Analysis
-
max time kernel
135s -
max time network
128s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
30/09/2024, 23:13
General
-
Target
03952eda9be26b7c3d980920a4d69256_JaffaCakes118.exe
-
Size
250KB
-
MD5
03952eda9be26b7c3d980920a4d69256
-
SHA1
b7df6a50536d28886204a93aad7d6bb8fde780c0
-
SHA256
9b5245b3157d809659cba4330d1dd249087860c94c59d52a0bb4afe8bd47ac1e
-
SHA512
5b9514cbe08ee191c4c66656c43fdb3d26e94b302f667ca3ea2efd52f1d8b98e6aab86482ac0c63013214af7f081f8c19cec8135ea1ae8ba2ee2383c26259d3c
-
SSDEEP
6144:mhieuJDr5T8b2ufqBLjSB/MS7irtIa6cwoD8ZroSfjGFA:DeKrJJuf86AYcwoaoSbr
Malware Config
Signatures
-
Boot or Logon Autostart Execution: Active Setup 2 TTPs 1 IoCs
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Deletes itself 1 IoCs
-
AutoIT Executable 1 IoCs
AutoIT scripts compiled to PE executables.
-
UPX packed file 2 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Drops file in Program Files directory 2 IoCs
-
Command and Scripting Interpreter: JavaScript 1 TTPs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 5 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 2 IoCs
Adversaries may check for Internet connectivity on compromised systems.
-
Modifies Internet Explorer settings 1 TTPs 36 IoCs
-
Modifies registry class 26 IoCs
-
Runs ping.exe 1 TTPs 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 13 IoCs
-
Suspicious use of FindShellTrayWindow 45 IoCs
-
Suspicious use of SendNotifyMessage 21 IoCs
-
Suspicious use of SetWindowsHookEx 4 IoCs
-
Suspicious use of WriteProcessMemory 20 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Users\Admin\AppData\Local\Temp\03952eda9be26b7c3d980920a4d69256_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\03952eda9be26b7c3d980920a4d69256_JaffaCakes118.exe"1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Program Files\WinRAR\winrar.jse"2⤵
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" http://www.go2000.com/?g83⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2772 CREDAT:275457 /prefetch:24⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ping -n 4 127.1>nul &del /q "C:\Users\Admin\AppData\Local\Temp\03952eda9be26b7c3d980920a4d69256_JaffaCakes118.exe"2⤵
- Deletes itself
- System Location Discovery: System Language Discovery
- System Network Configuration Discovery: Internet Connection Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\PING.EXEping -n 4 127.13⤵
- System Location Discovery: System Language Discovery
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
-
-
-
C:\Windows\explorer.exeexplorer.exe1⤵
- Boot or Logon Autostart Execution: Active Setup
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
11KB
MD59208c38b58c7c7114f3149591580b980
SHA18154bdee622a386894636b7db046744724c3fc2b
SHA256cb1b908e509020904b05dc6e4ec17d877d394eb60f6ec0d993ceba5839913a0c
SHA512a421c6afa6d25185ec52a8218bddf84537407fd2f6cabe38c1be814d97920cfff693a48b4f48eb30c98437cbbb8ad30ccd28c3b4b7c24379ef36ac361ddfdbf1
-
Filesize
342B
MD5b583f95b80b1448d2492845d38adabc2
SHA19b357cd1cc3337be075dfeaa0b742fd16fa36363
SHA2561557c4a2cd229608d9404a831782e3c1ef2987852ae01fcd27d51b10c6d049f1
SHA512b207e346dff521968b38d5aa17a4fc893e1c5465d6bc65a3498fde1bca0f963f72a46debfc3482e79f532fe8e65a2a59d58e0958ad2f1eacd21292ba17ec3351
-
Filesize
342B
MD55b23e082d53b86786d021bcfd43defa7
SHA1760b7989b746fb4102a500dc139de95b80bf2e23
SHA25675764cda6ba5dd6791f0471bdcc708622fcc87aba5c9c6465410be8461d1efa2
SHA512771e300348e8b73508f525367e48419ffb0830f93527275f9fc86fb4b39974f655b4857a6c55c87f15008e3353f75f752411fb994f5d152a131209864ea7f824
-
Filesize
342B
MD58a40d164fc875562cd704b2dc26c36d5
SHA18894c4906cbac5f38a75ea47139558931e91426d
SHA25621519845f4a2bb9c5b406690203ffb1e07212d19cde6b2dc1b579179963a0334
SHA5124f6d21d5903fb4b8ea9b04208e3d2f813611757584d35627a0cddd8a9d8b28c83b1fc85a55bcf52ec7a1f873388c5686f556d9bd7841a6794b6c7ba36c7cde4b
-
Filesize
342B
MD5fddfddae1787a3e07bf55ccffc795d77
SHA176dc4f5d864dc7b02d8de2355bb80a16ce7d9ac8
SHA25650be835fec9263170042736e3ed17f38044a5a0a53d9dd0cd3cd435009324544
SHA51248fab0acbb876866c09d9c6fc5c7129cfd7ead2d8fab558076a9e10691f6434bc6c6372657dd3a3130890af00ee10cbf3883c751a442801e74a987dd9327bd24
-
Filesize
342B
MD52539fc8a8d16d2b397358ba61bb15fd9
SHA1f392a41d1bae040384f227b7769ad72d473ca970
SHA2563c340d976fc83349983f098dfef9d35b64ed22afac13a7a0b1ff0b141d5ff6c2
SHA512d520716cf5ea99d6bb988988cc36bb367b18f90ee83c03b040a1dce87da2bebc007507888a6081885951fb63788e2315b9731d9234b06fe0ccb9ae47f24a5da5
-
Filesize
342B
MD5c9268ae2c0f09bb02eeaf4a9923e3737
SHA1e5cc91470d650a71c12376eb3f7270d9c4e617fe
SHA256b1e7ccd009288bc17a13a043da78a0b4f090399750ae2bd4466081e6e1fa5f3b
SHA512e73ea8ffe62c3f2f7baf6a22180b3b869818d91c4af2f7432625234875f2df9efde509d0b8efc19dcfac6a0939d3f8a5ba2869565b30f371c9287f79a1285818
-
Filesize
342B
MD52dff2a3d33c25c98eaa3e8482fc36198
SHA1070fb99a8bce9a3d4f74c5b298d6f96e21be6643
SHA256fcdbf43e040649d03bf8087a29ab67072b20ad0e3da11f779bcea173da3f9ab6
SHA51263142698f7fd7307ee23ce285d000985a2e6ff63227de4666bc6d13502dde645db84172cfcd34428cceefb327a18bdf90b38882eb28baaf21467d73207077065
-
Filesize
342B
MD595ea24fffc7320e5b7efbb086da65107
SHA1423e2433029e66d4945f9044cf084e17e52257d1
SHA2567c810aa41660db04eeaf73449895cdf96851a58a846f3c8de21ce14cd1f20153
SHA5121a178e2df6cb048f245159467760e071d3f3d6b3b0500c4ac4a832a9d5f5669385f35ca6823e7001de384e3419daf8f719c0450f091a56a5d7efe01f0e5600cc
-
Filesize
342B
MD5b3560620dc7836fcf2907ad59be0761f
SHA19a929441aebec86633f35ac729a3955251a1f98c
SHA2563458d81b8aacc53d1fddf0c68a75b327e97f1a434363025f778b2162d4955845
SHA512b72fb9ed78ba2b88b084f404c201305bc0722a2c93323d8dc8f8ddb8bf0df8bb8733a2998b740d70aafe8694bab0eaacc134f7a69d054847eee9bf44a215f88d
-
Filesize
342B
MD5aa93575212544b3d6427e577aa445fa9
SHA14fc11cb2299c4bbb724aed4966cc241a2ff66299
SHA25618f9c611e4fc480f728b5beb20ffba7384f47cd36577abe1213a687870ea69d1
SHA512716a03fc89b62c3d94e088ac0a80b47e8811f8d196903d8fd57f19d55798a0a30c9894391193aaafaf40aa40d448548c63c8c3cad65a92dc34b3e3457bf7ee55
-
Filesize
342B
MD56cb9109fb0e6882433d896cf199380c1
SHA1a3cefaf92f113e29efefde7b29f02d3e12943912
SHA2567db7e3096e38ef7ee101b746196bdc491dbae61db573c09e9f557b34531cd4a5
SHA5121d1e44311d5e0ca2e5b3336c08201d7079f12a980596a2ed4fe7e71be68d8d7654b7bf15c9c3a2b4c0fc503cb43e93c0e8409eb9bd2c37702e5853d3a16e9ecc
-
Filesize
342B
MD55ee06f7f887e05f02b86331f0ad7656a
SHA1835eb1d8f84d4d3cbddcf94397f79c0068b1ac82
SHA256140796cc1d37c8d5b2aae64e23464f0255c908152e00d81e419229f433ff7a9e
SHA512b0c9a5ad99a49052b9c4561592b972939dd43b7d0df139b6a111d0d31f96394247bf380062431b831e78a77c3b34bed5121dbbd8f4c9cab009e6a12d6b6c0674
-
Filesize
342B
MD545b977daa069cd8369398b9d5179ff59
SHA1145b70a466d8ac13e7e6aae6e293269efedd1488
SHA256499789ccf881ad6fd199d5c972f6738dba13dbaefb517e4a5d723d0c813937a6
SHA512a0b3ceeaab01c23cee08924617fa38553e9a6e5142b7c32242e3fd0f88d3defadc7b4c9f225cee70d833a06a3e4e1fc3eec01c38dd3992a8cbf0232397fc8fb8
-
Filesize
342B
MD59821c0f6392f28bac8bd26ccdd222997
SHA1fbac9d813da3d3b29a99baa7f7ebe7e72014dd15
SHA2567557d8cf791d349efe47a8314a4c343bfcdd9857ec383e17eae490e0800eb6a9
SHA512ff584aee38a43287ff17c5f0eafef9027e8467560074ff75eaad92423c04449f319535e5a2faadc4e9a35b7bf351c7be5d1ced97aff250a4dd080cf00b4315b6
-
Filesize
342B
MD54ac74003083947bc34965337b3045988
SHA1d6fda997763fc815890736673f58ca62f39be2a1
SHA2566e26f4d96741862ba7f43d7ee62b448ff6ebc55213d8f047d6c76d1bde795fb7
SHA5120ca721087310ead30e1d60475e049ff1eb482b56fd94fa3ecb4949ee06736a39eda705d4d8bd58ead67df87702785e0c9e68409f22e4e9a29fd76762dc921a9e
-
Filesize
342B
MD553aa60835046556a7e99abe18c421ee2
SHA1b8cd61fe1baa06903b8c19d8bf7d71db75c1938e
SHA2566419159c31973508194cb7eddef4a43e68353c2fa3bd2aa31ce38cb32898666a
SHA51246b4a472832f6b6ac38a37c3cc7b10933e79bce44fe0199c13574c923ed321f8873ec9e477e5cfbae8065e5fadc1aadb17e1785149d8630e3c27fd99e7f0c81f
-
Filesize
342B
MD5a3567b3a27c5d29eec06a676f9053cf5
SHA1c9a0c2ffa0fbe047624bf3d89b772167d28a8222
SHA2569ad26744a3d447bec6bebe20ecc954322a969332afd18819e6e1a24b14a18e13
SHA51223f84d516332f3733970ca91615e73aff06091e52fc1e739ff5b87653905efea522bf144a9943f93aeba4affaa95131b0d5b1dc86f754a657f1c5dedfc351a88
-
Filesize
342B
MD5c2cfe79966ac8d1fdc77d1f468640bf5
SHA1067f480bc876fe1dcc44781d4b21f419deda1171
SHA256cadf4134ffb8c60b631e76488ffce07d26a5b866e6754b622ca1323ecc2cd6ab
SHA5121632503b22825ef389673900bb9a84232f730e9ef286224c420c4b2d01473169cf9b4602955df50f76daa3d246d12263ea85ead968809d8e7fecdc7b55673346
-
Filesize
342B
MD588886d6a5c6fe7f2150d6d53c48f01d0
SHA1dea4d8f815362195ad6e9031cd6d52410a3716b1
SHA256e176d2d66a5b6f74a19c93ec72ea13c8a8478344cc07d202cb8607bd46f07ff8
SHA5127c46b4b8164f83ff419091a0360adf0652e561a81d7378a5c0160f35033f4e34adf7801b9e0e15b8a03e11411851175c5c1c7b5c3fae8b7f00672e026471a936
-
Filesize
342B
MD503c7fc64b5e57f0cdf260c4d5acb348b
SHA18b11d3bf8c24b14e46a3ea49553143fb5ea520cf
SHA25602be77e7f75be43beb460ab9a0bceafe17bd92bce97630e2920ae60c9a614c4d
SHA512cd6cfdd41af9b9ccd75bf4b28f405b6f616e773fbe763c42e0596e1f3878e09e8fb240e8fdc555ceac3494f4b4e836694cc5035915f9df23753de87084bdefe4
-
Filesize
342B
MD5a8635280a6a787c528e1e84f95b3aa6b
SHA19c47591d8e3b046ddfe0f81141162d087faf16da
SHA25612d7f144e0421d04aefa9db8c3f3486243b9de6249aa4643b5c5156f723694e3
SHA5124232dc7c43eea358529c2ea0e12ba9a35b30328dab80ecebc42ea10651b581072ffab4a9a7d114ac59233b7b3cc2eb1adc76730066644657021ecdea8d3a5feb
-
Filesize
342B
MD542d2f64653724a8dbdb100f85fe97d73
SHA18e08a909b0b8a36f255e8d882e15d3d49fd1869d
SHA25673f2b60d83115d17983aecd4774b9295c2c0e61bb6698f8b05c64ce18adada6a
SHA51276ce1682417c655f5132c852cd3b25f550a46d099be016550ec7716fcae24639e327bd07b6d03d16bb86e10efc30f692978a0556e0f60764e365a2440af1f983
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b
-
Filesize
255B
MD5a0c4d2f989198272c1e2593e65c9c6cb
SHA10fa5cf2c05483bb89b611e0de9db674e9d53389c
SHA256f3170aeec265cc49ff0f5dcb7ed7897371b0f7d1321f823f53b9b0e3a30e1d23
SHA512209798b5b153283bea29974c1433fe8b6c14f2a54e57237d021ecc1013b8dc6931dedcc2fe173d121c719901045fdf2215177ba164c05d703f2e88a196252ec4
-
Filesize
149B
MD5b0ad7e59754e8d953129437b08846b5f
SHA19ed0ae9bc497b3aa65aed2130d068c4c1c70d87a
SHA256cf80455e97e3fede569ea275fa701c0f185eeba64f695286647afe56d29e2c37
SHA51253e6ce64ad4e9f5696de92a32f65d06dbd459fd12256481706d7e6d677a14c15238e5351f97d2eb7bfb129a0d39f2603c4d14305a86821ed56e9face0bc252b6
-
Filesize
64KB
-
Filesize
708KB
-
Filesize
708KB