Overview

overview

7

Static

static

3

3403a0c334...18.exe

windows7-x64

7

3403a0c334...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    118s
  • max time network
    135s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    10-07-2024 08:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3403a0c3345058015376d6524b18960d_JaffaCakes118.exe

  • Size

    212KB

  • MD5

    3403a0c3345058015376d6524b18960d

  • SHA1

    6fa9c77c728cf49537073a296c7ede99b21468dc

  • SHA256

    a8f967595964488d647c04187e54bfaa4998b040f34c7d20bf2b4f851428de80

  • SHA512

    56a9e75cc7433c304a6bef691ab798dbeeb9a7b16a03323efef31a8493e1e24dc33157215f62c3679f941f6bebd1fe24a3b49d2b5208065046ffd2f6624848b4

  • SSDEEP

    3072:Mw18r59QEyV6mv4iOi1EYysyIIDHGBAJ6tby9sfRG2c+++3:3EyV6mvXGsrBAJ6k+RE+++

Score
7/10
bootkitpersistence

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Writes to the Master Boot Record (MBR) 1 TTPs 2 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence
  • Drops file in System32 directory 2 IoCs
  • Suspicious use of SetThreadContext 4 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 28 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3403a0c3345058015376d6524b18960d_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\3403a0c3345058015376d6524b18960d_JaffaCakes118.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1380
    • C:\Users\Admin\AppData\Local\Temp\3403a0c3345058015376d6524b18960d_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\3403a0c3345058015376d6524b18960d_JaffaCakes118.exe"
      2⤵
      • Writes to the Master Boot Record (MBR)
      • Suspicious use of SetThreadContext
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1896
      • C:\Users\Admin\AppData\Local\Temp\3403a0c3345058015376d6524b18960d_JaffaCakes118.exe
        "C:\Users\Admin\AppData\Local\Temp\3403a0c3345058015376d6524b18960d_JaffaCakes118.exe"
        3⤵
        • Loads dropped DLL
        • Drops file in System32 directory
        • Suspicious use of WriteProcessMemory
        PID:2384
        • C:\Windows\SysWOW64\Windefend.exe
          "C:\Windows\system32\Windefend.exe" rem "C:\Users\Admin\AppData\Local\Temp\3403a0c3345058015376d6524b18960d_JaffaCakes118.exe"
          4⤵
          • Executes dropped EXE
          • Suspicious use of SetThreadContext
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:2456
          • C:\Windows\SysWOW64\Windefend.exe
            "C:\Windows\system32\Windefend.exe" rem "C:\Users\Admin\AppData\Local\Temp\3403a0c3345058015376d6524b18960d_JaffaCakes118.exe"
            5⤵
            • Executes dropped EXE
            • Writes to the Master Boot Record (MBR)
            • Suspicious use of SetThreadContext
            • Suspicious use of SetWindowsHookEx
            • Suspicious use of WriteProcessMemory
            PID:2708
            • C:\Windows\SysWOW64\Windefend.exe
              "C:\Windows\system32\Windefend.exe" rem "C:\Users\Admin\AppData\Local\Temp\3403a0c3345058015376d6524b18960d_JaffaCakes118.exe"
              6⤵
              • Deletes itself
              • Executes dropped EXE
              • Adds Run key to start application
              • Suspicious behavior: EnumeratesProcesses
              • Suspicious use of AdjustPrivilegeToken
              • Suspicious use of WriteProcessMemory
              PID:2832
              • C:\Program Files\Internet Explorer\iexplore.exe
                "C:\Program Files\Internet Explorer\iexplore.exe"
                7⤵
                • Modifies Internet Explorer settings
                • Suspicious use of FindShellTrayWindow
                • Suspicious use of SetWindowsHookEx
                PID:2616
                • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
                  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2616 CREDAT:275457 /prefetch:2
                  8⤵
                  • Modifies Internet Explorer settings
                  • Suspicious use of SetWindowsHookEx
                  PID:2292

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    766276821ec3dc9e67eefb8a443e0c77

    SHA1

    adfcaf326462b91517600feb17a12ff18dcd8ca6

    SHA256

    71ac74ef7fd3230688f5c5dbdd962832d9c27712182c9f938fd2bd2301b12eea

    SHA512

    62caf3a02c167cedc06de1c477ee1c969055e3883178ed8d9a9f91b31c844736db748a6c6c353bc3988a2577e9a4b966eed4915c5fdbff44789fc5d207c99ce7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1287fce1ae5e3ffdffdd631b5e53ec70

    SHA1

    760e586dd5b57333cf9b5fd9065b681c56a973c1

    SHA256

    766e8f851ed1eedbc28b199973981efe01f4b12b8f5ac2fbc21a74b2d20e01ae

    SHA512

    d27e1989f097e7b1a14e10bf4dd96f40dfc7de2069d4cd92f10bbe4523e8c7daf9614c819498acdd9759b1872a82c4e59402941d41778e62a34a07e2b4fa7a48

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    55248e32973cd381375598bf1eb3ff62

    SHA1

    50f752fd3025c25d27f65e42315a272a0e8aea71

    SHA256

    aab979dbe9eddc36418e9deb39386186fc22b8c8235e92cb7df3c1cc80867259

    SHA512

    69307c87d97c94591e6b99153db5fb2e483cea031c8a94b0c0d85e94d09888d5ab85e2a91f86f51c0457a0a34f7ead0462dffd7ed0826d0354c9445ea576f3cf

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    27a3e1ada06fa890b6044e5a548ddcb0

    SHA1

    78973760c2f979f0a37fbe7ff44022680afa07fe

    SHA256

    6311c58efa529dc35277f796f0a4df1d444e6c2cb590f712407e23543a084102

    SHA512

    d713217ba3b842214617a6d48f0f5aa6b6fba0367459f5feb38448214027116704b0949d2c3ad4a111a8391fffacaacbcf89f14cf50809091b60fff5bcb1bd29

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    188657adcb958a9225ee48578e891c18

    SHA1

    bcde06fc3c80e1e5acd7b02cd7a5b41965caf8bb

    SHA256

    a9e5259dcd85d85470ce4d0bd2e6e0c05b823df96bf22469134adcac186820dc

    SHA512

    407348b534ed3e2d74d4d732d9d59fd7ff424372771b64a24b25c738be60d9bd7217a602e2e8a7fb4c4d618670a34fd6012eb92cbdbcf3e13a6adfb90b6e824d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d9d69a9ec3b50906d005b95391ceaf06

    SHA1

    229164f72f92c145b73a86db24a61249498d24eb

    SHA256

    cea0d49c3ae47be12d018bc90d6ac8108b258f7b206aa212cbd9898ceb1d5adc

    SHA512

    aa5c8fd59e3698b72d6424dee3955d688f9fab13c195ad598efefb440886c7a58fedfc397c165dc16359e16553a5f8e4bb4a2fe187c544a847048698c69dd8c4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5337e0e8c8baca7116166e3579dc6c5e

    SHA1

    bd4d0b8cea2e257beb2f9b7f04e23b93eca5f257

    SHA256

    7986d6056070aa7d1612b9710addc5fb02a9f95624cc7e18577dc937179add3a

    SHA512

    810cc2c22383117302f73aa43139dff582633fabd740e584322972220d8efd231def8594a945b584312bb389eb32edcbf6b2444bf8626a852723cc38ec9671f0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a9c856d00086dbab8cef68ad52f0232b

    SHA1

    16b84ed3ccd895d13bbed2d1d3d88c734a38c2d7

    SHA256

    10e81140d461c816e7dced298cc905e2df6097da57971d275e9e1be2fdf24404

    SHA512

    578ba9a37c0bb3ef8761cc07f9f4138e6c264874d5b7c2824540f225da18147171f53be176c87610fec9ea189c7828711883367b44e932f0de7cfe74c06fbc47

