Overview

overview

8

Static

static

3

6863a88b97...18.exe

windows7-x64

7

6863a88b97...18.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    122s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    23-07-2024 16:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6863a88b9753b6c0741f94d0a61a9078_JaffaCakes118.exe

  • Size

    148KB

  • MD5

    6863a88b9753b6c0741f94d0a61a9078

  • SHA1

    de64424880919984259418b598f414598e874a27

  • SHA256

    b68b5627d4140641fbc69554c74365a83a3556bf1dc4650c35865a701276ead5

  • SHA512

    5e9cfe21d1ee442024e0f47a49dccc2414ea804be75ceb8fa4ceefddac7fb3b01774bbf5676682a5735684c050cf1de3d75dee9a33d2f507b8dcd867d6b61af6

  • SSDEEP

    3072:wDh380BMyJ1sizw4LiFjv7rveixfuHgmT0LeahNcnmhCGg:V0bPzw4Wjv7TzAHRZahNymY

Score
7/10
adwarediscoverystealerupx

Malware Config

Signatures

  • ACProtect 1.3x - 1.4x DLL software 1 IoCs

    Detects file using ACProtect software.

  • Loads dropped DLL 1 IoCs
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Installs/modifies Browser Helper Object 2 TTPs 2 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

    stealeradware
  • Drops file in System32 directory 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies registry class 27 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6863a88b9753b6c0741f94d0a61a9078_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\6863a88b9753b6c0741f94d0a61a9078_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Installs/modifies Browser Helper Object
    • Drops file in System32 directory
    • System Location Discovery: System Language Discovery
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:2448

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Windows\SysWOW64\msxml71.dll
    Filesize

    116KB

    MD5

    ecf55ece097ba83e7a9399e728bf85b9

    SHA1

    8ace9d052118c2136cea28a26b95c9edb82e870f

    SHA256

    0f34503fd9a1a9abdbbd4173fa47eb5b13df04d012a1d118df0f132a0a23fff2

    SHA512

    33abaca587651db3d9d217bf26838b6383f01caa6673c0685c3e1c225a118146966d87a40b598d36a09abaa4d7fe8ea7be1fa6f1565013346b33f302593e601b

    Download Submit

  • memory/2448-28-0x0000000010000000-0x0000000010056000-memory.dmp

    Filesize

    344KB

    Download

  • memory/2448-17820-0x0000000010000000-0x0000000010056000-memory.dmp

    Filesize

    344KB

    Download

  • memory/2448-32493-0x0000000010000000-0x0000000010056000-memory.dmp

    Filesize

    344KB

    Download