Overview

overview

7

Static

static

7

be70956916...18.exe

windows7-x64

7

be70956916...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    120s
  • max time network
    139s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    24/08/2024, 10:53

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    be709569169b185e615ee1e51bb460e4_JaffaCakes118.exe

  • Size

    1.4MB

  • MD5

    be709569169b185e615ee1e51bb460e4

  • SHA1

    dc4927fe32dc9e7795dbec753ad8f5ecab66bdec

  • SHA256

    92a72dd92cabbe79c15cc6d4e79384e05f13c4a472fb04eb2d4d7feb2088e617

  • SHA512

    2dbccb1fa4acc630c07ff612ec23bf6e95bae0edfa243b3ca2169a5790ebd7b94da02e5c34a05af0239432806917699745ac6da7b7d6ea028ce8e690cec9474a

  • SSDEEP

    24576:EActqENY7+uDUzN8k/CJ46ePDDx4R3PNqpg:EOENUoXqeh+PUpg

Score
7/10
discoveryvmprotect

Malware Config

Signatures

  • VMProtect packed file 4 IoCs

    Detects executables packed with VMProtect commercial packer.

    vmprotect
  • Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 58 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\be709569169b185e615ee1e51bb460e4_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\be709569169b185e615ee1e51bb460e4_JaffaCakes118.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1984
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.97moke.com/
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2560
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2560 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2800
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.97moke.com/
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2396
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2396 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2732

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          7ef34af2900f8bfdc698fd4d7849a75a

          SHA1

          fe13f00a41e98c529bf4f3911ae3c0ad32a39767

          SHA256

          582c26a884ad64c9e5a8f8806dca0070941f5c3666947915ef036dcf34e091e9

          SHA512

          a1c479b43ba338b57214441773ac856a28cceefd53b4be6891bd933225c17102d7bad1fe53838b79d7c33a2c99ff0580a4dde1bba5578247ca25ffc08e8e4698

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          fdf9d29117817863b1c588b51dbe78b4

          SHA1

          9ceb40ee5dfc96e9ae5c77203533d88af8a5c8a4

          SHA256

          abfe84b097d9af5ed22a526d09bd265ad5b5bef94059165d4f92f1eca43ae8b5

          SHA512

          3da01fdc9c482696b3d544b3dee761ba2dca66341f621bd3b849c9caf1ce1d995df6ea0a0026e2bbe0730fab6f05dca8370e10b6ccb1e8520488c81ad923098c

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          ce5254846acab0eea73e7dc8dffb42e3

          SHA1

          12caff68869e774e518ffcffb83cd1c4e725b7de

          SHA256

          87c961d5eba6778618062f8207c7d90a8f40f44864c0de854ec2a875d6b8b0c3

          SHA512

          4fb611acf6298dca8a6aeab87d7cbeaa71c65c8e257cd5633a699f1c9b96f9a1ac05c00d73268c641b8cee1d779ba6d091e358fbb9f4ef8e99e53141608c68f2

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          b985f080e69f6838734604be260deabc

          SHA1

          b32adeb3012e8090b01291ab4af826f39f1e310e

          SHA256

          169897095d144c1c5a5a5a97ac1bd7674d0f116d1250374c84bf9946b2a94c53

          SHA512

          26807254eda166b927d1f04e328c888006bc9b3e2871fc68ec980e9efecd3e3d2194c24b81b765c9651376e91635818b8f2a97f6d800401645c8a289df7ab69e

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          bbacef7af7b9bbd5abb701c185a8f520

          SHA1

          2fb4f82349b3e95b03755f45caee6867bc39219b

          SHA256

          c11eb2205d4af55d18ef7a85b60048fc43b1d6fa819189a4ebc61e0e97335be5

          SHA512

          b8d14cd36eb74fb752c4f67356c438ce4cc8a6af833f0f5c3220b539fbe4d48bab28d33eb005f8dc4725bde1149bb8e546fde1aca5645d55c3aba8e9356a91a4

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          b1d88e63cc79c89695ec4b6ef3fda091

          SHA1

          8d7e6a22ebf18c88df19551f2f6890a9f77cb7f9

          SHA256

          64f4ba468ae876080f190229eaec5f35128e647096136c233e82425943be9d6c

          SHA512

          b650bdffc63a92f7e3a5959b5b08e2feca8cbf11ac36d8b83a894db29ce6c6f1fc5e434eb3699eefb4b6054d837928be9bacdacf5633e7cb5963406bc578178a

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          4867eaf32464e5fef089c8e1ca426f5e

          SHA1

          15d37601d64fb4da4421e18984b88b0433985973

          SHA256

          94f0faf28b409273453a1f7f55ff2bd52e072800c317e0453ea6e45b658e32c7

          SHA512

          b2b33b98f09145e075c19926113ff6b96853ce983b3b8faff6000b9ecd8a29c4e4d679cdadb49297b13087f950558ab99b150b6b4f34f5653abe8d068862920e

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          d073df26332c20c3420c546d9ce24854

          SHA1

          b0e101bf5f450849a0f3a4326e568bc1d343d628

          SHA256

          99618c5fffe4c842e647aa784881dc98eacbcdf4d2b8e83ce28088628b79bf96

          SHA512

          b3537340ee48defcab4d207dd7b295eb6a676b88da60fa49237beb0d35788a7727bc8a747f703febd1ec69890da286922421f1035ac3ad3bc8e4dbb4e3161ebb

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          2e6809f6e58ee3561ebedb93c554be54

          SHA1

          7bca4372fb53cc8c5e322f5fa4057000602ab50a

          SHA256

          b94313fe5579928573af721810d901d493d72af43151c8fc83439769f1ffe248

          SHA512

          e5f4ca733ee7ff0c687f5307e9270db452bd4688a9fe43001fc8c18c4d9dacbc01659572095470f840d1bd2d1401be0fa85f3cc2165a4ab599ec12416a72eda6

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          9f5f1887a2a3a4e03d4dd932f8fc08a9

          SHA1

          c8ad5d7e3270a81f39e82e4a7e5aee5379a1e0dc

          SHA256

          6f4943b33721e9b30a4a18129d6ca663a167aa5ea5d475cd3d2bcab81a55138e

          SHA512

          8ad1e22c7cab2f742df54cf29825fd9b38f3ce8e7660099958cea62384cf0e60e3e9cf453c18f4c2068ebbbb2e0faa3c83a88591c0cb2e23b809f8be8a38c66d

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          7c8dff08ca4f452f9655ff4b23a5a903

          SHA1

          f76dbe4d7dc3a535360ab52fdc57a22b6b6a150b

          SHA256

          4fedef2d0a2aaef6b20fe878bb92daaf171a17e0967c2821b3761ac909c269f7

          SHA512

          d9681a3b18d3b8600da3c0e4dad712a47b8ddc622e6fde10b97a46c97e8a0d88e7de469e167c1e2eea788e3330e27b8c9bb6f182cb2a9019179083f9050f4a49

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          6722dd49bbdb097079331e2b2a7ee678

          SHA1

          931af9dcdbc55c4e589382c6da9787570921f94f

          SHA256

          2e74aec3ca7fd7b887c4851f134be43ccab0a5803b63b8e9ece705a0f498d134

          SHA512

          1186a2b92b8e92265538d07fcc2e7a6c59c3f269c7f0f763fecc194421dd080029f07bb0e1712b8af903973b3ab83dfe8218e037cdc24be35219457314b12562

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          6039463c242afec124a1f180ca747628

          SHA1

          7084c7bd1968592b823353dd0f704a4ce8e23437

          SHA256

          a44f9f47157a76945ba5eb5592061dfd16e869a8194e0ec8d7793b1042384e17

          SHA512

          45aea56f4c122bed2c4950124f6164b6a47d460506475d9e3a38c1f7a413be62309fc644e426a5d22a38ec7dcc8ec7619501e097567f6870ece0a098dcf83e67

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          a1c4c0a833b69f3016ca421102218091

          SHA1

          5006be345983c7987ab8a5db21bef602ed1c6a3b

          SHA256

          e9a604accae00d61298eaf1b6b4a47e9e27b107de127b5cd34baf4991956f5c4

          SHA512

          818c0a28c8713b603aab47868097fd7f285e9675d39e17b03614b399515b2b8fbeb7ebfea80c3bd0c5bd8799708636eb4dbd45f1b1a95e219742a068d36ae8ef

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          62289bcb19f44bad38478ba2b5561409

          SHA1

          f9b45000999be6949e74df1ca74338649b70357b

          SHA256

          a03b63b4fb4f370bef7333d5db37824bcad8ef34d3508c598fd0afd4b72009fe

          SHA512

          93839abe73ff73417700c5e51dfeb4337760a5f9d1d32782511ea4cb1e8bf3c658ce66accf1639bd4cccbb228ece504e97b142847ac6d3cc8fc36a7014898485

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          75fffc485b7fff6af65960531c12c71b

          SHA1

          bff615d92a6f303cff664a030475eb8331453c78

          SHA256

          0ccf0dd7f50ab698268d6404fefdb33c995a74d91ddf2a186cf0155951588ccc

          SHA512

          5269032a4a24fa52d2aac96e08d77f1cec2f80501a4546091b81c7fea245d34a7eeac6e532f6f66237fa8eec5f1326d4e0d2528c1802ad065c256cd99f257d83

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          86d581c92ff500efe8d33a2f9d6d3528

          SHA1

          88369422b6699c783c712f3ad8a0d36ee0dc5524

          SHA256

          ddb56652dba135df59ae0bd9ffdbc16ba7e4de6da9e5b990e69335c1edf8e1bd

          SHA512

          0cdc9cf86efdf7d8279e3065eeb6e594719be38af4fe486c92ccd920176598b120a47e23385e4d43cf5b97900fc8b73e18da2256101caf649aa2e129ae4d3209

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          156df5dcd67d7baf9ccb55ac2d0ce3e1

          SHA1

          a8447a8d3afa99ac558cf1d135f3be4aa4c55fca

          SHA256

          cb35646bb5abd53e3404b5fdbfcc0ada106fce5558f8d3375bdaea4ccc4688f0

          SHA512

          077b94245080b67548a7625c5dc975655ab6e512631f2f5ed1dd6b75e7663806713323c085a50e5623a5afbd8a162403529af9d13ba658dac2bcb5f83647e27b

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{1C839021-6207-11EF-ABC7-72E825B5BD5B}.dat
          Filesize

          3KB

          MD5

          e35a9af5dbe2e63944c6c6df7d98bd8e

          SHA1

          f07556ceaf15ea4db9f486e8c2bfc98b4dd171d1

          SHA256

          4bdd466118a7434308c7062597fafdd40464e4f0766b0aef2d2815bd20b2cd90

          SHA512

          bf745ee796169e54739ae71546bc0ea91afa57ca0b21c98a04f65a6ac424a4a0c587016bb51396c3f7a65cc570fed2b53d15e2cfba2f787ceb6928c113f9b09a

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{1C83B731-6207-11EF-ABC7-72E825B5BD5B}.dat
          Filesize

          5KB

          MD5

          76010eae054be7bab7db1944ab172644

          SHA1

          1bd8186179ded07727f5df37e7918ed520e66fb6

          SHA256

          e9df04f328d4d27a4e734e4fc24d47ae76d0bac655b3b182fddb945036b1d2f6

          SHA512

          ce064ac2348cc5c627248ef5bb4d7f4137969fa0ec0d3441c95023cc105fcbf1ae6d4f93e7f461731c794886f6fe8a29762fcbf252e547cbb705d47643011718

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\CabF79B.tmp
          Filesize

          70KB

          MD5

          49aebf8cbd62d92ac215b2923fb1b9f5

          SHA1

          1723be06719828dda65ad804298d0431f6aff976

          SHA256

          b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

          SHA512

          bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\TarF80B.tmp
          Filesize

          181KB

          MD5

          4ea6026cf93ec6338144661bf1202cd1

          SHA1

          a1dec9044f750ad887935a01430bf49322fbdcb7

          SHA256

          8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

          SHA512

          6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

          Download Submit

        • memory/1984-1-0x0000000000400000-0x000000000058F000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/1984-0-0x0000000000400000-0x000000000058F000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/1984-441-0x0000000000400000-0x000000000058F000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/1984-4-0x0000000000400000-0x000000000058F000-memory.dmp

          Filesize

          1.6MB

          Download