Overview

overview

7

Static

static

3

ddfbff326a...18.exe

windows7-x64

7

ddfbff326a...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    135s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    13-09-2024 07:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ddfbff326a2ab9980e7727f229781b7d_JaffaCakes118.exe

  • Size

    98KB

  • MD5

    ddfbff326a2ab9980e7727f229781b7d

  • SHA1

    5fec191c0f19440840d5b5de192608abc44344ab

  • SHA256

    d80bef1f46615840f43eadae64c78177686274850b0754548b226999ebd69064

  • SHA512

    bff757ba1771d9f1c87dad125521e384a5dc8d912dc1981fd7ae1fd01c105a01e27d1beb37612e0e16d4d9636f392018b8af4936933e29fc5dd6550329ccfb45

  • SSDEEP

    3072:2ne8xI6Gy0XlTutN1nFaWNCJmfZfLfptTFrFrDGHMd:m0XBulnFaPJWLjTFrF+sd

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in System32 directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 25 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 22 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ddfbff326a2ab9980e7727f229781b7d_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\ddfbff326a2ab9980e7727f229781b7d_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Drops file in System32 directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:1120
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c start iexplore -embedding
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2340
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" -embedding
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2884
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2884 CREDAT:275457 /prefetch:2
          4⤵
          • System Location Discovery: System Language Discovery
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2704
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c "C:\Users\Admin\AppData\Local\Temp\gOEF68F.bat"
      2⤵
      • System Location Discovery: System Language Discovery
      PID:2728
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1120 -s 108
      2⤵
      • Program crash
      PID:2748

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    bed4af4481723a29ab32476460443a24

    SHA1

    a2bf0eee5dc42dcd5a6aba4e6b6696338ca35e74

    SHA256

    8733818d652e9bbfbc9cdce439cdf916626bfca327b26304e850d8167ea4e4f0

    SHA512

    26c6042dd7a6876f90cecf007cd335f9eaf31d8e6a284f489ddfafbca367120fc5d9ef3c37da52c6476608091a0f2f71387a943b74fb28f1833546dfdfe964b2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3c166e2de1ae34c696d5fb2596aaf82c

    SHA1

    16480ff36bdb7c64fbc9c6863f3d1603f9a6b141

    SHA256

    abfec0a2e06dba867614f430ba60fd0836495ca80933f4cf5e46ad7db2dfd4d8

    SHA512

    a6b831989d2df17cad21408eb06f1b7d6d7f6ca99b4a316920918dbeb22f9b76093d97caf7b7dd23294afa6ab749131e098e3e89dccfe9a0b2927bd7de5b9f70

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ae27d26f0a767e2c23e806a4a160fee2

    SHA1

    02ef8fc5ba9eb93189b5c9137c451d607dc8dfb6

    SHA256

    f1c757bb59c13c3f69e1dcc1663d5e8f32cddc85aebae287a73ea96bd54b49e9

    SHA512

    fe21d090b13be4559ca38fe3e57a7e20edef0cf1defaa6195b5b7ada9c9f67b165a0b5fe67fc03215fc452c9309ceb25a5fa5f591ae3853549499c8d1bf15871

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    149576b8a34d63239e4d8fb4efd543c5

    SHA1

    b600cee2b4a70eb5c259e43bd045015be3c8eeb4

    SHA256

    d2edb8811013ce6c52d497e25db42a07a3e8cffcecd8e1c7b34e5f240e254be5

    SHA512

    c3aa90ef8bc42beb7a0bb284524f21ed92892a80cdb3071b2b0121d9bcb0e20e3f5f35d739e78fe788610b5cca6229752ba23357116b8b344b94de7638932c67

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4e3e83df77ec959986ef7caad6c63ffb

    SHA1

    1dd965bf66395f19f8d8af7fcd180f1bb18332f4

    SHA256

    5d837445d681c07da3731e60e475dda9a9f28e306cc3bcb3da6ae5c91e6190c5

    SHA512

    6e17d42f4c5c6a00bbe7417d25add6a27072acae716cd2fb7e0a0513d81911654366cc8b3574496996e0f60461c2c8553bf6d81216c51bb795006a2bfd4388cb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    88438ae4cae88aad41fe7e393093c299

    SHA1

    d5cb4d5173a2e9fca2e6cb9cb922976e2d8901f8

    SHA256

    4d3d4646d782cd0892efbcbd74022fb995f5ee1dd4bd0b3881de71b31285daaa

    SHA512

    204c5890855b8691bedf213989e48d943c67794af2ae3f3b2ef64d2c33db96145ebb6702cb48c072a676e993e4ff7c7d050380492b39b9c029138e71644d80c7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    763fad5ca84f3bfbe07f0f0bfddfa0d0

    SHA1

    57361d3296b1b5b74af259ec943614b3543fcf42

    SHA256

    ff67cfb0973ea38e51c3e3d55094354b1b4b6cb6d6a632d780e9795c8919a810

    SHA512

    d6a879ec35c3898e9e696f361545d7efb3bc3efe11f3c43d0cf141e5e4b82df8ea0cab38d678aa6c27185c1594669385eae6216eaa16edaba2b9ae0fc656546d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    831bb443f6930cd61337ab57e8a03f45

    SHA1

    809629deb54a70bbf8803b9070e45033afb91c7b

    SHA256

    d4e1c52f83075a77a44bce91e7b1c34e60bc5b93aa79fb0f227a4130adc99ade

    SHA512

    ba1334f5caed23a7edd97164c0ae3fee427aa1c0dcf49079c038d327d2245ef0bde2c792c1f51d4396f3541ebde8b5ff4de96aa7227b7626c14a3fbbfdd34944

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5ac518f31280ab8558ba143e5c7fd6a1

    SHA1

    5fa8b69f0cc68438757af0eae7ddfec403d22958

    SHA256

    ae1feade56223d6662ce083dde4218e6c21d44e4268256cb873be860093791ac

    SHA512

    4ea1ccea933d42cb3500352cadd78fb81d0d2f5befdb43909935a28571c119a0b4f99039bd122a4d902a4cc22f24bf6ce0b3ae56122e823b68f3f1fc06ad8a0f

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabF9FA.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarFAB9.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\gOEF68F.bat
    Filesize

    188B

    MD5

    4e533016fc7045799f77b192a955e8de

    SHA1

    c4896af9f498a55db7a6b00e5258cc1f34ca0d62

    SHA256

    cbdd94d679e3a2e8b7b16888dee37ebbf9730b5535cf8346960a480e50424d77

    SHA512

    8f1f4242a8793c1870132d62420ad3da01fbaad3f4aa7224e01c7894498e09a63b7fc0db25efcbbd37dd1668a1992976f44318f61800abb93d220b577c87ac77

    Download Submit

  • \Users\Admin\AppData\Local\Temp\gOEF68F.tmp
    Filesize

    80KB

    MD5

    d683a293e2c9835b59739695780052d5

    SHA1

    6f582acf697fe48e4aa1cb41b506c9e978b7eecf

    SHA256

    e552b60cb48adb8f5d529b5f778bef741ff1580438fc77e03daf999ec0bb65bf

    SHA512

    d68d6ac62d17a1ff9359c59d010b0a3d5fbe6f6734fd04a732d52b9ace641128027519b2cf693206a7de92af6d6aa2e9d2f3cc462077989f9723c9f99da20ed5

    Download Submit

  • memory/1120-459-0x0000000010000000-0x000000001001A000-memory.dmp

    Filesize

    104KB

    Download