Overview

overview

5

Static

static

3

c1969d971a...18.exe

windows7-x64

5

c1969d971a...18.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    134s
  • max time network
    133s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    25/08/2024, 21:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c1969d971a0695b3c040bf2b701c6662_JaffaCakes118.exe

  • Size

    64KB

  • MD5

    c1969d971a0695b3c040bf2b701c6662

  • SHA1

    9cacc079b15efa01c6bb6ec099bc757051b069b4

  • SHA256

    09890598709a137637c25b9355c5ca14691d894cf6ac5f275bfcf11313989e14

  • SHA512

    eccf57098655739574d828a46aeeb9c651f51f388ce3929e0448fdd9765164004400608c110915eda0993e27ae68d5e167de963e20f00c32c8e6b169453f677a

  • SSDEEP

    384:e3x0opJm4bXiIjACgd01E5XILg1VolgnkFu9roxxro8d6:Yx0opJhbyIZWJyg1Vozuurf0

Score
5/10
discovery

Malware Config

Signatures

  • Suspicious use of SetThreadContext 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 58 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 24 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c1969d971a0695b3c040bf2b701c6662_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\c1969d971a0695b3c040bf2b701c6662_JaffaCakes118.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:708
    • C:\Users\Admin\AppData\Local\Temp\c1969d971a0695b3c040bf2b701c6662_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\c1969d971a0695b3c040bf2b701c6662_JaffaCakes118.exe"
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2300
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://www.kankanhaoba.cn/welcome.php?k=t%2FK9qMCtzqrG67buxuvF1Mbrt%2FK38sbrwK3awLfyxdTA1sCtwK3Iy7fyv%2BzArbbuxuu27sbrv%2BzG67fyxuvH672owNa9qMCtvajA1r2owK29qMCtxuvL48bry%2BPG68vjxuvG68bry%2BPG68Ctvai9qMbrwNbG67fyxuvArb2owNbG67CivajA1sbrxdTG68frxuvH68brvajG68brxuu%2F7MbrxdTA1sCtwK3G67fyxuvG67buwK3H67fyvai38r2ot%2FLL48bryMvA1rfFwNa3xcCtt%2FLArbfFwNbOqsCttu7ArcXUwK3G67fywNbArbfFt%2FLG68Ctt8XArcCtt%2FK9qMDWzqrArcbrwK23xcCttu7A1rfFwK3Arbfyt%2FLArcirwK3F1MCtzqrArdrAwNa3xcbrt8W9qMirwK3F1MCtzqrArdrAvajF1MCtvajG67buxuvArcbrxdTG67%2Fsxuuwosbrt%2FLA1sCtt%2FLG68CtvajG67but%2FK38rfysKLA1sCtt%2FLArcCtsKK38sDWxuu27rCit%2FLArcXUwK3Oqsbrt%2FKworfFwK3F1MCtsKLG68XUwNbArcCtxdS38svjxuu27sbry%2BPA1sCtt%2FLG68Ctt8XArcCtt%2FK9qMbrtu4%3D
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2844
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2844 CREDAT:275457 /prefetch:2
          4⤵
          • System Location Discovery: System Language Discovery
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2752
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://www.go2000.cn/?2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2776
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2776 CREDAT:275457 /prefetch:2
          4⤵
          • System Location Discovery: System Language Discovery
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2720

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d7bbd75ac481cd3f992e462f4f88a70a

    SHA1

    154e3617f667414efc182fdec39c6bf6cc9f982b

    SHA256

    f3f8cbdaee3e159ceae2b26e2883d33b10cb8582a836c6a7505d1b90325601a5

    SHA512

    c53ff91aedce83c4b5d8d4fa729b95349732e23186a76435aac31b53ff9e8996b43b8f73ab80b60c0e5f52c735a192980584784a9750e5d51d4b607fbe611c80

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    099899e09e96ccb23f640e2fed984d7d

    SHA1

    efc469ec16e818fab721d1f985775d3575172071

    SHA256

    747c5a256cfb9152173ab4b6cd5e729975a211497608a54881c2a6c731df825a

    SHA512

    255da9ded2612291e6552e64e0134b53d18a1ebe08d7307115257a2ecf89a8e24cdbc8dc6db8e2ace71822ba52e77ca2d6c461fe2f78d4640477bf0ce5b8a424

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    202d42bfb70fd04530aaffc853eccea8

    SHA1

    4b2c8b273db2dee30c74de7449406f57ddd44e0e

    SHA256

    606095250ad850b026c1915dc95a378e1b0e2073d605bcfaa648a4bfb9587684

    SHA512

    068d3504cd32b72aabfc55157ec7ed67c3cc2d6c8e13385d53db3846c0bc7a0686c44813a551825eedbd0fba63910b51a054297f5b588bf3dfa0164b7d01c6ca

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5ab287fd25bec001a82db8405fdfeb4d

    SHA1

    af0be656c81bf205945993d5983ef3c19b9e9bbe

    SHA256

    202120537ccabadcd8ed3b371d2a92b53ffaf859e5d088b251032649a6a8c9dc

    SHA512

    67235006175117e9b43167507284b4be078ee4a052dcd0306bb4071cbd29e66f2bfcc8e79c64429a3d2643217afda24983da1e133a52320d7529ba9139dd3e91

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7c18706d5a585a873ad781939d0d7bd1

    SHA1

    a6d0adfdc96793c87026c83b34d5e00200601631

    SHA256

    eb431845b530f9f2d90896c749f282a8c67fd3dcee230998973ee706f77e54b9

    SHA512

    178a68eb4c313111823ca17095c290a1fd351ffd3158f70da4452338a4bde97fa91b1bf521225ab70d0382cc38f29e59705c52eb67037657cf5b00bd3597965d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    61572936dc882199b75d1dceaabf1266

    SHA1

    2d440ec30600594b8af76e19c4fa3d0e9e7ea7c4

    SHA256

    611f1a0fa430d602ff159da4fe017d160ac23c7dfc9bdf07e3493b6cb44ca73e

    SHA512

    e3c5b6542bd9092694e2ac23f72245143fab7c71c5341f2ed9efa84e0314a74f16de4f8dead65fcddcbfb493b8aff65ea1ccd38cd122671316833c18da25c4dc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    acec23b0a5b421437f430d54b300f0e5

    SHA1

    79b89c67f503c927984cedd6e1d0801c0330a92e

    SHA256

    c4faa9079cbc74410cf04a5e5020c9ce7b1efab2a692f02cf2a053db63525f0d

    SHA512

    7e99630605f3f10f17c350ed2b53980c3f345846007e1046a68e87b708a60c458f27e96dfa2a1978fb28530fe1c4358bfef536ddc1d9449e48eabf5c840c28b6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    bf2d7f597c2a46c9687b2a5596a6c91e

    SHA1

    81946fd2ddc9a415f518a84d0540c5efa60368fe

    SHA256

    274e0fd72a6685281ddb478cf97c59cbabf87e23727e87ed796b03d4a30ff9bf

    SHA512

    8d51daa5cffa74ad246ee7bb43090ded9d439e749ed87ebfc325bd8f4d50abf59fa8adada18a74d2db2807f573b356d590f32048494c0b021ece2e8564eb924e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d1402d397ed12b2021dd5190a373e28e

    SHA1

    0938a4cf0e1ad90210f68f9a0c210c60b2848344

    SHA256

    514d67605e0e88e214a801c2a71dd65d66feb7e345dfa1f4de7487e929857666

    SHA512

    f9068a2b49ac0b49f3836f64e2bca908806004e8b367d993384709c4823f53b6acc2b38ca24980bf2e9edbd1d650877a399fc49c99290ad1d67077330c6879b8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    29781b1777c293cd2b44252543428549

    SHA1

    eef12519cedba5fece40044e35681e7f6338dc36

    SHA256

    897d69ff9195980b75ef9fa47929a46493a863761038a79e04e74a316a34d17e

    SHA512

    bcba245ae81be8f3e612e139d6d969cce793329936959400d3431f1a793bc73db20636ce25b05d618e0e24c2ef0471cb43ded261bba713c509ed827b942755c5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    486cc29b1928257d9fce9fd33d62eb63

    SHA1

    1446c7675d1f7837eb5b0c7b7f6ba22f2449d6d9

    SHA256

    a3d96780782c90861f02b6f563d1af9a2e2714a7ebf8014ceb9c92353a063fa4

    SHA512

    c54e3acbe06801da9f8a8e500511ac93e303995e9a15d247ef00faeb54d6f992f05f8c2116ba9ee5a5ce688296413ba9431eaae899955f3f7350b52d193b884c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c3fc1a2a067045619f43c0abf0fd8893

    SHA1

    936166fdcb09801759ec30253f6aaaac569b3ab8

    SHA256

    af83f718d26d355a77fcab1830d8c5640f669889ca5c87d5ccb829df2b7b1c6c

    SHA512

    c1211d689d405120dd5b52d1da946f864ffdcf73d7e0b08dc0ed48715e67038f67bed4f9520944770a5e2aae5d68b3e9b700ce5b17865c36148adb679ba92fea

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e93408af7b339ddf0b80a3f7dd9a628b

    SHA1

    9033b0614b20fc03d807706b5c71f86b10b9b46a

    SHA256

    b9548f3caf68ee60b9e0de25a98a8d35e141cd84ec4274fa22f6e1cef946d9c7

    SHA512

    fb7d642a2c0bbddfd55190dc1aa15330aa190ee75cedf86099bf8449a1fd5d1fa4a3f2b75eecaa13a6336e59500126f4c2007ce568956f82fc3bb0bb80a25af5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d5bdca3bc8774ee92d8d91534f5edc7e

    SHA1

    1bef09dc66f93d522dd3815ebc657d03e6d20ae5

    SHA256

    24c6a9e7a4d59dc405bb33f5186e4697ca85a9fb8f4046b11cee4078e8f49e93

    SHA512

    f87cc5fe1a284546ecdc730af92a2dc29387aaa57994cdf72d155609d281127e00c81e0590b7e0b517b75848ed3b6fa0050412fc13392b8154e09f8b6d13a9df

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7845fa9a6c7ab8c441ede35a3f34f8b5

    SHA1

    4fa6b580b9f1f501dd797714eb7d5f9f86b6f66e

    SHA256

    475711b2aa00f1acf08576008337bad7bb9f0a6791e47f276832eb117e43d7a6

    SHA512

    602c7b22053ae5e05bef7732ac9a0283799fca3c49d7cf5c2ad85cbba3ee682fad5d0c429ec942dda099468d22e21eaec6349ecbef53eede6ecb487137dc2060

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2846215f49ba437bbd44f4cd9dd2b595

    SHA1

    9202bc0041d81a688fd638f91e9caa029b0aa0a5

    SHA256

    03cc8411d0c7e3499edc78d8cb3dd1f704b61b8c5b8d0cb2e2c187a07d5a0ea6

    SHA512

    4526bae8ad23b5fb0f04210cef50914c112326c53517eacd8f000e50963893ba9bde0a78f1d9216785402dab82d452b643ed4c149a7bcb8fe98b516e2213c5ed

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    28ff36075512db12485cd33f96e8708d

    SHA1

    0c569b4b38df0fece1b8c480184cea975e9ad515

    SHA256

    c47e6a63d17f5fbfd159f73e293f0a385449309a2ed1d91d8b9d66f6aa62396e

    SHA512

    9298736d50523af017fdf71f59ee6a53a6be6a8773fe89ce3b84ea3183286396a24537702535461f451e63379dc484032a9fdd9a55db7b82250033de8fc1772c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    41e1df6636cbdfc0b1db116c93acb779

    SHA1

    1cb43cf7deb25278a79dc27950640f84d217e17e

    SHA256

    59c573eae17e65a3aceafa81b0f5a4e0e57c79201a96888dc52d874ee01b92c6

    SHA512

    76445f9debf41770d159bc39de60da1f348251183f3d92be94863fe082d632fb7162acbce2b31d8ff242f4400d3ca0e00fc992849e4c9b0ed8d623ae6cf7b358

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{3A6B43B1-6326-11EF-A74E-76B5B9884319}.dat
    Filesize

    5KB

    MD5

    cc2bb5b7ce969ed988372bacf57b6f06

    SHA1

    afcd0ed96ca354941b26bc050f5bdbb3b8f86f58

    SHA256

    46eb1d5d18155d5aee55c2a5474cb84e3cef5c73b2dc0cd1319621e9935e0ead

    SHA512

    b8b92120d9ea466446e0c799b90a503a051985f1263945dc9982401841ccadb29cbd05051555344cd655f1ba03ffb64737b2cfe9280101bae6e5a80bf2e9f21c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab9B4.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarA63.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/2300-0-0x0000000000400000-0x0000000000406000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2300-4-0x0000000000400000-0x0000000000406000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2300-8-0x0000000000400000-0x0000000000406000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2300-6-0x0000000000400000-0x0000000000406000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2300-10-0x0000000000400000-0x0000000000406000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2300-11-0x0000000000400000-0x0000000000406000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2300-2-0x0000000000400000-0x0000000000406000-memory.dmp

    Filesize

    24KB

    Download