Overview

overview

7

Static

static

3

2f12607afc...18.exe

windows7-x64

7

2f12607afc...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    09/10/2024, 09:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2f12607afc83356146f649cfd14bc8a8_JaffaCakes118.exe

  • Size

    2.3MB

  • MD5

    2f12607afc83356146f649cfd14bc8a8

  • SHA1

    9ca0739604ae2e25f0a19ff3631ff093fe9945f3

  • SHA256

    f0b620d651aa9b1c3dbde204a7252a46be3cec9d60c30bb2b88613ad3822c020

  • SHA512

    27fae2473f8d906f5da53e9d81e82116a6b0605adeb7db59bcfdce5459113d298ce97d9566e53a1c5f3a23ef7eb70115060c0e60d59994ca49aaef2754d10d0f

  • SSDEEP

    49152:Iu26FYYHawTokhyUT7aVa3+gws2GsMI9K2upHJcQrtnGQRoEebA5rOYiZn7:L2+HNj6V4T7IMRp9JGgoEebSivZn7

Score
7/10
adwarediscoverypersistenceprivilege_escalationstealer

Malware Config

Signatures

  • Event Triggered Execution: Component Object Model Hijacking 1 TTPs

    Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    persistenceprivilege_escalation
  • Executes dropped EXE 4 IoCs
  • Loads dropped DLL 10 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Installs/modifies Browser Helper Object 2 TTPs 6 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

    stealeradware
  • Drops file in Program Files directory 26 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 6 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 62 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Modifies system certificate store 2 TTPs 4 IoCs
    evasionspywaretrojan
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 33 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2f12607afc83356146f649cfd14bc8a8_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\2f12607afc83356146f649cfd14bc8a8_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2068
    • C:\Users\Admin\AppData\Local\Temp\is-JVTA5.tmp\2f12607afc83356146f649cfd14bc8a8_JaffaCakes118.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-JVTA5.tmp\2f12607afc83356146f649cfd14bc8a8_JaffaCakes118.tmp" /SL5="$400F0,1737902,70144,C:\Users\Admin\AppData\Local\Temp\2f12607afc83356146f649cfd14bc8a8_JaffaCakes118.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops file in Program Files directory
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of WriteProcessMemory
      PID:2772
      • C:\Program Files (x86)\Inbox Toolbar\Inbox.exe
        "C:\Program Files (x86)\Inbox Toolbar\Inbox.exe" /regserver
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Modifies registry class
        PID:2100
      • C:\Program Files (x86)\Inbox Toolbar\Inbox.exe
        "C:\Program Files (x86)\Inbox Toolbar\Inbox.exe" /install
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Adds Run key to start application
        • Drops file in Program Files directory
        • System Location Discovery: System Language Discovery
        PID:2456
      • C:\Windows\SysWOW64\regsvr32.exe
        "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Inbox Toolbar\Inbox.dll"
        3⤵
        • Loads dropped DLL
        • Installs/modifies Browser Helper Object
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Modifies registry class
        PID:2104
      • C:\Windows\system32\regsvr32.exe
        "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Inbox Toolbar\Inbox64.dll"
        3⤵
        • Loads dropped DLL
        • Installs/modifies Browser Helper Object
        • Modifies Internet Explorer settings
        • Modifies registry class
        PID:2392
      • C:\Program Files (x86)\Inbox Toolbar\Inbox.exe
        "C:\Program Files (x86)\Inbox Toolbar\Inbox.exe" /afterinstall
        3⤵
        • Executes dropped EXE
        • Drops file in Program Files directory
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Modifies system certificate store
        PID:2516

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\Inbox Toolbar\Buttons\BTN_2287.xml
    Filesize

    5KB

    MD5

    be1e4827a19ef48648563a9e98b6f188

    SHA1

    80afc7ad0008a5de7b9731546447589afd5066fd

    SHA256

    7bbc09b928b2391000a935287b140f5d240206f7b0bda3c3917dbe825a938406

    SHA512

    ffb55e001edd82cbb3568e8a78afc90a9848efa9d79f4490d9cf707581399c8e4a60048f0c883a5c27944e26588d4f31f944724ca5cd307c3a3473afa03c0fc9

    Download Submit

  • C:\Program Files (x86)\Inbox Toolbar\Buttons\black_brown.xml
    Filesize

    50KB

    MD5

    9db9a8baf643a3512feb2f1014782c72

    SHA1

    04538d23239e716694e5ea17f7bb9132aa0e3939

    SHA256

    82f18d65fae1ab1f78afabc7d44cf3725b4a65c93d21d40d776ef69762310f41

    SHA512

    612d7348882a6d0f1ddc86228556bee42e555143ee9ca78000a52d01e764078c80d205796eb9de39e903a35a84b12abf69e4bf4bfb4976396ab1109c34812a36

