Overview

overview

7

Static

static

7

b2d8da688c...18.exe

windows7-x64

7

b2d8da688c...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    129s
  • max time network
    129s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    21/08/2024, 08:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b2d8da688ca7bbf678b81acaf8e51657_JaffaCakes118.exe

  • Size

    1.0MB

  • MD5

    b2d8da688ca7bbf678b81acaf8e51657

  • SHA1

    8ff570363f384a53110f383e14527556abb15bbb

  • SHA256

    ac1a329fad602593a3f052b4a60166758ec9d74c668304eb96d388297007415c

  • SHA512

    a78da3777346e6aa91042219850893d1e10a8a28a9b84affcde2433a3851b8ed1f1254b53fc9a7f1d10c69e762ba3a7ee7c0bf37302bdae75be40c52ea250fca

  • SSDEEP

    12288:XldxKbGlQuR92mnEU1OLPnSRriTAg6RtDlV4wqrY+wPd5CtB+fVQM41CVUnb9aFi:XhKqDsLPnSdiTAtNYY+wlOBsZVIb9aP

Score
7/10
discoveryupx

Malware Config

Signatures

  • ACProtect 1.3x - 1.4x DLL software 1 IoCs

    Detects file using ACProtect software.

  • Loads dropped DLL 1 IoCs
  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 58 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious behavior: LoadsDriver 2 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 13 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b2d8da688ca7bbf678b81acaf8e51657_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\b2d8da688ca7bbf678b81acaf8e51657_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1008
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://kuangaoniub.tap.cn/
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2964
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2964 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2784
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.yy.com/go.html#66635439
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2096
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2096 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2632

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8d0ccef10da83e14e88d9b357340b831

    SHA1

    a2146a3e1d08eb2926a476b51f6b7527aa8a7be4

    SHA256

    1230173ae93f70566cfa3471cd4447dacf21521cc3352083779ffa84b7a9e86c

    SHA512

    7a26f8707cbe66f425030937d60e26233c2024a17a4f901d719c39ef91a8613ead0e081a53bbc05a607c707dbc4497c7831f55c215c2690a78c9c6ccd40acf46

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    774642a9b260495a77b081de3973a827

    SHA1

    d6af5d73ee404442a52e8e72a102e57c4eddeb84

    SHA256

    209e11ff8f69d8ef7a841ae90ffb7d9c32999f5071b32ca1905446286088365a

    SHA512

    8eec1f70d9a80f4c61475aae76fcf3801a9bb848e7bf7981989be49a22d91068707e67266131402f52f497dfa23ae72c144bc0254c1560bf47293e3036bf21fb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    82837407563ec898a76b461999bb5214

    SHA1

    fd2b0217f2c9c6b9cc9a9608d3469a0f293b0746

    SHA256

    ffe36c58f052ebbc82ad57b625ed069c9f3e9601213fea1bfd9b42dd94394c15

    SHA512

    dcc6d10afb6fb5270a79742ca5405d1e5a0c2b544a53b2fb2c419c31f4d87a0a07d77e26ca69be72390995dd9f994907d4e6191e8da5b6e7aed02edaf18276e6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    30abb4b327de20e0d64db128eaabf151

    SHA1

    50a91591f16d10fa2eca3054e04fb0e98030a000

    SHA256

    599d6ce6236dfc3df222ad63ccdb8e4ffc54b7f711c86e96005b6c67f304e078

    SHA512

    9baf1b386de3f1ebb3770275ef1bd7434836f5b0d06f2aab3b5557c7c1dce428486cdff765ca2ca75808aa5c9ac52833fe343de943526f4154d0035bc7fd6fff

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    95c2e28ac069129ba63b634caade4a41

    SHA1

    aadc874bc0106d1eccb64b8f80154d5be3467532

    SHA256

    b60a66006c91b10398ab79a4597af46f317b1f10ee72bf374ff8f721d6fb17f2

    SHA512

    9e9225528ed5d91443bf3ef8cce3c65895b6a4fde1fd25b3fc641d753a9e2039d2a3dafd0109eec9f563d46c5c1ad732dd6b75f5b8aaeece386d54825b79ade9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c1808170197b4594c1f0ff326d6bb8c3

    SHA1

    3d21063d6510329123cbbde204bb15d8ccdcffca

    SHA256

    503e4bb8316385de102cdb62d0dfb38c4015e1b8bd1bd0c9b2b59f9cbf873e01

    SHA512

    54292fa8e8b92abe99230260596accb40a4caffccd8981e58879e181b3bf09867e3fae0304f65fb5f158fcfba0c5ccd08f044f4073e8540cd2ba057be0633a77

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    42bee510a9152ec7530f2f0ee1919089

    SHA1

    cd69aaa7e176dcfd344eda492007a6be849baf1b

    SHA256

    6f77ab0060a55e0354767dfbc91b5e21ac3b7827621f7e1d91ff0cbb438c5525

    SHA512

    af6d1e0bd43e65b2c3280559404b9739b4936207beba0ee11dd1fec8b03a657e0ecc09e30e1ceaaabc3effd3a66e0db8bd76ad260d68afd38e22cb9ae5fc78f1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7a4090a8c5bcc80ecd599a6abba0f5d4

    SHA1

    ebc29fb4d2852ea5c0316a0ca72565e4ac45f593

    SHA256

    ebe94c5a51c581d93a7a1076611f18abc78d8f8a8e6780a3715af4d5bdb35348

    SHA512

    b30e273ae61fcfb56a43e3167d633588e8d6d8f07bab051f63fbc6f50d2df6e418bf16a3cae5c3b48b111391b7ceba37dadf3fb4e8017f980bdd7e2e10295dd4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d5734d365550338a7567a574545202e5

    SHA1

    5a31dfe8a811d327918f6c1a9762120f79de22df

    SHA256

    647fdfe6ab9f0d14fd7dda1e10255342dd04d6f9997061969593f7aa81dfd4de

    SHA512

    da3c7209bb499c81b5ab7991e64cf73ffcf60df3baad8d8a9969396c474273e88b74e5761b38c889b3ce80c21532cd97896c3a6f19597c113d91d85b2b68cfbe

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5e7621d85749acc4ab8333ac3705157b

    SHA1

    ea47173a358a96069d1d66c86386c2cb9dfebb91

    SHA256

    0f67cc89227d415a5d2bada03e33641de33781896d3adff75858bb68b11edebe

    SHA512

    8b67d2bd3afea5e9938ea01f8fe5cd576114688faf705ce65d844a6ce1112b8850f859c97a9cd1b4cd9fb7af313f162d8b6b77e4544df55f1d7dbac30456f73f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ae7f99d7d4f2c716ba99769580b80de0

    SHA1

    4d4cb1fe0ed5359be4d40b5cdea27c06fdf4a784

    SHA256

    8b5071479c5649bef2c26f2466b30598e6379aa0a0f8572b1df19c87fa04372d

    SHA512

    fb7509937d247f156b9e9fda795ad434bb1bc6490111062090590fb25872eaa17b2b128a6698b61aa3291217921d261e58b85e4a917dd25dc3c284ce3c91755e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    09a5798bb37446a065f6a6ad93ee578e

    SHA1

    f6c9136e68c26499c4ea66f54d9ab406a982b963

    SHA256

    4bd1f533f5a421011cdffab56c6b8ca4b5cb161e2904d25f0fa3ad415be40631

    SHA512

    55e0096a52731be883cbec32639c0505f4b8daf0b62db1dc9ab4ac3c502673e27d43dd3fef9e0072903365feab916ff98f9bc5307ea670daf606ed5dc0b3f5be

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e215e0325a5680a1e6114f47fc936aee

    SHA1

    6f87c6f285761048cf4881d15ce81563eba45e86

    SHA256

    ec2da2a5a308407c08bee9b9edf9fc483b36e57e8cac0c718af5d3eed4b29acd

    SHA512

    c697be00978d8e4058da72ad00abb8b10bddb4a5c7c83eeac33666b53afc69f279d8d2dcbcc4aed8bec5329d521904b334c4737b61f71eb388bc04a1ef082cae

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    08a130a0ebf647493d00a0c9abdbff20

    SHA1

    336602ca82b5a61429122bd80dfafe69f8e1907a

    SHA256

    fae383e8bad9fec119daffd4a30a2e5e7956612699a1f777fa0372b3e43e4400

    SHA512

    532c2bc171a8b02cfac5b0ae73f48faad335bc114ea6563bacec2c6a2176afce618fc6005917193a77170032036e9b80ac48d6745a0a1902bf396d8b2c3c4464

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fbaa97e5936212cc08f9ebad2c4682c5

    SHA1

    fe5b95212fe6dfd7cc8b60019fc6a874f40a02d8

    SHA256

    40506f7f375219eb582fc9e34ed133fc5737524c70e52fcd470987cf80b8865f

    SHA512

    d78381e16c3f1d6f215b6a4f24e8b0398c2a5be6b089993ca396b8ce8e5807ab4260629fee43ac5787e5195945c3d0034ef8963f615457c6d362c709e063c11e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fa57020c88de952429aaa4726ca43876

    SHA1

    d02967188bc9d34d76aa3297bc985d2b88dbe8f4

    SHA256

    c1d2fe923c65b7249d6904fb8713d5b0b6168aa59726694428b38bc77f954c6b

    SHA512

    5b417f56896797c3164542f6302a8957b89497d275cbc173549822c7cc532d0d94df9c6dbb22d631a714f6a0842d58ffed8e25ac415e6e65b530c0769d374e9d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c62acd2372ed322a0f90e1a06a308420

    SHA1

    ca90ec59d0ae28bfaef8e0bf57d1b0c2baf81a13

    SHA256

    8abb8b0004690c6457026a5bbe8ecedd9511a5809f73fd6f877e41496bb33f89

    SHA512

    539ad6a75c34aa53aac87b988905ed18c6635fc9fa19091bf9cb3bb1404919a9aa271bdcd549951166655bb2f6c01d97949371f817d447186d8a7be2d6b7d9d4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8a9c0a562ba843a9b030b2d924306313

    SHA1

    cce60a854f4e32413992a13c63abd3a2b74cd605

    SHA256

    26f721d9f4765161a8ad409346a7562862a05cb6bd3c4dc2a2745de4d8a10e91

    SHA512

    a17d25bce0989c194338603a9a6893ffefbdf0b2570631513906170bf93a166ee41e3fbf0e565ff5804c1b51eca8ff424988e86c4b3f0f0a0036ba37e905a6b0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3f296dee73b678f9fc98e7a5ab7786e3

    SHA1

    c4d9cc1f4ebc8416b9dfc67b0bc4891d412afb27

    SHA256

    cc774cd33ff1ae0bdcf968cece91445496b57c5e34f71378ca40f1c968a1478e

    SHA512

    3e15c0be662409120be4260c6746b60214ecd90faf07c9e6f254b74f372c700c5b83ef0af6c1cbb47cd664190076b4a4d40b26fafff338d9f145220206e1cdfc

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{4CDA9611-5F9B-11EF-A248-D2C9064578DD}.dat
    Filesize

    5KB

    MD5

    c0bb8b5ad99115caa45bf21fc1913e82

    SHA1

    369c92e27a47e24234dfe432024905844a55586d

    SHA256

    232dc7dde93924668dee6161f7b66443355121c5c164f3676dfa1a0869c100fb

    SHA512

    dd994f2b33d1dac68bc15e2c32faa09c102990f057499ba0057e2c671fd2a8970cb1372ad72f92ecdf418cd00faee5fac8059703b2d127a239ab697a7da4e98c

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{4CDCF771-5F9B-11EF-A248-D2C9064578DD}.dat
    Filesize

    4KB

    MD5

    9a4df29174a7fdf43870a365c77a9430

    SHA1

    7c96627db68d85e6fb78eaa74a628f0f302585f0

    SHA256

    3b13a3ca413c73b8b7068e3375d54b56fe69d4dcac2fbcc1d7e7171ae16ad798

    SHA512

    48bec717f43ecca3a3d019119154f1282a8a312194bdd52042c0d03b722d51598918615fed8b494e5eb4651ce109f1b2a71ade79d79129a41ff5b6ac585193e5

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabEDAC.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarEE1C.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • \Users\Admin\AppData\Local\Temp\SkinH_EL.dll
    Filesize

    86KB

    MD5

    147127382e001f495d1842ee7a9e7912

    SHA1

    92d1ed56032183c75d4b57d7ce30b1c4ae11dc9b

    SHA256

    edf679c02ea2e170e67ab20dfc18558e2bfb4ee5d59eceeaea4b1ad1a626c3cc

    SHA512

    97f5ae90a1bbacfe39b9e0f2954c24f9896cc9dca9d14364c438862996f3bbc04a4aa515742fccb3679d222c1302f5bb40c7eaddd6b5859d2d6ef79490243a4d

    Download Submit

  • memory/1008-6-0x0000000010000000-0x000000001003D000-memory.dmp

    Filesize

    244KB

    Download

  • memory/1008-1-0x0000000000400000-0x000000000057B000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/1008-10-0x0000000010000000-0x000000001003D000-memory.dmp

    Filesize

    244KB

    Download

  • memory/1008-9-0x0000000010000000-0x000000001003D000-memory.dmp

    Filesize

    244KB

    Download

  • memory/1008-8-0x0000000010009000-0x000000001000A000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1008-18-0x0000000000400000-0x000000000057B000-memory.dmp

    Filesize

    1.5MB

    Download