Overview

overview

7

Static

static

3

3612cb3391...18.exe

windows7-x64

7

3612cb3391...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    147s
  • max time network
    135s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    10/07/2024, 19:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3612cb3391a5a60abc22b71ef1421c2a_JaffaCakes118.exe

  • Size

    72KB

  • MD5

    3612cb3391a5a60abc22b71ef1421c2a

  • SHA1

    07c1137babb428905da55934a2825185748271bb

  • SHA256

    e0e4e4337a33ff476e135e423187ca53e2f9b50452e31e606aab9dd20a62ab09

  • SHA512

    9a5bca21cfeddde831d8bed124401c2d147986454c0838cf3c37c2aba2e921ab67ac41d9488ef1490cc8182fdf8526268b0eff773aa2db68d9b1c00eee999574

  • SSDEEP

    1536:Yo9Tf0LXEL12dOv+WTeNDiv5chxjhgf5XZ5ufs7pnLK1kM9KzEVE+VkmKijcxBFi:xVf08v+WTeNDiv5chxjhgf5XZ5ufs7p0

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in Program Files directory 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 37 IoCs
    adwarespyware
  • Suspicious use of AdjustPrivilegeToken 8 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3612cb3391a5a60abc22b71ef1421c2a_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\3612cb3391a5a60abc22b71ef1421c2a_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2356
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c copy "C:\Users\Admin\AppData\Local\Temp\3612cb3391a5a60abc22b71ef1421c2a_JaffaCakes118.exe" "C:\Program Files (x86)\Common Files\sysmanager.exe"
      2⤵
      • Drops file in Program Files directory
      PID:2508
    • C:\Program Files (x86)\Common Files\sysmanager.exe
      "C:\Program Files (x86)\Common Files\sysmanager.exe"
      2⤵
      • Executes dropped EXE
      • Drops file in Program Files directory
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      PID:2340
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3012
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3012 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2592

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\Common Files\sysmanager.exe
    Filesize

    72KB

    MD5

    3612cb3391a5a60abc22b71ef1421c2a

    SHA1

    07c1137babb428905da55934a2825185748271bb

    SHA256

    e0e4e4337a33ff476e135e423187ca53e2f9b50452e31e606aab9dd20a62ab09

    SHA512

    9a5bca21cfeddde831d8bed124401c2d147986454c0838cf3c37c2aba2e921ab67ac41d9488ef1490cc8182fdf8526268b0eff773aa2db68d9b1c00eee999574

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d69c8b2efef4723c8fc6e11f8c58c980

    SHA1

    1b5e444066743427ff5e87963c1365ab92c2c506

    SHA256

    ffe3732e6270dbab639f2fbc39cc9cedffc7de802b8e74dbcfb2388810cbad7f

    SHA512

    d470defe86016a0306a4faca98acfd0e1dfc2f888735ba8a81c365e88223e888eb198e123f8b092cd5d22f627e803ba51516277883eb6e94dd0f71775bd26708

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6e072c48b7e94b5904c98f2e1d960947

    SHA1

    c5599d0d9ee290f024ce71d46595ab9b083f329f

    SHA256

    ac5c8bee4afaad8b96a78807b000a3726bd5c5629b1f587ed5925b1fc6508395

    SHA512

    80c0ebec561e7dd6be6842800f483f899c396d750422baffe16e4ee65b404f3110e318c93f1877bc6b7eebd57c9f9cee049b893c3e50a839137b13072556875e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5bce12ce8c7d3ef8400633bbe8de527e

    SHA1

    7ba926699959fb868c0978340b51b790ed22a9fe

    SHA256

    dd36ce16eea520c5286ac2b2485daf14f8a93213c18e2736cee86a523355bfc6

    SHA512

    fd2a27bff8c0c8768a9062d917ba6be84d6445a96eb636223bb6487d5224f5c3aea9fcaa165a4504705cebf0eb9cde385a4bf4842bf88effc60e484a0e706e18

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7ce84b1306517b52c1cf44991782deba

    SHA1

    c2335880947e50e6905daf60c2768a92cec01298

    SHA256

    9b904149fb8dbb19fda9675a5242ca759ce9bbe95676087294334819d9853734

    SHA512

    130525b73b1b3ed8f95e418a71c9ec1c2fae5bc4fbe0f3f057e8636ba41785a3e9a3951d845361409504289a77d7e837ae01f7d0786ba380b4455512d57b71f2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b60b529e550cfc1e6b16f77c2bcadf6b

    SHA1

    2706508abebc7b47651b92308ce417d039f5be30

    SHA256

    ccfc953226e7fbd462c4319427930722ba30dc458f5a76f5cc6b9076c7ebd846

    SHA512

    cf70bdd0e185dd8005f6c209ae20da754192eec345794fd7e45e16271b14944c4d5aedad86279b46c7ef856d25caf86698239fe22aa682b95e5cc94a8bec6424

