Overview

overview

7

Static

static

3

86d373bfed...18.exe

windows7-x64

7

86d373bfed...18.exe

windows10-2004-x64

7

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...sh.dll

windows7-x64

3

$PLUGINSDI...sh.dll

windows10-2004-x64

3

$PLUGINSDI...ss.dll

windows7-x64

3

$PLUGINSDI...ss.dll

windows10-2004-x64

3

$TEMP/~nsi...86.dll

windows7-x64

3

$TEMP/~nsi...86.dll

windows10-2004-x64

3

Cloud-Web_2_86.dll

windows7-x64

6

Cloud-Web_2_86.dll

windows10-2004-x64

6

Cloud-Web_2_86.dll

windows7-x64

6

Cloud-Web_2_86.dll

windows10-2004-x64

6

Cloud-Web_...86.dll

windows7-x64

3

Cloud-Web_...86.dll

windows10-2004-x64

3

Cloud-Web_...86.dll

windows7-x64

3

Cloud-Web_...86.dll

windows10-2004-x64

3

Cloud-Web_...86.dll

windows7-x64

3

Cloud-Web_...86.dll

windows10-2004-x64

3

Cloud-Web_...86.dll

windows7-x64

3

Cloud-Web_...86.dll

windows10-2004-x64

3

Cloud-Web_run.exe

windows7-x64

6

Cloud-Web_run.exe

windows10-2004-x64

6

Cloud-Web_run.exe

windows7-x64

6

Cloud-Web_run.exe

windows10-2004-x64

6

Cloud-Web_tb_2_86.dll

windows7-x64

3

Cloud-Web_tb_2_86.dll

windows10-2004-x64

3

Cloud-Web_tb_2_86.dll

windows7-x64

3

Cloud-Web_tb_2_86.dll

windows10-2004-x64

3

cloudidsvc.exe

windows7-x64

3

cloudidsvc.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    125s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    10/08/2024, 16:35

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    86d373bfed6b406b22e3b4fbee8fc3d3_JaffaCakes118.exe

  • Size

    587KB

  • MD5

    86d373bfed6b406b22e3b4fbee8fc3d3

  • SHA1

    c17ef466f1c2b0a8c769ee7d603a418f9227f2c5

  • SHA256

    0d7b2a6a1166cc076399aabae4b321be6476405ded15c4c099edc924cbc26ef4

  • SHA512

    ff3c4cecefdc787ecfdc12453a15984c948dae1b99e31e1f9fd6de5509c680c2d4d7d449acbd6ac85a369a7c1262d1ade4d6acdc15baf8ef2ac4f203fd1630ec

  • SSDEEP

    12288:ntPYVQ5aM9yZgcT/uysBKguosG67cvQeglViTeyJF9KW:ntPYV7Q0DbrsB7sG67cvrgniV7

Score
7/10
adwarediscoverystealer

Malware Config

Signatures

  • Executes dropped EXE 5 IoCs
  • Loads dropped DLL 32 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Installs/modifies Browser Helper Object 2 TTPs 2 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

    stealeradware
  • Drops file in System32 directory 1 IoCs
  • Drops file in Program Files directory 16 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 6 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 9 IoCs
    adwarespyware
  • Modifies data under HKEY_USERS 28 IoCs
  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 28 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\86d373bfed6b406b22e3b4fbee8fc3d3_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\86d373bfed6b406b22e3b4fbee8fc3d3_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Installs/modifies Browser Helper Object
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2192
    • C:\Program Files (x86)\Cloud-Web\cloudidsvc.ex_
      "C:\Program Files (x86)\Cloud-Web\cloudidsvc.ex_" /stop
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      PID:2532
    • C:\Program Files (x86)\Cloud-Web\cloudidsvc.ex_
      "C:\Program Files (x86)\Cloud-Web\cloudidsvc.ex_" /u
      2⤵
      • Executes dropped EXE
      • Drops file in Program Files directory
      • System Location Discovery: System Language Discovery
      PID:2580
    • C:\Program Files (x86)\Cloud-Web\cloudidsvc.exe
      "C:\Program Files (x86)\Cloud-Web\cloudidsvc.exe" /i
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops file in Program Files directory
      • System Location Discovery: System Language Discovery
      PID:1712
    • C:\Program Files (x86)\Cloud-Web\cloudidsvc.exe
      "C:\Program Files (x86)\Cloud-Web\cloudidsvc.exe" /start
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      PID:448
  • C:\Program Files (x86)\Cloud-Web\cloudidsvc.exe
    "C:\Program Files (x86)\Cloud-Web\cloudidsvc.exe"
    1⤵
    • Executes dropped EXE
    • Loads dropped DLL
    • Drops file in System32 directory
    • System Location Discovery: System Language Discovery
    • Modifies data under HKEY_USERS
    PID:2600

