Overview

overview

8

Static

static

3

ab2546f949...18.exe

windows7-x64

8

ab2546f949...18.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    75s
  • max time network
    140s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    19/08/2024, 13:08

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    ab2546f949ead0848d5e8f086a1f5fd6_JaffaCakes118.exe

  • Size

    31KB

  • MD5

    ab2546f949ead0848d5e8f086a1f5fd6

  • SHA1

    cba8058ea7310016e68dec02b2bb17a288590a23

  • SHA256

    c2348846b38573ae1e926cc67e561d0ee3600696b5eb16c8cca5edf0e81c43ac

  • SHA512

    324aeb66a81fc1b992b7f63683244d99ef2f3fc968a34c2bc348aafee22eda8416845fa0a54951ad0cc38c3a716a65d74dca19b973e226c951cf10a3274874c7

  • SSDEEP

    768:FdNnMLkH+xuRoXK64fKjuY/HbPoVk5PRxSlzlY:FXMLvuKXK6yKjP/7gkai

Score
8/10
discoverypersistence

Malware Config

Signatures

  • Adds policy Run key to start application 2 TTPs 2 IoCs
    persistence
  • Deletes itself 1 IoCs
  • Drops file in Windows directory 4 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 1 IoCs

    Adversaries may check for Internet connectivity on compromised systems.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 29 IoCs
    adwarespyware
  • Runs ping.exe 1 TTPs 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 7 IoCs
  • Suspicious use of AdjustPrivilegeToken 5 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 18 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:1220
      • C:\Users\Admin\AppData\Local\Temp\ab2546f949ead0848d5e8f086a1f5fd6_JaffaCakes118.exe
        "C:\Users\Admin\AppData\Local\Temp\ab2546f949ead0848d5e8f086a1f5fd6_JaffaCakes118.exe"
        2⤵
        • Adds policy Run key to start application
        • Drops file in Windows directory
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:2860
        • C:\program files\internet explorer\iexplore.exe
          "C:\program files\internet explorer\iexplore.exe"
          3⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:2896
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2896 CREDAT:275457 /prefetch:2
            4⤵
            • System Location Discovery: System Language Discovery
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:2652
        • C:\Windows\SysWOW64\cmd.exe
          cmd /c ""C:\dfDelmlljy.bat" "
          3⤵
          • Deletes itself
          • System Location Discovery: System Language Discovery
          • Suspicious use of WriteProcessMemory
          PID:2708
          • C:\Windows\SysWOW64\PING.EXE
            ping 127.0.0.1
            4⤵
            • System Location Discovery: System Language Discovery
            • System Network Configuration Discovery: Internet Connection Discovery
            • Runs ping.exe
            PID:1360

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\ProgramData\zyndf16.ini
            Filesize

            146B

            MD5

            3a21c2d1deaca064e15fbdd81fb3ce66

            SHA1

            35d39589143b53b5fde4c8e8f3d4f334d7aedb0d

            SHA256

            14a7a41af35b6c25e09fd8022f7a53967ebe94824ae20544dc21196ca6871a8e

            SHA512

            112bf74e90dc3f90f24ae1bbc841f641470eb993b074564ba88572cac97cb0f0eba5a2bcf3eb9e40c0b1082dc24b95c82a14dfa79bc0aa2b67ba92d04ffe796f

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            342B

            MD5

            7971c7c0b79fdb275107791e85cbcc35

            SHA1

            4cd38f9399391618309c65254b0877cf8fd81df3

            SHA256

            aab874938ff077528dde21bf916f1fef6138e5994d62c668e3370871d45b52da

            SHA512

            6115d10dc425cf9a3f3e94ef748521766799220f9044c73e6eb8be375c9be4623963da6d922bcb0d9bd845b7f72a2ee1a9455d21d6ca1d8d99bfc8de3440393c

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            342B

            MD5

            ebc278c7162d035bafd324677b23f403

            SHA1

            96ecc06402e5a8631b25ea960203af00817dfea9

            SHA256

            8719fb42ea09aeb99d26fc00360e6d14493190c2b6594d5ef350cf67e3c3294f

            SHA512

            170ecd87e9bc6662667d99771dd95ca74b1441a79bb2e4bdbf4ccbd44e50134668586827db39d7bd29bf76b6b416d384c4b68e86da6b2d02f9ad4cfd3aa01da4

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            342B

            MD5

            85a8b799b43e1100babf9177cae66677

            SHA1

            1d0a64d9fc01c900c3da1544178bb44d7682626c

            SHA256

            1b1fbb1ae9ee137bb745d2a01209eb0aee41590a3baf99b4495fd14d7134d809

            SHA512

            34fdb3a5fbb761a23ba803931b7b0e8e91e0abf76642a946b327911acd2a1ad0f43265fbe8d01ef299c0b2f360addd9421e1f48c0ce964c3960bb28b788f6900

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            342B

            MD5

            5e6a78ef38365ff1ff0e3d7b042ee948

            SHA1

            5a6392f5281ce9e868fea4f07fffc97bc30cca8b

            SHA256

            3054b2a3f88f0f5f3f8358b34a848d9293f03a42d8fca472c161d06ac6cb3831

            SHA512

            ce7f9b1bcd5fba4f8b1deda8b89cdbe72963aa804f3a9fa32c478514c3d7eb914debf04109c9b59aa5f5b64e648ca632ff5eeb3f37269cf4d76f5689179cdb5f

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            342B

            MD5

            38728442d5e8b120cf4c7653fdada2e4

            SHA1

            01f00838918d6fe5c1df98dd56ea71530f9f13cf

            SHA256

            555f4209fd72868df91c840641cf74a1de4f4ecd215f9c7feafaeab9f4fb9461

            SHA512

            872f704cb79485183a188b046e9ca1b99bb9b1ddf34c5da3554c30466d3c438dc830d8655457665c14e8a26921d7e13d5196ac9cb00a888bc09b127d4b32d086

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            342B

            MD5

            1ab1eb27c5bb9f0b767ab73938adaedb

            SHA1

            917fedad9b741889e42448a13d78c33a31110a80

            SHA256

            a7a570ed1004a8e5f70f03d5d789401ab95c9e2e32768d126cfdbdbf20ae4cf6

            SHA512

            f52af5702324d77f3d22c1ead2f5ab07b09e5032ff82d46b933a70e066a24b7bf67a164c29e8d96c5eb7949ef1a7a16d4502c0e75d8134436dfe7a13139c0c42

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            342B

            MD5

            c50c3a164443928d1c75eac5f07970a4

            SHA1

            31bffdf4eda8e9f5f8d116087d43c4fa1f561376

            SHA256

            2de8c94c7319ade181efc5a8c7e4ce9db0c88303225ba831d07cde785baf1402

            SHA512

            67d3f277e4a540316965ffe393d23fc38c66b01fb6b31ea871b3ec981585b7f675d07a0bc9279fc9528371fecfd035e062f18f98fa3864440cf23b9dbbf01ae0

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            342B

            MD5

            0a6c67915f394039f64fb2997566757b

            SHA1

            521cfbf255d5528144aff68f635fa45b1492879c

            SHA256

            d07b5b0d8d67f40b78a24e84ba6dc8a3315f901cde851bcfe15b17e01ce87fcf

            SHA512

            4ed9fa3d020cb23320a716019490933c9f9a256786e869197c9fa29ef3c39fe1d51b4641f799859447ce0ddf0609c65a94c7f2f3f5c74359fd7032374afd95b5

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            342B

            MD5

            d9d59f9bc2e15e53c39680f8ae7f031d

            SHA1

            3bd5de3a088ab0dd469f7c09bdf353207d6a4e98

            SHA256

            1e2b942075aa75d04ea554a7e29c2fe4d5ef12717e9e77547641ef7e2f3bdc92

            SHA512

            936e244497047e398994c910acd279adf982fc0840f313144a671ba6b3aac78211b445e3fcf531604bff7e1657265b8bef1ca01e53ee977b8d71ec8a1d16b64b

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            342B

            MD5

            2450ff3d574249e7ab4926e5a794ee11

            SHA1

            38bdd5d1881169de50cead39f2871931b00d236b

            SHA256

            362b29142ded3302bcb8fffcee25366bf761673bfe08278c885a635b6d42a08e

            SHA512

            25d6ab2d0b1d959d26f9e69ef02dc2e99e19ec14d4ed8305cabe7536d39b0bbf913c7adc26378246ca2bd0d59d40cabd6eb12db2654e0ce129f67755a217d75c

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            342B

            MD5

            0e24b97488c47fceed43660bd48526ec

            SHA1

            620b6bb8a8f2e1179cd40f3a62f14e82c8042b08

            SHA256

            96a4619beec6219598d086e8c2393baa48d7fa254332ba136fd271c942d5cd19

            SHA512

            d22180690b773fc1b956309c0c91e28a7de7ff0754b804867b0c087b3b61dbc542151feb1310670b912340b563ba73182e254e875424845d35104ae2d20dcf1b

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            342B

            MD5

            f1c373e9ed7e4e27eec25bcccc21705b

            SHA1

            cac642dc0c2de0dedb6367b223dff27e5761e7ea

            SHA256

            80719a31bc081e53ddb3f2a39926504f5a15af480c28d0a0f16b6af843eb08ab

            SHA512

            b9b6caaa980c46d0a60f8074bae66a61e67aaf2154944014d8edd9a658eca88844e0199e7696ef60edb5982d496f64c939fc6b0cb3ecfb770e58071adcef8fe5

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            342B

            MD5

            a242027838824d0e879e7364fc179669

            SHA1

            02b834facfd7fd839acba8d65f8dd379b5157a62

            SHA256

            60d7568f11bf6a509e53cb90e89b7d223b69b0654befa325ae8446ae870dfc80

            SHA512

            6af8f58eb48d90540a882189202bd42cf88e190d56a46b80809312316d591a24d862e10bbf5c976fa9093609f14ccc35ca7d786226b3ba2f7d31baafe0b791b1

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            342B

            MD5

            4205da3c36478ebf578b5c2176bbbbe3

            SHA1

            f1a2d9717fccaa5d065bfb46bd67c9f695e9688e

            SHA256

            d5f2978c78b41a099ca188aee3e85f61533521db7938e67125b558ae592edd32

            SHA512

            5871de59db6f255eef5547377a7ad9ebecd1b8c2485a1cc8864f584fe81f2f7c6aeec3741f055bc177b720eeb59d760d56f518f509094a9e379cc7d830856978

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            342B

            MD5

            0523aa2d484c15f6491ce6c293a71348

            SHA1

            c11b630848f034173ca96cc5377f69a9286a960f

            SHA256

            71c6b30ea485ee925c3fc756f25df43576e311abb0f269b4fb380d5ba64b6d0d

            SHA512

            1d82c83d3f53a1bfad4cd0a8f97333ae3297804f980fd9d92c2b7c98cbd98e11ef3a146d87a3bb17c59f35729a3f4fe6c8986c97c8a9cd97f58011cb9e6ed10f

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\Cab1A17.tmp
            Filesize

            70KB

            MD5

            49aebf8cbd62d92ac215b2923fb1b9f5

            SHA1

            1723be06719828dda65ad804298d0431f6aff976

            SHA256

            b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

            SHA512

            bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\Tar1B06.tmp
            Filesize

            181KB

            MD5

            4ea6026cf93ec6338144661bf1202cd1

            SHA1

            a1dec9044f750ad887935a01430bf49322fbdcb7

            SHA256

            8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

            SHA512

            6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

            Download Submit

          • C:\dfDelmlljy.bat
            Filesize

            233B

            MD5

            d424eefc16e6524c70b52194aded42f0

            SHA1

            19008b0b884068de0136f74bf6652780950e5118

            SHA256

            294e7d054e71da1d15f3534763da18f7d8c2107b9a500f6e100d816f460b39fe

            SHA512

            04d73ef209e7d2573edcc9dcb64aac04d002149f3703dd281de0cef0e68f4e9051f0843d9f5b51973278f40fb1e8550e4b9a9236cacb8caa95a50e51fda5543d

            Download Submit

          • memory/1220-20-0x0000000002260000-0x0000000002261000-memory.dmp

            Filesize

            4KB

            Download