Overview

overview

10

Static

static

10

JaffaCakes...30.exe

windows7-x64

10

JaffaCakes...30.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    120s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    04-01-2025 17:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    JaffaCakes118_7af578439c23caca854aa5a5519c1a30.exe

  • Size

    740KB

  • MD5

    7af578439c23caca854aa5a5519c1a30

  • SHA1

    d3af78f2885ecc390cc74fd4e63b8abae9644772

  • SHA256

    5d5bb2ad4bbb98e74dc68cb02e46d82c0a44996434fdad66b0cfcf500bed786f

  • SHA512

    8d97215f7bd107bdba9d1444048573a96855b479a9b2b05cd776c463b593aa722e2c90d94c889b0cf34fbabc04b1475e42bd6fdb4c0073cd23ec0bc5a71ef145

  • SSDEEP

    12288:qUc6SBLLTSEgBAnhc1kG1PaGLX/0lIxDa+Y2:b2BLHSn6q1vPaGLX/QIxDaU

Score
10/10
neshtaramnitbankerdiscoverypersistencespywarestealertrojanupxworm

Malware Config

Signatures

  • Detect Neshta payload 3 IoCs
  • Neshta

    Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    persistencespywareneshta
  • Neshta family
    neshta
  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 10 IoCs
  • Modifies system executable filetype association 2 TTPs 1 IoCs
    persistence
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • UPX packed file 8 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 28 IoCs
    adwarespyware
  • Modifies registry class 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 24 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_7af578439c23caca854aa5a5519c1a30.exe
    "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_7af578439c23caca854aa5a5519c1a30.exe"
    1⤵
    • Loads dropped DLL
    • Modifies system executable filetype association
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:3060
    • C:\Users\Admin\AppData\Local\Temp\3582-490\JaffaCakes118_7af578439c23caca854aa5a5519c1a30.exe
      "C:\Users\Admin\AppData\Local\Temp\3582-490\JaffaCakes118_7af578439c23caca854aa5a5519c1a30.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:772
      • C:\Users\Admin\AppData\Local\Temp\3582-490\JaffaCakes118_7af578439c23caca854aa5a5519c1a30Srv.exe
        C:\Users\Admin\AppData\Local\Temp\3582-490\JaffaCakes118_7af578439c23caca854aa5a5519c1a30Srv.exe
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:1672
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2752
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
            • Modifies Internet Explorer settings
            • Suspicious use of FindShellTrayWindow
            • Suspicious use of SetWindowsHookEx
            • Suspicious use of WriteProcessMemory
            PID:2860
            • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
              "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2860 CREDAT:275457 /prefetch:2
              6⤵
              • System Location Discovery: System Language Discovery
              • Modifies Internet Explorer settings
              • Suspicious use of SetWindowsHookEx
              PID:2640
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 772 -s 200
        3⤵
        • Loads dropped DLL
        • Program crash
        PID:2364

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\MSOCache\ALLUSE~1\{90140~1\dwtrig20.exe
    Filesize

    547KB

    MD5

    cf6c595d3e5e9667667af096762fd9c4

    SHA1

    9bb44da8d7f6457099cb56e4f7d1026963dce7ce

    SHA256

    593e60cc30ae0789448547195af77f550387f6648d45847ea244dd0dd7abf03d

    SHA512

    ff4f789df9e6a6d0fbe12b3250f951fcf11e857906c65e96a30bb46266e7e1180d6103a03db2f3764e0d1346b2de7afba8259ba080057e4a268e45e8654dfa80

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0d90348ce63bba8fdf36d4944527824e

    SHA1

    4018a0ed2c02dc439d105daba64db36527686e93

    SHA256

    2859bccd10bbbd37ec4ba63a2812d6833f9a371e4c3dc7bb1ec527cd80c1e3f6

    SHA512

    1f77c03d2a4bc987539cef8ed61a50d4d2bcb5905ba4b5554f8f1c63a9ecded86fd751bd3a8b53505e14dd9fc5d98ac1b0e6efcc2a7f4eeb4669eb76f3be7f06

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e22b81a688b2335dd7cea9a02dab681b

    SHA1

    2d702ceb1f37013ef14ad5afa4bee269d01f099e

    SHA256

    7237b8234bb226b7f5580e63a198e4fb51cb6edee897055e446447b93cc32242

    SHA512

    17883c616431854389b3964c2e2eae098060221323d837cfce16527b8d13d40330a3259f8c3872fab07482d2631eed01e6c278f51c061fe46106704d104615e7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    dfc751ccd1cd878eb4e4d51e1e90a410

    SHA1

    a170104e31362410009d70adb0b79c7ee2e675c9

    SHA256

    87f6fa2fbc3af3b958c63a53889bde562301bd341f8e55a68ef83b23a5b314ee

    SHA512

    6a6d0536f2d4a2e72ca09f49f9da267d0ecb12d27c32ea8432b3a1a9301ffd743b8efc7b9118556d515488c4a4240d92f9a345b00d559b7728830cb0c9e38c21

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    877fae542430f21c0bdc34fbad223cd6

    SHA1

    4f58246625c391ac327fe8f339c57bb016bc7a8b

    SHA256

    8b4e2d801d1d9fd417639f85cd153b13572a2cdc216bed02d2d969d3b74fb22d

    SHA512

    38f0e973a3c06a6df8ebe9e67189813a23ed53fb7d4e129ef771328ddf0894762a92c4de49743e7579301cd5b6b90b75d866567e321a443f4250c30c80b6b9e0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8bdf5daee1f80a9d7ea07c839628320a

    SHA1

    d63f04d5dc506a8517b29d3eacfbc756a5df3792

    SHA256

    6b609e22a8186d2d5dbfa8bc605fe4528d35875ef358ae4fc57ba5f58b9dbf23

    SHA512

    a12dcb689f4498bbdc93e7c3b4cbb7079fc17e2fdee89b38b46d2b92235a74133905d8faa0eafb49dac78368400facc878ddd941cf3ff4defdb5e487b7641251

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    928b7de44e1fd15c9d9bdad1fd03e8be

    SHA1

    ba449b4775fd47f4b299aefd8034cf6637dd236a

    SHA256

    1a67eb9d5c3ebc516a2157369f7697e6a6dd6fc08a51f868f8fe6d4c6042ab86

    SHA512

    fc5b2878b5f2de9a998b64a0d5871c66b66e016b078a94aa2cc02ec87ed6ec3633e4c75d653950837e586cbc8b7dcaf70c9df4e6aba4b2e28d7c5cd33a2d3793

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    572b5f364f7149144bf64f83f7d2f96d

    SHA1

    a937b920273ec44de5d5362637aa2eb5a5fa9547

    SHA256

    ce5ba47ec261989752a4d685679097572b05ddf5f67aee1f0e3105df1ff5dbf8

    SHA512

    615aac01e57b37d8339b084a23e7572b7d4a9524186113c44b90e92c989e0233657b9a81baac1d6e530f036eb05b7339fb1826e0a69be3f1aa9ffccccf1df962

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7f5587e7a1d3d2d559d5cea726a4fd83

    SHA1

    35f99d042978a91e276c0048e5d3df6178a502bd

    SHA256

    02be2a1e63ac4fd9ac3d77bf44c832221537e4df53195c429b8b7c4712bfd9c6

    SHA512

    1873569360c93fa2fbf031062ed0e89a348c04b0cbd256f79ec729ecef3b1fa93756de68172243dd6cb3bf19c0a116825278252c71bd70c0d0491c6471aabf83

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d10f40ffd9283ee512b29e5803ab74db

    SHA1

    3c310a8ba18e7f3b7f063dd57d4eed60d7451605

    SHA256

    e919e66da04e3c38d814b314d37bb94e82ce2bed102b65766d477465bde1d3d9

    SHA512

    a61b85b608d469cce7d1417b590a3889c3f54c8e4aa03275ed548cf4f4ea6cb7b0f92468d5aefa4b26a3b5586d9605aa924fa47904fa836564177f6573e6d984

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3467fe07a7adfb886fc381638707b1fb

    SHA1

    217e16bd018eb43e7257fe26ce3f502ddc44e0a0

    SHA256

    face08fb740134079b429ec0ff56f9b0676e4aa2a59fcd813c34c99df33d5848

    SHA512

    b24e53fc0cc04f76ff2bacae197e74bcbe1b9fec7c2e483aefde2dc5dfc1b8edd4550b0911ad6951df90963cc1ee4126d06d5b3bed657505f3c08f32b99abff3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2c3cd211fe48e06b72c41efc28ae628d

