Overview

overview

3

Static

static

3

c12e3ee16f...18.exe

windows7-x64

3

c12e3ee16f...18.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    150s
  • max time network
    139s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    25-08-2024 16:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c12e3ee16f29e9c4497de45febd8a241_JaffaCakes118.exe

  • Size

    53KB

  • MD5

    c12e3ee16f29e9c4497de45febd8a241

  • SHA1

    380d7a4eb9219881e442d5245a33b2f653c6e039

  • SHA256

    a0de7fbbb837dbaa1e4dd3d08a9379c5975d25f5d1154651bdbd0a9b88ce713e

  • SHA512

    c19ab64ade522784a1cf1489f7a6517f382acd72c9b9f464faf0788b9469be1d093c6f345042658c836439804111658ef54151ff6bdd5887a69d3ba3ae424797

  • SSDEEP

    768:/3m5Lr3VB5jGiEGv12ETXPKkHreimpjbEoEAAud7a0EXNbc765DmODZZPZB52jU:/3iLpjiCv5teimquBqXK25DmQj

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 58 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 11 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c12e3ee16f29e9c4497de45febd8a241_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\c12e3ee16f29e9c4497de45febd8a241_JaffaCakes118.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1072
    • C:\Program Files\Internet Explorer\IEXPLORE.exe
      "C:\Program Files\Internet Explorer\IEXPLORE.exe" http://dl.kanlink.cn:1287/CPAdown/vplay.php
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1120
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1120 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:912
    • C:\Program Files\Internet Explorer\IEXPLORE.exe
      "C:\Program Files\Internet Explorer\IEXPLORE.exe" http://dl.kanlink.cn:1287/CPAdown/PPTV(pplive)_forjieku_977.html
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1716
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1716 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2620

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    287c8dd16b69277fef81faf9e39fedf0

    SHA1

    252eac7162afc2c932c84a521c1c2b69bf70b9a0

    SHA256

    19881160b3cf53de0dd0f61783fd2909cc87cff8d818affcdb01ac082feaf6b1

    SHA512

    07a2b9a4b4792428f8557b11f5a25b02a62e2cf7c5dbb633c748e3199709a24ed336f2d45b50533d0e979c2fc46a0a885900173ae1809f0bd470e77f1a1ef6d2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    adbb875b81d465a58c118a796da2a377

    SHA1

    608cd959fd54e6c5ed9bfbe3600639c0cced5212

    SHA256

    a84660ee8e51c383fdcc22885a9f6ee12c624e552ca4499534465fad056fa083

    SHA512

    64aa78c98ba534ecb7609464394dea9411964d555c5d11a40a635ce87d0071c07293351b98eb5227b26ba40598147e5085ad05c7b5b5210050bd1a69dbf6c117

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8920e0cfde72eb8129e330763147ba12

    SHA1

    f41ccd041152949c54b45d0b180be7ff94034703

    SHA256

    8b842058ac1f080a60dc5e26d1cb776db86925fd7aecea879efbdb4a8c0e83df

    SHA512

    49f15fcb0a3308220047de9bc7ccfaac38da677da42a7e6c9170d55c62748374f9777bf318d07be8b7016829cf7746ca026dfcb6f5b4fe4b8d05efb3a1539294

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3e8fa9ffce8a1b747952c78dc37161bf

    SHA1

    a13b2392cbccbff0c983e12c242eecf8b72f748d

    SHA256

    49c0614b4a05c076fd6bead6b0effc8a2e4dbb113a44873db18b2a9ff2af4994

    SHA512

    2234d6dcf6b962ec4204d081e31dbd2766d46d30a55b4c2ce10d707773d53a57cbf4b91d4f6298dc715bead6f42e2167aa593e72c47daef38c7a798b696deb48

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5b0fc78854fb3bc47ace27832a83e103

    SHA1

    67c60cc84561031e5824de15ba4d4bbf7e3d7117

    SHA256

    c40380ca520106d51fe9e3f9b468d9f42ae2ca334fe823d7d8d3a232e091d8f6

    SHA512

    49adb29029031f62c35111d6ba4368b845a819d56773fda31d2ccb9407385cceccd019c7f196d4fcfc960592110dd06f934a931cf0442a435f2214fb268b147b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6e2cdcb593871a99d3e022f40836410d

    SHA1

    7bf9c6d2870913721a2a2d6e7f47bc465ff0585d

    SHA256

    c413cc3d0156a82bb2c4666f2d766d2623f8e67e1e8282bd4e751181ea42155f

    SHA512

    63fadd2ec259f8d0c156158522de51182652da5682a0242872236aaeae87010bfc08a4f308a01b63d6d4b6fa83f942dd2fe1b732fda056f943f6172f3048569a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c3bbf97611b2e69bd734cd3d5b5d6c00

    SHA1

    fb66609c0f8c237bd94aec486757777d745dec97

    SHA256

    38d608b871c66f19f37d3516a15b8c146fe953c41efc4a2fbefbf4e5675c9fa7

    SHA512

    a400e952d53bc9a5eae9f7dc0fb18f5b2a0e5f9ee2b9c0a2cc56fe48df3797714f4d460a1f3646283143ec787c3bc42b02fc6726da28fe2c5b006ea4c3466183

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9829b90f3400f249a7f04f749e7856ed

    SHA1

    85b6949ed1a3d23c25b118cc777c8e793af350e0

    SHA256

    f5794fe74839f5645feefffce65ff4bd14a8a5a06f8d2ffcb412125dac116c00

    SHA512

    1f1775dc2d12dacd0dbb3936b697cc04bdef4d87ccbaf5ea4b67b04e7dfa364660e5cbb0d652913b1a274828dc14ea8f90f662d5700fdc861e7ecdba6262fbd8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2b61dcf4282700af89e4e421b85a4e2f

    SHA1

    044d780d581101e9d9435eb3674fef73b7d15d69

    SHA256

    9425d29178af5b7664d8a8e779221e833804bee15d2d22725c3b04daa618ac3c

    SHA512

    f670cb8ba623bda1b03fc4461b950ae76a3e3f16c1374bfb9061b6413125a018043e7be7f13b4fe63d9a21a98caffa5bf13b5822a8cfe6ca42d5e68f469b0426

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d769587670132375b6796d7f60a5530f

    SHA1

    591a8ef488343a9f68e9ec74acc9a6191678b56c

    SHA256

    75260559ef6ea736e6f44e00b56b276a733fabf75b413817397711fcc80030c7

    SHA512

    57cd9f36bc4b111bbe1deff90013f8ed004fe905671122b879b2762831cfcc6af95b8c6d68c77b90a8d7da9986986457098ad8c69b4b77da0d11ebfa2bbd5a82

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    dc2b55e3c003f989788e315138bd2d8a

    SHA1

    b6762da19942da4f2882becd2bd7052aa3fb7d37

    SHA256

    fa9f3c8d4afff0a3d5a27b8f20313bcd2b4f4e21d08d8cbdcad76b91042fcdad

    SHA512

    3d3939123cccd46511f0a462b95ecba5c63cfa912ca81f703c56a470a783fc68e0033d9a06e7c3eaec8ca189d64febdcc03e6d2514c2240de69d2df201d4b9bc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c3456f3c263ad344a9c3c0e39205bcbd

    SHA1

    2b241fbf7b00ac8fa7701dd054fc2219f656fa44

    SHA256

    3dad0f813cdc94e132eb1653080797f77bdce2cb793f1deda7f369ab41f77ce3

    SHA512

    f9586e0fd374e9667b379c76a060e5868700747cdd49e4d924ca609981d62855e9b66fb9cfa169fb130e57e1c4d5a12557dbefdb16e4645f1f6c72cd48e63d51

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0996724b38d9d61707d18380dc426a50

    SHA1

    32acd7089391b66e3db072ccdd17a8fcf7591e85

    SHA256

    ea7dabe5c4a8086751f5d79331ff23365248de62d9beaa669f9920a9acf09156

    SHA512

    8c0061ff144208a266a5e562f0a85fcbee137f17897fccbf0e75ae07b5eaad936244b61c2a73a4f65d2d195aa394b78cc48bfdab498b06c0ebaa033bcf0f575b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e766f9c71522d59aad70fca3b9d9817b

    SHA1

    03ecfaf897cab8a79b4bf26169d052d6edf9147f

    SHA256

    719987d32683df8bf318a6f2972729fefcfaece147d86bc8687d70c89518ebaa

    SHA512

    db02a7f3d5d4142d537b428f3b55dff431a39cd00b05948478c083620d42e0ab8e5f16943081ec373c641d372bee56f9a13ec941866a71ff2aac97f8a97ca9e0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8b73a5a15c1285dd3a0fa41138d2aabb

    SHA1

    15cf7ef7262712583205bc41449f1faa20c9cb6e

    SHA256

    8c91414a216b48f131bd81f2b107d75f226af2e8afd483809ebd4d33f3351a0e

    SHA512

    b12dfdc2167745ba55b679338803bacf6cdca7a3ef0abb8ac6115c77da8a6877fe31cfde64ed8892274c4fd849fb3739a8cac85c88d0695f45dd98da2475014e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    763c5be69ec084d598031acc6f03c99a

    SHA1

    6a91789eaeee758e893faa0156ce1e91d392d819

    SHA256

    7fb9a638928235a30222ced5382febbfda001cc511884e70c062b88446a5583d

    SHA512

    6cd2209a47d3b4bd682c5fc55646725222d60bf9fec5a7d0442f19b6caba1394b8f3226de1535ec521af66917e0d878e645fbc3c8360e0b234f87620151dd8be

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4dc38520769b969bb12537d223ad6d16

    SHA1

    509cd357d6dcb6d9facb3e13c61bdd214ab5c377

    SHA256

    d0715cdc4df60188c276301cd6f74dfc25bdfca1775841c3951f461f25d01d7d

    SHA512

    26a4ca481e4ad05ec5218481db63da60bfb37f7022b78c078f61724e995f2920d8e541a629a42a4617200e5d48c11330302885bd7aef4b03907a09e43c955a21

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    504b76bbe58956f5fa3385a31f2d1e11

    SHA1

    1087b8f6a9e1e3f7af8ed9a7ba08a4bb2274b327

    SHA256

    34f095ec6a8ca6efe1625e9e9c881cfa2e8d86b03ead18e9f5905291b8fabf93

    SHA512

    1e44c66a720344bf1e92239a649516e4dd8a4d19c179457bc6d094b038905ce823e90a6e1fd00b9e7510b3670c924b8e614ce695be3fd87c3291328e0719b026

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{647FFD81-6303-11EF-920C-D692ACB8436A}.dat
    Filesize

    5KB

    MD5

    c5f15cdc1fcfcba677c7696b28a1f264

    SHA1

    fbd075cebab5774f88cc46d5f7466f84113ad157

    SHA256

    228a2175967b7fc3d7de48663ed121c6aeff7bc651444e86b73ecef9033900fa

    SHA512

    652cd1dcb96fe561a79b2e15ce215fd4024add984a248b02e337b2b45081a6cdb8c10e3faf7727467ac112f35659e9febbe39a92ca9cdba9364f14b383dcbdca

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab50D0.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar51A1.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit