Overview

overview

7

Static

static

7

49ec8e4f3b...18.exe

windows7-x64

7

49ec8e4f3b...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    122s
  • max time network
    136s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    15-07-2024 13:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    49ec8e4f3bb0633154c0b928b0d425cb_JaffaCakes118.exe

  • Size

    21KB

  • MD5

    49ec8e4f3bb0633154c0b928b0d425cb

  • SHA1

    ac82800f2aa9289206bdb17cf0bb039d761d2a9a

  • SHA256

    483018f5b013a8b11fe3d69e4c2775887d65a511651f2bafab3c2ed5c9dd290f

  • SHA512

    1543c3de6af0fdd035b37c3db21b3705a99990cc4a53480362fc17436d63c4fd3168e155a7cf40d00294ca51f89c8e89e3c0529779da9c158584e040a1719a14

  • SSDEEP

    384:wIiV728hUQ7Y2P/cVEccDdye7kjlWLe7grPiA8jyrMPhTjanbBoZw/MKaNJawcub:wRGuY2P0Vo6r7SiAwyrMRjbikbnbcuyv

Score
7/10
upx

Malware Config

Signatures

  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\49ec8e4f3bb0633154c0b928b0d425cb_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\49ec8e4f3bb0633154c0b928b0d425cb_JaffaCakes118.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2120
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c ""C:\Users\Admin\AppData\Local\Temp\FDEE.tmp\xx.bat" "
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2968
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://www.apryncba.com.ar/inscripcion/forms/files/index1.php
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:3060
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3060 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2492

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6c236840eb061d232ce7e3eec3d1bec0

    SHA1

    a6dbd5165054de876baf8f95e293c4ac5e1b71a2

    SHA256

    e45e73d4bd1f38eb3e567d82f87fe4c65055f3bcdf6bd22250c8347131a93341

    SHA512

    431dae1241dc37fec2bebbd6682d13b3ca086422a702a1a402509aab51b427df32c9cf3d32061fd159f76bdd21778b1a6d9f577be97de6dc8531f8a773ede8f3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    794d3a85609bf88049d740f6b7dfa753

    SHA1

    b1ee1eedb54775d1c64f9f9bde6c2d270923c8e4

    SHA256

    5240ab0077a22ee34868e5c0ae1acdebcb160152c8da73edf79a94703bd2ab39

    SHA512

    c14626f788931faa14770996c4b5d99ba7cfad3cac4295055e1d97c1e335dac32d3aa298f320147f670f7367337bfb4aa9db21d4af75c06fc506d42130b3b597

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    26967091d834018cca021985732e1f77

    SHA1

    51cfc5e465c0942d01ad8030c14393a2b4a6c526

    SHA256

    58d5f06d77dd6b0a7aa4fb8753844ac5ddfaa86d8604d0a4bd4c2bb735dcbbf9

    SHA512

    d37a597c44e22c492c1ff40a21d1a5f2e1f81ab9c693726331a67d73c5019648e43cb75fab5ddef8841bc2b7096eaaa4680408d925c8bd896ab7cfba8e8cce6a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0e675523c67ae2cc0764e6e9caf01702

    SHA1

    5088a20f4ae4db13df2687064fb32a43301a82ed

    SHA256

    d6b2b07cd52fc65079185d9e4e6d880e2299fc483944cc367bfeb7b378d2511f

    SHA512

    cf8a5a8fcbd4d6d9870987d201bbcc89658c216332cd07d58feaa5dcd4cff09f3586ccc9556b4fa09ccaef2bc2f06cb4e826653f50fabf9d2cb8d8edad63b933

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fa6c468beadda70cc9ff95ddd577d975

    SHA1

    f8bf7c9c5dc63d5d816bc5e34992e6c626618617

    SHA256

    c5fc8017d68f8976d728413616859756b1927dfd8d13c9e4755cb9c373362f70

    SHA512

    085d95e4e015e8a963221a8980ad7de86d18816285d9baf883306c2539c42160bd00ca609ab473db56213792f4b55ef52c41bcce3ecabdb723cf243915d24dcf

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0efae3adb4c2b2b07da9fd2d6eaa5791

    SHA1

    e0d7e98b72f5bc8fcb218290aaaa8b4cd1f4ba83

    SHA256

    f5589163e8541118282272c6850cc6ab33b3cd27cf6d8a102b33eff3751dfea3

    SHA512

    f6d7b34d871f414a1e2105f6657a524a12c6f82d00616df2ab5893f8d33991e365b2dc73dbffcb6f2f6f486b46537a25fe742724e435e90597e5b4811ac1bd60

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    542033be73e6dcabd59344dbd6e3d9cb

    SHA1

    b27e1d507c308735b3c6b221f44e71c9f41cfe26

    SHA256

    4e2f88f4fe2363d0a2321c83f6a3bae5d3d1bee650bfacde5f0f97ac6d356181

    SHA512

    a377e25ad488b7014f747827d80ddd066943591da586922f910764c620c6107a12d31be5223889b2cec8b54e0e23cbc34207b170284aacbbc7764c0b541632ae

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    65709361b70205133c2aaf962fe52178

    SHA1

    f4020a06c142fceb26fa08f4d93af3d01e61f590

    SHA256

    63683711e71e227fe6bbc41ff48964961335ffd459e6fc0e6f7dfab82782e3c3

    SHA512

    de31c81e9f6b07be37044f71009e7b73cbf9fc1c1ca8a53cdf44a6dd94040610627086dd4d84295a59481beafbd7f677d6237b82913eab3343d71c234f2aa0c8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    dd6e56df60fc572fc5229caad2a9e6c4

    SHA1

    6ce548ccf4d26e412e32c10e643f7c3405c7c375

    SHA256

    9d49eceb2342eaf504d4d154f28f5c572f0636359c8f7fb43e250729edeb0205

    SHA512

    41d53b05a10cd39339419dbf911411195190d4d1f714445ae58ed341a4937f3261a16cc625feaab888ce8e39bcd218b3efbde166728e5be4e3b91c86fa69686d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f09f912be95bce8e6d0b4cf41d2cfd58

    SHA1

    8df9732e318861caf86716b4b26bedabb8b01962

    SHA256

    299dd71cc300ee71bc97a2ebdad93a0956cfa0511375fea1215511cf3566c3f3

    SHA512

    5b81e0dc8602d80a773be3d88a6dd2562d9c36195f01d21bbf4b4785a53e932ec67f812fa2432f0b0fa98c1a605452b223f1bf5d884526ef4b4295c74ab565f0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2e446fa82db0ca407657bf896c538dbe

    SHA1

    e4530c2c9b3b6db10722db1f63b41a82630ab6b3

    SHA256

    d01db30dcb0d9ab2fe89730ac35af29baeb60d6cdefadcb7a046e55ce3c392a9

    SHA512

    caa6ba0e74b2eb26ecfbcc6400eb2a293c25bb4b7908fb99c51f31eee24f98da34281872ccd26e050656ae0e356a6cf7d7513ecb76d86a9f2f2d69e20c576380

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    84cf22e104351fa554f978daa1767454

    SHA1

    3bdaa3d3fff879fff3a9668afb956c148c57bdf6

    SHA256

    c18f965c6dc8eec41f24b53593d787d9dd1ffc0e0a0157dd8a73363002bf44bb

    SHA512

    b936eb5b0a9bab12189407caef1e3d508ffe1dfbb25c27cc5ca107242867174049df467afd899d2a1aeeb82d4d78e99585801719ad4a27ed66e9801c5a97a69b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ee7143620947277eba9bc814f7e91e2b

    SHA1

    6b8d652e2864fcc642225cc3e291b4e1d4a3766a

    SHA256

    8bca6d8994025ae21c1c63367301bbc288e1e9527cc06cab9aed0dfe97fd6730

    SHA512

    d557763849dd90acc4b285b14f0b06cbfceac322b46f598d1eee3a1b41b0ba378cc163cbaf2cba488f828f1879e9482b1787d164e3e50698941e55c3b8fe9cce

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5fb3da7749180c7bb633541983816f42

    SHA1

    d50d6bc2e8759bdde37d20e7fd3e014673c71ffc

    SHA256

    29558a93aabfb9bb6dc6374d9f34978acf4325bb96daf190482a1969fbd405e6

    SHA512

    b85c2adbd81cae979b964eb5cff6eb65643f03e24651691e1401a8667a5cb653b2a57e3568dea5f030efff2f98cd4947148a0630b7233b05b3f234ac212fbe04

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab2379.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\FDEE.tmp\xx.bat
    Filesize

    84B

    MD5

    ee7a0ff04ecd476a505b74fdc0f303b0

    SHA1

    1c51a3912f9c66c5646277fb3a3c23622f66b620

    SHA256

    d2a55c1e5044d850d0f3ee72924dc52ee08f3a8e3ad1a36a112614a7bee89d93

    SHA512

    5ce714584d22b46d933d5193bc2b3bdd7bc4fa18591f8c81b30d0102bf7db89acb98135a83aa924090a074d1bb7df24dc45efac18a3d1d43038d1e42229d97c7

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar243B.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/2120-40-0x0000000000400000-0x0000000000410000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2120-0-0x0000000000400000-0x0000000000410000-memory.dmp

    Filesize

    64KB

    Download