Overview

overview

6

Static

static

5

9ef8545ce8...18.exe

windows7-x64

6

9ef8545ce8...18.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    140s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    26-11-2024 01:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9ef8545ce892c926baaf83be30a5f079_JaffaCakes118.exe

  • Size

    234KB

  • MD5

    9ef8545ce892c926baaf83be30a5f079

  • SHA1

    3ada78af14578d5f78d264bc16a4086d585b50b8

  • SHA256

    e2dfdfcfb221db0017e5afb76f29fb7c106a0145487f8a64389066d4f817b8f7

  • SHA512

    27383972e0440d8ebd31ce60c1611c7da55ed15a158c3c427257dadebdbc300bebe2d21427b4302b4ce6823a5a1170d69e437ec1c4482959e58ebef052f8a8d4

  • SSDEEP

    6144:N6/HfGdFjZvU1MSGTRa4T3nw9hr4A9KW4uaSoSWON:KH8FjZsCZYg3crzkX6oSWON

Score
6/10
discoveryevasiontrojanupx

Malware Config

Signatures

  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 35 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 9 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9ef8545ce892c926baaf83be30a5f079_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\9ef8545ce892c926baaf83be30a5f079_JaffaCakes118.exe"
    1⤵
    • Checks whether UAC is enabled
    • System Location Discovery: System Language Discovery
    • Modifies Internet Explorer settings
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3012
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.gamecentersolution.com/downloadgame.aspx?CID=21157&AID=733
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2092
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2092 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1668

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    aaf58802fcbb325ac1f60c747f98c4b0

    SHA1

    caf4edbe4e1033cae3b59f0ea14ae98cb71d6987

    SHA256

    fc9c27c6fd3f786f994f08b4ad35e41ab0365b18259352afe55cb300c0d2f1ce

    SHA512

    0ae8305bed73dfebb2b6315af3d458e75f02fed6155f3063d4151f2bf8c6e19997f93b7f941014c059140c6d023e97f4be5fb8bc4ca6899a814499be3dff6d32

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3134b14a73f36069e6146ff4d66308d8

    SHA1

    21f04c40662f67d0eef764c81a4503dfc520fa85

    SHA256

    7467b7f0e40ae0df316e751c68c6577d81e06ab8989435d866b615bfe0718c0a

    SHA512

    49fb1e1c22aa615f5c3a640365aa99940552f17e41b94854d0c1b1511c984a5f8f382991a40af0abe21ea2772620041c9735ffbdfe324758b62b269a5973bce8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d90f5e445fe60dac01b3b179fa500144

    SHA1

    9b09b711368b9c7e54d87ddb8e93f350762586d8

    SHA256

    303ba97579d858728f078fe9b8e7f3f72b664f063044653bb5fdc1e956abcab4

    SHA512

    beb391bf24777b680be58a07458c2ba7691203e3de6812150c9c22785689b29b558ba76c443209386603f68b2c47036a4bdecc87ba0470b709a0e72df902622d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1a5d5584d1e5b7485f14ac425b13c3a9

    SHA1

    efbf64097d3263a8428d1734591e567d8ebe8289

    SHA256

    c42d4b844c35f707f06741c7e6c38433ca02317b15a2ed0a676c719920ae7394

    SHA512

    f38eebe44c978a1016889fa204474c583b1eb45246e6434105673f09566b30ce7effe5a90d9fcd821af1f45a8970f22343894b673caefaa951637627718cae23

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8f8d051ff64180d93a844d95d77fefb6

    SHA1

    e3b87652d8f2177cf408cfcecb1988f183a9bac2

    SHA256

    b4dd4349961aacb6dc38bab46ef7e50dda1a865e757d38d30e314742556009df

    SHA512

    b43aab4af209ad5cd1885aac556ec233c8a38bf1354f77dd61282e36118dc49f8cfc58e076d64fe913718ea4ae6d68545a76e06687a302fea7810d14cb34a060

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    33ac9100b6d97cb08c3d861d62e304bb

    SHA1

    8ed3d0477e4691df16934f601d88ef89e339ab40

    SHA256

    bd53ad85840f6b733d87dc23731ddde7ba28329cad320555fbd6f31d288e0035

    SHA512

    d6e91a3613031b0a127e7051101b51d913287208209477ce5d58bed871b0975c77155933cd679d7c9e4b0baacedf6162e013a8a1e56b9b47dac54c4fcf31d878

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    25e7130c64983c0e2637bdf22e44ab34

    SHA1

    3853406005880554019b8294a927e1773192d7fc

    SHA256

    c000b83bdf084fddc3d094dcea147b461d4ba0d7821ec3425b6e979129240c49

    SHA512

    da96b8a39910ea2aac99f7c4f42c56aa2dd28e4e72ca8b343760c02f857803fa2be7101fdf2d0c95884526c50fb113ad34f7c951a4f3c16171112f29187be3fa

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e2a979ead7514a2d4a9eeb62dad1f3fa

    SHA1

    df6edc7d4bbd47eb075f63643c54c1a55ffa2ebd

    SHA256

    54e10464e1c87396049cc9ffebb469e0b1d3738e6aaf3dfff972e3b8634a8c10

    SHA512

    ca020ef8566fd8d1192187d77a8275ab8a324e10de108558e5a5994ed55b21cb62883a067c24489dacb9736a50bbda161675f45869f0a3872a88095f64aa0d30

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5df31898494354221c4d4f8b4859d419

    SHA1

    046db2c3f6dea56011a72c2d45d4742fbce40898

    SHA256

    0af42fae7797115dd2d571a4fa5ab2caded2170221e9c75af9934191c8aa138d

    SHA512

    918968bf954d31d28d2f0ba55dc3ab97b31a8ec2945efb75944b3b3cfb8032fbb882f980e7ab9367fdff7b7460e14cbfc4fb14f76eebe6e9013c97d5ff52d1b0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    506b65864aaadb9bf64831184ec1f255

    SHA1

    26d8d5bf4eb7b82a8ee907d0f3f2de5e9996aa84

    SHA256

    a5b2189e0018861106b8583327914b27bec7e8f9fa205ab9441d6c72bb63a681

    SHA512

    62a99dc2a978e4d5c08418a27a6463e77c268fcdc0a7e6e4ba0b8e2a638b56d28b7ecd20f3b834cd6d6998fd63151fcdca58cd89cc5f0e63266302e6ac1ce2ad

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0be74a15a36d25fd01f78f862559102e

    SHA1

    7959e0b67d7f2358f430162d1f97fb594bdc6db3

    SHA256

    ced23b1ae7ed0bc4e15468fa85e57a9a59de29e0cc910178773e24544d60c62b

    SHA512

    7d8c3fb66abb0cec78997aa73ac6a96dfad0410575f8b4d16d9a82d1646793d21cff1af01fefbbd64de48b810b2016de8a8f55ebc11dfd5bb02ef7dc14b6388c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    084d10b967b91ea12257e9783f44bcc2

    SHA1

    541bbee20fec934475ec7641db0fd8be068fc40b

    SHA256

    e252434e5cc57ea880a4c9b5097e61533357b2f077b1c3da2fc750c93959e16c

    SHA512

    e1a8724d4798dfc2c12959a9e2b68bb7233802d55d803a5458fda47e0f530e9427e5a03ab0a0c9e6e0e71a4131d677fc30336bbfffb192f7cd19096f8e67a6f8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0fda30b3a32fc4da554472d7bf4dafc0

    SHA1

    12d0c0166356edd9bc164fb839ab25b4a8c95421

    SHA256

    989e1e3fd23af389e5342f9bd518a7eaf400822d447847859466729ea0d2cd83

    SHA512

    6c4682044c40aab8113ca71d3a0684a0f654c72095db2f93ba01cb6ef119ee4c94c39a46908ac3d6b6e78470c5437296c950388aac89353a8eb1b20821b1f8a9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c10c88fd376cf23f679ba14bcf1d2c5e

    SHA1

    4665b58c24e7f45686ca502651c8067bdd916292

    SHA256

    91d2d71cb63b87ccedd526083b8c8e5db79c3ca14cc1aecb99288f015bcad38d

    SHA512

    613a90c9d19ec0fc479fb21f34ced110355b9045f8c5bb46913b15417721774d8c68a7a0ea6db14b839c224112e00c3646fc7ebf1a19139affce21b902cd9e1f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d40a1065d8d5880ce9b4454c28de7bb0

    SHA1

    737651b6a47ae6501bb4886071daf26ab8cef46e

    SHA256

    3fc3aa21d3dbf03f267e08bb05615a3af9865b6b3714e56a7c78f3dfd59964b0

    SHA512

    33b357bcd0c26585e43c878767ed7ae92d491ffe13f848063c9a2e8509be37848a4906e063d9767cc2cfcb39825e9450416bd1ed77caa3e0684cb6765ca9c14b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1933632d5844916d5a4e0abf90f5e7c8

    SHA1

    e9588a11cad151296ff3ecb22af95f6067541b9a

    SHA256

    e9bc55b94d4e3dba43cbda7ee0ef591d7933a463766ef8f0e7f4561d7c3f1962

    SHA512

    9370b2d6238e3bc77965d82dec67f10fa9a4e771624315e3d305753d8a2d456fc231a957b56ce7ad6467640195c08bbe58c47e1e0591f803b1ed753ffc12ee10

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab699.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar747.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/3012-27-0x0000000000400000-0x00000000005E1000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/3012-0-0x0000000000400000-0x00000000005E1000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/3012-24-0x0000000000400000-0x00000000005E1000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/3012-25-0x0000000000400000-0x00000000005E1000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/3012-902-0x0000000000400000-0x00000000005E1000-memory.dmp

    Filesize

    1.9MB

    Download