Overview

overview

9

Static

static

3

d57cc56d0b...18.exe

windows7-x64

9

d57cc56d0b...18.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    140s
  • max time network
    134s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    09/09/2024, 02:05

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    d57cc56d0b63ebcd95a6636fcce2b6ba_JaffaCakes118.exe

  • Size

    782KB

  • MD5

    d57cc56d0b63ebcd95a6636fcce2b6ba

  • SHA1

    c2bb1490ec48451657aa4ed6961a2e3f72e321a7

  • SHA256

    d4b7778569d660045763eaeb7982bde5e823659471652f5f5344965d713990b1

  • SHA512

    66b62a1e673be20b43c8bc2bb577b9a30eb313a7061c46f7b149d03f925e9c7b7b21bea21a3acc4b61aaff7609b531c6cdb0bf1a75df802e4ad133e4d4270909

  • SSDEEP

    12288:1/x6eupBHuhReiETAFpei/8dWHmVPlZfvBnRTg9FSZg44CetgrwLVeGskq:1Z6eGZoScFpZaO0lZ3oFJ7nLN

Score
9/10
collectiondiscoverypersistenceupx

Malware Config

Signatures

  • Detected Nirsoft tools 5 IoCs

    Free utilities often used by attackers which can steal passwords, product keys, etc.

  • NirSoft MailPassView 1 IoCs

    Password recovery tool for various email clients

  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 15 IoCs
  • UPX packed file 14 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Accesses Microsoft Outlook accounts 1 TTPs 1 IoCs
    collection
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 28 IoCs
    adwarespyware
  • NTFS ADS 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 62 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d57cc56d0b63ebcd95a6636fcce2b6ba_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\d57cc56d0b63ebcd95a6636fcce2b6ba_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • NTFS ADS
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2136
    • C:\Users\Admin\Documents\f1.exe
      "C:\Users\Admin\Documents\f1.exe" /stext f1.txt
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      PID:1740
    • C:\Users\Admin\Documents\f2.exe
      "C:\Users\Admin\Documents\f2.exe" /stext f2.txt
      2⤵
      • Executes dropped EXE
      • Accesses Microsoft Outlook accounts
      • System Location Discovery: System Language Discovery
      PID:2856
    • C:\Users\Admin\Documents\f3.exe
      "C:\Users\Admin\Documents\f3.exe" /stext f3.txt
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious use of AdjustPrivilegeToken
      PID:2980
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" %1
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2692
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2692 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2512

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          4e5d69eb217a48e7c346b65f375d6c95

          SHA1

          944a8e73372a765a2a90df8b7e86e6d94053f4c4

          SHA256

          4c49f4067ff40e9d766002faf5d9d47bf47ee22622e7d033b0b6f3a2139272bd

          SHA512

          2b6405425958ed14a15e908d32239bc191bfd2664784b0bac47b70dd65cb648ecef4ae8addd35e985d5ad73621a130c6f5055328a9c1ddb14b2e1fcbfe115c63

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          6761c5da8e6e66debfd9fbe658183eca

          SHA1

          6dc8eb698bb315ef5bee8031252754bc39bcf833

          SHA256

          3ed356bd1a87d9a327c477967de668ae91da14a96e1eb7136d5ed3209125bbab

          SHA512

          d7986e46fd43fcb883a7db5a0c55c0c2263569ff5514982b3e58fabdb70bec51de52e18e6e1db86636ef301cf62ea089facf4cb2f0cbc63f17fba1e23e785e16

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          05d5140b232a770fffd5d157208a2712

          SHA1

          99827fd979455dec58f89b31fd9ad6c29b624f6f

          SHA256

          30d9bdb6d81da88fc93ea3e7e07f73dfe0bb66f50684cd17e0944424041ea779

          SHA512

          daa36b5c99de654bb8db911079e16e4fd0c1b68d7d17840727c216fd2540245b843035123ec22ba33670f02a6eddcdc8a75ac1fd85ef2f48c6ac09c8df57d97d

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          bed99d2d955c051bb268a5e73c60147c

          SHA1

          094faa91b499a5fd998388918a5421120cc9dca1

          SHA256

          320d4ba3fb85546efb8d9007a3098579c3a9df2691e5804ff769e205320837e6

          SHA512

          34c6e624ae19acd8a3e45d0d31876474a5baa092c4e03bbfb818076787232a9c6ee6836fd706aa4024569e7ded357907697a0b1be08722d35195aa453058f972

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          7f6417fe429106d714cfa4a4e9944b01

          SHA1

          87746e142305992c10e2efb495818e0230026a7b

          SHA256

          5a9f5f6b9da5484d0db6bbfd5bcf3718ee9b2fa4ffdc5d4b27d2f138d2524b13

          SHA512

          25550280b4298708070af5f056f2a0acf95eab7dac8cd83578333f435260aefd8596f079dbafee2492ae378b842ddbe6f2ad3c4f6978cf90e54ea113c53de140

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          92c5066d0d18ff40efcfa83235de227c

          SHA1

          8972c249ec24a2086a7b65c97bd1b2236f3dfe1f

          SHA256

          75855a714edbad02328d1ba3b94efaff1613f754ca48e00b203e04d0a94eeae2

          SHA512

          f2b460385fb993f08743e32fc736f2cc6190a915231eaaae4ac4a045ac1e9f70e43703f04c7342ba0bf75b848caee891edd1faa792b14be50f316cd20d73b311

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          f614f6c308023e316dc2b4215c1d28e1

          SHA1

          a14c90cba8e837153ae47ecb08ea799251a6b423

          SHA256

          7d1c13c7b497dddffd9c53da63f121b0cfb53254feea0f8068dfef6d1239d79e

          SHA512

          f285812b4af31a67bc4de81ec5f5142f4cf5ca69ab667f9e15b70a9c0010104c5f336879c71d10fa29a818fae654dec7e9d5b5097b653fa50e2bad20cafa50e8

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          bbd73fb7dd55442c32383b94c78417d2

          SHA1

          4d58a61f796bfa430a38c47e70e11a48c833e167

          SHA256

          0333cde20862034cc398bf7cfb0c743de8064e6b800841a57a1739a8b4cba856

          SHA512

          63ad010ce704c9eb33b9fa7f509ca4c92ce82288443b8dea8e689256ff8d4c1a84d9aacd72983ee92c41b235ab0a887655c5ef9dae2091f2eea91d87f3e77152

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          2b951769a1ae2373a7cb3f2e1a3987b2

          SHA1

          cbb649a687294f128b5c29faaa4476df3273e858

          SHA256

          eba7291a50b0d16719c5676bded924ef6901b67690b1fc41b87504a59252a772

          SHA512

          c30629b7da89415ecd26f82f07e9da9859483a1fc0717e14cbf97cf8520129497bd18753d45b37e70ea5460ccd5fc015709b3ce886220e90e202c7cdbec58187

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          ce5423049976a62fdb0992e079448c3d

          SHA1

          db98703d3ba80bb7421edf6463438a029169d52a

          SHA256

          80237f5fdfb8a91016a39487e2f2db1128e55781bf89bb6f82a821f158197963

          SHA512

          6ba8d0da3b70b5f16959a25661f198a5b5f1950f89be2424ea787a3a4b8a8b16e36c438d0a5f9ca54236b59a78382bc540e3db62a89dd0f20e53814bf29dce1f

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          40d0e72e65d7092dee396b0a6397c27d

          SHA1

          ed7d2e98de1603cc68b1dc50cddb0c4ee8aeef2c

          SHA256

          49f561e9e5fbe9215b251a2f6665f0a6aca31e733073a51613a145f7fe07516c

          SHA512

          0ced36d7362cb0e5ee0479f2257491693cc76308aad95cc033cbbe93ef12e883efa3ae60ce003a92331bfee8520c80bf8a9d7bc661d01a1c153c94a25d017c4e

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          c05b4bdde95d3629af140b2fa63f8cd4

          SHA1

          304ef9e70e696a73c788472be09caf194881d181

          SHA256

          82af730edbf5df11bd6de2fe68a9509a3948e7ec4bf8df1f0c6df003fbd41cff

          SHA512

          8480e59b0d81829fb448ac75041efa06e2093c00d9683f1c7aecf60e5bdbe6ce4c864c378e1adab1fd2cebc0d14493f8ea116569711929b3066e8cd1977d8313

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          e9f7268a33d45094d05010d5cb27026b

          SHA1

          8303d9695a9113d6b61f0fd4a7444342a22ce4df

          SHA256

          f077d2bcb5232a5632070ac729ff405aa4836a04823d4849151f91c361dace2c

          SHA512

          02d16d8bc12b4ff7f4d16e86b54a0d5b01b5ec58ef34ac0fb6d2b067f20b1f4f8f0e2a722df055bc0d1e527c4ebb6cddd1c87e5d56ea97ffdef8ea29546370a0

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          17d0d303c2140c3569af078e038ab487

          SHA1

          8f1f9f94c02eca5f6f857b666c4479b4d5b38374

          SHA256

          326ebdfe9277ed9624d6f099a41adc9ad530d30224b35430286a62eb8c1eea1c

          SHA512

          0c2fab7acdfdc1630c55b86d491f94486073833fab7c2e015536050615564cda8fa2f645fdea30eddd4e8b500273c079d6eb4f9b65970b330ed828be91f52207

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          4d77de7e01d29a2e66fad407c19ae8ba

          SHA1

          e8f5a34d96cfecd34d496393f99bdf68c6630453

          SHA256

          a5310a1172b4c89d9cc93ae6807363b0e6e8de0602997a999b06a46de4a750b8

          SHA512

          733a28c7bb46e9a595d0f68f77fea5ecd167ccd6a9839ede7b423e0d5877de81d30cd4b42f65ae6ae08b1b4baa06c31115661d5de13df7021cce930cfe160fa3

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          f035ad152b188f14ae5c09ef0a7654b6

          SHA1

          9143b3d97a57bc2ee1ae2accebf93f99a20b0fa4

          SHA256

          6b44e6be9cee8dfbcee3f8a29d4e6f90bbef1548315826e2dd7325e020dd8cbc

          SHA512

          a2abcdb2784a4aa6b9660fc2bc561677f89be6add3c12ea867b8b507a1ba3b0810085dad69e1784bc4b0bda2861a9be491138327b4522877af104942c1abfa83

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          4c849c45e9f506b6622d7180cc310db3

          SHA1

          98f12b188e6f40d609d93c5085361e0a9d4f7584

          SHA256

          55f9f834abeba3c1ff3b7b59d9a3e0d4a60b7ffbe9f77bb068f34a83c17780f1

          SHA512

          cf69a8380a6947dddd2e8353ac47efefb9c864d4d0d6ae916ba90f69626e92dcf012236d6e314f203203168e8f8f805f43ec652ae370becc0556677667015687

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          8bcfa675fbc975663f4bdb9bcec87dfa

          SHA1

          4b39fe61fee2c92ff3533e53ae219aa4d9e0fe8d

          SHA256

          fc53134df3f81e2cbb0b8f8c11ae258cceef15f2c74c608407c466378d9c75d0

          SHA512

          8903970aeb8a9e80dda37c7d899fb510825066dc83c0702a760450a3993eecd4e7ab7fc1ec8e012ca84e6d3e0a767c8522ececf3105c35ce50c843733e5c4143

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          5faa5e38a1094bfe25d876f5f9038f69

          SHA1

          66359c00f96df0a1dca75a7cd397af9147532ecc

          SHA256

          ec150834b827213e706a52ff875c228b49fb80fa811ff1169ed9f8d9f4ebceb1

          SHA512

          1aeeb2c1ef9596ee8f78b2ecb9c7f28bd4fabfbd8c4066b734d532d059008cd422729c9b5400e051ae4af43a2415d62aa5e92887c04886fa2d11a5628db2864f

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\CabB2B.tmp
          Filesize

          70KB

          MD5

          49aebf8cbd62d92ac215b2923fb1b9f5

          SHA1

          1723be06719828dda65ad804298d0431f6aff976

          SHA256

          b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

          SHA512

          bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\TarB9B.tmp
          Filesize

          181KB

          MD5

          4ea6026cf93ec6338144661bf1202cd1

          SHA1

          a1dec9044f750ad887935a01430bf49322fbdcb7

          SHA256

          8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

          SHA512

          6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

          Download Submit

        • \Users\Admin\Documents\f1.exe
          Filesize

          68KB

          MD5

          e885d2504ec228e719f1fd074a7b77cb

          SHA1

          1b8b3aa49b6727f52c58ab860bb29b96e03845ff

          SHA256

          6b121b152a161aee70374868bdbc618595decee0122d17f77779f565343f0b01

          SHA512

          a26eecc2bb01d9f8a77104375ab598546cb36c66ff2cbb2550627190bf05689b4f7ef123f11dcbb7c385acb7fa3e126175fb5d7d1ba003c1f13245cf70a504af

          Download Submit

        • \Users\Admin\Documents\f2.exe
          Filesize

          105KB

          MD5

          e836f9a8a345ee27dc2735ad9b501859

          SHA1

          39d3cfb57ffb355ed7e122adfc02afc4d1b443e5

          SHA256

          394b942c5d2c2c032bf20ae5a375a06c493b7a8362766f8273ff49a8288a57a4

          SHA512

          314fa6c86520304ae07cc7539b675661fec3cdb467be05f569e11f38a8cfdea9fbfccf926a391f26e693bf1aedae5e2774a0434671bc92bce01ffd9a201bbc4d

          Download Submit

        • \Users\Admin\Documents\f3.exe
          Filesize

          94KB

          MD5

          4103cd9fc3a04d05e05ab7aa727a350f

          SHA1

          708cb4f67d715b7578d9fe908cc295b18e11ae26

          SHA256

          1bcd423231cc61e8a0e079fbf1e88f3f48dc8e48e6f9e9e4b47f087a71364ba9

          SHA512

          09f69c40234f67f402f795deaaa227fa12651f40b7e6e111b4fccd91a57784bee5be332dda8bcaab8ce6aaff4f739d070877d2c576157ae30d30a5a6e6e9a0b3

          Download Submit

        • memory/1740-24-0x0000000000400000-0x000000000042C000-memory.dmp

          Filesize

          176KB

          Download

        • memory/2136-42-0x00000000037F0000-0x0000000003835000-memory.dmp

          Filesize

          276KB

          Download

        • memory/2136-65-0x00000000037F0000-0x0000000003832000-memory.dmp

          Filesize

          264KB

          Download

        • memory/2136-80-0x00000000037F0000-0x0000000003832000-memory.dmp

          Filesize

          264KB

          Download

        • memory/2136-81-0x00000000037F0000-0x0000000003832000-memory.dmp

          Filesize

          264KB

          Download

        • memory/2136-79-0x00000000037F0000-0x0000000003832000-memory.dmp

          Filesize

          264KB

          Download

        • memory/2136-77-0x00000000037F0000-0x0000000003832000-memory.dmp

          Filesize

          264KB

          Download

        • memory/2136-76-0x00000000037F0000-0x0000000003835000-memory.dmp

          Filesize

          276KB

          Download

        • memory/2136-75-0x00000000037F0000-0x0000000003835000-memory.dmp

          Filesize

          276KB

          Download

        • memory/2136-11-0x00000000037F0000-0x000000000381C000-memory.dmp

          Filesize

          176KB

          Download

        • memory/2136-8-0x00000000037F0000-0x000000000381C000-memory.dmp

          Filesize

          176KB

          Download

        • memory/2136-54-0x00000000037F0000-0x0000000003832000-memory.dmp

          Filesize

          264KB

          Download

        • memory/2136-61-0x00000000037F0000-0x0000000003832000-memory.dmp

          Filesize

          264KB

          Download

        • memory/2136-64-0x00000000037F0000-0x0000000003832000-memory.dmp

          Filesize

          264KB

          Download

        • memory/2136-78-0x0000000000400000-0x00000000004D1000-memory.dmp

          Filesize

          836KB

          Download

        • memory/2136-20-0x00000000037F0000-0x000000000381C000-memory.dmp

          Filesize

          176KB

          Download

        • memory/2136-41-0x00000000037F0000-0x0000000003835000-memory.dmp

          Filesize

          276KB

          Download

        • memory/2136-0-0x0000000000220000-0x0000000000221000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2136-43-0x00000000037F0000-0x0000000003835000-memory.dmp

          Filesize

          276KB

          Download

        • memory/2136-21-0x00000000037F0000-0x000000000381C000-memory.dmp

          Filesize

          176KB

          Download

        • memory/2136-44-0x00000000037F0000-0x000000000381C000-memory.dmp

          Filesize

          176KB

          Download

        • memory/2136-23-0x0000000000220000-0x0000000000221000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2856-46-0x0000000000400000-0x0000000000445000-memory.dmp

          Filesize

          276KB

          Download

        • memory/2856-47-0x0000000000400000-0x0000000000445000-memory.dmp

          Filesize

          276KB

          Download

        • memory/2980-69-0x0000000000400000-0x0000000000442000-memory.dmp

          Filesize

          264KB

          Download

        • memory/2980-71-0x0000000000400000-0x0000000000442000-memory.dmp

          Filesize

          264KB

          Download