Overview

overview

7

Static

static

7

a72654f6e4...18.exe

windows7-x64

7

a72654f6e4...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    136s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    18/08/2024, 15:14

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    a72654f6e41bfe5db31ed53beeb5d2ac_JaffaCakes118.exe

  • Size

    11KB

  • MD5

    a72654f6e41bfe5db31ed53beeb5d2ac

  • SHA1

    c52f0d670bd7e8ff2955f060193f55580e10a581

  • SHA256

    630f4ee61009dd5490b7102edc24ff202c0bf18070cfa1b535c2456a3705fa7e

  • SHA512

    17494a8a0fc8a099fb0084e31155b0d83af1307007d9ed638386c28d9b4dd442c271cc6f9eb2489b2cb54d954455861d5dcd3ddd7b1d7c7d46fac33ba0ec437a

  • SSDEEP

    192:njx1PShOt4n9bsFFxNI4c4dy+qFt9ufh/KsW5n7:jxJSgt4n1wFxNXcY+ufhPW5n7

Score
7/10
discoveryupx

Malware Config

Signatures

  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in System32 directory 5 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a72654f6e41bfe5db31ed53beeb5d2ac_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\a72654f6e41bfe5db31ed53beeb5d2ac_JaffaCakes118.exe"
    1⤵
    • Drops file in System32 directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2712
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c C:\Windows\system32\Bat_f_i_l_e_tmp.bat
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2688
      • C:\Windows\SysWOW64\mode.com
        mode 50,20
        3⤵
        • System Location Discovery: System Language Discovery
        PID:2592
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://rapidshare.com/files/382384331/avira.rar.html
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2752
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2752 CREDAT:275457 /prefetch:2
          4⤵
          • System Location Discovery: System Language Discovery
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2648

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          c5727f3e2a85f5c79bb07c9cea1ad2db

          SHA1

          9c209d1fc31083c4ce31caa847048a788320905a

          SHA256

          a14ced8f55642686ed4276a813ea750803158fcfe46191994aca80164bce0f8c

          SHA512

          6795863319eeeb5c0c4d89e0802de2a20a12e006566c43f748fd82c8edae7ce2274e109024fdeaec6731542c83031a9bfab2a77cb7dbeb3dcbdd0578ba16e05b

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          b312f24e9f780029a0083a5f27ed499d

          SHA1

          ac832bb2100d5e580194667c74fe5d241aef75a3

          SHA256

          61c6059749e496b4fd04c7437460f2a06e7f80768b2faeb14d9ffa85ef263533

          SHA512

          f853c9c8d2430f163b59d5480221a20b89dc0a67fc8f788a878be7393e72eb9849709f385bf7b14977c5458ad7c580918a5a03344a3c4bf48286aa11829f5668

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          8dfe02556e18453916e6be5ddd2d23b0

          SHA1

          4d599fbd4e0661dfd12cf9c89a44beb7d2f49318

          SHA256

          6fe6efb29f844a0660e39dcbc4cbce69d5f58ac499f4baa2ab2df0a2fbfa4ed8

          SHA512

          04d26b18cc413e79f21995c350a6baab2bf7484718411ee2242bbb615ca080c8a97212ef968e2983dcb01eddf64c9597d923cb6190e75e7b3f4bd5322addea9a

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          96e6f7832c0f5ca3ab321f2a2beb5d1a

          SHA1

          d58258d6810f21ca23b93e03b3d301c9860b4527

          SHA256

          321092d988da0aeba7f32cb493311d19187cb86afb4fdc0b9c1c5ea20b767da8

          SHA512

          c02a467bfb55fa27666712b77b145dbb78d0e43587e3c9e3d38ffd7bfdc05d807215fa686537bad13eda0bb08a857ca0d935c343b57a7c2549de4696d06a20f2

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          f203f27ef4046a7988c68e453fefbee7

          SHA1

          ec1cc83ed3bcd6308cf187eb8a6a3b3ac89efa9f

          SHA256

          e4d6d8b3178ff7251dcc72f6ef16414b854cb6ba58153de5a59791aca1e09944

          SHA512

          a1c34a0ba84ce07a113974dd94fedaa3d9b4ba8e562e90f3339b17f23c7e8b9a388056a77ac9150b7934cd02c34393c739266b62b550976e2e9e0741d07b2a38

