Overview

overview

3

Static

static

3

eb7424f1b6...18.exe

windows7-x64

1

eb7424f1b6...18.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    119s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    10-04-2024 16:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    eb7424f1b621b97eeb2dddac784bac37_JaffaCakes118.exe

  • Size

    360KB

  • MD5

    eb7424f1b621b97eeb2dddac784bac37

  • SHA1

    397813e0e0bb950504d7b58486454dcc419073f5

  • SHA256

    be67f92f22d968faa9c70595e1d72ab1c414593b9d14b0a2b9922b0cd45e9ae5

  • SHA512

    c07dbeaf2fdea966c54f0a46c21fd74cbbb9d2024af1d3102e913f57c8cf172e2ad8fc424aaefc4019bb11d27dac4430b35f5f4a699507750f18535b20723c25

  • SSDEEP

    6144:Dxw6SUHdFZcuTVpkojvioqcSFSnTFa71qDCDvz13iIUaJl:a6JHdFZcu3GjFSwDL13iIH

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\eb7424f1b621b97eeb2dddac784bac37_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\eb7424f1b621b97eeb2dddac784bac37_JaffaCakes118.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2932
    • C:\Windows\SysWOW64\explorer.exe
      explorer.exe http://www.ocarteiro.com.br/cartoes/flash218.swf
      2⤵
        PID:2980
    • C:\Windows\explorer.exe
      C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
      1⤵
      • Suspicious use of WriteProcessMemory
      PID:2856
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://www.ocarteiro.com.br/cartoes/flash218.swf
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2648
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2648 CREDAT:275457 /prefetch:2
          3⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2112

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
      Filesize

      68KB

      MD5

      29f65ba8e88c063813cc50a4ea544e93

      SHA1

      05a7040d5c127e68c25d81cc51271ffb8bef3568

      SHA256

      1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

      SHA512

      e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      b505d7dfe9d76d1e51736711af9bcd46

      SHA1

      291c6b72f454c80e64be6eb5aa0fc3b3d4e0ed08

      SHA256

      e8de1118c5d819b1e88d86d3e2d6c29fd61c0efe33c40438a7286ec13a045008

      SHA512

      5864da4e43e834c552689417b6cf66bdcfaa9eac4de0e260b848cc262c731bb8ccf0dc72cdf5e809435fcb7e192d262308e7da67d96247583cf7b2e95cc85f46

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      5453b0bec36871f88b7988f46db3121e

      SHA1

      92b76757d48aa1a2defa1632a41dae90908e7c7b

      SHA256

      3feeba038a29cbeaf92592a6411097ff16c60a993b7d04e688fa5f8ec6e37035

      SHA512

      00017ff8382a2dcc598fb23f02db4aecc401c26eaeabd34d506dfb26d352d2fa41d6397d255e622e40ef2c7cdea8b43a88ba81381aed65abfaf3e24d6a4507b2

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      c1c87f287b7c2a8aa3931221c336d1f7

      SHA1

      c46c9abc74703744e75ffea2fccff940f3d6f1e6

      SHA256

      49ee38943c790d2f805959820cd0c5e43592d501bd0cb15f6772f6631c6e427b

      SHA512

      c267ab56ea61501248f0a4f6ffe0bb4ad36b70c684bb6db5adfcdf7edd1a859985ccc17d007ccee3076f9a8374ad16fdf5aaa5f661a33abf6ecf7f25d46c4d3e

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      3344573ca2aedc2eab6a19647c55f808

      SHA1

      7a988a109c58db818f297cac52bbba9b6828d33b

      SHA256

      3a4b5c2d4cdb4363ad977fb793a0d59668998cea9058b6df7ec836cd5c50dfd9

      SHA512

      59ff3adc8f9a279248a21f80b30a353dd2124486a0b96c3cf0f16f9491b787d342bfd52236d7f6a41d6e5d328edf73eb6f3d3535d5ee0d9e3d6923a8ebeeb0c5

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      68daba36317234df186079918af571bb

      SHA1

      d1acaeed077b16b46edff31c0b1d9f7fb3140269

      SHA256

      34d2709b1515b11394fb61d071e0dd33e1e76a46057089e69e0352d452f5db8a

      SHA512

      e7dceedee2ee204517e0c8b977dea1b8eb30f55aad5f8bd94f1e65ed8d5d2f54e680fd6c0ff7d476a9d2678c0735b0c160665ee84e5b2fa86fc020e483b70c4b

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      1029c755e7c99bc2e5b1d857257c21fd

      SHA1

      31b82540815bfd1935b427ada0fd25a6fdbee5e0

      SHA256

      286ee2b3abe2cff3580c55efb1363138d6d69c885c645fc26ec386c39d527948

      SHA512

      9905c98f72239550c7c4d74c040ae51663500edb54e31429d8ae06269fbb647d0b1a0e96227fa97bef5b37d1ce691c106f55be05c1ad6b47c91315903e530341

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      1ad97833ddd982029894d4e97c264870

      SHA1

      37545f3d2a692fa6512350e3ff2a7bfa6b14d3b9

      SHA256

      9eadeaf5d62027c3ee85a575eafc978c975df326de586442d5c1b8f036cfb18a

      SHA512

      f5561a3f2df904c8ec821162f3d2913203abb6d73e579418861ccaee526493d94af9eb4ddcc692a8e83077993fc0fa1236a9db5d835cb16cdd0e69ba3abedda2

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      9c31d2bdcfe2a5ca55d5afeac55b36f5

      SHA1

      4b41ee8207040e62db5a20fe129004d86480fea7

      SHA256

      d2912cae178e3bf4e975b927246f21260819731b7b1ac297c6a90bf2da01687a

      SHA512

      4bbe36ad3da853e20e0b340bc578bae4a3ea505d31d5d5555e3bd4ce073799c0f12e7582c2d86d9896b579fe5d7bb460d595627483c6f84291d9b15121b92bcf

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      f82ba1daf8e71f9e084a7c798fe45780

      SHA1

      b5496d6a4d0e984e9cb630d6f8cd29d934c9e440

      SHA256

      7944e622358accb36a72e1d52e2d8ebf0b963135993fe297b1fd8946cfeaaa5b

      SHA512

      63a3134240575070c99ffd07a26e56e90777fe98a2d0efda6bd917b3bdc4b2138ef58988be3928b6be4e805809d239fdd8e445abdbd396289783b6d3489d7926

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      de41575bd4a8915befb2ddc899b4f2b4

      SHA1

      dcea8ca6e9cf1574ab4a5165e8227fd233df89e7

      SHA256

      d0bc970e157fac2f1514695ac5c23369b781592af50559c4728e0d2b59344c4c

      SHA512

      a549572485d402aa87a8302ecfa8aacde491b03b60f24eb72666f62e50cf2fcc81d7c5abeb25b174feaedc9a4a0803ebbb8cea8edf0f72aa8a0e075ea53adb15

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      c8ff001bccb8cb62c9f6b8ec30f091f3

      SHA1

      a86a6cd8743ff3e6b47047bfe4096ac6733a133e

      SHA256

      0fc341cfd59f0802cee04cc7eaf37e778949fa3f6947f3df2ecac5d5f6af7907

      SHA512

      6eaf1b542762caabcb8f3ac7b188757716fc20533bc3c6f6ab3b41befc449d0747df48f0885bc1e2b43ba071250b05768cb49ff65612a0ca446cad4508ce98ed

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      860196da6a053b00893293c5e46b44a3

      SHA1

      1b58d8989c666f3f4e2badb0b1620e70c70da8bc

      SHA256

      341b5486862239034372a43451542c017893bce4a6b409adc168a21fce8f54d1

      SHA512

      d7fed40cf8ce187e7bc031f4a0d6857df39f167de999942d4e198ea363565406b5d0657bd8137e58c9bc529ba2761312c821d532809d2e08b8b683cdec40a299

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      a63fc76bc5b6e5c4eebb2e600b2ed893

      SHA1

      a29e5a641d433e8ec8de971816fef090f6d6839a

      SHA256

      2a7eb4ad402568d9a5f4cb1abb660bf266755046b325dcdba37d0b5c2332d38f

      SHA512

      c27f07a40a612d58f6e05023831983b92264b7f8c877769da57d69a4df40b97e24f80dbbb3cfb05f57c5d551108757ddbfa40261840d9820b2251eb5a2f71c53

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      4ef68ca27b2b69f53ae7f76e3c779c51

      SHA1

      04d795a15546b41f9593fbfcff67e41995fa6166

      SHA256

      32c7100d122f3bc8770874afb4b10a9aac8eb969d59b05a8bb817129483bf988

      SHA512

      e0852228b4f92601d18547dbbcd51acbd3bf736afdfe3abc02b986ce315daf78adda387d4cff45cecf74aa06e265ae651885fdeac260134a0d8c30869931d68d

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      f37047216b47ccec0e9a1e93de9a025e

      SHA1

      91af9b40795afdb9cc87be1b2f27803cf29d2539

      SHA256

      3bba5955d13c01ce10234fa52d21be00b0bf0dfc6ed52a661bc02cee39867161

      SHA512

      f5eec19246131551ed5134d54d3dfb4686cdaa516f948def012bf788d91edac753d0a7ba19e1261d40a778084c727f5f3e99ea767107c56b43baf9f73753df97

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      ce86bd11d68afa8e9962dfdbdfd2fa6c

      SHA1

      346553bf26cb6d3b2038b25fb96b6893273028ce

      SHA256

      fd212251d75e31b7f31302303378111752ba2d6f2a0609aa7365e1b1d7c85295

      SHA512

      7578a61e5b249a60a3656aa3e3234f376efa247ea0121968384d657e7808cf8b69bf675c1de5c185ecc6f6a9a578b66e7d0ad660d24fcd5247602b3e79adcdcb

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Cab2752.tmp
      Filesize

      65KB

      MD5

      ac05d27423a85adc1622c714f2cb6184

      SHA1

      b0fe2b1abddb97837ea0195be70ab2ff14d43198

      SHA256

      c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

      SHA512

      6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Tar28A0.tmp
      Filesize

      177KB

      MD5

      435a9ac180383f9fa094131b173a2f7b

      SHA1

      76944ea657a9db94f9a4bef38f88c46ed4166983

      SHA256

      67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

      SHA512

      1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

      Download Submit

    • memory/2932-1-0x0000000000400000-0x0000000000460000-memory.dmp

      Filesize

      384KB

      Download

    • memory/2932-0-0x0000000000320000-0x0000000000321000-memory.dmp

      Filesize

      4KB

      Download