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d0dfb5d46df04ce3d8fe2760551ba415

    SHA1

    5459fcb00547455b0f6fb6acef043ab3858349c5

    SHA256

    b1a344d8d27992a9f0780566b96ec7b50c6a2d447983cc844a892542519f0696

    SHA512

    8a0de1a47b5435f9143d397190fdb43f1a8042755ace43014a469a513f68d50207529061478295abc8fd89abcf590b9f3d1201c41fb1e0eed16c697f4489e4e6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e3a09dd7c7bc785f0b571e6a436e8fec

    SHA1

    388dae3d94f5183c19bb3c9c8e3a5bbe46e37fcf

    SHA256

    8f80d1b5c4f5565f5cc3714278cddfdfdeb4df4a482c4d9648bf7907f64011fc

    SHA512

    4c9ef8817ff28edf25b4b691c565c6a4fc0d966f0098839b933c946ece3e3821dabad16982061d1a77a0ffc20771d456721d821dab4ee903b931f609f4269675

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    de1f7642deeee270eb625085c55df7ef

    SHA1

    7d9b200fb42ceb0a0ef22971613c4d2dfbf8f04c

    SHA256

    4f0f1f9f3684989a159a4f2eec7a4247217c6f3bf10d65c0968d782bf2ec2527

    SHA512

    2f6454c856867fd9c6d2ad6612d1bfb5966cc1161d0d778ee2a63885425cb6a3ebe015b75d0f0f89241099a9850987911892fbe30bf9054fab387226818ec4fa

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1889192f24b3c105ed0368aba41f2aa1

    SHA1

    0be9f83d822e9d5b3efa794a87a17a46387a0450

    SHA256

    303747a6f607fed2a543f7a50620e06c633ac29fb93d6c5856034ac9aab9eabc

    SHA512

    f3da5cfcf6cd29467635d4285c04036e3854d3b98c1c7c66396e3f78ed19205b17e05d1b5d71d7c185c754abd15e8edd4d026fdaf1ad0326dd997d077e5cf00c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6e919410b57062604485b3aa8c3299f7

    SHA1

    f31785257d3e594288e7e5b0df9eb3d281e66cdb

    SHA256

    27c5fed99e16bfe95167427891a801258ce6c968372a39ae4304d71a3f57f7d5

    SHA512

    3f08e464962659f5a63cdd0032edc4ace17ba2c1950bf513bc7d12de4b7d12531323e68507fa81ecd207291fa9077410896395aa9ca3437909b32363760837a2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6a881b0f686685900f72ae6fd3c35308

    SHA1

    0665b2f2f64c216a0bcb9ddb6002373514d72bdc

    SHA256

    279c7fdc256f0c92b53e6a180f43b163a528a0af559d304f93d1ec4ef57f836f

    SHA512

    cd742ba642c1de98bc7dde460566574651de91c0b845b292c408a438fa8132d6aff2d59340459cdd4ecbbc018d3fdd4799a531183d03048a24c02473ad982a85

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6e2a709d1d4603ac0a5116a877ec48b8

    SHA1

    3e5574599b96cadc73589d890016472af1919738

    SHA256

    128981ca5168c063638f2881abd4917933e90c0c20291920a766b849bcceb53c

    SHA512

    48a67295dc8e7602ffb30cd0c92cd8f9756aacc48f8bca2ebecb5f8c91f5ce9780bfd186c84e17337937d0d0ab700987d4cad0768d973f39f3aeb7f200b801fc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    869c422f130d5630c5449e92ce94090d

