Overview

overview

8

Static

static

1

03c97fd835...18.exe

windows7-x64

8

03c97fd835...18.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    140s
  • max time network
    55s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240419-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27-04-2024 22:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    03c97fd8353ccd6602678dd53352b900_JaffaCakes118.exe

  • Size

    1.8MB

  • MD5

    03c97fd8353ccd6602678dd53352b900

  • SHA1

    d50fc62bd46fd76518f2f00d4ada089d0c46d809

  • SHA256

    39a7e19c96c27536e2d38496635d237a604b5bb36a3a3350f650309a629c1779

  • SHA512

    b833e10d76c274b0b82d6d6d512ffd6a083053851b04e1eb6d9a583b4478764c4273349e39632028b339029267999e0aa5cb224900ceec40591956eff05d87e1

  • SSDEEP

    49152:q5+hF0j8F9jWOHVuLS3j3DxYmSAOUrw7pbOo3K3cyYF8g8A:q5aF0OjWOHT3XxsiqtSMp8A

Score
5/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 3 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 22 IoCs
    adwarespyware
  • Modifies registry class 16 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 17 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\03c97fd8353ccd6602678dd53352b900_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\03c97fd8353ccd6602678dd53352b900_JaffaCakes118.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of WriteProcessMemory
    PID:840
    • C:\Windows\SysWOW64\wscript.exe
      "C:\Windows\System32\wscript.exe" "C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\bin\tools\start.js" ""C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\DriverPack.exe" --sfx "03c97fd8353ccd6602678dd53352b900_JaffaCakes118.exe""
      2⤵
      • Checks computer location settings
      • Suspicious use of WriteProcessMemory
      PID:448
      • C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\DriverPack.exe
        "C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\DriverPack.exe" --sfx 03c97fd8353ccd6602678dd53352b900_JaffaCakes118.exe
        3⤵
        • Checks computer location settings
        • Executes dropped EXE
        • Suspicious use of WriteProcessMemory
        PID:3720
        • C:\Windows\SysWOW64\cmd.exe
          "C:\Windows\System32\cmd.exe" /c Tools\init.cmd "C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\bin\Tools\run.hta" "--sfx" "03c97fd8353ccd6602678dd53352b900_JaffaCakes118.exe"
          4⤵
          • Suspicious use of WriteProcessMemory
          PID:208
          • C:\Windows\SysWOW64\reg.exe
            reg import C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\bin\tools\\patch.reg
            5⤵
            • Modifies Internet Explorer settings
            • Modifies registry class
            PID:4448
          • C:\Windows\system32\reg.exe
            C:\Windows\sysnative\reg.exe import C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\bin\tools\\patch.reg
            5⤵
            • Modifies Internet Explorer settings
            • Modifies registry class
            PID:3804
        • C:\Windows\SysWOW64\mshta.exe
          "C:\Windows\System32\mshta.exe" "C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\bin\Tools\run.hta" "--sfx" "03c97fd8353ccd6602678dd53352b900_JaffaCakes118.exe"
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:1284

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\DriverPack.exe
    Filesize

    85KB

    MD5

    bea0e0db0118ad8ad5ebd72b79c5ce4a

    SHA1

    5ebd53b83ce9372c8111127109f1270efe6fb524

    SHA256

    78fae8f4014baf3b063d44a46dca6109e7483b3e5ca27187394a68bd959599e7

    SHA512

    dda0fb66c39ca1f9b0837cedfdcb562c68d1d3b8ec81868e5c0d4f98b4a3a0072b7f479bcb2ca598bc01503db1eb9fc0da723dfb4081d7f3bebd5f8d858d8186

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\bin\DriverPack.html
    Filesize

    4KB

    MD5

    42e912c38ef16cdbc7cb6b1f0de61fde

    SHA1

    d98922fb3f2684b0a418acfc30e128a996311bce

    SHA256

    3d2315de58a5d3c3a4412cec1e426751fb0f7657f27c22254006e23cea3bbad9

    SHA512

    676f72f1ba240a32975ebaecf026fc77623032fd8c68d261333e7b028826f77f037a5f2bec767639a898e20acfaf31d5b103428ee249023ad75ec43c0e6f9b35

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\bin\Tools\Icon.ico
    Filesize

    24KB

    MD5

    73c365efc22f21785caf62a83c563da0

    SHA1

    21880c3e6370cb9c50fbc37e656bf1f755750801

    SHA256

    a0a78539cf3889eaaf2aba62fdc85addf4c31420eebbfb51fc70ff41efadc69a

    SHA512

    3f025bc4db604d631763b73c1b7bb967b3e70696c5b15679d8570f950a474c67bd0686ffec416831c23e877c1ef273644a040e86f2d893b49fb88b5ab44c0cf4

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\bin\Tools\init.cmd
    Filesize

    852B

    MD5

    2d07f324a539ade610cd86f3788db114

    SHA1

    c898927fe8eddab9997daefe21241ed211221676

    SHA256

    20692738398af39ee4c65eda97b70f65466baaccd1c12eefc26e632f505b68a5

    SHA512

    12a2e9cb3de9ce4113b85c54bc6a0845f604608a9383ffebba7a3fe00c34b18061865f600f134d35d0ab59cf4fd9f755c8d73c738c255106d53d573d7ea0218a

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\bin\Tools\run.hta
    Filesize

    1KB

    MD5

    0067963efff86f2d5fb4f792cf68021a

    SHA1

    eeb5eb6d94c962bc5cd94bfce7306e8fafb160f4

    SHA256

    f8233bfffe778f8aa2b90856298b84f296b3bf8dc0547b11afa538a3c3081fb3

    SHA512

    d7417e2d35c0894b8fc154b216466522b1b0ae9ea274a63431afbc90e43f026cf647455e885cc767f2d8253693f01c8bdd618e018ddd26bac9b465b1af8b89b7

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\bin\bluebird.js
    Filesize

    147KB

    MD5

    afbb5c813add5d4df9b32419e6a89834

    SHA1

    8b1d61ac66c59e7eb581453b2c5a9d20452e7f27

    SHA256

    0d6e11be55def7b6f817cff2738e21de9301ad0836e89d124a46f72a64b18eed

    SHA512

    b0979605cc7898c6fd3435a27b5d2003e5d75c9aa02aac24cc59f755dcbdead55a5a74a1cfe0199479c11e2cf355035bbf7051f1841775e53d955af0877812ca

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\bin\globe.png
    Filesize

    641B

    MD5

    74e9ebec2b365366755028ac89031400

    SHA1

    51e302935661398c53cb3e8fa11d4b874c6df78a

    SHA256

    9a6abb737e513937865aba2d2db103c9baeac030934b522093b7905d4815c332

    SHA512

    837ab265038703b7b0d5333e9e74977d54c58a050a8128a9127a2a4e482ea6623e4e866aa53638c72ec3111dbd1924958c1bad536003715a883e6dab87e5bb57

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\bin\language.js
    Filesize

    15KB

    MD5

    2866dec4af17828efaca8596942635ca

    SHA1

    2e9faa8a9b5b05d3807daf543e29cf0403e8b969

    SHA256

    cdd2679eaffd10b67894aeec93de1f34dc56038b63feb59c1fcf54d42c590903

    SHA512

    419d8bfb46b6749eb9739e1121ea62764cc1d24ba187e217b8e18b09ed89a5ef7ebe2b114959caad11f21a999151461ffff0a1c3d507a190bf123c49b792e46d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\bin\loading.gif
    Filesize

