Overview

overview

10

Static

static

3

9efad46c3e...18.exe

windows7-x64

10

9efad46c3e...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    26-11-2024 01:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9efad46c3e0b1db3fa7ed20c2a1e1363_JaffaCakes118.exe

  • Size

    256KB

  • MD5

    9efad46c3e0b1db3fa7ed20c2a1e1363

  • SHA1

    ba6c77e60584b33746fbdf99e8a2899f5ba1f28f

  • SHA256

    1e26f05d3c3ffe7152ced679bac4d6583d86f525dc8b4c2f58683dd5f65368fa

  • SHA512

    273bbd9d989254cecf9c010475cf8ad260f1ee358c23c8df61e7f3b3947a824c4172471e165a71441ad0edff1961d54247e67918118cd4c99a10029a690e5106

  • SSDEEP

    6144:8+yFV0bgy2rM/kvt15RHxhZFtfaPNSfo/qPoPp:Ky2Q8V15VLccQ/qPox

Score
10/10
discoveryevasionpersistenceupxvmprotect

Malware Config

Signatures

  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 1 IoCs
    evasion
  • Event Triggered Execution: Image File Execution Options Injection 1 TTPs 2 IoCs
    persistence
  • VMProtect packed file 9 IoCs

    Detects executables packed with VMProtect commercial packer.

    vmprotect
  • Enumerates connected drives 3 TTPs 20 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Suspicious use of SetThreadContext 3 IoCs
  • UPX packed file 14 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Windows directory 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 19 IoCs
  • Suspicious behavior: LoadsDriver 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 32 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9efad46c3e0b1db3fa7ed20c2a1e1363_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\9efad46c3e0b1db3fa7ed20c2a1e1363_JaffaCakes118.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:1708
    • C:\Users\Admin\AppData\Local\Temp\9efad46c3e0b1db3fa7ed20c2a1e1363_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\9efad46c3e0b1db3fa7ed20c2a1e1363_JaffaCakes118.exe"
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:2216
    • C:\Users\Admin\AppData\Local\Temp\9efad46c3e0b1db3fa7ed20c2a1e1363_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\9efad46c3e0b1db3fa7ed20c2a1e1363_JaffaCakes118.exe"
      2⤵
      • Modifies visiblity of hidden/system files in Explorer
      • Event Triggered Execution: Image File Execution Options Injection
      • Enumerates connected drives
      • Drops file in Windows directory
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:2860
    • C:\Users\Admin\AppData\Local\Temp\9efad46c3e0b1db3fa7ed20c2a1e1363_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\9efad46c3e0b1db3fa7ed20c2a1e1363_JaffaCakes118.exe"
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2096
      • C:\Program Files\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://tongji.maxjust555.cn/avastcnzztj/dddxxx.htm?mac=530146273&os=windowsXP&ver=20090323&id=561061545
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:1336
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1336 CREDAT:275457 /prefetch:2
          4⤵
          • System Location Discovery: System Language Discovery
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2168

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    972e7e36fe4bf0df18ba2c426a8bed9f

    SHA1

    5a0c785d2cedbe6409444c3afb121f9ddb776db5

    SHA256

    7b8c4f2ec157a81cc078d14d5874be545ca58833af20d7849dd6f358ddc39737

    SHA512

    ef1c254b14cf415aafa962aa9b789bacad1b0dae4cc7750a595dc65be214d48683a8a62ee35bb32dc36fdf12265e27dfea571385458b1d66e9dee2d191d04355

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a7d774780848c735ad68e4f8a3847e5c

    SHA1

    05c95a33bf50ccfd84a1cc4baed43e3f90b92705

    SHA256

    3c439b6dfa17e8e8e8cfee10b4b4bf7c85229ce40c48cdbb6cb2b87a2d9e67e2

    SHA512

    9500dde7fc7795125b8029523619a6ee9eb131937baa8a71538e9263ec8668ac6d5ebb56ec90c7dcf457ebfcdf189fe667ad2a108a65acad398628496c961877

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3e1f77f6717fabe39008d83682a1fca1

    SHA1

    0ff4b57be074f1bde169c8024b38b1030c7e10ce

    SHA256

    eb4489296e8de149f509fce2a1bb9652a22b59f74c15a4ab94472953b7077d07

    SHA512

    80f24fb57731534475347f33f5dd8a03d509b33429a51bc51a8d9a11248e5f102c03abbb69457762a1f3d91ff436eb5e0f4786691c9c2fb8695eb9fe12d21e3f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3220b8396b72d60fe909a2631881085a

    SHA1

    f4f25ab09180ed5e3e20e026c2dc4c690c4a0963

    SHA256

    fed55714789df2dbd2eda0231caf7e0b36bbba87f32cee275e429118ccfdcdd8

    SHA512

    a2211618bfaeb8fc0fa6f9b53a4905f9a8b239925f98fff7609a814d7f6a046a68c74ec79782043c647bda13961eedd675ca21889268dd48669b1ce00f019d8b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3675300127ab5f93350192869163972a

    SHA1

    f317eadfb5a5374f8ad204d33b14e78fe46df8d2

    SHA256

    a87c2585a468c0f15c764fbeecffa71e7c6d6e6eadf32b4529b83abe16a4eebd

    SHA512

    5b349326f44cccf6f4d8058bcaed5c96ea376d1d59bb48d65396a280d698a1d6e7bb0292c9cba798a7b444b3de79bd144f86970545a1fe167c870808e1688cff

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    683bc0852298801ef2261b9354cba3a4

    SHA1

    0445aca883ac4cbd8bb6caae0eae3cc84cd04853

    SHA256

    a7af7f25a1e36fd0968eadea7d30cfb1c5a6cd654af7b8607cc63ca5f3554d80

    SHA512

    603e23cd071f7690c107122a0763f51ef38ff93a6a137aa67986ded9dfeb652497cfa26f088d5b8984188c20d9c92cd91ac8dc17fb2f4410743b63abda9aeecd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7b3bf4cfaaf0d801e3a6581e3a6087af

    SHA1

    10228ce4672554a9ed5e0fc3c1987bafde9081bf

    SHA256

    5dad00f9a5811160ea85f55bc17d8ac61bee58c33a23dbfa010c482c746d12da

    SHA512

    d4ddaa84a43afaa7acc769ebda96397606593902b46a8a48b2e36d906984b3473561d18e7cfd2e86f2845a39c61af0f920989235e3b4114cd947e7abd01fe865

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e35cc33eab54f1b4da13fc8e3ef80202

    SHA1

    f663793a28a661de081365121a842557f1ef0f24

    SHA256

    18526982f5b0d3718da2248cacea6e4a908337b8f174a53604bd190d25570b78

    SHA512

    89b632c0729b796bdf39ccfbd2b46a60105a7d29da594fe496da5c8542b09e8189fa0d43a6e5c4c02a77aecce32457fe775e37732b299386039c98b37c388784

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    618102d6c276f93e7f23aeca3d971311

    SHA1

    399db2ca6ad3e715150715511e9e0188892f001d

    SHA256

    1d1567bdf513e54906a6130e2cb3474a116858ee94ade50cd6e16fc4e6a78718

    SHA512

    45b745ce6103568ac305d2fbbd830266bc99328f97cd9bd628e0c2eda43e83f66584ef4d6dc023bc1f8e454edff5f3872eed508ea949795d3695107ac7ed61f8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e4fd4e9f601221d23314d2f2fad50a50

    SHA1

    9f31c4d4e5c953db4558f1d191b2457ea8895af8

    SHA256

    c4883f7a948d60c5c15ed1e6cc68911ea68de185a0c1c1f189627351f0586673

    SHA512

    ad2285211b804fcf7c4cdc98630479af8bfa7e95c6d5984d524fea13e74aed919b988a40a29e893b3b7a1b03babd9f345b5ca048fff7f80183f802230e8248eb

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabFBC0.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarFC30.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/1708-34-0x0000000000400000-0x0000000000492000-memory.dmp

    Filesize

    584KB

    Download

  • memory/1708-0-0x0000000000400000-0x0000000000492000-memory.dmp

    Filesize

    584KB

    Download

  • memory/1708-69-0x0000000000400000-0x0000000000492000-memory.dmp

    Filesize

    584KB

    Download

  • memory/2096-96-0x0000000000400000-0x0000000000412000-memory.dmp

    Filesize

    72KB

    Download

  • memory/2096-79-0x0000000000400000-0x0000000000412000-memory.dmp

    Filesize

    72KB

    Download

  • memory/2096-60-0x0000000000400000-0x0000000000412000-memory.dmp

    Filesize

    72KB

    Download

  • memory/2096-63-0x0000000000400000-0x0000000000412000-memory.dmp

    Filesize

    72KB

    Download

  • memory/2096-57-0x0000000000400000-0x0000000000412000-memory.dmp

    Filesize

    72KB

    Download

  • memory/2096-41-0x0000000000400000-0x0000000000412000-memory.dmp

    Filesize

    72KB

    Download

  • memory/2096-43-0x0000000000400000-0x0000000000412000-memory.dmp

    Filesize

    72KB

    Download

  • memory/2096-45-0x0000000000400000-0x0000000000412000-memory.dmp

    Filesize

    72KB

    Download

  • memory/2096-55-0x0000000000400000-0x0000000000412000-memory.dmp

    Filesize

    72KB

    Download

  • memory/2096-48-0x0000000000400000-0x0000000000412000-memory.dmp

    Filesize

    72KB

    Download

  • memory/2216-81-0x0000000000400000-0x0000000000457000-memory.dmp

    Filesize

    348KB

    Download

  • memory/2216-66-0x0000000000400000-0x0000000000457000-memory.dmp

    Filesize

    348KB

    Download

  • memory/2216-9-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2216-16-0x0000000000400000-0x0000000000457000-memory.dmp

    Filesize

    348KB

    Download

  • memory/2216-15-0x0000000000400000-0x0000000000457000-memory.dmp

    Filesize

    348KB

    Download

  • memory/2216-14-0x0000000000400000-0x0000000000457000-memory.dmp

    Filesize

    348KB

    Download

  • memory/2216-8-0x0000000000400000-0x0000000000457000-memory.dmp

    Filesize

    348KB

    Download

  • memory/2216-37-0x0000000000400000-0x0000000000457000-memory.dmp

    Filesize

    348KB

    Download

  • memory/2216-40-0x0000000003460000-0x0000000003664000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2216-21-0x0000000000400000-0x0000000000457000-memory.dmp

    Filesize

    348KB

    Download

  • memory/2216-5-0x0000000000400000-0x0000000000457000-memory.dmp

    Filesize

    348KB

    Download

  • memory/2216-17-0x0000000000400000-0x0000000000457000-memory.dmp

    Filesize

    348KB

    Download

  • memory/2216-3-0x0000000000400000-0x0000000000457000-memory.dmp

    Filesize

    348KB

    Download

  • memory/2216-71-0x0000000000400000-0x0000000000457000-memory.dmp

    Filesize

    348KB

    Download

  • memory/2216-73-0x0000000000400000-0x0000000000457000-memory.dmp

    Filesize

    348KB

    Download

  • memory/2216-1-0x0000000000400000-0x0000000000457000-memory.dmp

    Filesize

    348KB

    Download

  • memory/2216-13-0x0000000000400000-0x0000000000457000-memory.dmp

    Filesize

    348KB

    Download

  • memory/2216-19-0x0000000003460000-0x0000000003664000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2216-20-0x0000000003770000-0x0000000003974000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2860-38-0x0000000000400000-0x0000000000425B4E-memory.dmp

    Filesize

    150KB

    Download

  • memory/2860-26-0x0000000000400000-0x0000000000426000-memory.dmp

    Filesize

    152KB

    Download

  • memory/2860-22-0x0000000000400000-0x0000000000426000-memory.dmp

    Filesize

    152KB

    Download

  • memory/2860-78-0x0000000000400000-0x0000000000425B4E-memory.dmp

    Filesize

    150KB

    Download

  • memory/2860-74-0x0000000000400000-0x0000000000426000-memory.dmp

    Filesize

    152KB

    Download

  • memory/2860-24-0x0000000000400000-0x0000000000426000-memory.dmp

    Filesize

    152KB

    Download

  • memory/2860-68-0x0000000000400000-0x0000000000425B4E-memory.dmp

    Filesize

    150KB

    Download

  • memory/2860-67-0x0000000000400000-0x0000000000425B4E-memory.dmp

    Filesize

    150KB

    Download

  • memory/2860-35-0x0000000000400000-0x0000000000425B4E-memory.dmp

    Filesize

    150KB

    Download

  • memory/2860-33-0x0000000000400000-0x0000000000425B4E-memory.dmp

    Filesize

    150KB

    Download

  • memory/2860-32-0x0000000000400000-0x0000000000426000-memory.dmp

    Filesize

    152KB

    Download

  • memory/2860-31-0x000000000041C000-0x0000000000426000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2860-30-0x000000000041C000-0x0000000000426000-memory.dmp

    Filesize

    40KB

    Download