Overview

overview

7

Static

static

7

cf1a17a7b6...18.exe

windows7-x64

3

cf1a17a7b6...18.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    148s
  • max time network
    148s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    06-09-2024 08:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    cf1a17a7b634cb8f4899a7b4a6c4b2e2_JaffaCakes118.exe

  • Size

    28KB

  • MD5

    cf1a17a7b634cb8f4899a7b4a6c4b2e2

  • SHA1

    476a9b2e8a4fa03504c02050325ab2923eae27a9

  • SHA256

    49c54d7cd3a3882bb872894ab6c9ba276ad865d95703ae76eee370af166a06f0

  • SHA512

    a6625e1b815e205055d564e5a7b0d4b132353b71b5485f5e23ce3d2a69862b3d657b951db3067462ce0d3a6a20e6014c49ab0ce88b63ac45a78dc8cfedfc79fe

  • SSDEEP

    384:Z6de2vulSeWk8WGFqUK0+PTwNuiKxf6HE4mEBAppa5AxTr6+S9Pfu7n5QboMK6:Z6dpvSHN73V1ujkxqdeVQPK6

Score
3/10
discovery

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\cf1a17a7b634cb8f4899a7b4a6c4b2e2_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\cf1a17a7b634cb8f4899a7b4a6c4b2e2_JaffaCakes118.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:1540
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.msn.com.br/
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2496
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2496 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2632

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5cf5026921844db1b467eb5937e81cb4

    SHA1

    b91259fab894a528cab4a3fca5372e070dadcf00

    SHA256

    d219f63e779654a1a65c2f1ae685f81669d2e04131c475f5d6b9938099a52db0

    SHA512

    0b017ab79060c3a90175e7900675cad54d888b4ffba24d06db56f6d284baff2fc41f0f0bbd98478e2f021ee546ef716e2864f9c99decef2917be66db19598c37

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1fdc7d4c0931b19fa0f0ebff88320a25

    SHA1

    e4af3801bf7935b97b3645b22162ce2ffa20fbf4

    SHA256

    f7b00ab7f19146820b6df03ba19847075cb3a97c82e8d379eb5a36d44c59e9bb

    SHA512

    fb0ad08adfdb8ce994915696bfc2afe9f62573660a22fe5d5df5af222f00af4d50468d8909c01a4c79c8d08cf98709b20921f485923c972490f2c8dfe45b11af

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fc43f5ceb30c01cad664d2f1383c7d2d

    SHA1

    99ece6a915d964aca0ae9d0a682f588d0f9c9669

    SHA256

    1618688f714faa767844462987fa1a1f41538cbe253221b36d15077e0a61455d

    SHA512

    72e3c935e7d189912de1c734d93af22852ea0e3d42728c5a0dbee7e269f0e15801ff165a0665326c14dbb276757d6a2a4589c93bc7fa8da64a6bf712a7b3a74d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2a829cc0fd5efa6c28e6fc70945f4202

    SHA1

    3b26ed1af8ead3d55db21ebff031966cc05ff136

    SHA256

    d92920e30b0ee46efee7700acd6617f72b04b0297257b2e5967ab93690af9791

    SHA512

    98139034dae011bba95341a313d68cf18ed877a85ec1e147fe9151f2cd8c22c0c6bc2bf67a034355e9b74c26bb0e194d8efa44a682e9117de1c781a5f870a3f6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    886a5468f87ffd9f9925cf36d3f7a16b

    SHA1

    1c099237c5b26521b72f18c209a12da738ab5391

    SHA256

    f5b3491ba3976af1af9f9cab7052a94301c5c700bac7711a8658f46a628fea6b

    SHA512

    e60251378e4983f048c4899d3a59430c85ce6b18ad7cc94918184941e3004e7f201ca0620ca81457de1b363276d4477f5159c9dd671772ec05b5c0d6a35399cc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    af3100e8e812c145e990ac94c56ab252

    SHA1

    c118218bee3179b7cb68abebf46701d9db20d183

    SHA256

    9408ff248052fe8a49064eec60d23ad260f589bf6ff8e626507609de9dcd8c4c

    SHA512

    e9bab4ab55f75f7e72588a120241598ff1f332667682c1686127ee9c820962a693260144966b6dcaf956fe3007589c05f11f5fc71de86d3b60c62830c8e4b6d3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f4913d9dcb7bc02fde4a716d8f25f7b9

    SHA1

    9347ccb93bca9b3540a06e18c7f14f94ecec3fe6

    SHA256

    4d4212890cb1b83f386f2514871abca47d15b2642cb0c2cd7db6c57fec3aba65

    SHA512

    e1d4eea0110899f9cbe69479ce051568cee6ca0b49f5e8af89547e158b19da4a3732a3fe8d29a2550e0e8538f545ea8cc7dcf485138781fd8b4c34dfd30b5e3c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fb816b1b3bea53dc9a4557d9f0ac6997

    SHA1

    29d4126165453f6b2142343bde91b8c9b82d7ad0

    SHA256

    4a54483a6827fc5b3c53b8024e2b5ca2909db0d3b6ee2726b2ca6c9ba79dc876

    SHA512

    4594ee2bea03161675a8149b4415af5ec834ee94f208e764f6b917902a9cc83e362171beff36eb3f42ebe7da73fba10562934c6d84d1a5ef061726d03ee72c5d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabC093.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarC0A6.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/1540-278-0x0000000000400000-0x0000000000414000-memory.dmp

    Filesize

    80KB

    Download

  • memory/1540-709-0x0000000000400000-0x0000000000414000-memory.dmp

    Filesize

    80KB

    Download