Overview

overview

7

Static

static

3

b7adab03d9...18.exe

windows7-x64

3

b7adab03d9...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    143s
  • max time network
    143s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    22-08-2024 12:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b7adab03d939cf595f8aa6bbd1478b77_JaffaCakes118.exe

  • Size

    2.2MB

  • MD5

    b7adab03d939cf595f8aa6bbd1478b77

  • SHA1

    8aa737ddc1f480cdf9ba8049d0a27dc0cbebf73e

  • SHA256

    cff5bea7ff8c2ce8ea50d56dd015befae94f2c7301529dcf2ca626f55f6ee3d9

  • SHA512

    61766098f8f652f5c0e3bd2ac5a97094ac3646415e451653abb2a0855fc00b858744cfb6cbf989c0acda8d9ff0c9bf302c4c3fd59fe881efa3a7b31fdab54676

  • SSDEEP

    49152:4SHq7BZG+OeJrUMYNeBbaZWwn+0c0EHGh8eBYjfV89:4Wcj7O+7eCb1wn+LdH5eB489

Score
3/10
discovery

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 3 IoCs
  • Suspicious use of SetWindowsHookEx 16 IoCs
  • Suspicious use of WriteProcessMemory 24 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b7adab03d939cf595f8aa6bbd1478b77_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\b7adab03d939cf595f8aa6bbd1478b77_JaffaCakes118.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2420
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://cq521.com.cn/thread-298984-1-1.html
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2748
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2748 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2552
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://cq521.com.cn/thread-298984-1-1.html
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2764
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2764 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2620
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://cq521.com.cn/thread-298984-1-1.html
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2796
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2796 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2576

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    77cf432b643b5b8ceaec7998c8099a9c

    SHA1

    8dbc262492634bfd1221ff92fdc6ce90a78dc426

    SHA256

    ef0f28e26196e04d4c47a9ef9dc0f41af960b12df80dc5ececc79dad5222b641

    SHA512

    6413c23af233e59f3638636185c11d2d5974117e5140e341b0029bb13912407cd63c35437caa49e82f5d4bbe99a9a9a77ffcef79a979f4316e8120c960ae1ce7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    116b26ace407913c3f925623d161dfdf

    SHA1

    5585ed4aa2228bcedf7fef9fdb1850ba586c7a2c

    SHA256

    2badd37de14350f1fed0d135cee599559fd524f628dfac935c2f29bae53436db

    SHA512

    22a568ce724f7fe2473e18fe6760cbf7e056c24a18bf79cfd754a32bf388b481b1cc072ccbbf1e784f723f50bc589a610a7e071d64248b61d87b9c5286796932

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d697bcca87ee08f18938132ee47c53de

    SHA1

    c70b1836aa451423504988bfcb6e531e231d6d68

    SHA256

    87bdb00098ffbaf8b421e1b0021bf17593992e7d9d92c764f10b36c7590af411

    SHA512

    1b5f1c97c5e34d9ad8e1058a8de32848b26f13ec4e1cf759e198e8f96f5a343796257bb94c06974eaed945cdcc65d2f3f2d036783b213d0dfc936e3e59f62160

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    aeceded3960b4c94052ffc55f508e948

    SHA1

    01473169c8d41ff186ddbf36d770c3820eafd95d

    SHA256

    a8478228be07a7ee8c934646007591c7912af579dc4158e3f7776aac55179eb5

    SHA512

    5e75bd0e95c4b0b8981ec2fa0deeb9467595af4035a1c1fc71153c30afdc6cdab023a457748c864ee2eca22bda74c1cff3166e93df00f194bf606e5ed2f5ff94

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ef03b1d1cff789109c4a3398bf359f58

    SHA1

    5122ef0e06d4155ce8112abf7761fb0b915d4039

    SHA256

    3537c63d2fe137f0a9bb4c0f2e092da9408dee38d4a22f99fb8d3b15be47e6c0

    SHA512

    065206bfb94612e3febe57c1bec7507c94fdfb9438bea641b4133a7fe3c717826a22a7055a8ba8fe1bd1c8f77566e98f7a4208392432210596dc4262d1987208

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9dfaee857c8ebc010d3321afc4a00a0f

    SHA1

    d732ba0df88f21e772c43cebcab16b37459b8571

    SHA256

    8f9bdb2a7bd74bf1ff62a1516e2eb5342a74ac4b8cb1250d125deb15d0432a0b

    SHA512

    54f393d8eaa99436c8116a529790bc9632d6a12517de03a9aae18b1301cd0ac2b54a20142f5dd38018b19b28897edc4d4840194551596151585e26e21d019c9a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    33e6f44d16f53f4c35b95373fd01ef10

