Overview

overview

7

Static

static

1

9439bca826...18.exe

windows7-x64

7

9439bca826...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    142s
  • max time network
    125s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13/08/2024, 18:22

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    9439bca8267ef8bc38c242e9913bddb3_JaffaCakes118.exe

  • Size

    493KB

  • MD5

    9439bca8267ef8bc38c242e9913bddb3

  • SHA1

    206f9aac9d6632058c931e542b2e335a581863be

  • SHA256

    3548cd7fcd21fb3b06d63897afb5a3dcbd657fd9cde1b99e3ff8334c58c0a3dc

  • SHA512

    00e66c8de51b6fa05c2ef33b0e636084c69d040b32cd39fadffecf51237807cf187a9ce7ad8f2d7935ce9dd50f07891fe6da3ef59eac1e4ef9bfdd9fb83599fc

  • SSDEEP

    12288:taYWPh1az3BxVSQUmK7ruwAk3Ns+bIMrtl:8ZI3lSpmgrzAAs+bIMrt

Score
7/10
adwarediscoverystealer

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Installs/modifies Browser Helper Object 2 TTPs 2 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

    stealeradware
  • Drops file in Program Files directory 5 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 9 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9439bca8267ef8bc38c242e9913bddb3_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\9439bca8267ef8bc38c242e9913bddb3_JaffaCakes118.exe"
    1⤵
    • Checks computer location settings
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    • Modifies Internet Explorer settings
    • Suspicious use of WriteProcessMemory
    PID:3060
    • C:\Program Files (x86)\AdvTopC\AdvTCApp.exe
      "C:\Program Files (x86)\AdvTopC\AdvTCApp.exe" /r
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Modifies registry class
      PID:3584
    • C:\Windows\SysWOW64\regsvr32.exe
      "C:\Windows\System32\regsvr32.exe" /s "C:\Program Files (x86)\AdvTopC\TCHelper.dll"
      2⤵
      • Loads dropped DLL
      • Installs/modifies Browser Helper Object
      • System Location Discovery: System Language Discovery
      • Modifies registry class
      PID:4192

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Program Files (x86)\AdvTopC\AdvTCApp.exe
          Filesize

          305KB

          MD5

          6c4fb5bdff7ea9f5807571c6ee872170

          SHA1

          9fb2226edb06b4c99743a2f7070d28d7b01e7a8f

          SHA256

          867b016b5bd895a8149d76b0c5d4a55a20e2aa38b0bd24a134e769ca96d9d918

          SHA512

          54aaae9cb34615fd16f64572dd8c4ff44222ca8d8a07b8e089ccd8f5bee7a57eeca0a5e95908bfd5dd5a42e401c7e9e88f98ead2c3d8653571fe165fb25612ed

          Download Submit

        • C:\Program Files (x86)\AdvTopC\AdvTCApp.tlb
          Filesize

          2KB

          MD5

          c1c8e38be148a3148ef3d993c3f454d8

          SHA1

          77bbe86132c511c50a9b3b88ea7bc471e7d7e69f

          SHA256

          7285e819ccaacecc882f91138e5402d80ac32927216c8e40030f6b60232613ba

          SHA512

          68e5e2e08330bcb44a45a6e76fd98ed0678deaf19b897cb35f47431ace4ea454745af9a6e8fea91dec4f1289f02cda2589a2aba70df809868158a391e2ca0dfe

          Download Submit

        • C:\Program Files (x86)\AdvTopC\TCHelper.dll
          Filesize

          230KB

          MD5

          1ff579e3d5ed93a9a90ee3548f575356

          SHA1

          9bcb2e209a962bd2e93069ad49289c0d33cd05bd

          SHA256

          03614623326db9c1575c9484128182a925a718e9a5ffca8d1678c5100e638a52

          SHA512

          1da3de2054b6555fc928aab07eacdc0686058484b813716e32a8b7c1d89a00709e3942be00d0c640587e49bbc21eddb50b2e7835af9fdd38b50d8690e173716c

          Download Submit