Analysis

  • max time kernel
    150s
  • max time network
    149s
  • platform
    windows7_x64
  • resource
    win7-20240611-en
  • resource tags

    arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
  • submitted
    26-06-2024 08:47

General

  • Target

    1168b89f120da9898cc71d3ab48bd768_JaffaCakes118.exe

  • Size

    88KB

  • MD5

    1168b89f120da9898cc71d3ab48bd768

  • SHA1

    8963fdd65cbe1f786f0296b26f46f71897d12dc7

  • SHA256

    986cd097aaa077dd2acf09937266c69a64fdf9e3b8d011ed7656b6f669a81112

  • SHA512

    86ca04ea1726915231913534bc64650d32deaa729aec43f5a74509e1c1e438cda1ae124dd4088d1e4876e61386b94702e4512ec8ae7fa6615219596d1b8f3bed

  • SSDEEP

    1536:dXNXdlRH+Dwk4cSGesvhC8plnQ85+HwClgfTQqPTFTCtOQ8Ccfic:ddtlRH+UxGzh3HQ85+QqoTBfic

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • VMProtect packed file 6 IoCs

    Detects executables packed with VMProtect commercial packer.

  • Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

  • Drops file in Windows directory 2 IoCs
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1168b89f120da9898cc71d3ab48bd768_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\1168b89f120da9898cc71d3ab48bd768_JaffaCakes118.exe"
    1⤵
    • Writes to the Master Boot Record (MBR)
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2940
    • C:\windows\svchosts.exe
      C:\windows\svchosts.exe auto
      2⤵
      • Executes dropped EXE
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      PID:2432
    • C:\progra~1\Intern~1\iexplore.exe
      C:\\progra~1\\Intern~1\\iexplore.exe http://jianqiangzhe1.com/AddSetup.asp?id=137&localID=DD00013&isqq=3
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2960
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2960 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2716

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    14e46ecddef119108f6bd2fe62440e05

    SHA1

    fa6f52b2c4afa228a87b80f49df423987ccedda7

    SHA256

    f4450241d0a798cf29620ce1d264837b5bfeb43e1c7eed168b275d05654d5f39

    SHA512

    c4a7ba45fd1e61309227e6228144d5618f236fcd19c2e357a97eb2039f669e78852a61863e2cadc69ddf1b6fa31efca9e3c318d662097ad1f3b0dd793e939d3f

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    a5a198d7e5d87a60cfe8210216401e45

    SHA1

    4fde70f715e628c2c223c1ed4912ad98f92cd113

    SHA256

    72d96610ade6f8a29fed47d727b36d625635194634d81593787f8dc83d95d11d

    SHA512

    3ae900858e61264f16e4f4e62560af1509d743da11654b1d046f0a8fb1ce79c01be75c6df80d2fff5a8745c85b123025365a545e8e7fc12163ffa2ff52630a88

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    9c056c75fdf15f1daf11344f8e9f3afb

    SHA1

    d6af5d780447f371351b41125faca2bea860c9d4

    SHA256

    5d30e6d1016dc52c88ed9930e2f466d83821b7924ff40856fc0baaa09edda0bd

    SHA512

    83fefd9a0cf0e89b186e7ab54c38951c90b989f32c509c36cf57087ae46ef0f1d5406c67b76860d2e95f7872406e1927bb0df3c6227c97ebc353c86c0a2efde8

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    90b42d80343125256fc1614af10c2c85

    SHA1

    c75c543551ca670986d47fa50bc617a42365259f

    SHA256

    40f90dd59e9f6379aab0ab94c233ebe69514cc819ce8bf639ee40fcfbb87cd9e

    SHA512

    ef9e79f753776f61b8e3a50c9ace576c2085e62b1479174d5205539f76dd834d91e9d9b48706727fc04d70764f243ba82c3eeaef04301ed4186bcbd8af307df7

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    d23f51d441c071fd85d15b7ca9e634fd

    SHA1

    866abf5efabd022f90608df670f29d431911846e

    SHA256

    9b0ece0cd99200f3217e39474b665e853fa7bdda83b49171c327211b0f167e1e

    SHA512

    dc4c20d70558695555f516567c741f95a8d3eedc7839f1f701b5bd210a1c13db2e734032bd7d7f1cf1405c48de74b7bcf0c8e666adafee62c5d4b82b00fae4e0

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    d8f60e64299a0dde9f461c1a047c1eb8

    SHA1

    4e68a98e1d591db620705eedc97d2605c86170aa

    SHA256

    948fe4f9f7907fd083808f763493d2840dcc95a936d41a6b5580b53e88a54ddd

    SHA512

    c908b49744de15fa12f3ca54179671b707652758a26dffa5b2a461129589cd7d01a3083cf2f11ba0146c7ff3339220d0db6fbf7fc95cf9771fda64b3a4f64c96