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          10a73152c8b71370414814e937db8011

          SHA1

          cbaac5c100536f790eb9ad922f942313c931be7b

          SHA256

          485ac59bb4910a7ae8845c4c00c1e04fe8ffca86af78d1afc7630aa8e5bb7a12

          SHA512

          ac03053b97ae3efc7d217d8d4315da2b3f48c9944974b39282d4dcbaf68d2964bf62d7820f1f7c42c12480a4c8db89f3d7f6ab5c5777619a6bb6341e360d9384

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          68d9a9fc199e939ecb28711b7af719f0

          SHA1

          d2fbd5fabd3f3c1650a94ce7a33634f73ba1e49b

          SHA256

          3ebf22df10f5d0820b8a4a389fa885bd5b52d8579b8aa97af0c00e4873f53892

          SHA512

          2d7220497c6dbd529c230bda6f7c7fd66943311732dd78a7a4853fbe0912815e5cdb6aecaa81abfdb3c2e7d91b21e7677a47be0de2a6b21b44e67cc31b4d2d16

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          10c991ecd0fc9325b4b21144ad4230a0

          SHA1

          9cd9d4f9876deed0ff6a96b64fc45b4d60859f29

          SHA256

          7238c0239fd3d54140e9a1c9983b4d4fb07c12fab6facabd052b7016cea4a741

          SHA512

          f16011cc8d29d431e6b0c0d227c085887b34374bad43e9f9c9bf5f94883b55df0c64dad33f4ae797f1c4bd58040f579689911967fd3ffc3ff98a586c4acc3234

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          db22fca376aa62e514664786a3105a1d

          SHA1

          63818c264a169a309bddcf34f78d42d09c2eed51

          SHA256

          469f6b1558d3143e6716a0a300b3d7157ad41bfd3b8f7281bb36dd483f430f0e

          SHA512

          611142b4730a93927f2797db6c506613791978d895271e99380b2dda442d58e80aac9cd79f02b4f2840bee90bc0df41af4809e3e1df77e7010b52263aa5c32cb

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          2dc55f0c13e88b7d56669228471578a5

          SHA1

          bdbb240e5206b1c88f28dd7d5582d22189d0391b

          SHA256

          ae62fd3bdb9fed7abf99b0052f7cfb008d9f355fb97793bb311280e0beb78d69

          SHA512

          5812aa0c6b7dbdf5ed287d84cf4fefd5f05b84fcb64476982e64ba27fa3789b57bfd878155bf8b8d90819f120ab96c1cab303270e432f9229538f552e42f5dcc

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          593532af62dbce6f828808bb5a94a692

          SHA1

          aab11ee7325504cfccede22b69c15050134ba406

          SHA256

          316fba493cd5dbf0260ea7ab503042fc7baa1822970ca4271da1637fde988714

          SHA512

          fed7baf5b2e95e83ae41891d3c0103dfad200a96ae302469a489a2affe6f8ef04d38e6aa88937f654f5866b189d883887704976e5bedfdd60d54ff7a593e1e73

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          0ee04edd7755fe8d48b75b918a3919e6

          SHA1

          94dd753d56152e8d6a90e8bd7845a09af12788ba

          SHA256

          a7ecffdf881033efd4ea118e50b93677383b589a94d520b5552e5de5fff6b113

          SHA512

          ac604b2ee4dfe4d4ac7caabf803f45dd4a05512be6e1092e597f0786179576bd7b1fb4662e99e61c880f9582549a6557746cd8a2470e05813679aaacb39edf4e

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          88ea43150bc7953cea3a8900218709fb

          SHA1

          59613360a45f72ab10d937d81b245417a7412aba

          SHA256

          8ce84b0845439df4c193246a4c619ae078e170159e8ea4663582821ea692d2a7

          SHA512

          6b394fd158259ff3d5603a8f3871df342fbed93a13ec6eef4e18b29d6bdcd23e0c862291a0a2e55e70acbe8f73b8d7b64fa0c8ceefa1e10d63d1db040b6064a0

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          f011ee1791dd14e7c5e56f6c18ebd4a1

          SHA1

          3674d87cac9e384c3aa8462c15bbf90fb4d94ca7

          SHA256

          edaeb60db90c02cf78b07118e0dd40d1e166b946c70b1be496f8004ab5c63b00

          SHA512

          111c75dd2883d8a550de9b9079f324e97ae38a1b8fba20b738554137d9f639cd3b3025d66fd396d392e7ffcb0aa9499ede46c6b2c2b54969d42a12243ae62be3

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          2987767480f9ce987ee4232613dc69a6

          SHA1

          9006d2c1f08359870cabfaddecb3b5d7dc1cd6bf

          SHA256

          7c02694cb1c9bc4f85de3429942ce759d4db18a4d3debe544b106954418a02b7

          SHA512

          54d4e37a6a3b6815db74abb7b94086770af8449580836eda28386779cc33e962f4443ce38795ad611eedac8e26ca5fa050756f391a568831da09c8d1c39e23ac

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          d3b217527da03bbb4950849b3f7638d4

          SHA1

          015e2275441d2df37d7bb259e0cd041c0762774f

          SHA256

          7baad9a079fc89ea8847e8bd2c547a65462e1419698354463e1af1c3a4739336

          SHA512

          cf27c30b51d14a6ec4bdbe14e532f6f0b41c45955e7b6b28c1603152df209de38ac53fd3607d81f8265eb7ee9d46c0693d7f55d54589e65cfb73c931f1950589

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          5dfefca3b16a4432208507200505d209

          SHA1

          729c01afe6d720fcc2d2c2d48b6d2624007671a1

          SHA256

          d605343d8c2b3ee6219d03ece18146a1eafc3db94fe54c28a03c37a5c0d1eb70

          SHA512

          952fea58ea7fadc681bf24d9929cd97ccc91d1441c63329032fc5dd1a2402b0859a8cb3ce695199bf680a0a826dd004445b8016ba017fdf27a9767d63ad9163f

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          5b67d241a48cf456ba64ca9596732bd1

          SHA1

          d29c62d04cbf8bdf0fedc02abad7084e90f2dcfc

          SHA256

          f1106d772f12f6711dc8baedc73d875d91559ef03492b42f75bbee6bc5b15398

          SHA512

          aca9429e4beeea82401045f172ae3565bffa04991b2f4dcd19970f48f738d007b106cc95412d4b5f128162036add363467848544e73f4dd498cc5a2ff2a8c416

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          f9b4b59e1f56023b45a62d1f24d13636

          SHA1

          e9700fecfd6aa59d0d9fbc225d0a2c3cb11d7aa4

          SHA256

          d3c56e7ae54f629452240b42747df8c981931b41d3937c34b96fd56b68f4c042

          SHA512

          0250bd758334f65ba16efd1ca486483111d716d833c4798cec642b024d916446c23438bfd3c0a5019c07a478cf064142b5161ccc64e94cbf124ee0aa17cff9e1

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\Cab7965.tmp
          Filesize

          70KB

          MD5

          49aebf8cbd62d92ac215b2923fb1b9f5

          SHA1

          1723be06719828dda65ad804298d0431f6aff976

          SHA256

          b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

          SHA512

          bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\Tar7A54.tmp
          Filesize

          181KB

          MD5

          4ea6026cf93ec6338144661bf1202cd1

          SHA1

          a1dec9044f750ad887935a01430bf49322fbdcb7

          SHA256

          8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

          SHA512

          6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

          Download Submit

        • C:\Windows\SysWOW64\Bat_f_i_l_e_tmp.bat
          Filesize

          349B

          MD5

          cf616e4366131e50fa5b769cea32e31c

          SHA1

          c36df8b03e005c6df2b2cd6c2db738a425991988

          SHA256

          d4483eab4204c20c05d917112de37605ee7bdd2ba59ee9dbaae4a6bdabb77ff5

          SHA512

          6c48e98dce6fe6641304e972d2907154e0680628904ef21f57905794b43dfa1b8378f5bf623f5e2f7d1eb3f548d8da8018274ec7b89aba0339bf04a29362321e

          Download Submit

        • memory/2712-456-0x0000000000400000-0x000000000040D000-memory.dmp

          Filesize

          52KB

          Download

        • memory/2712-0-0x0000000000400000-0x000000000040D000-memory.dmp

          Filesize

          52KB

          Download