Overview

overview

10

Static

static

3

JaffaCakes...a0.exe

windows7-x64

10

JaffaCakes...a0.exe

windows10-2004-x64

10

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    121s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    01-01-2025 04:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    JaffaCakes118_4742c3c1fd19ac3bac9038bf77abbca0.exe

  • Size

    248KB

  • MD5

    4742c3c1fd19ac3bac9038bf77abbca0

  • SHA1

    0559b9c8ff3bf3ef0ae47aa76e38f71f35df188a

  • SHA256

    493f3f41d0a6372bbd47add1882be469bf7819070c70c2aad306d487aecbfa68

  • SHA512

    8c60c5e6382ff087b3a13166d4186ae08f34386a8ebf40b4adafc8f888bd87ed5abcea819a87551985299074976d65d5918d06f123eec719025ef823107740f8

  • SSDEEP

    6144:AQ9CAk6i0I2oRuwwMnhPU2+wo2LWJ494Mo:7vLUTifwo2LV9No

Score
10/10
salitybackdoordiscoveryevasiontrojanupx

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Signatures

  • Modifies firewall policy service 3 TTPs 3 IoCs
    evasion
  • Sality

    Sality is backdoor written in C++, first discovered in 2003.

    backdoorsality
  • Sality family
    sality
  • UAC bypass 3 TTPs 1 IoCs
    evasiontrojan
  • Windows security bypass 2 TTPs 6 IoCs
    evasiontrojan
  • Windows security modification 2 TTPs 7 IoCs
    evasiontrojan
  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • UPX packed file 11 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Windows directory 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 22 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs
  • System policy modification 1 TTPs 1 IoCs
    evasion

Processes

  • C:\Windows\system32\taskhost.exe
    "taskhost.exe"
    1⤵
      PID:1100
    • C:\Windows\system32\Dwm.exe
      "C:\Windows\system32\Dwm.exe"
      1⤵
        PID:1176
      • C:\Windows\Explorer.EXE
        C:\Windows\Explorer.EXE
        1⤵
          PID:1212
          • C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4742c3c1fd19ac3bac9038bf77abbca0.exe
            "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4742c3c1fd19ac3bac9038bf77abbca0.exe"
            2⤵
            • Modifies firewall policy service
            • UAC bypass
            • Windows security bypass
            • Windows security modification
            • Checks whether UAC is enabled
            • Drops file in Windows directory
            • System Location Discovery: System Language Discovery
            • Suspicious behavior: EnumeratesProcesses
            • Suspicious use of AdjustPrivilegeToken
            • Suspicious use of WriteProcessMemory
            • System policy modification
            PID:2912
            • C:\Program Files\Internet Explorer\iexplore.exe
              "C:\Program Files\Internet Explorer\iexplore.exe" http://ai.taobao.com/?pid=mm_47506526_4272358_16236905
              3⤵
              • Modifies Internet Explorer settings
              • Suspicious use of FindShellTrayWindow
              • Suspicious use of SetWindowsHookEx
              • Suspicious use of WriteProcessMemory
              PID:2772
              • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
                "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2772 CREDAT:275457 /prefetch:2
                4⤵
                • System Location Discovery: System Language Discovery
                • Modifies Internet Explorer settings
                • Suspicious use of SetWindowsHookEx
                PID:2752
        • C:\Windows\system32\DllHost.exe
          C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
          1⤵
            PID:1204

          Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            342B

            MD5

            6ec858aee35512e48577a550078df638

            SHA1

            4aa467c20ca560b5cbaa03b2e00582345c753499

            SHA256

            e748c0f1e1d26adfbadc9c50e80ba5f3e6e47d2d15fd6bec74f7d3d69b3d06ec

            SHA512

            d4f2a926462d4f78ede491fc3eee01c760ab904086dc0ea79bf8aeebbba0bc049e0707eab5287513261e6589866bb3953cf30bb7ac3f9519729091bd545f725c

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            342B

            MD5

            a802aa88ec00d145ffaec9f864c61c86

            SHA1

            542e7ae6df0664fa5c4d1e4b1bc44de9b7780758

            SHA256

            980dd173ec68c0f31fb94c8532b671814fb783ca3d62e2679213f642544cb90a

            SHA512

            176a260d42af4423250810d90b0f653b3df7ee5abb1dea4e2f513688b9ccb5fa23ef8ea113c74addc7b86648c534a21638cd378ffac05aad4d56fa2964f42946

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            342B

            MD5

            ff6063c9320c6da95be4e34d67cb7836

            SHA1

            1b514c2e06a3b6d08c549c64d16f74a286d2b73e

            SHA256

            3168056ef44a275f4a6b3e06f79edaaaffc598e16adf33ea4ae7a6a9d15c52b1

            SHA512

            fae0913ef320d51001d4bc4c6a520937701b9c470bb1fa66e0200eb49756327e2a4dbe7181f0445b429e4157ed9726e1b80be0ffe717e673ebd2feac9f1da4bb

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            342B

            MD5

            179660c3126dd6dd3362283673a846bd

            SHA1

            ed26b2598c3632fd8dcb30d211f660a670772ec2

            SHA256

            66ecd3680e04ce4960561e5d022b2859cce0a4257e51388922bcb82f8423c080

            SHA512

            108af6db688c39bcf561642510455eea4feb70fbf1af1c22d0aed90614e93264f9fdb0ba51f34c91471db3bc41eeaafe4053cdbce5dc3ff46b60ce07c507c3a3

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            342B

            MD5

            d04c5b7d771282daf4d0b354392333e6

            SHA1

            db43e6a76f4c62f3d503f7fa3b0d4f627fba5f62

            SHA256

            c6b755da2304f4ebd898faa3438d03661b3bea8a96a2eb1f5fb3554e1d06f04f

            SHA512

            5fb7aab970d5118b039179c79611b289284cc50973a6d4fa01258a0eac52f21814f0eca09f070fc6dacdc1271748429d547fbda0ef9097a3a0cbdc494f86f878

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            342B

            MD5

            e34b21deabfa8dd5dd5575b51bcdd412

            SHA1

            42b367169bde3de45014e952e8a23cc502f77736

            SHA256

            2ee8e18be3b59b2f88ea94d6b3d21c7ffcbcb0de310e61afcdb8b5b455f36701

            SHA512

            947e56a05bd0779a3fe1fb0304c1c427df8ea0f7e0ca56ce16222fc050fd2be7beadafae18d480b7794c28ce0b7eed4e449931e24471ac27fcf2d74e3408c556

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            342B

            MD5

            16143f800bc410bbfe51f8113d5a43e1

            SHA1

            7ab1861c3722858cb8d5f594d60e4f4c02d326bd

            SHA256

            39b46df538a9d3a9d8f4c9d0512188306070e8cebfa5fb717121ab1921a92175

            SHA512

            d82eb2810f2f4bbdc244a46ee4fc488d2f4e0970d85df44d0d0151acd7a6ea592b27499678cd17cb0c8807bb767229ed1d3770d3e9cb6f3d6b028cf148f72151

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            342B

            MD5

            34771030048e5771d2212fa993dea355

            SHA1

            83fafaba9c5f9f573f3f1e124defecef8aa15859

            SHA256

            40bdbb5a142e30ced3f0cf854d602e3178abf0a22e6e1a5ebfbaea04112abfc9

            SHA512

            5181b5661323899503004b0033798cd97f9e6e089facf1a2425034ed2d497ac5c2c01e94523df02b04984c3091c2dfef7ce48ff0b0a7297b2cb49d645e8908b6

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            342B

            MD5

            8035ae4325601f56cccc10b54896fb93

            SHA1

            ef9ca938e2da4e2cfaf34de80f79335c2607a58c

            SHA256

            f621c2135205c71e0be47cda4407ac6614e311febf15c1a851ec22c377f5185f

            SHA512

            92e64c561e131ee06bb5e8940adeb6a94029c4e8c8a99b9b7868af1deb2b3d34e37f602f05d8beb287139bdf93a8a1f76e4d773f35b41e564c387157f0bd17fc

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            342B

            MD5

            7012d2356972d396f6ab149974aa27f0

            SHA1

            a7ce583521a8129b8481e1f43d9006b6eeafbd61

            SHA256

            fb7900a037d6ecc0ffb3c5b885f19e3d0707e282e726d34fa8f302039a9a8ec4

            SHA512

            59bd3909a8bd30a0e29a4ae60303b22f536e0516b382ab6d5a3f3331e8b67b6d887102b02d5dd29acc1adc535a5b4fecdac2b6037464154a06366e16a1c55f1d

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            342B

            MD5

            40d9f1d7c018c4560b12c8b861275ee1

            SHA1

            f93d7a96bbf8fb5154555379cdd97756bc14b2e5

            SHA256

            b93d2a292e47bdd9e8032462ad77b535071aa4bae83bda8c5bd5f0234c31c95f

            SHA512

            ab29acf1989e43421614d849b28c4aa712f8db7010bd9ba9f536619bf68b418b549e8d91b2369cb3764c585da858aeb06906dea19b7e2243deffd25694e55aca

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            342B

            MD5

            9dcf7f6e3d195c71e8db5b7a34924d99

            SHA1

            80c04759500424d7af012488bbf040b408e544c7

            SHA256

            1b681e745ec7ac67cb00a1e6b3322cffd4e9b4209667d8d6e30292ff6fa726c4

            SHA512

            701aaf78d0a14ec8f0f5598cc7bd91cff889a50a4b26b9f0bb9b5e525105946313b00f7f0b41ff8a561b96d2b27cb4e0c739c26c1edf0f446803a895dc0ec514

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            342B

            MD5

            07a2148f4ed6603b6a2af5fc68318a2f

            SHA1

            7414b57288226ce703deb4a95020ec83eea9290f

            SHA256

            77491cb1bdd9705927d85dbc5ce8f2bf6d556e597157676c3fe408bbadc67658

            SHA512

            93435296fc6cb8a708bbf071e615394b40fdb24e5011a98d6ea4fcd1be2f81b902ab476c74dfb412d58140ac1a5aafc98b2cb4917124dad07fb2e21c01057b65

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            342B

            MD5

            723f28996e0a0c3d6de5332674c9a8c6

            SHA1

            209604873d7b22c44383f4c2d706c180803af28e

            SHA256

            3a0bffb990671855a8dbc44bd2e83500615bcf9115025ec9837ea16ce8b18605

            SHA512

            c122edc721db4c608321bb5bc3ce6a70e7095caa79dc8b9ee843179ecace25587060964f11a3cf6dd7674767a864fa5ff8303eb5b127ab24b8bd7ea00f1e0cf3

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            342B

            MD5

            d5b8c278d871860a01f6864a14910c92

            SHA1

            4dbbe35263eaccabe11278d8e63b016ce5dd387a

            SHA256

            ebded7123811ed08b63a7bc46f2464e123c8c6849483d4ccd18c0cd9c40f34a6

            SHA512

            7e7517397d9a13e13df2cb16f54977ecc404ca8f641856ad1f9bca2fdb085999fd6293d4393f3846abfb1a5bb1462942edfa4d832da86a3d8c06d793e60ed3ba

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            342B

            MD5

            34415f559705c87f9ff2406d7791d352

            SHA1

            73775ecbf1846bc28497afa9746e5dba8f1899e8

            SHA256

            e3e0518c131a511f2783dc16333982447af0374bb1deecc87141e7892ed75959

            SHA512

            fc111cea4725bd7ecd7624e71ba8fbd283e5b2f369f65de9161c52b86e2f2114774bbaa212ce8003ef0d47950c83b545ee10686fe9e179ca91260f9094853e1c

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            342B

            MD5

            e8a934ba7052fc9339a57e1d90e912e7

            SHA1

            fc85ccc3e99337537465c4681408ad3cb8bbb6b4

            SHA256

            5d9733d29202fc179a88ac605ce89b6bfd48efbf93290232600fff1c8e82691b

            SHA512

            a44a36bf0200e7a05f84bdeff3d765a1cadca8096ab6c5a010611809c01e126f0bf26675ae423b73c208b716f4b95a03ad5f77ec409784e92270ea87c6a274da

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            342B

            MD5

            2a7f803c11d06abf2bbbe68a3282faee

            SHA1

            5e5e4b6cc322e4073142f1caa9ead059de1a7188

            SHA256

            facf60693bd32ed2dd2706f11d818212535bf2f4446ae6eca04fd3cbf5c15c86

            SHA512

            61d9996e705584886599af614fc6d09044b465414cdf6e34c4a8351825dd2c841e1a0dc7940f64ccf81fd1571560ddcf9520cf0013339fbd7af733f1a149f78a

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            342B

            MD5

            ff86b5f2f25f83d634feb1d492cea51c

            SHA1

            4cf24114481b3ba081cf4cbce5f09aa722ba6e1d

            SHA256

            7f1a4004b60fb38a0a2bf34c5e2a2595b30e42a9eb4e29415265cdb75c639bf2

            SHA512

            63ef0f81061df72dbf72d3ca526639109b4dde3ce60b25fc448088a99965b0844e580db9d093885382de3b232e06fb8fe0f1b11e512801dfe500508656af6213

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\Cab7A80.tmp
            Filesize

            70KB

            MD5

            49aebf8cbd62d92ac215b2923fb1b9f5

            SHA1

            1723be06719828dda65ad804298d0431f6aff976

            SHA256

            b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

            SHA512

            bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\Tar7B00.tmp
            Filesize

            181KB

            MD5

            4ea6026cf93ec6338144661bf1202cd1

            SHA1

            a1dec9044f750ad887935a01430bf49322fbdcb7

            SHA256

            8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

            SHA512

            6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

            Download Submit

          • memory/1100-14-0x0000000001F10000-0x0000000001F12000-memory.dmp

            Filesize

            8KB

            Download

          • memory/2912-30-0x0000000000740000-0x0000000000741000-memory.dmp

            Filesize

            4KB

            Download

          • memory/2912-8-0x0000000001EA0000-0x0000000002F5A000-memory.dmp

            Filesize

            16.7MB

            Download

          • memory/2912-45-0x00000000004F0000-0x00000000004F2000-memory.dmp

            Filesize

            8KB

            Download

          • memory/2912-48-0x0000000000400000-0x0000000000460000-memory.dmp

            Filesize

            384KB

            Download

          • memory/2912-4-0x0000000001EA0000-0x0000000002F5A000-memory.dmp

            Filesize

            16.7MB

            Download

          • memory/2912-22-0x00000000004F0000-0x00000000004F2000-memory.dmp

            Filesize

            8KB

            Download

          • memory/2912-23-0x0000000000740000-0x0000000000741000-memory.dmp

            Filesize

            4KB

            Download

          • memory/2912-0-0x0000000000400000-0x0000000000460000-memory.dmp

            Filesize

            384KB

            Download

          • memory/2912-2-0x0000000001EA0000-0x0000000002F5A000-memory.dmp

            Filesize

            16.7MB

            Download

          • memory/2912-5-0x0000000001EA0000-0x0000000002F5A000-memory.dmp

            Filesize

            16.7MB

            Download

          • memory/2912-10-0x0000000001EA0000-0x0000000002F5A000-memory.dmp

            Filesize

            16.7MB

            Download

          • memory/2912-49-0x0000000001EA0000-0x0000000002F5A000-memory.dmp

            Filesize

            16.7MB

            Download

          • memory/2912-12-0x0000000001EA0000-0x0000000002F5A000-memory.dmp

            Filesize

            16.7MB

            Download

          • memory/2912-33-0x00000000004F0000-0x00000000004F2000-memory.dmp

            Filesize

            8KB

            Download

          • memory/2912-7-0x0000000001EA0000-0x0000000002F5A000-memory.dmp

            Filesize

            16.7MB

            Download

          • memory/2912-9-0x0000000001EA0000-0x0000000002F5A000-memory.dmp

            Filesize

            16.7MB

            Download

          • memory/2912-6-0x0000000001EA0000-0x0000000002F5A000-memory.dmp

            Filesize

            16.7MB

            Download

          • memory/2912-11-0x0000000001EA0000-0x0000000002F5A000-memory.dmp

            Filesize

            16.7MB

            Download