Overview

overview

7

Static

static

7

8ee5daed55...18.exe

windows7-x64

7

8ee5daed55...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    148s
  • max time network
    149s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    12/08/2024, 13:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8ee5daed55f106fee8e830219f0b1f24_JaffaCakes118.exe

  • Size

    191KB

  • MD5

    8ee5daed55f106fee8e830219f0b1f24

  • SHA1

    5f554a6ff9cdac17fa5e91124fab4413bde1a25d

  • SHA256

    cb51efdee95f1005f0ddbb5a32f9972e31f2e27c0b143f5de421e847bee690dd

  • SHA512

    9c4602adf24e33a04531905d019c31cd97dbdf84d3b9bc223d1ec1aa06d7c25eec01a3949b1fccc68d132435b975b506bbe309483788568f2c53337b73b6af90

  • SSDEEP

    3072:FdTejYQcRkBtZy/kqtcGxekIQ8bqJLSjDexH0THKLW15Y5dyO5SDLm9qJV8Vd1v9:PWfUkBPyrtBxgQTMK0TKpxS3H8j0bW

Score
7/10
discoveryevasiontrojanupx

Malware Config

Signatures

  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 35 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 9 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8ee5daed55f106fee8e830219f0b1f24_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\8ee5daed55f106fee8e830219f0b1f24_JaffaCakes118.exe"
    1⤵
    • Checks whether UAC is enabled
    • System Location Discovery: System Language Discovery
    • Modifies Internet Explorer settings
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1732
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.regnow.com/softsell/visitor.cgi?affiliate=36566&action=site&vendor=8813&ref=http://www.fenomen-games.com/files/ozzybubbles.exe
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2564
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2564 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2832

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    10a1237ae8917b5ada8d8e49cf872ae4

    SHA1

    b84063491a8ded6414db8a037739687bdc881d39

    SHA256

    cd253b809bcc137413e5527bd587f15346348d90ae64bdc793a7261267b0282d

    SHA512

    16bb01b6c7927a3609c991e9718bf0563576ed85f0fe553af8972fb64ae3c13820000a0ca994099416891eea0ea606bb477dd71d2759955e1aca3b35ece5c3a7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9e0447a397581def19dacd08d63562b7

    SHA1

    bfed4fe9ee8f5d1147f9b643119df47db1419064

    SHA256

    8add5321d76a0b9dcb78c30900d635283e7870de1d9280bb4f159118dd023a1d

    SHA512

    aab6e12a810d864b3af8d6435630bb966dca12d51f5a7d521d9c1dbaf8b954069875be62d368a259ccfa10858b00ca286001ae163b6592196e0d7dc222c28cd8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9acbb6ef900c48f856f7d4b61be873e7

    SHA1

    3ea2554da1ad751bfb56152932efa11b632470ff

    SHA256

    40aa21f8837711751795b253b505e4c2da6b0fee5ae2caa53a44fcdef652d2ec

    SHA512

    b024ac0a9579e72d7542a08031f53f0f1bb19c6a5c5d4f2452310cc58d89d0889f345815682798d233be2d1de04a2c7e902d10a715562a4347360a0f66bbca76

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5c7307a51dbf6745b05102a634b5c79f

    SHA1

    4f238e11f3909b4f13f73bda5f6cd0a98a2eabfb

    SHA256

    95328fe96a8c2d84edbd4cebf8b655b55e2b5e86f747459e1ee8a14f9f397b4a

    SHA512

    1bcb7e6128ff8f35415585d6023a72d8a6550a98a39d8e2159fba206143b69ae991110080b4933cc243a8de2eedb8f50b7a73543b2fe88c7f0a114b443d98759

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7863347567cf1d455bbe54eed7601965

    SHA1

    2c62614d4f12cf2503609d0a8f425bec0fee82c7

    SHA256

    d03c4ce1a90731a8b38c5168c8b4815bc44933adbf006cad6a3b21265913568f

    SHA512

    5c789a36d2214ee9e29795673e0d04b2778bb9d02ad276da11e0735295a5bfd9cc9b36a44774c2258d881c0a6eaecdfdde88421aca1e73455a7dcb209b5e3647

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0b396c00de647aa09c9425c368385973

    SHA1

    7ce5095e2df96cb6073bdadd15fc709838de714d

    SHA256

    5a10d177b4ad8f399ad7d70b0c2921d2fb807aeb0c50fc5bc8f1999d7073abd8

    SHA512

    3a68188c937863e7e8960666105d4f9fd3ac162d306832a1bc80428f46c2b3e6221e93ec262aea199a24f33c361deb8c078395f16fb950e4d9de1b5a008ad3fc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    acbe2a32c765f688f7393690235c3ad8

    SHA1

    6244dd7087efd3ddd84ab798a4b14400e32ecc24

    SHA256

    2e78284820bb06ed6c45edf1cd54bee7c7102349097a65a0a9276c508fd5113f

    SHA512

    54d940f4207b402e4cf9e9f5d01934e5d4b8c7fa5935eb179a7fc2a6a8c299590364088435ed12860da845ade7fae279537da774cf9adf66705f837bcba4de6f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    522f38e84dc4c95d07ebc5ad74e12c5e

    SHA1

    e52d503603a9f83e083a9f8b177a8455c85eea70

    SHA256

    cda71900001ea7488262d2f6c3da2fa83d80574267bcd5a4bdfa7c4e43ec4620

    SHA512

    8def242c55642c6733dfa39197a74df8e15433fb14ef61e248f55a43c8d7a3a54d6291b69a3070e95c5e213f520859cc7f6520430c24aa2c05b91193614a8015

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    39debac6ca22fe42942201490d474fcc

    SHA1

    6c0d2ea2112a46b151a0baa39f1527ad81f8081c

    SHA256

    2c0e438ff0da3031dfb2ca18ed8ea4441e9aeb9b25201dc2002cfaaaa4cf5e78

    SHA512

    67e57c0274ca81d462cb14683829776d84e5b8de6ce912929886b7fbffc5690eec5c21fd4d24c240f43fe28bb383addb9e2e48c06eaf0e34c9f7ac8861c29a44

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    42004232d10d5a54bc3ff3d381b417ce

    SHA1

    1e898a4b3f7e57f80e7a57e6a5d29e669c971312

    SHA256

    89da89f952cc33758232bbb5c4905971454efff72e2ca2237d80618039da9ef4

    SHA512

    f854f14d3a1ab7da9aea3ce569d7c1e7ab7ae6b974be5f3ce1b5ac493abfe7c6ab9b6a359b606c2830af986fa8c2ec1cad5df6da18d9e61893cbd00c1d1b9eb2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f680ec79116dbd4eb19a0c3d686b935b

    SHA1

    aefec0f2cc55f2f7d66e3e2dcb64d5324cc11581

    SHA256

    8e8464a238fdbae067eddf1103927cbf46463c963991ae2cbeb28167961c7bf4

    SHA512

    69a96bc16bdfb0a6de7e2cfb642d3948aab69e2c905c45e1e9ad46a7b34512a3483a3bd7d7c5517c484679cd2749b9fcd50b7d153f67934085c195f4f7fb6d83

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b7142ca90ce53e3ace79cd5de7f9d989

    SHA1

    5f493a43c013a86e8ce0618f3e4b94f155095879

    SHA256

    07ee6654c6878b970b591b9069043f84c83a07b74d2da5313bf65dcc0f81e639

    SHA512

    7c349891cc531dbbbe099cb3518d77a507fac0c7d5c2c153b06ea5834ff8f92d0ad951d988b65e70203047b23451245d4a6411b4daa7a440ae180a3a89c6ed83

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ed957d73ae653bf844d8c10b863d1da9

    SHA1

    1bf61dd47eea3bcc212f8aa0932e345130a2f072

    SHA256

    a124f97310f661bc99fadea34d13dbe1aaff5908d3faf0573b70d6d7b9778597

    SHA512

    b1e8963ca8369f8cf685b55c49847908d80ef5456a76f147d7c8e881fa3faa89f236127d131915c12ab9da0047eec7b781a37ab2d6fbefab02eb54709f204c3d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1d289ec8bda3e7d5018748d7dbb5d2af

    SHA1

    fe6e130dea36146d719c90bb5374877c554f9812

    SHA256

    7858536f13e0ea481ac33baf30b0e38773c84c967b3f507594c655692bd336ad

    SHA512

    5b4c55c1e3a5fa1a1902ae3613f885e251b3c5cce45023c11b8bb01cf5a404a04d33af82ceaa410afa0264d8c2e742c2d0083de7fa79342955b092d8e5a61c9d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8194510074c51c49ff5022556cac8d5c

    SHA1

    9260751fb24b62f6f610e1765340982c4bf53228

    SHA256

    ff0bad04e23841509180768440d237d61aba7c61ed26dee5be1f4107427ddc98

    SHA512

    13dd5816b7eb3165deea4e98b971514c42426aac87be6a73069a1d4a6ffb706efde6b2648b1d413ba92aef4e16e4f22819c17c679f1b6274a4d4f7208f855adc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    10a13751942726fb7c5be3a02674883d

    SHA1

    f6e1ba2845f0e79aeafc3140defb3f2ce3da8ea9

    SHA256

    3d30c97c2f2ff4248ac0994b6e7eb0294adf79181060d0a0bfc43c2a85f47389

    SHA512

    142884905301d927c0be1d9e91411feeef2bf2ac4028acaea8719a41d92a55b9a6c9f8df0950079134aefb2e5c3acfb9df8ea208d2acea80df4c63a2efaf1147

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f78a6beff0323e4d4f87aaba45c10d48

    SHA1

    e672a0beeb78950ac8115555ef8ba8319eb3aa4f

    SHA256

    12e1bd51c8e132d08ab61f9f217090c6e3ec92997abbcded53dc594d773979ba

    SHA512

    0b1e157cc71704bbd88146592647fde48cc1498ba7ca8136563df8e474a29841cc2aac8d13684c3926c8555fdf189762283a9425613438f0043cb3715d1a5a8c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabDC9C.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\FG.url
    Filesize

    192B

    MD5

    0fcf82b5a915470e8a79d3516f582a36

    SHA1

    75f81b41607905b231521243129aff3554a58db0

    SHA256

    076264d4f165cef82f0cb07f6795f1d5ffa74741a943fca42cdeac65823bcae4

    SHA512

    adf69ec56756fe672677b039cb44bb13fc3adfac569f5ea4eda4e7b35de5ebe0229c5825ca8337aa2c623a773bdf775ddd3689e9fae03a7af1f694576d954293

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarDD4B.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/1732-449-0x0000000000400000-0x000000000056B000-memory.dmp

    Filesize

    1.4MB

    Download

  • memory/1732-0-0x0000000000400000-0x000000000056B000-memory.dmp

    Filesize

    1.4MB

    Download