Overview

overview

10

Static

static

5

fa6ceab026...18.exe

windows7-x64

10

fa6ceab026...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    137s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    27-09-2024 12:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    fa6ceab0262055609beab19609de8482_JaffaCakes118.exe

  • Size

    1.1MB

  • MD5

    fa6ceab0262055609beab19609de8482

  • SHA1

    d19410d2489d313864dce3c327865c8193ee5ecf

  • SHA256

    6017c9c427da769de7dedf91d1250c2a32a34b71a4e1fe3389362c1b9f782722

  • SHA512

    c1e08fbfefd28d3b8d3a5faaca79c0f7b0ec7df5f74e71ecf25f83c24baa159e7dcbd40f32f8d8786f9db97ebc783dbbfffebf8bb1e12999ac430bec20ee2803

  • SSDEEP

    12288:FSjzwRzH1RighUFZzHtC9FDY8c8H+Lm/yjxeiSOHTApwn2fTrNsef1JOXHXTSeD9:geVRrhMxY9FDY8cLa/OerzTrNtSjS

Score
10/10
discoverypersistenceupx

Malware Config

Signatures

  • Modifies WinLogon for persistence 2 TTPs 1 IoCs
    persistence
  • Executes dropped EXE 1 IoCs
  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Windows directory 6 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\fa6ceab0262055609beab19609de8482_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\fa6ceab0262055609beab19609de8482_JaffaCakes118.exe"
    1⤵
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:1728
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\image010.gif
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2108
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2108 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2940
    • C:\Windows\csrss.exe
      "C:\Windows\csrss.exe"
      2⤵
      • Modifies WinLogon for persistence
      • Executes dropped EXE
      • Drops file in Windows directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      PID:2376

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a9631a4ab995065b736872a687376405

    SHA1

    ce1ee537f2b7171809171dd78724def0f018e757

    SHA256

    e32c73a9eb34b7e194c1d6da155847a24f530c90cb8d4a21bb6df3049b65105e

    SHA512

    08bec6e578cbcbe2b7757cd61c68fcff213938d2ec09373cc420f8628bcb1cf7dfabf4ba31fa57bbbecb4a9d5aed90dfc7093b598f4f9423e5c63294d3f379a5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4a32b956f1f70d628243cd40631c301a

    SHA1

    09a327b407cad58f8955973d35efc3885c992ec9

    SHA256

    1c29a23a7c3d13f8c3d9afba687ae035c3d38342fe2bb7af3e4a3a19312e3dc4

    SHA512

    2d7c1c7614219009b19d7f6a9a4123e37cbd8aa29961917b0a960647aeebfb6c31b6df779892a923a1b5bd84a2def32724148f477010ba11ba810c12b637dede

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b1917fd6115215f4c3a5584db2dc65d8

    SHA1

    149eacad82e77fd347c744e28bed2d624a78de02

    SHA256

    97d43f8c4da45a6c5537c5c66a057476001439eceb1f802e71eaa15636d752c6

    SHA512

    7af45ba5ed0c7ecc43b02b8ec48ffbfbcffdcc63f319c2d050209dfed3ad0e32cdaf68536e7d42924b2fd16b0a06ec24b5c4dc6c25fc0d7c854998bf185a36d6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    eeae535babe10809880e2e8fdcffa7a2

    SHA1

    76d1c045a5c20bbf81b666b2ea57ae9f59d28eaf

    SHA256

    efce5925abc12226643ddb79efccf45d7a0916715b1815c1040403ec001f4bf8

    SHA512

    a43e9d3a5e0dc243d453202186c99eb24a3c8004f4646468c95a89917966012c9b838dd95c54bbd52e70579a551e44c0edfdc08aa2368be1dcdabb0a364e585c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    cd8e1757a7fab8db96310238bfed1f36

    SHA1

    47952564b54758892ca2cb99085598f761b04b35

    SHA256

    72c5772af9732bb9b187d030db8cb4ea7fc4667d7605444e84d1beba8f2071bc

    SHA512

    17fc08bdd37c67f2710fd1afbde5879c3834e12f3e9c03e1b903d43607580e8b9033f51befeee2f07f72bd079ef3ec26581195b0f5f121f54f3502b9fb63729b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0c6501fb90da056d28d077728eece4b7

    SHA1

    416d34a4df290bf49cb0d5c2a75d837844e0869d

    SHA256

    e577b12f3726458064b01f5bda5494e05f362b032d0bff95c177b157490d9af6

    SHA512

    3f670f64e188def57ddff705a1b3ba0f810e47aad92490e6d00369152473a4377f7c60c4a7f3c3a7863cee5c7e68b759b6573a26e5f6c76aa7a6957bc6beef13

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    18c455e989eff0ed8533b2469d5a3756

    SHA1

    9d78c6217e12732b72ffc8a74256bd32c4bbb3c8

    SHA256

    cf0088c7cebc7e12000899f6c5ae831fee6020744fb24d14de9ede3ae87d30bf

    SHA512

    90037db053ee03239282d85e83689550e0fde7328d735f9b9da32121b20742258d9a709ea2f15f5f7913f749aa8aca3d2e17b4aa1c65123b703d13b90a16d2d7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    84bace12b903261815966d13b0a19879

    SHA1

    88c50dc8a442dc5a075c99745a55280d15079c3c

    SHA256

    9f233be5c06beabd837f217cdf2e9937b21de6e0d15ed226bb7144196dc94567

    SHA512

    72582e01109a954eed6739e4ef2c618fb2fe944da7a35d35cf552fe62407ccd5e891088f7c4c3bf88872e6a96e65dcf1786d69bf153c3bcb725e6a13f641d0ee

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    47f9ca09162baef9145489042af7ac8c

    SHA1

    cdc64018e55ee2d28faaa953db9837afd791e539

    SHA256

    4c8b1d85e6474788f05f4fd2a7ccb780462e6703cfc21dd32c67c8ddb45476bf

    SHA512

    19728baab464c59792e828f2fcc71e63527a5a75b9ac8c260a0f367efc309448590eb92660298c7f655c18c604857cf7f2f6f3cd4457e145a7ac1a0a8c0713a6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    21f739e3ec9062ce22cd6c828f7e65c5

    SHA1

    0c6de9a6fa140c7e7d8ef2d7589c88c9d11afc8f

    SHA256

    1ce375c6650f6ecb2039bdb219dfb285e8fb05faa0595eb05cb260d552b19f49

    SHA512

    b5b4d895fa2e442184215ee89734e22abfafd96db92d6d24594127d931a4265495e0d3a8f43e193527d6b3ae534f5a6e7617736ffb0b291c20ee8d88f1d94200

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7aa696009980a2c5a6c0048a470c2d86

    SHA1

    9df85cd2ed2e8c0183550a0d87806d9a8248059b

    SHA256

    b997aab3e05f2f842b4bf2a42ee7f3343366415ac4b8c13c2fcd83bc9604879a

    SHA512

    5eb767a26e79891ac84ebb60493c3bc0be078fb15875ae19de6b225f8f2ae94f9615bf2e1612fce4d9232b73390137960b9fcb0ac0ac289df5b927998aa93b44

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0459808c9db10e29f2ecec888eab55e9

    SHA1

    2c832f1151af18b4a6f2f3c531f8e7a9e906eb02

    SHA256

    dfc24f3df3226a99720e314ad9ba1eb96ab64b288ec394ef546b9683cb4f7a5f

    SHA512

    0427d969682587282c2722cc4d7b8bd9e26a2a74ba38e1d6c2c42a7d62483e920aef2217336f865afa97c1d43689f2f30c34f5ece326402f09dc0772e5588afb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0077d8e6f360673c96363af20409560a

    SHA1

    81cb29cd8f20a7a28e180f1c6152a97564e3f9e4

    SHA256

    a89f73dadeb18a3915f4a8c2690631ca69e3a4ee1287c3efa1e6babf4544569b

    SHA512

    01e1779a8a2307fe05853de0d4c41adabe358e854790b05c7f3efbfe674b44c7f870072f3e76ea129f0cb3253c59fa3a4cf53d5432b47627c4dfab8ff8f108ff

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5f33f6deee72a7a1b6d5995c1f28189d

    SHA1

    7a282939b68a4fe06152cc9291f3410c72de602d

    SHA256

    6abfebe0a8e9af2014ab3879dfdf20a5df00957248ceb6dfdfd8f3ec1bbe31a8

    SHA512

    0144e947f95ad2141b6abf36c9556e906ef1fe4aad482e0968d46939df5a9db8c1f33408f8f2f1578e678b3e3086531dcfb8fac58a5eace7dc47a8699170252f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    81ad72df3df2ec030481621b0119b2af

    SHA1

    6ee7c0ee70d90cbab80c5206f8f15fe10222dc7c

    SHA256

    d449a08c19980f589cc0706806bd8b8dabf54e6dd9a90a5e24ce6b295ad99a69

    SHA512

    8de6e81f86fb5f74764474e84dc8fb0dfc19e765209c9770b9fda5d39660537e00f99170f6655241829d649d7c87bb71bbc267808d6fbe3338cc50db8cc5e938

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabBE6.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarC94.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\image010.gif
    Filesize

    105KB

    MD5

    d1ba4a0125b4ddd0af15f8e7670d02b9

    SHA1

    6c306fa79757b57cb288df2a81838f60c800f939

    SHA256

    80c2a0bcd1abafc7489091da19c31361d26c42db5d695a932e8f97b6be447e82

    SHA512

    f6bc11f061c5cbd81dc1a73ad2c2ab494ff681b79bf6264519e18b20d5adf9f55c76a3f09c311757cef78f3db7a3d34721efb4f9caf11dadec7fc2f9faeadaac

    Download Submit

  • C:\Windows\csrss.exe
    Filesize

    1.1MB

    MD5

    fa6ceab0262055609beab19609de8482

    SHA1

    d19410d2489d313864dce3c327865c8193ee5ecf

    SHA256

    6017c9c427da769de7dedf91d1250c2a32a34b71a4e1fe3389362c1b9f782722

    SHA512

    c1e08fbfefd28d3b8d3a5faaca79c0f7b0ec7df5f74e71ecf25f83c24baa159e7dcbd40f32f8d8786f9db97ebc783dbbfffebf8bb1e12999ac430bec20ee2803

    Download Submit

  • C:\Windows\winlogs.dll
    Filesize

    243B

    MD5

    598cfa69ce34303d4c2e6c34b6d0f954

    SHA1

    21a0d4c6251bd0e9e4f3d15928a8fef6741149c5

    SHA256

    eff0f8bf1f75cc94c7ec091414fd8387fe3797fccc6ec83aa59e7a969890eefd

    SHA512

    1f03b003f1a24e4cd48b50e9d4b06ff18ac57e51f90d9ffa0d4d80b63f8354a23935092459c39fb0343a72256edce3a19b1af83e3236e0281f887b3f9d407e7c

    Download Submit

  • memory/1728-1-0x0000000000260000-0x0000000000261000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1728-0-0x0000000000400000-0x000000000051F000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1728-35-0x0000000000400000-0x000000000051F000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1728-29-0x0000000000400000-0x000000000051F000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1728-30-0x00000000035E0000-0x00000000036FF000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1728-31-0x0000000000260000-0x0000000000261000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1728-22-0x0000000002260000-0x0000000002270000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2376-354-0x0000000000260000-0x0000000000261000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2376-34-0x0000000000260000-0x0000000000261000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2376-33-0x0000000000400000-0x000000000051F000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2376-42-0x0000000000400000-0x000000000051F000-memory.dmp

    Filesize

    1.1MB

    Download