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Program Files (x86)\Cloud-Web\Cloud-Web_run.exe
          Filesize

          127KB

          MD5

          32042626d8f432f5ff657a243c416b8f

          SHA1

          72f011eacbb0dace2f7bcfce3a4627121a468020

          SHA256

          50a6167f836b3ff7f4782ae989e5176c5eea2c2941ba76b6492cad18403824c8

          SHA512

          689dfd41e64579f92e43cb23b4646456854bb9b4cbcb3ff6e11e3c0042599dc70f3d8b5c6ca7b3ef57d094d702c0b16591ae2c91d6b3f775bcf5e625e7ecc32e

          Download Submit

        • C:\Program Files (x86)\Cloud-Web\Log\cloudweb_up_20240810.txt
          Filesize

          304B

          MD5

          a15602212112b7c9ee3e8545a4992490

          SHA1

          16408ba21e8e1c5917dd475259c9dddea0bfdbf7

          SHA256

          ac845a543d21c3cc3402e9dbec830f41a0c35c8485e7b2a84b02eeceb12c40d9

          SHA512

          a807dc6fc166ea43ba24f2081159024251900e7e8c994722252ff221128dd9a64ce3e954cbf048e04c9f6fb39aa369e64468defab270f17ef24bfb8c6577656a

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\nse4B73.tmp\splash.jpg
          Filesize

          631B

          MD5

          d68e763c825dc0e388929ae1b375ce18

          SHA1

          7951a43bbfb08fd742224ada280913d1897b89ab

          SHA256

          25cf0f0ce42f8acd9ea6facc223f54105c7fd0cce63fb7bb5d83e6600100acbd

          SHA512

          1e146e2631a4f3bd091905ccc10ed1054700349648cd52aad24eaeeedff0fac4b44b6212284a6d0855942ff16308c66402ecb895e68ef1c66dcd496973043cdb

          Download Submit

        • \Program Files (x86)\Cloud-Web\Cloud-Web_2_86.dll
          Filesize

          123KB

          MD5

          8e546f947aa43b70ef624a4dd0d8620e

          SHA1

          d1aa7b65ee22fd615caff85771025f6e4c58e895

          SHA256

          a7c164d2058fda19461a13a5248c3760e92f7b5880bf5b8c6f344d39b089b89d

          SHA512

          1ac840e44e1f25fb698da782a887ce76c6cf5658dd6238f62a65d3dfff96ea69a6a3c310cdd3ddee4a40ffe7a93f17331aae5e1d425b714a32dd2dae877d8b4f

          Download Submit

        • \Program Files (x86)\Cloud-Web\Cloud-Web_mime_2_86.dll
          Filesize

          210KB

          MD5

          e03152320af546785839f21cefd28ce1

          SHA1

          7264e5753bb5313b9ceb69d05c15e000ed938559

          SHA256

          6807aee8007988c5409a947a526c187c66e349886399541454800ce2a99c2442

          SHA512

          93681775e96cb80b8cc4b89c788902f5070497c5a0120c0ba965c14e651ab3726387bc0d3f8feeaf315ae45bd7bf40bf37f1e2fd379b89bc812c9dd2fdfefb5e

          Download Submit

        • \Program Files (x86)\Cloud-Web\Cloud-Web_tb_2_86.dll
          Filesize

          127KB

          MD5

          6bf0b1dac57d79d018e567379197944f

          SHA1

          349ce9952d367859cd4199ce43f13ee14b3c05b3

          SHA256

          9b21dacbc096a569b9235873cc9a0e7a132e8ca2b30996ff4ff1bb42b0429cfd

          SHA512

          4ad289bdf745416a495caab203b9940cb8726cba29f95d5daf542691934a8ac80afac479714928d247426c4b7e71c21b51caacd2216f4262d93ffbf68cf53fff

          Download Submit

        • \Program Files (x86)\Cloud-Web\cloudidsvc.ex_
          Filesize

          107KB

          MD5

          0b57314ff5be99b2ae45accef7c99275

          SHA1

          777fe3c50fb29da644c28e42118e65f187502e12

          SHA256

          9a9da31bf5819eb156f8ef34d3fbe859ed61e71f8837db77a5cf6c46e54abedf

          SHA512

          35c5f7a3b7661286947c9c461de113e49d741a327b6a7f36f775885c55f89ec64cdd36a78fb987a6ad1ea983924f826ba577ce0fef5479848c97d610250f7ee3

          Download Submit

        • \Users\Admin\AppData\Local\Temp\nse4B73.tmp\System.dll
          Filesize

          11KB

          MD5

          c17103ae9072a06da581dec998343fc1

          SHA1

          b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

          SHA256

          dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

          SHA512

          d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

          Download Submit

        • \Users\Admin\AppData\Local\Temp\nse4B73.tmp\newadvsplash.dll
          Filesize

          8KB

          MD5

          7ee14dff57fb6e6c644b318d16768f4c

          SHA1

          9a5d5b31ab56ab01e9b0bd76c51b8b4605a8ccce

          SHA256

          53377d0710f551182edbab4150935425948535d11b92bf08a1c2dcf989723bd7

          SHA512

          0565ff2bdbdf044c5f90bd45475d478b48cdbd5e19569976291b1bdd703e61355410c65f29f2c9213faf56251beb16d342c8625288dad6afc670717b9636d51f

          Download Submit

        • \Users\Admin\AppData\Local\Temp\nse4B73.tmp\nsProcess.dll
          Filesize

          4KB

          MD5

          8f4ac52cb2f7143f29f114add12452ad

          SHA1

          29dc25f5d69bf129d608b83821c8ec8ab8c8edb3

          SHA256

          b214d73aea95191f7363ad93cdc12b6fbd50a3a54b0aa891b3d45bc4b7b2aa04

          SHA512

          2f9e2c7450557c2b88a12d3a3b4ab999c9f2a4df0d39dcd795b307b89855387bc96fc6d4fb51de8f33de0780e08a3b15fdad43daeaf7373cca71b01d7afdaf0c

          Download Submit

        • \Users\Admin\AppData\Local\Temp\~nsis\Cloud-Web_nad_2_86.dll
          Filesize

          551KB

          MD5

          a6fbb70c4b84e803d5d9aa98a1f93479

          SHA1

          efb3a46f6f863ab348aa550fb2c49e2e4a94ffa5

          SHA256

          b407a925b2cc0cb89113b5a94261a6d33e2c627e7bd46bbc0791eb124d77ba1a

          SHA512

          0157f42162e01654f04b21cc02120aa54cdd13d0e694a4ac98423466820a71296b32b84065ad9edbb2e029030457cfbdb835820dd16f835767e89e6895ad7e00

          Download Submit

        • memory/2192-49-0x0000000003230000-0x000000000324F000-memory.dmp

          Filesize

          124KB

          Download

        • memory/2192-53-0x0000000003230000-0x0000000003250000-memory.dmp

          Filesize

          128KB

          Download

        • memory/2192-56-0x0000000004290000-0x000000000431D000-memory.dmp

          Filesize

          564KB

          Download

        • memory/2192-12-0x0000000001E80000-0x0000000001F0D000-memory.dmp

          Filesize

          564KB

          Download