Analysis
-
max time kernel
135s -
max time network
129s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
-
submitted
02/10/2024, 09:26
General
-
Target
09fd1b2462bb313442c528851b6c988c_JaffaCakes118.exe
-
Size
250KB
-
MD5
09fd1b2462bb313442c528851b6c988c
-
SHA1
5afcdb62441fa59a44526706e2e44796727807cf
-
SHA256
697bf0e0bd4005d5ca1bcaecd982304ce2452e2468a37ccdbda382f9a5e0381e
-
SHA512
0eaf12cbbae6c384f303b54b5521eb0cece73b7a5f751b39c2e0c75b6e2e1638b13ed84cd25d322b6ac0c1aa4c851ee7777ab0037c550966fa111cb42a296c80
-
SSDEEP
6144:mhieuJDr5T8b2ufqBLjSB/MS7irtIa6cwoD8ZroSfjGFA:DeKrJJuf86AYcwoaoSbr
Malware Config
Signatures
-
Boot or Logon Autostart Execution: Active Setup 2 TTPs 1 IoCs
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Deletes itself 1 IoCs
-
AutoIT Executable 1 IoCs
AutoIT scripts compiled to PE executables.
-
UPX packed file 2 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Drops file in Program Files directory 2 IoCs
-
Command and Scripting Interpreter: JavaScript 1 TTPs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 5 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 2 IoCs
Adversaries may check for Internet connectivity on compromised systems.
-
Modifies Internet Explorer settings 1 TTPs 36 IoCs
-
Modifies registry class 26 IoCs
-
Runs ping.exe 1 TTPs 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 13 IoCs
-
Suspicious use of FindShellTrayWindow 46 IoCs
-
Suspicious use of SendNotifyMessage 21 IoCs
-
Suspicious use of SetWindowsHookEx 4 IoCs
-
Suspicious use of WriteProcessMemory 20 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Users\Admin\AppData\Local\Temp\09fd1b2462bb313442c528851b6c988c_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\09fd1b2462bb313442c528851b6c988c_JaffaCakes118.exe"1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Program Files\WinRAR\winrar.jse"2⤵
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" http://www.go2000.com/?g83⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2904 CREDAT:275457 /prefetch:24⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ping -n 4 127.1>nul &del /q "C:\Users\Admin\AppData\Local\Temp\09fd1b2462bb313442c528851b6c988c_JaffaCakes118.exe"2⤵
- Deletes itself
- System Location Discovery: System Language Discovery
- System Network Configuration Discovery: Internet Connection Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\PING.EXEping -n 4 127.13⤵
- System Location Discovery: System Language Discovery
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
-
-
-
C:\Windows\explorer.exeexplorer.exe1⤵
- Boot or Logon Autostart Execution: Active Setup
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
11KB
MD59208c38b58c7c7114f3149591580b980
SHA18154bdee622a386894636b7db046744724c3fc2b
SHA256cb1b908e509020904b05dc6e4ec17d877d394eb60f6ec0d993ceba5839913a0c
SHA512a421c6afa6d25185ec52a8218bddf84537407fd2f6cabe38c1be814d97920cfff693a48b4f48eb30c98437cbbb8ad30ccd28c3b4b7c24379ef36ac361ddfdbf1
-
Filesize
342B
MD5488ed931cccf506554039901b43f791b
SHA1e853f3d0e1e8ecadef1ed33d382f09f7bba286a0
SHA2567c796f14f968d7ee8d05991eaea5910b99a7e8957be2de2809937d346105a577
SHA5128b70face59b2efa1820ff0acd066b74afdc8239d05ce02d40476a9da1ab91341222210ad62507e143b14763a817afc1ee712e6477e3f78577660834d67470cf1
-
Filesize
342B
MD5fc945ae671c2733952cf6585b21017b9
SHA17fd33de1b51eece9b104c7d3ae9b6af371d3b87f
SHA2560e55ddebc83ab15cb1cd39aac67d7a4e5b9a5d04b6f3cdbdb3cdbd61d09a81fc
SHA512064d83b595705571f5f66adbfd9e5a4560931be66c96ad5192529f82c7d3d36b117ac28fa0227268ce1395408e3bf035e67b367ee3c6ee1ba8da6156148c58b1
-
Filesize
342B
MD585a3062fcff3c791694737845f389201
SHA1c877a0d5d3aebc8d0257c4200eefc9b0884e1c60
SHA256fb39e814746188263848ac4abce7ed71047fff084d41a6c4ec3c402b1383cd2e
SHA512c052f1060c1bf96f6784cd924d4dec2be4cf871ed5f41c58f7bf9b4ac19ffceb6e6c37f99b7cf43691a11d497128886a56a46a86634ea0a0aca37099a1c17f70
-
Filesize
342B
MD561b4911a367b1e510b570cda8195d8fe
SHA1116b21b73a473d09acb5e9b73964f605857af042
SHA256cff67fb12a8560a9c8f52b74fe784f33aeac687f8c349a50996eb18ef6143393
SHA5127f4a2d5dd582f7bacf8db6f203873633ba1bb67a7bd0c5079d7c4d805f4e1a2fd7494931a90b48a44cfc3a0900dc996a7037b6b5409c99fca94bf3c07120b01d
-
Filesize
342B
MD58a043a4ee4c66bcdb1c90b8f72373baf
SHA1fb4733c85aacd78d3ce265cf8a738eadc5104ed0
SHA2563c1e5ae1622690abe9df5d1527b6669a489476908b4b512778fee2d593234715
SHA5128c15ed7ee8a28bd79bb5a3a3f3cb7acfd4f5a14cc9deed751dec1ee09c34f3d0b517c71144f1a698d9ca1a70328e8186358a8bb4c7ffc0637975928db3b95378
-
Filesize
342B
MD53e3dd1335b935b398ded9bb4b505344c
SHA1f635c8b61315ad5ddae81fe1d38319a220deb3ef
SHA256c866db4a4682fc09ef65a4478563d81b5c33317dcb256adab9bf7a3dee012808
SHA512f68b4a7d2b42c4068bb050443a591e1c86ecba128a89f8ce98e42f1d65784458cc29803e1f2f4f4c05ddb99b232d62fb1563781540ca9f6a71ded89bc1366e2d
-
Filesize
342B
MD580caa677ecd6afa62afcfef01af45b1d
SHA13dd9cda166815a86b9cbef8fdc745d3313673c3c
SHA256726f66e41430d3c27f5a318f4e46eafc0ac80aed9673631190a66c0dbcd0b77a
SHA512b3763f2968d84fc30efa59639c93f7ae98909f58b2befce30b33c2e192b05c9a6e3c82cfebbb2b23bfdbc185154fedca490d415d2089f9ce335d46aab05694c4
-
Filesize
342B
MD59313382bf1935fdf315d212b9b504608
SHA13cc73e3c72f4c43a1b1d24d8690a960f786310f7
SHA25636e29a1f6d2de43ae566b20789ddcfac17e446a50b80afee41a988d0ddd6f08c
SHA512c757aa06cb84ae649656461fb576a8e987d2c9742cb9b0f2c81506a7ae4f48db15d996a62473c83b86423254ad9c0b4349ddc95f50a9ce18c394334c5c12f71e
-
Filesize
342B
MD5d9dd0260899eb714dbb1917457bf7b6d
SHA13bfb2a9df076412dfb39e792333019652e109b63
SHA25678389c644621e9b0302de8eadf23fd4b608e8d9bfec44021262f60db91c3ecdb
SHA512eb8a936a867d0f5f3106278684b5314f8000c6c2ebd5bbcc7fd756f3517637fa8505e985d1b13aecde50b7be9b8a01a8205ac524e953b5dd35d2bf57928e0db6
-
Filesize
342B
MD5914c83674f410b704ed5f335b460ed18
SHA1fb12a049fc7cb9596d66b4fd9329ae86f2a549c0
SHA2566e6db7491972030b64a631ca0e15090d56b9cd8501429246a7e805fceb2f98fa
SHA512cb7b84ec845e817022791e288675c0e24f04b86f4bf40ffbee5c7547f636a0490fe784a36140dfe798cd73974d90f60159ac7c6fdd8c9da5eb20e3466e33d00c
-
Filesize
342B
MD5e862f9cc84f38560294b5e1bef4002ba
SHA19ba54c4a173b59f9b0ed468db898b2f3fecfe429
SHA256512487dfdedf628aa4cf6d783cfc984bc3f8d6b774e399c7b0edf1777a76dc89
SHA5126fe3d3bcd9a6e742fd3a2a66f1d397d7e110245f38dd983a3bdf1418aed07f47ff9ae578e1a438ee4f5346586c0eab5458dbc6c821be40618c0e8994702527ca
-
Filesize
342B
MD5daf6f835beb51fda4b16e913b51eb4e5
SHA1c5b0d498bd4ce988097e20322a63371d673203bc
SHA25690578a1d8f6689ae4b44d624e028d74b746ae85f5e0bfe0a81270d4a64e9cffd
SHA512483b15705e2da2181c48a4ac74cb7d591cacceda74e1495fb4786e3bc36ca41fe5f200de5c3c898f443d6a8ab156f9f904f6333dda7822c54d8cd850bdb173c4
-
Filesize
342B
MD5b065e689193f79cb6c2ffa10891a0688
SHA16ee7e22ec1275bf7d37930186e15ef1c1dd3a47d
SHA256771f5e261bbabf323b6a595b6133fb296b03e29b426aecefd3c350df0c144e15
SHA5124301f8e843e3b576e5624086b052680b5def5ccced7aeab9c8222840a27cb92d1f1dcd4a3aed113126a0b46913e0be9b89cc4d870978d0927af4e2b10cbf4ead
-
Filesize
342B
MD53f4dcf2cb0608eeab1700ca8b6b8ce84
SHA17ba36731e0c30749a1beff52b8bf219f92baca40
SHA2566c9adac0552dace0615ea9946e34e5cff152510bc86cc653f0db0cb6dd367d3c
SHA512f69066467b1f810442407ff78e4c138498e7826af6ae544d89ca6c7b2ecc96395fc622c52b6d81cdb8badd39663c5c103a77e2dadee785ce4deb6a74d5e60a12
-
Filesize
342B
MD5c08e5443e0e6993041754af4d441064e
SHA16dab355089cba468607079e79d1419fe602a14fd
SHA256e0850459028ff888b3a8036615420f3adabb49e0d2207598edc7971379321bb1
SHA5127adfb00c7b656751f9411a8505ccba9a7e9d7edc6678d70e09e81b5396d55eb56e1570e1cdc4e8340fc974be9054a6cf76b48723a3d230b34dec171dcba39959
-
Filesize
342B
MD5e304f694901eb20efd4c8f4cb0aff6a3
SHA1df470327848a7882707a266aef2fb5bc15a266b2
SHA256eb57899fa41c8d6efc079e2bab747b4d3b5efe1281ea6e63833092de732bd698
SHA512fb57de60f0f003cdaad2a250a95b5d44ecdee3cec438be96486ac422821c90a05f217c5eece59aef63c6c122223c3950807e615653d118549b8d0d18931d15ad
-
Filesize
342B
MD54b375a97f9e4142d599e4cc4e86043ca
SHA1963740f176df5b3f1a68d6411a70ae56027f3f39
SHA256ce563e208e8ea86c694c19c615ed07affc9703dd9d5552518063e99d9bff64b7
SHA5127c179d8dd123e72d58f7ea60b4a7fd369e8bf442ebb80d45f03f28c4ffd808867d6e2db8be2645970c97eacbf8799b529d4d5b69b0f2d900011964df797c2a3c
-
Filesize
342B
MD5bbd32e1f52c097deb04b1d14fc85dbfc
SHA1d6aacc570de8ff33054f33aa9d5983193b4f703d
SHA256d33b3bccd55bfc802134a62ee4a370a3fc3ebe9734f85a08295f5ff384479654
SHA512ad66c1bf37a00fe5ec83da74b01c8cda01171235503260720c217ded61b1ee30a7a7ca77ffa11c7e46081408a96bf33112f194ab707982dd4e74df7a396fd51e
-
Filesize
342B
MD5264f85f804b10ad5a0aa0837c367ca3d
SHA1d11ddab7001e574b4915893c39d1073de163fe89
SHA256e3b3e76f2a579c250c69ea786ac2b64f61b8a887f3d2dd57d044d00a7fcb2866
SHA51228b538cce37b952096cb56d042695a4d4e530c93d905a1f2f874a6b1a9cdb88dac7185c78ba37863e59ad16d10634c89f7572b22e875ceee4c29f536791c918b
-
Filesize
342B
MD5ae86d4da202a9c8cc900520f28692ae8
SHA1de734af4ff28808b24507e08ed3b5d8b4e31b87f
SHA25636d642bdd685739eb1062c578a6f3408e9392a2e67f1e3f63964d434eb99b808
SHA512099c3a64e74db11a51940a5ea8fa098bbf8bc4b0f851a0962f6d39e79ff97261a7648fbe725bebb50a81883a486f7d9e417cfb6a2e61a52e34d32d6b4c3d8820
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b
-
Filesize
149B
MD5b0ad7e59754e8d953129437b08846b5f
SHA19ed0ae9bc497b3aa65aed2130d068c4c1c70d87a
SHA256cf80455e97e3fede569ea275fa701c0f185eeba64f695286647afe56d29e2c37
SHA51253e6ce64ad4e9f5696de92a32f65d06dbd459fd12256481706d7e6d677a14c15238e5351f97d2eb7bfb129a0d39f2603c4d14305a86821ed56e9face0bc252b6
-
Filesize
64KB
-
Filesize
708KB
-
Filesize
708KB