Overview

overview

3

Static

static

3

8a8ffa296d...18.exe

windows7-x64

3

8a8ffa296d...18.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    149s
  • max time network
    137s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    11/08/2024, 13:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8a8ffa296dc111706e75f86d35942a73_JaffaCakes118.exe

  • Size

    9KB

  • MD5

    8a8ffa296dc111706e75f86d35942a73

  • SHA1

    b7eccd62f98f0418473c94197371f80580d3f1bb

  • SHA256

    13e1b28e3466d3bb8768a58216cd1609636c0f28d8cf4207502d8205401d814e

  • SHA512

    bdec27dad0dca3dd4966b329bd1d4b507395b3c3b14267927dfb84f3d99d796d3569b88e44c721631ed4e54e280c5a94c72a9b4ef0e7592da82dd99ea9a37480

  • SSDEEP

    192:x2IQ0EE619aKBuFOzTFfztPk1t8rAYdIjt5RXg73ym:x2IQ0EE62muQP5tct887RMum

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 58 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 11 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8a8ffa296dc111706e75f86d35942a73_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\8a8ffa296dc111706e75f86d35942a73_JaffaCakes118.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2876
    • C:\Program Files\Internet Explorer\IEXPLORE.exe
      "C:\Program Files\Internet Explorer\IEXPLORE.exe" http://dl.kanlink.cn:1287/CPAdown/vplay.php
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:856
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:856 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2296
    • C:\Program Files\Internet Explorer\IEXPLORE.exe
      "C:\Program Files\Internet Explorer\IEXPLORE.exe" http://dl.kanlink.cn:1287/CPAdown/PPTV(pplive)_forxuyan_0977.html
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:668
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:668 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2716

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5e8ad3a87d3f8f632da54cb18dc0a7b1

    SHA1

    fdc6e203cff0cd32f5dc3519aa51654ee5d4fdbf

    SHA256

    ece95b12275b0f05059d673d4fe10cab1a6f2a7aee1a9fe9b4ff44096daf12e3

    SHA512

    6b44e8fce493d225eed3b9ff9f2c54a3697f24316a3ad21b38f7dbc66a7a6fa7cace96fd8ab5330f777cf98b087d76af1bd04cf377cc8d33a6603e52c5cae427

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6e81d1da94248115af4a11e9e78a01fa

    SHA1

    90ae5c20d6b0628904aa3e458d75d30c9f1e0d43

    SHA256

    5f23549c314f32ce56472ababbf339d19f4e7cd4e3cbad9f44c86a35b9612773

    SHA512

    02e0fb67d6a4b3a2cb72abbee26a954f43ef5a6a94419bc833d84213236e076d0b0f10e4769bb2b63ed3ccab0d8554e679a4aa102adffa8b219e2eb1e4fb6342

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d358e8e4fb9f14d1570bb21f132bb374

    SHA1

    a169741b0540d8c8b71ae2d13881cc68aef2a123

    SHA256

    b269224f5d50cc48f408a3a1970a07c7b02f4e28c34988392b7cee92c3d97f3d

    SHA512

    ded61194974d78c45713e9126ce6b0307d400924e35c1cd07dd78f03deb0a61fae961ad808546a646bbae6e499c1366d4148005e9360e29d0d03c64b6056f17c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    cb399641ff3828e86047b2d78abcb487

    SHA1

    c8fd0029638931ee89d81c737cc307dd4a46d27d

    SHA256

    870c6e14c3938a428d6523524de41637e4eb4c14eea338623a44bfd05ce27565

    SHA512

    2cc3f84cb1317ad8ac87036bda9cc0e5744d658763a6507893bf6c4471539f7f301db3787e90ed9066bb0237b1a4680c2969a6cabb2b29d135ed33a800bfb905

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f1bfa8972e6f66a8fa960dd84e089037

    SHA1

    ef95e82bb129edfc1ceb102db1a763f1636fa08b

    SHA256

    939fba52d066057439010ac7496102de2fa53196047a5f9d9eb5338971e3c245

    SHA512

    1f52a8c938e08a751158cf0de91f3656878b247600e94457c4ccf4f44999632e9c7cde8110174b01388417c0068555c1156f850858f98b42aea3f5990eaf818a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a45a9eff53bcfec78dcbc834d969b3da

    SHA1

    357d13d73617b499fb5bae38500a1f7b1f4fb1aa

    SHA256

    d53b722e8de58e9e67cbc36bc2aba156347879ed918e10a83618d2b7928fc5f3

    SHA512

    38f9a9914f99f68f27cf661d1674669d3d41329a3de8f6039b8d6c559a41c0c09569ff2307fc6b91cb5576cca1dd0ba4623a0739a5f30c2938d8d32b039d46eb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e75aecdb50b422743cbddfc393faadff

    SHA1

    2b2f13d0aab3f1d9b71f9bd8ed2d4cc1db9f3fc8

    SHA256

    0975a7435b5aa7cad30cf4b2e5a1d8ab120672863032d01bf3afccb4b2419223

    SHA512

    1041898f8dade3250b8363898c844dd7874333d35965d0e2379d5d8eee14663c6d6c4be0d007047930bd933639b447ed9c1c39ba023307b9f7f502ce5296a56f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    353c53df02803bef0a5bfad48d008652

    SHA1

    cf333bf64c421e3891633e1ea03f97ea407e6f9e

    SHA256

    410165470bbdec4a5ad4f1ba9e0623f9acec2f4327657688b7f169d0a0faaab8

    SHA512

    f2ae24e5e28e3d0a52e96649d10f403a9969890d0caed418b67ea510ab1cfdd4f427d0d2a77fc8db9fa3be348162ffc762eae35f8bc8c6410e09f779acae2f90

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d854a23ccc82eb63c37d813826b653fe

    SHA1

    90b0358f0466df64097c02928a606a33f0baa9eb

    SHA256

    5a758aca7bd000502ffc6917f92037e4792847954045b4c5f4fe43f64c59df53

    SHA512

    8e6e0130bb4cd9e467402ae0343c906d9631440898757c58ad05bfddb6ba9647cd4c40ace756d1a9f1b96edcb11427ee06a2460698178301ebcdf841d807640f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c3a546cb40215da4d79972478783e8fd

    SHA1

    9735bb2d76757b908ad4fde5ba8b5313d5e378b4

    SHA256

    d0625e7e9a97091a694f4a9f9efb62a8f1ee31384ddda129790bc466993fbb7c

    SHA512

    1b81d78a1c538438b559481ed6ea8175982205ed0eb0bc84b5827689fea6c244ea326710330781734376eae982e7397f24cdb23ea7f3c9a2f90892ae5e1983ac

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a3af62c1011e4b3c704a07dd9c692718

    SHA1

    38f4177da262d7794c75f6dfe67f8e8c27096e21

    SHA256

    361591adc6c81950c0383ac4705d0dbd8cdd5d1a75123752c35a7a47458ca878

    SHA512

    276279c462325f397b907840db03a4b180f45f36fa75a33697514cd87dbaec405270c300c8f940a4d5f921e6cfac925935bcf3bd7a675b79c20d4322fb7246a4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    858189fdf21c11d0a859b0f3b3051125

    SHA1

    048e1510714f3b1726f29e34d48b9232776dc5ec

    SHA256

    ef3646ed3edea8e64d731a427f3d15e30e6453812da6b1f3a1034bae84b1fcfd

    SHA512

    6ed4a30d2165c6e8be1a7a5c85336ba1d9afa0eebf6d015671e7e8c40fc4b7e8a6ce2b56660f526cad9fccbb90cb1044517f3cc2915341cbcc3181c6d527b14c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9f05c288f4c420d96210015eb20da194

    SHA1

    656a4ba2f35fe121e95d72018354068990272bbe

    SHA256

    cbaaac296617647f02e4fb4ec119798097ea69f15c568b53d619e314e080eee6

    SHA512

    5e83f833c269ba2bd72ad3adcdd03eeffc64e8c1f72b0c8cc97e30fdc5eae62589185e58e8aeb2244882dad8a761f8d8c26b0755eb0372e3e897d8a30b5f1393

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    aaefd0b866bc732c54b533c7576a3a36

    SHA1

    113eaa9286ad9bc992dbfe4a88589816464917d3

    SHA256

    5a5648f707f74fdb45cf71eb39c34326b4e67c5e27d5293a7fdfd95f967b27ea

    SHA512

    0783dff03737f921fd5e5971af3715b322f4a137201944adff2924076312a31beaf3844c3cd3448e258d93b4fbea2aa95c3054638b18730b937256004bbe343e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9e8d41f45becd47b48fbbdf5de45cb30

    SHA1

    cfc676986e285a66c02e07fc8b9895caf772a61f

    SHA256

    eee916982022ad1c9eb27abf388ab51c9ff2c10e490c495e2feea369601a2acf

    SHA512

    9ad40c25424e152b1db575725bd11a123c47ad0689dff53bf57ecdc831787fc3499795013c1bdcdde09f9e3a049fdad8ffb7a766ce4464b73f5ceb31a3f97285

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a8c5ce347b14d7489aa4d4b78f459ea6

    SHA1

    24299936048154a31793019941608831e0262d2f

    SHA256

    cca2a73e6ed90e0abe1ef66d08bab5940b185e467081868e635c7720c4c99a31

    SHA512

    01b39a342a2dc003b43c0369a320fac29499f8ba1327a9499d253156b43d00f07a78a346ec825b8a9f51f7effc43d97d4f3d1da0ca595c748bb8f36bdf6caa91

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    21b45043aaf0e79181d50bb1227959b0

    SHA1

    1f46a3cfa19de45b93f3901f3e2d7b6ef76b4ec5

    SHA256

    b2ea2076580ba4ea661a6f75daa2ff111873458b4d04059e8faff4f6863f586b

    SHA512

    75d29eb6df3a0054cdd6c798a9f34a32aa566f2f33cdf2304fa32b9d93e4b732939f8a543a200ae77fff35c46ae1dd0c7ff157488ae991fe9ef7fdfbfc57b1f4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    caf5a2ec6bd565744bd30ab521fb0a0e

    SHA1

    ea670c1d0bca629fc037265b7c251fc2d5397e65

    SHA256

    712f06d225d67ffe37842d4cad78ae8368537760cb9e1f1c6f3431432fc2340b

    SHA512

    bda7d40123a3cd7aa0dedccc82ad7d58b3db7535e0206f5f4c81289b5e493fd26983abba1c08a9c11400a5ae916ee0c53dfa84ec68362969692d3caa06f8f33e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3c38fcd8a8589c0e124ebe8a3c620772

    SHA1

    d05569798a62c6a288615dc77a0cfcafd87f7af8

    SHA256

    1dff845ba19c6e784fa62133a9af4c0b0b77777ea920b71afa93b2f4d7c48c57

    SHA512

    9e6a2d5102c6b32fff2d48ba266598d47e0a0d2d2123cf23632b34adf7e58ed0437b97da825ca76639d2c1cc7e53d02d8e9ab64abaabe77848a530a33674d6b9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c98e5056a982c945f8029c4a8bd3bc47

    SHA1

    32cab02db1e17f5ab2af25a127ed55e1fc17262c

    SHA256

    f63300eb98c54c8e3555b37d98668ba9d1edfc1bb1ab55b5232531f9c79a50df

    SHA512

    4c298a9707e7b10224402540a21be3e1ff882ce41987cb9366a11df3d24b428f206b7baffe3dd664cb851a3bba99c2883179857fe190286e38eba31d29b029f8

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{4BF9A301-57E7-11EF-BBBD-C67E5DF5E49D}.dat
    Filesize

    5KB

    MD5

    89a8ea892004f9004626d9d0f4623f9b

    SHA1

    d0d0ad5fde3430da73944d2518feb91813c61c53

    SHA256

    a9c02d6e05d7dd4f9028f199fce0737b376ce0cfffa9a1ee5d045d3478b23422

    SHA512

    fb952ee44a189a7f89542b5bc9370181ac7cbf67d2f23f3bfa3205aabb091f1db0cd6051760fee3b5eb2d13b13965b899a6cc71efa874ba42e62cf6572f58614

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabBC40.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarBCC0.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/2876-11-0x0000000000400000-0x000000000040C000-memory.dmp

    Filesize

    48KB

    Download