Overview

overview

6

Static

static

5

5520d3670d...18.exe

windows7-x64

6

5520d3670d...18.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    140s
  • max time network
    140s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    18/10/2024, 03:02

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    5520d3670d79e9c22c94cd373c188174_JaffaCakes118.exe

  • Size

    216KB

  • MD5

    5520d3670d79e9c22c94cd373c188174

  • SHA1

    9e23eb1380cf3baebfca4e8527569985047d42e7

  • SHA256

    1adccdcf97e97d55129e7175525e59d8c8e38036c9f06bd33744895633d31ff4

  • SHA512

    20f396030ed4f252f77b3d14f9967dd6cc8e392ceb474e59adc9d8251f5075e8a6ae7c303cfafbc6af04567fd41ea897718e55ba5a2e59f97b77db3c680f8548

  • SSDEEP

    6144:7NCzLYXnXmUhko3w4ge971kk3YEJ9aghoSReu:7NCzLctvw4geda87JYghoSReu

Score
6/10
discoveryevasiontrojanupx

Malware Config

Signatures

  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 35 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 9 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5520d3670d79e9c22c94cd373c188174_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\5520d3670d79e9c22c94cd373c188174_JaffaCakes118.exe"
    1⤵
    • Checks whether UAC is enabled
    • System Location Discovery: System Language Discovery
    • Modifies Internet Explorer settings
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2880
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.regnow.com/softsell/visitor.cgi?affiliate=36566&action=site&vendor=8783&ref=http://www.fenomen-games.com/_files/roobyrundemo.exe
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1056
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1056 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1952

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          d436012161319d8952a0631edd52db09

          SHA1

          dd5e11ddc7cc3e330f9136a143f9800f42b7c978

          SHA256

          c45617eabd9bdd24938a16b5394955c58628251f13770b12188e364cbd0ac04d

          SHA512

          fef222ec9308f3b981fe5885ba6c2ebd1979175f8c0bd376f27a8495836dc0bb22797010d7c58e44923d02e0ebb173a83242bf6303daefd1ba38a4cc24dbd3ac

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          01ff7f3384e139eb724c89beca29e8e8

          SHA1

          0bfcc4db9c234c9ffeb65a7f1387d7140ace7749

          SHA256

          392db554ca15d538009c9b03c1d0bbab6da760aa6bc00bf610479189b7d553b0

          SHA512

          9ced6832b9ae5ef0ca85d6617f67faf7ac0e39f091c48c8581330398373ae1f6d72bea46344c416a936aa8a7266ba38ac1d664275cd23a280c8f303c95ed7100

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          aafa6b1c89b601a9f4951a2425ab3d38

          SHA1

          3a35914adcb3698aec2ac8709132764fec759809

          SHA256

          98fc8b486560515c6fb0b978399ae1f58acf14b6ab71207d3891e427be0a22fa

          SHA512

          6787d07d5aebe768f0fc949dd45470b76554e9ec9e2fe96c6b720f91674a683d21f5e8e1340504aea466a1cf5d92ba900a618fc37a24b1bc337ff3586ef10875

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          069c6925ee35781ebc6218ba7744feb1

          SHA1

          b1464fbd424b2661b970fd2ad984f334d7059d82

          SHA256

          0753b3dc91ad7210b38dbdd52c7f1d3c1ccf9308789f8382b6dfeb47643c1f8a

          SHA512

          cddb6e2e37480b9015994c9be1d4f760222e2498f34a86d442fcf369d36ebb6b0ccf83bee1aa8c1178c8dd8d0bf37811c0cd2cffe05223aea179ac308ae31b76

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          f38061eacf5d667eb6199d9459e7e68d

          SHA1

          bc8c63d25b6a6c55fc6030ed5c3246b2d5ef5b2c

          SHA256

          9769880a5e46cf0e15ea840409cdb81d19184f28590debe1c32124e377e292bf

          SHA512

          2dca347f6ccc340a8e1932938eb920d6d8f4a24d32c21bc200f23fa9c87dc709a675b1e423be89ab2637b3ecad7041221b9c427fcfb62adc88f17aeb23d49951

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          f91c698e2323c49789d9801fbd36ebfe

          SHA1

          13dd52edae03f8cf2538cfdb3f7e8d42f441995b

          SHA256

          222a66ebed925a61005d8748e286ed07dbfaa855b19b7994a1e7135967603359

          SHA512

          5ea72c5d881af9cf6e8488741608d13ab54f71a5650f07741cd8476da5a6f3d5947b8bb43df16ded54a63717277169c0623d08a94cda4dff23ad8ac3da41c467

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          a0e1a54787d1ba742b0804c980b609ac

          SHA1

          d52585f81c215fc588e953984110de3057e04da4

          SHA256

          bb29720d328b34683e9514c8d2329d995249bf38f158c3e86cb6ee77da07c83e

          SHA512

          977cc556e805ed126b714ef48eb1f81ce7d0fbf3e8217c3c2bc5f09ab54eec35f91517b0237142305957107fa9e0362499dcd82c71a4cbd4323847d80b5d5d0a

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          ad4e71eddaa899daf0a687ef7eb5d429

          SHA1

          058bbff6f002222740c5c8476336b92bfb7a9903

          SHA256

          0e6b0647a3826ce4888e9366f06923e5060c9b84e78435d6a4bc4e7c87b11df3

          SHA512

          1c170dd66ca976f7e32c7e7192d911e94bbd354c3f47a8038648c620337708836a04b898385281442c169ea30a7dc4f9e8522bf49d2fbf9c952125474c00a1e4

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          7717c3cc25345fa9e4d4fe2f8e595f36

          SHA1

          c237b3108418a632d196f49403586cd3b73b3404

          SHA256

          c599f3417fce28c3cf383ac67b2f85c24e8cc3810d49cd79e2f6d3829b2e066a

          SHA512

          e8eface2ea91716b234ad59ec1e13a894dcb9cafb1a71e462b4abf042b2a67bf4c2861aa2f8172af677567d192b7b35667a911331be3dfcb72d641c8a094c37b

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          38c43cf73bad3958ef0a44499c2ca59a

          SHA1

          ce5782674c001924f2949af182b7b94ddbf53cae

          SHA256

          fc5c06855753335e52f58de5dd6fcf5868eb09c9038b10bf7ed5fb7b7fae6057

          SHA512

          c9e02e4678ceb87c5348048a452199df5c69c64ed4634b8fdf10a51a34313b2787560641fcda8d20ae1e90c872a7a9464b8554cebaa4968d9db7e2759b7515c0

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          1c4adb0f35fea2c3534368215eb4011c

          SHA1

          ee3c1093d4b98e7692fac4670c775e26817fabdd

          SHA256

          7b1d399011219e3b6917ccfc2e1be7b5fb81ab8e4019e7fb8f01a9194a6d3c82

          SHA512

          088cafd6927488a3adb02fc9d8c47302f60de61eaa4ec292f6b3b2e6313d4d02c0eb5454d1ab11e83f673a143e969312af3a1652ab4158d59345f6dbff581c2d

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          124cecbfc1bae41460406cc0df080cf6

          SHA1

          f58f22366cff2b07a83aa156bac9b09b90a7c6c4

          SHA256

          4bf31d7eda875dca0bec9dc40780b72a9f9b65298c2b8b7d6f2f99d0ef602a36

          SHA512

          8768a940e1d1d44160de60f72f39da9ac2bbc44e2f55ee1aeee25094cb36160e0690de212e7ac02c3b261c63f59a5890ff6b20143176ef17535d83f4a6119214

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\Cab8E6D.tmp
          Filesize

          70KB

          MD5

          49aebf8cbd62d92ac215b2923fb1b9f5

          SHA1

          1723be06719828dda65ad804298d0431f6aff976

          SHA256

          b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

          SHA512

          bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\Tar9302.tmp
          Filesize

          181KB

          MD5

          4ea6026cf93ec6338144661bf1202cd1

          SHA1

          a1dec9044f750ad887935a01430bf49322fbdcb7

          SHA256

          8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

          SHA512

          6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

          Download Submit

        • memory/2880-30-0x0000000000400000-0x00000000005C4000-memory.dmp

          Filesize

          1.8MB

          Download

        • memory/2880-0-0x0000000000400000-0x00000000005C4000-memory.dmp

          Filesize

          1.8MB

          Download