Overview

overview

7

Static

static

3

3886fa24ea...18.exe

windows7-x64

7

3886fa24ea...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    138s
  • max time network
    144s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    11/07/2024, 09:15

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    3886fa24ea560416b1879d5946933c45_JaffaCakes118.exe

  • Size

    38KB

  • MD5

    3886fa24ea560416b1879d5946933c45

  • SHA1

    20ce54eff2bb4ff7ec97e8094fb6dafe924c23f8

  • SHA256

    330503a026da27d620b984473e27066e75d96eace457bf8e19b9494f6f4db943

  • SHA512

    ef67d37ea9ff1b84ed009e1a7b5b163e9d4ee30cbbe13ff998dca1a4bc79f06476ebe5bd6c79311da699a094253e46cf64025dd19148b3c285748d117e379924

  • SSDEEP

    768:Xdv35QvxjJdb2aOQHCSS+trovksKqtVHq15vMDJL/fVWwTDmM1jyOI4toKS/c4EJ:tf5QpXqaOQHCSS+troMpqtVHq1e7VNTH

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 4 IoCs
  • Loads dropped DLL 6 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in Program Files directory 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 38 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 27 IoCs
  • Suspicious use of AdjustPrivilegeToken 5 IoCs
  • Suspicious use of FindShellTrayWindow 3 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Suspicious use of WriteProcessMemory 24 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3886fa24ea560416b1879d5946933c45_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\3886fa24ea560416b1879d5946933c45_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Drops file in Program Files directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2092
    • C:\program files (x86)\adobe\acrotray.exe
      "C:\program files (x86)\adobe\acrotray.exe" C:\Users\Admin\AppData\Local\Temp\3886fa24ea560416b1879d5946933c45_JaffaCakes118.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2864
      • C:\program files (x86)\adobe\acrotray.exe
        "C:\program files (x86)\adobe\acrotray.exe" C:\program files (x86)\adobe\acrotray.exe" C:\Users\Admin\AppData\Local\Temp\3886fa24ea560416b1879d5946933c45_JaffaCakes118.exe"
        3⤵
        • Executes dropped EXE
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:2948
      • C:\program files (x86)\adobe\acrotray .exe
        "C:\program files (x86)\adobe\acrotray .exe" C:\program files (x86)\adobe\acrotray.exe" C:\Users\Admin\AppData\Local\Temp\3886fa24ea560416b1879d5946933c45_JaffaCakes118.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:1788
        • C:\program files (x86)\adobe\acrotray .exe
          "C:\program files (x86)\adobe\acrotray .exe" C:\program files (x86)\adobe\acrotray .exe" C:\program files (x86)\adobe\acrotray.exe" C:\Users\Admin\AppData\Local\Temp\3886fa24ea560416b1879d5946933c45_JaffaCakes118.exe"
          4⤵
          • Executes dropped EXE
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of AdjustPrivilegeToken
          PID:576
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2252
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2252 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2768
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2252 CREDAT:1979402 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2440

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Program Files (x86)\Adobe\acrotray.exe
          Filesize

          67KB

          MD5

          a9d51291a5eb07c2ce4425a58b95476b

          SHA1

          07a3376e9bbb17ad44e1a4dee0bd4b6438201a3a

          SHA256

          6fa2c9217cb474be23027d3cd469719d386b9ebbb4f1b6dd24fc0c97f089727e

          SHA512

          2b2d9a62478f7bef301dfe801631998768bd604f38dc8de64140b150bb74c03ac98c17408524915f0cd0fa87149b24cdea480a5281e8e51222b464792084eed4

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          304B

          MD5

          400c85e24c925f612d176daf2d5dbf10

          SHA1

          ab7e661534c1f3a1495b262820fc172e05436b49

          SHA256

          120bb53e9de55e179db206e5977cbef050102e2726d7948f918df0cdba9aa2bf

          SHA512

          61249fbd6f767e54a49066feb69877a293111aac6e2608040b89d35cee0e0f449d897f0ab1348ffa976e55f79cb79cc1f69ffb27dffc8b83ef0d63910b70668c

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          304B

          MD5

          5e8277c75158ff5cf8e411d933c8d70a

          SHA1

          9e4909235a83ef9cc20241afe0d2a834b06bcbfb

          SHA256

          68adbea7d16de430849aa99be1ce2677abb6f4f5e873fa7d9d69abc2ecf7f4fa

          SHA512

          f93ce4a966e91869ab088dd69f9f440cf929e5fc463352ea1b372785c19e68c5e08500e4f928705c752717db2f2bb3e7d79339585504ca45a509577211a80c0e

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          304B

          MD5

          76fee441ca6fdb02956fc251d1d7cbe9

          SHA1

          5016ff2072305cf0f5f57ca4e068ec0ab72089ef

          SHA256

          0342f8210a8308a5e4f981b3f71d21a2fc74564ed4955c09186ffb94cc7974da

          SHA512

          e14947ec520b0a4e49c0e8915a03d3b8cdc5678c8380fab7507b6e31b5d931da09fad45834c16762120eb04723c01939815b7f825fcda82fa63687615b56af70

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          304B

          MD5

          616e22016b773c9ee693f92406935b37

          SHA1

          4a8fb45a1b20eca6987745fc8c100cb52634d836

          SHA256

          9775973202f6d48ff486d41773f93c6383a4e35581619969817cfb352904b2a5

          SHA512

          b9a2fa2e3230be187009f3d2c31a0bda56596ccfc3fec7ca6eb09194875801ebe5491d9550fdad293b5b4c4593a3b236a205c6c7c389854cc5d25e6570caa7c4

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          304B

          MD5

          058f255697322625e680e988a7a13a36

          SHA1

          03a9b59a9f0f7cf71fe4699c5c331bbbc62dd404

          SHA256

          0afd2f8d6cf74a1e90923ac976228de4260b2aa3035f5f7370868e533d088530

          SHA512

          d91830e92149b69d9feb15ed28742ee04888ca06255635a356204d89dfdd4cff593210a5113415421ed6a8281812c7f2758dc70b3ccd84799e944a5379694ce8

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          304B

          MD5

          a8119339b9c5ac7ca148ce988dc60df3

          SHA1

          0286256f37103f27c04cbd47c80e3461aacb2b2a

          SHA256

          1e1ccb7cd939e6985a594fcddf18eb2dadb97fbe78b1524d8ddd5a974cfe98fb

          SHA512

          b18fd94e1517c7fe548b818db86b5e1c257652498357243cb9cc9c82b508b0d800022e4cf91f3d9e5145a31633d4136bfce90ac6eef1422d13340c19ab95c52a

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          304B

          MD5

          def35adab32588ef483e31b68d2dd34b

          SHA1

          9bc423a7dcf463c8d9431f0300712e6cf516de37

          SHA256

          3cfb0664054b3eb1e59222805fc70f830e226ef3957e82d39b578d0507eb6af2

          SHA512

          b4981f57f9f239863dd441d86f56215fe7144b5d013a38a84fb48b4d322172204505b7d30a8cc6dc0e35d278f8b6f1645ab7ae74c4f3f90d20d8800b54fcb9f2

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          304B

          MD5

          98bf3393245186a8ca8084845ade649f

          SHA1

          f4f4fd633ffe200c6491e50856654e6718dc0329

          SHA256

          cae105dd4992a494263a68047cc8bb3687519045da9d286ff318a99eb64edf5c

          SHA512

          ee66a41bbeb0078635f1ada86cf83e937184ea2e821387fcfab3da8abedb4d116000dc48460c2ccb6c470b7bd19a8c66345e9e1c94f6937a42733b0c785b3181

