Overview

overview

7

Static

static

3

18140aec9d...18.exe

windows7-x64

7

18140aec9d...18.exe

windows10-2004-x64

7

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$SYSDIR/$S...4_.exe

windows7-x64

7

$SYSDIR/$S...4_.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$TEMP/$_8_.dll

windows7-x64

6

$TEMP/$_8_.dll

windows10-2004-x64

6

Analysis

  • max time kernel
    144s
  • max time network
    141s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    06/10/2024, 12:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    18140aec9d83ddfc8c56d3effb6dbbf6_JaffaCakes118.exe

  • Size

    253KB

  • MD5

    18140aec9d83ddfc8c56d3effb6dbbf6

  • SHA1

    7d500bbbf180420b9dd0f82f730a6755a943220f

  • SHA256

    dbba3496d1815443593121454493f1bd43352fe4dd854c1ba4c18bb1ab71759c

  • SHA512

    0cd382a4537a5c90bf7cc80d4da5716fc2af8de07bce17098ac95b957a6afd91f66a8c26dab0ef8ad46fe003da49fd53a07f87b41fc8cfd0f5c6aa1062ceea8e

  • SSDEEP

    3072:MQIURTXJB5QbQ7gWLnChDGpcyclJJ3B+3HnyMZD2hLGIogeFwK4RiPFst6rabqOE:Ms5QbXGCUhkJJ3BxMZDgGIoge36carqn

Score
7/10
adwarediscoverypersistencestealer

Malware Config

Signatures

  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Installs/modifies Browser Helper Object 2 TTPs 4 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

    stealeradware
  • Drops file in System32 directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 35 IoCs
    adwarespyware
  • Modifies registry class 10 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\18140aec9d83ddfc8c56d3effb6dbbf6_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\18140aec9d83ddfc8c56d3effb6dbbf6_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Installs/modifies Browser Helper Object
    • Drops file in System32 directory
    • System Location Discovery: System Language Discovery
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:2780
    • C:\Windows\SysWOW64\regsvr32.exe
      "C:\Windows\system32\regsvr32.exe" /s "C:\Windows\system32\orndevveqxd.dll"
      2⤵
      • Adds Run key to start application
      • Installs/modifies Browser Helper Object
      • System Location Discovery: System Language Discovery
      • Modifies registry class
      PID:2980
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2704
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2704 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2720

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    258887104f451e68aae798534f858fff

    SHA1

    5469f049cb710fa49bb2f362025043d4858cc616

    SHA256

    39138fac91af2620df32c21783a0143b6e02704d614baea8a5f97c50be3a4513

    SHA512

    1bf8df1558480e6c2b5a60c8c119def1c57b9d3a9753392c3dce9d9e5123aeffea4f997b77eae641e8283a65b2796450ec1e28d8fd683941390773077c773d05

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    42ddb4d5ca13522563d883c3c3248d00

    SHA1

    41de1440951faed127131c1a1b4c9dacf6bbe532

    SHA256

    75701ff5d003abe43f0c2164253b28c5ec5f9db4c10b934702e463c742caf441

    SHA512

    ec9eb622cfb7c1a1845252d6c95e9c69cf0446c602c447ac6cb70ddb7bb383434207e09368de48a877c4901dbcd2c28e308b32c1462d48444c69fb2086575495

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7167d5f07e538c78a8b035a4a10cda9d

    SHA1

    82bf7127e9b3c9684319c345a5f86c11aa2d07be

    SHA256

    5768131e6bc29b27933e2be2d4e8e8cd10a688d9cdf7c054299d669a36baab81

    SHA512

    8ed754e80c36c61a048c277df255cce2c452b9158afb5f666dddf3427f4042ceaac79190e2272a8bd787fa2d20f14aefc32c7997ba24761f0b4db383ca1ed611

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0c0115c4752b549ee91f8849e8b396f4

    SHA1

    51d652bc0e4c239845c4b75eb1713fcece180684

    SHA256

    475fa79d594ae6eb20b9e8df950ab230c78fa4eeb24994c36a9bbe58d57e5403

    SHA512

    144e90df93bbc1d71729c39eba1ff1161f22a1197ba1e0b1c55c6b793d69b798da6a9e829e50cd45d16fc3dea687cb5294db47941734d1c2d2dad50f5bcb2e3d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fd270abe6787d5a810346eb774dcac2e

