Overview

overview

10

Static

static

10

579f0a2740...18.exe

windows7-x64

9

579f0a2740...18.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    101s
  • max time network
    19s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    18-10-2024 13:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe

  • Size

    732KB

  • MD5

    579f0a2740ffc2304c75ebebe47c29a7

  • SHA1

    424d6b1ac5ca3f45e794ed04e13280b3f32b8319

  • SHA256

    fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869

  • SHA512

    38777997a1a9f656bd422151a5e04817c8423a0be26490891adc462e1f05163e9204a6cfbe847312355ba1323ed78aad657b41af86fb4077dfc98f5246add64b

  • SSDEEP

    3072:SNLJAjVd1nut+uV2mTVDjFwkWl176jZ1hCagdgvPW:SN6VdRQ/vqkg1gEagdgH

Score
9/10
discoverypersistenceransomwarespywarestealer

Malware Config

Signatures

  • Renames multiple (739) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Drops file in Drivers directory 8 IoCs
  • Drops startup file 1 IoCs
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in System32 directory 64 IoCs
  • Sets desktop wallpaper using registry 2 TTPs 1 IoCs
    ransomware
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies registry class 10 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe"
    1⤵
    • Drops file in Drivers directory
    • Drops startup file
    • Adds Run key to start application
    • Drops file in System32 directory
    • Sets desktop wallpaper using registry
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Modifies registry class
    PID:432

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt
    Filesize

    443B

    MD5

    ab1a8fac5478e77d2c9351652cac7288

    SHA1

    a7843a4af990fc4b4dfb484549258eef60037e22

    SHA256

    e6e856e12d2b572b2353642380b78c3a8d9333615a42034f1ab0121c976ca242

    SHA512

    25dbd2952db75f31df0b61541dff7e2f1d27b2760ce478c9cd27b971cdd05c1d2bf3d69fc9b1390ed20c3741c0e73cf90ce22e3606a2428d7cc3d02ef5a4a3c3

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg
    Filesize

    2KB

    MD5

    80d2ff49f4309770a5f8c9461e24d695

    SHA1

    87e84e1f2c6be1549687a007f5530cfd636d609b

    SHA256

    f16a1eed1bd146f539927ee574b94e22809bc3605bf4665b1ab5ec1390f08784

    SHA512

    ef8528921d949e59261b85c00f03a59bcc594ad02419af0027ee3beb479eee575fbe1b6430920aaba555dfbdd2da7878e106b53a36869cb419a4f8eab79bf933

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg
    Filesize

    6KB

    MD5

    a911850cbb237b7be4de5321256fd8ce

    SHA1

    c42a00e72998ba481c94117ebbf8a95369857d87

    SHA256

    eaf296a2982cda50d7846deb2b03797b2f18e40d725846374a1ab9fd8d8ca3f9

    SHA512

    b7085ca676e0dcda70b51a188d9e295aa5c855cb438e5d17741bff16c55526ac4419bde0e691637b95cefe0e27763679cbd7c2638a083e26c849e8df262cf49c

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg
    Filesize

    3KB

    MD5

    8abb874324b67e4922212b160bdb0ef3

    SHA1

    218fba34b194219b3871eddd710a5d4c201c5c27

    SHA256

    137e7ac68d8bcdbd0296af7b2adb69b93b8c247b6a1391a6b3bf9b497eb45f18

    SHA512

    750039875cf9d9ace1df547ce389dc126ca0254e25cd2608537c2e53a9b1705a3f813c1fa8691e01937444678baee3b3d94f7554470cd192432da91be0d8e950

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg
    Filesize

    5KB

    MD5

    c689fed5ede59211de221838df180d3a

    SHA1

    f6fb55eaf9db0b9e39120e872077febefd069cbf

    SHA256

    a349af3c16deac06a7798271c29d5851f45f7619e08966acf555af6479bcaacb

    SHA512

    b0494ceb1d8740ed197000fd4c7ac6027375f06715c471d1bbb85166a380eb778c3d30ac673df11bfd86cf8113af3650c12dadf42f550b8f9390f36782cacba8

    Download Submit

  • C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html
    Filesize

    12KB

    MD5

    fbfc1cb6aadc7bbcde6e559d8c613874

    SHA1

    7e0f7a3bdde3aff490215e439dc339c7a1411bbc

    SHA256

    c9bdeaf3438b8cc04e83bb5c290ad6e77b155160aa4ff889b51c95f3b7bf16c4

    SHA512

    360f82590469f2f3d334f4e444296ea5ac89ac3a56df366c2544402abe5b01aae559679227b08eb1460f8447162168f2b9eb572760fd5e019b7b9d7fead699b6

    Download Submit

  • C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html
    Filesize

    8KB

    MD5

    a30548f8bc2933aa2c46f8e9ab7c69e5

    SHA1

    f6ab433c7a21ccb42219f7398295fcd723b7a8c3

    SHA256

    828075f11abbeef71eefa4fed5a66418e7b577480ef60ed66a0490736428a07f

    SHA512

    0f570c78e82849f59bb44af8283c9e54cfa95300bde985a7b32cbc5cb8c802efb290ee64c5eadcb007ec9a09bf32273db35b90e9b5e53ac685d8a81d011f20e3

    Download Submit

  • C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt
    Filesize

    11KB

    MD5

    d8c6ce84eb95c017fef1799f3344c084

    SHA1

    bba95c5b120d31ca5d4bedf0d78901b7ca0cd215

    SHA256

    4ff0ccf2b339f8adfb5437e321e513a5ef8750659e0ad25a2fb83f9872c8d0a8

    SHA512

    7d89903c5e8df1469def291b02509a044ce192b7a1cd5f79fdcdde226cdd91a1a62cba07d15c8f3401c2c0877f7ac35febf33389bc8beb9d2fabe81dbf33148d

    Download Submit

  • C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt
    Filesize

    109KB

    MD5

    0ff9d1240f6c94d4ab6757f02fa3efc7

    SHA1

    b59296f78ace026db053186982470c58bc7b7de7

    SHA256

    872f3a3fe729ff43c941c56be07a47709af8ae6cf48599d41839fb27b4397365

    SHA512

    3bcb9f4065ab0b960d98feac48a148625cc8324b4f8976801d6e3b41cdff78a1d7e0800c19e5955ba2b57ef3b8b8feeea2e890ba3663df55d18a99b81d1fe3d1

    Download Submit

  • C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt
    Filesize

    172KB

    MD5

    9a89e04cda1208ed9c118fca0f8e831a

    SHA1

    9c7eb9b41b992120a0664238590a0fa51498c7da

    SHA256

    a8240978c4d4e5ccf985455374c112aa4969b6609878779f03002a0ea8501ec5

    SHA512

    5f6546f8cb5c493a8fe0a49a91ba1d24c26f185de70469504bd0e9d29395933f2dec056cf3a7e42aeeb68290d48265fba7a52221bc79ef64a8e386280cb8ce49

    Download Submit

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg
    Filesize

    21KB

    MD5

    422b1410796993a0761f3b0481d695a1

    SHA1

    3d693d2cd9a1c5252e0f711ed2f6c778c12e343e

    SHA256

    56056c06ef720ede6b2d32170d106c47a89df363311023355abe73a03c4ac70c

    SHA512

    97f61439522d406f84b6945398393145628540408f49276c713f1883df56498102a727305cf0d7c4d93c4372d9de5ea72236910d3d9a3c48b629d7751c2d3760

    Download Submit

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg
    Filesize

    8KB

    MD5

    922e50651c24f3424e2e2bd773663180

    SHA1

    1ae11c8456026eb38b8f8bcf17cdee2f5d22c1e5

    SHA256

    80f7be09e6bb92995f232a1fe6cb917ffa5b8ab8f43761888511b7f80a3d81da

    SHA512

    c2ec52cad05705cab95b3305017ff028127e7f3e63828b6df63f1ab3ec9b7d402e21bbb44ddd7ef6584fcfb0c746fe6fb1b55c8817635e0b4d2ab7b871e87397

    Download Submit

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\help.jpg
    Filesize

    1KB

    MD5

    12c869d37530a531ca957bfa86cc1bf4

    SHA1

    4bec4091f1237320d66a0ef028a137ace96d90fe

    SHA256

    c66c900f25a1e8fa2f4d95d3eb40a1e77844d10856f708cc5d4b65434d7437ff

    SHA512

    4e61c33bc14539e09f98e6cec8a1d05ec6aca8e78c0f48917572352f8501a0ba316299788eb72c08e0c9d93cab291355cdc0bf2e12f769edeaae7f8539460114

    Download Submit

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg
    Filesize

    8KB

    MD5

    72be38ccc391bda4c5288e5d6b6242cc

    SHA1

    49ccfb4921d4b7bf39ff80e7fc6f4af4cdef187f

    SHA256

    9b68a0dbdb29d47039f7498f20f7863f8623b7aa87b53b40304fed2dafd46801

    SHA512

    8a26dd418767f50af2c937a60c9f27b9dbb647d65e2ec90cd5292131c24609f38b277ff4ea23ce342f751bff3c19c52a1daadbe815e963fb51e1a9d7ac64b4d9

    Download Submit