Overview

overview

7

Static

static

3

bcea3c98d6...18.exe

windows7-x64

7

bcea3c98d6...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    134s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    23-08-2024 19:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bcea3c98d62c936145eb118dcebcef60_JaffaCakes118.exe

  • Size

    43KB

  • MD5

    bcea3c98d62c936145eb118dcebcef60

  • SHA1

    042b9a11f23d4406846b9283f293d7c1f443f2d6

  • SHA256

    0b04fe457b3ba75d9106cd80120788726d2b74dac75d82548933debf6f9056da

  • SHA512

    fdc0c53eba4acaba71f0fdc0d37653147a9f6da4af2daf63c2d6f02bf2fb807ca6b362ddc1e99a1daafc0ab4c734920c004d60c48979733d6c373550004b5190

  • SSDEEP

    768:MHBOrTRmTSADtmn0BJY1QjQmqAaKk2r0ejzP/YeoxgZyS0QGuTS5ACgkDdUz912:MHBOrTRmTSABCsmArvwewS0QGj7Ddy2

Score
7/10
discovery

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 25 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\bcea3c98d62c936145eb118dcebcef60_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\bcea3c98d62c936145eb118dcebcef60_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2708
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c start iexplore -embedding
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2780
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" -embedding
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2724
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2724 CREDAT:275457 /prefetch:2
          4⤵
          • System Location Discovery: System Language Discovery
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2736
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c "C:\Users\Admin\AppData\Local\Temp\bcea3c98d62c936145eb118dcebcef60_JaffaCakes118.bat"
      2⤵
      • Deletes itself
      • System Location Discovery: System Language Discovery
      PID:2144

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6328befa434304b080f4888a281f9b95

    SHA1

    2c769f288646ac5ee78a6464661b54b8909a7929

    SHA256

    3674f89c1a9dccdf94ab68fabcd03c99017cdb7ee3c56c3e825fa89a5c1c1c6c

    SHA512

    d48f0704bdd0dddd27ee4952ea633fffffad8495dc7f840b6bf8d18dbcf02eb9f05d282e5e4bdd1e7cff51c9af2d1485c10d08e965f66c345690733cdc94c7bb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    75da74b936ad887a98ace2b59277d543

    SHA1

    c3c7cd108365b4a470c9b5c11efd7940939c413c

    SHA256

    bb20c9297aafafc3c967b59ca5eb2f6b446ebbe33b59cfd6f8081b2de27d8f73

    SHA512

    97a9c44aac0a8998292623ff787b397cc5d0dc423c70f041037ae9c96e9fd5cf4f86f1ed14a292cf63c1dd52a8c5be0a87b9f11bdab73124ddc53674d0b0b21e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    30dbecfb21a9d7b634d34247a96c1b35

    SHA1

    43ec70942081c0097eb981af00d8196fe572f49d

    SHA256

    59dd475223284897b7a59729da2c78f12ce431141e14d7b2d4fd213fb830559c

    SHA512

    ee34ec8c0b842497d7a769ffcc7979fc2ea437c81d95211da04b40d901b591dbbcacd537f3888717dadacfe6eee142265628a293b5a3f97c0ac28de6f9a2d573

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6009f258d8486eaea21e080abecbdc25

    SHA1

    563bad2d63a1c67861cf4d3184016a0a40928b6a

    SHA256

    cd0a99513d548d46115c54ab3aecc87cb43126c97ec2594ae13a5bf5ebea5d75

    SHA512

    a5daf7488dc70327f2469496e13678280a38b8a4c20550a368c295477f4ef53a1f888d86de784fb55321a9a406fdd3fd65496ce40b2f7b55fb8bf6791733c107

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d8775d1482a7760616b3ff953c877523

    SHA1

    38788f020c177b6118dd068f7e215f0a19a5e093

    SHA256

    8fff6368a972dbe386142ecdc3257c8f9dbcf31cc48149fdec43fb379c5293e3

    SHA512

    90c6d897cb1be3ce829b6f44046c1e0a52f46ed17897f7d6c6d7f5433a78cc9992448ee30eedfdfdd163590dcc04b6b46081c4d250775cfdc6751588d3553ed1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    018c73491b5f2b3afa7ee82dff6a9344

    SHA1

    31fe9e6578d364f44cf49559def998411d3058a8

    SHA256

    20186711a1c52dd9ca073eca202c61e7669ef23858255818ef7bc25af2f4ad0e

    SHA512

    828e7001eb826a5539510d3b384fdc122350fdc3d5bf531df1df47d834358c097c661d5bfc2eb5664916c3c614e0e5a7732fb140ac6ed1735a72eefbe38cb859

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    afa7d346030bf28b5b16fa1ccf99ccb7

    SHA1

    f69e45a867765a64a83f57c7843a0ab4a1e90f44

    SHA256

    97363f2747f6be47484ba61dc06da55f9e28a14d3381f05e26cfce104b24624c

    SHA512

    41934c3975b952bde00eceeeb48718c1f01d59f507b14552fb5d409c44977d3191a93a1c721b759540a6bb6f5d16895c56906678b8edfe5998056859158696df

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    472acdc66ee1e73bc17915b59676c830

    SHA1

    20e75ff8732f6dc51a032621a30e5b0af5097878

    SHA256

    acaf39526a5189cdeb3cfe09b4688196b093a138a43973653d773d143ee27ac4

    SHA512

    3da7cc53bb22f839bfa39934aa64a7d77b5fc21d22b88424b32175e099c6ac40e3a16c8d862f4028463b86eba4576165fa41de34a8783994931679cb19f0fe92

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabE7F1.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarE890.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\bcea3c98d62c936145eb118dcebcef60_JaffaCakes118.bat
    Filesize

    305B

    MD5

    fa62e68f80581d905035fd5b372b6389

    SHA1

    84f30e0a714070b38bf52166342f5758b67d7c7c

    SHA256

    a9d8b9ab68fb3b95f7dd9f4225a7957e362029228a040d6fb466e3e2b2861ec7

    SHA512

    c204e8d36ff7d6a5ad2c8770e999b73b01140c8287dc00352eeb47d7cb39bca44741b2e9d93768a20d1aaa2440726a691ee3b46f7602ed334d2ae57d5afeb51d

    Download Submit

  • \Users\Admin\AppData\Local\Temp\gosE7FE.tmp
    Filesize

    31KB

    MD5

    aedf6f88ce7b0590257d35485e677782

    SHA1

    213dfc8ea5f166d5218fd6bd5fcc717d4aeda04d

    SHA256

    f1d708d278de2acb411b12671fdb9ce281738fef2a9171a3287f6616e25089e8

    SHA512

    a35fec4cdb1be8144f29dcb69607d6ad83489dd3cf53fa89787bc3d9a936807a909868eedd5899224f118e0df991d4300d94a9b4f61d01e99a23e388d8a38f4b

    Download Submit