Analysis

  • max time kernel
    133s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    20-06-2024 07:01

General

  • Target

    03da88767a246e825382e9965bc2cad4_JaffaCakes118.exe

  • Size

    47KB

  • MD5

    03da88767a246e825382e9965bc2cad4

  • SHA1

    df91b915d2192bd0eb76a517c45a4cee87f28443

  • SHA256

    77b6690fb7a6c9940f05a677e863e1488bf170e309fdc708d5ab486754f8a2fc

  • SHA512

    830b07e31a52b18f0fabb4af28578909c61f209d9ddea2bf61954eba7a5af3ada487e1570e1adc7713af9e3a412ce03ecd1adce309a4083d3df326929ce82d3f

  • SSDEEP

    768:AgNDHRi9jlJO+7WTCm5MqTZ53tnhiuhEP809eX2A1puPW7MEyhdECP1UcfbJub:AgN7Ri9bYzbzbiuhEL9KjuewJx1fQb

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Installs/modifies Browser Helper Object 2 TTPs 1 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

  • Drops file in System32 directory 4 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
  • Modifies registry class 60 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 15 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\03da88767a246e825382e9965bc2cad4_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\03da88767a246e825382e9965bc2cad4_JaffaCakes118.exe"
    1⤵
    • Drops file in System32 directory
    • Suspicious use of WriteProcessMemory
    PID:2368
    • C:\Windows\SysWOW64\regsvr32.exe
      "C:\Windows\System32\regsvr32.exe" /s C:\Windows\system32\gopfa.dll
      2⤵
      • Loads dropped DLL
      • Installs/modifies Browser Helper Object
      • Modifies registry class
      PID:2140
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://megauplinkbindinstaller.com/bind2.php?id=3913305
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2416
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2416 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2472

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    b4ecd349d0b5ac73f3e2f96d88317ad4

    SHA1

    4221aeebe34f71c869bb22d976b2dbca0aa48dd5

    SHA256

    e7944b2ce72c5e13e7d8e04560dde7256ac1472ba52393f607e36db6399674a4

    SHA512

    a473ab43681760f166959d4bd078a74f7dcd7d20c8e73c1102da7f34ab1b5e1dee70db764bba9f5dcff143b2a82ccd21dfb62fe7fbb5d286ba58062b9a214560

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    8c0ea4bdac0e777b3fa41f6d87f5edc6

    SHA1

    22a257eb5c5ece06892f227732d5407ffa7f3525

    SHA256

    88f0283914aa381a060d721b7899b6e23b5dd9e6457ab26f8b2786b3a2d75a19

    SHA512

    ec99590d08290cd92f3cb54dead872aec29f5e8afb5bf2a129d4d2240b47d09f969b1c42bbfe5234d22236951ae748347c8296de53c52d31a0b9f31430dab8fb

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    364055ec4b55158110f7aafa908a4b48

    SHA1

    ab74e16809707d07cf49da07211b7043d737e776

    SHA256

    6ddc5f421c47dc72dd301f3e392bd5ed809644a1c443f80379bbbb51ca271377

    SHA512

    53d1f9a8e445d996fb3f81297b9c29113d9595267f83df4ab2f16b79c2963bd78274678ffdfb965957eff9468b648b6169a3ea2a18c7bf1adc66cc88a3371748

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    c3c1e989c4b8f13d6b8e8dc4fa43b5e1

    SHA1

    2d22b96d14b41feafd3e39a53458bfe49e210965

    SHA256

    bcd74d20a97c1eb0fc7520f78d4415c29ffb4b3f203c543a3805bc93c0b4e63c

    SHA512

    88aab11277667b563aa46b5c52338b40d72a5be28deb54f0403c3c2dca3b4319d9af5b18eea477ebcc8cec228ee2a9b84aa15f95c3e406662ec52aa28513e50a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    197d71e05b2bd3d513e0ba0009a06a05

    SHA1

    80532f440ef6f87456c8c799c2469383dd25e732

    SHA256

    c34e3a1b81fd042181824a93ad00f8b106ef86f8ef29d16d7c02b6b6b2fc2d72

    SHA512

    38e1b553618c4f81d686c58134f0a5fab0e5fda2e7d7c44c180196ef6eefd438e2a5282c2cf9e49a3fd54944d7ccd706551feea3886dc62392c51c6a85f015ee

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    1d4eb2e87921e7a291996d3b81b9ebfb

    SHA1

    6e19897a94eb29d1bf0c702128e67fa9089e7f1c

    SHA256

    c613358f0b3a79348cb8ec22378ef85d789872b4d9d8a2df791fa628f3ca785e

    SHA512

    0dfb3eb1403d10d8363221ff23e855dede0a567fecfde5a54c5f593294dbf13f74625ea8806980096641a90a481d068fbfa4946de2c4a51034abac3b67e3052c

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    19c7f62a1f579740a69e0d206b2f3dc8

    SHA1

    e283658a823635b1af1b4ffe24512b2ac533253c

    SHA256

    6143df44881b41f0f7df44103e4a0aece2b7b9018bd2bcba8a503c80296733ad

    SHA512

    7c8f5351c26598fdf387eb2e78be3767dd2e2a5ffa1306b9523ac356f0e04b3ca31a35dfa27a55b343ff367f1d25063038bf5e71d5028f516a653668dfa6cd7a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    6269e51a46c7b7bf164dd8b97c9619cc

    SHA1

    ba81da30c3ec38723eeb9ee59e4134833490a580

    SHA256

    c56b2c34ee2a12be8884747a113be173e77c1ac2f38daaf67f4d2100a26c21e2

    SHA512

    50ad7d1ea0d46ef598046b08e30abe02a3c93e3d35d2f8623b12b48c61f47caa3919842fbbb467584a62e08f46cbc41ed58740a0fdfad27d323661978fcbefb4

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    5cc819d8e00e13922e7c69494a7eed49

    SHA1

    902ef157af352924b5421359f5088dadf2c6de9c

    SHA256

    b28cc2bc87cb319c06486716fc53e7c10862e721fa6523fe3f9d9501ee4bf23e

    SHA512

    83b52ec5ebee731d7e75b640153bc19347b659d47640040b2458736225a35809679c84394ab707c16063dfc4cc17928515c30123dba7097d95d3fd7a5101b2ee

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    9a33fe3ad04cf6123260bcc9043eac13

    SHA1

    7e950204fba5ca0e7f174b2fc832f51b86350aa9

    SHA256

    53238f7b9cc6922af67d4b5d6e4417719928e73444182355e4c5d20faace4625

    SHA512

    6fe2f9a321208a98645233f72da457dde75e9ebf9494bf185f48341b0eb97945dc095277695744ae3d85338808e10d44ab32234b08278cd04d024f25446c9067

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    53c3a6cfb0dd5af84affa8cecbee667e

    SHA1

    45608ad512024b5c436e8a90839b89ae62ba1dae

    SHA256

    cd4d48b1b5d4f56596a6a5fdc746932430cca2ff79f3e70bf5320821a225ec61

    SHA512

    39345612f18e948ef7bd9dd4b369c12a8885ce14353770e78c140590acb903fa566cc99ede9a82b9f5b3b38d08dc89e670908cee3406b789015e5e3423f01cd9

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    ed4ffff5b260f57b07535f671ec43bec

    SHA1

    4cdb30b8a7343f39bf37accef7f53378bce531b6

    SHA256

    f27c101ddeaaaa1da992e21728420ffb3c049f4ecf1e0d2552f2511a92c7a272

    SHA512

    d0d714626c5bbac74c7a9b86bc0528e926d4658c2ed62e5dbbafd58f31cb596cb4cd8030a448d7b732c5e5aabaf029ba0e5df70682f5ecd12ce0f2d8328217f2

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    b77f90be4bd55f9169fac26844a6de4c

    SHA1

    1f80ea5346afc0910dd36a8adb30777accd0f70c

    SHA256

    604530aa024dea928d017cbf53345c8c600a769d872d4f9abbcb19d83db88601

    SHA512

    26c4393f06540465dd642a0545f4f91b93413c7fc7d840b0fc1ba1691feb35c6dbc15690b574e9d6cb64bac1e0969a99b35a0d76489310837de09de6b4733cbd

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    9947dff1a104efe318aadd9d33c416b8

    SHA1

    772020fa8adc339887630dcc8992c519befb7900

    SHA256

    45a933700629459ca54d37562baace4d4fc2852b42477a6820dabd77a6e9a639

    SHA512

    ddb5bce105d7647b81b232045ddc16ce71949f996959c573b5b74447d54c199875b69fa0afc10ef37cb260668ee84ec7da5d90f6856c0a950ee5dfe1fa27ecb9

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    2bb92fd88e8235a040708673820f015e

    SHA1

    67826c0600e67537a38b1e24e8da409e79270166

    SHA256

    f32de6e71787d3dc95c9416ce47db3b7ae5d3d535515d1363fd143fb440e534c

    SHA512

    8e14f1b58644df9b9ab7559ac094b91ae38c38580cbce91a54485f5e95dd74d1fc316d6d4b9f00369ab6379be14f6236bdafb95ac0ff5a94b09983bcb563f0cf

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    fc2607c403c9386c36dea9ab9a737580

    SHA1

    6c8e75410c3662d017518e68003778b69a27669b

    SHA256

    3a3692a00888675a7041fd311a666da0589e62f16597d8d9aab188a75ddf5fe7

    SHA512

    8cc93eec0a602778db59e095925407947f63aeaba4b67163ab11d37d3580941e76b1159dfdac03232730958cd25ae815fa32a29c234f9c0a7365d0bb02f7dd97

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    88eb33c1aefddf2d28564d0adf251c9a

    SHA1

    de720a29b4487c33d8abe08da811954ef17b46db

    SHA256

    9fc1fb80eb2779b7b27f95d528485011d4ca0b01d3a99dff40067d4085453f69

    SHA512

    b7ae67cb4a7adc470326528ac3f2d0f68eca24df8a581987ecb8b3ec6072ecdaff70f166a2e0d0a3da4c981e60d5a11dea2a2ec3bd504c34c24d657b31e475ed

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    f87cba1feb8b1f728ce3da5b31675226

    SHA1

    a59e91ce68dfc955d7064cd4b67677789190a982

    SHA256

    ccc53db5a2af70338f08f2ad19a411a6dfbe8efceeac4b2efc9b36ebabade463

    SHA512

    fa31f30d0f2ac28ad6917a3f75ca31cc55afcba0110de25f225d0d0ab6b55669442f1def3a5f32df88787ad6c5a727e1dd587b22b401a8811ddef97bd1b7315d

  • C:\Users\Admin\AppData\Local\Temp\Cab47FA.tmp

    Filesize

    68KB

    MD5

    29f65ba8e88c063813cc50a4ea544e93

    SHA1

    05a7040d5c127e68c25d81cc51271ffb8bef3568

    SHA256

    1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

    SHA512

    e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

  • C:\Users\Admin\AppData\Local\Temp\Tar489E.tmp

    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

  • C:\Windows\SysWOW64\gopfa.dll

    Filesize

    72KB

    MD5

    f521eb81607412c970b7fda5d853c0bc

    SHA1

    c4e3928b49679d4b5faf52bb37de044c1eb329fa

    SHA256

    e461a4281c1b0e8b74a2199fd9e34e9c8aa8f344d5df616307570dd758383832

    SHA512

    e2de6c2b00136a3e813df48198b355d336c49fc715dfe12c39502046abae56a1c66924d8d7b0d40df27074c18acd8d361771e9eaad098b15d830b7a7fee90150

  • memory/2368-15-0x0000000000400000-0x0000000000429000-memory.dmp

    Filesize

    164KB

  • memory/2368-1-0x0000000000400000-0x0000000000429000-memory.dmp

    Filesize

    164KB