Overview

overview

8

Static

static

3

d6dfabf412...18.exe

windows7-x64

8

d6dfabf412...18.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    93s
  • max time network
    139s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09/09/2024, 18:29

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    d6dfabf4120eb00a512e6e7c4a4d7330_JaffaCakes118.exe

  • Size

    14KB

  • MD5

    d6dfabf4120eb00a512e6e7c4a4d7330

  • SHA1

    a94899ac76234dfc92cf7d5995dd2e6cab57f93e

  • SHA256

    fdca4927824dc3ab6bfd9c217fe1e3650d0154d8cbdec936688b1234cc143f78

  • SHA512

    881dd0e64bf16ce015f5ff86ba2c2635abf80f37837715e1a6471058efb3deb66061f3b42b1de8c24f0113bf287d8fb41b9875ad7874e7f3ca539f44af8fa3ad

  • SSDEEP

    384:HVJ87NR32T3Oy8t3GOBcWlXx/LxFphz/XDvFEW8:r8ZR5GOFx/phz/XDNEW8

Score
8/10
adwarediscoverypersistencestealer

Malware Config

Signatures

  • Adds policy Run key to start application 2 TTPs 2 IoCs
    persistence
  • Loads dropped DLL 2 IoCs
  • Installs/modifies Browser Helper Object 2 TTPs 5 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

    stealeradware
  • Drops file in System32 directory 4 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 3 IoCs
    adwarespyware
  • Modifies registry class 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d6dfabf4120eb00a512e6e7c4a4d7330_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\d6dfabf4120eb00a512e6e7c4a4d7330_JaffaCakes118.exe"
    1⤵
    • Adds policy Run key to start application
    • Loads dropped DLL
    • Installs/modifies Browser Helper Object
    • Drops file in System32 directory
    • System Location Discovery: System Language Discovery
    • Modifies Internet Explorer settings
    • Modifies registry class
    PID:4384

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Windows\SysWOW64\hpAF5A.tmp
          Filesize

          9KB

          MD5

          e0ef0f678adda3dc92b60e4a5d786fe1

          SHA1

          479f39fc02adc4e706c2c3c77241da6064d8ba94

          SHA256

          45020a8c80c47f4c4d8b1f35cb37de6c0e0b93d507188ed4b9a13b5e3d9d8a92

          SHA512

          9e346bdc10f4133de393bb018d626c63a492174747653d4c5b6418b524b647c331443d24dfa0ae80ca2f9c604cf349627c75e63a9237f8b3dfd8be70c609be5a

          Download Submit

        • C:\Windows\SysWOW64\msvol.tlb
          Filesize

          5KB

          MD5

          07332c7eb6f5b3adb7f314413aaef7c5

          SHA1

          95d86f2b37c01c345acb37b204d2ca871cfc84dc

          SHA256

          0e032943cfaa9405170ec4590e811f9fa17130cf5bb1055a50053cb3cc99d885

          SHA512

          7ed5bbf2776f02dd951d2901cf23ccd3e558137b6c098d5c61dc8246a9e00502820abe82c6911fa27bcd4f347d1154487457879df0670b924a7939c5bf43343d

          Download Submit

        • memory/4384-3-0x0000000010000000-0x0000000010012000-memory.dmp

          Filesize

          72KB

          Download

        • memory/4384-10-0x0000000010000000-0x0000000010012000-memory.dmp

          Filesize

          72KB

          Download