28e69d6b41b7ad2758be2648df3b733f1f79d51

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          3c6d46af970c71b32e19b4d4ecb691ff

          SHA1

          8b963b8e1b6b60742a02036928f57690d5651abe

          SHA256

          34cb193724d857649d97ae38bb914b79214c0bb86c746e3f2e9d45d97f6dc64c

          SHA512

          16b8e4f6d19b0d18d9a5562c7be481240e8ee616c71bb62a21f7bd9f0680aa6647cdcc3bbd38a4efb001a415a493c7fb0f965d8cbc83adc198871e0f1254ea4a

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          0860f77d9298281f692d86a812069a08

          SHA1

          b3ea84cbad967c5b6705ffbb162606639ef0f98f

          SHA256

          ef9333ac1594fbfe0797ff8ef9867f7ed96b5cc76b749df0191f3676bb0d55cc

          SHA512

          02932a19ec31dec6f788a48e412874e19bec50afd4ab153cd6fa0f1e86456ab6fbd83e7b2a69aeb6476a6b246f33465ea87ec209887ce6523acecf86d499309a

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          9520fbc5d218d9b74b8898563c4a4755

          SHA1

          60e200c25064c071f57f30b4e9ff03c6e43fcdfd

          SHA256

          1e0f1f0f57ba126b0d0d17982268cd636b7d3ba801364649260198b8ac0e97f6

          SHA512

          15f78421f232bfc4fe2e8ad92e2473c0deda4b414c086de2382ed5e21de76acae2fe7e005837cdf054c7b4beeeadf36b3074d76243eb3d629bea8d06457d287f

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          9c29f38df3de14c7c2f95878ada44f09

          SHA1

          200a5c6f594bec61f355beccecd78fcf9be8b5ce

          SHA256

          733a202ee282103c1421b37f3b69b990e8a144fbc39c4a028c7073bb0c3603b9

          SHA512

          528966a1661c994b506d5aa18d0f69252bf1193e33959414f83a77bbb3078b4a2fd3803ad0032b16ed1f8ca47d0477ab20d9d137e432fef93b512327bc3966bf

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          cd18ab6389fcfe561a0df6feade6036e

          SHA1

          abe557971c9ca854f9a977363d2b3fe29f1a2a41

          SHA256

          f80fc2a7e1cb212167dddb7719adb7133e7d2a3d5648920f431d3c82e30c6a7e

          SHA512

          2ea3fad40d0d94d1b43e6b982c3ebfbb3fd622753e327fb9484031618dc61e62d8555afb3712b04a9052229982c36137548a13e7ddf1203dbc86b8ae235c94a6

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          a37bc3f965e363b9c6638c903fef5943

          SHA1

          4816a95c0fc4d91f681972c790f802542bfbe739

          SHA256

          fb7365357a12fa8e4c745727b69e38389df9aa80005464fdd04c07ac116fb1f2

          SHA512

          eff43b0758d2f136ee1e1b8ae5de85954a62e122f5bfc983265fa54d7ca671ae3824780e62845f9df2ca29ca12ccc7ab96b63f066a7c7f636db42916892ef518

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\CabB000.tmp
          Filesize

          70KB

          MD5

          49aebf8cbd62d92ac215b2923fb1b9f5

          SHA1

          1723be06719828dda65ad804298d0431f6aff976

          SHA256

          b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

          SHA512

          bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\TarB0AF.tmp
          Filesize

          181KB

          MD5

          4ea6026cf93ec6338144661bf1202cd1

          SHA1

          a1dec9044f750ad887935a01430bf49322fbdcb7

          SHA256

          8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

          SHA512

          6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

          Download Submit

        • C:\Windows\SysWOW64\xflasett
          Filesize

          5B

          MD5

          ab1ddc2ea36ec8dd2ba74c4c706e7c6d

          SHA1

          2704e223e2e6657838573a73d793fb826db96823

          SHA256

          df8b9a0ca649a3805aa4433413bfb955f83213a7bf2bd37efd8a454236e46553

          SHA512

          812c231953d8d4613984abf2fede3f300632a5208a3b4de6803d3effe2eace6ec384ae76652db517a663d90b17b3c3c5cf6e5a2211ee4a56abf2a07b294e6522

          Download Submit

        • \Windows\SysWOW64\xflash.exe
          Filesize

          41KB

          MD5

          3b30485a7f67c3c169a83bb7f2c64595

          SHA1

          19940d7fa89c0cdc1acb37562fe85912fb6b8876

          SHA256

          d22ff8d20c53e629c02a21ed2538afdad8724ed9da95722c9811915f5f5415d7

          SHA512

          dd27ee2816000dbbc09f07ff540246c2ed7ed37b8158a26e0532d90399643899801662cad5398db1f00db7464f20a053cc4ca5229ef1786bbb3c75c88370ae0f

          Download Submit

        • memory/1756-0-0x0000000000400000-0x000000000042B000-memory.dmp

          Filesize

          172KB

          Download

        • memory/1756-11-0x0000000000400000-0x000000000042B000-memory.dmp

          Filesize

          172KB

          Download

        • memory/2888-14-0x00000000007F0000-0x00000000007F2000-memory.dmp

          Filesize

          8KB

          Download

        • memory/2888-12-0x0000000000400000-0x000000000042B000-memory.dmp

          Filesize

          172KB

          Download