Overview

overview

7

Static

static

3

a1ad4859b4...18.exe

windows7-x64

7

a1ad4859b4...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    17-08-2024 07:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a1ad4859b42b856da51d8f6f07e7b580_JaffaCakes118.exe

  • Size

    88KB

  • MD5

    a1ad4859b42b856da51d8f6f07e7b580

  • SHA1

    1a3909c01710419ec01382448118a2c349d3d9a5

  • SHA256

    ab031033ff547dc011bfc7d546b80f191fdecf129055150edc275e8096f7fc7d

  • SHA512

    136b5aeae7b09963c12bedee03095d2f0fccf028937c1676168d04d10eae140fdfc8718396f70a242110b7f3bfb7c3f86a5952d6681d8c76d8b724680ee1cc96

  • SSDEEP

    1536:YD3ws2E+U3qariRmf6TSA4d5QInIuA4d9i/rQhC8n5J9aTkFeWa7XiqR:dsL+UiNG95QEIuA4d9ajWag8

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in System32 directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 25 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 24 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:1212
      • C:\Users\Admin\AppData\Local\Temp\a1ad4859b42b856da51d8f6f07e7b580_JaffaCakes118.exe
        "C:\Users\Admin\AppData\Local\Temp\a1ad4859b42b856da51d8f6f07e7b580_JaffaCakes118.exe"
        2⤵
        • Loads dropped DLL
        • Adds Run key to start application
        • Drops file in System32 directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2216
        • C:\Windows\SysWOW64\cmd.exe
          cmd /c start iexplore -embedding
          3⤵
          • System Location Discovery: System Language Discovery
          • Suspicious use of WriteProcessMemory
          PID:2740
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe" -embedding
            4⤵
            • Modifies Internet Explorer settings
            • Suspicious use of FindShellTrayWindow
            • Suspicious use of SetWindowsHookEx
            • Suspicious use of WriteProcessMemory
            PID:2956
            • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
              "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2956 CREDAT:275457 /prefetch:2
              5⤵
              • System Location Discovery: System Language Discovery
              • Modifies Internet Explorer settings
              • Suspicious use of SetWindowsHookEx
              PID:2672
        • C:\Windows\SysWOW64\cmd.exe
          cmd /c "C:\Users\Admin\AppData\Local\Temp\NQsEDD8.bat"
          3⤵
          • System Location Discovery: System Language Discovery
          PID:1868
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 2216 -s 124
          3⤵
          • Program crash
          PID:1676

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      74b15e0ede86c242f356434daa4849aa

      SHA1

      5d33507c4a52c5656eea85512bca2adeb29ee427

      SHA256

      ecbbf49879b26f66592f05685dccaece00973c9b7c099d0d7d22953a8b5c6277

      SHA512

      c3b89ff9d4b2669f60fc1448d242a5cd9ede3a8c4b04ce42741c62c705b723df88af91206c0e09a2ec699781ffc1b507f67a9399a9cdd14e601a35cd471ab0ee

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      a33d31a0d0f06d5ab3006fc04704b827

      SHA1

      6d0c7a9ef670cdd76de2af9d95b33be596b369fe

      SHA256

      541264c9a9a3014bf425ccb646a476712ce872a137e9a8b2d354d4bd0b920253

      SHA512

      6c648a632fd5010c5a058bf3ec8ea5205d388b0379df81466e4aaefa1918a8251aefdeffc74bca3170fb085cf7dd8a722f69e79289b3dd30584d6cf0f55dd748

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      d6c516698a283cb19df526edf519cca1

      SHA1

      24e630db99adeee3c28db929af7d69479051b7e1

      SHA256

      19dc6e664aff655c439e075fedb63e71c494a300ec9506a20af7fe97055debfc

      SHA512

      f521fb64ba4ee1d3b712604b0628d15d8fe8447418a40747318628cf9df62c9141eb053affdb7e106b63ff0328a6413b8550178317e25fcaab74ec6cf787a400

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      a782e09968fc04139a83da7468aa500f

      SHA1

      16cb495788b3837c95ba4b76ec7041541ecc2fd9

      SHA256

      16808bc1856d7bad2b4ab5efd227072ce75cbf8052171cad9e80bf38c6805a98

      SHA512

      a4b1965bccba180876933f4b60549b1118cce01657ad3ab0441fdbe41667383ab44ece085ec1b48b164bf271b087ad60ab554cf2d144fe06deff11a5badd7d61

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      4d4560c5c3e2cf63748de3e6f236ad12

      SHA1

      6726a6f3f89fe81fb5b3a65f2ff4843906ea76f8

      SHA256

      a349143b28b448a19ebff18dd90eabc174c658d1d16b4e2195e1a8634fe75790

      SHA512

      384d4cd326b28048dc753a8838e24b180ed386789c02066818c1da0dc45de6d3e79eeb5b1667e715e0eee877980b9ae7537364c6d1a06988d50621954da95475

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      645aeb96d98f5fc8008ec212c31daf4e

      SHA1

      6df0570866033e283cd074501af4c639405f76d3

      SHA256

      4fc40ad0450dcb7469507bbc4b9af7a9ee33c10e1af5bf878497cfc7b51350a8

      SHA512

      a6bf3e66cd7686393d48f8001e547dcf5a22f32b1f2b41d77387c768807ea4bf0f50defa4002459de51a648374054fe39538ac77c95093835c2a426b6a0ce394

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      0a3054fe1b18c30f14cbdf646ce363c2

      SHA1

      c8d32acbdab6f726de958e97c8707dda4f54350b

      SHA256

      2d879e2a052e0fe2c055300442be00b3084bfb7a9eff6c4a0b590c4d92f4e101

      SHA512

      201f54e6f93d1c458923f759202e0af3fe0994fdff848a94f06211cfff19cff3665bfa13bb8794e2ce21e8711492b5cee8a166e64f97f0262054301585b4a6cf

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      13e7ef257f1054ec8dfdeade62bf03fb

      SHA1

      01fd56ad1934f70d774ecc81ddc3d697287fc695

      SHA256

      edc9c446c4428ad7bdec6531dcc20ea185fccb13ba71207a6ab9392936e9c6d7

      SHA512

      cf9572a8b71181b9fd4317c3505c26f2db681a0b2f78301e6ee0080ea3b89ed7f75c9af5592bf3208c1bb6ee624bc5b8c946b8151c99e231774761b0333c39eb

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      aa728c23a337288a3469e078caf57c68

      SHA1

      f33c0d7541050840421944ed7ba3ed065f686cbc

      SHA256

      8f0ba33ed7698c71cf9d13fe80f39d93885c1a847afc56345e197d4ebb3e71fb

      SHA512

      8603ce253beab2bb3c92034f3925c7830fbf31a0a8b0c87238d140b9f34cae47aa6f1aa28732bd51f7ac17a3afaa7921857ac29458f0ea759aaba4ed1eb4b241

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\CabED7C.tmp
      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\NQsEDD8.bat
      Filesize

      188B

      MD5

      7f84c47d220bc3d92ceab5d598ba0873

      SHA1

      b094dd684ca915d3eac002effc4610c9a89f2727

      SHA256

      cb159095fa73c5b2d25b4dd16a3012effe123074afa67206c114f54409470c16

      SHA512

      451d65e87bc9e2ded4174217057c66a59e7a00fccb1539e43ef91f6150b0bc9414beeccfc6c9aa1da735de32615ae2eb3cb17dc02de3c352dc30455f949c8b7f

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\TarEDDD.tmp
      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

      Download Submit

    • \Users\Admin\AppData\Local\Temp\NQsEDD8.tmp
      Filesize

      62KB

      MD5

      b09a8394acef639b7ecf75b4372ab993

      SHA1

      ff58870ea9ce5e6d91ca65a44d0ba8e49d301872

      SHA256

      86040cc51010145756d7d3d195d67bba4727f92d3dc2ce52c0deb8ea5f0ba37a

      SHA512

      9aeb81c0d117e67bc4a932316be37a60d4007a7aaf162169fb0e2d165d92ac200c2daae65c1f05065db2a52eb3f82e1ecd0e487d70cb039c8aa5813aaf26902e

      Download Submit

    • memory/1212-22-0x000000007FFF0000-0x000000007FFF1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1212-25-0x000000007FFF0000-0x000000007FFF1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2216-464-0x0000000010000000-0x0000000010015000-memory.dmp

      Filesize

      84KB

      Download