Overview

overview

7

Static

static

3

94e7555da8...18.exe

windows7-x64

7

94e7555da8...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    150s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    13/08/2024, 22:00

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    94e7555da83aad6a60f410609eb57406_JaffaCakes118.exe

  • Size

    102KB

  • MD5

    94e7555da83aad6a60f410609eb57406

  • SHA1

    ed185dfff735b700d309e882d3bd1708df81ab94

  • SHA256

    80483be2def22f48ec2b5cef52cca139ec1ba60b86cae93b680a26f727578984

  • SHA512

    b521659d5e783ed08b03de3266c37312601fbab9abb06d5619bddba257f8a3abcb8293a3e5d5a65d55c917dae81dfd1ac1f3999d55c4f0c074035af70af941cb

  • SSDEEP

    1536:MkcUv9Wrw3h3FA2BJskRMbBLBZCx5ywyTjcol97NKRxWMZvbNV5LtL3HARRgr:1d9xR3G2BZMbBLBaYw0coLujNH1HAR2

Score
7/10
discovery

Malware Config

Signatures

  • Drops startup file 1 IoCs
  • Drops file in Program Files directory 5 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\94e7555da83aad6a60f410609eb57406_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\94e7555da83aad6a60f410609eb57406_JaffaCakes118.exe"
    1⤵
    • Drops startup file
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:332
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.chrisqueen.com/cb/2ESTEBAN1/program
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2740
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2740 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2668

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Program Files (x86)\Ganar dinero en Internet Guia para Principiantes\Ganar dinero en Internet Guia para Principiantes.LNK
          Filesize

          1KB

          MD5

          bf8daaf6c66a54cac4b43f4bd4425fc3

          SHA1

          7cac8164bb6c647c521f5f7dba86375269ac590a

          SHA256

          a30766d0ad4421e092218264d118d2f55d5de866d7dcb8dec4e82ae78898b7f7

          SHA512

          c6d0ac68b2516efb15e9cdc4bfc1f9848e1e2a23ab54934bbed293d33b606e3242f9c670a2b60d10279db08c2da6a3cd2d9f9782da7aa6a8044535538a952d20

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          2dfb180678f3381f1927c7369864f379

          SHA1

          c5f31ef70ec6e1c061aaa8a74353509355cee818

          SHA256

          0de9153cfbc7958e0956ab6cefb8496c27cbf886c3e9717f251b3a0de3412db3

          SHA512

          6bed39672464f2eff9517ab9e6ca17397281343ad10b74b5bdabf00d235b40ae7a07c1ffcc70fa8d9456d2479e4d63a71e720053f5c1250b64f0cd588996fd34

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          ee99d2c5879e94e55ab4787dbd2a6f87

          SHA1

          d8867b2cbcf616a333e97cc73f6930282a6520d5

          SHA256

          a7b5456acb5fff6f91549abb3d677f9b6deadd91618d49a4409997ff7e46b4fa

          SHA512

          9a51f9f708d5c35b6d6b8bdf5da8a6d03a0adfe5ddb5410997e4742bbcbc0d2227176932277a03e9f0fbfef26fe06076cf05cda76209011744853dd8f452862f

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          b662f68a9c3b4500dc9e70bd66218627

          SHA1

          e619a46e96b222e5c9199883b2dccf9cb2beb499

          SHA256

          ae6a6aaa8aacb42446b659e4b91caf0d306dd31fa0e95e21cf23f4e2f29da587

          SHA512

          31ca175be406c75f9c2052be59edd3e615aa7150235da4ab698bf1bf685f43a56c15ce5822d766afcda27a6fe19381f5d0608ee00cdc4d8e6a8888a1f7b3f3da

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          a4c0332a9d5a00cfffd2a8705bcc87e1

          SHA1

          b63e8c39f780ea06b4632b2d3e3ac895243a253f

          SHA256

          21df5c4bc749a859a883ed05eb6ad5aab25435f3fac282bba6cc96f1975c13e3

          SHA512

          c540cb988b2a9476bcdd29a8dd3a36829c3cc42b4129e18a6663d5f78df76f6d5e970ac869dac3824dfee3610b74fd54896800d9600ca0a052eaea21764c86a6

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\CabFB81.tmp
          Filesize

          70KB

          MD5

          49aebf8cbd62d92ac215b2923fb1b9f5

          SHA1

          1723be06719828dda65ad804298d0431f6aff976

          SHA256

          b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

          SHA512

          bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\TarFBF2.tmp
          Filesize

          181KB

          MD5

          4ea6026cf93ec6338144661bf1202cd1

          SHA1

          a1dec9044f750ad887935a01430bf49322fbdcb7

          SHA256

          8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

          SHA512

          6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

          Download Submit

        • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\28c8b86deab549a1.customDestinations-ms
          Filesize

          3KB

          MD5

          9a4570ef116db42b868da8770b06947b

          SHA1

          a2847c3781bb8d964158b49b2516ec52748ef285

          SHA256

          d58bf86e539604c084ff44f2c7b25f1a96e4d83da8c1f4c3931bbc54723551fc

          SHA512

          2f903fdae8b7eb3d044da848a2268af7d873db6acd9ae9a050171b14deddc71ca2649b8c8067f4d4247324e5ea7a0fd297b7f9ff1e843bad285ff32792ff6901

          Download Submit

        • memory/332-18-0x0000000000400000-0x0000000000420000-memory.dmp

          Filesize

          128KB

          Download