Overview

overview

7

Static

static

3

0df7ecb3ff...18.exe

windows7-x64

7

0df7ecb3ff...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    148s
  • max time network
    148s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    03-10-2024 04:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0df7ecb3ff2fbb056fb87cb02394f47e_JaffaCakes118.exe

  • Size

    536KB

  • MD5

    0df7ecb3ff2fbb056fb87cb02394f47e

  • SHA1

    7c75a6372dc7adb8470867c6933dc403e09ca964

  • SHA256

    3d503b292968ccb29a2fe510ee77afceec5e96746d16cb48e80916d5452b65f3

  • SHA512

    b4df36ae31ecc79b11c94526e93f9664cf202bbb430cc015de060700d176b85762f28584c91186c2111e9baf880967bd0784e6a78c6c0d3c136a7d0c7732409d

  • SSDEEP

    12288:t5NDY7Od+5CLVwkHKuSSt60JJgxRs9rN8RlFKyd:nNDYC+5clHJJgxR9RlFZd

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Drops startup file 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in System32 directory 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 41 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0df7ecb3ff2fbb056fb87cb02394f47e_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\0df7ecb3ff2fbb056fb87cb02394f47e_JaffaCakes118.exe"
    1⤵
    • Drops startup file
    • Adds Run key to start application
    • Drops file in System32 directory
    • System Location Discovery: System Language Discovery
    • Modifies Internet Explorer settings
    • Suspicious use of SetWindowsHookEx
    PID:2668
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2396
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2396 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:3060

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e88d4753c7409b104ebc371a19f755c2

    SHA1

    e7606faa40ab0fe7557c24296fd790a06cda6b27

    SHA256

    e088eadb506dae311f479eca384e04fc054570b17d6187116741338273a5aa1a

    SHA512

    35bf6bc60696805f5ddb316dea629b38b7ca00ac856a698a105834e207d17c8230aad191986b6c4297c9a7c05fa770d90767077aa856606aa9aa039c2efffc50

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9348f7be576643b58f87271f364d286d

    SHA1

    972ba5c0100e0da7cc67da7b7dcd41b06b1d169b

    SHA256

    4895d8139a218f7f6df2927af9f54a27f330c31c816bb734ec6e6c142d3ec5bb

    SHA512

    c5ef7fbdc709f8a32016e1bf7c81bbe6a350e06973d90ab09ee8915ab693bb975d549cf1eef826b03a3d5559b340c192bb57f7237ea52dff622e39f4d9a91c4c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7ffce04ee09d494d76f363bf195a099b

    SHA1

    8aad8c0eab2ae85d3fa15d8bcb92d74318ad4e07

    SHA256

    4e34e1f3eeafa67590debad1aefb74ec484838ca499d6c005c81e95f02672dc8

    SHA512

    fd522d4df6b58eedbd761158f873d138c8afd9ee54e33389273e4dfb570040eda572103f34a68012b15860b8b6115b8423b92190e42c500b059278d6cd0a2bbb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f41f21df94efcc97c79dc57253a0e2ba

    SHA1

    f60947a94b873fc0f2a3c1bc7254bf2a3967bfaf

    SHA256

    a3c5f8e0c1b0576bc7ea8db36240715150ae0ce645d3bbaf1ebe53505a4273f8

    SHA512

    590c4531868eab0fa33f9a82277aacaad6afdafa167ccbefa41a687f753ecf046dc3954c5c6bcda53ce45322c8f698090a79838bbea059a5594de7e9a18614f7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    74eb1916b3e0263d396cc88bf9fe8d74

    SHA1

    d2d1842d8f66ad6df6017623cea4acfb29bdb4f4

    SHA256

    9eb3350dfcf75647777e74d223e0beaf71a9563a8931d53ea72a597c0da663f2

    SHA512

    321fd7a4e1138ab264314d07c73dc43790d2b74b3d518f7748745ade8c348a89b2f7b535af11949d25136504ce95f10fdd1cc6039dd4f4a61943b875d8d2064c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a481ac610bf237052e641958f4d0f1c7

    SHA1

    ad6433f38bd66479ee5cef5d84e9983178f7750f

    SHA256

    dd43cb964bd61cf6192a5360b9201c2222ab6ff6cd616ace490c60d902ad8b82

    SHA512

    dcf95ab71002c10cc5d5ff458329f3e4e05c6a48ca3a5549bf2a39e03f0bdb30e7f6678fcac58233ca7cda2d0bb2a7d48a1d2f594313d396b2528adfae8c2935

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    29745b207ca59eeeda9a78dadeae8536

    SHA1

    a05005067a46f8a27142fce9284efec06b07941b

    SHA256

    0e029d5ae0a84fa774a96a97cfed9982ef27427dc86a7b87380e533bdbd305bc

    SHA512

    935ee66ba28d9d96e067ab486b530e0ad71383bb79b68b81ec5ada7c29feeaf299f619dfa82de913251cb88124dd45b1630f72140e6f09f6568c3ef05bf78ba8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e849f440369e87d176155f591244ec85

    SHA1

    56a496c81229d7c6ab64764f13499b137c5bc420

    SHA256

    905d53dd32f8ca684045f9d6f150536d72c5d89ee499f609950da66936446ae9

    SHA512

    2e002914051652cb6ca84ba3e4651c0074d8c95f2a01c745a5e807ed857cb20a9dae40ebb0b9fbb34e017e927988e1526c2127d9f1edb89441d0ce840b7368d6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b5a743ba6156eff50f41869474909454

    SHA1

    e8d294d2d9b7a1a8a1666fffe1a4cf565772330b

    SHA256

    300cb9a46bec81db59be6aea02ef12ee0962e8dc688db7661f36a1fbf8303b60

    SHA512

    d8e348271233bf1bceb37bc47c02e3208443717e4a1170a4de490480c776893042c313c7ae444a9792c92aeb083ce1d14bc5039676935ce9081eb01095f329e9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f7689738ed13436d7ad4a8c4294766fd

    SHA1

    2e886c3142bfd29aecf880c26bb4ea858203644e

    SHA256

    0da6a78e1e0282a17a9da4a577f334e719780c37a97d290ccfd88cdc66f4a818

    SHA512

    0c7dd69181957e8047212754de28a734f8137db88db306e6c112008d439af62585bdb674b38ec6b1e1ea4adfed92402ea09da9fcdc6062544e1aaf039a010e12

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7a4f815245c422e90734b649d2247819

    SHA1

    32d7e3e3912ddfaf4fef195069e192174e1707f2

    SHA256

    2c6ae3e7adfabb02ac59fffd6f3a399468e8c6b8dc9bfc16324932774285cb82

    SHA512

    d78f4328b50b88e38e1c0ba380b600c913d2ba415d9aef4490e89cec4901f687dffe822a10bcc649abb03d0b8078e7c8197b4ab4b3fcbbc264f2895915592be7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ddd94cd1ad2f6192358632eb3e362497

    SHA1

    de94e157be550f20dab95c8a2a08813877ae5650

    SHA256

    445a2bc84506424b1f5e56beb39a249cfed10210b4ac71d767ecebe1d95a0597

    SHA512

    f5676cc3bed409ff7e712246702649f1a188af42f5c2b2df6332c96e9b53d5370688dd4dd9daf9a38076c3df6ceb8f5a44bbd698c9f725c13a585a4618e52ef8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    cb09ec76fdce7f826f4aba8c4cb53a43

    SHA1

    c0a407fa90d0422d721fcbc1146c39945b9057fd

    SHA256

    b43e59228b1909c18a0d5c3a3821829279c805c35dbf9589d55de78a1235896e

    SHA512

    3109240cf9ee9ce6b7253b08e242ea20b574c28a5788ca897a0cc8dcbb45749f45f49b28dc1a0d28cffaf75ba2f38daaf56a40bbef7adbd679408a419a641e89

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2f9fe80817a1d8148e0e49a3722a19df

    SHA1

    fd86e2b33dfa084653948178067ca9b8b00e6b8f

    SHA256

    7cde2a5cc1c48757d3c1efc2fc2e1b63dffb9cbf9eab01bf802d78d4025e37c6

    SHA512

    8548a98b22861a5e13abd08310aaa291c3c216f452e58d5e77cd8067441c73aa06fc998c3a26e2d48d0ad149fbd55abcf09d82247203462ad3b0b28e71400a28

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    be65d9debb44002933fd8c531910c251

    SHA1

    0a02854a7e432c3da26ac805db93b77954803be3

    SHA256

    85d50bcaac1483f556da7607922bf81988fa140939a39917794f1a3b4c1e64ab

    SHA512

    b4d54a4bba11124a779bc33662bed66f64f831fcbd67d46e9ccc2f7c8f0ab052d9e513cb94f655b3cd21df0f19c1c954f7f5638bc892511e940658388f25c302

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d6fa4b91ad9caebbbd054cc3bb4b330d

    SHA1

    d575b0c166794f6651c0f1acaad95c3b93047258

    SHA256

    0e105dc3cdd947cd33455242525c706ac1bd372d624934929b84a2b3b9c2ee55

    SHA512

    c54dba718fdb79a67df6e5dc6eaef35f5620390531cddad0c47032f39d27baf8bd96c7b2477e4e17dff9caba8477334c18e95f1209d61902de9c27222352702a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7eeaf51e7373cab895601d53b15a1811

    SHA1

    e18645514687bdc6d4cb4bbe415ca7cc424c8b7a

    SHA256

    8bac658c554b6affcf13726c005904f27ecc4d72ff55125f4a2ad22c625d657e

    SHA512

    abfbc3bb63943f5e6c5148336d7bdee04e269dd730b07a247d6d89bf3ef125b5deccb6af91792e1b8fc730d4b25f8575d171f345b96d54eebdd4f774f7de0cb3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    176137878305f998ccfb1aafa62e6774

    SHA1

    c838359af915d151708a32bb4b25c0a143fefe3f

    SHA256

    bbc78a3dbcefe08da7dd69c8c23298c678f58457f0a9434f8f431698ae38dc8d

    SHA512

    344f1fb0fe0c60c743b7d29de88819b86518af87d7b1c0def13e9b3919a8872b7e488057f1858da98d2a47933cc634399e8f6f6f7f3f3a739bde98eec33b2eb7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    493f4651c5a3057044a44027b179258b

    SHA1

    263d54673ab4892851df44a26effc0998f2c5fb2

    SHA256

    3320091e049bbeabbea26619163146a80c942f138355583ed7d95e637538c3a6

    SHA512

    638bbb7a16135b3498c2f79bf3f5d5f2e0f0def99e2b5d5ef2703fabce4348e2b6652c5dd10f59002fb83a9aa09e0f6cd4a9839f92d0db17294e06905ab64276

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabD868.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarD907.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/2668-1-0x0000000000200000-0x0000000000202000-memory.dmp

    Filesize

    8KB

    Download