Overview

overview

7

Static

static

3

30810519c7...18.exe

windows7-x64

7

30810519c7...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    97s
  • max time network
    98s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10-10-2024 15:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    30810519c7220ddc034cf2632b147aec_JaffaCakes118.exe

  • Size

    113KB

  • MD5

    30810519c7220ddc034cf2632b147aec

  • SHA1

    5f02b96ebd361386e450b7565dd2b7818e5b7029

  • SHA256

    7058dcdda6e626188e9aaeb78ef460f66311ea6d04da878770b9327adee2adce

  • SHA512

    91fa51608cbc43df667163008f7f959075e021db84c312c90c910715509e493993a19255c1a46402e8731e248b2f71325ed5aaa564a90ca6781b1938ddd9959e

  • SSDEEP

    3072:h4eYZ4+1JXJJbdR87s9qY31si4n0VR/yPY4gNE0DD:q5O8tssEY3Si4nQyPY4gyO

Score
7/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 64 IoCs
  • Drops file in Windows directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Modifies Internet Explorer start page 1 TTPs 1 IoCs
    stealer
  • Modifies registry class 32 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SendNotifyMessage 2 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\30810519c7220ddc034cf2632b147aec_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\30810519c7220ddc034cf2632b147aec_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Modifies Internet Explorer settings
    • Modifies Internet Explorer start page
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:1472
    • C:\Users\Admin\AppData\Local\Temp\Installer.exe
      "C:\Users\Admin\AppData\Local\Temp\Installer.exe"
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      PID:4220

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\Installer.exe
    Filesize

    69KB

    MD5

    5a4e76ff84eaf2f7f7596a6e0c675b33

    SHA1

    4d8623f89812fb8b754e3582d73ac97b6c54d98c

    SHA256

    751099188bdaf484ec2d754beda6ad8a798a9f6f80e4769465b2ac9e02595b27

    SHA512

    30151d7fe609ade1a8a48d310c9be4dadc8d49f73e6818f2cf807ce30319c78d67d4d92d47af2ab36ae4ca6a38eff264af5036b6c873a8864f5aa6f368c05b3e

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsh8A8E.tmp\ShellLink.dll
    Filesize

    4KB

    MD5

    073d44e11a4bcff06e72e1ebfe5605f7

    SHA1

    5f4e85ab7a1a636d95b50479a10bcb5583af93f3

    SHA256

    b96b39cb4ad98f4820b6fd17b67e43d8d0f4b2667d50caa46eff44af245d75bb

    SHA512

    e9f99b96334764ae47aa026f7f24cfb736859a9131bd1c5ec7e070e830b651787f49910911f82e4ade0dc62fea0ad54ba210b07e44830eb2be6abb710a418a98

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsh8A8E.tmp\System.dll
    Filesize

    11KB

    MD5

    00a0194c20ee912257df53bfe258ee4a

    SHA1

    d7b4e319bc5119024690dc8230b9cc919b1b86b2

    SHA256

    dc4da2ccadb11099076926b02764b2b44ad8f97cd32337421a4cc21a3f5448f3

    SHA512

    3b38a2c17996c3b77ebf7b858a6c37415615e756792132878d8eddbd13cb06710b7da0e8b58104768f8e475fc93e8b44b3b1ab6f70ddf52edee111aaf5ef5667

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsh8A8E.tmp\inetc.dll
    Filesize

    20KB

    MD5

    8d8fdad7e153d6b82913f6fdc407d12c

    SHA1

    aabbeed33cd5221e4cb22aab6e48310df94facfd

    SHA256

    e727c8bba6686c4814602f2bc089af4b4cf3498d1dbe1a08d8c4732da5ba046b

    SHA512

    42bc0ce1aca63904c34025307fd4b1d9f480ae47e42e7dfa48bbbf8286d947de2989435ad7a748951291307949217afeebcd31d10a1356c9366d3187085773a2

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsh8A8E.tmp\md5dll.dll
    Filesize

    8KB

    MD5

    a7d710e78711d5ab90e4792763241754

    SHA1

    f31cecd926c5d497aba163a17b75975ec34beb13

    SHA256

    9b05dd603f13c196f3f21c43f48834208fed2294f7090fcd1334931014611fb2

    SHA512

    f0ca2d6f9a8aeac84ef8b051154a041adffc46e3e9aced142e9c7bf5f7272b047e1db421d38cb2d9182d7442bee3dd806618b019ec042a23ae0e71671d2943c0

    Download Submit

  • C:\Users\Admin\Desktop\Internet Explorer.lnk
    Filesize

    2KB

    MD5

    031d428ad22eee4236c02e4b2033b28e

    SHA1

    52c7e6a39314d7dee6e775041a47a2f2ee3b5d86

    SHA256

    6d9ce4d3015c314c167a6dbdb92d13ee9772fc765dda4d5135bee51197c8ed4c

    SHA512

    2e1b7b5ec1358637ceac04199887f040e81f2fdccd13bd8def7eeb3e86ad25c9ed6defedd1e8f15b8f7772542161960ce20e5f900655bdde1be6fb6abbf27fb6

    Download Submit