Analysis

  • max time kernel
    138s
  • max time network
    144s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    06/09/2024, 06:56

General

  • Target

    cef00ac4f0238bc7524104ae991f1c60_JaffaCakes118.exe

  • Size

    46KB

  • MD5

    cef00ac4f0238bc7524104ae991f1c60

  • SHA1

    e93f078222734965478ee3eba269bff25c86de2a

  • SHA256

    ca63cc9f3d1f4c66257702a534f643dc8c486a3506a91738480ae2b1c80ca2fc

  • SHA512

    fc09b4de45ce407d5f281b7527adea5185935bb39a24da23bf885b626b82f6124d06e1d3d3cefe4bd84030e6989466f8618b61f57a08375c7b06c52ca75ccf52

  • SSDEEP

    768:YTt4c/ija+1I1plRl4RgG0CNQxFRa/bxPJwEBW6gW+e:YTtLTtGJKxu/1JwGh9

Score
5/10

Malware Config

Signatures

  • Drops file in System32 directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies Internet Explorer settings 1 TTPs 42 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\cef00ac4f0238bc7524104ae991f1c60_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\cef00ac4f0238bc7524104ae991f1c60_JaffaCakes118.exe"
    1⤵
    • Drops file in System32 directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:1140
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.flogao.com.br/melkurth/foto/211/131342108
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:660
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:660 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2232

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          5b9fc6b42d4718ecc3d56d544107721e

          SHA1

          d1a2b9c57317f17e265cd6b33f2471d365f778d2

          SHA256

          ea423a15669b29dad448330c23b5e08202e8ffbd99f46c8fe4f19a866b61cb10

          SHA512

          03b796160da4f1efe881da2b73811d6198da916b15d7d5281475f6f1392c1423b1585cf950ab6877237021b049f547274f233b2bd629ba6ad90d1e6e7f5974d6

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          8877926b4f787987dcf3b2c4a5d6f878

          SHA1

          4e6134bcdb412b85bf3a62a35c784712f853694f

          SHA256

          9ed553e1908431cdec4dec8f0d3894f5ad6f7a8bdf2d68b19847178bbff175a6

          SHA512

          fe42ab664c8a6745f17aa2b0c228357cdf54fa3b431b192dfe20ed08171b13d5160bbd3d16f45791dd85055d2fa329dda73aff6b5c81994d6f9a1318bdf09ab3

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          6ec0b04a62b2560143286b9d9ed61ef7

          SHA1

          3921a3e3a644a30b6a17c663bc8acd1449560c8e

          SHA256

          525e74d1ed3e2ce48677cb362db46b37f29cc2fecf09b323c25c4d2394e0e317

          SHA512

          7bbe74feb046c0fa08c4e5e7745585b3a16daec56bd865ea48c43b1279e339684d9508197e1f65e0586934b400c6c6b1fb6246bcd93c0f78d7fefd6334a6cf55

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          b860f30ea070341e58c88e5ff747d986

          SHA1

          f3baa9203d82c9a0a80132ddc003c8df47d877cf

          SHA256

          18967d01402e5ad99c2e14cf3fc421c46c13266af960471971673d1d3ca735f3

          SHA512

          3bbe097d96b980e19eff2aad8cc497785efa5a5da6958154ac961c3f760bfeed055db15751c671eddb49b2867b2215314187472e58f5e8cbf4827dfab8f610cb

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          99d792b3433bf6a7c2c0dfc21fbb1644

          SHA1

          b196177c224da9224eedcd553031c8e21c01e127

          SHA256

          b1b1afe9b7122f4abbb0b0557fae6bd3557f75f4f03d7f62f7b3142ee128cc91

          SHA512

          e99aeac3f18c49e2e20d4c76116ce837825a0a97da62f2c8a92bccea5d5814311b308c683c099814a43f7e53ac69ed80eed6b8bef8aa1d2ac37cd15e9c0ea85c

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          5b73033bb75d4c465a55f1c3015c0d5d

          SHA1

          1e8a8558c76fe550648b9302cb8241e52a671dd5

          SHA256

          9c5e1347ea6f5fdcf1c73bfb6d35a70ed42d334610b6c22a499c180bbc6a693b

          SHA512

          6bd1044debf0cabe9efbd713333a476767b99771c5e261453378b6a0a4ec8d02ffa2e3db589110fed37be31df46a81b25474ad01c66a352ce9c05025396e38f9

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          709c7f9f70f1f151093d11def5ac3368

