Overview

overview

7

Static

static

3

bfcbea5173...18.exe

windows7-x64

7

bfcbea5173...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    118s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    25/08/2024, 00:52

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    bfcbea5173aabda881df38904231978d_JaffaCakes118.exe

  • Size

    346KB

  • MD5

    bfcbea5173aabda881df38904231978d

  • SHA1

    a4a70e903a63f77300b612df105f20014d2001db

  • SHA256

    16ae00df2c50d547ed5f102102acfd080f94651baa8a9028bfb8b8da7a1b3a34

  • SHA512

    4eaf067d86eb73213a74326c1536c3b0b3387dddd652e26f1de53886224f22351a9d82753b68e972b7c72ec2b5858ffa29e5e48bdc7ec5958fc406da1d01e1e6

  • SSDEEP

    6144:ye34BvlhNC7JuyKAs8LG9R3HNe76JvML/9c7Cr7Ob+FGW:++YyXSvi2v2ICvOb+FGW

Score
7/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 4 IoCs
  • Drops file in Program Files directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 33 IoCs
    adwarespyware
  • Modifies registry class 10 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 28 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\bfcbea5173aabda881df38904231978d_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\bfcbea5173aabda881df38904231978d_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2348
    • C:\Windows\SysWOW64\cscript.exe
      "C:\Windows\system32\cscript.exe" "C:\Program Files (x86)\EditPlus\kk33.icw"
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2692
      • C:\Windows\SysWow64\WScript.exe
        "C:\Windows\SysWow64\WScript.exe" "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\kk33.icw"
        3⤵
        • System Location Discovery: System Language Discovery
        PID:2604
    • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\installstat.exe
      C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\installstat.exe
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      PID:2616
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2740
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2740 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2884

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Program Files (x86)\EditPlus\kk33.icw
          Filesize

          132B

          MD5

          1ea58bdaf340b6242eb164a7b3cf504a

          SHA1

          32f9fe33357d610615acf3f1054c03a77d43af52

          SHA256

          ba49b5bfda6c0fd2200d4c7a853c71348e296487d7fbcc4d3a6871d19ff4cda8

          SHA512

          0f30378abce69e8b92e8b69b49c9384a4501de5a64e6ba978fed5fe33caf2bc0488c32f87a34510555f5e927d3f7e75307a9933e592372159a9e9ecf8a928f93

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          ee066a3c4ea6d9c42faa72455b2add62

          SHA1

          d2584699183bc6dc4c1e5d100972eb930eb88d48

          SHA256

          f48cbce66441fe639994dd1d597d6b9729a68bac7270f68582afefa41a5d68ad

          SHA512

          e9a050f4d9c236b87bf4625d1c82f1e585ebeccdd7c520d1df2cbeb313597a76508f56dd4e9a11a2fed78ca38d8be6334e0ddf68025722bcd9f937f4ca97c03c

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          60d4cbeead1ad30801159493f63698b7

          SHA1

          be0315f081bb48452280705380bc7f2b3576811b

          SHA256

          a842c29c407469c6369d4f5bde553b95c1d88f6a1ebc2450eef76c08a42adbd8

          SHA512

          b52639b145e48d5aa1fd34d076094666084fd280c07c932124bde7d3e3140e9a17e4a662dd8112edacbd0f9dd807f3a194ead83c29fc018e7af5c4a686f98ed9

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          1d4a0bd528d45d813f15f0c22d5506de

          SHA1

          960fda1ce344b5599f6b701038c96b1b2779c950

          SHA256

          0e900e0af50f63fa1829a3d54aacdef2cad3631284fca60f8cbd770a81bfe955

          SHA512

          33b8cdc62e84d5294bbfa19f08efe048d0b2a7891e2efa55f7c0baa0f29aee9b92700cb12ab9cbeb2e4c638f357ba16515ece7b474d3f523edbb35133d0e7745

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          f7006781bfb10f48f755db413661be08

          SHA1

          eefb92c88d56508932bf086e8a4736c6ff4f6958

          SHA256

          17297fd64458cd8f7734d85343fc8d299d763e305dba40439f35aa1b99c74225

          SHA512

          23f401dfc554e3fb05aa26014db9fcd64dbb455e231a34860e5982937f4c9e32f8d1571bede8c0e8fa7ff810f4e878be78c0f2548e277f7556948d7bbbfcc61d

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          4e8467cb8fc7445c29d0bc2cbb618618

          SHA1

          c835e3de1d7a7492f290868f25e78fdea7aaa1bf

          SHA256

          14344c4146ce7c81238642e9807320913a2be2b7d14bcee5896f52544ec5fff3

          SHA512

          aa355dbf0cb55d92383824b6dcbd0f07459217236dde37d082020e4c62a2eb8ab4901d33f328f0878319f12c712c8db829b5087a43d568808dfee97db3e16ac4

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          f2e0631de7a6f6663d191f92bedd9bcc