    SHA1

    c2ab480f2b7bd4b0699f25c71578cc29a7f797da

    SHA256

    04e04eec967fcedbc0b0a5b0eb2af776d2484b320b610d8008d9e81a07033162

    SHA512

    cdb9e02675360712532d21ad2c65b3fbeca9db91599b091a0f39bcc6b5bffa0888f61c6f8501d320e848d58b44ead5d960d3b4d52c1cf99f75fb7f2e1674a976

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    497808e710dda0ef8999f3d917c5259d

    SHA1

    1776d4eed6e70f03658bb3f94db87b1a796ab872

    SHA256

    223ccca64890b8b6fab453ff9a8296fe88b871c42ed21d4df6613af46fd32e5e

    SHA512

    d02b5ff7b8cd88024d64f79966978e64d6d45f54e32bdd70db5faf5f5c173899669e3e35968542e48f9aee137fec69b8775054616f5d77d6dbfa508e606c6dd9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    543a242bde82e873239bdb96102ce321

    SHA1

    0057b1648de9e5323fd4e1a29e2bb9b70d409007

    SHA256

    3ffb2b2bd6eb49a868c523c40a98be3c964fc727faebbdd4c2c2a78af139aef3

    SHA512

    9ecc11c9056b8cb9095090180ef879c87e5e684944e41232de52cd60ccf89528909bb530ca2957d2ee16c3180bdb736add0e6f9f0b78335da6818a2308a703b9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d9fa05e3ad67438d7e5a7e76d28ba37f

    SHA1

    736c5f4e34c593977d0722d31479e7ddfad5a804

    SHA256

    6a9c24776fed621a7e83d237fb1be4fab5f4a19f66a7ac10349f296c0c4d8860

    SHA512

    b4ec0bd53adba7a448a9a2f4a7ff8df9069e49ebfdbf83296592065b8fc65450cde8e5020a9729c74639e52ad8caaf0b244575031c79333717e171265b6223c5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1777eee7011eb16877b03ec4082d6cd9

    SHA1

    ffe3039f206c65bc8b21590f7bb8104729f53e89

    SHA256

    6daa6e77df57fb50acf11dc3d6458d505f914b477d0934ee7bb5515136495486

    SHA512

    7512886e0d0ceea137970c9df1d10781e9fcfec1af8783dc24df1c292cbeab23ea386e21cd49f7e2f8afa9d76889b249c2531c089255d26e281ac71527632dc0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    59abaf0045db7b21741c6ba06c250333

    SHA1

    d216764c122cbd8a211d1d12f1fd4ee62fea4296

    SHA256

    68bad4041fb264be95f30bef8b57a31408f153c766dd489f7e4ed4f2ca213a76

    SHA512

    b700bc850750f5b0b6b9f10c01e70e99dc11ce1965cbc6dabdfd602274458fed2361b8e55b1e506418172d4622d5255522e7341209b30916f411df62f41c571b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fc8c71d9b097d19fdfdccfadf65b68fd

    SHA1

    2dddc75093774273f77344e806d9ef9232d0c95e

    SHA256

    1fbf157415b5a76de791245b4f0d50fb4b65a9031ab6af33f4918344a658d658

    SHA512

    0b192383cb3f3cdf8eb04e1255b0cd0d54288bff911732b9b884f227c7ac5002d6f02a6b3ea22f55723d635eed0da65880ec4170b179789a750a0d1491e5a825

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    139b7771af472e4a37f02095ebdf0037

    SHA1

    6f04050ba1b3efa0b5b2684164d668765904fb1e

    SHA256

    fdf97c7b74ed98c4f36c0e59b78e1ae7bda23213b2f9c0173ffcc0a735c947f1

    SHA512

    43e4cce89c7fc971ff8ebf9637af30ecf57442306d2f129e2f9a01692a389ed6792bff938500f7a260f8dd1a51c6968fbdb978d7688b24bd522ff9ade9bd6bc4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4144f82b3dd203feeb0617480facb528

    SHA1

    3f1272b2b3762105b07f422eef9b4d0712c73934

    SHA256

    d213ca48a0a68b563688df7ecbe4c4784ca331bd1496b04e12313050b12dd3e3

    SHA512

    1032b79b8005e1fbb7561a343d080adda3658725ca52bc7bffb5c38f0995673772d77ff6d66d06f297be53d0727ab8156a6fd128a9292d9de01a7288561d8f67

