Overview

overview

7

Static

static

7

e8f7379399...18.exe

windows7-x64

7

e8f7379399...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    117s
  • max time network
    132s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    09/04/2024, 02:06

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    e8f73793990c4de536d8c361f91d80f3_JaffaCakes118.exe

  • Size

    30KB

  • MD5

    e8f73793990c4de536d8c361f91d80f3

  • SHA1

    d27dbaf728a26612bbdf2250f5eb736dc58fd5b0

  • SHA256

    191ef4dcd100ddfb7d6b5b8a4abd20e9dcdc212d37bcd804b560a83baf96772c

  • SHA512

    252af99dca70edca9ea40d15e8fb8d62e504c90810bf268fd2ccde6fa18815c3c3ee5222f77e81e9c9cddc23b22304c17ded7d52aaafb0917f0917e86f2a307c

  • SSDEEP

    768:ZaLUBY1g/5nDspbJ5RdREM8frV6ctOYvZ:Ja1ghnqJ1REVLtHv

Score
7/10
discoveryupx

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in Program Files directory 4 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 28 IoCs
    adwarespyware
  • Modifies data under HKEY_USERS 64 IoCs
  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e8f73793990c4de536d8c361f91d80f3_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\e8f73793990c4de536d8c361f91d80f3_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Program Files directory
    • Modifies Internet Explorer settings
    • Modifies data under HKEY_USERS
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1716
    • C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\system32\cmd.exe" /c del C:\Users\Admin\AppData\Local\Temp\E8F737~1.EXE > nul
      2⤵
        PID:2656
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:532
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:532 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2976

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            344B

            MD5

            295a03cd27e114919c8f5c6133818b07

            SHA1

            50e48c0c2061429f8ad7d585ff8dcaab336152f5

            SHA256

            a38ee7bb3e1676b0fc6e82c4c70a0cd39e37a8765a78a5372c92d189c5ec0d94

            SHA512

            d85cdd99ae36e3f3f489d9203e4748f765d1d7559d0ebd6dd418e0c711e437cb721d31edffed30ae4f5364e8fdf1a5b5450f4cbe21b1412ae509c04b7d927bc8

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            344B

            MD5

            e4d911db92a5c5813b886ec24387aa05

            SHA1

            d8229e4b876ca58e8c1f29728105e7d022b23db8

            SHA256

            efd2591b792835a8165416c2e40393b2b2eddfd9e897f2e2bea35eb69b2f1c98

            SHA512

            48ac3b1afa05e25692659ca17650fbfa8177607c552d656899e901b1b242095eda8e67991bdaaeb6117e6a242ea067b60f7e170b8cd5f8f67c603d862a2ccc59

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            344B

            MD5

            87704ad0128e47cc9a47dc47526acd90

            SHA1

            d754589fce3e6b2fc0816a32a7625d898a938499

            SHA256

            eb9ca15ff2b6ee01f74fd6395594fafb313c61d46bc44637f373b9b96d25b2f3

            SHA512

            22fae63066ce75faee3360a0af73775089f9754fdac16eaba7b9f794c3e966e5f924acc43d30685f4525ff47bb23e979adb2b2a766db9b64aaff2f0cfb2c078c

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            344B

            MD5

            5c9ab798095985b40f6aea4a718699b3

            SHA1

            52394137c653a00e40df88313ccdef6e6136678a

            SHA256

            1416c401efeab788398569b77a47e1a6f077c3df14b0d2eb2c74c26c9ca2f1f3

            SHA512

            e8c3156de988f74ed45812b3dc96303da23e80a55f8195577d26abd8d01480b6c2ce8f536520b776cb7452c549064725d29f1ce62d35aca36cdc729d1ffc9875

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            344B

            MD5

            d0f18996cbbb8dd4048b6587c7a80c80

            SHA1

            e22b9de1e60cbc5f9472d3ce4e60c2d075879cb3

            SHA256

            92590e13484b3faab47e538fd0b3029343f4c1bcab2456289b665611c3dd015f

            SHA512

            424bd153b43c80a8c3d070bd638dae6403f179d8ebef2e2f4b35e5348a857b5f22e91084211d48bdbcfcc9b0ad4595e35224dc54e63029bd45de517312f75931

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            344B

            MD5

            a4dd350135bab476edc29c936f4eddb6

            SHA1

            a813c5f3ddeb7af199bb717d454dbaf1a68c4580

            SHA256

            a81db75cd50d93655d65b2021962c90d8dd3a0a9b3a4648184c74af5a43bd42c

            SHA512

            430f16deae4d8451817e6bc3f092cab0d09b0ce16cb75e72c107e2862eff3e79c21e8b04a721b2ca33449b4ffc544b0fffc804f66e40635269a8955e85ca2822

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            344B

            MD5

            c646fc667b0b0ce8c45e38a6b81cdade

            SHA1

            06c0670bcd93eb55b17c58c40000abf5c274800e

            SHA256

            2efe52b8367d6e63982db64f0289c7657dc6a16cfbfde8be2884b6e4797c3623

            SHA512

            c867d4f411fac4a88ea5f33e006379c11d22fefb7b0a080b8229a01a3bf054a2153cb4ca3cadeddcc0cb3217b9a28948ee7695cabb745d4c0043a4c9b3379934

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            344B

            MD5

            36da95829a32f271279ddff94fdede42

            SHA1

            92566cac56f8caa71f48e7c79328c26889302d73

            SHA256

            e06beb87f3cf9f3db5e6696c779f436fc2674d0ea48a54ad49ef4a3d3320d697

            SHA512

            b12aad8a60700ff3dcaa7a924c108d7869109df5acbc28d83ba54ee111ef21ab7b71933ea04779ac08189f5ecd24bb07e4fd9817002253b566f318d281d6b83f

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\Cab4CAC.tmp
            Filesize

            65KB

            MD5

            ac05d27423a85adc1622c714f2cb6184

            SHA1

            b0fe2b1abddb97837ea0195be70ab2ff14d43198

            SHA256

            c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

            SHA512

            6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\Cab4D78.tmp
            Filesize

            68KB

            MD5

            29f65ba8e88c063813cc50a4ea544e93

            SHA1

            05a7040d5c127e68c25d81cc51271ffb8bef3568

            SHA256

            1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

            SHA512

            e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\Tar4DAC.tmp
            Filesize

            177KB

            MD5

            435a9ac180383f9fa094131b173a2f7b

            SHA1

            76944ea657a9db94f9a4bef38f88c46ed4166983

            SHA256

            67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

            SHA512

            1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

            Download Submit

          • C:\Users\Public\Desktop\Online Security Guide.url
            Filesize

            130B

            MD5

            69867e2e862a6060e8f1f98e09aefc08

            SHA1

            5b86d8c87930a463af937b0bf59ad8669a28c9ad

            SHA256

            9e0ad937dee0b35688b19037d5c76393396d73d0490da3060a9cf43e92fb4d4a

            SHA512

            2867244037f86c6325696a10b18621aa3461c8452abcd6d5991a2d96d766d682a7397cbff9198e0f65ea660ffdb0aeaa3cc3cb8d61702d2d18f2e57062595189

            Download Submit

          • C:\Users\Public\Desktop\Security Troubleshooting.url
            Filesize

            130B

            MD5

            72300cfe8adeeb0a3a68620bb1df2753

            SHA1

            864c8de6ebda1abfe1a93062e840f857f51aae08

            SHA256

            84746ebd21d61968fbc751451bb720f0dee5d06ab2d7a76b3c939dfe79bdf5b7

            SHA512

            50b759bc9b2e2ac8034fd73f850a470d5e40e8971feef74036ceb95ceddb20342e63608b04fc78671c0fba2ef07ca36c43127f7b3d829e48493b00068e9248b9

            Download Submit

          • \Program Files (x86)\Internet Security\iesplugin.dll
            Filesize

            29KB

            MD5

            f0d03d1c230d3b1f8c574990a0150b7a

            SHA1

            f47b7f427286dee43f1425d3aa314ec7a5d7a7a1

            SHA256

            b1882942262a2a84e01a5e625859a65230786f10110b2c0e561d870437201ec1

            SHA512

            e3e5e6ed14531e80fb8da27bf38a8ff2d2e97dc51f6125699c27bb6d7c2e495f9235438d297e79cc67e9097f01bea015e388a21614237226cb608ddf3cd744e7

            Download Submit

          • memory/1716-0-0x0000000000400000-0x000000000041B000-memory.dmp

            Filesize

            108KB

            Download

          • memory/1716-24-0x0000000000400000-0x000000000041B000-memory.dmp

            Filesize

            108KB

            Download

          • memory/1716-5-0x0000000000490000-0x0000000000492000-memory.dmp

            Filesize

            8KB

            Download