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2f357606165f11bb21951505670dd5ae

    SHA1

    ff677c14acd94bf9ddd0181f6a712f94ae8080da

    SHA256

    833fa6416db2d77042c49e30210b044f697870596f0f33f4a2cd3402f89943e8

    SHA512

    3eae5cdc36578a99070068ad32bfb19719b3b3133b674ed16c8e40da08454405c780f1c2a4ecce8b87be150626e3c160b40dcf9db65e403031b9f560e69f2535

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    075c0ed57646156b19d3ab97d958a34d

    SHA1

    86b4fbf00a81bcb877bee680a1694ea5e1307e55

    SHA256

    8e7c8febb4abdefaed0b3b5bee0ba3d72b66ab2db548308c79d4e5e2b1858ee7

    SHA512

    c11b9ebb941643d714ccdac032b827159abcfaae62092de7b55d7d084b18233beea367e8f487e883fe67b2075a89a06006dc2d69828d14106c02c4fcdb42f44c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    099721264a5e27c49da1c1100558f357

    SHA1

    2c89dce1ef5d63e70584c2182d11ee0b2bbcc7d3

    SHA256

    6891560d8847649f839857b891d238618fc14a4c7b7598d71098e1b21180f6a2

    SHA512

    5a2a7f52be8d9ae6d47a182ef45db79a808dc3b53b587b8dd687863bcf12e449c23b3cda7e95f1352d65d7863a70525c79df5850d93861d4286f34f934f5a995

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    882f106ec153ad20393c746297894aae

    SHA1

    55f7dd1e26a9c262e791306d6aa9a700f34938d2

    SHA256

    836976e1d214a3a452f7fcfcf507cc5ec372b0172d9d966dcd19a16625dcb3dd

    SHA512

    23a205c3b9bbfb0277c68901e68640c410f65b8970d28d3da35b624131043b06d0a18ffbd898b09a88936b17c0ac1e960c3841305ec40a9f48b23c98fae19d98

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c72c71be2adf20685037363cdc023412

    SHA1

    c91bba32c2472c7373fd2f94a3d5f1bbdc49f7d6

    SHA256

    13df2db294d37b7d91894cbff97bd201adb54281105ecc2075110fb715d17352

    SHA512

    0055a7542bce0035a3069b48ba46c28e1ba67daa885b6ca346e964106d3f2de7a74805e2f48c0e7401fc874388c1018a8b5d585ca5ee61826befde3c863bf4a5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8e579f694fc5f5288b9102aac8bac006

    SHA1

    430ce9399fa32d3c2096c55ac6b79419bbea19e2

    SHA256

    09fbb6ca9b36ff14865ba05434e3b67aaef83840286599f334e6af2cf01158b9

    SHA512

    a6d06bda44df9c6f566b0387ba361bf92e43d342692f36f6af662d19433cd32ab52040cfb9fc8e849845187d50929c133191da07ed45d7202cad288f182af944

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    60e6d4f95e1bc03d683647cf62080a5f

    SHA1

    710653fbdbb37b2603065aa868fab9d6d4b15003

    SHA256

    c7fbef5d4a27cd8b443d75cb18813b8e6580238e47d938d544021fe5077a682b

    SHA512

    6a8d4a3724bc8c0c5f930028a3004d92f7282456393ed5980c8db583dbef7093b5ce558ad14a5038a6235b31f5e3c70d1ccc720bb2e60544757cac92ae3399dd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e97be4f927a51800a3eb247ce1c7a54b

    SHA1

    8361d7e8be5181654056dec01170aff38e37c12f

    SHA256

    2f6092befb9fec9dfa93f7ed7b1e1ae166a072a32e362007c47c426eb4ece795

    SHA512

    cb7397029726112ec9947cedbde99ea6a45150433ce4be2a2784cab1212b6e1236aa277437fa91e5ccb6f9b4c6b1c7115ee23a9b0a9e416d1c5dc9102cc95e0b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    dcfa1b1aac64014be13e2c16dd002853

    SHA1

    1ae5c4b9ba6a7af91b23ab9b4cc3abf575464853

    SHA256

    366fced12a8fb2234d6580bdb596ad8bf88a4b2f6475c991356db8ca9b1a9f16

    SHA512

    1ce3861cf72644dd062fbc198fee494b7032cc8b09d76620bc51258500676d38c9d65effb24a077ead4b2ad43fd8722f65e1f846240d8690b60a77bd47e6f6a5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f8133b5748cd6c743ee7d8173ff065c8

    SHA1

    7a3c8147fa4380399ab3203ebd2d226b0ad6215c

    SHA256

    4278afe09feec72cf61f2e48f0217257bfa64697d6fea4a55c2e739fe4694ec1

    SHA512

    88f441bf5e28dae7a4d799be1fefd21da167f300232711375b9aeb0305983867aed918b2a93b07aeead63dabae70187ecddb484621a31e1f78de79346d811543

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7339ecf123fe1046fe55a5bda869fab1

    SHA1

    63708b090cbfe616dbc2ff7537b12579249a730e

    SHA256

    b7f956c5214fa860515bd4fe7413565f1570ef51f3406d95b7ceb7807b38f121

    SHA512

    4950903b48c6ce76337da654f3515068438a5f0ff6a41ec0bf1f5a3173637f5a2a8ee01fef9f8669ae1d5d9b9e4215a5d61854b8715a8d42367eec7244ea2076

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8c98318ff08d59f1c86f3f445292d84d

    SHA1

    e0a7e35dd8d3c0e4df32adca44db9b18607d46df

    SHA256

    1c31604df6f04c10b291673eca856a9b98b1d2d87d480fcbcd10af600086532d

    SHA512

    111d0fef66c1381005b9d15fe9697940d30028d7885adcc54e4dfa3b8ab0ecabcfc5c00d68a88c04509e9b1f1cde496055bc54e751f4514a68c048fa72501469

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b387680b8c783c0a2877e87c62a73bcb

    SHA1

    1e86a8e4a302feae7a3904f6a6aa7408387b5054

    SHA256

    ac5f31d759424bcd459601b0dfc294ab084fba3b09f959568ec0412d1d6089c1

    SHA512

    e2c834ef943398b1831d28bb6bb8ba9adaa086ee1104217b7cbe9486fb90966a591f9f6b2c1cd8532e74fe40daf535346d083ffb57d1a40d28877e568c8b6207

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fab14e0fb910af4eb2c0592e50f4031d

    SHA1

    82d26b35f94eabdf395074ac957f8c0caed01596

    SHA256

    cb839b68127dc50822d4f8a9a1b34e797066f1e11e6e89712848550710430a1a

    SHA512

    03355cb59c9144fdf0036afadc9f877a10b484b95ac3299aed3a8b96ea7f720a8e90a76b4ea753f3cfaa5795f52f2e38ca4dd9056795082ec585bbc9a0dfa666

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    99902b9ca3c3b17231657b024ff412cc

    SHA1

    92fd75502897f3c4f53d1ee2b21a2164c38d99e7

    SHA256

    c431880a2aca1451f3f50c86490edd945a0e3b774f5aa727a67225e088034d34

    SHA512

    be05f62dfb7e3b4b2fd9c37b1932a5fc4b9efbaeb23760f2c9c46b490c976b279cbb988e6a7f0d5ae42d534da2c84ba627813b758bff328af08efc99752155f5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    384fac1a4d83e8b344cdcd20ab223389

    SHA1

    ead3fad85a4ef1251ed779f6eacbfff91c7b539a

    SHA256

    0b607247f7d93d9484133ad7be455a7b297f21ab9aa69988e7f2e0c879c64278

    SHA512

    657231a87d37d3bf71a971c475b345114537ceacfc7ce13a278e755a8368641559d486d46440f329109cd798643918936067b5df15b05d63350e08fc876df830

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\0qn8gcy\imagestore.dat
    Filesize

    1KB

    MD5

    511c4a7db50436256c09d23f19fb4f12

    SHA1

    7a1da040448639d31964b364b82c95345f35f256

    SHA256

    3530e11f0ed5aed7138a686a7cf4567e1599ae321f674f8b1f95a0bab6bbfaf4

    SHA512

    ac5488b89423003da52f65d4044fd4ca83af048b476ec93ba6cb21af25822a6a3455d677dfcb8364a4f0575dc73aeaf3017cc848b76ed69afc4f4a8b99bfb8cd

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\39GEHZPO\favicon[1].ico
    Filesize

    1KB

    MD5

    1f9904377576e2b5198cc280986754e9

    SHA1

    431e1e790cd9069ffdff54610d78d8cf2ce72498

    SHA256

    f2ed81c1878209054769bd1bd5fc439d221f07f9aa3f1a41ce25a4a776978a93

    SHA512

    b5ded494f88ecafb220d891c60356176771f01ab26e871a04ccbe4de374ceceb310edcb5c530711f10744e3bc2b0bbe7f2ba98380ba214cdacf07140ef18e473

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabD8B6.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarD974.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/2340-10-0x0000000000400000-0x0000000000412000-memory.dmp

    Filesize

    72KB

    Download