Overview

overview

8

Static

static

7

856d541b75...18.exe

windows7-x64

8

856d541b75...18.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    137s
  • max time network
    135s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    10/08/2024, 08:31

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    856d541b750e705e57e86925f1ed1d3c_JaffaCakes118.exe

  • Size

    250KB

  • MD5

    856d541b750e705e57e86925f1ed1d3c

  • SHA1

    aa9d83a9a23ec39dff570046a93ffd6486d8d492

  • SHA256

    2e9bd0a53766e5e69eb708271211f7b9ba01a1620c2acacf5bb75189213ad0b4

  • SHA512

    bdaf25320c0a8203265addadac27690da6b68c47276d02538f6eab6f41d8ba4d1b9aa2bb400d723a766455d97fcf8e6bfad619dcd247b5908853c06fbda6b3ff

  • SSDEEP

    6144:8hieuJDr5T8b2ufqBLjSB/MS7irtIa6cwoD8ZroSfjGFA:NeKrJJuf86AYcwoaoSbr

Score
8/10
discoveryexecutionpersistenceupx

Malware Config

Signatures

  • Boot or Logon Autostart Execution: Active Setup 2 TTPs 1 IoCs

    Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    persistence
  • Deletes itself 1 IoCs
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • AutoIT Executable 1 IoCs

    AutoIT scripts compiled to PE executables.

  • Drops file in Program Files directory 2 IoCs
  • Command and Scripting Interpreter: JavaScript 1 TTPs
    execution
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 2 IoCs

    Adversaries may check for Internet connectivity on compromised systems.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Modifies registry class 26 IoCs
  • Runs ping.exe 1 TTPs 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 17 IoCs
  • Suspicious use of FindShellTrayWindow 49 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Users\Admin\AppData\Local\Temp\856d541b750e705e57e86925f1ed1d3c_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\856d541b750e705e57e86925f1ed1d3c_JaffaCakes118.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:2388
    • C:\Windows\SysWOW64\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Program Files\WinRAR\winrar.jse"
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2440
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://www.go2000.com/?g8
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:1580
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1580 CREDAT:275457 /prefetch:2
          4⤵
          • System Location Discovery: System Language Discovery
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:1728
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c ping -n 4 127.1>nul &del /q "C:\Users\Admin\AppData\Local\Temp\856d541b750e705e57e86925f1ed1d3c_JaffaCakes118.exe"
      2⤵
      • Deletes itself
      • System Location Discovery: System Language Discovery
      • System Network Configuration Discovery: Internet Connection Discovery
      • Suspicious use of WriteProcessMemory
      PID:336
      • C:\Windows\SysWOW64\PING.EXE
        ping -n 4 127.1
        3⤵
        • System Location Discovery: System Language Discovery
        • System Network Configuration Discovery: Internet Connection Discovery
        • Runs ping.exe
        PID:2704
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:2816
  • C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\AUDIODG.EXE 0x598
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:2156

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Program Files\WinRAR\winrar.jse
          Filesize

          11KB

          MD5

          9208c38b58c7c7114f3149591580b980

          SHA1

          8154bdee622a386894636b7db046744724c3fc2b

          SHA256

          cb1b908e509020904b05dc6e4ec17d877d394eb60f6ec0d993ceba5839913a0c

          SHA512

          a421c6afa6d25185ec52a8218bddf84537407fd2f6cabe38c1be814d97920cfff693a48b4f48eb30c98437cbbb8ad30ccd28c3b4b7c24379ef36ac361ddfdbf1

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          46c0090028f9adfaeef4b3b6311220cd

          SHA1

          3c1664453064f259c9650af50c6a0ca4e6e0b0b7

          SHA256

          fb161cbc7e81eeeae4e5ff429d8445a186d6be1df3a37b6960e3010241196622

          SHA512

          b196b9668b44c27577891d8b1703185af1aa084e308321ec332cd702fe222d652efaff72858c005cbf752cfd8cfe6043fc740e5f0a496d3acea572fb4d3183b0

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          45781b0bede9bd423ab610b146d6daea

          SHA1

          32a8e4745ee25010fce99d9ecf3387f4d315ebfe

          SHA256

          d8b2b2468b0c967de0e6f33d930b7c706cf8f5b71da6b6ca9cb297df23128c3e

          SHA512

          383ff412cbc5cbc95c90470743f327ce52eb0fa6407563a32b8af4ba599b7e6d4a3f7c9f55e79c0e0d64cf1b4d52f89c83a23960e04d7c1297d6f8f0565becc4

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          27a66b80cc87c09b1199a786b1c9b374

          SHA1

          7f0182589c2cda545ab8984b41c48a657ad08eaa

          SHA256

          5e3cf3f7f405009ac3a2530dfe64300ff131b27205f9e78667f4b4a6d77d079b

          SHA512

          4fb9221d2c00e9604e48f1d4240d3585ea7741dd45ee37ca9e329cab481a56bd5d92b61e13474f6d7342d7288711593e3b976643079ebbf4472ab32a5d1668fd

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          aa8475900365754e57c79a4c1f68c76d

          SHA1

          bae74ae39d86f20d6c60acee3ed5d9a45855e84a

          SHA256

          73b053798056b7d3be8f756325a7e2e8282952df0eb39dfd653ea4c36d53e899

          SHA512

          714ba547ad5cd05ef57914cc7810f7263b285a4b12b81abb1638232bbdc2f76ff6534d65fa01510db3a07fe642139a578fe6c5f8a1fb67cd006693a23ffd4c39

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          092b76012b6874f328c47e66519d63ae

          SHA1

          971afda4ee1621fb59130ceec33d66595fc2d3a0

          SHA256

          aea6c4c76b36ca2347d9cbb0abb52a9b471a27451151b130e7440783057d97af

          SHA512

          bba7d14ee741e1307eefb4b278f3ac5c7158fa86e513ff7ed793ad3734f517741f8f386008d1df314bf387478c82479c58f904529f04ee9016f4a13a95f09c02

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          a3066a539c9b2ce0406de36e8e9b19f0

          SHA1

          86ebfc76009e14bf30b7aa57e370905230bb57a1

          SHA256

          21f3cf74c892a7f95ecdea3e84dc35ee50bdcccbf2edd6d9e95158fa29f655a2

          SHA512

          9a2d37658460029bd5343e1bbecbd55e4f2bc2ed3e5ab75b57a8ed0f8d76abf00931efcc0bdbfce378fafcf102faa32e725e9cbfd2f0e17854d68714acc3a10c

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          b1b9dc79de8eb070de10000788972b07

          SHA1

          5bea19e53380624e04eeed72923aa46c5bc5e168

          SHA256

          462ec65770c94c4ecf9bf7d0e7341c12fde65d1ca7de4574cdd430914f45d0da

          SHA512

          50b5b6286c5d54cd82f57fb2b954f0db6a81e161a615f6514d7b4748d2ef29581e1c594ad28e61f231da1ca0e7e25fa1cd017c6a7aeab0516be1906e5d8f52a9

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          609d63358c745c8514b5f577dc135102

          SHA1

          aa8f218ea5eb87c094400774a270ee7c2b039c66

          SHA256

          d87fdd22ddbc93cb975b00a26243c15d857220d8409873f49a954e8d5d6c0387

          SHA512

          f36d7113c8e5e9b7c2f799789ac4a9dd8c7ebb885e78d09e141844107360245b6ee8f93c3706662df60d2c5fdd5f81805fcde492b845bf092141a38e03b7d373

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          0afecbf01f89472121ce6a900fd64e6b

          SHA1

          0540cf67d141a43b187d9b64d8a13b44c7850ac8

          SHA256

          0854986a4c649c61a1cc21bc1ff9bb6406a1555fe2132c0fa57dcd5ab4044771

          SHA512

          933d27abe22dcb5945792f5ceeab3984bece7f7c1cb2a1dd03d3f27a8b53a4a9486cea37c747f138219aaf477c6d744fd592d1cb4435f5b909106816d46632ea

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          3bca5ee01214e6d48fc1ff34a1421d05

          SHA1

          3f88dd7c30789662e79389a3a4ebba9643b64bc7

          SHA256

          221ded7da026b1c61d3e731348aff6995d849f79c1d6144b4d5785580cd8f4d7

          SHA512

          27750abb39419d9eca3f3667ecc9138fece4ac9f13eebbd372cfa9a522a7970498d5222839ec8edc26eb69a5c6e63a0fb9b7505d7351463118a44eff18089422

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          6df0a69ab119dda471f69cea5751c51a

          SHA1

          11c4bc8a451ea7dbcc4680ecd60c924d1b6c8d2c

          SHA256

          5f73b8a06fbbecfbb01533945435b4c4da2c035ab2ec8e052f84d1f5b7c66d2a

          SHA512

          09136faadcf8993734f115a25da88eaa1ff284f5095f1925cc390098ac03e0710a0ed1c5aed2d86bb0e22c04cf5d9ca366a3b0a4ee4f77974a3ab7edc7e34c6b

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          68e9fc36a1ab8887f385fdf1b745385d

          SHA1

          3a9a27f69abc358f4ece89b137a272f2c0c1b5ec

          SHA256

          76f639716d55297c8defad8db9e3ea8757b6ecc22c454863d79925a4bbdaf0be

          SHA512

          a0b9f9d9782a52b3786693212b07a9c23a055a6b4295af1a988f4898c1528f1261e4ab3380f86419f9480c9da2c104818fcf867a8df5c9c885b5de9543315f6f

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          e17fac07254bae77f1c41a5a9bfddd00

          SHA1

          92893b58549407118ddde034d94667e6fd542e7c

          SHA256

          db24774ec3c77d637eddf6fc5978f42e0a0eadd0c52bd3dcab4a60af0c1bb665

          SHA512

          5a34ebe14ab1925ca9e0af2680c5e20fc8187788649d1fa067251453435dd69628fda116aa8c24911758db67a5f282312595d5610b2d8a4eeb285932fae05248

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          dae029188a48ce45ac27f41abdd16233

          SHA1

          9a4b237d2702aef6f09de3d5faae6cd6bbaf28c0

          SHA256

          8308abebd1787e9208763b43a24fe740f5b5c13ea52cfafb7cc29cb3ffcf43eb

          SHA512

          bcdb326d3e64b886a4a1e9c268d830824e15ac298fcb497d43142840cef069627aa57f638b0e1ed25bcb7a1cdb419e8a474952a4fcd734a34a23886d30f50d58

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          be27c64d3356f36094eb04a46a778d7d

          SHA1

          3418c6f23e144819d682797ff5a43e649cd22a67

          SHA256

          48b527a25665b7d840af161e3bb44f4ce38162be5df24deab3034d52723afca5

          SHA512

          6b0f108dd5b21e7df977128188cbd6ada128e939fd3bd650685b01981716b55df1b2ca6c88813bd3d5097a596873b87090d22855c8d4f70e93355389a9cf9d5f

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          3507c0ed62fc8b6a9cbff21a659bc05b

          SHA1

          2f45c71a62a634272ee1b5e5f1614eeb78d9f187

          SHA256

          7326dce05d59c92df30d895f758992b3d50ad2309dd065d49f5e6dba833dbe20

          SHA512

          43a4f496f682218333a117030647955db17262b41c2b83800adb63216d423b390ceef2d7c33781949580f2978131e2fa261ecec9bb953809b405a62ddb362b1b

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          02bd9875fc0fcb003faff91c74d2df69

          SHA1

          2998c0d55c3ba26eed835360e7de2500c87d14ba

          SHA256

          bb414eaf3b45f111d8614706b9da5815f4bdf76a1191f92997b258e2a73a2149

          SHA512

          4a0fee72be0d6afd21dcb591f3808f05d55e1772394f7705d1ad6daabc71ef50c8d31387d875b81aaa2d85c2da846f5ba1a4225bf5a0d8222f341a7fa4f096ea

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          a9aab08f659362b8cafb3594edcfee60

          SHA1

          a6dcc25ee1687f4ebe21507224df0974083afa26

          SHA256

          afadfbc820d9a5cc38b7a872439063a03437787ff3467c46542ac6deada18b97

          SHA512

          33a0b96261024aa74711743634f4538191297640092a676b933b21a56d8a036bb2ccfa1412705d704bc5d994364a0b54aefc651c3ad82148d1ff598fafb8f378

