Analysis

  • max time kernel
    121s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    30-05-2024 13:10

General

  • Target

    844150e835253775a4a6339d6d2f52a5_JaffaCakes118.exe

  • Size

    1.3MB

  • MD5

    844150e835253775a4a6339d6d2f52a5

  • SHA1

    df567f65c12349b872336ee1b0c858becba6e46b

  • SHA256

    0c4973001a619fa5045019e9c0adada47c6b08b07d58bc61e5273427df0ea4f9

  • SHA512

    f752cd0b97189fbbc2dafe2a09ee2754536d307e6f7de4c95063e0b38369e47a81329b3e1d3cef0fe226c167506664e3ce8a2e22e73ab393ad0832cbc2a46ac9

  • SSDEEP

    12288:Ch/pCHxW4pbAOeeeZeeeeEhMEr6CX4zist9:U/eDNAuaE6ti0

Score
6/10

Malware Config

Signatures

  • Checks whether UAC is enabled 1 TTPs 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 35 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 9 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\844150e835253775a4a6339d6d2f52a5_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\844150e835253775a4a6339d6d2f52a5_JaffaCakes118.exe"
    1⤵
    • Checks whether UAC is enabled
    • Modifies Internet Explorer settings
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1632
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.gamecentersolution.com/downloadgame.aspx?CID=21157&AID=365
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2456
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2456 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2900

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    f653787a831e1a7ab0185444ffa9df2d

    SHA1

    853dfa72b638cfe0d373b9ef50c829b733b583af

    SHA256

    fd4c8820bbb0a9dc20e1eac6d55bb252364788588c1896583d5e15d733e8a999

    SHA512

    e471ecd6f752d47759a5ca7eb887afaf5faa6db73e2ca3775bff495fe75c61ac40dc36417b1807bc56336d321ba6b23846bf858c9a76925741727635b048c531

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    b5d1bf616c437f6c51a7dc9bfa6b8f3d

    SHA1

    48744b18e6d3801de1f80e28f31bea3480633239

    SHA256

    d161dfd3b95bbde73de2a2a6b00ee8a275f8949ef7941af65c5eadc4072aa9e5

    SHA512

    ff7450a8cc3f59672c94cf51868bb2f9381e08772f0c120114b4eca87ec88d47cbe1e24f3b33a2833f08654ad3c96f5940f8c4a0c084127bf33ea037102ab10c

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    d28d72bb6cd9bddb89397dfe4b6d3cf8

    SHA1

    12330c45544dc510d170a05a75105ed7425b73a0

    SHA256

    9ab12fa81caa05a572f21d20eac204487742a237a4755a50d182eeaa4d82798f

    SHA512

    537548da621d28d96f3b63ff0ac427b98ae0fc99e19752f8e7c363dc4a261001888013a5eff8efed8cee9c11798e0057bba2c089b9c6949d8629f5c8917606b2

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    a161fb743d325c059229b1419c8eb213

    SHA1

    ca3a954831382d0b4db19c14a5268154c67a202e

    SHA256

    48c81271528a90de5a217c2fa4c8b519d4f191576077b32b818bae7207be2347

    SHA512

    b983c75af1dbd2fa6a09f2cc2e4d64ceb04fc824ad9b49754061e9fb8d837df98a665800c47ab2ae523c4edb20038d56b29cf56a9e46a823efe0aa14a3a87898

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    31cd53ce62f1c4a9cc9c78bf18d83547

    SHA1

    7c02a308fba3d4ab15e42d020a78b0e1171092b8

    SHA256

    8eb50e9fe3504329c88a143c0248d1713ba33922f6b67c3101888fd379081b09

    SHA512

    723bf5bd3e42c1825311445152641a352e339727b9254eacc83e2b648174635e0f93cc2f06cc81ab8d8c5efec4fff40d68dc64494a3a8d093b9efb7271375e20

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    411ea1a2f43d14d1ba92a4099401a25e

    SHA1

    92d2b25eab24b44da8ff8545593a4312eac9ce7d

    SHA256

    6e6ca6d8df78c3135ce53cfbe660a93ce421b9bb26ff92a3589d1e3858aa6cf2

    SHA512

    83c59921f4553517c7434d8498be61a3a036b53b027f677fe58187e59486f03ea14a2ea7b0e0f8938e91443f09847c2b37555efdfa67ea4ac624cdfc40be0fc0

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    f974f4d64c04595531af3f092f48e3db

    SHA1

    e7811f858b9467794b95a702169d309b1fab5d10

    SHA256

    b780a46de37b382aa45805c0bf31c5932c62d0e4fe29821355f8daab37172c8e

    SHA512

    415637d66f0dc4b053caf2b1bbff2c471db60056073df47eb93bf8fa27ba111afe1d5dace582d29e4769dbb5aa60e194cc67470f6267d2b897831a5afddd6db3

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    d59dde4e6ea57dcd4edb053f472bfd02

    SHA1

    a16840a44f88b580e8fc4442a3b07cd4638223c5

    SHA256

    cc5095c3d7e82810c98e015627423f5ad39f6ce3ccbd1d2c828fa5360a517b92

    SHA512

    e1ca3d703d60d3f8771cea459a9461b535e7c8ee127b391bb3092214d8200ed99530770399a4795b28e6a030f9dbd2dd0e4addbb5d460136c8bbfc1815163f4f

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    afb658d4d563b21a45c4d496f6a00e5f

    SHA1

    81e7fc388c1a3ee9dce131aff690f7577df90b8b

    SHA256

    02ffccc47b6b78f750fd1a90f4869a8e396bed0a0b3e00c61c58431a064df7c7

    SHA512

    a5feedd0e0f0437f72adefd2cbe4b4f5ac17d6002c7228f6aac315b8ebfb12d58ba141a191a90d7333040de79c7f905a4211d5e0681b070349b979733a97dcf8

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    61f4a9d479c663fcfeef26a17f7c3ada

    SHA1

    d71480c355f84c87b6c77ce778c01c9fb4903a06

    SHA256

    a1971052de45e9ca1167f43ed74e13d6a1553a1855a5f6870445dee384762255

    SHA512

    b6fbc60b1404418495d5df3df232e5d8bea78e1a4bf74de390305f02052a76b6505a36cc79a7a5df4bccfccc469acc97f154cdd54755ad5f0d3cd4667adeee69

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    4f856efa2a43340237939b6b583415c7

    SHA1

    0087cf804c5f1e9fcfa1e45e55c6e1ef0dfe9587

    SHA256

    9f41439e8c26c59999c01ecdd02dd9511b4987ecc8ef7486a01fb5d8fd4851e2

    SHA512

    2e5db09d0c8db0c99ede36ee720cf347d17b23c31e550c11a2357f8c7b28b6da590bd4854962ba9f5b2cf3cc3e96664d11aa37f92235f14caeb233e2f8b106c5

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    33834c2a811fe7fdca35107574de2b56

    SHA1

    69c51319eedd3cbe7c9680757a779864fc9f2846

    SHA256

    ff03fc43edd8c1cf37e9986419a6be2ad38192209ba394e2de232df44347250f

    SHA512

    e14113bde50ec3de584bd8dbfb4c969e13269c610f7ba3cf37ce94f9ceff2037613233b0a9eb0c16e72e5a65a4472ae19c6ccbad4c712bd78d77cc03f93a2e0c

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    801cc9333b2fb69a37bea252fc271dba

    SHA1

    b691ac4eaa46d6b663af464c949cb4b0085461bf

    SHA256

    e3d97df7cca1097e8a98abe961e4acb7e839bc6a9606d29537d47dfd092d36d9

    SHA512

    0a8d209b7d51fa826ffeceee5fdd40ac6d939ab0e5732c6f4ea3323618c3331eaff2de13d9a3b03e1630286ba45916e0d4d9a88d7f83923f8d07c99e80f2d2f8

