Overview

overview

7

Static

static

3

c0147ccc7f...18.exe

windows7-x64

7

c0147ccc7f...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    141s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    25/08/2024, 05:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c0147ccc7f0fe820d10e6f0cae51c6c3_JaffaCakes118.exe

  • Size

    30KB

  • MD5

    c0147ccc7f0fe820d10e6f0cae51c6c3

  • SHA1

    87c113f6791b6ed66a954c85bf663cff744f03de

  • SHA256

    81dfc73f085ad48ef0b2bb62614fa8ff8952818cd2b28cc6834168446e54f8d4

  • SHA512

    78a0a98664456ad872a42014a395f0451685cf4b6867bb60dcf0d99f70f7173ac531050e9550d7a2fcbb652a4c83d7d2156f2e1072ac648dc259ed08668b5578

  • SSDEEP

    768:0IaHLjx8t7ezR/eHNPcb3Q2YFQ8VYnbcuyD7Us:0DH6t74MHm0QgYnouy8s

Score
7/10
discoveryspywarestealer

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Drops file in Program Files directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • NTFS ADS 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c0147ccc7f0fe820d10e6f0cae51c6c3_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\c0147ccc7f0fe820d10e6f0cae51c6c3_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    • NTFS ADS
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2152
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2152 -s 1444
      2⤵
      • Program crash
      PID:840

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\Desktop\Internet¡¡Explorer.lnk
    Filesize

    1KB

    MD5

    5fb2f7fddbd524196d96ec9841db47aa

    SHA1

    85393813cc1a61fb78e7c00948562436542df90a

    SHA256

    730eb78ee007e491cb33c4fd061ac9135e35d3fe80362693f36de470e440aaf7

    SHA512

    c562c3ff9735af293c3e5f55e08290bdb1c1c16289d810c712c63aa4f9a591dfa443d690f31f23521c0b0880d537f8fa95818ce29ab93ef9516989bcc6e2993f

    Download Submit

  • \Program Files\Internet Explorer\lEXPL0RE.EXE
    Filesize

    44KB

    MD5

    a624cece1e4629a053f576e4a403e628

    SHA1

    7622cea9d824bf3440fcae9d625deedbc9358b0d

    SHA256

    456d129f55b3f5a8e0ca7b94f50c24d8db098ce8b5d4dea35f9bd90ed7a2be76

    SHA512

    45a5d887793a6ac04b9ed85869a5cdc88c165d436db957959ceaab13f63b806fea59a4a0b6caba6e089baa2003b3bd8dd196867f2f5af96afbc511594ebf8b7c

    Download Submit

  • memory/2152-0-0x0000000000400000-0x0000000000418000-memory.dmp

    Filesize

    96KB

    Download

  • memory/2152-41-0x0000000000400000-0x0000000000418000-memory.dmp

    Filesize

    96KB

    Download