Overview

overview

7

Static

static

3

107cd56ce7...18.exe

windows7-x64

7

107cd56ce7...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    03/10/2024, 20:59 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    107cd56ce7cdfe401a3f61d3e9750854_JaffaCakes118.exe

  • Size

    1.0MB

  • MD5

    107cd56ce7cdfe401a3f61d3e9750854

  • SHA1

    cfcca9bcf5d93b491177052695bdefa635ee0fd3

  • SHA256

    3c0888e4f8ea183d7783cb2df68fe36a93bb6196bf1fbd1488e666ebe21781c1

  • SHA512

    04067261b0072e0a4ba54a46812aae0ad916481e9fe54b653412306d5562a2422d8a71517105e8bb7109b70c1bddbe8af025a5f6dfe1489d7f8acf3b4a9263ce

  • SSDEEP

    24576:tLizC9n2FbSAvouvAcmtid1sWFczNaV5lGJc95:tLq0ncBvoxy1sWaQ5b95

Score
7/10
adwarediscoveryspywarestealer

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops Chrome extension 1 IoCs
  • Installs/modifies Browser Helper Object 2 TTPs 4 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

    stealeradware
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 4 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs
  • System policy modification 1 TTPs 2 IoCs
    evasion

Processes

  • C:\Users\Admin\AppData\Local\Temp\107cd56ce7cdfe401a3f61d3e9750854_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\107cd56ce7cdfe401a3f61d3e9750854_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2784
    • C:\Users\Admin\AppData\Local\Temp\00294823\XqMi.exe
      "C:\Users\Admin\AppData\Local\Temp/00294823/XqMi.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops Chrome extension
      • Installs/modifies Browser Helper Object
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Modifies registry class
      • System policy modification
      PID:2748

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\00294823\VN5.dll
    Filesize

    258KB

    MD5

    e1d10cccd5dde588af8ee2cb7309523c

    SHA1

    0b9e805077320b0ce1e6620488bd34f1c4d7827e

    SHA256

    9900e517bfd4b39bd7af4bb360af52f6c95ef9b3e7ef36d2633485c58bef9a1a

    SHA512

    a929eaae12f5cb28e224fc31298af2808f995c5a06bc6f47d95879703dbb9369e2e35b4e50a452e91741e6a949336220348dbb3c389c46ea2e0ca41f592dcaa0

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\00294823\VN5.tlb
    Filesize

    2KB

    MD5

    9156db5f76d48049dbc41fd1b58b3f34

    SHA1

    5eb1df59f9b5b06ab00137fc9e6451e323d3102c

    SHA256

    66fab808188a98ba49d99b723a181aa6626197d50bd2d5e15e076dcbc6fbb2cc

    SHA512

    742a77e71c34632146e16acadb6b381694072c7f4c2dea1df1dfc645ed42673ba153c832d167474dc41f9b608142a8c41b4aecda1efdab90d87d4f5c718bf149

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\00294823\VN5.x64.dll
    Filesize

    319KB

    MD5

    4f5c722b8686afbea6f09c53171d44ca

    SHA1

    184c60aafbb12d1023b1ce2aff4d3708607a75a1

    SHA256

    870c280ea861313edda0bd3950dc738ea68d006f315888d66023b54e5f98f0ea

    SHA512

    e471a86079a16d129ea0c01878af77d1aa132e629832d3f0f3d1f8a3dd250ed41c8d2f37403a10c8061fff07c07dda926ba7ffcc417c6e0100005a0f2721417a

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\00294823\XqMi.dat
    Filesize

    3KB

    MD5

    16d3c55f175041cb12568df3082d4994

    SHA1

    e7f06d0acdaa2b67d3a2c2c828107ea5e56f0e5c

    SHA256

    b1ac07b6bc1501e003dc77376ad7456dcadc95730d6a736d5033df0c4751ca57

    SHA512

    0d629083da56cb5d7776381723674b271260421a5134595053bc786e703bea59dd758471eb70f28a717dde458903d6e356d1408596d4268f0bca1e3051aa1fba

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\00294823\eya55w@fjfieaik.org\bootstrap.js
    Filesize

    2KB

    MD5

    1b53c596cfb1aa2209446ff64c17dabd

    SHA1

    2542da14728dcdbe1763f1ee39fe9ceae38ad414

    SHA256

    a7dfea4bf7e1d46a8b8e64ccfb2cf35017e3a5b350eead26d6671254d2b3c46f

    SHA512

    be54481675c38ef6a41697cf8cd3ab5a0b126922b192732a9c587dd8905b74b66c79eb0c849f62bbe8934979a894be63734b0ad59ffae295f5797cbfaa327030

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\00294823\eya55w@fjfieaik.org\chrome.manifest
    Filesize

    100B

    MD5

    1ace832cd8e2e31af483a58dee5aec99

    SHA1

    e1f2c698c979dfd362be6a1e73e13fdb9c5cab1c

    SHA256

    1fcb98ec9141e6dc24eca789c9a3cbc13653640a5ba65d40dd14b4c794047bc7

    SHA512

    95c974376ddb82032aceefb339e5662b94fcaad8657d2069d9b8ebb7e952f1118c41d1d028f5020091d2dd0c68378128784b3704f31b79181d04e574c236ebc4

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\00294823\eya55w@fjfieaik.org\content\bg.js
    Filesize

    9KB

    MD5

    e1176ea931bc0d00ca9c9ae4f8f4cab5

    SHA1

    e1b7b814bf079365aa75d142e91919f85a6ef935

    SHA256

    6e1cb4e934a5121b4e615ca1c297db210994a7f1930b1aa15183c7e4870b697a

    SHA512

    84efcc6ccc301aea6e679b417f87f482bff7b412b4a6ad4c32b5e6d28425bbaf55afa4a124414a3db1bcec1e10c2b55098bd6af062cc75b8bfa7d24c393d4326

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\00294823\eya55w@fjfieaik.org\install.rdf
    Filesize

    610B

    MD5

    a02f96f7f5e83e32026994dab3500516

    SHA1

    178a12b0ccb7ebe2997575db37142119c8a9a67f

    SHA256

    1f7623fd2fd29d232278174bc3609806e2a37debcd4760bfa6ff4e9d8a9216a2

    SHA512

    7a0beb083df76f68dd5ef6c3717fbc0d2bf9162d41b958a860b6da49c5baef04bd589b941121a5f813c099dac4742fc8b74ddcce78f78d3ff4d0e1a9907fc053

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\00294823\piekppflocehkeodedddohacmofafehb\background.html
    Filesize

    141B

    MD5

    88519b77f7528e829d3bdb830fa9b2de

    SHA1

    4fc51aa10d045fdfa9c970b81a60214bc2c47c08

    SHA256

    6edd6098619d074d6af40de5d11a5411f1a2f26415900dd86835f33c7dfa3b1a

    SHA512

    e2251630d1f0b8a7b8793f1475adb9e8a07a1895779704dc9caf9a8555b5929b785095a6423864b7a669b80f8a6d7074843d955c9b98705aa2b7703450b8d1b1

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\00294823\piekppflocehkeodedddohacmofafehb\content.js
    Filesize

    197B

    MD5

    5f9891607f65f433b0690bae7088b2c1

    SHA1

    b4edb7579dca34dcd00bca5d2c13cbc5c8fac0de

    SHA256

    fb01e87250ac9985ed08d97f2f99937a52998ea9faebdc88e4071d6517e1ea6b

    SHA512

    76018b39e4b62ff9ea92709d12b0255f33e8402dfc649ed403382eebc22fb37c347c403534a7792e6b5de0ed0a5d97a09b69f0ffc39031cb0d4c7d79e9440c7c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\00294823\piekppflocehkeodedddohacmofafehb\lsdb.js
    Filesize

    559B

    MD5

    209b7ae0b6d8c3f9687c979d03b08089

    SHA1

    6449f8bff917115eef4e7488fae61942a869200f

    SHA256

    e3cf0049af8b9f6cb4f0223ccb8438f4b0c75863684c944450015868a0c45704

    SHA512

    1b38d5509283ef25de550b43ef2535dee1a13eff12ad5093f513165a47eec631bcc993242e2ce640f36c61974431ae2555bd6e2a97aba91eb689b7cd4bf25a25

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\00294823\piekppflocehkeodedddohacmofafehb\manifest.json
    Filesize

    509B

    MD5

    562b92128e24c3b74ae786d47710c983

    SHA1

    9e82ec8000b2a9511552ae0d28d3ba26178caf0a

    SHA256

    93116e99b6b258d0a7deb24e587a7364678b22038fe6f701fc8e5607d3210615

    SHA512

    0d7923c47eca22fc87039c3b42caa1c3d830593406f3123a2f43dbacfd67eefa2b1cf4e55188bebbd9475ce1f5c41d292ecae0428a4a13d6f32f98c3cf7e4992

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\00294823\piekppflocehkeodedddohacmofafehb\n91w.js
    Filesize

    5KB

    MD5

    8cf43ce9711016672da531c45294a668

    SHA1

    73cf211fc71db21a29970523ed917ab7d299a495

    SHA256

    1fdb45185d4a196c35d464b2e5f23cf507b656fbc2babc628c285452aed6d382

    SHA512

    da961f3bceee286f5c7354ffb6b923e8441421cc1f7a3712553a16f5014e640e9dfa30614a88bd2a6d1d36d4a92396d81a399ef2d0020560ddd4bfd5da421aad

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\00294823\piekppflocehkeodedddohacmofafehb\sqlite.js
    Filesize

    1KB

    MD5

    0d8363a87db83f0d1108d2e1ed18d44b

    SHA1

    ef1e9385181a853448d5dbae4e28942b9c23fc3c

    SHA256

    85d7e06c5982d04f7e70e3d9e533a20c47015567be555985170752e76eb74193

    SHA512

    bb5f8edff15d10f00d4f99c7962e0fc5b42b4eef86e8fcc5ef0de7e4d46da7cdcdf7e03f1f8740934dcde587458390b8cb8111cccbe16da4526f5f2a6d4b476a

    Download Submit

  • \Users\Admin\AppData\Local\Temp\00294823\XqMi.exe
    Filesize

    334KB

    MD5

    8300c91b40229b42301aebc6d8859907

    SHA1

    0b55e56a6add6b4dd4ceff475a0018a203d02a5a

    SHA256

    f54a6814ac06c70ef5b738eca4855e49039783d96b70ba1ae461bd90877e53b5

    SHA512

    0863750da143e1707513f4a2efe1ad6cf81f5a819c7d5496d1629745afffcf72338aa9de90479d5e0936e848f9b260c434fd369027c56be175814086cafd4d8f

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.