Analysis

  • max time kernel
    122s
  • max time network
    135s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    23-06-2024 01:05

General

  • Target

    04af84a30f644482205085fc99d2168c_JaffaCakes118.exe

  • Size

    793KB

  • MD5

    04af84a30f644482205085fc99d2168c

  • SHA1

    eab05324d5632e7c0665265923f04b4a6ccb92d1

  • SHA256

    2951824bbbdbee11738877cb83e02c705af9aaa03d8c63aaa68fb63984475bfe

  • SHA512

    72910d9ac6c81ad0562f694c7404dc7e1c52cf7de7ff0f45ebaa96b8671de6cd702f240f042b4b6f4645ffa5976fda9c378c5fbda86f4e71f3a834f11d15cd8d

  • SSDEEP

    12288:34hmnqrQBuHQ6Iou5CqYiqmqrrwsNs++VG/WTEOxz+k6:QmnqrFQ6Iouvwpr0sRWTr+k6

Score
6/10

Malware Config

Signatures

  • Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

  • Drops file in System32 directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 35 IoCs
  • Suspicious behavior: LoadsDriver 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\04af84a30f644482205085fc99d2168c_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\04af84a30f644482205085fc99d2168c_JaffaCakes118.exe"
    1⤵
    • Writes to the Master Boot Record (MBR)
    • Drops file in System32 directory
    • Modifies Internet Explorer settings
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2088
    • C:\Windows\SysWOW64\explorer.exe
      "C:\Windows\System32\explorer.exe" http://www.51cfwg.com
      2⤵
        PID:2624
    • C:\Windows\explorer.exe
      C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
      1⤵
      • Suspicious use of WriteProcessMemory
      PID:2656
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://www.51cfwg.com/
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2428
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2428 CREDAT:275457 /prefetch:2
          3⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2460

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      2a79ed5cd9531afc28b1674f558f02fd

      SHA1

      3c6aff7d7e8009ae1d598488a34cc48cac7f4654

      SHA256

      96599ced96aee1558878946550942e00c81f99868207e11b23b42c3a5f488201

      SHA512

      384f92de09bd97238fde5bd93a072d9043463ee27fda1a07bcd066bddb75a1f5f32dac286267163e65b5d13a9b0e90f4b5d369a992b1d9a6edbfe0b32ffd3e9b

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      3737bc2af38f407b193a9777f486d68b

      SHA1

      036a00f0fc4135de13b2585ef2f691116cd7ae6e

      SHA256

      60f69bbdde854392a9a18f08911b90a96233f1bacd18b7c75bf51820ad71b39b

      SHA512

      a8f1e35b7ea224e37c4d53888bb45b30d83124fd0c9f5a08e3ad5b02da0655ea076f217e24a70355036b3ecacd05ca66403dc3e71c1dfd88a1c4159b8c5e2473

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      47f4e1c02d9d4957a134e11af22110ef

      SHA1

      f5cd069a81a15c06cdb5d1873c83eb1de074d7d1

      SHA256

      3d27c8aa90072fb00e520b9990aef8c6a3016474f3338aa43f7847a18267b6a0

      SHA512

      71c60ca45155e8753dcf68a489730beab20f90d20d784144fe339402c61ed9ef5e1da7a612a2266cec3212baaed9d5ee8c2fa141069a44740e7388880dfb688f

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      0ab135cc4b657cb5cfd3605ec468d332

      SHA1

      4bde92b621e02aafc0e9dba48d21751eac582f59

      SHA256

      6dc00acc56bb4216249b8b5eb1138947c7051a946338dfb740be14c3e0c26661

      SHA512

      1f3f93f6919c6893b3176871ebd1386bdcddef85efa288d637d9f4f0488d279d4a477cba9384f55877b2b9f6505cf9865901ea683626f3e2e12616b3d2e729c5

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      a8f4e0e22c91df6eaaa568ccb66d3832

