Overview

overview

7

Static

static

7

eabaa43811...18.exe

windows7-x64

6

eabaa43811...18.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    150s
  • max time network
    134s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    19-09-2024 06:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    eabaa43811f4e4e0603be464824ffcb5_JaffaCakes118.exe

  • Size

    508KB

  • MD5

    eabaa43811f4e4e0603be464824ffcb5

  • SHA1

    bd1781657865a914c51427c5818c5df06fbdd20b

  • SHA256

    8cbf3e85067779d5d2a5cfa995941495c03c8155e5c4c7ef8932ebc5a98b1ba1

  • SHA512

    dddb967a34a4e2be62aee52ce17592f9b5c04083856acef8ea8427c1c26e7bb228b560eb3f854c95888ff4eae0eba240b6b1c56156f8c8a5cfff9e894c541db5

  • SSDEEP

    12288:8B41AjeXmRjw2IolsDcVGPfCchG2n4bLiCb3sJr+CIO/Md:8218eXmRE2I4sIsfC0G2Q2DB+Xf

Score
6/10
discovery

Malware Config

Signatures

  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 3 IoCs
  • Suspicious use of SendNotifyMessage 2 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\eabaa43811f4e4e0603be464824ffcb5_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\eabaa43811f4e4e0603be464824ffcb5_JaffaCakes118.exe"
    1⤵
    • Enumerates connected drives
    • System Location Discovery: System Language Discovery
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2752
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.51rwx.com/
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2276
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2276 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2796

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6d2487d96d977a659aec07b45b3f8e44

    SHA1

    7bc4b5a3b1ef7d20504f66f68daac2af1d246bf8

    SHA256

    82bdc9ff1fb02f86d2102f5db7053b1fe95473a6badf0a7d884543760300edd0

    SHA512

    62effa2e52500d2b3c0320258867c6c6cd14b50578ef15f99944a0acf04260611599d96df187386fed527ec2948f0156edf69b41b39fbf4e00369f8c8c67355d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    698188c388e0f8ed59e17585f5803588

    SHA1

    823305eaa402c96c9c1dd0b6239474f1f2914947

    SHA256

    a0004838a25f6b4b823ea0bfdbd4d54664be3a8ddcd42ef337082e47c3a9126b

    SHA512

    20b76a7958ee9b061574480c4ff7221bad559c749d005f2aaf27800acbb504b9f507ab79ce0954f06bb07a4bb80b81f5ea2f3d4243b565efd40e86ef85177829

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7405fef1ea2e89d58c1d238ca339e5ac

    SHA1

    30c86069e6301150aa4368d1e1a0a7c0809976c9

    SHA256

    b4f76450ed9e8dbdde836e9743860ba0639c23c6803e9acf8b088dd869371be8

    SHA512

    69a9987ec5e73afa63b970ce3583bf932671bdd09e24d6d2866c1205d4054f623bdff4c061ccc181562d9a668f5f0b61f2462c28402be5819ed52761c6fe1916

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ad7a1c2428e64aa0c1b020cf601c3c08

    SHA1

    62b0c9f3b0128d1103bddc6a1aec74d6118d911e

    SHA256

    f3f1d4040c03a1979363c1ed89d55fd0b8a13cec43c1e1f00b3d7dd544a70ce5

    SHA512

    c58021b21a822d4f1611ccbabb7f55d95ae11abb63fc1fe6b92358b92ce7fd1151d001ea906b0d59535cf47071d3f1a26474bc0897bbbb142e36e8d114dda6fa

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9257f2f7e9162eb8018a7ea895ac6790

    SHA1

    880526ec53c784fdde453d75d3d8769e18c0ae99

    SHA256

    e2562a34b54579a5757218898311519d89f7777339ba6bb3d872a955bf1e60b7

    SHA512

    0649ad79f1a2ce682fcfcd6450973e5abbd69fe87c3d94059c3f8886d151fa7555f814eb44dca516117b82970b7fc5b37bbfbfae88c1b554349d9e3a3d5a3564

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    bf9457b0439a97cce48d6a971f80229e

    SHA1

    308ac28e170be08c356c637b1ae4adaf4850ec24

    SHA256

    7f5b486a56cd41db21dd20f51374752fc73553f9f08bd74660a7f29533c1c040

    SHA512

    ca44974d7be91d1de7e1a822ad45bab9e2079e04966e96816a18af655f9abe0073d3b13c9172b39503d68c918ccb00a9e7050bf773b871a76df28e401b87118d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1140f4d747d4cd7a2ff7ef1c4108f4cd

    SHA1

    54bab1d4b8927ca36a8001962566e277c077aa0c

    SHA256

    aa8ef249617ad55b6c7157158eb5436762e55bd85bbc26a77a5a1b53fe21d6b5

    SHA512

    5302f513064f51c8ec18ea558030b75fa2d49ff32b3230934ad2062b07576996b8112ae352cb38119e1be68e6492ab98e942e0fdde2900f0272db698399e769e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2bddf187c8e6fe75ecbccdd3cd1da38f

    SHA1

    06007f2f0a5123ac4cf46c9b03a32431391da4f5

    SHA256

    056dea3953d4159c367c4fa5f6618f0432ccdcd5cc914718aa1c989fdc3157b9

    SHA512

    110526dac27974ac95ac993cc36d53dbd7bf48799a14c45df7effac3ceaf7e29a6c53c79a927ba9af8d56f932a72def26b76da027c35abe6874bfe2191c142bf

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0bfe3cee2ab9e1ce8257af86cc068941

    SHA1

    4627306e718d563613a6d25f6fbac49844ea107f

    SHA256

    0c47c7099d086801739bc91a5a8a2503ae18ec5b93a104d98c645b45f19f4e99

    SHA512

    4c5ed2b0d77cc9d492fe8ddd51cf195da9807075bfbf7cd6725ea6b87693820184c25810e8d432210ad52568aef7281a32e6dd8635aaef41d781d76ad666b5b0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    97957af601407e5764c9c944fe2568e4

    SHA1

    dfb4e24fc52707706df227425e68f3b37a8a5a7e

    SHA256

    9665a0c0aff7a4f4cca53961e4520ca4e8b446fde11a29f341522c1edf344c85

    SHA512

    8827c8492d6c4ca26c6b598fad86403b64d7a2b82aed87d5f18e656587aeb4703d401808b137cc629795d99b5dff610c576704a3d52a26835d2ffef480cec40e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1a78fcb924908ffb0f7aa867264ab469

    SHA1

    213ca2a9bdd32491d763af2009b377f70dd71e8c

    SHA256

    95f2f5ed04413d952d5383c7ec198810a7c75727cfe60f623b13e6b2ac70acb5

    SHA512

    59a6761d411f50579992d7973b6a19090eb5b462358c2747389e1bd0ed14aafbe8a743bf364a0d9e08216863ce9153a5844f2fec57017364b0cb03e97b99e3b0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    413a2331637322a10cc523f9f88abd5c

    SHA1

    34a8603c65f7d6a3a167d7772eeda8e6394ea87e

    SHA256

    0a49398205697a2cdaca2ffa8b654ddf52fdb180a8cf40e47cadeed37305ce25

    SHA512

    ded4cd8bf3ff8d18ff4d8470b0b373b0e7d7bd71a38a53a14a8f4f89bb722684ad88bd975c03f5025f92ca831f8987be76b2838d870d68fdd7ea5afec5e18344

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d315b228d8dd524cd3d868132fe9bfaf

    SHA1

    d8bcf7eaa52d5e404753a2db8ce6aedc37c9f1ae

    SHA256

    5c8de7eeec2fe59845a6eaecf672ca5c7c52d70435a22aeecb131e83549e9cff

    SHA512

    dfc233bc002d84c6a92482bf4530cc42955d755c2531ba7038b756e90fe5d13fe9747261738efbb0a39f6e17d804cb8b29b2f03e9d6a22e12912c1fe6b64c292

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f3a027e89182176d4f70620ec1ca704e

    SHA1

    dc4ac933a7ec9bece912e9a03c7f10b5618f22f6

    SHA256

    c4d36301bb6f6db07f84f5f7c1b47a87ea7f608cb1e137a380b6ed5cb6324552

    SHA512

    8916575fc2916ba128165b89573730f7d013d30ce7bd145da2173ded91bc08164e5de72ef8f4629d3248edeaec2efe3a6e559e0822ecc08cfdf32e0a48793f9c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    391a567ffc78fbb3d1f1e3c4abcca70c

    SHA1

    b82c7f95b276d4376cd99676519abf8b4758c883

    SHA256

    d4eddb6b082f09562262cd6964ae381eea00467c32193f9cf7cc334c4bcb37c8

    SHA512

    a3091183184daa2be5b1161b92920d441f7f7818394ab0b198619991351cc1a2a64acd96ca6ae392155a3d1073a7b54021e581176dd94c094b45c89927e62a0f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4677c17f76b7e165280f24a3a0a78f6c

    SHA1

    f6a5d10158719e4b90b2d8de844c1b718221ca79

    SHA256

    520582bcaee4724404be9feb0985cec1878fd3cf4cc79182ab374aa22f39afdc

    SHA512

    0f6290f0094d033794d39d3ef3a6672e2f84a5b3b38462aee8e905acfdcc2deb67cc6ac18b39a1a54c0e3e56de5d3357dfe7bfd7f18cdd11fc728f22af0311da

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    605c7951b70dea02fcd4ecfd36c3ae6d

    SHA1

    57b7ac8a3a1d96d8815c433827f6cf17de66bd77

    SHA256

    fffd696d4cbf441815d14f0382ab6aa102b272a27d8ae1724098c1ea5be70e9a

    SHA512

    b93805d62cd2633afdcbf6f605e51655458fc5b84646857a72325dfce6e63412586fb585a673f33bf820d01ea1de263496a241aa604d8601b389b6f612912bd9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d0a551735d94838f07ee6367049dcc35

    SHA1

    a8991f7610c73d919c8090f46e4a14a82ec0ea1c

    SHA256

    bff8a35ba947e23d4c3850799544000643a120265c038337c5bf1a70df79e8e2

    SHA512

    0ce13adf9abbac3987a2188fd4432f7681c175c55a9ccd033ba70b3fb0b4c3e9a3563584380001b3e93140a5dda862c90fbc1ca1b22d6f2cd9f245e5d84e62a8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a4d6493d8f32a31d2c78ef80c03a98f6

    SHA1

    ca23d3f49cea48d91b52f62b7dc16853668d59a0

    SHA256

    206268f34a4efb6cef7dcf80229ec779e1144a4d95a4914b458d30205ce7e48c

    SHA512

    8e618cfb70cd566da6e22bce9837f1d72316e68d692d482fc086455f617dd6605276dd7f6f1a09e2dd74423b3eb7e7d5aa86715d52bb84b2cab84a3c1abef8e8

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabFB14.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarFBC3.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\saphardana.ini
    Filesize

    8KB

    MD5

    ca5afa3d879c19adf5d675cb0698c2a0

    SHA1

    146c4b99c0da3e75871929c591b1ac91b2c2e6f1

    SHA256

    b4a80cda1644933ff6c11d295bc5f20877ce902184ce4af86b489bc18237b94c

    SHA512

    276cd2c2af0230559e5af766854645a418548b17ff4bfb2c4a0872c88aeff4810d05f329064920b293b9ac15e0ec7d62c4c642c3a5e627e97d271ce8260a7f9d

    Download Submit

  • memory/2752-828-0x0000000000400000-0x0000000000590000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2752-825-0x0000000000400000-0x0000000000590000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2752-824-0x0000000003650000-0x0000000003651000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2752-0-0x0000000000320000-0x0000000000321000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2752-395-0x0000000000400000-0x0000000000590000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2752-394-0x0000000000320000-0x0000000000321000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2752-393-0x0000000003650000-0x0000000003651000-memory.dmp

    Filesize

    4KB

    Download