Overview

overview

7

Static

static

3

9f14fd4f96...18.exe

windows7-x64

7

9f14fd4f96...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    94s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26-11-2024 01:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9f14fd4f9657342f3df783a7a6bb0d2c_JaffaCakes118.exe

  • Size

    60KB

  • MD5

    9f14fd4f9657342f3df783a7a6bb0d2c

  • SHA1

    a2fbc7d2fb9f4bc5246d726303d0909fa3914400

  • SHA256

    e688bf3fa8b2cf79f44b6d70afd55edb6258750f50997d0f9b76e0af3ed824a6

  • SHA512

    0cce69582ffc0807b770404586708629d42ce805b3d7eb08d67f24cef8e077498e07486fef401f8f193bc38d679cab892fd463de0705900bc98b1706b3382ef8

  • SSDEEP

    768:xOSpAZko5ewReAS4sIsttee+0dGqWTvBfnuAuvyBPFpU1tD:xObZkzrlyeBGqW9fuDvestD

Score
7/10
defense_evasiondiscoveryphishing

Malware Config

Signatures

  • A potential corporate email address has been identified in the URL: [email protected]
    phishing
  • A potential corporate email address has been identified in the URL: [email protected]
    phishing
  • A potential corporate email address has been identified in the URL: [email protected]
    phishing
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Indicator Removal: File Deletion 1 TTPs

    Adversaries may delete files left behind by the actions of their intrusion activity.

    defense_evasion
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 15 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9f14fd4f9657342f3df783a7a6bb0d2c_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\9f14fd4f9657342f3df783a7a6bb0d2c_JaffaCakes118.exe"
    1⤵
    • Checks computer location settings
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1564
    • C:\Program Files\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://www.baidu.com
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1088
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1088 CREDAT:17410 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1224
    • C:\Program Files\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://www.9384.com
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1292
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1292 CREDAT:17410 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1112
    • C:\Program Files\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://www.baidu.com
      2⤵
      • Modifies Internet Explorer settings
      PID:1300
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\9F14FD~1.EXE > nul
      2⤵
      • System Location Discovery: System Language Discovery
      PID:2920

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    471B

    MD5

    a6dfcf513cd338ab2640f399e560ba31

    SHA1

    cbc6ea36eef4c8e6e8524b2aa220b9c0017a9145

    SHA256

    fac20d9c0f5375b23b8932cb8ecb0839245962b4b2cd91924cfc0d9206e4fabf

    SHA512

    7b2dc6f8ac8fc1503caa508e8efb767a99448c35ab4714c46c034536b4b7b9067b2bf3170798130fe5a9d2763f38308aba868ca301791d0abf60e169d17acd12

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    404B

    MD5

    59ef038b0be34c8aa177a8acebd92330

    SHA1

    54f098192bac52f5f69c42d51bb9d75a1ceb8b36

    SHA256

    e231f817003e38039dc4d8afb58064566a547b2004b7eec4a6813b159314a541

    SHA512

    ac55abb9bcceb28b78380c5b8cf25994084c4ae4808db9693a354b249c11b8a1e61879f7ce5ed62d5967bf771abbb30c86be3d5db63a289fcfbf94358952f700

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    404B

    MD5

    82e0261e37fd2b3a88b977b03fbda6f9

    SHA1

    df63e2a8227d0f164ec3ffbff19dbd8a8d92ab7e

    SHA256

    ed76cd50a85550cb79cb2640fe3325a1feb3b826ed504706043dee86f7ecbb1d

    SHA512

    5163672d42e43e79ea5cd5551c696477169ac71b8bcfefa6bd6e05551a23c83ef5b6e64ec100206d5b66a86ff9014cc77e57c911f81707f6bfc95174c897291f

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{F5AB523B-AB96-11EF-AEE2-520873AEBE93}.dat
    Filesize

    3KB

    MD5

    37a2c0a02b093a2cb343cbceea0111ed

    SHA1

    42c0008693d2771ce1674eb10e3e29b45b71bca7

    SHA256

    9d5fbc7674a39eee26f4c61afb98ceb451f65a0e783e495dda0bcf8ec6593cfd

    SHA512

    dd9d93f4328c569726730e8256cf0523963509720464b197168cf818f7c5fdd6bc09f3ade83f764e804b6f422fd3603567dbae022d469c9ba9fce1a75d70a435

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{F5ADB3C4-AB96-11EF-AEE2-520873AEBE93}.dat
    Filesize

    5KB

    MD5

    da051486a28eea6942b49f9bfc7d417a

    SHA1

    5502efae9d02d29e44f7794df2fd855499761fce

    SHA256

    570fc61a99b970a3009e0d5293562152013ce0293cd80e52bbb883330a3c7eb7

    SHA512

    348e9d471af27aefd46919aa6809474bb97f42805be359c8181cf06af498c60b75ab18f4e0582d05788c605a2f2f91f6d9853ea37f726ced8fc24eb29ca168f3

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\VersionManager\ver297C.tmp
    Filesize

    15KB

    MD5

    1a545d0052b581fbb2ab4c52133846bc

    SHA1

    62f3266a9b9925cd6d98658b92adec673cbe3dd3

    SHA256

    557472aeaebf4c1c800b9df14c190f66d62cbabb011300dbedde2dcddd27a6c1

    SHA512

    bd326d111589d87cd6d019378ec725ac9ac7ad4c36f22453941f7d52f90b747ede4783a83dfff6cae1b3bb46690ad49cffa77f2afda019b22863ac485b406e8d

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\joriajv\imagestore.dat
    Filesize

    16KB

    MD5

    f0bb0f0b695769866fe4a6d4d3fef5f5

    SHA1

    c1fbb8e54fe491d88f5d72dbd72eb239182e7bfc

    SHA256

    1acbfeef037f09a5f1b193532a45b9c86ecdef5a3de493a0d10cabf0488ec4d8

    SHA512

    396cef000288035cd6508444742757c642ef47b13ec7eca48c2adb87d362896aa6f1c8ddd854fecc1b023991540fdd9c01f8f5620f098f9c3419ce5e7b300b4d

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\M6JHG9EK\suggestions[1].en-US
    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\O4PTG2YB\favicon[1].ico
    Filesize

    16KB

    MD5

    717b138033a41361b32b60fc5062ab2a

    SHA1

    af9841b6f0923f890f41feec52c94a0cd68f01d8

    SHA256

    c70088079fe9441a726c66ce0e73ae38315ec80051d3dd542c41b82fa0a1993a

    SHA512

    1985bf59c3ee8289bbe55fbe572371d1f401949e6a0179b35ca89e292173780956161feb257303fe9ff5fd2898ca7fd6105eb1796841ade0e1124eeb89aa70ac

    Download Submit