Overview

overview

7

Static

static

3

ea3ba60e60...18.exe

windows7-x64

7

ea3ba60e60...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    19/09/2024, 00:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ea3ba60e60f5f03ca2cc19a933a6afbb_JaffaCakes118.exe

  • Size

    53KB

  • MD5

    ea3ba60e60f5f03ca2cc19a933a6afbb

  • SHA1

    73a1aff34dd4ca3abcdeb3f20ca455d2b19f8118

  • SHA256

    966dfa7b98c286d5fba0cb9f35d1bb1d5db9378303c0303fd8d93babb4d2b473

  • SHA512

    8ffaafdafe2fe0c83b463854dba645308df20dd44e178eea9c324de4ac5ca218351ebe51a723b963660fc92b570decdbe21fc0248253dbb2e1174924c986316f

  • SSDEEP

    1536:hcZIKbMEHr1CR6XAjXgBJlvxzr6967XVYr7Wr:ivtLa6XIgTlvQAXU7k

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in System32 directory 2 IoCs
  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 25 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 22 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ea3ba60e60f5f03ca2cc19a933a6afbb_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\ea3ba60e60f5f03ca2cc19a933a6afbb_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Drops file in System32 directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:3020
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c start iexplore -embedding
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2784
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" -embedding
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2800
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2800 CREDAT:275457 /prefetch:2
          4⤵
          • System Location Discovery: System Language Discovery
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2612
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c "C:\Users\Admin\AppData\Local\Temp\chrA1E.bat"
      2⤵
      • System Location Discovery: System Language Discovery
      PID:2888
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3020 -s 124
      2⤵
      • Program crash
      PID:2408

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0b73e98d4d50f56ff39c6ab12401f2d3

    SHA1

    85d9679cf4d6bcdffd8fa005f086f3b680389960

    SHA256

    37ea5ae54c290510cf500938ec377ba585763bf5b154a185830e98a634bc7e24

    SHA512

    233b56d0cf97672e70e864c07a28fdff6a132faf0ddbc637fbb4598d32a1cc33910fdb2e69c35577de4c09439400b88358c6dbc1a7c797f8bded26542dcacece

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5f34b86939d6f79309c6beac9271b6a5

    SHA1

    02120754b287f89a6cd107b8fb685d1756fea491

    SHA256

    cdaa96884a7869ff2778658a2536ee8f2e959d42e7bc96e6378fa79a4864975e

    SHA512

    6904aa40b97e8ec2256ac284d105cd2614bf600158f8441be1f2d88d3ee7483e6a96f034c59e26f7ded2b9f1977dcbeadcbc3259adbea58652bb0a41e4657363

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ca1cd9f077c2b872280f69a9fd2deb04

    SHA1

    6c1bda720a4e7fec39fecf2e23835945f0e8cee3

    SHA256

    be7a019bba3d94911dbfefb62ef6ee9e3d6156d6b57753d6cef3c9ce68e88995

    SHA512

    d68b88fd632536daacbba1f5e203871d6497a40506b7c40466cf6607fc4e27eb74e423a330d39632cca3435f070b94a67df0253fbf8b656db417aec4fa711af1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    380b22e66120103267131a6e2eec9531

    SHA1

    f2735c1e4e288afecf68cea40146e5e436b9f5d2

    SHA256

    3464a0ad9bbfd85d8e2137ba0325c3d6225d7fc5b087d918530106cc1056c1a5

    SHA512

    24638622467749a88a723a4ffbf78f6b599f95c486f2e71cb78ce2599de81f3b012f46d239a2dcf4f3f35648019713a68d2b9337b18313b8217d73093f4c8567

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f9af8574e016a65a201c835b381682ed

    SHA1

    c123cb7489a22d9e6c7141bd7f86838243c20897

    SHA256

    1b98a0cde54dfec03604c8950cbd437ba85638222ea798f0e5b61f5e4ecda142

    SHA512

    08238c97671df02f7a088bd35eb7a9de217c9f6c809acbf810228842f41cf37a4e2ac4a444ea226fb54b20179e4f475f36d3d5bbef0f1c088e5f42bb8970d181

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fa44169b56ce041e646d19385c796e7a

    SHA1

    29c5a77ed3f86ece27ffc55e2891ee4b27d3277e

    SHA256

    f792878e591dd3713940ad564c2cccb60aae9a64fe60b8fcb7c50e4451080798

    SHA512

    4b03ef0652ece10b54e854d1221fde0eb588218f6271c1b79d43e6d007a2dd9dbfd7fb62d5d9f2e089067d98bb56b012460116ed898281e22618751dbf3cf540

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    11e923c0aeeacadf3c9a9b98ac4b7867

    SHA1

    4ce9f34cf8d19cbfabdbdc6f8ddb47f3777aa26f

    SHA256

    1496d1a66e144bf50204f944c59ee37fa36bcc8e27fe41f9ffc54cf84859b95a

    SHA512

    91371543c853c00bb11e41bfd93e9eafe31326c093ba16423de8ae2080f1e254f658e04c322c520ead15e869a47830ea77722e3041ab7896587808d844cf8ee6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    16ac61d47a8ad9cc6719f2731bb7e5d7

    SHA1

    26b7e5cd1b4c2f8a0ca3671ca286f55027207870

    SHA256

    4d9c0425769e317720005aaa29c5b5f0992d82ba6f1d9ea1047403ef76f1b832

    SHA512

    3a817251aace8ccd11aa0e4ae254531a6e62ba4eadcbcdf2a34772c52037381992d08f751362e1e88e28584a9798bd01ada673d054058ddf5b1ab07d1acd838e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5b33c89c40eb432933b909ee4d2387f5

    SHA1

    cbd172c012e9fefb1c6ec882f3b2db0fe9716564

    SHA256

    0f8b1866b9d22f780abbe7d6d4cefd56a6fb52fae27ebb57c1e3af106956610d

    SHA512

    7a3315994c5fa849cdf952b075e24583629ca025898326bb43bd50378998ea8a3fcccf059b27b9b682c940f240012853dc7f466ded154fe706313b0b99458529

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabE16.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarE77.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\chrA1E.bat
    Filesize

    185B

    MD5

    96d24e2c909329b4512a9eb2779a41e6

    SHA1

    4be7608a764a89d6f78a576911314515e0252ace

    SHA256

    03c73f8274827f699ae13dd154a4398e1dd41f3e8b03b9a5d9d9b7b061b72c04

    SHA512

    bee5180e644c40fc97452701f8b9aaa0626a332938cd961d622a76a0ed4c1485563243a83c36d70f2806d9a6d6a4d4a803424ae5dd47fa2e47c9be32f38bc550

    Download Submit

  • C:\Windows\SysWOW64\winkor32.rom
    Filesize

    36KB

    MD5

    a62361bd403ce34dda16565646d8254a

    SHA1

    437126ed64ba06a5eac459484bd07ba1214b0584

    SHA256

    79ffb362bcef31256c87c16c6f4b805e45cf27b3ef5d619a4207ccf0d5efc00b

    SHA512

    8c51e3cdda1f475dbf4a72ce220607351f528964cbfaa1a1a994dbf0f45d024ade170129a1a5a2d6a690c787965c9857f7d9e985474a71a9dd1d7f04d55c6455

    Download Submit

  • memory/3020-31-0x0000000010000000-0x000000001000E000-memory.dmp

    Filesize

    56KB

    Download