Overview

overview

7

Static

static

3

3e66f6e547...18.exe

windows7-x64

7

3e66f6e547...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    148s
  • max time network
    149s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    13-10-2024 06:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3e66f6e547ba020ffb2627619ec2693b_JaffaCakes118.exe

  • Size

    80KB

  • MD5

    3e66f6e547ba020ffb2627619ec2693b

  • SHA1

    fc4da8220a3e6798a174e77ac58de8b1a053df87

  • SHA256

    cf4168c3c8504ff72a5a8373ea1396e52ad41aa5c18305b60141e81219b930f5

  • SHA512

    03349fd8d2cf42943592227181e1fb20005d1fbcc5114ee9e73b17cb3172a7e92141f5d5ef2710495a9f797f1afaaf2d1eadff0b4a3b5d2e5804f6ad28c9fb6c

  • SSDEEP

    1536:P/nsVImgZ6f/+XoUmEUijE1tnMhlVDIF4Lc7W1untrlnF8/gN3elS5/36e:HsOEf/0oUmEUiQ1JmlVDImUtRF8/WX6e

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 11 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in System32 directory 2 IoCs
  • Drops file in Program Files directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 35 IoCs
    adwarespyware
  • Modifies data under HKEY_USERS 12 IoCs
  • Modifies registry class 13 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SendNotifyMessage 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3e66f6e547ba020ffb2627619ec2693b_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\3e66f6e547ba020ffb2627619ec2693b_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2084
    • C:\program files\comsoft\dialers\livecam_se\livecam_se.exe
      "C:\program files\comsoft\dialers\livecam_se\livecam_se.exe" -kill c:\users\admin\appdata\local\temp\3e66f6e547ba020ffb2627619ec2693b_jaffacakes118.exe /install
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Modifies data under HKEY_USERS
      • Modifies registry class
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:2896
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2700
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2700 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2500

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2dafec09600a1ae53cb15cc6ff1d6470

    SHA1

    6a806a542cc4cb0a687c2fe325252710949af69b

    SHA256

    c6b6de203fc0fafeb7622aab957a38ee7ca6684e4026259ecfb99ec877999ec2

    SHA512

    a0fa6ad5cb54eaf110ba5cbd6c568425a59441fdef12930b3346fbfb54992a77dd1d3b6a6fea28f682932d7fb7b3c2cf4a4d702bc3bad44dd65df6d0de73071f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4253813ce2597c545de8d591d366f3bf

    SHA1

    4a3ea2797146fcf9105c2fb57f25c56a35b0da1d

    SHA256

    22740398aef2a609fa69c7331f2f7e15dfa8de8d52f49621848e830a456899f6

    SHA512

    5cb97016c81f1946ff0f6c8bd66c01c386f12a6f26a0e51eaf5559442822e5c48e5dc5c8cacf89d1d364b22eb286a2d266cd07321c4e561d68180672d5b67d14

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    67bb9fabd43c6327da20c7775495e1ae

    SHA1

    e9b1ed5fc0f8eb8c0423bf1d5feecd5398dc845d

    SHA256

    aada8ffd3ffdeb7df18266bfa2712354ee9b6406b6fc8460f0fba1fbc1503084

    SHA512

    78de845b098ab97d026646a6cd5a8857f0a89cb048964693963e554c25005488deadce7a34d68a4387972c37f09e768d17df3b98eab345294751c76a576b85c6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e1db99d46d86aeb3a7696d236cef6e12

    SHA1

    806723f290613fd7fa61cde59a9a368eed0ad6ca

    SHA256

    68d07bbed7b13b2d2feb03c218ac662f6496756ab6ea3baa592119db23aa6368

    SHA512

    9c8fdb88a410af128f9b4a685bf63dfd842839023552f36ec20e16c9be0056abfd3773a266c0acb3e661c75acb3b8dc5571e107d5a222a74e652e17bd62c2218

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9ccb1c71da5496b94399840d66a6e2dc

    SHA1

    36d907b4dec7a21cdb2c21dd6d8e274e4a4101d7

    SHA256

    ea29ef1a59d3e8e4f0e5e0521353c01dcc2000a2239be73e671701e166c32cdb

    SHA512

    2a867a93a9d8fb9555d8e1379328796fae6a31f6cb2cf1e9079274609b4cc8ac054b236792a1ae4df9dbfee35fd4e2da392ab38e2ce299d81f3371f7699100c3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7a47ad82312a33204ebe8140e3b3fb94

    SHA1

    a9de0e095cb105e067ba1aa07d53bcc47eb98795

    SHA256

    1eedfaf55d3772bf766555be2d04e7e03cdc2bf4ed97e3d998f4d60b0e93bc3a

    SHA512

    5cd04894e5a0f72f699c65664dcb879c515b111bd5df212f430ee1c857ef86a9ad1a71ed8ca53f5f1a9069e4e3aeb34874dff9ef8c628b92557a219a001547b6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5b4374a0ceba2c8237866c36e7879ebe

