Overview

overview

8

Static

static

1

9caaee309d...18.exe

windows7-x64

8

9caaee309d...18.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    141s
  • max time network
    113s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11/06/2024, 02:04

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    9caaee309d602a9db95e9a30e6489582_JaffaCakes118.exe

  • Size

    1.8MB

  • MD5

    9caaee309d602a9db95e9a30e6489582

  • SHA1

    e706f07f7c1c53495454be060d671caab5fa659e

  • SHA256

    40f775608b3578761ac138751acb6e0506196165d35dc8a96cdb98f76fab77f4

  • SHA512

    cf5909db53bd4e9804b7c063fbcc22e2fe825fb15e54c2dadbeab7a32110d74ed83187fc8a1a3b153eeab868793178928deca3bf1e7a08388087f983f51c8be2

  • SSDEEP

    49152:a5+hF0j8F9jWOHVuLS3j3DxYmSAOUrw7pbOo3K3cyYF8gJO:a5aF0OjWOHT3XxsiqtSMps

Score
8/10
execution

Malware Config

Signatures

  • Blocklisted process makes network request 1 IoCs
  • Checks computer location settings 2 TTPs 3 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Command and Scripting Interpreter: JavaScript 1 TTPs
    execution
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 22 IoCs
    adwarespyware
  • Modifies registry class 16 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 17 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9caaee309d602a9db95e9a30e6489582_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\9caaee309d602a9db95e9a30e6489582_JaffaCakes118.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of WriteProcessMemory
    PID:2792
    • C:\Windows\SysWOW64\wscript.exe
      "C:\Windows\System32\wscript.exe" "C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\bin\tools\start.js" ""C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\DriverPack.exe" --sfx "9caaee309d602a9db95e9a30e6489582_JaffaCakes118.exe""
      2⤵
      • Checks computer location settings
      • Suspicious use of WriteProcessMemory
      PID:1488
      • C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\DriverPack.exe
        "C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\DriverPack.exe" --sfx 9caaee309d602a9db95e9a30e6489582_JaffaCakes118.exe
        3⤵
        • Checks computer location settings
        • Executes dropped EXE
        • Suspicious use of WriteProcessMemory
        PID:1988
        • C:\Windows\SysWOW64\cmd.exe
          "C:\Windows\System32\cmd.exe" /c Tools\init.cmd "C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\bin\Tools\run.hta" "--sfx" "9caaee309d602a9db95e9a30e6489582_JaffaCakes118.exe"
          4⤵
          • Suspicious use of WriteProcessMemory
          PID:3816
          • C:\Windows\SysWOW64\reg.exe
            reg import C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\bin\tools\\patch.reg
            5⤵
            • Modifies Internet Explorer settings
            • Modifies registry class
            PID:1832
          • C:\Windows\system32\reg.exe
            C:\Windows\sysnative\reg.exe import C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\bin\tools\\patch.reg
            5⤵
            • Modifies Internet Explorer settings
            • Modifies registry class
            PID:2812
        • C:\Windows\SysWOW64\mshta.exe
          "C:\Windows\System32\mshta.exe" "C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\bin\Tools\run.hta" "--sfx" "9caaee309d602a9db95e9a30e6489582_JaffaCakes118.exe"
          4⤵
          • Blocklisted process makes network request
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:3232

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\DriverPack.exe
          Filesize

          85KB

          MD5

          bea0e0db0118ad8ad5ebd72b79c5ce4a

          SHA1

          5ebd53b83ce9372c8111127109f1270efe6fb524

          SHA256

          78fae8f4014baf3b063d44a46dca6109e7483b3e5ca27187394a68bd959599e7

          SHA512

          dda0fb66c39ca1f9b0837cedfdcb562c68d1d3b8ec81868e5c0d4f98b4a3a0072b7f479bcb2ca598bc01503db1eb9fc0da723dfb4081d7f3bebd5f8d858d8186

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\bin\DriverPack.html
          Filesize

