Overview

overview

8

Static

static

3

5eab0dffc5...18.exe

windows7-x64

8

5eab0dffc5...18.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    148s
  • max time network
    149s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    20/07/2024, 02:22

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    5eab0dffc5c17bce13d167e556b0b5da_JaffaCakes118.exe

  • Size

    348KB

  • MD5

    5eab0dffc5c17bce13d167e556b0b5da

  • SHA1

    b0f7002e5d7ff7a65c3df353227031f18cdaa13a

  • SHA256

    f15d4e50aaefacc9ef3e349de66e751e327c7b72d115b33d392a5d29a995eebd

  • SHA512

    cf58f364fb646f9082de6847455f07884b9988f97492a149fe6ffdbcdc79304fbe1b57f2a23a3c142f283a697d95684951ad28c4eee8b7fe98243f760e9a2e9d

  • SSDEEP

    6144:ppMM8EV1kmffCpJip7WDBDRTUDsDvA8X9S1:URmfaXiE1DmITA8a

Score
8/10
discoverypersistencespywarestealer

Malware Config

Signatures

  • Contacts a large (1386) amount of remote hosts 1 TTPs

    This may indicate a network scan to discover remotely running services.

    discovery
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in System32 directory 64 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 64 IoCs
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5eab0dffc5c17bce13d167e556b0b5da_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\5eab0dffc5c17bce13d167e556b0b5da_JaffaCakes118.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:1068
    • C:\Program Files\Internet Explorer\IEXPLORE.exe
      "C:\Program Files\Internet Explorer\IEXPLORE" 212.33.237.86/images/1/report.php
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:828
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:828 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2180

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\ose.exe
          Filesize

          495KB

          MD5

          19c7af3efd777c3563bcbc0f623abab5

          SHA1

          53616178ef9f0dded41d8c3d471c9d9bd03a7c73

          SHA256

          7a475fb57d80ef8a2e4bfcbe36500effa690243d0c2e888e5e6111710a0027c6

          SHA512

          8c628ab543a1863408b992e0baf993882534c412fef37bfb790ea31314faf39a461ea7ca412fb5e715363321af0df3bdcea03dad1a4e058d56ab2d3b5b3f9c49

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          25859e0a73963233bf9617632c5d7d59

          SHA1

          c6077674e410f57694c3a58c68871b4355cae4cd

          SHA256

          0667fca28b54224d2b8159f383e0e27d287ff6b153f376b507f1f01722756d37

          SHA512

          7a5e2a50df1e38e571f4f1cc8b11d980d77598ac8aabc768a1a9287a8264c0ccafcc95dbae3d66b69b5e1e346e88a1de9dbf3b67342d44b19ce56cbd6a146333

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          253fa576313ea7318635e6d640e46575

          SHA1

          a06e23ef5810ee58281ed7906c3f19deafbdf266

          SHA256

          549506918da00ead389210828ccd648647ad3b67c0f2e69e0e7c708d70da47f3

          SHA512

          c160118bf8e157e8bcc68e29b29248a4073fa3015989e871503e95896c8835a65942d497c742ca43e68f88d4eff388eb1e1e2e8a5a3606f23c0404278348394f

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          4f6e074053c2a735c994cefeafeab224

          SHA1

          5f3c66fbd4edfa7907df13d16f6f548fe75392c8

          SHA256

          01f3d51bf539681a420ea88346f5658daeb7dd27f9baab5612427019e3c8dda4

          SHA512

          a0cfea27765e5253d979f3dcf48d6e7a36c3cf31a7930332a022552da56bff9b05d073ec2b744dd6e5fa675a76b9387d81416a416813896eea132953c34b777a

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          ebc0bbff8040d2c0989f478a429dd649

          SHA1

          46d844a1df7a4fc408c6533e6ad50a74be17a398

          SHA256

          0d45b9da0fff7b2b5db1de6fbdc5f47a3ff52530ff6b535f280f2e519983b533

          SHA512

          e745ca9403bc95648a025ee529bd313023e072e5542495e4f1ff9d84c0d70a39d9eb439b125bfe01ed6528c42b3d7d936becc9f1735bedad32e8616f452c8a02

