Overview

overview

7

Static

static

7

4b88832c30...18.exe

windows7-x64

7

4b88832c30...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    140s
  • max time network
    150s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    15-07-2024 21:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4b88832c30187fd440791a15d03c337e_JaffaCakes118.exe

  • Size

    191KB

  • MD5

    4b88832c30187fd440791a15d03c337e

  • SHA1

    f3e28cf9237f88dbd05cbd5ba9f831f470520d57

  • SHA256

    2773da24d2015cecba58a788deebacbc4fb1fbe680ff494f0e3b3b9cf179b719

  • SHA512

    9ce9db07b2154e9bb3970c8f7bffd6e2f5f4eb2de7f304916e5c5e379abc0c11399d120cb7fc4d9781383d0a74641f6008a88df7748999f8910dc0fbc84e675d

  • SSDEEP

    3072:FdTejYQcRkBtZy/kqtcGxekIQ8bqJLSjDexH0THKLW15Y5dyO5SDLm9qJV8Vd1vL:PWfUkBPyrtBxgQTMK0TKpxS3H8j0bG

Score
7/10
evasiontrojanupx

Malware Config

Signatures

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 35 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 9 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4b88832c30187fd440791a15d03c337e_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\4b88832c30187fd440791a15d03c337e_JaffaCakes118.exe"
    1⤵
    • Checks whether UAC is enabled
    • Modifies Internet Explorer settings
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2280
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.gamecentersolution.com/downloadgame.aspx?CID=21157&AID=477
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2532
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2532 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2564

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1608a3b515ee1b7861917fd7cb01cc0d

    SHA1

    c75c688da72ea85d07299f5fea53c194aa41ca15

    SHA256

    24572c358effd138bb5ad2589f8e1722270a60a4cece23bd8e7bbc550570a857

    SHA512

    d64e79b11a311957eb7943f07a8755bfeb1dfb36214d6d581bf2f50437d203f61ad7c9df1e4f5eab4ed36e28d2aa1e523115f39f83d3873f69e4dbb1d96d0de9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6d655dff999e6a1a7a36e78e9f714765

    SHA1

    767dd203c7fdc13ce9cf4573d147a255014d8a8c

    SHA256

    6ca8997857eb10ad087fa655a679f6681a314eb7a27d449191b834b884fdfc50

    SHA512

    88b88ac2617f59b5ab11c36ce01e9493bfe42ef3cdf54f9d065ca1fbb82eda31e47c6b52d053490906ceadb7159a5b846d6fcb87f5c4fc3cdf3211fd52b7caa0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a53fca8d5304ebba6a6f5d2863f5ce92

    SHA1

    2fe7f0fecc088ce7b98ca414ce150218ba0aff98

    SHA256

    ed4050dbd76525274682727a4f4866055b6c46900bac1a416a6a8fb440adc29e

    SHA512

    9af71f66a99f28101162f9bccc713bab4384813af08120add920111092e6f93e95c61e757eeb9bef3956d32298b316644daa7486f639ae3e1077c805e830010f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0cc622470d238b98aaa42b5798bdd6d7

    SHA1

    9928f4e11d6169f1d79e1c37ba3c162b82050d35

    SHA256

    62d7f609b6b81d5f298e07308fb6fb9980f163a91dd7bd3b68bd334a6693d93a

    SHA512

    5ef7d611d7bb6e4767b243f955250bcf1dec318821e9571a87dfd808032d264783ff8894a6e273677462a9ae0c1a1cf1b1adaff93e2769d88e24d219194da472

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0cf510b7bd036e357c2a6149391003a2

    SHA1

    9f1841bc606bd19235a9e9bfb27e4513034218bf

    SHA256

    fe7119823331b54ca1cf9ade5662d06e859be8606fe526fb94640b72d78c7407

    SHA512

    430c3253b6d302ce317bfdf37a3484d7b9eead4c709c061bfc1d6babb983db3d248ecf950fa0250930eb3d855ad4eef133b91913013ad6df7582dced1d02ddd8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e0510d7faca02609c6457f61664d4826

    SHA1

    1804e1044f766342b65c9a317b8c78b09ce23a58

    SHA256

    395d3dc2061f510676f5a00fba975b243db7cdec46995489e919ffd87c16644a

    SHA512

    37ee58b8235a578ed8ada145df763d6b5c10f72962bd706ba6e6519640c21211cf434136a4900e9c60c8393367743d4b39b72ad91c4943a1535447c9a9c377ba

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5940a116066b099cd8ada24be1855b11

    SHA1

    91f63b3e3b244d8c831fb7dd1796d1a5d7358d90

    SHA256

    e2241cc120985910be673ea1d27b8685fe95657868f2896c21b92389af8be1fa

    SHA512

    dd67ae37e0c5e429e538fbf94075521a15d1e56b617cf387cc25012404eb3be5f62f9bda44b12063628e046662366074252037ceb5bf912e3e04f9126993b434

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    affb091e48eb242f0cd8f8da555c7c86

