Overview

overview

7

Static

static

3

098170f8ac...18.exe

windows7-x64

3

098170f8ac...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    141s
  • max time network
    149s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    24-06-2024 16:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    098170f8ac53a4ee3c5f1dc139a125e2_JaffaCakes118.exe

  • Size

    1.7MB

  • MD5

    098170f8ac53a4ee3c5f1dc139a125e2

  • SHA1

    695c4ff94c3d3d78a485457fdccef4b86abc6c4d

  • SHA256

    f4c8bb4b55f9a38245108a08305fc2665e9b93cafc32b9230fd27540ffc246bb

  • SHA512

    8feb9330859f9807828380195c0bc06e9025453554003a4c4e87eb2ee13d77ff8119b954878c57eca1fe1101d4fc9f8782cc782fe40813ce4df772dfe1a4b2f2

  • SSDEEP

    24576:upiC2B+jEyDqSjUkVdQhY7uF2CNYXZAmxjW4BwC3sadAfI7W:2iC95RjLmJcCIDfwasI5K

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 58 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\098170f8ac53a4ee3c5f1dc139a125e2_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\098170f8ac53a4ee3c5f1dc139a125e2_JaffaCakes118.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:108
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://bbs.3996.com
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2072
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2072 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2668
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.zhaowg.com
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1976
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1976 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2712

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8874a67be87e6cdd441ec3d0a8312cd6

    SHA1

    8dc33399378fa4b93b9f627f4c2de185d5d37f8f

    SHA256

    8f82152efda759a88fd10a49850a8c814d9069b0c2ae74e9ce1308f9ba2d1e4a

    SHA512

    ea0e98f5a0eda839895e49f54dd54da408ee7743f018f6f15294186d3745ffa26fcc625f0e248cede4745f0a9557f21ede0af8cfb117245ad4d7cce464ad7ea9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    82ea339d569052e4b40e8eb05fee4aee

    SHA1

    b74d8502d4ebab2433a830c54434f9415f45bde3

    SHA256

    75cc3d908338b156f709bcf2d878a22d054e7af99ada3a9a9d6be86ce9454007

    SHA512

    564f71008d0ed2df7afed6c5d4e94faa8b0d0cc98fa7c387336e6284f4cdbb15121699a1d2b9a8d12a341ae9a21aec9f6ca1c643b35b1e7d6b8410adf0a94bef

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5f6b2390bb6b5e9579702b3f7a598154

    SHA1

    d84b315fb01a99ded4f989eedfe97acdb33841dd

    SHA256

    72fba8df41637f9b1fafdc2e4444fbf3dcdeb0cf40bf5288883530eee74e50d7

    SHA512

    e527ced699616f518019418f6af02f88756c31f3f539caf24778b0e009933b701bd3bfb04adc69810d0d73e2595378b5e24cd9ba810e1f3f9871d51a8bce7964

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0f32fb16d9670d87beb566caa072c0b9

    SHA1

    3bb1ebc7dfdb541225b2b3225f534d4eb584749a

    SHA256

    ccbfa225867572780a7c7e9fa6ff6e62657a3af61a59b095a1a36e6c32df1fe1

    SHA512

    ff076398fea491b09d1a8ab3d1e0fe292d9c6f3df471e453ba9eae5b114d9e1a6045aaeeb8e70c3e5b055453896df46836867cab3c23c821f9ac3cc7d0922ac5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c79dbca61a2dff6543270f5311e0ab2f

    SHA1

    5920e36cfa0f27f0c186df16efa6f80ed614e6e0

    SHA256

    dcbea952a08dbbdf6e774597c0ef198844d24d8dd036ae8b482883727664048d

    SHA512

    5220eca687816d0294914645fabd66d01c52525561bddb8d029560c399bcd910b96b5cbdd6707464cd0c8efb68812b70dd72de03953bad7189dc3f48ff2b28b5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    484dadc8b2a7f797988ebb574a16f3fe

    SHA1

    79023491b12e2b8a52cbb4d246df990d433def8d

    SHA256

    85a41632dd984e5040b3fe724b67b865f4d6e16cd1bfde38432ef2e75e03c0db

    SHA512

    6cf00f097c4b15f61e2fc26fbd19b0f2628e0ace912b8de8e154290c9cdceb8f57b11193153deff5d98b0e53953af7a44e7828be2f1dddf782add6f4a250f0af

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    de8cfd3d4a5e0b68c1e65574d2b9a6f7

    SHA1

    a8d1d87302253d391989f03d78c456129c178ec7

    SHA256

    ee328675f4ac23ce5340b48166a65dafa53ad7d532ced62b18fe79bedce7fe95

    SHA512

    0b5bc0d32c862cc9dc9e329102dd53782da69aaca3af90a49a446b2213c235d4f96f6f38762d8058c4083f4475287e7ab8fab31b96acb51dcf6bffad2c066dcb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8ff65e9f0ff664002a90d775ca4bc216

    SHA1

    e1cb383e11676b0b45215757c5e801fc4e1b6bc5

    SHA256

    d6715d6f3434dd2bd2ed79ca7901d73207b44ae0d0c74f6258de990a0e8668c5

    SHA512

    8dde371d7802dcfcd66dea1d4364fa525ad24602851765febf3a5d5959df59c467b5091c99e67d44ebe8c5f7ac89596819bcc88c101e055b04119a32c33b9154

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e53613a18326e8673b80523d7ad15c57