          4KB

          MD5

          42e912c38ef16cdbc7cb6b1f0de61fde

          SHA1

          d98922fb3f2684b0a418acfc30e128a996311bce

          SHA256

          3d2315de58a5d3c3a4412cec1e426751fb0f7657f27c22254006e23cea3bbad9

          SHA512

          676f72f1ba240a32975ebaecf026fc77623032fd8c68d261333e7b028826f77f037a5f2bec767639a898e20acfaf31d5b103428ee249023ad75ec43c0e6f9b35

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\bin\Tools\Icon.ico
          Filesize

          24KB

          MD5

          73c365efc22f21785caf62a83c563da0

          SHA1

          21880c3e6370cb9c50fbc37e656bf1f755750801

          SHA256

          a0a78539cf3889eaaf2aba62fdc85addf4c31420eebbfb51fc70ff41efadc69a

          SHA512

          3f025bc4db604d631763b73c1b7bb967b3e70696c5b15679d8570f950a474c67bd0686ffec416831c23e877c1ef273644a040e86f2d893b49fb88b5ab44c0cf4

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\bin\Tools\init.cmd
          Filesize

          852B

          MD5

          2d07f324a539ade610cd86f3788db114

          SHA1

          c898927fe8eddab9997daefe21241ed211221676

          SHA256

          20692738398af39ee4c65eda97b70f65466baaccd1c12eefc26e632f505b68a5

          SHA512

          12a2e9cb3de9ce4113b85c54bc6a0845f604608a9383ffebba7a3fe00c34b18061865f600f134d35d0ab59cf4fd9f755c8d73c738c255106d53d573d7ea0218a

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\bin\Tools\run.hta
          Filesize

          1KB

          MD5

          0067963efff86f2d5fb4f792cf68021a

          SHA1

          eeb5eb6d94c962bc5cd94bfce7306e8fafb160f4

          SHA256

          f8233bfffe778f8aa2b90856298b84f296b3bf8dc0547b11afa538a3c3081fb3

          SHA512

          d7417e2d35c0894b8fc154b216466522b1b0ae9ea274a63431afbc90e43f026cf647455e885cc767f2d8253693f01c8bdd618e018ddd26bac9b465b1af8b89b7

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\bin\bluebird.js
          Filesize

          147KB

          MD5

          afbb5c813add5d4df9b32419e6a89834

          SHA1

          8b1d61ac66c59e7eb581453b2c5a9d20452e7f27

          SHA256

          0d6e11be55def7b6f817cff2738e21de9301ad0836e89d124a46f72a64b18eed

          SHA512

          b0979605cc7898c6fd3435a27b5d2003e5d75c9aa02aac24cc59f755dcbdead55a5a74a1cfe0199479c11e2cf355035bbf7051f1841775e53d955af0877812ca

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\bin\globe.png
          Filesize

          641B

          MD5

          74e9ebec2b365366755028ac89031400

          SHA1

          51e302935661398c53cb3e8fa11d4b874c6df78a

          SHA256

          9a6abb737e513937865aba2d2db103c9baeac030934b522093b7905d4815c332

          SHA512

          837ab265038703b7b0d5333e9e74977d54c58a050a8128a9127a2a4e482ea6623e4e866aa53638c72ec3111dbd1924958c1bad536003715a883e6dab87e5bb57

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\bin\language.js
          Filesize

          15KB

          MD5

          2866dec4af17828efaca8596942635ca

          SHA1

          2e9faa8a9b5b05d3807daf543e29cf0403e8b969

          SHA256

          cdd2679eaffd10b67894aeec93de1f34dc56038b63feb59c1fcf54d42c590903

          SHA512

          419d8bfb46b6749eb9739e1121ea62764cc1d24ba187e217b8e18b09ed89a5ef7ebe2b114959caad11f21a999151461ffff0a1c3d507a190bf123c49b792e46d

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\bin\loading.gif
          Filesize