    SHA1

    b6a47578e4452f4b387c7f59ec7461fa6c8fd15e

    SHA256

    dbdabb976a46071ae3337b5f330558438d26bb1b478db47d7b535c5afb8f62a8

    SHA512

    a3c2f47014f4314f034e3a7f16f62686bee92b6574b0428ef2ee96b9211d31edb4266e113a078ef46a2c35d280fbaacaa5cda71857882feb39ce4c609850353d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    75d0ee672218d38180a2080e6d8b2da2

    SHA1

    12625f937bfb4904363b3f6ee2909843e22fa616

    SHA256

    38627b31dcb0ba7c61607fa72e5d2649c83c3642b6636b550557c3490548166d

    SHA512

    ff99fad636531c4e5b272484eeb377fb76706cf2101c2cc053bae33ed8d06bec6efc2dde55e992269b8de0a83800bd142eee562a0a2d57b449e811deff6c7bca

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d2e18ad54f300af9423f89ca65f3e9dd

    SHA1

    94196090ab4412630b8f5424f6440233269ee0ea

    SHA256

    9751ef634e95535f61b23f1a3f03bc46f2e230f639aa0a8276bd8631fc552186

    SHA512

    99f7c2a33df237bce5f6da1c11af61472995344395782f0d284aeba041ca9449f8e4d78559c4514df8c6fb8a000fa6bf402b2eeb6dc35c558ac3b923d4900cfb

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabEA13.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarEAD2.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • \Windows\SysWOW64\Windefend.exe
    Filesize

    212KB

    MD5

    3403a0c3345058015376d6524b18960d

    SHA1

    6fa9c77c728cf49537073a296c7ede99b21468dc

    SHA256

    a8f967595964488d647c04187e54bfaa4998b040f34c7d20bf2b4f851428de80

    SHA512

    56a9e75cc7433c304a6bef691ab798dbeeb9a7b16a03323efef31a8493e1e24dc33157215f62c3679f941f6bebd1fe24a3b49d2b5208065046ffd2f6624848b4

    Download Submit

  • memory/1896-32-0x0000000000400000-0x0000000000417000-memory.dmp

    Filesize

    92KB

    Download

  • memory/1896-2-0x0000000000400000-0x0000000000417000-memory.dmp

    Filesize

    92KB

    Download

  • memory/1896-12-0x0000000000400000-0x0000000000417000-memory.dmp

    Filesize

    92KB

    Download

  • memory/1896-14-0x0000000000400000-0x0000000000417000-memory.dmp

    Filesize

    92KB

    Download

  • memory/1896-10-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1896-6-0x0000000000400000-0x0000000000417000-memory.dmp

    Filesize

    92KB

    Download

  • memory/1896-4-0x0000000000400000-0x0000000000417000-memory.dmp

    Filesize

    92KB

    Download

  • memory/2384-23-0x0000000000400000-0x0000000000424000-memory.dmp

    Filesize

    144KB

    Download

  • memory/2384-29-0x0000000000400000-0x0000000000424000-memory.dmp

    Filesize

    144KB

    Download

  • memory/2384-31-0x0000000000400000-0x0000000000424000-memory.dmp

    Filesize

    144KB

    Download

  • memory/2384-27-0x0000000000400000-0x0000000000424000-memory.dmp

    Filesize

    144KB

    Download

  • memory/2384-17-0x0000000000400000-0x0000000000424000-memory.dmp

    Filesize

    144KB

    Download

  • memory/2384-21-0x0000000000400000-0x0000000000424000-memory.dmp

    Filesize

    144KB

    Download

  • memory/2384-19-0x0000000000400000-0x0000000000424000-memory.dmp

    Filesize

    144KB

    Download

  • memory/2708-78-0x0000000000400000-0x0000000000417000-memory.dmp

    Filesize

    92KB

    Download

  • memory/2832-80-0x0000000000400000-0x0000000000424000-memory.dmp

    Filesize

    144KB

    Download

  • memory/2832-81-0x0000000000400000-0x0000000000424000-memory.dmp

    Filesize

    144KB

    Download