Analysis

  • max time kernel
    121s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20240611-en
  • resource tags

    arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
  • submitted
    22-06-2024 13:01

General

  • Target

    023ffc154d694dad62ae6c98b5d5f327_JaffaCakes118.exe

  • Size

    1.9MB

  • MD5

    023ffc154d694dad62ae6c98b5d5f327

  • SHA1

    60fe58885490d5fd8500a93ba41e8263748c44e0

  • SHA256

    583e16e5a6d356025b2289aaa6a1cc244cde8992856154891a2b89c1f540d53d

  • SHA512

    483930f87715ee7bf810b079603a6b65a83422bdb19b2c9fdc27a484b8339c1ae022d5f1b55d68d9f36bd41b5bb1c77afd2ca1f1423ff4fdad532317ef20935f

  • SSDEEP

    49152:3EPp+9hRBkBrj5ZJ1sJbYfqRMTIHGOJG9Fd7xG01PEWz/R7uK:3EB+9hfgryYfq0IHh8FpxGYsW7

Malware Config

Signatures

  • Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 2 IoCs
  • Executes dropped EXE 1 IoCs
  • Identifies Wine through registry keys 2 TTPs 2 IoCs

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

  • Installs/modifies Browser Helper Object 2 TTPs 2 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

  • Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs
  • Drops file in Windows directory 4 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
  • Modifies registry class 5 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 22 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\023ffc154d694dad62ae6c98b5d5f327_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\023ffc154d694dad62ae6c98b5d5f327_JaffaCakes118.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:1912
    • C:\Windows\install.exe
      "C:\Windows\install.exe"
      2⤵
      • Identifies VirtualBox via ACPI registry values (likely anti-VM)
      • Executes dropped EXE
      • Identifies Wine through registry keys
      • Suspicious use of NtSetInformationThreadHideFromDebugger
      • Drops file in Windows directory
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2168
      • C:\Windows\SysWOW64\regsvr32.exe
        regsvr32 /s C:\Windows\jsp062201.dll
        3⤵
        • Identifies VirtualBox via ACPI registry values (likely anti-VM)
        • Identifies Wine through registry keys
        • Installs/modifies Browser Helper Object
        • Suspicious use of NtSetInformationThreadHideFromDebugger
        • Modifies registry class
        • Suspicious behavior: EnumeratesProcesses
        PID:2920
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://www.correiosonline.com.br/pt_telegrama_sel.asp
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2576
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2576 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:1732

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    82ad1f14766162df9876ddec6fb1e6b1

    SHA1

    8a270d5099d6c4b1907248ebb421d69d6e457c59

    SHA256

    c8ff3583404a61f2c680eba7a55523214d95a1eb4ffc0325714311284d0094f2

    SHA512

    634aacb98cf9d5877bba122de14b0b6d498fc84598b95534c7974f412465bcc4a1fb3be61c9ee07e14e97b1b984b061550a8160f8f86aa0da3510b7f06c94967

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    1b0ff6993d5468467ed4ad27aa455891

    SHA1

    7aadb902f0351efdb1820122007d79cdb2207592

    SHA256

    1fa79c1e567c75515a2ffb7dd0c50bc2fd8a38f187b01e25a5d4670335d14432

    SHA512

    8ddf7026a04dc2975407365809488502a2431bc2ce1f0ca12cde98316f34745e6a4b71678d6849117820cc7c62c5c3e3fee62c2f8c77c3e9415e36fd15785f83

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    d97f423225550e6ebce14c2b8af9fc63

    SHA1

    9f9dbd6c625dfdc920b013e3cd792bafc24e1a11

    SHA256

    77e5fd6d13bb5cb228431de7fd5969476e4a2d804dba2d5cc2171bc92ae1bdf7

    SHA512

    0d6bf1c7c3673d63d3017b26caa8c1b6ddc8ec5a05cf635e6aba1865c566870d3d3b16fef59450a443c2f6d479018cf8a701e3b0a95c8336739d09ba5bd2cd4b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    c94072d047375562cd33419e8b2bf04b

    SHA1

    cc151aefbad5c2a7eb11387af5ac4d1448da7e18

    SHA256

    880bd1969ae73ec8096daf4243231c5e5dd40c29c0b5c2d51b7c438ebe7712eb

    SHA512

    f5957f7f1c09d0c521051d2a6cf87b9a09beaafddd443f95a25b4bd8bb5bba2a96c9515222e57d3232181a18452953b27f8d5fd136ad8c8b36de96abc6e25aa7

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    8b064595d1ce40e1cceccb414190d21a

    SHA1

    4cfde82df9800ec58203ec818c191a8d017f1554

    SHA256

    198b7b0b5de24549ef49a6ab7a682d68afee67d77ff94567ada9886bea88cc76

    SHA512

    49edc59dda5ff4f8f864f45c57a76f43ae9d7f8f08103ce58b1da0a75b0e616190e42c6b058771d68522e602edec04d2f7de2ae3153607789c008d8263279635

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    249c526e69a4e73e25c26fdb0dd21bc5

    SHA1

    32db7e77c50a20d505e74f3ac2b3f62f07810c90

    SHA256

    5c74277ed4af8ee2b9c2b516ad356ef8e3bfc09c0411d8233ba4fdf9ef504092

    SHA512

    e165243b4750866ee23ac6f3ab5b56d1f42eb36892e84cdb5863ccbedef8b7dbf9a51ca447774df859c5d104b79d40da75f78ddedc7764c5eab6f2c51c086985

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    db3c90496896df0506155f00377551e2

    SHA1

    06809c69b370ea87a387249a88c0ff5b90c1049a

    SHA256

    a4f42ecdaef4eb09f9e7d71e55c28b9f91cd6a07f7cbd565d63dad1f0fc52e12

    SHA512

    2cba69885161e451b02548c0388249df4f0025a1165389e76473ff54383b937ecf006c61c54f5e8fdeeede30095c9a7ff0a0cd49c625b4ebc8a8397f4914a050

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    42dd8de1781c334532de04a2e7689f40

    SHA1

    fbb93be4b9724df93154b8a3e77d154f54f65df1

    SHA256

    7b58fc37dac5875edee7b306d56f158149c8345db19f40ce9bfaa503fb1e57ea

    SHA512

    27b9131916b3dc20ab78c5c35c5cfa179899392ecc0a1989e50a0ef8907bb198f85ef29a0c81b81f9e409d7f35659a42d65c71cdffdc4d89387dcbef7f3dee49

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    2fde8c2918b0168647654fffa7d06124

    SHA1

    244115edf2472479b7affb2dc96a994d9680e15f

    SHA256

    5d0eab68a967ed4e726cb960095f69a6dbaae5fe613bd34168fc562ffc29624d

    SHA512

    9de7ada1dd416cb3e035a8ac804e7bd6cb06ff44a08561a2a3b642cdd2fab6bda9de2db579d774c15b456a200d11ccf4c26cfd823aac8cffbc7b3103aba86089

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    16aec7e7f993a505426b49601b59ba58

    SHA1

    00d1c4b80b98146234a5f560769aa9fbe4cdc2aa

    SHA256

    3bd5d62c9d121f2edc16acf3b8e49c590b330925eadd9f714e518e96056dfb12

    SHA512

    84c4f6a163ae5b496a71472363a448efdd567e491be99303c510954587c39afed04f4bb4728ee500903d306c0a94fdf8a8afebf6d45ffe7adc599f9851486213

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    e6cf31cc9f1705b8b1dde2c1776cc99a

    SHA1

    8c120f40cf47ee5380dd485c935321880d4f5a20

    SHA256

    77d2a379596832ee8d6da66ebc6e1f3c9476fa85aa415b0ecda6d42a48626269

    SHA512

    7309d5cc31e958e33eec1f873e10cdf28385e3c265c834c56ab3934a2827f551b59e0b8cc665e771bed0a8413743b373ee5da09221bc26f6ce1a882c2ac94692

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    ba16a14c533c1ece23d00bd9326f5138

    SHA1

    d8844dd8fa75dae4e3111d606ea41110e5646f64

    SHA256

    7afdcaddffc0cbc6a5fccd03a9e4fb873bef168e6d7648a41ab27509faeb94b5

    SHA512

    f310d0aba235525eacc219e52e402fa7c09726cc24a689a656fe121db9cc0fe4e5a304b53606d608fa271dafab085d07a42e94d455158c212796ff89715c3512

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    4eb55cce6c9f838eea204541c411505d

    SHA1

    e416fcc6e506acbc2197c54ba15e1f0e50f86680

    SHA256

    0774fea74e7c12d224b861263db11b7a427414bc413d2bd7d935ce13b3d5deb4

    SHA512

    8d277c5cf2a468f2a430262b9619a8d7ac4abb717664a21f0d8660f0db4f8a932925b7dbda7f99c02e43dce58e56efdf9510ac7fa75cb7a99a94025d67fb4425

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    689846116e24c78bd5458aff1705c3b4

    SHA1

    bc60dc4f40671c20c54705d52425726e33c63bc6

    SHA256

    8706901c8e1a72e87e36ccccd8749bcfc690af8dfa61ee32f0797bb5234b6d49

    SHA512

    3c4f5b0db5f7e1b58bc70d6f5c98278d1908be1124b984c95f07756f064f9bfb94bfa41a312fd5baa5a56caf55b5a8e6f147f8bedee0f99dc9f28dd85bd69f0e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    c9db96df8f2c3d05bf18a7275a3e2363

    SHA1

    b89eae5c939eaa54ac698b9b2d24931ecc81bc57

    SHA256

    4f92af68942ccc11ce0d7c5cf30318b04d840100981a184d729b644250f51bc0

    SHA512

    5cfca76a40f58cf83b1b5f114054389021d02538f802649687fbf3d09d90416bf6f01654565a76e5061c4145dd2908fb632f0b29b92f828fab8e2a8076c3250f

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    c7152b64586b5b77e4daf2c5a7ed2b63

    SHA1

    fda40d6c529ccc3523b117409172e5a8e852e71a

    SHA256

    1b321314a89195f2c906740d662fdbad9441db448cad51f90bc5ae18f3dc48e4

    SHA512

    c61335f33d399e2cb5352c5ded8b9011a7657b61241e5076414b569682185e708dbb73fa1b39841a56f3b219ea30c63c60b850aa6f0b850d113cb082dd8db717

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    b7e3dd48f8e5b2bc059052f814ca0358

    SHA1

    3defe235752ea3c6328e4a8f686ec29e2a2fae3f

    SHA256

    da3f3760fb0e3c856c8b397c0b366a1ee0b440796f68186f2f167b5f582f3829

    SHA512

    27cf68c9148402003911bb8eb14401b8fabbf387551d2d9abd86c87b5e88bcc24e49ac9fd699d740450667018ba7e791b3add9ae35ab37ed98929858d105e5a4

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    7c84a2339f8f5de8dc90d8d314534210

    SHA1

    a2b8a2f96c7742336baa51bb2c70b3802c3da392

    SHA256

    1a5e3645db50e44dfc684a7ed6db0655b7a397733b66de40a22f212bc4c5c27e

    SHA512

    c58c535b0ce82b8f2c04ffb2065b8d9e86f1e91ff1db1b67afb1cf6786209c899a706abe8080c44e2bf513ef59d048758638896d95b2f368651a53b1b5b2609a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    86b8f5f2d48cc7ef40b0ad749a2992eb

    SHA1

    0eb185f404b0a528f825efe3d019504e1eb1a9d7

    SHA256

    e80a1fb67353c52b1513185628ce6932c9a4bb6485c7d9401adcabfb4392449b

    SHA512

    535c3c162b054a859558e286c698dbb5af523ff625f7fdf913ad70a8608aa411b95a43aeb8dca98444e88d6455fc4c7d360fcf6711735955b18de670bf76470f

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    e6a8a0f137e0057bfacbcdea4f9f8306

    SHA1

    fc5b1f8c8e3a1aabaf065eb19b571349f73a41d7

    SHA256

    967d01981a3d1faf8e9fd7c6bbbb5bf655d97a70eeb3717aaf1ef3ad44851694

    SHA512

    1064e13af6950712d8677a3816494376ee2fea006e2de0b94f534b328520153718a35a3dec6f4743cfe1c4567885b3dad04cd6582f00fbaf51b3c25c5ac4e18c

  • C:\Users\Admin\AppData\Local\Temp\Cab4701.tmp

    Filesize

    67KB

    MD5

    2d3dcf90f6c99f47e7593ea250c9e749

    SHA1

    51be82be4a272669983313565b4940d4b1385237

    SHA256

    8714e7be9f9b6de26673d9d09bd4c9f41b1b27ae10b1d56a7ad83abd7430ebd4

    SHA512

    9c11dd7d448ffebe2167acde37be77d42175edacf5aaf6fb31d3bdfe6bb1f63f5fdbc9a0a2125ed9d5ce0529b6b548818c8021532e1ea6b324717cc9bec0aaa5

  • C:\Users\Admin\AppData\Local\Temp\Tar4784.tmp

    Filesize

    160KB

    MD5

    7186ad693b8ad9444401bd9bcd2217c2

    SHA1

    5c28ca10a650f6026b0df4737078fa4197f3bac1

    SHA256

    9a71fa0cb44aa51412b16a0bf83a275977ba4e807d022f78364338b99b3a3eed

    SHA512

    135be0e6370fd057762c56149526f46bf6a62fb65ef5b3b26ae01fa07b4c4e37188e203bd3812f31e260ec5cccff5924633dd55ab17e9fa106479783c2fb212b

  • C:\Windows\install.exe

    Filesize

    668KB

    MD5

    3bcf1d552a3f5ca5e641df52c572418e

    SHA1

    d3b193b3adb12e4bc5ab29bae76105dc47941ee9

    SHA256

    ee2f91eb69ac18b9c057dd9e5716eb26fef37501e941f8b781e610477b76bb51

    SHA512

    593d0a09305709ba8a318ebb94f9bd3db2798f865bc9b3b8a7d8191f0abaaf50be11dfead9f2b75e7c431de827d8a4416187aeece56396bee55ad63e686f99a0

  • C:\Windows\protesto1.pdf

    Filesize

    1.2MB

    MD5

    4756efeab0b28a6284ad7b07699615c5

    SHA1

    d0da2ffc0c5a6ab4236e28ebcc0828af3c91f475

    SHA256

    8983faca41c1ed196f82ed2e4fd0927c69008e733e16b673b2b295c00f89ce56

    SHA512

    fbf3c22a3a0c88bbab3c4e626ba69451fa3ce51e265416f47e0272fcc86380c5e073a8fd40afac3f3b53317dbbd0dae5ab20096ce4a4949aef6f38c20a8f0539

  • memory/1912-4-0x0000000003440000-0x00000000035B3000-memory.dmp

    Filesize

    1.4MB

  • memory/2168-7-0x0000000000400000-0x0000000000573000-memory.dmp

    Filesize

    1.4MB

  • memory/2168-8-0x00000000775A0000-0x00000000775A2000-memory.dmp

    Filesize

    8KB

  • memory/2168-20-0x0000000000400000-0x0000000000573000-memory.dmp

    Filesize

    1.4MB

  • memory/2168-12-0x0000000000401000-0x0000000000402000-memory.dmp

    Filesize

    4KB

  • memory/2168-13-0x0000000000400000-0x0000000000573000-memory.dmp

    Filesize

    1.4MB

  • memory/2168-22-0x0000000000400000-0x0000000000573000-memory.dmp

    Filesize

    1.4MB

  • memory/2168-21-0x0000000004590000-0x00000000045A0000-memory.dmp

    Filesize

    64KB

  • memory/2920-17-0x00000000021F0000-0x00000000024A8000-memory.dmp

    Filesize

    2.7MB