          18KB

          MD5

          a90e737d05ebfa82bf96168def807c36

          SHA1

          ddc76a0c64ebefe5b9a12546c59a37c03d5d1f5b

          SHA256

          24ed9db3eb0d97ecf1f0832cbd30bd37744e0d2b520ccdad5af60f7a08a45b90

          SHA512

          bf1944b5daf9747d98f489eb3edbae84e7bc29ff50436d6b068b85091c95d17fe15b721df0bff08df03232b90b1776a82539d7917599b0a3b2f2f299e7525a51

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\bin\main.js
          Filesize

          127KB

          MD5

          28396d494d3c7eafb997e1a46c911381

          SHA1

          6365d24ee9f35fe447f794e55f902e47a8cd141b

          SHA256

          f6a61e9413bcfc77cd8a23efc84a96eaa60b769e9cae365dd420e767c629120c

          SHA512

          42e4b6d13a3a3f4f7f2c9e9b07180d9e4c69b3d533998893f89c48d7a1da5fe68fd272eb5316c3789c5a011dc71cf0c08177f040f38caa4a72af560739387ff2

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\bin\med_logo_dark_new.png
          Filesize

          3KB

          MD5

          43be5aa6135f7656e2b9ee162479fde2

          SHA1

          384d58c9712a1d8248c442d596aa604f04c6e028

          SHA256

          71557ad30e5e02aa551ff8edc29deb83aaae949f31da9151d3e476d67d2a1a4b

          SHA512

          c51e80ee9d5ef1de0eb8244670437320e66036fe277afb669721982d23c2578ff4ce28b6f3cabf8256b39ce391df1c7e335008b0abca795d9c0884082ad21f4a

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\bin\polyfills.js
          Filesize

          270KB

          MD5

          32dd27de70fca65ac73a1f9835d8f0c3

          SHA1

          989935a10a8b1d7c3f1334ef2db8b57c7fe9bf7b

          SHA256

          62c56826e747553724ce3881eb3f9a367664a8d8172593286e9511496c6640d1

          SHA512

          974461c8ada004d18c12ecc67cb7e075488043cfdd1e7ee5589cb7c1c9d6e85bab31ef5d09a9c3f1aa56e7eb6b8e97774ab9165d097f2ca0c1cba7c7c855cc2c

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\bin\styles.css
          Filesize

          2KB

          MD5

          f1f2c06d2d6bba1b321ce0386799b154

          SHA1

          a4b480a399005eaefee6876cf2e6711466db6921

          SHA256

          81224a285ee25bddb07018336a2434d947c572e92a26aee567be0401b7726892

          SHA512

          245f70f9786303cf5ea214ef0e3627dacbf3bcf1eb742c0e9d44210f2bc9f3f7ab4b827600ebafdba6877d712db5489481a142f971cb3f6b0183b1a55b8b4640

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\bin\tools\patch.reg
          Filesize

          1KB

          MD5

          5e520ad7be996e01e1f57a5dcffb0148

          SHA1

          faa0f75bcf42d21250e3aefc5884216d03637dab

          SHA256

          7bb97b440e949b13feaf9e104be287c950cf87a14ea3ba5af4199fd15e2da581

          SHA512

          5ad1657c4de30aa5f97becb0db63ad7e5f5b92ee9ba694cc528203abca974736c6ed3c7d051b6adb9db003caf8b0b8001d8e2dc0b2ebff0f98713f88552f02ae

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\bin\tools\start.js
          Filesize

          137B

          MD5

          efa95ffb77bc168aeac2a61273fe81b3

          SHA1

          f10a049e592245e0441d87ef87a72b13f836ee61

          SHA256

          abb7b821325c0cd80b188f29b4f00e6a669673e5e036379088ef85d164e4c81e

          SHA512

          31ff4c980f6ebfe030c56448da4d14634a13c995dd3e54b173aa712ed9ce831a2fd8911358fcc75dce3ef3150a252f9eee34cffd5becae4e254346fd38914bea

          Download Submit

        • memory/1988-72-0x0000000000400000-0x0000000000418000-memory.dmp

          Filesize

          96KB

          Download