Overview

overview

7

Static

static

3

02a7cd3225...18.exe

windows7-x64

3

02a7cd3225...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    131s
  • max time network
    133s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    27/04/2024, 06:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    02a7cd3225a1eb92d80c723cb71d6d8d_JaffaCakes118.exe

  • Size

    35KB

  • MD5

    02a7cd3225a1eb92d80c723cb71d6d8d

  • SHA1

    c592ae5f7ec030649ee04e814256117abbd4fb4a

  • SHA256

    aaf516e3672c270f005e69c2b2e3cc669d14cf645486cbc025add9e98e8485f8

  • SHA512

    2cd8bcdc40f38f6d1f688e8c098a538535a51a7e335a164362d0e2a813f8f199513f98e0bb7e06b601bc47d3bc6e4e13e8da01ca0f526594ec74208056d0ac4c

  • SSDEEP

    768:w2gpFmvbXimSBlWRVJqYOF6dXm3jI3bOMO:KKiYAF65m3j+O

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 63 IoCs
    adwarespyware
  • Modifies Internet Explorer start page 1 TTPs 1 IoCs
    stealer
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 24 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\02a7cd3225a1eb92d80c723cb71d6d8d_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\02a7cd3225a1eb92d80c723cb71d6d8d_JaffaCakes118.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2360
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c ""C:\Users\Admin\AppData\Local\Temp\445.tmp\startupbooster.bat" "
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:3012
      • C:\Windows\SysWOW64\reg.exe
        REG ADD "HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN" /V "START PAGE" /D "http://movloft.com/p/?homepage" /F
        3⤵
        • Modifies Internet Explorer settings
        • Modifies Internet Explorer start page
        PID:2092
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://www.movloft.com/p/?p1
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2708
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2708 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:3024
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://www.movloft.com/p/?p2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2496
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2496 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2900

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
    Filesize

    914B

    MD5

    e4a68ac854ac5242460afd72481b2a44

    SHA1

    df3c24f9bfd666761b268073fe06d1cc8d4f82a4

    SHA256

    cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

    SHA512

    5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    1KB

    MD5

    a266bb7dcc38a562631361bbf61dd11b

    SHA1

    3b1efd3a66ea28b16697394703a72ca340a05bd5

    SHA256

    df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

    SHA512

    0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
    Filesize

    252B

    MD5

    a118b7160e7572c631a7b473b9554392

    SHA1

    abf6b7ea6842fa900c2475666ae52bab3144c84c

    SHA256

    17cee985a7a5f87129f82e040a48c7780d4ea4b110a62a309ce3e4e952d5df60

    SHA512

    1a23776616c26bbf785d882e659feb1e4f3ab47d0f5c9b5c1e1fdaebc6b5c75da08855cb2bb925a4081b4e1e54524c5a2a1ac84ca6f5a755bc6303a92554fe8d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    82e6a952a3249e3f63be7f7e3e72b791

    SHA1

    0f10754edda7a2545037d24e83b94c83f4138d0e

    SHA256

    e243d68101fcd026956bf705058cfaf81980443a7e2cb0dfed09c932b0704032

    SHA512

    58af08a272eda212db2103b9ef4211b3b04a1e5c8f6c3072f0c022b3385cf6234066da0814f77c6c303fc3a471f3b8521f72b3ff4bcefce1f077f9109930ab8a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    233e1c58d0a761b1c2d0bcad664c769a

    SHA1

    14d12188d7bf0358c5fd183d8d7c467f31b3259a

    SHA256

    91218d1f250ba14f8b16c9025a2e87bf15cd3616d86c47ce9f51ae934b2e2efc

    SHA512

    e83112fe11c332db19f6acd1e26d7361b2393c24886fac5389e73fcc65777381430ea2dcb13764f65360172e0bc6073ef319127873fffe14be74d38ad63bf113

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    345d9cfe0685f654a5553d2af76fa2d1

    SHA1

    6c63c6222d40c3a34b71ebc6fe48fe157e50ccec

    SHA256

    ebed6cfdf53f58807525f2dfc7775eaa08e42c13224e2e6ec502fbcb201637c4

    SHA512

    819aa6b126fa2246f382656cfc07e977199d4f283faff674d9716a9d4936450d5e514e0f9516fa69fa2498b6d3d4eb85898e6ff9c526dff572de66534f5ae6ab

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    9c7d664b265e70f605ee64317d18ebbd

    SHA1

    152484eeceb0ad88595a54a9d49f285078e62e03

    SHA256

    008b573fba165884c38a8c90ae78685c8fe3269fd50a540925238e9094ac1d03

    SHA512

    626266a2916d5285748bbcb2fa946c9b13d68912aa6bdeb30a97751e865be4a1077f5d5b95f59ee569a7d3611e5f06eff41d63ef8a6280685802954755eb9bb7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    59b38121f9f3ff55b0d31210ab1c6e40

    SHA1

    ae71e65f85d40aa1d0dccd36abac5fc8d0a8b4c6

    SHA256

    f76090e4323083ae89207fbccec7fc12bfbff840cd30e2448a611ef27037f711

    SHA512

    2a3afafd075c6f4be093cb9902b71991e2a429c4434fca134897986567077d275a3f9882abc4966c7ab05a6d0e4d817bf61a3bbd45e5c75188ff727d8267673c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    ff72f1a2bacdf0c56da2171f32d84711

    SHA1

    94946a45db8137a5a2affcd05d040dbe9f4e69b4

    SHA256

    c95c9885071cf8a23c26eb9e4459f008b4a5bffca3df0038f411c67b731f26c5

    SHA512

    38553daad855b71417d4587055debb72716827808838aeeb88219ee17fdcafebeff88477f540c76b9670574f60686cc066b827647d323ed7c9ad72ec0d10f05d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    ffc3e0975201653b00332c7ec067b122

    SHA1

    daf65dbee60ac0152459c73655a7980bdce87768

    SHA256

    8a730691febbcc7eaccba8214e188cf1ff9cb04be0bed0c4cc9745a8ddd56a87

    SHA512

    2057423d1167a8a89ded5a3343224668321819a969a7b241ce92f32ebb54972a3545d49c8efd3dab8de0cf49d23a62229b0b180073b6cbd3ca57508883531f78

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    f80eadef1d31e5b9a7aded4e61aa1ca6

    SHA1

    c19bfd999a0d7c64be8a63a970420e9ab963808a

    SHA256

    c5e7de0f38be7be81320d41b3835c79f4fc5948cccb80e092641679a0528f266

    SHA512

    d230af99d0e4928a591ebf595f731164445f75d368095c2d336db5243c4d14acce910249ec4d6298aed039588708ea4de139d44ffafc3788decfa826c2a3b5a5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    45cd2124edc085211cfc82dfdf487f98

    SHA1

    22f80aac0e0675805147ff43d8dbc16ce09b82e4

    SHA256

    2a51b84fe3128aff2e768fab98480670e52f95d8d7a5ab243dbe062f7d0befea

    SHA512

    469e66e051bb3f692a269414914034a6c38357a70f97ece251d2bf2b801862ea5204f0e96019b9d002262fcab7bc8eef1da7a76d439cab79c646c5c657d75886

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    08922fd057773c4ae55f800cdeb6a556

    SHA1

    4287e20f22521650fbd676330e077350ed5a31f2

    SHA256

    1f2a68b4934684269b91fdbc03e5188d7a156cd2a3bcce58aa61eafcab007156

    SHA512

    6f3716b5b64da6a0daf8c57d501fe4478f8714bd9d59e3f5c760fcafd5cb93f049ea012f380e312761c204de196e980e52f3b35e43a385d914afb38e7f382ac6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    8924e482a5f388f466cef78d7612de8a

    SHA1

    6836938f1d7f9de908f3816f3414972f7a77493f

    SHA256

    d2d23f0f38bff9b0e394a68c7db89db946871816fd095baf413e52192306ffde

    SHA512

    aeb57f05f824f60a96fa710c9202389ce27af6eba913e7f0b1b52314070c0c8a6fe9a8d2210cb9ce56c9ce522ed0b81562813aed76d1b57f636e8eecd5ba325b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    505f8f3d5f7051aa226b96a02c24b3d1

    SHA1

    93a609ec13460fa78e449f271763a6786c8adf31

    SHA256

    2f89cd40f1258f0bcd4e5e4c28255498ba48170f804b75aa75c0887a1f9a2beb

    SHA512

    8a5ac35adf315a4402ffea4acadf1d58a557fd5dd4717d1cc772fa5da685cc32926493309b68bce77d3abf94a4965d306d0c245930728b1790ccb5ab2cc173c1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    ea5630a260d5b9fcb8e31a23331f480d

    SHA1

    62b9412c798f3c1f62e3017bc3a41c0958b036cf

    SHA256

    0ddbd3ca7df425b2b6315d3d6ab82d98bc4f7c83604c1d6f04f05bc1d6ea5960

    SHA512

    ae848ab382d28627b5e0d6865734ca05a94f7fabc75e00c50738a86fc6e3b569ee97232e4519efdaf1ffaafa051999aa20e3459fa9d28e05e14e5373dc573c05

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    0bff3bce6dc3e85d87de2cb13cd9a653

    SHA1

    3502a5cced0cbd382ba0d252c8ac36b7a354b8d9

    SHA256

    8d237f6b59a18b6b0e0e23aa413134d067263f1f5a2a42896e3da4ef6f2c87d2

    SHA512

    681c90dd9371210a0c4f0a56ef95da2d05427da14acebed21ec2f8bf36970f4d9012ae2edda52c42b900fdcc7bec2da9e1b39758795b8e8df147a449d14a59b3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    9af520f26671438ac539365008b43dd4

