Overview

overview

7

Static

static

3

faaca87614...18.exe

windows7-x64

7

faaca87614...18.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    121s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    27/09/2024, 15:38

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    faaca876140e0bcec21119f8b164b51f_JaffaCakes118.exe

  • Size

    29KB

  • MD5

    faaca876140e0bcec21119f8b164b51f

  • SHA1

    68dc00675bcb5b86c4c83640a2c75ebb4c159ee3

  • SHA256

    080f23daa4213236e44f0cf010ac88cceb75e05ed808addcc1073739108bec57

  • SHA512

    6ca8123d668357c01a3b20f6047ab4e96e74fd2a4bf9ff6f221c222d1a665525518201edfd79f99c875f9097a4ba06bc1c000c861b00b74334876fc4b34e5053

  • SSDEEP

    768:7AUAmubqjog+YnWH/ODuSxwsAyQfwdNewe8QeeQjOOBBp/Z:7obAoHfOJDAyQYdgwTQeeArBp/

Score
7/10
discovery

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Drops file in System32 directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\faaca876140e0bcec21119f8b164b51f_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\faaca876140e0bcec21119f8b164b51f_JaffaCakes118.exe"
    1⤵
    • Drops file in System32 directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2156
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.paulohcastro.pop.com.br/grazielli_massafera.htm
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2352
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2352 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1712
    • \??\c:\windows\SysWOW64\cmd.exe
      cmd /c c:\windows\system32\winpag.bat
      2⤵
      • Deletes itself
      • System Location Discovery: System Language Discovery
      PID:2908

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          5c91790a75f25c272b83fe5bedc95fa7

          SHA1

          4da80cef606cf50f8a493f0897bcb862d44b6be3

          SHA256

          f57179aca9cb070fa9125aa1b73d8bfe096eb5da113cc15db27126a7f998c034

          SHA512

          a938654b6203031a590eb4c00ad33c325f0ccdc48bad0deda3a56df592202b9cad228d34a3ee4e07dec8574b2b257a6b63c4e00447001aac9a5ebff5a59c6d39

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          5cb6862e7ea324bf3e1d688b680f2c9f

          SHA1

          ae9b706da30d731e4bf60c6bd5bcc8747927c88c

          SHA256

          17a73237252226161a9438546816dd196ba66f02f5166704eeec07afb8366b0d

          SHA512

          ee09eb7a3831d8f44c8d918631ad6864bdf303f8da3bf73d187d5a1b28d4510e8d59b475f05d4c2ceeea3f47b313671b1e1e1a0afef387f7b5c9bf12909e2065

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          91c16afb4c18cda847a72299e39296a9

          SHA1

          b81609d6099423c6135af7a4cdccfc92a237efd5

          SHA256

          78ddd48d30149b820a325f163f02c6d4e560d69e055ad480e8758327d9c291dc

          SHA512

          edefea2022d5be874ba6b44bbe86a20707ba5ddef7562c8754267382ebc2a09305488ca1412498e8982e9787bdaa3bfee404d38932153302ebce7ea574f01ab2

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          e9a1bc6ee95904129310e1779a722616

          SHA1

          7291fad121dc138c5c5b34d0c58b3b429c72be62

          SHA256

          a4aa2c5f9d7febc6a3b909cc6a0281b9fe8c12b187a96898584e06ac028a4b1a

          SHA512

          b35ed23614032735965a449db199c9c3196831ad3dd2395f9590bc15a67d6f805f18d46e674d930a0f7db6ee071c85a3de6dc746c9c846051d722e23c041e68c

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          c84a93e3616ee9c5369073ddfd023d48

          SHA1

          6580f8243698533d949410363c7aa21422b7f54c

          SHA256

          0be74ce8e901145cbf46c50b1c0ef6098a5fd14e118292bcb50a295e0afead8f

          SHA512

          a159f13b2225d12bf8d88317b99c467848d2141f7abee418daaa613fea5153aa63435a5a7a667524d0f786e34e11b6b16e8f9d34e66f7e407687d09c04333490

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          04e44b20ec361999bbc6f94810f48d1e

          SHA1

          4433972ef9bbcb0b39ae66a47f325a95c2f226f3

          SHA256

          c179d5c0d1e3391556e9579012028c81ded65274df19966a125f3dee01b83077

          SHA512

          b94b246f24c3897ba111b99621182e43177e624c9472dc801aa540f2bdec89fcb940c649fec9619f2d310f6b473d86fc62092a5df52194b4cbb9b7e2c8bb1876

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          4b04dda85954bfcb468204f7e4cd6582

          SHA1

          549043525f153e4b019b58e605e08d5a5bf30c67

          SHA256

          56d1d5d53471a7f24c479fe66c65530531514e284cf1cd322215ec5bcb83a3e1

          SHA512

          4e5e1b44c8b231de99cbe848b762c65042f8d30d171cf5887792cf2a694dd90ced5a32361346555127e9dc2ee81395388c7cb2cfda653161983c2fefb0b81305

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          64ef752e3d3f6751cbdf3706e244f860

          SHA1

          90d0b5a57ed903ca1b2ada504737086653995784

          SHA256

          b4ee9215016b9e50fe063ff2367d5441020fd4449b961b1e26cb2bfab5892fa7

          SHA512

          9c97eacf2f2dfdfb01f4324475593481dea382ffa368c425a87f4377bf03dba614e3da245f5fc83f26a78d75614d16e6ca1700f38ab7991a1c960608e9daf105

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          162fbf8c2c05aebecaf7077bd14c4620

          SHA1

          2e7d4f672b6375605083bdb8d46082a8d58d4dbf

          SHA256

          80f2e63e64bd50855ade7c13429d59b654dd86451bd917f808094dc4a04c8f30

          SHA512

          cb6f2f0389001cc79d1233bf21164a8b08cc571d3bb51fbacc656c632cf325226b8b15edc32e3b270120304f74a084f28262947fc37f69ee0a7f5188f0123502

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          71304ca5b9c9c942916f4abaeb836690

          SHA1

          1b174ebd95a464081edab38344823f2e716ccb66

          SHA256

          1e1a78415614476d8b67c889301d36ad734162cc2f68072cabca508f4ed9fab7

          SHA512

          47f30f02400ee552290a954477a87993834dab5c14993d910b079066df296af1318c7f8c2db97ee1967632688f4bea1579037ef9b29faab0e960515e1ba7f272

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          d84c4a2f44aefb5d2eb29cf53ac9591c

          SHA1

          88633eb3fa856714e659b77782cf372e1b71cc95

          SHA256

          5ddda9e6a012a0ea7a6906f85ab016d8daac878c9f4857284467395187680629

          SHA512

          897bd866c660a3d87a1420b4e1ab6231e2e628322592ceb207304c11fa53a1b5c73c9e5fd0b5e5a1fcce1691f1eaa5c7826d409698e42a699920ea8588eed24d

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          9fb4f2fa55d591815cdab5bbafd83286

          SHA1

          580ee5c8645388345da6c912f64a1122eb887324

          SHA256

          a80ba22a1691326472aba7f9ff246ff5d0d9327a94a8506d730fe4e0b4d034ab

          SHA512

          f1b30613ae964c7cba4360c1210122958b4c963ca46906b95900c1a133ed9d887fe75c3a0fa5a1e1610db12e7f9493fc893311052f521ea0ad0740d57943d7bb

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          0fe5defc84350df8052511748e23bc70

          SHA1

          a590180ea1253b20916c60b2f6524c50edb49189

          SHA256

          dd2fa7fd7f11d45de7559faf94002e9121beec961bdd6a00d5408de57304d831

          SHA512

          8cada0324af57283239721960a9353d80fedd1c7bfa3aaa664dfb089891b230c62794ac2d1f641eab0629caab7639d06f92d1d81076a6b8ab210aa368d2cdb01

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          91893f8e7dbb190ff920fa8a58d45209

          SHA1

          f38689f34c5eaf1d986d61bb3d357975032c0409

          SHA256

          403b3192de569228a6bcbed4df00501275e9c64dd606a7e03f5a3439cc8c00ba

          SHA512

          09356979a31e930e404feaf7a01034d277556d5e27d1b478a2ed6b74df768bd5e59256f2e404d98dac7982ee079f328be31c1dd5e262845d60f67863c6bd8cb7

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          89c64e5594d5b81634762bef1c7f157a

          SHA1

          9e38757d31fd045fcd397124f37d50964d43d7ac

          SHA256

          327a60f8771c852e906b12812a531645fbcbdb2e4480d9abe4b6b05bebbe15be

          SHA512

          c41b20bb1a2b766a893a3f7f4974f94f79626915154bd6b8e8c135cd7c5c8d6b427a5eab8c35e7b3552f2c6db649858da349b5e24266d1558ac4362ee9e8f049

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          aa796fd0674e9e7653800310fc55b7e5

          SHA1

          cdcb44557f873ebc35f4ec2e5eca8a4395e428f8

          SHA256

          5bbe914e56ed42a4c31a6186ff08e81cf343060077d9c03687db1cf37432e7df

          SHA512

          b9cd62d690cc0ab2f9800ea6b753dd3cb69fdbb9c8f6defa8fb080359243092c6c253e6e6c145765cff765ba640b3415a8de816fe7c937864fcc55ddb5ef3a81

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          29ec2de59d6ba355af279ea223b8a040

          SHA1

          d50989dde26c954d663dfe7116a0e8ccd63cf8a1

          SHA256

          748653baeb4a696a58db7d8f606d4ef9c45c2887f49595e44ba1a15edd77966a

          SHA512

          18b53bfb9be1fdb0f03214252c8be885d9d99fcb4e4eab36c0e1561d897ff5e19e9c0cab8b6b53eacfa93444be53e521ae2bac5ac8a52a205a8e25a936757fe7

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          0efff92a539352bd7b85b4a827fb84cd

          SHA1

          fa627772c13d98822bc29e9c8b27058dc0d04087

          SHA256

          4d469ae1184225735870e1a210244bc1b2294a277bf733decb9f3d1cb016ecb7

          SHA512

          43553490d4f20f63f107369bdd87041808176ca0efa59ef341fd42d1e1b075147d215d53db580de5101b3f8498c2f1a33d7304c881c935abf1361a2ab5cb5b21

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\CabC9F5.tmp
          Filesize

          70KB

          MD5

          49aebf8cbd62d92ac215b2923fb1b9f5

          SHA1

          1723be06719828dda65ad804298d0431f6aff976

          SHA256

          b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

          SHA512

          bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\TarCA95.tmp
          Filesize

          181KB

          MD5

          4ea6026cf93ec6338144661bf1202cd1

          SHA1

          a1dec9044f750ad887935a01430bf49322fbdcb7

          SHA256

          8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

          SHA512

          6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

          Download Submit

        • C:\Windows\SysWOW64\winpag.bat
          Filesize

          374B

          MD5

          73f1d0edda6eb7fde0d92d303aa89c78

          SHA1

          1716608bc0ffc9fbf284758b666aef6d1b19e668

          SHA256

          b2c73a61fe07d609c9f0b4ccb649557818f9e9f1a20bfc635002d0082829ebd7

          SHA512

          b20e8e1c8dd9cd03f39194b21e2b6578094aea7238cd563bd426d548b632698d23863b58e0af2bc180308c39f0496f6940c21f95732d2cbb1ac12987b842a17e

          Download Submit

        • memory/2156-445-0x0000000000400000-0x0000000000427000-memory.dmp

          Filesize

          156KB

          Download

        • memory/2156-0-0x0000000000400000-0x0000000000427000-memory.dmp

          Filesize

          156KB

          Download

        • memory/2156-272-0x0000000000400000-0x0000000000427000-memory.dmp

          Filesize

          156KB

          Download

        • memory/2156-1-0x0000000000220000-0x0000000000222000-memory.dmp

          Filesize

          8KB

          Download