Overview

overview

7

Static

static

7

66f6cc6757...18.exe

windows7-x64

7

66f6cc6757...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    117s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    23-07-2024 09:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    66f6cc675747ea29354d217425461d2b_JaffaCakes118.exe

  • Size

    80KB

  • MD5

    66f6cc675747ea29354d217425461d2b

  • SHA1

    fdf3bbcf4e6bed8bb1d2a720cc73dec79f1e847b

  • SHA256

    57f40bafc8fc1f0b3efee13c49382b43c651b13e1db7b3ea7a20bc6bd3f402b7

  • SHA512

    b8b977abbcb08f286971ceb1d467816121b030cb828113a63fa9e02ddffbedcceb93edc0ff4ad97a5e1b4bcffddb4153fca8fbe4cf07687034fbb34ffada5a6c

  • SSDEEP

    1536:FQLnySgPuHzpak7EuvFd/Et6pirwzHZj7vaaXK5OQleMS49lQAiL3E8ccl:FQLnyS9HRAcWeiAHZjjauK5OQl44pyc

Score
7/10
adwarestealerupx

Malware Config

Signatures

  • Checks BIOS information in registry 2 TTPs 2 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Loads dropped DLL 1 IoCs
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Installs/modifies Browser Helper Object 2 TTPs 3 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

    stealeradware
  • Drops file in Program Files directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks processor information in registry 2 TTPs 4 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 2 IoCs
  • Modifies registry class 50 IoCs
  • Suspicious behavior: EnumeratesProcesses 5 IoCs
  • Suspicious use of WriteProcessMemory 27 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\66f6cc675747ea29354d217425461d2b_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\66f6cc675747ea29354d217425461d2b_JaffaCakes118.exe"
    1⤵
    • Checks BIOS information in registry
    • Drops file in Program Files directory
    • Checks processor information in registry
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2412
    • C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe" /c rmdir /S /Q "C:\Program Files (x86)\Insider\"
      2⤵
        PID:1912
      • C:\Windows\SysWOW64\cmd.exe
        "C:\Windows\System32\cmd.exe" /c rmdir /S /Q "C:\Program Files (x86)\Router\"
        2⤵
          PID:2176
        • C:\Windows\SysWOW64\cmd.exe
          "C:\Windows\System32\cmd.exe" /c rmdir /S /Q "C:\Program Files (x86)\JavaCore\"
          2⤵
            PID:2300
          • C:\Windows\SysWOW64\cmd.exe
            "C:\Windows\System32\cmd.exe" /c rmdir /S /Q "C:\Program Files (x86)\Eroca\"
            2⤵
              PID:2060
            • C:\Windows\SysWOW64\cmd.exe
              "C:\Windows\System32\cmd.exe" /c rmdir /S /Q "C:\Program Files (x86)\mjc\"
              2⤵
                PID:2624
              • C:\Windows\SysWOW64\regsvr32.exe
                regsvr32.exe /s "C:\Program Files (x86)\Mjcore\Mjcore.dll"
                2⤵
                • Checks BIOS information in registry
                • Loads dropped DLL
                • Installs/modifies Browser Helper Object
                • Checks processor information in registry
                • Enumerates system info in registry
                • Modifies registry class
                PID:1952

            Network

            MITRE ATT&CK Enterprise v15

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • C:\Program Files (x86)\Mjcore\Mjcore.dll
              Filesize

              112KB

              MD5

              7ef8c70f20b40dc8f9802993ce7ea1d1

              SHA1

              ee021a3e1abd2f162407a81d93a649e6c3aae346

              SHA256

              e811a54532d4fb244372b498fcfd15380a216d96e9083e53cb0672b91cadb489

              SHA512

              f7378158cb82234b393bf053a7a1ab6498dfc9a3b79299b735d3cfc3ace6db2b362a41bca9acf529f862cd73bd2d6260393b90021735a6847e3ca33ea206e11f

              Download Submit

            • memory/2412-0-0x0000000000400000-0x0000000000420000-memory.dmp

              Filesize

              128KB

              Download

            • memory/2412-4-0x0000000000400000-0x0000000000420000-memory.dmp

              Filesize

              128KB

              Download