Overview

overview

7

Static

static

3

04b3e58bcb...18.exe

windows7-x64

7

04b3e58bcb...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    140s
  • max time network
    138s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    28/07/2024, 01:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    04b3e58bcb0b43fa1317e54788102484_JaffaCakes118.exe

  • Size

    23.6MB

  • MD5

    04b3e58bcb0b43fa1317e54788102484

  • SHA1

    6cbd0a39cce5c11b814b391353b78401f552c930

  • SHA256

    c7d868c31d644792f44a209af33ef66e17a069b474ed02fb812a4bd57e2d45ac

  • SHA512

    3d24841355820a077b2fd79df42f4f6c8a844d8b049a7ce72641e32129486fedb0ef6dc21ff85603423eec86c7705ddc80cacbf94be5f728b0bf9f3abb1fd910

  • SSDEEP

    49152:XYgph7GBfWLHQ+V8tgJd8oDkYOMjJDkYOMwwnMb4PmyVPsC1:XX77GBfWs+CgaVYO2GYOXwnS4rVPsC1

Score
7/10
discoveryspywarestealer

Malware Config

Signatures

  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Drops file in System32 directory 64 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\04b3e58bcb0b43fa1317e54788102484_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\04b3e58bcb0b43fa1317e54788102484_JaffaCakes118.exe"
    1⤵
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:1816
    • C:\Program Files\Internet Explorer\IEXPLORE.exe
      "C:\Program Files\Internet Explorer\IEXPLORE" 212.33.237.86/images/1/report.php
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1232
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1232 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2720

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\ose.exe
    Filesize

    23.8MB

    MD5

    37c50316cd3c3dbcfc0e9c58ffe5c2d8

    SHA1

    47f32bd981fda431b26b7f75f342df2ce284ac5d

    SHA256

    81fc3fa3b87c543e5a1ebed551c32c6891e2cc2999fb6b1809abd9db6cfdda79

    SHA512

    3299e9f17670cd8bece0b4b53797c04a141c46b15ea509f422466aa2483404943d6d874a7f61087131a95fbd7bb1f38cb7c2dac4d882da20d5059fc2bce41196

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    43243e6cec4c36812e13ce0af1a17b75

    SHA1

    7c1022e71579649b765101f080663fb14c41ea72

    SHA256

    71d9ad6cca8be38cdd432805ef9b3d849e23792af24a1aa63f306448b0db4894

    SHA512

    67d4d64ecb57f64f0c5125ae650d9023f54c378d7860bbfcdc8424177690d2ce3ef09e1b8222c240f47522e3781516ae8958dc199f111dcfcbb501a1de3d38f7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    851f36eefeb562eae003d0f6c7749308

    SHA1

    8542f3dd0f9725f5042fb12b3ba1cb4ebb7bdb86

    SHA256

    074eb29a1ec478cb7ace534e65d4b882b9cff76ea16cb194cc2bc8bfd971f068

    SHA512

    f61f0d136473ec3f7c033cb2477ec687292acaa770dfcd0c095b42698e351045c870dc21d8e45b58127d30d83f21211cc8cd6ef22fdb227f51e71333eac3089e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0abf27659b2da27739143d8c77099ff2

    SHA1

    532e5a1fef656010badffacfb72a8fa266d8dc9d

    SHA256

    b82bf4190d44e01ca1a5b95c9cc2879588d3da004da96ba909cb5ec00c120998

    SHA512

    73a988b9ec91982ac576916387b9b29593328b9122b1dac69471deb5072efc0bfcaa2d17378c54b210974c523b76aa2cf6e23f039d0aa29463ee891aaacb0b46

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e78f2e9bd299092a0c03d2e26debe0e4

    SHA1

    9e13094b52b91419160bc7d271473f3e95c8a6cb

    SHA256

    49b96bb98cecd3988d901c9d005fc41f065ec891f6a822580167b6b15e01ad60

    SHA512

    158e74e41c304704e7258fb55097660ec988db372f3e5bc87450cbc0bf76a6a0b86a2869ce11129cdcbad668387e843cd1b8513b9fd50147445b795b9737cc0a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b25afec680441b9fd43c6070e80605a8

