Overview

overview

7

Static

static

7

d60f8f5570...18.exe

windows7-x64

7

d60f8f5570...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    140s
  • max time network
    134s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    09/09/2024, 09:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d60f8f55703f062edf65f86ab497d82b_JaffaCakes118.exe

  • Size

    102KB

  • MD5

    d60f8f55703f062edf65f86ab497d82b

  • SHA1

    3f916d324d4e535d8c646093b7e67377b41e4bf8

  • SHA256

    310889f9394bf282eb2ba6b9b35a0b7fdd26696bab528906f7bfc27b12759885

  • SHA512

    4b75718cefc0f119522d93b871baa3fa30684725420caa23586cdeda909d9fc5a3dca6ae33e0367decd558850641a270deb12f7cff30e23163d6e81bcd732948

  • SSDEEP

    3072:dquJJzb7fCLDilwA1K96YFAoutPdai7hRt:EuP+ewAK9xAoSPw0v

Score
7/10
discoveryevasiontrojanupx

Malware Config

Signatures

  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d60f8f55703f062edf65f86ab497d82b_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\d60f8f55703f062edf65f86ab497d82b_JaffaCakes118.exe"
    1⤵
    • Checks whether UAC is enabled
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2076
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" https://download.citrixonline.com/failure.html?startMode=Join&theme=g2wus&locale=en_US&displayMode=Join&productName=g2m&cat=DLAppCommFailure
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1628
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1628 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2872

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8814f646623275db6deb78b81028c7bd

    SHA1

    05c472924709eb6e2f6da51c39eb9f9f8cff5aad

    SHA256

    d15ffbd741759b1f65299286061242119c7d7fbd9686beaaca64251534379e3d

    SHA512

    f1c4824bfd97d25ab72e07e16a98500622f40545e060221555c35624ebddc2a59e790020151f0974d57b1294b9b48b890bfc0c11d533aad642e2eece0b9335c3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f4976bea36e9163de775d50fddaef1d2

    SHA1

    5f9c59b086e3bf8e2c738cf2820922aca2ec7b7b

    SHA256

    7f10df1dea9e042e5c80edecfc5428e69baed3b4ff65d9c54506bb659d31dace

    SHA512

    33bc2bcb396bc8a3167dd4fff87dfc428cdf116044df1eda9104935f9bd253089fde2224c85efd8377706daccb0e17597e35753a06cb7d86b601da6febabff45

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    bacbc3bf8a1465f2f5fbdaa098798370

    SHA1

    72f7eee565195f2933891926cf77566e006a0a8b

    SHA256

    5da056f2a6e1d2504a9b6d208fe987ece28050d854a5497b18c6cbce7512f648

    SHA512

    718e0bbdb3f485953869248ab4045f6e23132a7db3359b6472046f2e80b738fc7bb121894b93048056c5d4c06cfb3e13da1bb9123ffdef782fae55ff4e3cfc22

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c9eb4e1737e9a9b019f658ded3870db4

    SHA1

    fb0c3e454548dcf457844db7acd6e0e7b9014327

    SHA256

    930220fd06f5b3e2474cb664895d6303e01616bd739b9f138a6e64a29971b69f

    SHA512

    365fb10558f3e277708432bae4e6f5a2f288585470949550654b307005d813b13560dd50e3e4ef447978a7895bf72b2f60ee86f610c562cee6dd78b993d2cb97

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    01d7fef395dde7e8604d389fba92eb02

    SHA1

    dcb0d5035274caf5eac52bd245d467566eaf0f1b

    SHA256

    2b1ab306f611edb6b426276758043ccfc5918717e69a9ec6a45527105f016a28

    SHA512

    c2108f8749fd03ed46469f3c8643f9272f1d9c595acf123be8e1eba95c883ebeab8cb18c70183346121c7a5f303985152be5861cea2aad69e979ca53a1fd693e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a9055f3043780fbf805447e8784f5635

    SHA1

    ce6fb6524b80a64fee1dd115e4c94ab79b8f7a0a

    SHA256

    d0347a45899a327fe12780e0034a116368b241b631c271ffb1720878f4190bc4

    SHA512

    02ede93ed60ec1d878253c2889fb078f52d61f09a61a75cd92bf1ed64eb63090fd8c08da83d6b8c868d9bdea1648bf3b9900bfdf0cb2a2203f6d020bdd1aaea1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0218e17923eccbdc8243f2f7b26816f0

    SHA1

    d7b4711c0e1cf17a9ffcadef23ae5546a2dcd19c

    SHA256

    1cd55e43e8e6661e72a18b16d5e87aa5a531b44fad7bada3829f72eceb836a07

    SHA512

    0390ba91dd1f3a0d37f4ba9b3f7899d3de834b0cffe3d784200caefbe6f51ece1ea93d96ff224a155a7490fa41dc2cfdec19f48d900757fe014e3cd44ba395e2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6292152f613ef530aafe00f71bacd797

    SHA1

    36557ec754b676760a06507759c807d05fbd626e

    SHA256

    f0c611087ca978269126e06432ef4cd4e563e65a6ab4dab1965b9883f06ddeca

    SHA512

    7a71cb6d33a1ef4b576ff086f3fa890f19e8da5e4e3f0b40a79ef11f021ec3fe2290eea45c427f8398dfa60302f43a23f8b037311222ef693ceb81cf0d5037b8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    57883fad5857426f2d3f719b2f2f78cf

    SHA1

    fb1bc19ec05b2361e07a316e2ec2a1476c6064c9

    SHA256

    f559477cefb12cee4b3a2847bad28c4c3fe2ea3aacecf047c89d6063c8da30f4

    SHA512

    1d897e9cb29cbe97896f312a92df024f2e19807084aaef403258b35dcc46841e83a9d47e545e6700c49e735b3559b9fed5ad12b5e3db75d2a37f51271e32c6ca

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d4db5b359c2eb2cd5f20c9af1f5a401f

    SHA1

    038ce06af7d665f84c450b9f92a37ff0d502618f

    SHA256

    b26031fab41d5d8d761efca215ecf3a829555dde4043ef06466355c0d7e29038

    SHA512

    77e56f83544fb8520ff9558abce40a89ffc2f1823d2ca621144c9bc4a05686b1cf87d2ef933506c0b370904c0499cf98234b4d019edebe6b8e42e27891f6bea3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9b2bc18f18562a9e2e9b6996b0fdd5c7

    SHA1

    01edcef97409a662f35effcb5f35a423d0fe8a52

    SHA256

    af8efea474dbe5145fe9876f042565ac4cd2837449d79ff4f3f17453f726d5da

    SHA512

    d3b86fb6080af97f38f34074b05830c24f806eb2ec173976adac5dce389c5ad0533920dc91cff10fcf52e9246eeca197f9b31a2b6e1a3a34fe78c86f001da1df

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    36e593daa23e44bab0656296679cc9a7

    SHA1

    9f09f6fbe718349876287403d7725c0c902b9290

    SHA256

    b0539ea8c3d90c1cdee4222a208e44048359df1eed896050244182fdb60d48b8

    SHA512

    2114c9f8d463848dfd2de1e348e8bcea93dd3bd2ad3c42b9dad064d39c8e0aab6e3b7306bb40db2485a64d49517aa2a83c1021977f70e749bfe03a53e87b0ed2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    42bdfb0e774b4db72f723bfc3dae8154

    SHA1

    1183513a87581ca67d6b25587f56883a307c1d3c

    SHA256

    d199a42a3e40635f8437f1bd2d4b3f9beec54ea869adebab969b129719d99893

    SHA512

    25e5aabd4107998b0621cbaca2739186cd91d7c7df7a4f0315e0dcc9414431e94c8cd7b85c815c4b2a379e2d09408c41f2fbfba4d3e6ab6c513b7f570880ae72

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    805b80081ecab8c4914c50673ac1423e

    SHA1

    8cff31df790600c49be0d13fef6a14aa4774f281

    SHA256

    34f863ec9e36a53012147a210caf41f3aa2a0c3a50dd84ff80e1d746434baa59

    SHA512

    b040065b0aef9606b3483d18bfbb02d649d03a584e03ab3b947c3be4cf1cdc151bef28bc5acc8de79747b156cb96fc1768af947b8c2138560fb9852649bf137e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    61f90e812f25dc2a9f74809650ddf7a6

    SHA1

    97be7de727bd20de7efbf39f8c102fba71c04c4b

    SHA256

    60dd0efb0b9ea0402acad5fbcc47b4932f1348d6bd462571fe183b9186533482

    SHA512

    ca5647a79b2156761ad90d9a13ec0d9264bc42b85712002cb12ce91c26ef45f7c59513e423f8268e53a023cd7a8136922e7feb692d7c8db9d9c74829306e100b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    bd62d7dd2add06d94cda0f243ca44760

    SHA1

    6895c5774d90dc42494f85dbfe95e0a09929abdd

    SHA256

    7c3f878a11a460ac221c2552a04262f2d8482e2820ee40d266ba9649e907d4a4

    SHA512

    1db2823f2d46317636de600e3083879445b58dab5bcb84ad3dbc3eefc286b72a1dc94c4037bc6b445e38439a4d2924fedd611e59b62aba5abbffdb22c8028fd8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d353030b72b9af148892d623b592fd72

    SHA1

    6542910fb8e2617770b6859f10e8dc8c398bf7f4

    SHA256

    a10a8cdabaa02e913b104f3d30c09544e97c1f0e235129066dfd829c00295b8f

    SHA512

    e7b15a972bf498faa958a47d69681e9600fbf7d2aeb830a1859c3168205bc0d9701459c54523606c9aa6eb5208d28156102837867eba0588c42a57fa245f7c4b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    19112592daef50b7eb40cdec98fa3e93

    SHA1

    a30405cf9d3e2dfe47fa86bcd57cb194dda5676c

    SHA256

    79cd557b08c9c3df23321935990d54dcf0dcbe466f25b3147b4ee1cdb56344a5

    SHA512

    67d198b6c30ba408938306064381081b8c5eb47f15ed96f043a5a5272c87ac309a6091b0268f58b9c2f80f794286b06d74f7b6bffe2fe4abc1680202a2b85d7b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    542b18eab940f90cd74e17ebc7208820

    SHA1

    bf089517e4ea4a317e48e8b42522caa544019de8

    SHA256

    e84508401eba22a0e1fcf53956e549a2ba8c533dc06759c953d9c5d68a383907

    SHA512

    3e718ce06ce192adc945155bb9965c1544f84c84bf6086662dc68fb30d674daabe96233eaba5dc02c8a3f47b8f8ee1698e96326048793e03725e3a272932c268

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabF451.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarF4F0.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/2076-2-0x0000000000400000-0x0000000000436000-memory.dmp

    Filesize

    216KB

    Download

  • memory/2076-0-0x0000000000400000-0x0000000000436000-memory.dmp

    Filesize

    216KB

    Download