Overview

overview

7

Static

static

3

0ffbb22b90...18.exe

windows7-x64

7

0ffbb22b90...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    153s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    03-10-2024 18:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0ffbb22b901db43561d7cbdf3760c467_JaffaCakes118.exe

  • Size

    196KB

  • MD5

    0ffbb22b901db43561d7cbdf3760c467

  • SHA1

    51f314c57585c585ed3281a75952979c8c8d4d5b

  • SHA256

    deae5c85cb29cd41b67fee154dcd523f586dd3c1fe7b2d51db821a01f3b1e32d

  • SHA512

    1fe76af28911baff3132b5fa3397edd570820cf5c260d314a315e94fbdadb5a1f89b7d6cb31ddec3d9a6ac88a85d7de360da728d3b35c404777c5f7dea6391ec

  • SSDEEP

    3072:34s8Np6824AhLiKcC/8mvheRe2ytsvi2N0hsqJV:0p682XhLFlBvSytn2NRM

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Drops startup file 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in System32 directory 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 41 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0ffbb22b901db43561d7cbdf3760c467_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\0ffbb22b901db43561d7cbdf3760c467_JaffaCakes118.exe"
    1⤵
    • Drops startup file
    • Adds Run key to start application
    • Drops file in System32 directory
    • System Location Discovery: System Language Discovery
    • Modifies Internet Explorer settings
    • Suspicious use of SetWindowsHookEx
    PID:2792
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2636
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2636 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2556

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    04cd96162949d8d6e89d8eacf1cceba8

    SHA1

    448f4a15506db30fef16eb8ebba95a1a7ee77e07

    SHA256

    39c8136a5993794f0dffcfec4c9b373d78f6d1ec88a91d4b75cc81729170af9e

    SHA512

    3f59bc05eeccffb25e910ca00019fddf15907e75d9820ac237b016cc9b1b87969b4d3c339273e5ca1ebf9c1fef3f62d3e20b47712de9a47589492ece76800308

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    dcb706fccc36b00b401b85134152d260

    SHA1

    05ca1ced98ed3c195e632a5d6e78dfc08f416a2e

    SHA256

    408dcb23e9a813cbd336e74d2d80e98b1134d785c3ea82986c488bb692bb2318

    SHA512

    728443c852f798816d74c4c77794d5ac57913387331d7e78da620e34f63a709ab94664733881c36ca7dcc83daf5afea9b6935d6fe30b182900f22444d8e0a307

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    37d4ad853391e095435096b0272f274d

    SHA1

    7fa2a519cb8d671147e881f04096a1814cf0df65

    SHA256

    89808c5db8d6ff2cac23cbd3da6c4b7c6a6800e2a93b840aae0e75821657a6a0

    SHA512

    ef77dce578da817ec3c03b67fc2fa1169745c391bfba1d287d50d3cfde003680f30759cf79fbfceafb907987397b700143570449cc22589e192630ffacb4b73d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8c78ca90dd7169a43158a2db1ac4441d

    SHA1

    6522e3715ae7e574fc15b84f511761b658cdffaf

    SHA256

    06d6991002b1809c370364273f61faabf88a247b2f907454a6e2ce256904f702

    SHA512

    22b9c7343808fe5e5587ddc4530fcce402a387a3d3eb9203c0cc1b8956f15ce24e7894673490d8cfa567f3eae041c60236fb5867850fce4e3cac23b9c9ea55fb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1b27b24b9cd0ce9168c778c4552b39fd

    SHA1

    b0226328daf7bd26da1dc2d1525d667a70d1cb77

    SHA256

    1d09136465936d3f4fa99fde2995d4857ca15db638f12afe65fe6708b99e34cb

    SHA512

    34aab4c430af98c82a166be5f1c35a91e48d5ce6e214ef2e4d788027adfc464cc70071e4358527bf933b6fbb64587837f77738f3a481429b932cb07bb235a6ce

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    163d4ef104606b20749e29d9b91f1626

    SHA1

    1939bf4dee97ee933df03a4b17e13010ebe38159

    SHA256

    853aaa32d2bbb1422a0ff988dc898e7596089b8abbd4ab358a55aa3368500ab3

    SHA512

    7c1ef045bf33926b0e59de4dac42f45cebe08254b9c53c0569d3951ccf3d16c1b23dbd985119e28c71ae7d772598ade33e1fd03aa4d5999786e5f0e15c4c034d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7c6eecf9f5607b725bbdbd10f3ce1b65

    SHA1

    8aae1738d1d0bf603e0958c5540e82f8c485b946

    SHA256

    8592323514c72e5387fd3016146b02e191fea3a9b2efa339e34209620c55addf

    SHA512

    8b396c28cde23a6bb6b5b94731711fb8ff7c485468999628912e2e82092e6786cd19595ed3e8f93d5560f8b416f4ca311b0425431a32b502502823b05dcd47f5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    bbb586dcac83373c9290e3031ce6f799

    SHA1

    4fb4695ecd62188181bb766065d3bcf058fb35e4

    SHA256

    5c85f190b50c7f2e5d98e4a00c77a825c64336c35b124b89d8e77b120ff4ea1b

    SHA512

    38302aa9448789940f98ad79fef02f67907f569f0a633212ff1019662bc29e3d12b5ebfab4f0cc5deaede7845aea8d4c7233dfc5c6e1abbd3375b74a0f340b38

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3bca5b3299a5cd9776b51dc78ed68d27

