Analysis
-
max time kernel
135s -
max time network
129s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
-
submitted
25/09/2024, 15:09
General
-
Target
f6476bdbcfda0bb7b67d9c1c05d419b6_JaffaCakes118.exe
-
Size
250KB
-
MD5
f6476bdbcfda0bb7b67d9c1c05d419b6
-
SHA1
b374177a67362540ee2735417c91d2becfebd41b
-
SHA256
d274c43e0538eca02eadde5fe9d29ef2c1187fc8e518ae1e615e81fab26a8bec
-
SHA512
14d5a196668cf354c0b86c034e46edb1063f4cd67c803228a0a7bf1173973cce7a143ff6eca4fd904983e9c523a27135f191ea19ec261bd8d7b11484a9d4fa5f
-
SSDEEP
6144:8hieuJDr5T8b2ufqBLjSB/MS7irtIa6cwoD8ZroSfjGFA:NeKrJJuf86AYcwoaoSbr
Malware Config
Signatures
-
Boot or Logon Autostart Execution: Active Setup 2 TTPs 1 IoCs
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Deletes itself 1 IoCs
-
AutoIT Executable 1 IoCs
AutoIT scripts compiled to PE executables.
-
UPX packed file 2 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Drops file in Program Files directory 2 IoCs
-
Command and Scripting Interpreter: JavaScript 1 TTPs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 5 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 2 IoCs
Adversaries may check for Internet connectivity on compromised systems.
-
Modifies Internet Explorer settings 1 TTPs 36 IoCs
-
Modifies registry class 26 IoCs
-
Runs ping.exe 1 TTPs 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 13 IoCs
-
Suspicious use of FindShellTrayWindow 45 IoCs
-
Suspicious use of SendNotifyMessage 21 IoCs
-
Suspicious use of SetWindowsHookEx 4 IoCs
-
Suspicious use of WriteProcessMemory 20 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Users\Admin\AppData\Local\Temp\f6476bdbcfda0bb7b67d9c1c05d419b6_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6476bdbcfda0bb7b67d9c1c05d419b6_JaffaCakes118.exe"1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Program Files\WinRAR\winrar.jse"2⤵
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" http://www.go2000.com/?g83⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2788 CREDAT:275457 /prefetch:24⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ping -n 4 127.1>nul &del /q "C:\Users\Admin\AppData\Local\Temp\f6476bdbcfda0bb7b67d9c1c05d419b6_JaffaCakes118.exe"2⤵
- Deletes itself
- System Location Discovery: System Language Discovery
- System Network Configuration Discovery: Internet Connection Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\PING.EXEping -n 4 127.13⤵
- System Location Discovery: System Language Discovery
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
-
-
-
C:\Windows\explorer.exeexplorer.exe1⤵
- Boot or Logon Autostart Execution: Active Setup
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
11KB
MD59208c38b58c7c7114f3149591580b980
SHA18154bdee622a386894636b7db046744724c3fc2b
SHA256cb1b908e509020904b05dc6e4ec17d877d394eb60f6ec0d993ceba5839913a0c
SHA512a421c6afa6d25185ec52a8218bddf84537407fd2f6cabe38c1be814d97920cfff693a48b4f48eb30c98437cbbb8ad30ccd28c3b4b7c24379ef36ac361ddfdbf1
-
Filesize
342B
MD58b5cd8e896a208be60f6c6569c769a79
SHA19f5fe43a5766edc73a4f80e9a0849b6a9c1da624
SHA25620d1ee2a08bf07b9901de226f6c4f8651d116b7ce872a580c9f08bd80eaf5a6b
SHA51262e342b38d9208d2e56766be0781180f71c7a72822b0a4089aae64f9bf366c825237d6854525c171b56caedcaeae634a7b53e6b66f6a2a0a2fe7d1cfa85f0689
-
Filesize
342B
MD5affe7a0a4051f1fcae3dd135e0014de2
SHA1f5973d496aff2d756727cb5038b16d929c348bc7
SHA256e97416d6e6fa9c971d9abc74efc11564ec713e1c58d5021b6c67bd2802ae7d3e
SHA5129929667d01bbeba1e5f8a5a773ca6e243c05a6d47cd4d103dc7fb7582f0a96da76c4f19ae10a93ea3e54e5200596e8f5fc7ca3d93e59968a7228335711dcb029
-
Filesize
342B
MD558f3d845869e8ff7bc26c08380b3e27b
SHA16661ed9c568a56f5b01000113326a259e87ff39c
SHA25629356618fce7021d7e77e89623f324d55e658a2891a35550383649f35b0bc298
SHA512e0b66c2ba0dfb760a4be1d9da4948058d9fe7bca9dec2fb5f5718746d599ada804247bfad05026b4a990e4743e977ca8360e657a93fe77d3503d8ed2fc22285b
-
Filesize
342B
MD5c7ca20252cc2e87fa4bf12d3b32ad773
SHA18152ae9bef5443e14b0a2576312ae0a381c6fd0e
SHA2560ffd0e61d72c8178319750a7cde93ce88108907f2275330b7b7ef02aaa408a32
SHA51223d47c0a95236ac5e4dfae97671a5e15f52825f28014e3dec3d5b2fa759e909e2fec395769954640a4bf71b5d395377787b82503511a78e9d2b6006062226420
-
Filesize
342B
MD512cc5935d31699744b46db3e4d7d7f61
SHA14deeff16b9ea3bfd595682529fa77e8470f79056
SHA256322e9c08f19bff1f6d8d25814b33cb0a9ce61f0216b17f129c5ada5be8a987a7
SHA5121341a8148bc3ce90e5358104197d9f8e30e6fd9d2787cb38ce0ab49c2473655eba75c53c4de60bc790a6a4b2d02ea17d26480fe9fbb0f54100738ef3f146a880
-
Filesize
342B
MD56b42146e2fff5be6eaf8070d53f50b80
SHA1f974180306a0753fe752ba7939471d47ac05ba80
SHA2563a29f7f173fb58b773de9a07e52beeeff947101efc0038d395eaf250a600c9d3
SHA5123688eb814e9cd194f78c63dce29ee2422cb1367ef2d65eeb745aa19745653dfce9974b1638e65524c161829dac804723864262fc6a984f5ab86510aa893e637f
-
Filesize
342B
MD59331abc19dc240844e27c08b084685e8
SHA18eb7bad7494f04adfcefc4c13cc6890a0e45ef3d
SHA25611318bb416f29ae36f0f720a186312a229b09a6c8a0f4e25924ec92bd70fe8be
SHA512b77bcac43823be86cb0c24718c2f54a401b59fecf2c6fa25e926a265191fb133a2db722302bf1473971a0f4630bf10ff3d130a274f657b4265f4961fd5c90008
-
Filesize
342B
MD5aa1687bf7d4d4491fd043ef0827126f7
SHA15c48fb9cd84436793f4a6f5b39085e06ed939dcf
SHA256bd63e5c60dd12778769d6db4bb2697e0ecf70fc292496cb8a5eb4c4053ce4cd6
SHA5122d7eb07a110cae6128773dcb24bab1444868eff3ace69c729fe2469f61737e9bb008fe6bae88b938c0a2c0d9fb591904b772d30dfb10caa3f4e76808ab814915
-
Filesize
342B
MD5fd94f6133a706090a13961916b37a6f5
SHA19ace011581fc10ce58b125db1a9770b2332ebcc8
SHA256deac4fb229ad21b23e0a2d5ef543523b2b43cb380699b4264605d56cb1e5e123
SHA512821677757b3cebe7267be93a4343f73b255d6d0acb95292b2cc8417abc606ad714aaa5a4095f1c49754b4353fe8a88cb494b6272379ca2654258a8edcd79d2f9
-
Filesize
342B
MD53ff7f80497668b544c155b82a78881c6
SHA17e8c556bb168be218bd2d90913171165d3cb63d0
SHA256d64d29292d4eac792db9293157c3f1810df934c2633b78de16726b180a427bb3
SHA5127fa5abf0a7b9f878bd622f82d5d921d5377bed73c254d03156365d183fd5f7b8351329e40c5cbe9d18788da3ad4bb8e1056da2120a34b2f50cf6d64b7c060b22
-
Filesize
342B
MD59d094c17aa42f31c9c7a3aa3248b0405
SHA1ec898385850facd17154e4e64c658d4c6df07689
SHA256527d58d291bf64bc7b42baf6e37436c24c187e7691ef9fdbbcb3e20d544c2fc0
SHA5127e9390bee69d78e0e9e6c7a1f0df40cce954752d7cb5550fe88afc914fec77568d776d589180a2366fe7a4ac44327fc37576f00fb30858f49cfdac023de3eba8
-
Filesize
342B
MD52ead90cb5d29838ca98c70787b41270d
SHA13b40fcc904b2e247b1c674cea885472ed732aed6
SHA25683259a89e438d295ff93a147f3ac5a29819767b561f42287cb9dd298727a86a3
SHA5128dacdbefddd518f59f837b07804aef542d90662260fdb8c769d9a364e6fb8c85d0ce5a0fc58765fe02fb7890e0c33dab135f115de5fb90496f4cf16d17436aed
-
Filesize
342B
MD57369a8a55854cb84653c9ef3aa59148c
SHA1c54456e8dfc0c4d35c54021831c8d97f1c8ee88b
SHA2562430c2ad8f0737c15fedd5769aca7c4801849e0987513cec4aa6e647ad8712de
SHA5128df77c7f90071242142b3a58799e3f7be47938ade8c6c20322d97454aed59a2dc5d5e948a7836910c893758c9dd2b776878fdd26620c0c4a9e5684a1e25013b1
-
Filesize
342B
MD51924682b68b19d80d46e3e090b3f012e
SHA1520fadf348e26422d591ea0c6c735ba686edb8d3
SHA2564d8baee6d5720a057c70aba83f30b225720863f4743ec0dc74ff03cb17ac178f
SHA512425e08210d144549f2a5a8e0ba7d8136c95e6f5496c538701c74e2037b187a3c6c76ddf30ca0fee5910b3e87c8591da59fb6ea61965bf7d6257df2d1a35e1858
-
Filesize
342B
MD5beacb8e9da5f039885a4476e0820a8a1
SHA12dbd351d6c0a1128250b13b53c99a6a2da8dccab
SHA2561811b55d224e2391a6efcddbb47940cdeb618fe354ff567bd107d989146dff2e
SHA512fd187df0808cfbe2cd410661d9f035339c9300c35c1334e76a326cde7f12fa1380c02c81f6e3e319ec79c3d7429fb38ab920e9eda8974a19f6f01357b77f52fa
-
Filesize
342B
MD5afc50c6668ed4a84107b6ff837a2aa3c
SHA156c63b53748cb15c790cf4b850c356da0e8ebd38
SHA2568fca151ccb2a49a6b64612f8cdd91b378d877c08c6ce234014e4b1e09b7993db
SHA512a07e13a1e37b9d627d27a3da70f0c18ae2f2e4e4ada52b49b245a9c7b7532e91bf977ecfcb81da53c2b1f58aaf5cf0c0cf428bf7e14f79ebd4b832cc04b35367
-
Filesize
342B
MD538ef007eb64699ea43cd4d9a71a23222
SHA1507e5b9c9e6e309dcf1618a6c4babff48f181ae5
SHA25650ab13a64591a1e3444db61e941ce91020d5f9f8868db3f2632ecd9bd67c380a
SHA512debfe30109e9a600e75b05bc5720358aedb4448bb1d745e2270ebdd25d062f7a318b15841495f89074aa45586b4a1e328f4939b1a1a034b72f827e171d1a9306
-
Filesize
342B
MD57f4fbd75946415ba702f9ebaaf9ba8a8
SHA1adbb2d064cc68a9be839164ce1c144c39f54890f
SHA256a0e113dfad975a9cdd9bf4a8f54e380cea9df57110dd9dee32760dbf3cc94498
SHA51267da277978e4bfc78d556afefedd9c4c5472df5f78c26c64f00dccde70bf84917b01b803f6cdc62b373a0ed56fa6ce0d70334dde0d591366ac520c02d1d9fca4
-
Filesize
342B
MD518bf0b7f3937e8da37ef2ade33ea0ecd
SHA106b3249f75d652fa824bc278a98d32d1889d7d91
SHA25688f5814ced965efc14f40d9f6e999692a7a8315b4f09feeb629c9696b2f3125f
SHA5129c84c3035bfbae2cdfb94730c864b4d39ccc1139f874a75795bd840f54a2eb2cac846f4b0b3d753a64b93880dba328f79fe7276a7b280e4f4993d3686ba8cd42
-
Filesize
342B
MD539b7d51eeef4acc161c0213b793f2d2c
SHA1aa0775db66842bc8e268c78bc11f1ba971929206
SHA25680af49ced8980ca4b3d0deba97241a1e941ab953c79b5045f3b77be082c093b3
SHA51297dc7e3712c823af9f95bf3da9bca2b6ad004f3bc432124141dae13d23cf0f6c7b562fe6d53eab294135ea57e3e4d44b3d554fbca2d495965a7c95b255fae8c1
-
Filesize
342B
MD54c341f2450a43ceda35cecceea620398
SHA15e7021a83d5ed873412f48ffd95136aa01561e4a
SHA256a8ba603e3c275c50d0fe5b2afe7c4408a410bc011109ce44f045ac3848f3f6f3
SHA512e9929d9986648a5e6dd1e00401d139d9143d9c71d9b960b878b222141e9edbccba0639d31b86920000ae0241667cebcc48b98c2202f8bb007a27ba9245d6a9a2
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b
-
Filesize
255B
MD5a0c4d2f989198272c1e2593e65c9c6cb
SHA10fa5cf2c05483bb89b611e0de9db674e9d53389c
SHA256f3170aeec265cc49ff0f5dcb7ed7897371b0f7d1321f823f53b9b0e3a30e1d23
SHA512209798b5b153283bea29974c1433fe8b6c14f2a54e57237d021ecc1013b8dc6931dedcc2fe173d121c719901045fdf2215177ba164c05d703f2e88a196252ec4
-
Filesize
149B
MD5b0ad7e59754e8d953129437b08846b5f
SHA19ed0ae9bc497b3aa65aed2130d068c4c1c70d87a
SHA256cf80455e97e3fede569ea275fa701c0f185eeba64f695286647afe56d29e2c37
SHA51253e6ce64ad4e9f5696de92a32f65d06dbd459fd12256481706d7e6d677a14c15238e5351f97d2eb7bfb129a0d39f2603c4d14305a86821ed56e9face0bc252b6
-
Filesize
708KB
-
Filesize
708KB
-
Filesize
64KB