      SHA1

      685b2d87799227d2eb124cbdf2403bd0e49d674a

      SHA256

      f5a693b2345c259c40567d124a0a7624f1efa5691ab0dc3595247788388a1739

      SHA512

      c9dae476b5e7825fbd1c3d2913bcdb9d0677fdebfb63f14696a3318b071b202f825e5466da3aa2d5cf4ed0a172d6b8fa1192ddf682e947acc4d56d768b3eb4a2

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      957b30b61bd8f31d5d4dc063ec50199b

      SHA1

      16005447cf45ad6bb74497221062b02c8a776d51

      SHA256

      d34a0298361c7583ec449e40e0b063f1787d726cddc5231cb39fc887ca214dde

      SHA512

      d19c9d9afa58fc16d099f03d4dfc022ee00b22e30947310fd6954cdfb9e394e10ef9545957e2036ac08cb7fb047f7b86c7eb4dad2ca9171924dc026834b48ba4

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      e7742cfefcbcd5dfa68aeeb5ecb9af60

      SHA1

      dde232e1074699077fd48389c599dbe365c8d542

      SHA256

      f8692a9c5453dc5fb4303b502fc88e28fde054594419149bd95bdba057ea3c6c

      SHA512

      90905d603abe323017b833a46f35363fa5727b27375327efce5722a56860ac382a625fff8c49f34836b3a54b3c3cf3cb4708bf3ff9d6789870a5abbedae25127

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      6ca73a8f124daa2c904a22b9188d6354

      SHA1

      25cffc690d439981d98384cf6ba2f23ea1795c8c

      SHA256

      76a7f267009a45e3b8619d9e9215a08f4ea7eda9b61c8b56057c7597d8f044e4

      SHA512

      1b72c42b0b5442705f3a9ddeee1c16bd4a1b45d9641d2eb8eaeed8b0da5e1851f3c547a1bce693f965d94fefa18ef49da42419a3f117f0217dc846237993dd23

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      3e24cc8acbb753ed81292df8d1322a32

      SHA1

      334b3ab4407354edb0788f2dc086eda0f8bce08e

      SHA256

      4aa3adc663f25fd1d8a5aa598205fa2c50064988b86227504fefdae9fb93e943

      SHA512

      97504dfa1503785d7a848d9beb9b459722be03861946b47e56141e92cb57f513305eb5bff01afc6f658d4f8fc6fefb31e46031c240fbca85bb6f5a0ac85492e6

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      ec6d18a68c9b64f19f334d59e6407cef

      SHA1

      cd627725765b6555aebee436c69cb4979a444b49

      SHA256

      a0bea140653fb4cec8e66c05d65accebd65ccb39e017917f3c370ec97e40c6d8

      SHA512

      3a1abf7d664e149ffc9d021f7b585f1eafd09ff434f119c7a00eb52cfcce3809a74ef83f6041754867f06b8e68da2b88e5706222c2cd2e049b8151674ff50a56

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      f33888cd3297cb2801d69ea7d8c26b0a

      SHA1

      3f38a9e400a40566f2d77e373a39076ee9495e29

      SHA256

      afc5b5218510cf0425fe19eb4eced210f10dfabdc09c1646e7fd3f5a118922d6

      SHA512

      8fae482bac0b2ebf0db54a7ec9d78fa6250ee676f4db817fd474c2732fc863d938fe5f6254e3aeb99557d0f078b48b400c9657089d4701835fd798f991b128ae

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      3b807e53fc114574a7198f5096a06f8f

      SHA1

      57c899b74683ce4a0baf059e1cf8247f751a090f

      SHA256

      19603670b37189e9bdf7b8f89770c28b96192190f78d2224f4b92a7940819e36

      SHA512

      ac26f42f79f66ff2087ac99b5a828bb408b2b8840c98e7e933bd8b6d96c7c2623578f91d5eaae0f441850371b937a392a242e74fbca6ae2852895975b5a271c6

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      ec48a0d61355ae247339ee7ac1882921

      SHA1

      74717b24434b329d989983513f0d37765f3cc235

      SHA256

      13f8cf96a7186a701854be0a64623dc7fad51d33143581d52caea6fe4d564536

      SHA512

      92160099e92725855ecc8122165639c24422e7c3a8793ae5ac0f3545ab4ae3d44c12c06454bcd9a0c2c37918d4f886ac38222d9b4d2937439489831aad2d6bed

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      3cb32b18e382d3203814780bd5974041

      SHA1

      859c9a19705e1e2398ff327f2ef4ab050d28ff8e

      SHA256

      6464c415a7668b27ee14b492d871606584850d2a6d2849a9f26a8d7926742128

      SHA512

      3e5e2328870e534baaa8c14c5c1c48ad9d369fa4acb858ca5527ad5ea9141580f0e3bdd9622ac425c100a77b18dca594bd545a10d334acda102956dc95cea1d5

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      c0dae174c74a905ee18d28584ec5d22e

      SHA1

      42a3179855b530e6ffdc8b1fb289a53be0df692d

      SHA256

      72d3a292363a549a247135e7f581bc30985011092350f8fc5b08ac046ddc6653

      SHA512

      c8fdd9862bdf686c1b2354c7c3ce38599f3f40790f549e3fff461e0a2fa6c9e634431053217ae70c11c595c41db66388526da04d2ae30ad06fcb93a1b118314d

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      c1f90f95f21a4d29829aaaccf683223e

      SHA1

      4acab7a1e0c70461bbfadeb99c3290f525b3f2ae

      SHA256

      5c6bb3edb98eaa9e0467faec4c816743a725d75c28e25e1d000bc9281fe899ab

      SHA512

      5bf79727333c5d008b05bb6b222cd6d9fa25d939f0a9e000ca5d7f24bc906e28e05e2d362f767baaf976a6e57911acdb35201127f509218d496467cde47db5ec

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      b7528ca679368a5c9229df98941f1b20

      SHA1

      7f7a40c3efe8a2e12d73316f5d1dbbe0f91d65ab

      SHA256

      f32842550e7017fd8dbcfbdaff43fe2ccb7e68fb2a7bb3f7c9ac7cabc367c80a

      SHA512

      870fc53806dfa22e8d2f28f558fccb652af174f7a0fd76a867a08825e61d7362d2331c3071c9bdd7c7146d87a366df2afb153f3c8ada2313edcea3fbe45164b8

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      31b97e4b31aa9e9b214c5edf276795d1

      SHA1

      16991d1a6d0e13e068ba28a9057d7cb873a79b2a

      SHA256

      1b0dfbb8c5355f017b13fa56a28b2f3260e3aaca28cf7218ff8e717df4007ce6

      SHA512

      9a6b2b685a41e14bb102ee7c8955ba59af52adeffa667a9d608d42467fab192f9f57110e9731c53a9d43c0f562ef36d5303acd2197f87fd8e04df0bfff90618e

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      61d1aff3d7da60f22449a9eed90c175b

      SHA1

      f2bd84b27f4e20f73fc86db8a6fd00931fac89fc

      SHA256

      7b7c3a237d9675884e173a4c3ca1f40d6c776f256a4744e51c731890d65105b7

      SHA512

      2ea8da3248e219cc50424487ecbdf4582d381af177ae1057f3b4a352a4da6176df431c9048422c8d3b033e41e8eed2ebf00779b77ad4bdf40b5b578b7a4b2a65

    • C:\Users\Admin\AppData\Local\Temp\Cab5D7D.tmp

      Filesize

      65KB

      MD5

      ac05d27423a85adc1622c714f2cb6184

      SHA1

      b0fe2b1abddb97837ea0195be70ab2ff14d43198

      SHA256

      c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

      SHA512

      6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    • C:\Users\Admin\AppData\Local\Temp\Tar5E6F.tmp

      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    • memory/2088-13-0x0000000000400000-0x00000000005E9000-memory.dmp

      Filesize

      1.9MB

    • memory/2088-0-0x0000000000400000-0x00000000005E9000-memory.dmp

      Filesize

      1.9MB