Overview

overview

7

Static

static

3

293362f526...18.exe

windows7-x64

7

293362f526...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    121s
  • max time network
    131s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    09/10/2024, 02:28

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    293362f526037dfe0e45c1ac99f555b7_JaffaCakes118.exe

  • Size

    185KB

  • MD5

    293362f526037dfe0e45c1ac99f555b7

  • SHA1

    cc6aa7eea0f72dc809658b9051eacdb8e090236a

  • SHA256

    7e7acf66f5ed82dfaa5d31b6fc4adbb00a24d5e55300dc055725e9f61ee82b41

  • SHA512

    6c1f7a22b790fc581838c506f1abbf12f8bb54303a885a85f4a84dad145cfb8f38e2b3da9e2f2789c3fab158c7a762c7db644890f06fa13ba17d0addc0ff57bd

  • SSDEEP

    3072:uIUjmzOw92xh5Z91Bagq33+F2tu4GexNoNLZ95DawyP:wmzE51Bar+Fsu4GexqNb5Da

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in System32 directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 25 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 22 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\293362f526037dfe0e45c1ac99f555b7_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\293362f526037dfe0e45c1ac99f555b7_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Drops file in System32 directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:3060
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c start iexplore -embedding
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:1292
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" -embedding
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2792
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2792 CREDAT:275457 /prefetch:2
          4⤵
          • System Location Discovery: System Language Discovery
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2844
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c "C:\Users\Admin\AppData\Local\Temp\ZxjA88F.bat"
      2⤵
      • System Location Discovery: System Language Discovery
      PID:2880
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3060 -s 160
      2⤵
      • Program crash
      PID:2848

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          440f0b71fc90c97e236363845e397cdd

          SHA1

          eefb39129d46408418b3e5cb18014cfd117e563d

          SHA256

          257d486cd582f37db2d5ed66260ec2e8c0d296ebcabb0ea4a5b3b142f6f80063

          SHA512

          0990e4d4f917cc33a8394ff0afdff8938f881fd94c328c9ff8d3a55d7232cba84153eac739f8e1c2881f02f939214008df5a656b6fed8f7216f1e38f3c723a61

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          d8e84d8dfdca3cdcbfb2906fb7284e1a

          SHA1

          68977118e15099dc912fd92a5007cc4f1e0e96ce

          SHA256

          d6437690a8abf15d41429a878178c2983b6f4363acd6ecd2e4c76b34782d9171

          SHA512

          081659822d5728e1ffe5913bb4af4caad1d256fe6ba5d1edcb4cf3aca47d76c63052ea404d9f6d7485c5cd711b6708dc548099d4b2ba39682ea8ce189556cb25

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          8ab076a04a14e7f24af7375938f6ca8b

          SHA1

          d257684b968b3f0cf355db0bc15b05e3f01dc0e7

          SHA256

          4c9aaff786777fc73e1da0d21ee4c3f7bf80af6822eef6cb36e315f1f919c1a0

          SHA512

          3278dd606cc40104b86c43830a79dd3bb828cf5d622a2acb791958343700ac5d797b9c49353a041a685c1b17ee0cafdd5bc7456b8651b9e66e17bab60aba9ca9

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          26a277b11cd9ae104446e54accbafab7

          SHA1

          81bcbc83ec71616b2cda1442bea1ce6358445cb3

          SHA256

          5460c551eef81197910f8fb5f646b8c86b0ede0d9ba4489bb8a715ca50a6f97a

          SHA512

          45573fc035e70dbf057fa2a5067ca56f86f1ac2d4adeb64c1b9c5543877515568d2e1fb0f4f5f1cbcb3be5aa6c432d47f0f16385c39788fc1ce2c3ce8543811c

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          57e311184638e9afa5193bd554544698

