Overview

overview

7

Static

static

3

68a774f3d5...18.exe

windows7-x64

7

68a774f3d5...18.exe

windows10-2004-x64

7

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDIR/inetc.dll

windows7-x64

3

$PLUGINSDIR/inetc.dll

windows10-2004-x64

3

$PLUGINSDIR/nsWeb.dll

windows7-x64

3

$PLUGINSDIR/nsWeb.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    149s
  • max time network
    157s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    22-05-2024 21:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    68a774f3d571934c9a465d7d26aec861_JaffaCakes118.exe

  • Size

    60KB

  • MD5

    68a774f3d571934c9a465d7d26aec861

  • SHA1

    0096927c20da3604fd58e4db31906adceb645f85

  • SHA256

    b2418eeabcba175d441ac8835ecca4ee9491901d4b2356217dce25307faa59d5

  • SHA512

    e5ead75fc3412ca3ea18dfd7e85f3af80ed97522820ad5a916a397cb18aa5c203d697fc00214fdb5c76229a4ddbf37e0918cc3de247f4ae1629d6a109540816c

  • SSDEEP

    1536:6oLDYsacy7mHMowHjXJtB5i7zxp3p9JtnOndzikr:6oPyys5jXJtB5iRp3Odnr

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 7 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 32 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\68a774f3d571934c9a465d7d26aec861_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\68a774f3d571934c9a465d7d26aec861_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    PID:1992
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2476
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2476 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1708
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2476 CREDAT:472068 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1228

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    47b6bc5746b809edddb6cc68b5ab2718

    SHA1

    82e03c4b431ca9e7f5154a6c90b5cbb14cf9b980

    SHA256

    2df7855da8ef25de5d16d11eab8d3c92b92d40460d949515d3fb01102022b73f

    SHA512

    ae7812476576ddb06a11b50d4d36fe3e0f138b310f2ea9a779714785bfdf9186242043be9cdea2990cd74ec1ac57873856e2850b02619d333710c97ad1aecb9e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    14145d8aa55a7fce331ffdbfaea433d8

    SHA1

    15aaeb42919dd802a14fb0a096576a35a16c7b9f

    SHA256

    36eb9fd21c3bb741bcafaabf7d0a1812d05abb7c2576f5782383c7aa5161f0c5

    SHA512

    30c7dcced84f13d13221f776602bf6af168a05513bd4b34b6f781d46325c8e866a7da2f87ee0928b8b1ad9d49ea138383689519424a4a0f6bfae3ccab62e2b10

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    4946cfb75930b0d482a62a5ea7f17950

    SHA1

    e5b353e130ae56d1bbe3213b0bc5fe77ed21201d

    SHA256

    b868b4865ac55db541d32ddcdad0cd0fe5e5e9c1ae8bedefbe5279489d9c508e

    SHA512

    cb3b409f77fe6dfbbec9828d271a19b468ccfa12725e4ed381705aec091ca9201e4e34d3af42c6661f2a20031f57317ccf2b567ed7fb7248f86aeaa2373b174d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    21a1a0183a8e6233fe1f862d9c36ae48

    SHA1

    60836f2c00b4609b4a986f33078ab1ea8094f9ce

    SHA256

    f84582fcb1f6bcf9d19cc3870a7ee5c38a6beada44c478fed970fbd2337e345c

    SHA512

    e317594e58383c743e8c720c93265535e0f386254e8604943d8f09ed694c1547da10f83c47133a43d3003f300244d856c233ba672cfc4252d2effb2a391df7c1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    53ff082c34b795ab5d7537ec0ec48e31

    SHA1

    fa69a01b2aecc1fbbaed31eff3e7b48da3939539

    SHA256

    7ebdac207d6a2e6e05f6d9724f349ec9acebcb3cb9cc15970e2735c0bd2a5e2d

    SHA512

    f462694f5423b8dec0feeff0e2eb81a4a99b23d12680f1ee655984d08adc155e543ef94b81dbbd4bd252b8fae71612469884f56ff776fa4ab722b7b39377056b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    b6836a52d4ef5192ee227f49fd57c4e6

    SHA1

    c53c80e5947fbaa96bf4da523bdc807fb26594bc

    SHA256

    871e3b62b82763a0bc534221a0b265ed57acea0d72dba6be7e6d57a6338b333e

    SHA512

    c4e545f1d7dc9e7338a9a28251586649a0a1509047ec681e71c0eb6c0b6c6dc4bcc893253cc40d4c22e77986eeafd97968a06e8710290f3656c41d12bf6abb3d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    2114ef7cd297a3aaff58d850ad48fbee

    SHA1

    10a91a5a6e078a38b2f2280bcdbda0e2a17d9635

    SHA256

    44ca2eece4d67b1bac9417f4d0746ffcea4cfdb2ddcef620c392d73908470375

    SHA512

    683d48fbee833579c37aafe4a2ffdf2e6ac0c940ff8a37718dbf2fc1f1f37e6dd1f9c3b878d926040ac2409bc6e02e365db6a92b7db7e6d80524509166c8243a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    f701e1b30db11a7c1d2fcc29a28b30d1

    SHA1

    5968af6d8e870a29346ddb97f57efb046c53cc1e

    SHA256

    d4184be1de250c1217e26e291603575f3d164da50f395e9ddcab174e846f8f76

    SHA512

    09ea4528009c6b69af30f9456927d586ca410531380ea276ec78147fcc034d71535d3cd8d769467e433520d761dc75e6ae4485dd50db5ee2e8dfe56b0a916e12

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    1749fbdeafe52973f9dc95f8cbe2351d

    SHA1

    56cccec49363796f94a222f9977b8b8b533f9dae

    SHA256

    6b9079e22c44b7bd11a9c5b1eee00b510a9b9c3e8fccded84a1d43705734c73e

    SHA512

    9598f434e81681810f5f217ec29b1384b95d23679dc2fae95a81887aecb7b4ab0d8f8e8e1cd567a30e33e07e43032cca19aa6999b898f86ed0e576ca7ee90e5e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    4d6201e3328d17d04d00cdbc26485142

    SHA1

    681d360f4365744c9b3bd024538e3e421b30eb78

    SHA256

    f64c52de06d76bff4a3dfba775aca1c593237bac8d38a8bbd1eee22f67a0cd2a

    SHA512

    6efd9ef6205d7d8b7d5ecc3513920d768123fcf71375f65edbdc1c98b00eb7548df1497d879f93e93d83e241940f5d98f58f079223ae4a46b79ad96e73e49990

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab45D8.tmp
    Filesize

    68KB

    MD5

    29f65ba8e88c063813cc50a4ea544e93

    SHA1

    05a7040d5c127e68c25d81cc51271ffb8bef3568

    SHA256

    1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

    SHA512

    e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar45FB.tmp
    Filesize

    177KB

    MD5

    435a9ac180383f9fa094131b173a2f7b

    SHA1

    76944ea657a9db94f9a4bef38f88c46ed4166983

    SHA256

    67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

    SHA512

    1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsd282B.tmp\inetc.dll
    Filesize

    21KB

    MD5

    d7a3fa6a6c738b4a3c40d5602af20b08

    SHA1

    34fc75d97f640609cb6cadb001da2cb2c0b3538a

    SHA256

    67eff17c53a78c8ec9a28f392b9bb93df3e74f96f6ecd87a333a482c36546b3e

    SHA512

    75cf123448567806be5f852ebf70f398da881e89994b82442a1f4bc6799894e799f979f5ab1cc9ba12617e48620e6c34f71e23259da498da37354e5fd3c0f934

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsd282B.tmp\nsWeb.dll
    Filesize

    8KB

    MD5

    84bcf3c71e70d5a6e9dc07d70466bdc3

    SHA1

    31603a1afc2d767a3392d363ff61533beaa25359

    SHA256

    7d4da7469d00e98f863b78caece3f2b753e26d7ce0ca9916c0802c35d7d22bcf

    SHA512

    61aefa3c22d2f66053f568a4cc3a5fc1cf9deb514213b550e5182edcecd88fadf0cb78e7a593e6d4b7261ed1238e7693f1d38170c84a68baf4943c3b9584d48e

    Download Submit

  • memory/1992-31-0x0000000002D20000-0x0000000002D22000-memory.dmp

    Filesize

    8KB

    Download