Overview

overview

7

Static

static

3

8b236331b1...18.exe

windows7-x64

7

8b236331b1...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    11/08/2024, 16:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8b236331b10222175230f054dd148594_JaffaCakes118.exe

  • Size

    88KB

  • MD5

    8b236331b10222175230f054dd148594

  • SHA1

    48d2c48c32ec72e93adb85e2052f02b4d95bb0fc

  • SHA256

    6266d03451c23c3b63302434870deea29d74d640fc4914f426a82210574d2ab8

  • SHA512

    99f5d5b2c8ce71c6e2e9d479a89c83b34374f472f08e105efae945dc29acfc6ff71398c098907170bd00bb5de4ee289e505ed036a0f94f297274d7cf186e5ba4

  • SSDEEP

    1536:9IrtYPW5lXMBsbD1RqwJVlASXn5HCJgSIxPNvyWAZJlrxZY5C:91Wg2fVP3XnhgIxPNvsZJlrjSC

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in System32 directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 25 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 24 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:1244
      • C:\Users\Admin\AppData\Local\Temp\8b236331b10222175230f054dd148594_JaffaCakes118.exe
        "C:\Users\Admin\AppData\Local\Temp\8b236331b10222175230f054dd148594_JaffaCakes118.exe"
        2⤵
        • Loads dropped DLL
        • Adds Run key to start application
        • Drops file in System32 directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:3068
        • C:\Windows\SysWOW64\cmd.exe
          cmd /c start iexplore -embedding
          3⤵
          • System Location Discovery: System Language Discovery
          • Suspicious use of WriteProcessMemory
          PID:1108
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe" -embedding
            4⤵
            • Modifies Internet Explorer settings
            • Suspicious use of FindShellTrayWindow
            • Suspicious use of SetWindowsHookEx
            • Suspicious use of WriteProcessMemory
            PID:2852
            • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
              "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2852 CREDAT:275457 /prefetch:2
              5⤵
              • System Location Discovery: System Language Discovery
              • Modifies Internet Explorer settings
              • Suspicious use of SetWindowsHookEx
              PID:2480
        • C:\Windows\SysWOW64\cmd.exe
          cmd /c "C:\Users\Admin\AppData\Local\Temp\UHzE2B1.bat"
          3⤵
          • System Location Discovery: System Language Discovery
          PID:2660
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 3068 -s 124
          3⤵
          • Program crash
          PID:2708

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      a0688fc1161bf9fac54e274af6959b61

      SHA1

      3460e468f83c3d29d17b10ef150fc5fce5c69aab

      SHA256

      b110283da82128d6cbaacfa1fcef93b3d175751e4a76708a52b6166c2a2c90eb

      SHA512

      637342b1d5b61e19807eee1403496695b032eb4c8e3e1372c6956dcbfeac96db9569101dbff3a1a21e6091c298fb9b81ee0bb942563b9b042937028f129dba36

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      0956c7e814ed7599d1e018969176be54

      SHA1

      e985ce3c594f5ed1a353fdf336e74813da5b3ff4

      SHA256

      729a630a7dd62da96cbd0436245b09096d6c9ff3f3004574f35686dc7dea7db7

      SHA512

      912e3b726f11c161be182bb0f1045a97876ea54bd9c31715b8ae1640d4428bf83221112df4fd5318109acb067fada75eedb5c2711d9caae7f702bad2fa18dcb0

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      fe8b0b37fe703c8e7f177ccc0160614b

      SHA1

      d3f9b4a8642f64ce28967babbafbbe49a0431dbf

      SHA256

      bdb6d6f3c93589ac44e529506cf54b52ba8da94c077c708827cefa8e95c0f693

      SHA512

      859cf988f9321b64db627868eecc08eb8c643fc9c7e6f1edc4334f4cc8d933f4cf480a4e23b7f2ae9b9109921799356083b550004902b95a7620d8336b4325ad

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      94f0906a4252065e3cad04e83b51c5ad

      SHA1

      df1832e91d85d0c8b426d6dab6e45aaeac036b4b

      SHA256

      df891148dd5867640535804d30b06c28a741c4cdfdea5646a6a170afeda9439d

      SHA512

      a604b8c196937d3e36c9af8248b0d9f5ebd3cdc7cb929bbcf63e8bb4e977f782fb9ec8bb2ded35eca8da84eb14b8342153a6d97063b90912753ff91c13743b21

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      faccf399d3560ec3135daa65f7bfa316

      SHA1

      53de8cf1bbe5405fb086de3cc16137f993a984b4

      SHA256

      17e7fad347062cd2a28071b3c64de9ed7a00e00668bd32c97ec1fe457b58d399

      SHA512

      b188588408811a65d8091009c2555894098b9dad08270567dd84a115ad96c1f602f147c49227243644f75ed7590c6210fe21d0bb9d4ff1c654b90d6ac9856cc8

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      3959c50519033bb6b22f5e2eb7b34ffc

      SHA1

      b0fe9ebb6318c4da423aee82c7a82d4089512be7

      SHA256

      c5f9af2ae0b239a41850f2749f4938adf67869ed462c7b44adbdc70aa9e00d9c

      SHA512

      6fd87a6f107e66b9eaa81940dd9f9729930baf57e5d96015dd3f7f292788dd3ad345f9adecadbb95e17050667c32bde2c7faa6f1ddb59a846c2c87a5fb9b9874

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\CabE263.tmp
      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\TarE314.tmp
      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\UHzE2B1.bat
      Filesize

      188B

      MD5

      0562e1496e87fcc5af56eafab3481868

      SHA1

      b94c206b4bcac42c60e87bb059a03f2a5b273bc2

      SHA256

      db2846237af3d5fa4483c55aea366f5e4de4d103aa892e936ed48a21b86fabbf

      SHA512

      6d83627e85fb62821261902806d5244dad3d955490af5c3c2b1536cbf751eaf969a5caffc099f144bd46b3087a6fe4d430d2eb0bd9b9eef207fa4b4fe22e3b62

      Download Submit

    • C:\Windows\SysWOW64\winitv32.rom
      Filesize

      62KB

      MD5

      96ba2119679f3a09985b523ea3e61df6

      SHA1

      5981d6b07068f8f8590ee49b4175d568135b941c

      SHA256

      94f9e3d1a98bdc0bfb5b2c95b0755c9ef9003e69a70679acc18af77e81e14368

      SHA512

      808d9f5c3dd8e0e4b154b353c9ae4cdffcb436b30a67080d5ece80311b78955cc03d8ba392b324873b3b2862c6cf649fe4e63dedd809c1b60f866e931d05dfa4

      Download Submit

    • memory/1244-22-0x000000007FFF0000-0x000000007FFF1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1244-25-0x000000007FFF0000-0x000000007FFF1000-memory.dmp

      Filesize

      4KB

      Download