Overview

overview

7

Static

static

3

43ac708ad6...18.exe

windows7-x64

7

43ac708ad6...18.exe

windows10-2004-x64

4

Analysis

  • max time kernel
    123s
  • max time network
    146s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    13-07-2024 23:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    43ac708ad656abf1ec34605720220a41_JaffaCakes118.exe

  • Size

    1.3MB

  • MD5

    43ac708ad656abf1ec34605720220a41

  • SHA1

    d1b17e8a19685d1b4e4cd9ed07fc0b5081e667e0

  • SHA256

    07ba0dc0e71e9896b40a18e5746e7d295e674d717a22179ed82f055a23dc02a3

  • SHA512

    a579f459d20d0c3c9867716da17f0a45ade9d8048e0b902a9365998fb53bddb24fa8e93404f9af7cf810e703c0c05277754eb844bf0b57ee882e92a62a273f36

  • SSDEEP

    24576:Omyt7GQZ3MwhkylWPdQbXoO076GehFEyQCZEiJ:iQSW6doFejz

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 4 IoCs
  • Loads dropped DLL 6 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Drops file in Program Files directory 10 IoCs
  • Modifies Internet Explorer settings 1 TTPs 37 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 7 IoCs
  • Suspicious use of AdjustPrivilegeToken 5 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SetWindowsHookEx 16 IoCs
  • Suspicious use of WriteProcessMemory 24 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\43ac708ad656abf1ec34605720220a41_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\43ac708ad656abf1ec34605720220a41_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Drops file in Program Files directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2556
    • \??\c:\users\admin\appdata\local\temp\wmpscfgs.exe
      c:\users\admin\appdata\local\temp\\wmpscfgs.exe
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Adds Run key to start application
      • Drops file in Program Files directory
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2692
      • \??\c:\users\admin\appdata\local\temp\wmpscfgs.exe
        c:\users\admin\appdata\local\temp\\wmpscfgs.exe
        3⤵
        • Executes dropped EXE
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:2664
      • C:\Program Files (x86)\Internet Explorer\wmpscfgs.exe
        C:\Program Files (x86)\Internet Explorer\wmpscfgs.exe
        3⤵
        • Executes dropped EXE
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:2892
    • C:\Program Files (x86)\Internet Explorer\wmpscfgs.exe
      C:\Program Files (x86)\Internet Explorer\wmpscfgs.exe
      2⤵
      • Executes dropped EXE
      • Drops file in Program Files directory
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:1720
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2876
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2876 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2648
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2876 CREDAT:472069 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2908

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ddc3cc9b347eb06905aafdd16c9a8366

    SHA1

    2e3118394ab4a6ea7731e6a95fc077ccb6021f67

    SHA256

    8ee07e51f39d3158083324abb3dd69ef359440d210cb9b99aab046dfcddbd54a

    SHA512

    0aa43b47647aaaa2c7d71a55d5b4eda243bc3b6d5f49cd78287a46f813b6eef7dce039df375fb4df41ef953ba0a84e041cb5ee48305ec94d982ee68ac73d526b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a49848a13254ba46f1e685197bf75677

    SHA1

    b835c7232432a569aa5a31250feddc70bc4559eb

    SHA256

    7c43b18b270118177cd86281c2d82e17278a44a8bf386f699f187310d68ab872

    SHA512

    c7c23494bdb53183339ce24ac22b078e232d656994d181256d649393909b091887432799ec0aea7bee6beb07c0ddff0accf7166e85cca865ddf5948925a889ac

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    dfd19dfe29d5b3ebee9c1006ffd62e7b

    SHA1

    725a74fc367ae90339899a531cf66795ecd635ad

    SHA256

    47861ae1c15b6b87345590f028a9382a7d9a466da7e31ffe14e74aa89c124d27

    SHA512

    fff1f76842207afdca11ee0a14473764d76ec42ad8d7caa01d300955f20a92f776d83d267a4b3c19666ec157463e3b072d34b3e3db52ce83eb01ea93dee40b0f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    72c94a9930d770d12847cc38d1a3eccb

    SHA1

    4200e32ed66ef381134e4f544dac91be83257637

    SHA256

    6e7d3a79b56cd6e36c2502e96a7dac7407e43b9ce87ba019685e2a80a0e5602e

    SHA512

    51f255d54e20fbb5c526e43ba456d9c30be775fade8d006f436182c56da6ee8ad5eb210470c53c56e422c4671bc6653071433accbc42e846e61e0f213bbdcd46

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0903257faf99a47ac442c530a5200921

    SHA1

    c14ba92bfdf8ab60cabcfa36a4a45970aab6fab6

    SHA256

    ec5eef15e95c98858797ba6a9a4cd1ed3599a04ea23592623d9bb1e7bbbb8a5f

    SHA512

    6bf478720e6223396c8113f8fff052ceb207cc76688790efc174e207e203043d7bf85f5cc2569e83a698c8539e2a37b92e431a50986f5663a3112c47457d9386

