Analysis

  • max time kernel
    150s
  • max time network
    153s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    03/04/2024, 18:55

General

  • Target

    a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe

  • Size

    456KB

  • MD5

    a3f438a8e89dab04e2649de7e6e9ffa1

  • SHA1

    2b61bd13401594fe946cb52d0054ab5e1754a119

  • SHA256

    a3aebdb374066a1250ef73bcde03e449e542f278d7d1d0f6c6b3b056619f2774

  • SHA512

    98e5186cb17e86b637d305c2e347f59613ddafd86cf5fc1852eec793b432025e7c615014029605c9e697baba24b0d099d40ce0390c4008c3e2c0a69040bdc369

  • SSDEEP

    6144:ppMM8EV1kmffCpJipAQeNai17Y56rKbDJDODuLn2WvDUyX8rp/mRTCF:URmfaXiGQeN/7YkrOdii72mI

Malware Config

Signatures

  • Contacts a large (965) amount of remote hosts 1 TTPs

    This may indicate a network scan to discover remotely running services.

  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • Adds Run key to start application 2 TTPs 1 IoCs
  • Drops file in System32 directory 64 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 64 IoCs
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:2000
    • C:\Program Files\Internet Explorer\IEXPLORE.exe
      "C:\Program Files\Internet Explorer\IEXPLORE" 212.33.237.86/images/1/report.php
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2168
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2168 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:3016

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\ose.exe

          Filesize

          602KB

          MD5

          340fb17a66fc74230e3c88438bb0cd68

          SHA1

          1ca86e8c95a8da91d422f51bddf6dc868d71fffc

          SHA256

          893ab96a06242049bdf42a6d60316bac256f96e63db3504ddd6f6091bd748b27

          SHA512

          6199666dee3754115ad6fa2050d65afb7885a890e9e76dd99dadf061779a0870488f0c8d314217c9a04b8737c3578294bc2d467e1051a931c599dfd9588d01ce

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

          Filesize

          68KB

          MD5

          29f65ba8e88c063813cc50a4ea544e93

          SHA1

          05a7040d5c127e68c25d81cc51271ffb8bef3568

          SHA256

          1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

          SHA512

          e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          3f012f8ebd0852b07ac73e4aec58229c

          SHA1

          e7246a951bac39e75cffe0fa3af2e9f7a566e030

          SHA256

          c6427d5eff8324f01f3a2c11f32d35c63e03a24541473a6eb3daa998f7b3f09b

          SHA512

          33b30b09947565c2f05124db9b33d61584c0fa20c9317ed1298a3e47ffc20ff5d0279414e158a8334845089697e17081707e77864534822654cff108d1516e7a

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          f7e3af80835b15692a28f6f93aaefda3

          SHA1

          50204908184a3d626d74325b40e817e1bef7d3e6

          SHA256

          4a6cd8258344a953413ec3ad31a92a6676e39e99fe6087bbf66850b1792b2a9c

          SHA512

          e6188119f6212b9d03e00e1c20a9d2dc3bc10161770e1686c7c323619356fe8afaa790b5c2eaac4e5a79a6b046646a8ee55214bf488dc2b7bb0b1468acd804a1

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          a44ebe2399c09ee07799c25eedef4187

          SHA1

          97f7c83dd519f27df53737c66ac3f20522877463

          SHA256

          63d8dfd9e59c68fba0aa8b315583922af117a40b880dfdbea4c8b748a9511008

          SHA512

          cb5bce4e7ff08b908e9da35c1854edee0632c19699773986f7ffa53665aabfbce77b44892ebe5ea6015c2c6fcc66bd5593a12416c64c57b813abbb2df957d18e

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          fe7ee77cb15f8232accda5f1b32a43b1

          SHA1

          cf5d31e149fef087e57bda39efe09510ed2ae852

          SHA256

          46aadae883b31df11fd9be3bd4189420b62c446c1ad1464d38e5f313ae8616e9

          SHA512

          a5e98c5b25b184d0d21c91be8b3d26c47536a7dac00641a6d1adc8483cb1607c71c2379aadde7f62f6f14e2cf7746126c10a9c5f2ab42de3d3ab9ca8b24d8282

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          fabcade13b571e9e8f733945bee19096

          SHA1

          3c7e48c095a331b0949be7a20ad0934973d0ad45

          SHA256

          018b00419284a710aabc955f6acf419b16fb3bc2882d6b62c953f44a680b0c50

          SHA512

          0dd458df6939ec0374550c5f9f26ea84dce7df3691366337330b45d490a27446255fe0909fc72cc5d61919ba13a575a48e70937636648c22821d87686f3760df

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          094c7c40ecba7e2f9a1cf3664b4d4739

          SHA1

          517c56f569a3e9350c7430098160d043b71b01bd

          SHA256

          052e8bf93544df3500118eb84d539fdf2bf43c75edc3144ef94859477d13fdb1

          SHA512

          7516fd6e664318badf18c74e148eadc71a18c6ee3d9b0c584b8098d4e7d54f4efb00cf57799948e742107637ed690d8785a078f6d0775a3f5b7be700cd8480d7

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          98ea71280b54c33825d78ac6c7771068

          SHA1

          1325dff08519d0021aa0df3cd27bda9a9fe2d352

          SHA256

          6d46ee992fdeebe7f899791a7f738ea8ea9aeb0e52fd285e0aad2d26293f6f78

          SHA512

          531c0717eaf77aa07a64f5d7b2b2255b9aab5ec6fa4d117c72d255c7fb23a173247f96380e3d0e5aa6dedfbe9d35249f360bd49c6c94cacf8f26d4dfea892524

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          300c1e5d352ca261798f9673d9fdbf64

          SHA1

          ce4ec48415c7e6df6f5d604c30aff1a7ceae97c3

          SHA256

          d682e035c6c3a658c78b337a56573c753bae83e9fd2438ac011bfc0126070ed0

          SHA512

          99fec3b930a84b6e9ca4271463ea744c296c08296d6f02d4b43d11672e28c4d45b6574460e77881b57475cab9449bbd5a86f1908fe56fb0529af41d25c404303

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          8002d77b0e39b6afb4481306f236e40d

          SHA1

          343e0266fc34226ae98d67e97850aa9e165a5524

          SHA256

          1d003a3eaf655c33317495fbe12034d601aa63c3a7427e0289ac8c55fbdbcd3b

          SHA512

          e7989618cefa377431a90bca45f80d762bbf13a882af160a4f1cf2545590356342dfeeb0bde2e48def0844216d3132eb098cfed30eb91abc16869a1d3ee9bac8

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          9ff2d303bcd44137cdfd94d3e4070c3c

          SHA1

          12e31162dcfe2fde0da5daa014517b5a3bf8e2a2

          SHA256

          b1c90425ae709367cec6979c8a55b63d6d89029f6e54a252f5e846c8f6c1f649

          SHA512

          b7e4a4ee262911ba0f8f89ab2eb22fa60c8764d1d9a1d63e87a13a9faa3a3b3bfafea6eba386d7dfa8e01a0f60f6545f1d1eed9652bc10a0812ca4805394519d

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          b1a2e3b53dfe3b01e8b0be2ae330a760

          SHA1

          d49b225793e4ee80f736fc43e2738606b5f797e5

          SHA256

          a0f1626f1c7bb80b0781bf9ed83b531c1f319d3ae3cbc28a998376af74f3745d

          SHA512

          45171cce11ee679c4b7ba4ac458d5df34aab614bc8d03cf6357f371333d268bcad28dadf31e3bae712b8d7840444ff11d9db0c075e0ee1df63d957b48dfbd1c9

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          720ae9c657c785243f7391528e60574e

          SHA1

          d2ddde44c726d8235a13a1f607537991ac96cf51

          SHA256

          30de53b2556ff1c06a5f883a608c789963b2198783fc552088e1b2c7bb138b74

          SHA512

          a6142fcb1dfa47e1953d218516f9e0cc15ceff228647d1b9b2844dde6fcb601b52ff04350f251c5cb6679336fc963c42842eba08ddd6b96342bad14098742612

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          b6dc1002b210849b4fb057c755dddeae

          SHA1

          6f838d082337850ee7a533e6e1040425d4cf2801

          SHA256

          cc2c20289cf4963bf32bcc020d95aadfdeb39e67e891763c2fabffec12f9763d

          SHA512

          354fa302092085d4734708fff99a89ae573a491beaf4b35fafb47cf69ce56011b1e530cb117f3d6981e8463d166aa6f919b0d03b2872ce39741e2106740be332

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          859178c80d99f9dded579a7c368215a7

          SHA1

          403478a5e5d55e739f30a34494e0cd6656aaeefd

          SHA256

          ba0d37e4b1488b856d416f3d4fb6ef623277b823f452d440b30bc10827ea8fd3

          SHA512

          ac0096311bbe4f4ca4fd22c52d16f4e9ffd88e1234311e79d6853867243519b567a319e11c75b462283ddef66ba5ae7e8c426dc90ea59ecc9bede273d0713f51

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          5d73f0e34b79df6a334326efa0b6f59c

          SHA1

          1a97730da09b21d27d0f0a908b9771efd077a4a9

          SHA256

          f0a033e08f702d8db8fccd48f5f494e929c2080e621b96382d0653e42d7a3a51

          SHA512

          270147abd86b0ca6ed537d4fa759f78f7844ff958824c06d7bae33cec2eb892584f7cecb71256c95948bf387d73f659cf0f453e351abb230899dcd952e73140a

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          36fd1c14a124d4991c0bc1ab89e8f732

          SHA1

          774350c5fa86d80bd5689fbe771d3a1ed5323941

          SHA256

          6f4c8abca836c325c7d655a0767253cc4f6d2f93523e77f45b6f0f02f984dd39

          SHA512

          e59fa24acff4ac2042603883ed48b99cb7a4a55c80b0cde6e2a3807175f58000bc76e8ef5aa46b6fd6c900269399758b1f7b38727c09a4086a7152683b5a36f3

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          cf18f89354f8a16faa8fee8fafcff4de

          SHA1

          328f4cc4b3076f62263bfb1a7d15624362900bb8

          SHA256

          7b31c132534f370f35749bea89d085cf5c4e37861b9fa27bf4ba5449d61f9e37

          SHA512

          21b4397590ad69064605c0e0419bb8fe933e9b8788551df12ec3db3cdcaa8b08bd9244760c6a7d7f603b7ad7b990f813841049ffef8504806eb336abeea766f1

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          8eb47d5f42af1c7fcac354b61372924c

          SHA1

          d8d16f4c26de84699855287a9d586018053b0baa

          SHA256

          5e73ee89bac3a6061952f290e62da1e0ec72c1087a1ddc68c91c6ab64e95c199

          SHA512

          2ed178deeca345fef7e10955721360e859522ad3f316e465e60ae58472a129f682915eaacfbd06c31206be86c90e6883c94f820b9ab25755d6b9b9253ebdd697

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          894c53ed2a562496863c72d9c7e229cd

          SHA1

          a6e92ad0b86073ceea4bcbda57c38a01b23b929e

          SHA256

          04cb41a200fa3f0859283d697c77c4dad6fcb6bb4a8b4df516d1629b25a7ec1e

          SHA512

          8fe88fcc3a31cb7204ebfd523a1e653faf75dda55eaf518cb4c6f3c8caf834c58e38b99ed0dd9cddb6c6e6b6277dd6bd9034a650e84fb8332d84b5ab27816ecb

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          c70092f393cb943f42cc57d8f520718e

          SHA1

          bb8906bd04f2f727f7f094d23c109e7087ba6d0e

          SHA256

          f0930d6eaa417ac23c6ea8914c0f5df1fc4738183ab6c343ad42594c08344dae

          SHA512

          c006af55c10a1d80f9ba722dab57c175a8df8a794bb05d1938380fc0ba92b26d233a3095270a5fe4147e55c64e783626d7a64c93c25822a4d6c701abcf9ebcfb

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          7c5b6995a94d60101b1ecef292030b1b

          SHA1

          7f3a49f702b8235338994e0e8fe99eea52b8668b

          SHA256

          939c9855408cde45d62b89f53c7064e2af070e332094a0a96aefff1e71f659cf

          SHA512

          9ddd579079e66ffa34824596869984fdc1e906ebfc058848555e4bba73e4aef38faff37932e3d44b8ee346c7ff1ff515e3054ed66171d638a5a2b811a2eeaceb

        • C:\Users\Admin\AppData\Local\Temp\Cab7072.tmp

          Filesize

          65KB

          MD5

          ac05d27423a85adc1622c714f2cb6184

          SHA1

          b0fe2b1abddb97837ea0195be70ab2ff14d43198

          SHA256

          c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

          SHA512

          6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

        • C:\Users\Admin\AppData\Local\Temp\Tar71E0.tmp

          Filesize

          177KB

          MD5

          435a9ac180383f9fa094131b173a2f7b

          SHA1

          76944ea657a9db94f9a4bef38f88c46ed4166983

          SHA256

          67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

          SHA512

          1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

        • memory/2000-3200-0x0000000000400000-0x0000000000413000-memory.dmp

          Filesize

          76KB

        • memory/2000-0-0x0000000000400000-0x0000000000413000-memory.dmp

          Filesize

          76KB