Analysis
-
max time kernel
143s -
max time network
129s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
02-10-2024 01:18
General
-
Target
0837f77cd9394e93a2ffe82ac227f1d2_JaffaCakes118.exe
-
Size
203KB
-
MD5
0837f77cd9394e93a2ffe82ac227f1d2
-
SHA1
d227cdbeb0ecec3ac0ccc65b7cac47c3402181f4
-
SHA256
daea50d36b20ac0e2d01aa71ff3e02b2fa1cd819d0a77d65e58ce7e3df902532
-
SHA512
492aef556cfc9b3a29017e7d51a71f03002f00b6407bc7c0d40aaac22f2c47dc18a7f00e36befa92bcd975c3b89504f6f809e0e11abd08ea3b94e73beae9cba7
-
SSDEEP
3072:TYg4pumJfWJhCS3QmkYs7TIoyIsMrFgwGeBywQAymFqx59ZxWzqRpNSEB981ppLb:TlLQmNoyveGePQpsiXZ2qRpNS0fXJdo
Malware Config
Signatures
-
Loads dropped DLL 2 IoCs
-
Adds Run key to start application 2 TTPs 2 IoCs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Installs/modifies Browser Helper Object 2 TTPs 4 IoCs
BHOs are DLL modules which act as plugins for Internet Explorer.
-
Drops file in System32 directory 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 6 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Modifies Internet Explorer settings 1 TTPs 61 IoCs
-
Modifies registry class 10 IoCs
-
Suspicious use of FindShellTrayWindow 3 IoCs
-
Suspicious use of SetWindowsHookEx 14 IoCs
-
Suspicious use of WriteProcessMemory 27 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\0837f77cd9394e93a2ffe82ac227f1d2_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\0837f77cd9394e93a2ffe82ac227f1d2_JaffaCakes118.exe"1⤵
- Loads dropped DLL
- Adds Run key to start application
- Installs/modifies Browser Helper Object
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\regsvr32.exe"C:\Windows\system32\regsvr32.exe" /s "C:\Windows\system32\vwkaqwwpyng.dll"2⤵
- Adds Run key to start application
- Installs/modifies Browser Helper Object
- System Location Discovery: System Language Discovery
- Modifies registry class
-
-
C:\Program Files (x86)\Internet Explorer\iexplore.exe"C:\Program Files (x86)\Internet Explorer\iexplore.exe" http://www.welcometrack.biz/enter.html2⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Internet Explorer\IEXPLORE.EXE"C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://www.welcometrack.biz/enter.html3⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3060 CREDAT:275457 /prefetch:24⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3060 CREDAT:406530 /prefetch:24⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
-
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2732 CREDAT:275457 /prefetch:22⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
Network
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Browser Extensions
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
342B
MD55e1421448a390f63c0998d31c39d6b83
SHA1bc7f2471a4e9ff5560fb97e6e0bf6fa307a9856e
SHA2566b772b6b77cc5f9ad80fe4227218e392d0a1a74e89fe4eb6c6a04beebcf26d7f
SHA51247369bc392a3f4a8e1c50e6d236cf3fb7eb156095e30b392aad71f6458d91ed5070bbb21ed343c740b02b0aa05f6d2328e260d4820df296f978d1f82f62b68cf
-
Filesize
342B
MD56a62195cc277002782c0132ca8fffd4c
SHA1f69032a3cc653253d13bf7780058de58691a9680
SHA2563acc9777506c1ac09ca929321874871a10dafd554f3824814175184500fe81ad
SHA5126601d5db717821f6dd48a33c50c99728a42cdc2af3699718b96479bfbecd2879b4b4cb908de35a380555f914a63a53ffcd22ab6293b6a18552dc6dc12130527b
-
Filesize
342B
MD5db8319fe6867cb6b1db33781d5222c8f
SHA1667a55ece7a74be58770166a0b5aaaf0cd4c6351
SHA25657cb741f65607792d7e9a808ef210e84c5807f48569c208cd60fc4c139017cf0
SHA512c4daba0ebc2d114f716a63967093ff838868ab1d0b3357c1009f3d206fbb2a3fbf8b1c2ce480999a8966a030a802cd85549d7439767c90f8b5c1424a66af0c18
-
Filesize
342B
MD5bf229ecafd82b89dfca18b13a7b69243
SHA1e4c7da7981cc3baa836ade04dde03d93c564adc3
SHA256088d97e9934f929a18cd6365c7a76600a229ae270f124c693bef577673ee8ab7
SHA512c12b4892e3c579c7b04a766c149d20eede99717dae8baa60fe05b8d42fab0707c2d5017ee4e8dee82a28d9aff6b101d38b3b9ab91fe6674360e1e47adea6353d
-
Filesize
342B
MD5a0ebcf6d5177dcdac608c1adffcb9378
SHA1f7b07254b54c7d7f0b59b1768470c9da41f8327a
SHA25634ec7ab4d72fc0d4244db41059aa26da2431c285cc54ed8758ce86dfa5db90d2
SHA51204fd9eed8a01e542a2bf904e61a1fcd0ad94f8f3885d1f75858ec95108a76758853058ca050d348358a2b767415b440bc8e679023637f5002ae52a5593e2cac3
-
Filesize
342B
MD5c6e4bac4d19fa52fb6d997f437dc15db
SHA197ff9c03f0e845c9c34ee906260e9fe632014b01
SHA25699ffa8d43505b58cf19a749d13de7bee7dd5eb760de96e53af7e38342aed52a4
SHA5125fa71f6a9ffb5d0a017a51466658561e3e478c6fb06950ea3ff389f96cfe63be8e4dbce5a5842ec7b90f5ef0c07ef7f76b209aaa711bb4a5c3ea1a1dacf4852e
-
Filesize
342B
MD52369329a2a8e1caaa97ea57ff2cc742f
SHA1dad0f56d61903d7eb1fc7a24d65b3351938d53e7
SHA256270cbcb995fa9cdf137979393ee00708d1e6d740780a6a2ad70c6d262deb22fc
SHA51214e1d4371881bb1b649ab05f65b38861299bacac733a1465044ee49d9af46d79eef555ffbc84de1258e0ab107c43a18ac81544022287acfdf3fa0a6c5a602e6c
-
Filesize
342B
MD5a6b842b9872222248bd4623104c17ce0
SHA121bb1c40bf86fdd46030c30f6b7a723dbe36d3ab
SHA256989e2ac8e2e25be8fd962ea6e27e03ddbfd9413d181530e6498e4f10f5202f43
SHA512cec6aef83a90c7a06ff01ff43055af3f9b2dfed1194e2c8a1fefcabbefe42deede4b48b8c45c863ad1e2f4c17e22a2bdcd9f012f6975c53cfea3ba231bcb91e3
-
Filesize
342B
MD5b11bdf1fe0023b87eab1de565001d655
SHA19b9f6d756106532dd31aef752919cdc6d610d9b6
SHA25650675ce0c4968c7c454fea277b11ef53e4e4553c6eb03742c7bee74ad7e99261
SHA5125f6b24531ccfdc2f587df531aea7139d1925eff515f0511653763e0a31f160a963bf002bca790cda7023654394600b86899536439c0a1f01bebedafbd2d53859
-
Filesize
342B
MD599ff6c08f499254720e3f9ae21be910a
SHA1589e4ca6c759f24f99485cbf57fe0c222188392f
SHA256f0451b4fafa15793d75c3e74f786fd0b2cb10eccb4c0ac3e774569ffd546f9c0
SHA512cb61e1fbb524c9d72c5bdc48cdbdf5fad243a2051cb1fd86106f0b6848700d0d6963bc101f7b7d3d374b19014b653a005ae0607250aa6350b1232a04061042f2
-
Filesize
342B
MD5c49619763fe9536ba6af43517abe2237
SHA1aa624c2fb080ccdee058269d4bffdc03b41b2fde
SHA2561924436036dfc8269cf8d9cc1481e6a7a868a8d9b66ac2e0e6a0411c69a1a8f5
SHA5122ec73f3ce532bc8134b5d0080ccfc4d8c9e21f43688e66999662e1dfe1e55331f234f56a064936ba1ffde732761c0c2f72d84d3cfaa63ab364dd5ba4d8c589b7
-
Filesize
342B
MD5dc5b81f62b13d474c5675e559d37cff4
SHA13d4f920c92b990b2f7760c4eb104b1b7e789e0be
SHA2569f4344a11bd6155b6fb7f64fe80adb1e7b72b6586eb34167ed4b5c5e4977f86d
SHA51217e61ba51740d5a13912e92adadda80369e2919209e351bf2cf5e46f4d5648ac99816b3bb2ea3b4408d711f8ca90f5e4d65b86a84e16b111cd977cfa8915012e
-
Filesize
342B
MD53bab7f64ea6305e8010bf50c3f1e1e2c
SHA1427b9de853d1433f3edee9b6bfb27a707ac4fc6e
SHA2562ed14874df01727bbeeefe9d260a6fa1b4a3791f492101947e25aabe6672563f
SHA5124550b07f838468080d0b648c0e07d2a5dbdb64b87842d7b01d9098dbe81382df0ec18903e353dbf37207457d04a1222b6adab369b409342b460455d4c467fe6b
-
Filesize
342B
MD56abb233b51216aaa7d958be3d08b3925
SHA1784c939a61dd945dadd872b034c13ed114941bdd
SHA2568104ba2df88cbb513cccc4aab594bff504b611216b57d6283befc8712f683f3a
SHA51296a9dcbd115394c6448690db32f58f7fc69fe6d33f97eb7fe62436dbaa114a705a0fad55e31deddb10384170910b9943a8208c184118f255466b3d756c81a129
-
Filesize
342B
MD5ea6107072690f107ef98a7d777cdef18
SHA14ff318dbafa92028e2afee3f6c5feeb13401e07f
SHA256de5ecff53866d879f2150e5224542948b3a9eb64c155f77ff8fca4632bb1cdc1
SHA5128a7e79d58760714326cc105af6dce63495b3cdf31a5acdab267daca51aa3d55d8f26b4c279e715ff55d932c14375749298cecdd4efd97c37bd25d1dc8b7dca80
-
Filesize
342B
MD5106f267326509c94bf39422384893f32
SHA11835448a0d1843c65cd4a355a2a0ddc970034499
SHA25682b0c8a521e970f5406e9ad84ee506702bb6dac11d25dc0e5aa8e42a59897456
SHA512ef5d7c251b6c44fa6d16d434ae7a6c15da12a2b34dfa7376105da8085f1e9e51b39462be3f3bec726a189a78cc2fa3707841895bbd7b52b84cb9a4385a100f99
-
Filesize
342B
MD590f8e3a124c90f7b4b149f57d4bb7d56
SHA1ebcea113e24017bb49ba6ff2105b8cfd7b2bbda2
SHA25620704f6c1ae9300b6dbe79fde8303bc5c02737a3bcf66874510d1b587489140e
SHA51213e047e4c9a3d8bc2e80a70911858c9992f4b9239982447d0e4cd2c5e8e3d55d4db83a75fd51df8eeb073c2448443f9972c5b162d51556567d1ee193137fe78d
-
Filesize
342B
MD5a428a6b13b9cb45c96e4f0e43c20625c
SHA1cf381ac52adaa3ad97ffff6cf46bcd5dd0297d2c
SHA256e9295fd594d11bcc7edce28a480c148be3e79a892956da7cc9db50b012b7ba96
SHA51243709cdac390198ca4b988a614ce1741f2aa93e86bc75d0fa5219a7561ecaf73f405e729925327e23cbb13413a72fa2fb711582c898f3eb0ef6af1710c859930
-
Filesize
5KB
MD5cb80b18b9bb4c468d10a8534f99d6b05
SHA1fc10a0a3daf506d899fb01ff65d31acb40f5a0f8
SHA256bf29d935e522bc9a027f11edf890f8c7cd501ffa814b5969fe581343c09a01ee
SHA5120af7f61d644d78fbab645f4cb102c7c8f944a3a6061552f410461433d71da4b56ebe8440af90d20c2b0e5c7650574a0f6f343dd74aec477fa58e1a6eeb60c34d
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b
-
Filesize
11KB
MD5c6f5b9596db45ce43f14b64e0fbcf552
SHA1665a2207a643726602dc3e845e39435868dddabc
SHA2564b6da3f2bdb6c452fb493b98f6b7aa1171787dbd3fa2df2b3b22ccaeac88ffa0
SHA5128faa0204f9ed2721acede285be843b5a2d7f9986841bcf3816ebc8900910afb590816c64aebd2dd845686daf825bbf9970cb4a08b20a785c7e54542eddc5b09a
-
Filesize
384KB
MD5b1ec8da5c45bcfb9f68854e3e83e1ecc
SHA1e076fa98e7e97522469080b4114575d0a1333cd7
SHA25645488d93188bb7d4b5f48d9a979dedb88a4bfe14e78cda86036fd3aac07f7cfb
SHA512e4f529d36490f224178ae22b8524557e3d842f824406531e6d11ade40c8b955fca7214d9d1ee165b365df8794bc7a5a074fca378129566ff741b02bed1e48d25
-
Filesize
408KB
-
Filesize
408KB
-
Filesize
408KB
-
Filesize
8KB
-
Filesize
408KB
-
Filesize
408KB