Overview

overview

7

Static

static

3

89261cc697...18.exe

windows7-x64

7

89261cc697...18.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    149s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    11/08/2024, 05:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    89261cc6977af428690e120864f1c226_JaffaCakes118.exe

  • Size

    848KB

  • MD5

    89261cc6977af428690e120864f1c226

  • SHA1

    9d372d8ba25450ee6095daec1a909c532b1c3814

  • SHA256

    01c221607c869b75aeb9ff58a37adc9c5023f46d99f85ff4162809a2aa1c47f1

  • SHA512

    c5c64c86a56c6f4dcdfb9d208e0b88b8a625b3f33964ffe4d61bb0609cc6bb45fd7cf358fe15dbaeb1cf7cefd6b285b767c450e2b067ff51d52049fc989bfc08

  • SSDEEP

    24576:luz2eVrPw7373zHEA6hQz4OWDjhSsmx6:lkrPe373zHEA6Kz43hSsW

Score
7/10
discoverypersistencespywarestealer

Malware Config

Signatures

  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Enumerates connected drives 3 TTPs 21 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in System32 directory 2 IoCs
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:1200
      • C:\Users\Admin\AppData\Local\Temp\89261cc6977af428690e120864f1c226_JaffaCakes118.exe
        "C:\Users\Admin\AppData\Local\Temp\89261cc6977af428690e120864f1c226_JaffaCakes118.exe"
        2⤵
        • Adds Run key to start application
        • Enumerates connected drives
        • Drops file in System32 directory
        • Drops file in Program Files directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2556
        • C:\Users\Admin\AppData\Local\Temp\89261cc6977af428690e120864f1c226_JaffaCakes118.exe
          "C:\Users\Admin\AppData\Local\Temp\89261cc6977af428690e120864f1c226_JaffaCakes118.exe"
          3⤵
          • System Location Discovery: System Language Discovery
          PID:2272

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\readme.eml
      Filesize

      14KB

      MD5

      33dcebc09ab9402599037184c47509b4

      SHA1

      87fbd1f6b8f9333707837a075daa8af7b3d65f74

      SHA256

      4752cd6dec1526940b9e9b4a15837525e4adc5a38cd62181999d3ff302e47ad4

      SHA512

      f760b71f6c49fe61da72a7fa7678a0587334f8ab25a67cde6b914eb7eefda4f20a80c739af11c98c52fd00b214d2df6956ff8136c2906333a4650b1be373909e

      Download Submit

    • C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html
      Filesize

      12KB

      MD5

      8156706568e77846b7bfbcc091c6ffeb

      SHA1

      792aa0db64f517520ee8f745bee71152532fe4d2

      SHA256

      5e19cfbd6690649d3349e585472385186d99f56a94dc32d9073b83011cea85f8

      SHA512

      8760f26069296f0fe09532f1244d93a57db4cafa8d06aaa9dc981bcaed4bde05366ef21e6f0c1aadad4478382b59a4e43d26c04185cf2ed965901321d05604b8

      Download Submit

    • C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html
      Filesize

      8KB

      MD5

      7757fe48a0974cb625e89012c92cc995

      SHA1

      e4684021f14053c3f9526070dc687ff125251162

      SHA256

      c0a8aa811a50c9b592c8f7987c016e178c732d7ebfd11aa985a8f0480539fa03

      SHA512

      b3d4838b59f525078542e7ebbf77300d6f94e13b0bff1c9a2c5b44a66b89310a2593815703f9571565c18b0cdeb84e9e48432208aaa25dff9d2223722902d526

      Download Submit

    • C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe
      Filesize

      451KB

      MD5

      b11ea9ded93df31b7635d0e356eb3fde

      SHA1

      c29bbda8671a5ad2e40ecfb49b013699d1e026f9

      SHA256

      423d1b4243c3703f5e0f679151068b90aa00ef7958831fca8508cf3f8a3487e3

      SHA512

      f4ee6dd9ec0c72435b4f2aef9196efed46442abfa43c8c1af7fa7bb0c4dc3b15e65e1766ba005033c565a679cf391f1f34db778d873deeca55a4a85d714d4002

      Download Submit

    • C:\ProgramData\Package Cache\{4d8dcf8c-a72a-43e1-9833-c12724db736e}\VC_redist.x86.exe
      Filesize

      640KB

      MD5

      95c5a645f6e0715d4418787e7aeaa41d

      SHA1

      6ab5e2aabad86a8a8c61c258a30262b1c475b561

      SHA256

      319a232dbdde3b0822566e4563dd131294fb615f9a24faa9f9ee022837facb93

      SHA512

      e4a773c054470b02d3ce0e1bea71723673fa99f845696e588533a1b94e6ca1677b36dba01df97f0a24bb36c54017979baa7e0c1c25c65d0586f9948594f065a9

      Download Submit

    • C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe
      Filesize

      640KB

      MD5

      e3cf316cdceb2b6fcbfe6ba52e29d341

      SHA1

      09e1a324384aec1b3778a9d0fa8039ea7b456ecf

      SHA256

      8f615f53e9f2905d0cdf972c2092e8d89b7f07575b826f6b286d21317d094e8d

      SHA512

      6bf8e05420d793a25871c7558ce4e09a91f1848e4443a6ef0bdd389675242ee854e8f02ffe338969cba94eaaed561b577ca601045184340b430bea9b45984fbe

