Overview

overview

7

Static

static

3

af5f98b4c3...18.exe

windows7-x64

7

af5f98b4c3...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    20/08/2024, 13:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    af5f98b4c3d7e0c66b70e931b16b238d_JaffaCakes118.exe

  • Size

    61KB

  • MD5

    af5f98b4c3d7e0c66b70e931b16b238d

  • SHA1

    73fe23e17ffd794075039078d57bbf38aa202275

  • SHA256

    dd5fb11a9963141aa0215cca916fc006640e43cb8675293ac3ecb06d7cbca70b

  • SHA512

    f2919c7b896e1f4149b18963bba633a6db1dd3e712c07a49eba3f7d5c57cb4384bcd30a92923c101b35318ee1516c237603850e30bf949f5934818949c32cbbe

  • SSDEEP

    1536:4JWen4TX5HEMA/gX9OWVyF/2Ui6XkC0+EbVEAbGRuVuMMMvuz1y9wrPGU:454o/gkWVW214krj55b9u

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in System32 directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 25 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 24 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:1204
      • C:\Users\Admin\AppData\Local\Temp\af5f98b4c3d7e0c66b70e931b16b238d_JaffaCakes118.exe
        "C:\Users\Admin\AppData\Local\Temp\af5f98b4c3d7e0c66b70e931b16b238d_JaffaCakes118.exe"
        2⤵
        • Loads dropped DLL
        • Adds Run key to start application
        • Drops file in System32 directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2740
        • C:\Windows\SysWOW64\cmd.exe
          cmd /c start iexplore -embedding
          3⤵
          • System Location Discovery: System Language Discovery
          • Suspicious use of WriteProcessMemory
          PID:2652
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe" -embedding
            4⤵
            • Modifies Internet Explorer settings
            • Suspicious use of FindShellTrayWindow
            • Suspicious use of SetWindowsHookEx
            • Suspicious use of WriteProcessMemory
            PID:2572
            • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
              "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2572 CREDAT:275457 /prefetch:2
              5⤵
              • System Location Discovery: System Language Discovery
              • Modifies Internet Explorer settings
              • Suspicious use of SetWindowsHookEx
              PID:2544
        • C:\Windows\SysWOW64\cmd.exe
          cmd /c "C:\Users\Admin\AppData\Local\Temp\figEFFA.bat"
          3⤵
          • System Location Discovery: System Language Discovery
          PID:1704
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 2740 -s 140
          3⤵
          • Program crash
          PID:1724

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      50486edcb41d72a748d5d253c611eeaf

      SHA1

      a04a735ab143ebf9cf78b4fc2acb616ed062ea92

      SHA256

      7a04858a9eddf0b3a235f6d85c7b1b344b12c54f49d96614314c6f020124315e

      SHA512

      1b29ec4830d25a927fbc1deaeeba583914695578f961dbbf975ee21b21cfafa4e09656b005fda424b25d1a2c10cdf0d9486d591d569c8ca975392cbbcf974d12

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      e728d9a7fac55980e719dc346b582316

      SHA1

      591ca9c559256905624c0fab85ec598df1d5b9d9

      SHA256

      29cb3875230395eedeb9f0eb85d6cb2cba7b73da86a1a210764886198b36eead

      SHA512

      0f183c4232bdb488f613758472837d5d9970fd1fe0ddd4d29b51809cc79be50d640ff223311454d6f18522391e60fc78109f9eda1ce7a3602f6cc152728ec38a

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      1b4ffc137638927e467527b0f0cb73b3

      SHA1

      5f0dc0e5dea63febf775dcf8c14613af6265939d

      SHA256

      ae57a4b42cd0192bb0fa698d675b2e92914515884e2253e34704c382eb1a756b

      SHA512

      547780eeb7ac247fe4cbd68317709bf749fb6eae8554a90b10c028d697296e098547162d9a1b920b29b6cf6b78b02b5f6dbc4d03a84cc6bf29319e41ac337c67

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      3af096dc5d26bf3f25037b79d82ed465

      SHA1

      dbce8dce383d33fb52e617b6122b80ac97c5d9c8

      SHA256

      afc37255b73707cf6e66bc981aced2d491d9e86dbc6203edbb390be330c287e9

      SHA512

      15cd0249f93900a61cfd0681ec7127e3be383814694b4f8ffb25201b16236dcdb70bea0b14733528b3e11f85f7521b26ddb0539f787a60021a7cebad1b39e3bc

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      9f37587b068489db0f0f6dd73bd74473

      SHA1

      ad2918591f23b7c467c825c52b8d618c6224b82a

      SHA256

      5491475dc237e0fc7717418e21f6951e30bcf65d7c4acfadb765008707d8e426

      SHA512

      ff0b54887e920c0e439be0e87a1ebba68e09c66e65561b5d259e80c4b7334b3ccb9e690fd54c0989f92cf65643a0eaf9151cee8976ba83ca4170358ebf7e7fd3

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      8bfa1aa3460708c4d75f4489b666a0f7

      SHA1

      bb1631c8971f7221fba985ecde0f4a921978fe3f

      SHA256

      4a24042080631a603cd70e25e8981bc159db7bea344b695b2e8c5ea0473bae22

      SHA512

      4270254dfa228912e7e082897ed950447677c71c4bbbe2f9228b5cd03e1137f55b5e51e5e024db00f2fa61d229a085f8379b65677a4ef0f7ba0265d590116403

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      79f8af273843862b70870adbaa4d0674

      SHA1

      1a4b3547d5e6253938a33ab7d69b61833ea814c3

      SHA256

      ad3eca2756c5253d8c85cf18270a6587db26f763c2d20495124055e07d52a179

      SHA512

      3941ad131efe10536f5af115ced17b1e99128df366cfa2641afc13d58608ca8e833c207f4f3e909145abcf0a6e7b8d371973804077f1dc4426410b4c15dceeba

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\CabF27A.tmp
      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\TarF2FB.tmp
      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\figEFFA.bat
      Filesize

      188B

      MD5

      d0d058197adb63cce69485a497735b7a

      SHA1

      feb48ee531e75b28761418fa2bd6424cafb4e093

      SHA256

      9997d3e11aa6c3c627bb05f0bfae1d369b8374d8caa8ebd5192ef6519cc310c6

      SHA512

      0df50837c46ccdf9f210bec6a39a19c8348d072921a399a59694f682db2f1ec28f95c6309e7278ac0a4df7b1d5ef6f8e668c137311bc39bf0513547219df42cb

      Download Submit

    • \Users\Admin\AppData\Local\Temp\figEFFA.tmp
      Filesize

      38KB

      MD5

      ebfc4314d12221235235e6a02548e7ee

      SHA1

      8a709db776098a3722178f62a351d39ee97a7c52

      SHA256

      791c12369802c37c4aa354c28c7fe7cf05b9977f322fc99c919fbba546304e79

      SHA512

      a18da34f9cbbaef14b65311d7ccfd81d1bf02b46929905596ec2c56b3ab015b14620e29fc2707f4f53aedc8365ba8d98f92d26161d00b75f6f87d3700df562cc

      Download Submit

    • memory/1204-22-0x000000007FFF0000-0x000000007FFF6000-memory.dmp

      Filesize

      24KB

      Download

    • memory/1204-25-0x000000007FFF0000-0x000000007FFF6000-memory.dmp

      Filesize

      24KB

      Download

    • memory/2740-464-0x0000000010000000-0x000000001000F000-memory.dmp

      Filesize

      60KB

      Download