Overview

overview

7

Static

static

7

bc54f449dd...18.exe

windows7-x64

7

bc54f449dd...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    153s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    23/08/2024, 15:34

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    bc54f449dddb5d15b7a88925f553aaca_JaffaCakes118.exe

  • Size

    191KB

  • MD5

    bc54f449dddb5d15b7a88925f553aaca

  • SHA1

    e98d1a38767acc69224c3ff32a6d7c641600d633

  • SHA256

    8f0492ae01287477199227a50bb93edbece08aa065a0dfbcbaff95a898ac0799

  • SHA512

    23e727eee3c5c52aa83c297ae7a0e08c628ac39e73536bb17c487b155b94f610b3027e5f648046b8c7d93bae3cda88868785d22a34fb1d2e63e6f96df7e7ffb5

  • SSDEEP

    3072:FdTejYQcRkBtZy/kqtcGxekIQ8bqJLSjDexH0THKLW15Y5dyO5SDLm9qJV8Vd1vt:PWfUkBPyrtBxgQTMK0TKpxS3H8j0bm

Score
7/10
discoveryevasiontrojanupx

Malware Config

Signatures

  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 35 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 9 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\bc54f449dddb5d15b7a88925f553aaca_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\bc54f449dddb5d15b7a88925f553aaca_JaffaCakes118.exe"
    1⤵
    • Checks whether UAC is enabled
    • System Location Discovery: System Language Discovery
    • Modifies Internet Explorer settings
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2728
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://d0.fenomen-games.com/files/MyTribeDEMO.exe
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2620
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2620 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2596

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          5b0c4f75dea05a206cdb621362f90e51

          SHA1

          e2da4f08d43486eded23054afef1f1d9bd290822

          SHA256

          d57f09f853f9c63f517de0ade937734615d92abfbbbca45fe6f24da936c0beba

          SHA512

          c2fed54c3a5541a86a387d9dfd933e34088f4ca1de68400e6ab7bfd896935ef5d369f0a59d9e58108b6690724c1a536fa90711567d501068858833be4a339e24

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          1c67567ef9c10291e9853c3fb934c7fa

          SHA1

          367f6cf445a58da1a097ea7e9769436dc568e1c5

          SHA256

          eb97813d4e6f583c396a94056a28570dc862bc9dced987d867d52573661e8db8

          SHA512

          75332449175afefd15f26f44600f615c091ff75b2d6a8065fe9a926949a40a069480ce3efd99b8a5f3a94f942c857ae3d726a94fbf2a7f1f33e5ed2df3dfac82

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          11c966381a07a8525ca2d3cd7ac7a9b6

          SHA1

          8c80135bf85a9c63ed3f5f6dfe6316494f863519

          SHA256

          c4f2cbed1e33a6d5eaed6b74250169648ab3c6515d2a332fdbeed5aa68bc5514

          SHA512

          d2faca7ee72523e61e76b3219916fdcbf3929e426cd6a6a7fc5281c6dce19f3ad843b766e27baed4045a30f103640e0c4c8af896a56bba79f30a8ba5d86e389a

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          5faef3654c44608621a05ab8c9fffd65

          SHA1

          5ffa997126e2e6889195dd719dc16503cdaae817

          SHA256

          fefef90496b637db82e656870c8a34cb7185eede4256e1abe31f217434d79114

          SHA512

          ac0f8d10f069c527f46f6b2cd9552266ada506c0ea4961082b301b5b0ab6634b2cbdef2cc59116cd445bfb59148ecfa5c9caf924ad9f147c164c31352b913870

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          71ad3c5b8984e5731d2ce84402552b8b

          SHA1

          3c343afc30945a729108f6932675868e1c26b1fe

          SHA256

          9d9470d3cac6130796ab8b6227f7750ecb83d6d7595de70f2025729daaa7fd40

          SHA512

          c9b45da6df8940b5f692891824db4956c157eff57f14823c643cfaacc18cdfb39f6c45dfb08aa07fd50b0cd452b062b94b354a03ce2b74d791b0f574eab840d0

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          17ab97f71b21913910bc87549e3bd73a

