Analysis

  • max time kernel
    136s
  • max time network
    130s
  • platform
    windows7_x64
  • resource
    win7-20240611-en
  • resource tags

    arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
  • submitted
    04-07-2024 22:47

General

  • Target

    268367975a460b790b9711e4b2257bf3_JaffaCakes118.exe

  • Size

    104KB

  • MD5

    268367975a460b790b9711e4b2257bf3

  • SHA1

    f231b21729f766d7e94c846111f42e030b658641

  • SHA256

    235628a202d69369b836b3fd34f951a2030c46379d6d91bc9e7a4a9413089f5f

  • SHA512

    39b1b7a0fcd447b9977841865be57de642fece15b07d83a0e8f5d0c5419250c9ab84c9a2180375f8ed6a7da2f6b9b7186803e999463b779b03497d462d55b78f

  • SSDEEP

    3072:tL5FLClZmzePVeO1cmmQFg+G4pnSvhWfPdi9X3kua:R5Fe7mz88DrQFg+9SvhWfP+I

Malware Config

Signatures

  • Windows security bypass 2 TTPs 3 IoCs
  • Deletes itself 1 IoCs
  • Windows security modification 2 TTPs 3 IoCs
  • Installs/modifies Browser Helper Object 2 TTPs 2 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

  • Drops file in Windows directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Control Panel 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
  • Modifies registry class 60 IoCs
  • Runs net.exe
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 27 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\268367975a460b790b9711e4b2257bf3_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\268367975a460b790b9711e4b2257bf3_JaffaCakes118.exe"
    1⤵
    • Windows security bypass
    • Windows security modification
    • Drops file in Windows directory
    • Modifies Control Panel
    • Suspicious use of WriteProcessMemory
    PID:1812
    • C:\Windows\SysWOW64\regsvr32.exe
      C:\Windows\system32\regsvr32.exe /s C:\Windows\ieocx.dll
      2⤵
      • Installs/modifies Browser Helper Object
      • Modifies registry class
      PID:2292
    • C:\Windows\SysWOW64\net.exe
      C:\Windows\system32\net.exe stop "Security Center"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:3056
      • C:\Windows\SysWOW64\net1.exe
        C:\Windows\system32\net1 stop "Security Center"
        3⤵
          PID:2076
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://loyal-porno.com/videosz.php
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2716
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2716 CREDAT:275457 /prefetch:2
          3⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2672
      • C:\Windows\SysWOW64\cmd.exe
        cmd /c ""C:\Users\Admin\AppData\Roaming\asd.bat" "
        2⤵
        • Deletes itself
        PID:1792

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      9023c19a6b8f86f2a2685752b443ff71

      SHA1

      6d600a1fce1f956a6c9deb642883c06821929f45

      SHA256

      4aef47da9625f29b29c5666c26305a15e3c69897becc370c5aeab6aaadf2c116

      SHA512

      aba60b3fb28ba503d82756857b4df1842a919dc22c8721087a7d82529f00cf128c20b413c2c97f75b51e5e09be84fb002d45c51f6b5ed98cc367ab9c8afffd1a

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      7856e4a81d8dcd6c554231a6558e36b1

      SHA1

      acbaaa49f8417772f416673e5f850c6238455682

      SHA256

      c9c0bc8be1f363177f09c89847cbc9ae48f7c68a7391b15d37fb69c4b6982c50

      SHA512

      15c3e873d6fe3e66ad4d2ffe4f3a289364761b2b893b804126389717d26c9080062262f83212664632da1c92a86626712806d2a349f85f8a7295987f38cbf1ac

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      01491c56f4fbaba743b160b88f494c19

      SHA1

      d831029dfe264c6b246b4a26267d47fa048fabb1

      SHA256

      00b5e5e54d7ffabacaf9dc426c2aeb632bf1efdc29d9c7f58c8b68962247a5f4

      SHA512

      6f49057b4a14d1bf135175d056afee0732b1d9e6c9e4348a06f2b76ff447a7fb749efde6bebb8c62ab0c18d2aa144a890b5cd3765967180d4b8c333457eaccf6

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      8e3a6aa2de1f01ce19ec511fcc111617

      SHA1

      16c0eefb253f8687eca090fe534c535f6db23213

      SHA256

      8af5230a1dfa4f7e0bcd7adebc0035fbedf02fa8ca7f7d719604ed189fc4bde4

      SHA512

      264376dcf79db204a92d694e4be155816e853098fbf8a8a38e0811978e0762f0727ba345af71df7bbdc5b2593ed7dd4e1486499e5672694a22742d0ad6697473

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      c53034aaa1409ab682cd8537b35d9895

      SHA1

      31e214819a36d88a752bd24cb9939ffab9401c10

      SHA256

      c15b4ca1ddeee78a344bc9a8abd4db70cbe88650a2877fc56168734da144807d

      SHA512

      ad246e1ff6f9b6ebbdae7dde948164aa2cbc42337d64746ad8a2121a100dde1a336eb13902e717840020b74e6a30453634ffdbc43833e45ffec429fd0e627f59

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      b9921445afaedf332416e324f493fedf

      SHA1

      d31417ee5656ed7af5f10320f9b428823de5815c

      SHA256

      cf14a50688f0e8156cfcd1523048541261aad8a9b37b7ec261560f66b221b213

      SHA512

      27c7be2b1e72e723338f513f5d8dd48f0c3335bef35e575bfd8f7b1b202230ef41557c495381ec0a822cf81b595fb12cf2787c22285c8542c02b17078815dd06

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      64882544f4aa92f8a20a46fcd9e3f305

      SHA1

      15b96929533a2825b79ba81f4d5ee1260d74f46e

      SHA256

      08d17c4fb742be1d167709b81bca10adb5473a800bb8253c0f529eaff8362006

      SHA512

      66fe3b2dbfd8a258c7365aa2ed27f2cc02daae38651fba60fc76ae3beee8469313b91c06d3ca1ccd3958873fc4c918a63d1535bccce2c450717b877da866094f

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      bc28907788ac62939d9337521f0fe36f

      SHA1

      5e003e41c934ca377761a35452f861f94dc9a33c

      SHA256

      56ffcee82f6bf3fc50d7a8125bb440f7e233290e921e7a462c4ac717c29d4880

      SHA512

      d4ee04fd5bedf69396651bfcbe561dcf3de7ed07852f1ec96d0998f0df37e006db5b0b51342383b8b0630115e1e0b4539cce1b95b9242110d4d673c1aaf48c6a

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      daad40670643b7e3fd8dd2e56e0528ff

      SHA1

      1639c7a787c9a977627a413b7e90fc98b5ba07fd

      SHA256

      2727663f9d72f2d65144091fd50ce2012e44f67cfc935965f7c1cbad8eca579d

      SHA512

      5e78f0da4e2261d69b74acdaae7bd40d6b4df0a7750acbea373925d94a5ca03795148cc7aef53a37fa2bfc0c5fab309d44cd227dc55be554c7bb7636afa5b571

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      f93d66e4267e9886b25a6f4479401f21

      SHA1

      aa5e7edfffb98a2c974ddd2861b70012579f66a7

      SHA256

      b8118f54e47cb00489ab2e276d7dbbb04f0ba89cb9d98255ad900b3354f0acf3

      SHA512

      3e2177e3aac2a69a3fd72000015a5ecfd3f725f8634a1fcb77efedc46b5dc3732c70409f9e53af939c306430e2eb8cb0c2b0b1c48031fc7a428bbf6a268f269f

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      68f4a8e17bd4cd9aaf0310af87271a18

      SHA1

      130733bfa780318a4bcb33d818cb5ae05ba59479

      SHA256

      41dd90ea954db96150a86fc5b5966c1b1cdbfe06a7b4f7022af7b1d127e76f58

      SHA512

      a6c54bd0e54a858b6c34ebac4b1c0fe3345aea29755975217ec6d2b374165aebaa028e5b8813e6d40d978e4e75c77e4027d51729376b4a0305308c2e6788aea3

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      772cd7b4132c190c47a65b2a4bc79773

      SHA1

      0555bf2ddf839e1b24dac0ceaf092bc3c835c422

      SHA256

      00f618bb2628a952c27e955eb7a50de1b1a4a50504009725c901fe387b1ee240

      SHA512

      67f8d4a56f198b1289c2254d4db8c0aa23e06665f66079fec76b0d83a43f285f47d0fa5835a7210230dccc61f29db9bd84da9ec1324ef665660555dc79fdca79

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      b97bf8c95fbe300b4678672f33e962b2

      SHA1

      44876577e554be5502d818b22de090da2e34245f

      SHA256

      de2fe132bc24d4b2091be44d2e5e269985ebbe4e00d536b079701174a7b3adaf

      SHA512

      f7bc9c5f3409e25f4d14af887d8d17aea5d47982da45e15a535316aa2f0ce5a04246ae8e61b0e25cd736f425636e1acd413e873a3b0e7f0dde3fb92c5041cc1a

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      b24b01585fd940ecfb8bc7be6da5f978

      SHA1

      c05853da1afc7e6a96e27016e728208f75dc1b92

      SHA256

      43a3e6f7678e5f179553feba649181fdd7167a7d4e860006e0e12e7454a1db71

      SHA512

      7181a412e6910ec0aa89af32b50f1b7242f0d9c76c5b2cbe6b320c9e4d360efc537cd45fb4fefc500969764797f0244b4693e6d8536f4c62a13dbd0794473e1d

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      e295ceb067266074485362702ff66be3

      SHA1

      e524e789b81fab006fb1ba44829f4d99b0e25910

      SHA256

      4c149af10a67620c0b4c4bf04131d452e541c123bb46fd67dbed1fc31d33cc44

      SHA512

      bac0278673360f002e9fbf56b8821cfad250e75274d2fc5dd3e41888fc489b50892105c612ad0200dfe813ac94ef3eb09800304a503a6cfa3537a3bcaac27bf1

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      2126ce3ae69a6f07e774544a93d8aa51

      SHA1

      f60cffac8ae7aeed9be9a8879aa874095a49fdee

      SHA256

      6965f44f47ade42fdd6803893f091fde1f3d4b85c019ee7477231a94abf98794

      SHA512

      01d80c09c2bd685e4e529e8630107fb576f6da5b0ef9cdaed273618329b29ff8a6e3c5aa9c914bbd96c05f76fd01c3b7a924e98b546e8cb2ed0d1a7bcf63b232

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      59be8ec109ea3776e91b6ef1708c7b90

      SHA1

      4fd65b6acc7205ef3aff1a9e674513252ee1739f

      SHA256

      d6c78acf2756f2d8181b135d3e587e09cb3b98d943ffb585c495c99141e5c7cb

      SHA512

      7b32270b9b8c8a532a078991c4a468a173932b7a1ed992bbbb144d30436350481951a1ca47d1dc95a2f4a3742a5dabd5c344e4ab89bd5875fe766fd7647cd14b

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      2fc28bc0d5de49171e0fda3c10a80913

      SHA1

      3ca4bd164d0ccca0cee66ee49dd420d619087ff9

      SHA256

      016e37d414aa460c3aa7a4cb7ca024c238452ac9469868364c525a461ea9ae18

      SHA512

      17e1bc9ec93f8d8632d5ae637198783d41cc304f2530d92c93ab86af4e32e1136bd3c96d6c881c09f52acfb6489647416a9b3bcb9c7e132c7356ae7b98696ec1

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      4542a6b053babc03f460d40f9bd602f6

      SHA1

      d26461f4f3dfb1b8858c074658487a8a14ae1731

      SHA256

      f42cbd61bc96da153fdfb35c888be1d83ad94d15da66b9b31810a64c8943f556

      SHA512

      007f2d53e53ed5345ba3a9cb2a2aa0dea2a0907f7f177d3c4d1c345800b97b59cbc44c8eaf1432c6d67c689dfdb8baead7ee2d220028ad2dc4896ef83e22bebd

    • C:\Users\Admin\AppData\Local\Temp\Cab3AC0.tmp

      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    • C:\Users\Admin\AppData\Local\Temp\Tar3B90.tmp

      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    • C:\Users\Admin\AppData\Roaming\asd.bat

      Filesize

      256B

      MD5

      2afc94d55767da9af38431cac401f3f3

      SHA1

      e04d2b78e5bc100d9dff922774457039f0f113b5

      SHA256

      84805c6b91df3841b3d676f97adeb611d43199a69f1b7b68c890608e697d34a5

      SHA512

      a74c39ee7f9c0e8a4c1a97b8c398935ddd69cfd173a9d74421b015105671f767bcc62b8bc8849b5964ba8e6e8b2bd2a7276fb39ac688547142500ee0ff6a707f

    • C:\Windows\ieocx.dll

      Filesize

      27KB

      MD5

      ef09200d176f64c9effcd6d71ef090cf

      SHA1

      19647fa778246ff860bd4ac2a74185d1429c1d6b

      SHA256

      ac3bf5cf4b459c932cdf15f79816aca14445bfb1477ea4ce58be8d8dec4ab886

      SHA512

      331b71bbc9fa5ba76d0bcbe2cf44a5443c73f8800701f9e9f2734c62e5755c366e0d05a7b5b239bede7dec2f260ca239f018bcf0b41a2ed2471096d5bcd744c2

    • memory/1812-450-0x0000000000401000-0x0000000000404000-memory.dmp

      Filesize

      12KB

    • memory/1812-1-0x0000000000400000-0x000000000042A000-memory.dmp

      Filesize

      168KB

    • memory/1812-0-0x0000000000401000-0x0000000000404000-memory.dmp

      Filesize

      12KB

    • memory/1812-3-0x0000000000400000-0x000000000042A000-memory.dmp

      Filesize

      168KB

    • memory/1812-449-0x0000000000400000-0x000000000042A000-memory.dmp

      Filesize

      168KB

    • memory/1812-12-0x0000000000400000-0x000000000042A000-memory.dmp

      Filesize

      168KB

    • memory/2292-7-0x0000000010002000-0x0000000010004000-memory.dmp

      Filesize

      8KB

    • memory/2292-6-0x00000000000C0000-0x00000000000C6000-memory.dmp

      Filesize

      24KB

    • memory/2292-5-0x0000000010000000-0x000000001000A000-memory.dmp

      Filesize

      40KB