Overview

overview

7

Static

static

7

d594505470...18.exe

windows7-x64

7

d594505470...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    141s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    09/09/2024, 03:24

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    d594505470834e750f440a3fdc6e4481_JaffaCakes118.exe

  • Size

    45KB

  • MD5

    d594505470834e750f440a3fdc6e4481

  • SHA1

    182bbd3117a4a374c27bdf017640da046724957f

  • SHA256

    3ea0a7834dded4f42fc7fa5b2d659bd7d1957d31f3fc80cebaee5c0fb85a8c6b

  • SHA512

    ce2838d2cefdaf23eefd497fe1ed1e9b6ab29728285276aebac3b7279e9b710102685e74994a4c0677d33789fc6ddf21cbc6efc0fe0fb9ab8ffb1050fbe4e66e

  • SSDEEP

    768:EFY4AlEo+1DkliOo/+NmGQ0edfRN8pu0w65IHW9FpAv4pv6Ogu/0XoGG/Tm:EFYzlF8Dkl7o/+N38J2gHHWxAnOfGG6

Score
7/10
discoveryevasiontrojanupx

Malware Config

Signatures

  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 27 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d594505470834e750f440a3fdc6e4481_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\d594505470834e750f440a3fdc6e4481_JaffaCakes118.exe"
    1⤵
    • Checks whether UAC is enabled
    • System Location Discovery: System Language Discovery
    • Modifies Internet Explorer settings
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2708
    • C:\Windows\SysWOW64\regsvr32.exe
      "C:\Windows\System32\regsvr32.exe" -u /s shimgvw.dll
      2⤵
      • System Location Discovery: System Language Discovery
      PID:2116
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2892
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2892 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2768

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          a27a9a133491da042e32800d5b0aa213

          SHA1

          3632fe9d48732b73194a93929817e4a2f0c3b6e7

          SHA256

          4e9f8e2b78909e43c133978e5da2308b46d0558c57e2884b10ac89ace9ca64f5

          SHA512

          aef14fbb62a350f1ff589b6ecaf80f296b78e35cb1323c6228fa8c4a3698c72ba1a64da3b6e1bce503a161dff12fe84977706cf5831e3eeab8b4c9d101e98c7e

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          a3bfdef8a5be9b177778c087fc56fdc7

          SHA1

          0dad1c0b0a056036ee49674f938a14695b73caee

          SHA256

          8a4df502b6d62fa77aaacc2256d583d9f0b8c352eb501a52aa6396c5950ad388

          SHA512

          99c21b48550aa8837a96ec0e54db1508bd453e1fb008f8ebed6841ac6634605483ba565998f5e4dd9a5448ce593dbed36d08ac41f5d171ed655e8b4dbb118dc1

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          60aa8f8e52da8cddf68886aaaafd2c13

          SHA1

          9518d638ab3ea24f675ac4f75c3a3f9c61d67124

          SHA256

          8f39d60f7172470b9d43b6754190eba7857516aef242cf94be61c6e1664fe6c5

          SHA512

          e2a055fe0b7356a32b433ae6b6fc5185c3fc8d9387535417206bf81ca4c5d8c7628073c60006333373a32faf8b4ea4065287e8efd397d8c9fcbeb2d97b617e98

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          9d2463fdf7efdc5b9b8403a278c4f5c2

          SHA1

          c77ee818f903236676b6851a3d88fda8405e3aaf

          SHA256

          920b622a059acd31f3cbb0687edde6231e702aa9ef5860c9c5ce6c37a3c5996d

          SHA512

          422f8f85480340073a2ded4ba542c1528f4282d275c8f8c9e52e2c01d163e0626a58730948066ccd2fa257f70c9a4d553537e9d865eeaed36e480be0d3601f92

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          360cf020d05ca8b064fa7a4bcbd9f83e

          SHA1

          67802e24469161ec0d69c1b53858198b82f408f5

          SHA256

          2bc27a9cd5b95efe26806201e72be2caaffd1b5d804a763dd1834c13f5166bb0

          SHA512

          ccb723a9419b99ca88e421d7c827896a4905526792fb0e42d7270848e7d60b328ad7e711e499228e3581671ce79544375955067f8bc61c7ba340389697e4f126

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          60d9ceee4270bb774f588179eadcee5f

          SHA1

          539e0faae759101dd5590cbc6642c140c4f37288

          SHA256

          c6b22cf2c1a077d154658c479512af6a11f0ffcf0eeb6acef6913c2bcb48e0af

          SHA512

          f90fbd223d6fa854215428dbc210b8350b23231f8be37b461375476b46b4ff901dd2b076f9c40575ec8be16bb58921bef21cdf1cacd1e7d9c0d41c19571436ea

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          b38f418eaab6aa3d08f0883b1cbb4662

          SHA1

          d02ebf579d8eb8a990446b61b29ea4d43d7b2c1a

          SHA256

          a5f58b7c1afb766925906eb9594708ed8797f83365eca7f77fc5c86a17c78039

          SHA512

          1deb32e4eaf84dd6ca4b8543b69bfbda5d322ef6bac571ba6d873f356ac44bd0c80cce4eb3c0d0e998a7fc4e37c1015d40aa9768d0f48479998556da40c73e14

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          1268990d6613aa6125911bf7bc48713b

          SHA1

          6c20dca0809127f649517676d91b966ef66f64c0

          SHA256

          1c04dae269bf350190ab090ff086d5d0a6b5ad3cbe301d13d46ebffebddce6f2

          SHA512

          3fc89befc2ec9473037f2b88bb13bfd13205355ae0ad35eafa8d8bbdc3b5e03c3177319847b4680213675f20317069c892e904351f4c0cc9108c3a9a2f376e78

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          f97e7926bd08b8dc131251e07d893b32

          SHA1

          146fc9ba2d105167ad02625321b78c7d1dadff26

          SHA256

          5cba0f0a1a1f5876617547b4cb8dd8ef7b22932f477ee419a5d973f2603aa949

          SHA512

          149795f09c4a24339b121ffde81fef92fd75ea9932433cda44388527ea9075bf1e4e9c4c5f87f5b88403a186aaeecebce6b3f095e84671c67188ec24794f231d

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\Cab2CFC.tmp
          Filesize

          70KB

          MD5

          49aebf8cbd62d92ac215b2923fb1b9f5

          SHA1

          1723be06719828dda65ad804298d0431f6aff976

          SHA256

          b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

          SHA512

          bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\Tar2D6C.tmp
          Filesize

          181KB

          MD5

          4ea6026cf93ec6338144661bf1202cd1

          SHA1

          a1dec9044f750ad887935a01430bf49322fbdcb7

          SHA256

          8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

          SHA512

          6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

          Download Submit

        • memory/2708-0-0x0000000000400000-0x000000000046A000-memory.dmp

          Filesize

          424KB

          Download

        • memory/2708-13-0x0000000000400000-0x000000000046A000-memory.dmp

          Filesize

          424KB

          Download

        • memory/2708-3-0x0000000005420000-0x0000000005609000-memory.dmp

          Filesize

          1.9MB

          Download