Overview

overview

7

Static

static

7

ddbee891fd...18.exe

windows7-x64

7

ddbee891fd...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    140s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    13/09/2024, 05:17

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    ddbee891fdbbdfcdff65fa73d9c9efe5_JaffaCakes118.exe

  • Size

    796KB

  • MD5

    ddbee891fdbbdfcdff65fa73d9c9efe5

  • SHA1

    2ea2b569da4986537b29197fa0245b4a1ec95982

  • SHA256

    5121425247868919f312bda202489b874181542860d265327a29737b252135b4

  • SHA512

    d1b7e52017018568e0e7a5118f4cc9f5d11b52983a7c67d754d8b633103931b80c85c8dff1a4b718846b41b3e3067dd12cf095f1d387a7d2dbbe3579d66fe94c

  • SSDEEP

    24576:Y3D54vQ40VEm1iTLN2otuqGQ1SBC9iIlh2S26LF:YT6vQxum1YLNttld8BC9iIhx

Score
7/10
discoveryvmprotect

Malware Config

Signatures

  • VMProtect packed file 3 IoCs

    Detects executables packed with VMProtect commercial packer.

    vmprotect
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 35 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ddbee891fdbbdfcdff65fa73d9c9efe5_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\ddbee891fdbbdfcdff65fa73d9c9efe5_JaffaCakes118.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Modifies Internet Explorer settings
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2092
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" www.cfxiaomi.com
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2740
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2740 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2632

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          386c352257dbbaf1d97384d8d7203d93

          SHA1

          7f4a6248e21164a2e6df333d460637aefd0dc100

          SHA256

          cbdb2c4ed971475efcfa96944b9d330f076df3691c444fe0a2b7ba1d5553d46e

          SHA512

          592a54d4249965191f2c7a9e6df139cb366056e29c4a9021a5fa0f7ee569397d2f28a65b609924e710425b69980fb13b261fe3f4f00322128ab97099ec577398

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          d55cc7402544cecc289a2184ffd8c58c

          SHA1

          8f62fb158ae3a892dd07d37d47bf096d402f81d9

          SHA256

          ff4a00f4417db40b40de6b10e21dd62acc64b44a07f79a859a13ea76f288716e

          SHA512

          00381f71be3e3e41fc684e6c9082f195b5a97a6fc86cb8b8dcdda57063a1b3f4655136790d8a0b62e1cba8f49d8b229ea61a4c31af32ad772bf45eec455bbbc9

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          fe910caab2a56d28bc40d66f47025e6b

          SHA1

          dbccf6f157f22d5398fa5b040385ff402c5996a8

          SHA256

          fe1840f3a302af71a0c0978d80c5132675db77444f16c775456f7c46961fd9b3

          SHA512

          f1328dd1eafd43c1bd81b16a2bcf6fbc6ab20847a9278270c11d348d94e7f56728f1a67bf1b3b7f026621b5d0dd581143d9d3e17262dc101eb725a210055d4a7

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          b21b374cfe3ef4d86beb6e6e33188372

          SHA1

          508b33214c4cece43fede9ba3affb07aa9710c47

          SHA256

          ab9f297bef825bd909176f9ec1b6a16ffd6bfab2bca73dbbbda1d3ff0e53fa1b

          SHA512

          4e2453e3f57d076306fe3c098298032082a4d22b57bfc104bc6097241dc007010fbe9876053a9cf60818b7381555f043f1d216bfd737490937f7b91fc3293586

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          b5b514e41236ad284b1de9628f19f10a

          SHA1

          aa06a5512f49b9fa33d72b5ee55b368ccde13309

          SHA256

          f96b505efa6f32708569cf423935b6df45bfca1f911946f2a78ce7dca1c0bfac

          SHA512

          a6deeb4cb3dde8d9724fb2116a08e063e4750d8bd010139cd09501efd1142f6f55f935fd929c8130d0e465dfc4d2fc593b9698cbbf89d2f7d87aaf32eb28879d

