Overview

overview

7

Static

static

7

ba18240129...18.exe

windows7-x64

7

ba18240129...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    141s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    23/08/2024, 02:58

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ba1824012939855e18aa292cbfcb8a1e_JaffaCakes118.exe

  • Size

    14KB

  • MD5

    ba1824012939855e18aa292cbfcb8a1e

  • SHA1

    9c9d1554957853c43266f2acd4db594533b43d7c

  • SHA256

    0bc2b7b603fd90d0dcf907408b4a79eb7ce1d958db809f5d94cf1536cbe1f9d1

  • SHA512

    e34c07a6eef654dc25d39ea69e13a7b969d7b72ba42ec28ae9aa732a7ecd9faa3d0f28154aa6472e16a75186585430b7fa025112d30adfc64796a6c3a6937cc3

  • SSDEEP

    192:vNA8IVHpxK5WDWvlgT/lxJ6GaAVOH+ygvurdDdv0TO2TSjYg4giBItVpl8T:vC8IVHi3lgzlxJZyJDKTMZ0sPlG

Score
7/10
discoveryupx

Malware Config

Signatures

  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ba1824012939855e18aa292cbfcb8a1e_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\ba1824012939855e18aa292cbfcb8a1e_JaffaCakes118.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2484
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.download787.com/sanity.php?1=564767-10018
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2788
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2788 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2740

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    984054d553bc18449777c0919edab121

    SHA1

    1bb5ae27500a6e8b36abeb4842dbe07106a903c9

    SHA256

    7d29e3eeadb00eefac67a835065aac9c28d55bd7158bc9ff31c5159318c1547e

    SHA512

    c1d16e008282b886f1ea85e662fafca85543a27e4a7c953ba892a49fabc464ffdef61db5e4087aadac95b67b104a49c55a8df98452395973bea0cb357a5e15f3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    e8a36b6f8a35b669381f50fbaf16f147

    SHA1

    5904e723663a2943a7b840fb6cfa2f5fe65fe1c3

    SHA256

    a3aed11ac9e057c342a8ac4814e76e5451a296ee908106f98af83aaa7b280c90

    SHA512

    6294dcfd7950cf70b2dff40587440b869930ec8123e0b6fa26307e6e6f6c613cf7ee8bdf8838de7d02a7e7d5e0745676248d68f0d14d01dca3a7688a394c3fc6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    c2f6705d238ada168162cfc2a3b2c72a

    SHA1

    dca1f8abc473653464c0af71e0d79d85e4d6aa8c

    SHA256

    d8d6e0eb262d00fb61aa1e2706a0804e88d1695ce02d5088ad0467fedbadbcf0

    SHA512

    1a1a3474a40f00de106b4fc07e2ae6d65fb70fce5c15d0def68639eba57dbf99511059461ad8f661af5aeae95950ac0038460675df1b24a0e1c4dc9336554585

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    77d99584adccabc553076724680ed2ed

    SHA1

    40c93180fc9e8e1f38cdeae4d64b9f01f134748f

    SHA256

    ab2a2338c1a0d0a69e1788c8e17554c726a50e7b1695020afbdebe8302de652b

    SHA512

    90e9f52514a7b230d6c50369072b0ead122fcfad5e72f4cd09ba3f466fb58e64c30f9e7eb56b847d1165ad3792eb1d0b073c9f79f979d5866da22500cf790262

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    c09acd6007922e8945ef6cd7968db7a2

    SHA1

    26e00582a89d6de3b09f31fa35a2680f759ac330

    SHA256

    74c68191b240abded2bf26c159ac83e52bbfde668c955ce5134b40d9a7c41a6f

    SHA512

    35d7414e6bb076cc837e760876fd971437ed257b829d4ce035719c168b49ef67a6c7390c84b68e4885803020eff796b1968c8c3913404e5427076afe1a280fae

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    9976f0509c5c280fff0488a4c87b7fcb

    SHA1

    c4f123af620800c43843dddf2d96a7d7c103b615

    SHA256

    4f8c7e6855adff8bc1bd70370e30d0fb4fdba38903fb6a3b5916ac68a69bb4a1

    SHA512

    ffd9e894b9d8de4d4cb0a453415e23a94473e4b3e7b5ea848c55509d8cfa7f0961c9c6a798fd194b4fa881389e2cc3f811ef67a3cf5980153cc7c8b3b3d5e103

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    242eb907f16fb76ef9856540b4f5f00b

    SHA1

    204ad8ca2f3f300ced3e82ae61bbabcd9bf652d4

    SHA256

    f2aca01d196dea37ce65674baac790f1823f3b8a080015a217b7a315a258f607

    SHA512

    d0cf18db7ba18e723530c50bcd523cdbcd82289f20be62967b7735fee70b85f7186a6f967cd2b6c180e2b22d564995f343006fb9dd63393bd0639bb016fc0f6e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    13255401ed024f0bad418bfc0464bf40

    SHA1

    7a90515d3e86ae7caa0b4b6857aab0170c064190

    SHA256

    80bb1382c533b75c3f852a8b3296b7f9f0bd35fbe6bfbc4987693c750aa49f2d

    SHA512

    c21074f743aae18c2d3c23175688d2958e7b0a4181eedd8f8d467ef2f25695b795498b7dff6c24733e1b6f22bb869a25204055860fa22c3621bd535489bac0a8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    8ff9313fa033f781c7afbb5d87924902

    SHA1

    7d110b964db7c712d61009e8018473ba3e199346

    SHA256

    dc31cadd8e7c7d5abb04b3a4b74b550c7ad6c8b87a944645d858259a4e77ab77

    SHA512

    90d4111f25a6821cba5c2ee0fdba730b6a279b9c9db3ac42ee5a508862b3dbe47b443be13001fdc13493bde7cc91ad1e5e4e018a3691152425addba9099a099a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    00d17cab88e553ef21a87e50af7163e5

    SHA1

    aab9a1ca9bbdf7c375a35ee231f397763b4fb6a7

    SHA256

    ee67713caa01844078533930985083573c2ef9b665b592ba8f897d15bb5603ca

    SHA512

    c9523375993ae3e7a7ec826ddbd525da299ab5d18fb0ef5fcdfa67581319a102fa84b78ec1199c6ba524d291a71e474454203836a835d4969bc00b0b4f9abea6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    237724f2dfd1d912baa319d7c538dcf2

    SHA1

    c96be4aa72300963d0b999e9aa5b21eb6464d8f0

    SHA256

    68a02cd0e07571b6d7f9da24da629f029b2b34548bb9a014e3a75046726683e7

    SHA512

    00b3d0385918e1aa4d490b0e196d6696738030959599151b14c447c8ee0be7d1756aebb6cdca754d6d35ca1bf2ef3b227ac600047f66788e23d8477784e701e7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    0dd68f566218e040433d551bc04c156a

    SHA1

    00d29a74d7cc48db05114f1bbba9acc5940605ed

    SHA256

    f16db989ddfc717ed3ddeb318a3ab71a9a8585c3e4a6f247cc406e597bbd0330

    SHA512

    aa6cd76fa30b6ee7feff3621485e71118fbf4f0335206abb59e86cea094f0adcb0cebb0472ff1a1abc252a0e9001efb414eb783ad19a23c756846a397d78cb0b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    4a9017257888dd6ff82293c30714e969

    SHA1

    cdfb14ac879c830ff1aca3b166dd7751d387b230

    SHA256

    c4ee65cfcedba0581392c6b5d8de05b29ea17780e1d9bc2b1de6b0a2698192ce

    SHA512

    662de1f1a78bf00fa4896dd05add7c27ad3901ed8d30e39e80f0a2d1261797d573117d223ec091b9b1e3dde993777321a060f7ee0b5755af3db1633d93b0ca92

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    a72cf8383947d6a846728b8d2f40dcdf

    SHA1

    c68cb2be3f447549507f821deb43e4078e7d63d4

    SHA256

    9f85e301033d09b94568e119ab6c923d5d8c5669036923835a5fdcd734769f1b

    SHA512

    5b3c647579ef2983c4d5d14039f6a655c5a077d9bad79a295a1681e565946921fc24f63e44d1a3e8f6037584245bab1f98c670cd2f686aaae385b3c8728aea35

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    aba38bac5cf87047df6a97205b1f85bb

    SHA1

    a64fd8b6e59737c31a6e1165d6afdcd074c4cfe6

    SHA256

    83c9eb15f6f8b1326b75613b1f1077c66cd79d04cf14f8eb42a4a08ed2547f20

    SHA512

    ffe31c31e60741bf0d8f6a3b20ae56651a6220830d7cd3b49e72ba3c9aebb2ee92b6cbee3573805105b4d8145f345b3031c7bd3209f30ec1858fe326040160cb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    f1ec03683dd81f16da10eaaf6c56b2b6

    SHA1

    5ac52321731380f43b5eeedb7132d442a1f694d1

    SHA256

    8dd0d278c5361dd70d6dafef7d08b3ab045febc7e16838d42f66061bd4f822ae

    SHA512

    5f8fb400553d72083c858318df40262debd74d13e934c2dd7e9dc08a5a948f2af218d3e1579cc9da9e8801e8a9e8b5155869da3ae5066b00ad35c926c63e582c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    27f3a4d39bbbf1a06b7e16129b5d0d88

    SHA1

    3fc32bed2838620ce5e275c64b3a95aac646c69e

    SHA256

    5b4ac76e4a2f2311b80404ed52895c6abf1aba6773869df8c806c77773274601

    SHA512

    1d2e748fbe2d3f84ac5cd9d016657c147611f8ca512a60806284f361d1df8185b9d5400af8ca7c603e0396f95857e79a35868162bf892acabf87fca7e576c7b4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    ca5198beb7291fe2911297ce5815f659

    SHA1

    706b7c2504f6b6c477de094ef5bf1e18563c5def

    SHA256

    88880fc96c12ad576bc61851d54b3f1b6a2e5651cb1e7c210d84da1c585ef3b2

    SHA512

    5f65dd1c30b5ecd49b460aee6ca31781803cb3cd017fec1d8af49171c7c0efefd07c40fa32f2f538d0673c08d8b5c309bd459532ba08bf312172e40b45373c89

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabF75D.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarF7FC.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/2484-9-0x0000000000400000-0x000000000040C000-memory.dmp

    Filesize

    48KB

    Download

  • memory/2484-6-0x0000000010000000-0x000000001000A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2484-0-0x0000000000400000-0x000000000040C000-memory.dmp

    Filesize

    48KB

    Download