Overview

overview

7

Static

static

7

2bcee8ec35...18.exe

windows7-x64

7

2bcee8ec35...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    140s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    08/07/2024, 09:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2bcee8ec3553f8f30ab2001422bf3b8a_JaffaCakes118.exe

  • Size

    234KB

  • MD5

    2bcee8ec3553f8f30ab2001422bf3b8a

  • SHA1

    96326838e22a0fe6d6ef8d51fd7ef79f10e275b6

  • SHA256

    6207227790b2ca1123211e9b0ac38c922e19fee23b065e79767716453715745e

  • SHA512

    a4b6a8ba93cec2706bebe334f182f703542a63cb4502f705a4d8c88ce036745789294796a4fcd1eeeaa8f635e2365b2b8c8b0b3842839594a08d7c23173438bb

  • SSDEEP

    6144:N6/HfGdFjZvU1MSGTRa4T3nw9hr4A9KW4uaSoSWOu:KH8FjZsCZYg3crzkX6oSWOu

Score
7/10
evasiontrojanupx

Malware Config

Signatures

  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 35 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 9 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2bcee8ec3553f8f30ab2001422bf3b8a_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\2bcee8ec3553f8f30ab2001422bf3b8a_JaffaCakes118.exe"
    1⤵
    • Checks whether UAC is enabled
    • Modifies Internet Explorer settings
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1904
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.gamecentersolution.com/downloadgame.aspx?CID=21157&AID=1019
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2564
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2564 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2408

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0d7d71b34453650f771c16dc260eaaa8

    SHA1

    524bff7ef084b2aac4abdd5451b60abfe14460f2

    SHA256

    3b525cc30e0e1c4fae2628407da1d1ecc21079311c31df2263afed1e82bb83c4

    SHA512

    52d000fd63d76a3e361ff7424a7d31fdbc31002cfbc39667c5bd5e59e1076b3822865c1df83830fbf937fbe169eb7ad415f155c13fff7b2c63c2bce548ca22c5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f980cadc9fb67d6bf9bf64d06997b894

    SHA1

    7ab92ea210a0ebfdfb07d183ab6e6df7271471d5

    SHA256

    bdf5a02926a38850059a7d127f106a5b401b0452573a88db49c351ab4450c751

    SHA512

    9fa4b278210ab05b266c411bcb04f0ad813a8ea832b948b765fff80944f38100affa5b74f92fbd69457b5c46adcae84182a4c8d9759ee397ccbc190b10481498

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8bedab657d2f654eb2110c881d8d4e15

    SHA1

    6894717c450557ff54d27a0b6e5fbffe17d62f7c

    SHA256

    4d2744777562bc52ffecc2f2acffb6ccb9acf1efde08915bc2821a65e06b0a3d

    SHA512

    b54615d525e65dcf74607fd5474c5d2b3d27cdc0615d7f6fe0f9c2660f00c9171c9bb899491d756b1d5500f803d2d7d434f5db885307974f56e216998fb3b7f4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3637221392a8c710ab8fad84ca40d4e5

    SHA1

    073b7852f28b6e11675a1ec25dd84b4a6793f3e0

    SHA256

    fc9497150a23b7cd09d659c93d612e4a482e6d8c2f2a6bdab7e4b690ec436e91

    SHA512

    091d1f7ea59248e53107bf5fd682b288526cdab0f6ff3f6b315bf883cae4d934aface95842d2b3b47fd211291f61a917f535926b12fe169a7531ba8612705d81

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    27a9305a7727eea45fda2b3c55f19733

    SHA1

    0fc27122a64a8c0d5e98b9d7984f588515e722d5

    SHA256

    e38f2c453c864b3d269884e67bf05a075bc2fd679f61c0b2768239d78f060ca0

    SHA512

    7cf6fc215dc261d188827725cd934ccc2d0d2cfd03ad125945b8fbb6fda89682328e2fecd89922756de7adc290ad31fb84028db4fc72aebebb6863f01795f774

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6dcf27160542dcc2845b2de1fe9f9341

    SHA1

    62e4520e3aae2e77f5a5a47dfa5edf6bc77ee16d

    SHA256

    39463669c560c0e8cd6f9b561b6236dcc433e95c9946c3f6f5c878e1da84bc30

    SHA512

    1b574376373a23b225ce12b5f9ccc01e7fbf45c94e531354f4bfba60e03c33144d2aaf903b5a15d5d71f38ad9a4c344a038348847b4d5308964972d074b41fc4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ba35e33f3656308f2d3096979851088e

    SHA1

    581899241a0f26ad5ee4dc973ba724a7fb10f2ad

    SHA256

    b8ff7e9a15d0b1d592d1a491072997389032719e67798a67679d2b6a239d7ea3

    SHA512

    c9ca63af91400caae254b2863e5b8b93033d08b5657bceeb2b616071a200e23b77d4fc529d2dc4694a0cd1c6a356df92309a42aa1631339ed02abb5c175290ae

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8098dabe620b401ad146aef6c1c12f9e

    SHA1

    56d413d2661b417fa7f95041ce3dba71cd5f001f

    SHA256

    470157dfd9804f3683c2ee8967401a1d8842e73b2e0c882fc060acb3b0940ce2

    SHA512

    d1958923ea79b58ec6af32e223574895bb336828b9b2ead933c94bac3b5674dc54d09de990eba24cfe911e924f02dfdd6bec426ac5eb0321ac97f8077b2dd24d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5a6541d7a4df28031f5885efabf16ae0

    SHA1

    67f25c74f2c4b9d8f51e45571b42809651c61e7c

    SHA256

    f5a289c4e0501c2191916818c93b1fb28278771884574a209b5df47ee5c3b8ca

    SHA512

    4662b87136487cbc802af3574aa174fb6b9a751ab6cc64f1a725aa547a27828311f0e380fa654b4eb07f47b35b1a5db682f5233fc09cbc08c22c1c78f2224edb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4dcd8138d04a642d457030320b7772cc

    SHA1

    8918e029fc00535acb2c3f3f9313863590987b98

    SHA256

    75558095bc0885f8d822a9fc6a8bb5cc39820c0d7cb69f9a38f1ac89eab3c9e0

    SHA512

    d3f70188b4b712fc45f74401423b5781297219ea1f37bfa383f43c211233bd08650856e6bf4bd5d82c3467a41017e26e39fc7480df2565b029b9342c6125f5dd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6aebcc5d4452c1afa6f3b72d10010975

    SHA1

    c0d9123f8abe67be19ae453ba9f5a5c1c1365076

    SHA256

    bf2acf3ab8ef59669af2552f1a203c5f5a8e94e4cb24e4d7a1fa3b8a970f503f

    SHA512

    e4316e42179007831a3aed102c72a3f233fffd66c28d8340507b5f1a738c0979e417f81ab7bc9ab9e7f737616d3711ff2224a3132b0da8058d3a81e37c93fb32

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    06578c530f53a40f74f3dcb777bdd793

    SHA1

    2066a6fbb67a47ef8df8981e7483dbdfbf066714

    SHA256

    7e8188badea011c9c5e7d8f685f6c48507b8f275f3d3f050c5785e7c1df68596

    SHA512

    32493df5e6650841011e325e72f0fa606022531283de2ab47239123e40221fe52210e72d2d8e0a409d31ad2a0e63ad2d540582d80af3102e8bb4da3c5cbdaa61

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    665852f59c67ef148adbb4a1679d3d18

    SHA1

    109ddbdb1cb8e8f0b22a20d43c226c309108c1f4

    SHA256

    2dd9bac1ae2bd6dcaac45520bea62ec2fab6a6cb5111db7b5c18a06f1be57d99

    SHA512

    aa51816ae1440467a0bd58ad1c6b5613a07014893519a43edb0ddeee5be37fff28c505606110dd49df9d19d2b7f9ca8d7ff1a5fc7057d5c4894b739024c359c8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ad12a114b1c918ea19f70af5502ce46c

    SHA1

    14d65e79e19ba4dafb9672f310ca914e1ecb6dbf

    SHA256

    8e4290a893e3dd42ccba8aa266c726e988b2a1667eaf6b4b7bb3fd496bd20e5d

    SHA512

    c856d33f4cbc90d26e439dd4d565abd3a8a8fd8cdc8e2372ffd4a8aa33b7f03b07751e34beb4cd25c7c96458ad01603debaaf577052c7b23894c3e226f2552ef

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6f5bfbb2c3ca4aa04c5f58ddaa7cfa3f

    SHA1

    c52ce635e97cf9274eff3ed221af7626f920e0de

    SHA256

    d1ec6c8f8293b8c342034f0000312f0cd1f8af36cfe999069546ff84fe68ce5f

    SHA512

    12543d5bdaab52fb4c2e135693ff68f486667b384185581f5bf5e46d7f8a20d040b2bcf77dc748eaaa9aecbcd286a0bde8e7a97b824af71cb5735489717a4201

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    405d8a85f9f115096ef75a54cfa5dc47

    SHA1

    0851f035733afda9c66972c04d0eff98b927502d

    SHA256

    4b3464d61af39e1651f18b4d7fab31fdf87b9a6be851003e6e5e910a8b986041

    SHA512

    f5307e4ec16de7b079040cb471fa272d88fd62477c96406c66d40b25653e050e9266aafea5eb9aa2c4126a242123767d588931ded0e3025f9a343b4061b5a3be

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    cd921050622ffba5576b25c335b8e93f

    SHA1

    cd4a7748318b60b9d7ad5919d7470133774e1a75

    SHA256

    7dcfa345f59cab7c086c7f1e57b7ad9d53da7d4bd670cd9485078ac264c0080e

    SHA512

    0eb676a9fc37fbfc0568e4aea465cbc1e1761bc0add50b03c726ca98bb69793cb06a6ec2d43048b0bb2aa46e3b75bfa8711da1e1d85a0dbbd6278f05957df0d7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9780e82054ab28ff189fed3e9cf7dc0e

    SHA1

    80d0af14f44b9222892afc857f54aa3d76d9ecef

    SHA256

    2ceecce1a005dbf6a4a8cbf143477d655e0a23611779c43070c02af9a7bfe4dd

    SHA512

    242313d62b66adc545b3a4baadcdb671b7068bd835431452acfd1507da4c654fe2838cc42fa7258761f3015b28d688c49839c9c7d6dd69fe1de1cfb0ba95fb0f

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabF5F.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar100E.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/1904-24-0x0000000000400000-0x00000000005E1000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/1904-0-0x0000000000400000-0x00000000005E1000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/1904-26-0x0000000000400000-0x00000000005E1000-memory.dmp

    Filesize

    1.9MB

    Download