Analysis

  • max time kernel
    148s
  • max time network
    148s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    25/08/2024, 09:35

General

  • Target

    c073de004e6ae6216de3b0abd6984d3a_JaffaCakes118.exe

  • Size

    15KB

  • MD5

    c073de004e6ae6216de3b0abd6984d3a

  • SHA1

    9f13a67ff3b876c043d6dc04b5d17834790ae45d

  • SHA256

    94ca5834b64d25acf933468f7545c1d8bb6b65cf59d8898b4778196bdb30876e

  • SHA512

    5f1547826ed7e72a4e327f523e08b1e3efe2c500923884edcf0f997d8910e8ccfbdefe2eb63f8254a9c83e24b2d12b320e835b580e31a479951ad7d291c709fa

  • SSDEEP

    192:nFs61A/0LiwxqfKD6Vk/gqWhiQ7Sh92sGNl+veQjcWpKPgMx:6x0iwxqsRQmh92tl+GAzAPH

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c073de004e6ae6216de3b0abd6984d3a_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\c073de004e6ae6216de3b0abd6984d3a_JaffaCakes118.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2296
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.petitenympha.com/
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2320
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2320 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2236

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

    Filesize

    914B

    MD5

    e4a68ac854ac5242460afd72481b2a44

    SHA1

    df3c24f9bfd666761b268073fe06d1cc8d4f82a4

    SHA256

    cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

    SHA512

    5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

    Filesize

    1KB

    MD5

    a266bb7dcc38a562631361bbf61dd11b

    SHA1

    3b1efd3a66ea28b16697394703a72ca340a05bd5

    SHA256

    df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

    SHA512

    0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

    Filesize

    252B

    MD5

    a522054f5ce9c143dbbbef824f377dc9

    SHA1

    6373af6381a9d98d3c50b9a0393201804a53cbe2

    SHA256

    4ee95bc3ebb3f35c94491e7219fc70bed9b1071c6e233d00e3738d9589c82a6b

    SHA512

    752abfabfab4e233b5448a26f0801504e0cd45bde5447c2de8a2a42b813f00efc2e42ebfbcd703eb4c7726f0d103a283cd6aa5e0de0db338f138d930612f31b9

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    f017b473499304bc99452b0654a92576

    SHA1

    7da6e4a7bb95262233fb2f84176f39040cc1e97c

    SHA256

    951f24c73b20384a3f659e94e10f2f48077a126c8dfb0a691fb566737ac7daf0

    SHA512

    7b2bcd4bb05b31446b2b4e6cbdb669e1aa2919f5fa6a79e5d14cd6d34542cb00c0d3245bac14c8ae883e45192b930be13a3ecc4a786228834fafd60459796600

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    c66dfd2c6a020467c1edb32eaa133e33

    SHA1

    5901ea700db90858baac5e61f754feaa99a21919

    SHA256

    acdd770c6eae4ea47156251bd749b03ca3a6c9bebebbdfa86941aa39318ac50a

    SHA512

    93334152fe23193b9c581b2ebd03b13c21f65b6870d3020f9d097a8ffab64550e4f59ce38be4212987c7a2f447ca65d57cc6c2ce09b6363f03d21cd75a31bd12

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    a1102cea7d9a24617aa2bbed3383a129

    SHA1

    0b2618b7293046606a6c7378dc10964bdd4d43d7

    SHA256

    d52f1b7825c14cc75dbbc263abfa098698768bfbb8499d5b90a5d17cdd2641a5

    SHA512

    818162ebe93bce3ec8321ec70e1560e450eb04979b84344d8e49138976e5fa141d4fdb36372a4e936a3dbcdbd9052afeed0d8ed19169c8c2a63fee7922c5eae5

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    3fa6d35ad2c1039b454ddacb8577009d

    SHA1

    b5c8259bc3f845ea11abd05de0cdc0175af49daa

    SHA256

    ef8efff8f985438ba55e12cee1e285ebf20183151ca9ef721b1fbd85519bbdad

    SHA512

    eaad2658299b4b945693816d771bedfacf89f4360f7539bc2e1a76d47bc3a25d32b0b7003bf446fe176c7a06748ba3b8b88ec5d26f5d659f22baf291efb5d7eb

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    98647ab4c8c450fdf00f3d43da55b8bc

    SHA1

    6095cf02362e18abacf16b355ab29b093e018ed0

    SHA256

    e4e50e622dfa8687d07747745cb6eb23c22ef4796424ad3729b7804b05f48377

    SHA512

    1b38cb67358855535d38c4e26a9dd109b54bbc75e5bb7ff6999f0f68fb518dafa1dc975d167d7da1057d25df7fe7785149117773bb1e6ac002b1ddb603457222

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    44b6b2d856564f77a86ce841bf892c03

    SHA1

    707a2f975a0538b1463214e3ad8e5eedcc69b5dc

    SHA256

    94f18d489a6d5c4d524aa692e4852eb6c4793f50f1e00a9d429b77a00dfa1c38

    SHA512

    76d0a12fb6290ccbb518cc680ef7030bdeed13fb1e3dbeb95cbd66b6c266f300f0f54d427ae78a7f19ba165557e9fc3aecb547c49ad18245df77d010d6c9a782

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    4ae0b43018a6ea310f3ca6a6f20fa269

    SHA1

    9291687c26dda48b0c9ac17ec75184ce9ea1b616

    SHA256

    3a564b4bdc9229bb19f50438a782c747eddd235c7995ef709ce69916ab66a362

    SHA512

    7601d1e412100f0f9bf17955c860fe787f2d9812c1a9df5b4fb7ec7b34c7bbaf43c4c361ceb879447d8ead816eb6e93bc5559985980a04abc2b2cc630f6e586d

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    a4789f9c1f6e3fd248aa98a5d164e4a9

    SHA1

    aa607342caffc78049a7dcda929e579bc000c290

    SHA256

    1a68a8091b9f7a687d1d23728e1736080d6422a81b9a747108ab246bf829b19a

    SHA512

    c3b37f60dba128d55029199527ea8b4c26f7294128bae97784653af875059d4b4359b3a4c0a4c245ac188a7283c54e2ce277feb6173a95cf82524d1a0aceeea6

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    76e92e6cced3b688a8e51eae4d9e9945

    SHA1

    f6919cfb2700be1e381ddba6e7f8b38d5eef0e19

    SHA256

    5137df3a076d3e56e47b410b29d47b855672939fb5af01bc388551967b98156b

    SHA512

    dc6ce85625c43ad3e35605293fa3ce78be5db010c9e02f5386d4bd51fc4cb7be3fdcb3251d6750d7be08e59450eaefbc078cedff935942fbfecfb4f247e98d15

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    e20f7dc42dfc48fb3d8228e98227c166

    SHA1

    c78bb241cf1de0b2e924de0d1b460c533259421c

    SHA256

    8416e43de9f7c546366856fc0bd14b5b7753495051d96629eceecb46338ab2f3

    SHA512

    1d9a45588cc5bfece5cec212808417c7f73ce931a7f26844cf425910878ce76e7c4ca7972e788161978d90ec23898c35c3501cbb4aa6c2716e9770d710e8d62a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    b08d42a72202f7041c0727aecf71411c

    SHA1

    11dc094334828e1caf778bf5902da3fad0d897ef

    SHA256

    d442dd8e660306815ddb5f4053d6c19631bc18fedf23648e3eddb9d1380e9896

    SHA512

    443d92b9941534eadedfab5ec391c2aed8760347dd0da40732a8e26eef69b90f18c9c03b6fea2a5d56ae6ff4859852aace5f85f2b4d0823509ab59a7afff14aa

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    3c65a6bb026b94f60104e90de354fd9f

    SHA1

    d02e38e34be264775ff20c15d5dc860ba691f4e5

    SHA256

    4363cf50e90ae05937f3816cfa455bffbc6dadd76c045a5738b351221286a0b8

    SHA512

    b0c162bdff9d352824ae2ef814b28d6304e0e5cfa533be33dd9354b4c3b8aef1594cbf2f35bc9629ab0a69a897343ce9e2e214fea9186e197a4e3fa268a622ea

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    716d819df0fc1bae4e1abff298276ad4

    SHA1

    fc04c6e2710dc30977352460ee3e05afa26d0d2c

    SHA256

    8a1af9df8e5efa67161641d73b0416ce9aef2018e4f710fe876d92a10bb0242f

    SHA512

    9970d7b577a086e637dd67b87e8be94109a6a9498d47a846428b80208e449d4b60cab85190e58366fb0cf822027a8f7e97d3d93e30286292aa89e9b4a1b76717

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    df3413ecb7f34724eb20f187cc347341

    SHA1

    d6446d40e27a9fe9454744c2710722b5cbdb3aca

    SHA256

    074f27ccba943404a87e87758c8910783e3feb42d0c1c3e819ffa0b26aaf67a2

    SHA512

    a226bad685a672e3f347abb062627e54c158fed099901a4bca478290f84d93a5e65788923a598981f14e9d1b0babf55cb07a21eb768bcacc0cf1fa44fc3f5e71

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    7c4d65135e8c3d48cbe595999a2cc1ee

    SHA1

    40e9594472daffde55804abfe9c39f0ab5349271

    SHA256

    ef695515e57adb0443efe81ac8a1b7241973dc614c3127c1298bf50962a9e248

    SHA512

    e015db75cfdb07b735876613d28eeff60bf0f3257028690be45c8dbe4649d0d505fbe05acf4e0cbd97c06db290d8c5282f466b7e2551f8b5db1a4ead130d2126

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    29c2e957847a83354f7ac6edbccf56fb

    SHA1

    6269085b3617dd2802c89efa4e39ed9e6e475dc1

    SHA256

    259b846053a8da785774918d490fb9e7510c725a3a641c15249b6bc719aed13d

    SHA512

    c56721ad1284cf89b680f350caeed9f49e049efda83c15809f9bf48de05d1fe19bbc95706bffe807e04a1c725bf66c0a2e965b9b23a247c341366da3f82514eb

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    38861c1ee85862646e369be12bd886c5

    SHA1

    9a46f533ea7825bddf13f5c09f4b8a6d1e186f0a

    SHA256

    494e4915d476ecb934b1c45f544bad352f5fa162c90eac4d27acd0cf6284d4c3

    SHA512

    9ec955f30bfdf86c9e566701753102246db81d1f90cc483b4c040d172156dd0f1aecb0c3c09ff0409f335634196d21f9718ceb3d2a97c87259541fbeb31e2640

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    6077e45a604e7aae4eebfb88f9610e18

    SHA1

    34fc92b4ab5eb336d7c46ea940d4964364ddb916

    SHA256

    793894fe7d2fe8195b75e985a11e1f2d6be5decacc31d07c60bd4497f3fb4ce4

    SHA512

    00ddbf82d889f2705a7d53bc8ae2cfa92080e05d37278a194ef73e4d35ac8f7aea5151a81293583da4893213888e9f93e49438d48724ca5f5c3827765322768a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    3f40131b9395489d35e1d4967148462b

    SHA1

    ca044d8ca8bdc9aa265f9bdcf0f14797cb4a7d90

    SHA256

    c14e5b2e76b37850c9502c4b502ecb443ab871d623a1236710c50174bb7da535

    SHA512

    8bcd666549a010b060be9e270742cbe1ff24dbf37a946fd98f772a211b1b164efdad175c872ed062c00299d1c617a487e7022d8795251d197df9a435435b5480

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

    Filesize

    242B

    MD5

    ecec74c7be55626f459659d0873da120

    SHA1

    c213b84d507d2a5e429cd329c3ab0fa3c7277867

    SHA256

    6775e5090e5958ec13e072f75636baa3dd73e05b83e486f86962e0ddc0292242

    SHA512

    faabe09eba6581a2a18004deaf552d5ccd6610cd8b4997ae88a8835dc89769a8674a504f1239e051c2a94657b1b14e88e7c558079df8f8cc8b17ff5767e91bd0

  • C:\Users\Admin\AppData\Local\Temp\CabF76A.tmp

    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

  • C:\Users\Admin\AppData\Local\Temp\TarF76D.tmp

    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

  • memory/2296-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB