Analysis

  • max time kernel
    140s
  • max time network
    141s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    26-06-2024 08:05

General

  • Target

    114a2cbd4baa8f99839403dfdfa970a3_JaffaCakes118.exe

  • Size

    448KB

  • MD5

    114a2cbd4baa8f99839403dfdfa970a3

  • SHA1

    cf12815ccd4d9bcfcd2e295e6f84bb97692b8a0a

  • SHA256

    f92beb2a4d338f69c1d6e5248ba6384e7c1dfc31a7f5f485c1ef5d2a71538720

  • SHA512

    0bc01d6061b4aeb4631e08a21e101779f50c964d86aa469485e7f100d3efda906190a04cde99daac5c69b9a73ed399fac7a551ed21337e7575e19d623fa67839

  • SSDEEP

    12288:WyFthhLwcD96lU5JFDqYQ/IeTLHQBLfgmFg:Wy7hNwJlU3F9H

Score
7/10

Malware Config

Signatures

  • VMProtect packed file 1 IoCs

    Detects executables packed with VMProtect commercial packer.

  • Drops file in Windows directory 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Kills process with taskkill 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 23 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\114a2cbd4baa8f99839403dfdfa970a3_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\114a2cbd4baa8f99839403dfdfa970a3_JaffaCakes118.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of WriteProcessMemory
    PID:2064
    • C:\Windows\SysWOW64\explorer.exe
      "C:\Windows\System32\explorer.exe" C:\nod816.bat
      2⤵
        PID:1976
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://www.google.com/
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2556
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2556 CREDAT:275457 /prefetch:2
          3⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:3052
      • C:\Windows\SysWOW64\cmd.exe
        cmd /c ""C:\Windows\mssoft.bat" "
        2⤵
        • Suspicious use of WriteProcessMemory
        PID:2548
        • C:\Windows\SysWOW64\taskkill.exe
          taskkill /f /im qq.exe /t
          3⤵
          • Kills process with taskkill
          • Suspicious use of AdjustPrivilegeToken
          PID:2568
    • C:\Windows\explorer.exe
      C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
      1⤵
      • Suspicious use of WriteProcessMemory
      PID:2792
      • C:\Windows\system32\cmd.exe
        cmd /c ""C:\nod816.bat" "
        2⤵
          PID:3024

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

        Filesize

        914B

        MD5

        e4a68ac854ac5242460afd72481b2a44

        SHA1

        df3c24f9bfd666761b268073fe06d1cc8d4f82a4

        SHA256

        cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

        SHA512

        5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

        Filesize

        70KB

        MD5

        49aebf8cbd62d92ac215b2923fb1b9f5

        SHA1

        1723be06719828dda65ad804298d0431f6aff976

        SHA256

        b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

        SHA512

        bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

        Filesize

        1KB

        MD5

        a266bb7dcc38a562631361bbf61dd11b

        SHA1

        3b1efd3a66ea28b16697394703a72ca340a05bd5

        SHA256

        df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

        SHA512

        0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

        Filesize

        252B

        MD5

        c864c4b65941f08f3488a315f989f4d3

        SHA1

        cf012c19b0d115c720ae72e82c9c64c73087d3d8

        SHA256

        934ed20fc587501f44a5a8a999aea80f1aa0a8267f6c97fecd639d130fbf3d03

        SHA512

        5a1d5c458d19956363c85578a5cf895f45dc7655e4f332d5e40e75a1d7124f395c1b5985b2edc2b5ceca13ce7287a150e1bb511e776163db37328a592e22fd41

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

        Filesize

        342B

        MD5

        cfe0410c57e8ff93e25f5d05262d6d5d

        SHA1

        04625989cabc5c8db9d149d67ae7892be16872d6

        SHA256

        99b753b036f317f53373f290f83225ec019bf5808b65e9303e4fcd244ced447b

        SHA512

        71b14f4de28e57ba45be4c2429c29c20ece32e9b9ab21330d37960e917ed20ee8ec9b74962cfbec5c99881b0c12b5ee619b652c9861d8d23ae50a6c201d937dd

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

        Filesize

        342B

        MD5

        fe2a98be24f383bb5ca9e4af73c4d7ff

        SHA1

        b5cae1937acc5f90c8058d4c2287ea320396dc56

        SHA256

        aece1842a2139a8adffbe00855dbfec87ab0f434dce28902a82966d3fafdee06

        SHA512

        6fd41f9b3b6a56811c58c1d86f34c9a7a368da0570bf7dbfde88d9cafefe430309d422327546ac9251f7ad3de32e920dec20172b15cc7f88211c1278a65cb80d

