Overview

overview

8

Static

static

1

e9fb7427a1...18.vbs

windows7-x64

8

e9fb7427a1...18.vbs

windows10-2004-x64

8

Analysis

  • max time kernel
    139s
  • max time network
    150s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    18/09/2024, 21:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e9fb7427a18d483637609bd10854540b_JaffaCakes118.vbs

  • Size

    3KB

  • MD5

    e9fb7427a18d483637609bd10854540b

  • SHA1

    50059fc753a57c9f46f1da60896f0aa1dee23a9e

  • SHA256

    feb20f5a97f74cba894ee6f84fb452adef5551c5471354346d4c45c6a8e89b80

  • SHA512

    9d88c1e94db05a5d039c81c34ff8cd711c0329fe7da6fdc4cffd56985d4005a3f0d1775a75f60eaf26cab17c235d9fb17fc31fa041cc7aabce5e69fc29e0ae45

Score
8/10
discovery

Malware Config

Signatures

  • Blocklisted process makes network request 6 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 37 IoCs
    adwarespyware
  • Runs .reg file with regedit 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 14 IoCs
  • Suspicious use of WriteProcessMemory 37 IoCs

Processes

  • C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\e9fb7427a18d483637609bd10854540b_JaffaCakes118.vbs"
    1⤵
    • Blocklisted process makes network request
    • Suspicious use of WriteProcessMemory
    PID:376
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.xsp5.info/index7.htm
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3000
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3000 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2824
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3000 CREDAT:275477 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1996
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3000 CREDAT:603149 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2640
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3000 CREDAT:799763 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2408
    • C:\Windows\System32\cmd.exe
      cmd /c ""C:\Users\Admin\AppData\Local\Temp\xingxing.bat" "
      2⤵
        PID:2784
      • C:\Windows\System32\cmd.exe
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\guagua.bat" "
        2⤵
          PID:1500
        • C:\Windows\System32\cmd.exe
          cmd /c ""C:\Users\Admin\AppData\Local\Temp\dian.bat" "
          2⤵
            PID:464
          • C:\Windows\System32\cmd.exe
            cmd /c ""C:\Users\Admin\AppData\Local\Temp\pagepage.bat" "
            2⤵
              PID:2804
            • C:\Windows\System32\cmd.exe
              cmd /c ""C:\Users\Admin\AppData\Local\Temp\ua2.bat" "
              2⤵
                PID:2540
              • C:\Windows\regedit.exe
                "C:\Windows\regedit.exe" /s C:\Users\Admin\AppData\Local\Temp\ie.reg
                2⤵
                • Runs .reg file with regedit
                PID:2412

            Network

            MITRE ATT&CK Enterprise v15

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
              Filesize

              342B

              MD5

              4388e979fb15c90bc4b958cc83a7e448

              SHA1

              bf572eb729f292b61cb075e50b7ede04dc23e094

              SHA256

              36382d3bee13649f7373b14d91c0085db7a3f1a3ab51616488041f3be77e5a24

              SHA512

              9437601ad359ccb478bee01b5247f4986ac439efb18e1224c146e7db9526461cf9404cdd8052c7d6b2c4f9e129eba1e6b3b65bdc0e8dd9ee24456164bd90c06c

              Download Submit

            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
              Filesize

              342B

              MD5

              e3009b4ffa468f883554f081056856a4

              SHA1

              da939977b43de2656c4154714c6253c3831f150e

              SHA256

              6ceee9a86595c9544e8bf5133d185a10f505d67c9a2fa3e1ae00113ab45afab8

              SHA512

              012b133ebeca4d51c8ecea6a9abe5fe63fe874a522b9706c97b6e1d85eeffc0aead3cc69799ca2f209ef5dcec58462c633289b6a4e9c8e7d661136fecfdb3bf1

              Download Submit

            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
              Filesize

              342B

              MD5

              34ba70fae2633ed6176674a260807ffe

              SHA1

              611b01bdf0a81772b3c9c6f689c7529f366f9f41

              SHA256

              90f98445352143db38469d319008ca40d1b3494021e96aadb33675a3ed24b409

              SHA512

              cea60fd6d8e47aa2917bae5ad598928af8c2777a660d60c405cef9d5f482ecc2b2be54090e358afdf6d5e58ba41b7600325af6400e55724ed4082e20bfd73113

              Download Submit

            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
              Filesize

              342B

              MD5

              e7b13b24a3678621fe5c8618c1994a83

              SHA1

              4fc0259ccdc6eaca9105fbe4a85b454a68a7609a

              SHA256

              2da59a4c20f81647ab11b8b29f7abed526de23baeee9ee7558cdc53e6ec55fb0

              SHA512

              7cee45b8e6a507a59dcd2e869894a23c96b8ada844cfd12a3391f356e0463174297c0afcdd0da1cd091d2ba2fd8a5dabede51f5d77c7b57ce45ab5ba0c665011

              Download Submit

            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
              Filesize

              342B

              MD5

              46d30d4880778019ce30d5ddaec4667e

              SHA1

              f9e8994c7e372e06de8c1de939db47b550a18e7c

              SHA256

              38c33d2b49a5badc08bbd668b2f2d643a9d06b7bc447da8b0181e06f814bf72f

              SHA512

              da79f48e567cbb8cca7d9551b5bb10feaed01e400d74d9b9fcdf76728833f0f5fb0d07c2a1112468fa8501abfcce563ee8e59fe9e9e90ef21417ec5dafab6def

              Download Submit

            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
              Filesize

              342B

              MD5

              b244985dde3a5376e52521bd712f93f5

              SHA1

              1853245e6d443b10cdd8d421212c0ff43ebf111a

              SHA256

              663c976008dd1def2af7de79bfda871485656f05d50c23bd2b24212845e8800a

              SHA512

              4e4d6d60b7f569bdf8e18a587eb8a41758001954146d4058b0926fe93cf2c7b124c81dbb19a6b39f64449ebbd5af3246144950708840670f3d4eddc51656bf75

              Download Submit

            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
              Filesize

              342B

              MD5

              022bbfe9e2ea88efc74176ae2816a902

              SHA1

              f2cc34b47ba0c920862fb965a124c3ab43e12f20

              SHA256

              b2bd4e0b3602d8ea9d02e4c2e303dd2e8821267a165bc8f269b08f4502b59366

              SHA512

              163cffd574bfc1b7a4464ad93d496f73ae0223d8f97f9b7836e4f2594da9a438d90b3bb0a25553b170afd1dbcf7982c37ead4e5a449a9ce74b98e7e8945ff897

              Download Submit

            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
              Filesize

              342B

              MD5

              a23d93ccce366b00f6c8bc15d45376d8

              SHA1

              47d77ae633bc5ae6a68a34a923f35bcf7423050b

              SHA256

              de6651ab649ead37be1a1dbdc6abdef2ad1ebe9a3d9ef04a04c64f656aaa015e

              SHA512

              8ee422dc5f58aca8b83ae59fc5f61ece243df925624dd0f7e2e825363a3167097329236ea6c8dedd2bb831ecd61d857cdd835e25dfc667a805f418bb384d8c6c

              Download Submit

            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
              Filesize

              342B

              MD5

              820920495e058202f02da788c90e7167

              SHA1

              b64d3bcd68730723c35a9828e36a8faf0a45040b

              SHA256

              aba35efc07adac4c91fe1a0a01b6041796997f25f04ad9b46a1b8c0fa569fc94

              SHA512

              e39b6460108814f26b896cd5fdfeab8d8961ceeedc548919c904b51985109fb002225d3945f41f05f2625b8fc02c7ffe3efb955af88eb705431a01c30cee8ada

              Download Submit

            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
              Filesize

              342B

              MD5

              cfa4c3c05e29f6c6dd553617cd44cfc6

              SHA1

              8e5bb4e114aee58c820ffac8883107393817724d

              SHA256

              f1ba6d487b9f51f3e2f5c377f785de06aeb2a29be0a8d185199a345d82be7e30

              SHA512

              e2e0e95d597e9b294fb42395ad1373d3bff1d0f773f7cb94442d98bc5c43c712ac0ce8adc960d33781b4dd91ca4f95e37c7072daba8aafce22346816aadeef4a

              Download Submit

            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
              Filesize

              342B

              MD5

              94dc01ff61796d7314230991a5ccf453

              SHA1

              870c9f4f326d9e7aabd1d61a332a50277ae4ee98

              SHA256

              16fa2dacd86128527a6c6469aab78cb822225c68e1683a0c7b7120c58e6c8a0a

              SHA512

              8cac4b9e450701257568d9f800b2325cbd9483bb59069f3e594f7b84734b3a7a5acbf7e875e07ad1065d5ee82e334a0698deb6751ffb59ef046f0c55d6b7aefb

              Download Submit

            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
              Filesize

              342B

              MD5

              6d37e04afb6da2d1b9410856643cfdcb

              SHA1

              8870cb157a796df07f7a67c73f74c5e0b2bfa69a

              SHA256

              8f6ad0b54100e07ee68a33aebcc3e8536032bd9faf865e0e785e1fd452012ad2

              SHA512

              5b820e56a21a8553959053d1c3f7b5d58ec9de338162204fcb78c14f275703beb5cae6eccdc6e0c7d379e46db71ec9ffa1b53dc17687c9c017c53584d5098dfc

              Download Submit

            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
              Filesize

              342B

              MD5

              4fe99658177dc1319047c69aa99df870

              SHA1

              4e86196bfb34b5803c30cfe71ab4e530c715aafe

              SHA256

              eaeca803e675e9dda5c855f80b6e9be1602920347b449f638a3d5e3e374e7d84

              SHA512

              b53267c0555d4f5519fefa49a42b145a044ccb3b8e74d02845f5c55ff0c81012b612243277db1d31b699103c2425416ea8969420c96beb5f8fdfef239216bd57

              Download Submit

            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
              Filesize

              342B

              MD5

              b360a51ab54ecc4a359f490127f6d10d

              SHA1

              bda3c8df8cdb2a2437be2273770668a9eebda661

              SHA256

              e97dd6bde3ef554f203dffbb6591a8e04d4ca960ab7f72edc65f2325d31032f4

              SHA512

              898cf6238707a20124d1e289d68fa241e9c919b353c3e347640243d946802333098da92e1727c971ed2f4df13892ba55b85a3a70fccf8c7ab67456214939d004

              Download Submit

            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
              Filesize

              342B

              MD5

              8f318b2483a76ee8964fc507bb51c265

              SHA1

              1be96cc6b815aabedf99b5cec10968e010fce61a

              SHA256

              a9df7228b9ac3c4387807542880b19dc4210d0965a773e8ba862e9fd8848f99a

              SHA512

              f6073fb04e9307fcd39a6e4c72d94e36d427da6e720d909dec77edf39c626162799bfcd8a2e824c06b4151c63b4934ce95353b859e11bd595b363632f93d5574

              Download Submit

            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
              Filesize

              342B

              MD5

              00be0b22cbf1e56acc433c77761343da

              SHA1

              e182600fd25cd537ecbeae9a6a30ae90c17c9c9b

              SHA256

              389e09199bf31bbe50c08eb4dbcf820fa6b2e6125d4abe348da867e4cbc044d1

              SHA512

              027766d4f1e5b210aeb00a7a82b7b5b5f15775bccfccb7d1fb5b33c4adbc998d52624dd839024ca041f82ce9f48f44ca4bc8dea79bc07dc0c792c1ef19167eb0

              Download Submit

            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
              Filesize

              342B

              MD5

              aab189875cfe4080b5dd01873fa89ffb

              SHA1

              55485f14d3b93d60d0f176a62ec78adb3727b445

              SHA256

              d831a67213a44cc98d3012afa9aedbcc91a3293a0accb8c1803333587dad9888

              SHA512

              b35cfc072759775cd48ca20624935898481806ca5d638766f5efd5d9b98a7f3da1be681a1729d6c48842fcd85c5c855d4336e1c4657ec2e7e7d021eb9c07a8f3

              Download Submit

            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
              Filesize

              342B

              MD5

              410cf2919f665b4aa43495f0ea2e7b9d

              SHA1

              0eb2da0e020d1fc3ae39adcc306c339ecf1ce959

              SHA256

              353ce8bf2f266b4eed7e69a47e57f28ec71489e42fc5beb2b6aabe798fc2a596

              SHA512

              fdb652084a6aa1d7974cdfcec959655d0e47ba8b3337ce378b1dbfb9921ef7e5b1bfd6e72a3827afcc22c8795f0826152ee9b783cebe2fb9afb8edbc137eebb9

              Download Submit

            • C:\Users\Admin\AppData\Local\Temp\Cab8901.tmp
              Filesize

              70KB

              MD5

              49aebf8cbd62d92ac215b2923fb1b9f5

              SHA1

              1723be06719828dda65ad804298d0431f6aff976

              SHA256

              b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

              SHA512

              bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

              Download Submit

            • C:\Users\Admin\AppData\Local\Temp\Tar8981.tmp
              Filesize

              181KB

              MD5

              4ea6026cf93ec6338144661bf1202cd1

              SHA1

              a1dec9044f750ad887935a01430bf49322fbdcb7

              SHA256

              8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

              SHA512

              6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

              Download Submit

            • C:\Users\Admin\AppData\Local\Temp\dian.bat
              Filesize

              33B

              MD5

              7e367fa6ad009acfe45a868cc8dc69a4

              SHA1

              a8398977146d582d64df105b63546a0ca40e59c2

              SHA256

              a9ae4f6097cacb240aaccf705063fbdc9a33eff7f06c76a8b714761f5e195eb6

              SHA512

              7a84a0c7686c0c33cfbe7c22dbc04741feb7fe0338dfb1348d23ac6451ffcc845aebf4b8a2bb16fba0a035200d58641f0534e61ff1e0d61b2ad15f8996f15a0c

              Download Submit

            • C:\Users\Admin\AppData\Local\Temp\guagua.bat
              Filesize

              38B

              MD5

              8e4aaf86aca40650583baeadfb0bc5f3

              SHA1

              d6b0690a175a2bac0657e7801a7047fefd0c588b

              SHA256

              7b26dbc47f84e54a94451e0f2f9e051b33a5c4a6cd5e3a67d798fde62aee0bcf

              SHA512

              8c109d5626e2148cfd6108382cfbeedd514dbd4fc6aecc0e8f0cc6c4983a3278900738346e52b98e304d6f4953140b41cfa9527ce6d08e230ed1004bd7d3edce

              Download Submit

            • C:\Users\Admin\AppData\Local\Temp\pagepage.bat
              Filesize

              32B

              MD5

              51b197c40203a3538e868ddf7b9398d0

              SHA1

              6f2ba8dfe03b905bb463da751aaa8084241bb6c0

              SHA256

              87eff869e34328cd7fa1a149a2923643dfcdaec8d0ef88fbf8f5d278072276c7

              SHA512

              28d4fb6e61fe5bc3a4b5be064a733d23f69a97c0f2d2669454ec20f8befef9c9757481846bfc3d27f69fd03cf837c9026e898ca4e7a1a0bee694d751afcea691

              Download Submit

            • C:\Users\Admin\AppData\Local\Temp\ua2.bat
              Filesize

              36B

              MD5

              1de32368f82d346adafe9233c0adebdf

              SHA1

              d79422f3961550d66933f5038adf79282ba67dfa

              SHA256

              269d3931c553be8bbbd3951885fdf2c936ffaabeb75a7516464f117cc06fe990

              SHA512

              a9910e15625dbf8697a58cfe36cf310fad72ec807aa42197dba87822fb453df4d8af11954cff9258d77c5c4b7e9fea07e86a9fb715ba6f754798146546737df3

              Download Submit

            • C:\Users\Admin\AppData\Local\Temp\xingxing.bat
              Filesize

              32B

              MD5

              68a3bfdfeb463e70a15721476954656b

              SHA1

              29faf22e707c3ce24ae47efe6155a1f40c0d17c7

              SHA256

              4376857b343d8083990efb00850faa5c782ffcce83221f55a7fe74a5057a9a76

              SHA512

              7b199acd5849aba109bdaedce6cfd05362de385d4a3501abf729b25eef20da3a20b8fa000fd28b5065cbe1cef10a2e722270052cb6a38eb18c91cc873bc24873

              Download Submit

            • memory/2784-19-0x00000000005C0000-0x00000000005C1000-memory.dmp

              Filesize

              4KB

              Download

            • memory/2784-42-0x00000000005C0000-0x00000000005C1000-memory.dmp

              Filesize

              4KB

              Download