Analysis

  • max time kernel
    138s
  • max time network
    136s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    04/11/2024, 03:23

General

  • Target

    8ee6e82fed809c3c9184d4e3158b8739_JaffaCakes118.exe

  • Size

    104KB

  • MD5

    8ee6e82fed809c3c9184d4e3158b8739

  • SHA1

    3db007f2562986a91d6b22681e566a1bcac183ad

  • SHA256

    e467e9373c00d6f435f341f8bbfedb433ed284f2df5a91d97a23b5e4706ad045

  • SHA512

    e51acc1a6b436d93ecb9b42e137041e78cd84219eea137e7b39e828ec257848046586ecdbe9f8838eff601ca064174584af19fdebb7adb961d49e00c43ed68da

  • SSDEEP

    1536:f2bVqZG54ncao6aTiqXMiLsGUJQzA1oYTaxwAHMIAy5vTw9VcdTX3kuf:+hqZ42ro6KixmUJPoYeLMIi9i9X3kuf

Malware Config

Signatures

  • Windows security bypass 2 TTPs 3 IoCs
  • Deletes itself 1 IoCs
  • Windows security modification 2 TTPs 3 IoCs
  • Installs/modifies Browser Helper Object 2 TTPs 2 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

  • Drops file in Windows directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 6 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies Control Panel 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
  • Modifies registry class 60 IoCs
  • Runs net.exe
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 27 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8ee6e82fed809c3c9184d4e3158b8739_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\8ee6e82fed809c3c9184d4e3158b8739_JaffaCakes118.exe"
    1⤵
    • Windows security bypass
    • Windows security modification
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Modifies Control Panel
    • Suspicious use of WriteProcessMemory
    PID:2304
    • C:\Windows\SysWOW64\regsvr32.exe
      C:\Windows\system32\regsvr32.exe /s C:\Windows\ieocx.dll
      2⤵
      • Installs/modifies Browser Helper Object
      • System Location Discovery: System Language Discovery
      • Modifies registry class
      PID:2556
    • C:\Windows\SysWOW64\net.exe
      C:\Windows\system32\net.exe stop "Security Center"
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2388
      • C:\Windows\SysWOW64\net1.exe
        C:\Windows\system32\net1 stop "Security Center"
        3⤵
        • System Location Discovery: System Language Discovery
        PID:868
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://loyal-porno.com/videosz.php
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2748
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2748 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2628
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c ""C:\Users\Admin\AppData\Roaming\asd.bat" "
      2⤵
      • Deletes itself
      • System Location Discovery: System Language Discovery
      PID:2668

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          5cfd0c65fb6ee9d2f8c22e4457b0150d

          SHA1

          2f8130c57b54e8a0f8f6f926a705a50887424a58

          SHA256

          647a06cadcc59780499e49f630f8e5f56515dec272135c637e45ac0e5206b149

          SHA512

          ba9ab1f3717e157eabbf7bd4c414d87812923abd6cb64d660054842b70c64acf52612fe3449028eede9670837e559c725b9074067816a864160d67d2048590fb

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          a5f30595940fdb5eff9b675b6a16cf20

          SHA1

          975a8175c8f58cc77d89dcdeae8a55d247e5eab1

          SHA256

          b1e3076e46c88e278d4f5146e603b3d37828fee1f15061e6bc09d2b8b7f20f99

          SHA512

          26381f48c599006168c4f5614888aa85645d2585ef9934af3c59b9959829ce34a1228d7f59071c878d23baac9be8d1a8dedc4d192337ca22613fe4971e5407ee

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          6d19bca890a354e759e20d6ffe67d1c9

          SHA1

          618ea2837d16da1f6dbefb0d4e22f3ac27436e26

          SHA256

          7cac152255035aa25626aeac00ed39dcc13b9fa6c98d972676dc079dafa51059

          SHA512

          93819c87f3a5e32c158077eb21a2292c4986a07d059ccf28ad9bb6bf63a0ee92e7e62a57dc7d32ec3ef2c9298b2a311633b9c890382b63e559036b1e44972edf

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          9d03e1ff4e06dd531de561c254f0b21d

          SHA1

          48ab2f13d9d4b2c9929862dbab5f24cf2573ce35

          SHA256

          41635fffed2d64d9a97610a4252b824efb087616c3a8485b9e5104d8c1bf2a0a

          SHA512

          eea4ffae53e21cc96accb90a568e9717e33a3b92809425616b8c0666157e79261a9352ca32a585d91326b75a1fef9508ede77635788768433cf0cfc78a9417a8

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          539010c8dc1f3c8346328af56dab66c8

          SHA1

          f21c0b540737ea66710bcd73a934c5fea839e764

          SHA256

          f2b3eafe38f2a33d9400f105da412f73ad14dc8f40daa741602c2007f5ebe5e4

          SHA512

          6f9fa0c0d7936348354f939474de243020c217bae898bd8dda97bd1f0417e239daaab5937b32d00cdd5baba8dae247aa9b3b04a6edcf331601999f6c87cd22cf

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          f8b3569d75459f00d23c5187cc53110e

