Analysis

  • max time kernel
    118s
  • max time network
    129s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    09-08-2024 23:08

General

  • Target

    83eb0c9cf6ea65fba82c9885ffd56d66_JaffaCakes118.exe

  • Size

    65KB

  • MD5

    83eb0c9cf6ea65fba82c9885ffd56d66

  • SHA1

    62ef7de797f6ddb6e95169344efe7102a7acfa32

  • SHA256

    23c4a9dc0a8231c56976ff1125493bb28a0ebe26995c835c4746d2c2729386d0

  • SHA512

    088eef1dfe365e5748e314390721148b4a7112065819f9bd3b3cf92466472656f8203b7a224b0e49cf10fe7bc1083cf029125a10ff9ec561f4982007e5ff211c

  • SSDEEP

    768:QnkFAZ1bjfdQDxnPeKCjHqNmx4/vlnq22xr868rEzNU2Rgr6c5QKwC:6kKXz8PeTeq2mHzPRgr6mQK5

Score
3/10

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\83eb0c9cf6ea65fba82c9885ffd56d66_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\83eb0c9cf6ea65fba82c9885ffd56d66_JaffaCakes118.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2024
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://vse-oshibki.ru/data/setup_979422.exe
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2412
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2412 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2060

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    7f73dc3b9cd8e138467ff5ec4014e1a3

    SHA1

    869c7935ef3d6e7f82a16c322ee18e5d8fef9f90

    SHA256

    dce1cdac88f31eeaafc2a6a8772940e140fc488453902b7e4292d84b121349a5

    SHA512

    9e58d58965cc4c0bf40f009e704a7fe32f630a4c145c66c53e52a2deed57e81f51bd37e9435029fc845f85ac5b1cf6aa52791b5c39af77068cad86c6b2a68e72

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    0a020bff8d230055c3f9bf2e113a996e

    SHA1

    3558ab93f4e8f8eba093807c9df5cead3d70b90a

    SHA256

    5596927e09053eb3aa048d78c797838afbbb488b2734a57ee3d741f9927f7c88

    SHA512

    2d84891503b6a5fc88b8b684cfbce10f61cf48e5d3e38c946d4f0261c3c77118accb32f6559c4e0ac32a3d87f1d7ee24603fca60001d72679975d87db9b16f3a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    07ebb56ba52749b025c7e49c83a3b606

    SHA1

    40ee2abecaf6f6b5681e3a926722e36feb5b8eec

    SHA256

    7959f4e71f9cefb59f9c7a44e0827e0cb4091dc54aabe7acff78ee867feaeed2

    SHA512

    f3f9ea58439b928e2181e754087f3e9bc44f37f8e2c089c720f0ba71da889d04b7ab6df1fd016f8f78c45326f925deb8a6c1f87234fd75d4061f2ec7bc8aa147

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    96da4463872f7d3534b496bbc3d95dac

    SHA1

    00f161b8fdbc8c55ad73d0bd4790b4366a7f54c9

    SHA256

    73173c0507efe3648e9dbf02c0929e08a22d7018847595da4254f67b3b24e8dc

    SHA512

    793fc8f52835ed904d8b7f4b092ec3fa1f2e3284dc452a4a9c406b728d091821107443c533423affdacf92f20faaa78e5e3cfdd887def45245ce54bac4ef1976

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    adf0246d50f12853bfef06b63d7f2147

    SHA1

    17f7d2190d730edbe029749829b35a1f7e8ef43b

    SHA256

    3ca40dc3bcd777599cdf59d85381c0b22a2fa4588283b5f40ec9586f89f95041

    SHA512

    9f221633e256f32599b65a963a19135751be77ebbb76302ed6adb0f71b8462412c93fec89e0b676955e17f09ac95eeb7cb660153f3e8e5de0c8b6bb859278142

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    5e74030cf307ddf67bbbacb6625dcc9c

    SHA1

    6b4f0fa9d66b531339d76cfba9bc287cf98dbacb

    SHA256

    812b937fe9c1599b8bd3afdc90ecbb55170e9402c3c0303a0e7b3e44a8ec4fcf

    SHA512

    f73c7e723cd6364d9fe465ec3085bc33b3b8c17e63b8c0bb933b510e1b4c7352347314088ab967cd3123a8cad5c0f33bf2c2b01075e63ae44f692066512e648f

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    71cc410736b33bc2ae7f15ae919c2dff

    SHA1

    f98c81fd0db817250bb8af76b002d97565976e9a

    SHA256

    dfa449a31d65c34941e9154a6bb2ea57a3af98da1b3994f66b53b08610b52c58

    SHA512

    2f395ac1596c0c6e7cdf29ec7f370df1693e9ca7e02989f839b5e8680b078226bd65a113b6dbf0b826b3bca40dab7ee93eeac41d039c3b86579a6aa3ebfa0a25

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    a93e23fa443e63876b370e30dec0b2bc

    SHA1

    b6228a2415165f3c71d57d2237acdb1303316e59

    SHA256

    0128be4006a5bf9f5ccf5bd82b5ccdfba19d85318a092077b94e5212bb5b8f8c

    SHA512

    365490d3672f43d08ec99ad08d154dec0230915d70554847aeb332876133cdbd94c3ff350ebedf781526f93af3cb3b987f4cd1905d74eb3c839fcd8eac93a9fc

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    41cafc5bd1e8fee7fb3c2449a21b4f47

    SHA1

    bbfe7dea2a318288df2eec8b9d926dc5940ee84b

    SHA256

    63a8c21743235471539af325a87d79edf13e815dc352bbe8124add648ca5d928

    SHA512

    151aab138660331c83539ca79270481f77a9017c4cea29fc1c157fbc12bfa8db9494b7656036e1bec0ac456852bd350641ef3929aba7dcf6d6dcf6ed386420d5

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    203bb57f06a1a3ffee11bf121d30f7e5

    SHA1

    4f9a7f83f93387d67b92f92da5aa9e2dc1ddfd93

    SHA256

    3905c7cc0dfa8c833b9e2bf320956386815e950b40817e15e0d1ccfd6a496f01

    SHA512

    adbbfd583f8999a63ce25aa45dac6e3eb215ea1353825c85d85a60212fd653d93f425c076675dc4d0cf2e5d89e4a3d13cf09792512594a8c873b316df091a92e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    fe76592c1bfc5af97c665ca11be55f62

    SHA1

    c456e0d62113e70270813c15e8f1e72dd94902ea

    SHA256

    38fb523d598df8627d16a562bad5534394b279e96c46a548caf972dd83fccac3

    SHA512

    3a71da381d522f4db7d691398b2e63fdc7dbbf8fc540399ef5788234439b93fe2f2f2dab125a4d0a1b5616849499c281ec8f153da066e64eb5bd045347d57b50

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    2b748c1163f2a380ae5707a1ba9afadd

    SHA1

    af89377232ea3fb239ddcb710ddfe960ac04a342

    SHA256

    1816332fff772d2dd8db1edfd0747edd4bea1139bebfdb52cc6cd9ca5a9a74f4

    SHA512

    28a25984e6277683718679041d4a244bb644435e877e8e8914cbcffd6369624588ae5d9808dfc88451c4728389194e64ebcbc2eb311bf387c8c20a61d346107c

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    9aca3ba45c5e5082c8ea61218747a0e0

    SHA1

    2ad68d60868df17fcf87d3e510486db56d47162e

    SHA256

    1fbe5218e9a1447cc9a5b343c5dd2bf8a3cab819320e7929e1b9d54b5f248d8e

    SHA512

    fd9c6b22f350fca5b924f6c6a4a804ad644150fe572f75af0095d20b225d6c42f3ea70132b654de2548c91de667507f6b8ed05fd99c788d4ed93c19f2db1f0f2

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    5f829dcf0f5ea56f0a0ce93033a65d2a

    SHA1

    9bdb920ab9591f98103b2c812227f523c9c02ebb

    SHA256

    2365105a37e8c6952f66a4a28772382af06ff4a2e88ef3bed68ae6b6260b91db

    SHA512

    91264c38210cebbd95d0e00cbf6c62cd4df28aabb208790f4cddc4794a10be238e2b973cb8e440aa4a6b06c8efed18cba1fa70d0f44246b1aedd389a85ebc44e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    ca2a0025a3ad68ba5979d5e664704273

    SHA1

    7c740d0d9f142b816a1858b6da0b255dc89b60dc

    SHA256

    507ca2c90715a2db699ccd068750fafa10892ce9e735bcba9fb8a8fc79fc1d7d

    SHA512

    f10db937d39435d3e2e68029e7c176cfbde8c794eb8a602dfb0fe694aa729e989f7f167f512ab900856d9466fda487d9d3bdb1df8148f972d7dda395e2378e78

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    beb8380cd847a1300759bb4d6598de94

    SHA1

    381f7c7d502c87c260aef2f7266d7e0907b10dd9

    SHA256

    e380db097a6a598f28fc3648ab9d5313a8d1ac1d2a485e81ce8a12a4d3a4de57

    SHA512

    26ba02e2e0d01569f5d7314fb252f10a22f6556db1d477aebaeb99b3341c50553be8e8bf6858d2bfd78b4750b21229de30d879336f82c663caa44b895b11ee0a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    f77161be445b8208635d937458ce0152

    SHA1

    f35f782e4f082d0a503f2566d589c6f7215b1ac9

    SHA256

    80ecc3dbe1b79572a800e59141043ceb0121226356120b9277f634f092ec270a

    SHA512

    68c96d282657a0faa802a2254799841595b424e9c4f2021386e87e7e3f2466a0548862b77fe277693aebed41fcf45ce0b937e70eae338008bbc8b211616e58bc

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    5cded8db8edb3592998727c0ea17211c

    SHA1

    e237fb72a643ac7afef9e02da601541b0c033913

    SHA256

    9c769508f5129ae35d0028918e2ad79085ecf5caa8a19875ed57467d1debf47b

    SHA512

    fc546cfb43df6c9b1267953a62fe83b90c7c771eff4c6c63ac595353c81e49e453ec7e26a40f62f42743de7840aa6be9404daa9403bc5b7ff5ae1857934026f5

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    d7bfc7c3d3b5309d3708a86e13bcbf3f

    SHA1

    1dc85e9ec0bc3e16937f744d27053498f138911c

    SHA256

    1f8184b2dc5e9fbe2a4bd752dee973b489a89bae9841f04d49e8a8e650cd8738

    SHA512

    52b232c38d33940a7e0e95afb44ba6daec370905c6218a4d544920b3553af869d9ebb638d211d5c1f48cd273b01cd9677a364904afdf43b50e45c541bfe387c6

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    2d1138a896c33fbcf34de1741f14a0ef

    SHA1

    cc0f4264e3c8f9621e4b7d2caa154de3cb496a86

    SHA256

    13e70009da212aed58467adf5be685e356e9da1a69c12b4f53bc20fd0fb89360

    SHA512

    f64b2f34fa585134cbbc96d55611c36b8967f9204dd1cccf5e48d0dd425053c961c5c041c4e12ac5d3e97d648493c484e0c11503da067de07661d5ee48c6e622

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    73a48613825a233ea5ab88ecfb7a5003

    SHA1

    d563a1a8fd56352f01efdcd295fb314eb9e57cc0

    SHA256

    ec03789ce00333fe26ca73e12cf06802087165d2d2dde0fab4fbd3f4995cb590

    SHA512

    0d0c000c7970c3bcbb5a7b9a48066b59d3010610b158d021d4e2b3127b7c6178869ee713baadc9b0cbde41ba23c1c83820a3158582ff92f4903b28765aaafa63

  • C:\Users\Admin\AppData\Local\Temp\Cab310.tmp

    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

  • C:\Users\Admin\AppData\Local\Temp\Tar380.tmp

    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b