Overview

overview

7

Static

static

7

dfe1ac5cfe...18.exe

windows7-x64

7

dfe1ac5cfe...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    129s
  • max time network
    146s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14/09/2024, 09:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    dfe1ac5cfed1edee854a11469c44f3d1_JaffaCakes118.exe

  • Size

    1.2MB

  • MD5

    dfe1ac5cfed1edee854a11469c44f3d1

  • SHA1

    0d397677b1d5513b0cb260a0c56ec6abc257dc70

  • SHA256

    c0e6f5f3a85b39e1971ac6feea472dd82c02e1f081f412f5b0ac03a9de3d20ae

  • SHA512

    e3c0e3c11f56d7b1457c1760fff8537bb4dd44eb83df6b76ea9144b2da3f9602e7fcfe675c8a7acc4d7858d3037b617397bf78c48445919e2cab9488bb0596a3

  • SSDEEP

    24576:3bhofwRvbOoQlo0rTk5Ba1QJfMkMtAx/KA5:3bmfgC3rAa1hkdVT

Score
7/10
discoveryupx

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
    adwarespyware
  • Modifies registry class 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\dfe1ac5cfed1edee854a11469c44f3d1_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\dfe1ac5cfed1edee854a11469c44f3d1_JaffaCakes118.exe"
    1⤵
    • Checks computer location settings
    • System Location Discovery: System Language Discovery
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3180
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://ml.llv8.com/?jdfwkey=9lnnx
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:904
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:904 CREDAT:17410 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Modifies registry class
        • Suspicious use of SetWindowsHookEx
        PID:3648

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    471B

    MD5

    84231e6b703a4b64fa601076af9e016a

    SHA1

    210e330be937e617085d28bf356c990a49dce0a5

    SHA256

    e10b7b5f4f3291d340cebafd2d87bbec8689ffb1750a813a2887b6cd31ce61b3

    SHA512

    e13fcb1e344dbd4cd9429faa51f61615ce602908e3eabb7ae9190e745f38747b62b563ca9c0c71abecff1fc398afd2652d32ec37511061d2dff2356aaad0b8d4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    404B

    MD5

    f2aac0ac5db7d78acc67f261ad49bbd5

    SHA1

    f85b9d8425fb8a0af29c4858c0053bb071618982

    SHA256

    7562e8fa00f5204ee854f883d17796d4dbee4a1c4fafa4226a8e2e3c6dd7f18c

    SHA512

    c1dcef35566ba7800a4f923ea091be1e6894cca96334ae7888d13fae5db2793125e9de6f306d773228b180b245f8aec157b408982cd715d2a60a39980fe656b3

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\87SO5O34\www.google[1].xml
    Filesize

    99B

    MD5

    56ace59753e612a1256a99929b36c093

    SHA1

    641122f35f6abbcd86a02f45b5a094204f7d3a9b

    SHA256

    a8a017a676e2d9cec152f5b7bd82e0522ee61e19077d1454e36abe6289b10168

    SHA512

    6101ef42df60c6aa9e4e123f71a2af9f04a87e7f8520c63f2f0b520e94bcb4a67a2e2ca7d1b8b748bf1638e8ed5ce65b67184d4a8a29fcda15d5a56d97e4a8e5

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\SRBEJ07L\www.youtube[1].xml
    Filesize

    13B

    MD5

    c1ddea3ef6bbef3e7060a1a9ad89e4c5

    SHA1

    35e3224fcbd3e1af306f2b6a2c6bbea9b0867966

    SHA256

    b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db

    SHA512

    6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\SRBEJ07L\www.youtube[1].xml
    Filesize

    15KB

    MD5

    354717b8b89459d38b89bc67c075717c

    SHA1

    b16176364122439fe3991edd0f1f7ab80b2bb1e7

    SHA256

    f5bdbfcbb3ee029d528fb8bf47f60bd43f2b4da88decf81e3d1625d0265aea25

    SHA512

    ce3ab18282238bbcc54597682fb1f537a8d150b6929398b3278f53afadf185290c91dd582c987ab23c21c1525c455b4d08160e9fa6be753c345218c3be5f2778

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\SRBEJ07L\www.youtube[1].xml
    Filesize

    578B

    MD5

    70c994f6f2963fdb534d90f5e1a72a1d

    SHA1

    a2a0c7e9747fbcff7f02242aea7bdfea23d7b115

    SHA256

    b7c50913f1fca866c7e463fbb4fc24c04bbf5a60eda15a14e1218005f38ce876

    SHA512

    2810ca350184dec70d5beeb7ed6136b581b28afca0349fcdfe3deed33285693316d85ce494961c0186f417cd30b7a217ba4d42c29d02f3fcc24b53738a669519

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\VersionManager\ver12F6.tmp
    Filesize

    15KB

    MD5

    1a545d0052b581fbb2ab4c52133846bc

    SHA1

    62f3266a9b9925cd6d98658b92adec673cbe3dd3

    SHA256

    557472aeaebf4c1c800b9df14c190f66d62cbabb011300dbedde2dcddd27a6c1

    SHA512

    bd326d111589d87cd6d019378ec725ac9ac7ad4c36f22453941f7d52f90b747ede4783a83dfff6cae1b3bb46690ad49cffa77f2afda019b22863ac485b406e8d

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\374sd3b\imagestore.dat
    Filesize

    1KB

    MD5

    19f29a4b52e44ffae0f22ff325e7fbdd

    SHA1

    99b704d007466daec4d749e1200d727015638118

    SHA256

    34abb5fb805a3c6cb6e4c03526bb102a2aa0e65c056b35cb96a32f624cf2dd13

    SHA512

    d4d82c2e080d49440764b6096be0dc1e48821d24d1ffd1fabff0d2dada1b9cef92b233b51967961f6606adf8ba61ee8587854e3a1163214e45965824af9bf1b1

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\KDOTUZKP\recaptcha__en[1].js
    Filesize

    537KB

    MD5

    c7be68088b0a823f1a4c1f77c702d1b4

    SHA1

    05d42d754afd21681c0e815799b88fbe1fbabf4e

    SHA256

    4943e91f7f53318d481ca07297395abbc52541c2be55d7276ecda152cd7ad9c3

    SHA512

    cb76505845e7fc0988ade0598e6ea80636713e20209e1260ee4413423b45235f57cb0a33fca7baf223e829835cb76a52244c3197e4c0c166dad9b946b9285222

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\KDOTUZKP\suggestions[1].en-US
    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\O8WYVOD7\favicon[1].ico
    Filesize

    1KB

    MD5

    0106d4fd24f36c561cf3e33bea3973e4

    SHA1

    84572f2157c0ac8bacc38b563069b223f93cb23c

    SHA256

    5a6c5f7923c7b5ba984f3c4b79b5c3005f3c2f1347a84a6a7b3c16ffbf11777d

    SHA512

    57b77c5d345eca415257e708a52a96e71d3ddf4a781c1f60e8ba175ea0c60b1d74749cd3fa2e33f56642ce42b7221f16491cf666dc4e795ecc6d1fbfdb54ab98

    Download Submit

  • memory/3180-0-0x0000000000400000-0x000000000052B000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/3180-189-0x0000000000400000-0x000000000052B000-memory.dmp

    Filesize

    1.2MB

    Download