Overview

overview

5

Static

static

5

f68eb59eaf...18.exe

windows7-x64

5

f68eb59eaf...18.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    148s
  • max time network
    147s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    25/09/2024, 17:58

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f68eb59eafa160073dde400a0a8f3f5a_JaffaCakes118.exe

  • Size

    176KB

  • MD5

    f68eb59eafa160073dde400a0a8f3f5a

  • SHA1

    62860f21fcb1b434b5905b712b99aa5506271130

  • SHA256

    4155fbc8cb8459d3397729c25bcb6b15ec7b563264088150b5b8801b4b0e550c

  • SHA512

    bd3f215ad81732d4205664094eb5b9a429518b007dfd88e95fc820e53da72113bff8772b9c1ce0dbd751b1d4de5cbf34b592d290c759a9c271090c22962e44f0

  • SSDEEP

    3072:gPgsWY2pv14vYPZr7A1D1s4hboCUiUdv6R/W2THidfUQnLFmEZ/Z3pMhac90h:GgsWYwaAhr7S1s0pRUdv6Re2THidfU8+

Score
5/10
discoveryupx

Malware Config

Signatures

  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Windows directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f68eb59eafa160073dde400a0a8f3f5a_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\f68eb59eafa160073dde400a0a8f3f5a_JaffaCakes118.exe"
    1⤵
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:540
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.youtube.com/watch?v=WliszZ-Yza0
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3008
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3008 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2960

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    484c3c730c7bef45b9697085a4b23280

    SHA1

    a7442bb09b1c93814345a2855f0d0fb9ea76406e

    SHA256

    b962064eb6fa0a6adcf4ef5325cdd576a5a794765bb9e7de276b29843901ebf4

    SHA512

    50c71d35d1c1dda76bfe7f8815e72fc6ef0c0f24ec89c7f8d85c0bb266246dd72dc0c64c2fe312f518524cbe75ea220f9ce62b1a10f15e378086b0e6683916ab

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a301f96fffe17a3ab2bbff44e2431c5f

    SHA1

    1704b0d4d679ca02bf7a4aa355b601ea1d878933

    SHA256

    d8803250856ec473c9100b55e6117f04c1ac47dc988edfc521cc2697ea8d53c5

    SHA512

    dfe532838ce09c1dcefebcb41d07a720154cd50cd07c001bdde87070af8de336cf6c752a45c0abd84317c8dd63e756158d38a9463b60cbae99b1b4a9e9f0a21b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6895305ec1a6683ce0413549a550168d

    SHA1

    5d1cef5da0df87204d3cfc88d7ec2db8fe726827

    SHA256

    8f4e328772df73dd4e5b703bfd0568c0ea64c92a0aeb33ffc4c2d7e9a40c0515

    SHA512

    18122cd003b1c11ad71d523c29075feecdafc8de077f1921d6b70377d936c92d21289917f922cff7201e94ae5db98f2dd2aaece1849ae3b881d4f4a05ef7042f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    24b6f5f12fb0bf687dfd41db318b060a

    SHA1

    07c4845bf29e12d7e3ccd5b9fa044bf9ed7a1cc7

    SHA256

    6cd9a68437050df333d7033868b23de08528c46cbfc71d73f2263211b9234a05

    SHA512

    79e62299b37ca5805cc9c003a82d1afb591b0024271108866289f5c614bdb120f1aeb921edf82170aecfc3749b193d52383cfa56f21b11fb17564034000f3c1a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    16d7991e66025efc288bd385c8b1ffb2

    SHA1

    c95c59ba4383ee81da03c1118a1c8e95b8ea1091

    SHA256

    2d3157ca749d91e61bad246ea7f2ccdb3c5aafc89df68c0ecbaea8b867680457

    SHA512

    7a2e0604869aeeda51c0ff46c8babdc49b11e60d52112faba4839e3b2bf8894f477e956a9b3c06eac7dc930e1a6a8ab6c9dcd502251746749bb96bd8f105c098

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d8b9634123806ac49ac8d30a0f6f4174

    SHA1

    9ebfa7239fda3c1d0a8f3f3a57b44eb0f58f847c

    SHA256

    431f6ef933da2cf09946d2d59b554db2f51c2b3ffdbd3d346f2deb83c876c41c

    SHA512

    4fb28a14e8f1800b6d92e4109cf32778a7076f1f4c781a639e5eab2b63ed5e4177133ecbfb9c9052b13b7d984bc3e963f833d3ee183eb5b89d1169e9fd350959

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9ac3b75d329ea23ee21f0989e7f8572c

    SHA1

    efbe1cc0d47aebbe0927e3ee2630f4ed41326df5

    SHA256

    47c66afe93b86bb28e5511f34a10b7c2ce52411a336cb6bfafe7c11ede6945c4

    SHA512

    1728ddfa49373525085b9ad74437de81877b2b837c9d7afa8e9bccd97732e121261f0739b23d44cb13937760406c361b9bc15dc608d9c8c10bf28d015103ec28

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c53ff6a2fb7ba83d78ba160424fc1b2f

    SHA1

    3e8b9f1108d73bdd4cb2b7ca1c41b9f558c018e9

    SHA256

    a58c4457b86bf47056a0efc846944028fa961a655bb18dec9b0ec98936ff6816

    SHA512

    c07afe83e7e54a210f4c3d7a7bda99ddb69fd8772585521f3f6ff6af8da0951b2d28a8ce0efae6f45ebe3b18ab739c0cd318c9fb3bc25f6d823eae776c63bf63

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5541368f1edf830f758417da276dea34

    SHA1

    824ea32e8f4fb91401e0480163ef62ef8891e6fc

    SHA256

    d4c5b4c9aed999d6fbc9b895c1895fd3cbdfa967d01546667a42256b1e3ffc20

    SHA512

    931b87379e3217298b4089cc8a16aa83f90494c2e4162701bb4c1585b20afd68d5dbb522690838aa7732482b652d01dd95d8608832a93de1fbc553c565c1e2d0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    482eb10a41d33562a759cec1b12d1f14

    SHA1

    5b29da948dfa1cbef4faeec741e02683957ff040

    SHA256

    d5d6bdd8e770884e6f8dbf9ce9fef3f49538bf9946bd6e23ae0c58f1bd735c22

    SHA512

    202200b4adab772cd224dcc4564f64309b8d37b26f67e8518f6eb1d698a0f0a7411d7e4cd46640a01ec2777b0db7e5a269e6ae66190022d09a8b34b954ae0bc8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2fbcfec6bbbd9223274fa1a98ef9804e

    SHA1

    85a0d979755f1b150e50544af13641cfee97c659

    SHA256

    0421859181586290d4a1bc852a57deca7f90b8b0fa80bdeadf7f42c22743bab1

    SHA512

    75371e4d3f57ab59e74fcb087ca56e1091989e7f7ef0ba213b7ea83653f800ccf6be0784ab633166eaa78989a608cc3cb053a2f092f74fb7f75358037e5c93d2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c292a689db8f0f86a21011635892b7cb

    SHA1

    783011faa1b8d34c980587b9c41ea65149430c8a

    SHA256

    d8e30872f5b34bb833470a7571e7d7f126f22ca3964b9fbd971c00b86108c230

    SHA512

    100aeefc4e9e2f61f2c09750956bdfedb919adf061f6bfc40a7f3899678432ed05a058c80113dd466c8346b2350bddb6a8320b0dd949c6d9a639d00055215536

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f842be954c233e05bc11de208ba36988

    SHA1

    222e15e8c00ac8702f9d95b51fb0d5dfd497e438

    SHA256

    f39480a138613395a60fa6fd0908fd4f14576dcfb1c528a330b50979e2f7b563

    SHA512

    b903441566cf096aa3fc0ac7634cf40f2f666db6eae2b5e6ed5c6816bca8f3fa26af3a5964e849f88d1ed0d4c938008c6823ca14baae25358b094af29fad58f9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a5a7b0cc3434cc40bfb1f8ae6b31d106

    SHA1

    9cfecf5639b31dc5e3f3e64f96697b6fed36b6bc

    SHA256

    e662af085c988c315d7c3e829985af50f2770b3122d7f3e2ef63f33a707b3f2f

    SHA512

    2f560cbd92d10686639a805a9633b70a0e9dc16ff5bf734573e8814ac1184ef1e92b6321817787c6e63101d9ec53deb38d41afd49c5e5824d8085ec3907ba97b

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\bl977i7\imagestore.dat
    Filesize

    1KB

    MD5

    c7aa56b1857b991d5bbc64673ecbb277

    SHA1

    f2ea10660e30f040d6afb5fd8cc4a61b312db412

    SHA256

    dfdb1e709883f4e71fc8af5ac415892c741bf426a5fd37255eb6f1d6dfc17f94

    SHA512

    d6839229c9cd7d9e99931087e5a6b494532e989805858110815d033c7f7af60c933391900074a5602c117c86e243b826fbab539303b289360ec7abc7d0032d08

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y1738IZL\favicon[1].ico
    Filesize

    1KB

    MD5

    f2a495d85735b9a0ac65deb19c129985

    SHA1

    f2e22853e5da3e1017d5e1e319eeefe4f622e8c8

    SHA256

    8bb1d0fa43a17436d59dd546f6f74c76dc44735def7522c22d8031166db8911d

    SHA512

    6ca6a89de3fa98ca1efcf0b19b8a80420e023f38ed00f4496dc0f821cea23d24fb0992cee58c6d089f093fdefca42b60bb3a0a0b16c97b9862d75b269ae8463b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab3988.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar39F8.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/540-6-0x0000000000640000-0x0000000000650000-memory.dmp

    Filesize

    64KB

    Download

  • memory/540-0-0x0000000000400000-0x0000000000474000-memory.dmp

    Filesize

    464KB

    Download

  • memory/540-1-0x0000000000230000-0x0000000000231000-memory.dmp

    Filesize

    4KB

    Download

  • memory/540-2-0x0000000000640000-0x0000000000650000-memory.dmp

    Filesize

    64KB

    Download

  • memory/540-3-0x0000000000400000-0x0000000000474000-memory.dmp

    Filesize

    464KB

    Download

  • memory/540-501-0x0000000000400000-0x0000000000474000-memory.dmp

    Filesize

    464KB

    Download

  • memory/540-4-0x0000000000230000-0x0000000000231000-memory.dmp

    Filesize

    4KB

    Download