Analysis

  • max time kernel
    149s
  • max time network
    132s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    13/07/2024, 02:18

General

  • Target

    3fcd3b6e09dc395775e9db0dfc353f75_JaffaCakes118.exe

  • Size

    48KB

  • MD5

    3fcd3b6e09dc395775e9db0dfc353f75

  • SHA1

    cd535b35bb94a85ef8bdec2c80e6c4ea30c83b97

  • SHA256

    874167abc40f76699f93d3dbdd01e6e012dcd1356fbf3617a346b5412049e904

  • SHA512

    690e33ddc84b346a1859f6ea60e8e6cbf8520d81ddb388ab79ed36beac294e4910ae30abd0ed921eddc2466d680c7c6af0a0c7104a83223525e9adb83c8b8127

  • SSDEEP

    384:dJx1M4T5zdCgJhLIIhcx4tVHHzD30SIQ0Eit5X1urJjJzOxiRx+2iyz:vvBlzdjJhux4tVHHvjv0Ew0bKsu2i2

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3fcd3b6e09dc395775e9db0dfc353f75_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\3fcd3b6e09dc395775e9db0dfc353f75_JaffaCakes118.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2352
    • C:\Program Files\Internet Explorer\IEXPLORE.exe
      "C:\Program Files\Internet Explorer\IEXPLORE.exe" http://dl.kanlink.cn:1287/CPAdown/vplay.php
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2524
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2524 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2688

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          d16ec62aa2c5af7eaab342c112c185c4

          SHA1

          9812e75d155463529de6837c169ea3bfaf6803b2

          SHA256

          7d96407a855e7c710f5977296ff88b733547e08a68c099d8d8115c440826e3bd

          SHA512

          47282c68f2c5438f49f4e0d9a1a9ff65d7149c63b2c9335996067bfa1490d1cb6cffbc15713eb12b34c8de43315d0188b4e5c3a1860993fb419c58f33defa952

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          7431116718180c29ef532bff15cca692

          SHA1

          36706c52b32cd0faa33607d264fba1c0e770acc7

          SHA256

          0a780082669ab9f7c0d27236d3327d8aaf13b34b85667df5b77a064c5c017610

          SHA512

          c0e35db61bdc2e2d4b42390aafd0e9fb235aa9dd27bc6525fd232641965c5ab1605876b81a10fb067ad7949193c1583856381d6d432825ba24b597c8f828e6eb

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          1171521368ecc5bece47a80b4e362257

          SHA1

          7def77c7ab71baac0ecd0c65452b7d63961a3a6a

          SHA256

          4741e518daed6d16ea91dc556b25aac7ad9529a7c66d8c6aec897f08e31a576e

          SHA512

          92523f1ab2b06cbe96b522408aa3c04f3a23915044dd0e28ed769cae59660b26b173b3f4ecb1695221ba066b4f89b382732d31d2a74507474370d9aff8541502

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          569129851b2d1b72aca104ae272fb8f4

          SHA1

          c9307299cdd7b8c1cf1909650b82de2478a6b21e

          SHA256

          4dc03874d3bf64158cdceafc4066ece920ad160603c73880aad3d7c50576a1ea

          SHA512

          ccd2ac02c90b6afaccfb1eac60044c8c8849ba905e6dee3e1da32b35edd79bf70d2d371165c6b42b96f810efcc11bd78dc38074001dd52abe60c8c2b15303f64

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          4ced1bb74a1c137cd828dc837b1366ae

          SHA1

          8a8460d44e7ba5eb2ba0b9a16ff103412375a307

          SHA256

          52d078d8a4ae5c01845b92d4cde449de73d64cb64012dd7fa060c57d465bf9f5

          SHA512

          84d8af6be8f6213c336aff4e44e6332d6bc84605e64afaaf14f21398e21b779f42c73628897754825d5063d7207587a51919e4a6eeef9459b4de8bc4ceb820ff

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          261b2d9737706cbf31e3ae9ebcdcd038

          SHA1

          b2454f4dcdc9637411a3b56ef21f83009e29cc56

          SHA256

          7176677a9fe7de969b5fe9c5455badae85e7be1bd2e73486be2b982dde0b14e1

          SHA512

          217c7cd7747936e6dbb9b6fb33eeda7d47c6d48043ab8b1eca331633791f62a6aaa629fc22bc2ab8a5a6cd0570bb38c6610c0f877095e889cb83cd324c9ee473

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          60065cf36d7eaa5436da19eae2c906e2

          SHA1

          24b433bb664d6f21679b9b406cbb7c63a7c622e3

          SHA256

          d5221aa4c64214c6a1837b2addab4273e9b72ac32076917c0e6be1884d2e9249

          SHA512

          430620fcd32178f01c20bca07e938508b6dda314c12f13ae06947a5ace31ab1ce18559a86073a9754f44dc9e373a842210dd54dc77e345e11d808920c3aa142e

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          45efb1fbfd6a73e39ddecb60ef316b70

          SHA1

          8474c05384c9d7aed0275c73ece25e95cabb8e70

          SHA256

          8e5e181ce990e463c41bb44f03adfbd3376ead6fd4c6cd6beefc3b4b0b8237f6

          SHA512

          3a0c3eb383e5ba9d913d90752d09aa0939d516cce80e95c362499d6efe7cc84429621ae66d4e5b77d5bf8e072be5fbd8d1622b9a62abdf76cd4ef49fa2c7f9a5

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          7918e7b42d2fda2ade4887ca0cc49643

          SHA1

          b93f2ae302c87b6117e9e90542bcc420762571a9

          SHA256

          3fae74042989d6e0f9d40426fbc8665874c809694a3859226da3e63b98d3fe21

          SHA512

          5b59f7b533cb4dbe77c3633aabe3450a541ff6f8203b9728445cd1267e5101e5b5d3e49cda7ca2bd3eaad2dca0aa0b9bd9afc7aa2880e7cd5a48cf6d480fdbbe

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          0a040a93fec4db2739e62652a882e3d6

          SHA1

          c982cb1148b701eab043eda9e38670ca6789ac1f

          SHA256

          b550a09e65938d5aababb56f6463fee34de127457b15d4a5f755c855ad62a9da

          SHA512

          4dfa66e9586c0f38b3d02d89ad49b9f4e0698dbca33b3d25385fb7dbc84ff71acd79e556591ab09115ad56d26f212ac132a6c4da9a39476df1be11d441b68478

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          4fc3638008f4fdb7e4358651d2654cdb

          SHA1

          baed0db681976537af3824fdae723226497269fa

          SHA256

          e11c7bd3c592c05cbd627514f522d62448aa96296c05c4d047ef75a10a4935c1

          SHA512

          97bab4d54b16e55b631ea0ed183db90fea38fd34884b2365a07500c0cae7121063eb29cb8dda711ecc7e2cf8225ef6e1a2b0e9ed34b3d600de814dd1450618de

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          7b436799e15b1d0eb6c9572c9f4c5cd6

          SHA1

          500b9abf816b6d4cf95c7e95a80a060d91d62ed9

          SHA256

          c5e5362391ee6f6835c3a78969aa105ce53dfde5a98b0ef4d6d3dee08ed61a4e

          SHA512

          84fc4e5c6d067446accb23a0fd1574c0ac3cc4d13792902208cf8c17de0b8449f8ad0346c59805062c55f4b5fee5ae3907b6e4afdc76231cfdbb258e554dce58

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          023b900a9b7028ae73ad0e314270a203

          SHA1

          4682f096cd2f39a1f01abeff29f153aaed7fa485

          SHA256

          9353abe2bbcabd947adccf613ce8d378ced7fd7f8168e22b0647d1046d7e3af0

          SHA512

          f5dd6491e49cca7a91322dbebe9da680a5c3ae6e1f339830ebcb758981425f45f563a8b8ccde9d095e56087a120dddf9b411f2f8811336e976d0a2190df44dfa

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          72a258f834cbbd8f33f09249b59c651e

          SHA1

          0faf466fc9a685e6f5632701f078b95f8c85ab4c

          SHA256

          59906d2e8d5c12c1f917e1ff04a7562f20982ef369661064ed33cd7f4f43ddd8

          SHA512

          b95d15cacc4776ef8808fdbd62396eb98cda106b6f0029dc7d51a35c1b0f87069f4055ee13eccde8db3a5af415b0923adb48c5ccf06187ec47ba514ad92b7f43

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          e574af558e7d8177fede05b739085c25

          SHA1

          aca048e4d23c6f6edb921444158ac20c5af8a677

          SHA256

          7c705155eb891654ee12957601e0adb39482d4c52a52f97b612f794e75cf3f82

          SHA512

          64c7d9dcd191c7f747a50dc01ed8312a445833e86ad737ae6fcdd445e53bb7d0bcfd21a34abc39e96973f3f4b8ba65584e78ecfbb8bdb7c39cdd4fa1bfee49d9

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          e1f68b278576e69c9ea92decbd564a70

          SHA1

          215fbf710dc61b430b2363c300899090d974d3c5

          SHA256

          78ca1b5dc0f2c12147c8411067c144cf4111c1c724f81318b302f03095ffadc6

          SHA512

          4c255db79004584350329d68f6df0c191d5f6e6af74c2c1dbda4547be9d31c491ff39b30828dcfcf5a8cb0cef291de2beeb1812f3fa7a79faadaa80c4799fa6d

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          e83768e6030b922b4b5ed0c9be3d3d56

          SHA1

          1becc44441262bf2aa4b739e802a0960aa1f8fc3

          SHA256

          53ec2f8874bd62f87728f673934da07bcba8d366df470d886fa61401e056027d

          SHA512

          edd3e704e5d88bf2c7972815d792b0a91470db6ab64f722f19ab9a29d7df9bbb77be40781858b1a62da1092a775494382cc84b5b74884bd4607b9ee4831c1c6a

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          e4894ef804aa24564ba30d8e15758e01

          SHA1

          e62a42c2bf9ec8d53f499041522e820ca7d93e70

          SHA256

          ec3dd3359f313014bbacd4f61eb3d19c2a97d90d7210308f53183f10de6c5a97

          SHA512

          1451080fcd6e6aa2ccaebcb683f716f9ef73d2260abfbc0875df4862f140a113ebd77bc9462c2a2ba781ce4f16971c80ff4e2c1951b96ccb51996c843ab32140

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          fbb6d98aaaf606bf219459d42743ab09

          SHA1

          acf4d1d2eb93b001986300fba30d37babe0dafa6

          SHA256

          7c18b593a0f31d591f7bae90ca68d6d3a7a130d196fb00f8d6341cb07a230fc1

          SHA512

          625162454b56ed35c6103ffb79f3fc1a82c67298d7494225eac4caeedfffb3961df45399cc75d9b5b70948e359b724d4e13ad7230a53a3d9e675ac59c8944308

        • C:\Users\Admin\AppData\Local\Temp\CabEE65.tmp

          Filesize

          70KB

          MD5

          49aebf8cbd62d92ac215b2923fb1b9f5

          SHA1

          1723be06719828dda65ad804298d0431f6aff976

          SHA256

          b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

          SHA512

          bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

        • C:\Users\Admin\AppData\Local\Temp\TarEF16.tmp

          Filesize

          181KB

          MD5

          4ea6026cf93ec6338144661bf1202cd1

          SHA1

          a1dec9044f750ad887935a01430bf49322fbdcb7

          SHA256

          8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

          SHA512

          6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b