Overview

overview

7

Static

static

3

ea50ecac05...18.exe

windows7-x64

7

ea50ecac05...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    94s
  • max time network
    124s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/09/2024, 01:12

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    ea50ecac05788fa48be8642fa67559a6_JaffaCakes118.exe

  • Size

    52KB

  • MD5

    ea50ecac05788fa48be8642fa67559a6

  • SHA1

    27fb837307cf819f49d81b032433f0efb83defa7

  • SHA256

    1735e0042b2690a63ae8f0a9adaafb27f01c987b9204285f998af74ab857b5c2

  • SHA512

    a7f4fde47a585e9788365d96c47f7d666e6497651023b722ef8fd94c7af1e2951912b5d43377277e45f97e6a138cfd083637736cd000aad35a27157cd7e8bbc6

  • SSDEEP

    768:AOhHYZwo8tATsAgcJEkDavy1ek7MGk9Y1BMYvoxQkdKb3dXNDBB7USf9:l6wouc2fy1J7MGH1SYhvtTBJ

Score
7/10
adwaredefense_evasiondiscoverystealer

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Indicator Removal: File Deletion 1 TTPs

    Adversaries may delete files left behind by the actions of their intrusion activity.

    defense_evasion
  • Installs/modifies Browser Helper Object 2 TTPs 2 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

    stealeradware
  • Drops file in System32 directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Modifies registry class 9 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ea50ecac05788fa48be8642fa67559a6_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\ea50ecac05788fa48be8642fa67559a6_JaffaCakes118.exe"
    1⤵
    • Checks computer location settings
    • Installs/modifies Browser Helper Object
    • Drops file in System32 directory
    • System Location Discovery: System Language Discovery
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:4332
    • C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\system32\cmd.exe" /c del C:\Users\Admin\AppData\Local\Temp\EA50EC~1.EXE >> NUL
      2⤵
      • System Location Discovery: System Language Discovery
      PID:3064

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads