Analysis

  • max time kernel
    148s
  • max time network
    148s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    01-07-2024 17:33

General

  • Target

    1be479a4903a03ee7bc3bc12796c7cdd_JaffaCakes118.exe

  • Size

    64KB

  • MD5

    1be479a4903a03ee7bc3bc12796c7cdd

  • SHA1

    9c1b453e69d8a64ad790306e6424fbc4bf80a6ed

  • SHA256

    a7e43adb100e95600ee2eb98757728cb9fb2cf2e4107c3ec4b0a1cba9b5636a4

  • SHA512

    7ce57e504feadc0860156830df0c035bd49a9ae261fa8fbe17126dd09ed07257277eff476cb0a5d03429dade873522b6ba8c6e19203800e3ab1a8dca8b748733

  • SSDEEP

    768:ECpqFQuwuL+9WiMOfP6gR0z96A0716ezPTt24jtVjhzJDGbFF8E0yyLvwvuXs8x:TpqFQqHJOfPZTAATnV1DIgyyLYvulx

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1be479a4903a03ee7bc3bc12796c7cdd_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\1be479a4903a03ee7bc3bc12796c7cdd_JaffaCakes118.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2012
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.marsegseguros.com.br/
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1732
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1732 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2488

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    891d2a50dbe9440a21eea919afb638c5

    SHA1

    be74c4cd120161b44f8a053ca435fa5d3bb31d36

    SHA256

    4d755e1a6fd2513c3909c1a08532703c22ab1b3cf46c82f0d789a3033c4d4939

    SHA512

    81794cbfd3c257066289e20d14ef107e16c4a47cf6b06c2c0f24387c021570972866540fc0967fa9e58042bbee1853e0436d954e2ecdc86b06a24bc3da2ad6e7

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    b10e73c5f5a85e4783287e479c3f4426

    SHA1

    98dcfda659c71462026659074a34f815a8cfa8ce

    SHA256

    ed8ba6657dfaeff932979286ce3bf466d46f9f7774e0a744db57c9a94aeb30a0

    SHA512

    cb9371ebf9d7a465abc362216b62206a45152494066be75f226c90fc60e946d213d26e3976135ae46b29e0148bae31e18a2e23bb37a371783f679a3fa615f597

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    0d0ca77eb2a73c6a590409fa0dd93a38

    SHA1

    7d2768d7b8445ed039a9cd87e4004f7cfae36f41

    SHA256

    6e7c81814180266ae0ac2a7b5cfcf0ff677c8bf47aa29c1272b9a3c57ce651b4

    SHA512

    559eef7854f36d1a15bd6933f612f147a7655cc8fb0fe77ca05e3fbcb77cc39347da40176f0810b3d1a7478279e013e9d4be2bd383db61239ec4babb04a92aac

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    c5f439e249d43ccd7b279200aee39b77

    SHA1

    e78668bebbd25b8b9a715762ef5f6d3773389496

    SHA256

    5e4f263787babeb736b48d30c737e725d1dfd3b22e0e5c7149666b80b78dca97

    SHA512

    a60eae1e132382acf084cdd13885f5d7d26b5cbacf75dccf86eab28b87f56e5b99aa0cbca68618ae30aae4f74ac5031d07b00824b10aa71502309c2a71a8a074

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    72d35bdc888a09cfa58822ff3184d324

    SHA1

    f02a5f611247cf0ad0dd96d910fba46a099c88f0

    SHA256

    81dc510047da4b469e891915e2926480b6afc9e51a79037db57475227ce7811b

    SHA512

    6c4aac61535a719a0da6eef3f4eac0171148c33a6e5211439a985dcb74b4bd4488be69265c538686090a83ebaf22e3efabdc1ebf9a3ad7cf3ca5d2b387771705

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    e20380f7641a2ada3173579596e6d3fc

    SHA1

    cb195420c7f0bffa991e6a00f0fbe8c429285959

    SHA256

    c779ec9d6bb846cc559f55343ea38678393beb411f157f253320a86b10ab37b7

    SHA512

    7de45154a6e291431df139eea989756ff5a41573870dda63390d68cc06bff449aba0116a9d5243b058d6dae8082ae3e2ac006e8ddb62917051ed2c08848d8e50

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    b07fbb0364a4089f2d43134e960e738d

    SHA1

    cec2c4a4cb988190d5784e7a10c39dd401f07ee7

    SHA256

    3df233926a07b5f15a6845b58880bd9bcb15fb827f5e1b3a0f58744a374730ba

    SHA512

    82e61eb409fb3c97ab6befca96e9a775819476936313bd8d812bea353949bd14b204b1a19d590c23fc5737e0d6a13e0ba000de248a9b54bfa0db99295bcd8d02

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    d0b6dd0ed91751885c539ead3e7dcfad

    SHA1

    78462cb13517d64548ef463bfabba160a0165f38

    SHA256

    f4ba55e34d436b2522367f560c39709a741e16c19afb29f0fb715bf6b9250223

    SHA512

    86a90e6bb4c3aecad856a92175eb440433f9115b85bdb9a791373d9065e75185e8848ebbe9dd985c7decae88e74062031abc064a4f647d80238afd63e65685d0

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    dd054c5bfcc3990feb38e376247c890b

    SHA1

    16ad4bc75e5970460ed5e636cc996978da7e4a5c

    SHA256

    cfc2ff8b645fb4d0bed341fd0723dc36f1957ce2a87c668539ed59e061f1b4e8

    SHA512

    80b5a1813921b551c6c990861eeafbafc37dfae475ee1afc2e2c7f90515701439d6b99d676c98671e91647c9b24493e9e7e2c049355ac50dbbd79cc222829a25

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    7bec9db7e322e0513a705a4a05dca954

    SHA1

    e1b351f781f56eccb7a30ce1561bdd106110aa37

    SHA256

    848171a3c97f5f5d388018d09c73213be4cccbc82da70a041b24219d45405333

    SHA512

    3e5fe94c6e67bbae575da9a3c494fc60d3dac905b965d5feeccb3fec53d12cd463aa6ac0f7cc3a8c18391d292c75703015f0294e4b77791da83ab7bba5507215

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    790c5c1457609874d1c1c342e0a5e981

    SHA1

    c423112d01e495edaee4a02b00e7aff91465e3a8

    SHA256

    290b67a49aed1c3b50abc8327600318ac27c7a38ca95e2f04b857606c4feb167

    SHA512

    63f5ee0b1d996120bcb4b32e06ee2fe356066326dd981be35379774829d91155612c164ca56348339504d7fceafa5fc747ea52a656b827e4954347b4f5d22a2b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    d39e81ecb0a2585c81e3ed90b97883b5

    SHA1

    e7184c80329e93f0cf0253f8cda3b477f106ee1e

    SHA256

    38a41e728680b8e12d7fa5e91e1869eb0a6192304ab37201ed7ed6d0ecffc491

    SHA512

    1e36a818d4b7a3b60bd5195503afa0cbf7f115fe41ba2915daa26fe6f0b71915812933255cf4ba1e7b87653267647288c4eafaa4dd5ecc6612d6c19c86ca73af

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    43a2f053cd9fa00e78f342fcf04abe27

    SHA1

    a94a43ef61e11c4c80c6d8a016a9fc2d2b806190

    SHA256

    cdbd9e0507f2ea3cf831ee34a5091971b4bc4b5bd5e137b3eb4e7e30252cd0c6

    SHA512

    d1669374abfbc6baf0bbf93643a304341db809483c57b537f053d73a9374ef03f06b034e66d8756ba7d001bba5fd007d6135069e6b4d059838f6782d363f110c

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    73e5c2b5fdfb65dee7966a966816d65b

    SHA1

    c892bfbb3748728e67906a3233613d1e9a949212

    SHA256

    17f6dd3688d2a1bfe75bbe295c821f56b5183aeba6e5c7967b3d99a17e8af7e2

    SHA512

    ef78196e438731d075a572e6423b65fd188bd87f18028e5417633957e91e16f084b786e4b8e17c47137c111e088341014f57e2bce86775ea29952f1410941df5

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    34892ebbcd72d495a321311fe38c27e0

    SHA1

    2e47e4819c512503a44081838c135ffecd37a546

    SHA256

    53ff61f5e7a22560f4fabc6ddec749620fd18e9ae88e500c44d24822535b33d8

    SHA512

    55bd1c90a00e6e40739f1efb665830fe0c043bc8b33232babd422afa1bb232bbc3891db012c9a17b295a5b598e8363c7a03af0bbaf1067f6d9887537e8d576a9

  • C:\Users\Admin\AppData\Local\Temp\Cab3B2D.tmp

    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

  • C:\Users\Admin\AppData\Local\Temp\Tar3F6B.tmp

    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

  • memory/2012-480-0x0000000000400000-0x0000000000417000-memory.dmp

    Filesize

    92KB

  • memory/2012-478-0x0000000000400000-0x0000000000417000-memory.dmp

    Filesize

    92KB