    SHA1

    79189c4d51f7b995d682c2b108abe5b827b08d58

    SHA256

    eff2a8f7855f3eae2829631ecf86132fdd9800e559dbd5703ae88ab69b60db90

    SHA512

    b666d6391bce9a6b19a2e25e3a6133746e89d5fc168c056a29eba0b7a07119b3eea40e4e08ba5dd8d66f8a321c5ab4dd1737d40d326dcccd8e054161e3a4421a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    359c9e475b2a75f9268520411c3400a6

    SHA1

    4d2596b822b1c0c60bb14ef3cb58a4e574e1d7b1

    SHA256

    dd8491b52eaaeb6ea961f4d0d43ce0cfcbf978609135ee85e47b96935e3d399e

    SHA512

    04552011fd06f8ac95428ece6a0927008820f913d3d4ce12e05de533b0ef06ec2b702ebe6706bb1e1d84a99447404d7ea193db5b4dcbaa0d7c1e0dc8ff263748

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c8153aef21ef55fcd4db6d8d9b8dfb39

    SHA1

    98b60ed8ce55fb4487586d674bfbb853c719ba2b

    SHA256

    6fbc6ef378e2704938f898df236c171df117ababb32094b83a9705db0f757759

    SHA512

    9f7bd9a89baaeb6882571e3da90807c1ac6b7c52ee4b68ff0c652475a247982253b9f275d9ef08fd7bcdffa093ed14c743988841404c762a233e301ee6eeb66d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    053b63e6a8e0043bc627ca0b80eaa1e4

    SHA1

    c35a0d984a07a2edd7504c452052842f06536206

    SHA256

    fce7965257ae0ede0047e01ad5daa135e70e8b79881646e3a323b44e9a5ae9e2

    SHA512

    c61878e755f0bd9f2219dbed5d44e9c93d665260b0b036f14175334cc85f902671e296288636145f116bb308fb7dd3b2086f588549453f79499dccc5d1a8d7fd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    16dd3a913867170cfe9cc0bbb34a58d3

    SHA1

    3df4b5a37804d3632e50e5cff37dddc0ffd7bc85

    SHA256

    6b3f0eacfeff48fc491f5280fc920d0442969ecb9e3adf5d2f2a14bb4c9c6aaf

    SHA512

    77fcc56eab12e215a3658f7a195afc8f65fbb262c23ee9fe00ab43542bb4180ed11798ad49273a47a77758b9472e3b019b73089802f1f2e97f6588c189d761ca

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    882529b7fb247b28f7a12f3700d902a4

    SHA1

    b75b0a558fdec4af81c2d79ecf657265ed112e9b

    SHA256

    26d66857c864f032ba74b2ad9144518b0baa9471580763908145770cfbcfda21

    SHA512

    b7409f3a57b66b2365121a85f14fa62ee9c2e33ca76dc09fb4d9c2081ae10de7e9a659b880df337bd5d16d1906081dd23929167ea9a8744350837d2dae4699d4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c478435c2b154176471b1f03791c3a50

    SHA1

    e24b17df543ba622884ec785bc5219eccca0d599

    SHA256

    051c522660130a12cf7d7a87f4d0b5f2b79c9061e448dab35e5e9826b865c90b

    SHA512

    5c8024d16970b8cd5a1b52e021c42ffa69e02dd9992988d6351a7c4bf6b365ad731877563469d2d1f1f0cdbdd1651ccff0512f1c2643146bc10799e38dabe423

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2daaec1868739792ada2a5765c36e919

    SHA1

    405357b11a1cb722ae0dd9a2355fa732db56e5c6

    SHA256

    212eac2f03c03a5993c75d4bdb0e49cec239291dc58682de5fb8e342748bf269

    SHA512

    e70807c435f89847c4c0cff6cb21e6bad4012239e124b46bafc44deb989a88270872d77a07dc0b02f04cbe7f4b28c65cc9e02b78cce13eb630cdae74a6ea7667

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    28f28c5307ee3f29d9c67132a37002ab

    SHA1

    05464a048a8d64e6288be596d10f8580d0f71c9a

    SHA256

    1a66c7824fdf6f03297772c393161582fb913541d9967c0f54b8391c129b852c

    SHA512

    fe4ff2a11db720874717c6aa9dedf2fdadc81a19d896a810e084aecb41c4d61e79bc7f20ae84112c78ec1a45100e36bc1f94c59be6884c177ba608f4dba19b31

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab73EB.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar7574.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit