Overview

overview

7

Static

static

7

8ca9250d02...18.exe

windows7-x64

7

8ca9250d02...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    140s
  • max time network
    150s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    12/08/2024, 00:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8ca9250d025cec47d788c88a169048cc_JaffaCakes118.exe

  • Size

    215KB

  • MD5

    8ca9250d025cec47d788c88a169048cc

  • SHA1

    89566fe748cec0d9a06d473dbe5907385c8fafe4

  • SHA256

    e7c6ade551062c4dbe3daf28631be2580d3cd5e4f250c9ef7573a4df13d27594

  • SHA512

    0bf7c8c3e89f6a47c0e73ec6f95ece1b6ed49d31a0697a35271e590b663f0cbf0b610e76cb410aaedd45a985915f13eb923117df153c4b1a35d62f09449b6230

  • SSDEEP

    3072:v2HzvOOfwjdbsCOJHMhVDNY4WaNm5sPrGmKMReGRoutNr6+AA:veOOfkbsNBqtWaNm59oRoS4+p

Score
7/10
discoveryevasiontrojanupx

Malware Config

Signatures

  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 35 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 9 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8ca9250d025cec47d788c88a169048cc_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\8ca9250d025cec47d788c88a169048cc_JaffaCakes118.exe"
    1⤵
    • Checks whether UAC is enabled
    • System Location Discovery: System Language Discovery
    • Modifies Internet Explorer settings
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2360
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.gamecentersolution.com/downloadgame.aspx?CID=21157&AID=690
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1740
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1740 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1228

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9aa793cf8e7e3fe29e4970001888f866

    SHA1

    7b8d3052a468350487e15b2183cba782000efe64

    SHA256

    dc4c68eac8b5a02af97cbdac856248c76bf7f5358e51c21f12b65270ea91b7a0

    SHA512

    9ec6d05d8151d30a7374e4b7d3ff0d495b04bba5bb3afed5d359459df8f16b85ab2a55c265316a951f8cb705b738f7229ee3fe263c016aa561ffc3d2483e615f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    329dfca40d6f997ec8e221ab6352d3b5

    SHA1

    06015dbf9dd9137012f455a02ed99064fec3053b

    SHA256

    c268e7b42268fafb3361e1af732c3f311631cab34cd44135e62d7402c80bba4c

    SHA512

    ae941e2ce0f25765bcac50aa254de989b41c6d6f1ce8b45daa387ea1fb353fb48c81d4388ab239cff69259a41aa46f4ff731160cecfb104388577de380ab6376

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c9d4c8f11d8e940c3fa12bb4dc96ba42

    SHA1

    93f355809cee2461ceeb716db12b9059ad66ed48

    SHA256

    f1a45d7f35ec79c747d347c8fc4afb84b88aa7c03d0ad83ad4443cccb3870173

    SHA512

    16566c260d8174eea55a5b27c183749b3742ddb81f52f79ef7d4f93fe0d5dc3fe0e2ca395b32673e8fdc918b64fb1ec631cb7e223721620fffe0e391cc07b8e5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ae3cdc545fd2f8c44092b2dbb317bc55

    SHA1

    d8067c6d5ed770580ab996cca08ef8a415ea6bab

    SHA256

    13e896c85c8ea6446361e8d8cab3d524e592b31b523318e5b84b080a21e3e165

    SHA512

    d5138542eeb174ff0cb7b1039e7fec1a3ac820f1909b8388e0b3651eddd12c6ebc5ea81851c39db97963b22fa9cb7d6b94ef9c05f8b1f97b8cc65c20ee487b48

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    78fe2108ce8b999c683c4928872c9a58

    SHA1

    5d530d87b8b5b8fbf571a54708baaa1974c269c6

    SHA256

    027e33a78ef2316bc9f87b61565ef2e50b34cc831146c8fc0f92aa2dece3977f

    SHA512

    f35bb3156f38a07c49d4e67f292a95e9edd823aa92a1c2153764d353a8b987a8a39ff35889e8b071a22e6ecfaecbfab0e221505ec77360e92390bd4c36b193fb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    cade1e5576f0ee595503f503c3796e80

    SHA1

    682840c7c055a9cb5f98441d4a9d57133f279d27

    SHA256

    45b5f84ee08f3103e72bd222226f9f6de8ff26e1e9a96877e0150a9fa465236f

    SHA512

    38b5cd49831ae1cf52e3c88c885787e72461614497999dc20df4ce85f7f2b502d2b463fa9c18de37526e34499cc19fc81792bc3aba67f4335e88395bd2021a14

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2efd104ab07d5736e3c92d19a0087709

    SHA1

    57c00d9fc8dbace255c52084443008c3fab0d257

    SHA256

    b25c9ed3aa6f3ab79a803c24bf4e3b311c8b1da56673c569fbb4f0beb4fe93c6

    SHA512

    bd92b0021b5da11a71fcba73aa605feba692709d0698c66ccdc9f8b5270a1f781aaf743307561e2612968c2200729b7950346e47b8955c93c4716c1e8ca87606

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d1e89fa671232bc831b72477ecec36ba

    SHA1

    b500c1f9800a4031f3c792e9d6fde65ce63e689f

    SHA256

    470072f3007aa4cea8a335a56ef4cdd5072438cfcf00e6d789b28b50aedb361e

    SHA512

    ba5bcc272aa8aeffe4a91b2c85836b9980c25f1a5db9d467fdf5b721d7fb62785c624f58d6cf973943f32710613bf9b91850f5b64a1f253e0331166fc5bcf4ff

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1632f9386ca16284f004a1282ce0fc9b

    SHA1

    47607a8d5e15e767799888d1ce5c3418f2db0476

    SHA256

    c2e937d9c71b0fcf8df326a484123aa33430083832547f7a9a1616fcd5cf60c7

    SHA512

    25a6b36580136921e4c144185c46f18334dca3b58e25c6c6159c3ca9540043feff5da22c596b2af033d411d68f3fc5e8a53f6ceb3c4099993b9cccec1c0ef9ed

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1390a14f8c008d7b9c1a1dae29980df3

    SHA1

    bcb0af2f22dedd33a968cd29d7b37e5cccab8e7b

    SHA256

    16b22ae32621e3649fcfb5861d65ff91c587455acee12b2e2daa4e7d71c54f5c

    SHA512

    8806b9567e2220d56552c927a2b0d7541fb8cfad1bfed9c1f086368aba54851ff461404c454809c16e30eb00ff440f0eada0f86a8138dd497ce6d38795db566a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f7ab7f6f9ecb00cb90b76cc26490510a

    SHA1

    c83d52f3137788c260e3adf407414ff94c1b479d

    SHA256

    d8b79c5d3ac3653d937bf94b448b79c086819a18cfcb549ba006a39eca0d580b

    SHA512

    e3e44ecf89d4d1685192c828639622596223ca3dfd18442601388038fa0fe244f2be306cd7cf10203d6e657ab391d2819b5d6cd163261bcf9d02c24dda40a78f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f39ace5e236554aeea332a04467f96c5

    SHA1

    8a013eaf658d723d3414e39911628626746349a4

    SHA256

    e914bbb136b842750679e5bc3a3df65c210f29e307b1b6e2b1889a11918ad4bd

    SHA512

    9c0d1100d02f1b15ffbdcbee4464fe3a097a8d98b2db0928fab32cd73ec30aec4cfb3c5584a8210566603ac1e7dce46585a5fd4a0fa85ce41b70721a76004362

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    bfb3d35b5b7ca7f432e123890385b1e4

    SHA1

    3d50d39ceba87be783988991979ecb8424f777f3

    SHA256

    59f4877c6d050cd50894d5b1b8c4d2644111c75b8c173ee0ac487b64c68b6ca6

    SHA512

    5b65f794c67cc052a0fb997f468027522c9858198ae66377cae207af32fb0bc9230574b12966658f14ad35dfe83bc2426303d9bf6bd7578935aab9b8880175ef

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e336af92fae290e0db2b1cafd017e131

    SHA1

    f5071524e4f22d86a834f8de97321ff659eedf83

    SHA256

    595a5ff2e6e21395e6180200822c7dd5ebc2b3725a1238f0ccb72327d6017875

    SHA512

    34fdb3c0b84460979b7a08d02738f0390c225e4e80f4c7857a5ce574ec6f1e726f15d82e89fecaff7c14e08829b2a21dfc2426beb87c15c3e63f5d409601256b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1304957518bb193b26542cfc09913f1d

    SHA1

    77c97170f486d09c3d7b81eb870ba49066575095

    SHA256

    6f6d8ea8e89eb686e643db7a5dd18378b6b367c1e6e26170d4e67778dce69d3f

    SHA512

    2d921d1d4846b47d7d337b43b137b3033359a7aaee2d26a47e80eaa397312626b95bf727ce3a6c7391b80d24a60de176f1935fabcab3a363b9f138a28d1b3333

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    bea08e65daa6be12bbd0266606b4ded0

    SHA1

    c2170f069de79a14546017bed40ab9a44c177834

    SHA256

    fdc04d15de7bd90cf9cf01483be01574cc36dc8a340743507ef73044cb6021c6

    SHA512

    cd7b9d89387aea83d62dbc1ef868bafcf59ee153cea2ef94f4c6d37f2cde18af40841694e90e47c56315bf062b10ac1b7772ef8a2af1ead1da2a14d46dbf7829

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    14952ed5b003920785d3bd6cf5531fdc

    SHA1

    9f4d6652dc2fbb1ebda979123a1a5d471e8ec831

    SHA256

    838dc10b6a6b542ca8c1ed9f74d9740ed04e8b9d96dd4df3907320873e626bf5

    SHA512

    62a42c32c59428a955251523adcc70b43dd342dfcea3494cba70df8b9778a2940794c1e250bd798170f0efe9aa5dcdc4bb655a5d70ed25a9ffc0999141e63766

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5c54a69358ba317e579ee579fd80fb81

    SHA1

    5d2b85ebc471b6d871210ef0348f1ce948a34d63

    SHA256

    1b5013d9a47cd0323c8b7dc2cd20f27f7cc8701246885242828d27c818aa29cf

    SHA512

    9c1f74e849c606043154bb1b690dec670b7a60d1da208f6238aad4819b52dfd89e27c43b985b0bce79c4dd91c958cab0ad3e4f21e37bcc3e8038bdd7f364a768

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f5ad67ea3c52dad0ff4118343913b59b

    SHA1

    4fb6f4e2dfea05cb5092b63484fa5388eb49af05

    SHA256

    728a7a9232d5a2698b1eab20d4c8acc4609a3f9ead72235bfa2e40b075f7b2cc

    SHA512

    eb6bf926fae162cf80f6fe3246046a048843c3d51390c30cc1931b653c64748f598b9bac9d137efed4ee5ae7c7902d6e29df53a8d76899d247dbd4410113034b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab894E.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar89CF.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/2360-0-0x0000000000400000-0x00000000005C5000-memory.dmp

    Filesize

    1.8MB

    Download

  • memory/2360-24-0x0000000000400000-0x00000000005C5000-memory.dmp

    Filesize

    1.8MB

    Download

  • memory/2360-26-0x0000000000400000-0x00000000005C5000-memory.dmp

    Filesize

    1.8MB

    Download