Overview

overview

10

Static

static

3

ee486714f8...18.exe

windows7-x64

10

ee486714f8...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    94s
  • max time network
    95s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20-09-2024 19:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ee486714f834b548d16a9cf7a3fc45d3_JaffaCakes118.exe

  • Size

    117KB

  • MD5

    ee486714f834b548d16a9cf7a3fc45d3

  • SHA1

    14ad963eb18e3b42621b00af7e10f91a60ee9f01

  • SHA256

    044aaa8dffba8d21859c767d80d0009f7ab660e65a172af26d2d0995b3b31a38

  • SHA512

    a5078fbcf815bf6fe610fd4001379cfce9bd99dcbd7c86dcd3308a3bc74b55393baa9b55e738d3b0e963fa4ae20723ff66c638c5c974fe58e916b7299601b7ce

  • SSDEEP

    3072:0ABZvFX9H4XRWhOsmFIWjYde+3qnNOxd4:0ABZPH4XgSXYdnuN2d4

Score
10/10
adwaredefense_evasiondiscoveryevasionstealer

Malware Config

Signatures

  • Modifies firewall policy service 3 TTPs 1 IoCs
    evasion
  • Loads dropped DLL 1 IoCs
  • Indicator Removal: File Deletion 1 TTPs

    Adversaries may delete files left behind by the actions of their intrusion activity.

    defense_evasion
  • Installs/modifies Browser Helper Object 2 TTPs 1 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

    stealeradware
  • Drops file in System32 directory 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies registry class 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 13 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ee486714f834b548d16a9cf7a3fc45d3_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\ee486714f834b548d16a9cf7a3fc45d3_JaffaCakes118.exe"
    1⤵
    • Modifies firewall policy service
    • Loads dropped DLL
    • Installs/modifies Browser Helper Object
    • Drops file in System32 directory
    • System Location Discovery: System Language Discovery
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1580
    • C:\Windows\SysWOW64\cmd.exe
      cmd.exe /c del "C:\Users\Admin\AppData\Local\Temp\ee486714f834b548d16a9cf7a3fc45d3_JaffaCakes118.exe"
      2⤵
      • System Location Discovery: System Language Discovery
      PID:2208

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\cssvzeb.dll
    Filesize

    396KB

    MD5

    cd2f7590c4dfd86078c44d2745095732

    SHA1

    b12ab7991950ffac4b591192a89325f4dce9988d

    SHA256

    7ba71d2a331417be5c5b267782d90ebe65b66834c73b0ea08f226bebf3efb5d0

    SHA512

    f4516f96d95d362d7c046898f754d15bd356014934b2141e1f11bd07dbad6952377a99d3105463ac5ee8a5194bf255c51184c9f30d675dbe962fa2a5ce0674ff

    Download Submit

  • memory/1580-0-0x0000000000400000-0x0000000000476000-memory.dmp

    Filesize

    472KB

    Download

  • memory/1580-1-0x00000000001C0000-0x00000000001C2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1580-15-0x0000000000400000-0x0000000000476000-memory.dmp

    Filesize

    472KB

    Download