Overview

overview

7

Static

static

3

5ba760e6bc...18.exe

windows7-x64

7

5ba760e6bc...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    140s
  • max time network
    140s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19-07-2024 11:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5ba760e6bc29844ab61a5576571b5508_JaffaCakes118.exe

  • Size

    1.2MB

  • MD5

    5ba760e6bc29844ab61a5576571b5508

  • SHA1

    015c16de5a9cd3277b6fb9aa5a85dde118473704

  • SHA256

    07e2b5e3d5fdb9bbcf9898424c885104d63dcb12454cd2903f8fcf53bd22b6a8

  • SHA512

    31c0c139b0ef0f2ce280e7342158580cbceb03a3d900db977c885803841a1d398536a42cb4781786cb89acd0b19cb3e5a2f050385f51f1d6a6c04e411c2c51ce

  • SSDEEP

    24576:g3UiPkeZwHM47FDdyhz0Te89Gq/ddIb2GIwNmtj:2UicV7imTeWzTJXN

Score
7/10
adwarestealer

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 4 IoCs
  • Installs/modifies Browser Helper Object 2 TTPs 1 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

    stealeradware
  • Drops file in System32 directory 5 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 37 IoCs
    adwarespyware
  • Modifies registry class 42 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 5 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5ba760e6bc29844ab61a5576571b5508_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\5ba760e6bc29844ab61a5576571b5508_JaffaCakes118.exe"
    1⤵
    • Checks computer location settings
    • Loads dropped DLL
    • Installs/modifies Browser Helper Object
    • Drops file in System32 directory
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1020
    • C:\Program Files (x86)\internet explorer\iexplore.exe
      "C:\Program Files (x86)\internet explorer\iexplore.exe" http://
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2028
      • C:\Program Files\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:3864
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3864 CREDAT:17410 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:3124
    • C:\Windows\SysWOW64\IcqSniffer_trial_setup.exe
      "C:\Windows\system32\IcqSniffer_trial_setup.exe" 0
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops file in System32 directory
      PID:312

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\9JI1NA5J\suggestions[1].en-US
    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\GLC1102.tmp
    Filesize

    161KB

    MD5

    263e81631fb67194dc968dc3f4bdb4e7

    SHA1

    2998697c503a542d5cf1e25a0d0df18fcd38d66c

    SHA256

    9200949ab6f777df957fc524d4733e2cb47b89a209c07d2be57b4c63cecbf766

    SHA512

    2eb6fd28ba87f193a35f1c4bd4c6ff29495a3c10fea8bfa0506df97fcae5ca16f2617703137ecb32cf6b7dbd3048507dd4d0c7418845cfdce5c43896aec45dbb

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\GLK1123.tmp
    Filesize

    33KB

    MD5

    517419cae37f6c78c80f9b7d0fbb8661

    SHA1

    a9e419f3d9ef589522556e0920c84fe37a548873

    SHA256

    bfe7e013cfb85e78b994d3ad34eca08286494a835cb85f1d7bced3df6fe93a11

    SHA512

    5046565443cf463b6fa4d2d5868879efc6a9db969bf05e3c80725b99bd091ce062cfe66c5551eb1cc5f00a38f2cfcda1f36fb4d60d9ff816c4ec3107b5a0df40

    Download Submit

  • C:\Windows\SysWOW64\IcqSniffer_trial_setup.exe
    Filesize

    938KB

    MD5

    33bd5f92bf420f055174a7b820498e6c

    SHA1

    99114421703d55852c891077c88853ad185ebe5e

    SHA256

    5c0d7c8b2f750ed45ef1f01dc671197e059c81ede657f42f08791e82fa9cbee0

    SHA512

    8b1766443e778cd530959bc7c02eefea761b2818cff714d5f272fceab2f8485e06c6ae8406da3c1dd1876ee7afef58afabec6b302fb3a9d166b72871b0407dd8

    Download Submit

  • C:\Windows\SysWOW64\wsock32.sys
    Filesize

    159KB

    MD5

    462667fb937798eb087321fc1afd0191

    SHA1

    7c17a8e4f8e1b679a7820e9ab010e63e1e1e32dd

    SHA256

    afdd8e19d9648edbb8ecaeac6180c0cbdac7533168e5a027913dcba9d538306d

    SHA512

    412bdf1e4e2bafa4544f890fc0a24cabbbb7785a679af6ba4ec6e94d90b8bc72189d7808e2b0a964ed5f25951be64e514902c53a143c84f48858f625a21ee3f0

    Download Submit

  • memory/1020-0-0x0000000000400000-0x0000000000445B00-memory.dmp

    Filesize

    278KB

    Download

  • memory/1020-28-0x0000000000400000-0x0000000000445B00-memory.dmp

    Filesize

    278KB

    Download