Overview

overview

8

Static

static

3

5eab0dffc5...18.exe

windows7-x64

8

5eab0dffc5...18.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    148s
  • max time network
    149s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    20/07/2024, 02:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5eab0dffc5c17bce13d167e556b0b5da_JaffaCakes118.exe

  • Size

    348KB

  • MD5

    5eab0dffc5c17bce13d167e556b0b5da

  • SHA1

    b0f7002e5d7ff7a65c3df353227031f18cdaa13a

  • SHA256

    f15d4e50aaefacc9ef3e349de66e751e327c7b72d115b33d392a5d29a995eebd

  • SHA512

    cf58f364fb646f9082de6847455f07884b9988f97492a149fe6ffdbcdc79304fbe1b57f2a23a3c142f283a697d95684951ad28c4eee8b7fe98243f760e9a2e9d

  • SSDEEP

    6144:ppMM8EV1kmffCpJip7WDBDRTUDsDvA8X9S1:URmfaXiE1DmITA8a

Score
8/10
discoverypersistencespywarestealer

Malware Config

Signatures

  • Contacts a large (1386) amount of remote hosts 1 TTPs

    This may indicate a network scan to discover remotely running services.

    discovery
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in System32 directory 64 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 64 IoCs
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5eab0dffc5c17bce13d167e556b0b5da_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\5eab0dffc5c17bce13d167e556b0b5da_JaffaCakes118.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:1068
    • C:\Program Files\Internet Explorer\IEXPLORE.exe
      "C:\Program Files\Internet Explorer\IEXPLORE" 212.33.237.86/images/1/report.php
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:828
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:828 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2180

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\ose.exe
    Filesize

    495KB

    MD5

    19c7af3efd777c3563bcbc0f623abab5

    SHA1

    53616178ef9f0dded41d8c3d471c9d9bd03a7c73

    SHA256

    7a475fb57d80ef8a2e4bfcbe36500effa690243d0c2e888e5e6111710a0027c6

    SHA512

    8c628ab543a1863408b992e0baf993882534c412fef37bfb790ea31314faf39a461ea7ca412fb5e715363321af0df3bdcea03dad1a4e058d56ab2d3b5b3f9c49

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    25859e0a73963233bf9617632c5d7d59

    SHA1

    c6077674e410f57694c3a58c68871b4355cae4cd

    SHA256

    0667fca28b54224d2b8159f383e0e27d287ff6b153f376b507f1f01722756d37

    SHA512

    7a5e2a50df1e38e571f4f1cc8b11d980d77598ac8aabc768a1a9287a8264c0ccafcc95dbae3d66b69b5e1e346e88a1de9dbf3b67342d44b19ce56cbd6a146333

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    253fa576313ea7318635e6d640e46575

    SHA1

    a06e23ef5810ee58281ed7906c3f19deafbdf266

    SHA256

    549506918da00ead389210828ccd648647ad3b67c0f2e69e0e7c708d70da47f3

    SHA512

    c160118bf8e157e8bcc68e29b29248a4073fa3015989e871503e95896c8835a65942d497c742ca43e68f88d4eff388eb1e1e2e8a5a3606f23c0404278348394f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4f6e074053c2a735c994cefeafeab224

    SHA1

    5f3c66fbd4edfa7907df13d16f6f548fe75392c8

    SHA256

    01f3d51bf539681a420ea88346f5658daeb7dd27f9baab5612427019e3c8dda4

    SHA512

    a0cfea27765e5253d979f3dcf48d6e7a36c3cf31a7930332a022552da56bff9b05d073ec2b744dd6e5fa675a76b9387d81416a416813896eea132953c34b777a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ebc0bbff8040d2c0989f478a429dd649

    SHA1

    46d844a1df7a4fc408c6533e6ad50a74be17a398

    SHA256

    0d45b9da0fff7b2b5db1de6fbdc5f47a3ff52530ff6b535f280f2e519983b533

    SHA512

    e745ca9403bc95648a025ee529bd313023e072e5542495e4f1ff9d84c0d70a39d9eb439b125bfe01ed6528c42b3d7d936becc9f1735bedad32e8616f452c8a02

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    053e60ad0b36491c020365dee553a00d

    SHA1

    ee4fdbedff47d780dfc81bf4fad2d38e8e9c4745

    SHA256

    1aa0e542f094fc0bfb7e66055efe5e4524f2ea4c13591adb98e4c2e8b5743027

    SHA512

    9e8979459ba2949dc3ea11fd0ee48ee1f4e4e3b8e975d4311d35110a16721fd30c42a89bebd79b212b755389e197d2e9cb396a1dc65c83993ed82d8296061ee3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8fecbea668db1741e18719151e492f66

    SHA1

    458f08ea257243a12b79c9a47e80ccbdeba8fbdc

    SHA256

    d98ccd35eb70f14fef8e156c55277e2971723f88ff45df7b9ecd6a1498c4c375

    SHA512

    793c84ff9a2fe0ddeaf9a38c779bdcb3d3cd7f3951390c9515935a0c78c46188c7adbbf2bd57c81f546ad40dbd99dafda7f859d0357f4c08c9ff1c2e8125df0d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    044e150c9ccfd12069b153a0c6b041d2

    SHA1

    ddcc1d19c9b5f75596816b3e5ffcba72efb88398

    SHA256

    044a125ef3ebd8c8a1f7858f996327f6cf272d4bc8d8708cd2d9aa2d6e9715ac

    SHA512

    5685ec4b1d648724a29cec709c25d031931d469b8387d804a1641be778ebbfa2b6e5030d6dc619a027997a2b283e2d4bccca840157aa81cafe7339c8e89f825c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    12680074b3d63504188876f304c89eb1

    SHA1

    3786d7e284e91ca881b61807c9687a20872a7290

    SHA256

    3d25bc26ff07533411fe331e44de890b148117cbc540cc62bb5fffd4d104e875

    SHA512

    d7c6e016265cf4d09aeef48b98fdac063fb8556d1ad261e1742edd31686bfa232252f005eff00088e3db5699adf83380e9ed402303e8e991d5444c9d41371358

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3c5b683a75a8b9b74bed60a86cd1ca16

    SHA1

    f891e4e9ab733eda96e2014a14f20e6e26ac9b7f

    SHA256

    173f71efb2f43263dbc4e863da926b1515395521d2afb70a6377e467a365cb7f

    SHA512

    48e7c5bcf6ea4253793529c06358e33740e8464b400afaadf0bfd31a3f707d420a7bbb6b88908dda00cf4730705c3bba5c0a23ece81828d572e914e057841970

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    aa049f090d561fb098e8d1e800db5cc2

    SHA1

    8a3fa5c4f5bc2961efa015bd35838c80cbe8c9f8

    SHA256

    b25277bb4b662b3eaa16691e0c4191e6b6fa454c13ac95031ab74b6883f428bb

    SHA512

    380505ae519d410a4e721ad8ac0181ee48ff5e2821742c98247738c1d31f9341400ca64b767ff6070361ed5d6e91a0faaf906104a1a95eaa471e6648af23e522

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8f6dd7d6938545e282a13754a3fdc9fa

    SHA1

    2c3939f9fb5ccf46a31ad88a0c008f54903befb4

    SHA256

    74c34f59cc124b495138e23f691ae74f5acad1059d5e5f88d269cb0c7a7be979

    SHA512

    5b8be3618aa54f71b3433ac25455f2309c937c7cfbd0d1ffe0032ded13046fe95839aee4707fb80d44685ffda5d7442908d80c65ae224f9bbddf764a86e7c932

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f7c0cab1898bf5293d49261c9a3f6338

