Overview

overview

7

Static

static

7

bfcccb2b13...18.exe

windows7-x64

7

bfcccb2b13...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    141s
  • max time network
    150s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    25/08/2024, 00:53

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bfcccb2b1393a3420599cf034bb62d4c_JaffaCakes118.exe

  • Size

    191KB

  • MD5

    bfcccb2b1393a3420599cf034bb62d4c

  • SHA1

    8f22a88ba1f86b8dacf0a2e80e9ccc1d8292a615

  • SHA256

    0e269ba58ad3ba27c93577f00d7ad8fcb122ae3412264318b7401dfffc2f0022

  • SHA512

    38ea4b5ac7acc15c3250bfed79fb5e1df6d2ce5463c51d7fda411e8415deaa4d2fd87e652337d05c88360ff807a55a55aea83a278ddc0c12e722b804733267dc

  • SSDEEP

    3072:FdTejYQcRkBtZy/kqtcGxekIQ8bqJLSjDexH0THKLW15Y5dyO5SDLm9qJV8Vd1vV:PWfUkBPyrtBxgQTMK0TKpxS3H8j0bK

Score
7/10
discoveryevasiontrojanupx

Malware Config

Signatures

  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 35 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 9 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\bfcccb2b1393a3420599cf034bb62d4c_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\bfcccb2b1393a3420599cf034bb62d4c_JaffaCakes118.exe"
    1⤵
    • Checks whether UAC is enabled
    • System Location Discovery: System Language Discovery
    • Modifies Internet Explorer settings
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2884
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.gamecentersolution.com/downloadgame.aspx?CID=21157&AID=457
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2252
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2252 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2088

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    67cbcb3ad7485b192b9f4cddaa3796c9

    SHA1

    611a797229c2a687e1296c4b4b551291e2279643

    SHA256

    d7c3efa9b4284958262d728a6498a44017f375062cc123dbe56c5d3c10a6b6d4

    SHA512

    90b94fb8aa8cbbbe68b080c09b3f5cf5f110b8c4d0b7c23b8d8613856aae5008bc0681aac32d11ad6535e92190ae5f781c8c117c04a6f4fc2d2b477b14ee00a5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    cce6b0efbc302637473df425613fecdc

    SHA1

    0f12560514382fa2c6d43d6734a0ed4b1a680484

    SHA256

    82d678636a55f16e16008992eb4477a816d0cb785105da1943e33893579e3381

    SHA512

    113dca4a87fb528528d0af7a984e41204742314e933ce5b547de836e04e66877592c8c28067a87e2caf90da460f4acece3304e565cffb2532646f1202b24bb9b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1902c95a5af50ae65065000398fe3501

    SHA1

    f1d0d8a0ce2e06ff47a33b2b148ddf762d91e6fd

    SHA256

    bf6f1b372d3d7f3281707c647d2a8e4243ac81fab8d0cae63b6fc93386aee29a

    SHA512

    fb16aaa60a93a3f3948e478705025245832c4981a525e88f028db99251cd2c23e1da213e1f1055795a7dc6c0c6e68e94fe99e5bedc4f0344f60e1de855ad0030

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0591920948a8f192f83e6c2ca5133106

    SHA1

    7428433147416d875827f65d6ff350562a2ac887

    SHA256

    0eb70d54e9926ba76ff8bdd0d6c2ba71648600f5589f349784bc8339ae51cf36

    SHA512

    d3987b4f0c6e63060d65ca8252bca5c1884cd6a3202ddf59745ed95407e53c55dd473823fecd70b84ffe63ff9b155ec70efc9e521b3d724eb3c03f31a632d792

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c183ab6387dec9102c1dfe4dba3877ae

    SHA1

    2b2140455ac2c9f57a4cc43ad277ca36bf1f5846

    SHA256

    a7de5e5d2ec44d0056fe8fd48d7e5871ab1f6bf94e17a19f542ec9a9d77cc1c0

    SHA512

    55156a1f83351621d6dec451066b6d590e98f61bff206f407e3dce7bbc5031fcec99903c8e0290a3f21a05b2379d962813c60aa4439cf55300e0e734cd2e73a4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    abcaf3bd260760612f1e3a51829493b8

    SHA1

    ec99fdda47e9ba89b4da5ffdd6599cf6d3fc50bc

    SHA256

    2002269d23b41142dd5a2f14be4fad1cfe290e2cbcc1fb629dea010701d26340

    SHA512

    5ae16ea22b45762c0b9b99b0914f2d756a0c1ae674d2fc5ef6a941aad98b1964e030fb045aeb2078c4f57918cd3990c398d8fd6467cbd916fee924c2da55da3a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    06f56b8ad639d64dc25428446157a251

    SHA1

    dd6726527f4c18e84186fcf9843a4862f09f939b

    SHA256

    3de44c7a6924f74f83645a34429df62e94b46eb63e96cbcf8cc2baa867933d24

    SHA512

    8d1a9255a01403439e5ec9eac476b815d6ac41d675797c8705ede6c1bd48003bc37ad2309a74098c5a90f2d116259e40e1bffd8388ec6693e91196d7069edb29

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    aaf6657d78b8f6f888d8b6d83ec91f3d

    SHA1

    80a799e2787ab68842f050811e041bdfe168ffbd

    SHA256

    95c079279802f0a4c5c22c56fbf2666d50e480500d91a5a81ccec26cd73d5bdc

    SHA512

    737b5fab81f8dc2ba41e06321a7d3594774a94359cd0fba9c9ce4cac2e28dd8a25cf0082baeadc2dd9e1f7a148bae80ae7c8b171e74e19afa8377ac4faac2a1e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3777a38f418f66e06cf8d66e9f9e2eb9

    SHA1

    9a3d1823fb045334354bd06fa442de9b909438a1

    SHA256

    934a65909f27893ff0e1917f2dc1c91984cd123278983903585083aaf9b65d96

    SHA512

    01047647f62f40cea3dd81a2f27e8498a953cbe2283cac3d669e84ce7d05a59ae5bfa51654e49a4d1d03f1988315af4cd3faf27a00077598e7e8cc1a88f9af75

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    260a6ec3035975da5c7e8c7cc7ebf482

    SHA1

    b80a993e94ba90c3f4cfbe569ccc71050f7e2234

    SHA256

    89c887bb8ed8a8a6a5cda0a56ff561d630d5431f38577f015b8bbec60464cd71

    SHA512

    1f07d1b0b6f0620cfecd481881feacb68de1a278a6bf46a0bd4321de0673bad4ae4b172d02acabebbab49de56e0cbc6f0b3b341a540d22bdf4d274a607e4ac5a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    295540a9061f20d46076c5ec8b4a489a

    SHA1

    39ab61407cafcbbe0d0055976ab3031c6474033e

    SHA256

    0e3e86583d8df8090fc25717bf0631d5a4b66a1dfb35a9b166bcff4e1355030a

    SHA512

    972c08c42a6db8b7b9ad21996ba683adbef771f8781b14d3ba43beb90ca1e11ec1ac1089844242a542ca76aa44b2d6dc7bf24a8d1f543cc9d9422cf59302e1f5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b2d7f6b6cb202497963a80143ab70fb0

    SHA1

    e44fd37f966f1162dd7d63e7d0d4f528330ae9dd

    SHA256

    b307bbb06618a2b319a3b1c6b882eae9ace5cb2192a3db8ffe691a4a04b96bd5

    SHA512

    6062c885f7c3fe44b52ad976080433f29d577e20bb543a765c99d8825ed4ba7b8da53eebc70634d2ecb4d9eb770ac5af6432c212f4606577bc1bcd93d0751704

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2ae1dc8dda1dd5b16e9682b092b60ea1

    SHA1

    026ef8f00b5a4d5284a7674fbcdeeb3ce4ed1a10

    SHA256

    fb7485c4a7882770749ca0094d0c195a9095fd81d93c9ab435f350653f1e7639

    SHA512

    16201d01c220926f2e5f215ffa0f70f0ebd36eeb63dc6490a5fab18e9a22430e91d217aaefb0050dc0c2ce401589b879a75adcb243868c596b0ae90d3121e8ae

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    cb4a53a6fb869a08c5e695a198c24046

    SHA1

    7154ec5b19929f91e30031607e6cf701d2cb5261

    SHA256

    5b3edba68cee0b7595f224e5d18ba7f857acf848e5b48b36391485fca7d6243e

    SHA512

    49b41118fdd067c1a021e71ef24d2e13e8807802f27292d59d400e56f231c34d060200d5e64acec7a7a58ae74f81ed04e09a8996123be621ae299906c3e3b7c7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2f89f9cb41ccf57f3d5076513afa5791

    SHA1

    a32b12a020dd71ea71c1f5ceddb07136585c6555

    SHA256

    5f6f1b0346b47c4d9bbfde66ea8914271a15452d561dfdb8a6c4d25d81614f50

    SHA512

    e2a2b0dad7c2643c4c45058c760da4327760e8557c77d4d1b6178377d412f824369b22cd95695d28fe0d86211634e54a2ae233b9fd96c532c742529095d55085

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f44b27c782deb0a29f58b907651ac23d

    SHA1

    0364daacb74645b908fd400f73c515cbab14819d

    SHA256

    0aa9b63d94912027bd0dd9db98d146853172b8184eb4b696c8aecde8194c9d2c

    SHA512

    a1980ecad12dd06353dde1bca88e73c4e59190302cba973bcf8175d273d2839ad3c83c792f703b52b2a99d4a5529a9cb18c222c2764d867c437d95d12596afe2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1394b4acd22a9735bc19e2b56e4e0994

    SHA1

    5635bf0d7946bbc238192dea2485572c0cb28183

    SHA256

    2fa6f6f3399789b08daf0864277f1332db1cc138038bebf3ce565ddbcbb69307

    SHA512

    54132fd2c27226ac6efd3c49bfc7ca3bb5d13a6858c779f83da6ccd4b8cbaba22be928e3f496e6f82c583a5442cd1ce0f2ba75495fe60ea1843c573c1532fa7d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    596c27eb04e36568b03f198e8224ba9d

    SHA1

    909a2c35ef0afd9ebfe00aa106837901afe7e22c

    SHA256

    bcca515e688ec0ac459753d896a57e2b9282674beca93c94aedb2c55c90e10a3

    SHA512

    d910baefe4845bd1c16999987b26b181c426aff525eb721f8251935f47035d19aa1f2a1cf44e196469879939f860947cfc3054f674b72985d333f89e8d786f99

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    dab93632fdf774658abf35369b46df45

    SHA1

    aa7b4341ab386ad7453977f122eab21136af1f0e

    SHA256

    c10403cadaa2c00c17e2d70f024dc2ac62cb51068d4c2e69d587079b31ff546e

    SHA512

    06a03f2f52f3f80fa0518d4e4f91f9459506af9724bdd991f953c12f3ac51560c2ed08fdbbdd5ee16d9a3b2fff91e23d9f39c052239289865e379776a9b6e2e8

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab733F.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\FG.url
    Filesize

    192B

    MD5

    0fcf82b5a915470e8a79d3516f582a36

    SHA1

    75f81b41607905b231521243129aff3554a58db0

    SHA256

    076264d4f165cef82f0cb07f6795f1d5ffa74741a943fca42cdeac65823bcae4

    SHA512

    adf69ec56756fe672677b039cb44bb13fc3adfac569f5ea4eda4e7b35de5ebe0229c5825ca8337aa2c623a773bdf775ddd3689e9fae03a7af1f694576d954293

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar73EE.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/2884-26-0x0000000000400000-0x000000000056B000-memory.dmp

    Filesize

    1.4MB

    Download

  • memory/2884-0-0x0000000000400000-0x000000000056B000-memory.dmp

    Filesize

    1.4MB

    Download

  • memory/2884-24-0x0000000000400000-0x000000000056B000-memory.dmp

    Filesize

    1.4MB

    Download