Overview

overview

7

Static

static

7

96f3493ab3...18.exe

windows7-x64

7

96f3493ab3...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    140s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    14-08-2024 17:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    96f3493ab3f4d220d8958aea433caa32_JaffaCakes118.exe

  • Size

    14KB

  • MD5

    96f3493ab3f4d220d8958aea433caa32

  • SHA1

    a3b779681f904e678c8d03b5f8d1fcc03edcb812

  • SHA256

    33aeb101dae1a5ceafb92b814a2346e79efc1953337b2cd45c18aebb8aa89d2a

  • SHA512

    20adb07c9779c5e3fbd3213de5e3a1e7a84aafa3492f5f11ed7b346e33f4d825250a033db7622ef565c0dc3c76eeca5916fc6c17b686a8c263250b5b1bc72f64

  • SSDEEP

    384:5k5POY19PP5PRuC1PyRqPNN2L8n8KLQghRlu4beNRl/:5k5PdPRZuGa8VYL0QgjlFeR9

Score
7/10
discoveryupx

Malware Config

Signatures

  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\96f3493ab3f4d220d8958aea433caa32_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\96f3493ab3f4d220d8958aea433caa32_JaffaCakes118.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2388
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.download787.com/sanity.php?1=866715-10029
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2952
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2952 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2596

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f61bf197ce389112320a3e33f32b95ee

    SHA1

    b7d6f98ed053994dae8353162889fd2eb5dccc9a

    SHA256

    6a897fe662db8e385fc64394497575890179e497d8775ef13977ea4bb638f241

    SHA512

    0e1228fa8850865496ace2f03aec108ab89f429451e978be1987a8b15bd16400943f5c648a551a0203706b790996fc760e5892edf39af2ca3618cbe2e5e96e63

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b21fd745a1d09fb4e4a1e5672b26097a

    SHA1

    98eb030ff2c1e04bdaaf03ee72acb346ac287772

    SHA256

    124adfb5b95bcb4bf1e3b03bea8370b4913c2845f7341a1bb300a5f2d5f522ac

    SHA512

    83fb30be204981d3c1cbcd7e26be1d64635d3e3277f056a7033f2273790e6ba9f68655fbf4c338c71afac0e997f7e5a7b913fe7dca1e21ba0f3c503f59340f6b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    cc2eca47357ea2dcbc260a7c3a02934b

    SHA1

    b33467dc14d79b252554678c18bd9600c87239bd

    SHA256

    bb375d4b2980cbd2bfaa4ca2c92c5913fa0435f73015fdb097c76ab3762df853

    SHA512

    0078659ab7c75acf83a1f575dfff7c82d10fb37e0fb245d472af45d82c8cc8a5ffb52898370656c90bd3a5ad7b5dbdeea37ac608ef59053d5ac267ac799813e9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9f19a45c06c217466e404dd920b30738

    SHA1

    5b772d0a3f226784fecd3f541901dc3467ed7319

    SHA256

    d234e91cea9a383c1c3638c4423924d24a9de4a7020a0eb2d8c846e02f4595ab

    SHA512

    dd16c7ff9629f4e88caaa5cfa956a89f724df2f2022c6ba98681173d7b715968f48f2828a63bc73e087b0ee97f558a75743dd3010b79cab46f7dc7c833f33b1c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    28344a367d105f9e8cf8f213d7ddc4f6

    SHA1

    cd56bf01ce28886219cef81e1fad973a8a9dea0d

    SHA256

    60322bc3b4f05aa097e0abd6c79be6be15eadec39baecdf90eee74a9fddaefec

    SHA512

    a5baf869c189e4ccd11486c979a354ca8195fbb0225bd2244a85a9ff010ddb637ed4c7a20040c61f3be16a6fa9ba3406c5dd29d6e6b7fc012bdb1fe1c43c73b6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    56bb85f333f554ed76a9d3de25c02e6f

    SHA1

    5e513621ffcb26e5cc1cf72e2b2c5bac310977a8

    SHA256

    9b0c1d671f6305c8be0fc34f436d21b9d3c737b6a368363c832b2d029cc428ab

    SHA512

    6f2376185d9e508ab8278ced1ead96dd6310f00526968e719891b78abb8ad48e027866a8fcf3454a200303e6caef5b9007866e6350e3a9a3bc64f6becf552e79

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    59e6fffa7e87a0c6c417d2a0043b107f

    SHA1

    2f161527391b2bc7ca5a0b4440b885d52e22bbe7

    SHA256

    e846a1f267797cc4beed51ab1bd6ea871c1703f58cb30206af6714b834de9e2e

    SHA512

    688a2f28f210e5a3073eed56304609b1f2563790dc910768edcf87e9f4118f60f3537b8644926183154973e8d78c956a70c591365edc740ced525317d4fa2c13

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7bf407a857bd41af934f731b8b2b94cd

    SHA1

    7c785615a9b125559f828d319df3b3e5ca7980b9

    SHA256

    b8e9b8265b832a2eace7d65c60eb377b1ba68c1d7fb859bb237b33e6049ad816

    SHA512

    0e7c0696a6b6625ea121364f99ea925553bdb0f611b11661dfa01875ebef1b78de8dcd70acb56ac7e6f5dcee954be694b58b71f7ecaa4a408b8a586b89a1db55

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6844c255d9c46e4fba9c3c32e438c6c0

    SHA1

    d646a057609b8808f05bb0bc3379fc055feb58bb

    SHA256

    9fe8720736ab5722629956386f2ad277162d316d6a5c0591987ee595d02f7d04

    SHA512

    62b98ed70d51893e8109845401f3255a9606d7d16e977b0935a0b4bf52f09478503727d8f27d35ba10930b0c6aa7bf4fdb19850d0139f406ebd4e238be0afc75

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    52dc6cbf8c4c2df817904f36af555583

    SHA1

    a3c157f5806256f702cbf7b911b05efe0b533f8b

    SHA256

    174c515dd831da842d84e075540b880db394dd09f25589f814a8e3b24f4203da

    SHA512

    0a3b981013afc3d6dfef4a6a982f45741b4b2c2a75ac72d550022c45092d1056a9d7cc0c0eeebe41eff7f90ed1c2dbbbaee6dcf164a73406ba2cdefecfd32de5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    31708bf76abce9b011707a4bce39ebae

    SHA1

    5b2256161cb5822f62b70014bf655d81e2757017

    SHA256

    e2efb8f79a73c35311e3b3ac4f92cc8a87e1d56772e071b74bb3f9548ffda182

    SHA512

    3631beeea6c07a0f31aaf6e1de5174d61d3e24cc657c0ada6f558c13794a75a202ab297a5d91286d8d0737588d287f946073c543c1dc7d9bf71c7bc998edba25

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0c6ad117df3a724e16928815a081f1a1

    SHA1

    37e9393b452ef71bb546e6f163bad816fa6a6db7

    SHA256

    008617a41fbf234a55ec273f65db8ddec5ea626b6761424b38a01f779b6e1102

    SHA512

    9d96592e7f4312e2d70692ad59795792e9a4c2a61f7b0bad95060986600cb2157e13757d9525a8fe8f1b5a00f1cadd1ce39253bd641ea3dbb484b3bfb3f48b76

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4731fd33e17e8d15a646f516bdb31d36

    SHA1

    720c6d54b68455efdd9cf6535bfbe550b4309ea5

    SHA256

    fc3077bf1487b6815f3d46797dcf601884c4047f8e35c02264a5255ae808efdf

    SHA512

    cdbe8a469adaea224dd6b122be2333246361c55f1320ff6f927396d970c6eb1e658c6372b4b5801081cbcbf6aef6de381a380eba3eadb101de4f96bc4a738e37

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    47196f41948f1578dbc40aea60759696

    SHA1

    176f47b43528c760c35a96aafe36f66b9a692a4e

    SHA256

    158f9ca2bffaeeeef71c8a8f3330294e236bebb395f484abc4f67beaa713f3fd

    SHA512

    971b924cd1c19316b16518c8d72013fd20f14b7234801a1dbb2a6a365a356b85d4297c9a98f7b64c2ee5b9f684a2e77bda3246659620d20fea92099ba001690c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    abaa85b1374a094f5c3ee9c6314440c8

    SHA1

    3551fb194e41762ca94092302302d37ef2abe92f

    SHA256

    219c9cf106b2b37046af0ad6ebd3ccd9c950e4fd9a30d7155c14e96be8fb36b6

    SHA512

    e3dc15055d629daa2e48b93b96c89489e7e86f3f8cb7cd8be0f05dda42f654b6b9f5c1642840bd42095cdf3818f4c35bd38607e2938372bfdf6cfbb40431fd36

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    cf7c2df2a247aca39f744f27b680f5e7

    SHA1

    d04c94827e50fc2a2a5f05c95e0e0be2335f3be6

    SHA256

    1ef041687eee560367d9a27bbaf3fecc72b9e6955938f103a2698587b53eb300

    SHA512

    0a58e7f1ffd2f1df70458aa0ea7f95ed0ad7a373201e75969d27b13c59fd822a2e38cc6a30e360d285414c10a4ff4a3994e33654d09aeee7a73c239e2ce279b1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1ac1944092adf06fa835878fbf3738b8

    SHA1

    c1bb64534cde4551c3c0a8de075d0b3be4eef072

    SHA256

    30f2e383b667545f63d5f3c5bfd4c01f1bb414404c7c8ec244e206202b8095d8

    SHA512

    f1ecc422467eee4dfa3ca959dbc96dda8b596e1ca5df5c80d90da3d1f3dba5a786ee36d0435c60ed22d67e14c6aba9157edb1ecae9afeb29737e6473a796eeae

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ea1e553bd0d25fc96da1718739818298

    SHA1

    5b65c2e1a4c19bc36da6ebe9d3ba7f7db1e73fff

    SHA256

    d9b0c9357889ccb5f0c47a8a7643a48aaa5d1697c096fb8995b82d5b5b82ae13

    SHA512

    4b1c0decfb7a40ecd627a55d69999a2a309b2da68b8980d12b14076886e176e829a7a91d25d4c17963d0930fb937ed59ab873aec7cec89a977450e5b61f6958e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    43cb2d3261acd8c7526fb1e71c9a9135

    SHA1

    0da92d7ae32ab7fce69b26740d743224af029433

    SHA256

    33af7f7b49ebcb2f1f5593a0502e3787199111e39cde2c1a38f0f1d4161434a8

    SHA512

    1fddce1af0b66eec88b4565353024d77199097fbf7c0cd9540ea1676a6036eed004a7dfdc4cf9ace207c8a468b6fe39a3d860259c8d23d80e5651fda398b0b31

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f5f14046696ecc2c075e837d93fdeb87

    SHA1

    3636f0a96c9d69fef582693b6bf562cbe21786cd

    SHA256

    6cb8001f1ef76aea949fec1f9a331fdfbbcad79c2f0efcb8f76d2b2528ba9d9f

    SHA512

    d0f73aa3e76599e361add35026f57d87a607f1bd50255ded08bd018d8e5949b1136fda94f3c0b7c7972807878e84fe38393c3a15b981701a443cdec84766f2d1

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab94E3.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar9553.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/2388-9-0x0000000000400000-0x000000000040C000-memory.dmp

    Filesize

    48KB

    Download

  • memory/2388-6-0x0000000010000000-0x000000001000A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2388-0-0x0000000000400000-0x000000000040C000-memory.dmp

    Filesize

    48KB

    Download