Analysis
-
max time kernel
133s -
max time network
136s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
-
submitted
27-06-2024 19:54
General
-
Target
1751a43c98e70961ed9d4ef3ce4d9746_JaffaCakes118.exe
-
Size
250KB
-
MD5
1751a43c98e70961ed9d4ef3ce4d9746
-
SHA1
f17f5aad083cb5bb6eed5e70ac83abce9fb2bc77
-
SHA256
57a28990a11192cb3db3bd8d5ada2a40ab464b580ffa114e23d162e47dc7624c
-
SHA512
edcc40310de7f1d52d705c897dfd1154031f30fda26e72d776b1aef7e961ab001b02a290a8eedde6df0ec89fdcbce08c6e417626c6e4a8da9b3ea994875d2e5e
-
SSDEEP
6144:AhieuJDr5T8b2ufqBLjSB/MS7irtIa6cwoD8ZroSfjGFA:BeKrJJuf86AYcwoaoSbr
Malware Config
Signatures
-
Boot or Logon Autostart Execution: Active Setup 2 TTPs 1 IoCs
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Deletes itself 1 IoCs
-
UPX packed file 2 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
AutoIT Executable 1 IoCs
AutoIT scripts compiled to PE executables.
-
Drops file in Program Files directory 2 IoCs
-
Command and Scripting Interpreter: JavaScript 1 TTPs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies Internet Explorer settings 1 TTPs 36 IoCs
-
Modifies registry class 26 IoCs
-
Runs ping.exe 1 TTPs 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 13 IoCs
-
Suspicious use of FindShellTrayWindow 47 IoCs
-
Suspicious use of SendNotifyMessage 22 IoCs
-
Suspicious use of SetWindowsHookEx 4 IoCs
-
Suspicious use of WriteProcessMemory 20 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Users\Admin\AppData\Local\Temp\1751a43c98e70961ed9d4ef3ce4d9746_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\1751a43c98e70961ed9d4ef3ce4d9746_JaffaCakes118.exe"1⤵
- Drops file in Program Files directory
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Program Files\WinRAR\winrar.jse"2⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" http://www.go2000.com/?g83⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2856 CREDAT:275457 /prefetch:24⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ping -n 4 127.1>nul &del /q "C:\Users\Admin\AppData\Local\Temp\1751a43c98e70961ed9d4ef3ce4d9746_JaffaCakes118.exe"2⤵
- Deletes itself
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\PING.EXEping -n 4 127.13⤵
- Runs ping.exe
-
-
-
C:\Windows\explorer.exeexplorer.exe1⤵
- Boot or Logon Autostart Execution: Active Setup
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
11KB
MD59208c38b58c7c7114f3149591580b980
SHA18154bdee622a386894636b7db046744724c3fc2b
SHA256cb1b908e509020904b05dc6e4ec17d877d394eb60f6ec0d993ceba5839913a0c
SHA512a421c6afa6d25185ec52a8218bddf84537407fd2f6cabe38c1be814d97920cfff693a48b4f48eb30c98437cbbb8ad30ccd28c3b4b7c24379ef36ac361ddfdbf1
-
Filesize
342B
MD531749379c0656aa299a91052f7d0c5ce
SHA130b3e4e94639b67aed1611f390ed8168cbd511b2
SHA256dc0b844d6fa27cc2f6a3bd4b62f5c5e7e61aa33d57801085af53208649a77b91
SHA512d8f75c11f0ebd975682d371efe55d488124bb0a51cd31c0e566c93d6f06004a656668fffc1c755f14a595c1dc535c79c8bc8ada6b3b3c40cd3e210c71aed3252
-
Filesize
342B
MD5564651c659a36bb21d60c91112475810
SHA1b404e845180c41cf950297e2fca8dbe55443c234
SHA256e5b59ef0e0d91d5957fd8be4719a57289b4cb44be4169f5006597643b84a17bd
SHA51229026bb574f9a4a669f161c2228f5caf8e7528b2622b27be085c4821b9e5bd74faabc61646e1b803407a538497396b6837a0cc0938f885e473e95c06026ee1d5
-
Filesize
342B
MD5c97b214b5e5b7bdc2b045160eb3e829f
SHA1a4ccd4011c80bb462274404cf84c00f38873c1f9
SHA256fb293ec1b6d65bd996bc4ddb2589de5887073a88fc41d04a346ff9293a2f5cd1
SHA512142a7a741d0b092cd45ebee952428e772de39e1d3a4d0f314c6f1b29ff7f37bae009b4319979d94cb0936f93f813adb5b8b716b73c23b8ea09abddd857ab06f3
-
Filesize
342B
MD5b77344015d514f929b161636e2db425d
SHA10ed49bea2845480d4623db611a0be120b4656bc9
SHA256c4dd568d1cb05a4ff331746977a45ea900cc7d43cb73327566d71e6de3fa5608
SHA512d650347d12a75a410405951d585919550f682f29bf0aa19a6bda97e48bf2ba29b11f8ef61a3ee3fe49b1231f65fa5071ae4d6d6fa458fbc6541dd6c385e95d77
-
Filesize
342B
MD57a0d81b0f58efee6998796c9bdd05c32
SHA1206256c190fc502190b457e22ef727681de8955e
SHA25685a610bf04909f8a046b0786a88cbb711d82cc97e7380f8e1f40f9426f0dd2d5
SHA51276cbf775722c745ac5faf98aefc79b66861b940395b268cf8c83e849777b4600fd5fefe5279ac8ee5dfb8f18fe3cc1abdaf365ce1a8946b91f97ebb1d6c124b1
-
Filesize
342B
MD5e2dde20c1009fd9cb78a05568cba628d
SHA14e9f535f9abb2da58b2ecc2ab72198829969eb5a
SHA2563ff0a01a11cedb6a68d43f2cf1608b4614f8608eec6ff477f3dbe5dd654a77c2
SHA51217bdd2acf85588b58eb3e3b3e8551f5c833b910112dcc7aa2d5e5d96f17aac1b3731b67a4e4bb320e85d8a843407e55f5f1efc139d21d0dee22a48c252132f62
-
Filesize
342B
MD5721aa140623edfc9129d380c6b3391a1
SHA1145079b58e897f3dc0a918dff1cbdd45ec3f59ed
SHA256b91470c05a8817195ed60748c4e79132f8378db5189114b26f7767d7679f59a6
SHA5120d0046f0623089a3a88dcd7372716b4a86c0254021c15df0b1d59280abb6a2dcbe862c5737cd5b2ab9c0bdeb9809e8f7df10c7cfcbba460b3703dfb1f8ccfbb4
-
Filesize
342B
MD535c6af355a941fac1e4bcc51d8603a35
SHA1809058a2e007b0c5542a1c2372262a597b86f3b2
SHA256a04c40bcdc86b60f851f3ba0cf999147ad7db060cf9c834d9ab1695cbf159053
SHA512bc6b223f78fc27b1bbb68b279084942d9e1e6639a2ec81325c68a6cd399e4d386955254c352f9eef12a8d584c83677227311e01fd615053889910f2737220e88
-
Filesize
342B
MD51fe06d915ac1627b28f6c14a28370832
SHA16bd28a624f17c31e570fab09d32a020d085e186f
SHA25661a2c587b3436dd9beb7117d16a6eb6ca28e32a304a2d3985e1548eb6325926e
SHA51261551b59ded47eab8b47302a086aa756cfaaaf533bc8911c4636178290cdd0b79e6f6ffd09a0cae4a3efa31a034d67f6f4122f445d7a4011d5bd7ea426da0c86
-
Filesize
342B
MD5cbee2ebe89e378ba111a5ff4b48a41b6
SHA1e9a91cd1348873cc86935189c6151dfc314f9bf2
SHA2567c8d586b9b4c7009f1c89421dee8f2a6d26c588156f2fca6151efd4cb65b946a
SHA512d534fb576bdf29be4ab2c3d948c20f04a407f9050afc02c5d3b049a98604c150baed4139c44ca198a155a6b90b26cf22a36609c7c280995d5676fc5f2dabea56
