Overview

overview

7

Static

static

3

2793202b4f...18.exe

windows7-x64

7

2793202b4f...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    148s
  • max time network
    148s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    09/10/2024, 00:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2793202b4f1f2eb67adc9464c632a920_JaffaCakes118.exe

  • Size

    536KB

  • MD5

    2793202b4f1f2eb67adc9464c632a920

  • SHA1

    39b9af73a0b3cf5d0d73a485dc7d3e73a20c6058

  • SHA256

    e2e276b2a0c39d16df252e5e10e0f3cfbfe8761130b1b69f79c313ed15d3cc34

  • SHA512

    a7fab7e2ab40b46d2f9fd13b7fa43dd5e24f1f8db3452a1866766363a741a60c235cc313d98d6a60c8caebc25e64fd52d71fe3ccc4b3309ebaa946eccb3f89e0

  • SSDEEP

    12288:UnkXLhE7D7+w+T3vq5W1Eyx5RRLot4Dkq2e:UchG7+6W2yx5Pjkle

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Drops startup file 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in System32 directory 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 41 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2793202b4f1f2eb67adc9464c632a920_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\2793202b4f1f2eb67adc9464c632a920_JaffaCakes118.exe"
    1⤵
    • Drops startup file
    • Adds Run key to start application
    • Drops file in System32 directory
    • System Location Discovery: System Language Discovery
    • Modifies Internet Explorer settings
    • Suspicious use of SetWindowsHookEx
    PID:1300
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2500
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2500 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2320

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    28c7bb04ad91317dc10a1ab278ed7039

    SHA1

    663206ad55258fa9f65d0298c73791adced6fb7e

    SHA256

    8126b64aab2936f2b253141961cb965d663379f5be8a69d52960022f68c74e77

    SHA512

    c56e247b9c90fdf471e3ea4999e5db74d9678f9c4393fa82841cdc2b79ccb11bd82f6e89f3abe7c0b2edac96892ac01b87fb448135a1d1407ea0c7f36a5eeca9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    af45dfc9593ea8194631fcde9e21b5d7

    SHA1

    1b347e01db2f8f2917cbb044933e2fac43f6d528

    SHA256

    76be40828864f6c7683ff4b899b4e20fcff8815f169550ef38bebe916de53f6f

    SHA512

    750daf761da5c810a2b5ce8fa0c9aefdad319134d9c7a7796010bcceaf1203d40e53cfcfb8b8a4c4186e4336a1eca3202bda08ae6961db2bd26e6eeb32debfb1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    dce40b6c23ffd843cc5effdea1ac79ce

    SHA1

    40fc6932592e491ef0f96abba301d0472695a812

    SHA256

    98123f90e0827565978c4098a0e569623e028ba6cb611f803159a56dc00f82e7

    SHA512

    e9d39cb82e71e6900016bff63415fbd9e850ff9bb4b9b3f6679215f7c76ed28ce51a64fa666e815902aedfce08a190d57d861be889cb39063b48bb829c5998e1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e060bf73c5bfdbc72f2ad47a5526e90f

    SHA1

    239b156424e8a0fcf6cdb9ea89eb8333c549d455

    SHA256

    898643ef9de3c62556c936058b3e7a5534b6ab433196560e243b76808cfb284e

    SHA512

    2182f921f15972e19c509669f5ab6d6802535c48cb1aa56835bfe030831b1bf756de30a7a296ef7f10158912ef71cd32abe43f34921e43b30c699674d0caab69

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    887c1f78ac508afd8539d2217857ea1e

    SHA1

    f8f9aad400ee098b076ee1be84dc5bb39a3ae8b1

    SHA256

    a0bac2db2c4cb1863f17afd7760f517ddb565dda02a37f855076f06b01667609

    SHA512

    f1d997ef021417c0e076d03f0fb2a3018b9fd7d8e011602164659206fe681142833e8f4785bb755b97b5f4560570926269aa9f22a51c64fda7fb5ce01a87e16b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b8812c82f333201c1a2a4dee6e0ffc9b

    SHA1

    41f10338f36c67aed54a35078ce5895e62136712

    SHA256

    3bb183220a2d898d5bfa43b3f5223c261706f3487d005399d99db0a4d1bfa4a6

    SHA512

    7f4432484b9ceb32b5957b09b967080c315f6fa76e5bc61b995e892a69d1a19d6b8fcfb3746e1623ca1e786d3c24dd70617eedea888d092dd758ebdf34c7fecc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    854eae348aa66cb0fa031bc992af8395

    SHA1

    f876a4e9820e08512a5871dc729c7025e0ec88b4

    SHA256

    a638df220e9cd17a7ed2a96428bd4d46d2e9882c1f77a1763e6fd4b157e19165

    SHA512

    2a4899c2e3f3b17b3a8452f7d6e2f67edbed2aa892f01f4d5ec934bc299f2a80a500c2e933a8ad4b94ec8618ce1a2d0d2dfb6928885ab34bce6bb5c29209c78d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c6e42ca20d4a8e15652295a8cb50d7c3

    SHA1

    ab636305536538df5c73ad0a7c92cbc98d041e46

    SHA256

    f6ab7886f855e5f10a70fe5c9e0063e7e2e9627e505fa9aeec1afeee5f1bc4e0

    SHA512

    d604e79d3882c75add7ac2970907f8204030b1d78d580152802f836968a31d36757ae9e9f5787decdf959720225c7d40f4f7a8ca7e67c3ad0944bc108c669c3d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    46f0eed60cbc262aec1288b816b66552

    SHA1

    208f2a7c8bfce2f5b597461d1a1e51194f38489e

    SHA256

    a6620fec68bba2e8b84b1fa5a02672d4f840b4db49616950875703c7e939c17d

    SHA512

    e57b09051f3f58b4b2e522dbbc434c65b5eaf7d0603e068c3ada30f9717e9839d675ada90c08348d705de9dbaddb08172f0b5ad934f24b94127db2657dcff68b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0c7fba5905cd6dbef43039b644d2dcf9

    SHA1

    119dc2788cc3e8deb7b800214746bd3e34f46f96

    SHA256

    aff067f938023dc3aca3764bd2b80f14b3ef849427981593468fe043871fd5c1

    SHA512

    4466a3f47f1ad44b03558f65cfc10307c3b7f521ec575fc034ec2eefeaabcf0dd221fcbf25f1e5daa4d674c29d49ae0d70d506331f0f5296e63ec7f7f117f9b0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f26413a0428cfadf1e7095d82f7e4e9c

    SHA1

    37540d6ed5437777716ba0c45205b1907eae97f6

    SHA256

    d53b446b3389d50430189ff8b30eb4ba876c77b046e714aba54bbae413638c76

    SHA512

    a9b78c10fc0423e616ab86e464b37871aada54a3d588a3ee105c549d293140955dbd6e6a85b6dd7caa4326e0594d7ef8f419a650a09169df8e04bb0c582bdea8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    24f0a1ab5cd5823818d0737480ff4f62

    SHA1

    b30daae8ed072742026fd3f031dee2fc9bf86eb5

    SHA256

    f7f4b8044ce4d88666dfe4b91a7f86ec513a53ebb136178532ed4a41ab35acf6

    SHA512

    093de3dc66417ab05e2d7b7f7e429963254d3e21c4e7b99e6510e36ff1cc362b31a0d8a68b7764008152f637589cf15f2defe55ac84d3e1ad19967d9570e27fd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9839cab0ffe878f357596e749a6888ad

    SHA1

    2cb2cca62ca4c31a06f891a332daea9097007a01

    SHA256

    d0857bc7d80fdd28eb92ac94c240e3ffbeb28327f8ebe791a59663f3e5ebd75d

    SHA512

    9a9e5537a0d399cf467292290eafa219bb8c3558ff9e2add2e7d6f0cc270d6e9b61a617f1915d3200bd244f3fe35b7a8f8d729eb952a09432677ba5de42ea614

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d1ca3e80a2ec2fae748ee61f5d9c146e

    SHA1

    213a0ce319362b5cf1e5dda2be6edc051b7d5fd7

    SHA256

    32b55e54f92f1ec7ca4d785613ffcc4955638db25adf076e5611295c1762d0fc

    SHA512

    72fd93bfcd979ca3d9272b8c605ec23aebf11f627098280f6c62de270b723caf0be54b96202464a0a442fcac785e82fa405abdc0a8c29d9327e33c3696b2c9c3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3a26e4bb259a6419dfbbd236fca1ed0c

    SHA1

    9ec03c57eea7d3d94c6b021f6456fed84464365b

    SHA256

    c62ad0f581e57c7791e26ca3b73bc66b1110cdcaaf314ad80511aec0fe5ac457

    SHA512

    44a64d78c2af18ee667550b7c4fb5f8369c0c516933d5dca45d41438c8bbc30246001d9507f3ecfece6b99fabca7d7fa8048bb7bc47e1bcf46842db9ed80b23a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    64dff33fb2dd0aa8389ffad5f71a6770

    SHA1

    e0ee65077f42d9fac5cecdf712b04c6bae5fbf11

    SHA256

    d47ada44d934ab384389e2fc79802224d4b27cd411cda39f1dcc9f492ecb8065

    SHA512

    1930e2f5db607efc6c6a1aa32282b83713168cb39ac9210159c4c8c896880d69dc5297e7ed11f39605d1ba6c3e20213efcfb63e07ddea8b16212e86375c303c5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    58a9b9724bd9de5b044708358b421071

    SHA1

    462e6a6ae67e1056ec81524ef146dc03fa3d6679

    SHA256

    08f7948256164312e107dbb3da5e622a414a95ec12682f3f86782e9866540cd8

    SHA512

    1712b9028d4c4face69e67ef9278a50f45136138e1a341cacd8222fea24d429298b7e7ccdc4c96c7265fb3fe24256f66528d444ed1d23a21ae2a1ebcb9c04843

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabE264.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarE315.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/1300-1-0x00000000003E0000-0x00000000003E2000-memory.dmp

    Filesize

    8KB

    Download