Overview

overview

7

Static

static

3

b164ab425c...18.exe

windows7-x64

7

b164ab425c...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    80s
  • max time network
    134s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    21/08/2024, 00:06

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    b164ab425c6da0f65f183b1ad24d1974_JaffaCakes118.exe

  • Size

    1.9MB

  • MD5

    b164ab425c6da0f65f183b1ad24d1974

  • SHA1

    3dfae5412dcccecdfa3c3eaeeddf3bc0a974fdcc

  • SHA256

    9dbe2dde2a23142d494b732ff50d166450ac94e81a2a3a51a556563bcaf535cb

  • SHA512

    56c88b9edb904c9584542a4ef35754426454e29ffdafa4b4d70cc16008f848cd135e145a6606e16184a39eabbdfc9a9ba1d4fa05ba9b54a5fafb61721d4e37b2

  • SSDEEP

    24576:YQ7AJBnRkiJaH+jkYkhAmOehoI8mFSI86Oet6/Jete4etU:xYeN+4AghZTUEk1u

Score
7/10
discovery

Malware Config

Signatures

  • Loads dropped DLL 5 IoCs
  • Drops file in System32 directory 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b164ab425c6da0f65f183b1ad24d1974_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\b164ab425c6da0f65f183b1ad24d1974_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in System32 directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2916
    • C:\Windows\SysWOW64\explorer.exe
      explorer http://www.dandanwg.com
      2⤵
      • System Location Discovery: System Language Discovery
      PID:2748
  • C:\Windows\explorer.exe
    C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2632
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.dandanwg.com/
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2528
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2528 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2908

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          44cc33f191211f3878ca5a5d59733d60

          SHA1

          847b5350af9d4132ea636e44f16b8f44140c1bbb

          SHA256

          64c4e8e7c37c3b08c4c08f828a8232cff975ea063e91386220e34078247bcd7d

          SHA512

          2079f4a1d48c726d878a5a4c6a32e17d10181bad29e4272fc8018502d1663cbf2936b4ac4aa42d502aea3ac79114b00c6e24c3e23a4adedaa2fb308a8de7c11e

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          d8daf5fcb1029e7bf95832ee006ffc35

          SHA1

          eca4db6de9c7014b81b5e4f074de87255641d8d2

          SHA256

          ae7036db65e4863ef4927b678b7a14141f947a37d315eca642d9caa6c6987fff

          SHA512

          d9101ba5bdf283bcea7a7e0542efc10d7e45d0e59f184db200bc7a6d22755d46053d154439db2fc6e30d9cbc2a27e8b479caf00c2cf1febca36cd9a60c89a9e3

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          2b2c154cae920004c5077670e5a59a4f

          SHA1

          18d21c7fb0595a4f86c28debbc3d467692d538d7

          SHA256

          f65ab44843fa80b46f83ddfead3f7f95211f4b793a9c592f62082aa9bcdc08eb

          SHA512

          197cd471e845b7432e21970c98669026914d025f28daa2115985cdccad9b1a7948f3a39ae1a44a108718be6a2959012df20605c8bdc06ebb7d97f54b942b0bfc

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          00cd076163b7320edd2a978888bb1908

          SHA1

          dd998747dd71bac96c1a952e9d5ff60aee27708f

          SHA256

          b12ff706121ce9653539f08b93d7ffae3f5006a893f2444293803cb1a3c823d8

          SHA512

          3e1ec2fd730bcc1d889b46572675e3734104ee079458cad18e150d0d24e6d36aecf99d1d8e1b58742bbd70e3e36b4c77d873d5acd3a67fd8504a2d6137bb7242

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          03d886be8be052157e9b0e8a300c53d9

          SHA1

          5ccaeee8f4cec5e62b2e62e9f25885c488b8d407

          SHA256

          126396783b4df6e06fcef79a353be466153a97e5665513e8876b3bee3de083b7

          SHA512

          23f2d0a8c5021d369a5367dbc7b9dd92f6bd375ab5e6b9a3d86e0a6c4036c1a94796ac5c74247a19d38ac410f0a50f3190c2ce2fe7125ff7c56beecee810277a

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          8d9886b905a9c6675fc66d697029185b

          SHA1

          da15cab270d96a78a7f1ce20992e35d17aa6cde6

          SHA256

          20a349c8c4006d24905fcb01c2d8d9fb4bce53321cc43c0b58ca6ba10889d51b

          SHA512

          1fda0dd5f2a13f87f855415f9af4877cea76eb815a5e9eb7bd1e87e0ff0be0e5f37a7e9bb88d8548fe1bbe4d1eb17f96e8ecd5be75e39c72b1f14e8d4594ddcb

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          9db95fa93d00cd04e0d98d322eebbe63

          SHA1

          56b40737ce847d949acd287035563572a61cebe0

          SHA256

          ec801103a3079789f72e2d312ceb6bd61f707e1b24242734177e4af6ca5bf511

          SHA512

          26821b9ccb63f77aaa8672f6bcd66fb867268e6dbf3555ef454b692ebb5eb5860c1e9c3ff47a9d8199dbd4f45105a0dac234fc947ac9778d042490fd7d00c922

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          527f315b8a35bf46b61e059f17d4cdb2

          SHA1

          7bf71303d0f7b131c00e86e98ebe1af0eceea695

          SHA256

          fbd9945f88c8dfc0b49eabc96d958d74f4953f88c702471461634fa9b6cfd80d

          SHA512

          13393b997bb4466d9f602afb39c8abd36e847f3eb4bac4cb1d0da5d57db5709c20719058bba7c4b260e7a9ecd62e354c3f6b4da4f28d4939b13964f34401bb24

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          3502d2dfd60a4c98db7516879a55d322

          SHA1

          15c3a9de058144f1bd6e0a8e138e97837456d9b2

          SHA256

          8f4223b0ef72cc888f6c39cb0a99f21c31cbab4f28f3f10b6edff92992a34e86

          SHA512

          bfb91784e607a270e9353a4499f95d0c70ba1c2f41906b0ae508389540820b572113dfba923a340ae22746c7fe06e5ba65c2583d7dde5a7c45285214af82fc29

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          39dd6bb63996d6cdc85bfd184b0e98ab

          SHA1

          399669bd81316af989f70352fab8dc4727749d1e

          SHA256

          7389021342e09774adffcc09090059fc7bc55b625138e2d9470bbb34c092977f

          SHA512

          8672c63a72954519b8c07e5aa5e193525f4d44976048ad07ec535cdd7fc3ae57520136a229d496ed848b168b3fdea0317f506830544e119e76a1e38133883291

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          3c9dcc7c697996d07fa23f562de793a9

          SHA1

          af96333bf29f96b970ac933b3cbcc86001d98fff

          SHA256

          8f2b599def6b69dced0c7ed8b538efabecbad25396056a9e93f529e614eae747

          SHA512

          7f69c57c5955144ad1f60004a7daa1787a2e33998ec4416e8d62883801f27d3358c996a48edd03d8e7a541eec35500324b7f2ef2fd3e3746fdf827161616e9ce

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          069e22371a1a4412c6a0533e2222ad3d

          SHA1

          ebe69513054035e434e1aaee6cea4162da9b00b1

          SHA256

          96378ac0fac16c2767edf267f798ef8644269fecf3c34ec1d35b82012f59a394

          SHA512

          7932cd4be7f031796d68162cfbf970775c28ff3a2087e5c0791ac0b41cc1af84e6b36c93073d702a1eea6f4e631364d047cf497ab7f5e0a697d19e9545350e1b

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          d0c50347b915dde6872df89c3cb57a9c

          SHA1

          bb66c2c16a3bdfe42b905b09ad1a3a01dc9f9dc1

          SHA256

          666ee6f8ab3d26c3d5f66d217e2b13502550ce12f391b9fe8bcd665c1406e4cc

          SHA512

          cf29cb182e964975942f5d65a474dc778433ea375334d73c40db3f8eb8ea7558b56d9de0ea1617f3b3e66108bdf178c06e6cb3e9ed8f9088b45e7890111deed0

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          1b2ab2a555a6066eee44bc4b6f84fe29

          SHA1

          a4bb97214710f498977edb8a062368bfa191d38a

          SHA256

          c8e82cd60c286dadf1f0f9750f9d78762aa0cb24d63b5d7bb2684bc52f58f13d

          SHA512

          fff3a13f676e72fb410eebbb9e7e3df8b3cae78682419688d8ae182ad4b55b990eaa724f19a98736cc4477a8dad0963db9775ce2dccc92fb8d51218151d137c7

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          aea42990ec5eba9b404a16cde304714f

          SHA1

          a2f1e011b0c66b96a304afe7188f51a48a113f93

          SHA256

          68c29d522a8f1570d83a2042478f9c77afa63b8a7437745b36e05603057bd2ef

          SHA512

          51d1f50783105492502dc13b8317d19fd4348d37d98ed4d0e0c0a6686e4246f2a9340c835529da45a70662377c8338ebd2bb29c7bff65efaa2b0e2a7d611a214

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          106a677a42386796e7510db06c5f99ce

          SHA1

          91e6f1b2fd6f38e27162c29c5f5f0df4305b45c4

          SHA256

          3cccd425ca20cfa4a768e2c970589852a1c7865f26a17ac7cacf499a59e0acc0

          SHA512

          aac03039cc55f12edc4cce6df2db3a05da1b4c3f13c5db7f1658ec816cc7f3aa2255265e3b4bec4d2cca68bc3d1fef9ca32f34627fe61a917a1d633cbf748928

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          4039f9f94bf3170ddcbb81b1c203a937

          SHA1

          69f2b8ebabfa4ee15bb00b6a108d7ccc74009edc

          SHA256

          639c2bd78fa77ac739a4c68caad9801a384383d4c8e2bc3983a4ac55cf6b5351

          SHA512

          4c0c6d4b80b87fda46f1ec795e630f195a33d03d06fc9de52e3ca5adde7c3baab9fb31e8b264fba3ee563b09a63134e82249ac6a9755002115de7a90d5a5ad7f

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          6356438ef2be5906bceff8c49bf8abae

          SHA1

          22a5983eb82e5d6a1e4b692a42ebed7cfdb02931

          SHA256

          16fae0610eca97fcf47e7678ff13ffb8e33cf5e754f0842249627caaf3896fc7

          SHA512

          86b7cac19730da8ada0cd954bbc10d389a145bb39832e9fd4a8c3fb767768ac0cbc33cac1c6813c8ffac643f0613bfc60c5f630b54f2981560cb7e0139773dbf

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          b2ce9363df324b1998b016ae32bb56bc

          SHA1

          81d50d59c9b243aa07205ec9915d86048c3bc86d

          SHA256

          003ffef5f31a9db1fad3aab5920b35df14dc0ca7b29a1c233f00f9902dde7e26

          SHA512

          eddaa7eefd3f466459889ddddd07c3264ea4a3fa5224fe090e798911a21a75e865d30ce9251a31d7bde324a737ed5b1502a1eb3ecf73e4bae25e9836aa9a5dc2

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\Cab1410.tmp
          Filesize

          70KB

          MD5

          49aebf8cbd62d92ac215b2923fb1b9f5

          SHA1

          1723be06719828dda65ad804298d0431f6aff976

          SHA256

          b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

          SHA512

          bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\Tar1471.tmp
          Filesize

          181KB

          MD5

          4ea6026cf93ec6338144661bf1202cd1

          SHA1

          a1dec9044f750ad887935a01430bf49322fbdcb7

          SHA256

          8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

          SHA512

          6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

          Download Submit

        • \Windows\SysWOW64\SouGoo.ime
          Filesize

          52KB

          MD5

          b60da4e2e5aceba3ce3d87ee2cd872ee

          SHA1

          9bbdbf1f3ce2c000a86e0473da756a4b1031db41

          SHA256

          b581fcc82c0462d60286a80912ab2ce5aca7d7b11c5cff0b5f74716dbb7dc453

          SHA512

          664d6f893484252b339ff8f413a4cf9da9b0ef82ed74b097ba86a5f00b4d9740eef6e8a5b81e8be7e82ae4009928097baf15e65a03f31c4b92e44f593ce39874

          Download Submit