Overview

overview

10

Static

static

10

01d06f85fc...18.exe

windows7-x64

7

01d06f85fc...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    148s
  • max time network
    146s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22-06-2024 11:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    01d06f85fce63444c3563fe3bd20c004_JaffaCakes118.exe

  • Size

    100KB

  • MD5

    01d06f85fce63444c3563fe3bd20c004

  • SHA1

    c4192f0994d5b9a5efd18e9a697dcf78cc092c0d

  • SHA256

    bd11592557d2dba4e2cc5cdfdbc61cba64735ae01050db58557e2281389512a0

  • SHA512

    0846b6e70c32fa21bae9f8eb05cd4d1dadb8f806baafeb27a19ea2ce44ec2d3cc3184925628ca4132a2e83e6c5f914db72c84cf71fbf448997d84bc69a553e1a

  • SSDEEP

    1536:ugResSzjBEY7AmycmyTOOiq7NPsS5A9M3jj+kEPDKgf:t3S/CY7GQT9iqx0XYg7/

Score
7/10

Malware Config

Signatures

  • Drops startup file 4 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 44 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious use of FindShellTrayWindow 7 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 20 IoCs
  • Suspicious use of WriteProcessMemory 35 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\01d06f85fce63444c3563fe3bd20c004_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\01d06f85fce63444c3563fe3bd20c004_JaffaCakes118.exe"
    1⤵
    • Drops startup file
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:928
    • C:\Users\Admin\AppData\Roaming\Adobe\netmgr.exe
      "C:\Users\Admin\AppData\Roaming\Adobe\netmgr.exe"
      2⤵
      • Drops startup file
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of WriteProcessMemory
      PID:2892
      • C:\Program Files (x86)\Internet Explorer\iexplore.exe
        -nohome
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:2416
        • C:\Program Files\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:3756
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3756 CREDAT:17410 /prefetch:2
            5⤵
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:2668
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3756 CREDAT:17414 /prefetch:2
            5⤵
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:3700
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3756 CREDAT:17420 /prefetch:2
            5⤵
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:4888
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3756 CREDAT:17426 /prefetch:2
            5⤵
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:864
      • C:\Program Files (x86)\Internet Explorer\iexplore.exe
        -nohome12.ini
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:4284
        • C:\Program Files\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
          4⤵
          • Modifies Internet Explorer settings
          PID:2200
      • C:\Program Files (x86)\Internet Explorer\iexplore.exe
        -nohome12.ini
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:1276
        • C:\Program Files\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
          4⤵
          • Modifies Internet Explorer settings
          PID:1828
      • C:\Program Files (x86)\Internet Explorer\iexplore.exe
        -nohome12.ini
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:1916
        • C:\Program Files\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
          4⤵
          • Modifies Internet Explorer settings
          PID:2388

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\VersionManager\verBD06.tmp
    Filesize

    15KB

    MD5

    1a545d0052b581fbb2ab4c52133846bc

    SHA1

    62f3266a9b9925cd6d98658b92adec673cbe3dd3

    SHA256

    557472aeaebf4c1c800b9df14c190f66d62cbabb011300dbedde2dcddd27a6c1

    SHA512

    bd326d111589d87cd6d019378ec725ac9ac7ad4c36f22453941f7d52f90b747ede4783a83dfff6cae1b3bb46690ad49cffa77f2afda019b22863ac485b406e8d

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\GU2A83AM\suggestions[1].en-US
    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    Download Submit
  • C:\Users\Admin\AppData\Roaming\Adobe\netmgr.dll
    Filesize

    51KB

    MD5

    ffd43ae9ebb59c9fd3b5a2b52addaed7

    SHA1

    b274ba1e9e386ecd129bc4957f1bc5d73056e0a2

    SHA256

    c2c601b8a7d8511853a9e5a09bf78af1ea2fe481529e216ca9c42bc2ecbbe3a9

    SHA512

    2f87022ee56ba03e06e271aacde55933e9f4cc83b314c5817a8391a5b15b23230d5baf674eeac792933f9bd5c2d6ea495a74edc581df76d3e7a9b0d506636271

    Download Submit
  • C:\Users\Admin\AppData\Roaming\Adobe\netmgr.exe
    Filesize

    20KB

    MD5

    2dc139d82a2a5bf027bcb6a40f75b3f4

    SHA1

    53549df8a3a3115e316c5c34a79ceb8ca1b61b5b

    SHA256

    eff3444317ceca3b4642ee4ad3ed947f7bb17e35976465fad686ddd52cfe8cc5

    SHA512

    780d8c107ec2eca2f08759c01b2dc2308f92c3d466eac46132dc8e279b0e770b4fdfd7f6dc672c2512bff9d334e3357176e82b5aadf5f16e84b724c19876a7da

    Download Submit
  • C:\Users\Admin\AppData\Roaming\Adobe\perf2012.ini
    Filesize

    150B

    MD5

    a6a97e5d6dc6a5306e269c267f68edce

    SHA1

    7217d9a9386fad675bf7d966e0b37c535f86488a

    SHA256

    550d806901c92b91ea78cee49ee11f21a51c6065019ed2095c673ab6bce78cbd

    SHA512

    2210fd122f8bab59c5ea6aa8ac22874d758f5c5a40ae4a8d374a5da6b20d56f9e035e83ad9c0859b5051eaf73baa43f581141b41b1ca57ae47ffe69b71eccda1

    Download Submit
  • \??\PIPE\srvsvc
    MD5

    d41d8cd98f00b204e9800998ecf8427e

    SHA1

    da39a3ee5e6b4b0d3255bfef95601890afd80709

    SHA256

    e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

    SHA512

    cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

    Download Submit