          SHA1

          84cfe5b4aecd634a748f86b9cafcc655b566b1e7

          SHA256

          7fa828fcb56d935a9b55a12cab54bf557e0fce584eba3a6af52986c3d2fee008

          SHA512

          65b9d66d4edca5cd50a6599c614fa9fd9f75321dd3aa8ddc10ddf7a78e46f5f5afcc441abc59a266fa183f1ad96c3c0f9a7306b92bd3e0146e1b86c858e64b62

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          adaf43432d09e2225fa48cb1048a8f1d

          SHA1

          3932825cb12bc527aa4deff92d8b37a3e5622cd7

          SHA256

          58fb912a4855dd37a9ee01bd2fb069506b9870936ff7b49f90b0bd311a0dc74e

          SHA512

          9b5089f5762bba52a3bd66e43c5bbe5b5ce6c16f40c37e363beaf76f28a17ff05f2689e507711fd851a9418237fe3f65afa5e5d79c7334c691367d0bdead3f13

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          8e9a70e9e75f00179eecfa0f51c36486

          SHA1

          d6450e71858041be5fb90807b496a0163a4195fb

          SHA256

          bc93c73e8239155debdfa587591c4128f7bcad139341edca3d7ef6c189e43155

          SHA512

          a29afa5b25197b3d0c6e29f568fe3f9c2737ca18e061eaa435334fa72fda182f0618fc382bac89ace4b5507b142ba3619d8df92fff1207626423abea350f1f77

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          9a8b41bdec2bdccdb970f22e7a4ac5a3

          SHA1

          59125f663cc03fc8d3c4277f357b0b12d7face5f

          SHA256

          f7c06d61f3b2b5332e9e96c5154191c4e6b10131c4d02e4fc8f4c9cceb882708

          SHA512

          ce499e7b5eefaa7c4abec174e504c7c39f83ce77aa623b1c379ca2d2261e2e83da7ced933d223b80dbf6b08822df9ff5b3339ec10e18361424b9355641bd8669

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          9eabe667405b67b9eab97cde4d26de5d

          SHA1

          b092d1fd37fc481441f33306763db560b28dbfbe

          SHA256

          59d437d6cafbe78aa8c3a19a557181f47025eda4f9ef3fcbbc0c05baf214771f

          SHA512

          56b0f07780e67c3ab80ece5fb1f3d68b6f58b79a49880df4866c5e8067a918bc6aa9f3efb60ba2345ce37f34de5997c0d24a278e5551ba1758c6b4a29971281f

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          b38be646294e0b93793028789647f2e7

          SHA1

          c7918b7dd01377fc9208e6d6867253f179020f9a

          SHA256

          94b2b059a8addb90cdbc2b1ae23df8ea313313084362daefe17445fca04cf3b7

          SHA512

          2e012b32395ed1f6110d5dcd8bc624d39fe649df1b0c8612ffdf8dfd17eadf6b75778c9d0009708889afe0aac0bf88ee00c8bd95da8e7e44c06bdc16260ddc93

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          2e7cf10124e39bddcaaae68a3ba0f618

          SHA1

          3690c4d88db023aba83a04dfc5cedb9f1600d78b

          SHA256

          56525736cc4e55ea689cb3b2ec5529f67a2b7271e9bc788efaf676351b118088

          SHA512

          d087ca9e0273da4ddc285589d2fe96f21e86626e9a1c71504e1f160ce1bffb4dfe8edc5fb159cf040ac38eda0510d9bdb539f9e67fe8a1642b3fe0297ac32314

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          3567d97198dec942f795b6b950666c11

          SHA1

          e863cf724cd94e01f93b882a0e68e13cf1ddc27f

          SHA256

          e5f972c12358766d5f77d7e05306f35a3f08cd5ef0461627f73c902100d98766

          SHA512

          de3c5a2d1f3553c4cef087199e54fddb06d1cec20b1967c2e7a6333829453c6d82c6aaef32867fc74df6b0cec00f4e3dd738497e42c2db55b91e7b1a18e44752

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          1144aef8bcbf06539a611d580535d273

          SHA1

          a45fa738ac416aa3fff406df0ee69e3ec79782c5

          SHA256

          a423d96ac55987aa961dd690b2006a7ba843280da162ea25c2813c368d434883

          SHA512

          d55af5fe1562f1ac535735a8e8631f202671ab0c2c549aa8c7d1b58a69bbcd809f3b24393d52af09d13db0850e80e91004880a162a0b3798e27638188588a140

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          45cda979ad0fad53399feeb660d3e96d

          SHA1

          65ee23a21a6b92df82e0c09bf7726bf3b6e5a407

          SHA256

          779b3185d94513a16a1cb34329fb891ea135958097a67855dba1d4664a517299

          SHA512

          723e0e4b6d013d92043a2d45a82329a167c70d137bb5925b5624186d2bf881957c8ddeb1b3fb14ac43404cf2326f1b9279407b83a2e3688bdb9723d07062b6a2

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          85e57cac42a6c9873daa72b85b7f5f51

          SHA1

          e363dbec3b52a371be32f4f751faa7e79618f2af

          SHA256

          aa55cd82f235c3874bafa7f03c47b47647c497d05e6a0733dbf46f1c0118a54e

          SHA512

          5a56f8f4bc6211ef18d1f1ec5fc717f2cf0ccb5f5f3142cdbc4e760a4d75c098353c36832a5302a2d548e067280cca3d6f65bf46e602f739e49619a4918b5ffd

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          86fca6593adb1ba19bc3ada76c891201

          SHA1

          de8a7091649d736c942db9a9f28ec932155bf8ce

          SHA256

          f18dddd587153a54e4251f76d94ffdd2c6ca62a1f84fac9a944259d95e9a55e6

          SHA512

          940ef98f803b8ed3ac51f3f5c4dd690944520e3acd0fda2789dfedad77c3ae1f30dc5d9d7d7b9d843ed378f1ed8643a2c5144e80934c8735cdf4bca795bd90af

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          74e860146cc6e6134def9c2b3ad6e67f

          SHA1

          2bc59a770e05bcf56b781b3a5841fada9f0cd987

          SHA256

          a7e1c09c56b3bc9ea308681cc2682c3972bfa541d3bb7d087130ea808cbbe8d7

          SHA512

          92b154970b82579f4a64a4379fc928e0c4d9a68554691f02ce4e1a41aa257c2a61de18c2715463e82679b78c94ed2fde159019a0994ef63d2788d812d1284da1

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          6204605d84660835f58216454785d8bd

          SHA1

          686dc28790152580783ccd0d93d2bf8f71f246cb

          SHA256

          850025e1b572ce4ebbac5cae8c6b5a8b1e39a209f208f88896075ba19f08f04a

          SHA512

          8007897e5e9107b6507f8960bd4cac6bb7dc07755638e1c67e6eb3a98a9f4b76a662cd50983ad475e3b6c041c19ceac050eb32280ded42f5b13a99e738eb7559

        • C:\Users\Admin\AppData\Local\Temp\Cab2704.tmp

          Filesize

          70KB

          MD5

          49aebf8cbd62d92ac215b2923fb1b9f5

          SHA1

          1723be06719828dda65ad804298d0431f6aff976

          SHA256

          b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

          SHA512

          bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

        • C:\Users\Admin\AppData\Local\Temp\Tar27C2.tmp

          Filesize

          181KB

          MD5

          4ea6026cf93ec6338144661bf1202cd1

          SHA1

          a1dec9044f750ad887935a01430bf49322fbdcb7

          SHA256

          8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

          SHA512

          6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

        • C:\Users\Admin\AppData\Roaming\asd.bat

          Filesize

          256B

          MD5

          9b845fb70ec0cc18850c14afb7babb88

          SHA1

          dedae75d072aa9e7b3ae0e8c3a6f16c9f5650601

          SHA256

          c4d3a0e76ff4c760f031cbf0c03e68a267304ae3222de31f986d7ddeec937e67

          SHA512

          1a4d725b5c9c125459a264c0c29506e5799b1113daefbac5b12b427fd44646928c67ce3f4468ac6f33e7fc47c96e13c4755e6d0ef57a11b05df34d2b0bf0737b

        • C:\Windows\ieocx.dll

          Filesize

          27KB

          MD5

          ef09200d176f64c9effcd6d71ef090cf

          SHA1

          19647fa778246ff860bd4ac2a74185d1429c1d6b

          SHA256

          ac3bf5cf4b459c932cdf15f79816aca14445bfb1477ea4ce58be8d8dec4ab886

          SHA512

          331b71bbc9fa5ba76d0bcbe2cf44a5443c73f8800701f9e9f2734c62e5755c366e0d05a7b5b239bede7dec2f260ca239f018bcf0b41a2ed2471096d5bcd744c2

        • memory/2304-0-0x0000000000401000-0x0000000000402000-memory.dmp

          Filesize

          4KB

        • memory/2304-2-0x0000000000400000-0x000000000042A000-memory.dmp

          Filesize

          168KB

        • memory/2304-10-0x0000000000401000-0x0000000000402000-memory.dmp

          Filesize

          4KB

        • memory/2304-11-0x0000000000400000-0x000000000042A000-memory.dmp

          Filesize

          168KB

        • memory/2304-1-0x0000000000400000-0x000000000042A000-memory.dmp

          Filesize

          168KB

        • memory/2304-291-0x0000000000400000-0x000000000042A000-memory.dmp

          Filesize

          168KB

        • memory/2304-3-0x0000000000400000-0x000000000042A000-memory.dmp

          Filesize

          168KB

        • memory/2304-12-0x0000000000400000-0x000000000042A000-memory.dmp

          Filesize

          168KB

        • memory/2556-6-0x0000000010000000-0x000000001000A000-memory.dmp

          Filesize

          40KB

        • memory/2556-8-0x0000000010000000-0x0000000010002000-memory.dmp

          Filesize

          8KB

        • memory/2556-7-0x0000000000180000-0x0000000000186000-memory.dmp

          Filesize

          24KB

        • memory/2556-9-0x0000000010000000-0x000000001000A000-memory.dmp

          Filesize

          40KB