Overview

overview

7

Static

static

3

3725abe332...18.exe

windows7-x64

7

3725abe332...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    118s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    11/07/2024, 01:12

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    3725abe3325880ff2a42accbec63cb56_JaffaCakes118.exe

  • Size

    46KB

  • MD5

    3725abe3325880ff2a42accbec63cb56

  • SHA1

    d8d44c0bdbf4255f3d4202f5c526a1e3a50e5f37

  • SHA256

    b174851afcc18ce92421f230657c87e2ac2816b5a2572f53e49ac1074705459a

  • SHA512

    f9c7b9d64c0bfb4d00311a11133abde3906ccf4b485e97cf38d0e91aee84adb56a4b5f03de53d128a510d7f5589d9ad1f0235ff02fd65f54ed2606334780493c

  • SSDEEP

    768:VLi0NnqrjIcGA+9H5MQO7BUdLOyOLm/Cb5vTOc74Hpyfogpty2uhNqFeTC0:ViHIcz+j0W2QA5v974JyZuCw

Score
7/10
adwareevasionstealertrojan

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 6 IoCs
  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • Drops desktop.ini file(s) 2 IoCs
  • Installs/modifies Browser Helper Object 2 TTPs 1 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

    stealeradware
  • Drops file in Program Files directory 4 IoCs
  • Drops file in Windows directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 46 IoCs
  • Suspicious use of SetWindowsHookEx 9 IoCs
  • Suspicious use of WriteProcessMemory 15 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3725abe3325880ff2a42accbec63cb56_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\3725abe3325880ff2a42accbec63cb56_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Checks whether UAC is enabled
    • Drops file in Windows directory
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1960
    • C:\Windows\SysWOW64\regsvr32.exe
      regsvr32.exe /s "C:\Windows\ZAYUOZBIDUJF.dll"
      2⤵
      • Installs/modifies Browser Helper Object
      • Modifies registry class
      PID:2656
    • C:\Users\Admin\AppData\Local\Temp\GrillRestrain.exe
      "C:\Users\Admin\AppData\Local\Temp\GrillRestrain.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops desktop.ini file(s)
      • Drops file in Program Files directory
      • Suspicious use of SetWindowsHookEx
      PID:2676
    • C:\Users\Admin\AppData\Local\Temp\GrillRestrain.exe
      C:\Users\Admin\AppData\Local\Temp\GrillRestrain.exe
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops desktop.ini file(s)
      • Drops file in Program Files directory
      • Suspicious use of SetWindowsHookEx
      PID:2560

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Program Files\TaperLevitate\ImposeHarridan.exe
          Filesize

          46KB

          MD5

          3725abe3325880ff2a42accbec63cb56

          SHA1

          d8d44c0bdbf4255f3d4202f5c526a1e3a50e5f37

          SHA256

          b174851afcc18ce92421f230657c87e2ac2816b5a2572f53e49ac1074705459a

          SHA512

          f9c7b9d64c0bfb4d00311a11133abde3906ccf4b485e97cf38d0e91aee84adb56a4b5f03de53d128a510d7f5589d9ad1f0235ff02fd65f54ed2606334780493c

          Download Submit

        • C:\Windows\ZAYUOZBIDUJF.dll
          Filesize

          78KB

          MD5

          783794da4e6423a367c8a87d28b21ca6

          SHA1

          984889ce390fd63ee60ffad19fb1106ab482b8ff

          SHA256

          eecbb0feb363306f533a3d413da4f842a04059d941a05f33bc30bfc4ffccda5c

          SHA512

          ee4f501f80723f66163dd2ff7a24f3269e2d8acc7b9ddd76660a4b37412b1212468e2c16761444f93e4fc37a0bd07175a6a5656a3f2215cff526ac34476bbfef

          Download Submit

        • \Users\Admin\AppData\Local\Temp\GrillRestrain.exe
          Filesize

          28KB

          MD5

          6697555ead62e6b9fb71a0ffb6d62992

          SHA1

          55b57b52fe0d4af8716db57a98ab011b1dbe4181

          SHA256

          683a7e3bc4e63ba70bf88c23ae895109d19fc02c9d084ddd759a5569b56d2cd6

          SHA512

          36b7c24cbc5cef1ea6cca65c2054e3baae7096932bbb2caa4857d4f324407fe5a92e610d7baf979dfa881d82f9c99c74037b774967cd5d31af5a120bd9eefdf8

          Download Submit