    SHA1

    6bb611f4c709a4bea1a0970192c9d1eef70b7545

    SHA256

    d4c363934e616f6afdea440eb2503781fe71faa03171d7697b3913a6eab2a428

    SHA512

    164290e7cf91652ab399c2ba1d1385aeb2e2fd70b7ce81d358668d323bc73c3c941fb67810a4ef09a89d4c941ccb29c91d24a929dc1b6d5fbc0c831335896d90

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    dcfa4d2948590b954e24f754416bef12

    SHA1

    009a626242c0d1d0e5f0b9e7f076406354e27707

    SHA256

    1adf2aaf767553cc1bed5fd6a2aa0ede375d5543c5f1ab174661d0122d241c1c

    SHA512

    6fe70f0b308343d83ce0276a3d59b54ed4a49a38206e4f9ec6e870e664532ad0d166bc438059dce64fb9fc33f55c854a42fb6a1e2c626d2c7aa2b1fc99b9b7de

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    5104438b9f98624fdb528ecead87192f

    SHA1

    146168b52624f9081f1a07f3208bbfcb5186aef0

    SHA256

    3d3f27567274bd0adf6172a2a352a7bcb8cb371c6cf1d7566406f41fe4a04b3b

    SHA512

    a36e4eb5c33a90858cb877a40519b84adc7001f48aec5d018d6a1a764f8c284118dbec0f67e85c4640fa17db6c90fc63acb161604a78a6b521598a6d824709fd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    755859d93f8cf9d80ba4e006c1ca99e2

    SHA1

    2c1a7c661a60e8cfa7a5d55ee5a42106b8b742e2

    SHA256

    50434394764c2d4cedb437fff9c670721174e1562f14303a68850a8a61295fbc

    SHA512

    05f50629ff55ee37d38ac10622b4195dbcffb9252d79537826069e8b3fa862f1c9084fdde860557f5798293cb7a247b88a96abed0b43a10151e1e787791810f2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    242B

    MD5

    edb4d741a8b6ec34cb64f8e87d538e54

    SHA1

    c4bca79259679ca460895aa88aee67d430a7fd4c

    SHA256

    cd6e07d1df9435a176602fd8e35341d90d5e77069470f381c1c332292566fa5a

    SHA512

    2e6efd8499def162be607d4d3aa0cbe4a5937d544b4e0d0943f3096b4c670f8ceb61a080ddff20b9303f2cc973c2505b411f1dd2c4c163803d185e82bbf13957

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{A86A5B41-0461-11EF-AA09-E6B549E8BD88}.dat
    Filesize

    4KB

    MD5

    26fc8080ef9908b16e681e8c088c31e3

    SHA1

    74e4ba187a1ab99d83ca44ff88b76939be36771a

    SHA256

    df5dffbcc25c694ab2c34cf1808cf787d3b869cad6a345619b4ffde55349d891

    SHA512

    c6685008fd78b97cd8f177c2bf0453f99b8c9fab50190c096a60fd3dd12a048ab7e92712c2b3656c14b8a1ae8a25a9a891408ac9b519d2567e20069dfbaa5456

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{A86CBCA1-0461-11EF-AA09-E6B549E8BD88}.dat
    Filesize

    5KB

    MD5

    e20fa1b24740c1e12509c631360974e2

    SHA1

    ea8efbe5eea2a12f9544cdb219ed1d6a6c328da7

    SHA256

    ed918581998e3b6126e29a2c73016d27713913897c0e328879b65c0450ccbaa4

    SHA512

    dc028e83285efc7284523778cc8b05a3750be9633b294e381a7826c5209d7e363b5aba8c22ccc040264040035969952298891240fa30ecb433a72ef0de5a9d51

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G40TE6MS\favicon[1].ico
    Filesize

    4KB

    MD5

    da597791be3b6e732f0bc8b20e38ee62

    SHA1

    1125c45d285c360542027d7554a5c442288974de

    SHA256

    5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07

    SHA512

    d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\445.tmp\startupbooster.bat
    Filesize

    196B

    MD5

    5b4aaddbd6f2f985f0bdea2fbbdf9549

    SHA1

    c2735bcf650a48d08f9017a43b96e110c79fbbed

    SHA256

    90cb17064a256a6ca014ff4d995e82e5a7dc152edbf4654be73d9fe1798ad82d

    SHA512

    8a1b87c8213b7694a12e6c923f402002f163ca476af27593178d7831b03100e6c1820758d89a19fdddc79b6892716ec2ce4fc8903503a84d453e352eee40994f

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabC2C4.tmp
    Filesize

    68KB

    MD5

    29f65ba8e88c063813cc50a4ea544e93

    SHA1

    05a7040d5c127e68c25d81cc51271ffb8bef3568

    SHA256

    1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

    SHA512

    e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarC401.tmp
    Filesize

    177KB

    MD5

    435a9ac180383f9fa094131b173a2f7b

    SHA1

    76944ea657a9db94f9a4bef38f88c46ed4166983

    SHA256

    67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

    SHA512

    1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

    Download Submit