Overview

overview

7

Static

static

3

f74d103151...18.exe

windows7-x64

7

f74d103151...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    147s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240412-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18/04/2024, 04:50

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    f74d1031511b6aa62d1639132c8ccbc2_JaffaCakes118.exe

  • Size

    30KB

  • MD5

    f74d1031511b6aa62d1639132c8ccbc2

  • SHA1

    c1a57f94a5b77ce3019a84d6ce37af26e254b6a9

  • SHA256

    90ca76a7986edef28c7d78dc46d7610370b1cb5824eadd2439353290fad6d02e

  • SHA512

    0e023343524c4be05ad591356ea42ec05e18ee009a66977233c6cb0ef6d1cf0cd2db02f2dc1a12a18ac93c557ad26ff249d7d8d3b94767e7c539d6f6c29b909c

  • SSDEEP

    768:1qa4/tG4fexLDlpCtxs7qvUPq97q2mUtoOnRTfSU:zsexLvCtxnvdq7UtoOnRTa

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 2 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL 1 IoCs
  • Drops file in System32 directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 49 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 26 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f74d1031511b6aa62d1639132c8ccbc2_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\f74d1031511b6aa62d1639132c8ccbc2_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in System32 directory
    • Suspicious use of WriteProcessMemory
    PID:2792
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c start iexplore -embedding
      2⤵
      • Checks computer location settings
      • Suspicious use of WriteProcessMemory
      PID:744
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" -embedding
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2392
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2392 CREDAT:17410 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:4316
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c start iexplore -embedding
      2⤵
      • Checks computer location settings
      • Suspicious use of WriteProcessMemory
      PID:5016
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" -embedding
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2872
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2872 CREDAT:17410 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:4128
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\gos6784.bat"
      2⤵
        PID:1596
      • C:\Windows\SysWOW64\cmd.exe
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\f74d1031511b6aa62d1639132c8ccbc2_JaffaCakes118.bat"
        2⤵
          PID:3748

      Network

            MITRE ATT&CK Enterprise v15

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{2CCD3F35-FD3F-11EE-AD03-6E00C7B2A603}.dat
              Filesize

              5KB

              MD5

              11c9d1812ce1b7e77bad5f187ddb1770

              SHA1

              70ea4d628f56264754c1b31191cf0122d50b058b

              SHA256

              e056000b75235b6f8680528b2854cc2ca2c948fbd077d6eebaa04da494c0ba2b

              SHA512

              1163d047747a8d5fbe052dcc72be04ccc775d6d9d69f8a6f60689a9b88ecf587e2ae2421ab1bd7e9a8d3bd92c42cbb8bde0a2024f0586be083d04fe930a09dc0

              Download Submit

            • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{2CE07AB7-FD3F-11EE-AD03-6E00C7B2A603}.dat
              Filesize

              5KB

              MD5

              6d1b623da2386c755d119f7703707a5c

              SHA1

              d2f326c75852feee233add073102b39a165a605e

              SHA256

              ae49a83b215ce700b4209efe854fe6849696a049b31388f2738e8ba23540f2d7

              SHA512

              41e6ac058e18a7e6674fd58081531a2b14b723c68f858a8dfaa7a3640a3b321560c2fa5b800f826d036fa65f16ae61aaa572f3ba502d98bc6c9aebb6e9ef69b1

              Download Submit

            • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\VersionManager\verF5CA.tmp
              Filesize

              15KB

              MD5

              1a545d0052b581fbb2ab4c52133846bc

              SHA1

              62f3266a9b9925cd6d98658b92adec673cbe3dd3

              SHA256

              557472aeaebf4c1c800b9df14c190f66d62cbabb011300dbedde2dcddd27a6c1

              SHA512

              bd326d111589d87cd6d019378ec725ac9ac7ad4c36f22453941f7d52f90b747ede4783a83dfff6cae1b3bb46690ad49cffa77f2afda019b22863ac485b406e8d

              Download Submit

            • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\1FEO3GJB\suggestions[1].en-US
              Filesize

              17KB

              MD5

              5a34cb996293fde2cb7a4ac89587393a

              SHA1

              3c96c993500690d1a77873cd62bc639b3a10653f

              SHA256

              c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

              SHA512

              e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

              Download Submit

            • C:\Users\Admin\AppData\Local\Temp\f74d1031511b6aa62d1639132c8ccbc2_JaffaCakes118.bat
              Filesize

              307B

              MD5

              6bc91bf707f40cbbf39950e426a03e22

              SHA1

              127e1e974524a78445220e9e0cc7c013f44ffbcd

              SHA256

              bcba26450d133aa9c613fdab6b1efc8237ee7a07dbfcd2251a6fd28eb61a98e2

              SHA512

              afb69ce0d1f1cd8e4b62e15c21d6003003f9be86ea9aa7c58d57464433de8b5b12ba0eb046bb15266051d3fe972502f6862ea0ee1bb60d864071a106825cc649

              Download Submit

            • C:\Users\Admin\AppData\Local\Temp\gos6784.bat
              Filesize

              190B

              MD5

              01bf0d6b83d7ef5cb9c7be2147e04d13

              SHA1

              ff6cff5ea36d5ce3849d8432199a2f96fe78e767

              SHA256

              b5768e7737ac91ff86cce4558152f6fe14515e0579ed9049941515a0806a0efc

              SHA512

              79d291ae2c90de700f5415ea4e58b8cd44dec927ad5db045bb6b1e2b5b986c82569434697012cfc56e5c681371d48f380cff20f8b7e4915f81d937854dc33b2d

              Download Submit

            • C:\Users\Admin\AppData\Local\Temp\gos6784.tmp
              Filesize

              21KB

              MD5

              4fbb0caa9d2d58fcba705997b9f4b101

              SHA1

              4f49d8ef409b5ba8de43c78a95eb0deae70a840d

              SHA256

              f7058cca7a2ba7f06dc22ee74c8f6c772838f0965acf5f5c83f7bba413033a22

              SHA512

              a307f71ea960b003a14d89701d49f66c209a0af6f3d76f588467c8b46ec79c0345ff115958ebde4e2842e07a170b4b9321e1ec8147bedde121fcbb73d8507ed5

              Download Submit

            • memory/2792-15-0x0000000000400000-0x000000000040D000-memory.dmp

              Filesize

              52KB

              Download

            • memory/2792-19-0x0000000010000000-0x000000001000F000-memory.dmp

              Filesize

              60KB

              Download

            • memory/2792-20-0x0000000000400000-0x000000000040D000-memory.dmp

              Filesize

              52KB

              Download

            • memory/2792-22-0x00000000001C0000-0x00000000001C5000-memory.dmp

              Filesize

              20KB

              Download

            • memory/2792-7-0x0000000002160000-0x0000000002165000-memory.dmp

              Filesize

              20KB

              Download

            • memory/2792-0-0x0000000000400000-0x000000000040D000-memory.dmp

              Filesize

              52KB

              Download

            • memory/2792-5-0x0000000010000000-0x000000001000F000-memory.dmp

              Filesize

              60KB

              Download

            • memory/2792-1-0x00000000001C0000-0x00000000001C5000-memory.dmp

              Filesize

              20KB

              Download