Overview

overview

7

Static

static

7

4013fdb51a...18.exe

windows7-x64

7

4013fdb51a...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    148s
  • max time network
    148s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    13/07/2024, 03:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4013fdb51a8082624ebe2752ba55296f_JaffaCakes118.exe

  • Size

    191KB

  • MD5

    4013fdb51a8082624ebe2752ba55296f

  • SHA1

    f8a7add063c620b9f78b34e6660d1482519c5ce0

  • SHA256

    5181b7ec295566ff727d1b350443d518dd0acc0916e2c30c02b50814e2d77048

  • SHA512

    73ca71bfff8d8ba8fa12a5f5c3f267e1ab0ef6bb438e8a6e2b4eed70eb864c6df3e065d815f51d604032794422a94701c51c58dbf3a16ca8785ae15df395a9b7

  • SSDEEP

    3072:FdTejYQcRkBtZy/kqtcGxekIQ8bqJLSjDexH0THKLW15Y5dyO5SDLm9qJV8Vd1v0:PWfUkBPyrtBxgQTMK0TKpxS3H8j0bJ

Score
7/10
evasiontrojanupx

Malware Config

Signatures

  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 35 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 9 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4013fdb51a8082624ebe2752ba55296f_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\4013fdb51a8082624ebe2752ba55296f_JaffaCakes118.exe"
    1⤵
    • Checks whether UAC is enabled
    • Modifies Internet Explorer settings
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3032
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.regnow.com/softsell/visitor.cgi?affiliate=36566&action=site&vendor=12533&ref=http://www.fenomen-games.com/files/RevengeOfTheChicken_36566.exe
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1712
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1712 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2564

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    dfcaa01ee312be08bbeff857cae7584a

    SHA1

    ab67551ea60b916c9d57b18219f6639627cc8df5

    SHA256

    50527a034fa531da6d2dccbe7b7c42888219d06c0233da1da040101b589c17c5

    SHA512

    ce1aef9e9b0d2dda33ef66e282d36be97d1aa8b4d9271f5e394faa2e6c1b3f1c193cb56b378f76ae4251228e874d214dbe57b516651bfd368ce73febfd06ac76

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c2a01f3029adeeca58ac75126c144236

    SHA1

    ebfe02b9f989cdf962ab02bb72d44f3c787342be

    SHA256

    96bc2698c0e7254e44138ad3023839ad0645500f43721615d7efc5796534559a

    SHA512

    8e0e0ffd12ac43ba5fda2579f49a8d9bdaed74898730bd9dde44be2893a54b57573f95ae066d3743a0d8f3500482b380509b286017cd56ef143f1d401a3cacf7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1cc9169abc6cb18d77b40a64265245ea

    SHA1

    f3a78ba2289992f80fe1d7df8e231a6fcc63ee11

    SHA256

    786d450fba37acbbed49d3e508d9d2a046d15b9738031075c2cd8dcff16b0cb8

    SHA512

    1ebc46bf245f6d8af6e9817f5be5bffb5ff910a7f2ad286d5886299bd02930e5099e2a61802ae4c30ab78b161dfc5fb7ab4aac6720a94f286afd90ebedadba91

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0ce4741425c70f1062e045cd3c383d66

    SHA1

    ace75237af865ad9d9d7c40cd3502c7af8c862bf

    SHA256

    5faacc188153c0333cbc54d9353b283c169b3b2e0a0ed933d700b371c41367f8

    SHA512

    cab4df826955e04e102e0144c219b5d41809c9532c183e26bc8c55940ae04ab65ca539301c904244718a4c7e9e7f2a59c87dcc039cc0b67af75f74e26ea325f7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5cc78a954fc4a26e99fc7fa210d1cdb0

    SHA1

    a2b236538d4397996f206e3f6c183b2b12c96f6e

    SHA256

    67720eceaeb1892a47874564778a50e407f8edcff058da8c6b811407cdf611eb

    SHA512

    b524a7353fd14e9629b3d52edd467a4b2ecdca75d00653d7f87ed432f79c0bc7a7c45b1fdaae7a28348bd70c5fc66cc905df682caf041ca7fba535e27177899e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e627fcede0ca1eac6e0e79f3a68cc32e

    SHA1

    e849f98920aa3069308517a824be188535003b30

    SHA256

    92d7c23db73af0eff2288dcef402048a477ec33bf246c270f7b8ec1884745c16

    SHA512

    8f2108138c85064d0171d58456245d38cef8899ff26771e7ee2ecae88ef5a3dccaa595e0d51b7988aa3ac54e4f0ea1b4a3b351b349b581c45e22a14260903ddd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8a36cc6f571975ed33239b0d5539cb80

    SHA1

    06e77f8831d27b1cd68603611e5780ddf9ddf18f

    SHA256

    e3ace329e2a448cb4fe60d60ad8462220e141f14e62b196f5eb4d7670bd3b11d

    SHA512

    3e68ac27d030dfbc7fe42623c86c0a6ca76fd789b5b801effb11d6b846c4d9dac2d2d248454f8b1867c885e2b6576be472c4314837ac455daaf9641fc04c3cef

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f4a3e8f6fadd8253fa447b42faf4b22f

    SHA1

    e17dffb3a1f8da843252b4e51425d82640d62c65

    SHA256

    3fdf44656a06e30b0860007fdcb6c61a4c3b5e5c5b6ab7222756ee99c69c36a4

    SHA512

    3b6003836ffc0ca99c9f3bbba74af05c2abaf2fc60caad3fa90f1499107a4520928254f101301f5894bd67229dfcf3978a8851f9930fa196282afffa20eb1691

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b06e203a35a3d83cd753c63dc53cd223

    SHA1

    230fba5c81fc17e957da79081519597c93cbad6f

    SHA256

    c29bf27105d9a01f046479d8d720492c42b8f97ef82325e51181210dbcd6f68e

    SHA512

    3da1b95415e3143dc28369dd81b581d3c9f797ed0838224d24eb74c6d650b5285d5e303a8e7e646cc486790a120485b063254a0df50ce750fbd6901984537133

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    737516a6fdee42d369c27b4cb8d13df6

    SHA1

    e463b187870a63affeee3231c2b88a7e580e82b9

    SHA256

    b94e385641246603e0ac47663429f0c12fe26c4e9b7fc8798e61aa41b32474f1

    SHA512

    868ad58268c4d0b1df0720ec2412e54736433f391f66a6d5feeced1857b682a8fe82e5adfca2a083d0f1707d8e843d338cef43de5e8b46bcb85f62148dd7e018

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e75625f98f734bc054aee73ff5706184

    SHA1

    576679c8141a868791194868cddc8c7fb2c215f9

    SHA256

    5f83cdbc9ce05e60f9e1b87c6a30fd4a4d70fe8cbcb4602c25b173ee9f1ead80

    SHA512

    4b9c959d77a22db480f834606b2fe3b2a9cf6d362be232cc6ae883aa8fe96582b16dc436fe6459243931639ba96486b4175d90d239f952c88e7efdd1e1b8145c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7102bd347dbd672b8d6952d7435ebe2c

    SHA1

    d080e4e15d5b5e4649562c6450441f2d898f97a5

    SHA256

    4ed09d04313a5b8aa1977c1c542b91e607ea82953cc25a512780921236776232

    SHA512

    f7a5c114e153dda2ee50552b720f923a5745626cc9b1f78861d1c4ee87760e1266f861555b6d163f161ba7c0f8a09f61db0cdac99495a2035ad801c0f23d6ace

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    06498b6d4740de87c1e438942b99c983

    SHA1

    70b9268e4b77cdb6be132e4f218fbc314562297b

    SHA256

    8a49b7992cd697182c9613d69cdc69847821f39ee09b9f3de02c40ceb3311afa

    SHA512

    57746d5283036677afd6c41173b2eea45b76b036f1405e51d39f0028ace1b44c3e821371fbf57e40bce832c2e80abd5190eac37e6ec3a5fec4e66fbed50d4de3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2da6ca1fc43c051af2947fdfc14cb35b

    SHA1

    85717f696ea156b3abe5d93cdd5bf305b7203b4f

    SHA256

    f2504e6a20a95561ba9d931b49eb5d4c437f70113e6bce6d410a92d0bb1cdf4c

    SHA512

    c0c0a10aa9564131730d0a0a0bc18840ba1ea033f6618de2987b59d4fdf7a4a7faf2813b3b2de35311c44ee427d24612903d9bf9f99c8d37821e50d4235a2a4e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    79baadfc34d46b65b5afbaecaa134f02

    SHA1

    400028bf2468e61b0106333b0c9f4a88de11d543

    SHA256

    8c9daf6df5231816a83bcb26b31de491fe57b8306fded21b76a7d3160eadd555

    SHA512

    6f69080ce0ff742f5c9d64c3b45fca2300a67ccd1fa79bd5b15d28ef4429736994e1d45201b0468cbae706be154ee8bb81b295bf1ef55df50819e94a9d6f01a8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    70121959d309db8cbb4915dba73975a1

    SHA1

    6121179ad904bf439a3dfecc453e78565216c3f2

    SHA256

    f4f3becb2e19727e346e09af9bf7f9ee1789ef13e60902762169ccbb88883c4f

    SHA512

    eab03ab092aaf666f602d6aaf692a20b4123bc433b943beb877d46109db48f2fb6e482e09d419e3b4ac1aded65be30eae94148cbee36c36031b603cd06f98465

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3f34804176471a93ee5ccade2ddc4c2e

    SHA1

    abca3f2f345499952076f6732e9a7c444ab1f936

    SHA256

    866881014f5bfc82ed26dd877b583c433357556fcedbee0a2754ac7a8b18d736

    SHA512

    150b30f192d84f39294e273b1dbaffdf60417c05f259c5152abb865627b1570001e9291321731331b4440c4080e61b31a1f36be1ce036284f5cfa37cc7825936

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    750aa5a2e855283364686f44ff97deb4

    SHA1

    a2044db117400e316f1ecfe61d0b1923a59d26d2

    SHA256

    9f474543700ebd39b21112831eb464e9d32edee41d8e2c64ba851a8471ed4b57

    SHA512

    5bc34bc877ff37a699f9f0fc0a48c0f1fe13ecb7e9a44c6a3c8d96295f976d146a49fc6bc4ec1053c07ea3dfade59ef731ab5b238279d98ae814fe0f051bcdc9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    11050fc4d09e8a3e279c7ea2c75bc4f1

    SHA1

    ffaa8363e1855e2680185351b3a41d715f156ade

    SHA256

    afbf7cd49eb74388a698bf8c1c49894a878b1d8b441f575dcd354cbede9d93c8

    SHA512

    bb10cfc71e0525f6a1053bbce7adbc757797531a7b24fdfeff051f216c4348ac6fbaa1c67b9aff804e04989caf6a5e82e4ba128762544d9493b49c23ef331e34

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab1DDE.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\FG.url
    Filesize

    192B

    MD5

    0fcf82b5a915470e8a79d3516f582a36

    SHA1

    75f81b41607905b231521243129aff3554a58db0

    SHA256

    076264d4f165cef82f0cb07f6795f1d5ffa74741a943fca42cdeac65823bcae4

    SHA512

    adf69ec56756fe672677b039cb44bb13fc3adfac569f5ea4eda4e7b35de5ebe0229c5825ca8337aa2c623a773bdf775ddd3689e9fae03a7af1f694576d954293

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar1E8E.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/3032-449-0x0000000000400000-0x000000000056B000-memory.dmp

    Filesize

    1.4MB

    Download

  • memory/3032-0-0x0000000000400000-0x000000000056B000-memory.dmp

    Filesize

    1.4MB

    Download