Overview

overview

7

Static

static

3

af1dba3233...18.exe

windows7-x64

7

af1dba3233...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    135s
  • max time network
    129s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    20/08/2024, 11:54

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    af1dba3233b6aa762b4d7d8fc56efb20_JaffaCakes118.exe

  • Size

    848KB

  • MD5

    af1dba3233b6aa762b4d7d8fc56efb20

  • SHA1

    fe10f6fb2bd1c7f1801c5508e00a58891ca90e87

  • SHA256

    d268393ceb230c75510c3597b3dd01c49b483e3cec514929ba5f8e72ef2234f2

  • SHA512

    e4b3e908d3f2bfc39dc40ae552278ac052eea19a60046845a2124f42e530cdf09606207918f9207cdb3f97aa82b7937b4f2ef466b7fff73dfe3a102a574ec577

  • SSDEEP

    24576:nv6zjBHPZilsTOFLcMoYakjKnIHRHdM0fCX5:v6zFPolsTioZYInIHdMh5

Score
7/10
bootkitdiscoveryevasionpersistencetrojan

Malware Config

Signatures

  • Identifies Wine through registry keys 2 TTPs 1 IoCs

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion
  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence
  • Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\af1dba3233b6aa762b4d7d8fc56efb20_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\af1dba3233b6aa762b4d7d8fc56efb20_JaffaCakes118.exe"
    1⤵
    • Identifies Wine through registry keys
    • Checks whether UAC is enabled
    • Writes to the Master Boot Record (MBR)
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1620
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.wretch.cc/blog/st966050
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2720
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2720 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2716

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
          Filesize

          914B

          MD5

          e4a68ac854ac5242460afd72481b2a44

          SHA1

          df3c24f9bfd666761b268073fe06d1cc8d4f82a4

          SHA256

          cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

          SHA512

          5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
          Filesize

          1KB

          MD5

          a266bb7dcc38a562631361bbf61dd11b

          SHA1

          3b1efd3a66ea28b16697394703a72ca340a05bd5

          SHA256

          df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

          SHA512

          0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
          Filesize

          252B

          MD5

          ddbc0f2634fb7eb1ea85559d0e803877

          SHA1

          bdd2817c998f683b5fe1b728de5c1b6c1a1e140e

          SHA256

          fa913e6f85228859facb3d10a5dc1ce6e6c30e2782ad3ac7c0a0f49a42ed4e7b

          SHA512

          73ec3b389c824d96eddcdcf1143f88496fd0c0e3a3c03c27cda861a64e51a6c0df65ee909e92c054a24cf3a617321c0928f5d1cf4de98f581c12e0e3196b4e4d

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          304B

          MD5

          464b3cb184cb41aef285bdfe0782c5b3

          SHA1

          f22bb7aad5252cd34bd425617f267bf22b777f88

          SHA256

          fcb339b62813cc920f06682205746eea690311bc954e409dd639da29b2dfd99b

          SHA512

          03d5b4d189a45a47bda2527ad5e3046cdc41d21f5976456d9be52c607b8fb95d038dcebce3f69d167565cc9b9c75805d7338f5f204a2288f90895281f302875c

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          304B

          MD5

          fd7b83cf5b7ab5e72000fe3f15ccd33a

          SHA1

          a087d62c4b4aef57b95b50d1fffe3fba4b554485

          SHA256

          22fcd56f3f4e97385d02f8fbe58a8d2b7f51aa8984877acb671506b8658d26d8

          SHA512

          92fe532c639c575240117637bf1bba0f4d7bf3f0888ee806ef047fbc86b5cad4624663305c3962a7ffcc3bf4da87fed7d2ca1d39c5914a5fdf528b4f0f865647

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          304B

          MD5

          275ea1f4de1d399198e370a14ad789a5

          SHA1

          a97f3b4a19b664697ed9cd0ad0d974b1039ee0a8

          SHA256

          eb710a1756643d71d90c372eddb502a7ba4e445e12569e7baa89f9fa3a41f966

          SHA512

          7a7951028941ba3d5154eeff5995ef2271fa4d6a9fac1cc061714cb3098560367a5723a4598739df8e53924638d4e559fc875e558ee7671023ff4070accec9bb

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          304B

          MD5

          c0b4dc39256ae063e5a81bc9de1c9725

          SHA1

          da74ee86078ac323d1f35c9fd5c8ea48e4a7a6c6

          SHA256

          e7926011f2f193d226e596129b76c8b6f4b2ac2cd709d2e8b6c30e3d86fc6e92

          SHA512

          a05466d8bc603129331cd38f0f10a8aee7e7160cb7457b341c1bd207c42d6806a295f8ee76c83e3b8e1e208f622124bf6d553480191bfef2b6c4388091fd7cd0