-
Filesize
342B
MD548e05fdd878e8ebf4cd4f481a14a9ceb
SHA17a3a539a287e95ea163a9e2c4543f65f238efdac
SHA256010ebbb8904fe0ad557bd2c622d59d624de53016bf4111a850fafc5f7cab59eb
SHA512fecdb60f670dce00cba13be07dd963270b1a902f2995c5090f389fda5cb73442e2e4d0cf03ceb22b794440298f0a8c8e0b337704bc883747b030480da487436c
-
Filesize
342B
MD57ba3dd8bc55a92165d14960ae8557ecf
SHA114ca9d074f2ea8a5e7c638cea9a1ac1b4b8f97d4
SHA256ba11fe28f2b71385a8850c38542548b059eca2a79eeec9146a310fc64dcdd8a2
SHA512c7629587e1020ffd271ef1d1c6d55fb0f6f6cd655eb655c57b6abe7462cb41f3c855b9130492edf7c1c30f66282973ee4b8224c308b4fa7219eaea53287d2341
-
Filesize
342B
MD5c3dce6443792425801d6e59fc6b67e97
SHA13dc66dc726efdea532fc33b8acbb531b57c455fc
SHA25608ecd159f47c2b7e510624b8535bf8ae6030b2f0452979e00e08fec36c94017f
SHA512ae27d01954479eb54ad72bab2123ad38016bdfa316babb5cc7a6a1c44be462dc039511b7eb7c30c5a4e93812ce0feb832fd69e1c0514090921a30603d1bfc935
-
Filesize
342B
MD549fd757f9645b890329e7a94701111c5
SHA1ebd585068e8e487aade9f6d1740afbe0c894a937
SHA2562ef99c06112e844a09f5e6749e36db7c87e774dff23a957aaffba7c17e33decc
SHA5126e1d3d1071cf2046d9da7bfdd2e5f89dba4d64a11828197dcf4aff8642a33d29d21b8cd9faff0460df0bf710c921f8b8322583c3771749007038eb028bfa83e7
-
Filesize
342B
MD53dcd558d290411c316c37d39c739f4f2
SHA114d27950afaa42ee4135c2e3b2f96b74090a1ef8
SHA256d59fef5e121d806b73b4377d69e44d1b9e4ef98a9cb23a8f6734dd259b536328
SHA512854237b2ea5350db1f5627d2a79301d387d20c1e1069151d0b212373821e4177475759cb8c1cc9dcf02a03d1c4641e50a84eb7bddc938e2eac57f3913ba71ffb
-
Filesize
342B
MD528a0a337fe2e004775da629d8f9ff9e6
SHA1aabba2756cff807a2796c4d65d43feb76c05efe3
SHA256f68696968c7a0f17c78d56c640bdba7f01375fa565abe81d1a9458bdb9406702
SHA5128bd0edac3f86a5022466db047a26c7c9bd146afdfbb596484fb50c0ff2f2c935a313a1b24909100f5c379f29cafe41f9fb529e87a0ac9f4ac8ab0908f3584fb1
-
Filesize
342B
MD5152b4f5d4a03f819d07a8b33e9bbb89a
SHA13ed76e87eb8fe5f12989c87761082582b831c788
SHA25651337564f38e4050f5b7c54486bf26a7a76c0de50ce2a49d9c01f81a51b9f331
SHA51267b41e2d62835a9f59898c000a50ff337a375c8b2f511847c1958e974fe4a2aa477de5a3500c6dd627ab14fbb92421a6760342fe47e7d028f2903edbbebab184
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b
-
Filesize
255B
MD5a0c4d2f989198272c1e2593e65c9c6cb
SHA10fa5cf2c05483bb89b611e0de9db674e9d53389c
SHA256f3170aeec265cc49ff0f5dcb7ed7897371b0f7d1321f823f53b9b0e3a30e1d23
SHA512209798b5b153283bea29974c1433fe8b6c14f2a54e57237d021ecc1013b8dc6931dedcc2fe173d121c719901045fdf2215177ba164c05d703f2e88a196252ec4
-
Filesize
149B
MD5b0ad7e59754e8d953129437b08846b5f
SHA19ed0ae9bc497b3aa65aed2130d068c4c1c70d87a
SHA256cf80455e97e3fede569ea275fa701c0f185eeba64f695286647afe56d29e2c37
SHA51253e6ce64ad4e9f5696de92a32f65d06dbd459fd12256481706d7e6d677a14c15238e5351f97d2eb7bfb129a0d39f2603c4d14305a86821ed56e9face0bc252b6
-
Filesize
64KB
-
Filesize
708KB
-
Filesize
708KB