Overview

overview

8

Static

static

5

f6476bdbcf...18.exe

windows7-x64

8

f6476bdbcf...18.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    135s
  • max time network
    129s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    25/09/2024, 15:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f6476bdbcfda0bb7b67d9c1c05d419b6_JaffaCakes118.exe

  • Size

    250KB

  • MD5

    f6476bdbcfda0bb7b67d9c1c05d419b6

  • SHA1

    b374177a67362540ee2735417c91d2becfebd41b

  • SHA256

    d274c43e0538eca02eadde5fe9d29ef2c1187fc8e518ae1e615e81fab26a8bec

  • SHA512

    14d5a196668cf354c0b86c034e46edb1063f4cd67c803228a0a7bf1173973cce7a143ff6eca4fd904983e9c523a27135f191ea19ec261bd8d7b11484a9d4fa5f

  • SSDEEP

    6144:8hieuJDr5T8b2ufqBLjSB/MS7irtIa6cwoD8ZroSfjGFA:NeKrJJuf86AYcwoaoSbr

Score
8/10
discoveryexecutionpersistenceupx

Malware Config

Signatures

  • Boot or Logon Autostart Execution: Active Setup 2 TTPs 1 IoCs

    Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    persistence
  • Deletes itself 1 IoCs
  • AutoIT Executable 1 IoCs

    AutoIT scripts compiled to PE executables.

  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 2 IoCs
  • Command and Scripting Interpreter: JavaScript 1 TTPs
    execution
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 2 IoCs

    Adversaries may check for Internet connectivity on compromised systems.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Modifies registry class 26 IoCs
  • Runs ping.exe 1 TTPs 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 13 IoCs
  • Suspicious use of FindShellTrayWindow 45 IoCs
  • Suspicious use of SendNotifyMessage 21 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Users\Admin\AppData\Local\Temp\f6476bdbcfda0bb7b67d9c1c05d419b6_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\f6476bdbcfda0bb7b67d9c1c05d419b6_JaffaCakes118.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:1452
    • C:\Windows\SysWOW64\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Program Files\WinRAR\winrar.jse"
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2388
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://www.go2000.com/?g8
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2788
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2788 CREDAT:275457 /prefetch:2
          4⤵
          • System Location Discovery: System Language Discovery
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2664
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c ping -n 4 127.1>nul &del /q "C:\Users\Admin\AppData\Local\Temp\f6476bdbcfda0bb7b67d9c1c05d419b6_JaffaCakes118.exe"
      2⤵
      • Deletes itself
      • System Location Discovery: System Language Discovery
      • System Network Configuration Discovery: Internet Connection Discovery
      • Suspicious use of WriteProcessMemory
      PID:2756
      • C:\Windows\SysWOW64\PING.EXE
        ping -n 4 127.1
        3⤵
        • System Location Discovery: System Language Discovery
        • System Network Configuration Discovery: Internet Connection Discovery
        • Runs ping.exe
        PID:2712
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:2960

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files\WinRAR\winrar.jse
    Filesize

    11KB

    MD5

    9208c38b58c7c7114f3149591580b980

    SHA1

    8154bdee622a386894636b7db046744724c3fc2b

    SHA256

    cb1b908e509020904b05dc6e4ec17d877d394eb60f6ec0d993ceba5839913a0c

    SHA512

    a421c6afa6d25185ec52a8218bddf84537407fd2f6cabe38c1be814d97920cfff693a48b4f48eb30c98437cbbb8ad30ccd28c3b4b7c24379ef36ac361ddfdbf1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8b5cd8e896a208be60f6c6569c769a79

    SHA1

    9f5fe43a5766edc73a4f80e9a0849b6a9c1da624

    SHA256

    20d1ee2a08bf07b9901de226f6c4f8651d116b7ce872a580c9f08bd80eaf5a6b

    SHA512

    62e342b38d9208d2e56766be0781180f71c7a72822b0a4089aae64f9bf366c825237d6854525c171b56caedcaeae634a7b53e6b66f6a2a0a2fe7d1cfa85f0689

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    affe7a0a4051f1fcae3dd135e0014de2

    SHA1

    f5973d496aff2d756727cb5038b16d929c348bc7

    SHA256

    e97416d6e6fa9c971d9abc74efc11564ec713e1c58d5021b6c67bd2802ae7d3e

    SHA512

    9929667d01bbeba1e5f8a5a773ca6e243c05a6d47cd4d103dc7fb7582f0a96da76c4f19ae10a93ea3e54e5200596e8f5fc7ca3d93e59968a7228335711dcb029

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    58f3d845869e8ff7bc26c08380b3e27b

    SHA1

    6661ed9c568a56f5b01000113326a259e87ff39c

    SHA256

    29356618fce7021d7e77e89623f324d55e658a2891a35550383649f35b0bc298

    SHA512

    e0b66c2ba0dfb760a4be1d9da4948058d9fe7bca9dec2fb5f5718746d599ada804247bfad05026b4a990e4743e977ca8360e657a93fe77d3503d8ed2fc22285b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c7ca20252cc2e87fa4bf12d3b32ad773

    SHA1

    8152ae9bef5443e14b0a2576312ae0a381c6fd0e

    SHA256

    0ffd0e61d72c8178319750a7cde93ce88108907f2275330b7b7ef02aaa408a32

    SHA512

    23d47c0a95236ac5e4dfae97671a5e15f52825f28014e3dec3d5b2fa759e909e2fec395769954640a4bf71b5d395377787b82503511a78e9d2b6006062226420

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    12cc5935d31699744b46db3e4d7d7f61

    SHA1

    4deeff16b9ea3bfd595682529fa77e8470f79056

    SHA256

    322e9c08f19bff1f6d8d25814b33cb0a9ce61f0216b17f129c5ada5be8a987a7

    SHA512

    1341a8148bc3ce90e5358104197d9f8e30e6fd9d2787cb38ce0ab49c2473655eba75c53c4de60bc790a6a4b2d02ea17d26480fe9fbb0f54100738ef3f146a880

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6b42146e2fff5be6eaf8070d53f50b80

    SHA1

    f974180306a0753fe752ba7939471d47ac05ba80

    SHA256

    3a29f7f173fb58b773de9a07e52beeeff947101efc0038d395eaf250a600c9d3

    SHA512

    3688eb814e9cd194f78c63dce29ee2422cb1367ef2d65eeb745aa19745653dfce9974b1638e65524c161829dac804723864262fc6a984f5ab86510aa893e637f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9331abc19dc240844e27c08b084685e8

    SHA1

    8eb7bad7494f04adfcefc4c13cc6890a0e45ef3d

    SHA256

    11318bb416f29ae36f0f720a186312a229b09a6c8a0f4e25924ec92bd70fe8be

    SHA512

    b77bcac43823be86cb0c24718c2f54a401b59fecf2c6fa25e926a265191fb133a2db722302bf1473971a0f4630bf10ff3d130a274f657b4265f4961fd5c90008

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    aa1687bf7d4d4491fd043ef0827126f7

    SHA1

    5c48fb9cd84436793f4a6f5b39085e06ed939dcf

    SHA256

    bd63e5c60dd12778769d6db4bb2697e0ecf70fc292496cb8a5eb4c4053ce4cd6

    SHA512

    2d7eb07a110cae6128773dcb24bab1444868eff3ace69c729fe2469f61737e9bb008fe6bae88b938c0a2c0d9fb591904b772d30dfb10caa3f4e76808ab814915

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fd94f6133a706090a13961916b37a6f5

    SHA1

    9ace011581fc10ce58b125db1a9770b2332ebcc8

    SHA256

    deac4fb229ad21b23e0a2d5ef543523b2b43cb380699b4264605d56cb1e5e123

    SHA512

    821677757b3cebe7267be93a4343f73b255d6d0acb95292b2cc8417abc606ad714aaa5a4095f1c49754b4353fe8a88cb494b6272379ca2654258a8edcd79d2f9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3ff7f80497668b544c155b82a78881c6

    SHA1

    7e8c556bb168be218bd2d90913171165d3cb63d0

    SHA256

    d64d29292d4eac792db9293157c3f1810df934c2633b78de16726b180a427bb3

    SHA512

    7fa5abf0a7b9f878bd622f82d5d921d5377bed73c254d03156365d183fd5f7b8351329e40c5cbe9d18788da3ad4bb8e1056da2120a34b2f50cf6d64b7c060b22

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9d094c17aa42f31c9c7a3aa3248b0405

    SHA1

    ec898385850facd17154e4e64c658d4c6df07689

    SHA256

    527d58d291bf64bc7b42baf6e37436c24c187e7691ef9fdbbcb3e20d544c2fc0

    SHA512

    7e9390bee69d78e0e9e6c7a1f0df40cce954752d7cb5550fe88afc914fec77568d776d589180a2366fe7a4ac44327fc37576f00fb30858f49cfdac023de3eba8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2ead90cb5d29838ca98c70787b41270d

    SHA1

    3b40fcc904b2e247b1c674cea885472ed732aed6

    SHA256

    83259a89e438d295ff93a147f3ac5a29819767b561f42287cb9dd298727a86a3

    SHA512

    8dacdbefddd518f59f837b07804aef542d90662260fdb8c769d9a364e6fb8c85d0ce5a0fc58765fe02fb7890e0c33dab135f115de5fb90496f4cf16d17436aed

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7369a8a55854cb84653c9ef3aa59148c

    SHA1

    c54456e8dfc0c4d35c54021831c8d97f1c8ee88b

    SHA256

    2430c2ad8f0737c15fedd5769aca7c4801849e0987513cec4aa6e647ad8712de

    SHA512

    8df77c7f90071242142b3a58799e3f7be47938ade8c6c20322d97454aed59a2dc5d5e948a7836910c893758c9dd2b776878fdd26620c0c4a9e5684a1e25013b1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1924682b68b19d80d46e3e090b3f012e

    SHA1

    520fadf348e26422d591ea0c6c735ba686edb8d3

    SHA256

    4d8baee6d5720a057c70aba83f30b225720863f4743ec0dc74ff03cb17ac178f

    SHA512

    425e08210d144549f2a5a8e0ba7d8136c95e6f5496c538701c74e2037b187a3c6c76ddf30ca0fee5910b3e87c8591da59fb6ea61965bf7d6257df2d1a35e1858

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    beacb8e9da5f039885a4476e0820a8a1

    SHA1

    2dbd351d6c0a1128250b13b53c99a6a2da8dccab

    SHA256

    1811b55d224e2391a6efcddbb47940cdeb618fe354ff567bd107d989146dff2e

    SHA512

    fd187df0808cfbe2cd410661d9f035339c9300c35c1334e76a326cde7f12fa1380c02c81f6e3e319ec79c3d7429fb38ab920e9eda8974a19f6f01357b77f52fa

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    afc50c6668ed4a84107b6ff837a2aa3c

    SHA1

    56c63b53748cb15c790cf4b850c356da0e8ebd38

    SHA256

    8fca151ccb2a49a6b64612f8cdd91b378d877c08c6ce234014e4b1e09b7993db

    SHA512

    a07e13a1e37b9d627d27a3da70f0c18ae2f2e4e4ada52b49b245a9c7b7532e91bf977ecfcb81da53c2b1f58aaf5cf0c0cf428bf7e14f79ebd4b832cc04b35367

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    38ef007eb64699ea43cd4d9a71a23222

    SHA1

    507e5b9c9e6e309dcf1618a6c4babff48f181ae5

    SHA256

    50ab13a64591a1e3444db61e941ce91020d5f9f8868db3f2632ecd9bd67c380a

    SHA512

    debfe30109e9a600e75b05bc5720358aedb4448bb1d745e2270ebdd25d062f7a318b15841495f89074aa45586b4a1e328f4939b1a1a034b72f827e171d1a9306

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7f4fbd75946415ba702f9ebaaf9ba8a8

    SHA1

    adbb2d064cc68a9be839164ce1c144c39f54890f

    SHA256

    a0e113dfad975a9cdd9bf4a8f54e380cea9df57110dd9dee32760dbf3cc94498

    SHA512

    67da277978e4bfc78d556afefedd9c4c5472df5f78c26c64f00dccde70bf84917b01b803f6cdc62b373a0ed56fa6ce0d70334dde0d591366ac520c02d1d9fca4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    18bf0b7f3937e8da37ef2ade33ea0ecd

    SHA1

    06b3249f75d652fa824bc278a98d32d1889d7d91

    SHA256

    88f5814ced965efc14f40d9f6e999692a7a8315b4f09feeb629c9696b2f3125f

    SHA512

    9c84c3035bfbae2cdfb94730c864b4d39ccc1139f874a75795bd840f54a2eb2cac846f4b0b3d753a64b93880dba328f79fe7276a7b280e4f4993d3686ba8cd42

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    39b7d51eeef4acc161c0213b793f2d2c

    SHA1

    aa0775db66842bc8e268c78bc11f1ba971929206

    SHA256

    80af49ced8980ca4b3d0deba97241a1e941ab953c79b5045f3b77be082c093b3

    SHA512

    97dc7e3712c823af9f95bf3da9bca2b6ad004f3bc432124141dae13d23cf0f6c7b562fe6d53eab294135ea57e3e4d44b3d554fbca2d495965a7c95b255fae8c1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4c341f2450a43ceda35cecceea620398

    SHA1

    5e7021a83d5ed873412f48ffd95136aa01561e4a

    SHA256

    a8ba603e3c275c50d0fe5b2afe7c4408a410bc011109ce44f045ac3848f3f6f3

    SHA512

    e9929d9986648a5e6dd1e00401d139d9143d9c71d9b960b878b222141e9edbccba0639d31b86920000ae0241667cebcc48b98c2202f8bb007a27ba9245d6a9a2

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabB4C1.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarB4E3.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Internet Explorer.mmc
    Filesize

    255B

    MD5

    a0c4d2f989198272c1e2593e65c9c6cb

    SHA1

    0fa5cf2c05483bb89b611e0de9db674e9d53389c

    SHA256

    f3170aeec265cc49ff0f5dcb7ed7897371b0f7d1321f823f53b9b0e3a30e1d23

    SHA512

    209798b5b153283bea29974c1433fe8b6c14f2a54e57237d021ecc1013b8dc6931dedcc2fe173d121c719901045fdf2215177ba164c05d703f2e88a196252ec4

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.mmc
    Filesize

    149B

    MD5

    b0ad7e59754e8d953129437b08846b5f

    SHA1

    9ed0ae9bc497b3aa65aed2130d068c4c1c70d87a

    SHA256

    cf80455e97e3fede569ea275fa701c0f185eeba64f695286647afe56d29e2c37

    SHA512

    53e6ce64ad4e9f5696de92a32f65d06dbd459fd12256481706d7e6d677a14c15238e5351f97d2eb7bfb129a0d39f2603c4d14305a86821ed56e9face0bc252b6

    Download Submit

  • memory/1452-0-0x0000000000400000-0x00000000004B1000-memory.dmp

    Filesize

    708KB

    Download

  • memory/1452-36-0x0000000000400000-0x00000000004B1000-memory.dmp

    Filesize

    708KB

    Download

  • memory/2960-1092-0x0000000002230000-0x0000000002240000-memory.dmp

    Filesize

    64KB

    Download