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          2c943aaf80d54f05ab2ddebf6b3bc10f

          SHA1

          92b84859def410eafea7145d5aad8ffa736d7370

          SHA256

          c5c897ef0531421a6154c1a43e1c2fefa5e4a74e4437437a7b92f2b4053e2449

          SHA512

          c0602c9633249714cda441636a3af994d1c4553e8ca58efb572fa6be10a1e59322fb7684bd3b919992d226b05e204f4a3dde172c5b402aa07934b754b0f58c82

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          3b7200403433403c5213df918cc2cdae

          SHA1

          55b8bb84877427cfe4574921fb4d1a8d52fca430

          SHA256

          a21e358b078415b9530ac626d57b5204571363b8247bad460788f542e269d87a

          SHA512

          2a58b19b951172b2ed2d1d6c26f7a365428ca7fe24003493300a595d7b8e3106d3ab4eb9040c77f079c332e75e5ad3afcb99b71c7799818a359d372b1d99ee54

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          b58d10ba11f3ed42b851700ae59a2d3c

          SHA1

          ce6e1109389026e6bbd90c81fc74c26a68ef31af

          SHA256

          1099ec9de23caebda25b90f3ab46c8a54dde2035bc5e8027ac2db896e2c3b67d

          SHA512

          64d96ceaa01d61b64cfc8f6842a73a71f1a6ee10c6e8b640586bd92f6681a9496bc552416ece392858c23deb3c54a285c1e52702da8d1af866fa7adcc67e4b89

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          651dcf7d867b6fa32c04bac5dd668bd8

          SHA1

          b2f4e67ddd4b35d6c3b73ec96612f5d080fd0d5c

          SHA256

          2dc2964af72f81afee5cd616263df479978297b940fc70b9c727b6057af6420b

          SHA512

          90bb83f6678fe6e16a98d469e01a20d00db13c94a8921144256e00cb4c14a51c13db91164f9f0f690f76cb455bb5442add1a0c504b8dde1e92c86ffec098c6ef

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\Cab4932.tmp
          Filesize

          70KB

          MD5

          49aebf8cbd62d92ac215b2923fb1b9f5

          SHA1

          1723be06719828dda65ad804298d0431f6aff976

          SHA256

          b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

          SHA512

          bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\Tar4955.tmp
          Filesize

          181KB

          MD5

          4ea6026cf93ec6338144661bf1202cd1

          SHA1

          a1dec9044f750ad887935a01430bf49322fbdcb7

          SHA256

          8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

          SHA512

          6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

          Download Submit

        • C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Internet Explorer.mmc
          Filesize

          255B

          MD5

          a0c4d2f989198272c1e2593e65c9c6cb

          SHA1

          0fa5cf2c05483bb89b611e0de9db674e9d53389c

          SHA256

          f3170aeec265cc49ff0f5dcb7ed7897371b0f7d1321f823f53b9b0e3a30e1d23

          SHA512

          209798b5b153283bea29974c1433fe8b6c14f2a54e57237d021ecc1013b8dc6931dedcc2fe173d121c719901045fdf2215177ba164c05d703f2e88a196252ec4

          Download Submit

        • C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.mmc
          Filesize

          149B

          MD5

          b0ad7e59754e8d953129437b08846b5f

          SHA1

          9ed0ae9bc497b3aa65aed2130d068c4c1c70d87a

          SHA256

          cf80455e97e3fede569ea275fa701c0f185eeba64f695286647afe56d29e2c37

          SHA512

          53e6ce64ad4e9f5696de92a32f65d06dbd459fd12256481706d7e6d677a14c15238e5351f97d2eb7bfb129a0d39f2603c4d14305a86821ed56e9face0bc252b6

          Download Submit

        • memory/2388-36-0x0000000000400000-0x00000000004B1000-memory.dmp

          Filesize

          708KB

          Download

        • memory/2388-0-0x0000000000400000-0x00000000004B1000-memory.dmp

          Filesize

          708KB

          Download

        • memory/2816-1092-0x0000000002690000-0x00000000026A0000-memory.dmp

          Filesize

          64KB

          Download