Overview

overview

7

Static

static

3

bf32784654...18.exe

windows7-x64

7

bf32784654...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    129s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    24-08-2024 18:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bf3278465406b491b1e311f2dfe6a44e_JaffaCakes118.exe

  • Size

    138KB

  • MD5

    bf3278465406b491b1e311f2dfe6a44e

  • SHA1

    5b0a11e0e6b0df23e64ffb6bc80c8d71b14021e5

  • SHA256

    5a757a91732dbe9c76b92d7b86501897b14d6aa92074d05ae7d0fd822d3349e9

  • SHA512

    44a8e97ea6fb799a5a19b5bc89c3bbf6bdb7dbb684a126f96cb5f6734b0fa7d803be39eeeb2038b72fdbe0a6ac027dfc148b9226775bf12c86240cde867f5652

  • SSDEEP

    3072:GSaP0Z050tfQQMvmkBN3WvRrMogdE/7/pPwyP:GSaPC050tfQwkv3wwouE9P

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in System32 directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 25 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 22 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\bf3278465406b491b1e311f2dfe6a44e_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\bf3278465406b491b1e311f2dfe6a44e_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Drops file in System32 directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2876
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c start iexplore -embedding
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:1812
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" -embedding
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2824
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2824 CREDAT:275457 /prefetch:2
          4⤵
          • System Location Discovery: System Language Discovery
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2988
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c "C:\Users\Admin\AppData\Local\Temp\cWY9F5B.bat"
      2⤵
      • System Location Discovery: System Language Discovery
      PID:2600
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2876 -s 160
      2⤵
      • Program crash
      PID:2604

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    886bce09ee33eda88518881924bdca5f

    SHA1

    4a483bcce466e3849d1ac6b2803fa6a78c5e3191

    SHA256

    9d7fe1e44216fa27fd43a7533d599431f92e73e4feb9cf3f5a635f74dc1b9fbc

    SHA512

    f5e2f92050660dee85405eb88a14783ba9e66f3e534c91fd6b5e1cbe2a434b8986c4902d2c38d5b6ceab6d9ac66509d971513727063d702789c8d1b1c1ff5ae9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8f874b6da6ef90318d8f9969dfc6516a

    SHA1

    aeeb4b51eeff1e20bd4b2949987107008570f88d

    SHA256

    dde8ef530d362d1187b9cff16d5da0fd052ec0410f0664c5b78f3a6c5a0815f0

    SHA512

    5c1e497b921d8d123f59d246d74f31275aba6c2e5346808a38ddc19c22010b87efc464afdd71e1772cced490828b6f3726e08ae751fa437859a697c7d9698551

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    dae9be38a71b33a94bac7e223de3c330

    SHA1

    c8574a50654300459717cd2a79472bf23e7759f7

    SHA256

    9e2faa78050280c7e66e027fc5374a81428faf8a56a55dc733bda23b77258cf6

    SHA512

    2a22730c17902b085a2637523ea37f57a3150e6831707aa18f085e1a0ffe9802005263ed0a55941bed9a1ff74b363583d272380bdebb9e76c8bcc6a44d076efb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a6b06ec0b32e7f3c8067bed8a7da1773

    SHA1

    0e571724e5bc8bdb29d0fc3ffa62f9da046eadde

    SHA256

    2f34cec21b78ecec169fd8916f3649f58eee21e99a6dc59524ae77ffa077132f

    SHA512

    d0f2330d14e55a626b7cf05e3e58d3c0024571b3003d8edfc834a85974ef7e7d37aa473805dea30fb57601db705c63f68d965224baa1c53620f707efa8cba170

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    21df34a8bd05d04eca180f63cfd60df2

    SHA1

    82136171e5a22419085483fa9ad0c31eede0b648

    SHA256

    d9d1fcad806ab99d7ed92cff41be444f2efe9bd1f001cb9752ccd31c18dfe243

    SHA512

    ec3e931aef0b3bbbec36a57b8b6e0fb17191d74a553238d5e1e2d7870a3dce93945712053994b27446362cc0cecf144bf68195a55b55ee65cfe017b8168b7654

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c47e15b894d4d8d96ecd5f3268f7c934

    SHA1

    abd608a9c1058ffc684b8297661ab6214e33d3e8

    SHA256

    69b497184f14baeac760cd898b8748f21e7b3f323d0c5b04a387ab294b7cd76d

    SHA512

    870e123330d4eb7971223c22f5bb3af0d035dd037e100fb72756d514a796738945b1d8e3f06c86849c2f67498c7a2a9d126b9dce38d66e84d6a685dd8abce907

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1cc52aabddd64958af2d7b051ccb1cf1

    SHA1

    f0169cdc6640a514b8b66a17da2df1a8ae4888ac

    SHA256

    8a0f1de58439b5318bca0a3576e6013c1eac807acb6ae8e423c001e2420392f8

    SHA512

    7ba564d777a38cca25946418579511d03034ff53fd8e7d4c3fed57c169a57a5a11ff0dfedf86425d0332e39047eaef8870e303b35cc3838a16ab55e4b3e3806b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    92cf475c1fca45af7b2771e967218b3d

    SHA1

    1111f4de45ba7c0acf0b1f1502808e25b16cd702

    SHA256

    e02d5a63af7e0ee2e369181c18079f24bca206de229d6fd54c9a2b66fd8529a2

    SHA512

    2d64ea9d146a1891824c0064f1343ec28d918558d89a390b5ab15aa3e02d55f8d6f83dc3ff34d9bfe4df48d038ce75042998485e1b675b061825e075be999336

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d11cae32ddca5d4aae1c2e91aacb22e6

    SHA1

    7516c7c8ecb50a818feedd3de46775922bb3baa9

    SHA256

    90f245c41610c84ed714d0a85029066793db85ef59940642aa9df9535676e5f3

    SHA512

    51a5d4fdf270ac8b6dd71c0f4a697537d345706cee98ea063e9870d8222281ad7c5fb645ac6463665d33de80211eb828a00bb272db892aa429dd8bc3609cc6d2

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabA334.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarA402.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\cWY9F5B.bat
    Filesize

    188B

    MD5

    e87fff5af830e6aaf0470b4c747d89a3

    SHA1

    29fb9f459d889e0f800ef4727e10a84e5a5d0d88

    SHA256

    3113266c8644f516bc69b2cf87aecf2db816b6df7e4e1875d2fdfaf6a1fc9098

    SHA512

    27ddeddbe7bb440c4e02b396dc09fdb46210c2d6377cff1b07466928f06ca2cc25a36b0f4c104075bcdfc7c2e3905e9f7bcb2814f1fc831d4c0547607f4bc1aa

    Download Submit

  • \Users\Admin\AppData\Local\Temp\cWY9F5B.tmp
    Filesize

    72KB

    MD5

    0343c8bd4abbb882345e1b70ad53c38b

    SHA1

    a68b56aa6edf4c60d02ffa9ee827f07b13961688

    SHA256

    5a4227ac3ce660043f15fa602ca40535420e3e8f17da393fa7d38cd873c04082

    SHA512

    2e2d0072eae4fd04c6e55435d8dda219c0278d2fbea390440e17b473d63862b81d0ef48c6bb2a4d746e9a4cb0aeea7828a15b76d9bb424cf616cf9d7e1d735f6

    Download Submit

  • memory/2876-31-0x0000000010000000-0x0000000010017000-memory.dmp

    Filesize

    92KB

    Download