Overview

overview

7

Static

static

7

feb5902be9...18.exe

windows7-x64

7

feb5902be9...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    118s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    21/04/2024, 06:58

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    feb5902be9ad996e9eb74a23e13ad97b_JaffaCakes118.exe

  • Size

    29KB

  • MD5

    feb5902be9ad996e9eb74a23e13ad97b

  • SHA1

    3fbf6e70865206390fd20c60a627384ab1a582b1

  • SHA256

    c51e7a1b519dc82267d31ce397a45bb5ca76cfff0c6c8ea5a75149cc84209e77

  • SHA512

    b06d6b1cbd59016973b70d393bace5f592c64beeeaba4a9a0b0dc197ceb260ee7d53dfa5dab65043c9d903b88f57b9eee506c4b27acf5c026695752d3445591d

  • SSDEEP

    384:z2INS2vraohrKbSC05Hk/HNWdqLcIrPxctRe8l9dMNV/ubgpY5RAtAD+nVp72SyQ:HTYSVHSNWgLGtbcIbgpYLQJnSSs9z

Score
7/10
upx

Malware Config

Signatures

  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 45 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\feb5902be9ad996e9eb74a23e13ad97b_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\feb5902be9ad996e9eb74a23e13ad97b_JaffaCakes118.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2924
    • C:\Windows\SysWOW64\wscript.exe
      "C:\Windows\system32\wscript.exe" //B "C:\Users\Admin\AppData\Local\Temp\OGkaFYVQtC.js" "C:\Users\Admin\AppData\Local\Temp\feb5902be9ad996e9eb74a23e13ad97b_JaffaCakes118.exe"
      2⤵
        PID:2908
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2572
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2572 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2448

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
            Filesize

            68KB

            MD5

            29f65ba8e88c063813cc50a4ea544e93

            SHA1

            05a7040d5c127e68c25d81cc51271ffb8bef3568

            SHA256

            1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

            SHA512

            e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            344B

            MD5

            7b75658f6c36478fcb6b2f6f6c99d8ed

            SHA1

            5dcd0318d5a5f406ff590eb87be74d1004ea1993

            SHA256

            9abbc699a815519c62ca59ebfff0ba69653141373f5bd74438e72054b75c3e48

            SHA512

            1082a078a15b4c27a10a2daa3dcdf857242d14fc8a25c97658bb6bd3a56a80cfcad0798eae615b98b68cdb344b774841d320cb878e4f2efed2fb23c75b89793d

            Download Submit

          • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\QLCOT8E7\adult.oo[1].xml
            Filesize

            13B

            MD5

            c1ddea3ef6bbef3e7060a1a9ad89e4c5

            SHA1

            35e3224fcbd3e1af306f2b6a2c6bbea9b0867966

            SHA256

            b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db

            SHA512

            6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

            Download Submit

          • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CY2G78MW\favicon[1].htm
            Filesize

            291B

            MD5

            b73189024a094989653a1002fb6a790b

            SHA1

            0c44f096cd1fec253c1fe2fcfcd3c58fe05c402d

            SHA256

            014c471c07b2bc1b90cf5b46eb8eb60abe3ac278e43cd8fcc7c4e6c8950c592d

            SHA512

            1bca726835d33847812060c968e5306535f513429de5c90d66942155fd42ff75508dba97da8ca36c6d6e6a8df5a2602fe3be047bb5612ad4e367c6c00e1e50a3

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\Cab5A32.tmp
            Filesize

            65KB

            MD5

            ac05d27423a85adc1622c714f2cb6184

            SHA1

            b0fe2b1abddb97837ea0195be70ab2ff14d43198

            SHA256

            c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

            SHA512

            6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\OGkaFYVQtC.js
            Filesize

            8KB

            MD5

            eb3bcee780153421578a57c8bcebea2a

            SHA1

            73bf49285833a1511c6798050e5e666e8009492a

            SHA256

            3404e1c05ad761ebe2fba552650bbe49d0dc565e25abac7b333aa9405997f1e2

            SHA512

            acb3dbd472c921932c28b48316d7daf2f616c3a5ce3c0109725485b5e467a45a8260bd8044f317f47cae56f48ca51253f45ad491c242e40e15a338cfef55ce77

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\Tar5A35.tmp
            Filesize

            171KB

            MD5

            9c0c641c06238516f27941aa1166d427

            SHA1

            64cd549fb8cf014fcd9312aa7a5b023847b6c977

            SHA256

            4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

            SHA512

            936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\Tar5BB1.tmp
            Filesize

            177KB

            MD5

            435a9ac180383f9fa094131b173a2f7b

            SHA1

            76944ea657a9db94f9a4bef38f88c46ed4166983

            SHA256

            67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

            SHA512

            1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

            Download Submit

          • memory/2908-49-0x0000000000280000-0x0000000000282000-memory.dmp

            Filesize

            8KB

            Download

          • memory/2924-0-0x0000000000010000-0x0000000000029000-memory.dmp

            Filesize

            100KB

            Download

          • memory/2924-3-0x0000000000010000-0x0000000000029000-memory.dmp

            Filesize

            100KB

            Download

          • memory/2924-5-0x0000000000010000-0x0000000000029000-memory.dmp

            Filesize

            100KB

            Download