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

        Filesize

        342B

        MD5

        e7f29e0959d0f1f83f6e9a6f4b4705a4

        SHA1

        59cb1dae1126b919f282cda6a0c76188f70e3ed3

        SHA256

        00686d2460bddfda37b862db1bd799aeafd4c804ec2c6df63be15610e78648fd

        SHA512

        c3cb8a4fd6c8e744338360e6761d34b646fcf03d06def9dce6686318c89f76a074a22961ed81f945d81ec25a7a0bae4dec0c8aee04be29efffe7ef49ef26db9e

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

        Filesize

        342B

        MD5

        724212399a190618eb1a63e907aa0547

        SHA1

        c9fbae28172195fe39a4082cfbf0594a5376ce11

        SHA256

        bd5089dc3151e76834a775e870944844e6a9079c2a9777df054a909e6bbd6508

        SHA512

        5845b10de333c485dd815d019104aaf98b7c7163e1fddd95a8b03924db64e959f8dd9722c03673e28c5a425e87bdb3f5090a12a06854a3c0a209e4c68ad6f89e

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

        Filesize

        342B

        MD5

        4bdbcc0dbe0044f7a639ecc8deee7c8e

        SHA1

        be8e15e70fd84db60ad8d2deb5a4d48af6f03646

        SHA256

        4c79de03c8d0972efaa2b90e4d36ade63abb17d72dce567c7144b264472f69ca

        SHA512

        d0dcb32f056e71a95eb07c9208eb9b699684e55b9219e91c220a7e1013405052cf4c33f32243d0aa9d33c7ffca30276cfbf7e97a6e00df526abaa19533745d4c

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

        Filesize

        342B

        MD5

        1be8e10a936b98305870dd82a14aa4f1

        SHA1

        d7cdc72d32323001acbbfe0df2ac8a71268b1635

        SHA256

        819c964030bfba50c605791788692d2693ebf3ad0ca442746086a05d9f18301c

        SHA512

        d0f3e492b8c487ccd8c491b83889bf4ea70c91cdad2fbf903a9e28aeed7d9fc8d7835085e521cf67371aa3046ca195445d98a32c32478dc5517e39554376700e

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

        Filesize

        342B

        MD5

        04d5002ce390461aaebaecf49f47be9d

        SHA1

        4857b53e1c59e2f7e2ce3adc7e5e4681a8ae4003

        SHA256

        9b36b5aae830968108e4e11af8f87ff98042df43910178b76b4a504ce9882b9e

        SHA512

        2d80f5b55a89e64daba9f60b92ccfcf86f001ab227ab878f1f35b2a098608a4427fce88981c9c6f182f5514251a5185db756ff9b55c75484629420ee21a5c029

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

        Filesize

        342B

        MD5

        b4a1cdef8061576a92d9d62e7d150cdf

        SHA1

        b503783e62baed77db7a30ea3229402c287a81c4

        SHA256

        29db3e4053f09ca1106f93d7353f974bb67ecef2a3dafe510531dca0b43dd66d

        SHA512

        be344664ade3c907dd0515b7cbf0f963fe2b79f4beb4127ed114a08e6732d0b48c3b6086640de369e6d6bb551418b5f67e4fc2eef970e315a00f21bf4d637ee8

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

        Filesize

        342B

        MD5

        975fdfe2ded48b212fb2873629d92bb1

        SHA1

        e6853a15ee47dc5d9a40626f34059891b6619416

        SHA256

        48eea2dbf74a772ae9705d8b1228f43601af1fdd8c461a7d0c75f8f416c9a4bc

        SHA512

        55dd21396af358f1960cdd0020e4a5a7ce752ddd8a098b3d45f33caf97f8462179e2a301982bc7086368c053c07181a83d05646033e1c000cc8c2afe218727f0

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

        Filesize

        342B

        MD5

        f5e7265cf5b62b568c7d879bb9afdc7b

        SHA1

        5e17fc5e78d8a2702f382dca75a82aa7117187d8

        SHA256

        7704999d1bdd261c7f382eb34693d9f5e84cb14e44c4d3f6629566e991de03aa

        SHA512

        9381f3fb51381855e0b9328ad48b1cc59f24f3bb215dc18e3991c88b48c75878394baa0cc93f51e62b44d9f74140754c83ff55ef263c442cc42e7ca9c0200706

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

        Filesize

        342B

        MD5

        a0a98967930d8fa4605d0f66aeb14636

        SHA1

        0a579cf51a8952a546af1aae34d070d7ca4ea895

        SHA256

        c06e9997c65433758a97f10c7060a19bd414e657454b2b23e2b2a43f07d7e022

        SHA512

        5d7fd390c7dac56d7b81d44e191e68d8cc800fe78fe0435700abccc5cfe5f3cecfc546b1507ba167931880494a2d24cc0d5ad2b1c538cf11812e1f3b363665dc

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

        Filesize

        344B

        MD5

        3979d1316073141fe5fa0a8bfb048d61

        SHA1

        8816e091517017d51f6b4ff78e61e17dff66a806

        SHA256

        af96689cedb9b1dee3855119c27a2e2eb72d0a0ba9fa3c9e82db85ba6e3dc1b6

        SHA512

        02ccf8459937d55e345ad2dc41a8fbc0c520698e3c5142a9984a550f2ff381f0567fd48585990d5ff4ad31057caf3316f354864792f3e2636985d8d0422d84e5

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

        Filesize

        242B

        MD5

        761a57d227ca83c35dcc7e60e55f390d

        SHA1

        3d98bb1c71df3f7c1bdb80f4a45b3411c1e82056

        SHA256

        73c4740fdf5ad6d84029538f3c07ee50af9ae579850f0f251e1a40c42fda19ee

        SHA512

        be3aaa75245d0ac425d6175041f356a56529b229dcc6a14c2923de761ed43eb5c07e5504d672b25d8085b084db7f14f812b7395fd38d5d3b0f932504e7345c09

      • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\jw2rl61\imagestore.dat

        Filesize

        5KB

        MD5

        46233ad2cf22df510f658dd54011d4af

        SHA1

        fd53a959cb42f466f31784a030def40d8a1af707

        SHA256

        af600d2fc5fd70ea395ba970a09b61d780046bf26cc93833bfaeca2b212c2f21

        SHA512

        e2a419b43dd594174b5cb4f03d0be39cdf20f02f4ee628652ffc5c55dae7452291b6ca74239c30484bd7e3d6cb57a571a5c77f7158c783e9745a823c12ca01fa

      • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I819HQXH\favicon[1].ico

        Filesize

        5KB

        MD5

        f3418a443e7d841097c714d69ec4bcb8

        SHA1

        49263695f6b0cdd72f45cf1b775e660fdc36c606

        SHA256

        6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770

        SHA512

        82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563

      • C:\Users\Admin\AppData\Local\Temp\Cab6BC0.tmp

        Filesize

        65KB

        MD5

        ac05d27423a85adc1622c714f2cb6184

        SHA1

        b0fe2b1abddb97837ea0195be70ab2ff14d43198

        SHA256

        c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

        SHA512

        6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

      • C:\Users\Admin\AppData\Local\Temp\Tar6BD1.tmp

        Filesize

        171KB

        MD5

        9c0c641c06238516f27941aa1166d427

        SHA1

        64cd549fb8cf014fcd9312aa7a5b023847b6c977

        SHA256

        4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

        SHA512

        936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

      • C:\Users\Admin\AppData\Local\Temp\Tar6CF0.tmp

        Filesize

        181KB

        MD5

        4ea6026cf93ec6338144661bf1202cd1

        SHA1

        a1dec9044f750ad887935a01430bf49322fbdcb7

        SHA256

        8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

        SHA512

        6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

      • C:\Windows\mssoft.bat

        Filesize

        25B

        MD5

        3d7c7b33e3c17d8a0ff01e4647ba538b

        SHA1

        1c6f75ddb631093d3f6563d00eb0e0b959779e38

        SHA256

        f2b5fcb625c6d60c62be2d371d45910506c4a650e6e1a994d0f284740d764c8e

        SHA512

        9ac3b3359c342f8d1d5c7b31abbe5a3797b1d642e907d3c1e8706dc632ac1d9215c4eeaeed454e552217a44cac6e71a3c6bbdb670f0df5450922777bf3b84a15

      • C:\Windows\rxing.bat

        Filesize

        18.2MB

        MD5

        de9b364971e516df97025c91f56a52b7

        SHA1

        f2d0b2dc72cebc45855ba1ef830bdeda81bccf31

        SHA256

        55cd4824054e26f311118fc1630be26f33c1d8fda552fbe5146c9ca7dbad503f

        SHA512

        9777a6ce9bf44fd5d426acc1ddc73910908b9fef1ed942c72e7a4c77fa689f3f91c053cd61690e75b8ae59948ff36e937e5b4cbcd197dff574d32e4d11bc6e1d

      • C:\nod816.bat

        Filesize

        374B

        MD5

        c9c561c8d6c771461a8ffa1adfab82a1

        SHA1

        ab0d4ecd4e6750cd9c88d007dd39fa8e9abfff0d

        SHA256

        fc5f49def9045d1f16ed8b63ee17dc9ecb8813348070a5c34d4ae073184dd077

        SHA512

        1591a86ecb930b594b2b0be8ef8675dfad7b3b73fef28ebe95e9dfacb8fa4e743f1d3052b01d6bc009a86d12505be6098c698bee2ae52c911c6421c8e4137712

      • memory/2064-19-0x0000000000400000-0x00000000004B1000-memory.dmp

        Filesize

        708KB

      • memory/2064-1-0x0000000000020000-0x0000000000022000-memory.dmp

        Filesize

        8KB

      • memory/2064-0-0x0000000000400000-0x00000000004B1000-memory.dmp

        Filesize

        708KB