Overview

overview

7

Static

static

3

03623e2a9b...18.exe

windows7-x64

7

03623e2a9b...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    141s
  • max time network
    150s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    27/04/2024, 13:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    03623e2a9b8389078df3960a8002e937_JaffaCakes118.exe

  • Size

    389KB

  • MD5

    03623e2a9b8389078df3960a8002e937

  • SHA1

    17ae5b3796a8fa39b887aea99c94bdb52fbdb081

  • SHA256

    137e8a1b62cadf4475e77b7fe4d3c2827afa6f54a1df2016e8168f787602cfe2

  • SHA512

    a99f0d4407fb85775f9175d50345e107b46310388ee51191d63efac9387e10736d9ec5e9becb9bc95160b5390f20e180e0dfdac23d9fde40e8cee6aedf02f5c6

  • SSDEEP

    6144:G+fadogFuO9ik96bDMe2mqVzNudSNbzag1HqxWJkD7vL373adHzsKIZTmbnN2KoK:GfdrX96P499hBWeKxX7r2BE4bYKohr8

Score
7/10

Malware Config

Signatures

  • ACProtect 1.3x - 1.4x DLL software 1 IoCs

    Detects file using ACProtect software.

  • Loads dropped DLL 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\03623e2a9b8389078df3960a8002e937_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\03623e2a9b8389078df3960a8002e937_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1368
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://qqgame.qq.com
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1344
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1344 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2072

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
    Filesize

    914B

    MD5

    e4a68ac854ac5242460afd72481b2a44

    SHA1

    df3c24f9bfd666761b268073fe06d1cc8d4f82a4

    SHA256

    cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

    SHA512

    5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    68KB

    MD5

    29f65ba8e88c063813cc50a4ea544e93

    SHA1

    05a7040d5c127e68c25d81cc51271ffb8bef3568

    SHA256

    1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

    SHA512

    e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    1KB

    MD5

    a266bb7dcc38a562631361bbf61dd11b

    SHA1

    3b1efd3a66ea28b16697394703a72ca340a05bd5

    SHA256

    df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

    SHA512

    0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
    Filesize

    252B

    MD5

    32bee3c63392fa235e91c6dd7797fd06

    SHA1

    c9ee990b7fd203d7e6c538681abad6fd1e1aa1e5

    SHA256

    bfa0fd0dc482982e42ed3ee51f663113158d884eb275acfe31d1c681c81f7886

    SHA512

    c24d1494208e47cf7be582da1ccb42211d517305e9bafd4c8ac31b6224762c68e63d26491cc986ca8386762acf71e9d64fd9aff02f924867a2a792ff1fafc76c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    11ec54f5f98e710d75e884895bb2d70f

    SHA1

    3a57f35ecb1742c1b807b02b7af505ecc23f7d89

    SHA256

    dafaddd34f6bf0605fc1192a3bfefac07f0161fc31f90c4d4a6ff909a0f7ceae

    SHA512

    cf0e9d91e6dd513abb5a63465cdef1eeb0a095aa94a07f5cf1c4c56a9d69a87f4c7ea1778a4ce652ad32f8b6b56cd401a6557774fccc9cb5374bb890af133b8b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    e799faf6c1b740044e09aa3bc8effa21

    SHA1

    ce574f375fc836ba752cbebc2ac3381148daa40a

    SHA256

    460c49e1f57b38e568be517778f82adaa809c79aa062e70dc3581c329bda3088

    SHA512

    a1dc81229ab86671536a838859d7610eae7b9d5fabed1337b824671aa630cca1b140259a4ae37fd607acec4264fc1e8cf2a11be5cdb1efd96da682001ca7891c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    0d64b064d588e23766167bee39fdaa37

    SHA1

    5012b96e2eb0bcc4e9ca7ee8478aab6d66d0bb31

    SHA256

    3f15589e30b20b559afed0ec9d477716735090fb637099183ded18ecd6646627

    SHA512

    d0b58548a6e2df5dc98a1343f9b53e48856f3d074386b735a1a908bcef773fd0ae4dfa9bf55a25f7e45264c13a1155c7f08012fe9e03ed1bfd79a5365878ce15

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    e1360c20cac9536f63976296720b0f03

    SHA1

    00f0fd2ed988e57edc8eb257af8da08e23400290

    SHA256

    f49ea6fd440921aff6e40ca910ecb9e94ddab0d43f66401794fc9fe9adea792f

    SHA512

    8ff657e28afde96ba8bc191f88ef4e20533dd485a8dd427c1ede5ca306d4946a156287b8524520dcc1367dee2ee6f3517a7196fecccd2338693a752a63bbb599

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    0c6a835035940e165dfdd596f6aaa598

    SHA1

    2124f4565233cfd29d9814cf443f7e6193b89b28

    SHA256

    eca50938db9df51c2d626c763d3ec232dc45c83b36870c331d0123c87e5a80f3

    SHA512

    81de3e3ce742e25212f032b3df690ad9508d6616a11ea9b1ebbaf211c5e6ec22f2f870d79f7cd94be78620b53802d163aef281d7e6282c246ffd14c5ec837eac

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    be4f019bdab3b4fb3bd6cf419f2aaf7f

    SHA1

    2a3bddbdb21b940c0baf1f89766e86d75e59e3f2

    SHA256

    d797bb8a723c8babb92736d85a036a1c71daaefe2c2ce278fca4e591ad14880e

    SHA512

    cb7411161ed44cb3b777473e31516c5086f09712df942b0c6ec36cd5afe119d7aa75a54fc181aac79c591987b9506b5596ada7556f12d273728a38ad2dd9f8f8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    bf5b311e34166a933bf0d44e5dbe3b74

    SHA1

    0a904acd3f0098b63e8679ce1a66c229f4ae0de1

    SHA256

    7abfdf0185f889a060eb1822b8bbd51243dad901a79bc048fc7745de5a5200b5

    SHA512

    3e5e8bc0f93277da156812fa6dd1d78e7309f3db6050e9cef67dc1ec0e100c478b66b8673d2228e7795578be6cbbe3f99778d912123828b009183c920560fd96

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    19db316712bacb88c589efda6e2d4fce

    SHA1

    93758bbbbb1257f547f70225c6507de5c7eb6b35

    SHA256

    fca853e37e22bbc2f6f458a2fc170353ba9d4936e531800e2be7c93a61a1c430

    SHA512

    15bbd97d867ecab8257d6e64cc893a0453e90f95315e2b55a28e5b43c87c3b83e0b50a952ea9e6eaf9a5c792f5a23cc457f3c1c15b3d4dde776adf53b48f7b37

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    7153586d3395e7737b16d825e6b8973f

    SHA1

    d2fb456881590d88279222b8391aa7562ce1aaa4

    SHA256

    0c2fd36256c8a1bb689ac35505820751564c5f8e7965fe8d33d0493e2165eb5a

    SHA512

    7ee588123741d58ca4cbe5efa64d0a5d3c6968f96f60b07daefe20987af5f3dd86aaeaeefb9b9dcc3783c6ebfcd4d85dc2f3ca2dfa6e7df8751c1e878ea94042

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    84e2fea857957576f6e11c4b06a2129a

    SHA1

    1217cc25200454400bb21eab5c896ffb8758a169

    SHA256

    ac836d90fb0b89b6f58bfc25af7640deff3cc68e86997a7305d93d7aa9fdc27d

    SHA512

    7409dc5bc2bf57701ac150b54b38fc4f84a3777b82b02e6624983153f7b5b19abd55580f56dc485c24b814acd2992a5eab65fc8d786187239413bc14971311e7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    242B

    MD5

    cc062812cfc893cab4fd3d81b12d8d05

    SHA1

    bbce38a28fee640e17d6cc3bcf9b92d17c894471

    SHA256

    a8114a4bb9a7734e6d8c676baf32a38e8259be04028eded2ba526aa0cccfab52

    SHA512

    0acdf503feaaa074d7a9d53ba5506dfddd6d421ee4358cef91302e6c399c5d504cd0fe093dc4cfb7ece7eaf1101b1131fd3f6e8f9345b7e4bc32f2119753456f

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar2A8D.tmp
    Filesize

    177KB

    MD5

    435a9ac180383f9fa094131b173a2f7b

    SHA1

    76944ea657a9db94f9a4bef38f88c46ed4166983

    SHA256

    67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

    SHA512

    1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

    Download Submit

  • \Users\Admin\AppData\Local\Temp\fblE34.tmp
    Filesize

    172KB

    MD5

    685f1cbd4af30a1d0c25f252d399a666

    SHA1

    6a1b978f5e6150b88c8634146f1406ed97d2f134

    SHA256

    0e478c95a7a07570a69e6061e7c1da9001bccad9cc454f2ed4da58824a13e0f4

    SHA512

    6555ad6b4f4f26105ca8aad64501d74519a3e091f559b4b563d6ffb20a2ddfcde65e4fe94971a9bc65e86db577f2548ca00f9920d341c8ea808b04c0947d61d9

    Download Submit

  • memory/1368-4-0x0000000000250000-0x00000000002C3000-memory.dmp

    Filesize

    460KB

    Download

  • memory/1368-7-0x0000000000250000-0x00000000002C3000-memory.dmp

    Filesize

    460KB

    Download

  • memory/1368-0-0x0000000000400000-0x0000000000439000-memory.dmp

    Filesize

    228KB

    Download

  • memory/1368-6-0x0000000000400000-0x0000000000439000-memory.dmp

    Filesize

    228KB

    Download