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          304B

          MD5

          3ad8bad8ef8231873d5d02763492b16d

          SHA1

          0d9b96c536cac0e4db4d17983cc3d43b3ff4c666

          SHA256

          eb9b44169db8cb517dc47c1658a8b687db333b9fa0286b3b5960619524e485d8

          SHA512

          d1c691cd6039b8a72d2e97210674b626afeeb3af8fcaed2f76846ba3e1d97e94e1e52273921ec8ac21cae7258d03ed07a80a82bb411a2da4cec4dbb1886c0255

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          304B

          MD5

          777702f224e84de68bf0f28bd5785311

          SHA1

          95ea66ec366e6816eb65a57f0b3e03fa2d29c6fe

          SHA256

          7f26c9102cbd384e5b566493d82966cb556ee66a28ee3e944f08fd478522db99

          SHA512

          cdd38d94ce29d22e35dcb514abfe8e9d501e70a898f8fd873bed301b569082c07db44b99ff20ca06fc14eba57a0519a4d902007cd6f2e0ee449ecdf745c68da0

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          304B

          MD5

          949f9c58e60c3ec5b23eb0ba2f3a4635

          SHA1

          d6e06eb96dca34daf110467855564cd57aa6c00a

          SHA256

          3685b1cd337ff838ef6460ec419fe18be3ec597b9c1eaac7a8ffefb6fd0eb476

          SHA512

          bad269038f85825ebc6267c05d069e767c96736ab9bed54be438c7615e42068854db687714d91d378e805810ba6e8155ac9b79fc62bdf8df7d288951a8b81bfd

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          304B

          MD5

          3fd2d7db73b3a275b36f68af24a832fa

          SHA1

          b1f6a89b895a5366276fbcb32558578d35d40a8b

          SHA256

          d840dac7d013614514e73dfbf905878207cde2a856d7f234806ae24addd4e887

          SHA512

          1484b72fdef88d6985a6c6bb84a2ca33ef0391e45bcff46ab494a3da527844a1868ba9e3b74cc0bcc8dd1a2d0327570c38f698baf4a067e0231c3d890c04698c

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          304B

          MD5

          8365e58fa0f07fc39a2f985298d9f39f

          SHA1

          235c9aedb149fd001cae25527b5fd533dfacfa98

          SHA256

          7b5c678ace0f27dc41481d0be989d43b5724dc8853de2883522bb558e085c38b

          SHA512

          c6032bb473410026d9c9b1b47a8d1c62dc3ef84bcf4b31cf2f8bab2aecffdf1cee3809f11f0aeed3ef900c91042d6cff0ae8d0689546387cb51fca92bf2f8985

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          304B

          MD5

          373670af7f6c00ae5d2d2560f08f7d12

          SHA1

          091f558f5d65264e3d9275153c2a617c46103c44

          SHA256

          23d165adfc947321c5d6f60ea4ba2ae04ea61c8ddea3dbf257c3e3151a8cab01

          SHA512

          4d9e6bd6a8df2f7bf21b3fdabd120a2e501c9aa89e77bbb4e43c6adc79aae3e3bfc4e2f7bd6987ac5ee0c8eaf8b5a3234520e0f30b25e2abd22851d90690fa62

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          304B

          MD5

          e38ee0c74130fbe57c66ff41131b9337

          SHA1

          f5c874123b1e35d25638dbb9f7de48f51fa74916

          SHA256

          a53b2200d967e31142012a057e3bfe9c3907ee786e470dfcd0b4ed73c301d45f

          SHA512

          d782329964b617dd50b7d0d366a83fc5d7f22e80fec64a88ad131dd6b383610ffa9873eaeb85ec818e0e9b754313a2d73f5e8608dd6ca7b36c04e95a854c9bd9

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          304B

          MD5

          72ec9fe1724400d6f6e6dab28b046907

          SHA1

          12dcc443798c17604dffbe3c92bcdfab4f47d2dc

          SHA256

          8a0b7731a4e1bab78ed12a1e32dea1ea658deabad9e412db4cce72553c95eaa4

          SHA512

          7e6d728757fb3707765f29537dbbb964ae3955b09f003c64618d3b926e145f651f1382e723759e9d4fbc7150295d4335c7433b87d4fea18f406f0469a7f25f65

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          304B

          MD5

          97642b2a617c38c9ed4243d67a8c3409

          SHA1

          649ae36f1aa49468a04f49d26fc26bbb68af6512

          SHA256

          5220428a8bfb7666456d9373f52b3a0b7bd6393c11ac5c75c6b73734424d9025

          SHA512

          13d31d0806296c0b21596cec7f1d6db8296ccec23fd9de83f4becab3d9943be9930ab3717399e140f047839294d3669716c0156832d23d214e3ae68b49700088

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          304B

          MD5

          59933ca7cb7f4b66195b726959164cae

          SHA1

          5c0858d515d79a310973913bcc5b9ef7ac3579a4

          SHA256

          062c9ba910babcfd0ed7ac4fc8500b946c3bf58a728dbbf3ce3049f8950dd606

          SHA512

          a0d7b898d7838272f05daf7e555fc42f1ff6651bde3e7fe3f74b4afae178ce11122fdb00fa4385cda16fb9beac1af5618a85971c36ceac882387806223591c64

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
          Filesize

          242B

          MD5

          645e52cfb0f8e3267311fcf62f74727b

          SHA1

          a653f6f5f420a80d6bf245dc554fbdf57381c9ba

          SHA256

          a7b34251f1d51fa02bc8e6ef8629d1ffe4e0c522fd4c4ae48ee4bd99d9b90719

          SHA512

          21f6f2b39f38ff2c525ec999c38301d936968ed2538c22c35aa5c8044609beac93521e9c5826eab6b8e09d053cb30318028ff3379eb93afa3ab56b4c4af2ff08

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\puwo4pk\imagestore.dat
          Filesize

          1KB

          MD5

          058ab93f59a7e9b5938a30ba2b91ea7a

          SHA1

          3ef3ea23c2e77edb7cf6c3ee66f67894b9844fed

          SHA256

          181e0f3909de084082a9349c0541a012225f9bbeb0a70f83487784b826e66f9f

          SHA512

          04484f10f9b60332d44793ef125314716e215ac509c2ca71c5326653c0e1b5a36ebe5818e9dadc2179f14aba7187718b224f12ecd8b1ed5caf61d851b9f75618

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4UQ4J2DQ\yahoo[1].png
          Filesize

          1KB

          MD5

          b6814ae5582d7953821acbd76e977bb4

          SHA1

          75a33fc706c2c6ba233e76c17337e466949f403c

          SHA256

          4a491acd00880c407a2b749619003716c87e9c25ac344e5934c13e8f9aa0e8b3

          SHA512

          958268f22e72875b97c42d8927e6a1d6168c94fe2184de906029688a9d63038301df2e3de57e571a3d0ecc7ad41178401823e5c54576936d37c84c7a3ed8ef6b

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\Cab8873.tmp
          Filesize

          70KB

          MD5

          49aebf8cbd62d92ac215b2923fb1b9f5

          SHA1

          1723be06719828dda65ad804298d0431f6aff976

          SHA256

          b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

          SHA512

          bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\Tar8886.tmp
          Filesize

          181KB

          MD5

          4ea6026cf93ec6338144661bf1202cd1

          SHA1

          a1dec9044f750ad887935a01430bf49322fbdcb7

          SHA256

          8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

          SHA512

          6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

          Download Submit

        • memory/1620-58-0x0000000000400000-0x00000000005DB000-memory.dmp

          Filesize

          1.9MB

          Download

        • memory/1620-70-0x0000000000400000-0x00000000005DB000-memory.dmp

          Filesize

          1.9MB

          Download

        • memory/1620-67-0x0000000000400000-0x00000000005DB000-memory.dmp

          Filesize

          1.9MB

          Download

        • memory/1620-63-0x0000000000400000-0x00000000005DB000-memory.dmp

          Filesize

          1.9MB

          Download

        • memory/1620-62-0x0000000000400000-0x00000000005DB000-memory.dmp

          Filesize

          1.9MB

          Download

        • memory/1620-0-0x0000000000400000-0x00000000005DB000-memory.dmp

          Filesize

          1.9MB

          Download

        • memory/1620-69-0x0000000000400000-0x00000000005DB000-memory.dmp

          Filesize

          1.9MB

          Download

        • memory/1620-71-0x00000000047C0000-0x00000000047C2000-memory.dmp

          Filesize

          8KB

          Download

        • memory/1620-6-0x0000000000400000-0x00000000005DB000-memory.dmp

          Filesize

          1.9MB

          Download

        • memory/1620-7-0x00000000047C0000-0x00000000047D0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/1620-5-0x0000000000400000-0x00000000005DB000-memory.dmp

          Filesize

          1.9MB

          Download

        • memory/1620-4-0x0000000000400000-0x00000000005DB000-memory.dmp

          Filesize

          1.9MB

          Download

        • memory/1620-1-0x0000000000401000-0x0000000000406000-memory.dmp

          Filesize

          20KB

          Download