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          053e60ad0b36491c020365dee553a00d

          SHA1

          ee4fdbedff47d780dfc81bf4fad2d38e8e9c4745

          SHA256

          1aa0e542f094fc0bfb7e66055efe5e4524f2ea4c13591adb98e4c2e8b5743027

          SHA512

          9e8979459ba2949dc3ea11fd0ee48ee1f4e4e3b8e975d4311d35110a16721fd30c42a89bebd79b212b755389e197d2e9cb396a1dc65c83993ed82d8296061ee3

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          8fecbea668db1741e18719151e492f66

          SHA1

          458f08ea257243a12b79c9a47e80ccbdeba8fbdc

          SHA256

          d98ccd35eb70f14fef8e156c55277e2971723f88ff45df7b9ecd6a1498c4c375

          SHA512

          793c84ff9a2fe0ddeaf9a38c779bdcb3d3cd7f3951390c9515935a0c78c46188c7adbbf2bd57c81f546ad40dbd99dafda7f859d0357f4c08c9ff1c2e8125df0d

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          044e150c9ccfd12069b153a0c6b041d2

          SHA1

          ddcc1d19c9b5f75596816b3e5ffcba72efb88398

          SHA256

          044a125ef3ebd8c8a1f7858f996327f6cf272d4bc8d8708cd2d9aa2d6e9715ac

          SHA512

          5685ec4b1d648724a29cec709c25d031931d469b8387d804a1641be778ebbfa2b6e5030d6dc619a027997a2b283e2d4bccca840157aa81cafe7339c8e89f825c

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          12680074b3d63504188876f304c89eb1

          SHA1

          3786d7e284e91ca881b61807c9687a20872a7290

          SHA256

          3d25bc26ff07533411fe331e44de890b148117cbc540cc62bb5fffd4d104e875

          SHA512

          d7c6e016265cf4d09aeef48b98fdac063fb8556d1ad261e1742edd31686bfa232252f005eff00088e3db5699adf83380e9ed402303e8e991d5444c9d41371358

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          3c5b683a75a8b9b74bed60a86cd1ca16

          SHA1

          f891e4e9ab733eda96e2014a14f20e6e26ac9b7f

          SHA256

          173f71efb2f43263dbc4e863da926b1515395521d2afb70a6377e467a365cb7f

          SHA512

          48e7c5bcf6ea4253793529c06358e33740e8464b400afaadf0bfd31a3f707d420a7bbb6b88908dda00cf4730705c3bba5c0a23ece81828d572e914e057841970

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          aa049f090d561fb098e8d1e800db5cc2

          SHA1

          8a3fa5c4f5bc2961efa015bd35838c80cbe8c9f8

          SHA256

          b25277bb4b662b3eaa16691e0c4191e6b6fa454c13ac95031ab74b6883f428bb

          SHA512

          380505ae519d410a4e721ad8ac0181ee48ff5e2821742c98247738c1d31f9341400ca64b767ff6070361ed5d6e91a0faaf906104a1a95eaa471e6648af23e522

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          8f6dd7d6938545e282a13754a3fdc9fa

          SHA1

          2c3939f9fb5ccf46a31ad88a0c008f54903befb4

          SHA256

          74c34f59cc124b495138e23f691ae74f5acad1059d5e5f88d269cb0c7a7be979

          SHA512

          5b8be3618aa54f71b3433ac25455f2309c937c7cfbd0d1ffe0032ded13046fe95839aee4707fb80d44685ffda5d7442908d80c65ae224f9bbddf764a86e7c932

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          f7c0cab1898bf5293d49261c9a3f6338

          SHA1

          73f05beb3dba80cfeaba8496cbf838ef77effe68

          SHA256

          8653cc297755158ed813e855aa28f4b02be89d1508db1528e3badcb5fd77f7cb

          SHA512

          67228f5cf089680feffa5369622ec6b1ed12424941e21b5eb25918e3dad74e12f75cd60eb06280e84145962114a355998606e77ac3f5f2db48d857cb29b4f4c8

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          5f48c76a14ffd45e2c0636a5651b8cdc