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          6dee2baaf6e22dfefe77b9a8130b38a0

          SHA1

          2fd77681d9ded9dcd471c2e90fcb0cacd123be89

          SHA256

          53cac177435492900c3efd0ed54792875539916ba8ad9b989e73abbc10d07b99

          SHA512

          0c1ba0fe8765074f1995fe7bbd68c98e0d4299f57f618d6cc8e8483ad2af707c9a3e612d1782cc5c31dd39e2e1989b2fa47190ad643556d4ff06e5e6b7b56aef

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          48d07823ec4774b32a5c18a8fc755056

          SHA1

          76cacd41dab3fb9b0908bc3cc38f88c41f54d32f

          SHA256

          f49d35ce81cac35d45e01652ba8782b8a74923ac98e9d9f4b17c8270b7109b94

          SHA512

          40dc21c295418a69055ebf19cd565eac7c4245a822174ced8f13f483a47a965d8296648324c261d4bda437de2508a7b621c033b02cce81d32344a1a0bf503beb

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          db6347ab11c52b7ad6867ceb01616951

          SHA1

          266b7192fc48dd031f2ca15d70d1b8ff90249ac0

          SHA256

          031bb001bbe686a39ddc2723b954bbb4d9aa9416affaba93a188702c901c3055

          SHA512

          4eda2632b3eb191f50a43136e65ab0a426922cadf7537dd3e90db5a511e666a7d65953b13cd2669a7ba8316e5ca6054e8b8c7f1ebc192555614b39234a9e7ae1

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          dc28fc43c57705b042f49e6a754b9ee6

          SHA1

          6048774f1a974241dfb33d5a8939b3a3efe7b98d

          SHA256

          35d18f30f9f0f7a8fc10e9bacdac49f56e1c6f02abe3a6f3f778ec57dab7d27d

          SHA512

          71c333e51da5aa2ae0100e277389a846736d8c74a392bb02d8efcd3effa1bf387af7ec59c52f1099f6c01f6983faa4328394febe18d5cbc6dff96cc3cf6ffb3f

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          dee6342d27952fbfed4cc26d24c35608

          SHA1

          3b4576d81e4d6bd20f89faf64d6dc606acea9966

          SHA256

          ca728f0bb14f4fd1508c4cf8c4ba43623c6e5bd557d942ff60a137504e78f348

          SHA512

          e25324b2f133d1470a24f80885319d05b407d4178d2df662467e8e910923845e2457e0da3cc1c481848c281e78fd48d0156132ef4a1f50d818999789df3fed9f

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          29487eff1805b43aeade93d3c7ced3ef

          SHA1

          94c1336e8dfe5906bfa44c56a76b1effc90cdf0a

          SHA256

          98831583c694bf42ea80d41c9cb1eb2c66926965a7579edb1021504e7cc204bf

          SHA512

          5d9f9168ec4096ab1d7651a9b1589e3f684fddda27a3cb056233412e14059c44a6185e1aa849c64a7a4bbf4650ee8a8353e5c2ec4fbbdd93eedfada6d3238f04

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          c78035076031fb70a21336e669a0a6bc

          SHA1

          322f3b0901ca7683b1ac7eff6fdc1c453b5972fa

          SHA256

          396f9ff305bf09431f33a723f2e6ada5df2163c8060d1082d40924594045ac36

          SHA512

          533f8778aeb9f1aac462eba6be04b7bb407d0fa2f565a3b0f68dddb6356101581f99ef3c1ea81a1a36a47a9a5a0dfdb1703014ee629975152214a0f18897e935

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          478adc33a2b20b42486e1e2563a10a58

          SHA1

          16a5821d2f89af6ca7f9e3300f34f6d8c54106d4

          SHA256

          b9c09d03a2fe0fb54707c5b7cca56541cd626ae83cee18eb04264150427f095b

          SHA512

          97219e1b32513683970e97819efc70354f08ac3f26b8a059a02c292ccb8eedee8d7659e47c93085a8484e33471010dcb3b815eeb0bca432c6c046d6883f89574

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          0cb198d547a08585b30c990692cbac53

          SHA1

          1177f786de89d0ddd5689bcec87b3436f5d11b21

          SHA256

          88bc9e9a1957d4af52ba4357f558eba1ef56e0f1cd30d305ba8e8fd9337f390c

          SHA512

          1282661852055c31be070d1a956ef932e910b02eabd881d8de7d8805c10a661b6c8ac0d7093a9a6edc96faac9e440660993dc4627b2f7e113d5ac03b04bb41fc

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          ac409d6ebcb8b19bf28dbbfe36fd5a6f

          SHA1

          539c18dceaba9abf7e70a7de0d2bce0a340f20bb

          SHA256

          5d7ee34b4fcb2ed255fd0b7082a0163de331072096cb24c12e7ec4f5f9932fc3

          SHA512

          2ca9996fa26346a4456a56af6e1c7ae95b875e8de069fd2ef8844d63bca6eff5e188d0050a8ae36bac1987abe2fae302bb1bc37caaa47bc69ce08a0ca9f0e342

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          96436c185bd68c3b918483b04f7b49b5

          SHA1

          40c299c6adabc03f39641254fe8e6dd8f9797b9a

          SHA256

          52f2b1c54922286b17a8f37adebd12b1d7b87b03d722244537293402037352b5

          SHA512

          37ec2b05226aae4e2786bd293ccb73cb682f9ca3f43347c0d513f3da9a73cfe0c9654836646e9327f895a1c3df66547ca715e74ba28d2a3c2990ce9314e3241f

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          a17e0073bf060e9127c63c67cb9f18b6

          SHA1

          8a66c57b2bd3bfff383534e184f5c63f0b21150d

          SHA256

          157e36d3c2c9bff4c5ad6362d21ea560f457994e5cfa37490f98f4cfe9bf7ed3

          SHA512

          5e2360cc66c9edb1ed2e3cd8e995853fb0b1920eb4c89a856add37ec243e9d2f43dbfbf098dcdd2a4fe45df6013410e779f2615a0c12785120e9f9119734a2dd

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          f15a4504bceb65f69eb3de57fa8107c1

          SHA1

          562f54096150443c1aa0efad4011412593a2b2e6

          SHA256

          f114b33def10a7f959ca4f7fd08f9d50805ef094798f23fff1955c65288cb0e6

          SHA512

          6e935a067f82925755863c0bd98af5be41f536100c80fb7584b5a9a6a91c88464a5ba74428247d26b433cfb76d6c96b2b598f2998621e60bc502fa7c04bb10b1

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          ac788329f54db3e98faf488d3f0d3749

          SHA1

          42520ecb8f20259132a06d7ddfaf43bad88601ad

          SHA256

          2c150fd3706af25f387df20ec38297769eb3cc98dbfa6038e85e5f091d9bde53

          SHA512

          b1dc0291c2591b1829e15afedd2b9177cc17ce95682cdd222905b5859a2ffcf85ef37288c84f659f37472a5c7635248b5bba29da9fde1a075ab2f5303bcd7169

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\CabE25.tmp
          Filesize

          70KB

          MD5

          49aebf8cbd62d92ac215b2923fb1b9f5

          SHA1

          1723be06719828dda65ad804298d0431f6aff976

          SHA256

          b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

          SHA512

          bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\TarEC6.tmp
          Filesize

          181KB

          MD5

          4ea6026cf93ec6338144661bf1202cd1

          SHA1

          a1dec9044f750ad887935a01430bf49322fbdcb7

          SHA256

          8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

          SHA512

          6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

          Download Submit

        • memory/2092-15-0x0000000000400000-0x0000000000701000-memory.dmp

          Filesize

          3.0MB

          Download

        • memory/2092-1-0x0000000000400000-0x0000000000701000-memory.dmp

          Filesize

          3.0MB

          Download

        • memory/2092-0-0x0000000000400000-0x0000000000701000-memory.dmp

          Filesize

          3.0MB

          Download