Overview

overview

7

Static

static

7

a3bd6824bd...18.exe

windows7-x64

7

a3bd6824bd...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    140s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    17/08/2024, 18:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a3bd6824bd7fefa1581df6d77626ffef_JaffaCakes118.exe

  • Size

    1.5MB

  • MD5

    a3bd6824bd7fefa1581df6d77626ffef

  • SHA1

    1e9ba63dea848114fbe6472580a8a3fa4f24d171

  • SHA256

    ceb2f4b63fddec8f40b8010275911d4341ce0c06f3c0ece04660fc1da36d3f72

  • SHA512

    c7d8f2203b9b517d69ea6b8eab5642203e708c81fcd6f3010444905d58c20ba4a6512b65f5b49d9bec588dcf01c5b7dcb4c11a0238f872d84d5c9483c1816dcc

  • SSDEEP

    49152:VOq1rb7FjiMZ9T1e3rqYTdWXVjWcw/y9l5akurtxr3Ed:VOer9ji69T1urrTdWXtC/gl5rurtxr3w

Score
7/10
discoveryupx

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in System32 directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a3bd6824bd7fefa1581df6d77626ffef_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\a3bd6824bd7fefa1581df6d77626ffef_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in System32 directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2028
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.70dnf.com/
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1508
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1508 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2692

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    635a012d54bedae6da9a5b43acc0a015

    SHA1

    9e928f70aa71d9386883cd6b7c41875a34da3ec6

    SHA256

    33958f59a92b5356fb1594aa9413420889324764f340bf8815605b6819685997

    SHA512

    bd83b8d486893743d190f92e0a4661f761dfb77b23d0babcf5b01973b3088f4514c9d73cc32b5bddc4da8f002911c5184da155f0cab657f21141f9689c249abc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2c5868d8906b7a53c92e105fa6c25d63

    SHA1

    49161a77d7fbbae4339ed7cd125fdcba6751c4f5

    SHA256

    0cb7e69c604450961f716122e07f46c3ef89440bf126176a7ca0b0109d21f2f1

    SHA512

    3f30a48484239a899c0b4e35bf9b6c9f0440e2b00b7035b6387f9da4fc7a2f26f5aec78e051bf0ec3bb388dff78ade86162b0e37d42b891f47614488fb501605

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    28be77a4b727f399dc5a6ac2b888498d

    SHA1

    baecf79b5f09088917b157ab64e0ea5ace5db1ec

    SHA256

    bea9b3bd08d66dcfaaab460aed00e710e18af5fe9964b9faecc205c9adfa3aa8

    SHA512

    d50088552c5e7ea10d835e37c7d8acac0c619e49679455ba668121be414e09b9b3e6ae5d159e3c4d3c06b14b678c025961c20aa3c1073d568dfa936e0c6a2316

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6f385c2f7e270ac84cb3da7008ecb449

    SHA1

    bb59834410e54be070f961eefa635a2a93a9635f

    SHA256

    a8aa8a525433513d24fd8d2e94be3a64683f2bb1cfa129536ac9dcb254e8ed24

    SHA512

    80ef5381ca1be556f6d58372ab52c953c8477da8ac3f218e5aabd1b643b445b01bfb9f0b134fb92811c4abb9a798fad5bcb2aa5df35d46663b9ee7a50c7cdb29

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e4c6c5990079061961176dfbac5bff8f

    SHA1

    365d3babdd58e64b5b47451b68a3dbc2f881d5c5

    SHA256

    bdfc28b838ba2c55591e950497e891acbc0418118637f75820216d31eaff4699

    SHA512

    26c67622201dc61cdbe3d242fe7cb63afaa62580b96734ab6da239af5ebe950997e7422dde7d9ca86e8e2080fdf77a869b11e4748667a1c7c19fa1c549340dd3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0a659efde64d32a18b6c24c0374f011a

    SHA1

    08772796356307910243be43bbdf28f04e526b92

    SHA256

    ab8200d65efbac9fd9c2aa4892493bed3625b04a377964ba15670c61644ae061

    SHA512

    d6cda746f306caf31c0a21dd192e5779f7809e6f5adef8237d16dd0e026c3075878ab9b2fe538006395444e8b70706d0d0fc8cb6ab7daff874272ec08ad2582f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3b3ade7abbe9612bdaaa67bdd149a243

    SHA1

    9bdbcaef882421fb12f73448e602b55bc3a876c5

    SHA256

    39a69390d27725fd8d3ad0b752320ee51f040f9fddc371f1eeb92d5aa1a1da78

    SHA512

    b4a6053fd1b3ca18834ac7b02393e35f0745969da17b09b0ab13a196ce7593e1d652bad78ca8fa9ef80e43d4f67c32361d9c9b5c8e775637b01fad3eda0449f4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4f1febed240f8a63f89f5d6b91a8f050

    SHA1

    6a8fb036621492b24ba621803416526ae7fd42b3

    SHA256

    2ad8ef11ad9d52899761c377512e6155bf85af522c9c815bd46c28fba1b24848

    SHA512

    d33ea19c53f0af0d725bf1600c4d25f6062190e146b164d1c104b55b99a60d90526e7ddd9ab35b438d104d576ea3428a49d0989e4cc65edbe67418713b3eafdd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4ef70e05a299dada906c2fda17389e78

    SHA1

    52398b0f5f75e1f7e102dd65cc1f02eaa91e2393

    SHA256

    c0e1fed7bfbd502c385303e9ced2c9f42d3ca9e1bb03d4d890a2a1a813b47b61

    SHA512

    24e770bc2130208b201cc10bcbb4a966f98cef530394d851377c93a89f111ed9fd92a6b83e57d6c9c00da207fd65a00ac14e8123227149f41d521882197f6ef2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6a812501d38b3e53ded0b82e1747f6f3

    SHA1

    17c11a6e299ecee9ce7b89f27cf482aa4e7f36ca

    SHA256

    8c133f72b55b2b03dcce63518542280a43244458b6c6410b5bab5f56ac6072d0

    SHA512

    3513310c5c027fb36049196f1e0bd9cbac89484fd71136e675434eb664f0e25b7074c8789f8faa8320815dca1d5627931949d6f13c5e95443168094e5bdbacb6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    942f57f8747794c6599c04cd37ea5f37

    SHA1

    0f9f0144eeb396e475dfc66d8e4b32d04a126a5e

    SHA256

    c22c52736350f08182e060b3dcadf4548a9c1bd45ee111e3f75f212ce63d26b3

    SHA512

    cab4bbd44f00746363ed7d7a71508a5d32613b166d691bce46a32ecfbe66be8c80a8538663b376e56aca2edd96d86ec78e2a1ae0a320549899a5f298b60bec3d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4cc1c05c108e1fb8f324af567c3f4bda

    SHA1

    ece6f932270bdfaca4d12a55c662081fbf1eeef1

    SHA256

    bec614fddec30e606c79ff102347e063e282035ad322be5632223900c5652639

    SHA512

    7304317e2ef02e2f88cba58e04cf4b6d817b0f4868bab0a7585a88eb531b9cfdd3f18a9edaef6a5ee5aa473fdf364858426801a2ab8cfa307199687e46150af0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ce11825a89404cd758c7312a934c9916

    SHA1

    7cf20ed6850d6b4a069325426e8c0e9cb18b0044

    SHA256

    438c8e8dfc240b4fe6df8549d877ebe4e6edaabc54122ea6f083538b8d895c4f

    SHA512

    469d6ab9079eac70d7d7023983b34d8f8f7519100fe1922dabb31198820e81a18864d38037c94f28ec4d4880ece468a3186a9760f4edb216138eaca113fc9e95

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    284eb2ae5daaaf13559987226c882a0c

    SHA1

    77aab2e51bccadef24585188c832580b386d5b67

    SHA256

    2858541edcafae14c9bf24c9475c2360a6cdf10508e7f1060797191ac892405c

    SHA512

    36090c59d3867a24aad5d7bb1c3a9464846e6e022edb5f8d90bbf4b8cba1cfcd6dc5eff8a49a6066d2d19f7b80664e774d384a573297fd60abb3d75b58446238

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b3b5386d70c26356876fad19f4ea4ec9

    SHA1

    ad5e60dac40e1b0ed79e7a64aec7978e1f28e0e9

    SHA256

    e47597e4913d40d2d11500eeca4fd4a89df8a899f83644037eb37a6d5a6b75f4

    SHA512

    dc1e212e74d12d243bc21967339da1f787ba1c485a3ff59446618ec2d61055b5aa58c07ffc14347fff92e387e4b0e24e76612e6dddf08fe92c20674cdb0fd515

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4ba0dbdf62bb042edf85ed65c24b7e0d

    SHA1

    3d1eadf9069669bcdfc87433eb77320f0c2f290f

    SHA256

    f26536b72a764454d10bc909df93b8dc6b4a513168200c7f4eac5fe99ab5a5ec

    SHA512

    b2a34dd49955fdfee48192148ac86a47567a47fa95f25f55f29bc52cd9dbb303d55e7797efcc321f5758cc51333cc15b8940886d2558c6767e5692cdf6a77a67

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabCB3E.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarCBBE.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • \Windows\SysWOW64\SkinH_EL.dll
    Filesize

    688KB

    MD5

    bd42ef63fc0f79fdaaeca95d62a96bbb

    SHA1

    97ca8ccb0e6f7ffeb05dc441b2427feb0b634033

    SHA256

    573cf4e4dfa8fe51fc8b80b79cd626cb861260d26b6e4f627841e11b4dce2f48

    SHA512

    431b5487003add16865538de428bf518046ee97ab6423d88f92cda4ff263f971c0cf3827049465b9288a219cc32698fd687939c7c648870dd7d8d6776735c93c

    Download Submit

  • memory/2028-439-0x0000000000400000-0x000000000068E000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/2028-10-0x0000000000400000-0x000000000068E000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/2028-5-0x0000000000400000-0x000000000068E000-memory.dmp

    Filesize

    2.6MB

    Download