          SHA1

          2b90c3e6781f92550a2184f87269a9fd9c61c80a

          SHA256

          ac3a9690bbfc00a49f6fe91a9111fdaeb59262dbd443131b42b9c32217a10f17

          SHA512

          480b3d579a224e5dd56c1bd783335360dc58095d4ecb58672da79a8fa96e6e4093f82a8b09e6d7e0b641e59b813692a4b70cb0cd55e1e8f3772b35e6199f346f

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          16561f1e46098810aad2dbaa6b6f596f

          SHA1

          46dfdab9b8b315d7f04071f8085419a84f90350e

          SHA256

          1ecf809f8bc5d4748c8f8f82874644bcd44d21dc188a33fb42655c191b03e356

          SHA512

          923891786d9600b246bfb5469fe1ab4eeb5a9e9734e7613155072f9f2673c6ad4bbf51901d741e666a07b91591d9018b1d51bc28532ac69f86c6fc4b66b523b5

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          3d17914d2b8fb14d64b3c20a3e475c07

          SHA1

          8c8bd99d951c32fa16d4c644cb4e1fbcb3d97842

          SHA256

          b2e8f9e891f0c28102fbf480967a842a93311d6d616726d0888c10bfdf68a742

          SHA512

          726596b6c4bbcf673538540a10c27560d025621ccc15f69a21b68e9879764ff50cda689b0c969d47cc17ecc100a00f8abff876e14d30d92e3add6403235efef5

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          37af3ef44328a080cd4212f02d1b2cf1

          SHA1

          a10897b74beb882bd928401e68d192603ca4194c

          SHA256

          ad748e12c8aca6e8b9a8ecf8df9d90c2592a6af1757099020ee494293b7fa1a6

          SHA512

          82603794dd84cadee3709e6c50e339c89a7c95fd0eb04adeca3302bd8fdfd27306b3840631b9a3ba57e361d78a7ae93a73f48293f7c6f8c8d287e9df7e9ddaed

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          b648629409d41e36ea06ef2d3c07d77c

          SHA1

          6624a12e2b6fe86ecd40186a58f1b18fda2fe5cd

          SHA256

          855c54e3831bdf26b073e7d46fc2607f721fa68627f1fcca1978103e104ce19b

          SHA512

          cecf27989c79a6402556ad80dd5eb7efd1fc9eae6eff256de7490e0865dd3472ae0eabe17f3faf063a56bedbc12c35c26543715efec936361281b3ee5526635a

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          222c154b4574b30280be19947fd418a5

          SHA1

          ce279514b3a3e9b0426aaaa1bb69fd5b77c10033

          SHA256

          90010b9e3317469f4347ab6add98a46852d5ec870db4cd768efc8dd541681dc9

          SHA512

          eed03cbb0049e1070f9a735d07dc02d91dbb55c496972d063bbb6e10cf56cb7358310cbdbe5ffe16c0170047ba86d6a5301616d2825585dd5c1cff26d8cff738

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          8e5f8b1f5a982f96a6ced33e28511b1a

          SHA1

          d945f79809864288c5e8feda182944608ebe2c5e

          SHA256

          eb63a0156f081bd0ff135959c79887c227444be66e073aea81728158e1b7b99e

          SHA512

          7da0ac5aca73a487e7e49f4cdf48b84542025500e79e9686774143d386fb5e20bc63e8574f2c6833ec54bd6ee37ccc2e2654fa7223c8aa90f1951762d51d9deb

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          bf57d4ef5aadaa2562c1ef1cc5ad1abf

          SHA1

          c31041b601ee09a3d17fecdbde361174ab1cf219

          SHA256

          ff8237aef8e45146730d8b3083a4f0571433141b6eac67c0212dc3eda685fcc4

          SHA512

          de0eb00dbfca14ba704f2940d3c998634f25bd9bf05de492bc4357ab53d15ccea0c81a2cd863c2f85e906a903c5612b1ec130260bd271a1d2db8b1f94f577b13

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          3ecad6c776cc6f5ffcd9bfdcfd77ddb4

          SHA1

          bcf4630c405d9b798a01a3d407c9f01b0a40f714

          SHA256

          6bd48e540fafcc4ff1bd7e6f24e59c3fc651d9e86c98473874164a5bdf092082

          SHA512

          128b15fd55f20473d4466aa1ea8444b92c3fd088f7a360a9d6dc05904ad486e73acd9ef64f3776dbcaa4aa248c4b131dd52a08a9e5554bb7c7072af85af65522

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          b7f64431721f7e6398c48cdad7d5db96

          SHA1

          c9405d760bb0146ddbdb15b70cadb2199734ae26

          SHA256

          f8e83ff0c09dd89914eb2cc2b5c6786bfff81316e6a9faa68c05e5d3380c091a

          SHA512

          eb266ecd2869b0d43950d3426635304bccf42ab82c028528592871e11b3693a65aa07ee57fc02f5bd0e1cac1e377480a9a11a8c32bd4fc47fcdfb219d9a95206

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          93c24aea9c63d523ad54e5c4dcc5eb62

          SHA1

          636349fb1b481c4a0964e99663a1e0dde2f6977e

          SHA256

          4d6c3912c4f767212facdecdb17ebe4e2dad048afa45b04769913c8e834b2c3e

          SHA512

          8e8c6217fbaca06bd64bd4334948fee53268c759f5a6d630ee6582d849f4b0e36191e56c09cc2a2123ae358b20ffccb87a4d27243f64522970c0daea3c72ca4a

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          c9c77ae9a3667fdfa3c1c820c975c34c

          SHA1

          39b83de1556f6534b702b4663ee17c86234a0e64

          SHA256

          db1a7d4edcd36edfaf5758c45255c9e5720ef1a3d65b261ac83c76c0bffe89ce

          SHA512

          d4a1e4e92c233c9091dc9f95f9576b58843b71ef8108975bfc20ab85543ab0fe9087ac8daeb2e59500e7b0e57dcca2910d016b377bce62917d9b3b37a221ce52

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          d69d58222dbaf5c1139c683eb35788b5

          SHA1

          0f12441a9f4cafa0671da6622483a1c000459161

          SHA256

          e957900e0be2cdaf9fac5aa271a48b1af558209a8dcde66f046316247d55ce9a

          SHA512

          13482d30f79bd7c50519a933b564d87afd5b2a0c7e9b6f2836274c9729efbe6001ee49270388d950f5d2eb59520c3ec7a2b17fa65bccd5faf5580103a50c833d

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          ccb71eb18dd15411a6779ead3072cbc3

          SHA1

          9c6ff579f17d7651409b35acb8cfc0fbb4785263

          SHA256

          b9144c45d031bf07d4bcdf7396bf3a698564332d9e3013328562283017cd0f88

          SHA512

          dd08f0a3baeb0f8b9bef0cab6cc1a1a465d51017abbec40c6dab69b6cbf4552773d82fba07a41435fafc1d84db5938d9dc48dc4d48da1e288e79e03c6d9897f5

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\Cab4CFB.tmp
          Filesize

          70KB

          MD5

          49aebf8cbd62d92ac215b2923fb1b9f5

          SHA1

          1723be06719828dda65ad804298d0431f6aff976

          SHA256

          b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

          SHA512

          bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\Tar4D6B.tmp
          Filesize

          181KB

          MD5

          4ea6026cf93ec6338144661bf1202cd1

          SHA1

          a1dec9044f750ad887935a01430bf49322fbdcb7

          SHA256

          8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

          SHA512

          6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

          Download Submit

        • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\installstat.exe
          Filesize

          44KB

          MD5

          7c30927884213f4fe91bbe90b591b762

          SHA1

          65693828963f6b6a5cbea4c9e595e06f85490f6f

          SHA256

          9032757cabb19a10e97e158810f885a015f3dcd5ba3da44c795d999ea90f8994

          SHA512

          8aadb5fd3750ab0c036c7b8d2c775e42688265b00fe75b43a6addaefc7ee20d9fa3f074dd7943570c8519943011eda08216e90551b6d6a782b9ed5ce20aa6bab

          Download Submit

        • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\kk33.icw
          Filesize

          840B

          MD5

          94d1d797c5fa1a003b197d148eaa9d27

          SHA1

          821fcdea423285fbbb24de4bdc445add3045ce6a

          SHA256

          212970b3295a4f2e77259f94e1c97e14111858a192938cd58589ba489da47b99

          SHA512

          9a3019152fdd6a607258bf4f8b10183752d78a3f111c67f07e35538986ca7ed4e20b1a9438591b2f05692fdd0d283ab162c5cdf24fc47ce9cb8b6901b3d24e68

          Download Submit

        • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\statistics.dll
          Filesize

          80KB

          MD5

          d2a43490acc2c80d87139db0dedb537e

          SHA1

          8f36e5865a03511b04961692af6053ce4365db96

          SHA256

          b9e841ae979cff45a71df03cdc18a7908cc36a79d2aa72896714248be818644d

          SHA512

          d8b3382755848e0b53b785054effd034546eb5919b4c1f248de484a56342ebe5d62a2ff3f4629e72361e32bad0cee179d5eaedaf9508e106ef74740413197a34

          Download Submit

        • \Users\Admin\AppData\Local\Temp\nst22FC.tmp\System.dll
          Filesize

          11KB

          MD5

          c17103ae9072a06da581dec998343fc1

          SHA1

          b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

          SHA256

          dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

          SHA512

          d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

          Download Submit

        • \Users\Admin\AppData\Local\Temp\nst22FC.tmp\nsExec.dll
          Filesize

          6KB

          MD5

          acc2b699edfea5bf5aae45aba3a41e96

          SHA1

          d2accf4d494e43ceb2cff69abe4dd17147d29cc2

          SHA256

          168a974eaa3f588d759db3f47c1a9fdc3494ba1fa1a73a84e5e3b2a4d58abd7e

          SHA512

          e29ea10ada98c71a18273b04f44f385b120d4e8473e441ce5748cfa44a23648814f2656f429b85440157988c88de776c6ac008dc38bf09cbb746c230a46c69fe

          Download Submit