Analysis
-
max time kernel
133s -
max time network
129s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
14-10-2024 13:42
General
-
Target
429727607f19019d28c55c673bc3f0ab_JaffaCakes118.exe
-
Size
250KB
-
MD5
429727607f19019d28c55c673bc3f0ab
-
SHA1
fabf52a135c4ae4a6376190da7b7ed0b9243798f
-
SHA256
628584470054ce6376e9dbaac5ebb1b5477beb1d60a2faab6a20704fb96a18d6
-
SHA512
ef594f1f57dea45437f39d3f2af414d4f4895c29eba227146a0067a61e6e1103a136f382ce9e2972165a3281b61a0f52a790592112f714f05519a525bea6b5b7
-
SSDEEP
6144:ihieuJDr5T8b2ufqBLjSB/MS7irtIa6cwoD8ZroSfjGFA:feKrJJuf86AYcwoaoSbr
Malware Config
Signatures
-
Boot or Logon Autostart Execution: Active Setup 2 TTPs 1 IoCs
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Deletes itself 1 IoCs
-
AutoIT Executable 1 IoCs
AutoIT scripts compiled to PE executables.
-
UPX packed file 2 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Drops file in Program Files directory 2 IoCs
-
Command and Scripting Interpreter: JavaScript 1 TTPs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 5 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 2 IoCs
Adversaries may check for Internet connectivity on compromised systems.
-
Modifies Internet Explorer settings 1 TTPs 36 IoCs
-
Modifies registry class 26 IoCs
-
Runs ping.exe 1 TTPs 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 13 IoCs
-
Suspicious use of FindShellTrayWindow 45 IoCs
-
Suspicious use of SendNotifyMessage 20 IoCs
-
Suspicious use of SetWindowsHookEx 4 IoCs
-
Suspicious use of WriteProcessMemory 20 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Users\Admin\AppData\Local\Temp\429727607f19019d28c55c673bc3f0ab_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\429727607f19019d28c55c673bc3f0ab_JaffaCakes118.exe"1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Program Files\WinRAR\winrar.jse"2⤵
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" http://www.go2000.com/?g83⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2760 CREDAT:275457 /prefetch:24⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ping -n 4 127.1>nul &del /q "C:\Users\Admin\AppData\Local\Temp\429727607f19019d28c55c673bc3f0ab_JaffaCakes118.exe"2⤵
- Deletes itself
- System Location Discovery: System Language Discovery
- System Network Configuration Discovery: Internet Connection Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\PING.EXEping -n 4 127.13⤵
- System Location Discovery: System Language Discovery
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
-
-
-
C:\Windows\explorer.exeexplorer.exe1⤵
- Boot or Logon Autostart Execution: Active Setup
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
11KB
MD59208c38b58c7c7114f3149591580b980
SHA18154bdee622a386894636b7db046744724c3fc2b
SHA256cb1b908e509020904b05dc6e4ec17d877d394eb60f6ec0d993ceba5839913a0c
SHA512a421c6afa6d25185ec52a8218bddf84537407fd2f6cabe38c1be814d97920cfff693a48b4f48eb30c98437cbbb8ad30ccd28c3b4b7c24379ef36ac361ddfdbf1
-
Filesize
342B
MD59c9b2fa6ba64b8640c507fa13f0acf17
SHA10670e303f37303cd1410af3bfdb907fd87e9517e
SHA2564bb65175fe7ca1f502acedb41a4034235c4f4b539e59a9d8a26a2b51766d6e01
SHA512bd8663ea3e192089f34e9d6bc85c8239ef666fbcc82e6d8e63893578ccd86ac13cfcdbcecfed6e5c09462e1810c40380a52edd8eac7a6c4b2620635bf735a80a
