Overview

overview

6

Static

static

3

463d801343...18.exe

windows7-x64

6

463d801343...18.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    150s
  • max time network
    151s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    14/07/2024, 14:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    463d801343bb2d0e04dbf28fe6927962_JaffaCakes118.exe

  • Size

    28KB

  • MD5

    463d801343bb2d0e04dbf28fe6927962

  • SHA1

    df97c82d8cedf6c264ea354df8b33ba135b94037

  • SHA256

    0f7e0835ded73f8e7a147ea95a8a04b84231d38dee00271b091245355f9b1009

  • SHA512

    ffe8faead422a49756878676158f41921032d1d62053ef4e81f17ad0af1720a354d1cf58f3a35a3539aa587088eb6b54e1eb79600b177805501bb457a8a58585

  • SSDEEP

    384:QVPOXUvOXjzIStY5kR0ZBjBNp0WW7jS5m9QgV6nmNGw0Fi6m5O8bQrBHNW:5XUWXBaCQFx05WEanm4w75lbQu

Score
6/10
persistence

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 4 IoCs
    persistence
  • Drops file in System32 directory 11 IoCs
  • Drops file in Windows directory 21 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\463d801343bb2d0e04dbf28fe6927962_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\463d801343bb2d0e04dbf28fe6927962_JaffaCakes118.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:2864
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c start iexplore.exe http://www.libertyhill.txed.net/schools/Intermediate/Specials/Assets/navidad.gif
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2880
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://www.libertyhill.txed.net/schools/Intermediate/Specials/Assets/navidad.gif
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:1948
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1948 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2680

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    405a634dfd607a4257116bb936b00177

    SHA1

    43e7e73d98ead7467ebe677d669dbbc70eaf1a1b

    SHA256

    c81ccb8e86c7a711cce9d1b54228aa1a06c2dcb9dd9c50416a81267a7442740b

    SHA512

    a0b5fdc407baa31e7192c1fece96b659fcedbb2e035d5109f2cac8c63b28e160000cfc490426207ffd17d432a754f1dba341ebd9879b60f1c90aeffd894e82cf

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    53329aa2f6ec55c73628ca954c390f66

    SHA1

    41cba5069198277ae12060fbf6625a8d3fa974e6

    SHA256

    9ef41b67a1b4e438006c02bf8150e03203b5a56ac5b3bd8ad75307ac8fef45be

    SHA512

    22205931957ec580cc1e61cdfd4392da8b63b645c5eb9cb3c5c09039c2face24eb605851a3f2bfd65bb100cd89aef5b7453d7cfbb7da516c1ab720507cebab8a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    587731a6f2f4b0f5e33b2a7ba328aa23

    SHA1

    eaf1068fc3c57e27744553b6a5160960721b2722

    SHA256

    ee18042de792de8234f82ce2a65079618b70ca9713f9c5a5598eca3d0f56ec44

    SHA512

    c957a8e44dd5ffeb84428ba90842115d2f23e2b1acd1a9050bdf8bc05296dbe406225694666715c729abb7878f1810447f511caf217da0e4e2c284cdc986956c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f4afb98669da4465bdab31b4c24fec4d

    SHA1

    3f8cabbb2baaef9f66574a5e83d25d0ba29882aa

    SHA256

    bbb8a68701240533ab0ff07879e50d4bff9acf9025dcb9b286b17891ec796536

    SHA512

    8747388531aa17fd882ae2a62985b07a33861b41c592b259ab3b93ecd18d312b5d47ef25ddca564ec2e38984439f1eac0871f9a13bc5c9f979e7eeb4c3317f59

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    76fbb165f0763c599b7b69ac5bbe7f5a

    SHA1

    b2542b99233c099f6496b7d095eddd6a7333d838

    SHA256

    635eeaa1682ed172eb3f65bcbb7ec0295235595e785ce6c930ac22e0041b3af3

    SHA512

    06435ef9702bdce285395e79f97b9d72cb119bc1dbc203cfca74321e67186c685b189ece5de61466cfdaec4002132d21d0d00e816f7d55ba64effea4d9de8b32

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    82904aef36a9ac024c1bbef4ceae5007

    SHA1

    ff9aef01a6d00d4d17e43dad8fbca681f0598167

    SHA256

    ba5ab5e5ad25efb82562b21aaba016dcd2ae942eb7c4b1c168b15b58f3b2f9fb

    SHA512

    6dd2d287f7a8c34d784757dfc4df6fd80aac8f9de49bff79bcc266be22c94b064758ed80883ef034f8b6cef5ce1df094607d69e3fb163043f6f8143baf02afdb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2c4f129471247797adee689bc24d6df2

    SHA1

    09f15d9b24c6b7450f8c9886424ce905f0c5d2b9

    SHA256

    af1cfa9ff795060b96f3281edf6181736cf5e55b0410582fecd12e6a0deb8987

    SHA512

    e17cad26a5fb23d87f248c5961ae546b28bed0891623e0b052bfc98c6905f9230c299e3db205130cf8a7ea9a186d54e5b674d9312da0a390eb51d2cdf24c52cb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c020fcaf478b7f93e154e99f240a9582

    SHA1

    f2ca98e5b851904830f52abc4b3bd616b99f15fe

    SHA256

    10f666a1ba84ca42ba856f69ce8c5f8338572b8312516aa0bfd67e067c69656b

    SHA512

    aa4ee4db1081201bb87d243b5404f0450bb24ee10c46e7dafbb559fda03cc9868c29d15e771fa010f562dee26d1ad9169f25b8b5ffaabb34be3524b2741de5a7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    972db74fd8456e9f8d4190cb2ce703d5

    SHA1

    94924c314330ed78aab09494a640353ac4f32da1

    SHA256

    54ab336d6c8d72c631d8eea87174211147918147e0023b9f8f3f60c682cb2f49

    SHA512

    628278b592079ac8e69144999b08bba155a72288f5179b8880f6ff6790aac54f2a954a7163f56406ec55c0924aed2af7b18012197b1e2384b751e3016f0d3f61

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e74d1d84bcc30c051e42cd158efc9f31

    SHA1

    d41930951dfeabfebf7f1c448d7619d1e7190c96

    SHA256

    87dd57c2847affac4d81aa61a7f0932ec4aa49701aae79503a077a82fabd20fd

    SHA512

    e4c9f2a3026cdd682259e6404d69faa7c150a6bd5877de09faabf81aea4ce241c3a58b3a15a4e9cf7b3ae4bba97236694e9d11de7cc7b736b852b5c3b09889a6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    97efc67d11b8ea8e1f2d8b54d50c6ebf

    SHA1

    5c63713990c1935413233e42a75e9a558932261d

    SHA256

    d3058fb8f5132c5545025286c394851c33100d948b043d1a82c5450628d915ec

    SHA512

    90f8a164e42263af4f830a1e3eb7e128ff8bc5ecdb4e785ef08ebf7258cb2d52f5760424e273a84e3dee24f332771b4b8dde68f7e5ecc8eb4423a4b50613b4d6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b6d77bf712a9ca555d9b00c7ef52eb2e

    SHA1

    9d407ab7586d2fc7b5efa1df97a5056310ed35b7

    SHA256

    a28072cea2c811501c0dbe18b278eb603be658e57b4f657f429b66f06c027043

    SHA512

    1151883b020e9b1ae9c807cf8e2a8eeb78b5faeac86d0ff0fab1af70fab4f9d79f3ecedce89713b9d2335816be61110e270bac0649f55b4cae39ec556fa3feff

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d58b20753938665904b3157f8882c10d

