Overview

overview

7

Static

static

7

af28960ec8...18.exe

windows7-x64

7

af28960ec8...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    141s
  • max time network
    145s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    20/08/2024, 12:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    af28960ec8bd6305ff9e787bdff443c7_JaffaCakes118.exe

  • Size

    191KB

  • MD5

    af28960ec8bd6305ff9e787bdff443c7

  • SHA1

    5e8ff702c56f26e62a0496701ed11261a000e93a

  • SHA256

    b28ae83368e87dae17ea74fe27c3a252a8d8601272e4ad27ea81d60c8c174aac

  • SHA512

    68353d43a3bc598eac484a316bc5ca2bf5ed2f71a9363797de03152a4a1e24b7cf399417be48310959eff19b81152df6253857e2f06326f46278efd928f25386

  • SSDEEP

    3072:FdTejYQcRkBtZy/kqtcGxekIQ8bqJLSjDexH0THKLW15Y5dyO5SDLm9qJV8Vd1vb:PWfUkBPyrtBxgQTMK0TKpxS3H8j0bI

Score
7/10
discoveryevasiontrojanupx

Malware Config

Signatures

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 35 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 9 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\af28960ec8bd6305ff9e787bdff443c7_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\af28960ec8bd6305ff9e787bdff443c7_JaffaCakes118.exe"
    1⤵
    • Checks whether UAC is enabled
    • System Location Discovery: System Language Discovery
    • Modifies Internet Explorer settings
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2256
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.regnow.com/softsell/visitor.cgi?affiliate=36566&action=site&vendor=7834&ref=http://www.flyordie.com/pub/dl/BDTP-1_03/BDTPSetup.exe
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1168
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1168 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2084

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9dfabe5a726533ffb9ef080b803c988d

    SHA1

    310b3e53a089ad84d3a1f6d46deff77719627d38

    SHA256

    224bcfaccdf7dbb376f377b7674222828b0cd3adc6e21871bac2de9ddaf00ef5

    SHA512

    a2e3eff1a322fed53930f20390a48d5fe5246d1780b26f7f7f4cdae6e8c0ac35fe8030d2367377dae37be2b6ebb79a23b4665163eefc53c244405e7edaf40376

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fc1a92d788b7b86df198f6d5b350e0a1

    SHA1

    9e347aae2738deecbb6b1babe9bb8a260c3c63dd

    SHA256

    12d62db8ea4e440d244d0b1c67eb942b02fa46b566078930f96bf20cc6309771

    SHA512

    42ea994c77d3fbf00ffabf153f62a374e6e9384ec4c041400a04f6d3f1482c63529e79caa6e48883a9d14b2926b9f6209a81fd0b41847a56d5e3382c2616ff4c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    89d27e905d6c86cc0033f4b4cdf6931f

    SHA1

    e69eb80599ac9db8d90e2f0dbf696ec644dc1aea

    SHA256

    c3f4db7cb24643ec27d11c832de994d19dcb7846dcfa55ce5e782a0edcf38766

    SHA512

    284246d205b8938770b4d6da19a6b6d3d36d2c1cc6a902354b6ede634f356e5ddececa3b79575d5b34bae9161019a534c6e5b0a624688358cdff44ff16b45b41

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    933d5a35f081479e60d6d1ae6c68976a

    SHA1

    4ad182879cbf40b3fda6c7b30f98ca5b0a1a11ed

    SHA256

    2dbf2589fdd2d4ace9a2e76bf86cb9afc602586bff47529fa7a8330186adb1f1

    SHA512

    3ec39616ca717678b90d8928aa05f56a06ed6d4b37d3c492bb1a79ecdf4344394b065a86ac4a8bd9aa57bdc6f4699c21da1bbd2c3f372b842575505c76edbb33

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c39bb0de9c7f68b6c55a66ddb6d3b757

    SHA1

    3b30e6570bc73c0b62a023251e7ff77a6a478961

    SHA256

    9705710cf1be63d5af3302f635adc62dbdc49312ea2c8170674e2cb911831269

    SHA512

    e904a98de436ffa8e3fc406bda9c43f570c603d12201aad2d9bd85209de8caa71d5f9a4f6d6fad1c55bd79f61c19553f587d49555e59b42885411eda5307be0a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    cc88180df976a2d3ab6f57316e7d2856

    SHA1

    ed54765e942d36d4273b6e0853d72232c6be48e1

    SHA256

    e7ef36c7dcaa9fa784d908abfb3a6792ac2f06a460e895720c84a0a8bfd043ea

    SHA512

    c340c600f894017d2e1b1abd0ec994c6068b78478739da42329968de807869b6e56c4f2d15af25ba8f6495eb860bb1627ddcdb14792620119eade1ebdbe82ea6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    95ed970475a193ec441ac6c3b0d6eb06

    SHA1

    5bbf3779edc43a0119cb1770ce261fa8b6b49728

    SHA256

    adc420a18e54a11e96691739250ab5a8e33ea09b3952f03e15e7d16d4745f966

    SHA512

    2c56857ded675bd87e1603113cbc033460877077bc961a9bc3a3b1de3670b74c1af4129562ff8d73d89ebc0da1698c16afa82f5afec74c48d0b06f20cf7eb71f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3a0b61f66b676e63768cf2cca17894a4

    SHA1

    a93d41fe99b8bc0400972972abdb65387f32f899

    SHA256

    ca9cc04141dad3b7cba9d9ad5fdd911f7046aace16cbd69aad9db8ab84673aff

    SHA512

    ea41c50fa8f11565c3e403222f246a6bdf27ebd60fb63a4f5b100edc58b46ece3068ce50ce3234ab8d67b4d34b4e636929bbc7659f53e698e5ee417efbe3ffbd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    77af23924e809ee88865f65ec734c37f

    SHA1

    032aca866004215aeeaad1928688eecb8ac5ee04

    SHA256

    b84c9f807954fc389b901604547f5607d841a92cbe7c72d4804b104622393ac7

    SHA512

    c5d0cff12d1c841df8c4d223d2bb659dfdf671acd1af17aa125ab601e2ad6701173e7a8401b5ca25593534d1b1a6305f5d6696111fcf6d6b4d6fd17ae644ef28

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2c48f25fa6d60d386dbb319762d8e9b6

    SHA1

    b90e6afd301c376723188ecfe24e740d9532e298

    SHA256

    b8cc3234b5787bb7ed811751324442b9f473ea518765a3e01b2f4deb67f05293

    SHA512

    52bd58a5d8b851d72baae4e323cc9a13b1a946ab47b09fd32cc5ea1edba2a2dd571341f9d836bd1cef5e3c2401739059bba52969c7ea27056db9cd6c1f8ed747

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    dc77b4a5ac7579515322000036fb5601

    SHA1

    144804c30fc43d1a6ce8d6be84ff7f6e75c19718

    SHA256

    7df12ba637876b958ab7420085ce93f49aa57bd34b527f459e55e47e9bd78c9d

    SHA512

    f183c94af7ffad78f609bf6e38be89101844d24105427f9454c13720a8a241afe720078e2363fc0dbb2e0746ae5626f8c6bcb11e4ea955ea2a15e8f5ca81c0e4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    bac7d1c1484a865106785c55373c4bec

    SHA1

    4f8bfb3b97bf2ba8314d62ad384fc2bf5c381571

    SHA256

    a1f53d3621c1876c9c9cc18191e1837929906673e92f61a7dc250fa9f1fe1de2

    SHA512

    eec3a77d68b41d9335c0ebeacdab59b80646735d836e29d354fbb0835e01d3db36f6f25772e3b1e52b5dc1a7724cc8cc80a3d2884ad362389cabdfa60920bdd9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e5d67d20166d93a1e69bf8738967b051

    SHA1

    13765155ac829d49f54acb0e6c39b604cf17c01c

    SHA256

    963ff02597cf6c57a2c8189e4c11f7a4338249045b9ff7c196b4371d352c4c93

    SHA512

    afc00081a3e6927a8194ca29352c4bddeba0af3c0882e2415119651aa06b5caa72e90ecbce463b6095c2ba47066b59bb8deb6d8c381e4dae8ab248610e81adbc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d94e9127ba7d8ffd9696b83c2f6569a4

    SHA1

    737cb76dddc66d063eb4b27dd6732092b9bb69b6

    SHA256

    cdc0ac9dfff66bf004530276da8fe8aca4771502e66ebc54c37a187ff0ef6264

    SHA512

    373a23c6f6b8be2feb5dd9d2d617e2cf1188d9abc677ed6739f84193d986a041fba328f151cfaf9eb39f22d61810fcb20fb718986f84745e7d6073b15b2bce1e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7d5518e75ddffff2f3d8fe475bf687f1

    SHA1

    45fb5ddc234f51c4c8a176ed4b6056ab461133b2

    SHA256

    91f2fe66cc319a8aa61f07aed08494bb5eb1e06bca55aa40c5942e37aa766357

    SHA512

    017e57b1ab4484ac5e915a8934010131037b98aa14bda139a91f5380573680adc8d84a1bd7ca0f391d4c7f3d96081c90a17405f0f01c5023c533d7aff02d37b8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0090ac0e227d97dcc1c191fd17490a3d

    SHA1

    2ddfe9f0a697e4ceb0376636ec66b25f3f3f105f

    SHA256

    310b762a36df2ea2e1cd94b7109fcde0d06874ef81047aeb7c9b3f51e431ddc1

    SHA512

    5dfac578865c25f5d61269cd3950ca62cb8d037ae2a31ba0c70a210592eda1028ecc0806a9da4aaafc4c8f37c71a835cb96148563fa7beac90000fef169682c1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c93dff2b08d01403744e0a91cc9f87bd

    SHA1

    9d99d6f2ac1dfed3c5ad34293bd0b04eb7ec8ee2

    SHA256

    548b764b727c9dab3ab3d26b0c77b1b94babe9aeac92a5ddea631fee5febd5d2

    SHA512

    6e51521318f6cea1533760bb228355d194ea4e939fa845a2c438b5b942401f3a9fb444e6ef016276e1ac22dc30b36a2145757271dc4a5a4b7ba173ddd5f4d5a2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e1022e6ff6e63db39de1f7349a76d63e

    SHA1

    238c82c40f244515b831b03db635c26a4b239dc4

    SHA256

    f4e04a43ed8bf09b4a74cd2f0c25cc92f20c314211db3e479905b61b1f707e07

    SHA512

    424ee71331f0e6583092e87093dd35fe0eb445d947409b00fb8291fc26fbd7834a01ce8e6b236b8b1744d4a74325d372288eb35553e6c10b0f4de56bf4cf45ca

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabCA73.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\FG.url
    Filesize

    192B

    MD5

    0fcf82b5a915470e8a79d3516f582a36

    SHA1

    75f81b41607905b231521243129aff3554a58db0

    SHA256

    076264d4f165cef82f0cb07f6795f1d5ffa74741a943fca42cdeac65823bcae4

    SHA512

    adf69ec56756fe672677b039cb44bb13fc3adfac569f5ea4eda4e7b35de5ebe0229c5825ca8337aa2c623a773bdf775ddd3689e9fae03a7af1f694576d954293

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarCAE3.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/2256-0-0x0000000000400000-0x000000000056B000-memory.dmp

    Filesize

    1.4MB

    Download

  • memory/2256-24-0x0000000000400000-0x000000000056B000-memory.dmp

    Filesize

    1.4MB

    Download

  • memory/2256-25-0x0000000000400000-0x000000000056B000-memory.dmp

    Filesize

    1.4MB

    Download

  • memory/2256-32-0x0000000000400000-0x000000000056B000-memory.dmp

    Filesize

    1.4MB

    Download