-
Filesize
342B
MD5811e862a2323d18561bb4f421c86cbf1
SHA18f2a83933fe6ee49653ac75950931f6184888aa9
SHA256651073bb837555445c409bf7ec0b327475b084f69ed1c90103a0c1f7ec82c692
SHA512644483238e7fbe9d43f32df075d11acdb5236d71a084fb532c7b3a3bfdf6bd2b9f078aba5890fe744c72028123e159a0098d51f1988e10c5d98ed0cb6ec96e9f
-
Filesize
342B
MD532bf129291f6da15ceee4af22ebda27d
SHA1dcc36b8cd41ba163f5e2c0e76e0fd7a298fdfa83
SHA2566c30b00ffcf86c2ae8acf92d2490979a53298ba5af6cc4fac70cab25748bb0af
SHA512e22c28044e7f25600ea2587e18e5abcbf9ba535172827809e5e6188f75df83a4d7c8a8a0dbf942821ad4083c4bc85f823a740ce1cbbb8cd7e70dfd0d144cc960
-
Filesize
342B
MD510734be2da6960c80556d966c4aac200
SHA16c34dd570994b6dc682b40e4ca88fabea9240672
SHA2563a270f59ac22b9cbbc9bb018c965e3f49e48562ef0789d886b51d836b04f9e77
SHA51220210d3bc31cb5a199131bd1588c34a1b8dff1c35c864339e37208290baed4edad2f4ede3082caf5d0cce360cac4cfad1de84047ba8c53df7de08a3dcb3e42f6
-
Filesize
342B
MD5b37fa8f641d4c51b89fd2f633a4595ac
SHA1f8ab44cf691b67c867a2c5c40beff5b943b1ad87
SHA25645d4279ba56f09da76468535f871f5da1fc1e5ddbb3e6ebaf3c3a852f09ebccf
SHA512f433cf5d14db380e8e992339ffe08d8794f7084b4530c254cb6286d3407c466b37107d4de63ceddad191a35ad8c8c0bd29e1b127918226a25fe6de6598c9213f
-
Filesize
342B
MD5a643bcbd90efdc8c02e43d987f89d7bb
SHA1246c5874981d31d9a6fa713efd8d50a85860fccb
SHA256595e1cba61c76c76602ffbce224a8bf78679790e69e7d4a49df5a09c84b50d82
SHA512f3d0388a31ed1468ac192412719d27429d287b82d4b75af65ed79250b297aee1a32509d745eda32e7a5fd3ecbcf1b0e539c680830dd2c9d17ccc55e312bee82c
-
Filesize
342B
MD5584a8518b811eb00af9080f0b74d47cd
SHA19a357a86a4f93a387b5d921f874395bba00a61b9
SHA25634ed1fd617c5348077ecc167845cf4cb1d550dff403ea7cbaec63bccc9beb022
SHA512e32ff9e34b3884126e59b70aea3391383cf10a6630c7c19419e1d21d72d46daae5af5a16219ae70a672a398835c3a5c6d3f009d9783ab687f809c2d4f5f1c80a
-
Filesize
342B
MD578416305e6b83b9aee5fbc070b54fa1e
SHA11c3c2293307dd9d54fa8a35d7afd2777afa679d7
SHA256c3184df022f95c750e17c721e9b29bdb82a65f2738e33cb9a2cf38750e6b4975
SHA5129fa6d340afd08a7ac96c3b81f97622291420454cb72e7375a75091a7df5160a8318b6865cf1964a02888ce4e7326caaee1bbd2276460f55a0e52f51b4dc36245
-
Filesize
342B
MD5dce187080b36ae5d2984ec6e058486f6
SHA1a077dbe9c55173c61f3d911ae235b09e422f0ff5
SHA256adec4b291075bb769b1fbb0ea3a76d0fb3d97982ab35f642777807407eb8a5e1
SHA5129366f85f5bccd5d3f4a04cc3f8f482d91d3fa1715777564c855ef52f5d0cb59165823d4a8bf73d2d68ff74285efad422b2a6902f270cc4e82f4af9247581487b
-
Filesize
342B
MD5a20964370f1f54d68b316e05269ad3a5
SHA18456036d88d876a59e307f14559e3f2396af05c7
SHA25623efa2e96c25cc60fa55f7aca1e87066257087d96bcc4baa550c2f0b75b9f2dc
SHA5121f5b70a43e5132b86758cb3c6958b4bcb35151895ebfac6a840d7135e832e80050c0fe79b537da6bfb506ce49eea0c21868e27f6cf7b701bb5453ed72346db10
-
Filesize
342B
MD571ae6c4aee506d52014f64bd57534c4f
SHA1fa666a141c806062c5d87fee70fbd5005e7341f6
SHA25670c2704fcd1f872aa715939311c3a774028adfccedef4c60e08c274e66344553
SHA5121204135779f1d65cf18fc3ba9c3a54ebdf2188eefadbe39bdb92b7642b9784c43f4717e12bd181dc76f6038d14f56a5ed52bb8978cdb9f9892fa20aeb1dff836
-
Filesize
342B
MD534c3579e9ca505a0b1181c8206050301
SHA1b2342638dae28768a1b95ab60e7587703379739e
SHA256ee27c500ee7b9f446cfb04a2b38beec39447b54a64246d93277037e7bd2e706e
