Overview

overview

7

Static

static

3

b4f2fd683d...18.exe

windows7-x64

7

b4f2fd683d...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    93s
  • max time network
    143s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30-11-2024 05:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b4f2fd683d85b9524e40ab859bdfefd5_JaffaCakes118.exe

  • Size

    1.0MB

  • MD5

    b4f2fd683d85b9524e40ab859bdfefd5

  • SHA1

    26a85aefaff63854dafd033d537df05dd4de3491

  • SHA256

    31387352fcff5f4793a49cc817a8d51d9bd06789c1efdca267fb68bc6b383a96

  • SHA512

    ee9b79d2b1269a909ce09d132865ea47d0ce61d77c194c7a9506758144e5d9c7a2e25b789592a108d800a49f12a59811297a278ef7e4c27ebb92c42cff11bd71

  • SSDEEP

    24576:PLimcgTp6Gy8pRyeBu44s76/cxgND387DBKyLYO:PLkgTrtDyZ4446/cxgNELYO

Score
7/10
adwarediscoveryspywarestealer

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops Chrome extension 1 IoCs
  • Installs/modifies Browser Helper Object 2 TTPs 4 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

    stealeradware
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 4 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs
  • System policy modification 1 TTPs 1 IoCs
    evasion

Processes

  • C:\Users\Admin\AppData\Local\Temp\b4f2fd683d85b9524e40ab859bdfefd5_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\b4f2fd683d85b9524e40ab859bdfefd5_JaffaCakes118.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2672
    • C:\Users\Admin\AppData\Local\Temp\00294823\gRb2MeG9ze.exe
      "C:\Users\Admin\AppData\Local\Temp/00294823/gRb2MeG9ze.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops Chrome extension
      • Installs/modifies Browser Helper Object
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Modifies registry class
      • System policy modification
      PID:4692

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\00294823\[email protected]\bootstrap.js
    Filesize

    2KB

    MD5

    1b53c596cfb1aa2209446ff64c17dabd

    SHA1

    2542da14728dcdbe1763f1ee39fe9ceae38ad414

    SHA256

    a7dfea4bf7e1d46a8b8e64ccfb2cf35017e3a5b350eead26d6671254d2b3c46f

    SHA512

    be54481675c38ef6a41697cf8cd3ab5a0b126922b192732a9c587dd8905b74b66c79eb0c849f62bbe8934979a894be63734b0ad59ffae295f5797cbfaa327030

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\00294823\[email protected]\chrome.manifest
    Filesize

    112B

    MD5

    c451d8d6e4163394fd7c4b674f17131f

    SHA1

    1670098c111cb6553f02b96a490dd3c6bafb4aaf

    SHA256

    5b423c87c43577ab6d55570892ddd1ca9224b467ae47d23dad19410178ec7490

    SHA512

    fbffba49d9b03e636a560d3cf93dcd6ad0b0a5942a46f79eab70a6baa16ca366b274d3a15b73fb1197dec7eb63b871497e5686ce05f870695d7bf9a3c2ade3a6

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\00294823\[email protected]\content\bg.js
    Filesize

    9KB

    MD5

    bd68834d48192dad6b828a75316ca76c

    SHA1

    63c959f2e8827c553117571388d7e9048da4cdba

    SHA256

    d7fdb36c3958c63c29bd81db34099e43baeeca767bf0600ef29ad7cfd720b46f

    SHA512

    c37796cd76527a826327fdeadd4605e41426874afd97cc3ceab3a9a1a9b4420496e5d1422e485943d0863172a05fe06d84706b1949f052f06b2a032dfec7b5d7

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\00294823\[email protected]\install.rdf
    Filesize

    621B

    MD5

    9c8457f406cc8569179bf7dd2a3a1319

    SHA1

    b22ebadf03b5d2ebcb9738d35b5c3488c450aa9c

    SHA256

    56f309d0c3a3e12888b4c83da3dbde8fd2416cb13bbbb915079d97278af22f16

    SHA512

    d7b7a33825520e20c7c854e64647f9d31b2571a77d17edd813dc0ed7d1fd50ce566b19be1fa0da08621d26efd191bdcbda3c486e4abc1a016673cf32e2b89610

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\00294823\gRb2MeG9ze.dat
    Filesize

    3KB

    MD5

    3ab2a2b05e57a0acaa1a2687e555d0b1

    SHA1

    6d5fc61a546ee38e8f9a2b4ec9fdbc64f8fd5633

    SHA256

    802338a0a75d1c0d8a2c0feaecf0cc33160c4f2bddc78ca0227286819926776e

    SHA512

    c194918c186524847142da65e9b63d8964581cc2cacd22868cab32c7d4211ce20914b0b31cfd8969ede1266ec6f259a83711922672e59344c9ea889fb516d9a3

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\00294823\gRb2MeG9ze.exe
    Filesize

    334KB

    MD5

    8300c91b40229b42301aebc6d8859907

    SHA1

    0b55e56a6add6b4dd4ceff475a0018a203d02a5a

    SHA256

    f54a6814ac06c70ef5b738eca4855e49039783d96b70ba1ae461bd90877e53b5

    SHA512

    0863750da143e1707513f4a2efe1ad6cf81f5a819c7d5496d1629745afffcf72338aa9de90479d5e0936e848f9b260c434fd369027c56be175814086cafd4d8f

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\00294823\llacpkcebenlhippcnojegogdileodmd\PdeQs7PGU7.js
    Filesize

    5KB

    MD5

    2354a647e42c5d214c0bc9672d8e5331

    SHA1

    903f4a067e3b79798f6a6a78f92845703e7b31f0

    SHA256

    dee51ef4ac3048bee85468deac84d1dccab8d517bfec35aeb2391177f0f98b2d

    SHA512

    a00b7a3579b6198e488056561617ff4d0d17056139cb4d7fd01c42fdc98a5358a102dd3e015cff8e284a1554c2e6517179b8bfc7fb84d59de7a84b421d8980dc

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\00294823\llacpkcebenlhippcnojegogdileodmd\background.html
    Filesize

    147B

    MD5

    6e8185e00b35cc55a72176e15466eee3

    SHA1

    7bc83ce3db3edbf674df9e3f638c7ac3950c6efc

    SHA256

    f0f6dcb0949d9b471fb7ab8cec2113072343134d97a690186d3d5d58de9e0445

    SHA512

    825189193d18d68e755fde99ce3d265ca05efb086631f8c8b321bf6a9d31f4ab300126ec045bf2e40315f3e508fb6ea6b457bc8d28c5f2f942a5d2dc6d5bbd3b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\00294823\llacpkcebenlhippcnojegogdileodmd\content.js
    Filesize

    197B

    MD5

    5f9891607f65f433b0690bae7088b2c1

    SHA1

    b4edb7579dca34dcd00bca5d2c13cbc5c8fac0de

    SHA256

    fb01e87250ac9985ed08d97f2f99937a52998ea9faebdc88e4071d6517e1ea6b

    SHA512

    76018b39e4b62ff9ea92709d12b0255f33e8402dfc649ed403382eebc22fb37c347c403534a7792e6b5de0ed0a5d97a09b69f0ffc39031cb0d4c7d79e9440c7c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\00294823\llacpkcebenlhippcnojegogdileodmd\lsdb.js
    Filesize

    559B

    MD5

    209b7ae0b6d8c3f9687c979d03b08089

    SHA1

    6449f8bff917115eef4e7488fae61942a869200f

    SHA256

    e3cf0049af8b9f6cb4f0223ccb8438f4b0c75863684c944450015868a0c45704

    SHA512

    1b38d5509283ef25de550b43ef2535dee1a13eff12ad5093f513165a47eec631bcc993242e2ce640f36c61974431ae2555bd6e2a97aba91eb689b7cd4bf25a25

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\00294823\llacpkcebenlhippcnojegogdileodmd\manifest.json
    Filesize

    512B

    MD5

    5b95ed576de0e467e84f11a59a0823f6

    SHA1

    a2e072478e6a44a43b3886a3221b9d6b49de42ac

    SHA256

    6cc972d8b838445d64fcb146413fe1e620bfe0dc46766856370a94c0f7612bd7

    SHA512

    9e2f6c6576b492a1ec0e2d008c025deca956252f25b9c56cad2e97a8aca3e631040c8ff5501127641ea7c3b1b1f5df647b96e0d3b11babcbd19ef68f3c5471bb

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\00294823\llacpkcebenlhippcnojegogdileodmd\sqlite.js
    Filesize

    1KB

    MD5

    e2bd1a74639aaf91fa36db0d0055b3e5

    SHA1

    8214ed8877c29e1b1f80dd5aca3f69c43ffe9ad7

    SHA256

    6efcc625382a4f6ee009df3762acc5f30f8b84e08fa010ab5f2cf5525a21739f

    SHA512

    5a215cae85f1051b9380ac843947c733dae3d3887f48773170d92302d5c9fed374d78aeb5519dc9c65c8f98773c90937f5ddb7c68d500d81084c101e919818bd

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\00294823\m4ZHIFG_p.dll
    Filesize

    258KB

    MD5

    e1d10cccd5dde588af8ee2cb7309523c

    SHA1

    0b9e805077320b0ce1e6620488bd34f1c4d7827e

    SHA256

    9900e517bfd4b39bd7af4bb360af52f6c95ef9b3e7ef36d2633485c58bef9a1a

    SHA512

    a929eaae12f5cb28e224fc31298af2808f995c5a06bc6f47d95879703dbb9369e2e35b4e50a452e91741e6a949336220348dbb3c389c46ea2e0ca41f592dcaa0

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\00294823\m4ZHIFG_p.tlb
    Filesize

    2KB

    MD5

    9156db5f76d48049dbc41fd1b58b3f34

    SHA1

    5eb1df59f9b5b06ab00137fc9e6451e323d3102c

    SHA256

    66fab808188a98ba49d99b723a181aa6626197d50bd2d5e15e076dcbc6fbb2cc

    SHA512

    742a77e71c34632146e16acadb6b381694072c7f4c2dea1df1dfc645ed42673ba153c832d167474dc41f9b608142a8c41b4aecda1efdab90d87d4f5c718bf149

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\00294823\m4ZHIFG_p.x64.dll
    Filesize

    319KB

    MD5

    4f5c722b8686afbea6f09c53171d44ca

    SHA1

    184c60aafbb12d1023b1ce2aff4d3708607a75a1

    SHA256

    870c280ea861313edda0bd3950dc738ea68d006f315888d66023b54e5f98f0ea

    SHA512

    e471a86079a16d129ea0c01878af77d1aa132e629832d3f0f3d1f8a3dd250ed41c8d2f37403a10c8061fff07c07dda926ba7ffcc417c6e0100005a0f2721417a

    Download Submit