Overview

overview

7

Static

static

1

df98b86430...18.exe

windows7-x64

7

df98b86430...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    93s
  • max time network
    142s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14/09/2024, 05:42

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    df98b86430a02169cbe567660e602c06_JaffaCakes118.exe

  • Size

    1.5MB

  • MD5

    df98b86430a02169cbe567660e602c06

  • SHA1

    fafa38bdfa1c8c957e18a0cb4bc80239049c4821

  • SHA256

    27e5912c8d49fa099c13e91fb23f7cbaf9e343ba0f817c2af619aa565484fa8b

  • SHA512

    f742af22bb4ce6605acd317afa6568e537709cb1c67d866369992ffee38fe0e092a5826885c2b1d62afb638f35f9df1c37b9fbea0b078e53925d8d9d5d05799d

  • SSDEEP

    24576:1OHOJxIfQ8OlDORTL0mRIZdE4WPpbjgAPfAb4ieESuyxdgzEVHp/CZvHgDocykDP:fmfQfmT4mRIZdE4WBbMAPfAxeEShdgzs

Score
7/10
discoveryspywarestealer

Malware Config

Signatures

  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 42 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\df98b86430a02169cbe567660e602c06_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\df98b86430a02169cbe567660e602c06_JaffaCakes118.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2616
    • C:\Users\Admin\AppData\Local\Temp\df98b86430a02169cbe567660e602c06_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\df98b86430a02169cbe567660e602c06_JaffaCakes118.exe" /wrapper /dir="C:\Users\Admin\AppData\Local\Temp\pkg_52b31790"
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      PID:3380
  • C:\Program Files (x86)\Internet Explorer\ielowutil.exe
    "C:\Program Files (x86)\Internet Explorer\ielowutil.exe" -CLSID:{0002DF01-0000-0000-C000-000000000046} -Embedding
    1⤵
    • System Location Discovery: System Language Discovery
    PID:5060
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1644
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1644 CREDAT:17410 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:536

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
          Filesize

          471B

          MD5

          84231e6b703a4b64fa601076af9e016a

          SHA1

          210e330be937e617085d28bf356c990a49dce0a5

          SHA256

          e10b7b5f4f3291d340cebafd2d87bbec8689ffb1750a813a2887b6cd31ce61b3

          SHA512

          e13fcb1e344dbd4cd9429faa51f61615ce602908e3eabb7ae9190e745f38747b62b563ca9c0c71abecff1fc398afd2652d32ec37511061d2dff2356aaad0b8d4

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
          Filesize

          404B

          MD5

          c402ac6c779a024c22ea2ca4f89761f3

          SHA1

          de0ae49a43222388dc33f48c8b5fb32bde700f6a

          SHA256

          fb34f3d4d677f45e109eba5db2f9d0dfc240bfe343192bc0c52a1ba8dfb30803

          SHA512

          08b716c09cb2bb5e70547821df0da074d95ec5dabda8b5aa274f6c0eef77149ea121b141cd20d8b94fe6ce2d165f2acd22bed2fe18977f9d8dde20b84204617f

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\VersionManager\verFA5E.tmp
          Filesize

          15KB

          MD5

          1a545d0052b581fbb2ab4c52133846bc

          SHA1

          62f3266a9b9925cd6d98658b92adec673cbe3dd3

          SHA256

          557472aeaebf4c1c800b9df14c190f66d62cbabb011300dbedde2dcddd27a6c1

          SHA512

          bd326d111589d87cd6d019378ec725ac9ac7ad4c36f22453941f7d52f90b747ede4783a83dfff6cae1b3bb46690ad49cffa77f2afda019b22863ac485b406e8d

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\H9MX5QVK\suggestions[1].en-US
          Filesize

          17KB

          MD5

          5a34cb996293fde2cb7a4ac89587393a

          SHA1

          3c96c993500690d1a77873cd62bc639b3a10653f

          SHA256

          c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

          SHA512

          e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\pkg_52b31790\autorun.txt
          Filesize

          286B

          MD5

          839b9ca77d076eeb01491aa7c500e60f

          SHA1

          6dd96f1fc5f9fe3e02833cfbb36dee88bd069c19

          SHA256

          c74169a863def5663e017d527fc9c4aacad1d7cbf2f9714b5290550fcb0d4df3

          SHA512

          cf7884c691ab695402a1f746d980c6ef3ea8bcaed39f1375cb421368219244173798a990054fa349abceab374516f7facd8e801589fa5af78cead452262eaa35

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\pkg_52b31790\detectionrules.dat
          Filesize

          545B

          MD5

          066f3e862eacd7c6758199856fecfe84

          SHA1

          b1a68c373d2ac5f8cbd1031bfd1607c3d9e479b3

          SHA256

          0b92ff929b3f19440cef7c22c7ef1500a5a0f799fa1fd24a386c2b6be94671a1

          SHA512

          31b8b7b9adabb2eda96d4528be02ff67e02059eec23ac0ac6010fdbf2bbc2c2f9408e8b2b39f42b9796d9b00964f36aa650a7cc460192490f66602c0307bfd34

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\pkg_52b31790\df98b86430a02169cbe567660e602c06_JaffaCakes118.log
          Filesize

          10KB

          MD5

          ea69882a723d8704f86665294c83820e

          SHA1

          b8dc00c9442793cb23022862bbcc8c7225107b7b

          SHA256

          63d48283868d063871755bf2376a723ec5a95f16ca7d1287d261bfd9b869a007

          SHA512

          8f8b787cbb52353e5f84205d255fd62948291d8df5154e530f1f7d9a2d7b5b756529e44b42b3f2fa34b83ecaba77399eaf746236b20c5ddfcccf9bb959a80c7d

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\pkg_52b31790\stubinfo.ini
          Filesize

          44B

          MD5

          e866c9e9ba2e0f31182549f42ddfa79c

          SHA1

          817c84fa114b3798eef1201fc5de4051ef6c5da2

          SHA256

          e749baad2d3ad9262f5e49784beb87f23d81dd4fd005c073313e31156633745b

          SHA512

          2d7a83b73eff94bfb2b46f5d7336b667eca9907896c18e824b92bb752ade3fc591eb98123984525d1649bb82ae49e85a719764f08e2d1e3f7986f2a6b4cb135f

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\pkg_52b31790\timings.txt
          Filesize

          386B

          MD5

          0fd3dda54a9b5a5423fc354987be54ff

          SHA1

          056d7d369e4718d310a74c0f623381e05ea9bde5

          SHA256

          6ec589f613a7c53654aca227bac6c67763536736b1547b321fea1ea23b16a437

          SHA512

          a8336915a5b0d42c203d4d6bbb6f7bd1f18718b46d2d34a6821e03fe6952dee5ce0803711ba2d53efd9d89d51b8e553247bc1ea1a432d27f0e8780adca72eaad

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\pkg_52b31790\wrapper.xml
          Filesize

          657B

          MD5

          847bf4de748e777e28f88457df0eedec

          SHA1

          d7626511a6401c9a0995dc7516549edbce2cc800

          SHA256

          34bdc3bfd0a26d1c5b63105bbd5c9504ebfdaa6de29a37a009035cbd526781dd

          SHA512

          0d82f0b44f8af7d3a061b17312f3cf7e0f6d7c8d6cdbdb13a3a7ebb5c6c421b07156e47a7e69c69fa1dab0fafc3c324d3ccbc1d360d0769cab44a6c871cee490

          Download Submit