Overview

overview

7

Static

static

7

95b3c2801a...18.exe

windows7-x64

6

95b3c2801a...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    140s
  • max time network
    134s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    14/08/2024, 10:25

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    95b3c2801af0432b0f8594ec41eb279f_JaffaCakes118.exe

  • Size

    137KB

  • MD5

    95b3c2801af0432b0f8594ec41eb279f

  • SHA1

    bbb813dfc06d7bc7b9b3eee17ccbde1d4f8d0542

  • SHA256

    fe089fbf2f136e4b8603409c503d7dc7cac8f6c53eee6d582432cb250409c6e4

  • SHA512

    e5b00c876012e64029672ba8500001cf4c7559ecd37cd683f72be56ea09aed0e87e3fa4fa2fa20c1a866f0f913c91d842d7f204bed7942866620464b6e5299c5

  • SSDEEP

    3072:jNAMlE8v4YVAsbHHiDOJDr1WChRx+JVp2ZAISiBKC/DlG:jPG8gqbqOJMCF+HpuABHCr

Score
6/10
discoverypersistence

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 39 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\95b3c2801af0432b0f8594ec41eb279f_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\95b3c2801af0432b0f8594ec41eb279f_JaffaCakes118.exe"
    1⤵
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Modifies Internet Explorer settings
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2680
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.youtube.com/watch?v=gOO_UqzEc5Y
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2080
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2080 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2244

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
          Filesize

          914B

          MD5

          e4a68ac854ac5242460afd72481b2a44

          SHA1

          df3c24f9bfd666761b268073fe06d1cc8d4f82a4

          SHA256

          cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

          SHA512

          5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
          Filesize

          1KB

          MD5

          a266bb7dcc38a562631361bbf61dd11b

          SHA1

          3b1efd3a66ea28b16697394703a72ca340a05bd5

          SHA256

          df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

          SHA512

          0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
          Filesize

          252B

          MD5

          d8c76d835581041b433efbc227090f2c

          SHA1

          4b179e89dcd1c4e03ae2f968e4e01a2a998e9278

          SHA256

          a479e5979fe9677365e80f5525a00b9d36fe79a0e5e6d16d92672c8a0896e115

          SHA512

          29d9ea2eef11bf4089358d39628b84a31b52354dcd9574d8268050773c5e9d9485ac4fc39327f4f7d11b634b5ae1862a7ec09f4bc57f9219a722a02acfea721c

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          b5f0538212bf12a81a5b9da73ae4cbca

          SHA1

          0fb421c2c4c6afe4e00a2b8fa7cd0c59b8d3719c

          SHA256

          f9142039e080e74d66b51360818f7b7fae61c69631624f7fe9b37c2d0c6879b8

          SHA512

          c7a4f0dfa3d940df798e79571d814abaf054891b96fd8aff0e51732e28e97843bd1f09e14e9173a03e01e57414ebd78b0914452dbda5366afcfe0ab1ec5fd9a3

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          ff029304b982544656d2442e84dcef6d

          SHA1

          8ef6eed86ffc556d1b164ed841e5b6294a022c0e

          SHA256

          1697455ee247446f35724ecb1773dd3a442ad3ba72b80db81971e686dd033796

          SHA512

          9e6e01cd63ec083c2a37625eb5950cf8f22d2275bae308b50fc1b5b5759c48657e84c169df8eb067428820a3457785a5a7a24c5e5b0fda4a3ca2e40ab1da771c

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          65505cdc560e8aa6e33fff6b179599e4

          SHA1

          31b0253bcfe8283b1032567e75c23958064529ce

          SHA256

          5e583d930ae90cfbbfd2b9cce18ea7c9f26eb5cb9e19d7bf0443470c94da3d84

          SHA512

          a34f171a659f067f89c1364665d6384e6ddfb865656e99e5fb68af4052ba93f0a2e44a07f169b9e615df94bc741e73e48cd0594fc77ecb8506300736bc4b9b9a

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          e2c63dd8a8bae41e3b667e1a3b02879d

          SHA1

          c33354a333eb0851873dac48df8edaf121fed2a8

          SHA256

          518036668615ba59ee5ca8df4e4b7fe8a6ef613bfc40928324dfc90947503acd

          SHA512

          2b0815a5b2049baba4e61c3c0156f8c230371e69ae554870002bcae066c4e82acaf2db96e0454e3f7a0cf283326ae44482c79e48619f57e559a8d2a4d53085d4

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          997a0f69eaceaa5d89eeb3441e3990cd

          SHA1

          6bc66acf6559387a849cba8a70e55e974cfecbba

          SHA256

          c86285959016d2e098a6147288f6c4abba3a6aad06d1b21f335999c078b714a2

          SHA512

          6fb414f9923b13486f03b3724138b132faad9a0f50c0c9122e411c9c1975d7a458cd0cbd7bfb529e82394ba5f9c99428ab7da856e2ac5566fa6d18c52c798bf8

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          fce7a2cacaa7ee4032d6b3947ad91391

          SHA1

          26c36c0a1262d498867b9e3abfa3c7b991ba2949

          SHA256

          a2d016d7e800c0bbb31260bafbc24ae0a7339488f3cc0c4b60d4ac398cf951df

          SHA512

          0793b7902aea77dc9f0903b194ebd3f794a5f5aa3180ca54c9c53a24459c3ac033fd6b92894e4f3384f35b47c959e122f3f603e3bd4c77a6fcb78dd0fd773589

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          4aab4fc7ffdc7e7aa2dac030cdc1648e

          SHA1

          82a081000956f771ad55a3e250341aabc9bb4481

          SHA256

          18f556b0f6e5414c05db762503bfdca47a38ded7751d17698f2e8f2d7ca00a3e

          SHA512

          d053df65ce3e40967dcf02dbfdf2a43c3a6cd2d73eee99e5ebf0581c4f53d43445f3ae3afd9960b139b8e36a1f56a2db169d250c46a411cd4ce1af3af0a59ee2

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          9f954bf64a400f37ed59c2eb8766cb69

          SHA1

          3fab3b687d12cbc3e8f59612d409bff60ec699bf

          SHA256

          eec7ac4bdb0a02d61da05ce557a26944205f4693373f242bd3f8f2e8170d2a73

          SHA512

          0ddea17798251b436ec4727b2b8f84653a77f1a6667a6e10ddd21770ea39b4103f1ded790ef969c098dba578124099a289afb943105772e26f63926990df278d

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          61df6d3d88fd5adcf00c239e498f0ffb

          SHA1

          8b48a4e673a0345b7405ff70f1e5d8c62ae359a4

          SHA256

          a4ad705091d14c8676e6c7546f37d575935be5dd745be1a8eb87840e656a0ccf

          SHA512

          b5aea713ed62a920453d556623fff05d0fe437577277a342583950640204fe3503d0d5fb6c08864c2042ad777a97ec8749c3f320bc836163c0704bbcc37b5d6a

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          162129c5061eb5b98ce702e789fc5f99

          SHA1

          5a06123ab954c215efd1b0bc5757d3853b3faa50

          SHA256

          38a85fedbfef24b537c8156f521e24e8371909c518d2ab4540111bc077253db5

          SHA512

          59f567116bc4756322c042c7bbfb3e1def1c5c19f365b9d06cca7ac1aee60bcc3cd64cf8649c55a6aca7c951cfaf0a0f3d030c1dc05d1902388e8a64e584d0c8

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          9d38e6cee0251876df327c7a6f8f0049

          SHA1

          d4e8058bf3e245fb76aac3c7b9a8640a02ffe841

          SHA256

          4449206653858bb2ef6f96e8673e92fb2d011e723b2f08f288694b069bec9264

          SHA512

          bb331ef1c659f7faeeda39c8803f86150bb9ac0f1d12f4abe52bb4218effd142afdb36cbbb58b710fe29bfcfd4ebafe3e77b010cb0001a9813cc4e968a319089

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          3aeebdd1a1dda5187f4bd7915691c3b0

          SHA1

          40e5f8f2427f79dbe7df820c095156f7dca80430

          SHA256

          9c35b03c91c68cab7404ec66ef78bb6a02fa1381a8b7fc62b9d3407d80419930

          SHA512

          6b0aa60730dbcd7d0f315380d536f8ad3a4af06269cb4175e44dc847697fa9e9751286866f0ba26a13f1e6518e5bb57e172d786c3f6ee8fbaf83299b77ec7435

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          e347dfe24a99fa57fc43e5068d8a8a93

          SHA1

          05e247fffc61568947807e57b0aa39a6cfd59e6c

          SHA256

          d132662fa8d26723195b9521f9ebe1f90390fc80db8f8d99d212efc776d0837f

          SHA512

          7f61343dc39421b533c1414b942320b7639ad6b57003f777234c9658d7441cb977d1ec7bffc83387a4eaa7c642d45583a6f9025dec91bd7dd73819683356ed7c

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          bcd42407fdc3cbc47d1ffb0a353eb39b

          SHA1

          cbef5502f68604087c3e798ca7beb06d9811fd63

          SHA256

          b8aeee9c8beb4bda07a166af43534993ba9b4b6649d7848a22fc4383d1d902d5

          SHA512

          41fef3ba3a3098e52570689b9437d63ada6e751dc5648bf19ca37036f403b760ae7862a6b8c85baa5d868b6a5a294a9310d4c25d7eea9699096e1582a71433fa

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          74653edaeaa891f7f02b6058943b56a9

          SHA1

          41ec4cf5ac4c4a3cb0ef8ce0080ae48dca262de0

          SHA256

          cf9bead31f56d53d653e4736d6d4ef27d4a444ca2eec48abe5f70bd88ce4d999

          SHA512

          465855e585d488ce9798e5800ffce9f2ac02c3d42bcbc936024ea95439de562148d0bf1d9055bad29f3a338815bbae2c65a95daf52d988edc830c5ec2c1b4148

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          ad4800bfd49a0a6c7676b7ca179eed1b

          SHA1

          dd89b914a95a501b5b6100025462fd1204ee905e

          SHA256

          2675fac7706e47e4c55075457d36636cdb7e33c69cabba591c2530f62df388dd

          SHA512

          f75ff759edf99764dc92d96949a9d1fb83fc78ff7dbbf8acd81679050c73b0c72f6f98041b7a439a79a10e6001c46b25aaa933d0d09453f8ac0c910d0b6938ba

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          e194a96a4725d6081ed23feb76cf4012

          SHA1

          35398938752726ec27858046d8e06ad1e45c0aea

          SHA256

          ec793121bd9e3a0d5973bb13930cbae7eaa23b6a9446b56ab1443c831a76c2a7

          SHA512

          7bc0a06e7c6932a3bc376dc4e072317acdffa4fc004599a3c07799a48c26267fdb6ff718a4ac6314a3fda7d0987fa6fc12be8381baac099a6b0a1e53c907b1d0

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          1805b2056a57d2501f4b0480be74bf0d

          SHA1

          11d1218a7c8e2be171859d5f65f30178be395b78

          SHA256

          f99c975ba22f7f36832294f2710410ff6297746b8628c7673687479f47f32b21

          SHA512

          48d2905b15651476abe16eb6939d28e3552478553fa786a90c4cc141dbfc9e757b975c43eacd6c37dd867ca0afcdf4ddbc8b6d551d4cc9c5454235f5a8b2431a

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
          Filesize

          242B

          MD5

          881eaf067afa8c290289f30ece7fcb2c

          SHA1

          c45b24862c4e5dcfd98336c301634e00d5bd6c55

          SHA256

          e113677db375c5a0aa2617c49c1d2cfc1edc0fc10f4101469c835bb6ca181ffd

          SHA512

          7756ddc8a000739a75c0b366136c65bfe2b9fa80c15ffd5a7a9844bbf61e9f490a26d8296ee7de7d0f6625b127cb408f57c7bd2a300a561501e41cfa029233d1

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\c2sxdb0\imagestore.dat
          Filesize

          1KB

          MD5

          e22253533488f2f93d861028ea51c2f6

          SHA1

          7885bcd00c4bdcd0687a192e4d922c0a9bf8ce07

          SHA256

          2ba640f7ae11d7d10beeb3527f98b5b4611755ca29a54a6dc25b322ecc1e62ae

          SHA512

          45a70ac26e38829cc9ad959ddf16c9cb2239e4773552ffd1727f9edbf795f01bb22815a5624e7a926865b8053e47308222af8e321f999f98ebb4a5fdf43926d1

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3H1FOMV1\favicon[1].ico
          Filesize

          1KB

          MD5

          f2a495d85735b9a0ac65deb19c129985

          SHA1

          f2e22853e5da3e1017d5e1e319eeefe4f622e8c8

          SHA256

          8bb1d0fa43a17436d59dd546f6f74c76dc44735def7522c22d8031166db8911d

          SHA512

          6ca6a89de3fa98ca1efcf0b19b8a80420e023f38ed00f4496dc0f821cea23d24fb0992cee58c6d089f093fdefca42b60bb3a0a0b16c97b9862d75b269ae8463b

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\CabEDCB.tmp
          Filesize

          70KB

          MD5

          49aebf8cbd62d92ac215b2923fb1b9f5

          SHA1

          1723be06719828dda65ad804298d0431f6aff976

          SHA256

          b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

          SHA512

          bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\TarEDCA.tmp
          Filesize

          181KB

          MD5

          4ea6026cf93ec6338144661bf1202cd1

          SHA1

          a1dec9044f750ad887935a01430bf49322fbdcb7

          SHA256

          8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

          SHA512

          6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

          Download Submit

        • memory/2680-7-0x00000000004D0000-0x0000000000516000-memory.dmp

          Filesize

          280KB

          Download

        • memory/2680-2-0x00000000004D0000-0x0000000000516000-memory.dmp

          Filesize

          280KB

          Download

        • memory/2680-1-0x0000000000400000-0x0000000000480000-memory.dmp

          Filesize

          512KB

          Download

        • memory/2680-0-0x0000000000020000-0x0000000000021000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2680-3-0x0000000000400000-0x0000000000480000-memory.dmp

          Filesize

          512KB

          Download

        • memory/2680-8-0x0000000000400000-0x0000000000480000-memory.dmp

          Filesize

          512KB

          Download