          SHA1

          ae28e39d4b6132208f288e4a2c5181c3e083f57f

          SHA256

          73800295817c8e27085f66ddb385d431c409ef2ee26538767bc9bd7df3ed00aa

          SHA512

          4287110eb38777d79310e207f50f32ce9fe1f4f3957e4f2b435d89323f4bb120863d52aaf5a399c48eb422387e0e6310ad5e3c6f21531811745cae1cc7e1faaa

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          aa0258ff6beb4a4587f02e7ac308571d

          SHA1

          f60ffd56d291a455164db8422d7950cb44a1ebce

          SHA256

          f2280d96c3cca955ef241534da0d7bb77555f061dbfd69823aeb95372de14215

          SHA512

          b9ebc41abbbbc5c52a5009b53a874873f58a59daadbef8a1f2a150c4b12098e5a3b526ce1da80480ceda72972183f5f14a989df6127984168a093de52517e0fe

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          c1e6f775bd16ce90b2d665627475aee2

          SHA1

          b146e7924304911e62ff279f8e5d47906e36658d

          SHA256

          ddf82eb9d88a5be6713adb0218362caba598b8bfac1f24e55d48411eac610be2

          SHA512

          08f3cc0425c06bc3e9627e0323402c2bdde06903cbb9a5bca417a0e75d16586c0dbf7865f31671c0d3197aa868e8753e20e5bc02c258baf59f2e42129c7d5fce

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          cb5fa08fa2c1b42542d86e7ce8f6fb60

          SHA1

          d4d690a583f94a944217b95ed233b92bb52ad252

          SHA256

          7dbdb5325d06e373f5edcae9bf1d904331847433c95d10823cc8cf2b2fa66059

          SHA512

          14969cd76d3d8d4abc2ae99f84d9a9e8cfcfb18832bc518037ab6d36324a01083759988401385e37bf5d34bdc4171627516b501d7fd14ac9b6724cdc749ddd48

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          3630684b875fc88dd091eb63e9657bda

          SHA1

          17c3ca11bae116c5f80b6e1461dc0c8844fa68db

          SHA256

          e7310aebfa8331f279e61f00675ad5f6478791cb828d7eeffd770bf617d28c64

          SHA512

          bc3dc7a62b5ca9ad9bfbb92e809a8741853a2f031101984d431e95261d10d990ca2b79ba8a8b0d48eee82defa68c1d666b5ef1ea8be90de5ba817e4123c8864d

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\CabB2ED.tmp
          Filesize

          70KB

          MD5

          49aebf8cbd62d92ac215b2923fb1b9f5

          SHA1

          1723be06719828dda65ad804298d0431f6aff976

          SHA256

          b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

          SHA512

          bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\TarB38C.tmp
          Filesize

          181KB

          MD5

          4ea6026cf93ec6338144661bf1202cd1

          SHA1

          a1dec9044f750ad887935a01430bf49322fbdcb7

          SHA256

          8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

          SHA512

          6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\ZxjA88F.bat
          Filesize

          188B

          MD5

          0efa263edec33cf8d0e99eda7ac03c82

          SHA1

          722be37fc36531c19be5ea8dcb3c1d6d11657f24

          SHA256

          8766dea52969c3426b38a05a3a97049997a47071110c53b81d824e878981bbf5

          SHA512

          ab86940da5c5d2e288998cdd2fdf89efcc7cf35b558a9e183d778e12484589ad91ae233dd588eb28005e15b603919ea3625613f37e7f0383ae6fe7ed02f31a25

          Download Submit

        • \Users\Admin\AppData\Local\Temp\ZxjA88F.tmp
          Filesize

          71KB

          MD5

          10c19e6419a73b41a195a0eaf9eb836a

          SHA1

          8df8d0324fdfaa4226316aa4dad85c68f187c39e

          SHA256

          915d9a8aa645e5ec8fa101235dd230b01eaee2a435ed8af817dfc79c8e36d60d

          SHA512

          253f20f43d35f767615726faaf65f42409b7ce3d0d00a3ac5dcf4f69a50c7eb31c9628280700bafb7c4b4961990e728896ca3316b43a9dc0efd26461be0a3080

          Download Submit