Overview

overview

5

Static

static

3

304144c355...18.exe

windows7-x64

5

304144c355...18.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    146s
  • max time network
    152s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    10/10/2024, 14:06

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    304144c3551d3a09fd96ecbd3a60d72d_JaffaCakes118.exe

  • Size

    936KB

  • MD5

    304144c3551d3a09fd96ecbd3a60d72d

  • SHA1

    529a709a781ddbc8ddd52de1c9675732f7408725

  • SHA256

    1789180af7649215559bcde01d9e21e99434cb2cc9e31ab9d11c0915254215d6

  • SHA512

    a2b4068f206505191d3fb744c2647fec8c3f049362911caa323761c60000b2ec3cadcc6bcbed44522de670f881dd0a8c18a1c6c6c0c80be5bcc1840dce2e97b2

  • SSDEEP

    24576:iPp+tzagYfdU/R5dJ1FYUVNw0w4cEd9sIG+G5sr9rIno37i:jtzaZUDrYUVNbw4c2sBd5srJAo3

Score
5/10
discovery

Malware Config

Signatures

  • Drops file in System32 directory 1 IoCs
  • Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 33 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\304144c3551d3a09fd96ecbd3a60d72d_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\304144c3551d3a09fd96ecbd3a60d72d_JaffaCakes118.exe"
    1⤵
    • Drops file in System32 directory
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • System Location Discovery: System Language Discovery
    • Modifies Internet Explorer settings
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2744
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" www.cfyeyu.com
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3000
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3000 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:848

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          3ecefb19b05fd676c0eab7f527956f4d

          SHA1

          c76005d3184060f992d98b49e2a7fefedf4fa655

          SHA256

          45e73ca9c9f0362c1c5f0f69fc9f58afa2e6b4510384f9d307a4d1740553e787

          SHA512

          812d7ddbc1895c2d43928e703639b3496f2f7f7776245c0c68ff3c597bfdc584d1b2a6a60de9e51de004d9cb3e4abb9f4333c5cd3f16ba77e6759ce5bb3ec9fb

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          1784f219bb3e5d3971be12864c850011

          SHA1

          11de4fc14aa0e2ddd41c45313ec8f9bca696b6e1

          SHA256

          af3aa5047d30a3bb23c0d722d42d83f66bdceeb70b4b74494d148f219e99d86a

          SHA512

          f2d69372bf0bfb4c49953f28897052f88f5bfcec3136d701e0ab9898f5a064225c5b66186e1729087c973a68a8ab38b251dbf6f40b96e69fd5d0ab1ffe8e8512

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          0bc6b2c55e9639b4a19cbe7215d3deb5

          SHA1

          4d506c9fe96456ed08cf628ec6c01c52f404409f

          SHA256

          52af694a9f68ca704d7fcef2c1dbcf86d4a0b716931a4c95898f0ed65736a031

          SHA512

          e45d365fccf0d6bfba6fe688d21587e029455dd744692fb54394d1fe9c5f1dd35fa6c21448df50f305abea030e19f3bfdad4ff648243f180e67c8b8adc29c82d

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          f10f58e39373f8dff6c3092d75301441

          SHA1

          6e234ddb88aae57cefa77a1b6283045cb3677d1d

          SHA256

          edf0807b64107e5c3d4f7fa6637e0ad16aebc8ad7da545529486e1b38e2b16d1

          SHA512

          8d3f45905fc293a67c6c9f24ccfce72d6b80cd50003a48fe0f71469688bbe2edc74a3c52669def435786c04f7ef41b459401e49c44635f817e560ad8b6e6302f

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          1c1c81ed04ad5752b062c5aee1d1e5dd

          SHA1

          f9213bc4a58fa42f7de4c74062490d7223faddaf

          SHA256

          c51846caa448f4e0f95569c55861e2492549b175236cd1af7cac9f030cc577b6

          SHA512

          9a72427f0df04ebc0f1f8b2a573b0aca0e88521a6d131211ccb863e235b5aec9dcf4ee79be3d4a692245dea07fecc40e96f96d6a8dd30fc751cf99794bb298c4

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          bef58708fbc99ee44f6c1dcc75e55b09

          SHA1

          257427ab0f7f75478c4a3fc321c60f7c67bdaaba

          SHA256

          dcd0a205ea0d16931fc47175d64afa60f8bb702943106d7cf7165d6875538516

          SHA512

          00b242deb9b6d212a4a2f482f1d64cb04be0b561d7c8ec49a9e5635c343d9a28a948782d881b31271b459f81ce1e49c9519dff20550a59c6df244bb059a2b8b1

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          9e50ed0a67fb8b29a2507fddd922b921

          SHA1

          23a1963211d0320a6eb34e2b184f16fa1a0dcd5a

          SHA256

          fb1ddb3c60b2fbab2b6a71f0e0929a1ab9e5bcdbc814f4a0b8d188a64ad81248

          SHA512

          582a73b563e7136fe80378b4eb2803f7a1251d23a97f2ec5ababad4ac95e0241199b1f76fbbeb2213273c3012dd08013cfc91c0ea0dde4f6b99a0e6c2ac7d35d

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          4decc42948f58b6bbabe8b35a04fc5bc

          SHA1

          3918994fad5910ce69b4ba5d86ee1862b37ae24d

          SHA256

          2371f732892ff95ab78c37ccd41b09de6a2b3a476a3dce5e3e8e7146450a9f23

          SHA512

          a5a73263ab847575bffb02cded7947e7ccefc90a2a109ba5450c5cbadc61b3b7fdbca9388e98ab4a1b62130a711355f92153072734af548e87d184591bb794a6

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\CabE92A.tmp
          Filesize

          70KB

          MD5

          49aebf8cbd62d92ac215b2923fb1b9f5

          SHA1

          1723be06719828dda65ad804298d0431f6aff976

          SHA256

          b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

          SHA512

          bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\TarE93C.tmp
          Filesize

          181KB

          MD5

          4ea6026cf93ec6338144661bf1202cd1

          SHA1

          a1dec9044f750ad887935a01430bf49322fbdcb7

          SHA256

          8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

          SHA512

          6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

          Download Submit

        • memory/2744-21-0x0000000000400000-0x0000000000691000-memory.dmp

          Filesize

          2.6MB

          Download

        • memory/2744-5-0x0000000000400000-0x0000000000691000-memory.dmp

          Filesize

          2.6MB

          Download

        • memory/2744-1-0x0000000000400000-0x0000000000691000-memory.dmp

          Filesize

          2.6MB

          Download

        • memory/2744-0-0x0000000000400000-0x0000000000691000-memory.dmp

          Filesize

          2.6MB

          Download