Overview

overview

7

Static

static

3

ffd5fab6be...18.exe

windows7-x64

7

ffd5fab6be...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    141s
  • max time network
    135s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    30-09-2024 03:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ffd5fab6be72ff756ae7a86d3188c57b_JaffaCakes118.exe

  • Size

    495KB

  • MD5

    ffd5fab6be72ff756ae7a86d3188c57b

  • SHA1

    96e70a5a58a6ae73dd3b2f70179b0d4ad7ab17d0

  • SHA256

    42082cfba31a4c4a750f46a60dfb496690b542d452c04f792da4067c54fca572

  • SHA512

    ead3fabc82e31b14cce05ee8ec29f9d977d8f5a0fdd2a5d2a6beee805a5dccfd3b22891ba43e1c580e860683686ab9719a1926b9a06f881045540d097efe8480

  • SSDEEP

    12288:WpFhI9SVEnmrmVB6ZmBDL5qludR8B0fc/TJ9rXmVLfsNO:3QVEnmmoQDL5r38bzrXAfl

Score
7/10
discovery

Malware Config

Signatures

  • Loads dropped DLL 3 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in Program Files directory 13 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 47 IoCs
    adwarespyware
  • Modifies registry class 14 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ffd5fab6be72ff756ae7a86d3188c57b_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\ffd5fab6be72ff756ae7a86d3188c57b_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1924
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.adobe.com/go/getflashplayer
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2848
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2848 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2764

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    93fdd9c3b911e3a9221f1c599296d89f

    SHA1

    b6c15571d4468b183b7b41c751aaa53da04d058f

    SHA256

    6453d2e3bfe6a9d94069bd5bc28c33d0de089021588cad8c5f4100b1ff0fbc5c

    SHA512

    3209100cd6bc98496f4a1032a86d8d1816d0ba0f6b0fb2287b7f67191fdd2ce94a83a5465049007294f78c7cd3616a029d517795138b3339754e2ab168cef11f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c928494dd630bf30a74eefd8afa35796

    SHA1

    5b4d0a07ef8a511787a59f91d2db0d94d813c82a

    SHA256

    4fbbbe47b2de295fe922e78228a2e20a555548c9c6be59ebe4a5eddb8599a42d

    SHA512

    62ed33e4802508dc07b42d49436299bc9ff83e59869706c70da3523ab936a6b3df908b9289c996db7c24481f4eac25dd30a9281e2c2a3731f897a81aa16f5843

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7d19c74ea06f3354182ea6b0011b3889

    SHA1

    bdf4539ec8db0d245744b4ee9935c056729b83d9

    SHA256

    5ad9f884da069ec1b9dc36e54320dea95a7e53d434a9a18f4cbbefb4b3baee99

    SHA512

    4382ee30c0cb9478fe3cf78cc94d7082a202e63ddef8c40e893ff6903aee257db07bd4b21ba0844a2982065d6a0f8f092974d85885c3de5dc2ca8a27172badf6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    283599d49565a2acc6e045c9ce620fbc

    SHA1

    d6992f5d23c47c6f302cd149a33ebfcc884e487a

    SHA256

    bdc9fa0b2621749ec839883e14fb95a257872a699b69226eb0cd70ab34e6c3bf

    SHA512

    e12ec6a6505c19d805898123087c36edb93886049830db18543608473dd7520952a2cc9ad75aeb3d678043aa707ee2903121ac0c4a82833f7f9d83f161f0516a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    889ada758ce757ba9eb2da88767e27ae

    SHA1

    61ac01413a72ee6ec2215e0b3241428fbe95b242

    SHA256

    1f92e4cc8159fc39985d4f54f0e67bfdb7a611a636f341bc699d1616bda0c43b

    SHA512

    f5bfebdb51faaabbd7855d757fe460ef50aafb067c20e6e93ee2b48516b074377ade25ab7baacb155e0be27884e164931320d581954e4bdda6a02604ef8f96f8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e90d2f05cd919b95adc952e56ed7d76e

    SHA1

    3da3c3ece84d8d2df770d6400e4931b4228e0133

    SHA256

    b3604457bef9dadabfb95b50054625f1333c4cb7ea566807bdf37d58a9116091

    SHA512

    f44f68aae831b95830efdcd4e9dcad64f9bcc56e0dea3012f64c1349f864d3c13d78e38b68c281a8d19cb8dae30a2b67a4c014b8ed732989cf30de29b07a5268

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    dd16b411036b5cc2bd95dc045146a825

    SHA1

    699d00ef6fec9efb2fa2071afc27e50cc70167f2

    SHA256

    60bd9bc2d36aa81b8c2d99b227ad5644340755e4d669d3d8d1b9f771a34d113c

    SHA512

    f16152e642ed60696404b4759c9afb0a9f4ef292915e984451433eafde3e658c7c6c5071ddb4a18cf7398c5c387b6aca88de605f0cab5b476f88ee7d4a127bbc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    bfa043895220a3eafbd7ee2064b275f8

    SHA1

    74d8b6730f8f2a0582fd483b386e8ba800a86a7b

    SHA256

    0c724d1945f2fef039ff8a36d526ce285d01b08b3be6e04b6e34cf9aea551225

    SHA512

    f2146af3a5a0ba22cd4e7d24d0828be539d961abea5faab5f7632532f1e8958bca99269375850ed5e681dc4dabaaa1db3c73a3903d443875f4e332cbf7a02245

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f608b64ac8da70d3201be31b6ccbe47d

    SHA1

    a1e6991740d831f98d7d00eaa32b707e5cac7308

    SHA256

    e47ca35ae3f3047a7b31eee3ef859e86ab7de683373e2c5769084d7520fa7d45

    SHA512

    2cdf36c82af6c23a2cfccb586ce17a62cf26f29dbc1c00fdc3c1275790e4a1a7106f2b883f78dfd61670e2f4d14f6ce5ace929bcc0ba88d1d6bb43a44b6c1bdb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    db610bb94d8f1b8c0db8ea8d610e3615

    SHA1

    0fe1c7ffd5f1b3627acf2717ef3e4a2932d908d6

    SHA256

    80995e24750fda774587839ff69473e01f5e943453de4e1fae5d2ba7151c6740

    SHA512

    81ffa449f3bc5e077cb46dc095d2ce73fad480859847d3e259147e91f3d301f046bc5f817a71f20b2d4f800f28d6893f7a9dd9de5da07f0c0e707972b65e2a1f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5e29ceeb47dfbac4c67fa79ee85663fc

    SHA1

    5d152ec1336b8aab8d7e9320740b5c5046e8fd71

    SHA256

    028f9018ea1530dcd3a2aa7d40bd7acb33d28f3012fa4c71bc8362d2536e4614

    SHA512

    25449e3e9353272b35addd582c98a38f1b2cd7c52823c64cde9e1414c72c34136bc686476a4825e31c9a0d1a16fb084b74ba58031a321e51e1939cccbabbcfc0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4892fc9025bba7c2f77889b4e26cc974

    SHA1

    0792984a52bc71c99ed2b46e6f65e69bd73b295d

    SHA256

    4a2ac80ac763f00f5cfa504b1ecef3d4791951b3913a42ddca8ce13b122bda59

    SHA512

    0733cea3d68970bafe7b3eb375d273080aca70d468200a978e0dd934e2ca482b957962987dfd698a0849a525a10341657e968b53c7f4962921b740aef8592347

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4a9495f82a7505649d3c54c5acb6f3e4

    SHA1

    e07040dacc7b6bbade1d4a59a47a84512383f5c0

    SHA256

    cf7dab4607ddb1c6cabe20161e8505439b26cc3a116b35de853ddb5cadd41778

    SHA512

    8d92f12780ed791f9c02ebe440f541f1d0bbe57bc384766400aaae6e626e71e486b8012633a15e3eb77829574a2a1f3e76dbb883ea5e3e67b97febec84189830

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f920dc77c9f65fbccded8065432d9046

    SHA1

    6b37e809ef70d4b29e2b9dabcaee38de90e0b255

    SHA256

    5b1ab9df1af883bec29d0e9daadff94fab8df8ffeb4e5872eb2aaa20baf45f5f

    SHA512

    3c36c9bac7c7735e9637f11e28987a54495ffd54dfcee3da9bfa71f2dd913230f9355c0bf1ff2b8db27179b6c9b6335ea3b84c7b1d27782e99c3b9709beb762b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0a16982dc1e9e0d52877bc6ee1eadd22

    SHA1

    c38e0d6d8bde0fb6abbe0ae9d5f2d63c399f9dba

    SHA256

    c8b1d83f4e8169c1bdce7b7d7ccccc47ee085cc6692f3850c263a7ddc6394fa7

    SHA512

    aebf384050029dc3246566f16f8757c711c5ba2c190de188abdff633704bd1e82ff60799624826b809edc5490aa7352a8ac030fa9a0c0a405a90759cfc76b282

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    78a7cf9fd35ab7b6104f81eb435347ac

    SHA1

    80420752fb0388da457a1a49d1152e17b2ed0564

    SHA256

    052821bcf2622bdd1a092f021cd5617e49b101c3143876b2b3a8e3a57e32fa1d

    SHA512

    5c19d714b93c78e5af4941d3c94695f2ea60723de04d8ae2bd4e007b38875d34d9f2158dd882d2732d3ff09fb797948f44924e26bf2aa9d331d95398fd98f864

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2f1cc4f88f2c22c252621e65721310b9

    SHA1

    773eb621948cb5267b5d13872c58c276b6178e92

    SHA256

    fc856003c7ea5642e640d98bc39e06facb8bc0a58ca303be05b696f5e1f7336a

    SHA512

    41f1838ad8fc1791701551cba341d1b742f2b3f7d8bf124ec821ee097cf00ef7b2cfa8a1cc07f94f9d4d5f9e26d37c18eebefa9384459722373921e28b897043

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6eb22a9ceea113239cc4936223cb29d5

    SHA1

    969989347722a0f7ec69b95a14c08b1b454edf07

    SHA256

    e7d589d6a038966cfb7f0a4a761319e1689ad1a64087a0f27fd82143a198c6a4

    SHA512

    306b6c6275f016ae1fee210ac6932094f916858ae7becf85267a001df94e807546eed02da42ca981569b03664e64f9defb92ea2278d93d19a9f27a7910a13296

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1f6bf441e8fa423e98e23141ebc9c5e8

    SHA1

    68697c56240d656e7a02faa57301175fbafc7ca3

    SHA256

    086a171275a2f0f47e9f94d30f54bb9113c80517ab86edfc9013932ddc637139

    SHA512

    8c59beb6404efa43ad17b859e8047d79e4b837821c48704faed31174a37ab3766b394bd0e97f1e4b8b3362d37b44b4ed5cedfcde483e0d413778d2b7afc61d75

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\TKARTOUX\www.adobe[1].xml
    Filesize

    13B

    MD5

    c1ddea3ef6bbef3e7060a1a9ad89e4c5

    SHA1

    35e3224fcbd3e1af306f2b6a2c6bbea9b0867966

    SHA256

    b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db

    SHA512

    6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabF068.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarF07B.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • \Program Files (x86)\FLV Direct Player\FLVPlayer.exe
    Filesize

    834KB

    MD5

    01b2b85df382f697c972256f43a1a1cb

    SHA1

    bb58e2f0f231c23b81aaa81b094af3186c1a332e

    SHA256

    8ca31d9ead4400b6249ef6c3ebdf9fc84568c2e874fa191ccc1a371aabf1db6c

    SHA512

    95aa0892e22e138a15f3757836a1d308350ac890b46aa937c17088024fac5715b727d13338d068cfa76fd284d0abe7c8b64446fe05810d83ce04a9405abc2b85

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsoB09C.tmp\Processes.dll
    Filesize

    35KB

    MD5

    2cfba79d485cf441c646dd40d82490fc

    SHA1

    83e51ac1115a50986ed456bd18729653018b9619

    SHA256

    86b302fa9c85dfa0c1c03ba000864a928365dab571f3355347dba02da22949b7

    SHA512

    cca186a7f9c5cff3f4eca410fbe8cc13dad2514a7e36aec9b1addfbcb239ace9b9b2d8427771858e3fd11783abce7e24d43c286f98da9f8b17562ca095a4c043

    Download Submit