Overview

overview

7

Static

static

5

45404b5b35...18.exe

windows7-x64

7

45404b5b35...18.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    118s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    15-10-2024 01:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    45404b5b350a30f8af78575f2f2b3660_JaffaCakes118.exe

  • Size

    81KB

  • MD5

    45404b5b350a30f8af78575f2f2b3660

  • SHA1

    840ca8c753d6cb832e2592ecf36fc65b2a834fb5

  • SHA256

    d8ff5cb875f3125b90273df6ce4319ba4dec7673efec1c9ff5351c3d2d46dfb6

  • SHA512

    f2dc46ac222bfcfb0c562cdabca2e5fc31df5c4b927a15a125080fd7fbdb394ca6b67f6d0ad8de33bef3fca526fdbeeaba88faf0e5e91d93f6ec38efa687e0a8

  • SSDEEP

    1536:Z0TEh4Kg5NinaXfbNInU33cbPyyVE9BKZXjOKwDLkxxTM:ZcA9g5wnkjyETkE9DLkxxg

Score
7/10
discoverypersistenceupx

Malware Config

Signatures

  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 2 IoCs
  • Drops file in Windows directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\45404b5b350a30f8af78575f2f2b3660_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\45404b5b350a30f8af78575f2f2b3660_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2508
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.forumx.com/kit/ornella_aw.exe
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1452
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1452 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2880

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8513724f44fdacde6b4e6dca5f8e22a5

    SHA1

    d255de74165e303e56da4599d3e9f51406cef5d3

    SHA256

    b6808eead1f6bab666f642f3d2063221803dfd7c3ae8a72f8cc440ee8e30a7f3

    SHA512

    748b0c3e099054f5e194ec15beae016c95d9ca6f3ede30ed0cfb45341789334fe42d0f74a2b9021cee6effc94f0e556b7a511d8588607e9c4177acbf004025dc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    30245f2b7880815c2015f73c6172b202

    SHA1

    2a542435aa11c637621c9e2f2958896f26ff2ae0

    SHA256

    7e33a6bd1c770428f0de2ab398ddea26a9a7aee49b19e4a8cf8944f595088f67

    SHA512

    6b719e273d3020995660c3b17dc6b81fc8130071f336a0d90c567b1fdef89c6fbce5af4bb94497aaa6c6117bc0586d75edd98a389a9a11ca24a3cae6926d4fd3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9f7130d0e4a93b89c5b139581eb6c465

    SHA1

    56c684036d4fdf0bc5c3d16465572e6197916cd3

    SHA256

    732caea527680eb2445bf8c2dc10283bb4049f6d2f56c87c311903c5740e9d17

    SHA512

    9437875c11d659407e6ccf3ef4b1ccf9819f62fdc6441d469ca7b03739ab70aa2976b9d5552b595563eef15a34245f75716adcabfa5ba8654b629c81a40d18ca

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ce38a9df3996e5a3b61a1d3936142859

    SHA1

    cbdbf6709b0711dae65af0044c5482c9b2acfa51

    SHA256

    bcb9ace2284587a8e8c6268720e4c4a536ef78cc395b2d6b8defa16b575b08df

    SHA512

    c7b2b0cf3cbbb94da650b0c4a0a251148919f61739ec7921897f9cc5602eb2b5995c264107fd486bac22b2068c582bac261c46242fddf5f7ada1949e24c127ef

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    36cb701eaa2edb4ca9c0fc14d03b5233

    SHA1

    2178597d4960efc8786eda56a564f755416269ce

    SHA256

    e5ab1a5df7b032c8a7b7e80fa5b6ea817aaa35669acb75aa9fa5aced14ddfe54

    SHA512

    6a468af1f625371c68c9f473d25bb4e1a5b11ee412fd64cb402315f50342d03f5cffde8c36fea323ed34722dee16ba4e4673e2bfe0e952eda1d66a0107c6c0a6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7a5188a44180c115d72d87d4f36c3133

    SHA1

    249ec9c50078a5e568084f855362bf10e6e3fe5b

    SHA256

    cbafa6fec0f162635e8a1441390a20d70cd913764460e7dc903c9b09bcd5ad33

    SHA512

    ddab2b0aa59f96ec07ce0b4b71018b2ad11aa40ae8067bdfee0e879f115797070812ca66800be129c7eec831d548f1bdf9f9874e82cdc18588c718957675c1f5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d51e73a05b850cf7fd5ef5617fa95ec9

    SHA1

    f5aebfadebead500ab843e64c242dddb31f05814

    SHA256

    6f2d65d1babc334778d3964bae14a64c55ca7a8de3a2502d5ed9992f9d65d840

    SHA512

    b19ab1dabef9a739eb71e855e943c4cd1f170d1a9977e3946c1c968b2792b931cb7e9bd715c59da709fd784d4c21b1926631bb4936641b178a42455d9860cd53

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ea813cdb9cd572577e0ed89dc5bc30b5

    SHA1

    a30f630c5ceb7443b04d33997b94987a93f70fc4

    SHA256

    1d2058dfbd8f3a2ace81aed23bf9e97b12c9698ec549d9772642af53d0862f0c

    SHA512

    235654c5b5472892bac1d3a42890539db6cb29fb2b2bf96a65d846284e213ca584bed5eab8ff4f4456ecd4402a8a2f01edb1a4ad75abdb1e082aca76e69801e7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c3a0d585c461b1b8e9caa147a2e7cea9

    SHA1

    8a8ce95987026d1e937b625b84266030a081c59c

    SHA256

    7551e85b7bdf195b397193a27dd138199ef9e1482c96448c5fb17b9e68273ced

    SHA512

    6c1f5cf2c776d6e654c55a8a0c0f5e27581d95a924f612af6a6f50d6ffac7a7d6617c2b5e9449c4b87a3fb27a792e4743cbe753c97f9e6b133ff4141e65d44ca

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9659366a5dddf9df5c0b1b2a18539e7b

    SHA1

    310f6603ac275e51f986b1d6dc70d70db99b327b

    SHA256

    dbe1a43be4b226cbe00d4e1ae29c2246c7fce7f0f0283e5e15bc84e7defb75bb

    SHA512

    a07fde212cf7fdb5e3d3bdabf3190715e9e581c57e27784d61fd2f0ae0f159119d308bcfca3578259e54d9f6209fb3933866067e5f504b53e8d43cb897b4cebf

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    333d0564b1a117b872e1221a7d32be59

    SHA1

    fb005f4cd10d999db81b204a201d72be68a2455a

    SHA256

    a230d4903ea73bcd8038ce5433d069131d7f7773ea8ae2b5a5aefabd7c8d2eb0

    SHA512

    cba1306fc5e79e73fe2c4bffc3b0350f438121b828fc6fd0ad155cf3dd9dcdef68c7b3e1905f2393283921b100a86a000e38c773cedf6aff69f132befd22b895

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabEA62.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarEB3F.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • \Program Files (x86)\45404b5b350a30f8af78575f2f2b3660_JaffaCakes118\45404b5b350a30f8af78575f2f2b3660_JaffaCakes118.exe
    Filesize

    81KB

    MD5

    45404b5b350a30f8af78575f2f2b3660

    SHA1

    840ca8c753d6cb832e2592ecf36fc65b2a834fb5

    SHA256

    d8ff5cb875f3125b90273df6ce4319ba4dec7673efec1c9ff5351c3d2d46dfb6

    SHA512

    f2dc46ac222bfcfb0c562cdabca2e5fc31df5c4b927a15a125080fd7fbdb394ca6b67f6d0ad8de33bef3fca526fdbeeaba88faf0e5e91d93f6ec38efa687e0a8

    Download Submit

  • memory/2508-14-0x0000000000760000-0x0000000000762000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2508-13-0x0000000000400000-0x0000000000473000-memory.dmp

    Filesize

    460KB

    Download

  • memory/2508-11-0x0000000000760000-0x0000000000770000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2508-0-0x0000000000400000-0x0000000000473000-memory.dmp

    Filesize

    460KB

    Download