Overview

overview

6

Static

static

3

b9c455226d...18.exe

windows7-x64

6

b9c455226d...18.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    13s
  • max time network
    151s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    23/08/2024, 01:08

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    b9c455226d456d1cc3b0eb0555ede078_JaffaCakes118.exe

  • Size

    92KB

  • MD5

    b9c455226d456d1cc3b0eb0555ede078

  • SHA1

    fd23681b22cb0163c82c187c336833cd02e7c560

  • SHA256

    48ecf02eb209d764012574b406bb210d70f7e738cfdab11970dd09521a1637bc

  • SHA512

    d62a81ef7aedb8efe7b380f99a73be85728924bea301a53831530dcce5996e1efe21cb72e565ea24d2ab84f45df56eff1a61bf0a72bb692d1e6f859f485c38ff

  • SSDEEP

    1536:C6qvIQATBG8POT8PSww9Km1laP4OQaXiZeOQkbrkoyrKHhf8cf5iQOjsWFUaYyOv:6IFTfZSl9KglaP4OQaXiZeOQkbrko4KN

Score
6/10
discovery

Malware Config

Signatures

  • Creates a large amount of network flows 1 TTPs

    This may indicate a network scan to discover remotely running services.

    discovery
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Kills process with taskkill 1 IoCs
    evasion
  • Modifies Internet Explorer settings 1 TTPs 31 IoCs
    adwarespyware
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b9c455226d456d1cc3b0eb0555ede078_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\b9c455226d456d1cc3b0eb0555ede078_JaffaCakes118.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2168
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://ocarteiro.click21.com.br/cartao.php?id=376&catnome=Amizade&subcatnome=Mais%20enviados&cat=AA
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1084
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1084 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2672
    • C:\Windows\SysWOW64\taskkill.exe
      taskkill -f -im ashMaiSv.exe -im McShield.exe -im oasclnt.exe -im mcagent.exe -im McVSEscn.exe -im mcvsftsn.exe -im Mcdetect.exe -im McTskshd.exe -im mcvsshld.exe
      2⤵
      • System Location Discovery: System Language Discovery
      • Kills process with taskkill
      • Suspicious use of AdjustPrivilegeToken
      PID:2128

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
          Filesize

          914B

          MD5

          e4a68ac854ac5242460afd72481b2a44

          SHA1

          df3c24f9bfd666761b268073fe06d1cc8d4f82a4

          SHA256

          cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

          SHA512

          5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
          Filesize

          1KB

          MD5

          a266bb7dcc38a562631361bbf61dd11b

          SHA1

          3b1efd3a66ea28b16697394703a72ca340a05bd5

          SHA256

          df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

          SHA512

          0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
          Filesize

          252B

          MD5

          fc697a90d15ffc2179961dda92ea2d99

          SHA1

          3676edd78d04af3dfee238248b9984029b496ec1

          SHA256

          63440f05a554a985814e564eb709ea1812096fff3b675a1364013455d8083edb

          SHA512

          3e041ea9ed6fdf7ae3e7089ae0c82fc7893dfddb99df257c36516c18f1f531b7298372b63e58f7ba8e399919dac95c4831bbe3af2ebe13a96db1007d4b2a6ebb

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          25729382cb7e05910d6dc2d78f280389

          SHA1

          27c32a70a372eebeecf053fe89464f62b7222f03

          SHA256

          c914349bfa1daa072a4162ddfdce48e87e25cd47b6a5115770f377780f2d9230

          SHA512

          97355f456cec603e54b521d8ff4d5164e8c0e791c775963dae85c5f7db951419da6ef53e67380bc1320b8dad2effaced778d2092c9393771063aed8a810ddb2e

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          6f1ce6166c039ff3d26e96ee6d3c346f

          SHA1

          85e57f0396b28788ac33bfd63bf19c61ce3d72aa

          SHA256

          f7de0aff908e7d7a52453bd7257a46a853053f666781c0b999fc8c77caa80417

          SHA512

          72ae792c5a93782820e4632986c821211ed3cc27fd6bdc5f186f350318bcae81a187592aa2d376504696eba612746e9fb8565e9446babce32c9b6d1962538e8e

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          10fc3fa51fc6faa239a8789f1881e68f

          SHA1

          a77fb84d775b7e559e09b6c4a74664b8107c79fa

          SHA256

          8f9b0121218487353b0ca8f95f508ca570d727b6f4b9c51d47374c61299ec379

          SHA512

          596ecaab9b04927f496fc92dbcc0510ad83de1a4a59b959107a7a90c10d0acaaf6b4452a9291fb28f56411f16ba6616cc07abfdf7d1e5b8a3d0a67bf46f49225

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          104bb49b98fa671b47726fec99959bb4

          SHA1

          8182dfe87a620f247f87f1bab72cc0fad9ae8a2e

          SHA256

          b2b27f668eeca3b8c4dd795ef39099eec9162e0f21bf104c707bf02a9e21730f

          SHA512

          b20ac107049357b9fc37eea1d9b16dd575d50cb1a3963448895d2d7aa6bbfabd1e5d6c4e0daed7d19bd4181c0cfb40159d82b9711e51c7d658b3b71bb5292781

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          d2ad9729052173fd97888e17d5deb9bb

          SHA1

          39a61d75c9749fe4a5a5f5fb1958d969ab0e6a9e

          SHA256

          3b22648cebe096b74fdcfca33c11275eca77f5173594bab7ea8f29a82451bdc6

          SHA512

          50dddef84dbf44d348ec9102b925eea228b740df05a825243bdaab6b2c42aa59fb9bd6eaf79baaa5df7deb5398e838745e4147c04aef619175aedc5458d368d8

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          c1c22f64c223524a1f736789de6b4b71

          SHA1

          0ea142c87ff496d6137bccb005f83b8d038ee5fc

          SHA256

          7c41d93c01e734d52f89bb4164e43afa16e9f5db841477f3a2205041ac8c0e15

          SHA512

          bbbafa5921b7cf30c0941973677ecebc636bb1962942ed82e072a2454dabc73d6f9d2e7a8991f7403da55817d2203363aa3839e0470c65777ab8579f35fdff4c

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          8aa57853194fbdb6f1f07d7afff3e698

          SHA1

          cf6bbfe8affef3cd69fd3b3588a41711417ccf96

          SHA256

          4e4e379c31fcb2b70d6cc84334ade1fb0b5075680b768742dcdf10d3ff52a766

          SHA512

          5872aa3e4b82ed3e4b743b1911a02abe3337cb4f82484d90592d50e110eb244c54787e5b94ecb3b0d4b2d7603827edb2e51ad3ea133dcec483e449f647b441b8

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          30eb65394307d2d795cc1e332d1e6657

          SHA1

          6ff8f6cc25fdbdbac30f1f0bee48e137678ff52e

          SHA256

          e6378bae55fd710b35c851495a59ccb17330a7391fc9b4a743db17717411327f

          SHA512

          49bc33bd55f04a03540c3420556f9ce3251833debe9b70a4c2db29f6fd7adba482f7742c5cafd45f14dae0dd96deaa755a9a5a416481ec5ce6628a1b94602439

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          e68235eec1cc6e643e340965ec316880

          SHA1

          27cd2879002c9333eccc91e13f32d8bad837f972

          SHA256

          c133e5f43007ad561e3b564215ae2b6f5cf31c59aa551c9eaee316ff13401d05

          SHA512

          a7c274b0632fcca51acc7d53937c83f807328c3a48e92e7a5866e8d5059145cf22558dc93af27050a9ad9f62e9018e1e4c6ae1bd43098639f5c083b02c0c7e7b

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          b9536405e28c1e7f19497bb942780c5c

          SHA1

          2e56c58bd975c0f42d37e9ac1fe325a1b0b3099b

          SHA256

          f47e0d5eb20f7a9b783ddb44c8cc4fe3bd26fe06a53b9038f6d72ac5ad312a01

          SHA512

          1328811b8f85833ff009524f7ec0a159004a04a1dc9deca05a5dd84e3d6868693aabf4f6c1d75d93f7a6cbbac138ef90111824e10e01a5f51e57d7a8da428bb6

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          65dabc6263fe1f52b8f478f1ca11c219

          SHA1

          cf733b22e18131789ab58415b82da1223f873a7f

          SHA256

          65afb362fb1b71c90eed8cc6d78af16beb5da4d35ed6b5b4a3959906b2a8b18b

          SHA512

          e201f95aa6aa30b43e471fe8803530c18242220587f40838839b8ced0b3cc9db8b35c38d861d015beb6ed5bf56e10fc6bbaa1f7aaa8ecf0612e1094770115e52

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          8c7a34aa2ec33c7e9892997c2ea46c49