          SHA1

          0557e8970e6063e06150585ac10a106177c2b3b7

          SHA256

          ceaafdf48a835e3b7d4b0ef349b275db1726d568b10409bc4af645b88c642925

          SHA512

          2e0ce63fb30cd4576fc3bd7be9767f3a61690964de6afdc0d5cce0981197d7e6d27d444419875d49702e32943d6fddaf3bd62d735a0c8d83d940233d901485d1

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          1d3a5c186abca14fd2dceddc8eb5a344

          SHA1

          41913c520878430c376b0619d7e0dd36a258586a

          SHA256

          3eac45b778ac59afe98072769113f4fe3671988d27cc20288e6a32acefa624c9

          SHA512

          4397f661fc7d1d4b082c07fe26f17c4474acce075c1fde53975e6f544200976aad3842602c699ca41e524f3a16cc630c8a3ec9aea38ff35f505c4949c48f97cb

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          63fb45ba238938fed4ce47f9c2da3f30

          SHA1

          65e81cb911b202f7ba5b7c1904d9a8b0aab00e51

          SHA256

          cc3dd761d650747221eab211fa875a9ecf2ab8c8ae9facb9e90d37f032d4eab4

          SHA512

          a83eb751d1af7a55b853abb7a45e3104dbe61bffca4fce629b81e7e5ddfb8ea351c2cd24b10360745d6a49e11262037029d4241e30a8beeaec40f0f9dff0de68

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          acd88d867fc3d23c3f800551161d55d0

          SHA1

          04113ab24554faeb1b5d7448761787cc7e286f54

          SHA256

          c103235f6682a0804035d4dc0d85ba1a2ac6f1ee2ade4626950348f9a2146f05

          SHA512

          e8713bcf12eb90bcbd9de34ba197eafdd283ad6b0f5af309173fdc6655a9fd6e7d1457d3f274f3f6554bde80421db9c41423d5cb58d2f10cb208d24d3908b7b2

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          82226c37b7f706a2be10f66bae3f9588

          SHA1

          8f0ff377f86e86cfcd47a356e6b946c73169f7a5

          SHA256

          e065a91b4ef23c3a1677d53a4d8d53d3e00bbe8622e69134f1b648f969c3e707

          SHA512

          1e9bbea8674c93c05e48d44554078e5616882344ea9bc9fa157c92ec7d6d1d15ab6703918fd2df190325c88354f08223da612db0c8592e168b70452441da73bc

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          2063389e6ecc84e17b6dad8e6005b8bb

          SHA1

          0c888abb314272d49e11221c9a16d9e806b4547b

          SHA256

          d5602888db924a6a34939f3ec5bc463cb899de795a78c5b6374700974a94afd1

          SHA512

          2d4508c38882633dd7031d31999c7bad8fc25fafdc1a22c42e761e976f0925d3eba86be8133a16dbe9ab91f16585357bc901a586addae255eaaad2a756c86402

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          1690d53541ca8821d7cb975f970fcfd8

          SHA1

          9139e20b74f987ef9a19e50bef66760c491bc472

          SHA256

          ef9cef6e1ee4dd45f91f065895180b6231020f7d01069800a623337340f6783a

          SHA512

          14fb8c3cba8d8b4e62f779b46db5cafc5908349adce29f810def8762637e75c830f09277432b934122cf9439bde02fcac7073de81aa121c498e87756d93afc4a

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\Cab5D8E.tmp
          Filesize

          70KB

          MD5

          49aebf8cbd62d92ac215b2923fb1b9f5

          SHA1

          1723be06719828dda65ad804298d0431f6aff976

          SHA256

          b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

          SHA512

          bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\Tar5E3D.tmp
          Filesize

          181KB

          MD5

          4ea6026cf93ec6338144661bf1202cd1

          SHA1

          a1dec9044f750ad887935a01430bf49322fbdcb7

          SHA256

          8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

          SHA512

          6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

          Download Submit

        • memory/1068-8032-0x0000000000400000-0x0000000000413000-memory.dmp

          Filesize

          76KB

          Download

        • memory/1068-0-0x0000000000400000-0x0000000000413000-memory.dmp

          Filesize

          76KB

          Download