Overview

overview

8

Static

static

7

2c19ed699e...18.exe

windows7-x64

8

2c19ed699e...18.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    133s
  • max time network
    134s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    08/07/2024, 11:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2c19ed699ee29594ab26c904740f1344_JaffaCakes118.exe

  • Size

    250KB

  • MD5

    2c19ed699ee29594ab26c904740f1344

  • SHA1

    32a2d1dc0bb2cf4b68e097d5aa570b42e888a1ec

  • SHA256

    965f74d1a79e8a069067d23609b1223c5b81a8cea69465d168a490e8622111b2

  • SHA512

    417dea6e1eba664914d1b4ac0f4d2f2f06eeda52e6c2bbcc085d4b9ecee0deaf632647091f380a527059a3493d71ad513221d1ad4d58a385335961f5c2de3050

  • SSDEEP

    6144:MhieuJDr5T8b2ufqBLjSB/MS7irtIa6cwoD8ZroSfjGFA:9eKrJJuf86AYcwoaoSbr

Score
8/10
executionpersistenceupx

Malware Config

Signatures

  • Boot or Logon Autostart Execution: Active Setup 2 TTPs 1 IoCs

    Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    persistence
  • Deletes itself 1 IoCs
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • AutoIT Executable 1 IoCs

    AutoIT scripts compiled to PE executables.

  • Drops file in Program Files directory 2 IoCs
  • Command and Scripting Interpreter: JavaScript 1 TTPs
    execution
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Modifies registry class 26 IoCs
  • Runs ping.exe 1 TTPs 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 13 IoCs
  • Suspicious use of FindShellTrayWindow 46 IoCs
  • Suspicious use of SendNotifyMessage 21 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Users\Admin\AppData\Local\Temp\2c19ed699ee29594ab26c904740f1344_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\2c19ed699ee29594ab26c904740f1344_JaffaCakes118.exe"
    1⤵
    • Drops file in Program Files directory
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:2480
    • C:\Windows\SysWOW64\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Program Files\WinRAR\winrar.jse"
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2752
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://www.go2000.com/?g8
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:1840
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1840 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2276
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c ping -n 4 127.1>nul &del /q "C:\Users\Admin\AppData\Local\Temp\2c19ed699ee29594ab26c904740f1344_JaffaCakes118.exe"
      2⤵
      • Deletes itself
      • Suspicious use of WriteProcessMemory
      PID:480
      • C:\Windows\SysWOW64\PING.EXE
        ping -n 4 127.1
        3⤵
        • Runs ping.exe
        PID:2460
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:2424

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files\WinRAR\winrar.jse
    Filesize

    11KB

    MD5

    9208c38b58c7c7114f3149591580b980

    SHA1

    8154bdee622a386894636b7db046744724c3fc2b

    SHA256

    cb1b908e509020904b05dc6e4ec17d877d394eb60f6ec0d993ceba5839913a0c

    SHA512

    a421c6afa6d25185ec52a8218bddf84537407fd2f6cabe38c1be814d97920cfff693a48b4f48eb30c98437cbbb8ad30ccd28c3b4b7c24379ef36ac361ddfdbf1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2f92fc7393d23566a5d03874c1fc531f

    SHA1

    07d8a35e064333f409925cfc121554133f022fc7

    SHA256

    83949d80b42e36ccb14a887f7381b2b0cdd483febac8a048e0c5081b1b784c8e

    SHA512

    be793402f15639e8e73b2dd725c3eb9fa18b9181b25529276c9b2c767553a22871914a3da0814bfc14923fb34319bdef4d4e209e23af292fba1f80264b72d492

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    25f8ef7cb073953e0d648bc7985c270d

    SHA1

    bc568099d8afe24caff40f70699ebaf76f3950b0

    SHA256

    ed2467f09a002ae92510e6e03737b86f4e8651b7766ecb19cb1b2873648054bd

    SHA512

    ad42e7df0fc56ea748cb621e4f9a77263d2136592b82d2e0b1c78adffeb76d15fbc3f0006cb748f7074ba06d2b61fb170c583fada267d3761a7b51fab31dfea1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6d6a5c5f2eddb37e5a00c7a3442f5cc4

    SHA1

    eb6eac50f51b9215c17441a0cc0fc6e9b13d15ec

    SHA256

    03823ca5e408288e4db69b3c24900b3250b4d3872b05e82fa461e95cf5372e7d

    SHA512

    689b9dc1cfc44b6eb9f2c5067d4cfe7c7e3027104055e0a496b78877566b529de96ec6dbbad93204d5acee35908c096f886c761e1943e37c2d371251d779df70

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    84b5e6fd0e79c9579a24eb409fed9d23

    SHA1

    e2dbbc1184368b1868053d17f69c244fde0071a3

    SHA256

    06d78347585fe35a2ae9ee042781a2585eca380a4c8172f565bff97d39494914

    SHA512

    75de575a2c2592582e7e2842ebb88e88312a7267da66eded8d0156c4682fcce04b663e97f6dc565fc877291c5988cf264f68f61b8e239df9b0c157354aa8fee4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c488b77825d9fc27c8c3eb6907157c05

    SHA1

    8f898c3c707c16e761dd8b8fb1a1dad75cdbb9e7

    SHA256

    fc3d75821c3c9abbfc9bf6b292f9759aaab4364317f02e168d3ec164ed75cbcd

    SHA512

    5a8dd8477edc7b8da001786195f2f58dc52d4700305d28b731b91a88c34802626173dc6222034aecfa7e2e959f1ed38a61b64bdada0752fb873794671607acc6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    afff1048da7593e014e6fda948d69a5c