SHA512e021ce0ab42a3dd044ca95d5afaf9521cdcee230a2dde40421bba687e7ee199c6ec55a7d2b0c7ba0399777dc39e5400228fc8eda5d412d749baf3d8fe6cd25d2
-
Filesize
342B
MD5674e470ab90d8e5b8f21709eefc6b4db
SHA17c4e405968bca70184dd96042f83a0b5f46db31d
SHA25686991e2df72ef7c95287cb7620df5f4ba3e77a04f59ce9217190b71392df634f
SHA5121ca9b1a69a3215a00c7165547dc9cf855c8a069b2b23fbe38201867d48826a6970c86f8c56abfd21701dabc54b24e9a1fa9a10c99ffc2293766deb61de9574ac
-
Filesize
342B
MD56e5119cbf541125b1a0ea009275475cf
SHA19f27abbf86463831cbcad17f7dccbc1b8699a174
SHA256c100f0e49fe7a10087eab5177d9d7ca87009587be460584eade6fff1c1e5701d
SHA512b30a26cabe67fe23d1683159c44b93d77776fe66096a652fe658a7ce34ee1a8b08d7873731a841a040df5a29cfb2a8af5c6569edced77c9ceba7b90ea3fb5905
-
Filesize
342B
MD5fde96f2fac6354e07b07c0cadcbf9cce
SHA17d2f826e83715b4c35235349d312f2b07e541938
SHA25607a46db7668f28fa4ca81cc4c8e45d4856c812f24692856c7241c0bc55f34fef
SHA51225ba6b9d9f25f26a623e4ed51dd5cebfdebcb62162875d6f9061550992118008765891be53a1eae8db92ba4280c0398f74c573f62e43ca9870b35707ac55e295
-
Filesize
342B
MD586b9e10ab0a4a0768d6a288d0aaa22da
SHA112367c7ed915e4cc9bc9195a742e406834ae13e3
SHA256d976694db2fb9a6cd051f60c0c8bc47c12dcd29e5561fe5df10892777743b4be
SHA512f13899aa08be540ddc8469fecfbf90b0b3b1e68e78751b3d03ce0e9b3ba4366b86156ad60204184b3843ea8caa91c69924dd52a644c9835f039a8f0a70cbf909
-
Filesize
342B
MD50372fb88942bbc37ffeff097034754df
SHA18be63fb02b2793d457f1f9bd41ec6432488484ed
SHA2568b28f085315132defea691015140719f6c7864068d6dc8e995b29077b638366e
SHA512ade403f84931a96dcf370474d91db2096f8fcfcd2e588555e142c6f8f4ad93f9c1c892768294732bdb433892b48fde62d3a73e9c64ddc2d6f2e080e196f4f36a
-
Filesize
342B
MD58ec8c1506c62b0a451bc1496d7ec2e26
SHA1de67ec87f23163f7482aa4145f38f7930a124bce
SHA256f7ecded7e8e4e13ea2282ea361344a9488cd4d31ba66776fbd0518bef7e4443b
SHA512a5fc276e2f3802331b694c8ce5a49aafca44f5be5c8492f7d99e0965473536e30d8bf55317ef75b77fa560f675ad02ef99477cbc63e82f500e906060570f08a3
-
Filesize
342B
MD54ae833b5dff31b449a30470e3655c7ef
SHA1a3cd7c27418a91318451c21a729760f9210ac494
SHA256c749cef5a6c78e2e4bba5816a57b2c85685099b50478fbbb9cb005956311633e
SHA5125bc9a0d3eacdaaf3c996082b2d1416c0e9d41e4e28091ff2c7985a80f4d636dfcba6db77918f078c858a783dbdb7e5e133b7cb8bb7f40f41589d17ba5a9fd647
-
Filesize
342B
MD549643648794946f1cd3c8fb46ff1922a
SHA10b59b540ebfcb1fcabb9f9b7ca95612bfcbd601d
SHA2567bb2b043cdb16d3cbd7e59973555940390de3f7691af8405b62674b724511285
SHA5122f04adb57ba87ee5113daad063885e38c863648d8658533acff028bbefe29621d7019cb35b20e39f20b354e3f13abceea47f54efeea75bfd729b2f1715822dac
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b
-
Filesize
255B
MD5a0c4d2f989198272c1e2593e65c9c6cb
SHA10fa5cf2c05483bb89b611e0de9db674e9d53389c
SHA256f3170aeec265cc49ff0f5dcb7ed7897371b0f7d1321f823f53b9b0e3a30e1d23
SHA512209798b5b153283bea29974c1433fe8b6c14f2a54e57237d021ecc1013b8dc6931dedcc2fe173d121c719901045fdf2215177ba164c05d703f2e88a196252ec4
-
Filesize
149B
MD5b0ad7e59754e8d953129437b08846b5f
SHA19ed0ae9bc497b3aa65aed2130d068c4c1c70d87a
SHA256cf80455e97e3fede569ea275fa701c0f185eeba64f695286647afe56d29e2c37
SHA51253e6ce64ad4e9f5696de92a32f65d06dbd459fd12256481706d7e6d677a14c15238e5351f97d2eb7bfb129a0d39f2603c4d14305a86821ed56e9face0bc252b6
-
Filesize
64KB
-
Filesize
708KB
-
Filesize
708KB