Analysis

  • max time kernel
    140s
  • max time network
    152s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    04/11/2024, 01:09

General

  • Target

    8e67ea32e5e1f2537a1989e90484ec66_JaffaCakes118.exe

  • Size

    226KB

  • MD5

    8e67ea32e5e1f2537a1989e90484ec66

  • SHA1

    d80b10243e00aea26e4d1ea406e2cb931d1b91c8

  • SHA256

    c54d6d49c22db7490618e514f34da49943d19022c5d3b6ad61d72d65c776375d

  • SHA512

    d7f3dbdcd85d37ce84117f1ba045ae2c6fb256cf8800329a29a41c77ec6d7dfe8b48d68ef3253385b35f4ad73e841f01e1db963ca50cac32167d0e6b3ee1f658

  • SSDEEP

    3072:OYQMwnLzCSgXCHzypVSwfmX8PiLrjRO7pC8wOmWS+wC/NXk+hNOt0SRKbOIr6bqn:OYknngMy3SwfmwBwSSvC3Gt5Kabm

Malware Config

Signatures

  • Checks whether UAC is enabled 1 TTPs 1 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies Internet Explorer settings 1 TTPs 35 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 9 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8e67ea32e5e1f2537a1989e90484ec66_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\8e67ea32e5e1f2537a1989e90484ec66_JaffaCakes118.exe"
    1⤵
    • Checks whether UAC is enabled
    • System Location Discovery: System Language Discovery
    • Modifies Internet Explorer settings
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2532
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.gamecentersolution.com/downloadgame.aspx?CID=21157&AID=527
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2636
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2636 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2236

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          2d73c374f8d13015416c4e0bd3a55524

          SHA1

          1bea00b9ac39f35e074241cbabad4832afe5f167

          SHA256

          78220f2bb69adfc1aa13a5ae53ff1318e54a10f079d11824ea4631ebeaa63047

          SHA512

          47296c5fc52533e2eb14c51da32c63ae090e3db0430bf4d6be3741c0bb347b40f015bf9a0cb2087236a554f3cdfad5fcf858740f49dd6c97ce51e850dcc01559

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          399d88621a8d645af3ea35f54352110d

          SHA1

          ead7b2aa93a59045747acd29400aa9cec0192acf

          SHA256

          4a6c77f817ff2efbc8c9f916b6e542aceb92e8115a19421c2cab762f11b20b6b

          SHA512

          72c6d8eb3e2542142621642c4ab140baf5b23f9c8ffc4c7db5e158f4ab51ca9087eddd8b60ada5472af30a33c5198457bbaffc76d1cbe50bdd5df20b0fcf56bf

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          317d50f581fa6dcbf82cf34e9c1c3d69

          SHA1

          f8e5e5e9d763cfb627f972743f28e764226c73fe

          SHA256

          fd93e5f4fde0c0a7932b47cd1c587be0e11bc0f1c87cdea57d282b428fd85369

          SHA512

          1247159170186446f65bdbb8dc825f54a81467b777716b077562b7328429df2a9863e5b2ce00b50c4969893b70b4965aefbbf1fb13f07cae1bf79b8d7c27e3c0

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          f92b6d4aebaf84880bb1c438d0e8377d

          SHA1

          83ae7606b3d3e9dea012f073375e26beb1b1c601

          SHA256

          6f87e89fb6962049cfe2c84eeb6e618e54652d8655a928e44cad591fef1bb109

          SHA512

          632b704c9dec4ddd9beeecd8b5f87d9da413f215688f0b13a25657460eb4b189cd9a45c6b2701ea943102bef2a74b2ef2cf28c60bf0d6b41bc8e24e2124ce1d7

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          8d247bacae055b60b2c8577f65b99c81

          SHA1

          dd96c655a65feb7df1815f717004a90de2ed94a0

          SHA256

          a520d984e37da31d149b9f17aad90026fbb2826914776e95ca9ee562e9dfd819

          SHA512

          924851f83e3afd9ba40e189478d2b2d216961a82be3714cfc698e2fc1508739ca7d6b941803136cf9d4b6d740de41d657ea77092497775028125537fb157a823

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          8f87e0956a5963a6ce8550891ca0e14c

          SHA1

          e6bbf5e087bfd1f8386fbb0f66fcb09fe5e9885d

          SHA256

          42faa6f0340aa8764cb2715b950c34392861e6b6b1e9a11839804db93ef02c76

          SHA512

          15703faefdb20668c127ab927d63a1fe3fed74b3af615ab10abc5a412d071797e6c7cbcc390cccccc9e985cc8be81d8c9b4832da5e4a67774c36578e666d51b2

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          337ffba9f14631598a3adba2008acdc8

          SHA1

          28591b376b5823ed0a61817ca66f1593a1be93e3

          SHA256

          4301e5e962a32bbc45f9b6b0ed3c4e662dddb34bc9ff79be54498039422dfd40

          SHA512

          528676938ccb1c8c0d9a38a87b2b8224c52905cae98f0bb2c7c7a3d6927856d40f90967c04c834feb16efebab47da7b3f2d2b452391f402f08c46c6335097048

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          d2319405f8ca75aa1c51ed606fa88d2d

          SHA1

          e16643f905c209aa5fc9259e2faba3a99b5702bf

          SHA256

          8c1f7a1ebdcf2738ac4c7d1217ebc87e3bb3ea25f315340a9df0f451cb55b5cc

          SHA512

          057699a267d1940e42c9ac5478a42b0e96330ba005b0b745b2100dff2caf2ee6ffec2747e1704c1478f54b40fccf28489e3c5a6c5960f5fc2ea976a7e9ea9b21

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          af55adf663f6bbd0927bf87d9fcc36fb

          SHA1

          a688a938d9a06b7d92b0df8392bc84fce4aa3d00

          SHA256

          3e751fbabfbe908ffc460b065f06e9622b1f0f349729d07b9f6a553ba9b70cad

          SHA512

          e50e2c4b99787d2957adbb94860a8441e7468b1dbfb75a1ad58d317f442ef0099299bb2450acbc5c11a61562564a62c28b7113ea6d6c0f6899ccc44c30a96c70

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          d20ae66e55a16c535a8ae95db72ecba9

          SHA1

          b63b2844df1619e5ea658f00279770e28705930b

          SHA256

          c9765cc9ebd791928d8c4c47b715db98606a1c187b124ee6784829bb06d1bf65

          SHA512

          12f7d7c82bceede4d02f3728331f0fe9d7884d3e009a194b75c1aa64eec88d5f5f80dcd69b2af3e08c589be609b48fc0e74da23b7b5652d203dc672c24039b09

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          f2286b2690436273f7477b41489787e0

          SHA1

          669a961899aef46f25a16ef6347d8e9b1f468fb1

          SHA256

          9582c3ef307b57eee236065a43c74694e353385b50cc82f393608894dc2ef0eb

          SHA512

          f41d9f6ab331c65dc44906a4d32117cf9300b32989454e7b3495e77530c051a594713b9ebf0276341f00d42f5fa909bd9ac409bc20a051e5c3609dc83e9b3aff

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          7929c853c84f5da382834b56aff9a68a

          SHA1

          7b130a8ee43d2449d6002b37578a9880105e57a5

          SHA256

          b5702737ab6ef3bfeabe3021f974224bfd7f2945e5dc82e278a4b0376528f773

          SHA512

          f1dace72fdcaed8b0b1ba5f61b816a5ad1c7861d5edcd70665bdd9b9fe8f5fb4599905b13b2d33a8a85c30fb3002bc1edf79b559ea8ab25374196027418d6404

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          f372e4662fa84ef4a9ea4ae0bd465eac

          SHA1

          c4aa719313251aef1b4870d95855213d45d19ee9

          SHA256

          a0f18ba98f13d35de1fe2c22f2550d4256c0c9a7ef49e946b4c2a95388adc410

          SHA512

          b20e3e8dbc9b78b0d05653b3dbb26f1fdf5d66dd126be35b3de8b0bd8b50ce5bf00b623022571b7367a59575138dc521ab5e0c637541e99a11f0561107ae2a65

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          9ecdd112e9c21f8dbb7b08e50cd5bab6

          SHA1

          9256867fe0fab827380ab618c8d825bf45782da5

          SHA256

          166f6254e7a7f96298efb569ad0ec085d2d7d68b0a9618a88954e040a071face

          SHA512

          32b86de04b2a552fe368dadd0c7cb977ea25166943e4f8b98bbc53b20707847926e6b92a3b2ae1222ff4d1f703a795f6d4d199f75aaf9c44cc286ca1487909fa

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          b2006f309e8dd8ba96984b85c42f0284

          SHA1

          287b38d839b0d6b3df329f16a679719078ff7f17

          SHA256

          e51d62b249b769abd391d8d527c74eb65eecff64c344791db8166e0c7ef43bce

          SHA512

          36e4c627aed7a7388ff0ad0412da40e2c716cbff545b418743407d2dc1151ddeedd5b82dca10a0bc5b3660c7d0d2823f12570d208dc488c54a1fd8d99bf839d3

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          c2f4c3619a8381f1221824e6a065491e

          SHA1

          ede425511866d2560bc3ce3b1f55aedf8420a3e4

          SHA256

          834e8f4f17d887617a2e2cd813766a80a4550ab8c332f29e363cda1544387de7

          SHA512

          1bdc2c274dfc3b68ed4a743b55ab24841e528512c95a26593f9cbf77d975a41689df9321f3a52d3b135968062356fb4a0a6d203d423d7f02a4b01f2d09834e60

        • C:\Users\Admin\AppData\Local\Temp\CabADFC.tmp

          Filesize

          70KB

          MD5

          49aebf8cbd62d92ac215b2923fb1b9f5

          SHA1

          1723be06719828dda65ad804298d0431f6aff976

          SHA256

          b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

          SHA512

          bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

        • C:\Users\Admin\AppData\Local\Temp\FG.url

          Filesize

          192B

          MD5

          0fcf82b5a915470e8a79d3516f582a36

          SHA1

          75f81b41607905b231521243129aff3554a58db0

          SHA256

          076264d4f165cef82f0cb07f6795f1d5ffa74741a943fca42cdeac65823bcae4

          SHA512

          adf69ec56756fe672677b039cb44bb13fc3adfac569f5ea4eda4e7b35de5ebe0229c5825ca8337aa2c623a773bdf775ddd3689e9fae03a7af1f694576d954293

        • C:\Users\Admin\AppData\Local\Temp\TarAE9D.tmp

          Filesize

          181KB

          MD5

          4ea6026cf93ec6338144661bf1202cd1

          SHA1

          a1dec9044f750ad887935a01430bf49322fbdcb7

          SHA256

          8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

          SHA512

          6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

        • memory/2532-26-0x0000000000400000-0x000000000058B000-memory.dmp

          Filesize

          1.5MB

        • memory/2532-1-0x0000000000400000-0x000000000058B000-memory.dmp

          Filesize

          1.5MB

        • memory/2532-24-0x0000000000400000-0x000000000058B000-memory.dmp

          Filesize

          1.5MB