Analysis

  • max time kernel
    149s
  • max time network
    153s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    01-06-2024 05:47

General

  • Target

    8985a736ddb0cd7d6ade4db9a9d1a1a4_JaffaCakes118.exe

  • Size

    1.3MB

  • MD5

    8985a736ddb0cd7d6ade4db9a9d1a1a4

  • SHA1

    11b6a860c985e0764b985858c99feb8d46758763

  • SHA256

    f827af4dc7d3f6ca6b352c4d9e2f65573a386a3285a7e621126cd0b0a95d58a6

  • SHA512

    c526b2d8184ea4f70ec68314d9d2b743674d7f4d20cd2cede37ac01c6fd82dc657854dfe7f758a81342c23ff55cd04c23a874860f093b646d040f4a94c8ac56c

  • SSDEEP

    12288:Ch/pCHxW4pbAOeeeZeeeeEhMEr6CX4zistV:U/eDNAuaE6tiQ

Score
6/10

Malware Config

Signatures

  • Checks whether UAC is enabled 1 TTPs 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 35 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 9 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8985a736ddb0cd7d6ade4db9a9d1a1a4_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\8985a736ddb0cd7d6ade4db9a9d1a1a4_JaffaCakes118.exe"
    1⤵
    • Checks whether UAC is enabled
    • Modifies Internet Explorer settings
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1676
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.bigfishgames.com/download-games/2580/hot-dish/download.html?afcode=af628d3a27a2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1288
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1288 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2028

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    0f7c9c3793503c44d731e199c4b14545

    SHA1

    5d68342fe37c024eb8cddcb074e2e679adaf4276

    SHA256

    1f40f9427bcf9ddd7969256d7ff7673ecd8c3a958c5d45ded12a7c5c02eb0192

    SHA512

    258c1d95cf357c1492520cbe17487bf72e771785455a63d780cfa31ed33ccef5cf699ed59bade8e0a04a61e8b1d05d3573755f9e2b5e36a1af3f87f57c32d12d

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    96e3f964b30e86fca472d30125841be5

    SHA1

    eab6d61a10a792aa025589361bbc171bc69f619e

    SHA256

    44a78abbe0b2752039caf9e7ec0783ac43d4a4fc650f84a97bded7564c71cfd8

    SHA512

    9ded468601e33f9496a2f83314ce64fbef7115eba09faf6361f52a6e88455ae95c5a950255f790ae4de470153ff82f55b1a6625956f99aef497bfcc1eaf4f116

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    bb73470ee9c55fe2bc12f64fa654a9e1

    SHA1

    388fa7a2dd7548d13ae984c90cc79d2314178bc1

    SHA256

    ab080865d1c5b7bc537291c39ea09761580cb1b8891aa2bc4a6ce3ef75693f6f

    SHA512

    495784239811f559f9df54eee9605cb2a1315445ef64a11db3da48d63028b04c2058639150201c2ac5c4e2d985102c0e30171f2173d175eec4d52a70627d8d14

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    31e1123cad6615198f3cb3bc58e90e5e

    SHA1

    8bcfddb6b1ff68be03dbe896d3ee5f55ca0ccb3e

    SHA256

    6215547711843adc9a0ecd8b9fface4604298f12ea6db25b146efe3d60b53e8f

    SHA512

    ec053033f6d7381c6f8a0aa0df4a6456193df1b32d01ded472c536c35edd26311afbd3d040df953e5348407e82ec00ea9f1a3a34ccabf7b2efc8344108f97875

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    33aa6e6f3d0d32d681d520b0ea1c9167

    SHA1

    ab3ee48fb7dc69c3bbf477b9ce01947bf3d0bc29

    SHA256

    53f2a80d959d04f7ad199cc32f864f1bbce72a6be328c9680d435805c9891bd7

    SHA512

    52e33949c91f419a246fd0951f1b443aadc416b437c033ff280c6981a2a20ac36112db523674d64b35ed16670099bc94acf33b769f7860ef80bb9130edcf2b9e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    4cfafbc1bcb66a25e586b02f4dbb147d

    SHA1

    5f2f12a24a132250535ebda4b31cada0a55ba1c7

    SHA256

    29640894fc5bd0bbeef2b09a6ede2558b70b733f90ef3b8cecab6fd629d1980b

    SHA512

    ae010685f0a992ec9dff4af342f8130d2883ede365f3a6ef500786df5dd29a8179e93a202d23c5a7ece821da2182b40aeee98978b1fb784340e05d5257a460ba

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    48fde0e8fc0324b605865fd3ca89ff75

    SHA1

    452562d4193277300ac54c2008ac33d70633bbe7

    SHA256

    99f7512eed0acbf37a1672c4dfce208fcc858a49fd9f2621b6bdd7648e1a4424

    SHA512

    0e37901788437faf34f97a98379b85d09d8e4a9a6c2dfb2440073569fc79f38a52a63f4e5e9b5310befaba169c92eadaaef45b924d46f04cf98fc5b7a1fe33c0

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    782ae46065254c7928e161e324573bbe

    SHA1

    ca93279444b6b1089bab2f8c6fe213c9bc468dc5

    SHA256

    578ac2e78fa65345f4541ea5fcb0db50c738ed664a34d5ab165c391811bc7287

    SHA512

    615e531101e86962319d5c65ed3bec148fa736e758191f05f3c6ce18911dac365dc9a2bce2c7b432927a99a9834f69f05a766e3ecca176e5e46b482f6a84d60e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    ea1651a831c617a6dbd001c24ccb6313

    SHA1

    0ab4b1a6700c5eaf1f4ee09fe80d7dc761ca7410

    SHA256

    d95d1c3e9d07e36d4601f4898273cae3dd9ae807147e14bc7792461433667893

    SHA512

    194aaef1d94df450cd9e0fedc0c8d09a94fcb27036932b0fa6b998f9d8212b2ef758a7327d2d86515a21b014ba129d30146be00168aa6475341639c07e969299

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    ae28c0db472f1b3927af59c0b9ce38d5

    SHA1

    4f458b89079a073fd9e9c267454502f8c40f2a37

    SHA256

    b12a473919f985976cf3db6332d67451c9f5b73e0f8fc1a1cc57e08c35702dc3

    SHA512

    176aca29af1bfbdd99d0b38a41d93d8cf864d6e699b38e0946f857ce065578bd270677eda4d093c8f11188b183367e16eea1741b83cca792da14e155089760b6

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    179e2411cad85adb2d6623102661f9c0

    SHA1

    53e1d063c7ed2222e4e68d375e5812e54d16aa99

    SHA256

    36abc19a4ce6eaacd117d5fab8bda0e2cc031530728cb2e3b95e97bd8b8f0515

    SHA512

    fee03646fa7547d72a1d02416cb9ffbc3cfd088f3fd763cfa052db434528834d8144a4f02fb00fff944cd403e9c20d1ea2595d0ffd41514f5cc756b3cd5c4960

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    2dbdcfde9b1737ae214c5f28d7d52d5e

    SHA1

    c3d59442fd941dac9f3c458813c22aa439225f9f

    SHA256

    feec4c7cb99b99b6d7a7a6283b71cb8a396a32acfa8334e7e684de1e5920c0b4

    SHA512

    f31e4e4499146cba692b7d126185cb8a546a72d6ebb503946a4ce85def8d66dd1ba90c72b66a5276d891fbe9305ee2feff3880af9e94a9a7f8c1fa1fa4e9436f

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    c1d549ccfca0a1f7885d169666f6448b

    SHA1

    771fd3c4347cd572029279af4d69d866814f09aa

    SHA256

    d67130e67fd42b435afac19f6a98417aa5427fc2ef6ccef48b4aece6056fd24a

    SHA512

    7c555d320421bcb2ddb9e8c47188027dc8445a85946ad20b271d63212ba74b8ce8e38eb139032e5b053cf5854ef631c6741a9df877016d08f96c1ccf3a8218e9

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    316a4a8535501045164bbd56bc8e8828

    SHA1

    d3e6c801d8d214354d875fa4e0c7c90e248cc895

    SHA256

    707e666df5744b4ef67afce0ca771b77fe14206e130f7d1a1d30ea83e5167a82

    SHA512

    12b5962359dc5e595f5f8403fb395e07cac5d2f1d3acd90cdf505a6bb8d7d519a88b6e394f8d2e43a4c64e16a085ecf4667c555a23d90bb1b5b1cf1b79c44b05

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    9e2e0a139d033b19e71da2318d26e352

    SHA1

    b11b14fff3987bf3d040ae5fe6f979ce2c1a38fd

    SHA256

    49c876f3169dc766527d1e9aa17e98781b054bbc312a309a717f3762c45204a9

    SHA512

    6b7a29c311cb6e0c50058187ef85329c8f6f252aab150b23faac37e74bf43f78a0f8b0c917d5f3e1bdd15d212efbeba5bc4da38b46369d295d61afd6dc025b15

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    7a6300649984681c2cb9d03ba0a492c6

    SHA1

    8db5ca70b7be947ed1a2958393c6af8d8b96d35d

    SHA256

    5b54f2299979b2f21275876e718cb8be4308c4999335ed8caf1703ae9b9bf242

    SHA512

    360a84bd27524d0f5227dd718745fa44e06ff36ddae0e26739086429aa2d0fa54faa79368e0405b39260fbfb313ee21b56af9d1aaaa104baeb8133344e7502fe

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    ff1f1b7911531f4de35bb12325e3a1a7

    SHA1

    c8474782cf8dabf855d2a32c77ffb1db66646d7d

    SHA256

    913228c3cee928709b25a5a48bc1204b5eba6b9d46eb62cf942abb26b757f359

    SHA512

    d6c8d397cd40103644b72b4a489e20ba40dbf41db8fb70fbdcd2bbb65c62d3e9775db9aac6d39edf6fdb3fa5f940f46cf86f70ecdcbb1afc9976e0b708abaefa

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    4cd69dafadbc0669161d0182ddd67a71

    SHA1

    fa806b43f2f30f2d92929d62f37d8aa6e2740a1f

    SHA256

    14d35d9eff70ca2c584195a49d25fc36738d8043035e5e0f2657609f0e90a45c

    SHA512

    096f7cc64df4133a5361033b26b062a1ee9d6dbce104e9470a3d4539932571ce7c97308e121fba9efe302bd43e3312f0c68c459561275fdc6e9af0ceb777972e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    f933e3986b69f3b8ce6f00101d455825

    SHA1

    c14889637e9bc473c18ed2f789f9112ee4130c7d

    SHA256

    3a6c715d3bba0a2f4d1110b81c98801ff272a764cf3653998c79305aa5ccef56

    SHA512

    f4d43f89d3935d50882327b0e714fc80397241fa87d464d521b758cf4af0e4ba2d86bd16b608f797ca21da96cd8c3cc5374fe70d623d8ba203ccd8adf931fd07

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    219fd21b1a3ed87c5c5faae4b87857cd

    SHA1

    6a7a074688c875d20798197112611ef2eb9e0de2

    SHA256

    20cf0ff5932ce2d92a1001022e6fdad544874371f9cd49a5d5ddfdb49baf7cae

    SHA512

    e298aa5496837acda60f2bdbe0ed9afcc53f82e9f62543240f505f966bd7f9e56304229da77274799ab6f2c4881fb019fac185ec09b84d3812f425ef7e3d10c0

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    4d491a6b6b2144eeea17ce7b62c7c5de

    SHA1

    c26e121cc53ad3d43d77e109c99e7b486c8b8ae3

    SHA256

    5e846dcfe22c7c52b1ab00e9315504ff4d8a5519700e58686744f6152188129f

    SHA512

    7e0ee92efd56cd91baf2fc6f1710efb102ad925e82196a9bc5214aec7377baa4214594867d109737348120216345e1cc923235702ffae4024300c5927618c166

  • C:\Users\Admin\AppData\Local\Temp\Cab76C8.tmp

    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

  • C:\Users\Admin\AppData\Local\Temp\FG.url

    Filesize

    192B

    MD5

    0fcf82b5a915470e8a79d3516f582a36

    SHA1

    75f81b41607905b231521243129aff3554a58db0

    SHA256

    076264d4f165cef82f0cb07f6795f1d5ffa74741a943fca42cdeac65823bcae4

    SHA512

    adf69ec56756fe672677b039cb44bb13fc3adfac569f5ea4eda4e7b35de5ebe0229c5825ca8337aa2c623a773bdf775ddd3689e9fae03a7af1f694576d954293

  • C:\Users\Admin\AppData\Local\Temp\Tar7884.tmp

    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

  • memory/1676-0-0x0000000000400000-0x000000000055F000-memory.dmp

    Filesize

    1.4MB