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    df117d1555e3f811d1eca3248108b35e

    SHA1

    128e7b2fb6c83962208b0c284d67ef4934c04b9e

    SHA256

    88a2b21ddd35ed87960f81cd8ec5ed5189fbfb52e80e2219ff81b116b413c56c

    SHA512

    aab9418536466589b3a51857b9d5a846883bc58310187b09780b3781fffb6cdb1de123a2bce8f0da5b2f46851aa9353f29496322335e0ea2c67d1d063fdf1307

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    4ad2ebb5919c6dca9200e9de692e7a08

    SHA1

    53093e88e450ba237827e7d7742cd8602375e33f

    SHA256

    068a221da9d4aa01af40daf8d99e5b378f98dd6c0faee7dc27362021c25a7bb2

    SHA512

    8fd9be074eada32918175b64d4865e000bd0af0c37b7860a3fa5f595d54e00daf20e8daca3aedebf01a99c9a2e16f35a2c8ea831267a6153f285f76f06963ceb

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    5e6968ddc401d2b711b494ab1b05e7d9

    SHA1

    82948cd409655e3d460299e77049b2ec87eda34f

    SHA256

    a67ea87a8cae2104d3546125688b825a72d8c191b69a22ba61ef045f1c6a51cc

    SHA512

    439d8bba1df082033df7c6c1f0901c9edf8473814c8b797dd8bb0839f17276216fcb80598c320fc8c5f55d9165f2ff3835008887b9b68e01dc30def1f2f3ea84

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    347e5f74420c7fd0892694c23d85e037

    SHA1

    d2d4937de172d32cd468870b7ab30a2cab59506e

    SHA256

    871045106d605ebc9d7f152e97347f7dd6f9bc9bdeccbd1379b09b6aa37203c5

    SHA512

    796b2f2fa7d5dbe4eb1b6688276def9a3a267b81b16d71b2af4bc96836ba1a5a4a1fae8bb29b9b681554f048e518c3d6db1f427094866d1997b77b5d0ee20d78

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    061c50bbe74179d920148562a59c2c7c

    SHA1

    f1efd94235e18e32665758506e006c1f781e1a13

    SHA256

    e4a8dfdba7dd643fe9afe309f31153ef77ea32f220f82e8615107f73b8a35f14

    SHA512

    e33392a340a31d65218150a988c1802596cb090dd8426ebb216d4578c415da5bd404da5fa90d05176151ab26f6df0cffbca35fbee5d9980c16b740992d12761e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    2870c575d8c1674c39e7255a217bab4a

    SHA1

    29702371ec5a11904456f609c4d5f03c74775c48

    SHA256

    4f8b936dd6c4326f828d4e3662eef6f108a050b2586937264e62e8c0f87ed525

    SHA512

    98114e6afeed3fd86bc31afa91804516aff26b0bf82245fbbd8e30c69c9bb57503e2b9f94d63c8a316da6fd51f280e35e168a7c768bfe66213642062252ee6fd

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    d5a59f0dea4613411a8657c2ccaa27c3

    SHA1

    4eeeb5cac429353b9566df5ca8337d2b281374d7

    SHA256

    be159de383e46c53e4450bbe44022822fe0cbff6631d78368ca4d603b3882854

    SHA512

    b1de6f9a169992d55d9722b74a916d107f0a33201a0f826cddda4ef13ec823fbb64838f31f3d8927a455534b7c6522054932c97578b22b2e7aaed3ac50e1e83e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    1ef7e8ea4322dec456ae8eb5d88b0d14

    SHA1

    2c5d80f35983c25b966589d676510ed40fcf38d0

    SHA256

    41249f76c0d09262e7eba9dd4bd9823bafc17e1065f554c416dcd8724c568b29

    SHA512

    62f8c7b7253a704e5d9a64cf5f04668f2199bec60a7ab7178e81836a4f2e0d7821447b24b3ade1875b76b290a58c93f3b38bde1e523d464708eeeb6a2ca4cbd6

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    2c617f6e21fcc60cd846d2b04470ca62

    SHA1

    8a88f7aa4b5a27c1ce56dba787973bdad493922d

    SHA256

    bef66ce8c600eeca26674b6ac83ab081be08858306ea7a948088c62642e7bd9d

    SHA512

    f39a3f18eca7acb8930f4e8fe7c8b1559196a7afbb400e4eaa79e1b2cd93227d4ab09f34dbf17bf2240957d171bcbb49c259fbe76747e1b070bc2d9df5e84216

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    4c1c093560eb62ff6bb43292891e4439

    SHA1

    8022ff2d106cb8bf4fa4cb65bb6e2dda028d6573

    SHA256

    994ce4a30a8ba8ee3ed75253ef61ecc2b78a35e9f8a75e747baab28103988b02

    SHA512

    f1740e9584ef0cf46b6719faf8a5609ae08a4cbcaf9336d7f42f11469d48750ce4df95fefaa159f5e1436037d65eb59f27dbe93c8334ace8736dbcb2ffcee439

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    44f71b951790f280bcd1f45d0e32f6e5

    SHA1

    8232f7d2cc8f89ab5cf0b6917433e144f8ef7d42

    SHA256

    17e1466c77f4013393f91ad2c73438332cd8d3092bd69e3e32a2e3bda7b9de8c

    SHA512

    d7c1e7cc1c0a76effdfe6c1f620550ab7e9caaa193b0ae340b726e5e57d3d1f8c521df4b1b0276e9e3f5182497ae466c3b25a9afd40e3ba68830e0779e55b977

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    9e892a49a4b68270cc0a116cd3565881

    SHA1

    ab44dd7efabab5fe0c9ad16483f3b87c1286a44d

    SHA256

    ad3d60d67bfb4cf91116d9848291902ffabe481ec062447ae426126c640b3da6

    SHA512

    5d1930dd13ab2e017dc901fa03298bee5d894af08a5dba8f68212f7509c81c489e93d0c0a8bd3d8d5bfe1b21ffe43aa6eb5598acfdc4bdc36c802c2c4a268f92

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    85bce5261075b3a1faad2e29b643335a

    SHA1

    923678a461f7320bad247723854bc54b6975d850

    SHA256

    e4576165fe63b81e083ba0f36796751f2b6496f5f066387a9d7f6085011a9fc4

    SHA512

    91016aa18de15d6599ef855331079dbfe2f26a1d51db7f58af15aab7d362c5c50d21788ccaf1281571b427dcc54bc1458862b3c1d5cb8363f7b406f957686311

  • C:\Users\Admin\AppData\Local\Temp\Cab3A43.tmp

    Filesize

    67KB

    MD5

    2d3dcf90f6c99f47e7593ea250c9e749

    SHA1

    51be82be4a272669983313565b4940d4b1385237

    SHA256

    8714e7be9f9b6de26673d9d09bd4c9f41b1b27ae10b1d56a7ad83abd7430ebd4

    SHA512

    9c11dd7d448ffebe2167acde37be77d42175edacf5aaf6fb31d3bdfe6bb1f63f5fdbc9a0a2125ed9d5ce0529b6b548818c8021532e1ea6b324717cc9bec0aaa5

  • C:\Users\Admin\AppData\Local\Temp\Tar3B19.tmp

    Filesize

    160KB

    MD5

    7186ad693b8ad9444401bd9bcd2217c2

    SHA1

    5c28ca10a650f6026b0df4737078fa4197f3bac1

    SHA256

    9a71fa0cb44aa51412b16a0bf83a275977ba4e807d022f78364338b99b3a3eed

    SHA512

    135be0e6370fd057762c56149526f46bf6a62fb65ef5b3b26ae01fa07b4c4e37188e203bd3812f31e260ec5cccff5924633dd55ab17e9fa106479783c2fb212b

  • C:\Windows\svchosts.exe

    Filesize

    88KB

    MD5

    1168b89f120da9898cc71d3ab48bd768

    SHA1

    8963fdd65cbe1f786f0296b26f46f71897d12dc7

    SHA256

    986cd097aaa077dd2acf09937266c69a64fdf9e3b8d011ed7656b6f669a81112

    SHA512

    86ca04ea1726915231913534bc64650d32deaa729aec43f5a74509e1c1e438cda1ae124dd4088d1e4876e61386b94702e4512ec8ae7fa6615219596d1b8f3bed

  • memory/2432-402-0x0000000000400000-0x0000000000431000-memory.dmp

    Filesize

    196KB

  • memory/2432-12-0x0000000000400000-0x0000000000431000-memory.dmp

    Filesize

    196KB

  • memory/2432-21-0x00000000003F0000-0x00000000003F2000-memory.dmp

    Filesize

    8KB

  • memory/2940-0-0x0000000000400000-0x0000000000431000-memory.dmp

    Filesize

    196KB

  • memory/2940-1-0x0000000000400000-0x0000000000431000-memory.dmp

    Filesize

    196KB

  • memory/2940-11-0x0000000000230000-0x0000000000261000-memory.dmp

    Filesize

    196KB

  • memory/2940-20-0x0000000000400000-0x0000000000431000-memory.dmp

    Filesize

    196KB

  • memory/2960-15-0x00000000022D0000-0x00000000022E0000-memory.dmp

    Filesize

    64KB