Analysis

  • max time kernel
    121s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    13/07/2024, 15:12

General

  • Target

    4236367e6eaf4670f4e69495875baf31_JaffaCakes118.exe

  • Size

    313KB

  • MD5

    4236367e6eaf4670f4e69495875baf31

  • SHA1

    0203db94cf8929fbe639161bf176df881940a775

  • SHA256

    09a7ae97cd5f7c305ab766754cf8a3edea60ef159b9e6f134d3a545789de21f7

  • SHA512

    89d0f5374afd2668067b9ce7d37c4e9ae5941d63ca86494e21ba4e0e32991fc2ce153db44c5875dcf96ce544fe455390c4177416bb621107962f70f58ad5de0a

  • SSDEEP

    6144:91OgDPdkBAFZWjadD4ssOYuI/3Gy0Owu5zt+AxW19p9pLMTZk:91OgLdaVIIPf0O5zt+GWHp/LMTZk

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 6 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Installs/modifies Browser Helper Object 2 TTPs 4 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • NSIS installer 4 IoCs
  • Modifies registry class 63 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs
  • System policy modification 1 TTPs 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4236367e6eaf4670f4e69495875baf31_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\4236367e6eaf4670f4e69495875baf31_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2672
    • C:\Users\Admin\AppData\Local\Temp\7zS2452.tmp\setup.exe
      .\setup.exe /s
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Installs/modifies Browser Helper Object
      • Modifies registry class
      • System policy modification
      PID:2696

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\ProgramData\TheBflix\uninstall.exe

          Filesize

          46KB

          MD5

          2628f4240552cc3b2ba04ee51078ae0c

          SHA1

          5b0cca662149240d1fd4354beac1338e97e334ea

          SHA256

          03c965d0bd9827a978ef4080139533573aa800c9803599c0ce91da48506ad8f6

          SHA512

          6ecfcc97126373e82f1edab47020979d7706fc2be39ca792e8f30595133cd762cd4a65a246bee9180713e40e61efa373ecfb5eb72501ee18b38f13e32e61793b

        • C:\Users\Admin\AppData\Local\Temp\7zS2452.tmp\[email protected]\chrome.manifest

          Filesize

          114B

          MD5

          4b8ab2d8f258e976f677a4b1189c778c

          SHA1

          b20edf6059f5af1ac52be6630ff8d0593a7f20ab

          SHA256

          c20d7b0a40bc62ac983cd665005fb5f5e9c4a93cfd94c5f37ce3594fbbdd195a

          SHA512

          d90e772b91f817026f3e6d712f7c4b29da5ba688d04b7ac6cbd8aad33bbdace01bd9e51e9a2807f66811847528bfec90e32e31afef73574a5a9e6ae4261ce413

        • C:\Users\Admin\AppData\Local\Temp\7zS2452.tmp\[email protected]\content\indexeddb.js

          Filesize

          1KB

          MD5

          9161c1347f02860a690137086786acb3

          SHA1

          b73c890e885d252cccdd4f0d32e48b0fa5f7f397

          SHA256

          292300292a7463bb7c98e79dce8b1066a6860a2895df4ef1265b265693ba40fe

          SHA512

          43af329a53343cae1964ec44eb35130ad8a7c24ba1ad5628e6e8f91ed2f076653a3830b81c9664cf4d88f3e07012a1946cf8c943919bb16278a2fcca9c40c22f

        • C:\Users\Admin\AppData\Local\Temp\7zS2452.tmp\[email protected]\content\jquery.js

          Filesize

          91KB

          MD5

          4bab8348a52d17428f684ad1ec3a427e

          SHA1

          56c912a8c8561070aee7b9808c5f3b2abec40063

          SHA256

          3739b485ac39b157caa066b883e4d9d3f74c50beff0b86cd8a24ce407b179a23

          SHA512

          a693069c66d8316d73a3c01ed9e6a4553c9b92d98b294f0e170cc9f9f5502c814255f5f92b93aeb07e0d6fe4613f9a1d511e1bfd965634f04e6cf18f191a7480

        • C:\Users\Admin\AppData\Local\Temp\7zS2452.tmp\[email protected]\content\jsext.js

          Filesize

          6KB

          MD5

          5866a6a224144d1a70c9073df33e6ec1

          SHA1

          d64212b475bd03f36e6fe77ec7dc67fb696fe58f

          SHA256

          640992b16b795ade8378df4016c5a684bea64cf870458f44eac972d58cc6eb00

          SHA512

          121c073193c2552f63a66cbfb10629b9883587d78d2a7341f2477cacc6e7e01817c4babf926e8a272c4dea2a4d0dbf6c79dd86952f6f027ecfbb9041d692bd0e

        • C:\Users\Admin\AppData\Local\Temp\7zS2452.tmp\[email protected]\content\lsdb.js

          Filesize

          1KB

          MD5

          18cc192216e23910511035f21969461f

          SHA1

          9cc46914e2e6ebeec56b2bd7d1179f7c127e301b

          SHA256

          2f6634347907bee70929fb491bf8a3f6a27de3fd440a32a035da95b0157367da

          SHA512

          b621ba3f848c481633150f6b2d37bb2327dc64accf9079427f4d9fbb3e1c25b65eb3cb8de2f41d2acfc2358dee651d6f35f8bbc76a8783cd43cf516e4ed1c6b9

        • C:\Users\Admin\AppData\Local\Temp\7zS2452.tmp\[email protected]\content\prfdb.js

          Filesize

          1KB

          MD5

          6eb85fbac9872114b518e444af80dee6

          SHA1

          55e95fecf4b91e1da2f6b9716729504b356b5eff

          SHA256

          d1a34feb3913c675187659d3ea9f4a08be2776999afb0f84a4d4beae2837e964

          SHA512

          1c7db2726dfe1b448d03aa0262900d0fdf8b0c790329243e3f05ba2fc1df3d55253015eab7f2b9c47e11e189427c276030d90db1a1ce97ff563269d9d24b0741

        • C:\Users\Admin\AppData\Local\Temp\7zS2452.tmp\[email protected]\content\sqlite.js

          Filesize

          1KB

          MD5

          35ea061f62ee29871fbf4a28370c351b

          SHA1

          2cf0ff70c39d25be4999ee4b334985cf8c5b1a78

          SHA256

          8d1070073eea07a191e697dbdfad52bf7f13dfee37cfd65db38f7694713bc14d

          SHA512

          0383bc10c92570520523a2be54d8af7ae18751d8da847cf77a7388e19fabc272076eb1e7b9b6243f950aa49f70ab8ec43bb627360fcf4e213a90f82706b1f59f

        • C:\Users\Admin\AppData\Local\Temp\7zS2452.tmp\[email protected]\content\wx.xul

          Filesize

          228B

          MD5

          b9014e35a4c337d65e7360695750aee2

          SHA1

          f57d11ce52ede525bff56bee61841bb90177aac5

          SHA256

          8e2abe62590f0b8ea90afac176ef8bb9eda874dffb627ea319a7c2455721a780

          SHA512

          423db4e67e03e820cc4facf32759a0a183420152fe355e6e8478ab9a923fa96d11d287014e4cda2e810ccd39aac3d714d89bd84c0c306716a947e9c8c8684fee

        • C:\Users\Admin\AppData\Local\Temp\7zS2452.tmp\[email protected]\install.rdf

          Filesize

          694B

          MD5

          5f09c57acbaab44714403206eab077a7

          SHA1

          3ebde2df89d6e7eaacb8f64d3a2b55d031bb6981

          SHA256

          590e4829d2fec605b27d750668f65fc27248fcb2fb255a2ee22883ab66265889

          SHA512

          03266e8b0c0fc2cbc3a8202cea6b7d1e9167fd7e73855791a2623e942ca391ce7a53e1be6d6880895f5d5e927ecb200b73429854b8369d6798d6da9a36f95c8a

        • C:\Users\Admin\AppData\Local\Temp\7zS2452.tmp\background.html

          Filesize

          5KB

          MD5

          41849a06ef765aec67e9118dbfe689c4

          SHA1

          44a6cffebf2d277d71cea132d3e1fafc29dc19f0

          SHA256

          d91a4681b26453204f8efe39bfe0db8a8971b38ec3661bcb9138c9026a4a63a4

          SHA512

          9c3e2085a11a442ba3f93c322c89e3502b1f15010131232784a3c13ddab7400d023bbf7ef42f31979cee16106455bc88ed68c68b961892706059c193478b206c

        • C:\Users\Admin\AppData\Local\Temp\7zS2452.tmp\bhoclass.dll

          Filesize

          137KB

          MD5

          ac13c733379328f86568f6e514c2f7f8

          SHA1

          338901240fedcef4e3892fd4c723c89154f4de05

          SHA256

          7bf09b5c2a9b6348227199c1b3951b57907ca6a5c215a04ad8d5e43232f5b562

          SHA512

          35f69a82694a2ea4268a3dde7940af6bd1c87a32d93a72723464f90e4e818805be9e80872469d1cc29150a9aac872fc78613a584baa1327dfa8478c2de5672c4

        • C:\Users\Admin\AppData\Local\Temp\7zS2452.tmp\content.js

          Filesize

          395B

          MD5

          4b3a28f1906db01cefe7c6fbc34894ba

          SHA1

          b1ea3d780866c9a61cc90398ba8c8f6a62ce38e6

          SHA256

          e37cf90203b202284fd9aa1aa6cf913aa0b1bb766dd3d2949e7df6fddf29dbaa

          SHA512

          625f1bbf2984b02629ddc31c3696f20e224eb6fc01e7738abf757f16ce485cc29c897639b39d7fca0c2c294adf30ece95a96964da1a1e55ee542a770fd0c2637

        • C:\Users\Admin\AppData\Local\Temp\7zS2452.tmp\epldhinakmkdioelmdmpodinknbccdie.crx

          Filesize

          37KB

          MD5

          05a3077d514d03fbd87aede56926b5ad

          SHA1

          4950f4d855d609adfa4ad3e05108b9df5b9d993f

          SHA256

          47438e687a6d72a184e4fbc1a4b7e0c39bb8ae155de8965237c59c752946668e

          SHA512

          902b4ef4cdcb1e18e73cb5290194f5c6a937e6eac26f1c0c783d262d24e15939ed60d1d8d7d4301ea3a2be9c06ada6d1d92acf20b804176a1268c065ddbb12b1

        • C:\Users\Admin\AppData\Local\Temp\7zS2452.tmp\settings.ini

          Filesize

          599B

          MD5

          61d8ed7f24c97464c06b169f730df1f3

          SHA1

          9fe2c13abe5d0d436bb1db65904489b9a347cdb8

          SHA256

          6c89d7e4e1ebab055a4682fde3d35cc63147c1590e0498742a8419c24aac3907

          SHA512

          5634ee49da78afc626e93c3bbcc3bd825807605e1e20128445765a0402adb5569591dffbe7e4e4cd19424197bf6b23fc37b24fb5023e4abf37a7d6ee5a09ee4f

        • \Users\Admin\AppData\Local\Temp\7zS2452.tmp\setup.exe

          Filesize

          61KB

          MD5

          201d2311011ffdf6c762fd46cdeb52ab

          SHA1

          65c474ca42a337745e288be0e21f43ceaafd5efe

          SHA256

          15c0e4fd6091cda70fa308ea5ee956996f6eb23d24e44700bd5c74bf111cf2aa

          SHA512

          235d70114f391d9e7a319d94bdfc49665d147723379de7487ef76cfc968f7faa3191153b32ba1ab466caeeeeef4852381529a168c3acca9a8d5a26dfe0436f6b