Analysis

  • max time kernel
    140s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    04/11/2024, 01:52

General

  • Target

    8e90af6cc31cafd37c5848fa12c61c61_JaffaCakes118.exe

  • Size

    146KB

  • MD5

    8e90af6cc31cafd37c5848fa12c61c61

  • SHA1

    731a9325fb6e7c2716b894bb59e6cb70b44ad62b

  • SHA256

    283a1543dfeb0029a0dc877278772e48b76fa36f3d914ecb4e1a55b9f3279945

  • SHA512

    9347971d2e072a98172fc08fe838bf3e07ef7573b300781ce1f0bec6b0e1d09c4b4f779c494147762c3a1be6ecb854c860752fb897b2713adf7d546b2e92b946

  • SSDEEP

    1536:4RY2500LuHswY4Q26KxMnR5YfQ0dhx2mT8+Fq3kiUocAvbmZk2rKPMfUToMSKqXO:4RQswP1xx8L3WhsmSvmgMfRM7fB6LS

Malware Config

Signatures

  • Checks whether UAC is enabled 1 TTPs 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies Internet Explorer settings 1 TTPs 35 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 9 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8e90af6cc31cafd37c5848fa12c61c61_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\8e90af6cc31cafd37c5848fa12c61c61_JaffaCakes118.exe"
    1⤵
    • Checks whether UAC is enabled
    • System Location Discovery: System Language Discovery
    • Modifies Internet Explorer settings
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3032
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.gamecentersolution.com/downloadgame.aspx?CID=21157&AID=570
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:432
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:432 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1940

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          68df469a4b391f9d3bd2208a6cc52173

          SHA1

          5b67d3ba3647790d6b6456a550eba664ac542aad

          SHA256

          19171e0cfae1e0d216b5dd423e955043b8b73bad5578cbd9d9314278e645db38

          SHA512

          27ba6310a6f8e9c06907173fd6d3e46d2fe709af2cd6218d59ef08e3c98550df6f8c4d0be462c8a2b0104b98c3b170b1e5b93a3ce4b14030e9e029781397830b

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          060e42f68cac2f7d710aa1ce86f872c6

          SHA1

          91d1a80460585866538ff99a12a10901a94c2fe4

          SHA256

          bdc7804fe570624090710fe392745fece12ce516193b291005d52e8c6ed8c3b2

          SHA512

          68e9fa36bcec381e32304586b8611c4e8147ccab50334e94301fc41d15a0325917e3589db445403ac0fc281420491b9650d88daefcc2675a9c22159c1f8963d2

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          dd48bebc6ce244b6dd759787c8e2f19b

          SHA1

          144b3f1b97ead1e69f358f1575ee354129660eb8

          SHA256

          cc80fe19358f63220b9eea9431e71c115c4ff20d92ebe984804f4594e1a44448

          SHA512

          45c2145ae2f927fcefb6a1d4584f5e1d6ae552b306cbb565e36613073f676e1428cdf3adcba2f71c07dbd8d5729ddf8f9de39e217c0ecf75acf6fb737c6baa10

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          8b82ec662829639f30e2a181a2129614

          SHA1

          098cba2153710433a29e31250fbe768fa33882fd

          SHA256

          65e25812a69fce33994391416a8e6253f11940b47ceb41af564072fa75c373e7

          SHA512

          8f2d5532113e92095d583babda41b8d4da99c10454464bb75502712e5b7b4a7ffb7572aa5ce543697ce200ee85ff5b1cc23cb5d81b3ec8bfa44749adc6bdfc36

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          b2832b2394a2dd701bbf7ab7aa687452

          SHA1

          1730df8abed2da0dc8e8b3353342ce6f2886091c

          SHA256

          017b9c2ade5dc44c46c3437a9769ae647ce6bc77dfa84660f841274a0db90404

          SHA512

          e247d5faaad5d76b1fd96402fae75ba6cafe28c08e7019a6f481153ada8f9272f3e8bdf791b86a445b795cbc404aa86ff3c626688fd2550135ed180c10985159

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          312877f6f1939a26403d2e6e27b89929

          SHA1

          cc3d07d4406565f23dcc650e2a6e3f0cf97f90e6

          SHA256

          e2aaa8f6027910667f6e9b028291bab4ecc737c031139d6256266d31aeaf6e13

          SHA512

          3f4bffbdf5e136b379e4059d94af8921f83f1fe350875eda46f16ad72dd01d0958bad183733ffae9f6e245504aa4e578f5d62880d777370065c5002732e7739d

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          3c1f718c8a4de9ac271d2f913b8269a6

          SHA1

          85afc2b7a355fa4057142d3a737cc03d8194a57f

          SHA256

          f13110fbe88e41e8ce6b150308c858b1b20093abcd34e4e2afdcd50031db5cda

          SHA512

          c88b35b791f4009f0c13a2fd0b7c6564842772b8f671ad84eff961905f672895fb525dd8f29a56ffa6ce729c6dc309befe5df93fb5788ce5b36597cc120fab8d

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          dbb4ca2ad04e91b0559a1f16c8ec08be

          SHA1

          c7cab348a14f3833f4b916a53c4a26e72ba23dc3

          SHA256

          b0f2f592e87ff2bc99df4f96eb744a472778bd59c7cf436b590c506edbd31653

          SHA512

          7f10527d0a348e7668f58499400f67b1eba0143957ac6e1122ba94f103474f4d5c442f28aad59ee467cf0aaab5e774371547c7367243a81e8457dbf8edaecd97

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          be20d7a7f3ccbbf6c7653ade8daf66dd

          SHA1

          01d0a5d540a04baf5b84d7d55c2566737b4f4e3f

          SHA256

          2989df4118675fbbf50a28de3a1c6704e71c16c5e6e5151da384b3f788d8a85e

          SHA512

          103ed7115a9bfd91414634d5d9b694598c033faa5880b71482a2897d7286865d4ea0653c1efd4191a5f80ef0e4c1f349034732775f320022dcf91c936f62582a

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          a6dc935d84f199ba4fd6efe6b8b008cf

          SHA1

          c86b6bce02f4e28449190237840e0d187a60b4ce

          SHA256

          f55fca24632476f33af47e416f29f527ee3ec6a598cc1e49b2dca809751f4d89

          SHA512

          49b25eb5290d81ab5aaa76a2c0f3273f96fd52cea48d0a5a530dde1f8450b250a38506affd3245b8d1c5b003938c8dc7a9c954a3ae225bd6293aa29a27e0b17c

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          3aa9be44edb7a17d53586a11dbb97512

          SHA1

          3400e9b93aa66819cc1c6ea672d6b6b968721e53

          SHA256

          2d4258ab6896d76098803ffb7b2fb424ee9cb5a98ee1f975413dd416e14f847b

          SHA512

          7a3114c4fd42d469fecda55a6b8511ee0f5922bde2edaeaa844796ffdebaa0f1b9ad03f4357c7a56804f304b65257f1cd718a3ffce2a3e4aacb7d43cdb7043d3

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          5a3f87bf47a3e62cb2fb79c1c9cff7dc

          SHA1

          50afa1e27252cfb75fdfa37f4c5f81dc48c5bc13

          SHA256

          a4b1214004e322f3270dc7628d0ba4c5024bcc6f4684fa0400162521c61a3b1e

          SHA512

          5c447d0dc03ba20061c0827e5a94de1d512c6b009f7740df7bf065674da87d8610257e090d0bb50353750875a46fc03693731627742a7da5b27bb76661735e65

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          6f3e4bb8996a52a5382930a4995d93e7

          SHA1

          330caacdf5e9c48478c208ae2e93fe82ae0052e7

          SHA256

          59a67946c41b220347c4859becda1bc691a43a192419d9cda3f1745581f7d01d

          SHA512

          cb5cdce03bae82d2b746d381ea373e5b13e6f0f2a25a44e9dddeca99839e8a9afc53fa9481bfd6a743da618397b20172ed5df4c8719cd499f3e09a5acd871d0b

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          3c1b44a7222ddbeefbd67815ffce1b41

          SHA1

          faf1eec60efbdc8ac69c6b88305feecabfa24239

          SHA256

          d98412371361743fb89abf76cbd2881ee93543ac581c9adb6650fbe508fe108d

          SHA512

          e4a0ad8a9aed37c2b1c25a3ae01fdcc48f309478879e0467f3069cce10319e678eb11995afe65d0087dbcd40bcb36ab4aa28453f230aeb2322cf17de09b8e98d

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          5a30bd77244a55b1549304cb3cffebfe

          SHA1

          02f13dd64c4846e3e3c737ca3875b7cf616584eb

          SHA256

          aeb9041f922966448f4521d65e2ae3ec825c0de0b00bc2147d63e48abed99af6

          SHA512

          0731cfab815d2358d1265c5f498b93cd7d8ecda9fc1ed86bb9a69e66efd1d8c34459a81d6366b069eb080adaf712796362df0908a514dc2e86dcd5111c8a752c

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          038529f710526a0a31729ecf5dc1475f

          SHA1

          6548a404e09aa92b1fe32a466cb050edf82b48ff

          SHA256

          f4e0b2784491565523a26ded02e2ca316fc6cc26542e06ee1c714209e06ba813

          SHA512

          e2b1d298115a3f2da0ecbd6bf711fcc4646dc0b37ac2e243ff0b8b81530c800361e1a1520599e9e5c2d62cd3a96759ceb37edadbf99d27af67ad054dcff940d7

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          cdfb7242f774e6c991556c0fd44f9a82

          SHA1

          61b86b748151b4993f8739bfddbdf869fd6813f1

          SHA256

          690f2ff3255fc7583e47aba1388c106a73934d0adbd8b45fffbf51d4f458e99c

          SHA512

          73e17f1bc6924668fb6fd5798accef4e6364da5848ff194a3fcadfb250292d955a84aa17aaa0d255421173a9630036e4a707940f9a4e533413501dcd5b0a90ef

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          01f10bd3b913db7b9b2d43cc4acd7733

          SHA1

          de3631fdb242e4a2017c712ea191bfb9428b3a14

          SHA256

          f0f00775a53b02eead10fd3a57329ec4805c48352b8553a463eaa4815dcb0997

          SHA512

          6eb80770e940af8f01a590c0579da6c4897a49ff50db2362e0ef40c0251dcfcd57e99a6f774e2e666af4d7f7835916d13d54e65e066a4b35c5e29f9dbbdf5dd5

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          7f3ef6bc37b45bbd9206d4231e21c11b

          SHA1

          8a0108586ae4e630593cccfd260b44942a3d021a

          SHA256

          927663430de9e2cd97bc778c5040fda30cda514819acbc06cf0d66d2c1d41ca4

          SHA512

          60e943cfcc4b253706dfd4ce51a6771707f7f9b79a84e481f9168010ac0b40b75f741cb684b0109b5e58de4903578c4b071aa0546f68139f14d15ff8f68a5c87

        • C:\Users\Admin\AppData\Local\Temp\Cab8FC4.tmp

          Filesize

          70KB

          MD5

          49aebf8cbd62d92ac215b2923fb1b9f5

          SHA1

          1723be06719828dda65ad804298d0431f6aff976

          SHA256

          b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

          SHA512

          bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

        • C:\Users\Admin\AppData\Local\Temp\Tar9083.tmp

          Filesize

          181KB

          MD5

          4ea6026cf93ec6338144661bf1202cd1

          SHA1

          a1dec9044f750ad887935a01430bf49322fbdcb7

          SHA256

          8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

          SHA512

          6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

        • memory/3032-26-0x0000000000400000-0x000000000055B000-memory.dmp

          Filesize

          1.4MB

        • memory/3032-0-0x0000000000400000-0x000000000055B000-memory.dmp

          Filesize

          1.4MB

        • memory/3032-24-0x0000000000400000-0x000000000055B000-memory.dmp

          Filesize

          1.4MB

        • memory/3032-25-0x0000000000400000-0x000000000055B000-memory.dmp

          Filesize

          1.4MB