Overview

overview

7

Static

static

3

aad716e6eb...18.exe

windows7-x64

7

aad716e6eb...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    124s
  • max time network
    139s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    19/08/2024, 11:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    aad716e6ebefb3aac96726bea8bd529b_JaffaCakes118.exe

  • Size

    1.4MB

  • MD5

    aad716e6ebefb3aac96726bea8bd529b

  • SHA1

    a5399332adf6786c33b40273ca867ba30d224f71

  • SHA256

    38163fc3b8a110ef6be66ac8db5aad4335f2f64974e9db67dd54ef395d7e2ded

  • SHA512

    204257067ce702fea520dd16b6dc8e130f63cbc3a0d9d5511ab884623d8bab1da558329c047e42f2435468aed12b7be769f1cd3c00cb0e1cc5b729d7479fa93f

  • SSDEEP

    24576:bir/4p6qO4pDlPJsZtZQk5p8hulbEwfDpBzjRvdsxlTShiVClwb:K/4Qf4pxPctqG8IllnxvdsxZ4U5b

Score
7/10
discovery

Malware Config

Signatures

  • Loads dropped DLL 10 IoCs
  • Drops file in Program Files directory 12 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 7 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 58 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 50 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\aad716e6ebefb3aac96726bea8bd529b_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\aad716e6ebefb3aac96726bea8bd529b_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:676
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" http://taourl.com/i0dpw
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2900
      • C:\Program Files\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://taourl.com/i0dpw
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2724
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2724 CREDAT:275457 /prefetch:2
          4⤵
          • System Location Discovery: System Language Discovery
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2780
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" http://www.178gg.com/lianjie/10608.htm
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2772
      • C:\Program Files\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://www.178gg.com/lianjie/10608.htm
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2916
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2916 CREDAT:275457 /prefetch:2
          4⤵
          • System Location Discovery: System Language Discovery
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2260
    • C:\Windows\SysWOW64\Wscript.exe
      "C:\Windows\system32\Wscript" "C:\Program Files (x86)\soft164804\b_1604.vbs"
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2728
      • C:\Windows\SysWOW64\cmd.exe
        cmd /c ""C:\Program Files (x86)\soft164804\300.bat" "
        3⤵
        • System Location Discovery: System Language Discovery
        PID:2612

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\soft164804\300.bat
    Filesize

    3KB

    MD5

    97b173fabfcfa68bce50b916f0926a0f

    SHA1

    20d9223f19a5763c78001e807547c5ff02b72780

    SHA256

    8e5478beb98b4f959eeec201a7917186eda3b98cc6cc67a54954628b1c8b2363

    SHA512

    1e51059d2273e142972edecbae5b8a2aeb6128f4dd9d1558468836959258cbb864efe4c083043154b43da21af23eac8bbab162ee5017c33bc73fc8d2b67ee76d

    Download Submit

  • C:\Program Files (x86)\soft164804\b_1604.vbs
    Filesize

    247B

    MD5

    0db1e4dc50d3fef7759e23a5bf4f0445

    SHA1

    cf4faaa8b04368ae7d45b678353c83d9c5ef7385

    SHA256

    1091b38105123f3775398561213d86d783bf57c777fbba87197f3b5c70ee9e28

    SHA512

    770c670c5e4292b8fa017053a43b0dc97216492d0409c6ea29ec7bc9f2be2eee239600a7a922e801f6a7d76e02c3a0d8bdadf839db4358fd5bfcf15e573ab189

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    518736e2f29a1e4b3917388fdfd782ca

    SHA1

    f84b5116565fa073cefe5cc90f5936cd06b2dd46

    SHA256

    90893050d5da91bd53b93f94e7b46da4038fd468f507a0778e45065cf778bf51

    SHA512

    e234fb50ed657669d9716f3551f486ec376d7748a2f93b7cd9e68fc2a22f351b2ef62c588795f5dbd7b931b8406c24220475b8c5cf2c76f0f018e913071f407d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    83dfab7f06ddbeaab5eca529706bd2d6

    SHA1

    1ddd0fe8e5145b87bee4873b2bde5abdb33c4b1a

    SHA256

    824f0988912ed4ced6d427414359fe6232fc2db63ac41d8d043940ca28fb3e46

    SHA512

    b01b6e4260acc6880d63d5ddf6ec62292cd446b422729d2704acaabbb981a6630b8d2a7822787c2e27eb0596251ab093f7cde750a28f1c7d3c8093b20637ee44

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    77399c048136337a330a36060475d789

    SHA1

    8b07acbf3d27673bb309f98ce2740423a89fd5c9

    SHA256

    62771ac7e4a400ebaf2a3850891c96d91bc8d87870ccd858d6b14d1ca20e1c82

    SHA512

    e575ff6ddb6d1f76596ba5fd631d6d84280450d53033b070374203d275c829442fc02b13ad4d5558885292c8abfee3bfab88cfbbafddacc8fbbc5657dfa57686

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4991691a35b7fc24b13f92f82998ca6e

    SHA1

    1e935d470beed4515a65595218ec2087b6e80c73

    SHA256

    96ae8b72ee13d99abe683395e67856e80067e99d2e1641dfcd91d0be658d8f84

    SHA512

    8cf0fe20a8eb22b2292534bec610ab560886de14b11ec8346d9ac737a328afdf26c84943741400e167ff7fca925542f0991c78574f173c108b1f8f889686eb5e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    77b1dbb7da229b053279db8ab1fd4730

    SHA1

    bdc72ff17c9272d5d1998a81c8a18dbc3b9b60f6

    SHA256

    212b1bf8f8252878702b4b4825183e0443a135461bc435ba886a27b10339cd2d

    SHA512

    af839ec13181162aecd0fc58a9f2f3404e85a33c6e05e93a2c1a8516e0df5fcff000cae05a1499c23f2037cefb0ae266f093652157b2a4d0e6c18a4e15e14132

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d900dec97c88f76381cb6a584c497157

    SHA1

    82a2bb59e3177f2ba4e7f4b701956f053a87a2ca

    SHA256

    97e80e809f66eec2f9be0be7eec28152d39d24d9faa3199191106fa39e47806f

    SHA512

    5d7e6ed17e8c5c9171333882a86457fe51a834febdea0cf3852a515e93fc9f29a284aa3fa49dbf6182693dc4466fbc578ce60cac34bfbcf794f973cfc5227244

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6770d5619b99ad147502076385303ce0

    SHA1

    611a3d6531ab10cb17c602cae850f4ee6e55b61a

    SHA256

    1af944b6d0f58f8e2c77f512de4c395675c203f141c96e6d3b24ea7c93434076

    SHA512

    b4cd2fead9e99c001057c651415e1b356173b3e4b6b6d4d001c697cf9c1de2ca94a3c8a0b0a90769bbcd150b7602715ba219073ee9eb2ade3be31c4578d08dae

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    993d3414acd4f812c708cb03e8e4db34

    SHA1

    9a207429caf57cad0e9c876835c8d8c3aec52513

    SHA256

    7bb48ce84c8dbf8371eeb1b51750e0e9d81b5cede24c2e47092f66476dc0290a

    SHA512

    40879b96ef9d86c4cfbf826701943c4eb92d374a3f091d9c94e5387d8e358e07e743c5d8f863ca6a8e80276900e2e31235b1575a80e65f1b04a0ec9ad43ca36f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e3be3790fa165cfd24be19701d16fa1e

    SHA1

    353dca0402978d6f9534971f8e4fda701d9cbf23

    SHA256

    b173a4a3e2c2a55b582bd61b8ab3c3e89b125fa125b41dd7c21b26860ed755e1

    SHA512

    7359a3a31569ad06d95263e36ceea0a89ed2f59169f9f7735c9abdb560c1df0ccd5bd2e718348de038dd399374cc78f13e272c8d906da20ea996992175b27d11

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    98f06feb4ab2af74ba5b0b4b86254785

    SHA1

    9a22bb1ddfe4fa61b47db16b0cb06e30079acff7

    SHA256

    d2580a05d372db628b46f5e8a9028637b5e7019f26f1b7fcccc0336a0b447959

    SHA512

    332d73e7b6ca7d572975a71955076a30d9dcaa183137d0105c7a1e6a716481b362c55a6d7c06a4735be822ee048a1b6230ce43007884393503d46756e22f5369

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{A05CD151-5E1E-11EF-9730-E6B33176B75A}.dat
    Filesize

    5KB

    MD5

    1106ebdc55fcc9057a37472faf79de76

    SHA1

    d383bd282b1b495b151962e70af5c36773ed5c1d

    SHA256

    ae12e0e56cb3110e9e98390af9fb5c01c20ecb0530c20c6048ae46d7b9acf8b1

    SHA512

    dabdfe596e995b907f729ec2640ff665421b019df247bc65505158e83649c9cdf198ccda169fcbeb7ddcdda983af22d438c060b0c09cb453e91d63bb32c3fdfe

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabBD69.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarBD7B.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • C:\Users\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\ Intornot Exploror .lnk
    Filesize

    1KB

    MD5

    b38712ed231f729ae6d0052f85b2acb1

    SHA1

    7ef875de599fddb503a61b85778fcccdfe31bdd7

    SHA256

    5dcef75d81cb42fd8d751ebd965836f165cad8c67b56ba1a809b41d8306ca824

    SHA512

    e8598d40cdae0ac5f44b386ae46782acf1f040eb35d31048fa73a4af0467f640d832f94ddbbf20de8e926a68a88c598fc38646afbab4dcb1a3dc5737afe5f60b

    Download Submit

  • \Program Files (x86)\jishu_164804\jishu_164804.exe
    Filesize

    1.0MB

    MD5

    e2590fb7bac27dbfa512820e9139f28b

    SHA1

    209d8d0b77c7a8863a3c68464ce47f6a3f00d454

    SHA256

    4369c213390dd318aaf57b841e338f0b781b16e61713c39e3d961d6065de1821

    SHA512

    a6b8cdac512c2d05eb2270f8b4f64248cc177785acbd8d4f0ad725acdd2c894f639e7e7259066a8014a79d69f213812dc09793a2bad7a3d6bd9a511f3ee57223

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nseF049.tmp\FindProcDLL.dll
    Filesize

    31KB

    MD5

    83cd62eab980e3d64c131799608c8371

    SHA1

    5b57a6842a154997e31fab573c5754b358f5dd1c

    SHA256

    a6122e80f1c51dc72770b4f56c7c482f7a9571143fbf83b19c4d141d0cb19294

    SHA512

    91cfbcc125600ec341f5571dcf1e4a814cf7673f82cf42f32155bd54791bbf32619f2bb14ae871d7996e9ddecdfcc5db40caa0979d6dfba3e73cfe8e69c163c9

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nseF049.tmp\NSISdl.dll
    Filesize

    14KB

    MD5

    254f13dfd61c5b7d2119eb2550491e1d

    SHA1

    5083f6804ee3475f3698ab9e68611b0128e22fd6

    SHA256

    fd0e8be2135f3d326b65520383a3468c3983fa32c9c93594d986b16709d80f28

    SHA512

    fcef8ac5bd0ee6e316dbbc128a223ba18c8bf85a8d253e0c0877af6a4f686a20b08d34e5a426e2be5045962b391b8073769253a4d9b18616febc8133ccf654f7

    Download Submit