Analysis

  • max time kernel
    148s
  • max time network
    152s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    10/07/2024, 17:24

General

  • Target

    35ad498e861bc9915c913afe95581893_JaffaCakes118.exe

  • Size

    39KB

  • MD5

    35ad498e861bc9915c913afe95581893

  • SHA1

    8246710dbf2269849085d64975b93b7cebb052ad

  • SHA256

    4bd0481b30a08488f7982054838066c5e36e2b424bd86b04f8ab6cebece7a7c4

  • SHA512

    b5318b1c64817b9c317180899a06a79975b46c3e9f78d446e6de0253a48ccc6f7bbc02877660a6c67b8c29be8bfb65b0e1086e02bdd2e5ec4ee8e524c1777cc6

  • SSDEEP

    768:+CpqFQuwiL+9WiMOr6Cr9uoYmiwqRn82m1zJT4Lt23hxruSj8x:ZpqFQ+HJOrEoimK8xxiSQx

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\35ad498e861bc9915c913afe95581893_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\35ad498e861bc9915c913afe95581893_JaffaCakes118.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2372
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://br.youtube.com/watch?v=FGoGb1aYpbc
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1832
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1832 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1684

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          04a679b3533f0b986f0b1ab33f066e04

          SHA1

          f20be2d54f0ead9c61d8aab5becf1c766f962472

          SHA256

          ba7c492495f42b221a2a32a3d2aeea767784a9c60daeb0f806350abc8111f865

          SHA512

          73a365ac1385662c0af40eefe167163fe78e4ac951b80225e67e909d183f98289f5c585524742b6040e7cdc5361123606c8dad2cc649f1260006ddca9aba1ef5

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          a041497ff577bb5d847e5e42667c5d2d

          SHA1

          4e671270a745ec0783a0cb476ee64923ae23d1a0

          SHA256

          e467a8f7d4e381ea3d17ff0a8a7c4f597b81609ec3d58229e64b3beb14dbdfc2

          SHA512

          64b736dc228c5c65c4cfb8890c79545e3a031bc3c59f308142c5d5f82f5efc39f6c16f7ea98ca26a6f6f6d4d0be294e5a288e27ee26576e978b0b853c17d5969

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          2f5e7384a854b9a918f7f50168fead6a

          SHA1

          3e8e98730c49c7e40fbf840baa18bed1ec85eba8

          SHA256

          cb11ccaa137488cef73e026d55a8c8a02dff7eaf6e85ea504e52f3c5d99efd01

          SHA512

          72d41562304a51b2c4bfeb2114035efba3e94c5513b2e177a50cf8b445f8c67c3d0c265311ccc216651f96bba3cdca57dc5e52556d6b7b4aa48aeb7e455fdb06

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          66614537becc5eb341476b32c73856f9

          SHA1

          d7cd134cf1ccd008a5773057b9ab478894bb802e

          SHA256

          5893dda06a11d07eccd39befe87193bce294f5d12cc145afbb08f2793e86d8f0

          SHA512

          6b383672299b255c5841f69640db33ed4de932688d799e822d18881cffe844a86d5bea9f0b5fa0b13e0944926d651c7a3fcf57e121e8bba3d0c572b01f5cdae3

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          d7d73874ccd31a3edfe5fd61371a3fcd

          SHA1

          18bb9436e3f705069e71672509a884a0e1eb68af

          SHA256

          afeb7efe76c6c710dffd27a7844efc5bb0f0bd852501f464a5e4d14da6219cb2

          SHA512

          9b5868f5296b14df98015291d58cbc40fdfa9d3ffc8b866db2d7fda34859d8e2cc78625f58c9c4cf5eb56f315342631a70a84f4fc0e66b70b79b072aa19c613a

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          1258efe40ba76f902f0f0215ac172605

          SHA1

          d56d1669a6f4c7a52146ede24fac30e25a8a3f8e

          SHA256

          ae2e2c9f518c2810ee439fc30a98ac8c1b761ba5b5e1bb5928c2063c74c00e4a

          SHA512

          99123d6db802bea1fe1b4a64590f2f4165943f73687974dc8a13ae1dacc358b63515482c8eff268c21f089ed2cd0aa3d2a2c906b60d95cf8aaf62df691a7e874

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          6804156e8deb781e0f019d593177fe38

          SHA1

          59233a290174ec001c3911ec41fa1f562f2920dc

          SHA256

          bcd16d6adf1881db21a087372555d18db11021c05a58eff9b5761fae63018872

          SHA512

          1fa306a5c459fb6a54d2f1d24c882b067d0b8dcdacb2a0b5d03c703ee5ae0fb46bc2e6a0f9a12101f5fa186c9daac144c323f3e5afe9fc5f9aee9c4917adbaff

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          e5d1f67ec330147dbea922170d0cd2f8

          SHA1

          940deb79d2dcec58a657c0d42af968ae2a658c88

          SHA256

          1501adf494e03574821cb8c2c83df2e676bc143bec9da71cbb38030e6ac17b2e

          SHA512

          5a595737482d573b53b343ff451c9b6c786d329bdc43d6e8989665891e70c20e0b76ca5848941a156f0bb738c30cd6336701247ca50eb7b965ab21f80c4bee43

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          8be6136ff17c88546bdd2b0f1fae6469

          SHA1

          e6a158e58ddf4a5078dac663eba870bef8520363

          SHA256

          7f4bb07e8acba76f414d2cf8098ab9deba0b06a5e7c0961dfaad9f0b6c19b4d6

          SHA512

          ccd8ba127fef7508992be8121c10c0825b19aab6dfebc3c11871be73c46a81412e571d43b3e2b8f7d5532a2f9c83a561878dca9ff7e1f7e6eeee7974fdb45c54

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          5f49828ed9b85764049ac3ca5aec4687

          SHA1

          0d874b2454bed002e4216dbbc66dc169326fc0e1

          SHA256

          9ea9adc3723980222340f88c4e4ef78f32c6082444e405396e3391decc71595c

          SHA512

          10e2c5ff2c02591b369742eda2845200f53af0cddd90af1bfcaeb123ca8ffc8e26a0360db097e2c982a94cb519d43b4d5dc8d23e3281d965113bb0a5e7b2b035

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          4509ea762f83c08c444eb87d6f62b3d0

          SHA1

          3819b3ab1a9fbc0a59770ac8cd2047555607fc2b

          SHA256

          d7961a878e3b2f952ed6c08f45289b7352e87792decbff07673f6471bbd0aa36

          SHA512

          0511dcc1a173ef69ce33cf43744571a68cd37c9df40cabe34fb28ca06c3be8f5ce9f3fc47ba36486d640920258909f9bef074d6c69189fd8038e63766a47945e

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          15aef6686f7c4b33445bbd71b14ac6c2

          SHA1

          a06fc3327e0f9dc5c14ceca8efc52358ffb43043

          SHA256

          9d685ae0a2c757a537f6f0ffcf78d3e5c62bd1037ce97d8798a9359ffe1e4047

          SHA512

          b5293cc14961f5651fb0cde3ff9fb727d275424d59442a1868f591972f48cb272bbf003407cc85f44df74357b58d6f41a2b5734f6ec78fe94caf84c77c1f4ded

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          e609166adbf87dafc950ad9dc794befc

          SHA1

          756aec95c354fdf4fadf7688d7f843a79a44aed4

          SHA256

          450887988e1a91dab744a8ea2a206a1bbafbb30f00cc6dc13f42daa9b511929b

          SHA512

          cc8e7be64343d16076fdf5df249f2887a65849c4c9888fa96db6d263c627ac251dbd7d558de360e6036d8adedfd30b0860b70c5dcc8d68be9bb9580b362530ed

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          7cf7c8c2e8b0957f6414432f262fa18f

          SHA1

          b9acc62cdb96093afc1fb3de255d382d5bf5cd1f

          SHA256

          3b6a76513cc5792e854b7e6b82259157415f680b995b1f8e69170d4030ef5f62

          SHA512

          4a584911deae8876c870101add5c07ca2fdccc1922a1164c311a55c9b34bbfefaedb331fbd0a7bd66e4f44674e864497df4c22f3b96fc595173fb26920263d59

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          5c42817cc139642bdccddc311a1fe3f5

          SHA1

          852aae6b5ba12e6bc5794e454ab1b5f7fb25555d

          SHA256

          c4fee05ecfd67a213f87d3f3094519a5ab4ad98a6a1c8ab606cc6bf1db3ba49a

          SHA512

          2b9d6d9e9839368b3795b91d7d0f762b927e58f878bcd92ee5527cf96335a3e9a0a53e497fff72610fcc6edba3051ac54a4f0b5bea27910d9e00de79a7dbe4f1

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          ab60d813c0a06f30fb2075eff9b271d6

          SHA1

          c4ba95de70f9356353b1989bbf2a3b7bedb12696

          SHA256

          74d84ea2551b2bc2e3ed4148f15d8198cb3e6709c1558e26b57bdbc7544813b5

          SHA512

          2612cb3e6ef8cfa78aec91201c8923e166414248bbb572e3d960fed68df3106b3f2eb4366da424babd1bff88d875b908d3b9054b788b36ec2fbfc72d5d1ddf56

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          bf34ca56c629823ce3cf781ad445025d

          SHA1

          16c7e3ed1b8ebc488526170464906a783738c27c

          SHA256

          1098b08c564ffed7d8e24edb8a0df7033be312d901d88614ca42ee4f1f1f1bdc

          SHA512

          6e8f1f91dc830750fafa925bc32135fbfb7031367de4d4229331207a133a5c8de5ae1de77e6bdac221fa4a1cf8a688f297ca65464dd3c2ff1c9c792acb8bfefc

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          af808f4c987187f915e9065c7a9622ca

          SHA1

          a1afae935a3542775d1db7b2b7b1814966f6da91

          SHA256

          57e66b4c2282f801f1765488d679a49ba192fea9bb2118e01f0dfcfdf2d12b4d

          SHA512

          52964afad9eb1b3ca64354468662fdb2bea22c54637e1243b291f5c352404f3629b4b995f86a069e2dca5e64add9f4767bd4e92e230b5addcf23d6819b1a68f0

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          7b7ff86162386760ff910d1bdd76a55b

          SHA1

          c03c41727aea5e808ece011696cfaef2b51c46f0

          SHA256

          823efa793f1b0977f5a8e69f5de5198f48d4f20314a791ca051b1a881e9fa2b0

          SHA512

          d856a487413baab688cef508b75f2ff874b7193be4bcd34b8bc083de6051edb3de69c452a395fb845bf920c596f09ff8b956bf87a9e2a90757c64ee7deb7ed25

        • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\c2sxdb0\imagestore.dat

          Filesize

          1KB

          MD5

          c0ab061dfa10f46647d7cd2f51720301

          SHA1

          71bb09fcbd0abc5660dd45018a49fe222ef74142

          SHA256

          34579277aa3aef18c736125c2b4720a8d4adcba430ab17becc501d450dacaca9

          SHA512

          f42e56a26c135f9bc1eba4b9114aa001242d4b7743ee0a304a3127e9698ce12c33b2b11a32fa912028f0555183479fe2cfd6d5fbd68408e625f1c04d8229dbbe

        • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2UK8J8K8\favicon[1].ico

          Filesize

          1KB

          MD5

          f2a495d85735b9a0ac65deb19c129985

          SHA1

          f2e22853e5da3e1017d5e1e319eeefe4f622e8c8

          SHA256

          8bb1d0fa43a17436d59dd546f6f74c76dc44735def7522c22d8031166db8911d

          SHA512

          6ca6a89de3fa98ca1efcf0b19b8a80420e023f38ed00f4496dc0f821cea23d24fb0992cee58c6d089f093fdefca42b60bb3a0a0b16c97b9862d75b269ae8463b

        • C:\Users\Admin\AppData\Local\Temp\CabD7DA.tmp

          Filesize

          70KB

          MD5

          49aebf8cbd62d92ac215b2923fb1b9f5

          SHA1

          1723be06719828dda65ad804298d0431f6aff976

          SHA256

          b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

          SHA512

          bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

        • C:\Users\Admin\AppData\Local\Temp\TarD7DB.tmp

          Filesize

          181KB

          MD5

          4ea6026cf93ec6338144661bf1202cd1

          SHA1

          a1dec9044f750ad887935a01430bf49322fbdcb7

          SHA256

          8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

          SHA512

          6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

        • memory/2372-496-0x0000000000400000-0x0000000000410000-memory.dmp

          Filesize

          64KB

        • memory/2372-492-0x0000000000400000-0x0000000000410000-memory.dmp

          Filesize

          64KB