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a1d236be82b9e0c9f504ea7d3274a3d1

    SHA1

    47c8fe9f8f37c008f6047d41488dda3158c9896b

    SHA256

    3bc2be351b679f36280bcbcedc48cdf16663e14bc6587d48c8325b45652fb2fd

    SHA512

    f8bb988c71cc1a96663ac2fa3719a6a498d2a3ffdde1f9dbf3ab5b53d73750bf2c401e13d7528d88d454819976cf138a629dd239cdec0cc4f9826c22cecb396c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a5da276a2078d605da4a955475f5f167

    SHA1

    2f7f0bbb94aa8850450ddf331e93a5dbca377d58

    SHA256

    7105a3a13427f0b2351234558108974ad07df5fe6379f25c82008c09e1d230cf

    SHA512

    9bf898a05530cb3ab5104563bb270541d581fb104f05d611313eb68c9774543a0ebb3698bea3dbcf85c6c9a76311222e4a1a9ee4a83043605af293bb7e4c453f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e0624b1110f0fbe6650db682c695c091

    SHA1

    049c84bd2a620afcbd5de9a22608f3cb1a22e77d

    SHA256

    34731ca136d4bc03e7cd0daae704a041f150ed13a90b997ac35a16491f2bbb34

    SHA512

    2216b232cde8ed621b8b50a35b0c8184a6eb9d177644a69a0a41ac5217ee32953fa7f3962008da71105fa03ca21988406f06b99b20a70759f106cb11eff3131d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    91b464439e423f50a05e245f845b5c56

    SHA1

    21788ab85aab7ac566ea3c06ae783caceaad741d

    SHA256

    aa392b1dbdbde9f467c6c0858bcdd672c9543b14e639d57c36333e4a43475116

    SHA512

    d69a301655d2ead4728cf54c2aa3d9827e6286d81ab9750fec8c03c2ee11259c22518fba97a2f76260f2a2bf0115ceb89f8754afe368c41def2da0890f1c3d98

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8d2efe6b462e86732975a18f1550ec8e

    SHA1

    b856a9df99e58a2c455a21143b6fb8e2277312a2

    SHA256

    6e89c0ece762a2d17cd2135ac5f10a5a03b3433542377fdca4d446752a0ee581

    SHA512

    770f7491692a8d1f3b6622be873064a6e5c946803f0ca75839db487463c38ffa044950f0a7b193bf7f3f1a4057de098b6023f9d3c702b01d89c667164a399d88

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabDCD9.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarDD4A.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\wmpscfgs.exe
    Filesize

    1.3MB

    MD5

    4c137df8e1a8f1e526315828de45fb21

    SHA1

    54fbb12f993c18a7363ded12ae2ce545e5ba908b

    SHA256

    609ff897d6828adae94427f07b12512d487ee4826e8181502fa1f18826061497

    SHA512

    d413b11cb53a2c9676aa14a6baedfe8fd35a671707616d2514cc4d1ec11ca0f002358711de4d08d41b910819dc0ce2b194c27da5b3ecf2a297ac37338d7c1bf8

    Download Submit

  • \??\c:\program files (x86)\microsoft office\office14\bcssync.exe
    Filesize

    1.3MB

    MD5

    68232a0abd0313a9960f57fa76353bae

    SHA1

    628b8ff6e183e40f2200b7a471b7027f39290bbb

    SHA256

    10b3261340fe7f47f5e1c039ff9cd64c7b1d09c10ce5237101ccca10ddc67d9c

    SHA512

    462aa655755f153722efec53bf82b8972975f3fddedd32b3b5fcdc8418bdf06acddd62828152a1b86674050017d0e778aea62455e8d80d6c54b0975736b3d78a

    Download Submit

  • \Program Files (x86)\Internet Explorer\wmpscfgs.exe
    Filesize

    1.3MB

    MD5

    5d28f97e3a2af3eee38c2b36e10e6cfd

    SHA1

    2d5170dcddbbf2377456bd9dddcb49b1937f0a56

    SHA256

    f3a6bce74a0f94f628e48f6c5db3d75ebebf2dc5900c3e4b65e7c6663af8d32b

    SHA512

    dba6090c1f1a4c0a3ac587269446a898a4605871ca32596b04d7edf163410114763701adb42a67e0c69f02549ca420088413b0ca81e6d6a6e42274ebc6942d74

    Download Submit

  • memory/1720-35-0x00000000021A0000-0x00000000021A2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2556-1-0x0000000010000000-0x0000000010010000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2692-22-0x0000000010000000-0x0000000010010000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2692-49-0x0000000000280000-0x0000000000282000-memory.dmp

    Filesize

    8KB

    Download