Overview

overview

3

Static

static

3

253223b7d0...18.exe

windows7-x64

3

253223b7d0...18.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    149s
  • max time network
    133s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    08-10-2024 20:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    253223b7d013cd4435b9dc4025f4b229_JaffaCakes118.exe

  • Size

    36KB

  • MD5

    253223b7d013cd4435b9dc4025f4b229

  • SHA1

    9563f18b7036691e0a89c36190bf4a4b886b314a

  • SHA256

    2981e7ba9267121664d72dbdc34c611da463debeeabfeab3ec4fad1649b1f6bc

  • SHA512

    ab1d60a10f2cc31397e5997e500117f4bca2c8a274a1385f290a1ba1972f5f34bcf7568124d22d72015d866c52873c3604216197a9000beba51bb760a6a66663

  • SSDEEP

    768:/PhttTnVpZKo5nOkw4NHKDRnm4MB2rHPL5hpj50EU:/Ztv5Okw4NqDBmiL5hlVU

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 58 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 11 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\253223b7d013cd4435b9dc4025f4b229_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\253223b7d013cd4435b9dc4025f4b229_JaffaCakes118.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2548
    • C:\Program Files\Internet Explorer\IEXPLORE.exe
      "C:\Program Files\Internet Explorer\IEXPLORE.exe" http://dl.kanlink.cn:1287/CPAdown/vplay.php
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1556
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1556 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2692
    • C:\Program Files\Internet Explorer\IEXPLORE.exe
      "C:\Program Files\Internet Explorer\IEXPLORE.exe" http://dl.kanlink.cn:1287/CPAdown/pwdict.30006.00000977.html
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1788
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1788 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2824

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d612e70a1c77597515f48f152ad6137b

    SHA1

    cfe0d7cff0a01e3a8f080f8c822de4206305d473

    SHA256

    d1c90617d72d89ab91984183db32636a834d32a9683c7f5e8728483bde6d80eb

    SHA512

    bb8a00d28b61c970892c2f6eb56fb9a769b75570da90ca1ccd5ec4740455f7446abaf2ba788ac077aa57085f5b4bcd9d7a267f0e1414771597ef1d0a11c0756b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    af7a6b2878499ee1894344a67f4c1966

    SHA1

    841a1207951ac475af340a6518e0745d03450c86

    SHA256

    722639e6eba51ca214b43340b6f60c9dbc1dcc3c3af95bb98a2cc3274616307e

    SHA512

    664bb8c0a2cc9c646cdd92c3521bcbad197f7adcfca6285f8472b2bba01d10bdb74982c2ace423b31a133a2100f8ff2bec63602474655e8ca4ca9d9a09c3d1ef

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    67138b3f39b9e2f6ecf80ce24a5d4cd3

    SHA1

    4c3750de0bf0aef9337c259db3c18ed24156c230

    SHA256

    2aa30a084dc2c395b9612fabfe7a0b1159bad333cca062b6afbbe01fb1bdecc4

    SHA512

    c061e49889a3b36179f1f0ce4ffdc10d828d9b7665986e8024144c4c24b7b6e8fd32f3ce34a82775760786033d2cf8cd13edf82b1f5652822a286e9417b3de43

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2cfa3429cc4b4973666c414b40556c11

    SHA1

    fb9baf71dd57cf5adbfa8a97efdcfe3f9fe3813b

    SHA256

    488e98fc7aece8af43c6339b3d6cb6ca9114481e2cb366839948ba4d687c331c

    SHA512

    49aff3b09b224e2d622befab5a544168c61d853064f0b7e2e92fa26e268a24b6ca99c5e969c9f224de1e5f1365aaf37ef6ec99e5bdccc9a8df0f2ab7f55595e3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1e47ea061463d9450dd3e99155e8427c