    SHA1

    f6dde749642d83c76d7492053f94957791fb5b47

    SHA256

    e2384b7e5f995014c3e350cee1e6c9a6789512285f01b0e947b412263abd0f48

    SHA512

    07d451910d7a492582a383e6c1960573c2ea812f22a295022686bb4cb2e260b29914ee8907a85c5980fb8c68ccb1643738c6a5689bb28db1f92475455a174d9d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6e1146c56333631b1dfa54e5189c88c6

    SHA1

    0a3f888d23e5b1817245312228f62d5b5c4bfe92

    SHA256

    e9f595be16b6cfe13378bac907456f4c16d7f1e52d4380c69a437e4e3a46c97b

    SHA512

    a6d53640ab311a12195cda67fc396cc5e724d0483b193c9301a1df3b351ad9a2997177d9fb5f52a69e15077f882bc700a34247e66fe4ba80f425ae7bc72cf5cc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    43e203d6e6d47a91d9e39779f9196062

    SHA1

    8558957ca238d6f25a40f0134e0efc7304c00252

    SHA256

    0a84d75a391b89d9da0554a11654083ffd00a4b95d9b73e242f6bc1b1d06f49a

    SHA512

    2595315b0e966eb465eac60083a0b2190c9fc15da6787bc9f2a3656b8724151f6e6eef0c94d5293a0bb920d0b205a7d7c747718f3a9f04c8c2068383f4c32dfa

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f523bfd078e68928794b7368fbf0da02

    SHA1

    7bcc80c6d72495a8fa8a852a194f253625ac3f2f

    SHA256

    a183cea7b82a27410d77b73471e1445a33c2023b568fc00f280900305e58b729

    SHA512

    f6b5a1fd292af73ea9ac1dc376e54167ebd4e1779d8060a5a6165bd714d361480cf7beadd3d1d82372b3df2bd3bf7a820024d1d9ce0d169d3f2f4ed72fa92ea0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c6f0e47801271dec9b0eae32d3435c17

    SHA1

    97db2dff85e1a4d18c5d9f2152eb3b3fab5c3964

    SHA256

    8fc1bc03f6106c70b4a8739ac4c3d40f93dafed673459317461007ab05681fe1

    SHA512

    e54ed5ec7cb469ef580c0150a45526af21d5b42cf9a67a28d00ddc6029764781bf776cfe228bd1027829e00e327717329db6245f2ce4e84d0d93815f82cedae3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4600b637094191729ac4bff7c465f95a

    SHA1

    c780dbd07cb0e4106ea8f9c6f7f8a63d218fd632

    SHA256

    a477cc1be0157d6d96d9b97c46fecf0b446ec7bf7ae3278e6bffa52b5841005c

    SHA512

    397911e4093e858dfdfa3aa3256e9dd0f7d2f39979ab1bd2d0504610ba5b5297ae81478c2b2373a2489c8d7aa43726e57595378d23304ddbce9d111a0be24ec5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    781f757a29fe97f85428ce965fc93724

    SHA1

    0613628c619a872b837046f7fe7f977acfa3b4b1

    SHA256

    15f968746aeb5b4cf484dd6e084296ea3fd68f99826c40906b5f8ccefa3db582

    SHA512

    020e5c5b9e04e2d1d216a295a8449caf4df6d6868fe5caa0f02f02df2ba59d01b8556d92f87242c50906737dc770aa995a000fac3d348a214d7cf172c41246c1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b42e290ca51ef825dbdf8c68a607f8bc

    SHA1

    0f681d9e75654ffc841c761ff711ecd8f5f695bf

    SHA256

    a1a99e89e0d4a8af578fb22ad1ea83d7a0e25ab9f4347cbc799ad6b6f9b01893

    SHA512

    62f88c134fc7bb42ea74dee5b0ff5129e1a20d6d35ecdaf1188d86641e93fb311a550f31858694171c3240ffed38efd16063c9310976641586e7fc2e7fad320b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    23d3a7cc04fae452c95d3e1436e2d06f

    SHA1

    46f442b675de906abe1e0b0f3139e2deebb8e7fd

    SHA256

    8e0eba222e9377de8dd7f8b515f8ce157e92a96a03db010ef4e8e63550e05fc8

    SHA512

    7872b92aa14f355c91b54b0ff4055306347220ed053d83c2dd05393bb3de3e23af1600a79e460bc996e95b7914523f6d76c4f8f23a5b8114b2febabf349a29f1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fd520c07e66a4e015a0181ac50d38a56

    SHA1

    b0c4d08488c65f80f51a8f097fe93e6a99dc59c8

    SHA256

    f52013d6a5f4722a307dc05b36af715c40814ed99968e8887157c525d3997a9c

    SHA512

    7a47f96b5ce2e871af365c56e5b0626067622ee856a0dcecd3682b2abf1e79422ee733c166b6fb55eba0674224922cfc2e99677711cd553e9d9f41a4b2f6f80a

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{32E4D061-3244-11EF-8C71-D684AC6A5058}.dat
    Filesize

    5KB

    MD5

    0eb4d532452ad05f00ccf92a051ebeb6

    SHA1

    4934e6da2ebafa4866580cd164b1a14579630b18

    SHA256

    3fb2e260be1da2a5fbf6e7f11e2b3f2aef7a3900908221b1d587b8b10cd39b35

    SHA512

    5ae9256c98798991e8a026462298c8512746ec72b8236654a1df1a88b72341b3e29998098f4e7993b7c83fef57a4ddba4da6ae9e5d133fcdfb73f575f5cd0fca

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab48E5.tmp
    Filesize

    68KB

    MD5

    29f65ba8e88c063813cc50a4ea544e93

    SHA1

    05a7040d5c127e68c25d81cc51271ffb8bef3568

    SHA256

    1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

    SHA512

    e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar4988.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit