Overview

overview

5

Static

static

3

ace16ff858...18.exe

windows7-x64

5

ace16ff858...18.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    148s
  • max time network
    148s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    19/08/2024, 22:43

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    ace16ff85873a885160f83050f6a3ae6_JaffaCakes118.exe

  • Size

    20KB

  • MD5

    ace16ff85873a885160f83050f6a3ae6

  • SHA1

    b99a49a54a733e754c1f3ba67614e148909e235f

  • SHA256

    1482cb65594447df495f429888e17938fdaea50a13f273dbb5e5e681bc69a258

  • SHA512

    52ffabad5a75cc621818a2765934b771334d19842e879b639cb279b9ca879fce9127eabc7c2872617e99b113c50de84c4cff6eb3026bcebff984fc0b0bf64771

  • SSDEEP

    192:/TYZ5GjUL+VjL2uyVDsJpO+7PX8HD9SpzEC:/TKGjUyf2u2Qpp7PXoD9SNEC

Score
5/10
discovery

Malware Config

Signatures

  • Drops file in System32 directory 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Runs net.exe
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 19 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ace16ff85873a885160f83050f6a3ae6_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\ace16ff85873a885160f83050f6a3ae6_JaffaCakes118.exe"
    1⤵
    • Drops file in System32 directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1944
    • C:\Windows\SysWOW64\explorer.exe
      explorer.exe http://get.adobe.com/br/shockwave/
      2⤵
      • System Location Discovery: System Language Discovery
      PID:2064
    • C:\Windows\SysWOW64\net.exe
      C:\Windows\system32\net.exe
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2856
      • C:\Windows\SysWOW64\net1.exe
        C:\Windows\system32\net1
        3⤵
        • System Location Discovery: System Language Discovery
        PID:2428
  • C:\Windows\explorer.exe
    C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2072
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://get.adobe.com/br/shockwave/
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2252
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2252 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2772

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          304B

          MD5

          6b0d1b076a7162bfe008da81879e9144

          SHA1

          b03356f78b86a03cb841e7def4870df71698ed40

          SHA256

          21568ccc0db00641e667d6efdfee4650c41cb28e4187687de76d6e4722e94309

          SHA512

          cded9a3d024460ad52b87cbf5e520ae75106265de005950a14088aa1fdc43424c11c86b9e71b6007bfbf42b348c035d53cc5e34b86d98c35cf8f3c5f05fa64a1

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          304B

          MD5

          b552008a4d5b9dac065ef9ebd306c1df

          SHA1

          4fca10e744bd01f73c5f25cf83a545ccc9321c58

          SHA256

          2feeb32e0b8f801825d56d93a6510e5d79e45588047e60b160e6955a6256a0a5

          SHA512

          184d5a41f49c5d30c6469b89e514991b8f31914bdcf20c680c0899ebf92458309568716bb464ae92c2acc4517785d80bb28ba65d638134576b8e9a6522df937d

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          304B

          MD5

          1879193e0243439db2b16a7bec7d4422

          SHA1

          545569cea72be6cb56c68d775694bb5f84f7fc3e

          SHA256

          b68d89cddd69cbaeb1bc877b67a0b5907d423662179daefdcc3f1da55faffa0f

          SHA512

          c6be5a0d6fd265d9cc3761c39fe966bf17b30d59139a39b357628e60bb486cbdf42646cd5853be4e1696162a65f5970198d8bf91490f11928553b0aa0d9a4da5

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          304B

          MD5

          55ee78fc1123d145dcead00e70793de1

          SHA1

          bfd57fd08247767d67692f9396a62fddae948d69

          SHA256

          63933ce892c3bca49a351862c4be42d9ff99fb81099a10a852ecd271e9cd5fdb

          SHA512

          a536e5976e767cd78f7276e409b56805821089477b053322fbff79e5ad0389c4e5145df1abac8f2bcd51cfa8d241e40128a432d44e71aaeb96116c566800bb4a

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          304B

          MD5

          4fe7746c054735f3321633dd3af03143

          SHA1

          cbc7cf7c9ec2a23d91a5f188fc2755ded282a6e2

          SHA256

          8c9b83eb7e1d5cdd0a381967229e0737803d8398c0845aa26f83f47b853b717a

          SHA512

          c70219b8c030bbd5c13885e5e208175e2400dff579e93c8e7b15edb833bbd22fd6bbdb62c86ce69fd371958df9532bbcad96b7e6b49659ed9719f4125118ed31

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          304B

          MD5

          2a8f3c98188108c1c3f37646781616ec

          SHA1

          ee6e3f9eb11e626284745190a2c2aca0d89067f8

          SHA256

          c54df36ac4ceb38858de6f3e8647bc0ad130d791a0bd35df565f6e0aa3da63f6

          SHA512

          ec9261414721dcef0a3257fd4a349acf22712379b82eb146146ecdc5bbebd76ffbdd8275790513e8d739af79c2f03edfa20b42cdd3984e3958c6c2c94cf4e0cc

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          304B

          MD5

          305ff4b5beb0c6fdf05013948f6abc6c

          SHA1

          77f3d3df9f97fb8231e6c1f16e9e82c7e79cf41b

          SHA256

          223b8d54860a2a85ac9b389b0e06dcdaabc38776252741b2c43c8e1e4cc8bdc4

          SHA512

          3b8cb9dc3f783350842848c69d2661feb03c20a1af15f4271bbebd62ba63303c5fb3f571f6493e1da7f44fc3c9114070ff4fd1405e33a7c3bb1d756320a493f3

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          304B

          MD5

          adcef8d65082b417e0c03cb4b31186e7

          SHA1

          b72ee58e292fca972dad2fb0d918f1af33b4876f

          SHA256

          f53df8efa436709dcf863b1ae8f3edf687d56ddf3a990431226d053def3bc22e

          SHA512

          1673da907b1d433e9ed3db92a8a4da32b0b051823c3c03b83e5a947c0113d045d41a7f02f9c0caf6b1f132998f68b4ebfb946640518970902a8c1a16137a1668

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          304B

          MD5

          b2363c318b17391d2c93701d40acf126

          SHA1

          bb15dfe8212b7006f94b4c177642738eb0f40c9c

          SHA256

          9eabde4d55fb395e70a5ccfeeef01dee61cee78d07d99079853d3874b8206ba3

          SHA512

          020747a37b0515608be990446fd462d3a49221e30eb486d23b012a1d62c12657c5307570a3f9295fac725c80e27dd39ac8b4a2b3b2ff55153ea31ee6284472b8

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          304B

          MD5

          66a68a1d82294f5348e961fc409d715d

          SHA1

          7f460fcf1ae78c60fd459588bbb4380d01235e88

          SHA256

          e5491d78f4e6afb13c418bf564a80c517e38587399557b907d4276578765773f

          SHA512

          cffc562cd1c3434594024a28e16c870752f0df112690ba416e3783a5af4d0aca2a1ed9480c824e923c158c8ae86f216bdfff56ca05972b39eca240785eb35d8f

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          304B

          MD5

          97b928b42c712c791b96ac34a5e840c3

          SHA1

          104fc4049b6db36d1e0ee53d3844c8e31f85d1f4

          SHA256

          b7886b04e9d50330c386c0c815a546fe0559886a164247349aa03cf7d9731620

          SHA512

          4f5047df78e5f130fed384f41a089ed22a543c34213ba358b9b692b7386d3c50fdb5d32dbe66febc2574467fdf13a6a1c1db98cdf1572364f927605357dc1d2d

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          304B

          MD5

          d97e3669c3b29417b24d349c749b148f

          SHA1

          b565eced517aa0c6e6af5aa921a808b494d8a7b3

          SHA256

          7ba3b6f0c57168a53af006d881c2a65e88a93e58ef4adc5fa84593caa7e421ad

          SHA512

          3c85aa03a1a2c8c3a00ab2890e98b9f1435bfa9f8a1b541cf0364ec766ff761723c8d7e281c32d1d1204360e99d119197ca778bec126aded86667b13066adc41

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          304B

          MD5

          7335150025d6324d9735c45a14d76d45

          SHA1

          aea765a1306c993e8f1b0fed96c91cf7b2b840c7

          SHA256

          b902a8223ea0c25097cba639ce245a19bdf52233e7a47399b942a6b854b1660f

          SHA512

          b8968348f8c85415ed11ee2dd23e4de55f184c3f7c0e3d72d149633d91b9d51f420f6902331656f2ad9dcf9d09295efca784d39f1588ebcdedea52ed3a91c72a

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          304B

          MD5

          669676b0c65c6fc147acaa143b53f622

          SHA1

          986fa75343e835d2216d4a3b090e3a606e7492f0

          SHA256

          7dc9bb5d4b8d8afb6e5764cc7b5ba47dda586e78689e8de1913e57d1e6ed7771

          SHA512

          de3d9b775202d41bfbb3bc4b8cb89c9419e128e6f90f5d572c61428da659d07cc2cdfd339e52af529d053f9db3f7bf044f22a662baa7c09ee6a26cb826751aab

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          304B

          MD5

          97951a6a132914e591db126b85b20c61

          SHA1

          109101b7d2c8ca557ddb9a625f9d5898445965d1

          SHA256

          601dda77cf60b410be0e2ea7ef5c838bc872287fa7c1edc5cbe0c1979a5cbec2

          SHA512

          4731f97458be16550a96db939d3467b4908a25bbf7d226187bbdb06bd363a3f2fa0854a89098c85cd3329a47f9a99c9a2968f2c133720053d158bb0be570ca64

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\Cab1D6.tmp
          Filesize

          70KB

          MD5

          49aebf8cbd62d92ac215b2923fb1b9f5

          SHA1

          1723be06719828dda65ad804298d0431f6aff976

          SHA256

          b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

          SHA512

          bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\Tar296.tmp
          Filesize

          181KB

          MD5

          4ea6026cf93ec6338144661bf1202cd1

          SHA1

          a1dec9044f750ad887935a01430bf49322fbdcb7

          SHA256

          8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

          SHA512

          6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

          Download Submit

        • C:\Windows\SysWOW64\WinUpdatedata.exe
          Filesize

          2KB

          MD5

          8bfcf44eb468bd8d016c0a378f5ce3b6

          SHA1

          11afc64a4248bf6856fc4f8481d6b62f50f86143

          SHA256

          04aa3b55acb1d205869dda64310cd684169666980c1fc4f41d7364ee58a7f973

          SHA512

          3e445d11ba096b13fca27dd4a7cd620eff4a31f90163f91002128baf96ad95bf58f4dd7143ca59789701aacc55fd9d68400e6bff350e1781696cdf0a95754ea8

          Download Submit