    SHA1

    f443ac6cd0583987c9d3ee559cc5b69c75b8cd81

    SHA256

    a9416637eb3e501d4cda8b5c6072f4e8f5dca621e8ee0a747a76fb1068a5b40e

    SHA512

    7de6d219cb9fccc747afd52394e0d8d2608056310f743587eaa35379ac9c36e7c49184f7444dfb2b899e781f196e19fb608a2862fc0b63dc1031317c88287ffe

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    027fb8883bf4f472f913953c4aedf981

    SHA1

    c5bdceb7428850347b92306323610576dd6af051

    SHA256

    d23eae243aef6989e84d0f7f3ef8f2b36f26dbeaa872a4aa1956db21ea17ab2b

    SHA512

    1415afb1efacbcf9a3e585f8afbebb4580e76de42bb06f8806ad92f9291611bfece0aec27c374781c4aa9d974d5871b53b4e648eb102086bb82040b6fc9e73a8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    838cebf839b3cb9784a96542d6a7f9b3

    SHA1

    213147a8a26d2675be64e9a289487cd3ee3aba32

    SHA256

    46ebb75a8f66cb1f6a4e037d28bd96d00521640de0794e4aee9dca58b24a6f85

    SHA512

    1f5e450ec03b0e505facb7bde8bcf9278ec2ddefda5965404f4ff1dff9539d16a2796b36d84026d7dff26abc8186bb84fc5621b82e88c48a8288977c83a5fe0a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2d7dee953e561bc02e2703464517da48

    SHA1

    76a0e669c40cc5b0b2056fa137906da0c5910413

    SHA256

    e26b459a8b8d7ccbcad321f706024b4faf992ab6a294c21e7e3808065411e766

    SHA512

    b27849c9188d262c08105aae6141bfb8a575d1ba7d517cc99c4cf41bd032dd8f197d25748496fae6f5451c10ed92715ba1e528937661a4602b030a59a12583fa

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b983a394c038c1d60e45c63b68c31070

    SHA1

    c1993fd6899ba87b2c80406aa80aafeb0e69cf67

    SHA256

    3432782f55a0e6783ef027819b3f947c9d006f3996d8e502e1078c755d06689d

    SHA512

    41f2addb25cdb68c95a8081d7fc9aca7f5d944a5f54d9bbe6085e022f4a95883f1892f9ee7f2c294a6c7f6494846ab5c2f8dd0bffc4b670e3e2a4e0241f9a6d1

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabEBC8.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarEC29.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nstBA6B.tmp\System.dll
    Filesize

    11KB

    MD5

    c17103ae9072a06da581dec998343fc1

    SHA1

    b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

    SHA256

    dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

    SHA512

    d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

    Download Submit

  • \Users\Admin\AppData\Local\Temp\orndevveqxd.dll
    Filesize

    491KB

    MD5

    0406b86752c4fea2a84260aa45bbde5a

    SHA1

    5bafc79b20192b8ac9820412863536c0b410cb81

    SHA256

    c0c293214cf2fc3e43a356dc0d14e9483e767a6271781da4e4a352f195ff6a1a

    SHA512

    03ac3bb6fcdcd582a44917033719218c1c3709b7b2f019ce24ae1ea8926d3f7dd73570d80c0399ff5b08e8dc5cbebe13a091babe87ee04e6ffd93a649cfda68b

    Download Submit

  • memory/2780-9-0x00000000028A0000-0x0000000002923000-memory.dmp

    Filesize

    524KB

    Download

  • memory/2780-24-0x00000000028A0000-0x0000000002923000-memory.dmp

    Filesize

    524KB

    Download

  • memory/2980-206-0x0000000010000000-0x0000000010083000-memory.dmp

    Filesize

    524KB

    Download

  • memory/2980-20-0x00000000002D0000-0x00000000002D2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2980-628-0x0000000010000000-0x0000000010083000-memory.dmp

    Filesize

    524KB

    Download

  • memory/2980-905-0x0000000010000000-0x0000000010083000-memory.dmp

    Filesize

    524KB

    Download

  • memory/2980-906-0x0000000010000000-0x0000000010083000-memory.dmp

    Filesize

    524KB

    Download