Overview

overview

7

Static

static

3

b3ef930186...18.exe

windows7-x64

7

b3ef930186...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21/08/2024, 15:02

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    b3ef9301868afaace31e7d6a103a9e1f_JaffaCakes118.exe

  • Size

    158KB

  • MD5

    b3ef9301868afaace31e7d6a103a9e1f

  • SHA1

    830b052096194d46853cc7b1dca534987a2efce8

  • SHA256

    2de60f0a9603aa9e2e8512772444bb04f249c36b9d9bee825a2ad07d7ce729de

  • SHA512

    ebbb55a25ad428a3387d1018259967ccac126e09ea5a2f69f5a47f18f6690a9f72b874045601a04ff698656ca8c2c70ab0c63348ab427e65fd5d939befd4087f

  • SSDEEP

    3072:Q7vyirQsl71vUKNG49MWY/LGkSXqwTSGDCScgRy5+QvLfcJPEt:Q7vT/tUKLvYBmS2ZRy5t

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer Phishing Filter 1 TTPs 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 2 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b3ef9301868afaace31e7d6a103a9e1f_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\b3ef9301868afaace31e7d6a103a9e1f_JaffaCakes118.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:3484
    • C:\newdnswatch\newdnswatch.exe
      "C:\newdnswatch\newdnswatch.exe"
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:3024
      • C:\Users\Admin\AppData\Local\Temp\WnT9C21.exe
        "C:\Users\Admin\AppData\Local\Temp\WnT9C21.exe"
        3⤵
        • Executes dropped EXE
        • Adds Run key to start application
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer Phishing Filter
        • Modifies Internet Explorer settings
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:3456

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\WnT9C21.exe
          Filesize

          3KB

          MD5

          29090b6b4d6605a97ac760d06436ac2d

          SHA1

          d929d3389642e52bae5ad8512293c9c4d3e4fab5

          SHA256

          98a24f0caf5b578e230e6f1103a5fba6aecb28a9128cad5520fcde546d643272

          SHA512

          9121ec42fa66e14a4fc3932c8dbcc8fb1a93ab9de00da57a82e176faa70b73f6992f8c5e2ab52c02fc28c8f0c59aee73b6fbbd39107db7d15105054f4390e9be

          Download Submit

        • C:\newdnswatch\config.bin
          Filesize

          5KB

          MD5

          b6297e20310c35aa1517c13667009ea1

          SHA1

          d34db88e3c6d3c39ef8997cd4fa6d67d00f7ef3b

          SHA256

          7e9c2da1ad343673c03b6f5cdb8547ae50580188d63503233bf8dec628d4b5ed

          SHA512

          d4a5709fc61d97bf30ec0193aaeb9b30b67634b0257b90cdd064180c6b349cde92adc4e06209b6d04ff54e5c0c3103420760424c9ed7f6bef64eca16268b1d2a

          Download Submit

        • C:\newdnswatch\newdnswatch.exe
          Filesize

          158KB

          MD5

          b3ef9301868afaace31e7d6a103a9e1f

          SHA1

          830b052096194d46853cc7b1dca534987a2efce8

          SHA256

          2de60f0a9603aa9e2e8512772444bb04f249c36b9d9bee825a2ad07d7ce729de

          SHA512

          ebbb55a25ad428a3387d1018259967ccac126e09ea5a2f69f5a47f18f6690a9f72b874045601a04ff698656ca8c2c70ab0c63348ab427e65fd5d939befd4087f

          Download Submit

        • memory/3024-15-0x0000000000400000-0x000000000045F000-memory.dmp

          Filesize

          380KB

          Download

        • memory/3024-12-0x0000000000400000-0x000000000045F000-memory.dmp

          Filesize

          380KB

          Download

        • memory/3456-45-0x000000000BAD0000-0x000000000BB16000-memory.dmp

          Filesize

          280KB

          Download

        • memory/3456-43-0x000000000BAD0000-0x000000000BB16000-memory.dmp

          Filesize

          280KB

          Download

        • memory/3456-33-0x0000000001F70000-0x0000000001FB6000-memory.dmp

          Filesize

          280KB

          Download

        • memory/3456-53-0x000000000BAD0000-0x000000000BB16000-memory.dmp

          Filesize

          280KB

          Download

        • memory/3456-59-0x000000000BAD0000-0x000000000BB16000-memory.dmp

          Filesize

          280KB

          Download

        • memory/3456-62-0x000000000BAD0000-0x000000000BB16000-memory.dmp

          Filesize

          280KB

          Download

        • memory/3456-61-0x000000000BAD0000-0x000000000BB16000-memory.dmp

          Filesize

          280KB

          Download

        • memory/3456-58-0x000000000BAD0000-0x000000000BB16000-memory.dmp

          Filesize

          280KB

          Download

        • memory/3456-27-0x0000000001F70000-0x0000000001FB6000-memory.dmp

          Filesize

          280KB

          Download

        • memory/3456-56-0x000000000BAD0000-0x000000000BB16000-memory.dmp

          Filesize

          280KB

          Download

        • memory/3456-55-0x000000000BAD0000-0x000000000BB16000-memory.dmp

          Filesize

          280KB

          Download

        • memory/3456-54-0x000000000BAD0000-0x000000000BB16000-memory.dmp

          Filesize

          280KB

          Download

        • memory/3456-52-0x000000000BAD0000-0x000000000BB16000-memory.dmp

          Filesize

          280KB

          Download

        • memory/3456-51-0x000000000BAD0000-0x000000000BB16000-memory.dmp

          Filesize

          280KB

          Download

        • memory/3456-50-0x000000000BAD0000-0x000000000BB16000-memory.dmp

          Filesize

          280KB

          Download

        • memory/3456-49-0x000000000BAD0000-0x000000000BB16000-memory.dmp

          Filesize

          280KB

          Download

        • memory/3456-48-0x000000000BAD0000-0x000000000BB16000-memory.dmp

          Filesize

          280KB

          Download

        • memory/3456-47-0x000000000BAD0000-0x000000000BB16000-memory.dmp

          Filesize

          280KB

          Download

        • memory/3456-46-0x000000000BAD0000-0x000000000BB16000-memory.dmp

          Filesize

          280KB

          Download

        • memory/3456-103-0x00000000753B0000-0x0000000075800000-memory.dmp

          Filesize

          4.3MB

          Download

        • memory/3456-28-0x0000000001F70000-0x0000000001FB6000-memory.dmp

          Filesize

          280KB

          Download

        • memory/3456-42-0x000000000BAD0000-0x000000000BB16000-memory.dmp

          Filesize

          280KB

          Download

        • memory/3456-44-0x000000000BAD0000-0x000000000BB16000-memory.dmp

          Filesize

          280KB

          Download

        • memory/3456-41-0x000000000BAD0000-0x000000000BB16000-memory.dmp

          Filesize

          280KB

          Download

        • memory/3456-40-0x000000000BAD0000-0x000000000BB16000-memory.dmp

          Filesize

          280KB

          Download

        • memory/3456-39-0x000000000BAD0000-0x000000000BB16000-memory.dmp

          Filesize

          280KB

          Download

        • memory/3456-38-0x000000000BAD0000-0x000000000BB16000-memory.dmp

          Filesize

          280KB

          Download

        • memory/3456-37-0x000000000BAD0000-0x000000000BB16000-memory.dmp

          Filesize

          280KB

          Download

        • memory/3456-36-0x000000000BAD0000-0x000000000BB16000-memory.dmp

          Filesize

          280KB

          Download

        • memory/3456-32-0x0000000000BB0000-0x0000000000BB6000-memory.dmp

          Filesize

          24KB

          Download

        • memory/3456-30-0x0000000001000000-0x0000000001004000-memory.dmp

          Filesize

          16KB

          Download

        • memory/3456-29-0x0000000001001000-0x0000000001002000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3456-57-0x000000000BAD0000-0x000000000BB16000-memory.dmp

          Filesize

          280KB

          Download

        • memory/3456-18-0x0000000001F70000-0x0000000001FB6000-memory.dmp

          Filesize

          280KB

          Download

        • memory/3456-102-0x00000000753B0000-0x0000000075800000-memory.dmp

          Filesize

          4.3MB

          Download

        • memory/3456-24-0x0000000001F70000-0x0000000001FB6000-memory.dmp

          Filesize

          280KB

          Download

        • memory/3456-23-0x0000000001F70000-0x0000000001FB6000-memory.dmp

          Filesize

          280KB

          Download

        • memory/3456-101-0x00000000753B0000-0x0000000075800000-memory.dmp

          Filesize

          4.3MB

          Download

        • memory/3456-100-0x00000000753B0000-0x0000000075800000-memory.dmp

          Filesize

          4.3MB

          Download

        • memory/3456-99-0x0000000075665000-0x0000000075667000-memory.dmp

          Filesize

          8KB

          Download

        • memory/3456-25-0x0000000001F70000-0x0000000001FB6000-memory.dmp

          Filesize

          280KB

          Download

        • memory/3484-82-0x000000000BAD0000-0x000000000BB16000-memory.dmp

          Filesize

          280KB

          Download

        • memory/3484-31-0x00000000021C0000-0x000000000221F000-memory.dmp

          Filesize

          380KB

          Download

        • memory/3484-7-0x0000000000400000-0x000000000045F000-memory.dmp

          Filesize

          380KB

          Download

        • memory/3484-88-0x000000000BAD0000-0x000000000BB16000-memory.dmp

          Filesize

          280KB

          Download

        • memory/3484-87-0x000000000BAD0000-0x000000000BB16000-memory.dmp

          Filesize

          280KB

          Download

        • memory/3484-86-0x000000000BAD0000-0x000000000BB16000-memory.dmp

          Filesize

          280KB

          Download

        • memory/3484-84-0x000000000BAD0000-0x000000000BB16000-memory.dmp

          Filesize

          280KB

          Download

        • memory/3484-4-0x0000000000550000-0x0000000000551000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3484-81-0x000000000BAD0000-0x000000000BB16000-memory.dmp

          Filesize

          280KB

          Download

        • memory/3484-79-0x000000000BAD0000-0x000000000BB16000-memory.dmp

          Filesize

          280KB

          Download

        • memory/3484-78-0x000000000BAD0000-0x000000000BB16000-memory.dmp

          Filesize

          280KB

          Download

        • memory/3484-77-0x000000000BAD0000-0x000000000BB16000-memory.dmp

          Filesize

          280KB

          Download

        • memory/3484-76-0x000000000BAD0000-0x000000000BB16000-memory.dmp

          Filesize

          280KB

          Download

        • memory/3484-74-0x000000000BAD0000-0x000000000BB16000-memory.dmp

          Filesize

          280KB

          Download

        • memory/3484-73-0x000000000BAD0000-0x000000000BB16000-memory.dmp

          Filesize

          280KB

          Download

        • memory/3484-85-0x000000000BAD0000-0x000000000BB16000-memory.dmp

          Filesize

          280KB

          Download

        • memory/3484-72-0x000000000BAD0000-0x000000000BB16000-memory.dmp

          Filesize

          280KB

          Download

        • memory/3484-80-0x000000000BAD0000-0x000000000BB16000-memory.dmp

          Filesize

          280KB

          Download

        • memory/3484-71-0x000000000BAD0000-0x000000000BB16000-memory.dmp

          Filesize

          280KB

          Download

        • memory/3484-70-0x000000000BAD0000-0x000000000BB16000-memory.dmp

          Filesize

          280KB

          Download

        • memory/3484-75-0x000000000BAD0000-0x000000000BB16000-memory.dmp

          Filesize

          280KB

          Download

        • memory/3484-69-0x000000000BAD0000-0x000000000BB16000-memory.dmp

          Filesize

          280KB

          Download

        • memory/3484-67-0x0000000002220000-0x0000000002221000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3484-66-0x0000000077AE2000-0x0000000077AE4000-memory.dmp

          Filesize

          8KB

          Download

        • memory/3484-65-0x0000000002220000-0x0000000002221000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3484-63-0x0000000077AE2000-0x0000000077AE4000-memory.dmp

          Filesize

          8KB

          Download

        • memory/3484-3-0x0000000000550000-0x0000000000551000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3484-2-0x0000000000400000-0x000000000045F000-memory.dmp

          Filesize

          380KB

          Download

        • memory/3484-1-0x0000000000400000-0x000000000045F000-memory.dmp

          Filesize

          380KB

          Download

        • memory/3484-83-0x000000000BAD0000-0x000000000BB16000-memory.dmp

          Filesize

          280KB

          Download

        • memory/3484-0-0x00000000021C0000-0x000000000221F000-memory.dmp

          Filesize

          380KB

          Download