    SHA1

    8e37aade7069ebf569740f3484d3addb48645da3

    SHA256

    d3fd22d0d2012833746363835b437b27e2bab020c85fba6ee1483aa6f1ad8804

    SHA512

    033e091467ff6500c41f7cd84e193ac3a21a0eec3c160da0509bb90a327dea918bddf757e35e1835a654aadf8888a0001ccf956df9fea9f52f3b420b25399575

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    206e06d0f347083afaa7936af765321a

    SHA1

    12adcad799c8a69f22337735df76c25018a1cb79

    SHA256

    377f6344c9b12c26d7b0ae7876158126d6b6e4047a654636fb89300607661a16

    SHA512

    d66fbcdd94cfe6ce9d7badaf1a4231af420a21b2e5bf9583ce2ec70221e0b1f8cc70f0886d02e1173ef48f6d21c2a7fce87412b0b763e5fb18e8e415626aac47

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3476c2b793c126ee2a27ad50ed7416b6

    SHA1

    619a46f0eceb8c76779c5c123937cfdcb313c287

    SHA256

    932de692eccc3bd76b19d4516499b24fe9bc4cf15a331138c9bd34969e8e9ecd

    SHA512

    6a3f73a8dbcb43b2cbe534649ed43440beeb2bdf44f2c58de6e10550d2a7a5f02c9f63e19f63f29fb48a9eb4a6818bb72cb172257a53f07703f8a4f824982289

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    89f3289d74d0775e81d5be8380ca52be

    SHA1

    a49bf874f2263b854209960f9090dc93d8ef8f20

    SHA256

    088222bf5c65b0c54c950caf0092c9015892c7800a1248d5e2596640ab57d7dc

    SHA512

    d7adad7efce1b35894395795c6da19957d7ccd5dd4b67b2aa88780787c60723997c3332b20967b524e29511ab292d2ad1e6d4a0e8dc3f5d4979955925f317b2c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    233eb1ae48c39fc2d30d03b88ded386e

    SHA1

    0d839176e0e03600daadbc5daf364bb1c18bbdc4

    SHA256

    693273c969ee3d8c0e64e9e259865fe951c0fcca634d57cc4fb4ad53200f6b13

    SHA512

    00e12855557a5421c002314946cd9f65ae78e4296555e621259b6fb50c0340e08d3b853e87527fb98cee91cd5667b69ccbfff9978087245ea47d481919ebb884

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    44c0c6fbace741fc8ee7569e9de59b60

    SHA1

    5864a6031e70203351143b5e7f6609ebd58aee7e

    SHA256

    38db2e342a13ceff220c6f46e5df267a7bcbb0d0376277f4f72d3326eee6905e

    SHA512

    805c290cc2ad169219b2596f412e937681d25ceb212dcc76ee4ffed12327c3bf9fd9ea4f5215514f47d52d75b63af00fe66ebcf07bd6fd4b9a6765fbc79ca792

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9b8df2a067b938d5b5c7db4c4ebfa5b9

    SHA1

    68d3de2c26451b160a0ab35ed8d777e54ea80967

    SHA256

    1fe0d79cd57dd9ef1b18cfdb2f30e6e8a07db64448a1000b621eef1ea9451b30

    SHA512

    31ce3f648cf032ac957af9ab2ee755b714565ecc7b114f29d611a096d1c8841daa201c8b836c19afe7bb6ba830149ebc47ef24b7d91c711a8cb82831cf5f4b0a

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab1FC1.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar1FD4.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • C:\Windows\command.com
    Filesize

    28KB

    MD5

    06e8014358358b74f4dd6a2c6685db83

    SHA1

    f6d96197465fd847fd138c5006067c9b04133cc6

    SHA256

    3cfecf8046e287e6873a90431fe3c46190de75f8f76d8b8c6c2b8188b139e4d3

    SHA512

    b8078978987bbb3f4953dbc6c6c98efc8c87c14046390f80603ffbe98ae33ea08705812316868c8b69311becc1b37e4b48df162fdcfa767efc06ce34089461e2

    Download Submit

  • memory/2864-485-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/2864-0-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download