Analysis

  • max time kernel
    122s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    01-06-2024 03:34

General

  • Target

    89401bbd6861779597b9a4d70146cb17_JaffaCakes118.exe

  • Size

    1.3MB

  • MD5

    89401bbd6861779597b9a4d70146cb17

  • SHA1

    f97a6479fcf485af51ee25f8534b873b8b568aec

  • SHA256

    88b67f7a181723a120bf4c3afba3b63d5b66c7bcf2d27e3bc42708cc61948c51

  • SHA512

    9cef08dd8e0eac8137621815a7772eba0fad829024523faed5dee91bde57f914bf53d7cf906c1fc666fe260ce041da82498bc93dc3fa114b6a1fe57729eb71ac

  • SSDEEP

    12288:Ch/pCHxW4pbAOeeeZeeeeEhMEr6CX4zist3:U/eDNAuaE6tiE

Score
6/10

Malware Config

Signatures

  • Checks whether UAC is enabled 1 TTPs 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 35 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 9 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\89401bbd6861779597b9a4d70146cb17_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\89401bbd6861779597b9a4d70146cb17_JaffaCakes118.exe"
    1⤵
    • Checks whether UAC is enabled
    • Modifies Internet Explorer settings
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2020
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.gamecentersolution.com/downloadgame.aspx?CID=21157&AID=786
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2868
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2868 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2016

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    c14130209993e3c9c591c882a491adaa

    SHA1

    e454c10da446bd8fb788cacd06a45097f7fa6353

    SHA256

    a08d26320af2f77f5d09e10293da8ff453c2b677f270c07d26bec414cd073d56

    SHA512

    459f7fec57349d106e79a2a9256d9471fb8b75b62bf4b570e4198809a9abf83cbaf62db56915009c48d8293d5b801e5839c264006acb950c1e1ed367a7c25f79

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    b25283111f06cc092b3e411897c0cc9e

    SHA1

    9b31d93f79c4ece67ba02681d9503cc7d79530e6

    SHA256

    d6ca899e12aedc22bd87f2bd1ebe91353e0a61a70be4960a620ffe9626eb007d

    SHA512

    56d8ef5fd7389bec987c4003fd7275b558585d2e2e6b29cccafdc7677bcc9ffd0450fcd88e3cb05b8a606639efc4bdf3799fb1b367ecb6d0d684f364d618aa95

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    69e8a7f30bcd8320e8e40e9069e67a13

    SHA1

    1735b8eebb398ec228b33ea87c5a4bfe19a97375

    SHA256

    4ae8a12149151a8ea9444926951b598589a8c623939b68d556d7770efe7c0af9

    SHA512

    90c20f6950bfd2506f1d0de9cf13ca224132db76c5ed570228797ff9856d43cd0094a58fc627e95a65957a15c13ba8a5aa58bc351a9a7d1012c7343dffb21493

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    4a74d58f627ad5031322e13a2856ffd9

    SHA1

    2307dc1205d909b843fed8cdac2ec5b626f59641

    SHA256

    34179f15c199049480d548daab2b98a551ec6c7adf2f26065f69298fddd4ed04

    SHA512

    791b24c3671305fa08a38c90d2c778f19be10c84dac10da6741bdeede064fb937d425ef4e014fb3440587347d1bd24789a9a3515bcf75675caf14d20d829a4a9

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    9c8c1868fc3d778e73269be4477dd178

    SHA1

    f5c2e746a1686866eaec2d632fcd8ff480dfed2d

    SHA256

    728bb6b2d8464b131452bfbec34d01c165e008350c81cd56a77df28f7189a8ab

    SHA512

    2d6a228687ea19015033f35fbf22780bf89504670a7adf5066aadd6195f52796abfb874a412de75aa517ac991ca6e13e672af9f1c7600eb7d912a4d3d85b0e72

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    af3864c5c9e560473305ef92034281fe

