Overview

overview

7

Static

static

3

3c0076df53...18.exe

windows7-x64

7

3c0076df53...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    141s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    12/07/2024, 04:35

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    3c0076df5304aea581674cf0dfd91aaa_JaffaCakes118.exe

  • Size

    365KB

  • MD5

    3c0076df5304aea581674cf0dfd91aaa

  • SHA1

    87c5cfd7656af4adccc4446109171f7385dca2ef

  • SHA256

    e3cc760aabf2b84d82e96f9566763068da8a3dcd672c863df07472b35c9881bc

  • SHA512

    596af08bd409bbae98c26dc7fed08ce0c891c9dd8365f2477a72378e0ee3f401d7726b6cbbc5be29d681c913331f6c8529d23b189e8fa4d81b2a2c7389b608d8

  • SSDEEP

    6144:yqnwjmFpdkAkzm5ydz7R+WeP4R4Fj611+ILBM8Ra6rMXt86XejcMw:yGwjy4hz+ydJ+FG4R61FBMMrMXXXejHw

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 4 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Drops file in System32 directory 6 IoCs
  • Drops file in Windows directory 2 IoCs
  • Program crash 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 4 IoCs
    adwarespyware
  • Modifies Internet Explorer start page 1 TTPs 1 IoCs
    stealer
  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3c0076df5304aea581674cf0dfd91aaa_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\3c0076df5304aea581674cf0dfd91aaa_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2760
    • C:\WINDOWS\dnfye.exe
      C:\WINDOWS\dnfye.exe
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • Drops file in System32 directory
      • Modifies Internet Explorer settings
      • Modifies Internet Explorer start page
      PID:3036
    • C:\WINDOWS\dnfye2.exe
      C:\WINDOWS\dnfye2.exe
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • Drops file in System32 directory
      • Suspicious use of WriteProcessMemory
      PID:3008
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 3008 -s 824
        3⤵
        • Program crash
        PID:2596

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Windows\dnfye.exe
          Filesize

          118KB

          MD5

          dcbacd27a16a2949bc28aba90b89f814

          SHA1

          e60580464473c6498d7d20c7656406a0735bd98b

          SHA256

          87d713583fd63d1523a30f85e80162362beed59b66704021dd0e7d8408cce0a6

          SHA512

          168ec6e1266a388ef3381c3e737ba79ea209732fb6cdd395c3f2f11783f010e7cf396c599640fa2c4141a0481f91905ea8ff7f58f969e5863824908dfb1ff7a1

          Download Submit

        • C:\Windows\dnfye2.exe
          Filesize

          196KB

          MD5

          9c9c49692cfaf75cc6443690371a4365

          SHA1

          6b8bad39f5803b5ee10c417ab56a427dad64a8ba

          SHA256

          11b6466e8c8730787adc85d0d01f0ce94f000a5140d07ac65628ed20d07a8b0d

          SHA512

          a0b5412af252b4f973b4b81c66f861a1a7e7f1ba31a68093fdfee7e86b97db1ee022bf219e823d23f3e6dd102f1697cce1d6fb17bd68ff95e27ef1967cbb60d4

          Download Submit

        • \Windows\SysWOW64\MSINET.OCX
          Filesize

          112KB

          MD5

          7bec181a21753498b6bd001c42a42722

          SHA1

          3249f233657dc66632c0539c47895bfcee5770cc

          SHA256

          73da54b69911bdd08ea8bbbd508f815ef7cfa59c4684d75c1c602252ec88ee31

          SHA512

          d671e25ae5e02a55f444d253f0e4a42af6a5362d9759fb243ad6d2c333976ab3e98669621ec0850ad915ee06acbe8e70d77b084128fc275462223f4f5ab401bc

          Download Submit

        • memory/2760-63-0x0000000000400000-0x0000000000512000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/2760-22-0x0000000005640000-0x0000000005A52000-memory.dmp

          Filesize

          4.1MB

          Download

        • memory/2760-2-0x0000000000400000-0x0000000000512000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/2760-0-0x0000000000400000-0x0000000000512000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/2760-64-0x0000000000220000-0x0000000000221000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2760-1-0x0000000000220000-0x0000000000221000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2760-73-0x0000000005140000-0x00000000051C2000-memory.dmp

          Filesize

          520KB

          Download

        • memory/2760-72-0x0000000005140000-0x00000000051C2000-memory.dmp

          Filesize

          520KB

          Download

        • memory/3008-74-0x0000000000400000-0x0000000000482000-memory.dmp

          Filesize

          520KB

          Download

        • memory/3008-82-0x0000000000400000-0x0000000000482000-memory.dmp

          Filesize

          520KB

          Download

        • memory/3036-71-0x0000000000400000-0x0000000000426000-memory.dmp

          Filesize

          152KB

          Download

        • memory/3036-81-0x0000000000400000-0x0000000000426000-memory.dmp

          Filesize

          152KB

          Download