    SHA1

    dc44aa752f46d234657ce69a93bb2a871a6ed57d

    SHA256

    040924ec5582e0268a311efbd1ba5c99061f7390ba9dc66feec00b4205acad18

    SHA512

    0bb84a13fe42407832482e9f5755d7cdd9dc92a19f6ef2195f1b82f00dbfb4315555fee0253dfd331de069a09f4777ff374ac9bbf808ea3344d94fb2fd2d7b6d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    33008d8523c583a398ac83282ba27646

    SHA1

    a2a85fc82512e5271b7e794cb40b806de9763edb

    SHA256

    05b0e4e84af99436699c663b4a1d9d8877915b838aab28610c9f395d4eec9baa

    SHA512

    b3401f974e4033458a83c17c4b321c0857d6d68cc89a4e0ce4f32218f0d00ef3ed05202ab1786d029ce57785703e3f979907c47e733ed8e358a6567dcf2ff583

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b6c8b688fbba2414f72b3881b3afdd5e

    SHA1

    988b1dcbfe5c99c4d033ac6a62393f495221f55b

    SHA256

    6707e42d3b05665308a936d7b422a7e7f254f3532f23dd36baefc88867d1be1e

    SHA512

    48c4bb408afab1ca06179e976da900e16787f3df6aff9dd8293531657d30a72adc6466456573db397b9b05e8f6b2cdd2b04f3a463c00276d90f61cdc4454ba62

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    958de56fd76fc70049974b3a5082224d

    SHA1

    c9696240a8d6e08ef20c89e48826b16d57e11381

    SHA256

    ca297b058e5a51d9634d4b83e0064d3ee7cc6dd53944f7e5579445e4e986c64c

    SHA512

    b0803de85b404238e27a1b23115623c22c4ced63ae6de9b9e39af94867427dfd3ae3e13e078311281795b643cb2e9eb28eaad5c99ae618dfb526095f186b319d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    435e64dee696a9ec424f6368e8cdb436

    SHA1

    fb1fe4c3cac855fe2fe0a89ab9093b2c52961a94

    SHA256

    3ebdea4c5185d8184fbb195cdee68d5f108baa330c2a37b173e171894c22bd95

    SHA512

    1cc3712c88fe8712e136f50b7d74c71eb54523e80496836d0eb3233c9228e08e54e3e537271d63a3c14eb885ef595a16c4a51cd9b52d27182c16c27e7abf87e5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    87c2c806d568ab0e77d042f495a1f860

    SHA1

    4316389d96c49891fceea4911be0af61621dd998

    SHA256

    ea5da9efcc6b929806bca8b78c7ec678574a11341bae6a43a5e6bb2a0a2e2e60

    SHA512

    b4cad250a4533a1ff9eb818f2c4e93d47b275ee769a3359d0d06c217dceda7ddf499efbe3a240b4659dd118594faccf8a5f6dc756222d93641f4dd09cb0b4250

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4decf360d53ea8170e243941a8e9212f

    SHA1

    261de6781f89cfdda80178efa9a2b18a5035ec14

    SHA256

    3e699eaed78588345250f7cbc81dd85cccc3b631886019f7e5a1350cea50e406

    SHA512

    5d6a615e6daff7a48c9d24ad4634d24c7060c6c5169b3955b8c7b005455df2e61e45cb019b10cb7d1a9d7903b090531389b051e9fddf8e5cd4b5e2db24b84510

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4b3124eb1a5d516247fe37d8fa824bd8

    SHA1

    ca4491837b88463976852f51e08d5a22cd5d2647

    SHA256

    94c192c113eb9c1354a5de301b11b7322d36d7fdfe98a607074fb61781465379

    SHA512

    ccd1b62c26dfa06266e63deee3dab8c6c279ac2d610ec9d52fb74b78c8e2ef7cec030c1ac1f7a7ba4d722802962e1b2e8dd2c348627a5573cf23ecac829ae120

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab6BEF.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar6C11.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Internet Explorer.mmc
    Filesize

    255B

    MD5

    a0c4d2f989198272c1e2593e65c9c6cb

    SHA1

    0fa5cf2c05483bb89b611e0de9db674e9d53389c

    SHA256

    f3170aeec265cc49ff0f5dcb7ed7897371b0f7d1321f823f53b9b0e3a30e1d23

    SHA512

    209798b5b153283bea29974c1433fe8b6c14f2a54e57237d021ecc1013b8dc6931dedcc2fe173d121c719901045fdf2215177ba164c05d703f2e88a196252ec4

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.mmc
    Filesize

    149B

    MD5

    b0ad7e59754e8d953129437b08846b5f

    SHA1

    9ed0ae9bc497b3aa65aed2130d068c4c1c70d87a

    SHA256

    cf80455e97e3fede569ea275fa701c0f185eeba64f695286647afe56d29e2c37

    SHA512

    53e6ce64ad4e9f5696de92a32f65d06dbd459fd12256481706d7e6d677a14c15238e5351f97d2eb7bfb129a0d39f2603c4d14305a86821ed56e9face0bc252b6

    Download Submit

  • memory/2424-1001-0x0000000002A60000-0x0000000002A70000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2480-36-0x0000000000400000-0x00000000004B1000-memory.dmp

    Filesize

    708KB

    Download

  • memory/2480-0-0x0000000000400000-0x00000000004B1000-memory.dmp

    Filesize

    708KB

    Download