Analysis

  • max time kernel
    122s
  • max time network
    130s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    04/11/2024, 01:51

General

  • Target

    8e8fd0b75b84ea8c55e48a35d34a4a8b_JaffaCakes118.exe

  • Size

    129KB

  • MD5

    8e8fd0b75b84ea8c55e48a35d34a4a8b

  • SHA1

    860f945831c31cd0dc2de8f51eda92fddf172b5b

  • SHA256

    5628719cfb02376d02c02e23c61eb57e0052d95d306bc34b138778960f1443cc

  • SHA512

    2c5f1ae627f580458f6a61de25fb3bee1b7692bc3a4c7598b5fcc4cfb5cb7ce89bb6e4e2efe9c2caf56d85679a409b6946a2a12e064d3d8e3a984159144b4c7c

  • SSDEEP

    3072:pKcpuHvsgW9KzKAcntvkVcXHLkiX/LYuIi9X3kuJ:pXgWkzKFtOcXLZXjYu7b

Malware Config

Signatures

  • Windows security bypass 2 TTPs 3 IoCs
  • Deletes itself 1 IoCs
  • Windows security modification 2 TTPs 3 IoCs
  • Installs/modifies Browser Helper Object 2 TTPs 2 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

  • Drops file in Windows directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 6 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies Control Panel 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
  • Modifies registry class 60 IoCs
  • Runs net.exe
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 27 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8e8fd0b75b84ea8c55e48a35d34a4a8b_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\8e8fd0b75b84ea8c55e48a35d34a4a8b_JaffaCakes118.exe"
    1⤵
    • Windows security bypass
    • Windows security modification
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Modifies Control Panel
    • Suspicious use of WriteProcessMemory
    PID:1352
    • C:\Windows\SysWOW64\regsvr32.exe
      C:\Windows\system32\regsvr32.exe /s C:\Windows\ieocx.dll
      2⤵
      • Installs/modifies Browser Helper Object
      • System Location Discovery: System Language Discovery
      • Modifies registry class
      PID:1956
    • C:\Windows\SysWOW64\net.exe
      C:\Windows\system32\net.exe stop "Security Center"
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2884
      • C:\Windows\SysWOW64\net1.exe
        C:\Windows\system32\net1 stop "Security Center"
        3⤵
        • System Location Discovery: System Language Discovery
        PID:2896
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://tubeloyaln.com/videosz.php
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2520
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2520 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2816
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c ""C:\Users\Admin\AppData\Roaming\asd.bat" "
      2⤵
      • Deletes itself
      • System Location Discovery: System Language Discovery
      PID:1616

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          7b308d3fc25314cb553ee0f89bbecff8

          SHA1

          3f635ad36cf0cc7ceb38f3de15e1f7c3f70f5393

          SHA256

          aa65af7cd94706be0a467d96a61b4187bc95fdf8a2ae9013b261e639f15feb22

          SHA512

          4b0292e4a53685592b0da681f65760f7ac9533d41e01fb70804ff55e72416c5c1ba6003f33a70082b8690f530adc60220d0a5c20d4cf2e1c69ee0c6c2dc3e0f4

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          51c45840470a143bb6aa86402196ef90

          SHA1

          00dcfbee566ac3b8444baf77f984cf1e5f4df401

          SHA256

          9aac75a74955f2b0b83af4f90213ecb6b87f07452526cfc662ecf70b8285635c

          SHA512

          289462f9c07f0f0a78602e3c354be39a2e6b419bba8fdea5da75535e170743cd76f55c32185ad6042ee3acaffe177eb1dc5ed6a3d3192c39406c434cc0cb25e1

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          8e3f4377431420ddfa1ffec037544792

          SHA1

          280e30e95c459b7658bf2ae6aa6baee74cacd46b

          SHA256

          4568d939294c29729cb9f64aea1dac00a6625c7f8d2cc5b08cc5fe4ae1e44ae8

          SHA512

          af4e17d2c8f47c7fa6c1d87e3045a6ee7f649714805486695c040fa4eed8ba282fced4e22c369fea7543f17c5dbd80a92e88691a5a9817031301619c2fd015b9

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          5a6cbba6f752d8fa51e849252a86c3d3

          SHA1

          a3de68bd2240dde0090d3c5dd09ee17eac7611d6

          SHA256

          61796d0dfa6d4bf88e6ae3dde84692c7d1a7d301885fd6d741c5ae1117a6b07f

          SHA512

          162037ed4a4ecfcb18a257c86e54ee26e2863bb74a90d0bc1bb9b55aac894d95b0e1e01bec0e11a48f16f665d3f80494527228f5ab83d6c81d4cf9b2d6389735

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          c464ae3b3aa0b1640b3c97f6b22f181c

          SHA1

          75993dda1dfe972c2c686afdeaec11553309ce50

          SHA256

          b11fb653e51d846429d0653e63e845abef0932420f9a8e19aa8145f0bd166f2e

          SHA512

          2494edc3a7c6b6306fb8f5661e171d1b56efc43158678eac6096575afe82e94e033a2c50117a621edd28236a87eb711cc9442593c4a70edc476ec521081185c7

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          4f39619ba246e8545f77940a2ffd7860

          SHA1

          ad418ac6b4ee0d171c7724d8cf7090e9f79a2a97

          SHA256

          249e8ff519f0fea1d5f08f01f98d1fc255afc4dee5b9bdf5d118fe0be3f42955

          SHA512

          cac63b8fca562bd21ccccc3cfeb9a3c1689341d5a72ef28f3cd21bb3b693ba2a32d46e4f9646579840dcff492198b54eaa1d9fcf271ec7fdd40e6e99a73a3e9c

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          f446891cdf197b59d574e9cf78ad3eaa

          SHA1

          6be4b47c4056439ffc7bd4f1490c3ccb61141353

          SHA256

          3f9dd27938c699eec90c80871550caee3e029f1a3708795854b686a2524c25b3

          SHA512

          a1b17f706204fa1c22f4d5cb184b0f0571dc4aba1b6eb00be0abcb6bd59f2b67b049b1e0578d836933e8bc33253507cc940c34f89049f6d35bb58cce5b96f4eb

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          235610f47afb44db69ff901a8d34dc40

          SHA1

          766e1c1ad85e3eda5ced39ff0b71521102cdc2d8

          SHA256

          07f23620d586090112ed5a281441374d9ff715b8fcdaacdafc171ec3e7840a91

          SHA512

          5337ffcddc621c57b56689dd72da3e596211c9230726e6a6342f2afdfee7df59c09556c7698adce15d3c1dfc94f4df6aaad10692d6e06b0ed3db8336ffbda185

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          cb63fe885f703eb0feb57cf4c8b607e6

          SHA1

          9ab2247582706bd5886dd0dcb9f560208b68adbc

          SHA256

          a413af9350407f4ff70d20e17a37af3f034e2c2441298ec4cc370c15145d81c8

          SHA512

          f1518d727533bf2f98e42d930341eb1064b6a9bea3ce6c0592df69858a84b8bbfd15260464ad33493e3a64d7854a4f1f80eec65bb33ae268ba35f12c1fdd8cf2

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          afb5e18500e58ab06d1730b6703ebbf6

          SHA1

          57cee9adafd9cf913a2ef8df2e83e0f25900baa1

          SHA256

          bc8992a6d6e1d7f4a4564c3acb3a73b39051fbf84e0152580ab791ac3cb37513

          SHA512

          a20051d45121a25ee430fc1551f475326a1ee06fc57313562d05a688d970ae05839165b0cede9a30391088732c76d5c75e428dd173ae41362c70d92bfb7b66a2

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          ea65d27265de7b8f7866906341ee8a70

          SHA1

          60b3369cee35f976a7baa1d62ed2bdbb3f7471a2

          SHA256

          daab9783c616aec20f9ef276045f53060cc68991d315eed9f8e2284e203dc4f5

          SHA512

          739e74e63a8e2ab4ab9fef4d02231abe393c3a37a420ebe43238c3c465e1d5602f916bb4751eea3464321cbb9f52683bb3b126516cb642b6fe8ef83efacffa66

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          1527cf0274e1ef8f6f4b19462fc09263

          SHA1

          465cefac36f3c786f3761fc3791b69e5ae173fcd

          SHA256

          8bc08cb7863593cabcfa41ab4ceee9bec9b4d487b6e2236f234771c5d0e8b7e2

          SHA512

          0f109ddc5c0c44ec97065e88e59347090d2ef7714b0cbb3c86082c3b5f83ce4c2f6723e18ec7568d9cc9726a08956b246e070392b5a2ab6765366b9a305aba23

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          f2dc3bdf7c8cc2ccf10dd82363097cc2

          SHA1

          6a65da1c540e0b1cc41b79efff6730c9ce244207

          SHA256

          4a4c1755c87264fdea61e84acba076a5253ba0b54cfa76c90dfad97fe1dc0ebc

          SHA512

          7bd71a0539e3c26f3a8d4b6d65b72cdcfe3f128521f0935c94d736f19e64b7bde435a0efdc6168a67351a52582cbb91515cc2dab1a2679ae0c27513635455616

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          a1af8b73ea0ade2f0e1b8352be120c86

          SHA1

          0ab325ba8d26da22823bc4796a73f9419a75e08a

          SHA256

          021f08274b1a69c83e2b5195ea6fc4b483f03ffa1f80e78e7484e20afbfd53c9

          SHA512

          a061374cd5635edaab057797d908be595c7c6ac5ac371630d5d120143133fbadc35102bd35da078eb0556481d24da2417201e61d5cd2a6d065d1d6165f73fec8

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          fdaf7f5b26c20887fbc66a32796e9868

          SHA1

          703cb4209f8e59e885bc972eabede886c6a7ff5b

          SHA256

          01ec34d3d95db1604b92d14c73c281e64b2a1b3d606ec11c9a844b92bf1c37dd

          SHA512

          60f0b04360af725853953c1bc9cb46fd17003509e989318a6e88c751494780e70ed93cf8e239a0c033e8e5451ced09b613f01cc3cdc1fbb04ed4a60d71ab7dff

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          c4b6ecbaff7bdd278599b3503db4048c

          SHA1

          7954f9ffd48bb1f671511eed91f953afb0b57c02

          SHA256

          2196f4e43c205754ba751a92971d5903d84f4cb6c509661fec5147da2c398817

          SHA512

          0aa8d49166237ea641b765ad0f6e73ae888a54e2b3f1ed518069561745e13bc6bc07b65a591bc41e03156f1a932223dbc474e7579b8e5864a336153156f4072e

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          8e8cbaf2cb26da9e84c5f935cb532d37

          SHA1

          199b7771ff6c65bc478e301fd6dec451b493df65

          SHA256

          f2e5fe92b4e56ea1be215f4941ca5eda6f5e9deabbf3c037ba03eb90fa389885

          SHA512

          554b0261b26be59eba7198f41d41afa642250fd304d2e732842027315e0f55aa24594fd9a5fff466ab0e4507c0dd9620a0a3ecc982ba2eb632a385b46b0e55bf

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          6c55047d3d49b5b58f25adb06e4a7877

          SHA1

          4e58c24b2cd98feeeaa4899dc7b5bb8e87ddf79b

          SHA256

          5624397d9bb90b1293567efb51af40cecf09be5a21dbb60870b7f5924f9bc809

          SHA512

          8a4e90b65efd39c70d412a63078f6222d0587804c0b5a7a244708a841cad3f9d96e971e99fab4398bcd3f84f8ad72c3fef3cab0e3c402472684401cdf07d2a71

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          5daf24cd94e579158df78bce7a729d0b

          SHA1

          d7779697e2cd5885502e7f54707e0b19c34662da

          SHA256

          85dcd0d4e7b2fa7124c45fa5cb213ca4893fc04c44f3a7377fbca1d27cffcef3

          SHA512

          640ea70356ff493c654919d98d068dfe7ffa0159bf62fba0c002ff1c9473fbc2b3ebfe5ecce1b8fbdded2f982d6b15040dae31155e25fa587848635bddc16a2d

        • C:\Users\Admin\AppData\Local\Temp\CabBB83.tmp

          Filesize

          70KB

          MD5

          49aebf8cbd62d92ac215b2923fb1b9f5

          SHA1

          1723be06719828dda65ad804298d0431f6aff976

          SHA256

          b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

          SHA512

          bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

        • C:\Users\Admin\AppData\Local\Temp\TarBBE6.tmp

          Filesize

          181KB

          MD5

          4ea6026cf93ec6338144661bf1202cd1

          SHA1

          a1dec9044f750ad887935a01430bf49322fbdcb7

          SHA256

          8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

          SHA512

          6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

        • C:\Users\Admin\AppData\Roaming\asd.bat

          Filesize

          256B

          MD5

          45d14911e4f9937120fbac4fe41d4d7a

          SHA1

          29f8383371ab364534791374872e84550bbb1061

          SHA256

          2b7ac359a4c04c42ba8690b14a313830d7736b950dd34855e854e3d4c3fbaeef

          SHA512

          87fdc46d845eede03178d1dce29a59441c0bda47207dab0512f284e964a6dfcdd68741bdd0ae69b1a5e386b67fcd12ef3f8293ab9c5aeee2da72ba96004dbd68

        • C:\Windows\ieocx.dll

          Filesize

          26KB

          MD5

          34460c143c2ae3cf9b4ceb706f49f61d

          SHA1

          914a1f1fbc0780e82c83e6e6fb9abb6f39ded0e1

          SHA256

          c92442bc20934871d65309a987b610636d7f19621b297385b4ff0a3eb8333f2f

          SHA512

          632108e40b868bc785890d74053979c574f7f5d82be2dfad518edc778017f17f39e64d9828b82cbe00a5d140f6bea37ee79d7ca98b7c67a1f48f6724d2069dba

        • memory/1352-19-0x0000000000400000-0x0000000000433000-memory.dmp

          Filesize

          204KB

        • memory/1352-14-0x0000000000401000-0x000000000040A000-memory.dmp

          Filesize

          36KB

        • memory/1352-2-0x0000000000400000-0x0000000000433000-memory.dmp

          Filesize

          204KB

        • memory/1352-457-0x0000000000400000-0x0000000000433000-memory.dmp

          Filesize

          204KB

        • memory/1352-1-0x0000000000400000-0x0000000000433000-memory.dmp

          Filesize

          204KB

        • memory/1352-4-0x0000000000400000-0x0000000000433000-memory.dmp

          Filesize

          204KB

        • memory/1352-6-0x0000000000400000-0x0000000000433000-memory.dmp

          Filesize

          204KB

        • memory/1352-13-0x0000000000400000-0x0000000000433000-memory.dmp

          Filesize

          204KB

        • memory/1352-0-0x0000000000401000-0x000000000040A000-memory.dmp

          Filesize

          36KB

        • memory/1352-7-0x0000000000400000-0x0000000000433000-memory.dmp

          Filesize

          204KB

        • memory/1956-9-0x0000000010000000-0x000000001000A000-memory.dmp

          Filesize

          40KB

        • memory/1956-10-0x00000000001F0000-0x00000000001F6000-memory.dmp

          Filesize

          24KB

        • memory/1956-12-0x0000000010000000-0x000000001000A000-memory.dmp

          Filesize

          40KB

        • memory/1956-11-0x0000000010000000-0x0000000010002000-memory.dmp

          Filesize

          8KB