Overview

overview

7

Static

static

3

37215c6941...18.exe

windows7-x64

7

37215c6941...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    140s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    11-10-2024 22:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    37215c69415365ee696e2115c15bae56_JaffaCakes118.exe

  • Size

    1.3MB

  • MD5

    37215c69415365ee696e2115c15bae56

  • SHA1

    ce7e0ca02972b11d7659ee9590540925e8a92c0f

  • SHA256

    55e75effc03e98f6671570d74b556fe891279f1115a0e9982727b0bad9f97eb3

  • SHA512

    6afea9ddfe4c79222e2b24036b3c2584eddeffb6ef2096274965927242a61618764272d7e3447eb47d3eec6491588930c2eaca14eda21777f4bf7b0ea4e128ce

  • SSDEEP

    24576:frJKUK/juqkncxnfS//2oYP+ENxuIW/Rjl/lVlP64htKQtsVELVDiicYQRebMyHz:f1Kb/juqgcxfSE+HIuRjl/lVlP64htKB

Score
7/10
discoveryspywarestealer

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 37 IoCs
    adwarespyware
  • Modifies Internet Explorer start page 1 TTPs 1 IoCs
    stealer
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 22 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\37215c69415365ee696e2115c15bae56_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\37215c69415365ee696e2115c15bae56_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of WriteProcessMemory
    PID:2992
    • C:\Users\Admin\AppData\Local\Temp\crpFB70.exe
      /S /notray
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      PID:1824
    • C:\Users\Admin\AppData\Roaming\B1Toolbar\hpet.exe
      -home -home2 -hie -hff -hgc -spff -et -channel 162341
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Modifies Internet Explorer start page
      • Suspicious behavior: EnumeratesProcesses
      PID:2364
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.4shared.com/file/9q0PlJOb/Finder-CWM.html?ref=downloadhelpererror
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2124
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2124 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2608

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e899acfa595b92d52e04cd1cdb86beb1

    SHA1

    b90e8c5df9f919313cc1a304e802449ac6b0f82f

    SHA256

    fff45ad3cd73c5eb4ba83481958a4a84f0bef03da4ffc465989631fae9b5d296

    SHA512

    7506f551cea98ccd635ce01154edc3ab3a54188eca041f35ea393b29052667af9f9c02f035eb674460d2171b38bc21db2d376c83820fd46bc9ca9c5452b76ac3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4a20d5f94ad02f724d36374ea8facadb

    SHA1

    8b3f491e7ff6100f6b3bd3c8a4faf775541bc7e2

    SHA256

    0af36ec1de41b95efd4982e8019c5e671c97e3a6806aabb8bde091408fcd46bc

    SHA512

    39ce1200aa3a68407c51831ee9a89985dd2ed41d69963c663e54de4b27d170c1f8992b33f0439d38b4002a12ed35ffdbeeb5c7919706ff6a521546e103bd3ad8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2402dcb9f377acee58b0359fad20f15c

    SHA1

    275fec2d3d64db3bb16eeb0d12972b80fc1bdfda

    SHA256

    00e5901e9101db0f9a626bd62efa52225747bbcf8651045194e966a29d302d57

    SHA512

    b2d2bd4575a14d4f6e83ca7064497b0a875b7b1fc51b4e7ba420250c5d5bfccf5ecf0578fe06804316b2f033803e7c7bcc7a74d9c57908953e807e570454951e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5c05fe012a6514056700f29fe2a6eda8

    SHA1

    b1475b2c9f3e93bc441e7668dec84cdf6df10816

    SHA256

    8d1ca74477febad364bf5abf04e05875eb973b7fb9fb559d402201796ae95905

    SHA512

    5c2668d6988baa4abdb2e006406440578d96eed58271d901e40ed14a9ce4a63d931510777905af3b46f3c510303273f205e4c6047655fbcf0e602282568465db

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ccebb19167c1c810e144abe09d2c4809

    SHA1

    e4f64012f745b3f3301b77918677e89e19d3f9b1

    SHA256

    18dcf37c913d183fe880d18cc16411289b1dac8108c86311008c350bf2d02817

    SHA512

    7c267c644942d73ac7516d6923b5dd8b7b36d52649ff0d6f78fa572487ac4112b416275ba66429a6c5b98069c1bb467727c38c04f66d933ba1460a03a3564de5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d5c1522ae30847b9cd13531343d1345a

    SHA1

    c3ae16e23502b6a8e9865dac3c2fa5a1031f8f43

    SHA256

    399f30abe05ae8845abb3b376056d7966f36acd1915b04bf2172766c80d174b8

    SHA512

    59004a09aa3b00f80806fb8f66ecc1c1c895c20be608f3492e8d1fa66be0284a8b27a930d438200da9132e039052862eabdbe7fb6bd95ad45cd3c8bebcef06aa

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    03c6dc894041fbfb1b7141f9a8d5d945

    SHA1

    3483d0555a2abc16eee3b778541e203df967eb2a

    SHA256

    0647e21f26b22fb4c554c7727557c7026cdfda842ade56c777e0771e86572b00

    SHA512

    dc2cb5da900a97431959a19779a6e18104e9249d08d76c606f04cce46d33495709555d7ddf5712e43175b18b4ef9b4150a4233faeac309c49731d133ab78222d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    969a0204c6036f16643fc192ba6bc7ab

    SHA1

    e82466f3bdb67abd8c015a5df1cb0e819a20215f

    SHA256

    f335f3f8cda74251043e7f33ed43e176e42d46204cd21fc7fffd4a83aae25c46

    SHA512

    bd73cf6288ebc193b605adcd74d6a222fe7c1c90e0d49da43589d602b3db77351794774a59812926ae32500f7583777d339c7992db9bded21f62f78923519896

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fb4a657e729faed8cdfe508e1cbbbfd5

    SHA1

    09603cfbb95ed5d9899f8798e5dee792f8255325

    SHA256

    9895bfdb426f6e97e8d66244ad1a48ae6742bb6fcd81a5fee445fa957a9a28d6

    SHA512

    7cfdff1630d218c953568746e7b07f959a3c95ea8db17303f47eafd52359bd470cc09888dd1ca6f781ab985571902f8ae6e0a8678063116e6a4faecdd31e9564

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    335c99119bf9808afd66e8e9fc3d68e3

    SHA1

    80180be2a33c30cee69f40a2ddf1560fbd9eb960

    SHA256

    f8abbc418be1d83cb5cf1ebaf46235df77730fd63d3b50a78bf9886248308678

    SHA512

    6106a679ee26c597984419b0a875e2f56809cb6ce5a9433a838a6f195d1d676f3618b1c738a4e31b5878cd78eb78831d628dd6d2e0457ed0af3fae401828bed5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    70dec4c72c3f1663ff12697d2801b425

    SHA1

    89629400e8f8c793b9eadc74bbfa881c59d7ecf4

    SHA256

    43eb089e4c6c7599b9dc342f085fa0deed2a4ff4bc4c4d98879a6ec57713dcd0

    SHA512

    e88cffd50f2fba4725eeaf91781066bf7a0e9a1bb4007b7ab166955a10062f81c3cab26caeeb184f0bc2c98c46c4d72f51bf6877859652b6eed8d831f497e5a7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e64c5825c63b50a6fbb4af53da3668d3

    SHA1

    37ea33e51f0ffdbbc98d2c7df25f00f793e85383

    SHA256

    5846eb6771d6e793f68ed1e07fbfff2d1fe22c5ced154aa90370494ebd11caaf

    SHA512

    bfb02ff661c34036ea2b929f935ad4b0cf56c6bd4e81216aa3294940a27d19bc623d614ddea0183d00f07791393ce8f563d2921a0aacecd0d77c6afa37a09317

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e3dce1c4ed116a6e2902d3f0810690fd

    SHA1

    2515909704bf8b0d7b978c866fabec5be4370e14

    SHA256

    b604a2fd344e2f1ece86d53462c905d352299c8726c0fc2ea3557994d43c0025

    SHA512

    eb6922185aeb3f3a08ed172165c6da008d4112567fa0d830e43e6c8eb0ed3d94091c0875e724ef8542235ea65831d2dc69e1d78c269249dd5daf00729cdc8cf6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6ac67b172819094900aacecc4790f072

    SHA1

    a8e8063e018ea92ab059e6d6ebfaef27c70e6a75

    SHA256

    7e81a49ab652c04552cf6f4288d844cb55501c96417bcb9150859dbd139ebc41

    SHA512

    3133d0857c19d663598249fffc56d2406ad47e0ed60f84f8a0be73fcbe31a21f611a78d9994d6e82ef304fffa533f51e6e0422384e5dcec2103c1d7b8a938e94

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3f6274c23b67bd7130773014989db2c4

    SHA1

    12e2737770669101f4d2938b78b45150dd6fda3d

    SHA256

    7cc063344d6d89547c5bacee56de76ec412a5e6dd8c41b67006fc30e1507fd45

    SHA512

    f2e85515995813842dd20b1da29b505960de224dbab6b79162ee46fb3971b4a1416ef74f6509b32e9a117092cd7375d57fb98c70f44256764f9359b64bc0bbf3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    17ba57da935eb359b7faf9b3bb8188e8

    SHA1

    99abe9ff795ba6f8d1469517a88f0c04610d5c3c

    SHA256

    a88d938e929a804770b34c9eec7a4e624488bedd26f1fbc035dff1cf2565f6d4

    SHA512

    24fec17e0dc9452dcbf0d544413895c65317bfa4697c86499cd88fc38250b8bf90915c874601b7598b47aec3b1d721d6cea2a7c9dffb8657d45f3e50a919f06c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9195bce51a6ad76501604e2e5cbc06a4

    SHA1

    4eb0551171d0e60ba7f99c7e4fb661f6a13d9aee

    SHA256

    1885b671a1e5a81f72e443f3a6bd961f452ba12ae93acb2efc8ba32e72a0b24d

    SHA512

    7e696d482923e34291c771dacc7ade1b318d2a58ade05b279471bfbac9bd93153235c99447827f52a1e7b5bf9203a206ebdf07654e0bbdc797567d4fdd152209

