Overview

overview

7

Static

static

3

4351db172d...18.exe

windows7-x64

7

4351db172d...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    148s
  • max time network
    149s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    13/07/2024, 21:00

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    4351db172d796d2c03c0ccaa51aabb6f_JaffaCakes118.exe

  • Size

    1.4MB

  • MD5

    4351db172d796d2c03c0ccaa51aabb6f

  • SHA1

    7258d2a3eec665c7e6772d731b57051fc0b08bbf

  • SHA256

    634868f268a203a1f35c4f4b8d2b4143dd2ca98a855e6622b68f682a74ce8d7d

  • SHA512

    bc6abcf4ba5f4ed49c9347693d76f3225f9ddf4a9d1dc7d2b4ece0df3630cf8e69202568e7879ab16e678dac7fbf329db0a7dbadeaa7b800ce34f9335cf13470

  • SSDEEP

    24576:vneI30X7Inz+YqfrMQTZaqdiXSp0c02uFG6dAk3VfO:veI3rj2pTZaqdwk0c05HGik

Score
7/10
upx

Malware Config

Signatures

  • ACProtect 1.3x - 1.4x DLL software 1 IoCs

    Detects file using ACProtect software.

  • Loads dropped DLL 1 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 35 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 11 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4351db172d796d2c03c0ccaa51aabb6f_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\4351db172d796d2c03c0ccaa51aabb6f_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Modifies Internet Explorer settings
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2084
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.xuanxuan2010.tk/
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1988
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1988 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2692

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          00e93aeda069cca5e7adde3e6ccff1fb

          SHA1

          abe3397f58e6b450a3977e9aec335bc1d4a4417e

          SHA256

          937394674296fc5c09bdaffc87c9ed55d75173796e8e836817fbeec4dad67550

          SHA512

          0a7379cb5432a42d24a3c659ffc19446c1a18b047871da098cf8d13aea5b6b190b41125200ca9ace0bd9f88b3f3229050bf8cf408051b3a87e89c63c8f8bcd19

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          8181f382c3d33df11a0c02be9b891ef3

          SHA1

          3c5210625d545591b72d26f5daba267e97b22536

          SHA256

          713d0f7f9bb7394b2219cf067bc1bfc247d4153e3023c3e636ad71a23f5798cf

          SHA512

          2185479c25ca510c06ec51737a0935d37fedea1994193e5392a8be3a3edc86c4ccc24613d5835dd1a39a51676e43de9736fbf39ee98fd5a4a11e245ef9d6222a

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          a428ddcc6daacc82a66a156139b1b716

          SHA1

          242944420e6a7fb37fbc655fa3356b3cac7ef0f3

          SHA256

          21c78b1c556d383b7105d7b57ba5eccf7987cba1e1f4dc76f2f077f40421de00

          SHA512

          50c2bd775c8983133a4f536e794c9e5d9842026f51f8c3e773092bd7365fb60d7021f26abe96d1ba79f3d2fd704eed13a6d4103f46ef5fd0c3789eb8010247a8

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          e6e6a924d32261b33a3f5efe7b40f32a

          SHA1

          4ae4c37a0b575529eac4670e5d8c17d5fcda2af4

          SHA256

          13cb7bd9b453a42ff0846144cdd075b10147a8ef15718e11baf1bcce6547f2b3

          SHA512

          49e31e7ae5621126ca00adb4a5902ed73e5bd7f2954adb83527af20d0f29efc26d5bcc5487af421918cc9a48027401521583724bc49112d62b7e96ffca0f2f89

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          60e31d2702862c912ed54a5ef1cc5ec2

          SHA1

          69e004a72da0ff841033c1b0cce8d0781b8e6366

          SHA256

          c185a8f4944e6e684b81792300c6e14529400fe3d3207c72368be2e9b841e5bd

          SHA512

          aaedea01d3a1c47baae27489672bb18e5b218d7678ef01e8c4f58f787ec8763af7753cea3358d6df80c626f970b9fcd8f3c488eee7396670a255f49efbb8c546

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          6431728a04e43380526f1def572a1f1d

          SHA1

          7f08e229c465821d7329e8a2d17f0f655f3713ea

          SHA256

          7ef8eefb83e37b12d62d3403ab5ddab52984429249088c3dd37c6ee083380781

          SHA512

          c2f9a29177022d86fc30eff96e27db9d6d1d2dd4b55f9933513e7ca630f55b3e5733c6c0a9dcf15bd5cba4ba1a0eff9cbc199f4b656589b44e9fe82b10f39bb2

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          6970e8e4c93fba4a817f727ad89eff4b

          SHA1

          80c0f05c6b0493e48cf2e499142da8ea1905c7d5

          SHA256

          f6116bba37bd5f212a40ad15d096705fc5c04b4b5e60de17fec172e1d72125d2

          SHA512

          b6625d9b6fec6be225ae8c34485aa18e9279c244bc02b36f7356a30d6bd91422bbc4071379e81420084c9a605cfb40935e0c676f28f52271e76d7391210a7ee4

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          303f72923012a7bd24e0c4b6bfca1172

          SHA1

          a8b0d629d8b823d51f93a71df6099b8a39237d1e

          SHA256

          626bf4d769a81c463b81547e0d411021aa0ab4d3ed3912df5f37c1fe0f380b68

          SHA512

          b2a7b57ceb36e99fc049ba930bc5c0f9316eed495c1ae7ab6ef2f54cff50a46083a4914145a53b033c843b2d2b5eecfd32ba1c35d016c7106ab0faf76d8830ec

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          e0d50e1473041536336046914898c7e6

          SHA1

          a7f842a1efbdfdd7a4b40eacf5d09e3758f253ca

          SHA256

          07ec1b3cf92cd68cd0b99daed5a206938343520add05470ef9e7918645110acb

          SHA512

          0b9e4c95fbd6c565e9e77595c530ab59af06af341338725ce5d6c6d1f61ca912072bf337e5539a5877dfc33058bc18f4f2e7d397e6e00ba813c07d41267dfe2f

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          a799caafee94a910d256686443f8bc35

          SHA1

          eb6005647b3d33756d08714a6442508ae0aea7f8

          SHA256

          f8c6369f8e8e3e0cf48aa2a440bc1ba5521d4e74a6a4ee23f1906eafa2c7942a

          SHA512

          72eb1acfc2460a20c0fb6c4ed51ea8473b9faf16194a18044a6322f45621205621ff8421ae8fc64e61eae4ee8015cd0c993a9035af43f01e62257c122351bc13

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          ab272d5bc114f79ea9747da8515f8553

          SHA1

          737e10d20264d9ffa2aa230d4505c6b9496f9ece

          SHA256

          d2e431365f50c67b4115b4ccf9728ceec4cb9d64e8cfafada7211b003d1f5a7f

          SHA512

          8ec1dfa5de578514bca7496147d2416afb4d45b1d10dea8996c79d8e6953a1c96ad897b19cb78585158bba13ba57bc8731f3aeb41ce897a48dd5f950de37c806

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\CabEA71.tmp
          Filesize

          70KB

          MD5

          49aebf8cbd62d92ac215b2923fb1b9f5

          SHA1

          1723be06719828dda65ad804298d0431f6aff976

          SHA256

          b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

          SHA512

          bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\TarEB30.tmp
          Filesize

          181KB

          MD5

          4ea6026cf93ec6338144661bf1202cd1

          SHA1

          a1dec9044f750ad887935a01430bf49322fbdcb7

          SHA256

          8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

          SHA512

          6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

          Download Submit

        • \Users\Admin\AppData\Local\Temp\SkinH_EL.dll
          Filesize

          86KB

          MD5

          147127382e001f495d1842ee7a9e7912

          SHA1

          92d1ed56032183c75d4b57d7ce30b1c4ae11dc9b

          SHA256

          edf679c02ea2e170e67ab20dfc18558e2bfb4ee5d59eceeaea4b1ad1a626c3cc

          SHA512

          97f5ae90a1bbacfe39b9e0f2954c24f9896cc9dca9d14364c438862996f3bbc04a4aa515742fccb3679d222c1302f5bb40c7eaddd6b5859d2d6ef79490243a4d

          Download Submit

        • memory/2084-15-0x0000000000400000-0x0000000000580000-memory.dmp

          Filesize

          1.5MB

          Download

        • memory/2084-13-0x0000000000400000-0x0000000000580000-memory.dmp

          Filesize

          1.5MB

          Download

        • memory/2084-475-0x0000000000400000-0x0000000000580000-memory.dmp

          Filesize

          1.5MB

          Download

        • memory/2084-14-0x0000000000400000-0x0000000000580000-memory.dmp

          Filesize

          1.5MB

          Download

        • memory/2084-212-0x0000000010000000-0x000000001003D000-memory.dmp

          Filesize

          244KB

          Download

        • memory/2084-12-0x0000000000400000-0x0000000000580000-memory.dmp

          Filesize

          1.5MB

          Download

        • memory/2084-11-0x0000000000400000-0x0000000000580000-memory.dmp

          Filesize

          1.5MB

          Download

        • memory/2084-10-0x0000000000400000-0x0000000000580000-memory.dmp

          Filesize

          1.5MB

          Download

        • memory/2084-9-0x0000000000400000-0x0000000000580000-memory.dmp

          Filesize

          1.5MB

          Download

        • memory/2084-8-0x0000000000400000-0x0000000000580000-memory.dmp

          Filesize

          1.5MB

          Download

        • memory/2084-7-0x0000000000400000-0x0000000000580000-memory.dmp

          Filesize

          1.5MB

          Download

        • memory/2084-6-0x0000000000400000-0x0000000000580000-memory.dmp

          Filesize

          1.5MB

          Download

        • memory/2084-4-0x0000000010000000-0x000000001003D000-memory.dmp

          Filesize

          244KB

          Download