Overview

overview

5

Static

static

5

eaa4e3b52b...18.exe

windows7-x64

5

eaa4e3b52b...18.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    118s
  • max time network
    133s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    19-09-2024 05:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    eaa4e3b52b9b0276041c71129a3945c5_JaffaCakes118.exe

  • Size

    615KB

  • MD5

    eaa4e3b52b9b0276041c71129a3945c5

  • SHA1

    d795782c66d8ab6c3fb64dc13cef644c97fb052f

  • SHA256

    60a71b5151faf2646b9f4805e9b77ae69be8ae5f7267f076d2dce0e1e2e769b0

  • SHA512

    ee1c24efcad441f63512abd7cc54e47228a8fc14c86cb187451081f7d996433e1fb578e3bd48a0941a2827bebd85fca1a91241d4bc8193e415070cd3093814be

  • SSDEEP

    6144:aDdSjkAZ3bLuE8LsC7zhBiw6H5RyWufqoN7hsyyL8N6YAI6CI6fUzoyKcSs0uGot:EGZrLr8oCOt4VF14s31LAMs+cjtO+

Score
5/10
discovery

Malware Config

Signatures

  • AutoIT Executable 1 IoCs

    AutoIT scripts compiled to PE executables.

  • Suspicious use of SetThreadContext 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 5 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Suspicious use of WriteProcessMemory 25 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\eaa4e3b52b9b0276041c71129a3945c5_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\eaa4e3b52b9b0276041c71129a3945c5_JaffaCakes118.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • System Location Discovery: System Language Discovery
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:2696
    • C:\Users\Admin\AppData\Local\Temp\eaa4e3b52b9b0276041c71129a3945c5_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\eaa4e3b52b9b0276041c71129a3945c5_JaffaCakes118.exe"
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:1908
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://www.kankanhaoba.cn:9999/welcome.php?k=t%2FK9qMCtzqrG67buxuvF1Mbrt%2FK38sbrwK3awLfyxdTA1sCtwK3Iy7fyv%2BzArbbuxuu27sbrv%2BzG67fyxuvH672owNa9qMCtvajA1r2owK29qMCtxuvL48bry%2BPG68vjxuvG68bry%2BPG68Ctvai9qMbrwNbG67Civaiwor2osKLG68vjxuu%2F7L2owNa9qL%2FsvajArb2osKLG68vjxuu38sbrxuvA1sCtwK3G67fyxuvG67buwK3H67fyvai38r2ot%2FLL48bryMvA1rfFwNa3xcCtt%2FLArbfFwNbOqsCttu7ArcXUwK3G67fywNbArbfFt%2FLG68Ctt8XArcCtt%2FK9qMDWzqrArcbrwK23xcCttu7A1rfFwK3Arbfyt%2FLArcirwK3F1MCtzqrArdrAwNa3xcbrt8W9qMirwK3F1MCtzqrArdrAvajF1MCtvajG67buxuvArcbrxdTG67%2Fsxuuwosbrt%2FLA1sCtt%2FLG68CtvajG67but%2FK38rfysKLA1sCtt%2FLArcCtsKK38sDWxuu27rCit%2FLArcXUwK3Oqsbrt%2FKworfFwK3F1MCtsKLG68XUwNbArcCtxdS38svjxuu27sbry%2BPA1sCtt%2FLG68Ctt8XArcCtt%2FK9qMbrtu4%3D
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2536
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2536 CREDAT:275457 /prefetch:2
          4⤵
          • System Location Discovery: System Language Discovery
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2756
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2536 CREDAT:472084 /prefetch:2
          4⤵
          • System Location Discovery: System Language Discovery
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:1300
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://www.go2000.cn/?gl
        3⤵
          PID:2024

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      5a84f33c47622615afdec408856cadd1

      SHA1

      23e8343608c7c2676b220684de0f0c28f393f656

      SHA256

      0148a46d37244be9bb283dfe1a90606685c6f35e7a0091aa0aa4ddd8e610c298

      SHA512

      b45b6cee53cc4e0d86cda4b72b6da2b248c5e691de714b8dc518aebbf94bb2a4e9452a7cd1e00c2fab2d605a47fd02b51e35d90ab3667bdb7354bf14635d6580

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      10576bd2d74f8664025c2cd97d2ed3dd

      SHA1

      599461bd9119a00aa827c6da9eba4dd382e7f806

      SHA256

      0dfbecc5c07342ac3bdd66c280e3c23ba75fb5e6f04cae37d014822998245178

      SHA512

      6109924b6520d318cbdda3a57c9461d2f4dac9283ad31627d5ce14781747dbb5990128978870234ad433138292e988b37abdea5ce5f826c2548338abe6e351df

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      64b493a4299f88b63cd9be06f0b971e7

      SHA1

      0a9cf7d55b0009c24c9ba0828b3e3ea56c64f6ea

      SHA256

      78ca9103831970fd2e8d7e4eece9e0ea66ebafce47fc39b6ad342ed1a2d59ee1

      SHA512

      cc70168e225c524a7e8146137a8b03c88f3d3c912ff5b5cd97fc112d8a6fb91379d401e7db24ab21078fae758ca417e13f4bc0396a97136127c80ac3c6ce16fb

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      6ab0dd5e61c14391a067f99dd56944b1

      SHA1

      ed2effbe26e4edbdc4453caafeeed7ce9fe1266e

      SHA256

      56fcaa9f5c47b3fdacf3340fa843b81acdbaeba92e1ff779dc94431ed63e794d

      SHA512

      6dc778f1f83619cff9bbfc4f754b389d8c7fba22b213df1f10f8106755a60775b14763f3b83cced60497d513f437f4d85d293eb3e6a7f20a927bf7806e93dae8

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      d3586035c25aab30961d75dc0800e207

      SHA1

      730fcc8b57a6436e70ef7e0f43b02a2a151021da

      SHA256

      c22a9bfc4d37a319f65dae33ac5d7235f65b2100e9525b128bd696f5337507e6

      SHA512

      6f6baedb4e91d97e5bcf1a4b7a0fe1a85390e13c5dbb0295e129e26572c74bdc5577ffc18328f24b70ef31c77da2e0ad9d848245aaba0b2985813171f82d7b72

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      3a45c41f66761ea2fbdcedef116d29c1

      SHA1

      db9c035dfa16892770a475c87da2fcc68a16d72a

      SHA256

      b71ac4d2e0f13eada5a66f069506745c0ee1e41e626cb419cfe68e83ac981538

      SHA512

      0c7555a0878f4cff8df9c02786c772b39f937ab679fbf519e8ad9c11cfde5df3c417930c7a63e9571ac0279be8007091cf2fa4ed5d00cc270c78826539ab5144

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      1e3f6add7dfeee02a97a55b71f59719d

      SHA1

      6e9f6701cfb9b258cca91c6c2e11cf8dc09746f3

      SHA256

      a17bd66b89f9993c763eb4b164d66765ed59300671577c3869e5f25a49ca378f

      SHA512

      bfa77a34e297c085b20af74459f3f2d00adcfc22405d546677584cca5cce7fd54825b9d2dc3b72ad899443d56b308e8de34fb25a1598c332b05f4eca7b107bbd

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      7e7558accdb9fa701f72bd256bc0c7f1

      SHA1

      5b6cf71553956791bb006eee0e98c3ceb6fc6b32

      SHA256

      07db947589dba438c554416901ca5281c547dabe49caa987012ce4bff211b4dd

      SHA512

      4878ae2cd1fd1de1854f4382b42e01ca2c1de9deafd6eb9fca0917304cfcb37756a21127b5e8e737cb18f9745695796b26bd02140ba0e2d0b853adf275f0b007

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      52baff710693cbb3a16b5fb6308776af

      SHA1

      52b59c925252063e3864e1c68834f18883a4f9f3

      SHA256

      3d0f45a98d91b0cb169015540c5445c08f0a92f6048bccb7395b7eef0e10f5d2

      SHA512

      742bf44c4bd871310321715da17d13e650d93f96e2b2bd94cf96ee7def32105627882125b31235c6adff11051393ee9babd12bec9da49fdc69c687dbb7d2f700

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      9c59fba3fe5fbc1505bc6906a9d150ad

      SHA1

      3ad5d0abd19a3e43e93d8c907464ffeaeed5c0db

      SHA256

      13a60aba4884da454237f47924fabeca0bc607e939ee867cc3b833eb32455ab8

      SHA512

      23c8693516fe6f9e1f95f558cc12f96c245372d7e2f8472160f0d2baf2e6e3ec962d353a1be114914bf74f999585543b27222254cb24fd5d3f03967392d68220

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      75e902c2889e2f45f60bb93c3882e79d

      SHA1

      1e173870c589ba0787eb8c8b69b669517d2587b3

      SHA256

      f9fec1718eb2ce5d65197d3d4dc67fa5853b4b2d81917b176248ab556c6a7184

      SHA512

      f59ccb3f0e3549b5d857d0a6e847f0047a682e2c1d42a46884ff3fda833f08965e2810ed24692fb501ddc94410993174bccb3246404b9ac2f0206449bca6db47

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      c3fe4b6b5f6da637454a0d6c7c059d7b

      SHA1

      7794cf9b300849db12e54d1bb201fd322bf1184b

      SHA256

      d8e12cdd929409c545f407399d9da129b2941344edd43317a59aeb02db3d2dc7

      SHA512

      55cdaff5921836522649e0ca3ee041913d067a93db1bb009d6e495456e9d8e2fc787fee725bb88dad33b47625b3e78daef107ba64e6d199037729322f4dd1189

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      b81269e3e575d07c7ded23dc6fb14317

      SHA1

      4138495098c69c31f9bd00edf81bcf6d5f04ec27

      SHA256

      b2f2d8d3cd98528ae7290e2f2b45045c8351f0feefca47a05adcb716037cd113

      SHA512

      6fabb838cc41c922de82510c0e5d8c5de5aac418fa72b19c0b7ddb14805c1853541f000d1f191d82c467a6c9e62817355353564bf7dc00480e1c822fbe465e16

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      a3026e6d40ee3eeffd0aff995afa18b9

      SHA1

      29e148ebf374710833038cb679c8e22c9e992e92

      SHA256

      b5acfd87bb6c81586e0a7c5f29f3b97dd2be85148cd542d7245c3cf9a1d8f9d9

      SHA512

      6d89ccfd5f692dddf9e0467a817216b48e4fd8b1c96384e326c0038e2856017ac0bd7a26bb72a7203e7152f9a40f6b9d1d730a54e254a59682591c6e7d201be0

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      906738ea88a52c46324167673d1544f6

      SHA1

      203956fbc46a94ebc5f60b8a5d75a4c9104a5786

      SHA256

      ab22a3b0d1fd73b28cd79d50dc75d81e8386596183ee245df146981e050314e9

      SHA512

      b84868142a01c612fd909d5ec60cc86fb71223621999a3d9bcd0ee9686d6f64b52eb922cb82e073eef58e8bff4a8847be7c769366a16a7178ad57e181aa25e0a

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      59e9b3d458e7a1af5dace99d2b56d1e9

      SHA1

      8c276dfce74baaa90feab20b56e3c9596cc851a3

      SHA256

      923c0acb3602edb9ee686efd71ccbd3c78a5ab1e699266d1139535ab32e22898

      SHA512

      49a87de518938aaeca5045eb0f9e98d80c9787b05f2da74c11ed068e96e9e74dc9c1955062404f2c16120e7290465dc2df4367bb99a77ef9fed0d8a4a05dc802

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      eb3119b0806fb28b282165836f57b1bb

      SHA1

      d43ab944b1b0495caad69ef39db76dc7c3d802db

      SHA256

      2f20215087d788485c312a796622d260312d4a343ec78a509993d4884f2d842a

      SHA512

      43fe3edca81413c8417c1b3a89e02ac88fd8714df6a09199b2e595fd6e753f1588debc5c1e6d2091462dc9d53d3a368d96e1c333692c0bf32ebfa4a22ae2fc18

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      623f7a529061940bc5062895a803f2a5

      SHA1

      86b3603e8a96ecc2f4357bcb5d9d0e2285e323f0

      SHA256

      58c46a2f8b464ee7e122b455f780b9dea16f48f680f28165fc8ff96d636a2507

      SHA512

      8c270e4e1397b956eee202608bb1ca6c51fde27339f05e96891e759b758fb332637afde872d7cc8bcb611adc8f5f320c3108944bc8c276affa8ba58bd295965d

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\CabBC4F.tmp
      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\TarBCC0.tmp
      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

      Download Submit

    • memory/1908-13-0x0000000000400000-0x0000000000407000-memory.dmp

      Filesize

      28KB

      Download

    • memory/1908-5-0x0000000000400000-0x0000000000407000-memory.dmp

      Filesize

      28KB

      Download

    • memory/1908-9-0x0000000000400000-0x0000000000407000-memory.dmp

      Filesize

      28KB

      Download

    • memory/1908-7-0x0000000000400000-0x0000000000407000-memory.dmp

      Filesize

      28KB

      Download

    • memory/1908-3-0x0000000000400000-0x0000000000407000-memory.dmp

      Filesize

      28KB

      Download

    • memory/1908-1-0x0000000000400000-0x0000000000407000-memory.dmp

      Filesize

      28KB

      Download

    • memory/1908-14-0x0000000000400000-0x0000000000407000-memory.dmp

      Filesize

      28KB

      Download

    • memory/2696-0-0x0000000000400000-0x00000000004AB000-memory.dmp

      Filesize

      684KB

      Download