Overview

overview

7

Static

static

7

8e8730c236...18.exe

windows7-x64

7

8e8730c236...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    12-08-2024 11:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8e8730c2364104924ba2d6b982716faf_JaffaCakes118.exe

  • Size

    313KB

  • MD5

    8e8730c2364104924ba2d6b982716faf

  • SHA1

    55e4693e1cd861f349a9e9bea58b7d6a102c5eee

  • SHA256

    d280ba8a00ed6d17a243396d2e9d64a3a1b44667dfafa6de8aba5d93c8150340

  • SHA512

    decb40146288b9d06c070fd0f98fe1b05a48b36f726d7e6da068f134ad68339321fbf85ac3c951a9bdaaaeb7e9a3bd24aa4e6fef934d973203ed68faeadd8318

  • SSDEEP

    6144:tVYmoP2D+6u6e1t0pUVnxNwDwIj9o9sy7aNC5asej5zYQou0MiJ/A0aufAKSN7bP:H2Pn6uN/0pU5XwDNox7aNo4OJ9pfAKCP

Score
7/10
discoveryupx

Malware Config

Signatures

  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 11 IoCs
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 7 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 43 IoCs
    adwarespyware
  • Modifies Internet Explorer start page 1 TTPs 1 IoCs
    stealer
  • Modifies registry class 18 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 46 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8e8730c2364104924ba2d6b982716faf_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\8e8730c2364104924ba2d6b982716faf_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:1684
    • C:\Users\Admin\AppData\Local\Temp\RarSFX0\synertel_ie.exe
      "C:\Users\Admin\AppData\Local\Temp\RarSFX0\synertel_ie.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Modifies Internet Explorer start page
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2760
      • C:\Windows\SysWOW64\cmd.exe
        C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\installation.exe
        3⤵
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2792
        • C:\Users\Admin\AppData\Local\Temp\installation.exe
          C:\Users\Admin\AppData\Local\Temp\installation.exe
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • System Location Discovery: System Language Discovery
          • Suspicious use of WriteProcessMemory
          PID:2564
          • C:\Users\Admin\AppData\Local\Temp\RarSFX1\Instal.exe
            "C:\Users\Admin\AppData\Local\Temp\RarSFX1\Instal.exe"
            5⤵
            • Executes dropped EXE
            • Loads dropped DLL
            • Drops file in Program Files directory
            • System Location Discovery: System Language Discovery
            • Modifies registry class
            PID:2692
      • C:\Windows\SysWOW64\cmd.exe
        C:\Windows\system32\cmd.exe /c start /MAX iexplore http://www.info-meteo.fr/consultation
        3⤵
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2620
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe" http://www.info-meteo.fr/consultation
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:1848
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1848 CREDAT:275457 /prefetch:2
            5⤵
            • System Location Discovery: System Language Discovery
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:2240

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d41e40c5b5d1cbd538a6556af517e9f8

    SHA1

    e8d428cff1bb7adf2f69a244f04343213d445b15

    SHA256

    612999f06b5903754c5801d666fe6b716fc383f5b88d6623b2daced69b3b0c8b

    SHA512

    c44801b1b41ec9a48310c6b7350dd8e40a46942773a0642e61233e750e20e2c101c3832ab63fa89f53b597c950c363bf630b28f6aa464cd689b3668f4ccb10db

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6920354f9a92f359104470f7c7b21af3

    SHA1

    4406fdbae2baf487183216424e875b1ac8e44306

    SHA256

    56d257858923edae42682fb576fd7d44341e970a2739d142041c27c76d757180

    SHA512

    d9113170a1fe7385d4aff7f568bc5410169a8095ca2e048199ea0e8ae0f3148e77094ca5bd6630e1dc10d736350c32faf9c4a035aacd53deaeff51bc555363c3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3d1b25008c851516e1e9260d08fe830e

    SHA1

    83c0f3e36ce64c03e2db5205d0eec454dc137aeb

    SHA256

    3aa2e087e316482a683e4dc0dbf066f1868ac4199272b9d53cd743156dfadf5d

    SHA512

    914be3c39bb922f9532de8ed517493387270e50022fde69501f9c63dfb8828f55c79e4ee2878f3ff5a0358a454115d5517fe1939d1675a4f09e41c0506b69141

