Overview

overview

7

Static

static

1

49b44a62c7...18.exe

windows7-x64

7

49b44a62c7...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    148s
  • max time network
    148s
  • platform
    windows7_x64
  • resource
    win7-20240215-en
  • resource tags

    arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
  • submitted
    16/05/2024, 06:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    49b44a62c75513c5b47d9097920aebbf_JaffaCakes118.exe

  • Size

    119KB

  • MD5

    49b44a62c75513c5b47d9097920aebbf

  • SHA1

    adb50a6d6bcc1cb059efa9f478e16ff8ee3b4028

  • SHA256

    16c2dc5d31cab0c71ffd58ac2f66cdda13169157160f506143e5ad332a06df27

  • SHA512

    9ce1943ba713f9ff1def8e34da4afd55870f748eaeb0850c44b273d246f82d94a92f1922c73c5dcb58ff6c78eac61dd93c4ed778e30254d2cdf70a80fc9e01c8

  • SSDEEP

    1536:/UN6DZ4SleCsL6DNr0wHEx3wKW6y8LLdsc6SRoc:MKPe9Y1pExY+0aoc

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in Program Files directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 58 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Suspicious use of WriteProcessMemory 24 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\49b44a62c75513c5b47d9097920aebbf_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\49b44a62c75513c5b47d9097920aebbf_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Program Files directory
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2192
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://dwz.cn/L8P4y
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2300
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2300 CREDAT:340993 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2592
    • C:\Program Files\360safe\2345safe.exe
      "C:\Program Files\360safe\2345safe.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3060
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://dwz.cn/L8P4y
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2432
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2432 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2948
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c C:\Users\Admin\AppData\Local\Temp\a.bat
      2⤵
      • Deletes itself
      PID:2720

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    bf3cfe841cb69446c0de4a00850672dd

    SHA1

    d61feaa86dbf59503c05d035f437837c9915b7fe

    SHA256

    ce62384eadc3e4e47e3f2283f670af17e3efd0c0ee5273bb05db0112c3e1bb8c

    SHA512

    ee18d17b21a3c3656e950d73cd34031ba38cfe20a1353d2344738d4b717f573aced15a72b22dbe15461852d33cce08cc5ed67466ff33912e4604516fa8819ab0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    e99a0f0e08836224efca6333379ce67a

    SHA1

    2bb4140a694bdaeb4cf112c685193d436d9be979

    SHA256

    9ccb474a9637a755f2cb81d86497ae245da1cfbf9a507a0f8171e44fdd364526

    SHA512

    0ec666eb3f07009a4cacb62e2bf40ea2aeb2855fe46bb705b828eda88e7a612c44a88dacde93e4c584d39de5c585c4b071a4c41ed8bad9d957bdf4dca8a78630

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    5c89ce3d676381129a5500dd836a445d

    SHA1

    3450a5125d5c90a7f12efb7195392a0fa0ea6603

    SHA256

    37f141dc605478ba13c75622f79e303c6883e47c9dd57b4cf4d078670d43c31c

    SHA512

    fc3c56a1de1c9cda2b35bd09bd70a5a84d11faa440d46281314b77a009aa5b426f742d068963387de32f01a7cc5e3be032d1999a1fc048c8f14694abada2256c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    7a92f57cca06585b46f971d61d40be61

    SHA1

    bfd835a6128bded0e5f25ab80712f4bef96ddb38

    SHA256

    c53db139fe667e2ddacf64a58ecd2f5bfab391a15449665877cdef4fc78a7f56

    SHA512

    864116ea3eb5b31725d94276b01b25940c00f671b8fc9d31c004afda46cd7156ec7add6e916368562f5c444a99bc9a5eca745a123d36c72a5e033af66f747b10

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    85f33cfb7febdee2c29c348fa8e19665

    SHA1

    cb8f80dc2b7d28809388b55b3d825e98b945e50b

    SHA256

    1c31c6dcf241286e28f32563f773f8ab5093df332c45d381e26f787aafbf3d8d

    SHA512

    9a240ae5671b8ea960752b799d1734ba98c86b0897bc870bd3f5c0d3533976574035a9e93dcabab9bcba62051eb1adeca5d70cc87ca928b5acca062402e4601b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    e7c9a44a24852e7dd7ed2a1257e51f4a

