Overview

overview

8

Static

static

5

3b2c590481...18.exe

windows7-x64

8

3b2c590481...18.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    133s
  • max time network
    129s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    12/10/2024, 17:12

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    3b2c5904810da630b166fe6f679e1372_JaffaCakes118.exe

  • Size

    250KB

  • MD5

    3b2c5904810da630b166fe6f679e1372

  • SHA1

    94b32ff5e01237445eb41a124ec320174e74e2d0

  • SHA256

    761e443e58d9b36b2ad1025953ff4301f4f663ebf6757f4df4b5168ba8fc5689

  • SHA512

    13f57993ae53c7a85ff46e947cb7ddb9097f1f09a690efe78cd0b505b48c4db29e48341293d219c6b53a55691ef0cca0f9b94b2b1d35a30c5f71a687f8d9a4fd

  • SSDEEP

    6144:WhieuJDr5T8b2ufqBLjSB/MS7irtIa6cwoD8ZroSfjGFA:TeKrJJuf86AYcwoaoSbr

Score
8/10
discoveryexecutionpersistenceupx

Malware Config

Signatures

  • Boot or Logon Autostart Execution: Active Setup 2 TTPs 1 IoCs

    Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    persistence
  • Deletes itself 1 IoCs
  • AutoIT Executable 1 IoCs

    AutoIT scripts compiled to PE executables.

  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 2 IoCs
  • Command and Scripting Interpreter: JavaScript 1 TTPs
    execution
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 2 IoCs

    Adversaries may check for Internet connectivity on compromised systems.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Modifies registry class 26 IoCs
  • Runs ping.exe 1 TTPs 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 13 IoCs
  • Suspicious use of FindShellTrayWindow 45 IoCs
  • Suspicious use of SendNotifyMessage 21 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Users\Admin\AppData\Local\Temp\3b2c5904810da630b166fe6f679e1372_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\3b2c5904810da630b166fe6f679e1372_JaffaCakes118.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:2316
    • C:\Windows\SysWOW64\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Program Files\WinRAR\winrar.jse"
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2332
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://www.go2000.com/?g8
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2812
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2812 CREDAT:275457 /prefetch:2
          4⤵
          • System Location Discovery: System Language Discovery
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2576
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c ping -n 4 127.1>nul &del /q "C:\Users\Admin\AppData\Local\Temp\3b2c5904810da630b166fe6f679e1372_JaffaCakes118.exe"
      2⤵
      • Deletes itself
      • System Location Discovery: System Language Discovery
      • System Network Configuration Discovery: Internet Connection Discovery
      • Suspicious use of WriteProcessMemory
      PID:2684
      • C:\Windows\SysWOW64\PING.EXE
        ping -n 4 127.1
        3⤵
        • System Location Discovery: System Language Discovery
        • System Network Configuration Discovery: Internet Connection Discovery
        • Runs ping.exe
        PID:2620
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:760

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Program Files\WinRAR\winrar.jse
          Filesize

          11KB

          MD5

          9208c38b58c7c7114f3149591580b980

          SHA1

          8154bdee622a386894636b7db046744724c3fc2b

          SHA256

          cb1b908e509020904b05dc6e4ec17d877d394eb60f6ec0d993ceba5839913a0c

          SHA512

          a421c6afa6d25185ec52a8218bddf84537407fd2f6cabe38c1be814d97920cfff693a48b4f48eb30c98437cbbb8ad30ccd28c3b4b7c24379ef36ac361ddfdbf1

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          29e1d475e75c290caaec7c5b9e6cbed9

          SHA1

          e1390a9d4d20b2d655b1c01e6ffd5f1006362600

          SHA256

          5db9a7dbd27ef80912a9c0edcad010be0c0252cba061c631228fb6caad2d2ade

          SHA512

          de44b2e6757a3fc0b5f864a094ab6a6c18dfcc395bf45e4a508e9d3f66fcfd00aedbd6ee5a53dbe22e8b151df8982e91a6b0e912984532f32ef17db06cf573a1

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          7b6b0c195fd8208f27212ed0ab9fc4be

          SHA1

          908f8e791bb00bd6253434274b6080e67c094e17

          SHA256

          342f47e544f55a17215cfec91969a63942ddddd659b3d004d891be05cdc50413

          SHA512

          09825201706b2249ce86673113ffe248164b16b48c7fcf81ea2d9bb3ef899f6d4246ba116e74a70214e4210a2e89809fbcba817ae45d24237869428bea0c4413

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          ed7588dfc3c9468fa597d2c940b1886a

          SHA1

          8fd4cec8f74ea155f40cb1fb1c21c6ef696e541d

          SHA256

          c0e074793b350b107a59454374970253fd3d0139c18c153278ebea99967b1f2a

          SHA512

          9d60b912e71c1e05286c525155c253a41255c2950e995e38359d15e6292e5109b74270e93e49d644619468979a526d8d4aab4a8fedf58597b68995e6ddcc2148

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          ba004e114da532915fd2dd58c93d306e

          SHA1

          e1d3f0ec8dd5d4f614c46fc3a51294f966e1032d

          SHA256

          1296271618c87d8fb50eee31e28a73d5b26fc3bd402c97af227dd7c5ffb7ac19

          SHA512

          a5d7e00a4d086172f4ed627d6f933540a07f2fc704bd414966386f6c529f15fb2c7660ec61919739ac0ead9d4ff976cd1ad8fd2d30371f143395c1b325b2bc35

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          a4d969fe45b136a24fb292d494685508

          SHA1

          ab64c08db4b1464600a5a2b548fce8c1180eba7f

          SHA256

          12e68e9fd842f73a2c24020139a49961125c0f402e873c64599ef8c6658cbb56

          SHA512

          f37de7d8f5b61dc5d00504e35ce90a10463bc4258e5a8ac7f961379cdabd4387f7a0e7c9e18fa14d60196d683c883ad4625fd0fac9d1133abc1236c40acc58d9

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          ee76bda366c3e44968b5283807b07ad6

          SHA1

          40255e8b89dc16e42a855802dfe59f5ee10cc378

          SHA256

          cbdb14c1abb76018b74160894b1d90a9e653110643b58a8a4b53e8a9916f0213

          SHA512

          a8a2b45230e8cab513c333dd6f89ef12504c6f2a5f4bdb990187efcfc29b3d16e1262c524dc845bec60e4ed0fded688717e584a59495d4aa5c9db88bb74256d7

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          1b79ea15c606930d0ef1a7a0be1f8b0c

          SHA1

          39fc034af9debdc33a62c18b319ae838df34af90

          SHA256

          268784c439c96cac88babc04aad6f42616552df0efc089d6b6b7b381aa49906e

          SHA512

          198d0a00b1a972e824eebece37e5eb8ed1b315ebdd00975e58c749bdef6f824150c1fe41f6b4e6ec2fc1157a3e9fe8676a4fed198407b0fea51a6256da4d6868

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          45a7a865b572989244b71bdefd7f764b

          SHA1

          7ba8abb334fc8e1ea8b665d7bac1598b224ab2ff

          SHA256

          f5f15c85f69f7b78cb495359af9430e8e4a8c3189fc2be9bb799a989ad45a7ab

          SHA512

          d91809abc3fc05e02c035d8301ed310965a76d8614e488c5cce2fdbf06445982df4964d27ea0477ad89aae4d069ae7cf82d0b4eff72e8c78962360e1b68e7a66

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          950c364b55ca75a6a70535215071bad0

          SHA1

          36e2f2fce0ff3a8d5647cd1f3fd250bc647a21e7

          SHA256

          a69cd01069fb19f70704e7b696b33a0e41d0d9ac34760c5cff12d7080e0a6c96

          SHA512

          02865fb5260b385e09d6f7427629936b92050ae9162be7afa044a3dfb80fb5131aa2094da5f96962195ff5c6e721a0b1f259eb8f375d87ecfeb8db495e9ebb56

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          55fcaa7d70571498723699c06523c322

          SHA1

          e31dc8977fc4be6f49df5f8ebeec1ee0b6cd9239

          SHA256

          64c426470d65bd9df426c7a8c2894e1e87f93adc0ec337b8b7827a9b1d813e4e

          SHA512

          62e38ed4d6005d42609e0d3a2195dcb9d3c23ed7d26ad8c5f49a179cdd7bd63c6a452fbb13ba5d9c23f7310be8972ed132d5c4f5ff79de8a81b840be46170a86

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          a33883c081dd992c5364ff887c3d258b

          SHA1

          5938fb42f43e4cc1612d95ea638d9b22fd26b643

          SHA256

          c4f5a5a13f69eb0b6e82085dfacc8b44f32c411f5e1c8598f2ab62e8e1e8e056

          SHA512

          47449d74ee7d84aa726aa382a17f61935ed03e756bbccbebf25e3b52534b2f5d74369a4a83aadfe291d48fb4b3fef27da64e5b8384a0d461badf6c63f56eb463

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          096daf1a5445a27e812fd9c49828bcb2

          SHA1

          59a3439f1d544366ff035a13a4afb713cf2af9a7

          SHA256

          cb52cbf3970d971b5a9623c5b0c437e6dd52d860e732ad90cf2742f0c74d3841

          SHA512

          6ced6492d2a110dfee7d59d419655a01d79c64f8e21561fceb1587ff2eb013e6120464e5666b079ea1a1fbe63269298ba621e2fa99a0cf4d82a4256ae77f5157

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          66801d8ce03f5bc0ff70fe8326c5cc0d

          SHA1

          9b64f379ba44ef43ea8f4d67259868340b6551bd

          SHA256

          2f886ba18f788ca2262e4f6bd4b01d03b372a9122d2cfdefdc359f6266f3666d

          SHA512

          7ff037b6baaa288992bea4007a5dc1df9f5c6933af8dafc004a0374d9e920f9a2a7fd567c4c85759a43f308ee42c49ff9b58114fee408428e91c713d4a4e7ebe

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          d807919151d446df880358f6d85f36b7

          SHA1

          aa57ba11f286d14e998605c6ebb4fae0f475a74c

          SHA256

          c67f6b07cac6bffd000b31ec71cbeaa395aedddf35f4c6257300406a30b76366

          SHA512

          febacc51bf1b3b68ffdda37205107b19fdaf18dff91e269ef54f7b9ecb825f8749632b57828f9cf7c701d16754926f9086b93acc91cae69c49e40d8fa3cd4ce1

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          e21811e16f4d2c3cdaa1f7a3e41d2c32

          SHA1

          b1e1e1af14c43ab5f3891c8031e7f12664324f0c

          SHA256

          0480a93e8b4b15e14e58aadf983b064233aa4b6378414dc9c8b26f15bf679c18

          SHA512

          6401d40c9ef137bdd703348ccde06aa9a54651550824a6b2d949db1381c099f9397355aea5271eef53e76436f224f4030b38b24f89bd094d9cab4439f633eee2

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          4b2d8ef4d29a9eb25b3ee4b3518b5eac

          SHA1

          4468bdb6de78e15410df674ae030aa6a5702cf17

          SHA256

          40063f4f1abb6d07ad13ecde5c66f4f591ee15590275fcc2fabe59b967945b30

          SHA512

          274bd975a622ee9841a84ce2af5348a3dba938575151e68ad911c802fe53e6f40b03b2e8bf50a80b54f7f8ec1e82cd7e602a028efceeb190f7f092844b6bf181

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          5feab1d3417218ed63d045747a001088

          SHA1

          1c87374a41c961f80a3233ecdd47d0d5187ec76c

          SHA256

          452ae252bed906cab2481affb2cf2d1083dbabc8175f58f01b9ceea81c5ca46f

          SHA512

          c99e34a8d64b25e8001a7cd7b72fd25a9702f556b6dbd5b3d4eab1c3916162626977d86f0d1072651b109720104389a5b912b78e00fa7eedf865f371efb44b9f

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          e8f346faacb5f43cda686d20576ac3bf

          SHA1

          5791b13e2967b295370c3b571768542a4d89549a

          SHA256

          ad860fd617e8a39474c81183dda4ce4afb6b5174430c5ca59b8cda62c9507ad5

          SHA512

          fd249c7bea92c9aff6780a2a78ff583d1ca24ee7c21a6ee42facaaf03a49b1bf32826240d462e8a66d0813ca3f1a16cf2f74d05cd65e5accac18a99b06f0cec7

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          1f5d366a7b0b9324eeb0c6a20d9344dc

          SHA1

          6bfd4f49ed65949e090fee1f9b8f905353f284ab

          SHA256

          1568adcf84bbd116cb55208513b951fa13363f195331a07ea8f3283546615c6c

          SHA512

          1fc10816445fcac6480e6e9eacd1476627ee8182f647f5301e82ba9876bb7edeaa278bf05430361ac962d086037a9944f664bb0133a6d6994d9526c9d6433db6

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\CabF5C6.tmp
          Filesize

          70KB

          MD5

          49aebf8cbd62d92ac215b2923fb1b9f5

          SHA1

          1723be06719828dda65ad804298d0431f6aff976

          SHA256

          b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

          SHA512

          bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\TarF5D9.tmp
          Filesize

          181KB

          MD5

          4ea6026cf93ec6338144661bf1202cd1

          SHA1

          a1dec9044f750ad887935a01430bf49322fbdcb7

          SHA256

          8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

          SHA512

          6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

          Download Submit

        • C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.mmc
          Filesize

          149B

          MD5

          b0ad7e59754e8d953129437b08846b5f

          SHA1

          9ed0ae9bc497b3aa65aed2130d068c4c1c70d87a

          SHA256

          cf80455e97e3fede569ea275fa701c0f185eeba64f695286647afe56d29e2c37

          SHA512

          53e6ce64ad4e9f5696de92a32f65d06dbd459fd12256481706d7e6d677a14c15238e5351f97d2eb7bfb129a0d39f2603c4d14305a86821ed56e9face0bc252b6

          Download Submit

        • memory/2316-0-0x0000000000400000-0x00000000004B1000-memory.dmp

          Filesize

          708KB

          Download

        • memory/2316-36-0x0000000000400000-0x00000000004B1000-memory.dmp

          Filesize

          708KB

          Download