Overview

overview

7

Static

static

3

71660031ef...18.exe

windows7-x64

6

71660031ef...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    141s
  • max time network
    127s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/07/2024, 21:56

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    71660031ef52ec1fcf9a4b46b9b18230_JaffaCakes118.exe

  • Size

    84KB

  • MD5

    71660031ef52ec1fcf9a4b46b9b18230

  • SHA1

    2d28f900f4c7591cdb73bac2479d46e7771fc5cc

  • SHA256

    179597c370878709efab57940a1b2a6468660133129295157e985eaa93cf31f4

  • SHA512

    17d7ccf18bd0dd1e4111aa7444f5d361333ad7167636c72618a45b0c109824284ec94c133db38abc5a619736ac07cbe52bd0a95a931402b6e5ab15a408f6054e

  • SSDEEP

    1536:pDG2tbE9F8nvQEP0CtPhn7v5M36L5mahBYvqKaqR:92DvIny36Lzai/qR

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Suspicious use of SetThreadContext 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 49 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 19 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\71660031ef52ec1fcf9a4b46b9b18230_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\71660031ef52ec1fcf9a4b46b9b18230_JaffaCakes118.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:4388
    • C:\Users\Admin\AppData\Local\Temp\71660031ef52ec1fcf9a4b46b9b18230_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\71660031ef52ec1fcf9a4b46b9b18230_JaffaCakes118.exe"
      2⤵
      • Checks computer location settings
      • Adds Run key to start application
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:1212
      • C:\Program Files (x86)\Internet Explorer\iexplore.exe
        "C:\Program Files (x86)\Internet Explorer\iexplore.exe" blacksearch.net
        3⤵
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:4148
        • C:\Program Files\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files\Internet Explorer\IEXPLORE.EXE" blacksearch.net
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:4404
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4404 CREDAT:17410 /prefetch:2
            5⤵
            • System Location Discovery: System Language Discovery
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:4744
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4404 CREDAT:82948 /prefetch:2
            5⤵
            • System Location Discovery: System Language Discovery
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:4536

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
          Filesize

          1KB

          MD5

          334faef4f3363f41042484d1a5a5ac75

          SHA1

          d2598df71e53c6d90f438337701ae1a8327c274e

          SHA256

          b344a068372d1aa8729700b8e2f967aafaa4c4c28d80460b49b9881ffd6d44bb

          SHA512

          ea029a0e6ce83cf5066708dc47b9f3307a8f524b85bc78fe13d99c138de9417c596b7f707f7cb7288520f6ca1ac630ffddefeb0e0ea307448803302663528a2e

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
          Filesize

          471B

          MD5

          021bab2a16417342ed4183f51717f05b

          SHA1

          8f443ca424429a32784da4dd7db4417b55288b48

          SHA256

          f6a679f6b4dbee865d3441be7295caf63fd601a48c02ab1405fab4a9339c0a6e

          SHA512

          73ba5f70344bb2d9b50195eeb9f6ad9463d8827f9d48a0026323fb810421f2e5a6d1c9f626b0f5e8dd2c0e9783bf5f561b821e73b0f5f31f99423ee1b46543b4

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464
          Filesize

          724B

          MD5

          f0017039ebad1ed5e9e0238eb3b09b33

          SHA1

          2f1f313327f8cf4f967e3597f781c66ff5fc630f

          SHA256

          7887c0cef07ef0e9bbc57eceb04ccf21573f690bd5bfcc8e9564b3b8c44f0249

          SHA512

          438320327acfafa92bf207c304b30570441d1eb0b951a44780e90d5d5733b69fd149902f0278e45382f6a7c351e852649e51f8b6456cb5e5e956c1d04d1ce3b2

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
          Filesize

          410B

          MD5

          c60ba440fd8198560d0aa7df866e6010

          SHA1

          72d1c0851b59b45d1b7b3851e432e636fc7da4e2

          SHA256

          7e4469ba6f170ae27185a96b50b5b0909e9bdf7c03cbb052b844c47bdb195dff

          SHA512

          08dd42cea71319b44d0e3844be5a21d1965957781cde7b056b08c1b45f90aff1ff106e4e2a69cc4d51937a4f23883d9783dd39258c0779b8f5f1701840ecdc24

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
          Filesize

          404B

          MD5

          8e0338add32a5c64be9327bbc5c0769c

          SHA1

          d13a8b8cdb8cfe43f7782bdd406474cb187178c4

          SHA256

          1d526405fa4492739dcf7b62d7efd3e34f9f6652c5f1ffc454c0b8873444b7ca

          SHA512

          a934202117f6587ac06803fafe76ec5aad73b982b95ad35ee8ca40078e15fb1e267f18bd40f2e5558335c1d24a9270287b175ebbd3dfcd12e0c9f3982fb2384f

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464
          Filesize

          392B

          MD5

          1fc48c55c4ffc678f07434a96e591a7c

          SHA1

          bacce2b9bb8bbe894a98390a44d89bea04f14c17

          SHA256

          c816bd7dd6f7f673f5dc3497955973986db6fa8cc1cd806e8295ceb09f422f1e

          SHA512

          d8319f2a1fdb24a187798ce18b0ef357bdc21f84c74d6e9217c525e9f30f95e21f455863dd66f29ccda58eaf625d68c1ed4acb3db783f04e8391314aeeface4b

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\VersionManager\ver1F1C.tmp
          Filesize

          15KB

          MD5

          1a545d0052b581fbb2ab4c52133846bc

          SHA1

          62f3266a9b9925cd6d98658b92adec673cbe3dd3

          SHA256

          557472aeaebf4c1c800b9df14c190f66d62cbabb011300dbedde2dcddd27a6c1

          SHA512

          bd326d111589d87cd6d019378ec725ac9ac7ad4c36f22453941f7d52f90b747ede4783a83dfff6cae1b3bb46690ad49cffa77f2afda019b22863ac485b406e8d

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\cf5rogt\imagestore.dat
          Filesize

          2KB

          MD5

          7147393baa7fc7fa8a30b3fe48d6036d

          SHA1

          7236671e927683eab46781d31b8488065954a434

          SHA256

          7a4e5d2db70c175b155deb88c09b195e5754341327303cb343cb6dcd9fab1d1c

          SHA512

          4762c35dbce87fef590a1015a8375e7916ad21b342cf011bf56bc960c46d7f951c0b9656b58f6dda506ee56e06963c8c44070e7dabbc4f17f6b51fbaeca0482a

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\3WWFCFW4\favicon[1].ico
          Filesize

          2KB

          MD5

          112ad5f84433e5f46d607f73fb64bd60

          SHA1

          a8bf11f3f6099ca49d1cbf73c050eb7e6fbc68b4

          SHA256

          0f84307ad691800e391fccb42b4ba290a87febf001abedfbe03b34767d45e441

          SHA512

          a0fddec2cecc71aa2fe16eb01aa541051a5fd1b9f0feab18413007186826e81c2e582ec7f48f7242fa4142e7bb0105b29d1f11f1062f96d255f743050c97b65c

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\LO59P0R8\main[1].css
          Filesize

          7KB

          MD5

          ff26f59e28a5fe6ea4ab23586415696b

          SHA1

          4182675484d175e363cd34b43041b7b1af93d0cd

          SHA256

          d30b4ea6f68456672f5abb35e9dcf7d54226372b66e9d60a7ee26b7a52568e74

          SHA512

          92c58eef6d1f885806450acd2927c57ebea2e8762c98b0826192555674bd4478e42add192834285d5934c0a76db8eac5eee1a65dc34b6f69246fad6c91a5fba4

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\LO59P0R8\suggestions[1].en-US
          Filesize

          17KB

          MD5

          5a34cb996293fde2cb7a4ac89587393a

          SHA1

          3c96c993500690d1a77873cd62bc639b3a10653f

          SHA256

          c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

          SHA512

          e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

          Download Submit

        • memory/1212-26-0x0000000000400000-0x000000000040A000-memory.dmp

          Filesize

          40KB

          Download

        • memory/1212-1-0x0000000000400000-0x000000000040A000-memory.dmp

          Filesize

          40KB

          Download

        • memory/1212-41-0x0000000000400000-0x000000000040A000-memory.dmp

          Filesize

          40KB

          Download

        • memory/1212-4-0x0000000000400000-0x000000000040A000-memory.dmp

          Filesize

          40KB

          Download

        • memory/1212-24-0x0000000000400000-0x000000000040A000-memory.dmp

          Filesize

          40KB

          Download

        • memory/1212-5-0x0000000000400000-0x000000000040A000-memory.dmp

          Filesize

          40KB

          Download

        • memory/4388-0-0x0000000000400000-0x0000000000429000-memory.dmp

          Filesize

          164KB

          Download

        • memory/4388-3-0x0000000000400000-0x0000000000429000-memory.dmp

          Filesize

          164KB

          Download