Overview

overview

7

Static

static

3

2e7daa6844...18.exe

windows7-x64

7

2e7daa6844...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    121s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    09/10/2024, 09:12

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    2e7daa684422ec801f1456a8278b28e8_JaffaCakes118.exe

  • Size

    55KB

  • MD5

    2e7daa684422ec801f1456a8278b28e8

  • SHA1

    375a1e51e8a4171a15c9c1a3d215497efcb6bd8b

  • SHA256

    64c6c2c3e29a17d4ebe3835c302d82b363f544a6244cf44e16f64bf82494eb59

  • SHA512

    1915a981f1ba7f681b7bebe3d4bd983cc38a92b780a04fcf02d2bfcfe0373e7969be974b51f18ff4b892fc3d14aaaf64723968453b609112aeefc89383a31a21

  • SSDEEP

    768:5aW710mtOV6i1T3yLKcr8oHfssft46Ieo133C0jBQxR2G:YoJtg6AjyVrhHfvtZw1Htm

Score
7/10
credential_accessspywarestealer

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Reads data files stored by FTP clients 2 TTPs

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Unsecured Credentials: Credentials In Files 1 TTPs

    Steal credentials from unsecured files.

    credential_accessstealer
  • Drops autorun.inf file 1 TTPs 4 IoCs

    Malware can abuse Windows Autorun to spread further via attached volumes.

  • Drops file in System32 directory 3 IoCs
  • Drops file in Program Files directory 20 IoCs
  • Drops file in Windows directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2e7daa684422ec801f1456a8278b28e8_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\2e7daa684422ec801f1456a8278b28e8_JaffaCakes118.exe"
    1⤵
    • Drops autorun.inf file
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:3056
    • C:\Windows\system32\Windows Update v.961090.exe
      "C:\Windows\system32\Windows Update v.961090.exe"
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Drops file in Program Files directory
      • Drops file in Windows directory
      PID:2824

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Windows\System32\Windows Update v.961090.exe
          Filesize

          55KB

          MD5

          2e7daa684422ec801f1456a8278b28e8

          SHA1

          375a1e51e8a4171a15c9c1a3d215497efcb6bd8b

          SHA256

          64c6c2c3e29a17d4ebe3835c302d82b363f544a6244cf44e16f64bf82494eb59

          SHA512

          1915a981f1ba7f681b7bebe3d4bd983cc38a92b780a04fcf02d2bfcfe0373e7969be974b51f18ff4b892fc3d14aaaf64723968453b609112aeefc89383a31a21

          Download Submit

        • C:\Windows\VORHPBAB.txt
          Filesize

          235B

          MD5

          8f42ce84e4ab200fe9ecb16cdf0be053

          SHA1

          e17cca6a0b778ad9d9c138463453825da2e139bd

          SHA256

          bca23bdfa3550ff70080fdf68f0dd8290ee8452e2bd50455b4e02826f6780ee0

          SHA512

          3a498959f7e899ae7c1425f6606103ef81e0a4d1c7886ccf16542f2d8b51552a7108cf73eb851d910813d483f03d5315ff7bbab053261a709bd1c7f7ef07db67

          Download Submit

        • C:\Windows\system32\SytemInformation.txt
          Filesize

          86B

          MD5

          f28b0566555639d1d48e242a6e15ad59

          SHA1

          6c7f5a2a86ab2f897ca38336329ffafbdf7fd85b

          SHA256

          2315e65f552e1c00066030eb51f25d41a7d3cb10e7892f1451614fde5b032400

          SHA512

          c36e4ba80d1d7e51b5bd60f92dc0e917170883912463dddab7cc82e3406c7d1fdb4d6e50add0840d44cc1a22a0c6d389fba0649b3d70f80b799b04413e8d86bd

          Download Submit

        • memory/2824-23-0x000007FEF5EF0000-0x000007FEF688D000-memory.dmp

          Filesize

          9.6MB

          Download

        • memory/2824-24-0x000007FEF5EF0000-0x000007FEF688D000-memory.dmp

          Filesize

          9.6MB

          Download

        • memory/2824-28-0x000007FEF5EF0000-0x000007FEF688D000-memory.dmp

          Filesize

          9.6MB

          Download

        • memory/3056-0-0x000007FEF61AE000-0x000007FEF61AF000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3056-1-0x000007FEF5EF0000-0x000007FEF688D000-memory.dmp

          Filesize

          9.6MB

          Download

        • memory/3056-2-0x000007FEF5EF0000-0x000007FEF688D000-memory.dmp

          Filesize

          9.6MB

          Download

        • memory/3056-3-0x000007FEF5EF0000-0x000007FEF688D000-memory.dmp

          Filesize

          9.6MB

          Download

        • memory/3056-5-0x000007FEF5EF0000-0x000007FEF688D000-memory.dmp

          Filesize

          9.6MB

          Download

        • memory/3056-21-0x000007FEF5EF0000-0x000007FEF688D000-memory.dmp

          Filesize

          9.6MB

          Download