Overview

overview

7

Static

static

7

c91f86874f...18.exe

windows7-x64

7

c91f86874f...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    141s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    29-08-2024 15:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c91f86874fe27f7042c57a7ab112cd11_JaffaCakes118.exe

  • Size

    191KB

  • MD5

    c91f86874fe27f7042c57a7ab112cd11

  • SHA1

    837f0dfe0184a9c546b98e64cc067a3fe8472062

  • SHA256

    562627c0f9e3d04fe41cc152b638cbeba23acadfa8576fbb8731c13ffd76ed8d

  • SHA512

    3527b2bc673ee2d0c7cf2bcce2e0660835831dc08995210148de153fbd4a193caf190f525861003992938274e947271d65b5c26cf541923f66c8a51ddd275876

  • SSDEEP

    3072:FdTejYQcRkBtZy/kqtcGxekIQ8bqJLSjDexH0THKLW15Y5dyO5SDLm9qJV8Vd1vV:PWfUkBPyrtBxgQTMK0TKpxS3H8j0bu

Score
7/10
discoveryevasiontrojanupx

Malware Config

Signatures

  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 35 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 9 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c91f86874fe27f7042c57a7ab112cd11_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\c91f86874fe27f7042c57a7ab112cd11_JaffaCakes118.exe"
    1⤵
    • Checks whether UAC is enabled
    • System Location Discovery: System Language Discovery
    • Modifies Internet Explorer settings
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2668
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.gamecentersolution.com/downloadgame.aspx?CID=21157&AID=787
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2616
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2616 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2956

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9212de6e8cd1db0e36f8ea64fe85693c

    SHA1

    7f23b56fb82752ec2aed256e3638a48c98f8392a

    SHA256

    cddc9d1356a427e759da178983bcb2db22f0dc87e50da68a8029b86aebed5865

    SHA512

    8c6eda33b991c7bb4c1934de84dd1df2fa0e0fa5d724d7e830d371ed55e260673f564ce60f2650c7733539641d047d90bd7d701774ae09873f40490578e27aaf

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d9ef19b3629c26e743135f53c6edb7f7

    SHA1

    60ccbf09e151bf4c014cf0cbf2755aa5f514a947

    SHA256

    d67fe5ae8a1562fadc3f4a07f0464c0daf4eecef55c9ab3b29fc44c713c6eafb

    SHA512

    09177ce47082671c7c5c2e186463bbe6696b600f7eb7f8467686933305723a868db37f3eef1ea3864ca06f1e0a93e5cc0776572def5f718b7e235d73314adb3b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4c43b1ec8b41611b248eba884027954e

    SHA1

    c8e7dcaf0993ac92cda7add1aa1da91f7e9c3c63

    SHA256

    7ba8244f823c8e393eb2058f243bcdff62a4d1f96f4ddf280a942958fd8cb416

    SHA512

    2198ed773c01cc5bd07a515cc0d2d9751c998f5337fa6d3b3b7c0c126a8975fd3b98147d258e4d965074d01efea6518d91364e65d50a3dbf96a47ef8b788b4ef

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    94c6d2603d1c6b52d37004db4ad3dff2

    SHA1

    0d1c0ac00899055f08692005f9831bacaf33b5ea

    SHA256

    717170363a842cd4d66476a405f7f723b37f297ff40856b582c91675510f69c8

    SHA512

    7769f4822e2e25456c67bc95f1624d84c4012036f79898433410cebf2d4caaf15151b55c31269660d2157eba6be5a169934d6b2a6d96c1207f4a03f47a055941

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e9cd34c42557a287256cba3b6f1ca0b3

    SHA1

    f8dc814a9472c920f8da2d3421782ba5287793b3

    SHA256

    932314762828ca6e50e00b1eb3cf75d7ca90fe596b99e861c5a28ba209e21117

    SHA512

    0baa1243f23c60ac480daf3e91ca0e21bce5304332d18a7cc297607c1e3767836887d9599541a639b3fe89874eb67293b054848d914937211dc0def9efbeb8f9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b15a4e74a0839f1b2b38ef59f9bcd3e5

    SHA1

    1400c4cb12e8caa3eea1dd36a6b4426ee969f5fb

    SHA256

    e7fcc86a1ddba987a3e600d101a12ba0b95a50555a7dd682f61ceca171307c7c

    SHA512

    50427d1e30f841c7a63c4ceb2657b39276479a4441d481a5e106b4443e90e35a8e24c72c8c7f91fc7cebea50b79facf9db16a2ee9401d31c738a29e96124e681

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0856763057e118489aab9b5b75d2f03e

    SHA1

    af4c6ca45617b1270a7b5109faacb4c5a95ecef1

    SHA256

    32a7cd1587b6113acb589d6d66056246fb6c88e532db55f4df0d61cb4fd75773

    SHA512

    cf13a616a1966f7f1774e01a661cf9edec5d97a75d28369d4f495753b57657b7c3c61b76ba69b32cabbc625c68f1bb3840a7a95fd26e5b8f540924738a8a0580

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ea6c8ac949f191db222fc7cb6b2679d9

    SHA1

    9f1ddfe8e84dcd39b7edb06f580227c48f36fe50

    SHA256

    0ba7eeb4c6ef89a70bca3f1369237bce6ab7a513c11eb797e515c1583904d2d7

    SHA512

    a4ef48cff0305be8bf625af3dfbe9607136da0b4421a1946acc108a8653330c8dfd324009e17c3e024d1c51b2c8c499f13a265a80b9d522ad20242bcb1157636

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    99b4fd7d18a72f34e863bf8373e83e5d

    SHA1

    0abe2f9b1cc2c6f34f62333797b6e1aca1c82569

    SHA256

    d718632a96a9f148aeb05d335f3bb1f994650c30a6219969c454f59d0f65f089

    SHA512

    56ab7d0b9d283942ad2dd0542fce277fe926fa4915bb2a9167f5e0aa87ddd277702d130cfd47f883d6ef79b7c42d6dae5e7e6bb3be3c937a8a06c16baf64c6c1

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabFD84.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\FG.url
    Filesize

    192B

    MD5

    0fcf82b5a915470e8a79d3516f582a36

    SHA1

    75f81b41607905b231521243129aff3554a58db0

    SHA256

    076264d4f165cef82f0cb07f6795f1d5ffa74741a943fca42cdeac65823bcae4

    SHA512

    adf69ec56756fe672677b039cb44bb13fc3adfac569f5ea4eda4e7b35de5ebe0229c5825ca8337aa2c623a773bdf775ddd3689e9fae03a7af1f694576d954293

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarFE33.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/2668-27-0x0000000000400000-0x000000000056B000-memory.dmp

    Filesize

    1.4MB

    Download

  • memory/2668-25-0x0000000000400000-0x000000000056B000-memory.dmp

    Filesize

    1.4MB

    Download

  • memory/2668-24-0x0000000000400000-0x000000000056B000-memory.dmp

    Filesize

    1.4MB

    Download

  • memory/2668-0-0x0000000000400000-0x000000000056B000-memory.dmp

    Filesize

    1.4MB

    Download

  • memory/2668-899-0x0000000000400000-0x000000000056B000-memory.dmp

    Filesize

    1.4MB

    Download