    SHA1

    85d7276f9ef5dea98b477d2c5eb713b73830f97f

    SHA256

    805c5fc3036f8e6ce5a122a509cbdf3908e51a0eac8c88eb35cb3d557b26b080

    SHA512

    6e8f8d58b1f940249ac6271a1cff9bbd5ece1f2704e5ab31b34717b326e70b646b07a3f799a079d62a2f294bbe7a1946e3e9cda4451f004d1ee585f74e51e9a7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    add7a3e7993e39e73e0c7dfbffa9b55e

    SHA1

    29bc920f1c6a1e13d2a1eecafd82db957854a2d8

    SHA256

    487ecff49377b42986051c98876cf09bd36fce92f723ebc137d1ed61eb303433

    SHA512

    cbeb44e5e253d9f466f3590fd858876185fe7e3e5b88dbc2816e10bf780fe3c683d62210cc9ee784792bd81fe73ab6b9174cb17efe0ac1c558b27a11da45dcd6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    ef5ed6eaf0fdd96ff664aeb1f25016b6

    SHA1

    c2132c13d08c2cfd30cf143984823e243a1e5ca2

    SHA256

    c8968501c8c77292bc1955c523ad96eba37860c25ead80171db1ea7e03f9d4e9

    SHA512

    cf2f082524eed8f21d0fa2a76ea0fd38d2285b2fecb42a7c841f05f30d9a0dfae31ed0cfece690c29a79b474a2b62389d4d35b4642b99c6d8757062c81e0ce15

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    112e14585e6c35ef70b5605f06ed63e5

    SHA1

    245f0b5250ece6f901d0efd85e780720f42104f8

    SHA256

    ea24aaae7b1eaa517d46f081e96673ad4910a55903b146a7c01a3986193d7f7c

    SHA512

    2c5ac93307d713b30778f0ded3cd7eabbb6d76164f4cc550cb9d8dd5e754e8da9045541bd920cbf043b5bf71778afe91eaf39547579d65e98f6595e58f2ef810

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    1b4a5fd1f9a26c48ef12fc08261fbdae

    SHA1

    1c8d77a1e47ed994f74d7eae2d3182be2446858c

    SHA256

    75f961ff5ab98ccd87c81d33013b8033a51416d25887e102b49107d1ea539a86

    SHA512

    9bc310666f92c374b1fe22eb36a22a136fdf671c984f81b466554870e7b259bd9100d61356bae999088f7ac04c0e58cc05d13becafdd1b0c90e3d26c571755ad

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    cf727e0011a13531ca976cee3a2f9d5d

    SHA1

    709838e7c936a5ccf58e0970474d15de9de342f8

    SHA256

    e174e6178d77445e7f7bf24110c61940875b119e3be8560d4ec3e5c1efb22660

    SHA512

    23e5b859998a7491c0a945f4544e99394a2f62a911b57ccabca62fdfb4a4545c25c029f9a72c43fb28ee64328aa174d0f217cef4ab50ef39a4af183abb18f2b3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    ae28d95448f363beb0226e240231ddfc

    SHA1

    9631a6b2287326fe919f443ff1da521d3154324d

    SHA256

    36ada8a9835504fafcbaf6c0cd6773474f407d46be74766c0f419fa2f363dc1b

    SHA512

    932e292282eb94551d05e62b24613faaf1e51f6611d2232ce694464346acdf18c010f38446f9195d1d1a80bf9bad551090662651a53538da71244ae1ae5be2e5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    a91eb233b52a8d07cfae4c566865e8ef

    SHA1

    5371b79ab4eb362729024fb4b9104a95caa56e76

    SHA256

    e573171138077220a58b1dcb04f2394a8c72a14525bdcc62eb9448cd6aba77f4

    SHA512

    fd80c0aae8bfa9ba4d60ed9f1431c4d2acc03d3c2df77160c25b3b37d0b796cf216baf788ac8e2e1bc91c0021731226e4a28601dd138fcfa3ecc994b0f5c6566

