Overview

overview

3

Static

static

3

83e8e8ec64...18.exe

windows7-x64

3

83e8e8ec64...18.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    149s
  • max time network
    140s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    09/08/2024, 23:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    83e8e8ec6472579670768a8b21ad8cda_JaffaCakes118.exe

  • Size

    36KB

  • MD5

    83e8e8ec6472579670768a8b21ad8cda

  • SHA1

    f99d125b239703d0f519e500a1325d863eb36f6a

  • SHA256

    df8b00731b1c6767916d5ecc878e21ce8c6b0d22e5bc7ffca8d8a5fe6d96eba7

  • SHA512

    9f4136893503b9e868534b5b5f0fb0ccef0e6b2dfc1060df77a4675e2dd613564de86e17189e6c53f7632324826a3ba654f9d67b2d0e81e1381a06a93615deb3

  • SSDEEP

    768:/PhttTnVpZKo5nOkw4NHKDRnm4MB2rHPL5hpj50ET:/Ztv5Okw4NqDBmiL5hlVT

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 58 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 11 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\83e8e8ec6472579670768a8b21ad8cda_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\83e8e8ec6472579670768a8b21ad8cda_JaffaCakes118.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2316
    • C:\Program Files\Internet Explorer\IEXPLORE.exe
      "C:\Program Files\Internet Explorer\IEXPLORE.exe" http://dl.kanlink.cn:1287/CPAdown/vplay.php
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2424
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2424 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2376
    • C:\Program Files\Internet Explorer\IEXPLORE.exe
      "C:\Program Files\Internet Explorer\IEXPLORE.exe" http://dl.kanlink.cn:1287/CPAdown/pwdict.30006.00000977.html
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2364
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2364 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2832

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    61be468d6858d51aec7c277df7465147

    SHA1

    00188240e823ce7a7bc2938c7175fd2de3270793

    SHA256

    3905d051df3b924c3b3a87e59595991ed06ae7731759fc6c3fef6230283e0689

    SHA512

    609ea0d408620ee7be4c518de041bcfb584ff51567e4522780db440fb57d6b906baf283e90c7d753306fa806e1f54b9f19f9d1f6743129befbdb8381de23dbe4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2097a9b5f44f336eb106861a13102c31

    SHA1

    6540c83388ea16f4e66a2fff80eaf826af1c5647

    SHA256

    613cf33d4865868070550e3275569387a9937c5f71f5a61c6b2683c00f9a8e95

    SHA512

    3eaeddbce3779df66abfe1f7075c6c83cd2c3d2450f74483f34ab01388b778b0574c744920fe181f87b8838d9d4f6d3b37d095fa2503c4c7dd8c1b59b2ed90b8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    151df10dc9c95d9d756f17aa42818fa7

    SHA1

    cde39d1ba681aef50a8f3c041d8855a772bd2e66

    SHA256

    5961bebf52605211360302e78c4bd3ef520de8638dfe38e06e62a91150d218fb

    SHA512

    ea9272915e6ba1817c3db0d0b753ca26871c9e37636ee7d2a8a7b3c8e654fcaaf34340f3b68255421cab815eb44937c4213a7e8d64b806e3e9bc5034f8c00996

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    aad125407bd227be3533950e2481a110

    SHA1

    e57fe6cb6bdfea625cdee5fe3c235ff22a48dcdf

    SHA256

    81c2339f9cec5ec7e490c9d68a7805d0dbf6911e4f1ada1b437b37df5ea6ee47

    SHA512

    eb3270267a7fe1709123e09db43fee67a1e46edac63d2e77bbb0df015448d876fa79539ad7b17d6b9c15e2042eb392c738e28f17226923fdd5f458dc418ebf89

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2395c33a1da75967ee9be3122f7ee407

    SHA1

    3484ebc576d758706aeb6e52bcdf657d286e8910

    SHA256

    0272805f9c1be4f61b9faa072844948530e7c08881026e3e8ef34780e8684086

    SHA512

    6dc091def7f05c3e95c25b5519988985faa17c0a595a5d43c2999f0336774398e7b7ad5e0f857290b3ca27727c2e62bf4518335b6d2d37de8cce90a89e22a8c2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3d82e67e1906ddae235c3fa7c882fe3b

    SHA1

    0f780b45860fda02b7078477cf3da6be980428eb

    SHA256

    f32c2de90248541d3a97171aaaaf83e219a9da5fd75a04c217db35a066adc4bc

    SHA512

    12f4f5b7fd38819914049df3fade4a204532a12a92d2460e8617984f4cd69555584f92c8b2a0acfa51397c2f0ba69c5a6d6b00a9f0aea9436e3b9027698ca2c0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    caa53375a53cef53aedd7629bdc69af5

    SHA1

    9cdc29c0bf1c2dd3ee2cb73b08928af7431c80e1

    SHA256

    a9822c77eccd3bb05781a47f8282eb6c9cad42d5333b859540299847d9257adc

    SHA512

    a9e19aba58283e6e97c782fcec7d950868226c2b37f88318f2160a0ef46860406bae16cf095c0cc4836988cfaa58343ee09b62854ae9ef43292ea1593961bd36

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fc659c523b32e1a0ab6206ff122f0be8

    SHA1

    335ac0fd11fdb5fa837018191748de4d71dd2629

    SHA256

    225d866808ea875304a1c782b121b0a93c2e904303b852fa926608cf33496bc8

    SHA512

    05f3de1b04aa8bece351dbff2476447bd44472689aeb260e4d1b7f68d5d02d99e0833bcd7ec0a14f05837f8280c93807b022fe209dc250bcefb7d1733dc6e113

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    cce4974eeafd7177a595296342ce270c

    SHA1

    13f23fe85163c55f23cb09e7f95d4cd782a0e959

    SHA256

    689e5c31215f10a332b63c119f0a1616f96e4e1625189a398815a86e5d4be798

    SHA512

    8f6894c51409dc360e7dca0ddd3a45824c5332a5473cfc560358819709ca186f76483344d528f4d789955953d3e37508a5ccebe1aec45e524679914a89ce1b8a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4d06d16294d075e517b0c25e06567943

    SHA1

    e57df2fa44dae33402cd32f259af8717c3717813

    SHA256

    c020beed30cb365f225ba8ad0a0c64e18e6f27d1c08f93452924e89aa0106e12

    SHA512

    782c8ab32399d3cd4f577a8b1ce43db44e1dee1a292af4335fa82d1bc3dfc27dcc298e823635db223d02892a3e0979092c7ae45142ef4a05e9110f9c66b2a30f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    35da677b353c05745976cdfa8ba1766b

    SHA1

    1ae16cb5f11bc4dff1eb9524546034d07cec7d37

    SHA256

    7e8f862004ffea71681b5d0d0d2ea1bb805ae1c0e677296768a1ab0c61fb1563

    SHA512

    9654009039a079b036d45a49a5b97152a0e3762eb04c2f003df3d3ef5d1cee7f47b43d25ae1e1e7f58c84384fbab1e3308d1b22ad927b26d8fced3e0ba0609b1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d850e6e8ed3bd231ff92740288e6039f

    SHA1

    14d5742774b0772dcb9c034eea0c7774c756ab78

    SHA256

    fa2bb1f9db10d41085506e13ee58dd19d75107f47ddddfef20d480041862e338

    SHA512

    cf1e2d34cd0d2fee8947a94a8656484be1b46a00f124765639ab7d45dfb6158e9c11a254243ef81a85aa65b163740257a29d0abbe971d940b1217e9b5f2673c4

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{F05326F1-56A3-11EF-ABC7-72E825B5BD5B}.dat
    Filesize

    5KB

    MD5

    db92d3db5e3698b1bf1e206699a570aa

    SHA1

    3131d828948073183e19a42844c3dbacdf628dfa

    SHA256

    639cf5de95510d328ffc4520273f98537ad9ea4908673aa399cd61d5e36b391d

    SHA512

    be9a9af6e8649b9403842cb2a23a87e9595c6d1abf6440d322a2181a73722b04448aa9c9bf6da0c40389dc3e874a7ea7cf8ca86d0e68713834fa59d9489f90b8

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabF4DD.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarF56C.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit