Overview

overview

8

Static

static

7

4b8605483e...18.exe

windows7-x64

8

4b8605483e...18.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    135s
  • max time network
    129s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    15/07/2024, 21:41

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    4b8605483e64ded7c0439de8aa0bde7f_JaffaCakes118.exe

  • Size

    250KB

  • MD5

    4b8605483e64ded7c0439de8aa0bde7f

  • SHA1

    96d5ea931da582a10c3deae5ed09584041654e60

  • SHA256

    1d6e10130d7464ccb948cd5f63a088a9dfa62d368902b3da7a420228c7058bae

  • SHA512

    eccaf45da06377471877f6f33bc5f945aa381af170bb63c0442dd2c158eb011fd87c18ef6c175a9f8f94b5045e58f1248ab5016f329e8ca9f00050679ca9b1e0

  • SSDEEP

    6144:OhieuJDr5T8b2ufqBLjSB/MS7irtIa6cwoD8ZroSfjGFA:beKrJJuf86AYcwoaoSbr

Score
8/10
executionpersistenceupx

Malware Config

Signatures

  • Boot or Logon Autostart Execution: Active Setup 2 TTPs 1 IoCs

    Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    persistence
  • Deletes itself 1 IoCs
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • AutoIT Executable 1 IoCs

    AutoIT scripts compiled to PE executables.

  • Drops file in Program Files directory 2 IoCs
  • Command and Scripting Interpreter: JavaScript 1 TTPs
    execution
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Modifies registry class 26 IoCs
  • Runs ping.exe 1 TTPs 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 13 IoCs
  • Suspicious use of FindShellTrayWindow 45 IoCs
  • Suspicious use of SendNotifyMessage 20 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Users\Admin\AppData\Local\Temp\4b8605483e64ded7c0439de8aa0bde7f_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\4b8605483e64ded7c0439de8aa0bde7f_JaffaCakes118.exe"
    1⤵
    • Drops file in Program Files directory
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:1928
    • C:\Windows\SysWOW64\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Program Files\WinRAR\winrar.jse"
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2404
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://www.go2000.com/?g8
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2760
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2760 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2636
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c ping -n 4 127.1>nul &del /q "C:\Users\Admin\AppData\Local\Temp\4b8605483e64ded7c0439de8aa0bde7f_JaffaCakes118.exe"
      2⤵
      • Deletes itself
      • Suspicious use of WriteProcessMemory
      PID:2628
      • C:\Windows\SysWOW64\PING.EXE
        ping -n 4 127.1
        3⤵
        • Runs ping.exe
        PID:2624
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:1812

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Program Files\WinRAR\winrar.jse
          Filesize

          11KB

          MD5

          9208c38b58c7c7114f3149591580b980

          SHA1

          8154bdee622a386894636b7db046744724c3fc2b

          SHA256

          cb1b908e509020904b05dc6e4ec17d877d394eb60f6ec0d993ceba5839913a0c

          SHA512

          a421c6afa6d25185ec52a8218bddf84537407fd2f6cabe38c1be814d97920cfff693a48b4f48eb30c98437cbbb8ad30ccd28c3b4b7c24379ef36ac361ddfdbf1

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          e0f5a1b3a931f98466cd2e8b784fc202

          SHA1

          e6efe51dc170b118ed7bc940132372f6a3e5e2b1

          SHA256

          893a998d2ed30d36835bef57300c9b224ba83f3639e46378f22ad5d9cc712414

          SHA512

          07090cfb1d5c9a9e40abe472ef8185292d1355dbaaf38c679c9379d6f944ff420e27e9ec849ff1ca7687c4efbb9a86ca893150cddf3520b55b611ac5c6ad7d57

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          0122b9fb8c60334d0b803cebe1926236

          SHA1

          4809af9f3551eaa91ec402be496de678dbdb4ff8

          SHA256

          662c8ebad46dcfc5a8f1be3e684cc761315f2276b9273386c51e974ba0950d08

          SHA512

          508f051599cf9e0887e52978a161b7be75822750d460b990cab4434a0212db9ecda49b87389f703f6f8caab5a0910a9641a9cd2bdf07bc0cf95515d0710e45e1

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          4756f1cb890792732115e57e7a9e06cf

          SHA1

          09c0e11142023cef7edc0f95387c98be1eb999a4

          SHA256

          4dfe2251c96e19ce0be42966bb9be5f411ec281201db4eb7625ab47d842e2fdb

          SHA512

          6fd41cb78bafa95c6792fe7348a10d72effacf67ff75ba7003d85a850878ddb138c48e39c92c8eac4a557822403e236fde901ee6eaa69bd0650ec6d9785f56e9

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          4dd9ed36b9b8023597b6ca6b825f07ae

          SHA1

          70d7d84a3ca710698e17d0fcdd64b5eead37e199

          SHA256

          cb8a46f929e6bd2d1d90a2fe279281670a8acf4f9d983f247123baf74f39236a

          SHA512

          1219743c6ed5da614dbfcbfaabc21b2ea6d175203644a3b5688b92497d269fc94e1797ad288906ee08d7127aff7b4340e464eef26b7d7897dd05916c689139aa

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          6a65c9a9146da1803d9c607b0026ad2c

          SHA1

          a112c86f4d35edeb7c19e047162ec92832f72511

          SHA256

          1f0f06676b83dd61e500bde28a980e77dd01d87d96fe1eda708eb40802875733

          SHA512

          c3d455fc0f10f5a21b14987d2185e3b265a7497cd8d9375b0f1c5c4d4459d1687aeaa0c8c5ff8780b420f37b216547d3d7f326dc5784333fcfc1bdd7cbe2ef27

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          b5a4ae66cca34f628eb7d974591665fe

          SHA1

          faa25ccf4fe6f6fc8f25174f4b457b5f7c7285d5

          SHA256

          cf146cec1c611a25e0c05188f2174cfe2e7283fee0600df3657f706c2c32160d

          SHA512

          b17f6bf3e30d062f29fbebb08ff1ce47bfc5c601fc383f74e7cdd4448aec161baf706f5c2fe73ee91ca33910d4a38633f3cf363d5b32ffa0fa000621b5fb73fd

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          6ee968cc58dc442da8b051f91e31cafe

          SHA1

          5573d8b41b9b2d38674ace24ab75488b1f4c86e2

          SHA256

          70bfe6a3fdc47ec5708e4f96aaf70f90363d19fb9fe2d479fa3bc2271be111d4

          SHA512

          b6fc1796a825970e6ac3f13c33b443454c064ea6bd209bcf3d3bf81d4fc9ad051c1656ba417b79371301cafbb0c6f56bcc5e49eaeb001d5b1c86656fdda999c6

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          04025ba656013078d39025c19eb75a94

          SHA1

          834e2e000e363b5fcad40f3ad533a96a1add2758

          SHA256

          d34d56e8a19fd65dc78d29fadf3f9dab5dd4df6427bf64e50bccb806ec00df97

          SHA512

          7988f8aad8744847d49ad9929799e6197a03fc06769bb0de0feb7b5823935da801a7dbe67abd78b4524dc25fd9b12641b0157e6b7e8abf1fcd41a0cd02a7dcc0

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          92407844075a5d770c18381492eb76cb

          SHA1

          d979e20c9d01eb753688d8314d97bb5676eff54d

          SHA256

          b109f22b6825f131e3d6326f6858a5f0e0bf26f9b42910f0db82ba6b705aafa1

          SHA512

          13b0332689d725ef26691b60a9a59aeb5f9a4c6767ba3096f3ca0f1a7586eaeb7303b172120ac2328b611edcc5e3d8027e42b2408b86e90ea861c619f32067e6

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          caeae4dccaef584f5929e4f64f2c97c1

          SHA1

          a90af738cbb771715542fdba3e749638cd35e054

          SHA256

          514f211305c0c1935d0fa059cd87cf795d30572c320e0539fc3d1d35adf8f587

          SHA512

          b3526a0188eb0cb39e6940b054d9eac39475445017adb430e28c7660d3c9758d17a3f8e96d99cf6f2ad69610a00add30616cc82d698d9ed1bcbfbe55bff7a0fa

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          fb5d7f909e0558ab18078c7e06fd69c8

          SHA1

          1640e31a2e630766ba377eccdc8a761167c3ef80

          SHA256

          2603ce4d4e77b6421377171bf677612ae5249b3f2dc65811bb216e18726f6231

          SHA512

          64cebde973d29bfea78c74d2c9d9a215d15b0fe13da896ba3e898ea04f7de4842c0cc6e4f04f26ad23c1aae0db35a56546ac52f25e5c13d34f7bd4677a7917b0

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          9f59655595ac8506738753b49e0fcb58

          SHA1

          13039dcf95d06504d5d1135ecbf9e0a675b7c3a2

          SHA256

          677887324ed845149f21cd21062b7a56086794b4e0573fd1d2067044ad0a3715

          SHA512

          87ddd0e27d99d84593292e332270e531dc82e525237cc0d1470748b72af0999eedd77fbef620805918b5d0a91f66ed5d475cd910fa86c36f14e64acab29d5697

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          0645495c286e918cc831075adce0e7a1

          SHA1

          620f81fbaf2d683127b49a9752d59313ffdbd1e1

          SHA256

          dac2ac8980ebcf3e8eff2685c2287e021f40c465f848f3e8867e025e2fdbaad8

          SHA512

          eadad166ec6957c023b5216c014d156f2a8308ee8af0602cff43722f453b8019088a88ff1d351fa2ec6709b8c71e9c31f2dc1b80f7366ab7f6ea7e96e72483cd

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          3a928d55b3cc84412498c4bb23fed00d

          SHA1

          0468a90bd83cb0e6da7ec9cdeaafe9b54a5886db

          SHA256

          79f3fad68873f5d8e12053bd5479ceca9589e2b2b8440a84b8a64383628adf32

          SHA512

          dc2ec3a0cd9e84493a965e537ca99d7f431854401eb7d6e3a97c85a3dba6557f56b02667b6dbefe284b9e7b693aa5575e37bea109ccea23956f68eb12d3b5d7b

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          c36c620bc225e9c7ffde46b31b446170

          SHA1

          a3557aeef7ecb61987666e18c97817069687f02d

          SHA256

          339a85d05d697a143d40f82e20a2f92d9880ff2c803be65400a504bf7e2535cf

          SHA512

          ea65f84f83499b02ba96906c73e1ec52bdc56ed6f1717e6511b249703995e3c4db5b73e85c2e1d5219d54c0cfdd44a4f06ec7a47d26a3029c9e3d2da4a755b5d

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          e68109c7d0dd49f15de5082e307954f3

          SHA1

          3f87fe8b0efb114467fd67bdfd3d51236a1585aa

          SHA256

          8347b0696ec712ef481743e83af928e593823b4b99e584570748a3c5b19f3994

          SHA512

          a1ee5af9fded5fe717ecee39423e9c53474396ab871c572c011726c421a32c588b573847d2e9845e33f08952dd4a00aad3eaaca09903ab86602677149a2d0ced

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          7a71ad9d7163617b52244e72189a3ea8

          SHA1

          891bf30a2d53af8e5d78f8251799e5746acd6d1a

          SHA256

          dbdba6fb2ea6d1dbde962001fc3d6cd80122e8514bc0218c0127cad6e76d66f0

          SHA512

          436adba6ae8f418973c95138824b9ea6faf48ac5c0d6666badd068f448491d209c9d91164013dd2b85950a66c45920f36b1fe338d6185c04570511fdf184e2e1

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          b84ba5ac4bff316007518960d9ea9446

          SHA1

          d065d8eb69c62f3af13ec9349258f30bb49c5762

          SHA256

          7ddec525cc6f84961398e755415dd6ab00448d5ded1cdad75312634fd0a7c46c

          SHA512

          46d54cf21c7ab15024eadf368e2d7c647a5b0bcc8915f6d26f757a12df55994d4849da4b136bb922affb0d531479de31b3ee1ee4c03b6e50041ebcdcd0862cb0

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          9db669a98000e2a98b0766dd522b1e05

          SHA1

          3dd2459ea8d1580bfad392985ef00d2cc10fba38

          SHA256

          cb3ac9b97357e9e297d5d7f5638de4d6f3f0afb646c651338eac6b22bb8fc0c4

          SHA512

          7ddb8b1be341cb137dd928fd1cb2d863c74c51a83394283744a72fbce8e1c15b46466982a4456d34b31c3f2676d7712d4521c602e9915d1d5b1668d60ac40c1f

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          86f6cad870495de67ae48f130ddc1c70

          SHA1

          b8c1e7a66acf11860cb5799653ae4ed0c9ec939b

          SHA256

          9c49d34cf56a90dfcee55b77201d9cbbaf6afbe40dcad5a4946af8903d303cba

          SHA512

          d0f80f8b9d920fd1a2eddbd31cd8f704fda9a9891a5c4b96b3279b00626ce42cac507c78de1124d447ed56f09e97c4829b9edb257c2931ee538d50c74d83a602

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          0cc78170290c95664c772f965db861c2

          SHA1

          f7f3f39f3d5a142c346e4cff15ed2cc9461b0120

          SHA256

          9501286484515956db0526f840feddbd07eddae88537f568e8c65e8d7c7c649e

          SHA512

          4ace3e7b860ab85cc8b3cd3143c3eb1459f52121ef552b54ae61b24455af401931b2237706ecbe571bd1842a283ecb1ff8ed9e89b795e0e5f263f4084bd73006

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          4142baa0cb81cd631718324bf08285a0

          SHA1

          d242d34f80b57182975ca7ff588c2ac314c622b9

          SHA256

          daecba406e47af94fd2ace1f92283c553d6bd29e9a39b07231d3ce23c2f6ebb4

          SHA512

          308de2250c75890cb40ce013c1279ef4260662d1a6e4efd022676199d5f681b5bd9bc397c1a1ba5304e255a6f039c261ce919a3c88a23d6b86dfb67c1dbbcbd3

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\CabCA43.tmp
          Filesize

          70KB

          MD5

          49aebf8cbd62d92ac215b2923fb1b9f5

          SHA1

          1723be06719828dda65ad804298d0431f6aff976

          SHA256

          b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

          SHA512

          bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\TarCA66.tmp
          Filesize

          181KB

          MD5

          4ea6026cf93ec6338144661bf1202cd1

          SHA1

          a1dec9044f750ad887935a01430bf49322fbdcb7

          SHA256

          8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

          SHA512

          6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

          Download Submit

        • C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Internet Explorer.mmc
          Filesize

          255B

          MD5

          a0c4d2f989198272c1e2593e65c9c6cb

          SHA1

          0fa5cf2c05483bb89b611e0de9db674e9d53389c

          SHA256

          f3170aeec265cc49ff0f5dcb7ed7897371b0f7d1321f823f53b9b0e3a30e1d23

          SHA512

          209798b5b153283bea29974c1433fe8b6c14f2a54e57237d021ecc1013b8dc6931dedcc2fe173d121c719901045fdf2215177ba164c05d703f2e88a196252ec4

          Download Submit

        • C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.mmc
          Filesize

          149B

          MD5

          b0ad7e59754e8d953129437b08846b5f

          SHA1

          9ed0ae9bc497b3aa65aed2130d068c4c1c70d87a

          SHA256

          cf80455e97e3fede569ea275fa701c0f185eeba64f695286647afe56d29e2c37

          SHA512

          53e6ce64ad4e9f5696de92a32f65d06dbd459fd12256481706d7e6d677a14c15238e5351f97d2eb7bfb129a0d39f2603c4d14305a86821ed56e9face0bc252b6

          Download Submit

        • memory/1812-1092-0x0000000002AB0000-0x0000000002AC0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/1928-0-0x0000000000400000-0x00000000004B1000-memory.dmp

          Filesize

          708KB

          Download

        • memory/1928-36-0x0000000000400000-0x00000000004B1000-memory.dmp

          Filesize

          708KB

          Download