Overview

overview

7

Static

static

3

07934d9ea2...18.exe

windows7-x64

7

07934d9ea2...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    129s
  • platform
    windows7_x64
  • resource
    win7-20240419-en
  • resource tags

    arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
  • submitted
    24-06-2024 08:58

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    07934d9ea2efd2842933a1a30b96246b_JaffaCakes118.exe

  • Size

    119KB

  • MD5

    07934d9ea2efd2842933a1a30b96246b

  • SHA1

    95a9f52b75424f9af7e10446e550cad742ee3b62

  • SHA256

    c3361a1e2b6514648a7e04f7fb9d1517dddcfd9b3f9f084f3b878af5ce736544

  • SHA512

    ec2e8300c627b1a1bd6b8a5c64e349bd69847592baade4750b81e0ed96a08395e7c60739f3a6fc321426e172fc1f943caa99ef8ae58a546db2bb04aab9baae89

  • SSDEEP

    3072:HblRvw5H9BtpvlqMtFALyaG9SByVfDy4kQJBrvUTa:Hbla5Hf3LF/uyVfDypKVvm

Score
7/10
persistence

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in System32 directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 25 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 22 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\07934d9ea2efd2842933a1a30b96246b_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\07934d9ea2efd2842933a1a30b96246b_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Drops file in System32 directory
    • Suspicious use of WriteProcessMemory
    PID:1740
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c start iexplore -embedding
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:268
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" -embedding
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2780
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2780 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2532
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c "C:\Users\Admin\AppData\Local\Temp\vbLD3A.bat"
      2⤵
        PID:1912
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 1740 -s 152
        2⤵
        • Program crash
        PID:2820

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      0468356272ed5dfa1fd6b3d33b6dc239

      SHA1

      a80e9c9949678869f0ab41a41ba8d50cebe73aaf

      SHA256

      c34c35cc085d12041a49e4c6d43a078225e52137eb073420baffd2f3133c44dd

      SHA512

      d860920a24f7fabc084bd3c1c652ddd87a6da8b40077f2a8186f0c22945246399b2c1b791ab9da2168081eda3c460e922ce337022adfc43a763cc03419e8c07c

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      224230407b93129eac53921bf86c627b

      SHA1

      1c20e8b6f425513ce029c6b03d9957cde77b3715

      SHA256

      f5e24305df714d0b29d02e4da27dca949e2f1a08664c9acb3eee5098cbb83982

      SHA512

      1ce66bfbcd96df7cff161fd59aa23b368090dc4fbc1db6b0b2fa168f5fd7b9ee52ffeacefbbccba021f1c7f9dc199d5093ca278c47866a5ac02aada7bb468294

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      e3d83c77dc96b032b711cfe645482ebd

      SHA1

      ad9ae2dd345a97c05ba599b25866010e664224d8

      SHA256

      cef72055cde463de9bec963023fa37d32baebce6703329d3c66eba98530a7529

      SHA512

      865676f3cea54c1bf9d6680b24ced2a9edcd6a4fd8c86481dc3929397a811e5600c1467cf8215bfae696a6bad8b15177dca37d4ff5737a468524e20ffc0a04d7

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      08b8d081904a36954ad2cf16678c6d77

      SHA1

      fd2568fcd931a3b0f7d91d3d37ffcd97965c4e9d

      SHA256

      bbfc8ed8382f09e2692cd362a8e71cabf2d9185be3a0509358aebb990d7f5d58

      SHA512

      483175bc65c7499acad6e61e3c22b0f370917742d44a5d1e1eef6769347aa0c5ba7c46f4ae2c8c86679b3fbeacfd17ddbf7ce6469b84aadca8ca9946394fa26b

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      f4a6de9b6c4ac7f7267a9e55fd4ae163

      SHA1

      07b5fdbbbfe08b6ebe9ef8d82d95c1d541b7a00b

      SHA256

      faed9950666dca7e994fe02fe5612ab8ca40bf911aed94ce161be37acfee2cca

      SHA512

      354a1c52ff07c5f0c3205750414b6995dc2cb9cc6a4e3ea934692f357e3c34af258b44b7f1d83a7e110076e9ad5fa8164d295b625cd38c23315e49c1fc4d3305

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      8b00f53dcb1ed14a60bbfff3189188ff

      SHA1

      9ea9262eecd1ed8a24a718f3240703b682ba5d0e

      SHA256

      9eec184bb8ed0905d963ebff6f9065fddaa32d6ef26a2460b7821d9a71de450e

      SHA512

      b98f4441a441746010442a420059847abf62822e638f83a3d82692f05164f4bce57d41d654e96c078ab8c57c3ec1f3464e025fc0aa7f46ede8e3647bb1010759

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      3916634afa7f7b4e5d28527d4e98e36f

      SHA1

      1fa3ed49523b5e748e82c7799339ee2c17a2003c

      SHA256

      9932351764e2dd63ef0037415e79c3b25145578c4c41d0a3fe06cb3cd58c6e82

      SHA512

      225026971ae793e8342888a37c855283a5cbb85672600fb12b30531102d3039100bfc8ad48e622865c6c2356142d6515647218e792a599f656bda9e0a31f87ef

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      48eeb2cf6e48489dc7eb13a4b92df6a3

      SHA1

      7fc7114b932062bb757c9a5c0ad378dbb378a03b

      SHA256

      2481e096bed7379f253170e149efb35c1c68d7814da24dec903aa75a13becb91

      SHA512

      6c448a8ce97efa3928599a35f23cdb20b2f4e9ae8ad7ab2ae7553f07bdf27fd97d28b5352dc27394293879170cb09dfd91b3adca904d775a8856a09c71630700

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\CabD0C.tmp
      Filesize

      68KB

      MD5

      29f65ba8e88c063813cc50a4ea544e93

      SHA1

      05a7040d5c127e68c25d81cc51271ffb8bef3568

      SHA256

      1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

      SHA512

      e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\TarDC0.tmp
      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\vbLD3A.bat
      Filesize

      185B

      MD5

      2669853db686558a89e4550194fb06b7

      SHA1

      a5823fc5eb624591904c30d1d2371dd05e094b45

      SHA256

      6957dfe9b4352972316018de945af294de9485227875175496431df002b700c1

      SHA512

      fec911d61705e27e1e769301d7f97ee6532d61aeb9da4cec7d397f07537bbec36ace46289752353c0b30eaf4effff0fbc57ff964863e582ad16a46a19e89b775

      Download Submit

    • \Users\Admin\AppData\Local\Temp\vbLD3A.tmp
      Filesize

      79KB

      MD5

      d0a08d4325d05c72208c1d7ce53db851

      SHA1

      33278169af12f32efffb3c3ee8ab9ea7bb1f170e

      SHA256

      8fd42421274b54b02961a2ff43795e5db9b65d61cac70e2d4f4a14f9185e24c1

      SHA512

      21aa2f75161a95626e442b8696b198bae3388ec773d26a176a979803e1f9589b2fcf70c7bcf09fc74cca0306203b887074d09b3f468a845af0012bd95fd21b5f

      Download Submit