Overview

overview

7

Static

static

5

16bea9a256...18.exe

windows7-x64

5

16bea9a256...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    147s
  • max time network
    148s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    05/10/2024, 07:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    16bea9a256686c88cb1fc8c4acfa1dc9_JaffaCakes118.exe

  • Size

    30KB

  • MD5

    16bea9a256686c88cb1fc8c4acfa1dc9

  • SHA1

    35ef7a61a54c179c02d3a3b096586867a20e42fb

  • SHA256

    69af91ca0cfc53512407afe4a490835b0e8636e0ebd2d1789988be63940c69e7

  • SHA512

    d6d96ee50c79b14571e651ab02e4e726748defddacdcd106e67b598850bc44750dd19375519586e2b0fc1cdae77d9c5dd9ea8a2f102909189da998368894a40a

  • SSDEEP

    768:yta+RRDq0DQY8x7XvBHi6Ttj5HgoFWvnbcuyD7U:yLDxDQ/ZCmHgosnouy8

Score
5/10
discoveryexecutionupx

Malware Config

Signatures

  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Command and Scripting Interpreter: JavaScript 1 TTPs
    execution
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 41 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 3 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\16bea9a256686c88cb1fc8c4acfa1dc9_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\16bea9a256686c88cb1fc8c4acfa1dc9_JaffaCakes118.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:1724
    • C:\Windows\SysWOW64\wscript.exe
      "C:\Windows\system32\wscript.exe" //B "C:\Users\Admin\AppData\Local\Temp\mCTqJxUC.js" "C:\Users\Admin\AppData\Local\Temp\16bea9a256686c88cb1fc8c4acfa1dc9_JaffaCakes118.exe"
      2⤵
      • System Location Discovery: System Language Discovery
      PID:1876
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:588
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:588 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2276

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
    Filesize

    914B

    MD5

    e4a68ac854ac5242460afd72481b2a44

    SHA1

    df3c24f9bfd666761b268073fe06d1cc8d4f82a4

    SHA256

    cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

    SHA512

    5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    1KB

    MD5

    a266bb7dcc38a562631361bbf61dd11b

    SHA1

    3b1efd3a66ea28b16697394703a72ca340a05bd5

    SHA256

    df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

    SHA512

    0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
    Filesize

    252B

    MD5

    b9f15bdc6f3b448785c4e4921160058b

    SHA1

    9fd616d6e75591298c930d8ac7cec21ea14bed22

    SHA256

    c9d65c3717f06b328734f193bf6fccb49d101ac89e81bd9f60589cfaf8444fce

    SHA512

    4660dbdbc54157f92de7443bbb6eaad31e5255637098b0d47bfacfd96a167fcafaf24e34b1ffce0646dc27dca38bc87aabefa0569c546b3f386a2b35890f1f45

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4accdab4398962e5527d91fa843d3100

    SHA1

    e5b0acd11a31d57ebbce97ca7f149643b960ac0b

    SHA256

    03abd9cc5c311d142ffab9f5126f462555319772208c584d1e02ab7e9850fa23

    SHA512

    8d7fc68984a222c0333f10a8ddf221c471e52574206cccfee46fe35fd6a2132ae20cadbfe0773a47bc996969ddaf83ef254286d7c2dcb00e52b1930b3f226789

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2d64f6a7b565ac138672b997727b3b94

    SHA1

    3ba88659d7dd98fc0dd947beeb248cac04ab0282

    SHA256

    6a1c73dea132c0a944e0f27f04cee4c7c396a4f48e8827e3952585e7028bf18e

    SHA512

    b39e149083b3c8dcc065a1cc98e30598c8f102b611b9a1132ea229f68f06676ed193acd6e7b8fa6c6dd1280886e154f728897904562674a89c280ed730613a42

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    90c2706c4ff71d6df05c1047ff916e8f

    SHA1

    d6356ccffc4b38e2f4a402a6d49ac999ef07b92f

    SHA256

    4dd0abf4a943b22728880b3695a123905dafa21df18fee85fc87216d23a28972

    SHA512

    0c7299a3909c6764c81b25cf11ba4ef7631f9618311006310ba77bf44599fbda1013adabc4422b6132e99cab41b755194b3df9f30b7cff95ef5f5510a235d72b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    de150e0940e34dea4ce5b61ae7e3b2c4

    SHA1

    a0a4cf8ad673e9b0f9bc3d425aa3503a1b8eb9c4

    SHA256

    2576ba3db12c38e25829a62bb9058f4c900771a97fa2c477b1f1efd6d26034e1

    SHA512

    214683e6f5bea43aa03d29bd604e15049755302db1f8e0bb55f63861cedf29a95b128bba28e08d0abc4ad24a2b618f978b89b495af0fd84db73ce4c44fbdccae

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a938a6abbee38df7086d3f2d7084e3c8

    SHA1

    600db43b341bd27f4f0c3b75717c7a1b06e7b938

    SHA256

    97f60e60b7035feafd712a2cf2922d13f63309210bfb732aec2f7d514e3c947c

    SHA512

    820f43adf75001f55735f01bd376411e1b499f20f87c0c2f00eb935bd50d294d4181507c3fff2db42e612ce73860c0cc417f093e3b25f8ceabee6ec3583e6e33

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ec9fa766e053204b032901f0b0d68387

    SHA1

    0584754549ff990fe16ca75e4a7733aeb98ca62a

    SHA256

    916340ad4a9b76d158351825c2b86331cd74fc8336cf5915cb40064de9e69521

    SHA512

    3c58027ae4a473959a560235695b2d76d7b51e2a73818f7d90fc49b85f9d6ae1a2375c5e0851a963ae2e0f7a2e95140550ed0333697c61f49ff8a91b75086c5e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    99e36acfc366e8ee9548495d3fff1df1

    SHA1

    1b7a7b6f83cfb0bc4b2edae88360fdd0102334d8

    SHA256

    f8838cd092f51806c9b8ff34c7154eef2c54e6644922aae810108345b3b1f8ed

    SHA512

    7dbe1bc2990ecdc93ebced89e2dba35f2b1b0d07ff07529c86562c101797c48348c7261687f60ea8e49d6cb75c5fb6a652846296868bc403d14a733229d6d5b0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0d1e9a4030da984b9682754f1fab68c1

    SHA1

    f0fee0308fa5d7627af9248657865313bfdbbb23

    SHA256

    8e31fb0351a5ded2e498088faf26f956b5e843535ed4747369dbaa8fd29c98ed

    SHA512

    3a748fe7a02c2bad58ce8ea5a78ae331b212c13d03d920048caa9ea8a861f396772556bd33d39b244d98dc32bcdf4b05d7b9d80360689927cdfa72c3abbb7027

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7624f09e698367fd92c2a6d65231fffb

    SHA1

    e5f3cb0605b80c43b47ec797c0ab6084f9b2bd3e

    SHA256

    f91a11716839565ba86317de6183f57667fbd25ed97377675af8397b2683dfb3

    SHA512

    d555d47ebed6b00b1aa9aeb3498ad23c391744e1b1f53c46f4b389a1ff29b4f1c6763b32662a7cbf796d9763ebd40bb7daa00eb31d0dab1bd485e805fd503575

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5ddd4d40f8a1598e16bc1b6e9da989b1

    SHA1

    eda9f540946dc659ce9e4bb32499b6a54547c63a

    SHA256

    f842744e36fc12c40ea9ca29f57c3da6bf74687d0dcfb0450798488512ec5e40

    SHA512

    65794f19da2091c9f54cfe8e69918ebe8b7c360af5d5cc2c67512d4ffa17838e85141c4c75248d908da807779c245a08fa5b32d5b9e3958d3c7f5eea4e5982bc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    969d2514c1483f81f1bf1aa9caed2872

    SHA1

    ae40c64696ac9098d0c2243625f8bd4dca28ba74

    SHA256

    f27068862d9c56b8546b280e18d159aa59bd4c7eda8d95f7145eae588b161880

    SHA512

    ecfee63591446f015bc33cdbdd11014a9fd21542c27d907e58cd24f6d4d421eff3156ba5ae3b9db68a7ef8437046236f9642e7b41afd5b4f31ea5032197f4f8b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    cbd4c55279da047ba8cd02ac5f6dab27

    SHA1

    e0c469cda558851c00c5193279735b304551bb58

    SHA256

    117c4b75b8f5187037cdfee3c50de34ba975c23327a1ba258684d2a329d80f90

    SHA512

    02bbbbf622c007142c339357a009102abe83717ee2b81a8058cbf9ec86014b0608bb97e42dec6bbae8c9baa9bd6258be0a784746426e5a5ffbd0d55876f559a9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d2aacd6ce887c3bf7d1b51090b312cd1

    SHA1

    8e51b617fa77f3b7633bcf91d2cf8fa4a7e7b48a

    SHA256

    58380528d7ef3be004a51b113ba6cdddd3fc7645f6a6840e3ad2fab163612011

    SHA512

    1f0878c929b9b5397545ca02036615bbb615f0a5506580f8e8e2ce48bf2d548e53fe8c612e0d928a312dcbffd64b266c808024da63aad4640bcd18d41d7c517e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3faec0b4bbb34b8c59b38a5daf7891cb

    SHA1

    5e49b8c10b2cee0b6bd94817a8629165f7d6ca38

    SHA256

    d447d776bbc442221afe4c10de84ed03058f4174c73098fdfa30be6e67c634e7

    SHA512

    7a0bcf262174df6b0c34e1e7e4a9f7a513371ab77085709a219297794af65d02c202097e8fb9b55a41d596a0d0bfd8b5ee50b7f6392d47ed5c435b9011227e6c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3a3a35b40c370bf6e307de9ffe6c11bf

    SHA1

    f913c4a7ab59110a842116580975de6e4dd114e8

    SHA256

    f6242cbb7de28ad8102a017d9f1fa591851a7d9bf55e4a64628e12e5aee6a219

    SHA512

    c5805bc0a7510c8db1126591dc2f64cfb08cfbb5034e4f1be32593a986be9ceed1479e3d8d3718d5b7036780a351151c7ff65c3679a71571f79ec0f8e5efc136

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4451a5ceb068ce55c8ad16a49d137902

    SHA1

    92aeed53f5db2a2fa78c87353648705c92581947

    SHA256

    151f6da355ff592a786764058c196aa08e467ab64a8a4741d9c679fd8a08d617

    SHA512

    e7019a3a78dac3a26cf8f39ed3cbc2d226e071c0ae4bd16fea598ffb3f22130e3ea8fd25d14ff1b2a5f1964872a7cfbf7ce5f822a9557fdfabc36d3d59c6e9d3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    19a9c946fb39e71f290a68bceddbe76d

    SHA1

    1aae1f90966b27ca4e305964ae5cfdaee44b3ec1

    SHA256

    dbc2301b0e188aed6637a38cf0536b69897f1faf6fdbca8f0a047980b844948d

    SHA512

    0393a8d504c0cef92a7aff5c4b8e510c56c53211638d10532b35587a21946ca25fe65f79162383c7b539381b875c198a83678b8bd8485a4cbd5c40193353324c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0c7457d3b942e53e670fce559996b82b

    SHA1

    6bb4af12f02bd1b77ade1de1ecaf6bbfad3edffd

    SHA256

    a82e94772f05a19b137b3df35e196043e7f4b647e0e0fae1afdc34bd26366f07

    SHA512

    2b11cb092646436cd9f330f7e9f014809319cb988ea33e055eddc8498fab496774a57f67717fa2ccfd17937cea3f2032c9b4e74ddde1e0b0eb9f21fa139a3752

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    48d3faa409b9da15c585d8abe889a2ad

    SHA1

    3b28f1dcbbdc4d6767f072125c0d2016ad4d4ce7

    SHA256

    00f40d68301d367b68ea7f49dca54fae4d87e76bcdeded305817aae471f4c9d3

    SHA512

    c9226e248519329ff43450967674fbe1f2e6bd86d5349e09b2cc48a86d069e29737b661c2a3a68b0445066a2b74d17b5542f006f0d3f2debad24350a2d7f1d8f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    242B

    MD5

    df3ab3c460f311fe5eb6d61678a3ca90

    SHA1

    7d120ff102a375dd5f0d8d79d10d094be5ffbd9e

    SHA256

    125b2291b5405dc67901bea3f13376bd64e7bf6ae72c083a170a13b143c340d3

    SHA512

    2b6b12e8aa4b7366f06fdb420adb3d8946ff927f31f82fe056c4736d3770ec08bd4dff0a671d7274f0406b40022be146bf1236c12deaa0668dc1e1196df981dc

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D6V88JEY\favicon[1].htm
    Filesize

    291B

    MD5

    b73189024a094989653a1002fb6a790b

    SHA1

    0c44f096cd1fec253c1fe2fcfcd3c58fe05c402d

    SHA256

    014c471c07b2bc1b90cf5b46eb8eb60abe3ac278e43cd8fcc7c4e6c8950c592d

    SHA512

    1bca726835d33847812060c968e5306535f513429de5c90d66942155fd42ff75508dba97da8ca36c6d6e6a8df5a2602fe3be047bb5612ad4e367c6c00e1e50a3

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabD9CC.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarD9CF.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\mCTqJxUC.js
    Filesize

    24KB

    MD5

    4bf51032cc476e23490f04f228c2a8ed

    SHA1

    00ddc86cf1412ce48b9dfe00f03a2be8be14bdff

    SHA256

    f3392a056181086f28a70bb5322d70cc2ff4133c89e7ed7eb946631492ef5474

    SHA512

    b96b0796da2cb6e16a3a6ea5901daaf7ba7189f6bad377dc4b3dd907478b6bb9bde57bd3dc7304805c3bc538b4dcbd6de06428d58aac36870cf502728a7d6492

    Download Submit

  • memory/1724-0-0x0000000000010000-0x000000000003A000-memory.dmp

    Filesize

    168KB

    Download

  • memory/1724-3-0x0000000000010000-0x000000000003A000-memory.dmp

    Filesize

    168KB

    Download

  • memory/1876-35-0x00000000001C0000-0x00000000001C2000-memory.dmp

    Filesize

    8KB

    Download