    SHA1

    e056a425e05e84051d33ceb5a17e20d0d96d0c44

    SHA256

    9732ef5b0df27fe44e6e3dc2650450116471c9eeb3a5673a37e90a67bde66b47

    SHA512

    748c8b77321e3618a26ad908b640ce9d247ca741b86235791a16b0e4468f5d8adb44c2df71beb823cf4dcdca07cb464670546498b1478539b5801caa249e2224

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    6228aee2f3549236be7fe195e7747744

    SHA1

    b704ed690b11868ce7e9ed1ab7dac3ec4d801177

    SHA256

    d3e3d28b45bfddff713661cd4c06a5639ab76f46fa2637a8a2ec239c770d8ab9

    SHA512

    5d2fd57d87d3685973c4ac84f548e306796bf852972c4d8c876e287df41956e96ce0adec65c2e568b0a06606e0d5041dec0326f67ed3c3afc1a71ecf92fc7397

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    be958274c93d69168cea0f518da2363c

    SHA1

    74bf515ea8ea9afe6fefcec411a421682af414cb

    SHA256

    3da5fbae1dff44c8ab76cefa06185a28eefe387d551f7e48e25fc5e43fc3869f

    SHA512

    f7e615724a01ccfb28e39ff82eb0cca2547fc0527c0c74125a4ebc0fa1d864bf92f30f7b5df3bf5107b6124d8375116697501ef2da0d1884834e8b6cfbbaf663

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    0bc901d513461e8d6f288ab16253af0f

    SHA1

    61a1fc25c52c4e4457a47af2f150f58cb4f7891b

    SHA256

    b8dd37e4b337498ea1d868fec0fbae8a4a5bc0ed197157fd48f240930cd33be4

    SHA512

    3cbad66398843576b458e6ce6da8a3ccca0755a280ef2403af08e9011e1b269a4fde5df46dba0dfa3fc237cd205693ff7b4e6a4184a56f2212072628461b7b37

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    bbf7620b55b8ab3dea51d5a15af8864f

    SHA1

    7a6be14083068aa12ffa8ece43469b12f8da60d2

    SHA256

    6da846d7d03607fe05b4f92fe52b11306eed7aaa9fb92e781050f28e91909b84

    SHA512

    3bbbf59c768aad0ae25d050b983171973dc3427a94e38579b6166b6180734d617aba2b67708dc7c16605672ef5a36c2479d0a8b3e5c537a2c5f650ccadd9f820

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    d7c5c9f52fb46fbfcde6761d3870fcd6

    SHA1

    3da8fc907927eec4ce9549b373330851e37c66ef

    SHA256

    c8baddb79ec5a2b38145c218aa27ebeda4cdfc5333a0f61f34e0e3e59054f7d2

    SHA512

    457a0b7263ee019a1e1d7bff596956ab6c7d3331368a0e5d68c9cf3bb63f15a8ae427fd9fe3d45f52e5875d819d35880b1fe5ddb5c321bec5ada8029bd5aefc0

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    c29154eef4cc4547057f2de797f812e4

    SHA1

    6246c2f20389bc5f1c7ed31ee498286f0b331071

    SHA256

    5df2a068d7196affa9befeaf93e338c18b01db05dfb8adef9c5f7f61bd11c996

    SHA512

    28d0417704b90715d546aae918f33634b220a17f6167ae0f1afe7d78c1dc45e48f7fed2809051320090f811ca3c4411d81c90f683f6413491e9d3a81cabc2bd3

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    815a25b5f95dc1fe19d025bf17bd708b

    SHA1

    26600703540a30b8a6932ddc6547baf96b7b225e

    SHA256

    ffbef943e5e9e5169c2961fd2e978a0622a81d744fdcf20dd6e254ae4fc22e20

    SHA512

    fd1eb88479c2e9ead48f4eb8be898a159559eee7b9ff85a9fba12bfd12b00399fa961611a31132767482032e4a1b39bc31cf2056108572078e7cec47e1997a03

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    9a5db02cf5f934ee34cca3241522b940

    SHA1

    355e6e3360a57a529b775f74b7f8e5c9ed250d44

    SHA256

    b2f3efc00475492fb1b85250c3e318467aa8136dee71f568a302e19de9588c0a

    SHA512

    df2cf8b35a340064ab97457f6c7896e21c9c7716715809115e20056998d13b5c7451a7fc1dc99a4ce0d45d98dc3e3662b538bf4e063e42e0096cc04061fa36ba

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    f80e3b13a0258a71dd5eaa35e6ac49e8

    SHA1

    56f354e4a5ceeb750498e387762746eab0bff370

    SHA256

    0a68d3af76745439068a41fedd8f1969a0f73070319fa6dc4e4d0f28153fc26c

    SHA512

    ef27ad7488411143dbe1e55fb07b699da66218a7431721da6c65d051f548ebbc6862746a986f6a0134f6faff3ce388f3324cca0a0b100b094436ab88fd96bd0a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    c6d5e31b07acc5de61fbd2bc70e1b736

    SHA1

    04e2ad74a873459f522f616cb61f022111bbc523

    SHA256

    e92dd16388ffc26d5be8217aa8aec797ddbd0cc0883d5891860345ad3b409047

    SHA512

    041ab3d4c257151032f53b4b853c1e287d7b43f9d1b8f071dfedad7743c25d69942f1be7f68366975de7d8205748a448e6ced63ef7dbd4f1a1863edb4d7c4c8e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    f8bba9b78b7e2028f1f64016a32f46cd

    SHA1

    d21dc503c26b78571d25ea123496ba344095a8fa

    SHA256

    4d2b3cb914cf3d2fb1a006654663557550fa4c5120dd1d78ab3c566d55619310

    SHA512

    777482c9be0094c56009946ecfca5300305974765a317580870bc3bd7fcddd3534405da28161685337fa6d4b6d33fff32bcb9fd9204d1391c6f48a8a300ccc7c

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    51ec03a924d73d4296dbd89ee2895e5a

    SHA1

    c7f672797e4087019b073d374dd99e1c54a3005c

    SHA256

    8445e2d5983e7d7a3ed701704eba22342c8b09e39a486d4a69aa403e8e3d04e0

    SHA512

    1751bc7320850d14c35830e3cd5fc967be0f5698296f61ce3333f99e8d1bcea2de1e4c7611674fd01d26f7ef486a9162fde55b0ac9958f81fe3b6c86da5bdf35

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    71ed58b56327a4b1fac815d66cd38601

    SHA1

    fdf9139df9baebc80068ab12102d0d7de19ad4e0

    SHA256

    3894536fbf250f9ce6d72a41e4449b1242f4220ffb5c04bc579e89679dae9da3

    SHA512

    d9703bb7ece912f28a20528809ee38058c15592fedf6a637eb853266b2eddc892d5dbf054bf587dffabace7653420f8f31e19d0343f2d39cf2cbcb30a951d295

  • C:\Users\Admin\AppData\Local\Temp\Cab7D3E.tmp

    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

  • C:\Users\Admin\AppData\Local\Temp\FG.url

    Filesize

    192B

    MD5

    0fcf82b5a915470e8a79d3516f582a36

    SHA1

    75f81b41607905b231521243129aff3554a58db0

    SHA256

    076264d4f165cef82f0cb07f6795f1d5ffa74741a943fca42cdeac65823bcae4

    SHA512

    adf69ec56756fe672677b039cb44bb13fc3adfac569f5ea4eda4e7b35de5ebe0229c5825ca8337aa2c623a773bdf775ddd3689e9fae03a7af1f694576d954293

  • C:\Users\Admin\AppData\Local\Temp\Tar7E2F.tmp

    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

  • memory/2020-0-0x0000000000400000-0x000000000055F000-memory.dmp

    Filesize

    1.4MB