Analysis

  • max time kernel
    148s
  • max time network
    142s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    03-10-2024 04:29

General

  • Target

    0ded0b74c3021cf741c9639f1ec2ac02_JaffaCakes118.exe

  • Size

    5KB

  • MD5

    0ded0b74c3021cf741c9639f1ec2ac02

  • SHA1

    3630ed39035c1e3343a8aa87e17a1cf65410f61d

  • SHA256

    18ed2296e8b35c5d91d5d65e70b2cb80830563bd0c3b8222ac5171a7cc842f05

  • SHA512

    0a3c67274b9ddd4dfe2e2acfe6c4dda9f901fa7544d23ab9b45eecb3696cf3247ab717eed36a491298e338dd7fe4dd9b9a07f3cefe4a21183de6be6407ca4365

  • SSDEEP

    96:R+MQUs5A0j4EqojhfUA2GRu6oTOPKC+Ce362uzbCw2OyTXjTemZ:R+usu0ZVunVJx62uzpUXffZ

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0ded0b74c3021cf741c9639f1ec2ac02_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\0ded0b74c3021cf741c9639f1ec2ac02_JaffaCakes118.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2544
    • C:\Program Files (x86)\Internet Explorer\iexplore.exe
      "C:\Program Files (x86)\Internet Explorer\iexplore.exe" http://www.placeforporno.com/
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2208
      • C:\Program Files\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://www.placeforporno.com/
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2040
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2040 CREDAT:275457 /prefetch:2
          4⤵
          • System Location Discovery: System Language Discovery
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2760
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c c:\n.bat
      2⤵
      • Deletes itself
      • System Location Discovery: System Language Discovery
      PID:2892

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    440585c4dc974c4d2c4e3d097ae9cec3

    SHA1

    ae8238ea1fd762d358d133b1c7401ea74bf0e75a

    SHA256

    c91140ca86432a2affe05ccc4409f4638fa86262c325499dc9b4a0cfc69a7a28

    SHA512

    18afecf5a6651c91622d5ec32549ba198ab68a8d945d6621ad2b42ac1808e02f25f350607ffa4fe793064253638dec110faa9ce19d24fbe1128fd6963fb67d3b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    9e635968c739f6205d8543cca13b4373

    SHA1

    d656f96b428e07d1dfd426111465d40a86ef896e

    SHA256

    433e40eac628dec8e341a177e397d20573a9e95bfacc0bb6efbc67c09b55b035

    SHA512

    2981dd8834e8bd33099c139f7686bc648d2a58e690dd650c47a9ebfb345583c1c37effbd4f29730fcd26d420b025b266ae576a9e4ddd8e635eba10c4a025bd0a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    e25c974a5d48e2f74cb5743c0827df73

    SHA1

    4d687a29001079c9d71b5d5746cdacb4a823cdfb

    SHA256

    6e195404b2541434d51f75d08f4690d822cb8eef06327223cbbf1ef8ccd24f43

    SHA512

    cd300679466f2261aaf9b5be692d75f6040ce2096f93b11e328d2d6fe0182bdcd8cfbbce8e8dcf30c79531a637bda07cb3117b2144ebb178eba8fab9e5f9e13c

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    e787c752ec76151c9673e3a58f5cd826

    SHA1

    f30889b05c846bb7a3c40809c432b3537f6810c4

    SHA256

    0329472fa46e836b5a20265e6a8a4ceb2937924a4bfdd4841a8a49cc444a1331

    SHA512

    f702b68eb939a49f274149131cff01c62a496587a6a0db1592e997a4375b0295b0b16a94c810170aa65dba2131c406fbd71051bd9351ca4a30dca6da00f267d8

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    11c72c039671459138854ba179c0dc52

    SHA1

    aa745f7385b3f05c1f68a36d36da5a1dd215ce33

    SHA256

    58e30157510c60738557e89d28d3d631c292fded61adfb7bd01436aed06f9236

    SHA512

    7c79be47deb1befb8df0ee275d174527fae87298f340b0e305b0ed4bb953dd28e0806703fdfd7079b3559b6e02e10c879dae4c4636eee040a50c1c5dac94a0e3

