Overview

overview

10

Static

static

3

ad53189db8...18.exe

windows7-x64

10

ad53189db8...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    148s
  • max time network
    149s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    20/08/2024, 01:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ad53189db84a78d21eeb10ea62600c39_JaffaCakes118.exe

  • Size

    51KB

  • MD5

    ad53189db84a78d21eeb10ea62600c39

  • SHA1

    be65646d0f6a3415ceceeb72a426d13b0140d2a7

  • SHA256

    63a1e56982464c6fd963d8ade99fbaa212ed45733d56545ebb767c29e2e89682

  • SHA512

    22bae0af5876374a7d30325ad892c7d2a153b9091eb7350bccb9d151bb985cfb8fe7cb7f4e5994c11e92771b674a795775cab55cd77656dde987aa998c5580c6

  • SSDEEP

    1536:hmZHPoToCWFSu2MbLJkpbCSzSNhquwjPgQ:iHPDFSDMZkxCSzg3wjv

Score
10/10
discoverypersistence

Malware Config

Signatures

  • Modifies WinLogon for persistence 2 TTPs 1 IoCs
    persistence
  • Enumerates connected drives 3 TTPs 7 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops autorun.inf file 1 TTPs 16 IoCs

    Malware can abuse Windows Autorun to spread further via attached volumes.

  • Drops file in Windows directory 4 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs
  • System policy modification 1 TTPs 1 IoCs
    evasion

Processes

  • C:\Users\Admin\AppData\Local\Temp\ad53189db84a78d21eeb10ea62600c39_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\ad53189db84a78d21eeb10ea62600c39_JaffaCakes118.exe"
    1⤵
    • Modifies WinLogon for persistence
    • Enumerates connected drives
    • Drops autorun.inf file
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    • System policy modification
    PID:1744
    • C:\Program Files\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://ok.onniro.cn/power.asp?myid=0947660301841
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2344
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2344 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1520

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f03561cc3ac8d7025b5c140f0610e7d8

    SHA1

    37d8d709e73dec509534b6ab116e31ae4a2527b7

    SHA256

    0ce778337b48b29f12fcb5e7e99641f7ac784115c9f5154a79a2f623c929c5f1

    SHA512

    d6d5a9dc816382b92b9b612ac4104d74705211267d86bcbc23dca7824901456faa807d12e9994db7fac7c5bbf07718fb4ce46d2fccd1f0d7a419dc75761934c2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    772e31feecf93ff8b33c3a4dea0c536c

    SHA1

    a1c24dcad7268e0e3a09357cdbdb6c70d83ca9fb

    SHA256

    66c0e79f00fabe20c4457597f307689bad8704eda3a86adc7fe6a5c75a81309b

    SHA512

    d5bc6531735194f46b3466b645b060b53ba9f2b88665192ecbcd960aa37915c6575a22ee15c25170391a03787978fceadad1466f999d26b2abe30e6e212b235e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1e2541406764f2a2df6cf216ec61b53d

    SHA1

    abc41aa76a2175ed7e99fbe4f9d5b23de7c75045

    SHA256

    3f1942602a276a854682b810b9f2d4ec308ee7eb801492c8e76ffbeb2761acf4

    SHA512

    07a32ab663bb817f5c012bc37fac603c4ec0cfffbfa13a4245b9ead300e80b069931c9c1ffcfa2eec10110cb56e018ada2596cc53952370b26bb9cd3bbf4c9c7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3aa2ed6f316e25c735d7566b07c6a840

    SHA1

    195265638ee3fbfdc0374853972952256241c98c

    SHA256

    9216f4d4f6073b16c860a9f8e9c63e0b0c2f6b4cc7274074f6b8a1f2c42c1ca0

    SHA512

    6d1b11277b6abcf0a6390bdfac968147770bd292046f9f251da783e95878d759005f5ee7ff7fbb96200ecafbfc50a0ea2e5bb50d2b55dc22bf2f6ea24c67e863

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ee668e0c43daef1d7ae6efe341075927

    SHA1

    d49d1491a889f4c09bc2ae44acf00ca28bd239ce

    SHA256

    ad9d43cdabcd6fda5178f4fb23fbacfe9bf635e431633caedb0ba33a61c30820

    SHA512

    ad395e15e39bf0fd7bff47badeb858798261085af6c5898509db48ad201a176f68e3fe571220f216a1bc4a13820d73c17f09734df4479906150e80860aa1cdcd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5bd9e892979e11affb65b372cca3dd10

    SHA1

    f34c364baa719a15b52bf1327bc0986490a08b60

    SHA256

    042afed21502ab5eab384b37b6a0588571797551eab3efacd2acc02b32a79162

    SHA512

    2e7cf79a4eb8f4a5460a3376e9ca98639bb4c583a33383fd655928168246b4803cb66e18e5aee677a72d53767926980c82062a7cbb16b352becfaf248109a54f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    14fd865aae3cc2d882ce6d5f001ddaed

    SHA1

    0672b7a7e2326d00b63679ab65ddf1b41aa668df

    SHA256

    376aec72960db757164690c6eb1d1fff6ef7e90fa81effec376c8ca59b75d4ee

    SHA512

    b2e9355230a99139a508b9a0b27672a6dd066b4d0b14dce814668ccf9aab0bba68ad0aa0d39573da795f09657e7f6ef5b39a05ae4ab4909f30bbef41454e7fdc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e5921426588d8de4af8f4e2ad4e9e43f

    SHA1

    9dd5c0fcabd25c5fe07caa1c38f60beb29b5beb6

    SHA256

    ce706d9e1dd84683b909779c653ab1fb6811d15b9f5964d2d3439efde59f4724

    SHA512

    6fc8e5021c8dcb9cc6080c61bed49e325d009a88eee28aa8e6c02a6e3a6a5c9f497140a87560e303fd2d3a5dcc91ba54a092fd16c91357181570777c674f4564

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    785815cc56691519ce6d8b94e4a3b455

    SHA1

    dcc78f0fbc2f29c69787b10f85609214a8788392

    SHA256

    19639f2778b0e94f55da84a903759c29834eafe13076f305ebafac7476a0cf83

    SHA512

    1367a4cda348ca672233f9c8607dc9f5c0a4a713446f25af8ff4361836f020c33d78784b49e7f5372c0916d97921c8460fa34d2dd76af65749da00867729e3ff

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5868b2ce650c61a66546776600f2c420

    SHA1

    b5f8e5f779a6c0bcfde0ceac244f3b66f575b7dc

    SHA256

    027be7169675a318a686e106c1933df3e98432a25447dbc6ea932a26e2b866a0

    SHA512

    6a890d012d9095cf1661b833423a69d2ce282c96b26119a1e67be3c8050faaeaa9e1d3837ffa305188f2f2128fc868acdc51f515b34f926a985515f198178697

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    413b5ee3b8792716b350a1fcb3d79cdf

    SHA1

    8bd824c29fb3536bb46a8da5620d3748782d759d

    SHA256

    85aa69f927c48d6ac68347b14b2136ce919f6486d43070526559ef04a35ee61b

    SHA512

    06c76799b0abbc2d448c383b87b76e28775bdb54b946fe143b2ec9f5d66ab9b1b4cab6407a9fcfcbb266e053b4bfab4351f69ef956182c514d86ddf56f356608

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    423fb996dca2d35d4c809024f195d89e

    SHA1

    2d7b2dcb5fde873935b49f0074441d440131e3b9

    SHA256

    4b153d5864f62baf362810802f54166242f9a1c4ccf7364070d08cb5fc3e02e9

    SHA512

    a99a88a4f1207b359f2aa2fee18d21030fa739ddacc3de458d4dbea90fddbe2da4c96e8c445d8bc3e824695802677b360805cc60c28af4c1109cc8fabec0fbf2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b4ec4a3d869421aaba6a149e780c8807

    SHA1

    8fde74ab1fdd1f8ae15fa8bd91258d31a3e997c9

    SHA256

    95d9adc8f224f25f976982d04f21b0a82e8cb9a2a2add83a1f4a8dcc2d5f2f3f

    SHA512

    31c0429e2a3f54d8d4662b174d3a8e2b74ea81eba1621d92491445725fe2104843adffc27dc40a933af01da1ca14779559a140a834dbf983807cb38b4bb6e020

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    64fce55e999061efc72cfb8e7104999c

    SHA1

    4a008111a5ee715ccf2d1b0a02119b1490869ccf

    SHA256

    0d15273ba1350266766485f2272685c67d97ede59f9a3cdc1ffc1594aec3269f

    SHA512

    2897eab891cbd23bda7ebf4f2f2ad3575d627aa1c38f213b2e75d4d199b28a71ded4698fdff230a4a5e80ca9582588e864536c682e75cc811cbb3ee8f79a983a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d8f7affe9d262849e99bd54efb4dc53f

    SHA1

    45ab86b700e8f1f1bc4f9cfdd4338086341fc33b

    SHA256

    b595c2ef70d6870f07b3b01db204588e376618adfc4a0232b979c2649174038e

    SHA512

    0f93e9e94b4dafb9f3def14b1559cc6da5a0b0a5f08c679a75984e25ea61ea3f8ec4b0966ec6419980efe237f13b39b8a79a182b7c90873b7203aaa958e0227e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    00f9b590b6798413aaae5e3579809fda

    SHA1

    b0bf0cb980d7a4d8055416c84f535d93cce837c0

    SHA256

    c2e3da8d93d13e4af94f5b03814f6516fbb28e12cf9f54ea31444f78fd63b748

    SHA512

    06b2e42a8f8db70267e15abee39760d2cf1156379eda270a6981bc8cfea0f398ebcf36ce32b35f715bca7efbf5dd49f6bae3d792e3e122a95863e216944cde83

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2380994119e829df28bbd677ce5f351c

    SHA1

    668795332163a2066b43c73f13709cb6b8091b70

    SHA256

    6a3f99bc9850bfa0afc9669a2dda39b29796817009bfd37f8e4a2cd4cde0bbdc

    SHA512

    66a8df8a21376f0d7c6629a396c177c641a539065ef9bc45b95b093e9e0a3bf36c02e715c6db8970d084cf4ffaccde1800ade9e0a99589f787535c4e6e267113

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e756d80e5cb62877216b8a6f12d0e09d

    SHA1

    86bf20ee673f9a3f27249dfae1823772cd911386

    SHA256

    1632ed6442496c1e4de7bff07b5d7d522ea572567ed635ba84c22995c8ef7046

    SHA512

    4988405998aa17b8882b54c689f3aea6369807634f757d43c0b6b7269a033222a941fd3401d88b1d77c2f06ed135d48c012efe2a7c01b4adf5e48bcdb9337564

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabC15.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarC75.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/1744-4-0x0000000000220000-0x0000000000222000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1744-8-0x0000000000400000-0x0000000000423000-memory.dmp

    Filesize

    140KB

    Download

  • memory/1744-0-0x0000000000400000-0x0000000000423000-memory.dmp

    Filesize

    140KB

    Download