Overview

overview

7

Static

static

7

42d715fcf1...18.exe

windows7-x64

7

42d715fcf1...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    13-07-2024 18:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    42d715fcf1e4150a6e470a742de66f8e_JaffaCakes118.exe

  • Size

    95KB

  • MD5

    42d715fcf1e4150a6e470a742de66f8e

  • SHA1

    6f667f3b5d4e899f0784c4efe1e8ed9763dfc150

  • SHA256

    fea2457bd9e2a1c5f5492e2e4f4d32b802a0bf7909202a8ed7f8c804753d094f

  • SHA512

    4685fcf30438ed0fcdf02bc3d5d507f4d0fa0110beb797ee3f085cf8bbfb7ba9416d01eb3de3548af678116823c7e894f49a8108a4f0cde64a584347302dff02

  • SSDEEP

    1536:rj9VU/R51ZIdJ2N5aMHHHFSRAKuOAp29HvCRMvYQpZjStnebRCAEF8sE46Yeojnv:MX4doFH4RABp29wqYoZuteNsB6lqndZ

Score
7/10
adwareevasionexecutionstealertrojanupx

Malware Config

Signatures

  • Drops startup file 1 IoCs
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 11 IoCs
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • Installs/modifies Browser Helper Object 2 TTPs 3 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

    stealeradware
  • Drops file in Windows directory 5 IoCs
  • Command and Scripting Interpreter: JavaScript 1 TTPs
    execution
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 1 IoCs
  • Modifies registry class 50 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 30 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\42d715fcf1e4150a6e470a742de66f8e_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\42d715fcf1e4150a6e470a742de66f8e_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:2988
    • C:\Windows\ad405cn\Update.exe
      C:\Windows\ad405cn\Update.exe 11C454014FFDA493E62DBFFAE914C42A578E3EFDE155E8D180AFAE28B8137F369681EE45A169D55C59871473
      2⤵
      • Executes dropped EXE
      PID:2524
    • C:\Windows\ad405cn\info2asp.exe
      C:\Windows\ad405cn\info2asp.exe 11C454014FFDA493E62DBFFAE914C42A578E3EFDE155E8D180AFAE28B8137F369681EE45A169D55C59871473
      2⤵
      • Executes dropped EXE
      • Suspicious use of WriteProcessMemory
      PID:2952
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2952 -s 412
        3⤵
        • Loads dropped DLL
        • Program crash
        PID:1972
    • C:\Windows\ad405cn\iePlayer.exe
      C:\Windows\ad405cn\iePlayer.exe 11C454014FFDA493E62DBFFAE914C42A578E3EFDE155E8D180AFAE28B8137F369681EE45A169D55C59871473
      2⤵
      • Executes dropped EXE
      • Checks whether UAC is enabled
      • Drops file in Windows directory
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2440
      • C:\Windows\SysWOW64\wscript.exe
        wscript.exe C:\Windows\ad405cn\abc.js //B
        3⤵
        • Drops startup file
        • Loads dropped DLL
        • Suspicious use of WriteProcessMemory
        PID:2900
        • C:\Windows\SysWOW64\regsvr32.exe
          "C:\Windows\System32\regsvr32.exe" /s C:\Windows\ad405cn\ATLcom.dll
          4⤵
          • Loads dropped DLL
          • Installs/modifies Browser Helper Object
          • Modifies registry class
          PID:2228

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\ad405cn\ATLcom.dll
    Filesize

    87KB

    MD5

    091e7dd2d69fdb89057f3f27c1f63a22

    SHA1

    c33974665c98038699ee4498aa69ff3aedfa0913

    SHA256

    3cdc7bc6dd5c3e43b9a70e4ca74776b1825056eb3d84ff19279c3c4edf7e1be0

    SHA512

    db38b0dec47ec5aa7ef0de377e2b95087c2449af7fd9a7fab30d63f5f80ed6840f79c1b3794bed9e39d4c3e869e82f7c6417152a21fae9a48b83bfdb1e65dd50

    Download Submit

  • C:\Windows\ad405cn\abc.js
    Filesize

    1KB

    MD5

    5ef5c6e471cd3c8e7ac5c8767d732f73

    SHA1

    2e70e28834e62e736455e74b3aab61ab747f3e7b

    SHA256

    76b8f3d04c8910014cbdd35a62990d0781d4e2ebce3c3f58fd6480a1166504be

    SHA512

    1a3fd6cb5a715ac4d50a3fe82df3068110c42c79d6e4dd83b478f29d99587c5ce30388f9a49b1214f5bcfcd90adf2a7c76cf3f4237918cf43e9fc879b9a89be6

    Download Submit

  • \Windows\ad405cn\Update.exe
    Filesize

    56KB

    MD5

    4012770c24355d473f3204da2c417294

    SHA1

    50f7da5120f0dd95dfa8c227cee0717aa135b03c

    SHA256

    b4424e0a30e08f71504efc7359a8a2bfb489b307013337f2c6d9880f1695eda0

    SHA512

    bb14469d97bda5fceee428ab965f2e571988a675ed0bfe57768cb6bedbc60a56dccae8594c8b6b44a9f16794eb7fc600b44923c28bca7b99989af9d77656d263

    Download Submit

  • \Windows\ad405cn\iePlayer.exe
    Filesize

    66KB

    MD5

    e4f5bdf0ed0c9d4a934138c63f4b25b5

    SHA1

    c9a9c17a2563843d690155705d2818b14dbaf4da

    SHA256

    dd0069710a395ef2e05dc5972db2881a1cd8d1ed4bae41bad1e538f939150b96

    SHA512

    e3335ee44705e57dd1ac1d43c10d677b4412e2cdaa1c8f8cd438a0a6498f5596a86d1e1c5ef76db45678dc118f9b6bf6f9a90e04cc238554d0ace9f2b6f2c721

    Download Submit

  • \Windows\ad405cn\info2asp.exe
    Filesize

    41KB

    MD5

    239cf0c432acfa6e2aa4c2a16a39bc0f

    SHA1

    26824ce5ee668dc16786341690566704486245ac

    SHA256

    f81b69a0dd1b546c7b15d13eb47058c9156f7f98ceb936e05c7a7b0b7d847a6b

    SHA512

    977454187a73e0dfba1fd6f95b6ea5c85bd9160d16dad6f607aad2ebbd44c12320147d593ce09ddcd95a60f809ca73564b7f831561a671050afda41b99e159e8

    Download Submit

  • memory/2988-1-0x0000000000400000-0x0000000000452000-memory.dmp

    Filesize

    328KB

    Download

  • memory/2988-17-0x0000000000400000-0x0000000000452000-memory.dmp

    Filesize

    328KB

    Download