      Download Submit

    • C:\ProgramData\Package Cache\{61087a79-ac85-455c-934d-1fa22cc64f36}\vcredist_x86.exe
      Filesize

      461KB

      MD5

      8d34135b15c299ff4caf3f13cf43fe37

      SHA1

      c2d69747331438d63482237e19c2a5afe54dd0a3

      SHA256

      fcc717da8134fbb24e9be8b4a0f1418212b9b19b2334febee9df4a3288ce33a7

      SHA512

      cf4bfb28826467e537740d5911fb9be55c0c4e7bc96c00df987704eb8521a97b3cb069c307ca3461b9259c5da12da4131fa7436863d080f5b5df87ff5d0899ca

      Download Submit

    • C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe
      Filesize

      451KB

      MD5

      34c57b74fcc73f6e84f96ff9123cea36

      SHA1

      2742912ee0630499884a56aad07c5b1b29d53838

      SHA256

      be4e9d57ac61434388c3e425a80f60ee9a2e812cb1e801565472a1b582faa0c6

      SHA512

      eda1bac1a384e0eff446b23f5898215138cc2048b17a9739efd9c032e7fd45bf7674ffb19d701defa08c1e7fefc371414e2e139edaa65fd35911ebe11194f17c

      Download Submit

    • C:\ProgramData\Package Cache\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}\vcredist_x64.exe
      Filesize

      461KB

      MD5

      99ce08462f8251b1bcbda69e3564e614

      SHA1

      2a645b4a4e1d1486d1ab98f6c0d06ff20c099b43

      SHA256

      2361b43a5ab3e32b4587307b4bf4e0f3eaf263812333d685eee59a17023221ee

      SHA512

      12f0b5467759d8e46ae4aa813ae16f3d6559b6546aa07e22a53003a309af0b9d98a84ae9e40180ff947c15c5f50f3ffbf19328ac8a045b71dce91d058b91d594

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\ose00000.exe
      Filesize

      152KB

      MD5

      04c0c9380c79c803a1db71e8da063f92

      SHA1

      adec92a0b314402353e57f2c8862a20ca7a2bccd

      SHA256

      985cfa641b556ca4a47d031555dd61cfa9cd22ffa32d98a147150ffb09bc2e26

      SHA512

      eb35e5acba362a6eff1833e5ebc3bc5c40c774eac3a3082e84b285289e4d013c41148c4003c16ef6d1dc463017d8da4d5ad41c38b7764f52afd6cdfdc09b3967

      Download Submit

    • C:\Windows\SysWOW64\runouce.exe
      Filesize

      10KB

      MD5

      ad6789f6f28ffa0a6cbfcb471ee273fb

      SHA1

      e402598e2a23d8efd3790861524c927bca869225

      SHA256

      937e29b4129daa50c8c0e9aa0beacd81b40a2bc73f4d90eaef0cbf05a81624b5

      SHA512

      bba8656adbfae4097f8aec24fc9ab81ff3d6b0cafd4de5ae26fbaa8dee6f959bae6ee6397d86954bc4f5dd24599f3e76784d11b904c8c4c94ad7a67ced8d3fcc

      Download Submit

    • C:\vcredist2010_x86.log.html
      Filesize

      81KB

      MD5

      1e0debb0abde842b91f79aa72ba114f5

      SHA1

      b3fdb9bf7d904ed09ae8c9504c67276365c52586

      SHA256

      e52efae39cc0a7c4e335ddb7b2a1bdf1cefe1514a0b7c1fb4e95498ebb33c1f2

      SHA512

      e35a1c2f7c0d0af14eb1214b1003b4946f206b77b91574d3a1d1950b0dfaf566e6e119664761c40d9e10a3ce7ab041d7e4d7a17a41c4f5d2e4cf83f047d09660

      Download Submit

    • memory/1200-3-0x0000000002540000-0x0000000002541000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1200-2-0x0000000002540000-0x0000000002541000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2272-0-0x00000000003E0000-0x00000000003E1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2272-434-0x0000000000400000-0x00000000004E3000-memory.dmp

      Filesize

      908KB

      Download

    • memory/2556-858-0x0000000000400000-0x00000000004E3000-memory.dmp

      Filesize

      908KB

      Download

    • memory/2556-967-0x0000000000400000-0x00000000004E3000-memory.dmp

      Filesize

      908KB

      Download

    • memory/2556-481-0x0000000000400000-0x00000000004E3000-memory.dmp

      Filesize

      908KB

      Download

    • memory/2556-1024-0x0000000000400000-0x00000000004E3000-memory.dmp

      Filesize

      908KB

      Download

    • memory/2556-1025-0x0000000000400000-0x00000000004E3000-memory.dmp

      Filesize

      908KB

      Download

    • memory/2556-1027-0x0000000000400000-0x00000000004E3000-memory.dmp

      Filesize

      908KB

      Download

    • memory/2556-1028-0x0000000000400000-0x00000000004E3000-memory.dmp

      Filesize

      908KB

      Download

    • memory/2556-1038-0x0000000000400000-0x00000000004E3000-memory.dmp

      Filesize

      908KB

      Download

    • memory/2556-1073-0x0000000000400000-0x00000000004E3000-memory.dmp

      Filesize

      908KB

      Download