Overview

overview

7

Static

static

7

2cda586136...18.exe

windows7-x64

7

2cda586136...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    134s
  • max time network
    129s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    08-07-2024 15:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2cda586136f8a627a6087dcbfafc6e6f_JaffaCakes118.exe

  • Size

    3.1MB

  • MD5

    2cda586136f8a627a6087dcbfafc6e6f

  • SHA1

    f0fd185a614e0e8570f32206ffd885ef0060d4a4

  • SHA256

    5af5ad497c0b13118c5ce43ccab49e28dca7623ef501211975898221e238c4a3

  • SHA512

    8f7943dc705ed7a9ad2fa94cc6483bf45ac13117aa2545d2b06288dab119b915d405962838b3152426d17fa6550bdf2e018e6532f925b55643ead8334a16ae24

  • SSDEEP

    98304:E8R0S0Tk+u+6x3K3n75Ye3osBHFEq7gh32Em7:Ei7+KVK3Kmo6FEOghm

Score
7/10
vmprotect

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • VMProtect packed file 3 IoCs

    Detects executables packed with VMProtect commercial packer.

    vmprotect
  • Drops file in System32 directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2cda586136f8a627a6087dcbfafc6e6f_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\2cda586136f8a627a6087dcbfafc6e6f_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in System32 directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1424
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.dnfjinbao.com/
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2788
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2788 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2968

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2dbb23dd14fc0148a728c2b38ba0f7d2

    SHA1

    905954775a19229797f9d3874d0bc7dbb62bbb7d

    SHA256

    04bf91e4f8e4f2768f1eb2b4236e7a0bff01841cac9b01ed051f5afdf9c663f0

    SHA512

    9af82ac3aa04921fbf8a0cac3048ea6244a36943e875b3260e7b2803472dfb55be72383f41692d356b4bf9e468bfa042e5972edfe667501e4e32a013f948f55d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4f8ddd940c7803c14aa45b3840b35e87

    SHA1

    dbda02079824dacd9f394f555fbf27018996046c

    SHA256

    48b232919eac5d0b3fcd712c61f6a01b8cb9ef9b4e3227e69d2c109425059605

    SHA512

    5f40d5caa69e5ef08a51f991ddc4310a4ab4e262c5a008b01bcc4a27246b63fc0f0af68c64997c581c4c7410ed740aa48794b601c4e9ff543b9eeb6cc0d71772

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c13d064f09f9dcf990aa4418c23c9ff8

    SHA1

    eaed3402d37ee4ee4819091a1e18d39c4022569a

    SHA256

    5fa5468001c98c85bd413e560f572871a8ea6ac2a47d69f8f496fe3853732ddd

    SHA512

    63ffa3d7cc8b3c5b72da6dc3a231747a28e3cd77a56c665c477d9b98ba589579f11be084bd34cd807e170affd5160eebf65f5934da2a92e6202921f11bab8715

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6a9c966abdb47a225fc08ae0ecfceb1e

    SHA1

    eaa8b0640226a63e97a04d0dd644051e74422f33

    SHA256

    55a05e53785ef15cc6ced4348fd650640c026d287e6d947f13b3dfba3870a192

    SHA512

    93e58976da30ce274a03b155908336cb4b22fcfd6e309ea07b30a57a24d9252ad7dd2290a53fbc20490257ef4560daf6214f9c94006c434ef9417a81213a6167

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2a236fe61bbcd848c7ce5aa9289b5e9c

    SHA1

    fcc740bf2c57dd438f64bdd4bc0a92f65dba1f00

    SHA256

    998181473cc202abd2eef9c7b49ee007c5cc04c598959e5c33e67c12ee8c98cb

    SHA512

    1b02766326d849e3490da711ba5f6a37a8d6454bd657323c5c24e2e5b1aca9f6edc8c3586afa25cf19b2d193ae1e6f1d6ea839583f9d34ee57a308e1d899f8df

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e5283457e69e93b3be2d74d0f67b242f

    SHA1

    89c5c3814c0f3aa8c748b07b89299e5f8c7cec85

    SHA256

    b93e4d7c32f248fefa20f4e0df8c7f16c1239b8da6ab7df3d67a0107fec8af61

    SHA512

    0dfd511553610067bb1980c1472471a9d179526669c8c8e596e46c226bcfbcbdef7b834768703e295d6a8e2acab011b517ebebd56ee5646e395a4a58086b2b78

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    83fc3e9926fa178f2b5e2a03064d13a8

    SHA1

    6c3f2b804a93cc61235fdbb61048896290cacc45

    SHA256

    fe14fafdb0a6db39f405b1bbceff9171d18233a7d8f942aaed217c0975f18ba1

    SHA512

    f1d0164615810d12dd45b3c7c16efb947acecb85e15dd1f63f4244742b449fd62a384f4d57912b877fb6f291026180fa3943b90d60a94e151be54f2c54495b65

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    39ae139ac2d2433535898665d1da3cb5

    SHA1

    308fa7b1b5addd89675ea959b1a7238b6b6e5655

    SHA256

    c18b109d39cdc0f03a53880fa807c74d2ef108126111b4edb5d3b245e5975366

    SHA512

    4212cdb57fa30a50594bf83bfa3caaf29a3991837646227917aa31d0ebaca572a0e7fbeb96c6a57d5022865f61e77efa7bc4b40b231499e302dc26c5f5a1441c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    bdaf63a078fdec4d400c167c3a99b536

    SHA1

    51bf8498aa9770f1acc66bbf853a6fff76d76ad3

    SHA256

    cb65f53104650e1513336bb9bb72e4c95e55844b4bb3c264e2dc9ac36925ca00

    SHA512

    6268871bdb9c7f8439c495ec2ea1a04db7b0d09561e5fe1b827256b37d8e251bac931c45c25a06e1e5864f12adef484fab6929f73c8ce785f96b118ef875da67

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    57c784751e7ea02c1ffdc185a91bcdc7

    SHA1

    897ee3560afdb5c9b9a87313d5e4cd8503696066

    SHA256

    3572fc03768e60b5f26d767961b9fa0474f795ec4e53eef20e07c406c672e58d

    SHA512

    62471ff98e11c98cbbcbd01d6cfaae83c95a25e98dc824e3ea6c4decac7768966d75e8dc27d1bf3b2d11516c50afaf85addd37c6a804d53ccd029943c64f8933

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d24a9d3ec991fd19eff239154dcf063c

    SHA1

    06c3732273587ec72b9785f4a7946533a5bb62c6

    SHA256

    5061cd4a7d7ceea0c74ff1ce30c18c252c0bb9ae7007293476e0206a496fe3e1

    SHA512

    63cc750aba6093ca85fbd4abfe369044130541fd65429aaf891166e565d6c3a0c6f8e40c8fa6fb8d2136d93af2ff84a1ee96705864bf4aeed6da831478dd4b32

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    46f821d272483d600d12fcf9f6d572ee

    SHA1

    c65c8b3b6bb0f1e55b9f60464f2da008cd632c97

    SHA256

    04c09909d8849a413e311641b02c9ca93041ebb2bab90e441c6b88a965f6c27c

    SHA512

    2b8adb21ef7e82772e778d10948b82347037407cc8a4af9a17d8433cdcc4d81f51eca883a6564f2817ea6a8cd23b3d02c24a07bab223d72a2dd7a314e40be117

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a3cff8ebd7a4a3d61ec5fb34b5d23f41

    SHA1

    8aca3ef22ffb01b4bb0294f3268b6c9c69bdb606

    SHA256

    86ff17d4f7b714ec5436498be9a211d5094fc5252388303a15ab4f9169e30a32

    SHA512

    6ecedc492352a8be22f8b98ab4dc66e2e07a818a1c250748f75dc6f1481799d4d4aafb5a3114ed65e40c07784f39895ee11f123225dd8b71c5b48bb32597f000

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6b67935dff0748835199dbc020388d2c

    SHA1

    4da4b046587c741a68d99df87a0388be42c87f97

    SHA256

    fff6fad3aa77ffd9d9fe3c7a040721bb4b4f16b7a924975b230293bdb2499ea0

    SHA512

    9e96ace789c4eade31a9e77761dec94d290d92bdd690d775c1e55ea225f04fc59b9f78258c0378eecafbf325937d8f442ec3c11a120500e96b5a89fcabb3ec1e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    de5833393646a349b028eba332902937

    SHA1

    5d8110eee760cbfb19f2ca5921c3f2369ace2561

    SHA256

    4a01445c3c88af857a0c2e45da033f50b7d42f1bbce1d5ee44c3ef4dca5a7cdd

    SHA512

    11769b2bfe865feb0ea973800982294255bc043aca8eb6d519338298269ceed1064baaadc886385b1328ae15ccc554110ea1332b7397607a8592cb15980324e5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7a7218fcc8901f116138cd18e84b953a

    SHA1

    b41160bb9744973f237f7373ecc2057a682c0617

    SHA256

    f06e2dae7460cc68a3d098eaa6da9a222067cdbeb622c53c62a32b1543d2b9e0

    SHA512

    a62ec117c7d278449021fce4e916650b54c0921cf7e1a4c650a3de32f7f6f2323d99312271496657e71e54b37023a30a406edb500a262f19267fc7865ecd72e4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ed9fe164545d182dd4436549d2291088

    SHA1

    0edadd81141fc7c0095a69ad027a9b821a223cba

    SHA256

    abae8591fee6903034dbc887c8090d47267903aa6984f5332b2daf826a581beb

    SHA512

    12fc6fa1eab0a18543f121f0cc4fd82d460d6ab385bd4789575303c8428179d690e7e447cd6ff8cb59ce1f0c294c4f561b4e3c3b6e3d075926ad99a05d999e83

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f8ff7208b26857c5e10c34bbe72ab082

    SHA1

    f82c79ce42f6331799ca67512e23d8fc6779b065

    SHA256

    3cbc035ad6c9068fe1f3fbd3f00d6b7f5940d478781522bef85a40fadc642068

    SHA512

    324dde70e80066a26cbc7ef56b2d8bba1e117b3a2140fa5f7f14a6abbcdbd27bfd89d06c2a2f05e3e6203c4567cde6c691f6a6e5c85453a6e9e48edf788c9b50

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab12.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar74.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • \Windows\SysWOW64\SkinH_EL.dll
    Filesize

    688KB

    MD5

    bd42ef63fc0f79fdaaeca95d62a96bbb

    SHA1

    97ca8ccb0e6f7ffeb05dc441b2427feb0b634033

    SHA256

    573cf4e4dfa8fe51fc8b80b79cd626cb861260d26b6e4f627841e11b4dce2f48

    SHA512

    431b5487003add16865538de428bf518046ee97ab6423d88f92cda4ff263f971c0cf3827049465b9288a219cc32698fd687939c7c648870dd7d8d6776735c93c

    Download Submit

  • memory/1424-441-0x0000000000400000-0x0000000000AF8000-memory.dmp

    Filesize

    7.0MB

    Download

  • memory/1424-1-0x0000000000400000-0x0000000000AF8000-memory.dmp

    Filesize

    7.0MB

    Download

  • memory/1424-0-0x0000000000400000-0x0000000000AF8000-memory.dmp

    Filesize

    7.0MB

    Download