Overview

overview

10

Static

static

3

e24a9f05a6...18.exe

windows7-x64

10

e24a9f05a6...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    86s
  • max time network
    160s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15/09/2024, 10:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e24a9f05a6de6de56699c5816b769778_JaffaCakes118.exe

  • Size

    62KB

  • MD5

    e24a9f05a6de6de56699c5816b769778

  • SHA1

    49ef5d7447dbfb8a433d810cb5b01a6f13c94c16

  • SHA256

    a15e8d04dd3b8cc47cf5150070688ad125cd66fc076bdad3c68b1f2e78d86363

  • SHA512

    1c758d0aa1fa671f1d9b6a43fd9079be50d0d09c2cf522800370eace534a984a7e656a7c939880e08d3e5be2f701f92d56eed5d6fe4dc81aea40d24f7fdb5c0e

  • SSDEEP

    1536:K8rT+onNbyXs8StJlUUInB8Wra8GpK1SvNfB4:NrionNbgTElE1rN+hlfi

Score
10/10
discoverypersistence

Malware Config

Signatures

  • Modifies WinLogon for persistence 2 TTPs 1 IoCs
    persistence
  • Enumerates connected drives 3 TTPs 7 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops autorun.inf file 1 TTPs 16 IoCs

    Malware can abuse Windows Autorun to spread further via attached volumes.

  • Drops file in Windows directory 5 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 31 IoCs
    adwarespyware
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs
  • System policy modification 1 TTPs 1 IoCs
    evasion

Processes

  • C:\Users\Admin\AppData\Local\Temp\e24a9f05a6de6de56699c5816b769778_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\e24a9f05a6de6de56699c5816b769778_JaffaCakes118.exe"
    1⤵
    • Modifies WinLogon for persistence
    • Enumerates connected drives
    • Drops autorun.inf file
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    • System policy modification
    PID:2060
    • C:\Program Files\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://www.sinavip.net/A.asp?Id=2702214235 20
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:4632
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4632 CREDAT:17410 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2040

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\zcn1cz4\imagestore.dat
    Filesize

    4KB

    MD5

    e097e5ecc0f5b114602a6f8a62d0fa88

    SHA1

    a43c8b621b2bab3cbae773b5552c1627e3b42863

    SHA256

    e1a6de51d582b8d9eb0dd8e3dccf2ac51d4e7b7fdd22776ef72faf024b809742

    SHA512

    637602f61dc42ea1dde48c1bd4ed5644d5c0485a1931f38c1c0fbd4b711ec1998d41de5a053e2be182e6fdb52808a4e8b91f6864739bda542bd9a556f65f83fd

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\NUB8HZ4Z\suggestions[1].en-US
    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\VKVWVXN7\favicon[1].ico
    Filesize

    4KB

    MD5

    2078a69bf68e43b1a9b3ea4caa01cdeb

    SHA1

    705231be423060e06cf18dc76ea61c629898cbb0

    SHA256

    e471a9f02d1bb949155890f497d7b6188766b88154bf5aecc713d0ce4513723a

    SHA512

    4e2032974a289732be0d2d059cde6f60635e06a3748e9f478cc14b88013a7f45d7a764d32ee68f2d237f1300aff24df6167592a818b3273d7339e6f5430736e7

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\VKVWVXN7\lx[1].js
    Filesize

    25B

    MD5

    4c45edd71bc8644931eb70a590d3c9b1

    SHA1

    bb8ae14b976d90af8936cee51aa065af3d83f395

    SHA256

    bdf27a53b493a4dda61186f6885e83a6fd2bb97ed72be4b96c5a12073e15abb1

    SHA512

    07ad2fd734bbee094cd6c690b697894e6e684881648ebde8b3634e9a9b5f1f141ef3f9b9d1a1d3922ad2697884ddeb3a4976f4c0aece6fba5af0ecbd70cbbeaf

    Download Submit

  • C:\Windows\e24a9f05a6de6de56699c5816b769778_JaffaCakes118.exe
    Filesize

    62KB

    MD5

    e24a9f05a6de6de56699c5816b769778

    SHA1

    49ef5d7447dbfb8a433d810cb5b01a6f13c94c16

    SHA256

    a15e8d04dd3b8cc47cf5150070688ad125cd66fc076bdad3c68b1f2e78d86363

    SHA512

    1c758d0aa1fa671f1d9b6a43fd9079be50d0d09c2cf522800370eace534a984a7e656a7c939880e08d3e5be2f701f92d56eed5d6fe4dc81aea40d24f7fdb5c0e

    Download Submit

  • memory/2060-0-0x0000000000400000-0x0000000000423000-memory.dmp

    Filesize

    140KB

    Download

  • memory/2060-1-0x0000000000540000-0x0000000000541000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2060-2-0x0000000000400000-0x0000000000423000-memory.dmp

    Filesize

    140KB

    Download

  • memory/2060-6-0x0000000000400000-0x0000000000423000-memory.dmp

    Filesize

    140KB

    Download

  • memory/2060-16-0x0000000000400000-0x0000000000423000-memory.dmp

    Filesize

    140KB

    Download