Overview

overview

3

Static

static

3

b9dcb8e662...18.exe

windows7-x64

3

b9dcb8e662...18.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    142s
  • max time network
    142s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    23-08-2024 01:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b9dcb8e662edc8b85032299916c130ee_JaffaCakes118.exe

  • Size

    1.3MB

  • MD5

    b9dcb8e662edc8b85032299916c130ee

  • SHA1

    c88a88633aabb34f5af68736c5e4a978934eab53

  • SHA256

    dcca9147ba7d6c59460cea7171e90d2e96c83d2d7930d4c38fedc31198fe34bc

  • SHA512

    318b4a78201915e388ecbbc3917b6c68d87ea7a59a10b07e1cdbe3222907ac40550d141b5188a53e56751b8c0840c2052a6eda22eb4d2a6e108db6817a474bfd

  • SSDEEP

    24576:rGMIrmQHoYQXM8AzbuOK9XAex60FlJ5tyrtnWCr+JUpAHKbQlInFvCuGG2rGRJRr:crmeQc8ebmHl3t0WCq0bQWnFgzGRJRJZ

Score
3/10
discovery

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 41 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b9dcb8e662edc8b85032299916c130ee_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\b9dcb8e662edc8b85032299916c130ee_JaffaCakes118.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2208
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.tux-hack.net/
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2052
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2052 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2772

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b01e33e8a85ca366bfd3f222667bb776

    SHA1

    bd5aec41aea4d061c532d6b525e6a6a68475d434

    SHA256

    e97a6a9ea71f661aa5cc6c4c124c42620c50d396a079cc554db1b3ffc1e4ab1d

    SHA512

    c6cce9c3677e0a3f0feeaa6d836742cddd91216052fb3ed4819e9d9ed488b3e9012c4c9bbac2eac0a759737b4c2752dfe1b1668e287d6c27c3b4aac4f5b9ece9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    acf86f49d85eced56ad954387e2d7f4d

    SHA1

    2098bb2b6781d700b501bf54c2be779b94e1a1c3

    SHA256

    1404b6cc09912d38a33111bc18f3eaf07477daf03fd8c9ec5f85ef0adb38db92

    SHA512

    b176ac1e01748acb70cbe05cdfddd8b006c9fa946a75e84f52831bd4b074c694c5472b10f7020c4b3a675118c26a55d7e68fd865bf2b15934223d23aa5b6b15d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    634d8669d56f53a762d445b22453fbbd

    SHA1

    5d82cb912f4d8cd57a3f408b7a7313700b7418c0

    SHA256

    b06f8606a40cae133a5196fda2e600df5866b1a2e35395caa47a101f41dac924

    SHA512

    9a56ac78feb12e05fb59ae09718ecaed075edcefb12ba349138778df522cc38d0c2c4d9d525292ea3111c59c8014670440d12acc6d25c508e1a8c874bcef7a0d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e623970fe347104e9175f358e0eff7e2

    SHA1

    b413fcbf385be75f5c0783fd62e6fb694bd1b964

    SHA256

    346740b25a26e011bfb27fad3a07a49600015f3ef19a5dc1db7fab6e81c45458

    SHA512

    3a8370d230f5ab4a1cc1bd88a12ed35bdd21b3303e3d9ed451a166f5315a854c74f7a6330260158bfac015135dd8ff18ef87118b717c3578471779ba727e349a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    10ae349e1f47e9bc0d5165280125b00f

    SHA1

    87e655e73fd3e9eae4070c11ad892d6add7fa1a4

    SHA256

    e89b6e37a579e649f6857b96fff63752094085b35c52617ef759c7ac73e3baab

    SHA512

    8557184b718af22f2aa222e29b5a710908c3d1469b6a5471e4a27d3b24dd932dbd92aa4e61315d323abf83430b8826f05819a905893c9b587a692f134aaa8751

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    bb9461095bebaa40f764fbdd88c6cb22

    SHA1

    24f35a0a58066fa86c913354ea0764fafa5af50c

    SHA256

    49b1758edfe89d1bbe76798d9c773a840af49ef4c1e495788d9e8ebc6d8f6e67

    SHA512

    ca5b676a6685d2f30998665e7abae9f929f7758103e3ce863abcf7248c47bacfd3a3857eb6e087dc2202b4a53d3c332c7108c78a1866bd01a08321ed92b3535e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0ba4cc189b291964b07d702a3b315009

    SHA1

    55d64154a9f2a33962397273a7104b213037d25d

    SHA256

    2db797358a9a6c30a8073a26728792d2614bc9c30ac0689452db1d3257c7ef7e

    SHA512

    1de88df2e20aa2e49c3264028d6f19bfce6add7d1a1537e14ef04db03aa0e12e85fb18870f0fbb17f62ecc101a9b06b0eaa777641379d5e2abb1aaee13a4dc14

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7ae717effa48ea02892c550412e36dc8

    SHA1

    cfdddf0ce3e3d55ad1bc10637c4cb852d1943e0f

    SHA256

    dfddf0aab8bd511db7aa88705eacb2e4c74e0562626ea49a9d75946a8900d23d

    SHA512

    299393ae6f6ba81a482592b3d6ea73459e0bae8bf870c450bd27c0d63ebd05f0e34c7fb430cd62256b9c5cfc177b6d2afd612db0dcfacc978ccecc8042672c5d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    94d198c0ad601be482bbc75cdeed95e1

    SHA1

    892226d3d1e8eda2561c9c1a848367e096d64ee0

    SHA256

    8a1d39d0997702a2113d2de9b9ae29c362701be12c358f94b5334eb00baf4dc7

    SHA512

    5a029400e14c8e38e1fa757e6696d1fbb08b6bb16fef4f917485c5d0d0f8a13b59b325d3207df1d09891ba00c71ab88bb5bed0e6e5d93071978c79991ba89e65

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    04adbde4102eb4ac8285aad45cf4a196

    SHA1

    87bdfdf8e5ab6a3f87246f078d74f9b24c28f982

    SHA256

    f87d30c1748314ab7b1167f76bb90d83c7596938e5370a3605b562fa55345eed

    SHA512

    c87112224cba630ff99a953f153f147b7a655af426130e7da1c081df4842b2ba06a40533382413ac5617841978849214981c9f0df019130f27ad4471b3b82700

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7bb2f4255ea08a4c014d4ae53fc95c1f

    SHA1

    2ee957c146abaa0f62cc5c35a3f581614438537c

    SHA256

    92e6aaced86835de037929676123711239929da0a8324c8f3a2577616ffd811b

    SHA512

    fc7532fe8f0ef0394bc725c85bd5c9a319e4a63648bfd69f38f5735729ba060fe3557a5a590386b03d8c1ac35ff8b0e064f969584312aaa5b967a88debb354fa

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ae6cc07491254b21d9206ac36f5daec8

    SHA1

    1e77d4ebd66ca9f015a97a0da0238412fc60fdbe

    SHA256

    c8908cc05634ccf456b6db0709fa8df87ed67af02514e0cd529205a37b885ac9

    SHA512

    3dc70eb7a9ee190e57379f10807fe3ff9776f6af2071ea0c056280fd5683b418e1c1c88702639f1d686897ee08cf9580328b2666c6760f97c227cbd95aa8042d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    918e7fe59740dd97a93e7f312557e10f

    SHA1

    8df09f36cde555026270ba58631bb5360dd2ed69

    SHA256

    9f1de1904b68baefdc72c566f3b7e82ac8532387c716ee0a2b03b710dbc5f212

    SHA512

    8b08edb5e21de8ff7da1301dac79d1e949b5838f88f76267eea8060bb1a8eedbe51bb2812ec5bda635f298a4a6dac58b98cd0815be32dc54098dec318f571191

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ec9e86f4f34c485c9d97e5f51d15e0a7

    SHA1

    f6c84f364a84573a80518349651764d1ede1ca51

    SHA256

    f6c0816ffaa980cdf632ef326293269780d43a50b39b14308a2de32f2fa72989

    SHA512

    80d0b470c1e4c1916afbe759b204c52622b7fc3dc812455aa571d00097de0ab0c825e5d70c212615167a1c80840310351990180cd1b98bf3b3d90aab7749e7c8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5257d7e9109db025fa98fb9ed704192d

    SHA1

    77637051936592343dca125c278734e3ba511cac

    SHA256

    8931694b989a01477756953805a433ec9a8c7768e5462e394412e470ef6fd4ff

    SHA512

    fe3aeabdfc9dc48b22517153ec8015325f2e4010e6c3bbd8a9f0baa1da0f4fc38258116890eb1858bb190be1153a26112203d456187883bcb8ee0f4871685858

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6c8010cadb5b0fcbf0a68ee757d6ea33

    SHA1

    8443a679e1097b3538113961a79d567a8c465388

    SHA256

    88f68bd74640ac8a40756692397c5063411501d65ff06f5622f5ac3c6d0c3657

    SHA512

    15ebf500a91f752bfba5aaf6a54d241c82f6e6e53d5b6145db222c6d79b926240ba63cf7250aee69476c985309eeef11098d23b645501ec97e0b5be533e52a82

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HTBGGANG\favicon[1].htm
    Filesize

    781B

    MD5

    2729cc561520f64b45e445f799a9d93e

    SHA1

    0b326a4b5ee8d2d7f65e524546e511fa1bd35841

    SHA256

    45cacb4e8a64b03f9376304811aac7e75687556fa30feeb0ba386caf773ebfaa

    SHA512

    387fd84b4f75e71e419d81ac1fff30ad5413f662fa8dfae7e524ad9f2fbba2961102fa5c73a963f3affd90fa1dc24f3668d5dc9579c592b739fe90db7a27ba44

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab7A50.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar7AD0.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/2208-20-0x0000000000400000-0x00000000006B9000-memory.dmp

    Filesize

    2.7MB

    Download

  • memory/2208-21-0x0000000000400000-0x00000000006B9000-memory.dmp

    Filesize

    2.7MB

    Download

  • memory/2208-0-0x0000000000260000-0x0000000000261000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2208-17-0x0000000000260000-0x0000000000261000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2208-18-0x0000000000400000-0x00000000006B9000-memory.dmp

    Filesize

    2.7MB

    Download

  • memory/2208-7-0x0000000000400000-0x00000000006B9000-memory.dmp

    Filesize

    2.7MB

    Download

  • memory/2208-6-0x0000000000400000-0x00000000006B9000-memory.dmp

    Filesize

    2.7MB

    Download

  • memory/2208-5-0x0000000000400000-0x00000000006B9000-memory.dmp

    Filesize

    2.7MB

    Download

  • memory/2208-2-0x0000000000401000-0x000000000040D000-memory.dmp

    Filesize

    48KB

    Download

  • memory/2208-1-0x00000000006C0000-0x00000000007AA000-memory.dmp

    Filesize

    936KB

    Download