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    59ea18f4672c1b3a68849a1806460440

    SHA1

    da7b796f964f1c550930e6288a5a676f789a16e1

    SHA256

    919214202288cae49483a449078f4dd7c56491e77cb8133bbb4ed8441cedcfca

    SHA512

    e0e122b4a291b4c9b54e6fc0968b8782faaa17342d1c50bc53ece26ffecf6be9d231632706bf4de09faf17c24709b86724e8f9cae1431ab4b6a5a551f9b95c08

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8a44845dd9341e26954e2cddba39df08

    SHA1

    8e1dc5f9c52972c2ab444a2b20de53bb301e4dba

    SHA256

    cb6bec6f26914374c1cbd56ab8cbfa1e59d5994853642c567e0b67fa925b41f6

    SHA512

    952413d1b21563e1e59522ee3cc352dc300c764af7803e336c9eaa8df7935f79f036701f92460a28fe87824854e68d66cf389d77bb5d42b4161bff6f715c4dcf

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    29fdb029dd9cac212b0344a01e1ca2d4

    SHA1

    845da317b0943628883acf64cdbfd2871ea4d592

    SHA256

    cb308e9b4a50686bd594d23e831d4604361fa5a8b34aa0d080ed7e4835689d3f

    SHA512

    97bdce52b29148d98ed0052f020584896d8f51fcf9a6a7e7160a052edba70caad4c3729140638f14043fd203640addcf2d9e9d7027e626c660c0e77e90146c79

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a2d10e55aeae2c829c9d6989497bd46d

    SHA1

    7720a909068676290710d096eb639862df7ae137

    SHA256

    751737d1273f9ccdf02cd9378c95ddeae1575110d174a509f744e03adfc8b1e0

    SHA512

    69fcd042f07e21f79ab03c02b578b9c5f692bdf1811d0e6ef1c865b34488f5f93ca0fea63912482902046fdfb6a2b75264bdfa4773b2369dd36df46cb93bd645

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1f3cce369cfc30c4dcd4278d71b395ae

    SHA1

    0dd439c03997cb7336eb1072b838a0149eec8891

    SHA256

    2a0e80afdd21faeddbaabf5f62d284605f2150e8b196765f7899e06b26419d76

    SHA512

    7920e02a807a4919bb36a4915046e96db9df7ba39f432f368e44a8c2efda278e0604cf2287fd563911cf0fb7d852d860dd1bf3c42bf86950c0674ff96375f65a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    72a2e23a4f1c321480441ce8cf87685c

    SHA1

    64d0658a20a2a1d8953589241ae3b4750b126e4e

    SHA256

    e5f4ab90107ba384c1b9bd4abe19770c53c160e78330bde56af89679ef3fb124

    SHA512

    af76979a969c4de2e28af38d5ccfb82f6bae059dd074a39730a3e4181d323e4688423d3a743e80b9388dab473849f0d72bac6f9872f9e32b8d1371506a46278a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ba2a5642645258b9d0e1cd57daf392ef

    SHA1

    6fa06485a909c53603098c0e35661d079e4ae7a1

    SHA256

    2dc3387fc6efbbc34440c38990121629a5009a51e2a574fb9e9708bd2bf3cc2c

    SHA512

    f3d8ed6414ac1b390461bb0b6c4d9e325e649dfd343c24d5748dc56c4163ef262b383ecc5a919e0606f8fdba82982aec5f9f4def95a4239438629832cfdd507c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d692a668bc956815ee8bf0ea5705f6dd

    SHA1

    80e53c33576f110a574450ef44fb2af7ef7398f6

    SHA256

    a1ea92c4de2a95e5903905ac7a2ab24c689255bfe1dd29d21dc6adbaa8b55301

    SHA512

    881e3693f0f04ae30b1731071d810c85656b80e58795e9f56a75c19e652806fc28cb1836aedc1b1bd145887893085e544c25530907fc505fca419901a51415d3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    55e21349bbb1312f25e158852839966c

    SHA1

    e939371b7d58c3e0e05c7f5aa30524e667f1c76c

    SHA256

    b0c50c2eedc8a067e0c29484f48ca78eb3a02bea64ec0082e099781c714e09c2

    SHA512

    a8013f9430f6719ee1f63103b2cb89150f8d366736c3eb1b39d9ee826069307b14a84cf357070b6fb30d1898ed3d28b9f2cd8a752b9b4a76068b86d0aba5b617

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7de2e85bfd76a3e76a554e7a116aff17

    SHA1

    14a60406efe6b3d712963c2c95fe2dcd298fcc0a

    SHA256

    cbce3511374c88e42dec6edb1bef97216fb41a06ad14a29312fb2a7626a67c02

    SHA512

    967db860e5da0ee0788d01853e5bc15d9bd5eb5b5d69a420d526e53c4ddf5db62b3ea99aae6b722a9be67a2260c978c4696d692f6957a7c77e32d8ee5fc9fab9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2da5fd05f7640ea1f8d62daa95499651

    SHA1

    2c481872bfca33f625e820c8ae025e0230e552e1

    SHA256

    e7d1d6419f4da655067cff668ba10a01ebd4f80907c4ffac0e34b43232669ca0

    SHA512

    24d9af169b161a8d2c471bf117076df690ba23fca48f9b1b9588f26986dcc612f3c4affefbcbe6d4cb3c9d386bdde3c791c0f1c1a5653f2fc9c2d068f1108515

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ca2f9a0b3e1ea55c62111687e0c87a27

    SHA1

    6e9708208d838e0726fa43742a351b55bb207c27

    SHA256

    bd9c5055bff569f7719458b0782b60e1899465bd7c9d4db1ff6d714e3b48c2cf

    SHA512

    525c9bc3d3a6352b7ab1edb958e2aef8c271add8b1f0ad601e7a38cc14587f7c3532228e81e9da68cd298a992ee8098088646f1a1672d1ad82e01696c6c5af0a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    91ab2da809cde8e1b15a2ff59ce5240c

    SHA1

    97e2953c19ecfd646c15d77b01c53bddffc5f3ad

    SHA256

    ae266cd223c334a4b05d6be076b46113df317a7756dfbe4415d93ab9cf2d2911

    SHA512

    6052cde9b9d1af60d54c88939fdc6dca2717dffb34d2da09515e642bdb19a5b572a941f070f4fe24d2b6c8d88b8cad035aa2125cc32cba9fb3f57c9b01549c6f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d6edddb3ffee7e041ca8d8790c3d9b18

    SHA1

    b5f2237ef7cec0820be1b2064e7d490f6f4d5220

    SHA256

    f6bf5e51c325ea86bbed5cd135bab9162606157680493948c8ea0a90c2336af9

    SHA512

    8b833d93ab0b8c4948945c254322f39833c7d1a6ba26bf0475d2bfe146c4196635b71784791b4951272f14682b7fb8b411e2f9b92c25ab8a64f8cbd97beb220e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    973ca018bd17fe1bcb1f303a31945ca7

    SHA1

    b5274621c20206ffd0fdf79adba4fdba11e366f1

    SHA256

    9ce8dd681114b87c24a2de01aae8d924fbf027a186b7ad1aca76716dd8bd964e

    SHA512

    29504f5838feb0f3270a76e4e21e0667234dace44e4c1a6d3f3e1adcd6a839f2cdc140e69d773be499ff20e79dc47e872042e77452e5e5575ea9e4c3edc0705c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    12043ef9308d57687fa2e2e63eed6917

    SHA1

    c2f0fb4c010d7e83fb9335c185b623b382b50bc1

    SHA256

    c7efc16173882c8ffece93a04c2fbdc80f4ee98e27b4dc7254e38919947636ea

    SHA512

    f9d35d099c8466d7e2e8003cc3ada7ae2eab67405e6c7adb36e4f6f2c44293e6aae64409a57403a52808ca0330ace2835cf0d889a71a30dac5d790006f24e41a

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab5042.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\RarSFX1\minftnet.exe
    Filesize

    440KB

    MD5

    6e8ba8f26baaf33c2f0fde5df60158a0

    SHA1

    f39f84e9fa6379455b09159df0323838542521b5

    SHA256

    dca424ef7ec3179cec5f1f2056ef6ef16ea334d26ff90b756791f236e2b6bc56

    SHA512

    c0617589ab3ad68a820e259cbe694210c703ab4bf86730a243dc6b6e57bdcc3caf701bea28ecc985a3c049a3e0baf9ed72e036b6925f592ef735e7949e83b723

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\RarSFX1\minftnet.ini
    Filesize

    230B

    MD5

    db5212624e596fc960667f10d2d76015

    SHA1

    b7354458dd53c7c6243859677c59f555fdfc98f5

    SHA256

    63b4d50343f47d9344494b5a010d8fa4dc9525e9c73c12de693efd2be26abc0f

    SHA512

    f04ae21868c877594471c839e2bd2b94146dd82cc935daa86625a81907ad51ba84ac5739b20dd7f59bf3c569e14f79199c0d26ddffeeee682ee6c3c7c64342c0

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar50F3.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\installation.exe
    Filesize

    243KB

    MD5

    89caeb802f93f13f711e393f2e857f17

    SHA1

    ba7ffe0ceee84d333abbd3b2918a88ebea72dedf

    SHA256

    6742be45f17b58762253ea1a86fdc9874130d3367f668e5be40c70a7aec1a1a6

    SHA512

    5ca8de7804eb44caf461c5574c2984128e82d1fd6db2cfcaccfaf942e90fa49cac5c8ed34ef6c0e626cbc37c69583b61d768bb5a151c4c6386717a50d8b11877

    Download Submit

  • \Users\Admin\AppData\Local\Temp\RarSFX0\synertel_ie.exe
    Filesize

    293KB

    MD5

    6767fc71af403f073f5a0d63051c9fba

    SHA1

    c3cc9b870effa6bdc18f1038463953e1dc1b9902

    SHA256

    a5876a6066bbd8857e40c0a65bcffe2c06808888a67b88dc5e2f0ea7c43dca10

    SHA512

    78c274da17db9b1016f2acc88a19dfa1d5d54087fb2837da6c6ce400bb1d49b3ce454bac407f553b361abb206b9c8ab9ae9ed0f0533e0626743dbb3878e4e1ae

    Download Submit

  • \Users\Admin\AppData\Local\Temp\RarSFX1\Instal.exe
    Filesize

    93KB

    MD5

    5442d6ddad3dda7c4a423efb2934eba4

    SHA1

    f9016450ba16228f2b72234916672efb2b8312cb

    SHA256

    2282378dc63c33457159768ccf9437202ad0b0c7e2ded02779a904fba560ad82

    SHA512

    402c8688cd1561b59d086097db041fa521ec90412e3afeaa48d0efc42212f06c22301c243b2a77c3d1aac4dc0060f49debb569af79146fdd0ecee0c9b3870279

    Download Submit

  • memory/1684-2-0x0000000000300000-0x0000000000323000-memory.dmp

    Filesize

    140KB

    Download

  • memory/1684-1-0x0000000000300000-0x0000000000323000-memory.dmp

    Filesize

    140KB

    Download

  • memory/1684-0-0x0000000000400000-0x0000000000423000-memory.dmp

    Filesize

    140KB

    Download

  • memory/1684-71-0x0000000000400000-0x0000000000423000-memory.dmp

    Filesize

    140KB

    Download

  • memory/2564-22-0x0000000000400000-0x0000000000424000-memory.dmp

    Filesize

    144KB

    Download

  • memory/2564-43-0x0000000000400000-0x0000000000424000-memory.dmp

    Filesize

    144KB

    Download

  • memory/2564-44-0x0000000000820000-0x0000000000844000-memory.dmp

    Filesize

    144KB

    Download

  • memory/2792-21-0x00000000001C0000-0x00000000001E4000-memory.dmp

    Filesize

    144KB

    Download