Overview

overview

8

Static

static

3

de006be045...18.exe

windows7-x64

8

de006be045...18.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    120s
  • max time network
    143s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    13/09/2024, 07:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    de006be0451993aeec473973ffaa52cf_JaffaCakes118.exe

  • Size

    37KB

  • MD5

    de006be0451993aeec473973ffaa52cf

  • SHA1

    6571042eae6eb27e1cae3930bb2a847f78f715f4

  • SHA256

    4b526410e7f478fe526b1c217eecfc84caed4411531af0003f1b85754cfeb69e

  • SHA512

    667954c2ece515bd801ad43940364ce9097a49b6adc3efd1484a7b127be1a14b518ba7b1746b7cb04fee241623193173723b8d0280ec5c8eda133599f0c63058

  • SSDEEP

    768:9e+yQkCn+gcm81//Rxp75k9U1EmhoW/yWl6t61gt1JsRN5vXlngJFY:6Qxn+gv81/5xp7S9U1E/Hh61q1yRNfnL

Score
8/10
defense_evasiondiscoverypersistence

Malware Config

Signatures

  • Adds policy Run key to start application 2 TTPs 2 IoCs
    persistence
  • Event Triggered Execution: Image File Execution Options Injection 1 TTPs 6 IoCs
    persistence
  • Deletes itself 1 IoCs
  • Indicator Removal: File Deletion 1 TTPs

    Adversaries may delete files left behind by the actions of their intrusion activity.

    defense_evasion
  • Drops file in Windows directory 4 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 29 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 7 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 13 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\de006be0451993aeec473973ffaa52cf_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\de006be0451993aeec473973ffaa52cf_JaffaCakes118.exe"
    1⤵
    • Adds policy Run key to start application
    • Event Triggered Execution: Image File Execution Options Injection
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Modifies Internet Explorer settings
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1832
    • C:\program files\internet explorer\iexplore.exe
      "C:\program files\internet explorer\iexplore.exe"
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2536
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2536 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2244
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c del "C:\Users\Admin\AppData\Local\Temp\de006be0451993aeec473973ffaa52cf_JaffaCakes118.exe"
      2⤵
      • Deletes itself
      • System Location Discovery: System Language Discovery
      PID:2492

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ProgramData\jjjydf16.ini
    Filesize

    108B

    MD5

    de81dd015980fcf48c8fab003fe32b75

    SHA1

    41b8e9798ef406e4e0557c72a9845a1470781ef7

    SHA256

    b87c501719faeb0d1fc3d847d06c3d22b685f2eb6bdc6b464a53bef3128f1df2

    SHA512

    94d18965b4fb6a32e60355eef90adbc4c9e03491a708263d04e280d61fbe8fd0a6a0694b8ed772fd54466721a0cba2cfcb5ccd1001aebf92a87f49cd1df1dca5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4fe1093bf8f227d484f3121c8824f842

    SHA1

    3c64a96a4d7cc165497e2275bfb72d4f4edcc22b

    SHA256

    9d9df4b56ac14807770bf60dfe28e51f1cf64ffa17f88a83b4bf32dd2b84c214

    SHA512

    1d9e502f6941eda54fe74ff95c715a90abcb7911987db4c46a98c939a831283cd19cb71da6f512335bdb1e5b9ce58356bc0ac51cb1a251d7c12e8ba9ffac87ad

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9d44fe1a2943934f4582c79cbb231494

    SHA1

    0f88bfd3f0faf677ec2011bd680beebff7fc2f82

    SHA256

    5dec884c809b84537880bebc1a139fa8b4b3142f80d190fe308ae1180fea01c7

    SHA512

    ab82e30beef58ba641c753fd4eb6d7de641a3b3a41b29d518abfb92422f09e4fdbd7538c63a9554414762172302ee8a3c55ca0533398d1fb57df3cf7b826ba34

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a9da9f863afc6a5bebda082cf764fcb7

    SHA1

    b53ccae9f47159a965113941f481b8b306a7807b

    SHA256

    338febbff2d3af2e92065859ed277150e5a592876f53e21f2089712e00779929

    SHA512

    62a33338ecb93d79e0c2856e86979f38daff5ee424934140776281d2d943727173dbadd69a928788599d6d840f4e287bc163c1116d85babd3b084144ff063a9a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b5124417fa0e748d9541cd4ad9dd8e3d

    SHA1

    91a63d18c85fd57d944ad28ab072207723305a42

    SHA256

    40f46621f4989b6a242a5b60c7cb2411b96abf7c66e50d727777c99d0766feee

    SHA512

    45f4ea21c98f5522f597ade6a6401140b2034451a2d927e70eea7d3f7596be3f79dad1518f484b8f5c5984dbbf1677a3b8d69cb86a1d66c590e4494b8203ef6a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2465c8404b0800d190d51962852b140f

    SHA1

    803f3ba03ae861064d3efd3a1a064c247c82fa7e

    SHA256

    4a46753ddd69564461207cd70ce40353e737ad5b10826be36fc65943f8cce1c2

    SHA512

    bada1f47284da7ee663ea845f7dec2d6c8af52b0edfbb9505e995cfa5f3c662ff371ee1ff933764135d4a6bd7c93b5624d8d85485510edc31ae9ffda7480e0da

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b6ed9767afcf39f665cdf1048b25bffd

    SHA1

    fe11c326d5af8df79ac03414fce8817eecdcf417

    SHA256

    2e8a166cf09b6453c1a00e5d42d679850557ea4c2f3fd6fc97345e57dce813f8

    SHA512

    7e9d10b1916be7d170185c1bf99d7f49105fad8abcd37a3fff827ee3524896277348bbf5f1602a5d17a11f27258220fbd72de47582450828a2ff31c741ad4856

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    15d1181e5936a22840e5ab63d6c41be6

    SHA1

    2cd0dd96f2c59d862aa45285c2e901dc352903ba

    SHA256

    e0a64039ae18e7a97de00f042cb24274efd0b0de8bf05b63b5f798a44f5f4bc6

    SHA512

    9e6beb58b2ec64360823b98386213bb04b0cf2b64075bcf7806bca44e30ae1084b4b669dc5655cf7cde0b539b98911b0a051ac7042465a4466cff89aaeb7a27b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0609e035382d5dd0175ef1a4152f11ba

    SHA1

    e86d9596f0178385bc857aa808810f9bf8f649cd

    SHA256

    1165fdd97ebd6f4018337e64c76ef9dda55433e9871400f27601291c30f91643

    SHA512

    7d4538bbe5957aded3e43b4b19ab9b2f95bf3bf7cfbc00bf2163f648e6ec434e2edba526a1ccaeb4d88b1eb02be90cba8e1ed4b37698c88cfd20b006670a96cc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d5b44df2d2d7a4211db24e216e4e7795

    SHA1

    6fe189d902f1616231e5143eb03c057e51e51552

    SHA256

    8ea35f9fac58e540ddfc23ddb9d90fae4c7d7441df541d18e21a0bd955e6e8a3

    SHA512

    06bcce39ae0498b026dba7cc9f20797d5fd6248f14316d73877bf3b3af50e236c83dc7ff8fdddcdfcba7220b5ccd6f25cfcc1a8fd712ffcf7402b49df9d4da24

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2208b5396ae7ee7330c11d1b06ee9983

    SHA1

    3478c0322307654abbcc92ca24ca2486b0b451b0

    SHA256

    d04a2848df3dbbe916f74688291432f05f2935d4adb922bc4b3840d8c69f5377

    SHA512

    dafcb22e70d4d05cdba05c864e0252becd5bd1c8c718837a7544a55d53d0bc523c0c7a9061439d83476a2e109830085179197d5ce6252df3249aec91ad36901f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    525136c41a24961f12dd57995c94a485

    SHA1

    a37cddd6d603657ef38d99c50bde585c4fc3a728

    SHA256

    5cef0b20227d47e3ea55ddb6191fd38264cdcf91641d3e1572a3cda8ca8a3d3d

    SHA512

    7d1902289752afa1e3582881bfc81a7eeb6eaab00df8374c88901421e9acf8487b54708725cf11c510c05cf702c44259a0b9bfc75c2c673e74138b6455316dc3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d528bbced8b133bba61ced04c66a154c

    SHA1

    da8bec1794076d80414f956a1d81cd880e84177e

    SHA256

    01936e195aba91a8b4bbf31b518fb4e7475f118d8c0964e2cb9c24a3f322f185

    SHA512

    8aad058f608e611ea565e7be35e6610d775240523c7736493f53eb4d60130736d51ad5f175e9724d4d66ad73a578f9384f0d696d9c6444df7940bc5b42eb7714

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3e7bf62f9e5760277fa8ac92fe4c8c75

    SHA1

    c8c86184ec1d80bed0863524b82f2a264217efe7

    SHA256

    de0de2d7868439cfb8c90a99ff71bc17cb20f5d72f2252d34d425cefd589bde6

    SHA512

    c99cd0c665d60c9c9c8f35ae50cdb45b9b09be32637217e85989ddce8013a748bb5425fbe1312f9c89f12cae011f1d728e48499988ee2410c9ed5b6972eb7340

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    977d34928406e3555c5861b2c34842f0

    SHA1

    47ae030211510827d53a533bc03553991475e228

    SHA256

    ffbaf7beee170993ad6e2f1b438b3f98305dd1724b48bf250a6faf1e6b0fef41

    SHA512

    694a0a5d74e8b70d0d2dd6b951228592c83f98a84a1c2d25fec1bc7df023ba4c5487cd83b08415cfc665e10f2725547cc1a6fab0e070e31cd3830ac77f027198

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    df84be1e1aecaa9358e4b7793f8c0f01

    SHA1

    eb7d4994fa3118f2085f08ff90d2cfcb5646861f

    SHA256

    ca9115e92315d2868281e08a77d4787c7b49bdf62a77d7254a8cd6e8d4a821b2

    SHA512

    5be4701331ae7cb5f1cd3e9c89fc1ccbe76f4a2a4b3ef54aa4a148c7bc37ce70149956a0a18c69a18ce4d28269a9234735d8fc360b1efbae6925b1c0046af105

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    04347dac39cf4f7bf166a49625e2761f

    SHA1

    dd3cd0b25ecec33b7ac8eeff6a46aa3422945120

    SHA256

    caa59838d43d1c269fd4472a4aa729c2c7d8b2e8892b97bde2ae9eb9e36ec691

    SHA512

    c0f0f3af040c6d81af3d6354dc6975d1043e3b590515e8b4055637e1e2ec0fe106ba075d06f01f7cef7da48ce065abb79224baadd6a7714ea9cdce6e8835c77e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8e920d172328459a616187bcb003cf0e

    SHA1

    9ed172978ed54bcac4c46e710a38d1a51ee1dfe9

    SHA256

    2aed87b5188b05683e62ae04453de337a1202f4afe563afe8e3444fe832ff4ac

    SHA512

    6787035857f77ed98382bb19eaed661c1bdeaf07ad1b07db6bae25a4c2d1ffca5866bb8ecf91a94092d16c5c918e045b03b80c3d8de0f10f1eb5fecf8a1de058

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabADC.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarB4D.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit