Analysis

  • max time kernel
    148s
  • max time network
    150s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    30-05-2024 13:08

General

  • Target

    843ff6c878eeaba4d3c5a79f9486a028_JaffaCakes118.exe

  • Size

    1.3MB

  • MD5

    843ff6c878eeaba4d3c5a79f9486a028

  • SHA1

    558cea7417279dd01b636f722d9b039c88a9d8c1

  • SHA256

    00f3bef82540ede53d17a4aa6e1131fa8c48086747b5bf108a69ed05cf2e162f

  • SHA512

    60a61713a632f3df1c8afbd2bca608fd547c97312cd2733adadec6436ccfd788690fa18ebcc4224bcc747e187ab98b1e51d229e7956865d50c4ea14f020bccb5

  • SSDEEP

    12288:Ch/pCHxW4pbAOeeeZeeeeEhMEr6CX4zistF:U/eDNAuaE6ti8

Score
6/10

Malware Config

Signatures

  • Checks whether UAC is enabled 1 TTPs 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 35 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 9 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\843ff6c878eeaba4d3c5a79f9486a028_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\843ff6c878eeaba4d3c5a79f9486a028_JaffaCakes118.exe"
    1⤵
    • Checks whether UAC is enabled
    • Modifies Internet Explorer settings
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3036
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.regnow.com/softsell/visitor.cgi?affiliate=36566&action=site&vendor=15737&ref=http://d0.fenomen-games.com/files/lostinreefs.exe
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2600
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2600 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2100

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    bc912e02fdd41d59c224a2d510968685

    SHA1

    81a9162949519484a226f59c6f038c2080b20501

    SHA256

    6a302c5d2c3ef7145f34928be571bcb62181c1e21ca95cd1c222bb7b2d58fd91

    SHA512

    fb06d4216bbf3e6aeb2cc90e3ffa37f3ed560078e57d7f71e7060b871f809889d572efcb9da5d5dbeb47db55c8b24781a0fbea56e063ba86cef79d6dc583cfea

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    3127607d392e49a1adde26bef3779f8b

    SHA1

    a1a2b02925c5a02aa018fe1beca8a742af27494e

    SHA256

    f0a01c57f6d1631b07b91e89d8b1c8a65c3a8dab2a0348b98051759ffafe1584

    SHA512

    8fd231d6a506087bf768a615a72fde114ba5a86659b6fb70e472d279761d81ff8bee997a253fb4b4d8446a3d96d109e1cf84af7d880bded220a6ec57dac70205

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    899e13da549b11543b0d8830a66dab28

    SHA1

    f0b9b6a86df758f0eed46abe54d2676d0bb2c3b7

    SHA256

    0d96ffee1295bb7d20df6fa3d6fd575ca5dc0902b6093af139f864bcf48a9126

    SHA512

    57e4a4e110bd0708d95a9c76884c44e7231a283be5632bf9f310c018573ce34e206b6e29d63c4a93657a69a4ec1a31d1bafba3a06f3801715f9d37ea5ea768b3

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    d97377d0b3f5d71c507db77d6bc2ca13

    SHA1

    78daab70a8d7af66d63aeb33c30da4a47cffc47f

    SHA256

    432d409fb51efa05cb9d305140cadef7186ad78ce0fe424050a82a9b17058499

    SHA512

    f2edd6e91c90eec0bc7daac97e826187e0b72116a6f3a7ff2e1e789624def0dc8a4141fcaaa62d7c30034adc7c1ba03c273ac3f60fdbc49b2818d582f0e89db3

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    31e4c642025c3923fedf35a7d3f724ed

    SHA1

    a1af0bb5507ae0a3ddf115083523eea5453ea1ac

    SHA256

    208488273f4d4908e890a6884d1773b67656cbf24b71be6fc5a2fb70df310d1c

    SHA512

    a9a055f07fb7327576fe299e6ce1f604226eaf8b85b8d13121333ac77065c383347033956097ecca058db1f927aa4ce0d0d6aae1cee74bb31d103d6b3b65da1b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    93952e2760ee552a3ec05224611ad8af

    SHA1

    1e578708400c7cf3618cf9a483d3bebb7847dfb6

    SHA256

    1ad25c43a97966a3a26bf5d6c435801f533279b709afbfb5eabaf65fd228fb49

    SHA512

    e7ee88cc94f99c4d45ceb807f5186b96318258527e61804691de7f3789fc65844bf9f8eb81d5ed0953d6b3db1a249ff460d5e1a227b3069cd3f3af63088d45b6

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    44c90dc7cbb237ff49a8f29be585bc18

    SHA1

    d7b17d7b320a67bf05c6b90fc9059cb6653fb9a8

    SHA256

    8c9e2a50ee6e616a9c98da92539b702e497c56a09f494fccb9aedd70d7394c15

    SHA512

    5d087bc66dda4a6385d6652ea44caced6951d1aa9f31f2ad404bcfb7f43f5d61b02f78a7998e8222344918f95ba18e327df9c4b1d438050e829ce413c0aa1dfb

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    0ba71a83ab0f28925f59fb9de85f8fbc

    SHA1

    803f2e7d1c018d3d00752188a386fef4c96b45d4

    SHA256

    35c8b103024b39f75bf9d8de6ccc2a15e4da9be141f8ad7078775d4e879ac49e

    SHA512

    8e16abe3c8f46df3ece10fbb179911b8f438d37a1a89ca94d26fc956888360c102975da1216abdb70ac75cfe96285f22107ff035e3ae3d59638463600012ada0

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    0f08dcce33047223b648b7f952fadea2

    SHA1

    c87c87b695158cc4e7ded912d2228b23351ae92b

    SHA256

    afe1034c2ef649c2d8539c8119fbf05b0c215d9a26a077af3f4264992ca64b63

    SHA512

    d2e438c16b47795d86386b7c0d629a7fc563c01dea24698bb76b01a5b00a3082c73fc0da730ac95a62b7972c62c62331aae662eee52c68472ae00ceebc671dd7

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    d07e0d0d90c15ab78166a69d426fa699

    SHA1

    a441dcd0eda4cd213109d625d20334432eb5a6c8

    SHA256

    e9ac2713f658a88ae713ac132a8221780ef0e486ea20ba4aa52eb319e98ec0f0

    SHA512

    a74339dad7dc94c1f48368beec87c7199617666c96d487250e5521577956bd23c1f6ee12d7b0821369d5952a7021698e2c761840fa13cc4e663b64927ab33dd6

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    df1b28929b8ed3bafd5decb11b282e1b

    SHA1

    013dc292cd7f2c2e29e77a348f03612ac936f21c

    SHA256

    a5db982ebbf903ffcf7c382968c6739d2e3bff5ed1a608521429f58c6aa90150

    SHA512

    a5290fabbbcadeea35bd896b7f146bdb13c001657de2270d377f43f44fd2cc1aba05453a0680697d450bcb1aa1f72c77c739218362f7cfd1017c19cdfb7629fd

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    7985c78ca62289028ff2df91c89730ce

    SHA1

    0014b746fb018164777b0eb74371a2df8c7c1d1a

    SHA256

    4d53d548014e67bd53e33ec588bc844a0a12c563dddb6ffe71bc39e37e663951

    SHA512

    261a6ff8855376f90bf892d6e059ccc2a945c569aa24646288cc83c9c83058852686915941d68f4e2934a24ed79641a002865f27dc1adee1ecdd209b4d09ede8

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    432364f47a61499cad142743cfd45cf6

    SHA1

    a3a1385100f6d4b32c490fb3d2c976d7a3a2e936

    SHA256

    ef47f9ec134039d66da71b7477617054917fb3176e70aac92a1fa6e3ef3f6630

    SHA512

    c914c7c9dbc2c2fbc3c798b4017a499f67042a09c299736eab86eb0b22941e6362738ede8a18e61f53eba7834f33dcb428a442af07e782a9e4bce330cb8781cc

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    6b3967baf1c195e5d2f534fea23b53ae

    SHA1

    28881bbb9a16f7023fdfa0a53857e59697d9c9ce

    SHA256

    c99388991b41326891443333a72d78468fcb9cd7a52ec7d31a00173293b4154a

    SHA512

    3c75cf7430455a799cc1a421556ce95c2880fe5a9118e3b55a13424ec781f6e40a1f0baa6a9a9d0982f58cf6ae87b3704c3bdf5109aed78c5c280b853e6ba290

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    216a87cade1d4e2d385385eb305efe2e

    SHA1

    079d693bf1a7714e1db61a4b6e3822f0be4ef629

    SHA256

    ca639a4cf63a43800df34034cef969d05406c363986a2bec9b769d8a4b467fd9

    SHA512

    a506548b42ea8f00ce55ca7716895da56ba74ade9517e234985345af074ac41ab1f2bf1c77b20974996be3f65d95ddfaa731ba2df8a3c810de860ce2b8393c44

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    d8e99dd070198731db88a9f4dd2e22c1

    SHA1

    16bd46be2ca9b4239b7699c539f2c57860fb880f

    SHA256

    da4514948ab62bb45b7ebf89d87e9d444fcc590dfb055dbf39125d89bfa42ffa

    SHA512

    483c5ee110b3c1315ef4a23d41db19ea168b0f383b36cec66f7615b48c3e30168cb525e6deacb6a54d9c7ea5195f34041542396d6bd6eac0c1c4be2b89255df6

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    4953632f92430da537ce573cd3104148

    SHA1

    b80685e36568544206ef2afb37bb42d91cca6a81

    SHA256

    734565d8495b5d9efd1b911e094e915817e6b1ac8de91bdccd53e5f4290c4776

    SHA512

    63375908ac26eecd191ff58c46b9a18320d71f8c909bb804215f2254151fae9b2dc4ad137e2eb67b0efcd4ff9afe9ff10eb1c6081fafed47313a46ce623ebb85

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    f488bfcb9272281ba6e9977874b13ae6

    SHA1

    14a90639774dac3b536f57660ad1dca09edfa979

    SHA256

    08abcdb79d162013903d8409534eb900e48c54f7d6895c211e9246c1e78ca6da

    SHA512

    11f314ada49bb90a7a259b94191c43f122b7fd52ceb158c41ae69965e08f8a708c5ee0e34a66b3e4570769b647ba381f6cb813ec5791fc3052f5a2f15dd28142

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    ad2347be8f7e9450b6c69f550c71dd3c

    SHA1

    7b1723f8d20c7f2f3351b44d88d61d95fe40b863

    SHA256

    61a0507c6196885a4e604aef72955f5e4f45ab2271fa0066b11b1e10824d1a7f

    SHA512

    d8706fe432e2ba34efc459d3bb82f2f5bfcd19e5598856149912f28da726de3fd32b1b8043c44df4ccd0e6b1b18167ec4709ef5f6486f25b868c7f3b373007e1

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    08e9e39fcbf96b9f0e1b55b09c71b66a

    SHA1

    913879da55ca91a6c438423d1b5147d33d110510

    SHA256

    18151348bcd728b9a52584c448dbc6ef8f29367639f88853fabe58ecb64370e5

    SHA512

    09a538c2fb60622f7929906e308035d3e87f53932a1d062eebb463f210dbff2f2eac4c8d7e22e94e4d9ad0bdd78318bd6af527c7a77cc595a3fd8d8c6c09d7b5

  • C:\Users\Admin\AppData\Local\Temp\Cab3B7C.tmp

    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

  • C:\Users\Admin\AppData\Local\Temp\FG.url

    Filesize

    192B

    MD5

    0fcf82b5a915470e8a79d3516f582a36

    SHA1

    75f81b41607905b231521243129aff3554a58db0

    SHA256

    076264d4f165cef82f0cb07f6795f1d5ffa74741a943fca42cdeac65823bcae4

    SHA512

    adf69ec56756fe672677b039cb44bb13fc3adfac569f5ea4eda4e7b35de5ebe0229c5825ca8337aa2c623a773bdf775ddd3689e9fae03a7af1f694576d954293

  • C:\Users\Admin\AppData\Local\Temp\Tar3C6E.tmp

    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

  • memory/3036-0-0x0000000000400000-0x000000000055F000-memory.dmp

    Filesize

    1.4MB