Overview

overview

7

Static

static

7

d9ab6010f1...18.exe

windows7-x64

7

d9ab6010f1...18.exe

windows10-2004-x64

7

$PLUGINSDI...rb.dll

windows7-x64

3

$PLUGINSDI...rb.dll

windows10-2004-x64

3

$PLUGINSDI...fo.dll

windows7-x64

3

$PLUGINSDI...fo.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDIR/UAC.dll

windows7-x64

3

$PLUGINSDIR/UAC.dll

windows10-2004-x64

3

$PLUGINSDI...fo.dll

windows7-x64

3

$PLUGINSDI...fo.dll

windows10-2004-x64

3

$PLUGINSDI...la.rtf

windows7-x64

4

$PLUGINSDI...la.rtf

windows10-2004-x64

1

$PLUGINSDI...ay.dll

windows7-x64

7

$PLUGINSDI...ay.dll

windows10-2004-x64

7

$PLUGINSDI...gs.dll

windows7-x64

3

$PLUGINSDI...gs.dll

windows10-2004-x64

3

$PLUGINSDI...ec.dll

windows7-x64

3

$PLUGINSDI...ec.dll

windows10-2004-x64

3

$PLUGINSDI...ML.dll

windows7-x64

3

$PLUGINSDI...ML.dll

windows10-2004-x64

3

$PLUGINSDI...ry.dll

windows7-x64

3

$PLUGINSDI...ry.dll

windows10-2004-x64

3

$R1/$_1_/U...ll.exe

windows7-x64

7

$R1/$_1_/U...ll.exe

windows10-2004-x64

7

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDIR/UAC.dll

windows7-x64

3

$PLUGINSDIR/UAC.dll

windows10-2004-x64

3

$PLUGINSDI...gs.dll

windows7-x64

3

$PLUGINSDI...gs.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    117s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    11/09/2024, 05:08 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d9ab6010f17a52dd2da43af544f97a53_JaffaCakes118.exe

  • Size

    1.4MB

  • MD5

    d9ab6010f17a52dd2da43af544f97a53

  • SHA1

    e4098f155a89e3e7802d9cef80183dd9eb8b2a2a

  • SHA256

    145c4dbf4c6cddb1b59a8fc6f6794a48ee5ba0bb92b9c90de3bf92ab2bf86576

  • SHA512

    06828f229143b103eb78b1cc1cbf5db5ab35d8baa432b82dde0bb9b5179c44859a5283bcbbcb8b351ff90456c169d6dd36ee2cb061c48e4d84af6d8dbef46424

  • SSDEEP

    24576:L2KqYz3utEROE3cvWt9xkAzb8cQlE++NHXYNoPfSih:pD/OKc4xXz6F+iNoCih

Score
7/10
discoveryspywarestealer

Malware Config

Signatures

  • Loads dropped DLL 7 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Drops file in Program Files directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Modifies registry class 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d9ab6010f17a52dd2da43af544f97a53_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\d9ab6010f17a52dd2da43af544f97a53_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:2136

Network

  • flag-us
    DNS
    www.secondofferdelivery.com
    d9ab6010f17a52dd2da43af544f97a53_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    www.secondofferdelivery.com
    IN A
    Response
No results found
  • 8.8.8.8:53
    www.secondofferdelivery.com
    dns
    d9ab6010f17a52dd2da43af544f97a53_JaffaCakes118.exe
    73 B
     146 B
     1
    1

    DNS Request

    www.secondofferdelivery.com

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nsyD03B.tmp\apphelp.dll
    Filesize

    1.9MB

    MD5

    fe83bf8c380b208bd7738ac0d5645962

    SHA1

    fd83745c0f286d9b2b43316ac9ee1d14459b47f9

    SHA256

    3f6b1e16842b9ac03cf2aa285ce812d1c526f610854b7e110ac1b4625d55ecf6

    SHA512

    217df4fdf9e9e3c4b525d00c7c680fc77c63a52817c53b59e5f786eda68b766a8068e44c04c74dc8e695711051d59097c4c2b35e9f1eace38a5cec4e7530b2d3

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsyD03B.tmp\soffer.dll
    Filesize

    194KB

    MD5

    0d1d780cd2d8445c4718d23e8f2551cd

    SHA1

    348618b28381aa43b1696ae26325a02e27c51c60

    SHA256

    3c4307e83e3264571a5e5e80e01da4d7bce98f0c9e36564b10ff21edbc613330

    SHA512

    02776fbbd10556d4152660440059eb29358103e1ae71df289ef0ef11f66d9bef4053813553a4fea71af427ae866e5c6222693b3e5295be9592827b073f592e34

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsyD03B.tmp\System.dll
    Filesize

    11KB

    MD5

    bf712f32249029466fa86756f5546950

    SHA1

    75ac4dc4808ac148ddd78f6b89a51afbd4091c2e

    SHA256

    7851cb12fa4131f1fee5de390d650ef65cac561279f1cfe70ad16cc9780210af

    SHA512

    13f69959b28416e0b8811c962a49309dca3f048a165457051a28a3eb51377dcaf99a15e86d7eee8f867a9e25ecf8c44da370ac8f530eeae7b5252eaba64b96f4

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsyD03B.tmp\UAC.dll
    Filesize

    13KB

    MD5

    a88baad3461d2e9928a15753b1d93fd7

    SHA1

    bb826e35264968bbc3b981d8430ac55df1e6d4a6

    SHA256

    c5ab2926c268257122d0342739e73573d7eeda34c861bc7a68a02cbc69bd41af

    SHA512

    5edcf46680716930da7fd1a41b8b0426f057cf4becefb3ee84798ec8b449726afb822fb626c4942036a1ae3bb937184d1f71d0e45075abb5bf167f5d833df43a

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsyD03B.tmp\UserInfo.dll
    Filesize

    4KB

    MD5

    c7ce0e47c83525983fd2c4c9566b4aad

    SHA1

    38b7ad7bb32ffae35540fce373b8a671878dc54e

    SHA256

    6293408a5fa6d0f55f0a4d01528eb5b807ee9447a75a28b5986267475ebcd3ae

    SHA512

    ee9f23ea5210f418d4c559628bbfb3a0f892440bcd5dc4c1901cb8e510078e4481ea8353b262795076a19055e70b88e08fee5fb7e8f35a6f49022096408df20e

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsyD03B.tmp\nsDialogs.dll
    Filesize

    9KB

    MD5

    4ccc4a742d4423f2f0ed744fd9c81f63

    SHA1

    704f00a1acc327fd879cf75fc90d0b8f927c36bc

    SHA256

    416133dd86c0dff6b0fcaf1f46dfe97fdc85b37f90effb2d369164a8f7e13ae6

    SHA512

    790c5eb1f8b297e45054c855b66dfc18e9f3f1b1870559014dbefa3b9d5b6d33a993a9e089202e70f51a55d859b74e8605c6f633386fd9189b6f78941bf1bfdb

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsyD03B.tmp\registry.dll
    Filesize

    24KB

    MD5

    2b7007ed0262ca02ef69d8990815cbeb

    SHA1

    2eabe4f755213666dbbbde024a5235ddde02b47f

    SHA256

    0b25b20f26de5d5bd795f934c70447112b4981343fcb2dfab3374a4018d28c2d

    SHA512

    aa75ee59ca0b8530eb7298b74e5f334ae9d14129f603b285a3170b82103cfdcc175af8185317e6207142517769e69a24b34fcdf0f58ed50a4960cbe8c22a0aca

    Download Submit

  • memory/2136-36-0x00000000024E0000-0x00000000024E1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2136-54-0x00000000024E0000-0x00000000024E1000-memory.dmp

    Filesize

    4KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.