Overview

overview

7

Static

static

7

f0aa403a53...18.exe

windows7-x64

7

f0aa403a53...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    140s
  • max time network
    144s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    21/09/2024, 21:39

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    f0aa403a53d8b648d846fb0d15c0a92a_JaffaCakes118.exe

  • Size

    1.6MB

  • MD5

    f0aa403a53d8b648d846fb0d15c0a92a

  • SHA1

    802d8bf182ea498e4eaf22313212960fc56c26f1

  • SHA256

    b93e4bdf71da62156d8d2d8706887b8cf45d2074e09826c55bc88b76aaea0b30

  • SHA512

    b4ffc2f4dc4a229645720371560c93d12027fcda3af736f166ae7149bf39b406845f722dc23beba96b314e477f891696301cd9450c239342da05991f9b7932fa

  • SSDEEP

    24576:Ydg/x9eL2NLxSbt5bDptKtXb/VHoxbiQbGvK9CxPWI2:Ya0iNCTbFmXBQiYCxPWr

Score
7/10
discoveryupx

Malware Config

Signatures

  • ACProtect 1.3x - 1.4x DLL software 1 IoCs

    Detects file using ACProtect software.

  • Loads dropped DLL 1 IoCs
  • UPX packed file 8 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 9 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f0aa403a53d8b648d846fb0d15c0a92a_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\f0aa403a53d8b648d846fb0d15c0a92a_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2272
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.59tou.com/
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2428
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2428 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:3032

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6e7ba9824b421d91be0478c1f3890a54

    SHA1

    7202e75c0739b2431b1e15fcc2f07f2d7c685e79

    SHA256

    c7863a617915f30a085976bc7fe2323968910cd79c5d894059bc80462673c043

    SHA512

    8c431b1a1ee5efcd30c06ad5d64e51d71f389bfd812baecd6e1303857aec1a35d8f72c54221b432456bac278a630fd7cca1479de98a60b41cc53b88f0c668ec4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6bc067767a3f038d9c1c96dd46d3adfe

    SHA1

    0e45a6837a2d68f29506385a186f46270e0e48cb

    SHA256

    6fc76b7793fcebbf7b64539094d67a4d246f311da5066672a1971be3349ec8ff

    SHA512

    df044b8e12c2ecfad860f80f5ae2ea2b72584846b1a9169df4159fe632bbcc598451fcdc1cdaa36e353377cd84819d467c51461e5c5081ca61884cd299b05146

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5bf9eeca8f4ec2819c673d6967adbbc7

    SHA1

    e408c89f924736fe44dc764bb8cdbc7e45e66a9a

    SHA256

    1a3c8e6fcea9b64f0f153ab2acb43345154ca682cb84a1d5e8d5bbfbf2f75996

    SHA512

    77ac96cd46424bec57f177cdd6417c5d0e1ac0d6fdffec390c7470acafb6172e977e25743c9a56d3623afe32c0270fca52bad1dfa6b310d730ddcba8b077a8c0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6bccb135f2c029f9d49a8072b178f479

    SHA1

    94602a7b4dfdd0f71653880e84199ae0dec60325

    SHA256

    f5c25bdb3f789c07bc5778bdc4090901c832283201acdaa732686c3d566ce393

    SHA512

    24fae641e1219f57461deceb29ad190307743f89b40a75f7a5904fc57cb8628f189d5b8256fce7384e27459fcf6815581478e44cb22d6bd89e3f4c2cf59636bb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a9a73087fa2739e052ab8e32321d0ea7

    SHA1

    68e0adc144478a816ee44d8103e4032bb8d0512c

    SHA256

    eceb6e8936f6e1d02c5c6dbf83d7111f6f3fbe9d4a0577d1dd09cd9500bb2fda

    SHA512

    e87d9a9ef6b8c5cbcea9bd0ecfc2199824b151e28416e424c89a472431e0bc38a933ecf0dee58645d641e5ac2dfb07b1ce225564746df50ab43edbb091ebd8d6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1dcc5b7d043e0539b1a255937dca1588

    SHA1

    46f7a5e5b1c9a6c2aabfdbb004da191c23967f77

    SHA256

    b83cb1218d43fd0a27db78c47cc658e2d09349faeccdfa2959c86cabcb335a1e

    SHA512

    f4d6d2dcf61732553143c68c03446de70449816bb80f06ad3654f353d61dc2e235a190a000d24dd55dd376a634501bebe4ba12975789e6307b875b4caf11b2ef

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    cb0f612f5192131d55ac1f69b5fc1343

    SHA1

    8d4821f6b8951d5ffd7e7002fdc85aaf7b41295a

    SHA256

    94e0b0a7491209aefe9bc6d030aaf9b34d8e1d6d90ba1c5c3f1017ca1509948f

    SHA512

    147c6e7a586872d70ec33523ae938db37e663dd88d542a8c74f3727337d4ce10152ba0c497958af80d15e3b65aa821775c8d0f66ecc758dfe8208ebba6f648da

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e6624eabe9cc836d6dee6fd7494cbeb2

    SHA1

    7f7b01ae1c311839875a579a380ec78d8ea90d03

    SHA256

    db2b690b4fd86f0c464e8b73709fb3b9f94d84b5a9bcb1718636510ae5b67a11

    SHA512

    3b7e171cc8fe0c8f37434ae09ebe1d538875158987614abffec78503a1583aafa921229a6e8a36668f5025bf97b2e93795d3c79995822286d3436b02bbfd778b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8cf4b2137a26b8d62ce1983dccd4068d

    SHA1

    408600c7c1e814fa69a1e63c261f3e32f9920889

    SHA256

    138c67a977834a9b077a14ba655ddc1cc5c536de504e66a661907b21e27b0781

    SHA512

    be9fdd7d0dafba253e6eb37be580f2d0daae60f08ef210576c559655ae4762a8050bdeb6145261ec360e5596df131b9a149ec5a2511505e5f54159cff02f7390

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4422ad47a063a0e8e5e68112a8279b42

    SHA1

    c5bacb8b00d8c98cd951004a2610669bfada5a6a

    SHA256

    54212df344cb02c0578474a34c19dbe497f3cd5d733ce8c6bb75b9f390045258

    SHA512

    42ca5060b937419caf8cd8e7b5e632dd5f074e4589bd56f39c00e6fd2ba850281155e910dcea7aad131939ca60f604de77f0fbb07d9ec7db36ea7dfd9cb17146

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    54e8e18ea3e2301b14889ff3c3f2f308

    SHA1

    84ccd197a47e12a38b5e469fb2380d6bc749e7c7

    SHA256

    bb8a58ad763e044cdeb419c13ae907b2cce767f10d9e55c7de1855cd7fb367af

    SHA512

    5b0cb83c51d52e9938e93cc01ae5713058b084e7176abc41c55e1673c44a63141e39618011b33c628d8e15ce154d08d54b6b717cc7634de432770aaa88e81a47

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    838a57c6205cbf6dda5c87289256b25f

    SHA1

    91f8b3c4ebc1be0e08ca73ff795cd3d8d911bf59

    SHA256

    51359d6cd218c613836cf0c10bf6e56f26ee8fa27b3819540020831c9048ff60

    SHA512

    4fceb69ee59940f4f6284929f1761a2a4ecc82bca14289169af6df52032b347fd8bb0cc3d3441c554fad8287951c72b03d5e022c3705c760c1236a5cd0ae1868

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e3c60d6f26cac5a9da682c179908fa24

    SHA1

    dbb3b7ba5b688a4b1b26ff5897d4801ee1f9d641

    SHA256

    d896d39dbff2d5f9e75e14d1a8e2a90558e3d9c3ad6b76d36b5269610b798cd3

    SHA512

    445791912b03a290cde1922a3871ac90e746ea93e4d139c3f37a78714002f541d787e07b14552f3ef4aa25dd5805e5d83e0f35bc48549fb2b6d191dec5f040bb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5afd8a303aa0b7e319dedf16ca83f57c

