Overview

overview

7

Static

static

3

0b2791b6c0...18.exe

windows7-x64

7

0b2791b6c0...18.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    82s
  • max time network
    18s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    02/10/2024, 14:36

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    0b2791b6c07f20282adbc507bbf710ab_JaffaCakes118.exe

  • Size

    4.8MB

  • MD5

    0b2791b6c07f20282adbc507bbf710ab

  • SHA1

    28151206fb78ad4eaedb29969825e229c2a108db

  • SHA256

    e0f8ffa003d87b1ee5b9730858a413376a1d219b4d55382888f165804a81070e

  • SHA512

    90854b0fbffd7c622d75bbdcf24d5f1a6231673aa7a2278c29a0e87f26261a87bd5583eb5898e56d2faeabcc286f8e513579425a62a0cb19c914e8aad6954832

  • SSDEEP

    98304:mc5cJYVw0bk2jtacINx2JH1TJnu73QWduSmh8VO7dxATrjSWx72Hy5PXKP:MJP0A2LC2JHTu75duSMRxYx7sy5PX6

Score
7/10
discovery

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Drops file in Program Files directory 20 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0b2791b6c07f20282adbc507bbf710ab_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\0b2791b6c07f20282adbc507bbf710ab_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    • Modifies Internet Explorer settings
    • Suspicious use of SetWindowsHookEx
    PID:2888

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • \Program Files (x86)\ElvenSoft\Launcher.exe
          Filesize

          733KB

          MD5

          c0feefa349facbf7249b6ddde90305b0

          SHA1

          1cd7cf5a715e79745d7da0dd4503d9b1851ffa0f

          SHA256

          227be3e85c32c11975170b974428b8d8495a1763ccd54efd52e377e489e818b9

          SHA512

          70048ec398e7688e041c3e7b8b68829327ce8020b1529672426d649a0ff9e267892bc19500709f7c8ad8d0a6ea35a90e0d2d341d26c3e93523ddc0769a6ebfea

          Download Submit

        • memory/2888-34-0x0000000004670000-0x0000000004680000-memory.dmp

          Filesize

          64KB

          Download