          SHA1

          25ce48346226bc5736f72032793a32a0c8a21b34

          SHA256

          cbd9aa6393e9665b78b5300faeadfa58ddae3a25ad2391f471a592efc59a1355

          SHA512

          5d2ead72eda89150885dc98f8c84797b7a560d497e0fdabae590ebd165fa682f17c5f18086979317f4fd49886045f9723a44766bb8da441a272a26e7fd95bfec

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          e1a2c03f9e6fe5601c4e2b3d340b6aab

          SHA1

          d42f204bae676ade7123c722f91c12d6f4b62f2a

          SHA256

          61280f2dcd84178e7082303fb499316bf8f6d21cb7a76a0df8dcb0bbc91711fd

          SHA512

          41b4435ce7c7b7e28e53257cb8289241eb401c62680902a5276bc576a1ab4970d8b1b71a6cacb7ccd53e66bc570bdc7b5b0b0a322e706c00cee71e978dc05537

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          fc8ec6d9f115ecce563177bf6a4a8130

          SHA1

          46d2610f26af306a8d99c25224851cb959137898

          SHA256

          e0f5e265e900e5962e0dbe2d3dd3673ffad9c7a57a7256c012e4fad1c4466fb2

          SHA512

          1e2cd751710f78efbb2a17e58b376ab6eb3f7153f2316eb9043fc72e40dba6a8eff09a91ec9f8f7e97869b78f44b61c36378a9229829bf3d087e6a5e17b10aa6

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
          Filesize

          242B

          MD5

          37a6b0b789d1f1605e0f2a0906864b95

          SHA1

          75e8e44bbef673908b3c4e91bfda03dadca2b685

          SHA256

          e3522a0ade4f56ff8bdc3b6bb1fa0014d8fa6f71aeaeb16ea156dad7c958d04b

          SHA512

          72ed19c7c3033bb08ff4e84150bc49300aa1fa21c370d1f7239be050b0cbe2970e4aaf598ea3cfef87cbb6117914c29bab322a38652f84d8a0e6b870ff55f28f

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\c2sxdb0\imagestore.dat
          Filesize

          1KB

          MD5

          d6e207eeec6a61d8ce02c1814865de6c

          SHA1

          c2ec36ae7df6f6c645126748f1663ef5fc79189a

          SHA256

          94dd28af90fa9da8fed886bfeb96e7128db8352e733c681c2899278b5080db32

          SHA512

          1d0fc76c53dcc174ceeb93598207dc8e3e647582813fde29f1afae3d1dd243ee0fde01ed5a5c7756ae6968386d7377c6130360d09205cf7b0c01c100565d4742

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HTBGGANG\favicon[1].ico
          Filesize

          1KB

          MD5

          4f0c24940c570e23194b6ccb167c0b43

          SHA1

          e43ac23926d1005d3f5d254c9de83fef25afb127

          SHA256

          7ebb2a399a9b63c87dff0f8c1d27f1313a4cd3c09de7ddee1f8172041d07ad73

          SHA512

          2ff3ea1e171ccd48848ef5a495a2120a5605e0305a51083a6fd8b1d5a048baafe9e720d25b1651a105f98ff6fbd146525cd06680976464468408252a557622bc

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\Cab1085.tmp
          Filesize

          70KB

          MD5

          49aebf8cbd62d92ac215b2923fb1b9f5

          SHA1

          1723be06719828dda65ad804298d0431f6aff976

          SHA256

          b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

          SHA512

          bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\Tar1088.tmp
          Filesize

          181KB

          MD5

          4ea6026cf93ec6338144661bf1202cd1

          SHA1

          a1dec9044f750ad887935a01430bf49322fbdcb7

          SHA256

          8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

          SHA512

          6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

          Download Submit

        • memory/2168-524-0x0000000000400000-0x000000000041D000-memory.dmp

          Filesize

          116KB

          Download

        • memory/2168-526-0x0000000000400000-0x000000000041D000-memory.dmp

          Filesize

          116KB

          Download

        • memory/2168-523-0x0000000000400000-0x000000000041D000-memory.dmp

          Filesize

          116KB

          Download

        • memory/2168-522-0x0000000000400000-0x000000000041D000-memory.dmp

          Filesize

          116KB

          Download

        • memory/2168-93-0x0000000000400000-0x000000000041D000-memory.dmp

          Filesize

          116KB

          Download