Overview

overview

5

Static

static

3

b53c538003...18.exe

windows7-x64

5

b53c538003...18.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    139s
  • max time network
    146s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    21-08-2024 22:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b53c538003e3962b0135031476f1daec_JaffaCakes118.exe

  • Size

    64KB

  • MD5

    b53c538003e3962b0135031476f1daec

  • SHA1

    4a49e738a8d9d985c49c6956ad7f255ccc872163

  • SHA256

    37c2a11f9f302036e2e89f3f336bfba40a2edf4bb9d0de74854865b00567d1f2

  • SHA512

    9859426f5788438d08f3a6a3945222a065740075efd973784125752ee50aa08f729be5bf4b3235dee269057909bfbf1158cc716655325c00bd6f47f87b129dda

  • SSDEEP

    768:Bx0opJh5MdL74fsRO3qy40FsyOlYZwB4byBnKoeDg6TIiM1/+KDP2Ip/xl5GYove:BxfpF274fsU+0FsyOlYZIovRkGj2

Score
5/10
discovery

Malware Config

Signatures

  • Suspicious use of SetThreadContext 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 58 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 24 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b53c538003e3962b0135031476f1daec_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\b53c538003e3962b0135031476f1daec_JaffaCakes118.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2128
    • C:\Users\Admin\AppData\Local\Temp\b53c538003e3962b0135031476f1daec_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\b53c538003e3962b0135031476f1daec_JaffaCakes118.exe"
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2216
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://www.pppp123456.cn/welcome.php?k=t%2FK9qMCtzqrG67buxuvF1Mbrt%2FK38sbrwK3awLfyxdTA1sCtwK3Iy7fyv%2BzArbbuxuu27sbrv%2BzG67fyxuvH672owNa9qMCtvajA1r2owK29qMCtxuvL48bry%2BPG68vjxuvG68bry%2BPG68Ctvai9qMbrwNbG67fyvaiwor2ovajG67Cixuu38r2osKLG68CtvajArb2ov%2By9qMbrxuvH68brsKLA1sCtwK3G67fyxuvG67buwK3H67fyvai38r2ot%2FLL48bryMvA1rfFwNa3xcCtt%2FLArbfFwNbOqsCttu7ArcXUwK3G67fywNbArbfFt%2FLG68Ctt8XArcCtt%2FK9qMDWzqrArcbrwK23xcCttu7A1rfFwK3Arbfyt%2FLArcirwK3F1MCtzqrArdrAwNa3xcbrt8W9qMirwK3F1MCtzqrArdrAvajF1MCtvajG67buxuvArcbrxdTG67%2Fsxuuwosbrt%2FLA1sCtt%2FLG68CtvajG67but%2FK38rfysKLA1sCtt%2FLArcCtsKK38sDWxuu27rCit%2FLArcXUwK3Oqsbrt%2FKworfFwK3F1MCtsKLG68XUwNbArcCtxdS38svjxuu27sbry%2BPA1sCtt%2FLG68Ctt8XArcCtt%2FK9qMbrtu4%3D
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2780
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2780 CREDAT:275457 /prefetch:2
          4⤵
          • System Location Discovery: System Language Discovery
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:3004
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://www.go2000.cn/?1
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2996
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2996 CREDAT:275457 /prefetch:2
          4⤵
          • System Location Discovery: System Language Discovery
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2636

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    22f7fb842399936bafe4fcc3b6efb4ce

    SHA1

    1621a7912a5cdc17a36cbfc057632ff3ffad8bf7

    SHA256

    d92177249c3f8cacbf1cbad48b62b7a68b7c2ff48ec9d7fc6957b45f3719982a

    SHA512

    e2dd5e0f9b44299f15f6e417f508ef5329b58c635ff945834f28534102e222c79c5b6d2edab873c7e43c6bce7ed048eb521623500ad17eb86a46711b27a4a642

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    21d3e47ea54e87f7aefe7f93d8a70cba

    SHA1

    76a38622e4bf8cf4cb6086f4c82eb1d1583681a9

    SHA256

    535a5063f9fb33812ff3a6cd29364de6cd9d7c4b258e738f3989a0b485680450

    SHA512

    c1295887e67afc77e1f2209d45fc2a4ffc3da4b43c351a6b5b465f9c0e4c71c93abb168b604d47b0905f8415c2d53a9be17bb0c6bc673e715b6525b2ea4509fd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5fbcec760ba3fce0aad7e0a39f7f04cb

    SHA1

    8c61bf0064cedc89409e7d29851c55280c260e72

    SHA256

    1f5211e68d1637d7fae1e92b25a595f87cc4492c21a3db19e7c0bc1cff5cf821

    SHA512

    a95e5d03518fbb2c34a165f2ccd64f9c2520986de158411931548571b9d2b3e17d9cdf48a0f3c630764a7d38812e9c520c78b6b5f913e25de253f8b549d2d9db

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7d61c473337f6466da7ff89c8be226d0

    SHA1

    c6575d1d6b90e65c543c5e926d802a6bce88b806

    SHA256

    60cd507e18705706b8385fef62b93bc79983154190834015383e6949c5214c71

    SHA512

    1f9228fef44666cc73eba7db03d73a48521528840a376b32bf3db0bfe1566802907c48c6a8e9cc02c45edf5eaa94ce63e58e2752760d9843d85d919695eda619

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ed58ce6ae173190215407183cee8c46f

    SHA1

    a56f0d0c9915289cccf751e3506d8f6901c8c89f

    SHA256

    3048ce74d25f87288d5e69368b51e9d2da2c6d7a0b71c3c8c5f68ab204f4bde5

    SHA512

    fd4f1839264a06d8c9b4aeef815e4779b03a877ae9d5a03e4c2a5ca547931a6735bb82bf77c7a7236d71dab74fabb7544c71af9ac558088abfd82de814f75689

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a89cbe6f34ee732b2f682cedcf446881

    SHA1

    f3153b3bf21ac686d71728046d81fbbb0f48d38e

    SHA256

    c176a63371461b0490938410a132fada077581bee6ff0575f559704e40d8f452

    SHA512

    08e9ba476a8a138ed28a0f59c85b8aca576ab72cb416aa8c94eb3ef7f4f7fc6078d03f50c1c3e1ceabd7a07915091611ae4a93a03fa744dca22be01362942499

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1abf46b0dc2a088f7a6559a814a670d0

    SHA1

    b17955559c29c3dd9d8ebd5a102d2a9836ef5b07

    SHA256

    4e98e109b89b322a17ab7e3a434383fac75737ff68420df9d1f154b16fca8f9c

    SHA512

    6c5864fa86fd681cad9532474439bc2a94fc112453a195a592d7f5208d6577edc19a29c4a25feacd3548d182eb1b9bfe4225bd03fa905d6ba033ebbeecf19358

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2143caff2dcf4f9938682590e4fbd1b3

    SHA1

    5d072c82850b933bd1870cd83458683ca17fdfbb

    SHA256

    c17ef514c44bd290646df39944e84a3067c6c77e405928c79938ef6217a07734

    SHA512

    c1c9ca1f7ae8ba86b6ba1d5d3424460eee60e63eaed8f199c829402d44a92c8eddfb744ebf6004f725717a13359c3b9aa3ce8ab2d7b40f5e4e24de7fcfb90dd6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    74e712dc3c3330e2cc8aff723d87c798

    SHA1

    0e6ba982d68339b79a49421d6703638b755c8e8a

    SHA256

    71bfb54ce14504a31366d4de351b642ef92d1e45cfa8e3609ebbbe222293f37f

    SHA512

    df6320e6e49e908e58c9cb8345a364912120d9952d39b3f24ba045ca8232bd8a3f43f8de6f9af9a07e15cd5d934644dbd5f6bd42bb06ee9dba61895596572e90

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7442b3b1307d8b7cfbfa56e6df4dd4f8

    SHA1

    7c440cda8230f7f53ff7e2970439abb5cc8132fb

    SHA256

    1820a87e587c9ab1597516ef1cd77f59a5a667a8fd8da44dd17056972ff43afb

    SHA512

    a8e4e25981ba84d0f098397002de78142bca1a361427275a025d46750cc5e87dca0b2b6b529fa15800b040f924a8928be78b512e1b571c960a7140747f6e4a53

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    117e5f9715fe2114d94f29e137bf3273

    SHA1

    a6b00c963450feb13c68b75641136f2e253822fd

    SHA256

    efc967528e34f4656a65e20af1998c083bae3424cc07363c0b3372b077de627e

    SHA512

    9bf249c9c2005771a8bada0b73175055c20824e64175460f581a8fc65ca6d277ee84935c1c9e01b8f8e5840f3cb4fc03548926541e885196fa9b97dd5829596b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    697a366ec4558b00e3fba12e31b49d79

    SHA1

    a9ffd10c6c0d2be6333f79b17d24aeb36d9eed15

    SHA256

    6137ab63270a83ec718325c2113f2313aab07eea94694584a7458547bd19585b

    SHA512

    4c820244b43e3d32ee599dfd112d54a50ad3f56ba06bdc238483c617c2376edbafe6e6add2f7bbba2cf0b40ac9f9cbf7aabf0ab343c1f37fbb2e131ded28ec26

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e5e5500bc7b5c6d1f0115239f515c123

    SHA1

    1b648c854903c0f54a74d0e9b6607e4448656854

    SHA256

    267d7cda06cc04153a648add9898e4440689180608ba35868687a9164790beb7

    SHA512

    5ae8fb1a2d2366f9a35ba221752bb68d94929691cf9a261c99fdac92fe4e0aa4d50681fa72feb785619b1c122270df045c81e32eca42e95b472ecf2e9573d32c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    dce43c0aa99788afb30a703cf100e864

    SHA1

    c570b6396dd05354e48aa2c990c1a36773144b5a

    SHA256

    a1dbef23e4bd8188ee4f189507376c6a49c95393cbfd75b0c8bcf4fbef08bda0

    SHA512

    0f24683c7ae7804374630bcd179a2cfbd5b60bb9673f5996fe1efdb0f9c0f8389c6e20c35e4fd41797a4e68c9e0dcb530c157902eb761f057752b09242e59fb8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    85c9a7639acca095cfe07c0e0c881cfe

    SHA1

    5b5be87b617e9b42a9a6f1e8414fa4bab6747577

    SHA256

    b682807e60a3865cc89e38ab2622285ccdadd614c90b72c5a7c4f337bece88f4

    SHA512

    e2df8b7b02944d6877eba70e70c9d9ea738e1bd3d6385e5c52696114729d9960252d10f3c6166575e00f208ed70fadbe2e0b72ead339355c44a4c1ac66169b60

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    97833c63a5c8abac7a032d32c5c2a673

    SHA1

    5dafb565553855765719991d4c95f7aea1362d07

    SHA256

    528d495d75813b6107c63082a61cad69bb852907ed22658935bf86a08467ee8d

    SHA512

    58249c0ccb809c6fa697c94021c58abbab5c76a0d681faed466efef3e42f5c375d09b1cc08215f44965b5499c8b0cdcf427095758df22f8e3a71ec3bc0a55d21

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3424cf48e196a91b2f54dc39e5352def

    SHA1

    bf8145e768294819cd71883bff2bd1f208898844

    SHA256

    143d66b2cc7fef7f1d3eff384378aa89c8c24e572939f46d54031bf7d13f3d0e

    SHA512

    fa72fac94fcfb5c4c5f95e2b71d0871907e40bf354710314f64f0aa42c394500112bba7c0f8e55fcbb728aa2f2b419720deffbdfd0ece35786a0d75b53479587

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    18c9a928da30c6a5fbde2162586938f8

    SHA1

    039869f3e7f68786f848a5c3f6eab81a6e0fa796

    SHA256

    ca8a437d7d2fa65f7809d741f4075ee6a8f559bb9b9e7bff25aa6ce82fc7e514

    SHA512

    c47d5e8e1cb2d2e20cc7207bffa11df76718d83e5fe1ddacce97aa7d87b1142d2d0569aeffe84ab026b71a8d7e4eae9685e8af3fee43378f18ddda37368b34cb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ab88624f2fd223ec2a6e035366499beb

    SHA1

    4a677ea61bcb346718be9d5479a72539b43c709e

    SHA256

    314171406631e5335c26550d91e2fc1e2737c941ae06444dc3696cbf79d1568f

    SHA512

    8f533cd2318a39505b3a7ba86b384cfc691a18b4292d7054024365d64c711053ff44d627f67dc0d4d53d5f4f44105502579ad58c8662bdb7d63e2c97bdc853ac

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{03580BC1-600A-11EF-99AF-7ED57E6FAC85}.dat
    Filesize

    5KB

    MD5

    408dce4de3a3ae5845c742df7b270f19

    SHA1

    26154632b7344927df7f2b3dca470b8a10fd91f5

    SHA256

    1900faf4309fc9dfa3d2e3a6ca0be34381eae1adc691979b492e0ec6e94dfbd1

    SHA512

    10432a862e62661712ccfe052883b0a34900d73b550f33db64c3810163436329cc5eb18b122651722aea5c93b93be8432eaf51486b1916f1cfe707daed7ce664

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabE524.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarE5D3.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/2216-8-0x0000000000400000-0x0000000000406000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2216-0-0x0000000000400000-0x0000000000406000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2216-6-0x0000000000400000-0x0000000000406000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2216-4-0x0000000000400000-0x0000000000406000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2216-2-0x0000000000400000-0x0000000000406000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2216-10-0x0000000000400000-0x0000000000406000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2216-11-0x0000000000400000-0x0000000000406000-memory.dmp

    Filesize

    24KB

    Download