Overview

overview

7

Static

static

3

ea3d237522...18.exe

windows7-x64

7

ea3d237522...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    19/09/2024, 00:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ea3d237522d5a5ff1d5bc516ecd9522f_JaffaCakes118.exe

  • Size

    89KB

  • MD5

    ea3d237522d5a5ff1d5bc516ecd9522f

  • SHA1

    b5e41a4da588c7c712f4b694abef43acb051a272

  • SHA256

    f6dd6f3fc68d174e20422c3128e6ed5a9a75d93bf4ea5552b1c9208e14a96ac1

  • SHA512

    77b6d9df6bf8c62bc71b130d96719d1e46707e3bbed5ed59ac7ee30ef75d6e8cd14a94d310a56fa61a3f918b291a86f9d826e08db1a87c32363ea79a33f769c7

  • SSDEEP

    1536:3Xhe56TGMv3UapsZ84UExaF2lXpDhAlvv7Q+3QQaLWpoAGDjS0CIgBVN0u5oLvC:3Re566Mv3U+b4BM2ZpD0bQbACDCI0Vqi

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in System32 directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 25 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 24 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:1212
      • C:\Users\Admin\AppData\Local\Temp\ea3d237522d5a5ff1d5bc516ecd9522f_JaffaCakes118.exe
        "C:\Users\Admin\AppData\Local\Temp\ea3d237522d5a5ff1d5bc516ecd9522f_JaffaCakes118.exe"
        2⤵
        • Loads dropped DLL
        • Adds Run key to start application
        • Drops file in System32 directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2392
        • C:\Windows\SysWOW64\cmd.exe
          cmd /c start iexplore -embedding
          3⤵
          • System Location Discovery: System Language Discovery
          • Suspicious use of WriteProcessMemory
          PID:2640
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe" -embedding
            4⤵
            • Modifies Internet Explorer settings
            • Suspicious use of FindShellTrayWindow
            • Suspicious use of SetWindowsHookEx
            • Suspicious use of WriteProcessMemory
            PID:2992
            • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
              "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2992 CREDAT:275457 /prefetch:2
              5⤵
              • System Location Discovery: System Language Discovery
              • Modifies Internet Explorer settings
              • Suspicious use of SetWindowsHookEx
              PID:2740
        • C:\Windows\SysWOW64\cmd.exe
          cmd /c "C:\Users\Admin\AppData\Local\Temp\SYiE87B.bat"
          3⤵
          • System Location Discovery: System Language Discovery
          PID:2284
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 2392 -s 124
          3⤵
          • Program crash
          PID:2096

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      99380df6301f43bcb887417b5e227672

      SHA1

      4b56e12d18bc785e755f2447369b85e83e628519

      SHA256

      9db30bcebc87af62dfa186ae584d09c45ba36bf8e5fa74ac4b445c21d9c802b0

      SHA512

      d0b432decaccbc2ec6cae5203f757659b7a60ad21fe2f7f4ade997ba2e62377d9941ff5d36c30ec020bfedd87a8a837b2824591ad5b0a6f80027f14c8272c99f

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      cc76ea0373302126a6a2c5f6a1a2cca7

      SHA1

      5f3615dcd86132ea7364b0caea0e0fd668b9790e

      SHA256

      bc0dd9ac7bfc3ff0f49ee8aa69e212562962844c880eca84db3bb52c09988666

      SHA512

      e6958acaf119c9cdd1756231779cc79df91d9552d1230043dd67c2d2fb0fc44085f4b5e73c9dc98674b8824f70be7feeff9f2f3f7c77edea9c84cd07add0024f

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      6ade1c306f1f4aae8a6bd5951a588b0a

      SHA1

      dce79d15f918677b5acbf7f0f7edc97b7be0208a

      SHA256

      b0ae4e471f223608070d7fa600ae6bf1562d2f732d9b98cd9ab12185f83b08ae

      SHA512

      ed4179c3161986218d70b1818f58a017879b9e5c4c5e8a87a84674f94576e849afc9e85e44b495af0f5c766849702dc0c23d1b80ad30d9ad2c13a414519def0d

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      ebb60114bdf234415ca26190af3f67b1

      SHA1

      4bb1525befd0556a6967f4b9765c6f9ca71eae65

      SHA256

      fd2f432cb25131626857478f40ad27dc48ef5d70e1b2a90d908fd7e078b7819f

      SHA512

      8c7bd90fd065bc575647c41af02111a8ffdb5521ef4190c857e7810d02b2907cfc54919138acac065f7e834a6f047566b55d3159bb2542e5912712e6afe3586f

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      de1a0acf6b5eadc816b16b59b407d896

      SHA1

      07f163810e56652a018c596bec10d5a5b0d599de

      SHA256

      a6a9d10be284d9673b7267b2f3a6e2f0339da500dc2ff8dfcde6abab54ac4149

      SHA512

      0a2384f020fa0c553413bfaecabc828ec6d36f21badc41afa3c23d92d650072ea65f0294c24519a106fa0689e92995a0a25796e217c6274b10996a5754ec11a6

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      5760d22b6f0b7e8c3605d60b5b4f3465

      SHA1

      615543a8b407ffb4bf1398d7036f6c93897c9742

      SHA256

      c5ea0afb749ef8a0e7403002b986f4a456029857bfd592465b07b00b1265d897

      SHA512

      a3342132bd7d00a4c08ca0f9a1e26f9532bf5a02f7779cc001f20a21d5df5c9b9399d0527e8bf0fca9848a4227e3aa4850637b774686cddfccfb43fa19f941b0

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      b1f6b6bd0801f8200dbb1a0025467fdc

      SHA1

      a1d9a1e6373175d4afe38a2daf64962a3b44f866

      SHA256

      81d13edf12230568c6d4c4ddd9111ac10404b593d60a390a4675059c5b7894d5

      SHA512

      1178ea6c3f9f032506241cf8b9a0551e7661c926e280cdc1336ded9810d5214f365bbd6377e7a0b241ed871a422bbcd3e18ac02ba09239191c6a21e4da781876

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      bfbed5c8d7a47663969b36b1e6bbd262

      SHA1

      33e6b3e4ce1c3b11eecbbd41abc59696456f8351

      SHA256

      f87ca46d38913858a3a91150d6ce2325d3fe9598a4a5a27075129f820882b037

      SHA512

      9a40fd0083c90846d774f0c9015d870c5ec28ac07226f73acadd0e2a61d5fe23ca36e885cd28574988175a6895248b8e8b89c6b2c88a1afc7bf259353e2b6e84

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      3e53dcbcc39801518d2e9e46d3b1ef67

      SHA1

      f4448371b6b53de2e064b6a6261d6e69bfae9af3

      SHA256

      69a18a2226d9573359e2579c4db135638c7e61b9e770beacb991f6d530af9f2d

      SHA512

      5223c2e36459f6ac9fa1fdb92a575a9c93c92e6b362b95b451580b21a24315e174d16f525d9e892743910f6cad0b35a2150b2e0ed14420b45800f833da2e26a5

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\CabE820.tmp
      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\SYiE87B.bat
      Filesize

      188B

      MD5

      1c041536d1110de59a27932c2bccdb1b

      SHA1

      5b30226139b03cbfb666bc44913fe9e5be70544a

      SHA256

      7b8fcf961cf4dff386067676a06e3b238b0eb64c5211ec00aa0d52b5e97bdb83

      SHA512

      683d056c0a2a6cc818196dabf94a17d18dc4caf8e06c9c88b40bb464f7f546d4ea3259799206243e205884d9f6921adeeb0c611e7ee46818d1aa114c79a04d7f

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\TarE890.tmp
      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

      Download Submit

    • C:\Windows\SysWOW64\winbtj32.rom
      Filesize

      63KB

      MD5

      90eae6cf84a07a9f8e29de18e930452b

      SHA1

      805514fd768abe9257306f66c6b3c2df4a0c62e6

      SHA256

      695d5bd653c057fa7445fdce8d3e2205bba07ff1739710ffa85717dbfa4f23b2

      SHA512

      cac27ae7b4da8081e6689ac4d41f1435082a9edf939549a3428ba2ca000b5bbea4cf8b28347eb88d4ecc83879a908e086ff6e9f8840c465a2e68e8523f68a785

      Download Submit

    • memory/1212-27-0x000000007FFF0000-0x000000007FFF1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1212-24-0x000000007FFF0000-0x000000007FFF1000-memory.dmp

      Filesize

      4KB

      Download