Overview

overview

6

Static

static

3

12baf8719f...18.exe

windows7-x64

6

12baf8719f...18.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    140s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    04/10/2024, 09:15

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    12baf8719f89238e1ade578703a958d6_JaffaCakes118.exe

  • Size

    459KB

  • MD5

    12baf8719f89238e1ade578703a958d6

  • SHA1

    ecb713f20b1ff07e28684a6b6ff8b954d754df70

  • SHA256

    1556664b10084e86c10fe9ce65853cd1a7c03fefc82788e36ea3e8507d86a4e4

  • SHA512

    ab472f6e6eef9f9579fb76a05cf705077b229c65c642bc3148cf270c304f0099b630a0b590776a29a7ec72f871922811392b5620f681a120c5c8c1968c4b7da4

  • SSDEEP

    6144:AHXmWMd8EFXmZPndBxkxiS/ye+YvpmnfJKE1k3079Z2N+O0+j7wqe7fPvGTCPve4:8XmWMd8/ZPnfSGfUb30u0+jUqeDP30

Score
6/10
discoverypersistence

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in System32 directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 37 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\12baf8719f89238e1ade578703a958d6_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\12baf8719f89238e1ade578703a958d6_JaffaCakes118.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in System32 directory
    • System Location Discovery: System Language Discovery
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1064
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://postales.terra.com.ar/cat/send.aspx?id=15496&nb=9&pg=1
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1932
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1932 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2236

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          0e01aa43abcf4d97fc4c8ee2caf2de33

          SHA1

          d7c96a5bf3a48c12e1be927870b9b5bc3fbee2f4

          SHA256

          93aa44489aa8c3f81dd14d295fac60751ad13efdf198d3c5f4ae4112d944a6ef

          SHA512

          212c2fe72b105f0853a53fd6ee0bc8181d13440ad213d51c62912ff0e9d61f5e1d21f157cdbb9495640fec9d13f36d2e2939abf27e3fe6e42c01f73d84a86877

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          147eb35e12af50401edb270b94ea5ab7

          SHA1

          1df97f44f0d367fe79b5b8424fd600cc25ded4f3

          SHA256

          ba63abe8eaa973bcfca877fe1113849cce0f1be323c23608426b5831514706c9

          SHA512

          6084ec859662c34c613718745a83f9ab24a6e1018c256365ef28bcf258fb0b00b6d3c82bf8f258bf57270206c3dfe54e1707624e07869e85de67e28e32b27115

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          2ac6595d0ab98be96318d6bae7f2f0ac

          SHA1

          2768a0e25f45688ac6e5699ce51cb483022cc721

          SHA256

          38356fbdfb0534fd2fefae1f5ec53452af8f28346239563a151463fa56c13b77

          SHA512

          ef56fad75754462f5e34b352f6e7e414b62292f0f312e79402ae1ac7f0b4a7aca0a85600074f3c0bf0a1942b938ebebd859947700fe8f03cb2996406995966cc

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          b26f39f367f421b70fc5e8bffa640a97

          SHA1

          e99ead382a5b203ec83e9449e44196bdcb5f4f22

          SHA256

          809de12159c9d7d3971ed14daac8677a14b4547765663eaed955446e450587b5

          SHA512

          e1e57721a8549a96ce63350ffe3ece2d1d6088ff6e6d3ddc9a4344f8e5e6b11a7b53a2c4dc9833d20da36783820c2f5a31e38a683b2093bce87c6c979c88eaf6

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          f8564f081797fdadfee80f4750f02121

          SHA1

          64a2dbf0990611a7a921b3488e492d8d6f014447

          SHA256

          c65b305889bf720bea89bde9d6a4de5b837622a3fa7bfbcb6c3e882584634eff

          SHA512

          1977aabfcb916c7d041f5a77d2de90d51a373e29dba808e4882ffa1ab2585c39d7fb58e697ae54fb89801576bd995431ab605e111bb6f5b1ac0037e7bc6ce1cc

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          5cc3bce69bcfc0477586b1574b53ef5a

          SHA1

          ac874c337cb318edd6444fa1459127064c722a93

          SHA256

          8c99407f76c6257955afe48fade4a13721d1a52fc5716523380dd73a17aedbb5

          SHA512

          522c21024705aa4b602324bd1ceb40d95cd932e99c836555143c8dd6c5804b84a07c9631982dfc87b7bfec2a49cc626b5be5ca5ec29ef809929f14c26fd9f8c3

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          f9dfc563fdb79f2917acc162125993b5

          SHA1

          e5b219b88b2e1dd9cf45bd4db5a384ce97c4ab9e

          SHA256

          ec989e6256147a5f761170a19796ce511a65ebd4de94f3fab80794576db29a03

          SHA512

          00a7d204b5bf934ee1e43718dc712866d04fdf7db6e325289e527f087262d40ff30cd8a50b992031b7f0b1c2e9a1b981594254147119132d8c1648e64bc369bb

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          084f2e1efdb585d224ff4c236169caa4

          SHA1

          16ddbd407027c6412a22e34f57789ab55af92363

          SHA256

          764eda7ce84f7e018456d16a6d80aa2a96cd28d80c1b6c3c5c76f862e9be3ed4

          SHA512

          5a26e85553c28e74ecbc438dcec63f2f60d914fb32c2005928507039fa098ab896ea0f8f5235cdd39ce7e913ce75f6b5a68bd816ac656270e560417e18a8d4c6

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          07bebd21c6a1da0ce6068a889f18c34b

          SHA1

          81e8c4b71eb74774586902ecff35347fe3408d50

          SHA256

          627bbca252f65db1c886703d471413b4bc6e1580254f0709bf288a5b5541c75b

          SHA512

          c0d85ee99ac4e03af9f48516bc2c2a2374b360ac78b3ff5f24f35f4c8f8fa91e0087cc610855a3a478ea9e2cdce44d997ab2fc2a3515d2c57286b2987e72e34c

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          a0fd3765d12c0c8137b1606c4dc77324

          SHA1

          e17c75a4377d6da7029ca7fe0339eb42a9c56a03

          SHA256

          5cb1b2570459cb45cc96813b751e56415675476f0ba0f8ad6914b5d5cf837728

          SHA512

          fa64bd96eb9c17909bc4121c84a3f68ffee8f36be3382991f0d4ebac9aae9511b548453d7fdf621bb82b36969e7eaff4370e5a740bc95ec69036059ae650c817

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          2489fc99bc7caf925a940f951fa11547

          SHA1

          e3ed45bf28859e3fef9595e2cde991e423446123

          SHA256

          bfa0a2925e99a1f7d65846948a5a0e1ef0a2e7102cca46664633876371ddaa0a

          SHA512

          6a1a8df17fe9e924b7f881ad44980202139ef17994ab0b74a0cf96ad38db33a354d4c903d8887a58c77b1723d4c44029a7ebac239ae948b22b3930866f1366fa

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          47fac0f2f7721801ab140d27e475626f

          SHA1

          13373662802ad2972d1a1f98d43f6c77af52a196

          SHA256

          b634a53bcdd51a6db77708aad691530239d68985511b6e2673edb61ed784b85a

          SHA512

          5202a93056fe1c92f85d6e4592ceaca5a8b0b2b7e10b9aefcb57bb7cb994c5e90a20218e8b2e10f0993fbf06a89390413ec1e3e16d089afe61f411a373348b9d

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          c09a7302cceb89f33bef90788a4952c7

          SHA1

          02f59fc255519bf382529dfe1c9bf86fa62b5079

          SHA256

          395d4d53bc4b07662101d46ec2d41ccea02c17c09b2c5b0f8dde09f8f4831cd5

          SHA512

          0291d7913ac0aec44d059cdeac6df5029ce5c226d53fcbd7cdd550e6e97ce72e2b28665967580ed9a7f6998555ebfeceb8c81fcee2fff27f066414a34067afc7

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          a8cdc7f7857792c0707c32acbbd22a27

