Analysis

  • max time kernel
    121s
  • max time network
    129s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    11-07-2024 05:18

General

  • Target

    37d746593a647c311f9d0c58d839be15_JaffaCakes118.exe

  • Size

    544KB

  • MD5

    37d746593a647c311f9d0c58d839be15

  • SHA1

    c240267ea9c23970a7ed2591ff6303540aec7d54

  • SHA256

    988acc4e3ba2afb8e5f7bcf98725ae0619ecf29a8da3a2d9d0ac9ac1d8ed8bcb

  • SHA512

    88ed1162b35926222a1b875c35b13c58ddc3661263e111c1a33ab7f703d45d4e4eaf0e8aaa711b33b36aa0b5017e783d7ed48c7860473a59ac77a202472bd349

  • SSDEEP

    12288:75JdR8kMHdnqBedKi70f5V+mzw18tfbldSX1OaBQmfn5Bq:75Jd+nqAoi70f58sTSXJ

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\37d746593a647c311f9d0c58d839be15_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\37d746593a647c311f9d0c58d839be15_JaffaCakes118.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1708
    • C:\Program Files\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://www.baisou123.com/tj.html
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2704
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2704 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2720

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    0f1692eb75e87c3173d610a286ffc2c7

    SHA1

    1e72e75beef99cfb5fccb8323e6d9d57e0df4ad3

    SHA256

    6f9b4f59bcd7c7d12d115e4619a8c67308f6645a3e6746a8c691b950dd89cb11

    SHA512

    89d71ee1a3898051c5a8a61a4c1616aabbcce009dc0aea5a4ffa3b9125358cbab9eaf38b3f27d086193c2e1469950af5d5adda71bbfbd1dbb0c3352f32ef163a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    5caf479c1cb53dd36f96f0d883d31ddd

    SHA1

    b543f9bcfc59bf571706be2b4be3f2813b6d9723

    SHA256

    50e4e5819c550de5a0a1915545a623e85466a317928fbe5450021cbc927a146a

    SHA512

    106a86269ff09e06e34ed436ee51c545feaed346d46d8ff0c133c3ec4a997cdcbfb202809f90a653102520db5681d508793a41afa90e5373a5ef6ee86f3aa254

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    cf2bdb17b5b58a80b754035a6f6aebbc

    SHA1

    7092f5cf6ee07a1c4c3789ca5e2921885d3bd00a

    SHA256

    12aa54dc5bbffe3c58e254199b38ab1b6128ffcf6b388da9078363f7a26de955

    SHA512

    4617f8417d2e67d3b1313a5572e518252ac3910b2932d5f887781f42c71ee6c20713ae878997b64d8928b3c624438739f80884eaebe8ae5423cd362869c59794

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    0bfbe5b9265a3d16ad74bbcf3c3c8b69

    SHA1

    b828894fc4a04d17066382b9e3778883d4aa904f

    SHA256

    6bde87d7cbfc56b64127866757f98847b8cba941d47f062467417fac282ca8ee

    SHA512

    6aa5dac5da0151f00a0ae1c99bd4bcfb60f1f57f2aa89318981de195a9e10e80f12022e900ecc939e7f35169eee124688f15bab29851af7d44b030217a9dac43

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    061c085648acdb8faaee153ebc51ac31

    SHA1

    ab54e233b28033c6fb678781a2f57600b1b20912

    SHA256

    24b930446d57b855a97b6ddb225ee4a53deb5a4dbcf602586050d7c517db469b

    SHA512

    588e85b2b29de9cf29ec29182cf2ea13af6626449c11f5a2ecbbfd9948449fac7c032b83b18d219ea06c04031ca006ed677f595fbe4a567f1f51280650b240c9

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    4a4f3aaff0e4e36882524551bf46ce60

    SHA1

    295c6ad410ae6e6849918e5d68a0c0cb74a431b2

    SHA256

    588cf4443a883b1ca74fbf4c0f614e936f5bb123bca7c0fff7606eee991400f9

    SHA512

    fd846eabbbc5c3926e20cc0525c5575f11cb5f5f74bdf003af9c02f267c734052804cbdce3d152a0d2ae928012603646330b4cb5c0407b35927d561c3ca06d7b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    a240f747d04e755d42c480dc0cda3824

    SHA1

    847b6d5a09eec7b083f80e2f648a0839ff847850

    SHA256

    0e03a45dd1a3053d6c7e56a44967b862f358860aaab9ecbc5ce14f166df15a4a

    SHA512

    74342bbadadaf9a3c3edd04d967ac442598ac17e8a8756bb9b5e3414911d9af6008bdb41b406030d024466c41253010778bbd8487537a8465c64d2b6e26aca70

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    3c2ea50f49db51754780d82a27de8f99

    SHA1

    2ef843393050543f3c7e60573db7b69c8776d488

    SHA256

    5982f2b4210b4bebb4ed3652d27c9c4dabeaa2986f580e22afde6341605d7ef4

    SHA512

    ce243671354e7e118e464369d6f7dd25bd5551166921aaa32774a429b271bf4cc043fed98a4cc8c25e5fdbf5e6ab6d18c27c9f4df4ccdf1fd1faf78abd69563c

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    41f6d73dfd21fd30c53b281287c035c1

    SHA1

    9980761792895a89437dc54c67da4c7166ed6ab9

    SHA256

    fabca7d600a3fa04ef857ac4f01a264956f9c80de010a3040255218fad3d83fc

    SHA512

    21e5ec23a42a6c1be1c794a7a687808c3146973b6f3eb0fa7329d5f80c0c6891d09854f3e7c77889918ecfe53b085117b930fd1ad9d90c8f0136ffd55c5a89c5

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    f97048239969b38ee0d9c82cbbee3e5c

    SHA1

    4ec999d5905bc9e35e0d4fe1cace843738f1554b

    SHA256

    bafe59b91479732d3d7d30d39220400b2d0bef53ce559c5b7a2895da2aa9fd04

    SHA512

    189d09f78b529e999c50f73681ae68f715bde6da4374c1fb77795b882cf48283f7d11eed1b28711565c25cdabe3f78b1602a76916918eed5149bb1ba2f08e221

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    c32386dcad619a06a72cd9087980b700

    SHA1

    c2299d3984d46108172ea8f08495d23c26eafe22

    SHA256

    f057b3e54ce55086e4a1fcc0f860bd159209e82c38cdd71c7a82d2f259483b3d

    SHA512

    59b26c64352bd0f2a3a8da6ecd56822dc01634071f3912e1ab7eeed457123581b2de850f563b512acf92297e54a765d710c985167a27b425eb3e6b065fe23b25

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    f298695bba24631ac75b463e2be3484d

    SHA1

    fb6cfda5a6c3b4629c7cd719bcbe8d282c7edb30

    SHA256

    b5b07a31a61c5cdce7e0c59fa6211ab32deccad0082e338c7e6f3bff55214cb6

    SHA512

    e028af5474cdf9af086f99b1b5916e7e420f227372d49102a4929ec747a7203df937025cd9cc8dd4638ff1bf2d4b43b62e2ec4e06a6fa4bd4294f69e2691c8e4

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    3c9a71d637ca74562a74e06f62f2c5da

    SHA1

    9f2bf38eea2eec30d07940cc455bd5bc16b90c2d

    SHA256

    a8b5bf91030d6652380bb171eb1c434a4faa4a9ae80e54efe870ebab5ae22809

    SHA512

    2f116668bf618be3f418460febc9219a2c9e60aa7b5a20d5630d05cdf4b1bba38c19bb2d1584b8097310a67af90cfa7f2921dce86f5b3530c05e24c52d35b8db

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    7fb66d9b7e12571ccec4a8f76fbaeca1

    SHA1

    20f9939add8f57d80f0a01a8056d48d26ddf062d

    SHA256

    bdf0503a81cac2b29765bc14df1d242f4fe140ef134951e8fab6d2048e71c84e

    SHA512

    bb6e59ce14322c90a4407b8fbbd68b5923d785614c31e181d100e4b0badea71dc203d3d4e7c0773af4ef28066e881a09a3056c3f5d9f2d33db2ad05cb2dedfa1

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    47d2a52831d619cbab94579867ef7bff

    SHA1

    093999a8cf0c72f1a04f696265621d6bc8f2733b

    SHA256

    7a95163806cccd9e11ebab6242504388ce51b7e81554825ed196d89e31ed1295

    SHA512

    d0c27673bbd3ee0075b0f146a4b268ec7ffd084b0025d2fc9c90a0654ef670982595acf874602eaf6f2f7810d732cd1a91b098cee2a07301b6cba583d3c0775b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    9af0748c838f0745e8020a2af162ee0a

    SHA1

    62579798feea89a053f9cd5c8c3b950b368e62fd

    SHA256

    14e2b5b61c53706b6690f03c3163551e7c19f8f063a428ed0efdf0bb3269d02c

    SHA512

    911427e5eed87088c39e51722bab669c4b906efde81dc935aa28e5d8be4699de1a21927bbe9acc2c2326ce0a3e5eff85cf9a6548429c0450ba69c3c85198105e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    a2fd652325ff9e31ec877b12035094dc

    SHA1

    120f6a6df517a8f392db2e66cbbaae242cb85d57

    SHA256

    afcbc20b65b8c1bbb3e1c88192aa4d90a745ea091f4f1309a3b4b8395a653e9c

    SHA512

    63ac3d6f0d5e2a56a98e2e13d1eb2abaa9201926ca4be37a310107fd562fef45ced5029cbf1ec031f32ab9fc03479382b775dedbf64985990ff18e6c4a4ac804

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    f3dd6c3cbfd733407f31550c6529e67a

    SHA1

    7a9cf96182e730c015f1cc728468cae3ce871e08

    SHA256

    e9494823522754320c3461f0610b1dfae2d90fcd7a38f6f05466cf8bd5802857

    SHA512

    2af45f9437ce895a12528e84bf94c8694217990e9180b958f5361e6de720723e4eeb4b7a22974705b74ed738450cef643ef40a11d4b22d59897a508ad36f2288

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    cfc95fe98b211fd61a574b2c23372c0d

    SHA1

    bbc3633f872e92dd7e802caf63f1f03ee508bc37

    SHA256

    456a519230229f523f8d3c8ca863fbe0c4ed9222025c15aff97599529737d028

    SHA512

    3f0442ba634e5ca9c7c7b431cfb2d64e89af6523f1b2a17d19fec05c13944bc4c82de51ff58ce6d0a174a6dd5d2a23652c9b26e18ae891024e931fe6345174af

  • C:\Users\Admin\AppData\Local\Temp\Cab3739.tmp

    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

  • C:\Users\Admin\AppData\Local\Temp\Tar37D8.tmp

    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

  • memory/1708-435-0x0000000000400000-0x0000000000488000-memory.dmp

    Filesize

    544KB

  • memory/1708-0-0x0000000000400000-0x0000000000488000-memory.dmp

    Filesize

    544KB