    SHA1

    23ca62bb1172941b1040d61070649db3e45e94ae

    SHA256

    712e249ccd03acaad108ef9a7d37dba0f05f0d7583a4ebd76b351c9ce143b18c

    SHA512

    8433b8a2b281237fcb34da3617670c792e0902dcf9f894925b3dd29b2bf096d76a2a92c042996434d016c91d6f285b1a4266fe800c56c59c30493be8417f8eca

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7bf3eb3f1225b478528f7262086962ac

    SHA1

    01fcd6d075c7fb199aa5f0e14d09452c22681e84

    SHA256

    2ba4a00b45c21411bedb47439ce9ce06cbc9a71d208fefdde49c85a149be1873

    SHA512

    4d8da7c176837c1e160d398475bb73dfa116290a18da6455d9869eaff07a766b66f57970adace71af68a742000970cd0cc969a6405e2f8c2b4c614a90713e9fa

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e499df4c8b9d60bea8485d3f5b9c3057

    SHA1

    afbe40c88dba8507f64b093cd9da77c578f75c77

    SHA256

    23578cbc5bdea8ca13c4a32d04145193d96ed6c6ab65556d7f3f320505ae1f58

    SHA512

    a8ec0bf8e040aee791041392d84e3bf1d7c794a895ebe03022c7724157903ab71d68ea25883a7e1c006794a30709d093d1e5b9989cfd0bb1d532e1ab969500ad

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    07281b4992a565c65cc74f9e3b02a869

    SHA1

    32b2a2ba5c590770424ee9cbea3830fa4602148e

    SHA256

    42974921c8be05fe832c769c8cf0bfc77a20f9757ccaeabeb24a817607b263bb

    SHA512

    50b2873c642caa4fbfa4262341edc6dee01dc7a30222da660e71fa03e72d5c6c263b41f851da95c2573b99a56b0bac285473ca8c58b744c79aff537c4cdffb64

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c2fb50cca71d6847d21b2664caa82fdc

    SHA1

    51268c1a3c9f6633b07dbd5084aab62e66202fcb

    SHA256

    8ea7085ab47f19b1250ad42efcb7d5f8644767f683209854716241c4812873eb

    SHA512

    f9464cd85973e4a0a9019200aa8940e410278c85a9220058ab135c6fe7afcba27cf38db73907ac0b89865b521d3fb77d15aa44d6dd2b4566c5d058ae3fbe95b9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c52be8186c3450acfe1ec98655be795c

    SHA1

    ba90d1bdf479a1525214b3c84822f0fcea3d338c

    SHA256

    71be551f9c675718761db9c4b3372a907b58cac3b50f3a2db14478bf23fae39e

    SHA512

    ce2a1fbc47e10db582240ebbfbea98f4469a8c03dd03b9be2a919f28e2ea4c0d62100f12d97436a0cec201d2e8f4afd81047f957504f48827c11f0f7c2541aa6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    252171cb530feaeb6f649a284695261b

    SHA1

    057210fb92b49e009486e321be06d2f3026f6183

    SHA256

    475a7e4e55eed9e35a3a228232a9aea5b7c84b1dc3254377f14ec47b34110713

    SHA512

    741ed73cc43aa00dd0c2d1f51e14512f282f00d32316ca2551e251f4c785161333596f99dbd4af51a3b5eaa1173e046fd81cd823e6dd197b15879e1cd76fcae0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9a63791c31170895acd5019da913e1e7

    SHA1

    ebd1175534fd117c6f9c93665d79e12b68ec7a1d

    SHA256

    1fe146a4f771477dce47a2da4d917977e36732f590c9b1f6131d0dd1a96e6647

    SHA512

    a990b2abca5311564717c8be6192ab62abbb49beb44e44bb6eb078c189ed57a242467b0c8a92e94bb16306d22e3ce8a9e19e75fa8e038fc14158101a5d661423

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ec0992cd48382a1fd37a13e850cacca0

    SHA1

    f0cfc24d956df81e45bb0cd805b161f3063bb406

    SHA256

    70c41557b7aa0c5ffd7648eb091b3f0512dd0300160efd16313d76d1326b8e6e

    SHA512

    877fbb9e3b1bb1a1defb434690166c56699a6a4c4a231e736f3f67535a7f562ebe16fe1e8c1f85ed8f558f2155daba6c92ee2f51d793593cd776fef2eb697384

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5f000a706a8769fc58da3ec0ee4c1fd9

    SHA1

    206ab1b26240f8c8fa3b78e50ae72f0e321d3451

    SHA256

    1f391256117581bba413e0473d3b50ee168c9afd5ecd9304e5cfecc094001ff4

    SHA512

    b06246df72ffef349b61075c611281ea13ccc3e8f9ba17e6a9f665b51c91190a37972c8282c0a27bccaa9e74f02299aaf639aa48e1f101838a15960ffd72ea89

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    bebecf66a5622a0d7956c55b3cdcd391

