Overview

overview

7

Static

static

3

dab15905d1...18.exe

windows7-x64

7

dab15905d1...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    131s
  • max time network
    131s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    11/09/2024, 15:50

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    dab15905d1018783806a7c7dc436d2b3_JaffaCakes118.exe

  • Size

    2.5MB

  • MD5

    dab15905d1018783806a7c7dc436d2b3

  • SHA1

    27e4f782747014713df86aa27ad7ba8d34572304

  • SHA256

    2b39fe6aded3c759ac5754dc6cdaf634cf76f9be586a26344733d823e0d02230

  • SHA512

    0e4c243449ad958d160f7bd199f7027b79cfbeea1014aa99f26ab4c606abba5a148f6d8dcfa7d2f9f6c10c69ef70fa2f8892e70c381e3d2e1f7aacc09092b104

  • SSDEEP

    24576:n7abJuPc3+qIZJTP0O5vGL+HhNdhkNyF8YIhx9xOgq4AaaBlrVSnlPsUkgrPUwe2:7SuPoYpYCN7bIh/3+VSdR07yAQ

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 5 IoCs
  • Loads dropped DLL 4 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Drops file in Program Files directory 7 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 33 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 6 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 28 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\dab15905d1018783806a7c7dc436d2b3_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\dab15905d1018783806a7c7dc436d2b3_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2904
    • C:\program files (x86)\internet explorer\wmpscfgs.exe
      "C:\program files (x86)\internet explorer\wmpscfgs.exe"
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:1900
    • C:\Program Files (x86)\Internet Explorer\wmpscfgs.exe
      C:\Program Files (x86)\Internet Explorer\wmpscfgs.exe
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • Drops file in Program Files directory
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:1752
      • C:\program files (x86)\internet explorer\wmpscfgs.exe
        "C:\program files (x86)\internet explorer\wmpscfgs.exe" Files (x86)\Internet Explorer\wmpscfgs.exe
        3⤵
        • Executes dropped EXE
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:2052
      • C:\program files (x86)\internet explorer\wmpscfgs.exe
        "C:\program files (x86)\internet explorer\wmpscfgs.exe" Files (x86)\Internet Explorer\wmpscfgs.exe
        3⤵
        • Executes dropped EXE
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:2012
      • C:\Program Files (x86)\Internet Explorer\wmpscfgs.exe
        C:\Program Files (x86)\Internet Explorer\wmpscfgs.exe
        3⤵
        • Executes dropped EXE
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:1492
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:560
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:560 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2056
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:560 CREDAT:734213 /prefetch:2
      2⤵
        PID:2748

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Program Files (x86)\Internet Explorer\wmpscfgs.exe
            Filesize

            2.5MB

            MD5

            920f2a81a4f118cd12491ff8207ec781

            SHA1

            4eab60eaa46f66f678f5ac2ef6041d46deae2f2c

            SHA256

            197c609ab5aeb986b5edb64d8a6e08f7631e6f5608d75237ee9a24175ef8694f

            SHA512

            65dc99d13ccde8948908e70215ca0ab19036112d176e5dbda67a432fe9a0a376ab8217ecbb0003a7d1a301f94c01868ee5840851b683bad6818624f844644019

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            342B

            MD5

            c7a622b81234ff46975434892368da15

            SHA1

            196c2c3a36caa9f244ae081deb7ba5c661f3d52e

            SHA256

            42435d57a465ce28f933213d9abdda240b2e97c59c7a7e77245b4c2d236dda6d

            SHA512

            9195023295d72ae21124c9b5b9d92d7f7cc9eb93ff7f62eb24dce75fbb789fa9e6aea84961238bde80edcd9869be832fab9bb177c17157c6c1adba65eebdc9ab

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            342B

            MD5

            635707a11b3d7de8f4ee7b81d49455c4

            SHA1

            6d1473a7dfb00f5cbbd6aea0f42eda72516cb3d6

            SHA256

            437c3e7a8464b4e46b902a61767689e4e3f0982cc451e1f8668d27896147b30c

            SHA512

            800d7bc073b2943d537f9ca03f8d251a922e05fe16985d18746fbf54ed07d22510117e2a6a28db1af109f4600a6b355516932270e31f05f5c81749e73de79f18

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            342B

            MD5

            3ec2953df14aa4254278d0429bd140ca

            SHA1

            98cfed4374c3b0bcbcdcb3d7212dcc43ee923e71

            SHA256

            9585cd0b162243654d0f3c20241cb5bfc5a6dac6c663b512a5c17b8d65a9e72c

            SHA512

            30b48e2f113cd718c5f545db06e9c1c5bb630955d8c5cd803550ffb4f11214138f63f60785bc46b19f9d79cac2bad5349afd6aaf5fba2cf4e35a7e1acde433db

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            342B

            MD5

            9543a7d8c48ebd037a83b9486cd5c40e

            SHA1

            ddac68fcf26c1e9ecf9b1096fa89b2ca2525d2da

            SHA256

            66f59e2b5e57c7f6f730cfe1b1c774f4dd6e5f824c13fe4f13280e5275313392

            SHA512

            e44b6246d04efbdeeff7e5315d1e3d2364494f84c97c8c3943bbbd24a2ad31b7ec15347bb64e043594887be6eb9d9447184140ef1549878a9f7abc7e310a2b46

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            342B

            MD5

            a5e4f61d2d8f04a8a739fed60f26f531

            SHA1

            b8fc6cc11646c271a0f9bd5c75ed022b3ada2fdf

            SHA256

            23396529421a01bd867d8ccac4ea7fae5d9326d04d06ea2f2ed0629d8707e148

            SHA512

            4bf99d97ceff15cf40fbd38b7a98adc17e2b7c69ed2fc43c95790ac0aa7c0232e9f025db2ac0e84488e1a7acf0f4b9c36334806da7663e203a4778300d2d4329

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            342B

            MD5

            266d6c05359e2a46f230fccfe312d2ac

            SHA1

            57612a85bc4dca418ee9e9611f64dfb9aa6eb844

            SHA256

            06e100eb83b2a8fa828698c9fcc5d1a64192fd74e04f6d1a30a632bed13e6522

            SHA512

            8a75088b65806576ca821cc05f4b0654efa78210c9b04e4d4151a8a22bd4a3c7435ea830950efe4383df9096889721d5a92b152db855d0e431a03844862525cf

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            342B

            MD5

            8e747d93263a2e33029f2cae88ad5ab5

            SHA1

            fe515b089967f6fe9f7d43e6b92224e103d579b9

            SHA256

            1f038c4203d8fe1b1b181919985c3b3004c13d8b22b46516da3e4b9775d15c2d

            SHA512

            881b4dff7a7fc613d94484878b274ee3875a7d936358470d7af59953d8d97413f59eacfea96b1a3e5d90a1e32acfddb2c0dd55a5a5d4c3d23448548e95edc340

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            342B

            MD5

            da8070fa061f52eb6e62cb53461f88d4

            SHA1

            51216dd212efec7e218ea0cdd2bc3ef83ea78ad6

            SHA256

            fabbd5a697b9326e371303dc22bb5310ce79f53719b5e9e4634e64561b09d0d6

            SHA512

            db89549c9af8016053bb6b19caef32f5848ce2c7a0d0420f0b9ccfd3c2801ee01d795f0492f2f9e4381e6f2b469d1b1fdd54155602b59ae081883cf934bd129d

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            342B

            MD5

            1058cbddc0d9c12a006c2f6dcd139cb1

            SHA1

            5b3282a125d360c8cab637e4d754d7f81d9e06cf

            SHA256

            c4d716511f2acea1a9e89da087be68b030c123c66d58e443f788a10e0d9e4212

            SHA512

            2f2c71d8ebe416c1c4371088577fa9419ebe6b86d53c9f9f348b57fdc45fa9ddd3ce7ff59e87671f9b1cf9dfa1bb5c62d686760387caebbc9ec39e66ff470edc

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            342B

            MD5

            269f956bb47aa1a89d765230d503a43b

            SHA1

            fb3d3a734aeac15f49b13d4042c7e12c6d260586

            SHA256

            7deab03963ee1176184837da7f97565f094516c7718c1e386281ff9302834088

            SHA512

            488d142866846c1ea2a99944b60ad5fe27e63f110c3b330cd181fff97fa3bcb12eb3d5b21705c612920d4974ab9598310bed3aa34e120c4820ee9eb0793f2023

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\Cab343D.tmp
            Filesize

            70KB

            MD5

            49aebf8cbd62d92ac215b2923fb1b9f5

            SHA1

            1723be06719828dda65ad804298d0431f6aff976

            SHA256

            b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

            SHA512

            bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\Tar343C.tmp
            Filesize

            181KB

            MD5

            4ea6026cf93ec6338144661bf1202cd1

            SHA1

            a1dec9044f750ad887935a01430bf49322fbdcb7

            SHA256

            8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

            SHA512

            6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

            Download Submit

          • \??\c:\program files (x86)\adobe\acrotray .exe
            Filesize

            2.5MB

            MD5

            8d79a7e5a2434218e8ca370b39c55afa

            SHA1

            70332f118d8bf495a567a67548a2d9207feac64f

            SHA256

            896efb6b1b4c740c86524724ef8c5fe879c59b3f1f66d0d40fefdde0397e8536

            SHA512

            2cfadaddbf7a2ccdc550540348e2ff436ffe389d6727a3e7a6e604e679fc004fb672186f25fba76ff2fe01c63bfb5959b8560ca633b9cd3fc43c788762df937f

            Download Submit

          • \??\c:\program files (x86)\adobe\acrotray.exe
            Filesize

            2.5MB

            MD5

            f71c142ed58b59e868f72f54c30ac716

            SHA1

            d3722904d8df2709464e5aab16becea02d7c6600

            SHA256

            7d6c28d010cc26fb8bcfdcbb177cea375c2cd04255a869a5302752e2f595a091

            SHA512

            3adf781bfe8957a9ecfe29c22d9ab2cbaf6947e5abbea36f362da021e7902ab75982b50638987086895d053116127bdbf725de92aa4d747eef4600eedf96d7bb

            Download Submit

          • \??\c:\program files (x86)\microsoft office\office14\bcssync.exe
            Filesize

            2.5MB

            MD5

            4061840b073c0cbef155bdd9d5315495

            SHA1

            c5509a95bc030c4f3210634e67552e004108858e

            SHA256

            f56317a85070994ae5ce929a096f158045068aa666bac6f6ca9a5beedf077018

            SHA512

            0e95d7c2eed5bd575ad8c79df30031c5ef0cc9a4f066bf5646d555a1560dcd4cba1739bbaf7cd63e0053dc1fcce014cd327eb3c0153c5f364ee373a3cb350f78

            Download Submit

          • memory/1752-49-0x00000000022B0000-0x00000000022B2000-memory.dmp

            Filesize

            8KB

            Download

          • memory/1752-22-0x0000000010000000-0x0000000010010000-memory.dmp

            Filesize

            64KB

            Download

          • memory/2904-0-0x0000000010000000-0x0000000010010000-memory.dmp

            Filesize

            64KB

            Download