Overview

overview

7

Static

static

3

ef60121099...18.exe

windows7-x64

7

ef60121099...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    21/09/2024, 08:04

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    ef60121099754fda0908867f7b58c5e3_JaffaCakes118.exe

  • Size

    176KB

  • MD5

    ef60121099754fda0908867f7b58c5e3

  • SHA1

    24e57a931dc6fa15ed33dd410f4cfccc5ad0b5ee

  • SHA256

    912a5fc6f834551282b6a522a852d8323bb1946ce094b0aad498cef735e17656

  • SHA512

    9e0cd7c57f66d2287bd8cb9fe18968c1d7a0a61c7df134fda4944543fca799d4aea2356456e4700d7d6533e5dedb28cbafe4735f6dce4e2cb733d80fa66c9a0c

  • SSDEEP

    3072:TYEROFLyOcz6fHcALi1lr+rdN1hB87fTIwHCX0SAWacMh4YaM5iRqHZzibwte8AP:TY3F+OlJi1N+rtWFspQXeqRMXP

Score
7/10
discoverypersistencespywarestealerupx

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 4 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • UPX packed file 7 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer Phishing Filter 1 TTPs 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 2 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of WriteProcessMemory 14 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ef60121099754fda0908867f7b58c5e3_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\ef60121099754fda0908867f7b58c5e3_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1968
    • C:\Recycle.Bin\B6232F3A95A.exe
      "C:\Recycle.Bin\B6232F3A95A.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2060
      • C:\Users\Admin\AppData\Local\Temp\PaBCF6F.exe
        "C:\Users\Admin\AppData\Local\Temp\PaBCF6F.exe"
        3⤵
        • Executes dropped EXE
        • Adds Run key to start application
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer Phishing Filter
        • Modifies Internet Explorer settings
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:2392

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Recycle.Bin\F5F276612C0DA63
          Filesize

          8KB

          MD5

          82fa366f2e8db0ec9647793038207722

          SHA1

          0bd56f83b082712d7ababde7021b206bb2f8ab51

          SHA256

          721c4fbe76d0da35e9d4db8717f9273270a54939e5bd949d06a96304124f6cbc

          SHA512

          3b9ff47c19961f8f7b53a76a3ef3b2d16379c1307aa518f189f6856d38c683445ab18d4cbb2202cf98caca89b45bbb6c63c50371366e755a6dd90330e5c058ed

          Download Submit

        • \Recycle.Bin\B6232F3A95A.exe
          Filesize

          176KB

          MD5

          ef60121099754fda0908867f7b58c5e3

          SHA1

          24e57a931dc6fa15ed33dd410f4cfccc5ad0b5ee

          SHA256

          912a5fc6f834551282b6a522a852d8323bb1946ce094b0aad498cef735e17656

          SHA512

          9e0cd7c57f66d2287bd8cb9fe18968c1d7a0a61c7df134fda4944543fca799d4aea2356456e4700d7d6533e5dedb28cbafe4735f6dce4e2cb733d80fa66c9a0c

          Download Submit

        • \Users\Admin\AppData\Local\Temp\PaBCF6F.exe
          Filesize

          3KB

          MD5

          29090b6b4d6605a97ac760d06436ac2d

          SHA1

          d929d3389642e52bae5ad8512293c9c4d3e4fab5

          SHA256

          98a24f0caf5b578e230e6f1103a5fba6aecb28a9128cad5520fcde546d643272

          SHA512

          9121ec42fa66e14a4fc3932c8dbcc8fb1a93ab9de00da57a82e176faa70b73f6992f8c5e2ab52c02fc28c8f0c59aee73b6fbbd39107db7d15105054f4390e9be

          Download Submit

        • memory/1968-90-0x000000000BAD0000-0x000000000BB1E000-memory.dmp

          Filesize

          312KB

          Download

        • memory/1968-91-0x000000000BAD0000-0x000000000BB1E000-memory.dmp

          Filesize

          312KB

          Download

        • memory/1968-4-0x00000000001E0000-0x00000000001E1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1968-10-0x0000000000400000-0x0000000000482000-memory.dmp

          Filesize

          520KB

          Download

        • memory/1968-78-0x00000000001F0000-0x00000000001F1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1968-79-0x000000007797F000-0x0000000077981000-memory.dmp

          Filesize

          8KB

          Download

        • memory/1968-2-0x0000000000400000-0x0000000000482000-memory.dmp

          Filesize

          520KB

          Download

        • memory/1968-80-0x000000000BAD0000-0x000000000BB1E000-memory.dmp

          Filesize

          312KB

          Download

        • memory/1968-95-0x000000000BAD0000-0x000000000BB1E000-memory.dmp

          Filesize

          312KB

          Download

        • memory/1968-97-0x000000000BAD0000-0x000000000BB1E000-memory.dmp

          Filesize

          312KB

          Download

        • memory/1968-82-0x000000000BAD0000-0x000000000BB1E000-memory.dmp

          Filesize

          312KB

          Download

        • memory/1968-84-0x000000007797F000-0x0000000077981000-memory.dmp

          Filesize

          8KB

          Download

        • memory/1968-1-0x0000000000400000-0x0000000000482000-memory.dmp

          Filesize

          520KB

          Download

        • memory/1968-83-0x000000000BAD0000-0x000000000BB1E000-memory.dmp

          Filesize

          312KB

          Download

        • memory/1968-3-0x00000000001E0000-0x00000000001E1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1968-96-0x000000000BAD0000-0x000000000BB1E000-memory.dmp

          Filesize

          312KB

          Download

        • memory/1968-87-0x000000000BAD0000-0x000000000BB1E000-memory.dmp

          Filesize

          312KB

          Download

        • memory/1968-86-0x000000000BAD0000-0x000000000BB1E000-memory.dmp

          Filesize

          312KB

          Download

        • memory/1968-0-0x0000000002490000-0x0000000002580000-memory.dmp

          Filesize

          960KB

          Download

        • memory/1968-88-0x000000000BAD0000-0x000000000BB1E000-memory.dmp

          Filesize

          312KB

          Download

        • memory/1968-89-0x000000000BAD0000-0x000000000BB1E000-memory.dmp

          Filesize

          312KB

          Download

        • memory/1968-77-0x00000000001F0000-0x00000000001F1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1968-85-0x000000000BAD0000-0x000000000BB1E000-memory.dmp

          Filesize

          312KB

          Download

        • memory/1968-92-0x000000000BAD0000-0x000000000BB1E000-memory.dmp

          Filesize

          312KB

          Download

        • memory/1968-93-0x000000000BAD0000-0x000000000BB1E000-memory.dmp

          Filesize

          312KB

          Download

        • memory/1968-94-0x000000000BAD0000-0x000000000BB1E000-memory.dmp

          Filesize

          312KB

          Download

        • memory/2060-33-0x0000000000360000-0x00000000003AE000-memory.dmp

          Filesize

          312KB

          Download

        • memory/2060-24-0x0000000000400000-0x0000000000482000-memory.dmp

          Filesize

          520KB

          Download

        • memory/2060-21-0x0000000000400000-0x0000000000482000-memory.dmp

          Filesize

          520KB

          Download

        • memory/2060-16-0x0000000000400000-0x0000000000482000-memory.dmp

          Filesize

          520KB

          Download

        • memory/2060-17-0x0000000000400000-0x0000000000482000-memory.dmp

          Filesize

          520KB

          Download

        • memory/2392-35-0x0000000000360000-0x00000000003AE000-memory.dmp

          Filesize

          312KB

          Download

        • memory/2392-68-0x000000000BAD0000-0x000000000BB1E000-memory.dmp

          Filesize

          312KB

          Download

        • memory/2392-58-0x000000000BAD0000-0x000000000BB1E000-memory.dmp

          Filesize

          312KB

          Download

        • memory/2392-57-0x000000000BAD0000-0x000000000BB1E000-memory.dmp

          Filesize

          312KB

          Download

        • memory/2392-56-0x000000000BAD0000-0x000000000BB1E000-memory.dmp

          Filesize

          312KB

          Download

        • memory/2392-55-0x000000000BAD0000-0x000000000BB1E000-memory.dmp

          Filesize

          312KB

          Download

        • memory/2392-54-0x000000000BAD0000-0x000000000BB1E000-memory.dmp

          Filesize

          312KB

          Download

        • memory/2392-53-0x000000000BAD0000-0x000000000BB1E000-memory.dmp

          Filesize

          312KB

          Download

        • memory/2392-51-0x000000000BAD0000-0x000000000BB1E000-memory.dmp

          Filesize

          312KB

          Download

        • memory/2392-44-0x0000000001000000-0x0000000001004000-memory.dmp

          Filesize

          16KB

          Download

        • memory/2392-43-0x0000000001001000-0x0000000001002000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2392-42-0x0000000000360000-0x00000000003AE000-memory.dmp

          Filesize

          312KB

          Download

        • memory/2392-41-0x00000000001E0000-0x00000000001E6000-memory.dmp

          Filesize

          24KB

          Download

        • memory/2392-60-0x000000000BAD0000-0x000000000BB1E000-memory.dmp

          Filesize

          312KB

          Download

        • memory/2392-61-0x000000000BAD0000-0x000000000BB1E000-memory.dmp

          Filesize

          312KB

          Download

        • memory/2392-62-0x000000000BAD0000-0x000000000BB1E000-memory.dmp

          Filesize

          312KB

          Download

        • memory/2392-63-0x000000000BAD0000-0x000000000BB1E000-memory.dmp

          Filesize

          312KB

          Download

        • memory/2392-64-0x000000000BAD0000-0x000000000BB1E000-memory.dmp

          Filesize

          312KB

          Download

        • memory/2392-65-0x000000000BAD0000-0x000000000BB1E000-memory.dmp

          Filesize

          312KB

          Download

        • memory/2392-66-0x000000000BAD0000-0x000000000BB1E000-memory.dmp

          Filesize

          312KB

          Download

        • memory/2392-67-0x000000000BAD0000-0x000000000BB1E000-memory.dmp

          Filesize

          312KB

          Download

        • memory/2392-59-0x000000000BAD0000-0x000000000BB1E000-memory.dmp

          Filesize

          312KB

          Download

        • memory/2392-69-0x000000000BAD0000-0x000000000BB1E000-memory.dmp

          Filesize

          312KB

          Download

        • memory/2392-70-0x000000000BAD0000-0x000000000BB1E000-memory.dmp

          Filesize

          312KB

          Download

        • memory/2392-71-0x000000000BAD0000-0x000000000BB1E000-memory.dmp

          Filesize

          312KB

          Download

        • memory/2392-72-0x000000000BAD0000-0x000000000BB1E000-memory.dmp

          Filesize

          312KB

          Download

        • memory/2392-73-0x000000000BAD0000-0x000000000BB1E000-memory.dmp

          Filesize

          312KB

          Download

        • memory/2392-75-0x000000000BAD0000-0x000000000BB1E000-memory.dmp

          Filesize

          312KB

          Download

        • memory/2392-36-0x0000000000360000-0x00000000003AE000-memory.dmp

          Filesize

          312KB

          Download

        • memory/2392-37-0x0000000000360000-0x00000000003AE000-memory.dmp

          Filesize

          312KB

          Download

        • memory/2392-39-0x0000000000360000-0x00000000003AE000-memory.dmp

          Filesize

          312KB

          Download

        • memory/2392-40-0x0000000000360000-0x00000000003AE000-memory.dmp

          Filesize

          312KB

          Download

        • memory/2392-29-0x0000000000360000-0x00000000003AE000-memory.dmp

          Filesize

          312KB

          Download

        • memory/2392-109-0x0000000075650000-0x0000000075814000-memory.dmp

          Filesize

          1.8MB

          Download

        • memory/2392-108-0x00000000756C7000-0x00000000756C9000-memory.dmp

          Filesize

          8KB

          Download

        • memory/2392-111-0x0000000075650000-0x0000000075814000-memory.dmp

          Filesize

          1.8MB

          Download

        • memory/2392-110-0x0000000075650000-0x0000000075814000-memory.dmp

          Filesize

          1.8MB

          Download

        • memory/2392-112-0x0000000075650000-0x0000000075814000-memory.dmp

          Filesize

          1.8MB

          Download

        • memory/2392-113-0x0000000075650000-0x0000000075814000-memory.dmp

          Filesize

          1.8MB

          Download

        • memory/2392-114-0x0000000075650000-0x0000000075814000-memory.dmp

          Filesize

          1.8MB

          Download

        • memory/2392-115-0x0000000075650000-0x0000000075814000-memory.dmp

          Filesize

          1.8MB

          Download

        • memory/2392-117-0x0000000075650000-0x0000000075814000-memory.dmp

          Filesize

          1.8MB

          Download