Overview

overview

7

Static

static

3

81c79662b3...18.exe

windows7-x64

3

81c79662b3...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    52s
  • max time network
    55s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    01-08-2024 21:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    81c79662b312b4349fed69de7d38d109_JaffaCakes118.exe

  • Size

    29KB

  • MD5

    81c79662b312b4349fed69de7d38d109

  • SHA1

    7906f1d2abba4816493554977522ab9bcfcc8c60

  • SHA256

    ab99d5f2146ee8393d58ddc5a089a836c2d67625558abe093a08a8f95ea15d5a

  • SHA512

    b550bc43757b69beb54baab4526732c7dfb7cf624ff88e4de7adf5e87b18b59b57a4c14de10e4385c77cf6c796b8faf8ba570cd7b5344affce6a25d6b1c7ea04

  • SSDEEP

    768:STYszelexSsoDLzV/1EeeYRDKJVLVo0CF:SFelUOLzh4VC

Score
3/10
discoveryexecution

Malware Config

Signatures

  • Command and Scripting Interpreter: JavaScript 1 TTPs
    execution
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 44 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\81c79662b312b4349fed69de7d38d109_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\81c79662b312b4349fed69de7d38d109_JaffaCakes118.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2776
    • C:\Windows\SysWOW64\wscript.exe
      "C:\Windows\system32\wscript.exe" //B "C:\Users\Admin\AppData\Local\Temp\QktZITmBj.js" "C:\Users\Admin\AppData\Local\Temp\81c79662b312b4349fed69de7d38d109_JaffaCakes118.exe"
      2⤵
      • System Location Discovery: System Language Discovery
      PID:2880
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2952
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2952 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2732

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    91e27997fa5915e218375458c33a4568

    SHA1

    bee7e873cc98ad9094d1b84e728a35fd7b71087d

    SHA256

    0a9645652448de3f539f26ab1ed9af89ef3c647790bc4dbe3b8b39aeaa68ed16

    SHA512

    a34bf9d0a7fc1ddcd9bccb08272e794ae0b79f032d9e90e621d695eebb959e0f1e071ec11aa1a612a2ebf2acb7b5c613a8c1e17165ae9c5f6e24112e009cd35c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6f078ebeeb035e9120fef1e5ba43406c

    SHA1

    69450a59d6afe2997136f7608e46328138f98fcd

    SHA256

    0958163854247d5452f362861bc17a3d0f953a2f2f00c19f76e1d6c6d65a0572

    SHA512

    e97c61d161ece873ae95eaf5304ebf71376986aefd544539276049e44d46a2186f029aea9d879e2c73ea7a198fe6335cffcd1549c126b4c1cb6bb1f4521f7f7d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4422fc2a37e7e83241c64bb6756c9e9c

    SHA1

    b0b39534ecf5c6b98d81ed10b5da537818139994

    SHA256

    9c567fea5ef469d72d0d692ea86837ad5ec7277f4ed8daa4c673aa618669f581

    SHA512

    bb5d94c5ab6484798977d307b7765812a4133b1ec9502603e2645f1263afdc06df510b819fcfd5f450a6d014b388fcdaedc7dc8bebec749ab33277e0d13be17b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c21ef327f8975f8ec020cca64717a031

    SHA1

    2c17a1833a15a5e161861570e497292c6047f153

    SHA256

    69534c68422f6993f46e793847298d140feb2c09773844b44a17ce8238ccc073

    SHA512

    21bf3cb293ebf2fbabc62f4cf7b59441964bbc4316c0d10e08c06dacd65dda5894c21af9e468b3f2084cd54ee7ecc12b3637f0be7486a933cf77be734afcc7ac

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1cefcc7278076b855e18defe97ab6e3a

    SHA1

    170c1a27725216c2c47fd045361b1edfb59b6344

    SHA256

    6a62e1dc89fcec2012cc5fe44e47797ada09d44452d2635433fdadc767980c0a

    SHA512

    e0ff198924badddff92a32bcc351b68b85f56e4bc144ea8bc9bda4326dc5b4bbd9c7aa4f7c34ba303b32acc9dab7ce37c50d58a87619c9972726d464f827d77d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d46adba21b2a707e24e6459b55a16d2a

    SHA1

    d44b1072cb5030fce0dd3964eb69e493559abc61

    SHA256

    063568efb6acedfc1cac6d34f00aa680b79aa5de5616cc584063ec9049560b7f

    SHA512

    1d8a96483297fb8423ffd63eabc064d8d66a3e825093f4a64946f9695836b282aab666d88c85a5abdaf9d4674ac1113f7bd603df37afc54ed01e0d726ac8d8ed

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b7f67fc206cdb1acf1384fbfb8ddde6d

    SHA1

    15f607e45adb4427e272261c307804f4d27d6477

    SHA256

    525520bc0aeae22abf78e38442c4d591eeb3e3d3194d6c2f23d5bba6445ec68d

    SHA512

    7cb2ba661035ab576950129bc536921a592f3ec15abb6b8551479b68a00b70e78e6584af89cfccb22482e0de21fafd8af609c3ff2aa68205c5e8f9474795c4cf

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fdc9d2d8ed83810e7e443499d79538ec

    SHA1

    43b54dfc05556fdd66f3b45588322c9808de54b4

    SHA256

    d1d89f2983833367b45b50f8674dbdf7b27863ef00228088d852b0e8362eacc2

    SHA512

    336f819bdf53ca2b290c40944434a9c72eeddb89a7f8d34b846d6c794f32ac70925878ee65cc8fbb5b4993ceebbbb1f767ad846397d9baae68013f954875fd71

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5b4263cde1793ee722b55c6766ff90fd

    SHA1

    dbcf906f5404929247a2c25c94a4ab82b2d2b9c4

    SHA256

    c2a2399d01aa76f24974fb42e513d440787a4ff6e9a5b7411369cdfe81647928

    SHA512

    fba04db36f7eed6b98b02a96f49f6f07e10dc3e8200ba3b4fe0c1cdd7bd8ff6aa3ccc1252c4ec1c6098023d454cb3d4551d1c81ceb034e2cde4d8b8713188dfa

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    be555b11b4dd41e75ed5a37fdcf88c0d

    SHA1

    e95aa5fcb736e158e8d9ffe200cde9c4b2dec942

    SHA256

    c6b08c9fc58e1731ce158ddd0a604cdcc48896fc618064fc60e0830062923bf4

    SHA512

    a18707430a18148d99cbbcedc54d9cfbc8f458a3830678a749f988d8a6024fd41bb1263c40ac7ff012781edb0d7906aa3b15fbb171ed89aceba0fe42357d2ab1

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BDDDRHWK\favicon[1].htm
    Filesize

    291B

    MD5

    b73189024a094989653a1002fb6a790b

    SHA1

    0c44f096cd1fec253c1fe2fcfcd3c58fe05c402d

    SHA256

    014c471c07b2bc1b90cf5b46eb8eb60abe3ac278e43cd8fcc7c4e6c8950c592d

    SHA512

    1bca726835d33847812060c968e5306535f513429de5c90d66942155fd42ff75508dba97da8ca36c6d6e6a8df5a2602fe3be047bb5612ad4e367c6c00e1e50a3

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab1AE1.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\QktZITmBj.js
    Filesize

    4KB

    MD5

    508dac3231a3b5280f7a0f2c101e52f8

    SHA1

    146aefe775f7368526b3dac8db52db8d566531cd

    SHA256

    c247cf2930f4262d590aea3987c3c679f851e6573b37e64758100b27321a1dd7

    SHA512

    682dc85c20b04c8bfdc708a972dac57b476892916dd2102f4c1351c0c75591653a5ff2ee96dff749c76ac794d8e4ca4cf7db01b94f02d1e82a47bbbfdab38a5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar1AE4.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/2776-0-0x0000000000010000-0x0000000000029000-memory.dmp

    Filesize

    100KB

    Download

  • memory/2776-5-0x0000000000010000-0x0000000000029000-memory.dmp

    Filesize

    100KB

    Download

  • memory/2776-3-0x0000000000010000-0x0000000000029000-memory.dmp

    Filesize

    100KB

    Download

  • memory/2880-49-0x0000000000180000-0x0000000000182000-memory.dmp

    Filesize

    8KB

    Download