Overview

overview

7

Static

static

7

2ddac264fa...18.exe

windows7-x64

7

2ddac264fa...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    08-07-2024 21:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2ddac264fa32d31eed68c3f46fe793e3_JaffaCakes118.exe

  • Size

    191KB

  • MD5

    2ddac264fa32d31eed68c3f46fe793e3

  • SHA1

    eccac28f065aec7080299b6ef7da26962527c013

  • SHA256

    b545c1b6080c24f24d6807ec74363b4983fd0c2c3d0ff3acb5f057bb42127af4

  • SHA512

    39cfe52f74cb1b90672b0156d1990add4cb8a5eab3f8446368363b25f07c380229a6584661b70db8051287dd483b4136ea21794698e0a5cb0d28783b7eca7f4b

  • SSDEEP

    3072:FdTejYQcRkBtZy/kqtcGxekIQ8bqJLSjDexH0THKLW15Y5dyO5SDLm9qJV8Vd1vD:PWfUkBPyrtBxgQTMK0TKpxS3H8j0ba

Score
7/10
evasiontrojanupx

Malware Config

Signatures

  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 35 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 9 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2ddac264fa32d31eed68c3f46fe793e3_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\2ddac264fa32d31eed68c3f46fe793e3_JaffaCakes118.exe"
    1⤵
    • Checks whether UAC is enabled
    • Modifies Internet Explorer settings
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2676
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.regnow.com/softsell/visitor.cgi?affiliate=36566&action=site&vendor=11040&ref=http://www.fenomen-games.com/_files/chromadrome.exe
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3060
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3060 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1240

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f1f01cbad689ee07aefa189589f82a01

    SHA1

    beff5cd1441b4bda86ff4f75da900870c3c17006

    SHA256

    0d122b3924e148e93dd04c675622bc3c78a97a89f20b7a7fde87661bd50a2576

    SHA512

    6a6b923bdddcf83b16c68ddbb1ea52e5a74af663a2e19011dd60c14c29733d0e5de5e4fab5a02d05c722f61182edaaf009d9c8b059bcdf21489be0ee1d4adb5e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    dce3efdc94b662a274a766dedc9ac309

    SHA1

    c320c9e0f475a6a008563b969a83aa8254fee170

    SHA256

    30bae3c83a83615822841032fe3aec5c058c21fbfeca1444a1dae157fc8d9ce8

    SHA512

    1e1100bf472e8f3fae2b5a342395b548c1a6daf4b73014c44836e33aee304cd28c491bbec6dc867ed8652d7389c52a31a7079d99486d953cfe3559d1519314c5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    aeab15d2aaca6903f95d670c88f70fd0

    SHA1

    db46fe7f3eb71da39496ad092a89516ed7a944e1

    SHA256

    d5212156f93a422f2dfb6edd7b0348a4a5b17deb83b172885c44e075bd257aa1

    SHA512

    530e3a0ea9ca6c29a769dcb9d475c6712af31d0ac3e0176d37c97b6ff6eb21e5b649dd8a379cba3cb30356f3422944cb08b8b23e69b7d90ef4743e6ca17248a3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e168e798dbf6a643071b7b0d27d370e8

    SHA1

    6d30d1e75d435b65e8c19eb831cdd36eba86199e

    SHA256

    06f6e5158db1ded276144e840b5671769fb7530f8b1e134a0ff0981a133a6439

    SHA512

    e1b9d2ba609b530fdb2ebc72506eca9b7c39c8feb37d86204d0e7a6fec68d33c666d9fe34aaf400343550f842c0a8262a257dc59dd801b271fd37d3ad23c6f82

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    01092e940c9c36aa62cf14d4a7723f0f

    SHA1

    60c52586dd6c7f77aa10b3b993c5c2ef9be2c575

    SHA256

    dcaeefea56195883c783442f5cb09754d6b725fc2d9358be16971a11286810a3

    SHA512

    d476d8b90ab37e7524aad09bd0244b8e182db3c6ebd3652afc616a57e2e48fbef56fbd851050167ab508a4d954840726e1590c9d605b30db9f4734068304d4a2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    eefbdc4e39a7fdd6c9c47a77ecc77aad

