Overview

overview

7

Static

static

3

426a38b30c...18.exe

windows7-x64

7

426a38b30c...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    135s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14/10/2024, 12:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    426a38b30cbb547c991df769968f6fd2_JaffaCakes118.exe

  • Size

    764KB

  • MD5

    426a38b30cbb547c991df769968f6fd2

  • SHA1

    4a56741040380aab2bfb55f2105fafe67c07453a

  • SHA256

    e1e81034e155ef9514a417690679e938c1d9a769eb98dcf5a0b23f2906bb194e

  • SHA512

    cbca61f6bdaf1baf881495b5c5727f4a373e284ecbee3e5dbb5e7575e80bbc1d1d6974a73db08e17df3442b5c579f911d18d116f17c96c09c0b73d54aea549ae

  • SSDEEP

    12288:RRH8Fz1gPq7/91VdeYiNSPsIhH92FX0owz0DzDEJBT5KK0QGCVbw:RN8Fz18qDjVdeJNSnb00owovDmXKKaCy

Score
7/10
adwarediscoverystealer

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Installs/modifies Browser Helper Object 2 TTPs 2 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

    stealeradware
  • Drops file in Program Files directory 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 7 IoCs
    adwarespyware
  • Modifies registry class 45 IoCs
  • Modifies system certificate store 2 TTPs 2 IoCs
    evasionspywaretrojan
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\426a38b30cbb547c991df769968f6fd2_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\426a38b30cbb547c991df769968f6fd2_JaffaCakes118.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3404
    • C:\Users\Admin\AppData\Local\Temp\Update.exe
      C:\Users\Admin\AppData\Local\Temp\Update.exe
      2⤵
      • Executes dropped EXE
      • Installs/modifies Browser Helper Object
      • Drops file in Program Files directory
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Modifies system certificate store
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:4460
      • C:\Windows\SysWOW64\regsvr32.exe
        regsvr32.exe /s "C:\Program Files (x86)\Common Files\system\direct32res.dll"
        3⤵
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        • Modifies registry class
        PID:5100

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\Common Files\system\direct32res.dll
    Filesize

    139KB

    MD5

    6e8d45eb32f10b3e40654c78fa40fbbb

    SHA1

    c838d0885edae5489cf94be9fe6c96bcee328b16

    SHA256

    e4b0e33d971bd1eed706315adeb6983c984367c0b499d122f4ed29c1f01f5884

    SHA512

    1fa99368d41d56a70152ecb4e6028fa0d30ff1f0ae374b374f26dc9d0fb3641d81cf2470cf63c03250f74c38a35e3194b047daa74b8cf828cf619d41bc8bde99

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Update.exe
    Filesize

    171KB

    MD5

    3901545c83c47266a53b939828d037e2

    SHA1

    d29ffc789df0d49431ac8e5647d23d83c9002228

    SHA256

    0f0f99fb834bd6f16d7bab889cde52cc6aa8773cf3fdfb5bd40fbd5681baf052

    SHA512

    10ebd953da20e6dc5c7f057d4cd1706b484977736e66c68374cc89403695be3021093ffb70fdc5d0615f5e7a7478989cefbf1706a05676a8fe5042dc8ae1fbae

    Download Submit