Overview

overview

7

Static

static

7

8a0692c4fa...18.exe

windows7-x64

7

8a0692c4fa...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    148s
  • max time network
    148s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    11-08-2024 10:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8a0692c4fac21d07d636d7db57f8b8a4_JaffaCakes118.exe

  • Size

    191KB

  • MD5

    8a0692c4fac21d07d636d7db57f8b8a4

  • SHA1

    82a53ace45cd30bb996875ad43ef6ffb700078bb

  • SHA256

    bea1f70cce3f353f5a9579a1f99bfa34a382b274b6d33e7e9b3483df52bfff82

  • SHA512

    dc8fd8eedf0f703dee7eba93d2a243b7b88bced9c70741e604f392fb58c581144e6003ff12d0d3737fa7cde7b96df7e685b4cf8efa7c60a917960a0c12653e62

  • SSDEEP

    3072:FdTejYQcRkBtZy/kqtcGxekIQ8bqJLSjDexH0THKLW15Y5dyO5SDLm9qJV8Vd1vW:PWfUkBPyrtBxgQTMK0TKpxS3H8j0bD

Score
7/10
discoveryevasiontrojanupx

Malware Config

Signatures

  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 35 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 9 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8a0692c4fac21d07d636d7db57f8b8a4_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\8a0692c4fac21d07d636d7db57f8b8a4_JaffaCakes118.exe"
    1⤵
    • Checks whether UAC is enabled
    • System Location Discovery: System Language Discovery
    • Modifies Internet Explorer settings
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2996
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.regnow.com/softsell/visitor.cgi?affiliate=36566&action=site&vendor=9407&ref=http://d0.fenomen-games.com/files/riseofatlantis.exe
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2676
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2676 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2736

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    45fd4a5f29a0ab898aa1f93d706f9c7e

    SHA1

    f68aeb536cc1ab68464f2e050aae62a517b8e08d

    SHA256

    d983e49bc4203ebf4bab7a276b943acda4ad374084084f122f566b52b2942e03

    SHA512

    d7c3876b0d7cda0a7bf560704dd8c06fcf5f18a61218472995847c968fd24c01a77a42e285e2e642000b44c33ae2bb52147c3242948620f0c969ef44314883be

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    bc748dac02959a2e352acfc24daeb88e

    SHA1

    b1ccd2de27020f488f163cd90c5b2f1e46771630

    SHA256

    186f2bec26c59b1356f148c1226561d754d7ff6d2ac828028c12615f35ed5ddd

    SHA512

    6e5bdb19bc72d8a4e1c1b81ef3a3cd47af72f1b7c305ec0241ba0ef5c18e7b9e024a3e0d3c1e31a7237ba50c5fa89fd74ecba3981b17d82060d7e9f77df5c381

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5f36928a12a6c58529d223fe63377a16

    SHA1

    6ad034be1bc221b4e8d0b2cba6278d69090161b2

    SHA256

    607fb374f83733f705dfaba78efb2dcb415398b3411c89c900355edc0a7073db

    SHA512

    251e8fb7412b06e28d2148b0cf538ae3e7f2cee899ab231045dfab907b9273cdb351389c4cd8646c276c7db5403875c6855e16b9d095d29bdd904d29362e706e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    87e43c1815df3ba40f9037c3c4affceb

    SHA1

    9c04b2f554af9d3163d340b00791b8c16971d001

    SHA256

    81f71f6e7c003033ad907beb1045a82812ea2a8a76341da26d317399f5f9bf47

    SHA512

    6143345de47de042a7141224c21fdcbefe59550961fbce5e437d39a3574173676c1a3bd8c4b349c8e0de71103c0599dfde96876afeefc44f6e4c4e91b992b0e5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    29761831e8e0ca3d80ae15a1bc0a6e5f

    SHA1

    966e18dbb065f186761f16eac1ad39626b6e917d

    SHA256

    c7604872528dd7bbc421ec47718bf90c40c9a03b8e0b2e78f830b5bb28493672

    SHA512

    486195dad97541db5c7f756f973a5d36f494234a4f3cf1539df12926f4247ad6cbd4f4c455c2eaebdd537705c082ef7b2805dca03d607161bc9f671f464c643b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d12b5f2432b288282d886e44419e0f25

    SHA1

    f12e9050d07e692316a0c114d32d0c899312070d

    SHA256

    4e2eb64da6d7d78dbf984b27876323381fddcaf3c46fe66041223d8d9bb1cec8

    SHA512

    7c9d25a916a5167ad827221b40a77cb987d58c74f88b68d09a80925c9169942e59543ab808915c161f7d32396ebba654f1443116ec4b54198688107e2550debb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0c01e94695f3f9fc8f0b8d8e3f2b2185

    SHA1

    95dc883edd59d2f9a046831a5ad40c3e2da8d14e

    SHA256

    67628d500c97ed78c55a602cb023d1b6f59b02a1d7f7f4bb50e30cc3697eb1d5

    SHA512

    fc71184c290f0867a9819e7be56a9010427d9c05475fc06cebebca0e513bd7545b30c1ee225bd4e8ae73076339077fbc27c79e292cb80187ef6ab44c8b535232

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e9277a1b7ace4db52c8fa948bd82199c

    SHA1

    06c28d00f482cfeb5689f34416ec40f24a84c45a

    SHA256

    57a668d60e0d141a91aa9c8ea6824ca1eef4577c27ab2de52d2c71056cf2bad0

    SHA512

    de5a190b86c6893db79e212f3d276abedc3922d09de2656712ef375d5a887db4e6cd7cf55bc59e8c5a870bc51bef4adad6fd79da543caf84c159fbaedc4bedd2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9e27d593f84bde895e8c68938314fd61

    SHA1

    e7f669c9fd89a8061bf6e617d4230540360ddd91

    SHA256

    fc3a65069dff47d3f826c85d41ca3307755cf9f38daf004062946c771613ea6c

    SHA512

    fe2a80356ca555dc1f6b62c5924b2ec8e9bed417ca923956f9f02f09bf23bf60666bc08eba29e9f91035b18e00a4987cc8c62a15825dbbc7ff85eb3b527aa558

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e8e3249a2e99830168dd0f9658eb4e41

    SHA1

    328ee1e5d432fb1c2f04c2fef515ed6e4891b2c9

    SHA256

    78c05b26082a6551e5ca24890852309c929eb3ab1a5a0b5aa80774ae4ef6d100

    SHA512

    a8fc8966339a93db52578ed65e7174fd004f4493873f4670a2c2c30f55991e2922b2f7968af7d04772d28e31c3552c534661a8c8a3ff900e79797a736c8adcca

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    45660782e12f48676337b7782c05f820

    SHA1

    29249add195185e329a2ba6a8e85c28b92f2c4c9

    SHA256

    8477776e11e7752c517a689ab886e0798b8731cbfbdfeda0e62b50dcb3a98af1

    SHA512

    bc1ebd8477169ca0d0534cbac063d3f2dc5187f0cad596cf086346c80446e4156612259c0d080ae44c2b006a0859da4bfdb5de9ec0d0a730672ef2dbb717d32a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e4b9108b148e8c638fbee867decd34fa

    SHA1

    993282a21a11d56664e09c30aa2850277a98d486

    SHA256

    e8b2d1ffe6e324f977b5b63c22257ff61bf0495dac3ee1201a9600fab75dfb4b

    SHA512

    cb8125f0cc8d89e5d9e89b9ff69968aeac34d425aee83d2b34e84e8674ba08fb35a685a79d1046943625c207ec3655b2c27b35dd0605f800efa29bea79d4649e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a64f213a06f976a1e165f628a0f7021a

    SHA1

    1c15b7b271c0889fd1ca075a8dc9a2dbd6a86249

    SHA256

    af1c63fb1d7bafcd0e795b123f80398da9bc82e0abb5f88dd79affbae6956f21

    SHA512

    4138ed911d88d6c658335f91e5d38b5ecf7d5148317693afad3acbd9722d1cce3a40bbee2bf569fd4e17edf46d669f4360fd09a4d840221d66de8c09883b1a1b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e3076fad793aeb93e820f8faded3ad6b

    SHA1

    1e0984706c4fc4d11062518826ae87f252c54763

    SHA256

    282cc17ee4ce065f5a2fa26a14cad1ab89fb825196933aecb2a25c0bcf7fd60d

    SHA512

    93b472cf2da755c8a5919585380c0c22b63227684f864e451c15d41ec3ab687f513c105b3d4e68ea00cd185abc190e670434d275dcb19b439508f636e91be265

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8a2e63f5b96651512cd60c7f6e99af3c

    SHA1

    fbb5f9172c3f98806546c931bf53474fd88141e1

    SHA256

    24d60c57f124bbd481e8d391e82da15a347a535a622842d0dd00e072c3828d91

    SHA512

    f4a221d0d516a5610d74c1d648289762d6d14ca04220e6447bac93a38408de975a840a66e48b85d51e25cbb627c98179785ee6ec2de4e0d6ca19c35ecfb41754

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    42f6f601851fcbfca77ad0bd89787be2

    SHA1

    94688237524d39876a7f52d74ed178f2254e66d5

    SHA256

    4aad336cb8db9c7403c41ade666477e4c35d6141140bb62f0a8e3479fe767aac

    SHA512

    8f8efd861d98f4067201eb51820cf8aa0a9465b56d6ab95c224dc605557ec2dceccf9a543bf52023465362e1129231184a9c2758300035e5b70ffc259af775ea

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1d97ef4b6107a22bca7f1ed8a161f1c9

    SHA1

    96fd6183fca9ac4672215234fd274b85c9ec8bcc

    SHA256

    f6289d3312066cd492f0d14a7bb1adf3c4a6844779109e9257d42b1c1b30ddda

    SHA512

    f1e27b454ba94b51ddbb8d1c59f68948a65c277c30bdb22a5651d5a34e63a7cfcaec125d6839544b99269e24b527632572f5ce672ebf7a2b5765ed8565ba7fe7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    98e3f2702d07437aa0f1411b97cb398d

    SHA1

    04e5d9d9dd558f0ba06c1f17dbcc6f2460dd30ad

    SHA256

    8fb635f6739d25e81d4b06ca1f6c8c8fcb53b2461b6752d445091a877742ad74

    SHA512

    7aa36277c96daaf17ad2dc04621cc0be4c3ffb8a42bb816eb8fc52fd29c32ff9c41a8272f20752858a69bbb6f1c27c7736e70d3e08b133abe6ddb5ad432aca89

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1c45bd798e79bf6d3ce38ce99355e2e4

    SHA1

    db3d75e93524784967bf2d51a098259ab4a86366

    SHA256

    78126c2a5b953c2bba0ba1c2110a5f361b54427104919f2546afe3a2bac63d0b

    SHA512

    fe54fd96c00d2c61be4bb53611c15d9b3544c578e088456b8e51da0ba4d7a0813b47b389ae4ae429158fa87bf03ba611f3820957d2b394a1059d52f40069381d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabCCB4.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\FG.url
    Filesize

    192B

    MD5

    0fcf82b5a915470e8a79d3516f582a36

    SHA1

    75f81b41607905b231521243129aff3554a58db0

    SHA256

    076264d4f165cef82f0cb07f6795f1d5ffa74741a943fca42cdeac65823bcae4

    SHA512

    adf69ec56756fe672677b039cb44bb13fc3adfac569f5ea4eda4e7b35de5ebe0229c5825ca8337aa2c623a773bdf775ddd3689e9fae03a7af1f694576d954293

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarCD25.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/2996-449-0x0000000000400000-0x000000000056B000-memory.dmp

    Filesize

    1.4MB

    Download

  • memory/2996-0-0x0000000000400000-0x000000000056B000-memory.dmp

    Filesize

    1.4MB

    Download