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3cd762aeafc85115190541e9c1db27e6

    SHA1

    df91264aa7a1d3cd136e390190672627b5d532f5

    SHA256

    7cd7305619b9f2b79dd63345f7ce75e7018ba32a7d45465e663675e9a57ab685

    SHA512

    0812e01d4d9b19c315d6722fbbf49347449c54cd824324e964c34640886f9874f88f915c200485fe32d544cd83117f5f714b62977065f6969c99ec47ef58747b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    598498495f7495965845122d7b2e1dbd

    SHA1

    0c77dc87f1510d7b0265df1c0659d17d808c0557

    SHA256

    f4d6f22a56c2fe86665595198eebe3e831ae12d7553b8cf7184987b3534355c3

    SHA512

    366f864da3fd335b4d7b1f70f7915053ff6c8b80a8b3ccee7971258917ca9f88b74c1254e36d3564bef6b4728d727706b8a7cda82ee445e5bb8ce84b86912845

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8d2528b10a14c9303a0194c8180cf9c1

    SHA1

    6984f7c4dbf05b154e4b0c2d577637f6bcb9082c

    SHA256

    5456c3b389ef77d07d987d23f25292ec4db800e64eb89eedaca443ca09a16994

    SHA512

    3a3ac9a95063d7c908b02b2dd4f0f4fb98e944024b841cdad26d4cff604487284bc64e5d77f35cc7923e79ac8c527ba272b3911fed73de113ad7d834756a34d5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4aff8a5f6f8d27b7df8555f7ca7820bb

    SHA1

    51f75982b4f0a0940961a18554b77e5b8185cbc1

    SHA256

    12a8eff54135659aa41fc278a174a91e04cdcd3e70c250bfd269107378f28d61

    SHA512

    6fed1f9c3af2ad0e7aa633a8c8cd11b256e9fe812828da69a75d029c6c3462c719642828f981dbc21d4257757cd3584dce2847fd1bbe78a0f94e4ebae450bcaa

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{DBA3AD31-6083-11EF-9CBD-4625F4E6DDF6}.dat
    Filesize

    4KB

    MD5

    661acc10535622f046fc9fc4cb1e30b8

    SHA1

    91def03d8fb0cdceb6f14f63faebe81bfdcbf82f

    SHA256

    4fa54604e5a50fbf1677171d7dfd57b61de6e5bcda003d460ca5d72336afff2d

    SHA512

    b95d9a8b909ebe7b7de9874f87aa7768defd4250512d5189d582061b38b53453c61aa62900554cd7920be1c3a227b2f6398a89245e68bf81414217266257edc3

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{DBA3AD31-6083-11EF-9CBD-4625F4E6DDF6}.dat
    Filesize

    5KB

    MD5

    2b9ca3516ed577f30e5da6dbaf64de84

    SHA1

    6ff4b652b01140ed6d6ea92f7b82d0a44f6da699

    SHA256

    28372ed1e572ef8020ff7a32582ed874cfcf791759ea39381a28986a20d2850a

    SHA512

    e1d22d8da4cc3f1e914e4104f7956edeb63d8142b25b9538804e10e58aa560e5bd2ac26312d26c96d779ad846cd56f39460d307e1d9560b8468b338213ee6c6f

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{DBA47081-6083-11EF-9CBD-4625F4E6DDF6}.dat
    Filesize

    3KB

    MD5

    f71c91dab170954d9b02c6ac2a86d927

    SHA1

    92dadf45b1a9e48a02b2aa38ee00a843be12802e

    SHA256

    254985eabad73d64b83cd4606f0ebf1e8bd7c02215a2b29b17947cec30d5a1f4

    SHA512

    808f13a36392ef91708b1ea46412ae770545a802a5887c536e43a1efc7802657105aaf1d9084556ad0ebb4146987058d7bf26664f27854661fd4280499db4fa3

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WHDSWW5V\main[2].css
    Filesize

    7KB

    MD5

    ff26f59e28a5fe6ea4ab23586415696b

    SHA1

    4182675484d175e363cd34b43041b7b1af93d0cd

    SHA256

    d30b4ea6f68456672f5abb35e9dcf7d54226372b66e9d60a7ee26b7a52568e74

    SHA512

    92c58eef6d1f885806450acd2927c57ebea2e8762c98b0826192555674bd4478e42add192834285d5934c0a76db8eac5eee1a65dc34b6f69246fad6c91a5fba4

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab2119.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar21D9.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit