Overview

overview

5

Static

static

3

0c7e69f257...18.exe

windows7-x64

5

0c7e69f257...18.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    117s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    25/06/2024, 04:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0c7e69f257af9d47ec8c86cdc51ef405_JaffaCakes118.exe

  • Size

    1.2MB

  • MD5

    0c7e69f257af9d47ec8c86cdc51ef405

  • SHA1

    347b9ceb210400e329de86542ae416311bb0939b

  • SHA256

    d4a5385e12616ddd43efe294e75c3261df0ad0bcb9dbdac881cf10359f0a64b1

  • SHA512

    7f8901fc00a339110f5d162f0562be8fdcbc796fe84778929c4bc68f4846dbe64fce0be95f16fbf025323e5429019309ddeb40816453694d4f22c6c7e6664971

  • SSDEEP

    24576:+tfvYdzpug9L3EHhIaH0YtQyMfiXlEVLB:YnYeS7EPIwl2

Score
5/10

Malware Config

Signatures

  • Drops file in System32 directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 37 IoCs
    adwarespyware
  • Suspicious behavior: LoadsDriver 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0c7e69f257af9d47ec8c86cdc51ef405_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\0c7e69f257af9d47ec8c86cdc51ef405_JaffaCakes118.exe"
    1⤵
    • Drops file in System32 directory
    • Modifies Internet Explorer settings
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1044
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.p2yx.com/
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2512
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2512 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1696

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
    Filesize

    914B

    MD5

    e4a68ac854ac5242460afd72481b2a44

    SHA1

    df3c24f9bfd666761b268073fe06d1cc8d4f82a4

    SHA256

    cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

    SHA512

    5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    1KB

    MD5

    a266bb7dcc38a562631361bbf61dd11b

    SHA1

    3b1efd3a66ea28b16697394703a72ca340a05bd5

    SHA256

    df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

    SHA512

    0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
    Filesize

    252B

    MD5

    eec0f3766bc65238bf641177e1899e48

    SHA1

    bcf3d2862591a84ff2c9cf1d4741cf885a931ad8

    SHA256

    df79d7cf52342b1540bb2836a4a6e53590d57eff94f2f22f8e341c53f884ddb3

    SHA512

    c250a03a30e7d6af0b49fa6712d33e603f7d7f0b501af9f7d274c757999f17cd3dc45961feffa766203b2740502bb74407ef522ac77f07d2d2daeaec5696306f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3621e8c7c26e4a9903461c3e2d2b3adf

    SHA1

    ee6631d9105fee47c699d80b84b8fbd5b078a1c8

    SHA256

    bb8d0c3a4d08829c7effc54d5a8db8ed1a10a0358e41808e6433cb2d127c427a

    SHA512

    e53c149334c529665b186f5515029088813515960b86e9bd1d2677b0591f8b32a7e39ff1b467abbb835c9856febe0b0803cd447fa8c1735e09fbc0328195e806

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4de2312ff9ed51b5998a684162de8a9e

    SHA1

    fa68055bec5004117ef3bcdcff8197470a38321e

    SHA256

    bdfb5063d9f9c668e6b38f7a41a1b858f6e3bddbd2623e3850eeb4c9d3d73c6d

    SHA512

    0a07f81d7ecffc7d4808c0fb99b2c6e1bf2171765a6f339b9af482282d1a8ee18dab4c5d640b43d9e4e402c4bc32cf908e793b7b0215884d6e5300dad628533a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a0581d7401ffd7fe244f145bed485652

    SHA1

    3afb98e84e0a43149e3ecff5cf678662e23b4bd3

    SHA256

    3da435a30e787d8f38f3ece9502506f55a7847a8b00faca9cd92f312662f1b34

    SHA512

    8d3e3c4c18c9d7390c23f1dfba30886beafdc7e3b6e256febca9886295d1357a3d070153dcb2267535ba75a9be21c307c0a24def2b686c8b0a55c16424817339

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    155341e00e714303f94b655acb732397

    SHA1

    bd69ee0eef5a8cb8e285eab967f63b753e91eda6

    SHA256

    8599e887be8d1ded2b40d0c1a777fe5a322f69b975fcfbb7a33fc947567b18e9

    SHA512

    ea24f10e89035b473d4d608c6e20c56756ce6b4badccbb0ecd2de11f373f9acede8d6de59ce3fcc6f5b42541f70057fcf46196fae249c2aa4a2e8c22c18fb66c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8807b7e39dff66a14b93d6d3675487a6

    SHA1

    71e41d10f8ce9d2c5a6ba6f5bb3998d6c8a243f8

    SHA256

    fcc926eb323e403035d966082897038caa9be0a5f809c6c0ce50d6c99b091af0

    SHA512

    fabab91905612fdd93dd6d8068d5c52ce1ed487a5ff8365dabe9f1295bbd8490d938ef5b6e076f31ae5ab330e650e6d54b9e78b32c413b4c551d7c78ab5d422f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d95386a11f8e9f608d9746645b19fc03

    SHA1

    4a1eaf2dece91c7102142adf41ecc17b928ff14a

    SHA256

    d51ffff461b49e92fe5e0349cc96e882d8ab5b3d95cb720faf93a42908c0cfae

    SHA512

    c75571877f40484f20ed854d0dcabaef61c0b6d72349b5a7796862d843ba899409ca8681609e59f19c6425d2e5c8a3c078121f20f3685adbb75c8c09ff4cca4c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5aebe00511df8a8977aabc994a6b4b7e

    SHA1

    ac334da1164353a6592c6276001b4a9935ecaa9b

    SHA256

    e32237a85fdba77edbe119a43c3da91f791383b58ea50feff19186484deaf550

    SHA512

    f43b1ed7fa4e73855853dd1fde980b6e77c616bb03b8bf77c9572b9c96b6312a39a4b53b616279c4bbfe9085a8c0bf60cc70338ddc037dfbf6747f39fd58eaf3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    deddd310c281ea70d25c1191e816b5ab

    SHA1

    c786132770f9268cd822d4a98036d78c9fee06ed

    SHA256

    b368d4f84732932bed651cfa4eebdfe491cb5490afc0b56357264c71f0decf96

    SHA512

    d9e9062f9a3bf3cff04aa2eeec839043008438352a35a8efbd65967c29b8412462e761ca88b9ce7f8528feabef13e5e9b4e251d16dd5262d85ce8860384262a4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c385dc526ce129e93517c4e72584184c

    SHA1

    e1d59881f05a963f14be0e6ce01f40814ca7423f

    SHA256

    1d60199bffc7eccfc2e12092e151445d65f2716c71a97c8d58e8047750b56299

    SHA512

    ce3e0ef484a7061bb1c39a07186d0d146a3a9ccced05d260b029d75af6927ef162311c1a189a4c22a520b92f1851b0d27d1e133f9b75e89ade666ce8e305b2a0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b073c09bf7ff0338e0f33a8237d40623

    SHA1

    74977fd3c566aa78e1bd380bd9796ae8b4d34c3e

    SHA256

    98baa3d7944c6825d76a9733276cfd3178729eabc64c30febffe51089c5b3de9

    SHA512

    dcb59bd8a14e054c26e6d5e5e84274075c2533f998ebb4c138efeb786125d80f90444c2ed1a0d1052413716feeb760a85bd1e06049aef8200622b7c17d888ab9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    242B

    MD5

    f024393eea254565c61e9b64f2833917

    SHA1

    3e9d51c9ad4fb7ae2624e49fd660aa831352df7c

    SHA256

    2f0d6f8bed11d575d85a006e58ee92ff76e3f854993989748054074dea5e7815

    SHA512

    8d4a24b695a11089fd04e68ec3eaabded965e692e8856b1f94b58b9fc0fea290c8cb1c8a12c1163b57b42a2f09981d96ed332f077ebb7880a19b9396c79e9dd5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
    Filesize

    4KB

    MD5

    da597791be3b6e732f0bc8b20e38ee62

    SHA1

    1125c45d285c360542027d7554a5c442288974de

    SHA256

    5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07

    SHA512

    d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1J4KG2LT\errorPageStrings[1]
    Filesize

    2KB

    MD5

    e3e4a98353f119b80b323302f26b78fa

    SHA1

    20ee35a370cdd3a8a7d04b506410300fd0a6a864

    SHA256

    9466d620dc57835a2475f8f71e304f54aee7160e134ba160baae0f19e5e71e66

    SHA512

    d8e4d73c76804a5abebd5dbc3a86dcdb6e73107b873175a8de67332c113fb7c4899890bf7972e467866fa4cd100a7e2a10a770e5a9c41cbf23b54351b771dcee

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar46A7.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit