Overview

overview

10

Static

static

3

66ebb78571...18.exe

windows7-x64

10

66ebb78571...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    117s
  • max time network
    142s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    23/07/2024, 08:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    66ebb78571adee745d593d2d5a36f6c7_JaffaCakes118.exe

  • Size

    36KB

  • MD5

    66ebb78571adee745d593d2d5a36f6c7

  • SHA1

    250205326cb67342d80f1e52ca87beb61935c0dd

  • SHA256

    d7b59141f885acd7f3eea30a4314e5910a0d89dae7567c5a88a0b397e4754188

  • SHA512

    8b49f3ff2d699983546a9628c32391c7ed81eb9e60dbc381a829bcf5d6010404bd372414a23e6388bf38dd68cd95c539300a9e545580b5c89c1da8f67d0c9b16

  • SSDEEP

    768:/Hp7EnFkWWWWWWWWWWWWWWWoWWWWWWWWWWWWWWWWWWvinhpuN431RNrYmMaPNhRH:/Hp7En7nhpuN43FrYmMaPNhR++86h

Score
10/10
evasionpersistencespywarestealer

Malware Config

Signatures

  • Modifies WinLogon for persistence 2 TTPs 1 IoCs
    persistence
  • Modifies visibility of file extensions in Explorer 2 TTPs 1 IoCs
    evasion
  • Disables RegEdit via registry modification 1 IoCs
    evasion
  • Disables Task Manager via registry modification
    evasion
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Adds Run key to start application 2 TTPs 4 IoCs
    persistence
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Windows directory 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 44 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs
  • System policy modification 1 TTPs 2 IoCs
    evasion

Processes

  • C:\Users\Admin\AppData\Local\Temp\66ebb78571adee745d593d2d5a36f6c7_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\66ebb78571adee745d593d2d5a36f6c7_JaffaCakes118.exe"
    1⤵
    • Modifies WinLogon for persistence
    • Modifies visibility of file extensions in Explorer
    • Disables RegEdit via registry modification
    • Adds Run key to start application
    • Enumerates connected drives
    • Drops file in Windows directory
    • Modifies Internet Explorer settings
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    • System policy modification
    PID:2480
    • C:\Program Files\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files\Internet Explorer\IEXPLORE.EXE" C:\Windows/help.htm
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2640
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2640 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2696

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\67McAfee.exe
    Filesize

    36KB

    MD5

    66ebb78571adee745d593d2d5a36f6c7

    SHA1

    250205326cb67342d80f1e52ca87beb61935c0dd

    SHA256

    d7b59141f885acd7f3eea30a4314e5910a0d89dae7567c5a88a0b397e4754188

    SHA512

    8b49f3ff2d699983546a9628c32391c7ed81eb9e60dbc381a829bcf5d6010404bd372414a23e6388bf38dd68cd95c539300a9e545580b5c89c1da8f67d0c9b16

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    25baf8db03b6373e88ea6939f8acc105

    SHA1

    ed21f65c101f6d944cefb755b7bb1923a36751ea

    SHA256

    7390393411c1d821a92e2fef5b429aa135845215504cfa8033411a3929f4b1d0

    SHA512

    bd1ffa77bdf583245940c9a6cc90e1b3dbba88426335cbd649f74895eca3bacfbff6c611cd0115d8c983785f31b4d9b3da995d7eaf046057a5030b829e54a4ac

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    16ad8969a9c915d44b1afe0bf80e7c8c

    SHA1

    1b9a619ff3569f991a883cb3101fd9c5eaa6b7c6

    SHA256

    6addca9b2d52d3712ef0a576649634ca03f99d2d119e547442f6e6a0e2cb6df5

    SHA512

    f2bdc517b3a87941386d376453dfe9149cf62e5ebb045f4e675326b39893b82e6ccb6025d03448fb8a42921da1e9de38fbdb48fc334d2a3565a9683dfbaee8d4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    b971f720a27f8c5a729f1e50d35e9ea4

    SHA1

    484867db0efa27f82e60a4a57fc52503597516db

    SHA256

    ab5298a44e587c99869215dcbff8f9df05ecf179c155b42a61982d620315e530

    SHA512

    323003d3848ad89a7420608b6f1e70ef780270b51385d875ed379e96e12bdf47da68dc344c3bf3d83793e5876b83ceb9d8bd2b448287a745c3d8d924f5997aa1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    f90e9b9ea31f7938262791e0728a960f

    SHA1

    ce26902d1612f91fddeba2c03097e0a9ee0dc569

    SHA256

    f4326b23cd4d12c07c1ec3e426351e95ee4d16296352e933d6c15324d26604e4

    SHA512

    6368684bbfb019f353e0e44d64c3ced2b541a57717cf64feb0c71fdff6cf2bb9b3b6b01e69ecea21c035df30abfe74441fe6d6d1db78b8e7c69473892f06f1e7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    86bb39c21fd5daff3787a9bcd5769bd6

    SHA1

    3da65541e2bdccdd753923a71d340a88461870e9

    SHA256

    f53661b0087f07e1846b2f4243fd4c4650dfbe0f052879221255faebd6dd46e1

    SHA512

    dda560959f25c074a463337dc3b0ba92537832205d8eeae4499f3dac9205a849f58e74fc37a426e1f56b7856ea0752b2e0def4da1075a08931d6c4271b7a93ed

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    a60ab87f63e61e0a55e53fd3882e46e4

    SHA1

    6a4bb250318e9c1b1bce9e0027d6e1eab1f4bd78

    SHA256

    d593f8baf9d2cffa36bbb04bef7b1f9773fb410a2fd2244c8751a2efb89b14f0

    SHA512

    1c992c145d77891139e0679e51b1fb5a0f531a270f4b5df74061d25736196f2c45d12e47353601bc7c85af5023379c590711e048bc10323054510d90e9de3dbf

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    69a8688c0f12db73c96ba1aba754abcb

    SHA1

    6ab5e908bddb324d6b0ab8dedbe2aa06cdaeeaee

    SHA256

    0356807d70ee7e13271fc6f0ef797891ef3054f5508591baf5c6e8b63962f97d

    SHA512

    0eba7401bd2f490e6a39baf72573eeb8dd8bed9f3ed796b590666cee40285b068809ec0d9065aba41f6c5164b5bb81d609499ae04b737587f179faa1135b8dfc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    f5a142dd32e62a3fa14d2b42901bd9dc

    SHA1

    fd1db1bddc5cbd3366764e5f69e138f5a4fea179

    SHA256

    28ac4b270657125b85f9dd805bdc2abbf50593bb1ea71b60f92c1fa64e7ac5af

    SHA512

    f345af752a095a1b1ddac4e3732d6d199dcc0dbddd132c0f3535a70f95b6ac231b7112fd759a81a1a8ebc1cf14ecfe1ddd69f3fbaa5eeb54c2f17203f67ee5f4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    9b69ac5b53aed95a55697f635787587c

    SHA1

    20291788516b5129d80c7027b75d96eb4ab4f169

    SHA256

    d28eb0392e403999b1b95759fc06d0c752ee42bdf263efe300923758b813b967

    SHA512

    652a4aa9ae020d24072d5cd826ed718e60de72d27d59301152fefe6caad359e934c42511ef9edc71ebe480bac85414c0e7aabcbca7e5fc87dae3a80ffaec91bf

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    59769ad6c3d3c2ac338af3ec750b2652

    SHA1

    ba6d48b10ea829e51c8b0ac544fe4e300ed2cafb

    SHA256

    4a703f0cc8cc163b5d814663f67251745764f525d344f7679fcd0948de6f3efc

    SHA512

    ae4a0204b9c6c7e4768a4abae2984ffeaba17cd14ab88e93f017312dd476b72625aa3d34e23c62379032974e62ec04a0e44836ca068600cc6963383f8591c4cb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    e714a81e867b569ba0cb1665a82a270f

    SHA1

    491e453eac52916f104f0194f2e661c6b4a99044

    SHA256

    db237b935ed3a41990a0e87a9324485d2e7fb5a7fd18aafcea740780f2f1cd48

    SHA512

    ae6d863568db4deda287eee175c33748aa7c8e64d855486c82a2b37527679041a1ba6dbca4fc70c8e7030b8c0a166741074d42d785dcccf541b89a4f0ad99153

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    5b9fc4635a766245ecc289a6f250f00c

    SHA1

    59ad9d9a09b52ef956888449f06788bb26dcc562

    SHA256

    e4c55a135fdeb2947a124b2ccff36054f55e8c8c3c89450c39315ca96c79d4bb

    SHA512

    1ada0c1d94977cbd47fdf4c39a4e6879bc0a5e0a137a9d5e9503fa980752cb8671e3bad0303be683ed0c76aac7eb6c79bd3aa4698a451993dfda9c03d40e1ea3

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab3833.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar38F1.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • C:\Windows\help.htm
    Filesize

    154B

    MD5

    6a1c9a8a3255028f64939c1e0e9deeac

    SHA1

    8ce0351e83ebcda68269872bc0f831af790130e2

    SHA256

    1fab6fe85dc17a8f92a63f9c32c807ec39c1598ea7883b3123236df6235abc87

    SHA512

    99c3f9c9348d06b6d4af2c2b88128685c06081bb65d5be1275a0d47d96186b91199af3fd2ab2e2d98071ba1ef268cddddd18b63b80ec8d974f6f56224e43e934

    Download Submit