Overview

overview

7

Static

static

3

eabe803357...18.exe

windows7-x64

5

eabe803357...18.exe

windows10-2004-x64

5

$PLUGINSDI...fo.dll

windows7-x64

3

$PLUGINSDI...fo.dll

windows10-2004-x64

3

$PLUGINSDI...in.dll

windows7-x64

3

$PLUGINSDI...in.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$R0.dll

windows7-x64

7

$R0.dll

windows10-2004-x64

7

2345BatchRename.dll

windows7-x64

1

2345BatchRename.dll

windows10-2004-x64

1

2345EditorApp.dll

windows7-x64

1

2345EditorApp.dll

windows10-2004-x64

1

2345Extract.dll

windows7-x64

1

2345Extract.dll

windows10-2004-x64

1

2345Image.dll

windows7-x64

1

2345Image.dll

windows10-2004-x64

1

2345ImageApp.dll

windows7-x64

1

2345ImageApp.dll

windows10-2004-x64

1

2345ImageCapture.dll

windows7-x64

1

2345ImageCapture.dll

windows10-2004-x64

1

2345MiniPage.exe

windows7-x64

2345MiniPage.exe

windows10-2004-x64

2345PdfApp.dll

windows7-x64

1

2345PdfApp.dll

windows10-2004-x64

1

2345PdfReader.exe

windows7-x64

2345PdfReader.exe

windows10-2004-x64

2345Pic.exe

windows7-x64

2345Pic.exe

windows10-2004-x64

2345PicEditor.exe

windows7-x64

2345PicEditor.exe

windows10-2004-x64

Analysis

  • max time kernel
    94s
  • max time network
    97s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19-09-2024 06:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    eabe80335778b6495bb615345c9dca08_JaffaCakes118.exe

  • Size

    13.9MB

  • MD5

    eabe80335778b6495bb615345c9dca08

  • SHA1

    d17229b14e5f7d3ff1a47f8ac8a3188b4195c987

  • SHA256

    8e52ead6497719ec558f7f3e93095fd35185f00f4c39aba85135fffc24f58f40

  • SHA512

    24585da42c03bafa8d4d61c846d197d41be3287489b59da5ba21bf19aab1b045e80015dab619d93aad84b78131dd2ce0d2ac031e3977a2eb6fbdb158412183b3

  • SSDEEP

    393216:RrXBq/rJ19uYoOgXWimA5TPwAAkXHg+ncj92Nqy1j:RdC3FA5TYe3gWQ92Nqgj

Score
5/10
discoverypersistenceprivilege_escalation

Malware Config

Signatures

  • Event Triggered Execution: Component Object Model Hijacking 1 TTPs

    Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    persistenceprivilege_escalation
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in Program Files directory 44 IoCs
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 57 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies registry class 64 IoCs
  • Modifies system certificate store 2 TTPs 5 IoCs
    evasionspywaretrojan
  • Suspicious behavior: EnumeratesProcesses 20 IoCs
  • Suspicious use of FindShellTrayWindow 3 IoCs
  • Suspicious use of SendNotifyMessage 2 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\eabe80335778b6495bb615345c9dca08_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\eabe80335778b6495bb615345c9dca08_JaffaCakes118.exe"
    1⤵
    • Drops file in Program Files directory
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:5088
    • C:\Windows\system32\regsvr32.exe
      "C:\Windows\system32\regsvr32.exe" /s /u ""
      2⤵
        PID:3788
      • C:\Windows\system32\regsvr32.exe
        "C:\Windows\system32\regsvr32.exe" /s /u ""
        2⤵
          PID:1904
        • C:\Windows\system32\regsvr32.exe
          "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\2345Soft\2345Pic\2345ImageThumb64.dll"
          2⤵
          • Loads dropped DLL
          • Modifies registry class
          PID:3464
        • C:\Program Files (x86)\2345Soft\2345Pic\2345PicLoader.exe
          "C:\Program Files (x86)\2345Soft\2345Pic\2345PicLoader.exe" -install 8
          2⤵
          • Drops file in Program Files directory
          • Executes dropped EXE
          • Loads dropped DLL
          • System Location Discovery: System Language Discovery
          • Modifies registry class
          • Modifies system certificate store
          • Suspicious behavior: EnumeratesProcesses
          PID:3576
        • C:\Program Files (x86)\2345Soft\2345Pic\2345PicUpdate.exe
          "C:\Program Files (x86)\2345Soft\2345Pic\2345PicUpdate.exe" -install
          2⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SendNotifyMessage
          PID:532

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Program Files (x86)\2345Soft\2345Pic\2345ImageApp.dll
        Filesize

        4.4MB

        MD5

        860d5c2d491bb8bb59b8cd6acbccadbc

        SHA1

        e96fdf1b80c3a1b5c9b5c36177c237dcfd3666b3

        SHA256

        a8531a2a8a1d5b014b750c5b9f842e4e8e3dcd93bd2f5c96deaaf02b446782e2

        SHA512

        c315c7394d161637425354b053969054cf2b755da35216581e4c4ce9d2212ceff99ed5ea9247f62ad55e98b0296e04d38d8a04540e51bbf2344639e03e320c28

        Download Submit

      • C:\Program Files (x86)\2345Soft\2345Pic\2345ImageThumb64.dll
        Filesize

        6.2MB

        MD5

        fb7da9d8c450a58b383ff42d94ebe23a

        SHA1

        06a106efccf80560ac0fc848b8082916a7574081

        SHA256

        79107685d8d6adadd68decf5d34739b6519c2467687896ce698f9188a4b6dca4

        SHA512

        17c0e3bc0614886c9dd2da7965f96b1c4726388d8e6248b8429515026abed9f7327c09c7154d2e6e989a55c4eabed189c49067d5a14451a85b2957784a876475

        Download Submit

      • C:\Program Files (x86)\2345Soft\2345Pic\2345PdfReader.exe
        Filesize

        227KB

        MD5

        86c1082c3fa10640400040df147d75ba

        SHA1

        f7776ac15eaf875475939842df3ee74fb31588ef

        SHA256

        6a3a9479a98f826504b6ef1a10fbdbf9b697f5967a7d78760faf8b394c89bc23

        SHA512

        cdf6e947e1138738b10261e0fa757dae50bb3a32f0041c14fd1f1add8b1c97b42169e274ab4a3d6754cbbefd78d468a24f85bfed94f6085ca4302c647fb99d4a

        Download Submit

      • C:\Program Files (x86)\2345Soft\2345Pic\2345Pic.exe
        Filesize

        257KB

        MD5

        b30cf4d2e68462648a05b2297a78063f

        SHA1

        71d4d000f7503ae46a0abeb2a5e76a88fd1c42f4

        SHA256

        a80d30481451735023711d0b2698891193bc06ea66c6223965e920d4d07b3f46

        SHA512

        9f86a26ad07438dd68753666c1e56faebe1cb038c1c82bd1d9646823110ac892b59a3dde4eb079eee08829a6057a4d38004945bb2512f1d322e33f38b16cba1b

        Download Submit

      • C:\Program Files (x86)\2345Soft\2345Pic\2345PicLoader.exe
        Filesize

        198KB

        MD5

        7aa4c708e5bde99b86ca2afeff92d5b4

        SHA1

        c28cfcc4dff7bb2bae2c785cddfa2a3e7c392021

        SHA256

        54401aff34d3680de03310e6422674e31560f5fb74b9269f187599419fa376fe

        SHA512

        ef7d869f9dfa560599bbf5d73d9f6450c4f528c5c7c5c69f099b0066e96b99224981336a53abea50c9381f596dde1bea5699deb6f9a1bff4f81e4107a5c2ce71

        Download Submit

      • C:\Program Files (x86)\2345Soft\2345Pic\2345PicViewer.exe
        Filesize

        230KB

        MD5

        f2797903e31e6894ede300421eb491ff

        SHA1

        05fec47dde9b474e6812f5b38c540c849381f40f

        SHA256

        8b38b23a9fd12aec8a00896b3fcd8273fd04c3e34b6477d86f80e72ab6c525e2

        SHA512

        7d62428ed4582627babe78dc2f91937afd6b2977814203ed612b8f1e1e96bc423bcbaa4a63dd9226569edbc718b463c8d61593280932a3f00a6d02f81edf5bf4

        Download Submit

      • C:\Program Files (x86)\2345Soft\2345Pic\FreeImage.dll
        Filesize

        6.3MB

        MD5

        a8cc58bdbe92d6927b05bed1df28603f

        SHA1

        4b7eb37cd2176ef168107324d18c5f2e650acc6a

        SHA256

        acb6e4b77e4bc2d682bb3470c801fd1ba42c0e544a0788d24ab71e021c465c27

        SHA512

        811e33a72363aa78e469ba5ef6c4d91d5e2dc0ece0efc7169b8c0437798fd3842ac6c95268b258696c8350fd4f3bf25c5de2c0e8a3a1c38e4e90bc9338baa403

        Download Submit

      • C:\Program Files (x86)\2345Soft\2345Pic\FreeImagePlus.dll
        Filesize

        56KB

        MD5

        c885a6a3cdce8e6ede8637e7cee7afe5

        SHA1

        88718bba428f6469819908e0840468711a1f2a3d

        SHA256

        9ba4ddd5676c663fc0b73c8e8db4e1467c88e1a21a2c11c05113135531fafef2

        SHA512

        54a6fad72166e8de7762e161c709d279289d98b98202697143c468cf9e53193e580f48e575772ee3d470d3a192b57624fe9d82abdccefc8bdabfa156083b2c82

        Download Submit

      • C:\Program Files (x86)\2345Soft\2345Pic\config\RCImageLang.ini
        Filesize

        41B

        MD5

        16541af9f2fc0e53f31c65077b235f00

        SHA1

        71260b2777f1da9b3c1d0b5d54a1422ccce4b67b

        SHA256

        b8f4d94a6fbdbed62994b476851cf74da04b85646a00d79358e3b06948d00f47

        SHA512

        f726613e023df50a49865aba9daad42a7cbab4787781206f1ff54460634acf07709ac521e6f08d86700bba2144585b66856d4aa7a55c8e438061d0c1439de1bd

        Download Submit

      • C:\Program Files (x86)\2345Soft\2345Pic\icon\PNG.ico
        Filesize

        14KB

        MD5

        b0960194ea65b6043252245e5773d6da

        SHA1

        e202402c6f9d34d13c28aabdbe8b5faf246f60c3

        SHA256

        ed4ffd5e25094680eb4efb2946fce9a3fc23318d1067521989ed318d7b7e2425

        SHA512

        5709512f11673b205f328e7c51f94ab4941af778d6b3ed162812cc5d9209d19995de53963ad2f0b144aa63a4ad76cf643392d80d740ca37fcfdb3163d5e9568e

        Download Submit

      • C:\Program Files (x86)\2345Soft\2345Pic\msvcp120.dll
        Filesize

        444KB

        MD5

        fd5cabbe52272bd76007b68186ebaf00

        SHA1

        efd1e306c1092c17f6944cc6bf9a1bfad4d14613

        SHA256

        87c42ca155473e4e71857d03497c8cbc28fa8ff7f2c8d72e8a1f39b71078f608

        SHA512

        1563c8257d85274267089cd4aeac0884a2a300ff17f84bdb64d567300543aa9cd57101d8408d0077b01a600ddf2e804f7890902c2590af103d2c53ff03d9e4a5

        Download Submit

      • C:\Program Files (x86)\2345Soft\2345Pic\msvcr120.dll
        Filesize

        948KB

        MD5

        034ccadc1c073e4216e9466b720f9849

        SHA1

        f19e9d8317161edc7d3e963cc0fc46bd5e4a55a1

        SHA256

        86e39b5995af0e042fcdaa85fe2aefd7c9ddc7ad65e6327bd5e7058bc3ab615f

        SHA512

        5f11ef92d936669ee834a5cef5c7d0e7703bf05d03dc4f09b9dcfe048d7d5adfaab6a9c7f42e8080a5e9aad44a35f39f3940d5cca20623d9cafe373c635570f7

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\nsi809C.tmp\FileInfo.dll
        Filesize

        118KB

        MD5

        8a9d5a3fd88e9c063c2012d05d3810da

        SHA1

        67e18733c396e224d0458ccc26058ff58b381424

        SHA256

        900002e96c907dcc569ae694ac36594fba6b42f3a17a71dcc316997b39abd9e3

        SHA512

        0e11a8070e997841440d117219de997831674241d53b5ddf6b08c937a0fab0f7edeb9e605ca79ae643daade2422aec23b07549eda784c44947161b03c30364a3

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\nsi809C.tmp\RCWidgetPlugin.dll
        Filesize

        1.2MB

        MD5

        3c19a198540b34ad04bf30e86ac3e62a

        SHA1

        9ba37429b42bebce7e2947a3d38cff0fa6a09ad9

        SHA256

        321d5e65f3018fffc0d11d48aec9fba4f3c275d71f30201cbfacd25c2c33578b

        SHA512

        878b70f91ffec9244f1ca201a1aadc2af7a2ca40814d15385026b8ecedc607dd1529405d7be5d2a27466cdf8db0cafcd6baaf1f9ce38b9f4e3acd2a80eb59fa0

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\nsi809C.tmp\System.dll
        Filesize

        24KB

        MD5

        d04c981ca61dd94bf18a9da01741a988

        SHA1

        c21ee686ca461874b3c418aaa27c604dd67762b1

        SHA256

        7cdd2eabc521adb8e7f0d44f747aaa6a5892bb237048172eb78ed4183f91abf3

        SHA512

        fe3625f615373e6732b274f4df6bb82c9a4ab93f8151f2bc4b74caf4a61d338c7a4f4825aee6bfa3d9270e61102d35250ef3811f67503c78352848788a94ced5

        Download Submit