Overview

overview

7

Static

static

1

eac3d817ac...18.exe

windows7-x64

7

eac3d817ac...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    103s
  • max time network
    104s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19-09-2024 06:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    eac3d817ac090247defcef25452eee6e_JaffaCakes118.exe

  • Size

    473KB

  • MD5

    eac3d817ac090247defcef25452eee6e

  • SHA1

    28c4b79ff185b10b8763a7567096e7da50ce359c

  • SHA256

    cab49e7d4836d9ff879db002e8c7a6db6e4db55dc28aad214ad105fe9db899a5

  • SHA512

    c5b9e171606a47c8dea7314b77682f35d1e4fc5ba687aeb40aaa4d0c69a60f9556750765416098ad85d6974a716e16cd9b254a7a349d47462b7cf6a26ecb95dc

  • SSDEEP

    6144:kLpL3s3exN4SS4noP6QnoW89BUcLg6+u1+djiKkkS1POLL37zktY/9FQgaxFR:ip7sOxlnoP189Bh86+u1+4kS12cY/aPR

Score
7/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies data under HKEY_USERS 3 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\eac3d817ac090247defcef25452eee6e_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\eac3d817ac090247defcef25452eee6e_JaffaCakes118.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:4360
    • C:\Users\Admin\AppData\Local\Temp\BingBarInstaller\InstallManager.exe
      C:\Users\Admin\AppData\Local\Temp\\BingBarInstaller\InstallManager.exe /silent /ignorebrowsercheck /launchie
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:4812
      • C:\Windows\system32\pcaui.exe
        "C:\Windows\system32\pcaui.exe" -g {11111111-1111-1111-1111-111111111111} -x {493b1d92-a173-47e5-a24d-c4859bbc16e9} -a "Bing Bar" -v "Microsoft" -s "This app can't run because it causes security or performance issues on Windows. A new version may be available. Check with your software provider for an updated version that runs on this version of Windows." -n 2 -f 0 -k 0 -e "C:\Users\Admin\AppData\Local\Temp\BingBarInstaller\InstallManager.exe"
        3⤵
          PID:2956
      • C:\Users\Admin\AppData\Local\Temp\BingBarInstaller\IEHelper.exe
        C:\Users\Admin\AppData\Local\Temp\\BingBarInstaller\IEHelper.exe
        2⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Modifies data under HKEY_USERS
        PID:4504

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\BingBarInstaller\IEHelper.exe
      Filesize

      65KB

      MD5

      73693a14a400b36ae35882aeae185a75

      SHA1

      5a1e66530b761a9a7425d72e7907a27070b3ebdc

      SHA256

      abdea93ed5002a9aed3d3ba06b947461e7696f65be8d7ada6a9e481647b8d30e

      SHA512

      e15128c89dd13e29a215089f535118f7b7e704dea01e2ee9811f892dd4dd0df5a9392ca0ece92e635b89ec8ba912f30988a9cc119c58f96e87f14346b8f83ec0

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\BingBarInstaller\InstallManager.exe
      Filesize

      329KB

      MD5

      3e568e0b61ef3f835fa822980e2224be

      SHA1

      cd7a8a70d28b4a628dcf743994366ec669612a51

      SHA256

      c3a76c772a2e04e4f11841f63d1b9b50eb80155b6f0bb05259b8a40207264fc6

      SHA512

      f7950709cfd902331a293a633af46c4a3ecb7fe27677ca29d2b7d7a5b8e60baf279b708b9cc1b4dad21de1d22e58cbc4047eb762c49aca3cc4d56b1fcad86231

      Download Submit