Overview

overview

7

Static

static

3

4257973cc7...18.exe

windows7-x64

7

4257973cc7...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    144s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    14-10-2024 12:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4257973cc7c45876cf04e8b4cc8164f8_JaffaCakes118.exe

  • Size

    2.3MB

  • MD5

    4257973cc7c45876cf04e8b4cc8164f8

  • SHA1

    590f584afd3c6157f6d3e8330322bddb3fa929c3

  • SHA256

    ed36b3855ab7486128ff5dc60c2910851194b52dc5ea0bfceaa6166bba8e7a75

  • SHA512

    03c9af6a3b538c6fa01a6393ef779f81aa3cf249f6b7457604479e9a7f70a33cb5761008bf303c1ee875cb2cccf4446523a7313e6a5b87df1dad4d9d899c320b

  • SSDEEP

    49152:Q/vv5B9qm6C31fkNZ8EPAGCcI18q+TBeUq0ebA5rOYiZn4:QnvVR3JkLhYc08XdfebSivZn4

Score
7/10
adwarediscoverypersistenceprivilege_escalationstealer

Malware Config

Signatures

  • Event Triggered Execution: Component Object Model Hijacking 1 TTPs

    Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    persistenceprivilege_escalation
  • Executes dropped EXE 4 IoCs
  • Loads dropped DLL 10 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Installs/modifies Browser Helper Object 2 TTPs 6 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

    stealeradware
  • Drops file in Program Files directory 26 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 6 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 61 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Modifies system certificate store 2 TTPs 4 IoCs
    evasionspywaretrojan
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 33 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4257973cc7c45876cf04e8b4cc8164f8_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\4257973cc7c45876cf04e8b4cc8164f8_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:584
    • C:\Users\Admin\AppData\Local\Temp\is-AK618.tmp\4257973cc7c45876cf04e8b4cc8164f8_JaffaCakes118.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-AK618.tmp\4257973cc7c45876cf04e8b4cc8164f8_JaffaCakes118.tmp" /SL5="$40112,1738955,70144,C:\Users\Admin\AppData\Local\Temp\4257973cc7c45876cf04e8b4cc8164f8_JaffaCakes118.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops file in Program Files directory
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of WriteProcessMemory
      PID:2336
      • C:\Program Files (x86)\Inbox Toolbar\Inbox.exe
        "C:\Program Files (x86)\Inbox Toolbar\Inbox.exe" /regserver
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Modifies registry class
        PID:2988
      • C:\Program Files (x86)\Inbox Toolbar\Inbox.exe
        "C:\Program Files (x86)\Inbox Toolbar\Inbox.exe" /install
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Adds Run key to start application
        • Drops file in Program Files directory
        • System Location Discovery: System Language Discovery
        PID:2080
      • C:\Windows\SysWOW64\regsvr32.exe
        "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Inbox Toolbar\Inbox.dll"
        3⤵
        • Loads dropped DLL
        • Installs/modifies Browser Helper Object
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Modifies registry class
        PID:328
      • C:\Windows\system32\regsvr32.exe
        "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Inbox Toolbar\Inbox64.dll"
        3⤵
        • Loads dropped DLL
        • Installs/modifies Browser Helper Object
        • Modifies Internet Explorer settings
        • Modifies registry class
        PID:840
      • C:\Program Files (x86)\Inbox Toolbar\Inbox.exe
        "C:\Program Files (x86)\Inbox Toolbar\Inbox.exe" /afterinstall
        3⤵
        • Executes dropped EXE
        • Drops file in Program Files directory
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Modifies system certificate store
        PID:2276

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\Inbox Toolbar\Buttons\news_newser_panel.xml
    Filesize

    4KB

    MD5

    20d15d2e884398c73fdeaf95274360ce

    SHA1

    b6d38be8a680c8aa11143e4ba1a02beff3ba68de

    SHA256

    f83d863d362f83f763929837d46aaf13fcf29d77cc648a6a970b0f8fdc57500a

    SHA512

    329b79936d5c03e56012f0478c2060efc83bf26d283cb9f871b4627b8064ce420bccd75c3917c99d9441baf7e12ea1c5172c1ad530c904cd281324ae2236450d

    Download Submit

  • C:\Program Files (x86)\Inbox Toolbar\Buttons\news_newspapers_gb.xml
    Filesize

    5KB

    MD5

    293f59fac1d1e894e5e0900733f9ff04

    SHA1

    bc81022fc0e04e64ec7676b41d4d2d5a915d4672

    SHA256

    7a805dbc92c5bdc199a6e2d863d39eb50efd398af79efa4c6f7a8135c6c70a0a

    SHA512

    db19d7c80de0cbf2e311956e254e06b17e313183df039cf4e69383ff853a5babcafa8cf44cb5eee818654f8a37cb7f79f32a8bb83524be0877d1baed697bda4a

    Download Submit

  • C:\Program Files (x86)\Inbox Toolbar\Buttons\news_rss_gb.xml
    Filesize

    4KB

    MD5

    8244b5376ed96bcdf123c4436cc7bdb1

    SHA1

    4e61e9f18baa915afe8c5c927e8338c3628d144c

    SHA256

    5f42bd140b8b0197bf738da16b5f092a73cebaffeda04c1988581adc74283abb

    SHA512

    651118edb94eee302944a3ae4fdb1949453896d4bd3751c4822da8e2c2785fff22d6ea59c63e860f4209dcf35d94845a3d12d01b03e7e341bf0b15da78cb7905

    Download Submit

  • C:\Program Files (x86)\Inbox Toolbar\Buttons\news_search.xml
    Filesize

    4KB

    MD5

    bdb2ac871a1b7841a6d55d6aacfd34e8

    SHA1

    a8ea30fd72451fd1bf589a1d742559cb66e45fda

    SHA256

    72ebfa533c7ed0fa951341492d69a343450147254ebca25ffa0335cb3e6fcb71

    SHA512

    040a6dbf1bfeabf8c2db9fbe7d2e76d1c1a9b367b8cd50ba09edc8c618034a83b8b4ef8f5a58778f02f9114c8001103926bb9415556a54576ea6a1726570e84b

    Download Submit

  • C:\Program Files (x86)\Inbox Toolbar\Buttons\news_tvnews_gb.xml
    Filesize

    5KB

    MD5

    8a6f93869eecabdae7213d4dd7ac85d8

    SHA1

    2bf838a898e234b598253b80f97ea38d47941059

    SHA256

    c08fc50976f9b779ea955f15f8b878d74cce1d0514935aa3189c9940db05fb90

    SHA512

    379efc30f379a8e6e58a370b026d2736795fcd67e8f12b8a2ca1e9c276ded73bf4585958e3abb6223be8c6fad74e9cfb09de427dc0494f38a31b9e704e14cb52

    Download Submit

  • C:\Program Files (x86)\Inbox Toolbar\Buttons\news_weather_plugin.xml
    Filesize

    4KB

    MD5

    ca2c270c4ec6e4704336b4cd48273701

    SHA1

    cf7ad0b7f3607cf279883dff44615dcdd76c3917

    SHA256

    527ae189196a5d4fb23e31f1425860a50a443880c832eab6595820e062ae30a3

    SHA512

    913c521f99b2cdb7a9af5c3b48f41773b1225797af15e1279df975ff9279b9f23f8a71694afa3768f2b5dbeba29fe64b3810b2d11199fc7a3b92849650aa380c

    Download Submit

  • C:\Program Files (x86)\Inbox Toolbar\Buttons\red_green.xml
    Filesize

    53KB

    MD5

    6dab2e4b1c8a80abf484f8c6f0025e4c

    SHA1

    39b5ee7d2663c6bd0bd5fd67b1f0f77c84f71804

    SHA256

    821610b71456ce7b4f8133e85430929402bbc171f2df4b21f14679fd90f6588e

    SHA512

    70128c3d436c565e8559d44bf4110b92cfe080c94616e914c6c6f457fe6e44ecc7844331ac4549138ce4316a7c37faa892eafabb14f41fef1c3558c11d8c55e2

    Download Submit

  • C:\Program Files (x86)\Inbox Toolbar\Inbox.dll
    Filesize

    1.0MB

    MD5

    86a31966bf0fd274595b05fe9221f843

    SHA1

    29cf7233b1c7c0a84469ab9d9e35113165500d9b

    SHA256

    b4efe370bcc1066d91206deab2bd58371fae93af5f17996be8ffc18a43945cd2

    SHA512

    dbc0c48974421f4b78967a2ffea108123dbf804ff079c969e25cc13a12b28d27d18ca71dd061da880c359b11b7b09c107a8f320330703cb8fd1c7cfc7ad7ef9d

    Download Submit

  • C:\Program Files (x86)\Inbox Toolbar\Inbox.ini
    Filesize

    2KB

    MD5

    b81deda927c04da1559f5a2af297bc9c

    SHA1

    692cf50d87e330a5a056012d5dd551342280eaf8

    SHA256

    859fb8cd52cdbbf069291a0e3f2e0638430acd609ad314d06b72fd544129e79d

    SHA512

    f4fe880aa87312264118198ecbe4cfc0b75091099cd82bff64f960196916fdc9d908a75c1f2d7784d8dddb4a041bb7ffe01ebc87ee7e0436090b296de3f6f709

    Download Submit

  • C:\Program Files (x86)\Inbox Toolbar\Inbox.ini
    Filesize

    2KB

    MD5

    517235fb04de12218e3bc6ae53721d19

    SHA1

    cc3b52827e2e2f28523fbf9dc777744e9798dd63

    SHA256

    1b05b12b4b7cf5e290cc62f4ad9d715c94c1fab82021c6a759b9ff82eebbc676

    SHA512

    e9f048fd150ae5d3d7c2b1a65c1826f0d8a8a331bfc97011a3d688bf115f23baa6f6605de9fce66eccd85b68c78594a028ca1d255f7437de674027374bef3a54

    Download Submit

  • C:\Program Files (x86)\Inbox Toolbar\Inbox64.dll
    Filesize

    1.5MB

    MD5

    1a7df8b41680d7998a322727653c83c9

    SHA1

    e521cd19e03e5abc9e06af305719fe909ef6e2ad

    SHA256

    c4a6a1bd3175dd00d4d89f33a7a39bf6db731b8c653de5cb9fa05321e6e5127e

    SHA512

    3d3610876074ab8b1ebc046789f0f7bb2c567bf2bb57380c40366fed3d79b834c898a7139a7a3d355c15917a6b3d32dd0cf0c60caff586ec9c22c48f89b4ee2a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Inbox Toolbar\config.ini
    Filesize

    28B

    MD5

    4cbb2d42272915fdd5f76a98a75caf87

    SHA1

    9b1340f72de55a9d7839a9cc59e405d4373027da

    SHA256

    48e7fe515ee79b9bc2fb39c8c32d8604877cb77d2909d0bb6e7db8a4b81a6230

    SHA512

    e91bf0e5f69f5ff56c8cf1b8487f3ca9eae97aadcba54998d2543c11068e393e415511bd7c16cc259053a68d40460b240633cee0b8ce6ee3f3f4075758dfed2a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Inbox Toolbar\translate.ini
    Filesize

    89KB

    MD5

    6b72fbdc939dffb3c9d268d521459f91

    SHA1

    948023c34ddd35bab4b83d80cabf6b7fb06eb5f2

    SHA256

    9b1c3b8a08541289d360526f37a4647a59fa40f474d2288ea6a5c3a947364fff

    SHA512

    f8948e0cc24361f361886a4f9467b8316ed093e0def78df860ed221e345a69a8cae785f57d08cfd3ac54741ea9dbde97f035eb88aa8d35b5529c32cf50b1d8e3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{C04B7D22-5AEC-4561-8F49-27F6269208F6}.ico
    Filesize

    1KB

    MD5

    34f4618666b7e80e687b25b82a7da5e2

    SHA1

    ab543a8992b71891139d608d77403a59bfabd501

    SHA256

    fa975f7a7a854a7730b1c92d1567706dce2eab80d78cf131eb1cec40e88cb7e3

    SHA512

    b7e4eeccdd9d84d9a352e9490f19d08c06c54554ac52e3ba9aa1a81de2181a6a185387a323122021303afe32da21ceb3f1f6aa3524c45a6c8d9abac4144237eb

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabD3C.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar105B.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\is-7NMVQ.tmp\RI_AfterDot.bmp
    Filesize

    84B

    MD5

    7ccd5a0af4da51cf4962f184fcf9456a

    SHA1

    de37f4521fa7fee49b37898f4136728e8971ee0f

    SHA256

    8f2374b30622dfae1fd0b9706520de34c5e1597c1531fddbff65bc0201132ac7

    SHA512

    d7c4fbc6a4413dc457400fa2e026dea5d639a5b413164cc6939284c46bb46b6ae8ff10184ba2da4f32ace89646b026400db2a49dd9894d71e88d003a91c8267a

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\is-7NMVQ.tmp\setupcfg.ini
    Filesize

    44B

    MD5

    39adf9e4379e462c4047945efdc0b5cd

    SHA1

    bcc32902fd2b3599ff3a4c2fcf0ff6b21d2e3c72

    SHA256

    7812234560b6844a1236530aec8239bb761bfee1bfd81fca3d860da23e79222a

    SHA512

    2d1345b39d52de2e717ba27abced7c40c9b5520250a5151dffd7b4be61e53fb7556f5b4a225e6122397042eb2897860425a41848a0c494d61103c5fcd245f9e6

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\is-7NMVQ.tmp\tbr_dots.bmp
    Filesize

    164B

    MD5

    adc799ec79eeaef366ea4dddf099c3ae

    SHA1

    556c915615a34a2499604b7b732ab304b20fdd4e

    SHA256

    7e7f18c73560f9c020abe1ab1f22705083281e2ea16ab0030fc927901b5b5d1e

    SHA512

    76962a17cc26d3f9886828be4e43373ac530165e1c627272ed7c0bc731133e97608e55d2e31f44592aad0d0974352155f41a0718aa0666ec128406b1050c1d6c

    Download Submit

  • \Program Files (x86)\Inbox Toolbar\Inbox.exe
    Filesize

    1.3MB

    MD5

    c438e168e66b77ead302b933149ad4bf

    SHA1

    5788999969d0da6cd4589f2651981d750923dfd1

    SHA256

    738e45013c262f87a0d2e24968977bc6bdbf465764371b7779753b4f883416b2

    SHA512

    f762b02b6aabf69932ccdf207fa8c964ad7506bfad3e5134a51cd09d56dc31058f2377a602c93624f51bf4169e1b775bda27d253d2fe32de575bc223a2c3e50e

    Download Submit

  • \Users\Admin\AppData\Local\Temp\is-7NMVQ.tmp\DownLib.dll
    Filesize

    183KB

    MD5

    db25dfdd4c1f2b65c68a230881072695

    SHA1

    94cd6a3438041f0e61b0a1bea7b66461854efe69

    SHA256

    1b66aaf1e7e3c493dd96af3b7442ea60072f6e93ba45281eacd31a14ca7e7e73

    SHA512

    db69e4ab2218856e5184d9094e7e39705b83e3efdc15225067205c8faf6e5836145364f1d509192defa3b48864e72b9f8c0f2dc53a7adb2b86c655318b7afc2c

    Download Submit

  • \Users\Admin\AppData\Local\Temp\is-7NMVQ.tmp\_isetup\_shfoldr.dll
    Filesize

    22KB

    MD5

    92dc6ef532fbb4a5c3201469a5b5eb63

    SHA1

    3e89ff837147c16b4e41c30d6c796374e0b8e62c

    SHA256

    9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87

    SHA512

    9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3

    Download Submit

  • \Users\Admin\AppData\Local\Temp\is-AK618.tmp\4257973cc7c45876cf04e8b4cc8164f8_JaffaCakes118.tmp
    Filesize

    1.2MB

    MD5

    e7106fbf42fbc6d5b08a18ada4f781b4

    SHA1

    36d4a629f79d772c0b0df8bd2ae2ea09108d239d

    SHA256

    64e1f1fa7d91920b17bc7bc679a4cd8d87ff5b104318b6921bb6bf6a19055635

    SHA512

    adf876296a952aadeb4f25211c0939bf5a278809b5d3007ad7e26c5d4975e7684d242c1b3de796efd474a47cb7ecdb80f9047935924a1108bf0e4d7c973d1845

    Download Submit

  • memory/328-231-0x0000000002340000-0x000000000244B000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/584-2-0x0000000000401000-0x000000000040D000-memory.dmp

    Filesize

    48KB

    Download

  • memory/584-226-0x0000000000400000-0x0000000000418000-memory.dmp

    Filesize

    96KB

    Download

  • memory/584-0-0x0000000000400000-0x0000000000418000-memory.dmp

    Filesize

    96KB

    Download

  • memory/840-234-0x0000000001ED0000-0x0000000002061000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2080-235-0x0000000000400000-0x000000000055A000-memory.dmp

    Filesize

    1.4MB

    Download

  • memory/2276-355-0x0000000000400000-0x000000000055A000-memory.dmp

    Filesize

    1.4MB

    Download

  • memory/2336-228-0x0000000000620000-0x0000000000657000-memory.dmp

    Filesize

    220KB

    Download

  • memory/2336-22-0x0000000000620000-0x0000000000657000-memory.dmp

    Filesize

    220KB

    Download

  • memory/2336-9-0x0000000000400000-0x0000000000536000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/2336-238-0x0000000004810000-0x000000000491B000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/2336-227-0x0000000000400000-0x0000000000536000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/2336-352-0x0000000000400000-0x0000000000536000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/2336-354-0x0000000004810000-0x000000000491B000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/2336-379-0x0000000004810000-0x000000000491B000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/2988-195-0x0000000000400000-0x000000000055A000-memory.dmp

    Filesize

    1.4MB

    Download