Overview

overview

7

Static

static

7

b4f6bdd44c...18.exe

windows7-x64

3

b4f6bdd44c...18.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    148s
  • max time network
    148s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    30-11-2024 05:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b4f6bdd44cd013b699f799b34e7cc0b9_JaffaCakes118.exe

  • Size

    179KB

  • MD5

    b4f6bdd44cd013b699f799b34e7cc0b9

  • SHA1

    17a4a73113338e353105a5348ca53c68c3061c87

  • SHA256

    e342f0e20571774b8f30fc44f477948d7bc293723536141a9acc60a9367b3069

  • SHA512

    4476e11ebaa6b8a60d92a7950f1b5a3ea8aa61e0c613d8cc2dc49bc6cb67ee7842b1e7d03e6aa51dec7d704bad7d95362800e44ac202126354c291e1853c0520

  • SSDEEP

    3072:ky5rphmCJmZRw91kjH6f+EDlSVfR6Waq1Y7epKOryJ48WG1OHfLiF3/V:RFmCJmI962f+wlgUWHY7OWJ48WG1O/La

Score
3/10
discovery

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b4f6bdd44cd013b699f799b34e7cc0b9_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\b4f6bdd44cd013b699f799b34e7cc0b9_JaffaCakes118.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2684
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.bucleta.com/
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2400
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2400 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2312

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9eaea05219e11deb530874bc15b8b58f

    SHA1

    cf52eac04efc779acafc9e2a83c593fce2ffc53d

    SHA256

    a43b95aff126b3bc21ef03b27a22cff13e9011af2ff3ddf14485ff3e1da22066

    SHA512

    e76683533a174a742d4aa4bd370a1f63d7f75ef33ec5d792ce3283cf06bd38eebe264791881d38836d96b03cf5367822c917e6f2fc8b7240ae68e04809957c97

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8d8fc70d20ea0e12e17ebb9c709cb0be

    SHA1

    6888d60205557dd13f066db2671b80afb11d2ed1

    SHA256

    45b526227a515e827d6e33afa73c2242455b11806f4c294434b64bce00187845

    SHA512

    8287b4b82be5eeeb4b93b5f3c8cae1f23b18df6cba4dcb0010ce178a55f6e287c7fcc6b88439d19ed8f714e70b3d304bc94b881d1f83efa38f512ec081e95458

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0a8ffbd7693a924b761396d7c140c4bc

    SHA1

    0172b8ecac9b6e960e8d44d51c00eccaec44f87f

    SHA256

    bcab027bfafe828bb87da21a1dfd024a937bb143649ba1890f1d90fd8b5f60a7

    SHA512

    8d5c45ec29ba8839b6af5accc3946292f631c51069e5edbaebc58a3b6c1e24c928234b30f8ac02baf3ba4b6baa44e1164f18064998ef5cf51c692ccf9a65f84b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    274142e3074769cf9005ee0cc177146b

    SHA1

    27f75dd9ef0fee8200309685d4030b0c9bc57fe8

    SHA256

    6227c53448045f6ea4f139d6516f66e16175633068892ceb3a052cf2094661af

    SHA512

    cabd86cca3b6f419926625dc8a8b78ef800ca442943147f25db463a76483c8e195fa9c14285429da74181beb34208e5c88aaa778db1c3fcc3440fa646716bce3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    81d6ca359e62471a57421fa5701515be

    SHA1

    0b12b144762c1b363907cdab77c5f8564b8f060a

    SHA256

    1227494deb1c6203425c062ea63a960fd8d8a86a973c1391d6428eae3984e749

    SHA512

    5d635136e9f670434dd2310eb2d69aa88ddcc6b6ce3e5044f017755cedc99a177c18d1db2a91fa9170d4c4d53e4d7de7413177b6c096d90c0f7684a96a418d8b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4b123a43faa0c05e319307a2cfc3c08d

    SHA1

    2de7903fca15b443b8f373517e463cc68dbdb806

    SHA256

    3e83eba34c765843a019fde482d6ff5686d3edf9e123bac7dfb5b1c1eefc7dbd

    SHA512

    bd57dd2a0d440497e78a4b57854909dff9d05695fd1fc7d5d35ee6cca4ed0e2f2f37743e618cfde7553ced87b3282ddf38391ad82cee3df0789275ad9ab39df4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    879072b35651f03b82c043ed48d469fa

    SHA1

    cbf0179cc46fe569d0fa37d85a5a27b7c1b2116c

    SHA256

    7ad120402a6c538fd0d0eaecb8dfef9b2bfd97a2aad3d0399e5911c0a391f833

    SHA512

    16bb9eab50408471d5b8ff1192ca70e43480a7f949d0a2e4d05d0e15c39455f6e9e7b89a69ff1c3f21fc5e576ede6f286e4b7f0a3de8225051f9e80feca526ac

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    84f53503cf68f683e6856987dc711ad0

    SHA1

    222e338167fba88da5277a9972a1eceeaf3a6343

    SHA256

    273b6b50b3ba40b117066a2bdcc8d736c5c305752dba1f221114a804de123829

    SHA512

    e00679dd3c43f55b871892f22974601a3d5b4584e9f72ae5ee4ab2a9fef7bb286a24ac922a6643118f6db2b9ec7cd8fd230fb38fa2eacb51b0402bac7e8ddc30

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a1be6ba8965964d6df7a139ee2fef70f

    SHA1

    a98d8042fe0ba73a0fa510c75a4f3bdcb840aef9

    SHA256

    0119e74caced01f60375736ec8bf63cc19b26c8bdfaa8cf1ddb5b02e252c5570

    SHA512

    7362eb35f729402657ac0d1d72021073af41d5039b7e620f640120e62683169a59c026f5c8840c3a1438d3b25cd7aa10791c1d57410818fb198b923e06424408

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7f3578d5f7ae5900ae7ab1f72cc99b4c

    SHA1

    bceabbf0cbf44f82044a2e1c2afc2b19f013a645

    SHA256

    fcc5f42dc0219060fe2621c3dc18fd8883ab7fb7dd2df192311f20e92c2647a8

    SHA512

    e3e68e5c7f9cb88348a606dc10f2c143432cda2afd6687b25fa80ef0f683699a3978f65f307b05016ef3ff5e42bda26c8cbf1ae6e856f7d1b581c2574cef2293

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4723e743ae25087e3fc56bd5fb2dcbf9

    SHA1

    83e03f46a34d3e00fb9aee51c923cdd9b36b094d

    SHA256

    618c2bc4607c27b945bf38f3495385997fd7bdcaee142af59e118edd8cc487fb

    SHA512

    afcd1f0bd615b3aaa00df651ea6df7ca3dae2becfb1d7854aeac614a7437772efa5718c1df791db16ec75f943922aed8b09a8cef0cdb1dedce87898c4369ac72

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c1f7d4cf48e45dcdb1e5c940cf90378d

    SHA1

    c4a736e6068ad95013b7f9d4599cf624270e28e4

    SHA256

    b225b0f889e8eaa7de89c7782bd5fc87e7f55893a381d8b3cebaae570945ed73

    SHA512

    ea03480d150ca04ce6787af379497fb3efe980b3602698653596a626fe131ba47eccfed9519702526acf5a3bbbfd2b47bb972556e195c1a5bc409bc8b98fd174

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    89702c4ef5a3dc9161e3c3ecce7c6880

    SHA1

    e106aa23aa41e0aa77c8a1d0bbe9c1d40daf0561

    SHA256

    2ffffad6d90e574f340797bbf437367b0d6c2e584998469267617447a884538f

    SHA512

    bea942f7ca813c26e8a7e94ca9790028b25a7b0f7d20a5e172ec754200d5f652a2c00c3966b35511f8c689603305cb302f9fd7957ac5cc636ed76c4a12b7f3f8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    de255148fdb26043f96bb6a2e3c4a19d

    SHA1

    c854fba55db9bae7c6677e907c6e3e2284dd6a3a

    SHA256

    5febb0087904d6718d8caba434ad8b4469c213e5397ef3784f61fe4036afdaac

    SHA512

    a49c24b10f3b7fe15228de55d93472b6531be01da0fd3d996cecea6c785403c153dda52beb10a2e5c747a1c0a6f1fd466bf9e696de486b87ff949d4a9046f933

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fd0ac4e80781455f107f27dc6da213aa

    SHA1

    0b374b4d10e5ade8fafaf4416fb123df55e779f0

    SHA256

    7e274af3febf13dfd095859bcdecb0fd0422ac55e914ada57c29a7db25ec9aca

    SHA512

    310a08a429047229121c0abb5854e2356d0f717b8de853fb220bae107f5dc35cc469a1a47ecb51b5d352024284c830dbcbd10d9dedd56f47ec9cd70343d61cb3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7e71be0c746fdfe83b4ca1e80d1d948c

    SHA1

    3052c658b4e7fc60c4f6b9d940943fdab2fa1718

    SHA256

    80a60c6bc85ced5d0e6dc6b5e532b0531b9381adac4c4ae69ea79969b7145411

    SHA512

    452dd08f3c68fa8ac55beb50058e931528ea277b720db0bab8a142d083acc5800752901a48faed6ef54fcf5102e24826128f3b68a5e02bc8c7ad3f6d6dd9245b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    914165e8a1598d6afeed41a5dce4023b

    SHA1

    28c6f70993da09b3b3e3d462997e783fb26b0afa

    SHA256

    eee836016d520b20de8e4c215fd2ab97e981eadfbfd1f2462dc63a1c157ce600

    SHA512

    e0c3b599e66aceadf87ee76146524e43f74c5de73f7d0feb5b9e1ce01acf36373d5fc56a541206af718367140ab5c6bee34f8ace8649a19c3b3169052e38c5bc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6049dae7d87c19a3e96f469d0626e7aa

    SHA1

    c015fbc839199d1a999c8b96f16e89a9156adfa4

    SHA256

    1345fb327d1b021d573993bdf50cd7ae6fa80a6f5768e1881be7145f95f5ae70

    SHA512

    1d7fa75d70349593b4a94cd3fb181736471e0b79ec7d8cf68f1967ca311cbca442a8b5db2d0e08c9bcd0977c540bb607a814bc21f43476ea8f5050b171b432cc

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabCE59.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarCE7B.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/2684-0-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2684-1-0x0000000000400000-0x0000000000470000-memory.dmp

    Filesize

    448KB

    Download