Overview

overview

7

Static

static

7

d0ab574fda...18.exe

windows7-x64

7

d0ab574fda...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    141s
  • max time network
    148s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    06-09-2024 23:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d0ab574fdaf564b09cef76560c8aa91e_JaffaCakes118.exe

  • Size

    215KB

  • MD5

    d0ab574fdaf564b09cef76560c8aa91e

  • SHA1

    9fb3756367e1ae01fe934f4b74e6c851df9d1e90

  • SHA256

    a9d33f1c39cb6d1cb434c277c7b2fd343b6c3a4883e62ee57984e0e7cdf2430a

  • SHA512

    f43330f13cab82d4fd65fc96ebaea89c888b2a7f701bfcacd45b0f586a9b6ee9d7f8067f3c37a830c2b4af703b3036f6661030358f61a17669971d3c8a594327

  • SSDEEP

    3072:v2HzvOOfwjdbsCOJHMhVDNY4WaNm5sPrGmKMReGRoutNr6+A3:veOOfkbsNBqtWaNm59oRoS4+0

Score
7/10
discoveryevasiontrojanupx

Malware Config

Signatures

  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 35 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 9 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d0ab574fdaf564b09cef76560c8aa91e_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\d0ab574fdaf564b09cef76560c8aa91e_JaffaCakes118.exe"
    1⤵
    • Checks whether UAC is enabled
    • System Location Discovery: System Language Discovery
    • Modifies Internet Explorer settings
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2580
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.gamecentersolution.com/downloadgame.aspx?CID=21157&AID=916
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2624
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2624 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2268

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    81e8a1ece3097a916d025138c54f5dc2

    SHA1

    b1407229ac80787d07db5d3943eea63df77df351

    SHA256

    326581d8b87bf16d58b3da1f3e24b2345238ad5c545c19b8c0164742c711e868

    SHA512

    99612f642e0a0b67d6d9984c8bbf259cb45dc3b0e42de07f6b4f6465ef9ef6c1a7676a607474110cb8ad3cf59ab6a6582dd559144b82dd7c6ac8a56f5cfdfc20

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ffd490636dd1596406cbb8d30abc007b

    SHA1

    14c6d217edbeb0912700a2945ac5d51730998ed3

    SHA256

    581d6b0d3f5fa85fd0715416030a648873467d684170055972ff68f81b4849cb

    SHA512

    b4cdc3e1e2958abe6b2a4a9d26ff8d859f8f252417806fb7251b6fd63194ac3e7a2397063792c5205a64e04278650b9f4f86cd2a82ee6c0e374eea5ea772a545

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    51e931a7594997421ac401d756cdc100

    SHA1

    7e87d441d412c40aa8195d9838a384fbd4dc64b8

    SHA256

    57e2885bb750258aefa8802acedb4ac6c69b7ff761f62b8a2e491d8659d09634

    SHA512

    141fed4d2fe1a9234d0fa85a09ce98db6c8c91dfef225532be4bbcbe223322bf9642e79eb2bc61328de0b5bce23786d36c735c08c5202c899d59f8b86a61369e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    179c9bc95e5bb76749520c0d37823733

    SHA1

    c2b181cec55f0a4b10469795484cfe7ea6f731c9

    SHA256

    6648b521fb3bcf0f63ab95dce510b94dd72c3c5983cdb7aaba24a817e42af558

    SHA512

    5bdd219ff9793debb297d237d44980f7f8d00bbd087f989f10c67df308165e898de0693e145974342d693c4469bc8323b92441629d20602d62d7536de33c122b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7baa4eda1143a9f891be2905551cd852

    SHA1

    16fdd6bbddc843a02c762fc8ded236b0e8ba6e3f

    SHA256

    4e44873e9bde599648d9a0160d48be576262acf0c14958c053b0162cef9a0420

    SHA512

    f07f29ad07d5739eb9a1a160bb82cbb268c7e38279d50ee59150def2f622e9b6d9e005c4db1cc35cc6f28febefefef46601ac42c76a9d1fa501a9240589ecc7e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fba350841594e316377e46907a2de068

    SHA1

    6044e3ce2b47d815ccfa7ae515313d70f52f77a5

    SHA256

    0118ad39e2275628d3e00336f0f7631d91afb10381266601eeadf63e47266ebd

    SHA512

    fc8267dbf3ef4e763738aec2ead5f00eb2cd3243f0c8ba67abc1b289d4fb9042cdee6f4cde1d1102c7c0f1c8a719ce52d01c299d9a76fe83690685a1a73e7fd0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fae23138663ddaae75284cdd2f048456

    SHA1

    cce97fac652ca82247347e63057bb19802a069c6

    SHA256

    702aa6f767281d03b133a98097918560bca6c74f5c8cd7e52bda707d9eb280b8

    SHA512

    9b2dbbc650b7384d29907563a5ef9425225ad9003fd66b2640fc10cb349edb1d9c39140ec91d3ec1a0d751169716bf5d3c631fb21cc0b1d208872d1b59960cd6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2b52c02b3080776bdf0043a4dccab706

    SHA1

    b5d1ff09e94ed336fd49d6b6474b1a24b4a9125a

    SHA256

    d831b88435be1db42423f209ddc8c56b96acd1550992194a356d19925b4d3337

    SHA512

    4d1fefa5c92a076909e231716ee5891ccbde4b45de8d27879c7f1a67fbde71618e7fd64d83e47d64fc7c2b0eab8c05b221dd6fca44532f32d2dfd27248371cba

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ed9117d31f95ac3a0f8f26c86c83a38b

    SHA1

    8d4f64b194586fa812626bd60d4183e05a810920

    SHA256

    d4262b33695990c0269cde20682d97f1968429cca79cb2878edd228ba35f5662

    SHA512

    4bd1294d4239e848944db33a7429392459859a7b18a832876e4a65c35b49c19f13199f543fb7e205e836136f862482339968716e92462091f0f0808612648647

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    bc8f76a90ae7eda64fc1982836516dcc

    SHA1

    3cacb7b920616dd189bb4f5ed1e3f3e5b3745fdf

    SHA256

    0a69969600e4e6288070e9228207e6e39f3d1fb47b263bd08ebbff17372b863d

    SHA512

    91e7dec8f798c4a22f5e03930bfa1313b49fe1c49c3d36f91a41d7294f22860aa4903b139fd101b11eee23ba807c0520f91f4192a0442711f61cc2fcf42ee5af

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    eaa6b6a312b6ce8452b3f54235d52cc2

    SHA1

    1ffeacdc64478527496d0bc3dc770ba27941610b

    SHA256

    57572fec96381971acdd178674e5fec975d863c2e117d1f3c18c12321c81aafd

    SHA512

    50f6e7b23154562e6a9facdec2976f6c6fa983e3d93cad8fe26003de7264f009345e6ea17a798dcd7cdf04822740ff9a5b49c350a04af98e3a427888ba131534

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    df28be12286a2a2ee746628dca19e7da

    SHA1

    e542a0cb0a6c4301eae576768ad6d07cdf41182e

    SHA256

    7f465b3972c8fba6e5e54bc7efcdb2f488ed882baf5eb155d681333ff2e39a5d

    SHA512

    bde98311ebf12a9e30b0bf93ef4645b7fc6b634c54689dad97fb7133f29d3d50bf2803beb8315102c3b2785f2431fe850f736d6612952e7e3d4024734cb7914f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e3b48b080c8f1d92c97dbbf1b68a5b75

    SHA1

    9cf0df533b2b351c59f80a6dbb0751ac41cc4dc2

    SHA256

    2c96dbf091e6785844184ab4712730df0404aa2b84f518a058daf5e878cdcc8a

    SHA512

    af1d649cbdb4195f9fd2fce4f542b5f486aec6010178fa8020f89788b1fd4d64c57510f90d5817b8db3a5fd1d0cb78a01a9486cb22b98a80df4844d6bcadb49b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    65cd5937b84e4167ed15a70ef7f1bb7b

    SHA1

    080b9d1c86c850e52a01c279dbdd9359e7e16700

    SHA256

    91238840b044461c643195bd64ab36226b4aecc6e16702d960e7c1bb3496677a

    SHA512

    113276a6894b0bcd26264217acee9453bb8df4eb06e840f109139e7fcc83409c61ad199c097fc4b95ec6324e7d8b052fd74531e20ec4fd21f29a5bd6fb302d75

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    cc1ee89407bfe59e3180a3f181cd08ac

    SHA1

    a13683a0c32c631bd7d4d7f30e33f1a6ab848727

    SHA256

    02bd7e8a979de1c3aa2b44aae99582fc1a987486832a4495fb01e89d9d3a1504

    SHA512

    dbf2fcae93b4e26281413fbc98fa78da71a417118dd6fbb533093594e7cf52db57b8d13e4728497674fde2ef95919c99a1a39d2285e94df47e4ee1df6d97b599

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ce91f26a27d6261eb6e89131724d8338

    SHA1

    29ff027663c6f2f3208217596558207f9a6089c4

    SHA256

    50f46ba4e853ea705d1a1409d158e562421463ea2673a0c3725ea5019298ef67

    SHA512

    b10bfd3c94f69d1139a49a494489eed4a23c2f9f2d500bcaac3b4e2923f1cbe147b1c4c05f777254df64e6ca3bf95168364dd5c4fa8772b2ae4a32f46c0ca20f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    60ad4f3b1120488cd5e53753372fd38f

    SHA1

    d732e548148570bdb2a251946a1c30c9f1a1231e

    SHA256

    793b51209f89e969cc620ce77af35cddf5fb5c05da88f5957d2999ecb206bf41

    SHA512

    0303b9b602ef6fb19051843ab780307887b350478542d5d0e124cfa3ab68fc318573669c1ec16d4921aa7d16c26d4d9a4f88603f34234c4a10c299accfc6630e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    82da55d53faa230ddfeba337ca0e0317

    SHA1

    6d4bc84ca66e684abede3f6ad7e1cbe84d218cd7

    SHA256

    c68ce2042de7ad1cbfc4a4177fe19cc20383c65cf8b2b24fff33f2b70b5373d6

    SHA512

    be864b390ad69b010ab4078ee992e6cea117fb16b9541fb1b2086fad1041a2446fa50b6d35d05c90a16bb74d146a10bbfc2e85da2424faef1f93f71dd792b633

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1ef1f91642062031306f14215a8a9f78

    SHA1

    a675f09adbd9583f64bae7bcb32b0ba9712019a9

    SHA256

    0027237537458d9f116379cebd80898a27da2e305633c5a855bb15d2d61bf1d0

    SHA512

    55d6b4cbc40dbb1a3093923dd9d284c744b528bd1277e7d61a0fa99ee9bce32d1afe2b36ec1797e922fcd58e4f52a53c484df99cfd0a7b899a31e33c32b31b83

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabBCDA.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\FG.url
    Filesize

    192B

    MD5

    0fcf82b5a915470e8a79d3516f582a36

    SHA1

    75f81b41607905b231521243129aff3554a58db0

    SHA256

    076264d4f165cef82f0cb07f6795f1d5ffa74741a943fca42cdeac65823bcae4

    SHA512

    adf69ec56756fe672677b039cb44bb13fc3adfac569f5ea4eda4e7b35de5ebe0229c5825ca8337aa2c623a773bdf775ddd3689e9fae03a7af1f694576d954293

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarBD7B.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/2580-27-0x0000000000400000-0x00000000005C5000-memory.dmp

    Filesize

    1.8MB

    Download

  • memory/2580-1-0x0000000000400000-0x00000000005C5000-memory.dmp

    Filesize

    1.8MB

    Download

  • memory/2580-25-0x0000000000400000-0x00000000005C5000-memory.dmp

    Filesize

    1.8MB

    Download