    SHA1

    50e3fc0d28a29e4aa04d3b6f57fd397e51c273ef

    SHA256

    3a39f33af1ba862e98e2377cb664213c60d075ce16cb3216817cb95581d6e55a

    SHA512

    9980148d7bd4d2f57f2746253bdd5c6c40692f0595ee4318d4e0946aeaa47859122220bd0b28a5932943e6812cd837dc133de4bdd9dbfa2c3fff9665af0b2a6e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    10da6e4a406f5223a72fd423bf255a4e

    SHA1

    9acaf1b2565c00445443325889eed626448d7853

    SHA256

    0e042ad03b71b8360aec615b09ee853333c4a795831bd1facff4de149d9ddb4f

    SHA512

    7ac3c6760a8641ecdce4d1d8782aa78ac9f466b4a3918349867b22356284f6bb5495f54974c5cd80ed9db2d749be270a82827a8c46f3bb50aa624b69a3c6abd5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b3e949cb13c8d29d6cb2bca8e782cc7a

    SHA1

    74843e2a4ae87a68874238a9204a723ae5a9795b

    SHA256

    6dca4ed9ba9e5fb1ffba4326fd5429cd8833dba0de660aefeacf1a22d8d6c441

    SHA512

    6f16833644808de7fbf81f55beeeb4ebf872755da09a19571b4c28d56e36e3220d35696b1cc9ea4bf3a8a39b3388f99857b80472ab49209b5109c7f4db77bb28

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    092af2a1f900e5525086f53eb6384cde

    SHA1

    a38f790c13d1ee322a2ef04a222729a79bd6f904

    SHA256

    c989e50ed8a16c4ee09c1c3428943c2f1d01a4c9b961067276cde9074a5c5cb6

    SHA512

    c3b0da9ccd86b9edcf6fc735f7ee3bbb96d78367f15bbce1301237ca80f507f57c8ff190cd078e76d4597efb4f1a3b1a4203f462e517bf8c985b6eb1f421f990

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c2b6ce94c82bb98fdc405dc101ff391c

    SHA1

    f2292fab8fe1816b3748fe0475099b625ae9e8c6

    SHA256

    d88f157bd81354585d740d72c3bb6c346cf1a795282708290b582fa6624551df

    SHA512

    94d951c25847172e4ec12fc945ff5ce23eae75c7af7546ffb37c543126df68cab3b38111f4d95959bad236f2e792892b2318af1b157a106e1c79871152f5965f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    65b7907bc7c509cf92df6711edef4eb8

    SHA1

    b11a88ddf232bc7e5e739838fe8391482a48e600

    SHA256

    ecaec20fbbe0ed1d0351a3024ee2146a51ae03d839ee1fb2dce6d62cf7c8a44d

    SHA512

    b596e12ec89735f3f9bfe5f49627996b4bbc054cd8ddd13bf543f4cab14ef95a16647c870e37486487180b3e4258683b12ad76372dcc0d38f6acb72854955b98

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab44FD.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar45BD.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • \Users\Admin\AppData\Local\Temp\SkinH_EL.Dll
    Filesize

    86KB

    MD5

    114054313070472cd1a6d7d28f7c5002

    SHA1

    9a044986e6101df1a126035da7326a50c3fe9a23

    SHA256

    e15d9e1b772fed3db19e67b8d54533d1a2d46a37f8b12702a5892c6b886e9db1

    SHA512

    a2ff8481e89698dae4a1c83404105093472e384d7a3debbd7014e010543e08efc8ebb3f67c8a4ce09029e6b2a8fb7779bb402aae7c9987e61389cd8a72c73522

    Download Submit

  • memory/2272-0-0x0000000000400000-0x00000000005C7000-memory.dmp

    Filesize

    1.8MB

    Download

  • memory/2272-7-0x0000000010000000-0x000000001003E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/2272-10-0x0000000010000000-0x000000001003E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/2272-9-0x0000000010009000-0x000000001000A000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2272-14-0x0000000010000000-0x000000001003E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/2272-13-0x0000000010000000-0x000000001003E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/2272-11-0x0000000010000000-0x000000001003E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/2272-21-0x0000000000400000-0x00000000005C7000-memory.dmp

    Filesize

    1.8MB

    Download