Overview

overview

7

Static

static

7

d7557f2685...18.exe

windows7-x64

7

d7557f2685...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    95s
  • max time network
    141s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10/09/2024, 00:25

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    d7557f26850945c0169ef1a1ff0c7890_JaffaCakes118.exe

  • Size

    31KB

  • MD5

    d7557f26850945c0169ef1a1ff0c7890

  • SHA1

    e2906ed40dda5e2a76b2cab13b2fef73d06c6ca8

  • SHA256

    a9077017d21f028cb423218fe7a215274266de2695ef1d8db333150525f4762e

  • SHA512

    99a4e96b3d22519cfe934f2156a344e6c632d1083e6613151d7b297177cd08753a2600e9bcbd253a63f504376f800114d8296ad467fad7b8a9ca4dd0be9b387e

  • SSDEEP

    768:iLATbo5e+DSZkhgXHQExse+ezT9EAvkVTenHcGS5:EATbE5x6XHbqez5vqenHo

Score
7/10
discoveryupx

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL 1 IoCs
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in Program Files directory 4 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 32 IoCs
    adwarespyware
  • Modifies data under HKEY_USERS 64 IoCs
  • Modifies registry class 63 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d7557f26850945c0169ef1a1ff0c7890_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\d7557f26850945c0169ef1a1ff0c7890_JaffaCakes118.exe"
    1⤵
    • Checks computer location settings
    • Loads dropped DLL
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    • Modifies Internet Explorer settings
    • Modifies data under HKEY_USERS
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:880
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_uninst0.bat" "
      2⤵
      • System Location Discovery: System Language Discovery
      PID:4404
  • C:\Program Files (x86)\Internet Explorer\ielowutil.exe
    "C:\Program Files (x86)\Internet Explorer\ielowutil.exe" -CLSID:{0002DF01-0000-0000-C000-000000000046} -Embedding
    1⤵
    • System Location Discovery: System Language Discovery
    PID:5072
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3528
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3528 CREDAT:17410 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:4028

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Program Files (x86)\Security Tools\iesbpl.dll
          Filesize

          68KB

          MD5

          d9aa72e2cce91fb168f6fe7810d51bc5

          SHA1

          ead0833585416490acf82d74a13e592edeabc8ff

          SHA256

          f39ea23288677298b18a1cc8a902b05e6aca65d46c977b4eea6e59a00c124068

          SHA512

          28f4aef63431c4f8afce037fa79e2005777d82ffe3b6a460f8281e9de7b11b32c5a75a3787f8dd87bba58050aa1b25581f62e24adafc1d175764cfc82084c0db

          Download Submit

        • C:\ProgramData\Microsoft\Windows\Start Menu\Security Troubleshooting.url
          Filesize

          131B

          MD5

          7f50b695c1e83c5bc7f0249b86fc75b1

          SHA1

          f2297d7c857a19e0826878cc9d1da317d6a042fc

          SHA256

          2cf2574c27089dd94f8157774070208561a4e095a7652c4fbb4a645d131d9119

          SHA512

          74411dd8e333d08c40d0eec08d2def37f9c0c53e486f781f05f91c816a9ecec03cb1c4d42b7077e0692557a84bf925f23b30713e7ef5cfc68a6954c6ebd7563c

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
          Filesize

          471B

          MD5

          aab286bb456859cae2f78a66a3dd795b

          SHA1

          16d32cdd9959586b11aacf682d6f8fd8a57eca8d

          SHA256

          70e602cf187b74a4a8f0660a02aa57c79b326b5f70d14649a9259da01f34a4bf

          SHA512

          de22ca238f407b029330978bfee646a8a9421befc5c570eddd7afb647b1ddc2a4ff5e14d6dd0dc03978b75b5252d508b7e62a02a15ebb528b547bf2a95c9b188

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
          Filesize

          404B

          MD5

          3e322d37ac0bdc14ef9a8bd9a545b61b

          SHA1

          f7b4103865d10141e8d26a8fb82d555ee35bc63c

          SHA256

          56fd0e11ee4840129f412a55f5ab7985b1ce1556b920ac6e1ff46bd4cd98d356

          SHA512

          7a7949a580aaa481a146edf3aadf4780afd0cbbd0ed26df4b790bff441e02d7aefb4d3438914aa476047b125de82c09f112bd60065486b9f2082ad44df7d774f

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\NUB8HZ4Z\suggestions[1].en-US
          Filesize

          17KB

          MD5

          5a34cb996293fde2cb7a4ac89587393a

          SHA1

          3c96c993500690d1a77873cd62bc639b3a10653f

          SHA256

          c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

          SHA512

          e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\_uninst0.bat
          Filesize

          305B

          MD5

          6f5b3fb9b607e26da6fa0bc34d318055

          SHA1

          0248f6895f7ea906fc871bcd3c0e587f0d4118d1

          SHA256

          d11e67fa597df3087af545849dcb3c2158432e2284c7ee620e3e6436e8991233

          SHA512

          816efe49925cbfb3c2269f9d2e83a3a8dfdbb0d1bb01bfa1bf8cdf59c26afbca812fbc9b17dc1ea047296f3052dc44eeb0f22ab14454ee582fd9338e9ce4385a

          Download Submit

        • C:\Users\Public\Desktop\Online Security Guide.url
          Filesize

          131B

          MD5

          aec34a2d045e1a032717b8b8cd7b9a4b

          SHA1

          a860909b4273f2c64f43fe91f255b0cae2c90bd4

          SHA256

          8506def9100d4b40beeb01be93f6d977a32200baa56946ff77a32c8f107af21a

          SHA512

          89e5d03a7e8ffd2e5cf261c78fec35b4be6441dcd149c04ddef7495cdaedcb274148d3a85e8c45776836e14e25e4e51e4c1094a7188f43e5909e1d202364710d

          Download Submit

        • memory/880-0-0x0000000000400000-0x0000000000422000-memory.dmp

          Filesize

          136KB

          Download

        • memory/880-28-0x0000000000400000-0x0000000000422000-memory.dmp

          Filesize

          136KB

          Download