    SHA1

    cf5b9ade0873f9124ca75884da43b8efa0c6f5b7

    SHA256

    f6746424540a989e5bf160a4726824d5ad3ae4faad949f9f4e741efc32bac895

    SHA512

    8c329b7ec8d6831c320d382da1c0f4878f9f4bf15d16911282429944a3d0c9459ce145ada085a3209b5e79bd250260695ef4e7f0bb25d2cc032c0bd272979aa5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2febf3b3c5162bf1508bcc734ffa967f

    SHA1

    5c8f01c778107b254d48587024ac502573260547

    SHA256

    f84aae7f138dd3315919afde1644497cf4545fa1e9efc61ae4dc6f63a119c9ca

    SHA512

    2e1867c828e99df5c3c781fb89f31b2fb09090fc9d1338cbcc2442c5d36cbcb4ca2ed10514dc4d2f4254d41fa53834286984d9522bcbfb92cfb9e008872862a9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f7951291a53623a53c9e93faf621818f

    SHA1

    2b9c2837470173f54bef8a0d9ede089786e19b31

    SHA256

    f2d5491bc7aaaf42d1ba1436194caace6ae458ea49d39251c0e7e6d72ff029ea

    SHA512

    a5178e814ca04d8465749aaba79003500f1a0cebe0abce05159a6cea080a3f8e5a41cfa29fd93daf6c952190229c657daa453ac6df3bfa5ac2b9dafc4f9fc45a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ab9a3e123d2cea4f06657475d3457392

    SHA1

    1f65c2ead6526a1b7cf31c337ede5a08ac4b958c

    SHA256

    c782ce8deee57012af7194b4f472b008a36f6fb036563366894e5f1965744736

    SHA512

    e71a06fa0c7b89a5df66f59db76c7fd8d3728dcb22799c10380e6efc536148c14b703d1c7100e66e9474b535bdf6f55595df5fa91e94bc3fc63bf6ef61f9908f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fa88bf925f60fcfb61937324ce21addf

    SHA1

    1c5aab77cf75d72efd19a30bbf69fc08ed257417

    SHA256

    72ac5a15250b45d44b53df4a9308194aeb330385ff7c960c706d8986a0332085

    SHA512

    dae430bcf6cdedc75492c54dc4639016d2e84d1ef6c253be5cc0f9e8ee703e8a1b972bbae50f7bbd79098005b2dd43a0d854207967d5fdfef6030ce24d04762a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    479a75b367119bc2cfc3933950f80cc1

    SHA1

    3eea4d77ac14d1828ffef304664b66b90e0886b5

    SHA256

    7ac7f51b8e5cebdfe92d879a38a4e259ba0209b35473bdaaf7d661cf2c930831

    SHA512

    4ed3435f7796346446fba146094369ff9fc1d81fb7e93cfabe3841163684329db090dcd62ca749da6d32adac513f805612cb21acf999dc8eb6538480270341f9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    652428975416e5910ca5710972a469ad

    SHA1

    43775233ba14bb63fb5c54f288cecccf735571fb

    SHA256

    b2f312538cc63742fcb5b53dd4c80a86735ab1c4c485315c18a72a15d7f67903

    SHA512

    c761fd204396cacc34aa2f45ec8d0c0d31345b4f5e6e3f9d5c1c8bb0460c67368e12ea8d91b00e846b7dbbe2229a9fec09822332d4a42ff79155d2d38ad986b4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    84788014d0a2dfc0d9fa12e395b72a25

    SHA1

    f28204f6b466387be3b1a91ebd4f0796063c3a48

    SHA256

    0ab95a6f83f152ce049baaf453f45bfcbf7a7bf3d7c32db8ef8ddd9f1d238f16

    SHA512

    973cc67bd471d2319dbf562e9904fe43489e1b0d9dc25dc17cdfa0731fb1ac198738b4c202ad498ab184cb7bcfdd0a17c84b206b9509df8fa5ffd52e3346bcee

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    03297f73f9c3674af4fc801337a66ff8

    SHA1

    3ef758def08cd90487c8a81039c6e7b69195fae3

    SHA256

    11ed40e0b34cb234521d8615ed5853341a972c465dd880297534e35fec9798b1

    SHA512

    e9fe97600cf023ed1221666aa0080e3d210bacf3359c21c3a7e5e26764914ce5ef09985ae2c45254b8485c6d07ffa2d6d384bcafae37ec9884fbf1c8cadea58f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5eacb2832c0c212c849ce18904cd8f3c

    SHA1

    33d31c523ed3dea1cdebdb3603229543ea8e06a1

    SHA256

    09e67777240cea5cd0c310d796270dfc49ccb980130dfae3f89710dc59b4d79d

    SHA512

    8e05adae3f9c3fe4eb0f6f4f788120ade227ef643c303739ea0e9d22d1d5c1de5aaf2dd0ead3b9ee913ea57b3f1c2719a4f57400310b15c3b59d07d281d298dd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1f8dd6d05b1f64b67557fc1df6d80d64

    SHA1

    143667b940144a6ddbc64ff6bcf460535f711c61

    SHA256

    9c040507401bd00402bb69385d2a5a0aacbd61004a9cd3b4167ac5ea082cbefa

    SHA512

    36e50020962c96b83c709b5a05c3e69af33c8cac7e7920cbbffc9eb57f254ecf0912df22186115de42447f49a65ac257e8dc22756b48efb075554d94a2d2ba59

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a40f5295261d07e3aa178dab316fd619

    SHA1

    e85ea02a8725c0f8a445e8b0a85762607398922f

    SHA256

    aa48055ebdf449ef2d96011a51f74ef09383bf220070e4d9d6e11eb0140ec9b6

    SHA512

    e1499c2c8c0dfea7ab642ad806944ba1cf7a7300894f1b7d05a9657f423edcc62bb1e784b4bd7d4dfa9c5800ad3d01f83e44aa15dabfa5366effccb712baea7e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    24c7ee4bfe52109bc976858d0f88f291

    SHA1

    da0190678140ff42bb872007b01103b868c3f206

    SHA256

    c592792410d154b02e2238f86d289e3d45d1c361408dbef500ec54ec3e0d74c2

    SHA512

    4673eaff0eba0adf77d524fab9b284e7b9391345d85bb9fb491f76e66517ecd5e4a31048d5183d5f0ad03fd83367e5a91dd710a136acdfc2e69fe2bb8ad231b0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4da295e4d7b37971ad57c514672615da

    SHA1

    c58f389b9501b253aa864342d1638b245abfd803

    SHA256

    d09cf1077932fd36f09800ab79544b1e74be19d5c883a599c33464fdef1b0242

    SHA512

    63a42edf6a8b273b0048425084208aea2f825514073c522523b2253042b7b58faa0cec3754609d056fe5f7f9997aa9316a7a9961a643baa627ed2314cd0e5fdf

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab8A48.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\FG.url
    Filesize

    192B

    MD5

    0fcf82b5a915470e8a79d3516f582a36

    SHA1

    75f81b41607905b231521243129aff3554a58db0

    SHA256

    076264d4f165cef82f0cb07f6795f1d5ffa74741a943fca42cdeac65823bcae4

    SHA512

    adf69ec56756fe672677b039cb44bb13fc3adfac569f5ea4eda4e7b35de5ebe0229c5825ca8337aa2c623a773bdf775ddd3689e9fae03a7af1f694576d954293

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar8ABB.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/2676-1-0x0000000000400000-0x000000000056B000-memory.dmp

    Filesize

    1.4MB

    Download

  • memory/2676-26-0x0000000000400000-0x000000000056B000-memory.dmp

    Filesize

    1.4MB

    Download