Overview

overview

6

Static

static

3

d3c9518739...18.exe

windows7-x64

6

d3c9518739...18.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    145s
  • max time network
    146s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    08/09/2024, 06:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d3c9518739bc6582c3b356608130ed88_JaffaCakes118.exe

  • Size

    540KB

  • MD5

    d3c9518739bc6582c3b356608130ed88

  • SHA1

    27015c5e8f5a8747abb56afe4bd0a5b86ab001f3

  • SHA256

    ec73ff3a9aad8ca7820e1faf2b7ea36534721ec6fae8520ebb9e07e04d020e96

  • SHA512

    f7526c52e31db9e70361d1a2b5722ca2e314a05e24797eb108107062403a01c49559200d658826003ed2efa171fa3d159e90e7ac80640de797c5f2d5b0d47923

  • SSDEEP

    3072:y+ybqai10SJ6/ot4AgMShQgN8f7NqXLW:AqaA6At4AqQk8DNqX

Score
6/10
discoverypersistence

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 39 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d3c9518739bc6582c3b356608130ed88_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\d3c9518739bc6582c3b356608130ed88_JaffaCakes118.exe"
    1⤵
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Modifies Internet Explorer settings
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2448
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.curtoegrosso.net/
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2272
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2272 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2800

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2eb75166d157e4151fccba2caabfecba

    SHA1

    5ffede54bde02dd39bc44b360cb697ce7a53469b

    SHA256

    be871e35ed1705218d6be6d6a07178c27dcc5abaacf6e9e45cee6f430b411e0d

    SHA512

    c06d9fc818e92b1c2c371a77b8d49d5db7e3411eb9ac4f9d61964c1ed4c07ce8bfde304195eacf9b9db4da1b812908777ee9a29b2bb3b6e1e771d07c12423f72

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    aabbc98815a4e6e267640fb48ab331d4

    SHA1

    1f3c0697d7903bcf9209b9ee7bd966c85df38f6b

    SHA256

    8b459805eaa00c0e27f70acca3d0b05b08d2bd27256f615a772bd38eb3902a9a

    SHA512

    822614cb6136b735f4cf547f4835d54f76c642e4bcb37354ca38ad478a542bff0fc77644dad71a6506dd689bb64b0b11aadf02b63e844ba85a384db58df15fdc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    829fda48172ca83036664a9a8f47516f

    SHA1

    dec12a73e9781b4b8576464ddff6891f9317fa30

    SHA256

    52b90381dd1f0ed87dbc528aa6428de0235f6d222c15244dc93c1a20fd2ffdda

    SHA512

    6a767054abfce665ba7cfe935a5378050e8d60f0992179c13dd14814291050d8f56cbe411057a0663174f46a0bc9c56eb5e8f5747bae1c02a68149d9acfa380e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    916b55e6739c9da8c0406186483b4c49

    SHA1

    b3d3468654722f00b98c4f5c787d555741c2dcd5

    SHA256

    5d2d9a17bf0378f6588d5070c29ef04310ac650ea7416106bdffd602674491b6

    SHA512

    387fed30cdee30abc8edacb0d14f670e03dae783e513b8e177aa22ac2e004477e600b26576d0123ce5ce24f197d208753ee45d4a822ddb2236ee4cb05c89848c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    bd85f531338943b1930d9ea5b1d61719

    SHA1

    1390bcfd364268d9dd6517b78f5aacfd25fde64c

    SHA256

    c8a2ce0fa3daac85a1f0d6c0a387e6165cecd866d3ffde5a3b57b927b9fae0f0

    SHA512

    26756c132cb16f9c29b435b0b0d14804817743ca9a46f7486172fa278719feec1596d4b2ce1b2f7887a816237b0e457872635a7191d3df7e36b2ca650aa3b3ab

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ecce6eb998f6da7b448b7aa8fcf24d5e

    SHA1

    e83c122af8c4cdf239a4a6ebc8ce4cf3febf464c

    SHA256

    9f8553186f57dd21422e9ed44b1f6fe00d03810392d24041e5f5725d71c172ce

    SHA512

    612eec908f178a68c084bb91dcf92e1548d4bd4b5fd49e26914651695d8654e6df072d752287326c9ad0edbfed38b2119db61b2d2c3a3c5e8090bb2fe0666a56

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5f6ddfc237d13221e8570b457ff6568e

    SHA1

    bb23ce19a09a8d26a3a0c1b788a8266f6dee3f5f

    SHA256

    3a481453e19b172d1e117ea30fa534525f89ff728caf8520abc81ab3f995efc2

    SHA512

    f62dfb53278860de2c384d3fb6337cd4f8e949f9c7af4845283ee67edaf157299c91369fe73e4cdd47a546e48d1c356cac512416db9b633fe8b1d0b87e7f7907

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e83d754d62fd68e3f0eeea4b40ee3247

    SHA1

    d43c6214e7333a70d4ce5421644a19e5c267ef24

    SHA256

    f9602d4454c3fdf79b299f990fc624e859905d8421fdcf43666b9d3ec3d4abca

    SHA512

    5995192e2e3bf65b5b7831476604574f49bd1cf6c28d0f360ec6ffea3ee1b45da6e14071df5d6a12c21bf926241a868cff8c6652ec137b3fd20fcc9ee08082d2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    62d5b765e7d1debc6bd92072b59801b2

    SHA1

    693bb9f4a5ff0d7de9eb893be2e5a4d7d0631ca9

    SHA256

    e1d94166c8ca3eccc853558bb9902fb17604d05a71c5b5f959e20f3adc94d352

    SHA512

    12afd08a325d444f0860e45c26a9f5d6ce593fdf16ecb13026ca3dcf9eaa660e090abbe6271e9545856153088ce1f8d3cca2510e655f423473670473384b8339

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    81b54d26bdb1458c29af91ebfbb6e590

    SHA1

    81727d309dd160d2290d845bd38e50170b32479d

    SHA256

    8ce84632759b544dacf767588b78900af20f1150ef888cbd6f49130260a7564f

    SHA512

    c6595743911454730b7cf468ac75ede371d15a06eb32bdcff5b61027570eadfccafdb4d9da12e6dd633f5e18621179eed31de7837183defb884d76f67e5b98df

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    52fbeefc39db5dc9051422bab9e2bdac

    SHA1

    06723b8a67ce9a81086fd0baf503ec99a4350fc8

    SHA256

    0c081895f1e529dac120b183ca437eebbede23ac8f7a08a7446036ca3db0c425

    SHA512

    344044f9f0e3c1fe3b1c5aa41265e5081753f0d264e156d50889acc4d9dea045cade8fa178b96857349495b4375a43a1c0ebda659df7b4d3aab0c0b2f86d33db

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5cbda4c50b3e89a7a1904db67bdf2a53

    SHA1

    60f3628f91c65e267d1a21a45a7c06b78b4c946e

    SHA256

    317cbea017366c29a87bb6f7cace8bdb5863c2766109955be931b64266f4c67e

    SHA512

    52658c7ebe9695068eac2d5ffd4032ac4ad8ffe339ba2183e48926517d69d9dcfec730044f4a80582af2202404dc27d35d08a07d7e4192705cf08819c51d0b93

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d2657c13caafe8bcad777c083ebf9999

    SHA1

    dfcc45d0755fdea265954975241a4ea8afccd583

    SHA256

    34f28c1cc2cbe10fbf1557c74b4c2b5fe2c32453c631f895b6c85da851122be1

    SHA512

    42eb444f2aec582193bc87c78ceb570a4463d9d8e71eafff9e5474f38165d7dbd0f5fbe0a24f682b42df04e3c87bb0aa35faa97ad9026a0bffe14555cce83f68

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ca0614def7631517fa8a3509f0e0c108

    SHA1

    1923d4a68d3d67e3da35af6a2198101518ae77b8

    SHA256

    5b4916442ef567b9c5eb54d3efcec03f5e45d5336e90c5a8022f547740bcb1c0

    SHA512

    c3490e11f10b48669d34d0ebdfe5bd3bf9baea1bc7ddfac4796cf8209021204db09c9c7013a3a95c807e856258dfd86ebe6b9ff1aca13f583821f7d2c8590006

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab2BE2.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar2CA2.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/2448-0-0x0000000000400000-0x0000000000487000-memory.dmp

    Filesize

    540KB

    Download

  • memory/2448-3-0x0000000000400000-0x0000000000487000-memory.dmp

    Filesize

    540KB

    Download