          SHA1

          dd31207e48a6c07df8851299282c9495f00ecb3d

          SHA256

          0fc4116a3ff8849ae4cd2ad7077c6161bc0aa5b1969184be68dc381350da0366

          SHA512

          1a5f68ed54ddb7cf8ba9052b063350f7e7aad40090ef3cc56181e32b7b9f1abf46dca8b23156ad248c2e19667be3603f3cd767bef8e0c55da016451de0486528

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          4b5e8393c9184b17bcbcf50e67003956

          SHA1

          89a16ad49fee67068cb1e51ff78a6e252cc1fedc

          SHA256

          9c59f45823f36d41fd3968c941b4c2208ed581b5ac73c2bf112eff52361472f8

          SHA512

          86207067f1cc898d84f744bc98a2cde0b7d741c5eb058e315d5e8c5fbfa3ba30e239618da2b3895cef4c73ac15d4e4241825c0505391b4bebbd98f2e4335289a

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          dfda30e6d01a6dcfa1268c6d0523a004

          SHA1

          1e990f614e579b5b4583ccf71484700a21204dfe

          SHA256

          d22ae7565c18add3a0f169b89e8c02c84ff9a280326a4e076e08f8a51489d2a9

          SHA512

          1db573e68af701fe3d573267be510868490e920e93d9c54d6f9ef924b50a96fff9ad733dcf03fdd7cbe979595499fcf092c1a8a5534e3d05035e14c2f359c6ef

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          b0306571195cd66e33a4dff74b368b00

          SHA1

          92b3d6e219a64ac308baa9a48645db6fac5910aa

          SHA256

          6acd13a53fb2d2bc92ac001cd0cb9b2c060293ffdc94c9cfed124f43977964b0

          SHA512

          2303cd81c8bcc6e55097d3df40eec38ebf580f559c39b90ac73770585ebe51126011362990b795cd65503be1a7880abe6c9e4d91ed0625fe9dddfb730143026d

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          28b55e4d827310d4ea397a98d4dce93b

          SHA1

          f548dd9abec3f5135e2da516552b80b8a1d85bb5

          SHA256

          13177914e464d33a57ad3e9e5d6f5c568743adc18332eefbccf936f9c800b315

          SHA512

          0543e4547be6ad2ff196ac81def58417b585cbc44992ffd0de507276bc576d6dcbd73120288e95a7b620368d3c32ef58f196852adcd630846a77b25c832da8ea

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          7bad6ecde7fb66279c17cbb90ea17065

          SHA1

          06f95b7112cc7cc6162fafda6cfb1e5aa90e59fb

          SHA256

          6741a63398eb46b1ea785cd2077288e0004eabd655b7ab24ec89352b0f967a43

          SHA512

          cb19a38ccc6e7242aef3c43f62f775fe013d5a00780215ac3c089a1d8d211570a52f2551ddd1c6661a1f2a1f2f26e2bb47b7193a6751c9095e5138128762df82

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\Cab5EE4.tmp
          Filesize

          70KB

          MD5

          49aebf8cbd62d92ac215b2923fb1b9f5

          SHA1

          1723be06719828dda65ad804298d0431f6aff976

          SHA256

          b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

          SHA512

          bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\Tar5F84.tmp
          Filesize

          181KB

          MD5

          4ea6026cf93ec6338144661bf1202cd1

          SHA1

          a1dec9044f750ad887935a01430bf49322fbdcb7

          SHA256

          8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

          SHA512

          6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

          Download Submit

        • memory/1064-497-0x0000000000400000-0x0000000000479000-memory.dmp

          Filesize

          484KB

          Download

        • memory/1064-1-0x0000000002030000-0x0000000002031000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1064-0-0x00000000003B0000-0x00000000003B1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1064-58-0x00000000003B0000-0x00000000003B1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1064-59-0x0000000000400000-0x0000000000479000-memory.dmp

          Filesize

          484KB

          Download

        • memory/1064-60-0x0000000002030000-0x0000000002031000-memory.dmp

          Filesize

          4KB

          Download