Overview

overview

8

Static

static

3

966f7044de...18.exe

windows7-x64

8

966f7044de...18.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    14/08/2024, 14:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    966f7044de3f67549aeb3e915abe2b7c_JaffaCakes118.exe

  • Size

    472KB

  • MD5

    966f7044de3f67549aeb3e915abe2b7c

  • SHA1

    c1b600d1363ffcb7c3f08d4291bc9c4769f4c6bf

  • SHA256

    c063f197aa16954067129a99f3d28dea5577c404bdb4562190f3ef2912d6b6f5

  • SHA512

    102a94d1ecdff0c626cef678b110e75350724c0412704ca8ba5a611a43f27d5ac9184498af03e4b957b81fdd321750627a31ec572776b88940e7b3b8fa4516d7

  • SSDEEP

    6144:ppMMVVbsrDbFULI0PHBWN0tNcl4rTHM8syD0pMMVVbsrDbj:UtrmRPHBWN0bclSsy3trT

Score
8/10
discoverypersistencespywarestealer

Malware Config

Signatures

  • Contacts a large (1386) amount of remote hosts 1 TTPs

    This may indicate a network scan to discover remotely running services.

    discovery
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in System32 directory 64 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\966f7044de3f67549aeb3e915abe2b7c_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\966f7044de3f67549aeb3e915abe2b7c_JaffaCakes118.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2256
    • C:\Program Files\Internet Explorer\IEXPLORE.exe
      "C:\Program Files\Internet Explorer\IEXPLORE" 212.33.237.86/images/1/report.php
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2560
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2560 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1976

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\ose.exe
    Filesize

    618KB

    MD5

    b39e419f52b4b418717d05c026376428

    SHA1

    ec5095cc2d9ae7ff95ffff94b22a7d781b1f7c79

    SHA256

    bfbd2c0560f52d794ce3da791a8d97c755ac7b51325cdfd364b8236e6c478aba

    SHA512

    039cbbd054f2b033bda87a06b022bad0e47717ad527fc7604e2d6a49bf9ff268fe21fcdf25edc2e899d83098bfea889049235285087107f1d1b1063e01111b8c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    64e7d5b9626810086869a1aedb633c06

    SHA1

    0c42cbdcc217d0a05cf607363acd81d849dd5eee

    SHA256

    473cb337e05b054b7459a8fc3061ae46b1c718321d5dc2363660ff3d6efc5e13

    SHA512

    17833dbf8f2f4a16d7eaa28283784dae6294fa1d195fd69d1dfec925e711de14ff1a954fafc535125004917f780ee1ec1826a0b44dcdfe16f73ca3b7cfced423

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e3b935b3ba6f011fa7619e073eb49710

    SHA1

    e32d9d36176f16ac818c0126e2ee9d8dbc38601c

    SHA256

    f4921b36b28a724e88e2fb4d0df99af3090e1dfa9448684867ea93f4a1f57309

    SHA512

    71d5da86cc61cc882211c4abfc2018bc417be30a19a83bbd232f5ebe8b89e852d88331bedce339606c08afbd7f5b9f4f98d10cd457787d866d78eaa2fba1f53f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ff5c482aeea7de9598f81022c561b611

    SHA1

    16286266df376159a085b961a1022d3519c8e574

    SHA256

    0f6a58c9cbb0bcdb06d88aeda746c97fd8a20dc755ca7df992bdce061c6adae6

    SHA512

    c4ae5a2749ace8925246d141ec545e27e42d0a6f824540ae6f0443c2d8d948280fef9792881f9821e21473de1d798205e6b98ca21c46def013d4b2397d439d3e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    73097558f2ad944583e0965f001f4948

    SHA1

    f585dddb0048488b1af1b42dbc5326ac616dfe34

    SHA256

    88ec5a40f312b48abb614c4da8b7733de2926f9e85687f014adc784978645711

    SHA512

    26e7f2ee8286f860bc9581ebd2746f81091921cb61d6bd190b1dc59c805bb426998ede2039f40aae073d1cb05bbcc868bd0470648c531f86d67384ac310508a0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6afaa619bde57b039987de7ef8798c0e

    SHA1

    23d598c6160c55eff3e069efa056aa7e6d09f659

    SHA256

    982d4a490ff3e348e7f12c95ce8bdb6db82c3700c2ec1ba964e83f7b5b2e740f

    SHA512

    37c989a8b5627b6225a416060a0eb7d730dc6513218c656d9c6c3ad576825f956dd468aca4337f3c73e64f6dabefcae38e169c0865090f2a3b21a616179a8fcb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d92bb9dbd4a5f3afbc7b650d32c6c1b4

    SHA1

    3c8f050c08ec49d80fe87b0601fb7310a58866b2

    SHA256

    e1dcfcf0834d57341a3800b3dc865b82c81dba9f34ab7b783b9e1e9a247d6436

    SHA512

    6138ff4befaaa2f4060c1abf2393986de7ba77b7106a74fac8f9a6120b3f299309d1b9efa4fbaf4bfa8a1b500786b3fa16ac5e215b3f566fec5093f5b62944fe

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6463b3ce80fa541bd6e9747abec97641

    SHA1

    f2e8fca554d4a84789162fc872d7d47174de8e5c

    SHA256

    d1b2ee14d880c5460dac72241d2b3cbf85ceceb4fa328a8918e04b8d34495740

    SHA512

    2dee8c45afc3600e524d98dada32a83eb1473a26a318c9736b89b52250bf7e1ad0e529da1df86dfc51639f6dc10125c7332ee7d974eb762bbde3e6d845d062bd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    78e4f7b7b5cb75297780ea7d1f8528e2

    SHA1

    179ce7f8195e37a4922d4ef65b3a50e0b30a7e7f

    SHA256

    e3e97c64b00a003aefa9ed8851b67e9d173ccfaf65d637c8bf826554db889cf2

    SHA512

    f6e6df439d854f6f18a955a14f8362874a5ffe47b37169c6ffdb1bb9657b0c78ade35fe07a943fdec09e89ef40c253b3c260afdf6301f0bd59a6b5423cf25967

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    89e228321a5625b6782f5d0a34d566d3

    SHA1

    c7a875e75ec8f524302c7cf0550771a3d15cd83d

    SHA256

    389dc7d97100bd5f002d49e8744c98fc0535ebcaa6ee4573f57cd1ce6b256419

    SHA512

    10c74ad7f90aa539d5604a2cf8399d21962b0bc1c5cf20c41a64d30a6d245f0989c2eeac0216fccc1cb9a5f135ddc2e402d3933fdfa5b509cad2795f4a54439d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e2687c09bfdb5c740015f897a744b87a

    SHA1

    fb343eb0a9be12645808d1f2ca9949eedf64c3ec

    SHA256

    85f54382a8d9c30b5590e45a6e3fdf2cdefe7db1ed1709b450fc2ac446191c85

    SHA512

    c683e0c479906584ff358df9e66f330e918f5c08f0f3d9a5cb24762b3b48154252afa4d7065eb98fbe47f23c40af288a069f5c5eaf0d9e7b10deb6c751ddb02d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5477e16fa6b9568c419398df4d9112e7

    SHA1

    bd576d32244f0717b4e02b09f2c301d32ff361ab

    SHA256

    d13431579e8ada7ab3e61a07ba9e6c5e07ed73bb40fab9d94ee545d48335eec5

    SHA512

    99f48ef088d89601ad6b6a2a3507c842532ed50ebea6d54983c30e64052d3457516922722ec57fae419ee4aba10da6f3b70f44e71585f4c4fc4f32f7ec3dab70

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1ef084afc84f11209a33bcc9f2c0a6af

    SHA1

    9f52b41be33bc689d297f4cf4775ed978f4fdd26

    SHA256

    a515a170bd640b0a7af1285fc53f99e200f348848471ab89f351ee174b15e954

    SHA512

    08a9facca4eed93b34a3db16bf9bad6cef425619044035b74a24907283e7235465cc6206ace9c22474ed8ce8e3facad72dec919341ae5ad74617bb4743045106

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7053c50f72257f309a02d8cf961d6a1f

    SHA1

    a8b7146ee577bc9fb7ab9d7180215ab96dd8b8e0

    SHA256

    0a915f9eb79ee6771dd062015c63281ef28439da6136425555a90888659ca90d

    SHA512

    3a5b67f94395bdae01ce37ecc7bf64cb5e6b6e452873b7ae9ee847633a1e8e0c3341a3df8c9d3528772cd0ed5088ae6576600d42f979c6ef0cea628601e6bac0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3ec4fd0b6aae74cdc199d5fa4dcb685b

    SHA1

    bb7997109e935965aa91a88093ca1c486349e3a6

    SHA256

    c98f9a6218f376692c76678f124a0bc1b6f02cf6bf87e0a7db03833143f30cb7

    SHA512

    689190561ea5633d2080a2968776e08e040e71ececdd4f67fe1213c66bc47bcd65df154bb9c16ac65aac1a6bf9149c8a4cc23177e53ea8819f9edff28ed86dfa

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b2411b31e5c6c2b7bf5336ada3ea717f

    SHA1

    7a2200a696dd3758d8ea397d6a80abe713409eb5

    SHA256

    4460183be05fc3d5b15d97adf93b6c18df374db791dc6ffb13624c6ee5cd76c8

    SHA512

    fa7c0fde8b7c1e6f47547e7d1c43373972a4ea5d90d3152dcb25b12781d75ba992795cd31cae4f7eb0308ffdd2db92b76e0e152f67fd341226fd6a7ee2899759

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e72ce2f7a29ff33c540d922dd06c4337

    SHA1

    2f1b86c659f6b586d0da0d046820d3ca211cbb90

    SHA256

    1106cc76f9b4baf354c0cebcf8e25c367d5416f609faf2c5e6a1a2a0644f4b0a

    SHA512

    1af4a9c1d347a19a3a3d8b81e15c93a76aebc471481502f34d43b617dad531d622e2206fb0efcc633f4546902f207c26eb4ca891424327379b2b60b38f313520

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    24602d11a669fa8077a9d5aea698a12d

    SHA1

    7bad3b3e6c5587213aeea08b773b02005277d28c

    SHA256

    b3af74a8bee93214650a6ba1181b25507c1480d8d87fe170425de3dc4c4b8e70

    SHA512

    7298dae6dd9657a831348a60d439304925b95cba61773645ca0143485f2773fde652f3f055c6e2b8ed7b6eacd170d137e3cd07c7d3e6ac1d34c97c25a981fe9b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f33a428c2946104a5030ce576a80b161

    SHA1

    f62675679e62b839872879b575888e1b773a5903

    SHA256

    bf75b81d68e89c8c2076f4524c6ed03dc224cc3e3f9d24f1dd352f64d542cc26

    SHA512

    011cd84d928a67ba7abb27a8eb8b5a6720b9f35bca1b0cf296b889899fcfd7e6e3a90b531b6e0195c78113e203a12355abb19c833700664cb434ae940c35b31d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    cbfa5e555d89f71cbb29e8a7f1bcb514

    SHA1

    7f71343cbf1d8efae5469ed912003f9c019b1747

    SHA256

    a4a99fd495acfba032dbe2fba3c687a9cb7df25c96198c798ded9bf94e034fe1

    SHA512

    e62ae898dacb7072132a729a21438aabc2bd74972895e7785ea46e2f1c507df1f0122cac4285756749d706a67b058d90d7965a11214db5c3026b11a01ea460ec

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab99F2.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar9A71.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit