Overview

overview

7

Static

static

1

eac3d817ac...18.exe

windows7-x64

7

eac3d817ac...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    125s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    19-09-2024 06:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    eac3d817ac090247defcef25452eee6e_JaffaCakes118.exe

  • Size

    473KB

  • MD5

    eac3d817ac090247defcef25452eee6e

  • SHA1

    28c4b79ff185b10b8763a7567096e7da50ce359c

  • SHA256

    cab49e7d4836d9ff879db002e8c7a6db6e4db55dc28aad214ad105fe9db899a5

  • SHA512

    c5b9e171606a47c8dea7314b77682f35d1e4fc5ba687aeb40aaa4d0c69a60f9556750765416098ad85d6974a716e16cd9b254a7a349d47462b7cf6a26ecb95dc

  • SSDEEP

    6144:kLpL3s3exN4SS4noP6QnoW89BUcLg6+u1+djiKkkS1POLL37zktY/9FQgaxFR:ip7sOxlnoP189Bh86+u1+4kS12cY/aPR

Score
7/10
discovery

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in Program Files directory 16 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Modifies data under HKEY_USERS 3 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\eac3d817ac090247defcef25452eee6e_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\eac3d817ac090247defcef25452eee6e_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2508
    • C:\Users\Admin\AppData\Local\Temp\BingBarInstaller\InstallManager.exe
      C:\Users\Admin\AppData\Local\Temp\\BingBarInstaller\InstallManager.exe /silent /ignorebrowsercheck /launchie
      2⤵
      • Checks computer location settings
      • Executes dropped EXE
      • Drops file in Program Files directory
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      PID:2204
    • C:\Users\Admin\AppData\Local\Temp\BingBarInstaller\IEHelper.exe
      C:\Users\Admin\AppData\Local\Temp\\BingBarInstaller\IEHelper.exe
      2⤵
      • Executes dropped EXE
      • Modifies data under HKEY_USERS
      PID:672

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\Bing Bar Installer\BootStrapper\0.png
    Filesize

    213B

    MD5

    9fab81a2c85784079ce6a2426937f6e5

    SHA1

    f0e29090dbfc60c565828e485e8a97be66b7d75c

    SHA256

    5c8424bd478426ef1a2c4126fd68773596ec1191d95dc63b7bd87180d263eba0

    SHA512

    7678e54539806b3369a003b61f5a1ae23f77d662f1dccf6415992a331f033d29c508ffea0732cce335f17d937b35d3bc93a18b73192189222617b401f1e8a404

    Download Submit

  • C:\Program Files (x86)\Bing Bar Installer\BootStrapper\1.png
    Filesize

    235B

    MD5

    c49a86fae1a06dc1529fd28e0e76f08f

    SHA1

    6b7841ca9297369da54cd7076e2d95ed5cdd2a21

    SHA256

    171b11d89b15f74b78684f5b75b86f356602d47fb17bf0361ab0278e6e09d990

    SHA512

    8f69fad3be3ee47f99e43522c9542b4aa9ccca25c479c87a35ca793dbd645f3e3482c2987f2a13e182dcced01838181b33a861b45b41235d7c592f7a5e639061

    Download Submit

  • C:\Program Files (x86)\Bing Bar Installer\BootStrapper\10.png
    Filesize

    398B

    MD5

    cc34894f597d5041059d5663f0b70dd0

    SHA1

    32c66ccdc8d48be5d158d533649e7c42e6faa902

    SHA256

    d25968f1978264e2d82f9e9a8be4e01a0deeae5a11ed0e3fa4a39c36b35434eb

    SHA512

    6eb54313aa638f32ebe16ef2cd59145c1c04f7aa934a03a0c0cb8bb274f9f351865a31854a23466c7a331e0147d4a87fcb6f2b4305bca97daaf424bc4fe68876

    Download Submit

  • C:\Program Files (x86)\Bing Bar Installer\BootStrapper\11.png
    Filesize

    399B

    MD5

    342bc04d199ecad5f39f6cb8f914742e

    SHA1

    72fff58d9aa471e0f7ad019fd8598cec7dceff44

    SHA256

    789b4ca216ad307f031d0f42ff52a815d4bfdf0a090a24074dfb720b0da39d14

    SHA512

    7e9dba3afdee0c33edb2efd6d2f1e64898a818fa816ceb99ea518130ae9e0ac42e18baea5bb01ae6f9b826d69ad9a4e40022d3cbe896e26b9b8272b9e467df99

    Download Submit

  • C:\Program Files (x86)\Bing Bar Installer\BootStrapper\12.png
    Filesize

    398B

    MD5

    fe6f7f06679176dff54241a9044c9072

    SHA1

    6c9f1242c4f9bd70779a6da4ca9f95b10973c2fc

    SHA256

    3fcecb8d5f3a62640ffb6a6d9e12a071b332220519078eda57c133f194cbaa2f

    SHA512

    90b13fd186bba74a006bb9348d0aea95d6fc4d8faa37c0e044f5cb12aff3fa1a8dcfd0df0c336ff961d0e1b61e071d1d03b330cd4773686399c9d00cced20079

    Download Submit

  • C:\Program Files (x86)\Bing Bar Installer\BootStrapper\13.png
    Filesize

    397B

    MD5

    16241b375e82116b54f57c4a7180444d

    SHA1

    74c00fd14827ae5044a0a1abf2da26a940ccd228

    SHA256

    51f2c1d4160b4583f2a681e55044a5e02d6fce7d41c6c638fb01f78787280b3d

    SHA512

    e1442b7025f869cf2f7ae3f11d11d6cfcd3067c4ea66a07098ccb55443f6e005aaccfd5537d99b5006ba696a72b9d61fa118f583d12936a8fd7fab0d3f05256f

    Download Submit

  • C:\Program Files (x86)\Bing Bar Installer\BootStrapper\14.png
    Filesize

    398B

    MD5

    2de3201aefb5bba956df641c31879a9f

    SHA1

    7328afca21b1762c9d5225f8eca4969a9359f58e

    SHA256

    fa1fc1a522adf52e76ec6a3b9c0cb1791b7f781ab33c4e7335aa2d738627fb61

    SHA512

    869831bc32d517587ef314348573b47e30adb6af80615e5a49af06815a4d04e73f0ada992defc98bd946c8f6c236ead6321b4ca0cf61a604a51648ca6a9ee09e

    Download Submit

  • C:\Program Files (x86)\Bing Bar Installer\BootStrapper\2.png
    Filesize

    261B

    MD5

    1100d2f62d61a60c82a3df3973756991

    SHA1

    279d4a0080f886d3850c027bf3d6ed76f195a96c

    SHA256

    83549254d62a490c354b0b18c6f78b6516ef7269b80befc27ce89b86f91ecf84

    SHA512

    e75b186b81483b82443abbf00dde6687223566b0f4f90a8ad5cbf10a88df0ed4c2b3f858e8db01a66dd74158a3122e3cbc8692d45319938bb5972234d3cc6543

    Download Submit

  • C:\Program Files (x86)\Bing Bar Installer\BootStrapper\3.png
    Filesize

    303B

    MD5

    68850397554620ea213b4c5ac6fe2f75

    SHA1

    722a3bdba8408c4c3618e149e549c04b7cec88de

    SHA256

    df672b7090a55e13e9dc3ed767b601aa211b6deed6f7c79a4c6cb95665829ae2

    SHA512

    c64b77d57a2d3f19a2350cb575f1f1002b75592c62da06d922c9d23390d54aa91c737b4e0e0f0d9559a7ca057f1710ac605755d2da90a244d76f2d280b28366b

    Download Submit

  • C:\Program Files (x86)\Bing Bar Installer\BootStrapper\4.png
    Filesize

    327B

    MD5

    7053ee00ed19203bef761a38d1b8450f

    SHA1

    9bb7d635523aa7e85586892eb25b87074c4567fb

    SHA256

    76f3cad2c2336f134d1ef19d356adc88464357252bf349b37a25a9a457454423

    SHA512

    677035f4bc9903d4d39db263cc221d77c033fbc7593b63b5cc7f0bfffbdfaa43bb5eb3109a7f956ade00ebea61b1bc6f8466b218e36bc8181aa8f2d3f0c46beb

    Download Submit

  • C:\Program Files (x86)\Bing Bar Installer\BootStrapper\5.png
    Filesize

    354B

    MD5

    a26abdfd764dd7e803271e963ceda310

    SHA1

    e0deb4b9545dbe90361c25ddcfe479e589fd136a

    SHA256

    1234d63208f55e89857d444ba3e12155a9f3cd9d179a686187d9f17149931103

    SHA512

    e51bb0fbdddc1441fcf02916cf0ab5da25a5c17846e6770d0962222366198d635229250a327010d9aa09bfda5511467a51d0428913c43aaa4dca6dc37d424f27

    Download Submit

  • C:\Program Files (x86)\Bing Bar Installer\BootStrapper\6.png
    Filesize

    380B

    MD5

    b272e5ff20eabccd7eeebba905c54b2f

    SHA1

    682baa363ce3cd8a9b3f17e48c924a1cecb9a143

    SHA256

    f414dbb771ecd22d29c267283db135e830fb3bd478e32db2b0aa24d3eb4c18dc

    SHA512

    2a42729f6a66db7892289a51719a434585b2f241d64395ba90cec4b74ef57c38237becdf9c723c2da22df90092f502ec27a17f5b09131b547ff77cd3b560eb01

    Download Submit

  • C:\Program Files (x86)\Bing Bar Installer\BootStrapper\7.png
    Filesize

    399B

    MD5

    49b280b4adcf8ba31b748c5e188881e1

    SHA1

    02c68a5f85290813ef6ecee6f4239e515b01d8c6

    SHA256

    3adbf19b0a4adb9318d8babb0bd2f9a40fe4f92c9c3592bfeab42cf38c28978f

    SHA512

    d21cdefa8892592db1b789e292b74b91c2d82d6d85b0928fa58cdb41823dcd97ef20df4f7b4beb3777b14d47c6cb59f786dbe6449e2b6fe8a7eea94d49f9c0d4

    Download Submit

  • C:\Program Files (x86)\Bing Bar Installer\BootStrapper\8.png
    Filesize

    398B

    MD5

    6225c545f4621a6762ec0b4625454b81

    SHA1

    5e688967ed12d8b726991fb26815df8f5c33200a

    SHA256

    3f07315a1e739c546b7d8f3f027c14c56fa4baaf675480b35adf88aa65418b31

    SHA512

    f74831ed3347058626f46340a0e8f7af2083e371e9da12ede5d222f9eca8b64a378273a91e82c99774f3186562f102f38b5a283386f42951076438fbc6e29dcd

    Download Submit

  • C:\Program Files (x86)\Bing Bar Installer\BootStrapper\9.png
    Filesize

    397B

    MD5

    92dab8a92497e385c3016472aa89d9ff

    SHA1

    00d5b63b196ef5de4ffd508e04f9339bb01275ce

    SHA256

    1a2fa17fa54be4fff3032ad4a3c66c56792f1e3c51dde84c4ec5177e3837b2e2

    SHA512

    90473166f2b91d94f155b62c59d375c25e075baca1b2c7e74d46cd6779f09bc8419acf91c8ae2ef02f6122870e1d03cbf83466a7047278cfea0d0d35354ec1e3

    Download Submit

  • C:\Program Files (x86)\Bing Bar Installer\BootStrapper\install_start.htm
    Filesize

    1KB

    MD5

    719908909ad6eb41b6f21c7cae92cb73

    SHA1

    881cd0db051aef989afa72db48cb6797397eb6de

    SHA256

    2285508a51ff8d53e0aef95d124dad94f31dcb07023eca304c4b9fc00f6c06a6

    SHA512

    64dabd85282f71c534641e213c650df3830087c85650a59b23e1260d734640f71695db38bc8fc68b6bb76740f8eeb71ed9dcf421cf032a52f7ff9844f34307e5

    Download Submit

  • \Users\Admin\AppData\Local\Temp\BingBarInstaller\IEHelper.exe
    Filesize

    65KB

    MD5

    73693a14a400b36ae35882aeae185a75

    SHA1

    5a1e66530b761a9a7425d72e7907a27070b3ebdc

    SHA256

    abdea93ed5002a9aed3d3ba06b947461e7696f65be8d7ada6a9e481647b8d30e

    SHA512

    e15128c89dd13e29a215089f535118f7b7e704dea01e2ee9811f892dd4dd0df5a9392ca0ece92e635b89ec8ba912f30988a9cc119c58f96e87f14346b8f83ec0

    Download Submit

  • \Users\Admin\AppData\Local\Temp\BingBarInstaller\InstallManager.exe
    Filesize

    329KB

    MD5

    3e568e0b61ef3f835fa822980e2224be

    SHA1

    cd7a8a70d28b4a628dcf743994366ec669612a51

    SHA256

    c3a76c772a2e04e4f11841f63d1b9b50eb80155b6f0bb05259b8a40207264fc6

    SHA512

    f7950709cfd902331a293a633af46c4a3ecb7fe27677ca29d2b7d7a5b8e60baf279b708b9cc1b4dad21de1d22e58cbc4047eb762c49aca3cc4d56b1fcad86231

    Download Submit

  • memory/2204-61-0x00000000003A0000-0x00000000003A1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2204-107-0x00000000003A0000-0x00000000003A1000-memory.dmp

    Filesize

    4KB

    Download