Overview

overview

3

Static

static

3

b42d271349...18.exe

windows7-x64

3

b42d271349...18.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    134s
  • max time network
    129s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    21-08-2024 16:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b42d2713499292c843d1f5460a2598f0_JaffaCakes118.exe

  • Size

    5KB

  • MD5

    b42d2713499292c843d1f5460a2598f0

  • SHA1

    533aae6bb29c7646505f3946778e1934eabe397a

  • SHA256

    49ea5b372abf1c58a26245a1103e28c38259263933a474458645351058339aba

  • SHA512

    7b007eca91c85f59d58c6c998fabf1b06ad7125ae34b1e9fc5d32d32ba18f7760f83ac38379d324629676f90f822725006b5952335947cf393c2a12057dcebc3

  • SSDEEP

    48:Zv0J9XVtxGoHRyjxuMgYWo/vFL+KbDLOvE1V6Xqep+ByzkAMr0:ZywowwMn/vp+s+6heEr

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 28 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b42d2713499292c843d1f5460a2598f0_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\b42d2713499292c843d1f5460a2598f0_JaffaCakes118.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2060
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Windows\..\Program Files\Internet Explorer\iexplore.exe"
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2784
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2784 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2704

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    02dc48dd9e48f2da53f807d65ae74b18

    SHA1

    8690eb109f577f7db2c1c2920617d46909de562e

    SHA256

    30465b651b07b4f676604a20ae309d3ee240cd92e1d77576706795a4f3bd735f

    SHA512

    2fb8322f795ae17086fa8b4a7aa8b35bd4866310389bd741cda0a32cc337c21713600086fb2b8c8c1f185eb79087527e00f853262f5873a4a64c8235ebd8510b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    07847f205369e34d3772a2a0a579501b

    SHA1

    a94824513034bec7c1d7c8651b153fd250fdf4b3

    SHA256

    e50ee09d4efa03c4a506b39ecfd6cf4c57d2ca3b00bd71206e3ae11a09d69578

    SHA512

    e2857781e43c251c7e4aac310d365ecf8a16915920e6b7f1a1ee88cfffc2fa5a157b27c8306ee1ce6f004867f6a9800d1e7644aa3321e658875c4e30da9e22c4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    71b588f5f9ab411337b4f0377e447c6f

    SHA1

    fd5ba3df36858cf3f372404df432e09cf29f1b7d

    SHA256

    34462b473757914266eb2d27f32e60495789f91e6bbc466c05657e97bd42c93b

    SHA512

    303de4e094a3ad29226450e0ee78db177161b31575aead0c3ea68c35fd33bd0db01ea2dc409b82be1ad1305bdaef199581b1ba7982b1934bbab7593a17892418

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b802cb79bf7094a9ae20239d2e583779

    SHA1

    d25985138efcf6e7316541bd507aff9fad0585a0

    SHA256

    9e167639f02d4907804d222b3a6e6ff4cef7b2d8e95536cdf3a86c13cd320fc6

    SHA512

    3a47cd4c6ea7dc0e340ac33a106286afecaf255d5d71ff45a397b78c67f144a7c53e5e75c2e985d2d5ec448f8a501442bff5efb96349b722c278bfb0dc04b981

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fb592f7b25bc2bdfe068a42218dfb71c

    SHA1

    62783a66a3fde19d461dddbbd4762df61b6b4ae8

    SHA256

    c3df914f71878455476d88018e54ab4090ebd146fe1cd9a610e49ebdf9aab5bf

    SHA512

    84411f53111ef7c9ee9284f150cc292a069164e0412f9d2cc1a2341378d1ea819d2a476f20659bd775fe3533b278c55f71060f9560473d20aad7580b9581ce58

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ee9a6d9624bb10c1bfc26fd4e6f25d84

    SHA1

    7c6e0e530b88166ed0a5b704105c38eaefebd5fc

    SHA256

    b79595c7ef64998a0b9e0bb1ca13ce3fe99788c44b35f376a31aea439fbd57b9

    SHA512

    fd736026fe0c9980872116a6480bc460f1e4463e67a7770dcbcebac7104edf589a2e3705fecc8ceafdf7e6f1bfc50cbeb16d8b496377a55146c302d55a9a4d06

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    393c9ecd6b7fb8f3e439da7036e0a14c

    SHA1

    c207c74e2f5254da4fa1fca2cfea237e14fbae72

    SHA256

    259fd1268ef74701baed5ea4968f5a5cdba34a02cd858b6fa0b5ac73f38cc6e1

    SHA512

    2c78cf8d7c8874f3111d006c0471f831b4964b9a8cf127d48617d52202729dc30e759edd9818d173ca946e5896e2758a438880d076eaa90f5dadbeb497257f23

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3f8c8f2aff1b06f1ce968eca529c0f58

    SHA1

    be4dd7e92652248e5d187ad1f10d9dd1bf67e517

    SHA256

    07f3bfd3b9c2b8f28b19b5c0e80c8569a48862c4e0c6c281ee176f39bf2b66ae

    SHA512

    882bcc45c8bc22edcdaa817b18713cb628d5d39b371f20e1ea6b82e1566737f27a97a214a37fd6f54bc39e23283c6fe06e058d9ef8e638466ca03ff8fe157e87

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c42dca253500cb53b07f3a3f0e9b58d1

    SHA1

    ffccb759af0356ba3efa8c965004f41422b84a78

    SHA256

    d126fac5aa0333045956a3fc030f946fb1a4b682373063238efd5f5ebaad0365

    SHA512

    78386a78f1da8c5c94941ae888b2699c1935a19b800eda3f57c1909c9fc10104613e3843d45d86486b84a65b5beee1eb0fee8286ad969154fa6c9bd9212a7041

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e3d2d77c6d10d9dc2ebf22c9b402d89c

    SHA1

    666cefb698ef4d5aca38565cf4f456344e8bb7a8

    SHA256

    301194862e238f71db0b8c9fec2e65ccbbcfb2a7ce84d948e4c85ab024d467c0

    SHA512

    7a24f612463940b2368f225c2f5ef52b733267d83a8f841b58c196ac4b75a53a77e467210b179ce447ead82003a034d679aeed4f1563cf2f34e115e5b1304a6a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7b8ada563e521f8cd63826a7e2a6111a

    SHA1

    0789c7db4550d1408d482fd6242bf6c951a752e6

    SHA256

    033d485eb4dfce13ff6e727367517ee0efada24da59bf5a2b5a3a7bdb0b1502c

    SHA512

    10ed9bc959864f68c510130ca70a6731c549d6c966b0c456e38bc4d2b5d49bbf025b55fd92f7a1070ed8a231c3374ec394acb39d8878ccd1ec2adabba4e8ffb0

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab8430.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar84B0.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/2060-0-0x0000000012260000-0x0000000012267000-memory.dmp

    Filesize

    28KB

    Download

  • memory/2060-1-0x000000007794F000-0x0000000077950000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2060-3-0x0000000012260000-0x0000000012267000-memory.dmp

    Filesize

    28KB

    Download