Overview

overview

3

Static

static

3

293dd9fbf3...18.exe

windows7-x64

3

293dd9fbf3...18.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    129s
  • max time network
    131s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    06-07-2024 18:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    293dd9fbf3424a5882721cc611e0f903_JaffaCakes118.exe

  • Size

    64KB

  • MD5

    293dd9fbf3424a5882721cc611e0f903

  • SHA1

    536b2f5cd8adb75bd596ff81f970353ae87deb61

  • SHA256

    5266b1005295bd1b35ac4bd52561903af2867b73eb97584968bf0c5231f95c19

  • SHA512

    e964baac0ee0f58640f371d02bebd4d1773e4a113523b80fab8461ae13f3a6a5c307d2c0a1767e98bdc649e508d6aeea7048e492a413e7cb0ce2d47b9af670e8

  • SSDEEP

    768:yz2tc9UCb2ijmgGNGv4AyG9KV2Xm9pHxJ9K8ra9gELN4tc3uH:C2teVX34aUJvSxN4tUu

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 35 IoCs
    adwarespyware
  • Modifies registry class 34 IoCs
  • Runs .reg file with regedit 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 9 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\293dd9fbf3424a5882721cc611e0f903_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\293dd9fbf3424a5882721cc611e0f903_JaffaCakes118.exe"
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2760
    • C:\Windows\SysWOW64\regedit.exe
      regedit /s C:\Users\Admin\AppData\Local\Temp\go.reg
      2⤵
      • Modifies registry class
      • Runs .reg file with regedit
      PID:2928
    • C:\Windows\SysWOW64\wscript.exe
      wscript.exe C:\Users\Admin\AppData\Local\Temp\go.vbs
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2264
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://www.gupiao1.info/index.htm?bbtbb
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2976
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2976 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:1504

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    778eb6152fe1f6bc23a051304573dcdf

    SHA1

    086e0d8830451a9de69e7c76771d821c791d29ae

    SHA256

    ea4caf90fc9b5476a35ba27575123cef4a51fe4006f315d9e0939a0d514be6e3

    SHA512

    49c8162098d207a50d6238d60a3eedd1e2d085d78b1d0825c59646ba861fc3c6a1fc1d02f157f8190ca33443c6c2e6715fd241c6771f896d1a1401491eea2401

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d2c3c1cc672b8db1201b7aa7811ee9a1

    SHA1

    8f96962b6564e6ed3003d81773793f45175402ee

    SHA256

    015af2363cd8f95e10827a86f8ef6fe5ce972613bdf7dac24cde6b7b0b0f5ce6

    SHA512

    e9a1ab1f3c56972bb8b9e307f7056bc5554c2fcd17dc2a51cce130b870d0e5cfa264a43d2350d5d00ea1a49b34ffbae633742f2682915b0eacff424aacfb8f23

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7762b571968f36549ef2b058ed7ed246

    SHA1

    f2d7dc24293526d8ae6b0aad16c61c152424ea92

    SHA256

    c6fb0eb4247e0cfd67e1eb36d6450bb47b58cc7224c6891a209865a0bfffbb2e

    SHA512

    6d552a05ac0678b1742c1d5888fef398c341daa753a6707504023242ef6acecc51a9daafaf7b9700580accd7e745ca7d5835d986654be6051a2d89f0c876ad37

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    420154eb80c17197482c419922a0445a

    SHA1

    cb4a7421121fe690408e9327f12a08b8e6f8c799

    SHA256

    6ac0520e4d43626298209bb7c835952f76ee7302ad1b4848206cf0e0c1f197bd

    SHA512

    740d4387e12d55cf67a6501bded0e912a651ddd110bbc437354efd5f3506f5bb1def2e8e3f9255bda79fdeb461ecc500d5628a967a842e427e2b6c952b0d0754

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c6723ec3380aa4f0e7c7350481672ab9

    SHA1

    dc5c7f9cf72ea3b223cce9506d9d4d143cafac7c

    SHA256

    926009918d4ae53cb044c39665d93918b769eff9622e39bdaba58cb3e1afb33f

    SHA512

    cd99805599bee26ad01936514df40d4cb26316bdbd9428205f76689ad70775aafd04308a2a586f13b1ccd28e94173f0aa58fd5883aecda35ef14d58b96af1a59

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    27db55fcb5ac19fa1ab44af31662b6b9

    SHA1

    d6e5cce014d0771bf062bb1398bfa87911d7d7a3

    SHA256

    5b38b900f5f280e94e80435eaf596a852fb0deeefc7a1db90a44321116600db4

    SHA512

    403de1ade6050698d39d68bab6a6463551c35e17858b91e2a03898d959de138b76ec1999b8f27c17896dfa3cdf19353f3053819c1173c92c2065c9ceed23cc4a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c2733a9b3df294f65a87fb1935c86304

    SHA1

    d45c0acaca6d78b2bd813f0a83a753f1d6ef1c2d

    SHA256

    1aeefcf3d756bd2a84f6dc5f798aa8ebbbbc8e974425aa6123ed0ac0884937d0

    SHA512

    54286329e4faacaeb7170a7d5f7c9d34f3e04eea818a2d573b7eed71098dd0cc8f7ed12320079c0931550d67ab5f2f5e4958184a3f1900a9ffc1d9ea42938117

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    67f0c878c5f1ec6e56827a9bdc4004cb

    SHA1

    cc5078ab5295eb2a8ee1ff51df8a9ba588e870da

    SHA256

    9a01886baf6ef96227a32a18c6d7f3a99b9b337f72e54d3d5a44958281445035

    SHA512

    895fa9f2619a21f0624abc0260de194e523ff3dc6a264382f875dc70b24deecbcc6bd170e23ce08b5835d326176cb84fb0ba0938cb134c6ee01f05714152f0f5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d4262df02c038adbb45d9adb16e46acc

    SHA1

    f40061e14e76f332b25bb18e1c8f4f05fafe49a8

    SHA256

    dc82f0bc442b17c330c85140f2794bfebdcc46cb46c85e8d82ba402ed7f90fb5

    SHA512

    f682a4dece33c86da98449b5782a9961c381f50fe9e45f101f426674c4d27a8d338902dd2d350966b1542a3a97b9f8c865e1fd0ff31e9ef8f4db413c6204e6a3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    274af2a3ce247071171e50182608d468

    SHA1

    ce1b06410d325e29f6b5c3965dd6445d47548a44

    SHA256

    57707ec0285de2e4fd14c88d7dafdc848f35540f5c13ff4eaf499c77d1f45e1e

    SHA512

    df5d5fb7c4c6d5c5ade9ff6c1a01f6dded3300b9c8c61a0d9c0e3f7eb3f792d353e89dab5678b057a4ddb43c9c3f4d16f8186bdd568f16497db0542d5b050f57

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    73b56988fcf6d9013fb6c6e40ea5d9bd

    SHA1

    b4ae52a0f1980205d8bc21ec43fdedc77e974d38

    SHA256

    d2f7a816d348ca3fe7e2b9657d5b058ab6744649a602e66606d1a20ead59d87a

    SHA512

    2faea4ac077935b91d2d5c633fd251a0c40d2e6096d9424963bffcfe711b643a9129b971c1c94d53a07f3fd686eef3a0a5a5bd0311afb26dc7000a3b9b3d2b8a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ff678a18257df8421c8d9e1c4a697f7b

    SHA1

    d2fe1c6fcb2c3496912330c93e8374073bcff6d5

    SHA256

    16ec1a24c7a5a5d269c045a104d24b2a50a171f19c2de4a1332458afd6bef6b4

    SHA512

    59da685f5b86960bea8d6901cb020c9042cd91d2f48a8b22f34cc692194693cda13ff3947720d1c1fc74b393f69959967ffdfc229686a9ce8715d0e3fbdc2a35

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8be22d4422e5d831a3313c664f5c3bdf

    SHA1

    5310717ff0b05a15134b54358e8cd995ee7a060c

    SHA256

    ac84ccda20d50a74e8a2e29a0bc64f2df198176ee7240bcf256464a8aa661e4f

    SHA512

    013f2f95cfe535d2eaf8219066c5da36aa77d74f003b4d2060c538b6bf183c80c2dd9c9445102af91cb988cf852dbd244b755e10718df79a67dfd3dab01178ff

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9671d0e86e79d21b3824b06d3073b15d

    SHA1

    04f1854632068de9a6e1e435934ef9e5f8e6949f

    SHA256

    44e43d71c4cb5b3541e99bd457594a568714ccbf6034f5d088bba1811186f012

    SHA512

    245c4d361113018e4970eaad3537678ace1b7c0c8887d754fb53121e04f035db2d55286ba22bbbb48d0bca3e2275aa1aa891a17d194b726b9b27704530ceb649

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b6b45407e05ea6d51bfe6af0097c77e3

    SHA1

    ccf0632f2d94cd11c204a563cf91eefda65d60b7

    SHA256

    1cdc0bfd17d156605f5a6f210c376627cd17d2f9c550ac11252770b6ec0e794e

    SHA512

    6396b8c3e5e0915dc03e83cad0228a3ff751244608a5ac1cb386e5fe31619f6720b2d392a402d1926ab5f20689b4a3fa9eb9491d27d6c7a4cd98bd7b4863d378

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3f28eb83cf651ac6d7dd4ed8e525cb45

    SHA1

    98328357181502dd0c48e996350e7585ee11ce83

    SHA256

    e21e818fe4a470629c2f190f40ad69d3210e9a04263db13e513cbbfc068b9f53

    SHA512

    8d5fe879de2edb200525b22c65a0ac06742c53046cec41321f4b95f1d1f0e50bdb2f0cdc9a1a8a6a45dd0d90bc974601dffac95330a6d6300f28021d78955496

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ccb433d9ff0f27b2c13b84a291d1fc7b

    SHA1

    a990587f362ab0411ae1f6e99857c62239d913de

    SHA256

    470f0b40fb8a9421c280e9c02e9ca2b58a6ba0839e4f6c6c7280a15005cd0e64

    SHA512

    2ba9a0cf21f8185f297dc2de557a58f6e50d8841edb6d38a9af0fcf02c02a9911ae9ea4bbd9fc0a8c3c8c4fb9554bf4521cef48d6e3520fc95bba58575ec0928

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a54e5318315314b7d36602cbfff8babb

    SHA1

    27124b3a07115a5db24024bd479d98ff3df6f531

    SHA256

    7ab2e223e603bba42b448db0b54fb20e632559cddc17a782fe8178ff7fab45cd

    SHA512

    0d3ad0920e05d2890c47784b9c7f8b146cd2579d99537419649edb5b6e9ddf441d0bff270ade2a504b03e7a6df34afd1804068e58c3732fdbcce0b4a22a7222c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5f9902c31282ec0e9e837af8ff03e60a

    SHA1

    6dc16dc495172bbfdda73a09aad1abfaee7f12cd

    SHA256

    5b798fee20a79e53c1beb493626bdc451c0f6906f8c9cc5e51359ad5a80b6fae

    SHA512

    43d469ce15a4a264270fa2fff6578d816dca25dfe953a0572c03eec1be1d3d322494a01943e18788f351396c1455f51fbce8ea512125a8b15cd3619760e3e686

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    bf96362fcc76e86bc9a5da4b42f359d9

    SHA1

    2611441c66f4519d9147c385e77663380bb4b967

    SHA256

    fd12d765913b485aca5bbcd682e7fb4da91e60f2842c7a2b4c8e948477e0e320

    SHA512

    b84ed384c9fe95f28aa9d132792460219c7adff3a028fd6727cf0c669de43a17add98845a083d09ab17fb82b9926a048954ddf026d8649ce3046db76f5581abe

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab7C92.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar7D22.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\go.reg
    Filesize

    2KB

    MD5

    82d6525e15a0106f80a26b9ff9155ec2

    SHA1

    ce4cdd54ced1fb8571b3b2d452033473365a3cb8

    SHA256

    bc2b5691da50b6bf526d284f0aced0e048f2739607f22bdaa828f8d5ebd13eab

    SHA512

    7ec1f2bb5cbdd4dc85c509ae399c624cd70acb6cbcb971f10eccab0d8c0634e9d103fef4d0de12c3ba93f369c72cf4ecead2232c24c6ad94b3e6927b7a26bdde

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\go.vbs
    Filesize

    1KB

    MD5

    3e8e40698eb487d341f9b50170a83178

    SHA1

    0fd53ce1383333929b7f50ad148c6d29f9752619

    SHA256

    c26b201dbd639bd67c26f5b490cc3dbb924f021a2c319e5557cc6ecc0fcc29b8

    SHA512

    4a8b45787116a474b68e44e6463b1082f3794ab7ff61970336088507d240164bc83b47c496beed79fbf8124a270ce06164da935a8801774c319e7518362aa2c0

    Download Submit

  • memory/2760-9-0x0000000005110000-0x0000000005522000-memory.dmp

    Filesize

    4.1MB

    Download