          SHA1

          2b6c47318867d6db8c499aba0d683ce5b15fe244

          SHA256

          9734d5d0af280f0300c5aab47822b561f721a3bffaf11dba5109981d853c792f

          SHA512

          019887786695cdb2b790e7f290a2b4b840c61d7ba419250f617cb38928242d28379223480c437361535e15c72f710d8c20cea2993cd6078942e4559dcacef515

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          3d0fbc434f0390a857ce0caa11af2ad7

          SHA1

          1ce2da42d185d00ffd67fdb3afede2450ac0ea78

          SHA256

          34821c0372c52f5a447cb28690209d67a09e6866e725731f7927471bbdc809eb

          SHA512

          8d05d307cdc6e93c13ce1b334fdd8a1ca26bedd93ba07c367c48b22b0bd1fd85bb7fd82d8d561e1fdb72ccf3b8295e16c1ba69deba57e17beaa266692922d374

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          53d4b886665995600ebcbb7ac0dfa4db

          SHA1

          928024ed690de792e1284cf0df6b7a76fc077783

          SHA256

          84bca915fc012f37fb644a869822f8fe70aa0fc99d6586c068adb7b60c2e6411

          SHA512

          21ea961a09b1ba80fd08892d42072789ee3c374adfa29107cae79d20269583df09366e42acd5068d4d7c16fb7195174002f2a4177bafc8284a6423483abfc447

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          60a762dcdaa75feb3cf234a9c382dc18

          SHA1

          ebb44eb20ac611509fb810c0dad8792e3808f2ba

          SHA256

          be31bc00e20eb844b37846f687c9b7d76d306d784ff80aa6fa80172eb9a1bcc8

          SHA512

          2fe77e6119ac255bd4fb2b61f9a0495f2f4c466d2fff5d094f9082d8c96d982ac8ea9d6b6b308bc4d999f4a5039a8554ad7e6d348f704bef87665d112abfb353

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          7d335bc30e7f8f47c919b08b1c4b689d

          SHA1

          10ab99c0f7bfda1f85422fd26e743e9376a05580

          SHA256

          221156c28aea5337a1d3ea3e8209b371bde99e4dda410debe328e36d21bdaee1

          SHA512

          9326562520cbe761b8a45bbbf0a3a2cb0a0b18a3f9d8a01e633440821bac5f62de4186de6812ab5b411216732e9c98720776f4eafe4e7d7a293951e8e4402366

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          dd88d5f356d518e21c50889472b7dcc9

          SHA1

          d6d3e9a3da4f5166225f3b8417f78a903af47975

          SHA256

          ecf16ce8c7240220b7b2b09e702242ced14579c81693d8e773b455b1c3a4237c

          SHA512

          0df3199992ec6c6d3894c5dd32f9f40fff79a92b1d9034e0a72a47d14ed3f521c1324b14e0e366b0a3a09299d1c360bb7c7be7bd1a3aef294f1d773c45313328

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          46397a6eb99c6bc63097cf2ac9e786a1

          SHA1

          6f337c54ab582995272df07b203679d6b1980bbf

          SHA256

          91f29b2a71669d15d40631ae50db1f81e7e78c06b31c29b1519b3fc61091a8aa

          SHA512

          81609f0a31a8ba1ef783c317a928df6d56f11e3e560e02573a244b2ed8404830932b32256c99cc92c77c96e8304684c04a996feb6dec330e3514a6ea15123929

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          e2e4b100f263100320da7fafea0375be

          SHA1

          aeccca512bb7347ab65f5b9501dab9793cdfa06a

          SHA256

          a9f487cd31c2f136f2f73410ea290e3c1f0bf01e45b270c8faea0c0df6e91759

          SHA512

          afeca1aa332816c6bac36f6bfc2d6b8239139508fcd919d1670b384ac78e5969ee57030806491aafca0129da880f2c3d8529f2ddab7152c98e459143471914e3

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          040cb619bc0d7814cb3ab299985ecb13

          SHA1

          6854ba1de9076b2a3227f780774b953b86c483f7

          SHA256

          73aace5a44ddb7f73a2cd941ae8384234febd2d927394dfffa2ba23f61f7fa25

          SHA512

          765adf402d33ada5345c007a73cf22c335daf0926a7f2647d4cb51b7570cfe624eca37191ed9d5f783b86caf7b46037bded56c0d9caf5c104d33f36851f34742

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          65bfcfb7398b90b9396a454eef40a9e7

          SHA1

          b91f7199dd368b4a2ce6d62643167a15817a2bb9

          SHA256

          5c50c1f66c6c0d33b327044e2d095ebc59735eeffb4c0531127b03b3d016ef08

          SHA512

          65597857ca71105ffbc5136a1739637ae46a66a49adafdb2068b9bc2b40939652d24b38e28dc1b3103371f8b9efeb102f1328dcde232c2a7817d36a34ee7219a

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          2fc93f81cbeab0f3534f023f9370d4a8

          SHA1

          29d0252e27787a9bf692446a0a2ee1c8661babda

          SHA256

          dd5181469a6d9ba56856046ffe56288a936bbfc9a021bc4baed2ed85d9005b2a

          SHA512

          87445a10588fc52ff42ceb885b9c519d6393295c62059654cb5d9e7d9b2943e89e982c3e678de25ad2a57c297a47c7b8d7bdd342e4b80a5fb5ecda05dbfb5dfb

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          2fa820060b89bdfe09bc5db90859d113

          SHA1

          6dd13b3386f1dd4a7483fa76f129745420c136b9

          SHA256

          28a9a6d994bd746e75b2b33650a84ef54076eef155d9aeadc478a64098302264

          SHA512

          7fb6b21d9ac7df8f197dce206457587a20629c29a7b041dd380f1beeb2ca8a9b3381e30030be07410bf71ff9e9882fa4f0b558f02760d0239c30a38d6ca540c9

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          d8f9fcbe27b8a73e29ef0755389e857b

          SHA1

          6e32cb9be2009b52cb0fd25125d9a9eeffb48fda

          SHA256

          aefddc1834303e7a5c862074c72f94a8e9a573dabac62900c27179f4092f632b

          SHA512

          55cbad80dc691ed431a08e6e9a2aeab212629904e0f1262f1a75d0aea4fa38cc7924695fd2a3e410a8c3e1b3d071c1205865b6e4c3d03804143e69761ae7ac54

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          2a8f9e631b216679f2664d2f15dd3331

          SHA1

          d65e80a2070b08f876a29b1f949e286ed8e9901b

          SHA256

          13920c25d306d9a0a0d8e58413a94b0179857356754c7c94b47a605a7b4f429a

          SHA512

          6185d9f18371cf0e0a7c817d91c4647dcece40b9864ef5e070c916373c5c98c99b9cfb372fa7832fcc70baeabfe35f42b90c495352a467f32a2652c6546cbc11

        • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8H7UVK5L\styles__ltr[1].css

          Filesize

          55KB

          MD5

          4adccf70587477c74e2fcd636e4ec895

          SHA1

          af63034901c98e2d93faa7737f9c8f52e302d88b

          SHA256

          0e04cd9eec042868e190cbdabf2f8f0c7172dcc54ab87eb616eca14258307b4d

          SHA512

          d3f071c0a0aa7f2d3b8e584c67d4a1adf1a9a99595cffc204bf43b99f5b19c4b98cec8b31e65a46c01509fc7af8787bd7839299a683d028e388fdc4ded678cb3

        • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YTZJPBOG\recaptcha__en[1].js

          Filesize

          537KB

          MD5

          c7be68088b0a823f1a4c1f77c702d1b4

          SHA1

          05d42d754afd21681c0e815799b88fbe1fbabf4e

          SHA256

          4943e91f7f53318d481ca07297395abbc52541c2be55d7276ecda152cd7ad9c3

          SHA512

          cb76505845e7fc0988ade0598e6ea80636713e20209e1260ee4413423b45235f57cb0a33fca7baf223e829835cb76a52244c3197e4c0c166dad9b946b9285222

        • C:\Users\Admin\AppData\Local\Temp\CabCB4E.tmp

          Filesize

          70KB

          MD5

          49aebf8cbd62d92ac215b2923fb1b9f5

          SHA1

          1723be06719828dda65ad804298d0431f6aff976

          SHA256

          b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

          SHA512

          bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

        • C:\Users\Admin\AppData\Local\Temp\TarCB4D.tmp

          Filesize

          181KB

          MD5

          4ea6026cf93ec6338144661bf1202cd1

          SHA1

          a1dec9044f750ad887935a01430bf49322fbdcb7

          SHA256

          8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

          SHA512

          6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

        • memory/1140-0-0x0000000067430000-0x0000000067444000-memory.dmp

          Filesize

          80KB