Overview

overview

7

Static

static

3

0ef32e6017...18.exe

windows7-x64

7

0ef32e6017...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03/10/2024, 09:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0ef32e6017ad1328edf8ce81051cf861_JaffaCakes118.exe

  • Size

    552KB

  • MD5

    0ef32e6017ad1328edf8ce81051cf861

  • SHA1

    311363d5599138d1271ede316a76f817b8dc18cc

  • SHA256

    3ef3c860ca7d1e3593ad9e380c09d9166c6a3ca631eed3a8dbc9becc3da2fb2e

  • SHA512

    f249066228991a9d065821c7d1829f6be00814c9bb949dae919141348dfc4fe1367a0e8e8ba3b3c48d1038505224bbadf02230cc40ccdfdf1248fc132e7695ea

  • SSDEEP

    12288:h1OgLdaOUgbJuMmFcouJqkXWctn+MEfO2:h1OYdaOUgJHJJqkXtMO2

Score
7/10
adwarediscoverystealer

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL 2 IoCs
  • Drops Chrome extension 1 IoCs
  • Installs/modifies Browser Helper Object 2 TTPs 4 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

    stealeradware
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 4 IoCs
    adwarespyware
  • Modifies registry class 63 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0ef32e6017ad1328edf8ce81051cf861_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\0ef32e6017ad1328edf8ce81051cf861_JaffaCakes118.exe"
    1⤵
    • Checks computer location settings
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:4040
    • C:\Windows\SysWOW64\regsvr32.exe
      "C:\Windows\System32\regsvr32.exe" /n /s /i:"" ER8.dll
      2⤵
      • Loads dropped DLL
      • Drops Chrome extension
      • Installs/modifies Browser Helper Object
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Modifies registry class
      PID:2400

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\7zS7FCF.tmp\ER8.dll
    Filesize

    203KB

    MD5

    41b13b132cb601ecc466654b90296353

    SHA1

    245258ddccb48826f22d57444f49fa30be1b36fd

    SHA256

    7fa4bb68c313e1090587a64b90e87bdcbc14ea3fb7c0e8cff94c657c969b70bf

    SHA512

    0e8de7bbe3695848e299fe3f3506f2e982a60cf0a0dd11cde86de4af67ef3c7b46458680d7bad9cedaa266ea33cb2e77f2aa83fcf1bdd20bf31d1936f2bd69a6

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\7zS7FCF.tmp\Preferences.C__Users_Admin_AppData_Local_Google_Chrome_User Data_Default_Preferences
    Filesize

    7KB

    MD5

    f00e11db62b706f51f6b4cf46df98d7e

    SHA1

    771229a66187e3b96d4259f2b4d889d93ed13995

    SHA256

    a29dae55fe0579f1e492b01c4240067ced68ffb7cbe06962408697e18c5d138d

    SHA512

    2f309002bf7d391279d08812d33564adc57f67115028cfe9cba224bb741261c2584149fa3787a82955841f8741dfece65c92ed958d7758154a77cd6fb34edacd

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\7zS7FCF.tmp\Vbm.dll
    Filesize

    180KB

    MD5

    0e093772550eb9541dd715c016b5584a

    SHA1

    20338dc859a5652f5661280dc508f4e5b533e76d

    SHA256

    028999304f35f7a6fc2cf6e360d4ea587612d63ce191fa979cc98ccca46ab149

    SHA512

    0030b395e2fde6bc9f70f52e71d8e87d306cff8afd2acbad725c4cc92b6d7916a38c1d6d156feaec841966492d32394982ef51989e2b8673d7c00e103f744dd5

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\7zS7FCF.tmp\Vbm.tlb
    Filesize

    2KB

    MD5

    48e9706fe9f76731f3576122fc3e9e33

    SHA1

    387c8c4898ead8ace488a7df80fead429eaf167b

    SHA256

    7bad79916803a14ca817e5c39f5ec2f0f240044d6dc24fb4916c8fda338060f1

    SHA512

    e9b44a2b1b7a806066182a084ec9df81916fc6db79710256e173377e7cd64a732c006830bbe324a9a734731ecde8b8251cfa995399f6d4df5322faff99c458b6

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\7zS7FCF.tmp\bkojlbcbfmjdcgmogndgodinaipjebbc\IkLM.js
    Filesize

    5KB

    MD5

    49cf2742cd55ec0d6691b7fcaebf2ca2

    SHA1

    9af56c66c8b9448d4eba1bbef685c287ee9902f0

    SHA256

    eedb2ee2786f6ec6504e0441c399d1e50b0a7cf1aad921acf6106e9d1707aed1

    SHA512

    c67aa3eda97cec1aa0e459716e478b6bde3752c8c87f0e15baea545601941785337475f6d0bb04679c28096a64ee728a22b1982dc84a44202a523c525fd13b21

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\7zS7FCF.tmp\bkojlbcbfmjdcgmogndgodinaipjebbc\background.html
    Filesize

    141B

    MD5

    bd48197cb6a5b7c6631ee886952877ed

    SHA1

    2375fffa5d407548cfad46972ba57829d5b7d77a

    SHA256

    3fc7f861357bf2d0a298874e8e578a683550874350eface630766ac4a080da0f

    SHA512

    b2fb1bdcf365cddf624d314222cd09abd5a0c677c3a506a233149644ad3df430b1e5ee798b6be4e071db31b874ab6a4c694a94c0bbccfa97beed87ab0554fe97

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\7zS7FCF.tmp\bkojlbcbfmjdcgmogndgodinaipjebbc\content.js
    Filesize

    197B

    MD5

    5f9891607f65f433b0690bae7088b2c1

    SHA1

    b4edb7579dca34dcd00bca5d2c13cbc5c8fac0de

    SHA256

    fb01e87250ac9985ed08d97f2f99937a52998ea9faebdc88e4071d6517e1ea6b

    SHA512

    76018b39e4b62ff9ea92709d12b0255f33e8402dfc649ed403382eebc22fb37c347c403534a7792e6b5de0ed0a5d97a09b69f0ffc39031cb0d4c7d79e9440c7c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\7zS7FCF.tmp\bkojlbcbfmjdcgmogndgodinaipjebbc\lsdb.js
    Filesize

    559B

    MD5

    209b7ae0b6d8c3f9687c979d03b08089

    SHA1

    6449f8bff917115eef4e7488fae61942a869200f

    SHA256

    e3cf0049af8b9f6cb4f0223ccb8438f4b0c75863684c944450015868a0c45704

    SHA512

    1b38d5509283ef25de550b43ef2535dee1a13eff12ad5093f513165a47eec631bcc993242e2ce640f36c61974431ae2555bd6e2a97aba91eb689b7cd4bf25a25

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\7zS7FCF.tmp\bkojlbcbfmjdcgmogndgodinaipjebbc\manifest.json
    Filesize

    552B

    MD5

    8071a311337c0df23f4b7d417f6db406

    SHA1

    b8ee3931a76a601ca8da7a58a939dca9b308da41

    SHA256

    77c6657c4667649aff331bf26872dc7d1d7377c34567edc8cb995141698bcef0

    SHA512

    339fc43b3f56beca9e486ba457c7f567020d883e750f644b2dfe7a7d1949c1ef7ce409220686cc3732ebc5da61ba084a90fc659356ae649fb6c71c364c37ed9b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\7zS7FCF.tmp\bkojlbcbfmjdcgmogndgodinaipjebbc\newtab.html
    Filesize

    370B

    MD5

    2dac88e1669bfa14cd8592c9599a8b10

    SHA1

    4b14101cdf0c90fcd761a548e1c78e6c3f470094

    SHA256

    05f3dba7a94c03893e4b7593f69c49cf49698e90173cf2242b8f050e7e695eed

    SHA512

    dc2868a984e4292f5bd19e7baaf7dd27cf89003a506c8d772797631ff0a97ad0b77a16c2c78af746d120f65c91553c062557fe634a6ed3134aa74f9531e06536

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\7zS7FCF.tmp\bkojlbcbfmjdcgmogndgodinaipjebbc\sqlite.js
    Filesize

    1KB

    MD5

    5467b2065b6d7e833fc039ba82775070

    SHA1

    2bae837fb498ea31e5c44281f1f9f375ef197152

    SHA256

    526ca9ac7d025598bbd8e7fcff62aa6f9b51ab5f71bb26f77931fee0158fe453

    SHA512

    84e09aea70fb0fc6217b3003f39ae358ffc52205b2058826471733bb792cb8df5d174d54a801f86585fcb12e3450ee7d9bcfc4441401323d4807573c0cf73735

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\7zS7FCF.tmp\[email protected]\bootstrap.js
    Filesize

    2KB

    MD5

    5cf1a3816c79825c224fe306bc185a72

    SHA1

    9353936834a7f12cb42b2b488ae9985560d5f100

    SHA256

    60f16bbe9e185daa19cd06ff41853355b63548e20990943606c2ab454edd6579

    SHA512

    6d60bd0fc4055029d46db968e8611a981ad21085cca7619a422e2ed55e56415aeb158d285f2e863709b4782e77c2ae255bed76cff038e98dd24a332a3d5efd2f

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\7zS7FCF.tmp\[email protected]\chrome.manifest
    Filesize

    100B

    MD5

    0c0a373b71e47df0ed4a05751251f494

    SHA1

    350efa12a356d20e00978c898f0ab85ec28b57f3

    SHA256

    719d91ec5358f5f637378d73b44e13845bac36d2c13a0a6343565489172bbda8

    SHA512

    e6079ee069c975103f95509d19c0cec1c5e6086fb2e44d2921b9c34058fae4fbb07333067b13224adad85892b28a30dab79ffa7a23d7afc1adb52e3ee36b97dc

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\7zS7FCF.tmp\[email protected]\content\bg.js
    Filesize

    9KB

    MD5

    5953cd214148d4c52c4a1cba97e143f3

    SHA1

    3ddbf08203cb2e7286136bc996a617d765f93aff

    SHA256

    d7019117ce300959916690f7c0e8653d1c055e1ad7ce00fd931575efec594d16

    SHA512

    15bc483c3cb711d1fe3a8da9e063a386e4ed36c88976a8f6d0df5b7eafde2f61bba381c083085f62cefc1d697569005988da91bc7ba360c617001189e2b8b3e9

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\7zS7FCF.tmp\[email protected]\install.rdf
    Filesize

    605B

    MD5

    e58e1156d7eb3002c9ad663fc76d6941

    SHA1

    71a52bf211ad2f369982d6400b99c4ee0c6dda03

    SHA256

    673153dd4c41dbe3ff1d6c7625412368604971ae59e3dcf132f4df159d30c1ef

    SHA512

    f96a155733827c995e54983a169135db6f76f21008b4c9f011fe6e971e06091205929a744d6b0be450c76700d50a98d296eb73a9d0baab558e4d0b6ee47fc612

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\7zS7FCF.tmp\settings.ini
    Filesize

    7KB

    MD5

    359cc6e63a471beb24dbc90b9296cbcf

    SHA1

    5e6203d3fdc45ef933845dbfb1239ed07d974d72

    SHA256

    37727b084ff1067e9739dbe1a2f39393f626123215043b358adb1f2fb07c1442

    SHA512

    ed8059af82aa88ee472f200149a17efad35dd25825533c0ab6f82411d058538e260be4578bf6632346f23cd9db791904ffcda7d858d13a49b8b3915608962001

    Download Submit