    SHA1

    11ad6e02a1e2e8c56bce89e8be546f244cc88818

    SHA256

    802b7af48c75c6ff597b97fffde1fbb5f371dbdb265cfed033f9fdd995f7317e

    SHA512

    015779a457941d06d9a6db6f1ac499544bc65e858681a0b0c976d69c6f8efc3971f2612bcf27d06ee7ccbdb4668cb5f887e0fa14b290e238f1171050e2ed333e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    551aa5980ac446ff42325afdb8a4bda1

    SHA1

    740f43c4c53a6c4972da32994ec0561b838fc8f1

    SHA256

    cd58d9af4a8a81f7f2cbaf1ce9a38009fcfd04b0538003355a6e0b9ff78a8822

    SHA512

    fbadd7a9e7c29ebf895bce49ece0c8f21066cc77cc3f0daad225cae0a52a0fd3d970cce2177176f8d399c79d81c55f414311490670c6e695c1fcb60e7045030e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7494ea5c949882399b8a269103c21d71

    SHA1

    d0c088f312a8fa92ae678806f9c14e737d0903a3

    SHA256

    b48f551648fa0f9f41b92c89e252c8d90fc512fca44808abade6eca66836b000

    SHA512

    0875f533a9511027021beab34433e70cb31b49684935af7d138f61eddc7654a1414f4f629b1e4a3573e6723039bcff5cc94e0c2f56a7bca3b44c767fa891b221

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    98afcbdfe07ec90d163e2e61f80ae6ec

    SHA1

    14762f8c0f799804438cd93a8062fb77817187f2

    SHA256

    f221921fa99a034847dd8bccb14ebd0b872199f9eac70d31b445fd54947f8fad

    SHA512

    b5faa644c35f08b78ce5c7fb4e14688e83ecb538f14debe6a0728e6835edbe466329c9da5b57d150f8461fd186179ed27e2410fbe391de7c88b2078821df99ce

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c2bf17a5f80957563e1267facb027603

    SHA1

    2667aff53c1b4f6b1dda1b561bd0f412509b0afc

    SHA256

    6bb325486847a66f92108ba49ce0ea4913cab93060d3667c4fbea531fe3741ea

    SHA512

    73138f1308adcdd05efa88e08dc94563c204a8ccacfee2f0f79034c898e8f43b575de5aeb7c717b032da8a13554b594da001cada053e17723e454a77b79644d4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    99fbee765367f833c2570013bc27bbfe

    SHA1

    c8556f8edb9a97fedbe7c06607eeb752894c7b77

    SHA256

    c84f8efced8b76bd4a2dd286a46329cebc7dd642e4a21f2309252191056b0b95

    SHA512

    1b266d0db9f6d768e3b6908d0f9a0559ff58f927c162bc9e7691e337213c57870a21b94107485863daa451c1715192e5d58cfd6c3df156275fc1d6f09d299ab0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7dfaa512a65c022efa2ff0b69e92387b

    SHA1

    287cf30434140324323a58760d3fe6516f05d056

    SHA256

    529fa13f5ff29793f27c84bd83bfe954c95ced8b83ad4c82b08ae81dc144c080

    SHA512

    dd33c622bd447b99034343069448f873e7f17ee2c615dcfff03533d9aedce4f1a2808bd632322f150a64a1531ab5e57ac8ba66231b91cdc86e1c389ab3f57881

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f639ace1708e1e8f6da2b614501ce2db

    SHA1

    f203d8a15ede2f20f593d802ceff5a9a03842ef7

    SHA256

    86899c68491e6095331642d7f8c51a25a6ddd1e02f73dbe653f6df8cf7011b3c

    SHA512

    82b665fec531a1ff74a716870f097b683574348fc7dd68b96acc1923cdc1f0b0634200bf7ff62fd73790c84c7c6c399e73614d3c7adbeb60d041892902f78c2b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6631b71cf64fae558a27f664723320f4

    SHA1

    f3a5e0d97043472563f19cdf7db8731ac3a1ff02

    SHA256

    40753d9ae3dfa4d1f727f969982daf3b6bb3849fbbc8bcec5622f36e0ff1c242

    SHA512

    419322ac10df79372844e00ba73bac0352efe3b0d96d64a5adc4e77b6b3c8493be8289db5d3c8434b7da442bdef890270f319c27c0675fef6b7b56098b757854

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabD6A.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\FG.url
    Filesize

    192B

    MD5

    0fcf82b5a915470e8a79d3516f582a36

    SHA1

    75f81b41607905b231521243129aff3554a58db0

    SHA256

    076264d4f165cef82f0cb07f6795f1d5ffa74741a943fca42cdeac65823bcae4

    SHA512

    adf69ec56756fe672677b039cb44bb13fc3adfac569f5ea4eda4e7b35de5ebe0229c5825ca8337aa2c623a773bdf775ddd3689e9fae03a7af1f694576d954293

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarDDC.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/2280-0-0x0000000000400000-0x000000000056B000-memory.dmp

    Filesize

    1.4MB

    Download

  • memory/2280-24-0x0000000000400000-0x000000000056B000-memory.dmp

    Filesize

    1.4MB

    Download

  • memory/2280-25-0x0000000000400000-0x000000000056B000-memory.dmp

    Filesize

    1.4MB

    Download

  • memory/2280-26-0x0000000000400000-0x000000000056B000-memory.dmp

    Filesize

    1.4MB

    Download