Overview

overview

5

Static

static

3

74f57f1719...18.exe

windows7-x64

5

74f57f1719...18.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    150s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26/07/2024, 17:08

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    74f57f1719319688fca1b279cf476303_JaffaCakes118.exe

  • Size

    44KB

  • MD5

    74f57f1719319688fca1b279cf476303

  • SHA1

    c7b13d772485eedfa24817f76990bf0061b9fd67

  • SHA256

    ab646c87fa597f65e62a7f12a83404a1cf52f1572500b086483f17834422c679

  • SHA512

    886c4bb25cae6a79e731e40d74c7cd83e9f335186d8e810a6f5e6d8c86b66a6856c52109748cb7fda68e7d78664e8406705561bbf64a550898c6fd4f49e8af0d

  • SSDEEP

    384:v2B+s+jBrc4R9hkffmjGLQeMrW6dnjRv/egNTvKQamlmi:v2B+fFrfbhk2jGUrrdnjt2KTvjazi

Score
5/10
discovery

Malware Config

Signatures

  • Suspicious use of SetThreadContext 1 IoCs
  • Program crash 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 38 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 14 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\74f57f1719319688fca1b279cf476303_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\74f57f1719319688fca1b279cf476303_JaffaCakes118.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:5028
    • C:\Users\Admin\AppData\Local\Temp\74f57f1719319688fca1b279cf476303_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\74f57f1719319688fca1b279cf476303_JaffaCakes118.exe"
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:4656
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://www.leileikuai.cn/welcome.php?k=t%2FK9qMCtzqrG67buxuvF1Mbrt%2FK38sbrwK3awLfyxdTA1sCtwK3Iy7fyv%2BzArbbuxuu27sbrv%2BzG67fyxuvH672owNa9qMCtvajA1r2owK29qMCtxuvL48bry%2BPG68vjxuvG68bry%2BPG68Ctvai9qMbrwNbG67CivaiwosbrwNa9qL%2Fsxuu%2F7L2oxuvG672oxuuwosbrv%2BzG672ovajG68brvajA1sCtwK3G67fyxuvG67buwK3H67fyvai38r2ot%2FLL48bryMvA1rfFwNa3xcCtt%2FLArbfFwNbOqsCttu7ArcXUwK3G67fywNbArbfFt%2FLG68Ctt8XArcCtt%2FK9qMDWzqrArcbrwK23xcCttu7A1rfFwK3Arbfyt%2FLArcirwK3F1MCtzqrArdrAwNa3xbfyy%2BPA1rfFxuu3xb2oyKvArcXUwK3OqsCt2sC9qMXUwK29qMbrtu7G68DWxuuwosbrsKLG67%2Fsxuu9qMbrv%2BzA1sCtt%2FLG68CtvajG67but%2FK38rfysKLA1sCtt%2FLArcCtsKK38sDWxuu27rCit8XArcXUwK2wosbrxdTA1sCtwK3F1Lfyy%2BPG67buxuvL48DWwK238sbrwK23xcCtwK238r2oxuu27g%3D%3D
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:4064
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4064 CREDAT:17410 /prefetch:2
          4⤵
          • System Location Discovery: System Language Discovery
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:3408
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://www.go2000.com/?3
        3⤵
        • Modifies Internet Explorer settings
        PID:3180
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 4656 -s 404
        3⤵
        • Program crash
        PID:4824
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 4656 -s 440
        3⤵
        • Program crash
        PID:2984
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 4656 -ip 4656
    1⤵
      PID:2800
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 4656 -ip 4656
      1⤵
        PID:4596

      Network

            MITRE ATT&CK Enterprise v15

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
              Filesize

              471B

              MD5

              3657335e6a16bf2e31605028126baadb

              SHA1

              e5d5a1fb18511ebcb49494570a94b92527540114

              SHA256

              433b51bbdd8a72ef859d9e4bc11030dd61b20e78db25fda3780d5ae8fe706548

              SHA512

              29b6d77cb3850711312b6578dc8f647018c1e7ea7ff1a375f55563dd69395d03a960d11e6a83d77c0a93695440fb1c3522cfbd4c957e6e06c82c9e8650785848

              Download Submit

            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
              Filesize

              404B

              MD5

              850f058e5f3d38685e9d110370d93970

              SHA1

              41d89f6923b8358421b3d69909792040bced2337

              SHA256

              4ed24598c1b80e22ac6c4d83de5ab10de20c30764f57fa83afce67ec644c41d8

              SHA512

              cf0a098f5588286480983169ed7f0e22f99af9f4e57dfc2222bad0f6685b4c027e42a4e467ebbc053a969a25e32038f70694b6cddfea65899b936a390fd25bfa

              Download Submit

            • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\AF6HG05X\suggestions[1].en-US
              Filesize

              17KB

              MD5

              5a34cb996293fde2cb7a4ac89587393a

              SHA1

              3c96c993500690d1a77873cd62bc639b3a10653f

              SHA256

              c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

              SHA512

              e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

              Download Submit

            • memory/4656-0-0x0000000000400000-0x0000000000406000-memory.dmp

              Filesize

              24KB

              Download

            • memory/4656-2-0x0000000000400000-0x0000000000406000-memory.dmp

              Filesize

              24KB

              Download

            • memory/4656-3-0x0000000000400000-0x0000000000406000-memory.dmp

              Filesize

              24KB

              Download