    18KB

    MD5

    a90e737d05ebfa82bf96168def807c36

    SHA1

    ddc76a0c64ebefe5b9a12546c59a37c03d5d1f5b

    SHA256

    24ed9db3eb0d97ecf1f0832cbd30bd37744e0d2b520ccdad5af60f7a08a45b90

    SHA512

    bf1944b5daf9747d98f489eb3edbae84e7bc29ff50436d6b068b85091c95d17fe15b721df0bff08df03232b90b1776a82539d7917599b0a3b2f2f299e7525a51

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\bin\main.js
    Filesize

    127KB

    MD5

    28396d494d3c7eafb997e1a46c911381

    SHA1

    6365d24ee9f35fe447f794e55f902e47a8cd141b

    SHA256

    f6a61e9413bcfc77cd8a23efc84a96eaa60b769e9cae365dd420e767c629120c

    SHA512

    42e4b6d13a3a3f4f7f2c9e9b07180d9e4c69b3d533998893f89c48d7a1da5fe68fd272eb5316c3789c5a011dc71cf0c08177f040f38caa4a72af560739387ff2

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\bin\med_logo_dark_new.png
    Filesize

    3KB

    MD5

    43be5aa6135f7656e2b9ee162479fde2

    SHA1

    384d58c9712a1d8248c442d596aa604f04c6e028

    SHA256

    71557ad30e5e02aa551ff8edc29deb83aaae949f31da9151d3e476d67d2a1a4b

    SHA512

    c51e80ee9d5ef1de0eb8244670437320e66036fe277afb669721982d23c2578ff4ce28b6f3cabf8256b39ce391df1c7e335008b0abca795d9c0884082ad21f4a

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\bin\polyfills.js
    Filesize

    270KB

    MD5

    32dd27de70fca65ac73a1f9835d8f0c3

    SHA1

    989935a10a8b1d7c3f1334ef2db8b57c7fe9bf7b

    SHA256

    62c56826e747553724ce3881eb3f9a367664a8d8172593286e9511496c6640d1

    SHA512

    974461c8ada004d18c12ecc67cb7e075488043cfdd1e7ee5589cb7c1c9d6e85bab31ef5d09a9c3f1aa56e7eb6b8e97774ab9165d097f2ca0c1cba7c7c855cc2c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\bin\styles.css
    Filesize

    2KB

    MD5

    f1f2c06d2d6bba1b321ce0386799b154

    SHA1

    a4b480a399005eaefee6876cf2e6711466db6921

    SHA256

    81224a285ee25bddb07018336a2434d947c572e92a26aee567be0401b7726892

    SHA512

    245f70f9786303cf5ea214ef0e3627dacbf3bcf1eb742c0e9d44210f2bc9f3f7ab4b827600ebafdba6877d712db5489481a142f971cb3f6b0183b1a55b8b4640

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\bin\tools\patch.reg
    Filesize

    1KB

    MD5

    5e520ad7be996e01e1f57a5dcffb0148

    SHA1

    faa0f75bcf42d21250e3aefc5884216d03637dab

    SHA256

    7bb97b440e949b13feaf9e104be287c950cf87a14ea3ba5af4199fd15e2da581

    SHA512

    5ad1657c4de30aa5f97becb0db63ad7e5f5b92ee9ba694cc528203abca974736c6ed3c7d051b6adb9db003caf8b0b8001d8e2dc0b2ebff0f98713f88552f02ae

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\bin\tools\start.js
    Filesize

    137B

    MD5

    efa95ffb77bc168aeac2a61273fe81b3

    SHA1

    f10a049e592245e0441d87ef87a72b13f836ee61

    SHA256

    abb7b821325c0cd80b188f29b4f00e6a669673e5e036379088ef85d164e4c81e

    SHA512

    31ff4c980f6ebfe030c56448da4d14634a13c995dd3e54b173aa712ed9ce831a2fd8911358fcc75dce3ef3150a252f9eee34cffd5becae4e254346fd38914bea

    Download Submit

  • memory/3720-72-0x0000000000400000-0x0000000000418000-memory.dmp

    Filesize

    96KB

    Download