Analysis
-
max time kernel
133s -
max time network
130s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
-
submitted
17-08-2024 08:28
General
-
Target
a1d768f3068d783c375380ec85cea715_JaffaCakes118.exe
-
Size
250KB
-
MD5
a1d768f3068d783c375380ec85cea715
-
SHA1
728f40d004e3013dee504459a4545365f30966dc
-
SHA256
d03d0e0d5ba6fe251bd6561e023aa8999abaaf3ada6ace8be6ab9b532ca29e86
-
SHA512
6fda133d1a1f49acceb7b06778eb33292f99b8b82ce474f1678032f35ab288a5d74df64bdfbe8d700bfc3f82dc914cf2dbfd472c09ce872b4e120057203ca4d0
-
SSDEEP
6144:2hieuJDr5T8b2ufqBLjSB/MS7irtIa6cwoD8ZroSfjGFA:zeKrJJuf86AYcwoaoSbr
Malware Config
Signatures
-
Boot or Logon Autostart Execution: Active Setup 2 TTPs 1 IoCs
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Deletes itself 1 IoCs
-
UPX packed file 2 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
AutoIT Executable 1 IoCs
AutoIT scripts compiled to PE executables.
-
Drops file in Program Files directory 2 IoCs
-
Command and Scripting Interpreter: JavaScript 1 TTPs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 5 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 2 IoCs
Adversaries may check for Internet connectivity on compromised systems.
-
Modifies Internet Explorer settings 1 TTPs 36 IoCs
-
Modifies registry class 26 IoCs
-
Runs ping.exe 1 TTPs 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 13 IoCs
-
Suspicious use of FindShellTrayWindow 47 IoCs
-
Suspicious use of SendNotifyMessage 21 IoCs
-
Suspicious use of SetWindowsHookEx 6 IoCs
-
Suspicious use of WriteProcessMemory 20 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Users\Admin\AppData\Local\Temp\a1d768f3068d783c375380ec85cea715_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\a1d768f3068d783c375380ec85cea715_JaffaCakes118.exe"1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Program Files\WinRAR\winrar.jse"2⤵
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" http://www.go2000.com/?g83⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2624 CREDAT:275457 /prefetch:24⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ping -n 4 127.1>nul &del /q "C:\Users\Admin\AppData\Local\Temp\a1d768f3068d783c375380ec85cea715_JaffaCakes118.exe"2⤵
- Deletes itself
- System Location Discovery: System Language Discovery
- System Network Configuration Discovery: Internet Connection Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\PING.EXEping -n 4 127.13⤵
- System Location Discovery: System Language Discovery
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
-
-
-
C:\Windows\explorer.exeexplorer.exe1⤵
- Boot or Logon Autostart Execution: Active Setup
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
11KB
MD59208c38b58c7c7114f3149591580b980
SHA18154bdee622a386894636b7db046744724c3fc2b
SHA256cb1b908e509020904b05dc6e4ec17d877d394eb60f6ec0d993ceba5839913a0c
SHA512a421c6afa6d25185ec52a8218bddf84537407fd2f6cabe38c1be814d97920cfff693a48b4f48eb30c98437cbbb8ad30ccd28c3b4b7c24379ef36ac361ddfdbf1
-
Filesize
304B
MD57b9788c7b153f0c0cd361dd4bd2a0807
SHA1111d5c8dc4063d891fb898e3364eb88c204ff493
SHA256bc0c0dcd2c910cfbf4cea1b66ff67a6f59b76251ac53286d2286d4ca07ce211c
SHA512902f835493502ad46b8edeb8b2628c2a6d06492abc70b49da9da3ae9b64748abaa802be09f25383239e951e7f8b36d8201ba0ae613e8ce5e5fafc0b13b43c201
-
Filesize
304B
MD53ba5c167777abca8d7d2e7f191592083
SHA129180fe8f28de165927e6e7c7dc10a6269325e4d
SHA2562f5e9ad4f5ac3f3985542a3cc2f823ec69bf9008d411e90a02d1ead5fa07e0a9
SHA512021a1cd1af930b88d82d95f8dae9fa0f73bc59b92635eb1b52cce3c7934044968bf46010b7d48df9cb7d770118105d2c420a370da737910db54e2d1caa212574
-
Filesize
304B
MD55eea77d7ba9fabd71cea12a999557c7b
SHA12337443f5a36662ef775fda69ed4175d7af3277a
SHA25644829753f4b03d675dbf5540d2893e072daf9f8f719dce242f37534b88a68704
SHA51297c90758a5ae400216305fd83616e950657bab8ee82d3a3e2c6c23f4b1dc1d2a4867e76992bfcf551f33fc42f84543a32b0f37e25cfc63bb832f0aad37224eca
-
Filesize
304B
MD5dab66324dd5e4ef0b61c7d24b4cc35a0
SHA159590fbe743a1b9a90b5f1a558318e573871754b
SHA256a5a9c4f97d02c978103619ee4f9a44da76c82bc48ae8c3b649257e7a48ddd705
SHA51202a942896d18924db92d0df44dcd2ba1b24a81c4ea585b6dc346ec8a52e2f4e9d82109a69519074fda85928df3359a2d29075d7f0bf0cc954019a08a6457f88c
-
Filesize
304B
MD568e06e0f22a073e3db599e55995ec8c8
SHA161e82ad93283cb213640b1a4fe4efa787bef750e
SHA2566935c46afdfed859431c718af6c7932b0a422c94757f137151e69cd75db19da8
SHA512011d6eed9f605e7af91494ae32815af3f3ac95e1d9a04a0b106b53490cc1652a85c956dda54fdd0333357868468bb2c436cc5a307627de471e1c1fb23c7c7784
-
Filesize
304B
MD52f81c865f762bfcfe24c3705d9ad983d
SHA18284af6fd6e89745be6bfe80ea1b6c9c66bb9032
SHA25688f9f6ac426e12149889f52f7dcd490810237015cd6113bb65edb259d2ae20aa
SHA5124dc557c3b85a494b4c5708a8021194e2f785a653fc59a709aac243bb595bbdbeef1ec83b93da6b1b19f330f345220fc41013035d8e6b4eb3d63a945b4eb51179
-
Filesize
304B
MD562e41059c05327cc1afd425c33f2b60b
SHA19cbdca997cee04e8b0cde31a0613f0202595c241
SHA25628e4b6202b2d528a0c1277ec155c7cc0e9dbed8d122cb607f86472a8b4d8685e
SHA51288e968a4df52c23cb97496bb0d6ba81dfa57e8ff0fd98bce0cc5b26dac5459296088ae720d4a754c2b77412839044c48397e62858106d0e4353e4ecd43fc0b86
-
Filesize
304B
MD50faf3d5dd6292fef048cfe06896ee81f
SHA11523e8407905a810489b8ba4d14128f1aa5528d1
SHA256401085b40a0363aa7bf61bdd24ce5fd4cd25ebd9b3e2639a64fed7b707e271f2
SHA512a732dd391ab8f3d887aac8eefaec425f0101d6821ed55b0f485c36da6f7520451beb87905dc537907eb268b3bf01c286b3356baa2e5c98e27e1025735db9fa3a
-
Filesize
304B
MD5057355c96c9416a858d88fa030667809
SHA158d74ba8ce36302b2da69531dce2e6a08d92517e
SHA2563f7398b802ea60bb82d2456a51d44a93199b45b77eea8176044d5b842c6d4ff2
SHA512a0987e47cd6e27997e7a96ffed474525208ca7ce5e32a42236ad281edf5f64bef1248ad941b2f883ce91379391bdae6bd0f7b4842ffee0298a3716a70b11bd97
-
Filesize
304B
MD53c4cfe1e71bca2809fe20468433747b9
SHA15de61d0b5af56d525375782130b4382781376305
SHA256cbdae39ccf3bde5168ea493ce39d1a015a3e0211718aaf54c7d19b2b5b8c99f0
SHA512185f7f47cb3ae68273dbcda1f7511b15f01a73b77e6aa6ed076908fa2461d784a1077d4b2d8d9f000ced2e581f3fe54140d0d17f162ec1111d6ec5ebc5489b41
-
Filesize
304B
MD5ca320d6d5da613a0496932f060fb0dcd
SHA130e9a3f9381f7f8eb094698b20dfed9a7c519e91
SHA25628055748ce2de2e022012d6ed72619657c51773736ea9c4fe0f5a3eafd5e2a91
SHA512c7850899cc3444347160dd1cfa1026629717f4f21d59c879b29ff477ad5cb0a24163e0735d8f7f88aea4ee894fadbcda8f4dbf40b48585de31d480f226fd133a
-
Filesize
304B
MD51a5f653e185fc19dfbfbab15ef1b4df2
SHA1986db3b862bd896bb956b6c511dd47bae4c629f9
SHA2569578dfe335efdeab030fa552c3f7c80d3e546939d2d2450cb34f3e7bbbc492f2
SHA51217a335d0db72e34d7a1ecae415d0288e57c3f00b9dc1b0e84826ae37e04fcf540951b02153bd55b773731b35f56fb39ab77879c173351e2141d4f43e382db4ec
-
Filesize
304B
MD5e83d7382622770e032ec01c96b221cf4
SHA1f5a67143d64f832ddb77336bab4876104513cf47
SHA256c667af74162062b0b2cf8001263ddbd60533d63226f842c098a6d3ded8c95c3f
SHA51266fd13c0d93cddfad2c81a1aa648687541b3db452afba29f0f46b899c73c630685091cde8e9e15d342ffc4977cf9239eedad9fa864a7530ae909e000e2865c37
-
Filesize
304B
MD59dd7be1baa44ef36c56d8c5dd6117e7d
SHA1c2a3a4f13819e398049ebca8345e4ad9e2fa6a48
SHA2565bf2d7d8ab4e45dd41d12ffd42a1f66a03843d5eb20c0f48338d6ea8621ffa10
SHA5129ddfc351e194c436d5f1fb91cec7211bde1f7bfed25c49843f5acdb52900a25f0ca1d799dbea423e9f42cc6128b6a4918d149e2bbe9285720d8a381734c38aef
-
Filesize
304B
MD5e0da8491fb5bf0d715adfb5256448a49
SHA109396a0c6d9a258c3ee9d6c1753595b5ae149656
SHA2565c94da330b498150dfe49df1e2a3b195937e2c5e07b89f70aec9030cfa9b300d
SHA512527b189193a517db815d8e6773529ab246b30a9121b0dd1e0be5ba69872e3ec6f853fc69223c2c057657dff7cadc630a92fae6a3d7efceeb92458c2ed189c0eb
-
Filesize
304B
MD5b8616d37a89077447493b6523d5a1cb7
SHA1aefbe2e510fffb665ab5db456cb4ae9525e780b5
SHA2560c08aff223bc7466b278d2698c5676fb06a84189dd78db20f9551cb973c8ce02
SHA512489cb1f9758da25ef08f929a857878167ad7fcf0d487b4986407f02cbce956c3afa49e3a26d88d9613c2b4ea366b424f83221b240d9f7663b3c33714869d7195
-
Filesize
304B
MD520d77ab9e210bf599817f2f40706dfe7
SHA1bb9a6eae76bb6960b25fc9aba11ff383f52b422c
SHA25624927e15a5d1763ff547396a7a10e930011185ea5b70a747b423a22609c9f79d
SHA512ca22526f5d424f96779571ff6cdb7db6e89412975046cbc79366008b32b32c2ddde291943e3f7606f41fb80dbef5108416e65d5c67d910b136b60e39490f9ea0
-
Filesize
304B
MD54546398d32742e6626a07f9f27ad32b0
SHA1336d8d73dfa1e139ac85153abd183523e2e93f4c
SHA2565e0e7b46770d3a5dcb4ce713b2a380371bc53e06ac6c1711d58c69425840288f
SHA512418f59872c89177abb5c20b59558cb955a2acceedee72310219382aa5db37519ac6a546781c086dbaa9bfac6379a4c7f7301b2b20bc27d529e032d779a2b4f3c
-
Filesize
304B
MD5f7c2dc2ebca0bea4ab8fb7f245ed2574
SHA18373b3157c3606df61fbc68f33bdcabe03bece34
SHA256189c5c1e3c0eac0bfad538b8a97b3b834a0afe4e013c46c62af9f958685b9612
SHA512ffaf1f22b8a83c36f0f797999412e3ae8efe1f1bcf127fc371ba59e2474c4f1e04e9fef2b611304ccf5dacfe79090593bddee46f15333a201536ac1032747e9c
-
Filesize
304B
MD56f06698c57d566bf79ffe4f247e92b36
SHA1be91b7a2eeca47af03856201c4c7c864761adab1
SHA2567838d511a5551f0315adb948b9e6d3d4d08f02e2096647f662bcdfe60d0ab5eb
SHA51278bd08cc7ae652c4d04ceadb98f3fd9b68b25c3be9978b2a84b032e67ed99027d9071caa2d7f373c1fb39bbbef7e6dd11764d11cc16fe23209d6bef7423a13e1
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b
-
Filesize
149B
MD5b0ad7e59754e8d953129437b08846b5f
SHA19ed0ae9bc497b3aa65aed2130d068c4c1c70d87a
SHA256cf80455e97e3fede569ea275fa701c0f185eeba64f695286647afe56d29e2c37
SHA51253e6ce64ad4e9f5696de92a32f65d06dbd459fd12256481706d7e6d677a14c15238e5351f97d2eb7bfb129a0d39f2603c4d14305a86821ed56e9face0bc252b6
-
Filesize
64KB
-
Filesize
708KB
-
Filesize
708KB