Analysis
-
max time kernel
150s -
max time network
127s -
platform
windows7_x64 -
resource
win7-20240729-en -
resource tags
-
submitted
20-08-2024 12:39
General
-
Target
af418f4b5539878900750f8de9751413_JaffaCakes118.exe
-
Size
132KB
-
MD5
af418f4b5539878900750f8de9751413
-
SHA1
5cccb0409f8aa1a15ac6ef70f4c71f81059144ee
-
SHA256
afedb875319524d0e60de4d91e23f0b5510d18d6996298d1a7fdf01e0df58af1
-
SHA512
e47b84036c4d946d9eda635aa477d9cf467f944506312f1af396fe88554d6ee52ffd642a4186fdda1e3453f43e0be52378771bef004ace376b22ba3fc7489f9d
-
SSDEEP
768:t/raHM782f9rvs2Zg5nicskQzTGfxgzh3emu4v/eB4z7VP7LdGSu2HyTAzfMgTA1:t/roM7ZJfUQWgY54v
Malware Config
Signatures
-
Modifies visibility of file extensions in Explorer 2 TTPs 2 IoCs
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 2 IoCs
-
Adds Run key to start application 2 TTPs 2 IoCs
-
Enumerates connected drives 3 TTPs 3 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory 7 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 5 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Modifies Internet Explorer settings 1 TTPs 38 IoCs
-
Modifies registry class 37 IoCs
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 8 IoCs
-
Suspicious use of WriteProcessMemory 19 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\af418f4b5539878900750f8de9751413_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\af418f4b5539878900750f8de9751413_JaffaCakes118.exe"1⤵
- Modifies visibility of file extensions in Explorer
- Loads dropped DLL
- Adds Run key to start application
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\explorer.exe"C:\Windows\System32\explorer.exe" C:\Users\Admin\AppData\Local\Temp\af418f4b5539878900750f8de9751413_JaffaCakes1182⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\msng.exe"C:\Windows\system32\msng.exe" fuckystart2⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\explorer.exeexplorer.exe http://www.OpenClose.ir3⤵
- System Location Discovery: System Language Discovery
-
-
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
- Modifies Internet Explorer settings
- Modifies registry class
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" http://www.openclose.ir/2⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:452 CREDAT:275457 /prefetch:23⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
-
Network
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Modify Registry
3Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
342B
MD56b6f5715f8bfe0f319e404b4fff1ec35
SHA1fa81e4aab5b20d959bc2cd9ae0f2ab2680d83320
SHA25604ef11f06e9b2095841f4a0db4086184bd5258192cdfc987e2f8f6f93af0c567
SHA5126b70cebc2a492bd9dfb4410bd889f092af63ae892d35624572f4b9e40ed650cbb951cb83897d26b71fdb99c530044361c99387160a4f96322abd26594c209dfd
-
Filesize
342B
MD5812612dcbb7816bbcb88489ae8368711
SHA1f50f83f41b101003e227b0cf1607e10069f97bdc
SHA256dc0e2f96200eeb964a1d29ccc11bc1ddd13dad406b7625443cf59ee4c55ec6cf
SHA512a649a8162664b92a52d4c658ba1607fc237f8144c579ce6398b38ea120a98912b467e720b49a05107d06fc6c605a782ca64ae63ea150d3141ce1c180ffa1b98a
-
Filesize
342B
MD5dc90e79b8c22b759e5ff62baca01aea0
SHA1c0821760de6d0e601c03c8d44fe6b666d67c489a
SHA2562b0c70a26c78811be7934277e60d1de274af78121d49c6843d03363c9303f315
SHA512cab45c80253a3b7d90509b712e06305ab6611705008cfe6a9717971b7dcee31d3c68c6e9e4c464b3b2d5f8dec761731eb8cbfc0b94afd9c1d4dc94baa774526c
-
Filesize
342B
MD5f6e5d8686b7fdbcbd43203a5402cbf6d
SHA1c82815c77e7f4eb986a536e4488e4150a961c40e
SHA256f1d0228f1da7bd354ade094085a303d12a458fb18c08ad0481f023dcf4b96552
SHA5128cbfa9e222ae33ebfa7c2f3adf9794b03c7875988dcf12a71f7b272985966592e59f611cc1c922b5b9b45e97e74d5217c477ec26b7aa2b4f13880c19e4bc15f5
-
Filesize
342B
MD57068ab929e7cebf92542a2ca440ee51b
SHA16defd548ad3492954c63e730a2052c3708dc2de9
SHA256393083a4fcc5959c2355b039a7c5f36b2475ed31c871541e5519c2be788022ac
SHA51225dc10805cb9f1ed0c27f55d4d883e77fdbdb4e2eeb4dbad4404a975b57d092ab5cc1df2c726e65365de31cdd02bf46a0b40e9bbc8b295c65b0d78cf4df7070f
-
Filesize
342B
MD56a66233abf87ce3c4612092b6e177077
SHA1085b87b0edc9b3deec01fe62f1f991fa01236349
SHA256c768042ad4f1a51353e78f4fe4d6e3a16a269ce5fc983ca64cbea4ccc72a9a49
SHA5125dba102a097bf8845f005f990c2b673a01e03b568944546f37e4531c21a1a930127efb9092650871c30e9797ac0714ffb3edf1a8c6b0f65b5eb7aa192a12c267
-
Filesize
342B
MD5aa63444b5d7a31c6df091b196c2064cb
SHA1127e7442cc4c32e69d621711bde8601c0ca5ab58
SHA256d4ad88ea275c24c6a0cccaa1735e599f95a139fb6988906aff638db8a0836cd6
SHA512e9c6e73207240afaecc6837efeda34ef994565c0ae4ed961832ffa044683939036987f2e3de57e085d2352c3c9fbc394d5705412bc61ea8689d1adf8a5773249
-
Filesize
342B
MD5542a853309cc853bef362d782a2e967b
SHA106bdc47d04909bb07c10493e40e629992b815448
SHA2566b683125e69ddd8c23e07fff056717875c17684b1e854741b0094e6776b956d2
SHA5120b03ebdebd5015a4cc092e77f3851aceec49d0a5d90d10082e289ea4f7140bbb55a791744fa92b977ae299357a65194c9b48b5437e78cf05d196aa33c9fe06cc
-
Filesize
342B
MD59605563fd08c78acaea6622bfb273083
SHA1492e579b22ef5c3ff9e22c337c9ae80ddc8c9f97
SHA256094a0895c6d0c56ab09a7feb1bf79bd00fefcf73b62d3edb9fe00c5917ffe395
SHA512553561ceca6baff62c85f782cc6edda30a8f776c8f6c79876789fdacdae1bb0fb383228e740853a62474a1cf89d445916b65f5b3aef08b88dfd772dca6afd465
-
Filesize
342B
MD5a8addb3530d0a047c11bfde6bc553533
SHA1f63d2ad546a108376fc774ae7310dc767c7c55af
SHA25615bc675759d808deacf9722b2555996bfab206f49ece03412a41be49f15fe184
SHA51243fb411e4d976776f7e5f5fce962cd4e09eeea54c0a817b8edf04878a30c5c9d2980f1e770220191e8fdd276cf5c0f6d62ce59ba84ae75452997c24e6e910662
-
Filesize
342B
MD59cc0e0ecdf14db57e92c7ed7712995ce
SHA11ff184e3330bd9ffc2511f0c44115ae8cd6b5267
SHA2562078f6a871fc6c57d9460d3e2292c20c831b4a31ef0c61bc5e2a66eabc141c88
SHA512d2d0021afdb4cedd556d434e3ce864ac8fd107baec77d1b695a9009574f8ae616a70fbd236cf364e4b041b0f5563aac92ae0906630b71cc3a35fc28dab8d5bb5
-
Filesize
342B
MD5291a52fa762e7772fca53a5d86c8045e
SHA1f3d6f76866eba673dc434e6d118691c7a256c76e
SHA256f4fdaf6b70dc6eaa1c6a40c7001c6bf94819d0633460974a702d9aaddf7a5fb0
SHA5125ddf5e541c9fa9033d45c84ac64f8655734035056ec1cb9984ea8d7cb26c91a1dfe056724b91a53b5c2e7eaab0892b64a9fa24cdc63442f08bcbec9216b4069b
-
Filesize
342B
MD5d2297f241d00da0e5c9a96d90593b7be
SHA176445721224804a6573185b34924c77ee620b7eb
SHA256fcfbdb2caedb07fbfdac8828e3f1e1b8800b654f67229cfa890f4575508658e9
SHA512d2302c88b45153f9287646352b565d8fad36f11d37868b9b3dd519fc89431936be47afa4f3596562852d07f61336b417fe7838e0acc372e01de0d5dcb34abf2f
-
Filesize
342B
MD5a186ffe59675f622f0be1805f655a05f
SHA1d58c18690bb92f6e9b16b14558eb3839ad23d0c0
SHA2568c20fc4aec19e764e957f881be8b8df4a26618885be9b0a2296140913d6a2ff3
SHA512f5b355df055801a4aac4a2cc54330dc865134e4c7b9874c69d7b50aa07d3078128cd4245e10736a608a1e548645cba3d6455b0e71d7b247b9bdffe6a783b226e
-
Filesize
342B
MD5a55f2f7c936cae6aecc88b549d70f287
SHA1395ad4303dced5f51a4c74ca2255bce27fb3b828
SHA25685071463f125cfd064b92aa18900704e09009d3a33a992728c30e123e420440f
SHA512a65212558cdf1e1b47ec4fd9790547f027784ac26e89e32cff62bc06dac5da1062b667300cb28cf8d20e5398a852feacf7221013e6262418f9235f78a5b2dcda
-
Filesize
342B
MD5090d323bb8a8202349b84e47b53028ec
SHA1d4cf2bd06fca305e1155d8a99f8ce9c6847c23c1
SHA256f57db9b30061ea49bdc0a5a872e47722f79a9ff15460a96a45a71db40d919fde
SHA5129a827ab82ea4f905f98aef26c55d35bb78bf8ef35862f0a969d4771e9c602bc9bd2d237899951b678c84fa5599c5d13a5169da64667381e1a41db0fd307b6766
-
Filesize
342B
MD569c76b02bcef61ff75dfb457a94f299a
SHA1906b2192180f7b8a4b96e9f5a8a98f1c098699b3
SHA2561f2b6aa539b70aba6cf39b9f3d12ccedd50d9cb49d73a7e1f8c79bd47708d509
SHA512e220eaec070cad5b41b6fd6e392f1354d714284206ae8551b286a51418e9a25d41f85a69136465d26721da729ba1a99e4bc11594c870ffdf6f4c63356d68691f
-
Filesize
342B
MD594793984ae9bd881ec22def783d8f975
SHA1bc2d9a8d2bf6704c68955add1d90ce1e15663b60
SHA256ca1df761a8efe1a2a1c4603f08cf6a9e87907fce526b3c4389d0cd15cc81e212
SHA512c6514d5b5c6d6556f34032e7e75c26bf70a2d9c79bc682cd70896b4151aef04e1e23552bf430b238bf98c1f36b33a8b527188bb4a3e0585cd7bfffde48c0c8a3
-
Filesize
342B
MD5409a7d1896dc4a16ef7660fcda1fc18b
SHA1b591f59cfd15b77e5970f7c4e3ec9fa8a41ee772
SHA256d66054bb6e4b54d826de41c72cfd1dba44b0450fed000ac0466138cc9d5b85f0
SHA5124bf6f2ff80b636370c2a3d7b315d4b68b58f27fea683d0b124ede4b003459fb18991c75dfb6d09868a6bd4667e5e1092e39402e2d31f65f4dacf40f5e9f4a954
-
Filesize
342B
MD5ec9a558db94710c2be40205ee62b3287
SHA194eafbac726a203d7338de5c9cafecb9cbf4ca77
SHA256b9ea1d25897a8d6da45315de8db288760b07653dcf183c1e4623c9202d049899
SHA51264c2f9f629d3131a5c185abd89180a43cc470a9d7370b2033d80e3560a0055b5fd5b71e1179588b1f703d740afcc3b92e18812f999bd24f3a278ed391088b2b0
-
Filesize
342B
MD55f3da637c1004d578d6c8a28cb060670
SHA1c3c72ddb97a9dc5384b33ac3cee7b0825d94f784
SHA256f7fe786456aad27f093bcd7f6ae8aa8b77efbffaccd35c72dea16fc2d5db419a
SHA51214d811eb9a3d9af51ae4b038a58d088105c7b608bee7ef2bd4a52df184ea930954b59070ad100f2c29957ff27d93e3b74cf8ec70ef96b782d3da8b22ef9bb4fb
-
Filesize
342B
MD5b2c0cdeb9bb4b9f59c1a43383041d7e3
SHA1b1f24ee0044e8be0680f1c8908585598fb5622c2
SHA256a50195fcd5ba6fa4e78d0f78c6608a42fbdc7e77d7d30af63db3967b998c3839
SHA512bd524d979de440a5747fdea03510a7fa0485ee857194f814bb5d9b11b8a433c3fba22e8317bcbabd73392ed81279fbcc18c8f49e0b3f6c1f2f90daa8ddb73f9d
-
Filesize
342B
MD5c28153e9adeaee7900ca38ee86f7f497
SHA1d68b24477e45fbc8bfaea41af6c2bbbfe228b51c
SHA25623926ddea3a22fc7d0e1339d967f3ad6389107370496972f51fc57a32a371db4
SHA512268bdd3e04c19041144c0b7ba5d1f065aa4ed19f4fa2fd4489a9379e667ae6d687c1e67c2565dbc5735d7b12f341ddc52fd3f0ce374bafa55ea1d17f00ffb3f3
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b
-
Filesize
132KB
MD5af418f4b5539878900750f8de9751413
SHA15cccb0409f8aa1a15ac6ef70f4c71f81059144ee
SHA256afedb875319524d0e60de4d91e23f0b5510d18d6996298d1a7fdf01e0df58af1
SHA512e47b84036c4d946d9eda635aa477d9cf467f944506312f1af396fe88554d6ee52ffd642a4186fdda1e3453f43e0be52378771bef004ace376b22ba3fc7489f9d
-
Filesize
43KB
MD551138beea3e2c21ec44d0932c71762a8
SHA18939cf35447b22dd2c6e6f443446acc1bf986d58
SHA2565ad3c37e6f2b9db3ee8b5aeedc474645de90c66e3d95f8620c48102f1eba4124
SHA512794f30fe452117ff2a26dc9d7086aaf82b639c2632ac2e381a81f5239caaec7c96922ba5d2d90bfd8d74f0a6cd4f79fbda63e14c6b779e5cf6834c13e4e45e7d
-
Filesize
82B
MD5af8efdf07e1790512cb3fc53f19866ac
SHA113531d128815042ca04c289652b2f1076bd68178
SHA25618e5d646ae9611aef1e01d000f7808d62c7796439638f21e2c457e0e8ce33976
SHA512f237b3914733651b7be64ab6ac11f6d36b4a0f607757cf996494c446729d1148df7b8ac15b7b10c486b72df9d31b0f48c602946077e29330d378e9c9039b2904
-
Filesize
728KB
-
Filesize
728KB
-
Filesize
728KB
-
Filesize
64KB
-
Filesize
8KB
-
Filesize
728KB
-
Filesize
728KB