Overview

overview

7

Static

static

5

282ef99b6e...18.exe

windows7-x64

7

282ef99b6e...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    148s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09/10/2024, 01:06

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    282ef99b6eb61cee00223678d599851b_JaffaCakes118.exe

  • Size

    281KB

  • MD5

    282ef99b6eb61cee00223678d599851b

  • SHA1

    a27f9b4aef41147b04874e944d0c9bf3b8dc42a7

  • SHA256

    db9e5139d623452d9d765bd3b5d5718469fe9ae7acadf72215f997d12044d903

  • SHA512

    61f28cf81ff50e90ed938e965737c875030302dacd31b903bed990b78955215be42e06e96fa34c683170754a794524e65935872b8e8591ca8a21623aed852169

  • SSDEEP

    6144:3eRowJ8c90lALqkUpIvZ0ZMA151oIrlosM2saGoSp:uRowJ8g1qTg0ZR1t1MdloSp

Score
7/10
adwarediscoverystealerupx

Malware Config

Signatures

  • ACProtect 1.3x - 1.4x DLL software 5 IoCs

    Detects file using ACProtect software.

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 3 IoCs
  • Installs/modifies Browser Helper Object 2 TTPs 2 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

    stealeradware
  • UPX packed file 7 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 7 IoCs
    adwarespyware
  • Modifies registry class 42 IoCs
  • Modifies system certificate store 2 TTPs 2 IoCs
    evasionspywaretrojan
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\282ef99b6eb61cee00223678d599851b_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\282ef99b6eb61cee00223678d599851b_JaffaCakes118.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    • Modifies Internet Explorer settings
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3092
    • C:\Users\Admin\AppData\Local\Temp\DZ606314.TMP
      C:\Users\Admin\AppData\Local\Temp\DZ606314.TMP 1 2 "C:\Program Files (x86)\Common Files\system\DirectX428777.dll" {B69F34DD-F0F9-42DC-9EDD-957187DA688D}
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:5040
      • C:\Users\Admin\AppData\Local\Temp\DZ606314.TMP
        "C:\Users\Admin\AppData\Local\Temp\DZ606314.TMP" 2 "2" "C:\Program Files (x86)\Common Files\system\DirectX428777.dll" "{B69F34DD-F0F9-42DC-9EDD-957187DA688D}"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Installs/modifies Browser Helper Object
        • System Location Discovery: System Language Discovery
        • Modifies registry class
        • Modifies system certificate store
        PID:4828

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Program Files (x86)\Common Files\system\DirectX428777.dll
          Filesize

          139KB

          MD5

          0294aa91bb3bc157d06cde328996fd87

          SHA1

          efaed75fb9823758a69b86ad8ed15d347611f17f

          SHA256

          25480fb8ce1bdb8987bcc99a38ac5709a21df0d301e53003901941147c970976

          SHA512

          65a418ca5a67d8c87d8d5af6082707d03cc54bfb84bd85cdcfc4ca1c4111268aa42615371a8d310d9ed4ad1c41bb3214b3689048c4f0073dd7cd88ec05c7c5d6

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\DZ606314.TMP
          Filesize

          57KB

          MD5

          4967412e78ac07cbcef236fdff0a585a

          SHA1

          c331355f7d2b5250e7b9cdf775b7289521fbf2c7

          SHA256

          a1bbbfd75f07187c839d8310f273b893f8926375ff6648b774847559bd88a9d4

          SHA512

          f923fb4cf000257c5babc83989956407ead3f0213bc13c16327baaa29200ffd62d803ee800b3aa14f540348c9d351a5822f94d9134a085c7b060c544b9f4efd3

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\OCLEAN.dll
          Filesize

          9KB

          MD5

          8a57d07872366600c5aa172c6d39a02f

          SHA1

          acc5853d3102fa3192f450e8354fbe8ac5a546b7

          SHA256

          d83e40d529ec8b2742adf62f7816b584d47dd96b358b404b8cefe5b817239487

          SHA512

          c49de70e67e72e2047a6ac2bb2a03160aaf5ff196bfc6aecc8a0ff6b616bedf5b51701a4c1479f0afbf56f8c6eb0feecce97d3697baaebe93f29ff3ac9f388fd

          Download Submit

        • memory/3092-0-0x0000000000400000-0x0000000000447000-memory.dmp

          Filesize

          284KB

          Download

        • memory/3092-20-0x0000000000400000-0x0000000000447000-memory.dmp

          Filesize

          284KB

          Download

        • memory/4828-14-0x0000000010000000-0x0000000010009000-memory.dmp

          Filesize

          36KB

          Download

        • memory/4828-17-0x0000000010000000-0x0000000010009000-memory.dmp

          Filesize

          36KB

          Download

        • memory/5040-11-0x0000000010000000-0x0000000010009000-memory.dmp

          Filesize

          36KB

          Download

        • memory/5040-19-0x0000000010000000-0x0000000010009000-memory.dmp

          Filesize

          36KB

          Download