    SHA1

    05f6f5dbee63c734e4a532ee9f11527c351004ff

    SHA256

    4dc5ab1856b7e853dbe57444f23ad3feda35a9d54faf6d1d6b4622a7b52626c3

    SHA512

    14520f728dee8173e7bdc50a60655dca00e9a35eb067f5931bd8516f7dc0d3723cf396622232cc6475442e4ff1a1c44c6df168fbcb61f98db44e80d7b7789cc0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7e04b298e3ee122079b83ee5c132a34e

    SHA1

    4eaa00127706d1f7ea8317115d37d774640ad43a

    SHA256

    8e4fca6ae194a9841dd79363e10d99aa8c4fcd474853d4bfbcaa86ed45fc41a8

    SHA512

    2bbf3fad787358937b7cf50336c4672e04307480288d142859937af874accd09cf3a18914ed4042c6ee98a13fb116290dd2e367b359af96c4adc4b17e8ed00d0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    61e212a7ff2aa224aaf8dc4da97d17e9

    SHA1

    b0319cb9e898b464c65f6d4473ef2a9cec3eed6c

    SHA256

    b52b957fe9213f71d7c30150dfa7e0d7c9dfa93f729e20983c784fb42af86468

    SHA512

    0827d3cab8e5ea1f377c54f2ee1986d3fb4e4724c5455c23686d2f9270f29261c09c12be4ba76ec21cca9cec7dcb2ec86709758be4528a286efb7c837da1b93c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    74cf9acbbe585836959947ee88ae7620

    SHA1

    1c5cfeecc9c1dbd23c53aa6fdd950a48fe0d561e

    SHA256

    2861d97fb6680be8c2a690f7fd1dee9c9605a270359d2aee85fee0f99afa006a

    SHA512

    1243cc21acd858d2cbc37ca14f92a8aa1e436b79ee8e61915c8ed6e5ca1a49f29852dd88de3cbc427fcf789807887e60455e05964a07db832886d3852288b904

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e18d2532089c85371034c9666aed6503

    SHA1

    791834a8cd7a7f70ff2dab8e14012aa021b8de49

    SHA256

    2367c7c82af6be801d27a4f0d3c5371ef40cd60dab6e1c80c59d5f76eccfa9e2

    SHA512

    9b81faf201562130e860e154cec3f93064b7e1d7804a1837a41e31ae8ad3d613ac24580264844da7e199e7c9dcb0181abfc3a60bcecfb0159849d13b7b8991b1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    268a908cedd24c428487c141f28475a7

    SHA1

    4be29eade5422cff40f6f5500cf024f757a52d3d

    SHA256

    d50710d913fed18519cbadb8fc05cc631eef0b5d963769c802e1b04a92763af9

    SHA512

    5bdae1c83324892b69da623327914807d7fa53d2d5bdb2c3041e8522dd7488c36421e3b6ec5136a6cba54a598b124bafc0bd3f103403844462cd95829ba74597

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e3de7499e2c623b56d8137e381b3d730

    SHA1

    e72fb7858879c529fc5888d8eca7e1cc0e071b04

    SHA256

    953cc945808d947d287a2aa74ca22fdbc14b9d693baf961e107c45d31ca3c2ad

    SHA512

    5e0c36a29e0a982876488be50fd7cbbb055daa32fd7737ea3a591c90e65a730318e12909273eda3df93bcb1acce579e47831c39147edd8a94a3337cb026b4ab5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    910a639b9a47210cc9d02064186aec67

    SHA1

    3eb333b218192bf55e3fc990cffca142ae7e86e6

    SHA256

    2e4d1de521e1afa23fcdfd6a793076fe340cfdc5c0abb7b12737b6c31295fd04

    SHA512

    168da9a23a6f2d9842e5c9025c07c17949750394ab0bf0dea7802233cf6d9af2b4df003e8cf8dcc7b12f70a36cbd3c552849e0f17307e4afad86d170d07d0e5a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a7a9547bc0faef3db417de612372f286

    SHA1

    8782e2712ba298eba402271458f9a9b65aec69af

    SHA256

    071536784b6877b08559fbe99676810a95df0d80f96f6e35465ed2c360ad1503

    SHA512

    c206ac199a3613c4db12e35d2417b0acae9ff5a1fbb3d0e6bd23673d242f9dd15d99280798a7995a5b7c1efaa81d7cff9f5d837c7a723e66dfa3eebd0e4f8026

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5ea9b4df7b9e230ee9aee147d744fc4d

    SHA1

    686b104ef08ab335142ce3d760f9d347cc9fb1d9

    SHA256

    17e5c7e5b93a66e9872a45eead73707262f2e538d11cbb67bca577fffbc0a9ff

    SHA512

    6f2035ff132a08710c4a300c310ea59ef3c9d2b6c59ea93213a5963c1e1b6d1a2b2e3eca81dc5ad0cd12cb7a913a0d4a1fa876d7a360a857fda1be6c871c7437

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5405cc3beeac760f88d34e6178e879b0

    SHA1

    60cb0cbf86f56bc929fe0d5ed1bfba679ac3840a

    SHA256

    92b2c2abd8c4ef6fb4be1e1a83aa9c29f728fef4d463c211cab63e0722e65c25

    SHA512

    f9ae2c7d88a66a2de18fe5b8ca5f486d357efe62368751f08cd4570fcd571f33965fd32e46e0af44e97dc7a0aa48193afa24f51f3bb4b81fdfb687efafb75f64

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    cb1f6bd72269969625bc593ad2dfc0ee

    SHA1

    a0edb20608d9a24efd5802b11396360927d2f0bc

    SHA256

    ecd52f876887a92bcbba46a9986d6bb7048e27e53da12fd06905992a424c8c93

    SHA512

    4e2f2e68b441fee8acc36b86103292f8eb847b1133a03a4c26905885184b500ebd329cb3ea9c118c54679da3df8fb578c17fec1f15a0b53216273a2d6b275682

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f2d1705caf9b958e6f1d91f1f9d1e6d1

    SHA1

    c08094f895191741342511e6059ff34335087667

    SHA256

    14068fa61f28b85ece8eaa35eb42e1fd063b1bebd068ac486026a530987a240d

    SHA512

    869b621c3853226ecfca874635d76df1ce77dfec0c7d8a30aafcc0bf5920e6cfd19361ad4203dee7f798776970501df0f83be9074fd0976d43bc502850515328

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c6d4a2ccde2a36788ccad2b97156f315

    SHA1

    315c8adf9e5368feb7129410484b2130c8704119

    SHA256

    9fddd78088b3f3ccb63b2ff08181711ae8e715ffdf98a5ac8955bd3ec0be70e6

    SHA512

    e161b523a7a8d66427a88fe2915c68c09e2ca1206bc7cdd90e9a46115b0af933dcfeb5c009b2291e43763b41b28bcbe350a8a402cdde4194e96f1c3fd280d133

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2839d6a8a1dd4cd89b8402e64a467af6

    SHA1

    2cb114ab3940bfa491b41e648cddb78b9c541086

    SHA256

    17eaaec29d6b7220b235f636eefb2454fb699a22797a3b01c97ff6e187f8df71

    SHA512

    83537ec0f8db95931b873287651d95bf78244b9c9f20f80b70a8fd2153f0298ca689d108d31c5ba10cf51cec22f37168e3f6afc982c467059b671b5e2b916f97

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{DE7AD3E1-85E4-11EF-A97E-EE9D5ADBD8E3}.dat
    Filesize

    5KB

    MD5

    00ba8b35222f4f9d827831f5208291c8

    SHA1

    cd959bcac3960edc054ea7922304dd4b1443aac5

    SHA256

    5980402b7c75d0c77ab1ecd0901b0282395f130122d9759970e4aaf6e59dd530

    SHA512

    51d1ac163fd340f0028d342ee307db4fb81bd4fcbfe66c89e2eed58968680209918da4846e82085a212228bab7fc6d64d9d7e5923453c5274d4409f2bfcd88b4

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabF163.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarF5E9.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit