Overview

overview

8

Static

static

3

8da4dbbeff...18.exe

windows7-x64

8

8da4dbbeff...18.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12-08-2024 06:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8da4dbbeff48b548272cc1ebc311f3a0_JaffaCakes118.exe

  • Size

    7KB

  • MD5

    8da4dbbeff48b548272cc1ebc311f3a0

  • SHA1

    c58574d5b9f4c7b1e96aa605bb8651185bfd828e

  • SHA256

    dd24be7747ca84bd409d7d6741c9181cfdbcf2db4a93291e49a18ac5f4054a8d

  • SHA512

    4e577b7748b36cdbfbc6fc41f6d4e0d60782333e6f71ee2d7ea54d6b30f86b860d07e47fa6a11c64eca7732fcefd3a00531a41e64fe97ced2fa7f4a72d363392

  • SSDEEP

    192:OdOntQ0OW3l0vdV+i2hBKwa5/7N2PmCJ2MEe:OdOnj2vDB2hza5/7UPpr7

Score
8/10
discovery

Malware Config

Signatures

  • Drops file in Drivers directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 30 IoCs
    adwarespyware
  • Suspicious behavior: LoadsDriver 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8da4dbbeff48b548272cc1ebc311f3a0_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\8da4dbbeff48b548272cc1ebc311f3a0_JaffaCakes118.exe"
    1⤵
    • Drops file in Drivers directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:3404
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -nohome
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3348
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3348 CREDAT:17410 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2924

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    471B

    MD5

    f1345434f9702087a89581329f3ee435

    SHA1

    2ef9c7c6a370695a03e61d1e9e803af7cb08d0ae

    SHA256

    c98c6be26d4159c845dcc511afc93f1b0dd4ef1f1e949c02901986ca475119b4

    SHA512

    ac382f3dcdf6a5d41875a82b7c219fb040b6e63f11be1b8801c86d696a29d08859a15a8c2efc5d063fdef497acbdf76a3d2b6c792f21cb07a7e973a4d8fa84d0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    404B

    MD5

    8b66e1c8915d8d90b767a8bd368dd450

    SHA1

    eb8d1a19258a49b7aa4a5a29c6b5a37e9d994282

    SHA256

    4db0c9ee862bd8ae11ae5fdf6a3231c576ca71b3fb67162a3d41506430701de8

    SHA512

    0e2c83cdb583e6557293550af6aa4cb9b361ceaee76f580aff96f79b3e9c3c5e6f09835f70f181758b294cd7ca9d2317c7fe662205fa0428d74ddf330f57fff1

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\FGWUB7UN\suggestions[1].en-US
    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    Download Submit

  • memory/3404-0-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/3404-1-0x0000000000770000-0x0000000000771000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3404-2-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

    Download