Overview

overview

7

Static

static

3

b772a91ce2...18.exe

windows7-x64

7

b772a91ce2...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    140s
  • max time network
    145s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22-08-2024 11:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b772a91ce22b949e8c352136d47241d7_JaffaCakes118.exe

  • Size

    1.9MB

  • MD5

    b772a91ce22b949e8c352136d47241d7

  • SHA1

    ac94801b0fcc999238ff4129625af211416863cf

  • SHA256

    9372758c6185516dbcf0a7e60372139f147bea6e38f5d66a764ed3b04b54d19f

  • SHA512

    0f41055a8fb9e4056b033b95ac4e612840fb7dc15fa578322864f8e321203721115e3c3b2e46b769c2a9bad08f52511396c80d2934a31f0a27479296c0223a69

  • SSDEEP

    49152:ElO7a65tpLMMn2EW9dCLEVm00atVBuhHKf:ES7p5eUEE0LtvTf

Score
7/10
discoveryupx

Malware Config

Signatures

  • ACProtect 1.3x - 1.4x DLL software 1 IoCs

    Detects file using ACProtect software.

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL 1 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 37 IoCs
    adwarespyware
  • NTFS ADS 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 9 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b772a91ce22b949e8c352136d47241d7_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\b772a91ce22b949e8c352136d47241d7_JaffaCakes118.exe"
    1⤵
    • Checks computer location settings
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • NTFS ADS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4060
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.515wg.com
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3056
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3056 CREDAT:17410 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:3280

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ProgramData\DYA_IFBPIMOOCFPWQHOPJ\1.0.0\Data\app.dat
    Filesize

    971B

    MD5

    786984ae028e21dced4646bbb9db7555

    SHA1

    f583d95b69c0065a1c29bfa2f77269e1d81fc4f8

    SHA256

    407017650cc50bf1caa7af48efd651b14ee520e1a7cffdd6d63483901ed3d486

    SHA512

    565cc85f3a84ae93ede8a7161f4fb191f939b77a729c5e9d7350c18255df599f8b628595e4e9c18fe150ce8ada01ee99d2a0de315c24f73fc8e86244fa7876e1

    Download Submit

  • C:\ProgramData\DYA_IFBPIMOOCFPWQHOPJ\1.0.0\Data\updates.dat
    Filesize

    971B

    MD5

    6f56162ac7bfdc42d97e6e7bfc97ec30

    SHA1

    75e7d722b5c3da4daac2b420f1676bb90db76983

    SHA256

    5040a0ce016ba49dc4ccc011b1346373cd6c0a197985a826214c34855e594a86

    SHA512

    bfe3607130d4b5d5793f41f028e3fa794791cffe81e39515aa7ac725fad860a97626ee407aecef2cf7174d0034d1e9bef401a921daf04b8dcc19cb1f9444b3bb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    471B

    MD5

    a1c417847345e36bed0f299c81583b46

    SHA1

    883a1ef9113a8b3c18e1bc11de36852c732687c2

    SHA256

    4ed45f1f55fab97ff73b166b9e234c99ce5ad410a13d49e8404ca5ef5123f027

    SHA512

    a44e9a1dde676408292d60c5934a962596052c8fb656b52877e4441191c85222a45e574436ce0549deeb9639a6649c3e9e91cc7b8ebfbeedb7ba89c7fbc6f93f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    404B

    MD5

    eb4924800db508ac6fd8ca2ce4e08244

    SHA1

    a23c3e016e529051a3ce290f7510aa067c98f352

    SHA256

    37d9efa3fc3339e61459dd2e5f0dea1c6aaf0803c5e3c9a80f26436f27d4d649

    SHA512

    cea9cf44d0a90733974acdbbf1d8ad2fbfb29238c3a83adc4782e0735372893505b5c5245951d8e41fe70771d13ce050b099d08f3fcd4c4b87e131a6a4d09922

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\OD2FK6XO\suggestions[1].en-US
    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\SkinH_EL.dll
    Filesize

    86KB

    MD5

    147127382e001f495d1842ee7a9e7912

    SHA1

    92d1ed56032183c75d4b57d7ce30b1c4ae11dc9b

    SHA256

    edf679c02ea2e170e67ab20dfc18558e2bfb4ee5d59eceeaea4b1ad1a626c3cc

    SHA512

    97f5ae90a1bbacfe39b9e0f2954c24f9896cc9dca9d14364c438862996f3bbc04a4aa515742fccb3679d222c1302f5bb40c7eaddd6b5859d2d6ef79490243a4d

    Download Submit

  • C:\Users\Admin\AppData\Roaming\DYA_IFBPIMOOCFPWQHOPJ\1.0.0\Data\dya.dat
    Filesize

    971B

    MD5

    ab7fd29497627fcb871996458ce3de7e

    SHA1

    3d419c155c1e57cc30c0a64d61ad83efbd560729

    SHA256

    a735d01ff0abb0f555b002d9b4c5d24ef4bce7adab195ae5d00bc922954321b7

    SHA512

    d2471cd8c1461f582339bae8c013ced372953faea1ff2394c000fd5683d662624097f876f05f0344a592aae10a02ef958bf7936a5064589d39ce46aaa7316dda

    Download Submit

  • memory/4060-55-0x0000000000400000-0x0000000000706000-memory.dmp

    Filesize

    3.0MB

    Download

  • memory/4060-59-0x0000000000400000-0x0000000000706000-memory.dmp

    Filesize

    3.0MB

    Download

  • memory/4060-45-0x0000000000400000-0x0000000000706000-memory.dmp

    Filesize

    3.0MB

    Download

  • memory/4060-53-0x0000000010000000-0x000000001003D000-memory.dmp

    Filesize

    244KB

    Download

  • memory/4060-54-0x0000000000400000-0x0000000000706000-memory.dmp

    Filesize

    3.0MB

    Download

  • memory/4060-1-0x0000000000647000-0x00000000006E3000-memory.dmp

    Filesize

    624KB

    Download

  • memory/4060-56-0x0000000000400000-0x0000000000706000-memory.dmp

    Filesize

    3.0MB

    Download

  • memory/4060-58-0x0000000000400000-0x0000000000706000-memory.dmp

    Filesize

    3.0MB

    Download

  • memory/4060-57-0x0000000000400000-0x0000000000706000-memory.dmp

    Filesize

    3.0MB

    Download

  • memory/4060-46-0x0000000000400000-0x0000000000706000-memory.dmp

    Filesize

    3.0MB

    Download

  • memory/4060-60-0x0000000000400000-0x0000000000706000-memory.dmp

    Filesize

    3.0MB

    Download

  • memory/4060-66-0x0000000000647000-0x00000000006E3000-memory.dmp

    Filesize

    624KB

    Download

  • memory/4060-67-0x0000000000400000-0x0000000000706000-memory.dmp

    Filesize

    3.0MB

    Download

  • memory/4060-68-0x0000000010000000-0x000000001003D000-memory.dmp

    Filesize

    244KB

    Download

  • memory/4060-44-0x0000000000400000-0x0000000000706000-memory.dmp

    Filesize

    3.0MB

    Download

  • memory/4060-43-0x0000000000400000-0x0000000000706000-memory.dmp

    Filesize

    3.0MB

    Download

  • memory/4060-0-0x0000000000400000-0x0000000000706000-memory.dmp

    Filesize

    3.0MB

    Download