    SHA1

    44e5a741a58dd2116ce623471720d358d76eed94

    SHA256

    e3a072ad13782a37d3dc0b1ca65e20fa251f0ec3b8986dda044c61129aaa067c

    SHA512

    db7e7dd219e4b5cb3dfc7492e489d58a6f92cc8a6f290485e7738469b35f914400201e42c253a6114c33be593520895719f5769e7e4fb1f593394ba923300036

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b7e3f0492db0212e92398adb865f62ca

    SHA1

    842e3536d766ac4ecad4e9998a819a2f1a676273

    SHA256

    672e03f4318de21d90978c77274922eaca27691344edd32691829b2696f72f62

    SHA512

    e8cf496282a3a4cd7c1142f8636370695808a7b2869af61293941d08fdc88230e203974a2570820d8dc6794ad215df87b3ca17e426782903b2e81ebe47194ec2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    eb4c9a449bb29bf6fef218a85057b958

    SHA1

    249ced2389f97a002719609c5d7e9950009f80a0

    SHA256

    ae58ef204dfb8a7195ff49a35e4dd578b062f500224093628167d012093da598

    SHA512

    af85de5287b2b879d38adf8a58d9888b010c767fa9f8f123ddcf2d7fe07154c574c523a5f6d3c616b6f142b796b04b081cbba7f3bd7d411fd847c04253b95004

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab4F6B.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar5077.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\LiveCam_se.lnk
    Filesize

    1KB

    MD5

    951c4a1cd15088b8f437cca2b21ca829

    SHA1

    0e32c6e9a45e3a22553011c120488b6d6d02c6cb

    SHA256

    857092ac452a87e1da371c06bc3580465fb32fbb4699fdb78472509264b33f7e

    SHA512

    844994e8d626be15f6eb8a34b1ae827da696c222ee8aee1a62d29c612c92cd8ce149fdf6dc475d0e9d3c92e653eedc63773faa073269f236c44e365a6ef51b82

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LiveCam_se.lnk
    Filesize

    1KB

    MD5

    d89f46a2df1c2f7c10b702085ca84e5f

    SHA1

    40acf60d896f90c41498b10f3a9509d6d939eba6

    SHA256

    0024661758835f4590671b4aa1258e2a8f6a9fb9d26f6fda50a606d3e1bb2a5e

    SHA512

    aac4c875230acd236eb70e6a2dca785c8dd4cd3258d970d489a68caea8ff137d78f0651220d121336c09255bbdd7c173cda8085fc18838be150b7f873fbf0ddd

    Download Submit

  • C:\Users\Admin\Desktop\LiveCam_se.lnk
    Filesize

    1021B

    MD5

    cd705d067eff049108bbf0b3e8d80cf1

    SHA1

    6daf1c2530314a1eacdeb99010d2ce9532bd3b1c

    SHA256

    68da0955a5894e930f9933535ac1b258410f533d9675d4f1c979d06a84141b97

    SHA512

    faea077de4e313c11fbe2cb59a554b63bf224ecb8e294c3365a2538ebc41cb338cc05978b1d532fc79456e53d163f9f0243cc1038c0e79eb7bbe7a85af35580d

    Download Submit

  • \Program Files\comsoft\dialers\livecam_se\livecam_se.exe
    Filesize

    80KB

    MD5

    3e66f6e547ba020ffb2627619ec2693b

    SHA1

    fc4da8220a3e6798a174e77ac58de8b1a053df87

    SHA256

    cf4168c3c8504ff72a5a8373ea1396e52ad41aa5c18305b60141e81219b930f5

    SHA512

    03349fd8d2cf42943592227181e1fb20005d1fbcc5114ee9e73b17cb3172a7e92141f5d5ef2710495a9f797f1afaaf2d1eadff0b4a3b5d2e5804f6ad28c9fb6c

    Download Submit

  • memory/2084-40-0x0000000002D60000-0x0000000002D94000-memory.dmp

    Filesize

    208KB

    Download

  • memory/2084-42-0x0000000000400000-0x0000000000434000-memory.dmp

    Filesize

    208KB

    Download

  • memory/2084-0-0x0000000000400000-0x0000000000434000-memory.dmp

    Filesize

    208KB

    Download

  • memory/2084-19-0x0000000001EC0000-0x0000000001ED0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2084-18-0x0000000001EC0000-0x0000000001ED0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2084-17-0x0000000001EC0000-0x0000000001ED0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2896-51-0x0000000002B40000-0x0000000002B50000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2896-59-0x0000000002B40000-0x0000000002B50000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2896-60-0x0000000002B40000-0x0000000002B50000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2896-43-0x0000000000400000-0x0000000000434000-memory.dmp

    Filesize

    208KB

    Download

  • memory/2896-52-0x0000000002B40000-0x0000000002B50000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2896-57-0x0000000003770000-0x0000000003772000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2896-58-0x0000000000400000-0x0000000000434000-memory.dmp

    Filesize

    208KB

    Download

  • memory/2896-56-0x0000000002B40000-0x0000000002B50000-memory.dmp

    Filesize

    64KB

    Download