Overview

overview

7

Static

static

3

0b414a8482...18.exe

windows7-x64

7

0b414a8482...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    139s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    02/10/2024, 15:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0b414a8482799e9683a0714ce587f300_JaffaCakes118.exe

  • Size

    1.3MB

  • MD5

    0b414a8482799e9683a0714ce587f300

  • SHA1

    72896a85d2682805d22401801813c6f056be062c

  • SHA256

    681441c050f017b7162477eea7081189afd987b48a04558a836f19d3bae04ecc

  • SHA512

    4b15daca7481b435d064dc813094208a43d9254e754e48bca4d9f936e53882d928f050d68f1e79ac3dedb57c1caf56931c635e7ad1c306ca197a4b0a3c03fbdb

  • SSDEEP

    24576:frJKUK/juqkncxnfS//2oYP+ENxuIW/Rjl/lVlP64htKQtsVELVDiicYQRebMyHz:f1Kb/juqgcxfSE+HIuRjl/lVlP64htKB

Score
7/10
discoveryspywarestealer

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 37 IoCs
    adwarespyware
  • Modifies Internet Explorer start page 1 TTPs 1 IoCs
    stealer
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 22 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0b414a8482799e9683a0714ce587f300_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\0b414a8482799e9683a0714ce587f300_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of WriteProcessMemory
    PID:2932
    • C:\Users\Admin\AppData\Local\Temp\crp93F7.exe
      /S /notray
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      PID:2224
    • C:\Users\Admin\AppData\Roaming\B1Toolbar\hpet.exe
      -home -home2 -hie -hff -hgc -spff -et -channel 162341
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Modifies Internet Explorer start page
      • Suspicious behavior: EnumeratesProcesses
      PID:2792
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.4shared.com/file/9q0PlJOb/Finder-CWM.html?ref=downloadhelpererror
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2612
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2612 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2536

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    eb2a64a9c298f5d9a005449032ca0115

    SHA1

    fecb663eb1ea2a80ed652845cba54bc17b3ebedd

    SHA256

    245b83f345445fbdbd8ba03eac731563b5c2104ff5eb402a42fa649d1288386b

    SHA512

    911208453c7d2014323c6188d70d766c6b725fdc2c4503104b7216acdea94b77cf4ebf417f4a185d0a4f00f051f6f0f625ec2380216fd573e283751758952791

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4750c130a142fcb2609a178c62bfb19c

    SHA1

    b37b5c7e4603f7f37fa133a43121e41526628f8a

    SHA256

    29ee7004517f21a80484897ec816e8dac4f64d72484d9a492813f3020701eec9

    SHA512

    9819f16dd6694ac94e7bff0447ffb0c44aa27a7a2169f6da87d8b1afd1c3c58148b8dba25562d2ccd34df09022a9d3d6e27373ec2b46c6748e5bb508513fb8ea

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9b7113b477f9e163de0388b666a9d212

    SHA1

    eacc758b3e738806a6479ec6662f624e8027e469

    SHA256

    96912eddb6e56420479798f25babdd7eb942826f46918297e3ec1260bd998897

    SHA512

    f950f235265e261c2f501c972c7c6fbd94183647579b5caafe41321fa4ae1cbd44faac9cbd655f49b29297cd362ccf24e8ab2e86b0aa3f2371334a2341487fd5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0bedc177ac8c95ea9e1667c5e4ee3f75

    SHA1

    1b2cc6b5ae6dbee8849eb5562cf211c2fa23d944

    SHA256

    3beaa1b763f05adc801e826ec1c42a262fb1619c870477a9beb0de2b3f99b35b

    SHA512

    7adc6a23b747badd454215489c1dad1f1bf81674c740ccd76fe4a5297c76ea53ca14cc4cde4d719d8bc9f45cdda5291409a68763c4d871addad263967d54c353

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7205fc8ed226f5b7adf9c6e56562d9e6

    SHA1

    b3554e3d1729d817ed0184e357ee9dc8d7659d8a

    SHA256

    941061757c2b6fd2555df713b3a3acf7466d85457d6448af666e309222b2bd04

    SHA512

    53db4f7f155905ad949d5fcd64745bb967f4267b63e8de112d3ba483f3c0dd29790f9e0519d54b0661146a450a411b188f325761bc206f9df38001b8a93924e5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    24b3ad908690ed7aaf683951b6be021d

    SHA1

    5465befc819b0f027a233f45109c0524dbe2832d

    SHA256

    9372d9bf44a9bfd4aa32fb4afbb6d89d6ae35bb0afc50567b108e722585ec040

    SHA512

    f99ba1f9c36176e844739232a2fe3281ff1dd53c51f6e040a2df7d6fc25102ded25127b02d400acb526a1784d534ee42d7b9a4dbeba5cdc4896f72342ca51030

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b090a0f6e4a6644e7614036a30460ef6

    SHA1

    a3c3c849ee5682effa4806fee24d20bba51ca6da

    SHA256

    3d68e7b8db2cb6e2232b5cb279b6e85e0e85c8b877710cfe79b082ea7684230c

    SHA512

    4365883d49ddc43f47fba5fe4364bdf4ee1122cb9b40abce6dc59a6730268b77d23c96c482ae51c0a88fb6e477b72ce36605ddb8021128474866e7be280bce40

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9fcc6ba57a8b4da314b7d25b2473b103

    SHA1

    ec6257faec777503cd926edd46f908b32614796f

    SHA256

    a6df0765ccb4e677dbecd80c90beefa5bee72c0405a8fa1bb6d13c8205ecc820

    SHA512

    e9520ead7ea49b593c5c6d5143b41f7953403b625a9d2f0dbb39a3403c21ab35f16dcfdbd336b7a43cb8f841ad070c7eff7c9788ac5eaf6939cd82844229a140

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    47b9e426382834a68694d3a0b1324d0e

    SHA1

    ffcc5258f0fbcfe01328c460a8afc4002a19917a

    SHA256

    c7d1fee2e4a4e574aedb1f15cff54305bc3385a8a423c016dab2492c6ec9c254

    SHA512

    a14ee74534b66bbd7712d1ba9040de08ce7975b5d81148ec8bd7ae506ea19e79db21821e37531bab49a649264d6510f3e7ae886e4db01539a4c10f5aa5567ab2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    83c7df1b19ad4871967b31bbfe5cc232

    SHA1

    7237386040b90d15e44b189d32f321a6cb5acbd7

    SHA256

    0c7c613244394323fb67b81e484a6f523c0042ab9da96e1c72754b9516e5f887

    SHA512

    8f3e76412b57c2b43cbc53dd11f8ed0cd3131d660ceb5932dca7f6df172e6909d5886ed528e8b472a1352736cbc3dcfc1b17edc4ce1df5414b1a2ae5c9b33643

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d807a99e44b0088d628890a9642c0c52

    SHA1

    20135e9add87a2c7e48233ac701c3237945aa853

    SHA256

    61fd3fb30d39c0ad727bc67ea16ba5b00a2c678a4affdbb680df099053597873

    SHA512

    2bd1fe047ba243c07a2268ad4c41d19bc39e95bb3c252d0d8c557534f0201332cc1cb8c4e28198419d6ac05fd6dbc920c15f1decdc71b8bd32a5e56391f403f8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7e13ae95576289f9bceb7818c5ad7222

    SHA1

    be449befe96d2e699f564e9b2f4847451770e036

    SHA256

    18ce8c35d3ae584757a6fbf4d03d3c949517168b864f2401f8be1a75a5461842

    SHA512

    0d4e337ef038dda67bde9d8c6ec654b489a65c8184719fd15f2004f7ee5afe40331da6f0f10199bdab01a6f9f1c73b641d4d2ba05a05cb1bc3769a398939ded5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    553bfb624fce2ca98d95ee50879d68ee

    SHA1

    1b6d99b20ae47d96907945ae0eb5b5f6b9b5e2fc

    SHA256

    efdb5914afdd87b9e79e06fb36f6b44ab394a282f2b17a97e1f451a1dca49e31

    SHA512

    517e740cb2267b8785db1a2a02c9609826176c698c7ab27a321e1a396317b4d56263a984e84f3b3e01d4261c33a710c166d4de5640125ef3c3a8e52dcebd9420

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    866b602efa8f29d5d64c9f5aa98102fc

    SHA1

    853dfbe4f62d2cf92105c91e2d654c3ec7eb736b

    SHA256

    832d765d4d80f97d743ca96c64dbd873922b636d582d0ef02f0b77ec366ac5ab

    SHA512

    b3242a087519aa22874bb8ad6926d81700096f4fb829aaa67f9b48a243ef028499a3c8d08d5ef2d1ca7c7d3633a38c69272f7e8f6af494e1ce9bb39eb36f6790

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    95744b709e8a18c8645c353965cc5fba

    SHA1

    190fd1492be0a8d114e7cee8c8820800d671d3af

    SHA256

    735e5fc16cbe1fbb3689326912254fb2a2aa5aac522f729ea526aaacc31288cf

    SHA512

    c6c253e317edc69d5e8971d0fc84d5621a00b2e561e86a4ee7d31eb069532c6f2d9dfac0bc39c52ae8cee367f6e8dc6fd34441633623cf9fc48364c870bf1b9b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0b52429d8e6b26ff744ef9cd91c9923f

    SHA1

    1a418b4ae232f0d7338ccd503f64346286c26c05

    SHA256

    13d8ecf5bae4b36e8db6f2b4363ece134971bc77c1e1607bc798d0c9cb798883

    SHA512

    0757a92bb2a25eab40ee5c0e8932a465023a47175c60d4989ef534e42b85031f5be8e0d60524419aea5cac476db61960877e23a8d7f035e5c3168c8a5542fd32

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    21132cabb480f849360f1af28fef45bb

    SHA1

    601593b42329f30354e251a702f079962e2a4d39

    SHA256

    caa9fcf5e844816415f6b98c4c45c96910ca334ca9e572dc6b153ced51fe521b

    SHA512

    4219136ec9752ac2b0f0a62e96ee3fa07bbb2c618e9c61e8d53334e523fe37b43f72d1ba06ee68e76a015b625d22f765a7ed905fb735fb4cf6da5a10e70a8d94

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    88053388e6952d01899e73d080fcefd9

    SHA1

    3eacc782b759840ad47f088d87b73ec2501522ac

    SHA256

    65e5c69be4b196df9474a16566d56cee60542f221423c0d99e9ecaac3fb90c84

    SHA512

    a8f4d3bcf1908d643e31b4ebdbbf6bbf0bf4c5667d2c6961560e287811fffa10a2a0cd318c7e393d292a351d5a3818b7fa8826a86d2688b8894b2709bde1aa7b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8e3fe4f7cdaff46434b59dc98aa90a39

    SHA1

    27256bcbbc4e4f61fb00619556d55348373808b8

    SHA256

    bcfbb877327a5e2f410a87f9b2188ea069735b40cf89070332e2030fc71bd86e

    SHA512

    19b815e177cbd6efe8845b974fef5191f6780a3706ae19acfabfa63787cf7fe6633d36d82ae4148a5fa599a8f0424d7187661d0e23bb1f340be3f2a2f65dbffb

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabB1B5.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarB264.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • C:\Users\Admin\AppData\Roaming\B1Toolbar\hpet.exe
    Filesize

    331KB

    MD5

    a3e93460c26e27a69594dc44eb58e678

    SHA1

    a615a8a12aa4e01c2197f4f0d78605a75979a048

    SHA256

    3a81cefbc928fe136056257b8b57733164f2d1fa9d944dc02897b31b171335c6

    SHA512

    39d17b7190f3ff5b3bc3170c8e21d7bba5c32c0f55bd372af2e848ff1ef1392083218a562f3361fdc2db95e4133a19c4ec1cab3e982174d76b8276358dac6530

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\0K3RFWUM.txt
    Filesize

    71B

    MD5

    5f52b8b13f0594d9915ef9d4eec89bc7

    SHA1

    bb5036b4c6b2e61483a3e709751646aa3270fd80

    SHA256

    5149d02a1f09a0f64f7e4b33a8246d87e1f86f4c49589d3ed42b7b0cc878341c

    SHA512

    8a13c4f3589403f8433ba199aa257d75eaef73ec34f76ddd792bd04f20acda94c3a0c23e37011895a744ff3b4e473a04a9f0a02fab2836f351760c9d252a04c2

    Download Submit

  • \Users\Admin\AppData\Local\Temp\crp93F7.exe
    Filesize

    806KB

    MD5

    661cf9c90eb099fb7b6a394dd8cde2e4

    SHA1

    3704e119ea16a3c336f63dc808176a22fbb8582a

    SHA256

    1570e0efe0cb98623913d942cf40f2eb5b10458f49842097125c6d6d8604cd07

    SHA512

    13c26a514c2022a10b42566a527ef98adaaa9932ffd07612ccdeb371888c037be3b429c956ecb7705699a2b6e3463758735332c9e26ea5f4493a91f30dfb4761

    Download Submit