Analysis

  • max time kernel
    145s
  • max time network
    146s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    18/10/2024, 11:11

General

  • Target

    571d92e016bd89ff0f27559dd4c97185_JaffaCakes118.exe

  • Size

    262KB

  • MD5

    571d92e016bd89ff0f27559dd4c97185

  • SHA1

    2f1fb8aeb0854412a0736fc8e86f41dd10c44d74

  • SHA256

    70d3fa1b33f6dde84347b3d21d98e51b30bf724bfb89281c8e0b389b581dc0ce

  • SHA512

    dc59ceb5ef21287a83f05817f2feac20a57ba22123a4af232891ca6acab407ef81f89852a27e53b73dae05ff78b015f0d73534bdabc83ffbb17ca52e3c2aedb6

  • SSDEEP

    6144:BiDsdCheIDAHPvbMukS+f/KEOG2anFaaSg99W9U7TNDk1vi+w2:ADsdceuIbn6nKoNnFaTC9W9UVDktiS

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • AutoIT Executable 3 IoCs

    AutoIT scripts compiled to PE executables.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 10 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 2 IoCs

    Adversaries may check for Internet connectivity on compromised systems.

  • Modifies Internet Explorer settings 1 TTPs 29 IoCs
  • Runs ping.exe 1 TTPs 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\571d92e016bd89ff0f27559dd4c97185_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\571d92e016bd89ff0f27559dd4c97185_JaffaCakes118.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    • Modifies Internet Explorer settings
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3052
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" www.72227.cn/tbk.html?sg?nth3
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:1932
      • C:\Program Files\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE" www.72227.cn/tbk.html?sg?nth3
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2988
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2988 CREDAT:275457 /prefetch:2
          4⤵
          • System Location Discovery: System Language Discovery
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:1060
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c ping 127.0.0.1 -n 3&del/q/s "C:\Users\Admin\AppData\Local\Temp\571d92e016bd89ff0f27559dd4c97185_JaffaCakes118.exe"
      2⤵
      • Deletes itself
      • System Location Discovery: System Language Discovery
      • System Network Configuration Discovery: Internet Connection Discovery
      • Suspicious use of WriteProcessMemory
      PID:2996
      • C:\Windows\SysWOW64\PING.EXE
        ping 127.0.0.1 -n 3
        3⤵
        • System Location Discovery: System Language Discovery
        • System Network Configuration Discovery: Internet Connection Discovery
        • Runs ping.exe
        PID:2360

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Program Files (x86)\360\360safe\safemon\HomePageLib.dat

          Filesize

          92B

          MD5

          deae96ba2e687a0099fa888012b20f4b

          SHA1

          80df7c71265ebc7a5b13473cf2fda0892356cb27

          SHA256

          b51651133ff2ebcba07f90c42dbf2eeda26056aef1289f31fcb07bc81cc070f7

          SHA512

          fa9f6691fd16b2569dc623c7d014d2acf3c7d74a502c44bf53c91f87eb7f06d8ea5afb738820934a0cbe8771f6817175af6d8b1fc28a76336daa90bde209355d

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          4d9d24004700c8f1c6a3e8028477d605

          SHA1

          babc93081dd61f6a56781d2984d9ac519111a435

          SHA256

          4fbf1f1851fb92dd3acbbafd3a006ebf4a14131858d6613aab75e3490841fb37

          SHA512

          73b69b23e7dddbcdcf5f3f3aa5572cf095bbbe8aaf72fcbcd2895b389b2fd76d9717d31d9c75020a9bfdc2e78511a89a78336a23702d1f976e6e6831618cd127

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          0cd2e8f1e7d17e693a9ae60aed6413d2

          SHA1

          862efd7d43e9828c9ccdf880a8f622d4692311a1

          SHA256

          6d2e1ac8f487f66cd977b12c1d25b87b8315f4d4af70b8a6415662e63b57bb62

          SHA512

          e52452e98f6d208fe1d4fb53bfc8facf4d66ce52b881ba1049f4a389209da7a3c07e253e0920f134e6b38ffb35111eeb207479e622dee3853a1325beb08f39ee

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          f042b1644faf336ebdd1c0246ca9e0c5

          SHA1

          eea661101bfee22032ed1e4a0ca0b2c6bfeb59be

          SHA256

          a9502b206c041e375086b85076c5212d5a39ad39580d366ac5d16ca3775f257a

          SHA512

          0b5a1c3efc2c2440153e13946a0f55bce6ca4a8b1b5cd3d90daa9c86fc177d14e54e26e2394519e3dcbb6321766ab07a8b714f272e1b2f34dddbf330899ab6ad

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          d21b47310f11d138cbb96ea97ad106c2

          SHA1

          b6a65f2bd7b74fa7c5adb6e169afa5226df5379b

          SHA256

          22717f2f78f127f972e479982cdcdaeef9543cfad6d2c2cc0a03c01d9fb5f440

          SHA512

          5c46031079f9b1a8e9e0f4a2a0dedb5f8e9885dcd941b477a20f1595773956a5bb613d718952944008521610ac74091dd8efbd9d37e8d3e91f3dea6e7d79d0c6

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          19ce5a1b75285fd63f4e992ef095f511

          SHA1

          291211118f9f2fd9a3c082f1e6979fe63e268f62

          SHA256

          2732659c339069805944ee5ec67c0d2b858137862c7e0e56900e159effc35c05

          SHA512

          6b95620bff324e90ed20597fa7f1d92ca2e4ef3596633da0b78fbe48e692130e9872e947fd85336cd1592622b426d78c26d1502ffc81799e97522296e7592c18

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          05001a211b3c4eb2eb8288cccaa413ac

          SHA1

          6bb99388e0fa9081985d6d94a42712d954d10867

          SHA256

          9f62c8eaadfee3207765e675a57059839545baea71a28cbefb8a91e4a29ad2d4

          SHA512

          36fd9f5e431bfcaef59fb4bbe6e926b625e1eb0c6ba3d2df7ccd9a342787c44cb01e9b139f024028a69ef68cd994af77d9e6450d69367315af505622fec1b176

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          82c26de3889e3c921e49d0068aa7ba94

          SHA1

          78fd2d9e258730cd4e5b0d9f635bc68ecd765bfe

          SHA256

          479c3b7a176d6e3f95643e722252db2b48136abdf7f0c43f5e5abaa5bd706706

          SHA512

          cee6435bd3a1d5c438e98c719f9c0202b1de8a90f8d04f0489f2ba2756f978af71cf74f2e428f846d935282a80c6030e95870f366e282154b08caedff7b884f1

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          5e32e33c74c82f787514d7c85b34e66c

          SHA1

          fcb6313db89d9b95580a9b8b1b55acf0e6c9f6b4

          SHA256

          3848267828bdcafa55243af9cbdf1842b53f34a0d35217e9ebf1acaedb22721d

          SHA512

          b399ac2dc4bbaf7f0e3aa9eaadf752b19807e971ba032436b42dd829541b8e41190795901c2a3d3425f7a982d4970cd2cdebc0e150b1f54f3a8232b1bbde48e7

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          c7f8c7d84e84b25888ce178d81e73536

          SHA1

          fe68c01f1575b163546ad37a45b233ca0e2199aa

          SHA256

          a89a207c2eefdc7c9db23f1bebfc18d7c2d70c2dc885a7d7bad0c20c6d1ce042

          SHA512

          8d1d718dfad85ea3ddc9eec8bc9526cec3d885525373b6cda6588fd325cf4460a3a65aac5c6968e1a66e87148d82a364dea53b669e2fc468bec30cf058fbcfdb

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          18f6a8a4d217ef90e119fe28e5c1d581

          SHA1

          e3a9b5c06cf2162e7b1f1b9a62b73d5d0cd67635

          SHA256

          7f9b81acc00c5d3799667e0dc4528481e34adf15be512dc5a3c519a53e30b419

          SHA512

          1447b0830194b986f10f36e1bafc86866394726a24e88f447666e18ff67870c8f12ce5ff3ba480db3d1ac6d80a631911b9912bded960932db4930769255ebbfd

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          15a90dffc39f9e9371b9264bbbf82e25

          SHA1

          47be4fb5c088680e52a024e72f231de86217269f

          SHA256

          707a7ea1438665513360fd3230c7b6871fbcf5db9dafde2a8a9dfc7bfc6dbd85

          SHA512

          567971e3cdaa8a654f8f79890e04a60b44447b201c088e616e401285fbbd5b3508834622480415d1339e2b69151b97da190432800a64e26cf7a03d2b8b261aa7

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          77d941ce0fb413a8e5ef105b3a606f8f

          SHA1

          06f8641823d55ea91fef9189b30c6b8c57775679

          SHA256

          ef2e3db3a8102420ae92d9d0585e85b8542bd653add384c074fb51d4a1b79499

          SHA512

          36f142f14a142fde38e827186ed6fade8a3db3fd8c054884ac89b5a59ff32a5aea44d2a63596902b81fbea54442f1bb50c681ac9b1331ee2672403bea60f9719

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          94b1463536156193fa97119084e6256a

          SHA1

          6b5e8ed5639922f833ad54ad2498947c63fe080a

          SHA256

          19c5fd722dcf6840ab315b04b3590e76422b8396ec7a18413520e5259299e725

          SHA512

          fad27240210e59430192538745d1207dfe3e69f66e41a10715b48999a893de6bb202e281cea15016bd2f81c0d2a03833ca541ed46f12fb785c811c5bdee402c7

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          ce302ce703367ea8a66f5ac17e6bd201

          SHA1

          f32a2a64dd90fc2b1bcfb0a188c9aa096ad15178

          SHA256

          fc05aa94773e0ce2a15f16b9130fb15568eb293cc334d672bef7f161bd1388d3

          SHA512

          b5ee4be4e35a11fe84b360ae130e4b5f549f4b2a9a6a23d42ae019ba4821764bb3fc5e3ac6ace42de3710d05384222773689c20edb355c9010fa3a8033c5ad22

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          14540be96f9197d93528ca97ccdff2ba

          SHA1

          9e6384374df16f3e14cdf9d1000e33e803a1fa3b

          SHA256

          8445db635776f0c7d41476e08e8898ab06cef5edb3ae30c15249c6d167221841

          SHA512

          84aef33b5abf6a357fda9f47be6d6886afbcea647876e3ccc2786ac863f55a9c5475463ea190cd96d5396844c59c54707ec3de9b0a67ea8985dddc435de4b1c3

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          d58e73c5fb64fe61619f9a7d41e9eb98

          SHA1

          bf56fc5e398e1cc7cd06b27e3eaff998d79b9c00

          SHA256

          193b247a798d8f4ee0b067c8abcbeeb4984b1e4b999162f65941d0ae989cdec8

          SHA512

          1af3adc67397196459c274e9e55367c7a68e6394a107478f231baf345e49cff2ab97853bdba546b3ebc8e4add283bdd8d6ea20ab37bb0d82b7ee021086ab4ea9

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          92154dd07cbfc15148939d3dacb9d8f0

          SHA1

          c2477269bcc6a886702ec4dd3307fa615c349270

          SHA256

          074c2a86973a56feabbe04489146f4db7c793e852cd8327bb5b49e0b38286f42

          SHA512

          cf30611a58530ac1966c33ee94f333e1e63ff7522638445f54c0fcc0881877098f47f5a7b5e5a45d0ed301768f4973d4a8b5321813d6e22dbe20173f57aa9efc

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          6fc6276304306ffdb6a1f179dc89e72b

          SHA1

          2019d5141098559f9680a9d8bc9adcd8b521ed2d

          SHA256

          8ffc659195f65b69bf23b34812a6bb76b85785998bde121370f935e59b0c6ae7

          SHA512

          9f27e08e3999f898ca1efa67b56317e866e63cbdeff8ff00e69df4b2191376f7f86eb081e6964709aebf8373c10df3ba41229017a68e0536365943a9348a3046

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          6eadd3a5b9557dbb5d6453728ecc1764

          SHA1

          6fddb8cde4d73ca9583427dc8e19a7c3a31d9772

          SHA256

          c2be9faa53287214c7cadd8fec8a313e257b5bf7612ea32dc11514620e866f94

          SHA512

          88df2192b8074042ba61c6e119c9373ba138a2e83bbe538a2cd02e36311eae5a50de000f31296ca2b22eef856b327450a402679494588f7864a7feced3abdefa

        • C:\Users\Admin\AppData\Local\Temp\Cab85E4.tmp

          Filesize

          70KB

          MD5

          49aebf8cbd62d92ac215b2923fb1b9f5

          SHA1

          1723be06719828dda65ad804298d0431f6aff976

          SHA256

          b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

          SHA512

          bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

        • C:\Users\Admin\AppData\Local\Temp\Tar8655.tmp

          Filesize

          181KB

          MD5

          4ea6026cf93ec6338144661bf1202cd1

          SHA1

          a1dec9044f750ad887935a01430bf49322fbdcb7

          SHA256

          8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

          SHA512

          6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

        • memory/3052-38-0x0000000000400000-0x000000000049E000-memory.dmp

          Filesize

          632KB

        • memory/3052-0-0x0000000000400000-0x000000000049E000-memory.dmp

          Filesize

          632KB

        • memory/3052-1-0x0000000000400000-0x000000000049E000-memory.dmp

          Filesize

          632KB

        • memory/3052-20-0x0000000000400000-0x000000000049E000-memory.dmp

          Filesize

          632KB