Overview

overview

10

Static

static

3

JaffaCakes...20.exe

windows7-x64

10

JaffaCakes...20.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    122s
  • max time network
    150s
  • platform
    windows7_x64
  • resource
    win7-20241023-en
  • resource tags

    arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
  • submitted
    02-01-2025 22:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    JaffaCakes118_68b8b06c43a35ab7713f6955638f5020.exe

  • Size

    596KB

  • MD5

    68b8b06c43a35ab7713f6955638f5020

  • SHA1

    3bdec54b2356276776b2ea18b8b0bad27f746de3

  • SHA256

    c07473853a3b9eb984c6aa005eb7bd4c6cfec6985f077ea8739e7ea5b6d0a7c1

  • SHA512

    6d770a116ad80cf913de5149e7726b902689c8205cb5618378558053702020abc0e025e4b8a72e3649f11c0d399a859ebc2eb84bc229bc5ebd44f17cf2e5eb36

  • SSDEEP

    6144:4KWlw1Dx+qASTuqfCEv2YUMNJlaJuNlK17Y4c83fhysVufBn597NX2:47lw1DxN5HfXeYU43fiysgfBnnl2

Score
10/10
revengeratdiscoverystealertrojan

Malware Config

Signatures

  • RevengeRAT

    Remote-access trojan with a wide range of capabilities.

    trojanrevengerat
  • Revengerat family
    revengerat
  • RevengeRat Executable 1 IoCs
    stealer
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 9 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_68b8b06c43a35ab7713f6955638f5020.exe
    "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_68b8b06c43a35ab7713f6955638f5020.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2312
    • C:\Users\Admin\AppData\Local\Temp\OCS\ocs_v71a.exe
      C:\Users\Admin\AppData\Local\Temp\OCS\ocs_v71a.exe -install -360 -fotofreeware -9b3e6717766240a4ba233f0590c9cae5 - - -ejhohhwvrxextegn -393564
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1892
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://www.download-sponsor.de/exitdownload/thankyou.php?pid=fotofreeware&cid=360&appname=[APPNAME]&cbstate=&uid=d8dac736-1739-445f-b892-b2ef4e3fc504&sid=9b3e6717766240a4ba233f0590c9cae5&scid=&source=&language=en-cl&cdata=utyp-31.ua-696578706c6f72652e657865.camp-.userid-653636336163316563343835613363306561313237356132
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2808
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2808 CREDAT:275457 /prefetch:2
          4⤵
          • System Location Discovery: System Language Discovery
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2880

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b66f8f45fe29053570a0bfd512cdd20b

    SHA1

    85bbd1e8afa44c161b14af4d4df6122ba79b4d7d

    SHA256

    951c97874146486edd0301f45997a8b16e86d8454982cd9613d0e80177bc0f8d

    SHA512

    e885bb9dba7d7601bdfb6eaf1c1a50c1b47164601abdf773948331ab1d2af5a6b0f4e325a01ba8a35c62c15a7ba0d48ee82cb64e4d61cef40926cd0bcea5cff5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a2c88ba1463611103f540afaad643bb0

    SHA1

    48556616e3019e286ebe102f78bad4c4027b2459

    SHA256

    5228d15ddd2cccdbe67d973601011187c32d5c87124995d6497651103c1e043c

    SHA512

    e64d25313dd9ce748754c9c1802793299c7fed161a919704f5b37b271c40dc2967ebcdbdb2e37012e4118603a6fba2b01ef3dd619cedddbbafbff3a644fc249d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2a99132842f8f3773e5a6f72501298b6

    SHA1

    ec0c8aece098d518b1e7d591899614de0213f135

    SHA256

    4f397889bae6b49a400cdd21b84ec6411583651fcac91f930e10c280ab3f05b7

    SHA512

    fda7eeb2753377974eed5295a484c7cf65ef881e609e629e37a73935400ac25e79f2affb9ee5f7715da005da32dc95503673ce681e3ae2fd0d126ad6996bdeb6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8ba06d8066cb55f43047df91e21763a1

    SHA1

    e737f4a8414109284ce5f96539acec5e8ae24f76

    SHA256

    e97d9efd9b088e437668a5d11fa8dbf1478e43f12205c7670a7b74b6be2a0c53

    SHA512

    a541a49356ef88056de58b2783314b32eaa60b7fc15febb4ccfd1400d28e096458adf91b89bd96a0697f7ffa03e2885862f1a727d5348707afdac4c45c4954de

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    83e0ae28027aa6e9039be9500c847cb7

    SHA1

    96b335a415f52396107ffec0556205123fe29c6e

    SHA256

    8d63815548aa25447f2a6d8f7be78c08e5a4996caec004c21d08f9d7badb15ed

    SHA512

    cee3cd84bf84e433977b6489ab9cf34d72b63133d02c7bccc0c23da4430961944dc75f92123aa8be43e3910ec65db90cecd569fd3767c26d11363c418132096e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    373a2f9fdc65566ab74d0b6d1243ab6a

    SHA1

    e2ffce8af4de1abec8d295d3b385699af286c73f

    SHA256

    9ea1e4f75e017ee6c7e81d6817a2712e5ab47f81922831b033d0d80f84c056ea

    SHA512

    9a9ee267a03471d604d6bf7b168609896240139bcaf4c450cc19157387364e47e7de37142697f91d4a59e8dc610b73e3f66b08c00898e137658567b96134c1b7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1d5c5c65c6b34f5f8d99b9fe58710672

    SHA1

    d38e31c29d0f1de7aa764e39b86f8916d9d5bda9

    SHA256

    b7324830e6042c19f4aadb66cfafa30e14bb5b106de2dd4dc6a401fc8c89db5d

    SHA512

    786af6982c77102db2557ecff493eb8e6e63ca2d46c906835816a25265c2d7da3ca3ef5e82f247d1329515fa8a3cf299c486575afee59d96eb4d2e1b20c18898

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    62403f331373ba4e8801f796c73459df

    SHA1

    34ba923f4ae116aa34b59bb8e3292705aa9b1dff

    SHA256

    f8ba0d81ef8de93787087cb0030930fcd7f3f467994f2b4fc124a296f2fd4926

    SHA512

    55c6d68c66714962699807e6d90cf7a8b72e464646f16d4bf3bc3448b3a34057d9e7c9a64449337822bbce70e4713e2ad895e7eb940fa887998b0ed009436f61

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5ea0e42ab4a253af9b78920878c8a9db

    SHA1

    a3e71982a493e2171d8991607ecfc9556a46cbfd

    SHA256

    c963de210ca1518a622265af1fafc0abca6ce526a1b7f245361d839257cb41f5

    SHA512

    8a25dcaab3098f0031d0e6ddf00b3d4f54629f07089045534d88ae6ead1e25aaacb0e8a080544179db0d443e471d6318395c99588bc5d9a7a2676908a088a1a2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0481b71e509c9041934dae97bd50f8e9

    SHA1

    a32670fc42724e3da8b2266d1b4ca2b5132d8ca1

    SHA256

    677e3029b6e5aac6188b37c99e0830326256a77b537fe1d06e8347ba7fff8fac

    SHA512

    985ee1eea04d27ab813070fb8d715ebb75add299d88e81ff82921f379999cf311683ac483ea99d7d4fefcb9f6538758117722f66076179b6c5241963a30ef8f5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f01aee0bfea482574444daaacc4e9edb

    SHA1

    f2f522aec5d7294aa0be84c1ca45bc6b2c485fdb

    SHA256

    1d6d8c8dc4a08fe99c2fd7b71667d7d099065e04a9b41c2c156ffd1388743be4

    SHA512

    91afd0e84b0aceab32a3a931d264f3477918fc12404b0b6654724d8fbbf1707c6d9ff8331135d4dd2c12d41fe59ea7ab8f6e539e20c230cff78f8541d50b3e99

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    38ed4dc01f84786a4852d3acb50f49a5

    SHA1

    6201509f690315e53d393528194aed1524ac8f4d

    SHA256

    357e5abe83d632276326f01e60cb8bd32a09e7821e1132c0c702be22503bf649

    SHA512

    61eb5fec3774213fb77cad4342e208ca7b1161c1e1bc643e22573f3ecb35cefd96f052249d6882deeabd0b7cc1a35d9c13bce46c528b680bbf99a9e5f1b04aeb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b244005db3936cd898611fbca8866bf4

    SHA1

    bdb39ba209a0f0b8df45fa6f2d6f7059ff6479c7

    SHA256

    e7cd0d2ab4def6ed757b81e3f3e6a7a24b68d504c68999a2c5abe831c7e4d11a

    SHA512

    dfaa1aab357529c08626f475ce0eef3a27bc7d5bc992b97676cbc71f9ec796e0e601ac1d64b607182c39fe7d04e0974549a8fe018feb940ebc246578eea5d155

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9286f33f6e65ab7679c90891a69101cd

    SHA1

    9a419e2cdc4af5876dc05aa014e67b346629059c

    SHA256

    b82498cd6b0c5f746974f5ff95f7d2bcd4369235a97593965d729a820b627c6e

    SHA512

    cd35b67201fec324d268ce49a23ed1e2bc487844851cb974b624a18761a4162b0237e6743041d04ca93134ad16697f0ec20703dcddbe2a1053bf27e886f4d1af

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    70f0042d6235607b9d42cbab7a9b3ba5

    SHA1

    5b9bbfd917e27c02129bb6830a8d585bf49852a7

    SHA256

    df07ee14b73125b033b7ac1b9275ae8bed04592461fe9d6d1d0545da11cafd6a

    SHA512

    5bfd65494071375b21456406184949dfe688c18f5c9b17a158b48a34ca4296543e6b1e87fad05b5daf37ea304c2194f21acadb74e1165de64f337e66f1701413

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3ab1e410ab3b54e46d794408ea7af0ea

    SHA1

    6c0075010a08a460efb264ed5dadcc8fedadad5b

    SHA256

    e22147787f7708e5bf52391e2735edd7cadacb9e928bafd9cc9be0d9331aee0f

    SHA512

    a2dd87d68486bf5b6da26d21bd4945243eaf4952fdaa16dd20e764c28f731e175a424953cb135c829b179ad988b66924e578a32da0ecc02cf5f934c05cb7d5fc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a9901a95eff1d1a742b2965e54e703a0

    SHA1

    3ed22c2cc9f112ee771f0ae39d34d0feb6b78b7e

    SHA256

    d6eb92c88c438fe8ee723eff538f7b3739a411ee367c83d3ada9dfe5924cd471

    SHA512

    70477f9a49185ee683e577abe3e0741709bfd402d17e41629f49109e55add81f5989300a9a192b03522f84b8ea3aeffcb489a217d46cca035c01b855beed2cc1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ba53dc247e2b008fae4d34ea7f8af839

    SHA1

    e9c3ba88b769a6421291a3a0efc2912d87126ed4

    SHA256

    1fc2bf9338fba1d22185dafe8ecea7c0309e8b1310705316a1325782234f9780

    SHA512

    68ed3de0f91941d6362248c255d3b8f3b35bcb52690046eea2d187c20a4368877a576db9edc8cae1dd7a041b158547de354702112a5a21c071a808ff355a8b33

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    642632c02e2882dcadd6e4ad99a47ff7

    SHA1

    99a66af9c7658036e77bdef2ebe596d81c4b5a34

    SHA256

    07493fce6c2682b0edc75dc26c3b00e2d93cbad90ac843b1247d8cf8952b1f8c

    SHA512

    099bc37eb1f2816241761f530a0f52d0cf179427b2d8e993892068d3d60d550446422a4d88b171a737b269ca8e6834f15bfb35e177a1a90f32f8fa7ed371847e

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabA7F6.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\OCS\ejhohhwvrxextegn.dat
    Filesize

    99B

    MD5

    2138deb66ab257924dd5fb17bfe1209d

    SHA1

    eb76c576708ea009470cd0c53f4cb9ed72063a5b

    SHA256

    7d590c939c583734c504669a9ce6fb267f5cadf7db5e7808b6fa53d95eed95fd

    SHA512

    faaa9e4365b46d7a8ed442aaf4d8c5d1ba67a01c5b822046e90a986c5b47496fc46468b73fac16f3faa95cf47d69aac242da2ea833b4099e6e3a19e37d6d1506

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarA8D3.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • \Users\Admin\AppData\Local\Temp\OCS\ocs_v71a.exe
    Filesize

    288KB

    MD5

    317ec5f92cfbf04a53e8125b66b3b4af

    SHA1

    16068b8977b4dc562ae782d91bc009472667e331

    SHA256

    7612ef3877c3e4e305a6c22941141601b489a73bc088622a40ebd93bee25bae5

    SHA512

    ed772da641a5c128677c4c285c648c1d8e539c34522b95c14f614797bb0d188571c7c257441d45598809aa3f8b4690bd53230282726e077c86c8d9fe71c1db65

    Download Submit

  • memory/1892-20-0x000007FEF5CA0000-0x000007FEF663D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/1892-12-0x000007FEF5F5E000-0x000007FEF5F5F000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1892-13-0x000007FEF5CA0000-0x000007FEF663D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/1892-15-0x000007FEF5CA0000-0x000007FEF663D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/1892-16-0x000007FEF5CA0000-0x000007FEF663D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/1892-17-0x000007FEF5CA0000-0x000007FEF663D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/1892-18-0x000007FEF5CA0000-0x000007FEF663D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/1892-19-0x000007FEF5CA0000-0x000007FEF663D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/1892-21-0x000007FEF5CA0000-0x000007FEF663D000-memory.dmp

    Filesize

    9.6MB

    Download