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    1fc63e19b875a90a81db15af3108646d

    SHA1

    316c6db1cfec463f65467c8ac19234945e6ffafc

    SHA256

    07fae79f1adb505730300c5290af189d61cd2da36cb503855b62689c03e55467

    SHA512

    6dbc0028b61d0a3b795d813c5a33791d93ad5f56b9cec2a36cb8ea60e0508894d5e39fa19186dc37849139801432f0cbddfb0c3b6931b034530119517dc209c2

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    c15aff5839d4f28499ca8d3982d2ae7b

    SHA1

    49d83d58255b695d327c8d75e29e05d58272d4b1

    SHA256

    14bd7de23d92e3b42ff9689f6a6c808efb3d96502cf7c2be305e3e13218b9413

    SHA512

    b5a1022fd38f7b0f2529b8fb8e5c12d2d484190deed525af6aba2bc13e3f69ccddd30a94a2b5089a90d1d76eb68650f92445fccc508f578d289f7088a7d35c73

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    8ad819763852751b7f9512e8dc2c9a05

    SHA1

    7cf607285b055f8592aef43b51b3cffd5394b7d5

    SHA256

    47a8ef94062099988f1bbd46ea1e9e9c5ba3553373eed39abfa80854fb49e826

    SHA512

    6721f32fc82ff0f360eb513c3db0445f787ae802488b4c3e26de29f6a9eaa9948118a83cf3ed33a12a1b9cae8cc56e26abbd54f0179f1deeeccdfc8fcfa45308

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    853c91139aadd05f2acb8e97dd0e3833

    SHA1

    998eb7cad10fb11b54362430e68283d8acc9460e

    SHA256

    7f0ceaac08e231e258626615a4320630b617c4d1328f29b6f3871424702ee238

    SHA512

    6457f712663885f95f5fcd728ece03fc5c9ede21342c9023ecc9a960595b748d7b79950c1b835170b8468e5e49c86240c36edd1b5439a583015fa740c1374034

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    80c45881e275a2be4c468b574907c61e

    SHA1

    e056f1e4a5b08ae760232b2930712c434f2b13dc

    SHA256

    87a98972168662065ed7f89d5e42703ac6f2e8398ed38d98cc651ea2538a8905

    SHA512

    9b818e7fff53d7267728936852640fe56c1bb33ef09382999fc36951a856c7a320dbff78b123bc830285046ccfab9d977e9d16b1f4e22866ceace179f5ef5746

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    e30bca4f3925f77e7ee473c7c3689831

    SHA1

    3d8e4c1121c0d22c917b0ca30c6fb5c142bbb58d

    SHA256

    f904ddf784d3a6e1d075ed0819105235be10f75aeda3fd8c1d4f9e93fa781e71

    SHA512

    f690f06a6bdcefedb4d4787eb85bf551e2898357f81b0d99335afab8b84d2bf997784e4c04d344dd5e1847d42172810ea5cd95b0e288066fa3a8fef4fa2f1334

  • C:\Users\Admin\AppData\Local\Temp\Cab3DFD.tmp

    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

  • C:\Users\Admin\AppData\Local\Temp\Tar3E6D.tmp

    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

  • C:\n.bat

    Filesize

    219B

    MD5

    0700476e041cddbcf5435d41a711c439

    SHA1

    489c0115a954d23a8082f1e12ae378b1735cb37f

    SHA256

    7a3734b451c854ae9702995f09025becd1f867fcd94220d68a04fae662113fa9

    SHA512

    0df5059c2ea40d9f9d46d5f6ee0e04e9337cecad94747416dc6e131c9d49f6f97366c2d0f2ea2cb8db9aded00ea6396545df3b8a06777976698a7eeddd7c805c

  • memory/2544-288-0x0000000000400000-0x0000000000414000-memory.dmp

    Filesize

    80KB

  • memory/2544-5-0x0000000000400000-0x0000000000414000-memory.dmp

    Filesize

    80KB

  • memory/2544-0-0x0000000000400000-0x0000000000414000-memory.dmp

    Filesize

    80KB