          SHA1

          4f3a2c1e4d400aba2db45c013b53b2cacd534a69

          SHA256

          4dc06294a24d5e5e29adc32467afdb0c5ec6d5046ba77735463491fa5259d962

          SHA512

          fbb1f5bed1971204753e1dd2c2d0e8ed680d0e7844e6ea61847f61fedecc40623448df30e9f67c4510bddb5d0416ae1f81425ed166d3eaa7699372f52aa2cd0e

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          281f57438915816ef5832056ef86070d

          SHA1

          7537f02eeca24427dd3fd63f685d2e5033ef5ded

          SHA256

          8d12388a8c2f6e7fa74ee43edc575b765fb32b01417b6f2a8676e578f2f990c6

          SHA512

          3f7ce3df97a97b00dac62191791f5b6aede9e0f42bad9d19d1f43488b90b0d10b08d0597a892bd21ace65472bacdbd913811fce85d6c6af8d04e9b16afdcacd2

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          9d6940cb69696633e93627d4ccd3a730

          SHA1

          195d075a4b30daff6d1485a4a0dce72f57cb6d9d

          SHA256

          0dd640684e3a58e41e0c8fb80201bdbb530b5624b004e75d4a238fbc5f69819c

          SHA512

          cf10bb2f100c8df591c150655d7b4923a886e935b249589d37981f208b6c46eb11fe688319f5693b1829b60cf6bc8dbdd006260070c0d50ab7ac43323cd67631

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          f51885bacc4b91aa20196902e789d1e0

          SHA1

          97abb6614dcec9667b715feb976562256e82fe90

          SHA256

          800dbe4ca192dfd1772a360c05edf4e4fa3711f5cc38a0ffca8e5ceeee01f864

          SHA512

          381854659cea75337c7786d3cdcef9db6b737f9353a8de64b0c0966ca27dd6c42d4560484c56e39cb030219a425139e6f1e0c53a726623f92c2b72328333fb61

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          aa5e9f2937ccf9f8fe327ccab1674b83

          SHA1

          ad50eebb1dc5f897379f0d60648e17e2d4209fc0

          SHA256

          163087d1335483f21aeaf92f65f2dcc17c6cce5edfa4ea34db7e1d285ea9b974

          SHA512

          846eefa734b256885163c484fc6a1f35ab4c1668ddc4c55a36eb5cc57ae3f4325dbe5b65ed4dafce23c58c65c3c143543f56961bcbb9200316593ca75b802c80

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          dad1659fb7dcfdbf404c7bf7256f50df

          SHA1

          5bdf20c112d74558eb129324e730a8dc91e93eca

          SHA256

          79d42b58fc35bc1376079dd4d4519625516b35d5b91efc7191ad223ea00a39bb

          SHA512

          512e9747998a2ff21fc1af8e7f535180da4162e9103c7cf8248b68d5f452a0cd98070068ff55208dcbae5d8988b81904f48bdbba1bc0578cf43fda7050c7af6f

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          a5b372979ada7a361e3bdec88893dd88

          SHA1

          46685503361bacd416806565f5be0fc2e79d63dc

          SHA256

          d8d6ab9d82c286a69b0f186467905f7e600a34f02eda54a7d2dd6bc6a0149ff3

          SHA512

          f6e4b38f0fa0ad5daba956c7da0a0d10cf37c13edb1849394444b236fbcf79f170b64d3a3d4ee91864969ea6fb8d23c62e1b8f5b9538f6014ce1adf3b0fda1b4

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          97b66e46fdcdbd031dd369d9dd521673

          SHA1

          c5d71a1d33244a6fd1644f9ba65439658bae7fad

          SHA256

          623cd7a5575a26b69f67c9e634b6efab5cde63e85a619bbafc599dcf2804597a

          SHA512

          0e61a62ee1e83f95c7bdc0ce26fffaa90b7fe433f4dbdfd8936df7ca979b52708bd2fc7bd455f242d6097f2c48d1ba7fbb377b701ffa3019ff33b7d77c9dfe41

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          8768fdf4aacb17d0828faed1fc9a4847

          SHA1

          2ec1d8f204b79a316d678f2fb318baad806cae1f

          SHA256

          8bc11806dab2cb4dac2724222fdb2c6122f93e3b640b8a9f350a271fbf8a7b68

          SHA512

          70f3f31d5858afd2ffbf3448b26450f1f044c44efae05aa10a74f465c6f95439c80697be0bd183df6ccd8465f3b2bb398ae0c0159f66059c126062c20f3628f4

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          998e1fd40a76c6c20a4fb71667214307

          SHA1

          7a1aab8234104c8a8b86f9923932e5197d7441a7

          SHA256

          edea2c7f2276c064c9d49ebfa7eb518a6f0f40d3d11b0e82d0090fab81b0fe4c

          SHA512

          b9b08df0396a8a579f5f15a9ad466275382c5f4b9693541cfc7b5b159c4c824d99097a625e72c58bd5b1e52901e1baee98a7dfd7725a8fba2f34f9be4605cf79

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          c7fee129243ae368689b7ceedf9375b6

          SHA1

          e24f5ddbe41edab3cb2c27432b7d7cfb93c9200b

          SHA256

          93bc937bfb80b742393b7bbe855a95cca41916f28698b51e5a04faa0492d882f

          SHA512

          eb89f92e2d05d84555453114bcc44ef38b57f3c64a68a767b0fe8c685faa563d92b7c08635824a2cb3b2dfceb6ba86b70b384a19534150871ff71b6440db852b

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          3cf1f440802f5025bbea638cc1a2bf0c

          SHA1

          5cb12654feeb3d57b1e889d3e583701f5559919b

          SHA256

          e18f64c5cc7f06dd4b64b03e496dd76bdd61d70824d0fe41855e30f3789075b2

          SHA512

          e77bc226e0313ec532cf01a464e6a71e3100f58f7410bc427a2b214152342dd9fe714a87e158455828b6cc099f7290ca8433595a3283aa5e6773b09d0f2b3914

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          9a391d55f0cd8b686d173b1f64b743b8

          SHA1

          9875c8265bcd26103da412f020f0f468a25bb1c4

          SHA256

          d0e4c11eb7f7dd0b48841b3ad0671ae838533f99585be9391279992324b2d299

          SHA512

          dab787bf8457a0ba9295a4841c36967eebfaf0b97f4a8d7e3f3f0486403b12f3aa786cdf3d2a8f9d178ec8aa7fd58f2fe79099c65e60dbe82e957a51b25f91cc

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          c64d5eaf5c7e67224fd8c1f178ca2e80

          SHA1

          a5b8794defcdad5f60c89c8146b93a961d392a8e

          SHA256

          ebeb766d4a32c69ceae53a11f674562ebe64cb99b6da7a8679258e43c4ca3acb

          SHA512

          45c1dda57d62ab5f990cc09445b4120944ac787f6a08cde83ae490f0e6cefb9b93c4bd3d690afbe136df27dfe41d5edde4d280ffbceb39e35d9811c1ad637c88

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\Cab7275.tmp
          Filesize

          70KB

          MD5

          49aebf8cbd62d92ac215b2923fb1b9f5

          SHA1

          1723be06719828dda65ad804298d0431f6aff976

          SHA256

          b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

          SHA512

          bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\FG.url
          Filesize

          192B

          MD5

          0fcf82b5a915470e8a79d3516f582a36

          SHA1

          75f81b41607905b231521243129aff3554a58db0

          SHA256

          076264d4f165cef82f0cb07f6795f1d5ffa74741a943fca42cdeac65823bcae4

          SHA512

          adf69ec56756fe672677b039cb44bb13fc3adfac569f5ea4eda4e7b35de5ebe0229c5825ca8337aa2c623a773bdf775ddd3689e9fae03a7af1f694576d954293

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\Tar7371.tmp
          Filesize

          181KB

          MD5

          4ea6026cf93ec6338144661bf1202cd1

          SHA1

          a1dec9044f750ad887935a01430bf49322fbdcb7

          SHA256

          8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

          SHA512

          6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

          Download Submit

        • memory/2728-403-0x0000000000400000-0x000000000056B000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/2728-450-0x0000000000400000-0x000000000056B000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/2728-0-0x0000000000400000-0x000000000056B000-memory.dmp

          Filesize

          1.4MB

          Download