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    41fa26e85e946532cf9f72afa18c3cfc

    SHA1

    f27c082b16803e303545c93adb462cb318f3a232

    SHA256

    9430b389c7c493a55e8f321d14865dd0ace4c7ed7a257b96688b4d913211eadb

    SHA512

    4596762478039166af1fa4503fc5ae267e429e1af27ecb9fa9c7f357866fe29e4d3485738fab6697c95b166ca88b347f505eb1bc206e72ad9a27ff30d960abcd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a58edea3bd1d7416050c66c3aac994b2

    SHA1

    4fafb4fc7143809a6a56c843b1310f7aecb00ccc

    SHA256

    9f2c35668327a97af5e4a4a341b79ebc89cc948e230c71784452304af8490270

    SHA512

    0974150213603e2a5ed510ed373cc0a0d1da59e6edaf3c4aaf668613dbba194e22524a7e9f59438dd3fe2c4d61a75b126d43b2e9433bcf2d583388da0bf14704

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    04a0bc189e73cb8cbeebf961109486b3

    SHA1

    04bea6399c1cd43c38d9890ae47e4341af85ab60

    SHA256

    4b01c1cef03a17a8422ceb82f8d20c0b8e6615d704b1c3715a6cd79405965d09

    SHA512

    99e62955dbdea294d596ca814341f3fcafdfe4222c9a5adce6dabf4c85b73a16ae3e685b41af9db922c68f29442acb70a4fbaef44fb48923885ebc9bdc6783df

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d9a422c6debb3ae6d130361335e81fea

    SHA1

    c51d640a18bbfa343b77080e99591cbb64c45c5e

    SHA256

    f9bd6f5ccb68f46bbe90d8cefed9d07eab4c110a4c6a6c07fbe2519375bf6bf2

    SHA512

    c96ebd6041e9fa62bdcaa0fd84ee690945e0fa41908571252a98908b1f4994d7c94b36fe55aee3187b6a13c03de016373207ac7de10a4c95c8f6aeb4b91f57e2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b6281fb3ec54f3c78d82fe372fcb4a14

    SHA1

    a6c2b6d51da899c9a681e71a72f8ea5383d81039

    SHA256

    bc0a5ad12a7b1e1027aa76b6195dead455f0361b5f088692848a05a777aae08a

    SHA512

    7893f6c8457f37b0f86d414e0f6754960da33872754a0057d40ac5bd50a6df8ba0a935a4436132dce43e1487ccee102f72d3d251e410d5d6776b35a25d091e8a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    990e4f262f087159e4b369b9224e67f6

    SHA1

    a8293a3bee1f2eab65e078b8cf794d78bc0d2de5

    SHA256

    af2c7c01224bf6f54b03284768dab0020f4fb80f6fd0cead7a4af2b280eb7d36

    SHA512

    e6bc61722ff8bef705b91ccbae7eeb036471f0a0f322a91a1802081e7b06165cce3983cb01506c1857049b7764412f77bedb97fb829fcd10c3d60aede6bc6ca3

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab23D8.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar2478.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • C:\Users\Admin\AppData\Roaming\B1Toolbar\hpet.exe
    Filesize

    331KB

    MD5

    a3e93460c26e27a69594dc44eb58e678

    SHA1

    a615a8a12aa4e01c2197f4f0d78605a75979a048

    SHA256

    3a81cefbc928fe136056257b8b57733164f2d1fa9d944dc02897b31b171335c6

    SHA512

    39d17b7190f3ff5b3bc3170c8e21d7bba5c32c0f55bd372af2e848ff1ef1392083218a562f3361fdc2db95e4133a19c4ec1cab3e982174d76b8276358dac6530

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\Y29ML0OG.txt
    Filesize

    71B

    MD5

    b296f33294b65cdb2ba5f4c843d39576

    SHA1

    672d02972906e6ed99ef30e8b474de0d8cf81813

    SHA256

    c90882433bda4386666a12371ca3d46f1e2b643b672f4310bb60e0832d6708f0

    SHA512

    93870b5740a1551abc800f035160d9f2a44b5d7011d658798b3678c8f568c98dd51cbcef666f357931582f37703f91bcfa121cff1af352df5a57a10fb1e7fcec

    Download Submit

  • \Users\Admin\AppData\Local\Temp\crpFB70.exe
    Filesize

    806KB

    MD5

    661cf9c90eb099fb7b6a394dd8cde2e4

    SHA1

    3704e119ea16a3c336f63dc808176a22fbb8582a

    SHA256

    1570e0efe0cb98623913d942cf40f2eb5b10458f49842097125c6d6d8604cd07

    SHA512

    13c26a514c2022a10b42566a527ef98adaaa9932ffd07612ccdeb371888c037be3b429c956ecb7705699a2b6e3463758735332c9e26ea5f4493a91f30dfb4761

    Download Submit