    SHA1

    6ccc44980ff1ad3914ad5f54e6a09c609aecb671

    SHA256

    1e82a17742d563715241927c1be6c366e6742f31b87454c8334849dc54794137

    SHA512

    441449880e3cd6f9b1de75fa0d421dd74cc2914251db84a5497681ed7f07dffdbb6ff9c9708d0d63219fcacd01c863c52eebbda38fa0eec19fdb68c134691f3e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    932544bf53595906212001f20cf6e686

    SHA1

    2a4f0dee40a84c7f8da86a9fbc7a58b2191ef0f4

    SHA256

    333194713740c5c626f6c42c5ac3d6447bba87afb123ff9bb4548562d279f5bf

    SHA512

    20f787d780e671a00387fdb2f9395d1d962bc9af7a1bb56c93ceb54f8fabd34b75debe564e6b609725a10f95e2331943fc2e93c6cc2d8e5b9cc3797277160ac5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2f925b7336fb50148303095b615e1a8d

    SHA1

    02e6cf7713194a86b2d803e6b6c9398d2a16ffcb

    SHA256

    056ca1edd243484661135e68ec0d545d603c23a7cd9de4db0670ff520eba40b8

    SHA512

    72ea6922c966983160569fab9a4564b89ed7bb66cd6ba12b7db23d007e74ba6e9ad6981cce14ecb08ae242501d53d7f67e72190c52aae9b3c4be6e972ff65096

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    27677a650b4449ba200c0682d214333b

    SHA1

    832e365cdd247dbe8ffac4f9926037c1dcc44a8d

    SHA256

    0aa4dbd0e1c7f8bd8161d1212dd96e9e9a99d6a73a9ba1a368fcd723b1583e2c

    SHA512

    e77e2db3d76699181bc65d0c041b9b88a06beca9940e8e52fc3506613d157cd752289f321bac452b69b54db61d072efc6ade8f9082b1ac4b72a5e049c598ebc0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f0fedd3ff99be0979c563aa1f5bca7f3

    SHA1

    f83c848fe57083a2265e9b62a479aba7abe1c726

    SHA256

    902a0156f23f635a7d2ee95cba1ce0dae939b392c20c79d660fd1e0a84cd3d01

    SHA512

    75fd9748308a9271c6d9fa69eddc42b578ff326297f28cc27e9ed75a0b075b348a63641e84147784db22c72686b159fb9e8b3b2ce49f4d5ba802c8f12de27c3d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    20ca2f2a423d750e528c31605f4fba5d

    SHA1

    ca30f626b5b43e9f578333208c46e99fe352f7ef

    SHA256

    21c4bddb52b8b6a25cf268a96072df7eca2e7d47fe533b3bd069358ebe1af761

    SHA512

    123851e1b1b77b0692ba14593c1a111c8b4e19b9e7865577328551c5d74e947a02a2f25774b44c60829b4533b57e3830f3b710691149db593860310048509d58

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1c6cc2ec35e1a2a22fd9eb9c11f6d8f4

    SHA1

    d70d20a93423c4414d6d2b08bd0c8f808b2f2e50

    SHA256

    f1ecd13466726ae0acd11ded20a3655e0b74fead4651fe624f50cc17065266eb

    SHA512

    1cfc1addb632930d8f63a6fe3c70033dafd67b447882b35c72fd3dcd2c4b02e9424663135e4f9a7c974ae9a8392d8d665301050d3a5e9ea19d70e0a2e3fd14fd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    67a4322efa415a3c82af4e2c55d66074

    SHA1

    ef004022e2d93e2b01c79eaaa25c1350e7482689

    SHA256

    af1269c97f3f7f0646dee3d4408949195dfcc793faa8cbbbfff2fe5e3caa21fe

    SHA512

    c861f92de55bfbe161cd6685f29804b4d4ec6d3550f0ce2cf8e92e3a69acdc4bde64c79e39313b789c040ddd26ee140306b2582ecd65b59d1f1e2e23ddab64fd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    37e3c720161ff03087b48d391717611f

    SHA1

    2dc47a067204b8b3436e0f583f3d1aaacbfab0e8

    SHA256

    3c96951f2da8ad5988849f8546d1ea8c5389ee851224697cd0df0df94c7503f4

    SHA512

    d3bb28c98bc7aab26c3982cfe2ba43417d712d21ea2eb9fbbb92b3724538573f124511e340f2c19d9254f424ac5843e43fb089f82b2d6c13edf1c965fb03662b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    197b07fa15a53727d21a2c1763a75523

    SHA1

    64e725f2b72e1e7d46ddf94f75dea8dcb1efcd1b

    SHA256

    14e5da67f714519c855d747c74909a6742116e4946bc65664b807bf56f14a159

    SHA512

    e52a9b658ed7a3467e57df158e4917197d533771b7dc2e57f2d108aa58e37dbc563a145e7a3b6dc3135adf2f742ef235923c7df20f573b04f339186c50d55512

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b6c6e2a0b496e26cde4ed36227ad5426

    SHA1

    c45390b9c23bba2cdeadf219f6928ce7b457ce53

    SHA256

    44351681d4fce97799befcd22606c101d023d162bc85828c7a280e3ff7db0a3d

    SHA512

    659492f597df8648f7af4fbc83cb857ba717c9758e91400d409728856aef5b6d39a9f53009328a31e6a8f628038fb8ccc255d0b51e765e3424503780d385a78a

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab68E3.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar69C1.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/2792-1-0x0000000000610000-0x0000000000612000-memory.dmp

    Filesize

    8KB

    Download