    Download Submit

  • C:\Program Files (x86)\Inbox Toolbar\Buttons\general_youtube2.xml
    Filesize

    5KB

    MD5

    9d25e413b26edd6157f92e120941a856

    SHA1

    97bfd31d3282cc568e74f8f8b86a3b59f32d36e9

    SHA256

    694696a703a7e7e27d4da7d7350c6d2eb1cdf3d4494ce523290d94e322436c08

    SHA512

    481416e4de97faa516d2f3f6a34f2a5a6a9c11f12365e07c712799a9f5e549fc05d1a54a0d46e72eb7c1a1525540bbe8f1e851cf8ef486808e43d77673bae056

    Download Submit

  • C:\Program Files (x86)\Inbox Toolbar\Buttons\pinterest_button.xml
    Filesize

    5KB

    MD5

    5edb9f1e0f48304c7e7ac837a54a12d4

    SHA1

    3380c2b399018cec277fb5111cb2b8dec5868815

    SHA256

    ad88c981ad1cfad58e72b60dfb9d4357c1337e3b32e81d80c665d3e3a9d60405

    SHA512

    15c4ab8e80458e5684d2ca9e41f518cbeb48cf8d783e9b75ac0925098f52f4ccec4833f0f8513c40d5330804629b57bc970edcedbcaee168efc8c6a04b585397

    Download Submit

  • C:\Program Files (x86)\Inbox Toolbar\Buttons\social_facebook_panel.xml
    Filesize

    4KB

    MD5

    bc28784f4872f3d8a38c058825ecdfd2

    SHA1

    96f0a1631f4cc51fc71faf3bca0dc27ca971ae23

    SHA256

    6ffb7375b67cacff0a5c4a83bde7b958fb039f2f87344ea4b2a455828f651c10

    SHA512

    6585a1055336a4406261d03e4f5239e0cc3a793394f56bd67b26c702de2eaf9bb252be52105f64ba3aad056f601b2e8ec7f811e4a35680489de9d51be7cecae0

    Download Submit

  • C:\Program Files (x86)\Inbox Toolbar\Buttons\social_myspace.xml
    Filesize

    4KB

    MD5

    0ae22594aed7c3c0f6a2346a35070bcf

    SHA1

    4a52f1c230ce76a949aa33d473c504c430e28e42

    SHA256

    a148bafd6c429e6517c1e11156cc627aa4b4522915e9bf9503319639fe6784f6

    SHA512

    cc2a151839e7687acf48917d0b65235b0a32011e2342d6951436d84423355efc60ee6da3f83b1fcc29b2bc08cfbfe52d51227d98fda7d2af493652a3479ef90e

    Download Submit

  • C:\Program Files (x86)\Inbox Toolbar\Buttons\social_twitter.xml
    Filesize

    7KB

    MD5

    a0670c3f05b5e4c2887c8fa619b8d265

    SHA1

    0c4f1d91cf9d72bf072ad96e24768147994c2a01

    SHA256

    690bc31e087aaa869edf7ac2ca8ecb16386464be67c257dcab8fd4d3b27703b8

    SHA512

    7317d3ca895d34afb88ef7f0a1a2e3f00c335901902bf2a4ad8397d7cb6914a27e5227d1ff63c9ffece1c28aa910813ba75525090fd0695a625baee4fe42d8c1

    Download Submit

  • C:\Program Files (x86)\Inbox Toolbar\Inbox.dll
    Filesize

    1.0MB

    MD5

    5c9476a8dd88e998063cad755d08773b

    SHA1

    0c5bc8c95b89d1387516767f8baee232547aa01a

    SHA256

    c8b4b6787184a987c15dfbd05876c5bd10de311aecf0ec676b3e9723ffa38da2

    SHA512

    3756b6fb4fad4135391b8ff277e618270910914ef6c9437ab45c75b769fe8f8f9c09cb6b778d4eab457a2061c7cb8fdc8e6c124e021d39f454a63ce495fad80e

    Download Submit

  • C:\Program Files (x86)\Inbox Toolbar\Inbox.ini
    Filesize

    2KB

    MD5

    d41e340d6aecc63f275a2083f4f7672e

    SHA1

    9c36eadcb1daf21a220e0b980f5f03aa60ed5a52

    SHA256

    30914795633b9eadf69ab0244c344c58e9236c406b490673d850ce0cf8f55e0d

    SHA512

    62b8faad3d4f192a3ee7797a6477ceea9c0c6e7752aa7bcd53dfc9430d9080c8660fbbb5ba7272e5a258b05d42591f8e5fded882a247fbadb88d3016d55e002f

    Download Submit

  • C:\Program Files (x86)\Inbox Toolbar\Inbox.ini
    Filesize

    2KB

    MD5

    5ce4f8875b8f4ffe6f2ab757253fbfd2

    SHA1

    e47623b3634cdaa4f69694cf720a4099267881b8

    SHA256

    638a1000de70a7a95457c315ac03b7c7076a392a141604a89e2b4621ae049591

    SHA512

    42d86c5c8b879ed6a11370b38800348c4755f7fd6441b01e1a9a3915567d573bfa35ef339df9c7896860e645e1e8b94b99e73a380858fdcf07bc4b9fd30322e1

    Download Submit

  • C:\Program Files (x86)\Inbox Toolbar\Inbox64.dll
    Filesize

    1.5MB

    MD5

    eb251f95bc360011a82971390a90ef37

    SHA1

    51a4ef0f8fb78bd9c60c6f9521eca54a1615f5b7

    SHA256

    c45aa0cebd159797e58d05777773f7f4de26128386a5c9363eed75877ca04822

    SHA512

    7331c9264e559aedb9a7f209ab872d5f044e7cc5def5950ce414efee62c26b2224bc8725f0a4bc3f900833ef60654ab4e8b3a6528881238fdbe4b2c78945f8a2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Inbox Toolbar\config.ini
    Filesize

    30B

    MD5

    6e154bd2aab28f37a3bbe8ef394802e6

    SHA1

    6efea9c0fdc55c2345369441ef19c32e182e7ce5

    SHA256

    b581ae9e6dd4f3dcf66fad7afbba62279d195b5af63a997abb342761a5acd2d0

    SHA512

    b2b8b962a63cc21b55440c38960c22f9e1c76e377244a63c737a5ac4c15d3ded143f3ebaffed74707291c4526ed9a80f9a9e5ef351b50b4f4bb08b81e92669f4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Inbox Toolbar\translate.ini
    Filesize

    89KB

    MD5

    6b72fbdc939dffb3c9d268d521459f91

    SHA1

    948023c34ddd35bab4b83d80cabf6b7fb06eb5f2

    SHA256

    9b1c3b8a08541289d360526f37a4647a59fa40f474d2288ea6a5c3a947364fff

    SHA512

    f8948e0cc24361f361886a4f9467b8316ed093e0def78df860ed221e345a69a8cae785f57d08cfd3ac54741ea9dbde97f035eb88aa8d35b5529c32cf50b1d8e3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{C04B7D22-5AEC-4561-8F49-27F6269208F6}.ico
    Filesize

    1KB

    MD5

    34f4618666b7e80e687b25b82a7da5e2

    SHA1

    ab543a8992b71891139d608d77403a59bfabd501

    SHA256

    fa975f7a7a854a7730b1c92d1567706dce2eab80d78cf131eb1cec40e88cb7e3

    SHA512

    b7e4eeccdd9d84d9a352e9490f19d08c06c54554ac52e3ba9aa1a81de2181a6a185387a323122021303afe32da21ceb3f1f6aa3524c45a6c8d9abac4144237eb

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab3056.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar3384.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\is-7DSEE.tmp\RI_AfterDot.bmp
    Filesize

    84B

    MD5

    7ccd5a0af4da51cf4962f184fcf9456a

    SHA1

    de37f4521fa7fee49b37898f4136728e8971ee0f

    SHA256

    8f2374b30622dfae1fd0b9706520de34c5e1597c1531fddbff65bc0201132ac7

    SHA512

    d7c4fbc6a4413dc457400fa2e026dea5d639a5b413164cc6939284c46bb46b6ae8ff10184ba2da4f32ace89646b026400db2a49dd9894d71e88d003a91c8267a

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\is-7DSEE.tmp\setupcfg.ini
    Filesize

    44B

    MD5

    cda7c83a5eb697eb4c7a347e86ec4ac4

    SHA1

    baabc0527401b93af2fa4137439ba98470f79f1e

    SHA256

    f9c813a7932c6749176809d735e6974be2fefea730bd1c9e66f2e4e683cfafef

    SHA512

    ef450d355d5f39dd40352da5784d43c441267d972fa47d596fad3d7099a54174efaca970a51894ac319fa7985c622ee3b4057415fcf7c0fa61e5cc473cf6482c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\is-7DSEE.tmp\tbr_dots.bmp
    Filesize

    164B

    MD5

    adc799ec79eeaef366ea4dddf099c3ae

    SHA1

    556c915615a34a2499604b7b732ab304b20fdd4e

    SHA256

    7e7f18c73560f9c020abe1ab1f22705083281e2ea16ab0030fc927901b5b5d1e

    SHA512

    76962a17cc26d3f9886828be4e43373ac530165e1c627272ed7c0bc731133e97608e55d2e31f44592aad0d0974352155f41a0718aa0666ec128406b1050c1d6c

    Download Submit

  • \Program Files (x86)\Inbox Toolbar\Inbox.exe
    Filesize

    1.3MB

    MD5

    079c19cc6eda45b0ac316b649024e65a

    SHA1

    962d3750a7c91b19406abe74bfc28b9f1fbf3534

    SHA256

    04c86ea774eb13964972ea33ce58cf8a5e6ec1a673332f506b2f070d6c6ca4b0

    SHA512

    ba0fe67704fe5dd06b2c1c645c8fbd3e756883e80f04466926433064e733741fb4289f27f79c96c8c30e2397224ab8cee306836f86c76f5fac23c4cf1b98b0c2

    Download Submit

  • \Users\Admin\AppData\Local\Temp\is-7DSEE.tmp\DownLib.dll
    Filesize

    183KB

    MD5

    db25dfdd4c1f2b65c68a230881072695

    SHA1

    94cd6a3438041f0e61b0a1bea7b66461854efe69

    SHA256

    1b66aaf1e7e3c493dd96af3b7442ea60072f6e93ba45281eacd31a14ca7e7e73

    SHA512

    db69e4ab2218856e5184d9094e7e39705b83e3efdc15225067205c8faf6e5836145364f1d509192defa3b48864e72b9f8c0f2dc53a7adb2b86c655318b7afc2c

    Download Submit

  • \Users\Admin\AppData\Local\Temp\is-7DSEE.tmp\_isetup\_shfoldr.dll
    Filesize

    22KB

    MD5

    92dc6ef532fbb4a5c3201469a5b5eb63

    SHA1

    3e89ff837147c16b4e41c30d6c796374e0b8e62c

    SHA256

    9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87

    SHA512

    9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3

    Download Submit

  • \Users\Admin\AppData\Local\Temp\is-JVTA5.tmp\2f12607afc83356146f649cfd14bc8a8_JaffaCakes118.tmp
    Filesize

    1.2MB

    MD5

    e7106fbf42fbc6d5b08a18ada4f781b4

    SHA1

    36d4a629f79d772c0b0df8bd2ae2ea09108d239d

    SHA256

    64e1f1fa7d91920b17bc7bc679a4cd8d87ff5b104318b6921bb6bf6a19055635

    SHA512

    adf876296a952aadeb4f25211c0939bf5a278809b5d3007ad7e26c5d4975e7684d242c1b3de796efd474a47cb7ecdb80f9047935924a1108bf0e4d7c973d1845

    Download Submit

  • memory/2068-0-0x0000000000400000-0x0000000000418000-memory.dmp

    Filesize

    96KB

    Download

  • memory/2068-2-0x0000000000401000-0x000000000040D000-memory.dmp

    Filesize

    48KB

    Download

  • memory/2068-228-0x0000000000400000-0x0000000000418000-memory.dmp

    Filesize

    96KB

    Download

  • memory/2100-195-0x0000000000400000-0x000000000055A000-memory.dmp

    Filesize

    1.4MB

    Download

  • memory/2104-233-0x00000000022F0000-0x00000000023FB000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/2392-236-0x0000000001F60000-0x00000000020F1000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2456-227-0x0000000000400000-0x000000000055A000-memory.dmp

    Filesize

    1.4MB

    Download

  • memory/2516-357-0x0000000000400000-0x000000000055A000-memory.dmp

    Filesize

    1.4MB

    Download

  • memory/2772-22-0x00000000037F0000-0x0000000003827000-memory.dmp

    Filesize

    220KB

    Download

  • memory/2772-239-0x00000000046F0000-0x00000000047FB000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/2772-230-0x00000000037F0000-0x0000000003827000-memory.dmp

    Filesize

    220KB

    Download

  • memory/2772-9-0x0000000000400000-0x0000000000536000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/2772-231-0x0000000000400000-0x0000000000536000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/2772-354-0x0000000000400000-0x0000000000536000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/2772-356-0x00000000046F0000-0x00000000047FB000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/2772-381-0x00000000046F0000-0x00000000047FB000-memory.dmp

    Filesize

    1.0MB

    Download