Overview

overview

7

Static

static

3

3ab1dec493...18.exe

windows7-x64

7

3ab1dec493...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    37s
  • max time network
    112s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    11-07-2024 21:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3ab1dec4931563c5724b855a1ca8748d_JaffaCakes118.exe

  • Size

    25KB

  • MD5

    3ab1dec4931563c5724b855a1ca8748d

  • SHA1

    acb012e2c454afdebc97924a6bbc935f24bdcde7

  • SHA256

    e62c8cd2f6c10bfd731dca630fdd4c8e3d5c9b391976f4402d08a4fe11c49c50

  • SHA512

    968b2000ae29c381dd5229f7f26fa7820727fd0d742ae872468ae355de0f824476e1ce753cbf5b657f4f9e7b55f2bd0e8faeafb4a6a1c4ef99a25b2df21a21a9

  • SSDEEP

    384:zdj4sgLfWCGJY6O4DTGm4hEEZxgoZFNQsLFOwiC2wKsEaVh2O9h8CQO4Hej0EvO3:CO5y6O4D2hvZF6uVDEg2O9h3y8pvO4a

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 4 IoCs
  • Modifies Internet Explorer settings 1 TTPs 25 IoCs
    adwarespyware
  • Modifies system certificate store 2 TTPs 2 IoCs
    evasionspywaretrojan
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3ab1dec4931563c5724b855a1ca8748d_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\3ab1dec4931563c5724b855a1ca8748d_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2064
    • C:\Users\Admin\AppData\Local\Temp\1846741.tmp
      "C:\Users\Admin\AppData\Local\Temp\1846741.tmp" "C:\Users\Admin\AppData\Local\Temp\265006334.tmp"
      2⤵
      • Executes dropped EXE
      PID:1232
    • C:\Users\Admin\AppData\Local\Temp\1572419169.tmp
      "C:\Users\Admin\AppData\Local\Temp\1572419169.tmp"
      2⤵
      • Executes dropped EXE
      • Modifies system certificate store
      PID:2404
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2164
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2164 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2824

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\265006334.tmp
    Filesize

    512B

    MD5

    bb1f3e8cdd2cff98df9f610b9bd6ed0a

    SHA1

    7b32463044a509c76cb132bfdea3752c7398292b

    SHA256

    58cfb4141d2b48eeaad6cf49f380c5f7c6e928e837b8f9027e5b5c557a2700f0

    SHA512

    e819822f3bd7a2b16ca41b90f0c4d69407df45df113e7ff6176108d00c567e9f3fc977910f6bb260c31e16b7e63e592e19f6e0fa1ecc531d582e4c312d89edfb

    Download Submit

  • \Users\Admin\AppData\Local\Temp\1572419169.tmp
    Filesize

    11KB

    MD5

    89ac0ab758760063cfef626ce0ac92a4

    SHA1

    9998678f454a617789d25c1e7d58dfaf058e13be

    SHA256

    cb14ffc026b008e203dd1a5ed28a0ffc322fa32c170846d9485e5892554ce96c

    SHA512

    98d22e7f56b9662a117f409521bea73e3585b9b16f167dc1f1f01711c7dde1ea941d669ebfed993c925acf1c62e46f559bb61ebcf75451067620e9126ed47458

    Download Submit

  • \Users\Admin\AppData\Local\Temp\1846741.tmp
    Filesize

    4KB

    MD5

    b7547f90ea7b2c21796d7a056c912f64

    SHA1

    7c67aab307aff97cf3e82119dfc3ffd3cf33f3e7

    SHA256

    3a31834ab501275479b980ae73ed339d00bce77cc7fd2846873f3145cc1ef359

    SHA512

    a334590f2ec1797b71121eb404c6ee32544ab0f7c2384f1939c1ab5671e971693162c876753d2a7286c0f600411769520b0fd2f99c5162000e7857f9ed17359d

    Download Submit

  • memory/2404-19-0x0000000000570000-0x0000000000572000-memory.dmp

    Filesize

    8KB

    Download