    SHA1

    73f05beb3dba80cfeaba8496cbf838ef77effe68

    SHA256

    8653cc297755158ed813e855aa28f4b02be89d1508db1528e3badcb5fd77f7cb

    SHA512

    67228f5cf089680feffa5369622ec6b1ed12424941e21b5eb25918e3dad74e12f75cd60eb06280e84145962114a355998606e77ac3f5f2db48d857cb29b4f4c8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5f48c76a14ffd45e2c0636a5651b8cdc

    SHA1

    0557e8970e6063e06150585ac10a106177c2b3b7

    SHA256

    ceaafdf48a835e3b7d4b0ef349b275db1726d568b10409bc4af645b88c642925

    SHA512

    2e0ce63fb30cd4576fc3bd7be9767f3a61690964de6afdc0d5cce0981197d7e6d27d444419875d49702e32943d6fddaf3bd62d735a0c8d83d940233d901485d1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1d3a5c186abca14fd2dceddc8eb5a344

    SHA1

    41913c520878430c376b0619d7e0dd36a258586a

    SHA256

    3eac45b778ac59afe98072769113f4fe3671988d27cc20288e6a32acefa624c9

    SHA512

    4397f661fc7d1d4b082c07fe26f17c4474acce075c1fde53975e6f544200976aad3842602c699ca41e524f3a16cc630c8a3ec9aea38ff35f505c4949c48f97cb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    63fb45ba238938fed4ce47f9c2da3f30

    SHA1

    65e81cb911b202f7ba5b7c1904d9a8b0aab00e51

    SHA256

    cc3dd761d650747221eab211fa875a9ecf2ab8c8ae9facb9e90d37f032d4eab4

    SHA512

    a83eb751d1af7a55b853abb7a45e3104dbe61bffca4fce629b81e7e5ddfb8ea351c2cd24b10360745d6a49e11262037029d4241e30a8beeaec40f0f9dff0de68

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    acd88d867fc3d23c3f800551161d55d0

    SHA1

    04113ab24554faeb1b5d7448761787cc7e286f54

    SHA256

    c103235f6682a0804035d4dc0d85ba1a2ac6f1ee2ade4626950348f9a2146f05

    SHA512

    e8713bcf12eb90bcbd9de34ba197eafdd283ad6b0f5af309173fdc6655a9fd6e7d1457d3f274f3f6554bde80421db9c41423d5cb58d2f10cb208d24d3908b7b2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    82226c37b7f706a2be10f66bae3f9588

    SHA1

    8f0ff377f86e86cfcd47a356e6b946c73169f7a5

    SHA256

    e065a91b4ef23c3a1677d53a4d8d53d3e00bbe8622e69134f1b648f969c3e707

    SHA512

    1e9bbea8674c93c05e48d44554078e5616882344ea9bc9fa157c92ec7d6d1d15ab6703918fd2df190325c88354f08223da612db0c8592e168b70452441da73bc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2063389e6ecc84e17b6dad8e6005b8bb

    SHA1

    0c888abb314272d49e11221c9a16d9e806b4547b

    SHA256

    d5602888db924a6a34939f3ec5bc463cb899de795a78c5b6374700974a94afd1

    SHA512

    2d4508c38882633dd7031d31999c7bad8fc25fafdc1a22c42e761e976f0925d3eba86be8133a16dbe9ab91f16585357bc901a586addae255eaaad2a756c86402

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1690d53541ca8821d7cb975f970fcfd8

    SHA1

    9139e20b74f987ef9a19e50bef66760c491bc472

    SHA256

    ef9cef6e1ee4dd45f91f065895180b6231020f7d01069800a623337340f6783a

    SHA512

    14fb8c3cba8d8b4e62f779b46db5cafc5908349adce29f810def8762637e75c830f09277432b934122cf9439bde02fcac7073de81aa121c498e87756d93afc4a

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab5D8E.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar5E3D.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/1068-8032-0x0000000000400000-0x0000000000413000-memory.dmp

    Filesize

    76KB

    Download

  • memory/1068-0-0x0000000000400000-0x0000000000413000-memory.dmp

    Filesize

    76KB

    Download