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    7caa3817d9d70a69ddabe9beacf28364

    SHA1

    3c69407a1dd5990c0e3b39f3bdaab5ca08456231

    SHA256

    72f7d3ac5beaec699a84736ef9a48cf6279eabcc63a0032b83a1f30942a7863e

    SHA512

    4835973f7c4d931d01c84aca618b692995ac50239b77320fc20a87aaae92033effb435ed8974a756ed70d21c189ed1a4b63c0203c7d71472f92e15fa94f0f13b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    ff9ef281101532a851b556da4c0beacf

    SHA1

    c5d4693750041f91440441c5d9c756c6c5ce1852

    SHA256

    11e75ca75f9b61f40ed8cd2b2907c2b59fe85b1e3a19a54773c3a1c79b4fa44e

    SHA512

    565efdf1817e90179dff05103488a2d5259ea78fe22b330e42611e4540b4ed36a9a1be6987da881a055a77372389e5e8e3375a2e6fa1c6d2216de73a476c4416

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    84fa8a071daa5f3bde2dd73e47f41354

    SHA1

    cb7e140d133e2044dbce678b6fb9b0b7dc506ce5

    SHA256

    7a4153e9fa3886929fbf953d6274b5909f7a9eae60822afd312bcfc39e2f0d33

    SHA512

    d9c8a97d8d1c2634ec10e43e97a7274df18fc7103980522f57b5a35ab8b588ffe974a3fb865ec7be5beed00066a1f98e9dc70a1988dc9ce51c8e1f951fde25e5

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    4b118200d8ac0af8f8bf3b7c3539aac9

    SHA1

    561d8f3de92dd67ce5dd4712de9250b1a043b0c0

    SHA256

    743c81c5f1a01fdb0d7ccc982b820d5196a51edc3ed0c8468c6bc1abeb859e93

    SHA512

    d25ddf7dac35711cb95419b4eca5cc1b965b9ca794ebfed75da865f5293f29a7566c68acf917801bffa610e46d3ef040275726eb362c9c506ee4a24ccab84f5d

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    89e0570f941adf43ecddade43c0243ad

    SHA1

    f2858c46996c19fdee91ec6ec4a4e87dd388298c

    SHA256

    7c3514a3622f9b0d1ce42ddbd81317617ad0242ad700091db8bff890ae8b7363

    SHA512

    d92d714504907213dfee7931832cb26123d9c23694b49bd2de06884a2d2a93d91e911552d3ca5c8e5f817c9942acf4012417d9b6cc4c03a1bce9651de611137b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    dac85e803c00c7f9752e36cdce4a676f

    SHA1

    42c94df3075a2feb947939ac07c17d12b3475e89

    SHA256

    f77e1e06d044d4c63943a327c059895f26b7151b888aca23f85eea12dba11696

    SHA512

    b5baeb7a188b109750707816972048db8b3bb8309c7e1b15ddea3f4dd427de5810f31401ae8eff5f0ec93e221fcc0228ab24332da873de207c00c397aa87a01a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    201133013daf693d942139d46a56d356

    SHA1

    210e04a02d40802bf7663c70f8edc1d23baf2946

    SHA256

    5acd51759d22d980b5023bc0e7ddc845487d034da5e0d51fe28953ac823351f5

    SHA512

    1c7ea6316be71f408913eb2a76d436df36b025dd0363b08f73f349e054f90cf2c5cbc76fc18abf5af542e5238f054167accaa6496b5312db4b8969ff55c4f43e

  • C:\Users\Admin\AppData\Local\Temp\Cab2A6C.tmp

    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

  • C:\Users\Admin\AppData\Local\Temp\Tar2B9D.tmp

    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

  • memory/1632-0-0x0000000000400000-0x000000000055F000-memory.dmp

    Filesize

    1.4MB