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          304B

          MD5

          2696b19ee7a86280e38e1bb8fb3275ea

          SHA1

          97587a0c6313839c106560873c93e9bd6270ab17

          SHA256

          ac759b3470914e909c9d291d6ff14f8de0498a6102b04aa98f9d286db886f4d4

          SHA512

          cd22ee76f8fae49dd3d51124cc21b5f7fb4df3705097feb8e523610640fd8a25c8f93717acd7ed128c8a26d905c4f2e45448fc72394e2d80211f803430532f9d

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          304B

          MD5

          2e187596b2246287e2c06d7cdf9629d0

          SHA1

          67fd3262a6b8e1a809ea33dc8441f27109ecb3b0

          SHA256

          3e1d3d592362e5bb9324e7ba80e6a2b537755b69b802ab63a72902544d89c49f

          SHA512

          1793709d80fa2ec6738d76293a562489b4726473645835ebf99f422db8627a6ef83c2ba8e9a18dd065df6066c37faecf1c1f446321e5a468c6579b4b4d0ad7c7

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          304B

          MD5

          68a459538fcb63b009994ae76758de69

          SHA1

          92618f53bdd5c909720f6792b26ca2460c096c59

          SHA256

          f8c3925777c8f05b26e915f90c8293616432a03dc40f4e78be0c7f5cce8d4b73

          SHA512

          7439425989560f1a378cf46d326da0ae43fdfbe595938be4e2e763cb0a4ae2504076438ab953c38cabf24dc2bd56ae7641527dceca0fda064434558a0f4acbe3

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          304B

          MD5

          17d958441ec3adfdcef4a24dc0e45b95

          SHA1

          84ae55d05f8dc97daabc9f975030d2368257b9b8

          SHA256

          cd8827cd55054a2b58327d99784456629af7409b3a13f211187a4de2f278264b

          SHA512

          83e2e86cfbe8de168aa52abf7e7a9f5ff1d7d037ff0d7c11773c2f69e49167ca660a96038c202f19efc02edab442bfc5b0105cde6f937e6e2a02f6c7a16c3ccc

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          304B

          MD5

          65638595e79a4d54c9499cf9d64821b3

          SHA1

          ac86402593e5f1d66e343b9081974a9f7a764201

          SHA256

          813ab0a25f7c33e94903a822751fd87b68e34d8d1b060982552e51b2be517d79

          SHA512

          0b384687f7e5009e1981f815e0ae963f288880ccf5c369c76fb63e18f3898c83c01ba14840feacd7c1fdff778e5cda7debf6a0d3e3b2df67e3e62960c4ccb3ef

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          304B

          MD5

          32c12649edcf8c444bcda6aac6008b8f

          SHA1

          a354830c7ce907dd071e53d1747509fe1f683432

          SHA256

          172b568b5dbd010cc4e53ed2078e27f20d77dfb65c6370b3c713eed57182c1ec

          SHA512

          12132938837bcb2a07beffff66e62869cd1167fbb5d083c9003fdcc431cbc491d0e5bb90395be3af74950daf092d76abeb0de374c0659434213464f3817d6d96

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          304B

          MD5

          a32ef9193381081bb96e0edb16a12f13

          SHA1

          0bd2a9301375a88af300ec41efc86ecc8246ab32

          SHA256

          31520162ab9ee1a3cc0785554457dc25b7ba4e9ddd7f0a24a59b9cb2eacffa42

          SHA512

          a09df672e07cf84b7dce8ff033cccdfee7c8a45a3364c983d5455cc490e5d792b9510c9e0dc3f7d86af5faf30cfe7f84528324b2a967c4e744f6d5df9d8c1ba2

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          304B

          MD5

          30b3b1642ca67e0b469edd139f52e950

          SHA1

          1b4d54594c3e86c3a78884546e3fe4d3f33e642e

          SHA256

          6b141a13f7203426de957db4ef865d7c1dedb2659ae0260bf006ecd84c6ee7a1

          SHA512

          cc5a2d2efa2c1ebfd5c7111cb83ee73c7d42ee812a183a66e1e69cf7b3ce336a2431f3da861bdf757172b21c8607cc19153bef2caa9a9fd63be683b6769b312a

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          304B

          MD5

          d8c4908580e16ec77220a95197704846

          SHA1

          77dd63c2b0fa4c4a8be2bfc20f007a34e9897a74

          SHA256

          16b936ffe8f27cd914f40b9d88361b17673afb4482c5d2da48d326ed64446f7c

          SHA512

          ff1cf2ff33b27ccf6f8381f9697fff85d759c04257c03172caf46b6c9cebe0536aba04dc07e6f35f75043d3e4c977f4f02ed206b7c471fd2fa9e69df9bf659b3

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          304B

          MD5

          508d849df0f19471073e5e7b9ee54f61

          SHA1

          8697d004e3a1ce8d3bf89b84fa7fc9ef06391832

          SHA256

          557fa482bcb54ea1d840136b113368d94110964abaa875f699bb5b1d36f9df94

          SHA512

          e56e71655b102697b8960cc6d5530a5b14425de384c908f10ee816b43b0c0a2607aaf4d85ec72e8b4e96992e2e091f900f28a7401d55f1aef9f7a6241cf69c41

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          304B

          MD5

          c90187acfe0b856e737b9ab1d9084448

          SHA1

          c79881fd417d27643deece953e0ac629f772eb60

          SHA256

          7e9f646ad5c9dd32fcf1184a441f29c757804493836aa3e79534cd5e17cf97a8

          SHA512

          ce6f7804129f030ebd1e8a9c2c6e8956e1e0e3fa0fb64fce0c251a5c92ccafd3e056eebf7b0f963b6f0ec2fb6b43e1c7c453853168354f2123483c4172ec0ef7

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\CabD388.tmp
          Filesize

          70KB

          MD5

          49aebf8cbd62d92ac215b2923fb1b9f5

          SHA1

          1723be06719828dda65ad804298d0431f6aff976

          SHA256

          b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

          SHA512

          bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\TarD427.tmp
          Filesize

          181KB

          MD5

          4ea6026cf93ec6338144661bf1202cd1

          SHA1

          a1dec9044f750ad887935a01430bf49322fbdcb7

          SHA256

          8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

          SHA512

          6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

          Download Submit

        • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\K6U9K2S54N7DUIPG1IK6.temp
          Filesize

          3KB

          MD5

          c9929930589f3fe226f2e8fef6c1ba74

          SHA1

          aeab1b7069277849d2a617597939edcbd9dd6b6c

          SHA256

          88f93b5fed250d8399bcf50b1e9dd918bfd5a9792956b62a40d0c3f9840ae6c4

          SHA512

          c2b1a9ee5eb9fdff32f94bf994394efcc31dc06ffb8b17468b5adeb003a53045dca725a02ecb14c144da4f0472643d4f8cf43dbe41a45a59790e3d17db3a2f8d

          Download Submit

        • C:\program files (x86)\adobe\acrotray .exe
          Filesize

          74KB

          MD5

          f2d38b39d490163b8abb6bdc59ebec0c

          SHA1

          6a0c382a5e1f9bcad4b0a911ffe5399da235d189

          SHA256

          24622b319bbef11cd222bc0c4b663e2ed82dedd7c4f18d8df1e6ae2221aecd34

          SHA512

          449f01de8614ed0724b02e838c2758ee4eb6ac42932e173f112aac4e55cf598b8398375e077c364565e80531256ea2ad6686990236b5612b3311b0f01b0c4772

          Download Submit

        • memory/2092-16-0x0000000002CC0000-0x0000000002CC2000-memory.dmp

          Filesize

          8KB

          Download

        • memory/2092-0-0x0000000010000000-0x0000000010010000-memory.dmp

          Filesize

          64KB

          Download