Overview

overview

7

Static

static

3

b437e14f68...18.exe

windows7-x64

7

b437e14f68...18.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    150s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21/08/2024, 16:38

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    b437e14f68ddd68dda2cae815c2adfb7_JaffaCakes118.exe

  • Size

    144KB

  • MD5

    b437e14f68ddd68dda2cae815c2adfb7

  • SHA1

    eb0f72c735f32dee27ba96b9c33099378c40d2ec

  • SHA256

    a63834dbd13d4669ca06bfe8f1b6eae8719482e8a209fbcbea24463ef1503ccf

  • SHA512

    68754b3b9e3d73ed4a19e3348c0153cfd7a6ca2f6f37cb129b470b815e3295521d9a20ed639d7c8ee9593aa46bd204385255b9b010b8577170b58b3bcb818c01

  • SSDEEP

    1536:IVNVuA9uox768RPlyoeSyN6/J86HRwwHJBpetl5A00WPVfguRQxg+HdU/cORFd:I0Av7Lf3yN6/J4SMtl5AADitHdU/3

Score
6/10
defense_evasiondiscovery

Malware Config

Signatures

  • Indicator Removal: File Deletion 1 TTPs

    Adversaries may delete files left behind by the actions of their intrusion activity.

    defense_evasion
  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 42 IoCs
    adwarespyware
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 10 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b437e14f68ddd68dda2cae815c2adfb7_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\b437e14f68ddd68dda2cae815c2adfb7_JaffaCakes118.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4748
    • C:\Program Files\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://www.on86.com
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3176
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3176 CREDAT:17410 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:3568
    • C:\Program Files\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://down.xingkongjisu.com/flashplayer.htm?52c
      2⤵
      • Modifies Internet Explorer settings
      PID:4232
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\B437E1~1.EXE
      2⤵
      • System Location Discovery: System Language Discovery
      PID:4520

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
          Filesize

          471B

          MD5

          fb678ed578cc85c2788510c2d3272e4c

          SHA1

          b7ab05a280d5dd1635f5015fdad52bee5d55a086

          SHA256

          402f83b861999708fd0b815eaf687d9b438a5140d103c5f5561a55573daf89d4

          SHA512

          54f960e588a1fd311776233d2d0d42e9612d8e1e1d8715d9121edad25d5f1c1f9dec076768f95282df0412cc31ba6ec2b76543d01cdac663702a29ab4078f0e3

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
          Filesize

          404B

          MD5

          09e9defc9d7220c2f37f67992768c730

          SHA1

          39854be949619f2171317dce02f7459b1caf6a54

          SHA256

          35de1ca90b3465938d85d1fbe296e4721e88e3afc9ed36455f6347857a6074e7

          SHA512

          3e9225c7291c8ad01ade9f81fc8a513f97b899dd7878d715c9f305e59bebd8ffff02d870adf08efe58bbe90eae091b9c63804a4192d6315abe9dc6a38ea7aed4

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\7gbengd\imagestore.dat
          Filesize

          9KB

          MD5

          2cb2b820f4d89abedcaed03132a903c9

          SHA1

          95b65d8f1457cbab5a25c84dfcb4f617bc53424d

          SHA256

          ac0244b8c27246cf9b0636991e2c7fb3b445b03ee8bfb60a4695eca2cf059942

          SHA512

          9aaa6d0570c676d205236d6e4c3871f08db09593c52aeee4386dc4724a85ed7140e73a4e29e17e0d21c89ac92892ed02d33c41737a03a86890b9f6b50b5716f6

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\CFIOOOZS\favicon[1].ico
          Filesize

          9KB

          MD5

          fc4cbde7ebd9f322f7acea355bf5a66f

          SHA1

          94742f6d5a7a2470cce60dfcfc1c38567e3d36ef

          SHA256

          1c96ce7fab5c05afc2b88ebf834ee21c4ea18305c3893c19bc8e08690b3f7054

          SHA512

          ddbeac3e93d6ae508078d9dc5c1c2e278f8db580681f3d34cc9720ad6b2a0d23ea5aa9932228ba0279d52d33d23cf7b2b2fd5278bbcb2e8a4ff07dfab8059b6d

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\CFIOOOZS\suggestions[1].en-US
          Filesize

          17KB

          MD5

          5a34cb996293fde2cb7a4ac89587393a

          SHA1

          3c96c993500690d1a77873cd62bc639b3a10653f

          SHA256

          c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

          SHA512

          e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

          Download Submit

        • memory/4748-0-0x0000000000400000-0x0000000000424000-memory.dmp

          Filesize

          144KB

          Download

        • memory/4748-3-0x0000000000400000-0x0000000000424000-memory.dmp

          Filesize

          144KB

          Download