Overview

overview

7

Static

static

3

3a6fa72965...18.exe

windows7-x64

7

3a6fa72965...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    134s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    11/07/2024, 19:24

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    3a6fa72965a4658867506af0a9e4c997_JaffaCakes118.exe

  • Size

    277KB

  • MD5

    3a6fa72965a4658867506af0a9e4c997

  • SHA1

    50360410222e553121c2563425442ebc5dde28d3

  • SHA256

    5485f28ca73829b395863d65b0be53b32b3105d74cdbd2fd401d7a34bda8b879

  • SHA512

    219d0aa2a6fb21338455dbaacc146d275decf89b3777ca096968294d679a382a67e49401f05cf5d32f0bd21c85234d5fb45483a78899e2582391b0f446b7cfc0

  • SSDEEP

    6144:hSpt+OKXbTkZS3qSeF+ywwW18YO+Pa8nzbt1SgGm0q3:Et6oZRSQhBpCzbtcgz

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 8 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in System32 directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 25 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 30 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3a6fa72965a4658867506af0a9e4c997_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\3a6fa72965a4658867506af0a9e4c997_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2028
    • C:\Users\Admin\AppData\Local\Temp\QjP1BDA.exe
      "C:\Users\Admin\AppData\Local\Temp\QjP1BDA.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Adds Run key to start application
      • Drops file in System32 directory
      • Suspicious use of WriteProcessMemory
      PID:2456
      • C:\Windows\SysWOW64\cmd.exe
        cmd /c start iexplore -embedding
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:2748
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe" -embedding
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:2668
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2668 CREDAT:275457 /prefetch:2
            5⤵
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:2564
      • C:\Windows\SysWOW64\cmd.exe
        cmd /c "C:\Users\Admin\AppData\Local\Temp\jFn1D41.bat"
        3⤵
          PID:1496
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 2456 -s 108
          3⤵
          • Loads dropped DLL
          • Program crash
          PID:1728
      • C:\Users\Admin\AppData\Local\Temp\QjP1CF4.exe
        "C:\Users\Admin\AppData\Local\Temp\QjP1CF4.exe"
        2⤵
        • Executes dropped EXE
        PID:2808

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            342B

            MD5

            d9e186979d23df8fee4b30c71ec2b1a7

            SHA1

            ac035f96a0aaf7c23b057eb7cfae0585029eba1c

            SHA256

            96999196fac106262e0fc4038629e3364679010c2b5db0b82508cdf3688ee32c

            SHA512

            be50f86b58d070107fe46c2b5962ee7d39d8ea1ef48910d8310befdab3e4e24b98763dcd6787d1f0ddb00aab206248625954c6783406ad37f48f4fd850baa2a3

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            342B

            MD5

            ddf26aeea27ee5992181d170a041e757

            SHA1

            78de24125fb7d2fe9f7691312585340eb9515f20

            SHA256

            263d57e2880de9aa864f5b8f61a028cf50393b42e152340cb98a0ecf6d034de3

            SHA512

            ccc6841c09e463f19a2b823739c15d0dc634a83d06551981258e96988e39ad9d46fda1ac439649585a7b8572e22aab2b8744ed129fa88cb6a5fdfb163e1f04fa

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            342B

            MD5

            7fb41b76fb55965e68c26e468904f7c4

            SHA1

            c68c5f0f9186b7998ea051dbea2f6139ddd5051f

            SHA256

            78d15ccf27c5a0b6c3d28df678ba43aec0a573ce781890c5e7831a8ebc758945

            SHA512

            729f5894f52b6fc14cb94ba4f75c8296441d233792185425c0d4586b3ab7328f113cad330198f4dddb51bfcd6004cf76f5043405886161aa1989960f8af4280d

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            342B

            MD5

            00379818f92510d6b4a5d96c62745165

            SHA1

            50175e8b97180412170aed2a3a8bcc9e40b697c2

            SHA256

            dc0cbcfd1b16af129f5c12f048555f6f47bc7bd37fe90d9ed629dffb9bea8421

            SHA512

            10dbf32391f4074d3b265641cf0ed74af55ce58758b1f785ade168a02f76bb5de94c6972d57d9b1d1f05392beb6e4eacf5ed5cd27f104b62e369e5721e192a1c

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            342B

            MD5

            432d5eebed38dd609cacfc5a6358cdc0

            SHA1

            bca55e822f60794537d1804cc30288e9def74387

            SHA256

            aa944c5502897b8124c3e1ff8f2283f946022b748588ef3201e25d0714a620b4

            SHA512

            ad15af74d267d17f1013b81bc806072e0c125eed694c19658f3799f03def3506526d6ae29933eb87d2d2a8c91851a6b5da053335184c5038b3e6431a9762bb19

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            342B

            MD5

            92852d1f4302a4cb90ad040f6cd5ee9d

            SHA1

            741a9968a7dd8926905b59a383d4795c43d3bd81

            SHA256

            85fc595446266809c989af2371b1103dee3867abed4904799ac0d06a3cf057cd

            SHA512

            b0f13c8da99f515af51311f68a5d4511205413c13a29359dae6d48b003b6d7b45b577fa9ff0ff68b9b69acbdca2650f9b5d612a63316a9744d2457b264bb65b8

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\Cab202E.tmp
            Filesize

            70KB

            MD5

            49aebf8cbd62d92ac215b2923fb1b9f5

            SHA1

            1723be06719828dda65ad804298d0431f6aff976

            SHA256

            b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

            SHA512

            bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\Tar20DE.tmp
            Filesize

            181KB

            MD5

            4ea6026cf93ec6338144661bf1202cd1

            SHA1

            a1dec9044f750ad887935a01430bf49322fbdcb7

            SHA256

            8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

            SHA512

            6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\jFn1D41.bat
            Filesize

            188B

            MD5

            695807d2a8169294fa3d056834275495

            SHA1

            b1d0e2864a3c297953d841213a020430e5b4b8c8

            SHA256

            2a993fcb0c609066a7da81e2e84f49df765fba5daf8a856312d6899250f5b4d3

            SHA512

            961d565354ac9c4fb2f2827b37c75638d558293b26de93f4db3e4347c4d2dfe5329044275f2a2e461179255ca9559173f1541f92fc348f0c9a8edd10cbee82c3

            Download Submit

          • \Users\Admin\AppData\Local\Temp\QjP1BDA.exe
            Filesize

            106KB

            MD5

            2a079e97603e5cbcf4a801a526cf7fa6

            SHA1

            3be9f592286a17187a271045f4292e3be524b6da

            SHA256

            e85d1a77c05b5f976c05ea57b61d5214aab386319fc201e9cb4ed9dda92e6fa8

            SHA512

            a68ca6ec585989fa5ecb70fcde767a29b188573017dd2ea470cb0c67173977bf13afe940e9360e94f2b456d14568f1f999ae71a86633eaf434c18517680ec9a2

            Download Submit

          • \Users\Admin\AppData\Local\Temp\QjP1CF4.exe
            Filesize

            94KB

            MD5

            903917b02827d98443c196743be84664

            SHA1

            b135f55183488c9fa79f60195cbe7443c8c9d191

            SHA256

            d186e9ca8056a4b64e216c9e634b7a40a847aba61b46aa78fa3c201ab0e6c6cd

            SHA512

            a8638f534eb78cb531e0a4cedab7f9798b123c47659f222a67a6897a031ce5b6c4cce7f06d020c9cbf34093822d0a551778cd13a3602023bffcdc8e3e6fe83f4

            Download Submit

          • \Users\Admin\AppData\Local\Temp\jFn1D41.tmp
            Filesize

            80KB

            MD5

            5a4bbd7777dce44a58697a4188cb02d6

            SHA1

            44c652e0ff9a3be599dfd56af1758e91994ba039

            SHA256

            559e6086af7081df06c50fb398766caab133179a55254ce0e907c0b0b2c2ab79

            SHA512

            bbc25531673d19ed3a7abde6757a0897b6fb03481b765455bac63b7faf04c7010a0621cf9ec1eb5a821e5bc008491815714e0a2abfa6d2b4d5a206eedd846c46

            Download Submit

          • memory/2808-40-0x0000000000390000-0x00000000003AB000-memory.dmp

            Filesize

            108KB

            Download

          • memory/2808-16-0x00000000004B0000-0x00000000004C8000-memory.dmp

            Filesize

            96KB

            Download

          • memory/2808-15-0x00000000004B0000-0x00000000004C8000-memory.dmp

            Filesize

            96KB

            Download