Overview

overview

7

Static

static

3

dd3dc5980d...18.exe

windows7-x64

7

dd3dc5980d...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    130s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    12/09/2024, 23:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    dd3dc5980d375ee94dbd975749a03a52_JaffaCakes118.exe

  • Size

    97KB

  • MD5

    dd3dc5980d375ee94dbd975749a03a52

  • SHA1

    cc0a461fa93db27123770de7277437b4ff04b002

  • SHA256

    48e5de2484e584669ee217c3eabf88f2598a17e40b3a33cb076586f9e4dc9406

  • SHA512

    166bd4a9ddba91658ad99dc18bbd5c596393c4c5c27337e0c0975a00eb8eb91a7b6ed63a3efd2158d34b95408066c2a5c2bfbacff7f6305e9c3bb25e8bf6a454

  • SSDEEP

    1536:XRt4sooF0BWSKnwpId9CpWoAPlzTu78/H0VmK/ifTUqwg1Pr:Xj70dWnd8WoAJqYhRwgNr

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in System32 directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 25 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 22 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\dd3dc5980d375ee94dbd975749a03a52_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\dd3dc5980d375ee94dbd975749a03a52_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Drops file in System32 directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:1380
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c start iexplore -embedding
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2448
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" -embedding
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:1300
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1300 CREDAT:275457 /prefetch:2
          4⤵
          • System Location Discovery: System Language Discovery
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2744
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c "C:\Users\Admin\AppData\Local\Temp\cWbB145.bat"
      2⤵
      • System Location Discovery: System Language Discovery
      PID:2716
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1380 -s 108
      2⤵
      • Program crash
      PID:2792

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e5a9db5c8739fee738f9811dc7b59ead

    SHA1

    6805719b7be3fd596b9e50096aa9648540534415

    SHA256

    10ef003bfbf28f6de36abf62cec3f404b3596c3a11da028992faff15e657b4ab

    SHA512

    7d92cc7b70c0b9dab24507b49c55f8bcb2e916e8e33ffba2318005e2d543e018f5fe102d3e2ea98e4634c0247289dbb29b80ded9169621455d7b46648a92d4b2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f4b1c479ede45c1751cdc122749cab96

    SHA1

    84421b8ad6f725550df22b354cbc1f993a3eceda

    SHA256

    bb1ed53c4773da1e48cf66a04eb5f181def9c8ec1aaf6203a4f7bac7ef511832

    SHA512

    90c2f1b3832c0ab02fb95bd574d6367d8bb11920d2b4f29eb8c1e822edb78ae82d0552fa2c11d72e8d2790b802f9d1ce69c825a9dedc940b9e83bb385870d7e7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    86b8e6fd6eb915988dc5d53bc0b3074b

    SHA1

    72095a243f332d3ed86a407b333b79cb022e9d30

    SHA256

    41b023117b2aabf458e819d559b811901b02e6be583310d9e33ab89c60e13c02

    SHA512

    d552057867104ebdbe5b0d440680f11c6536cbba73ad8d3a4d1a0fa7d72a7a4a4aadd0900912b4f1aed12a9ca5adc72ca4ce60ba6fad9189592e4f260637ae97

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    cbb7db31fb27cb00adf06e98917066f4

    SHA1

    e6bc4b10974396b1a4202682d8fb5f62069238fb

    SHA256

    6069b50d98771f3724dfd96d91887ddfb7ec427991548aa9cd47614f9dcf5f67

    SHA512

    db7d7cff61fc09c33a4e1a8544565d4ff2086604d2589ee25fcbcd6891a2eb94efbf0c7fb2d3100fa46b998786049d004fb7fd9edcb259425ce200f0874744a5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a51cef8cf2f73143abebc5a3e94da2c4

    SHA1

    319ce6165671fa722472bd5d9934318596e13a59

    SHA256

    58af46641aeb01a57f9f263a96908f6b533d9c91e7e8462bf3ee1c18ebee1074

    SHA512

    a7b9b92bb2f37a5abf66d32fe16d28eb6256937ab5b036a276d2695d5ff8cd8d85693a1b7d9c7e81170fd628433dff691d054870d9ebee779720c8830e59d105

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3efb404d3b2c90abb5421e80a6bff999

    SHA1

    386b522c9e04cf9948fb7210c0bdfd1a4707ab41

    SHA256

    7867cd00a358b46fbfcba9f4b7a5855cff033607f778c4955f5d689ebdb0f395

    SHA512

    ea52ad807c117a087149cbd226c5ef0c00f45b6d4bc3f15b85a35a275ce72919e3e56ce88078fa6bac625fb313b5adc28a694a21da388eb7c699b4c5d78a141d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f6b408d98450bd0779a18fbe56474265

    SHA1

    4c5debcf6c4f76f17b85b253b44b95f9b6bd25ff

    SHA256

    a3074f597f1896c28e4791034640e684005ba3b5aa9828181689627cd40f3581

    SHA512

    a5a6f3631ea08c95bc04eb63f4f9f6c3d9460ee2776a9facf24ef5e026c572e214052c62c1f951f3788a6a703c5eb4d5f7498156433a6b5480802a84b392916e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b474baec21dffa97ac6ccbbfe2adf949

    SHA1

    47a742191ff34336fbfce62705802fe156240c24

    SHA256

    b49d62f2f7de336c4c7419cf8d4823a49c7122d1c091dbd758eb115a3aee0049

    SHA512

    2abd1d04155797fc8cddbf7aac652957dd193318a152cc32c08fb1a9bd484f108b92a1d8fb9a1c4281ad5f255d6569a4b27b06ed5fe078092a23dbaada5b6653

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    dd3fef2e6bd513a27e1d8b826ae89966

    SHA1

    af7f724ca9d204a1d17e9d4928d5abf014a1e5f9

    SHA256

    00dba6f2d3c3a332148e4986688f8c6c666cceddaeb1b5abf12c4b1cddfd4b40

    SHA512

    2ca2dcfeaa750a5bd303f2cda7c9ef4b3606ab2f8a68d55148435a4f61c0f7f58112fcb111f6a73b9044355d6c9f1813d03d9f8ccd9e579a27817b271b113ed1

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabBB65.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarBC04.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\cWbB145.bat
    Filesize

    188B

    MD5

    3db3241dd7388d7a7a03f9c71cdc1218

    SHA1

    c08cc7da3decce95b8e2b430695371746e2b45e8

    SHA256

    1d884dbb53c2efffb959836a35da604bc07c83580057fd1e9cb1406393ed6e76

    SHA512

    416621c8736995ce448debbaed2e581dff230499f4c0d3164473b5a611bc4c2e5bffef1b90114c64eb350ccd73d915c4c6e07c6f9782b1e697f11cbcf78cc880

    Download Submit

  • \Users\Admin\AppData\Local\Temp\cWbB145.tmp
    Filesize

    80KB

    MD5

    f11f3c562300f83fa210df122158d3c0

    SHA1

    621ec380cdfe767139313d64de1a8dd8495280c5

    SHA256

    3db28ea6d8733767974bba8f86e733dc965979a94de1e20754b020cfb077ff10

    SHA512

    4147b6890fb218f8206fb14c141981f2005913a4c914face01ecab8c6cf7ba31daeb6811a835a47d71575637e5fc4f9052ca1ebc9167a7ae643a8668db8cad3b

    Download Submit

  • memory/1380-459-0x0000000010000000-0x0000000010019000-memory.dmp

    Filesize

    100KB

    Download