Overview

overview

5

Static

static

3

a7e782f1b7...18.exe

windows7-x64

5

a7e782f1b7...18.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    119s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    18/08/2024, 19:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a7e782f1b747ce34d6b25d027c211e2a_JaffaCakes118.exe

  • Size

    44KB

  • MD5

    a7e782f1b747ce34d6b25d027c211e2a

  • SHA1

    efdf7d204883474454d83d876e3b2f482f343630

  • SHA256

    0d4018cd8f9da066631833fcffa0c13f71a6e0ed059c7cf61a7f7795f7a12936

  • SHA512

    192fc3e234e2059b04c66ac4fe4ccc7df2fdf9b506cb7f2970f9e9bd90559d01bd733b9f72834dc951355853543b9894311f62e5d9edbdbd924023ac18ec052d

  • SSDEEP

    768:HB+lCRPfORcOkVtfqRQxxv9+wc1Qs0dZc/k:HB+AuRcnVgRQxxv93c1Sd9

Score
5/10
discovery

Malware Config

Signatures

  • Suspicious use of SetThreadContext 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 58 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 24 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a7e782f1b747ce34d6b25d027c211e2a_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\a7e782f1b747ce34d6b25d027c211e2a_JaffaCakes118.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2844
    • C:\Users\Admin\AppData\Local\Temp\a7e782f1b747ce34d6b25d027c211e2a_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\a7e782f1b747ce34d6b25d027c211e2a_JaffaCakes118.exe"
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2864
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://www.kankanhaoba.cn/welcome.php?k=t%2FK9qMCtzqrG67buxuvF1Mbrt%2FK38sbrwK3awLfyxdTA1sCtwK3Iy7fyv%2BzArbbuxuu27sbrv%2BzG67fyxuvH672owNa9qMCtvajA1r2owK29qMCtxuvL48bry%2BPG68vjxuvG68bry%2BPG68Ctvai9qMbrwNbG67Civai%2F7Mbrt%2FLG67fyvajA1r2owK3G672ovai9qMbrxuvG68DWvajArcbry%2BPA1sCtwK3G67fyxuvG67buwK3H67fyvai38r2ot%2FLL48bryMvA1rfFwNa3xcCtt%2FLArbfFwNbOqsCttu7ArcXUwK3G67fywNbArbfFt%2FLG68Ctt8XArcCtt%2FK9qMDWzqrArcbrwK23xcCttu7A1rfFwK3Arbfyt%2FLArcirwK3F1MCtzqrArdrAwNa3xcbrt8W9qMirwK3F1MCtzqrArdrAvajF1MCtvajG67buxuvArcbrxdTG67%2Fsxuuwosbrt%2FLA1sCtt%2FLG68CtvajG67but%2FK38rfysKLA1sCtt%2FLArcCtsKK38sDWxuu27rCit%2FLArcXUwK3Oqsbrt%2FKworfFwK3F1MCtsKLG68XUwNbArcCtxdS38svjxuu27sbry%2BPA1sCtt%2FLG68Ctt8XArcCtt%2FK9qMbrtu4%3D
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2600
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2600 CREDAT:275457 /prefetch:2
          4⤵
          • System Location Discovery: System Language Discovery
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2696
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://www.go2000.cn/?2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2764
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2764 CREDAT:275457 /prefetch:2
          4⤵
          • System Location Discovery: System Language Discovery
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:884

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fd35e8490685ecfba1ff3c6c3f069c2b

    SHA1

    1699b83a6ab446299b8b57f081e88401acb34363

    SHA256

    111bf2d5802b7672f7f3db4f6048c98d896eb6eb613a1a57a653276e7dae64d9

    SHA512

    de3fef8ffff2d2db9849078d08629327d71005f5aa662acfa32239cbaab90de942830330ee6bccb452911c06f422ee6a04427d8754b828cd49df313ad5ad5377

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8ed97cd4a353d0ac5636c9873361c199

    SHA1

    db081db962be75375a4f4d4d4830208fa4c9edf6

    SHA256

    3dd473939027bc2b3f084c42a313c3a47e29242d8044ea6150b0ee3341209606

    SHA512

    cd49b8686f6f8497fd982c2fd73d7a82b51bd889db80bd97fcfda94bf7fb21e307f203ab39ec1c0ec6208fa17545008d59ca51c234ed9bb70986418696eb2545

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    bfe6e6143c25772b7fe621f434043817

    SHA1

    877e57f562e46993a5839075d136adca84f2b8fb

    SHA256

    cf32dc65798048deaf952d11679a36edb70c4a5bbe92db4c4aecd2e99e91222f

    SHA512

    b28f67576e121882bbd59f0631b467e21f5d2044083fa41af605aeba3ec058447d9d880d082d3e71e8cf27d417b9f5981225f988118ce804e6251cc2d6c083ab

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    13845b4ef64e9cdebd8c9903c507f7f7

    SHA1

    1beca56a71eb3a97d31f3e8431fbbc3bd091feb8

    SHA256

    d82261859c8119e5f525a5958af0e559e7e517579b9c096c72f3a8bad3aa611b

    SHA512

    9826f0372fb8e46837ad2192f70009d50925dcac84f37d6849d437fba61f06fbee0b447a07df5848f17faffc5275cbcf6da10243962b123df223f21167a5ebf2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    034375fcbb923a4103eae789518f911d

    SHA1

    301a4c08fcdee01acb51b4265d3359cf120ae359

    SHA256

    53854d89f05531488e1446ee3c496f25eb8869aea011a726f229921e53157b7d

    SHA512

    7aac66abb527e6ccb9854d69f4c65f557876f9b540d6de07c13ed67e42cd2341fc1cfdc59c9f26e8247ec226c7fefdec73b2353f10b1f3abc70329e9e1f33dfa

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3db92848b963efce4559bdc19f9e65e6

    SHA1

    2bfcab83d60923c8873d416d0d38496fab1ba13b

    SHA256

    89dfd8b610e2ffbbf3e188391b3dca2b2c1b3feccb0eb08ae038429286dc9356

    SHA512

    29c21ca549776adb57552ec5a1693739c68d6332697e87777524029ab7d06f2d1289de33fcc54405872815aad6f924f42910eec9db95a8a3b40e93977617e2ac

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    02905a4087d6a9ab3f2d269ccb1931f5

    SHA1

    9f04538e530b54d347da5ef8498177e607d4fb68

    SHA256

    399217744af407a32b778056ec2cb5d4d891fb30e7bff084561f8aac53c9d268

    SHA512

    156f5752600212557a8f31d3c09b3be0e7445c3467ecdba8ed4a641eb8bd6f203f5f8efc530cc7572e831619872d431c2d00dd56f2a108dd539610a9e4a01f15

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    97da9587213582f6a3ba8d843fb6fcc9

    SHA1

    2a18c17f7913573e0f10533810c739004de04459

    SHA256

    adcd0cc02072221470e854617d0a3b3d0ebaa1562bad4241ed453bdef8b3a3ff

    SHA512

    7f1795b95be5e53bd17995e7df91e0cdafc6ae7d1c1f83730cedcd1fa56afaf8900642326fb6ca30fc9f874dee7deb3a15b3da2aae243fa51b030709204a0994

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5660344958a975214fa4a002999da4b6

    SHA1

    4df2f80bd8846956d64c788575d7d7e104d89c4b

    SHA256

    f2b19fbaaa7027df4f33001784d990dbb3109a19214104c48ab99996bba40c82

    SHA512

    ffdfd7c5493512cd9a981cc0903bba03730531d056b97e45cc41649f07d89cc545e8f26864a870c6f1390f59293b38ba95ceb9241a0be0b939c9a41475aaedd1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1ccb92d798bdb5d3148f8fe9351fbf03

    SHA1

    78fb7b2a91d135fbccc6b55af106898a545a825c

    SHA256

    dfc17b81f24d9ce04234090e608d29eff5cb5c55609652c449edd794b8b7b1ad

    SHA512

    16116f0dc943e6a57491ffd5ea7b7243da7603a697f576c4095f65952d169ca70a3c7452904df2d43efac3a5b7a131ebb1708e1d623623345f45661c0a101895

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4de49022ad9c1c245a3d253deb772440

    SHA1

    78513d016398b57def6371e929a2d199398c2a07

    SHA256

    238405c40641c85da5ce979d58c880b3d54558093ed502f83eea34c127f85033

    SHA512

    9b7d9be5b95dcfaf610d40701a5519998ce3f4456a1f91fa45bffe469687c5820966562bc380e11ca0ef9705cc3d3db6531205592e4da529fe11b36ad91ee910

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1df5418556fc573265e4d0abf47dca37

    SHA1

    4a7e0123053941f1aec94adc4066454d3d1c1763

    SHA256

    6d6a77ff9cbfdda28e7181850c7ba132ea16bbe99499ba97a1ec8d9ac7a9f115

    SHA512

    885734ab059d2be044df25c574123599db0335a739e1a892dbc1f4f7a894e11c731fd899ab9c44f215c018d2c305b4368757e442102bcb7275501443dd21b2f4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9b6deb7068d6e053231600f343eac9f7

    SHA1

    8fbfa2a7816d673018d9ee7881199b9ed3ee15cb

    SHA256

    ad949b07ff2d60791ff2550252392a358a5611a1d8a92df185a365a96f61cedb

    SHA512

    2ea1cd35f9ce0150850baeebd72d454a41420f03ed46cea8bbf34fcbc19aafac9dcc1ff11ecca65469e5575ed1682fcb61d7797e83229c1dbcde156ad8900514

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    59b8b21186eb759b6bc51651daae56da

    SHA1

    416d229a53929022374d07031ae5a60858625d4a

    SHA256

    967f683a49cff1e7f30b6aab254380186b83800b3e07fea88fa732d5d8690a47

    SHA512

    1b55a456fc7f8a0894a2bf28c71b0da342b0405d6a732b4ba7d963ec7ea0033ecb9c79e6aaa5373f0786ab3a621c81e623e5aa156bf547cb945d6d7fa43d0f98

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f278167a2bdd5323f3cc5c08dfb8e409

    SHA1

    e7175606d9e40b351b2494df60db54164615afeb

    SHA256

    a95a43c0ebd5cab565d232d7e85515377ddefa62fcadea4da2bb7b119082b00b

    SHA512

    c17eae527ae1ba696378645a871018f957dbede476f465ab72c0bf9b972540267e08ead93d8d8336d4af6a5b665157677538c57aada537022b573f7355926acd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    65c12bf6681d60b91394451b6e60704e

    SHA1

    01bf6ad7c975edf882f6cf2fb6ff6310fa727484

    SHA256

    69860257e8217cd6bcf7b47bd8cd8fe00ca42e8cd3356f089cca6cfa0ffe7c20

    SHA512

    f4d872d0957100a6b32c67e552bfb263d19f4dd83305b0b2d8e606319f722fe18aa72b0b6f7c88b4ca0297aeda8a0424e4817603b7457f3dff281ad153c83069

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d837e10ca1cd26c50f018b7646d056a2

    SHA1

    106325feed22340194f9fd7e1881ea54f31538d3

    SHA256

    6d086ff8d65bc55da4456329be3ba3bdd83dce699374a005a086567bb24ac14a

    SHA512

    578623239a63c62d45d9b66ab9c7fc1f4ac470532ca5aac34d234a85e8ac5bc9f996e1bf983108ed7ca81cca8e10c8afaae775ac7ff4b37e17bc164a896b95ab

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{40705051-5D97-11EF-9269-5A77BF4D32F0}.dat
    Filesize

    5KB

    MD5

    c9c6db1ed5d20ff6ab7fc936584b2638

    SHA1

    4b8cb1774b5881fbcbda6c63ec875da28311b4c2

    SHA256

    907eb75f0595479eb04632e06c9d1cc68d85abbf1917ea79fa2dd52b7ead1574

    SHA512

    2acecb97af56ea39297ec6c42e660b08c692ed25cf839119e00f5b8b6241157ac479b01eb00aa9e18cf5243de57e28a078eadcc5c872a226544766d246a4d0af

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab83F2.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar8462.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/2864-11-0x0000000000400000-0x0000000000406000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2864-4-0x0000000000400000-0x0000000000406000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2864-8-0x0000000000400000-0x0000000000406000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2864-6-0x0000000000400000-0x0000000000406000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2864-0-0x0000000000400000-0x0000000000406000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2864-2-0x0000000000400000-0x0000000000406000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2864-10-0x0000000000400000-0x0000000000406000-memory.dmp

    Filesize

    24KB

    Download