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    2fd05b3c0008807183f45fb7e2df7c41

    SHA1

    67e1a05529e0db06ab7a0fa091f0a78d5197a2fa

    SHA256

    52857520881c7fd385c5a288a703d4ea88afdc45bd6f56987dcea6b5e409b416

    SHA512

    f49a726d1eb34a6cc94996628a6a4cdb8b2a25c77b54cbb29a42d9b1405fae72bdef231c0d9790685f59cd97ff24d8759f19decda92126734d3ed7ad4b49f7b9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    4ce519444996de7f13d7f274e4bb3a66

    SHA1

    fcefad19287f774741cc280511c684068a9b2d1a

    SHA256

    7f7e114c10a8e8db7213a0cca59188eb85a5d330a8cec0f7cce748fbd871009f

    SHA512

    44c8e7aa2f08f53d07d2aedd1ec7b8bc40f4203870d9533a67c828e01ac8b8a0935a445630d4460b73b1f79388b6a620c4506e559a88c8b7223e4f20aacfa9d0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    3ecb5fae00db5fda00fd76fa1dcebbde

    SHA1

    4986091bea984f8b7a4462df823a2862d3770ee4

    SHA256

    e7c0c673536e3cf34d0384d0a337107c486eb70b36cb66a2c49864092d7d72c1

    SHA512

    49853cda1b57f3fb0d5b826ad4c0e86c49cc926cbb80a684c8b74baf70f28f796ee9f73aed93528c97c5c03b2fdc5da914180d9f4d13fc1ee02f630578cc0bac

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{886FD711-1349-11EF-9D76-F65846C0010F}.dat
    Filesize

    5KB

    MD5

    d85da1c7e2c49eec2a8507f2ce631a2a

    SHA1

    9dc1122e808c999849718570a69059d0c56994e9

    SHA256

    c4c254efbd485a580b801276c332ecc40f81f6d3202cca0461b6ad9a3ee3c124

    SHA512

    6954a289dcec75211337a7430198b8cd91023433eb0a3d549f18a8e82b08e48f086becc2f22c57f62222d078d10a1ae12d5f70429bd00d0ab88ffb22090727b9

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabD03C.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabD0FA.tmp
    Filesize

    68KB

    MD5

    29f65ba8e88c063813cc50a4ea544e93

    SHA1

    05a7040d5c127e68c25d81cc51271ffb8bef3568

    SHA256

    1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

    SHA512

    e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarD110.tmp
    Filesize

    177KB

    MD5

    435a9ac180383f9fa094131b173a2f7b

    SHA1

    76944ea657a9db94f9a4bef38f88c46ed4166983

    SHA256

    67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

    SHA512

    1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\a.bat
    Filesize

    100B

    MD5

    44ab64f474a6ca5995615df7ac26464a

    SHA1

    666f61d458302313f4c1da007194fb44d827a27d

    SHA256

    8c76ec3898c660ed584c016ae05040f9947f02bd8d0eaf31dbd734a6c9a65c68

    SHA512

    f57e3f0f74877b2494fc48ca62d626ba0d7f653b94d37ffe8b2502a1a832fba55df386dfde1cc85efc056941f7ba5f9ee704a8c20d554d18c9d8163aa9b20936

    Download Submit

  • \Program Files\360safe\2345safe.exe
    Filesize

    119KB

    MD5

    49b44a62c75513c5b47d9097920aebbf

    SHA1

    adb50a6d6bcc1cb059efa9f478e16ff8ee3b4028

    SHA256

    16c2dc5d31cab0c71ffd58ac2f66cdda13169157160f506143e5ad332a06df27

    SHA512

    9ce1943ba713f9ff1def8e34da4afd55870f748eaeb0850c44b273d246f82d94a92f1922c73c5dcb58ff6c78eac61dd93c4ed778e30254d2cdf70a80fc9e01c8

    Download Submit