Overview

overview

6

Static

static

5

14b122ea13...18.exe

windows7-x64

6

14b122ea13...18.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    117s
  • max time network
    135s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    04/10/2024, 19:42

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    14b122ea13d4503f4173a546bc745eb4_JaffaCakes118.exe

  • Size

    1.8MB

  • MD5

    14b122ea13d4503f4173a546bc745eb4

  • SHA1

    4f2a6618c184fa00dcc06ebbf7ed2efad58610d9

  • SHA256

    1c38571375636fd0c1896110b2a86997f1f1281c8ba576442c45684d13894c65

  • SHA512

    d8dd7dd8ce61cb8593d6f4b2fb71d7b1b016003dc08a8e7c6b24cb9dc169c4287b56871f86ff19c00be632c6334f360d40ff3e4f8bacae28391e1c73ef40362b

  • SSDEEP

    49152:9tARajb4PHtHdBvH3QbWjWXW4wF4/aI6/RREQpQ9jpEY:9GRRft9BP3Qb+WWzq/D6/RREQKB

Score
6/10
discoverypersistenceupx

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • AutoIT Executable 1 IoCs

    AutoIT scripts compiled to PE executables.

  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 7 IoCs
  • Suspicious use of FindShellTrayWindow 14 IoCs
  • Suspicious use of SendNotifyMessage 13 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\14b122ea13d4503f4173a546bc745eb4_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\14b122ea13d4503f4173a546bc745eb4_JaffaCakes118.exe"
    1⤵
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:2208
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.forceio.net/download.htm
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2488
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2488 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2424

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          cf31b34147051865da9c3149d964921b

          SHA1

          c6b647cfb309073a41cb7069fbb36e64313c5d6a

          SHA256

          8ad9694aee208f217a926a03ab3a10cd9421d26aa991867146d55f7e4c1fad89

          SHA512

          3861bc9c2d3eb6a2579bb6e2c1028d83384cab9d9133c051754553cf6be3221015f39a93f69546197bb83abcbf2dc8fe8f5cc98b267de5f34c69b98533fe532d

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          973e1e8ea38edf39af50537f112b9c86

          SHA1

          f68a20699194f58aeb8794f004d82bc951736d96

          SHA256

          dd93ebd76f7e5b69e20a94a85ceaca9888d6d7374f999a2ed0a48c225b744179

          SHA512

          f0aa2d0d7883c8bd1102065a775fe94817b8720e86f833242ae898f6de96a372f7d6f1016ed29739965e744953d84805db13f0296b8a581093f5a784cf261013

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          7c7ea31d246e22ca789846816214827d

          SHA1

          84e63e86b21005a3e5d4c36ee94c7919d1c9f943

          SHA256

          3ca72fcd5b6a0f667ba1828826c912aa54e137b40dfbc3ded1c96c156f8e4752

          SHA512

          573caef3ef8ee2a1ea80fbeec30cf0d82c7d747a0750d9082bcac522c3a39e4fcd201433f00b022c7e238e7f8ee362e1339992a08fbc2464365cfefcfe52dcd3

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          e5ff8ad5592e559718b45364781f8d9f

          SHA1

          00d59344748b181def3697a528502fdc01851cfa

          SHA256

          b6d90e17a866c1e3e87fdbde7041b64853a19d1bcae54a2b8172b826cf7eb081

          SHA512

          a6429501f00c12ccb547e1e405b6654de76160e6e5f634ed63e471da08918ee5ff101bd9f8cdc344b6bf223b7f61b76115532f20ef42a0462cb13847b561d121

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          276cde5d781d38caab016406072dcfe6

          SHA1

          1b1260ddfff7a44adcfacd52abda433581fc014e

          SHA256

          0199a67b8abd3b6988d8dbb590c72f43d4fa24a7bd0033ad72dbb5f44f89342e

          SHA512

          9fe8f3aa5581e6d7c8715bac2e18d9f6e5ebdd127d6aaee19217f944d6607d7698a69ec1a9568e70aabc60fbeb9bc7816a54d3a12dd1babefb8a2c3d37f197d7

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          769d494ec1067a2a7c91784d1fc0affe

          SHA1

          f93650b51a8aef70ad3bfa0b0c8ed1c068e2a25d

          SHA256

          2ad1fc5015c614294f284ad1e8c20f743a876339c5f4cc45f778aab446540722

          SHA512

          1ff153f89afb5987e3e83eb5d9317e3621918db99a2b8703a2533dbc335f3e2fd0e2c466236fed9d7917dda4bfba5880a362beb5112154870f2bd7850c0dc4ad

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          bbed975173e69bc83064c0d1641f7bf9

          SHA1

          1400251589a9d0aedb5dfb9bcee24d81efa8c1ab

          SHA256

          ff65b8e83ffbacb4a52b76e11f05795bbfdd616c26860cad1956f7e13fb4009a

          SHA512

          7bbe125618607c5db878f34658705930c8463ef472326a279b994ce3bf5af33c2fd9c80be411cc160f46c86467077ab05bdd4e65e78ee049d26d2173cff9df51

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          5632a105ab0ba9de6de82b26063756eb

          SHA1

          2011c2223117eb9b661f03474acd837e2a5a9ab5

          SHA256

          d69c51ce7306019b69b7ae16e47df7c4b440fa86d8151d812ed06b466f489437

          SHA512

          f19446c2a5fae5a78ca5dd11f2379cb9c8eae2eb2e826f0e7c64020e6397057db21446ee238fae2e38eacb7cc32cee5d2440c97cf8765eecd4d49b9d5b132af9

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          747ce808e1078567096a60132a02d8c3

          SHA1

          bda365326eeaf91ea199d129e1452567cd7e8b23

          SHA256

          fcf434b5bfd9ae073187aea7586a7bbbbe4cb995abf6016470f5780e21d965b8

          SHA512

          fa0aa7f9da85e569eba1a5abe40f48aa7f75b9417f97231fbb617db6e1923e34dd13be9adf591d6fdeff4d9d6389494615229132fac813bed477e29bc24078c5

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          8021c0772644f4ee6840790ddf834b5b

          SHA1

          6f9d63196a43adbfda53548dbc7eb7c55d35f9f8

          SHA256

          6946246aba746ed1e394fe16f6713840d0f59a87b1d9ee9a336cd2104b97733c

          SHA512

          eb75b48e0faecb5a043878ba86e1d7b6a57d6e8b651a1c2ffd419bcea2d88aaa4b3038ef36c5bfbe9b69eb35ae6f7fb4a385b7ea361132b48b15182c93645210

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          2224e1af9ccf29f713d5e16c884e1980

          SHA1

          731419432bf04ea627f455b618f27cbbb21cd5fc

          SHA256

          0905dba5b27ebaf6f18131e856e984d2596307dc24e00174a95b759a714c0b44

          SHA512

          3c5b23304ca5ec693331dbd907d5fba671ce902003b9887458b24b611f587def153678b974a27685b116f7ff2bccaf0f55310dff9dda60edfd33105f2eb06983

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          4e88db369323a60405d0e9cf795b2d11

          SHA1

          edb8ed26f5d9207a82a347cdb938c79f99d3d9d0

          SHA256

          4b6554bd10d7d023414d0dcb4b8c703193b24d53e4b4eccb8026d5f0bdfc305b

          SHA512

          14bfe45e5bc7fbbabe155c78eeb9fdc0287de0547c22ae39c33836edf9d8be5c541ecf5fe88afe25ce73aeb605b0378c0467143c2313ddfc55420f2ed131c700

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          57b0c32bea8083fce59896ca1c903fba

          SHA1

          d39478255de647c1a1c45a41c717f097da5217ce

          SHA256

          8cbd114a2e13204a406f4ed346765f9728d8e2f826f81425b210f55b5503d8cb

          SHA512

          3e90343f1dff89cd6b4f6120641d576ffc9896272766acfc70e5c89cfdc89a6cfa54a5ffdeabe88ba257b29e579728add2ef8c7a3d349105f6314c7d99f16963

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          18fb8e202b0b7d2c367bcabf113db803

          SHA1

          e2e1cdf25d93cda238fffd7ae19d436e057624c2

          SHA256

          f2007290c7cf842363514785ff65e384c3301485005d37036d931a503cb63680

          SHA512

          2ee82adefa7dc51b6f893b4ccddb5ea6014425a17eee3d2cfb97bb4ca4289d35d24898d756a1ac2c53282e5f3227b2e52e7fd3ae2b17226f077eed46eedcb50d

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          9bc7a58068240b78c4f5eaa85406905d

          SHA1

          bb3cd358fd75ee8acd1170cfc0d0873b8f01846d

          SHA256

          a1d49ff64d59b436168eda13c70c3c51b966fecbf260133dd781ab6b9d305fb6

          SHA512

          3139c3b05970b6642cc765c305e868d38380de6b46ae29a3233c000841096ed9d87b1fbe22c75bae138ef9c282742546f63eaedc12f50dda72ed876f34f9f672

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          db7f1f3f05e1504c7d512c7476983949

          SHA1

          a2e1e9026d1fd23edfd255a2fd7739bbd6f2b8e3

          SHA256

          872da3307c284673dcf8246a89544270566715a8bd11895ba9a47ec6ac1d948d

          SHA512

          6892e0d025fb461c1deeb886a9ced056d9d8b459bda18d72e7ff2f39295e23ca6437223e91b0184fc71c804b19b2714b96b917726aca89a09fdc4f5dc3ed636a

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          d7bce28621da27849d354683460d7725

          SHA1

          844794db56f70e894d57f576bf54ff3fd03727a2

          SHA256

          2840a1b4925be13399cd5d020d146a0c3331e24e6097ff818a8fda9718f29ab8

          SHA512

          437b4a2a9966a548d09526b4a00181c62b603a5e9d9c88619086b8fa5aad6bab43910265bc0458ab94fbe9d93647ba5aea37e937afcc4f2858c4ac251bcb1b6c

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\Cab2501.tmp
          Filesize

          70KB

          MD5

          49aebf8cbd62d92ac215b2923fb1b9f5

          SHA1

          1723be06719828dda65ad804298d0431f6aff976

          SHA256

          b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

          SHA512

          bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\Tar25A0.tmp
          Filesize

          181KB

          MD5

          4ea6026cf93ec6338144661bf1202cd1

          SHA1

          a1dec9044f750ad887935a01430bf49322fbdcb7

          SHA256

          8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

          SHA512

          6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

          Download Submit

        • memory/2208-1-0x0000000000400000-0x00000000004AC000-memory.dmp

          Filesize

          688KB

          Download

        • memory/2208-0-0x0000000000400000-0x00000000004AC000-memory.dmp

          Filesize

          688KB

          Download