    SHA1

    f25c74af934327e1bdea595e277eff0031b453d4

    SHA256

    467e3b2f50638f508976f6baa376c296ac9d9bf0b1b17aaa2d31cbfe5bf72105

    SHA512

    44f045c8bbc1534f018c1711d457f4fedd7c4e317e3aece0e9309a05f23e1e991044406cc2af3c30a28d218109d0044291931196f88791759426ea236f8a8d79

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e1a7fe570fadb56ab2f16759586e6b26

    SHA1

    760b5a5e2aab5d0bdc980229aa5702c516be2719

    SHA256

    da6add1971b1283181c7282cdbcf243b19b4d31b049c37e95c0f31b431cf051e

    SHA512

    1ac1857cd30aa7438e527a872ecb6ef7138cca407aa5206f6388a094e4e71554de2d942e41d312de128c13dd5df3bbd3a44f26ac2055755320466b7d71173d31

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    66884e3f059dc16216d1732c2a448acf

    SHA1

    8a9076045938cd83e399510b36558da8002c669e

    SHA256

    69abdece19bcc2c500b0ddbc292acb97125f06b4d76bccf1c9d0c182b0fa8c57

    SHA512

    c54d51159663124b2416cb7562e8c38580bff6d576c7d5221dfb3f90effc9d109ec666cbcde4a96e1d831a1eea12d45b17438fbf80d6e21ccdc65d9ed95f6168

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    698ea18e2534df146363ec3b6df2b42c

    SHA1

    786e2baf008ac4646c605ff2be5e37e2dee175f1

    SHA256

    58e599316184314d76e1786e2502ea0e668baf7bb06501fc5df3e6270e2d7753

    SHA512

    3e64429943ec6695c1c5a08a7b5c48e7f4179b2f33b7c0c85926139b0267cb4d205a44b3ef8d96fe2f1e4b160c18e5909f077e0e9099964d5f0962791ad98ac0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d2e92712c3fdcc292da2907e326be51e

    SHA1

    7da76e54929a5ba39e30e8705d83866372317cdc

    SHA256

    ebb6a4cfd5dcd6e11f50e0dfef87096be341a53d36e1daef23aae41c58d2d296

    SHA512

    c63f83355e926067baa863298979afd830cd600b1b8ecc4609fd1001fccfc3054ae2a60482232800f720cfea8f5dd3e24c08b5a6cf0b1342845e70021709c89b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9b8fb898ecaa5321fcf2f15b4cad9f2c

    SHA1

    4e2a43c864b757e0e7e18b4bd3d2a114ddba079c

    SHA256

    29b7864bc3074acfc193b463469c07aeb8c618b527c1833b2926e383d416c2af

    SHA512

    16054c683732cdd692cac3429791a180b2ca0f526d847305d4c922629def875653af6acad57cd3dedf4d880d9fc8c5d84598e0654bbee414137b8c0cc9336568

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c19dfd59939c37ca4d80a6a28dea57dd

    SHA1

    0fa78aa2de7dbe7e0c344f6ff27f27c252bbcc96

    SHA256

    900932ce04fcacc6e85aa98026618b46a6bb9f8cc602f30f085e00e89523c445

    SHA512

    c71f2b781aef19b20c7e8c972ae45b32ba5643604478f7bea5aef514ac3bfc25f8be3930ea2eea82fe48ecaec12923522ad7be22d8c66f636c7612dd61a9612d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    25ad40a56046e3f0f3a69b0075314e71

    SHA1

    efd9983fd2f61c022eaaff957fd78b9e9190ecfe

    SHA256

    53d6e5f01fa1e6c05c38a630ebd952597a5bbc0976dde6d9b238421e212cb9db

    SHA512

    05cc37520d9aef49f35c47f3340a863e257c5e0fe39ed80119325c604b4326f563cd29c913dfd0ed29b29c685579c8e85cec414961aab27a5134dd4089074421

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabBD2A.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarBED3.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • \PROGRA~2\Adobe\READER~1.0\Reader\LOGTRA~1.EXE
    Filesize

    252KB

    MD5

    9e2b9928c89a9d0da1d3e8f4bd96afa7

    SHA1

    ec66cda99f44b62470c6930e5afda061579cde35

    SHA256

    8899b4ed3446b7d55b54defbc1acb7c5392a4b3bc8ec2cdc7c31171708965043

    SHA512

    2ca5ad1d0e12a8049de885b90b7f56fe77c868e0d6dae4ec4b6f3bc0bf7b2e73295cc9b1328c2b45357ffb0d7804622ab3f91a56140b098e93b691032d508156

    Download Submit

  • \Users\Admin\AppData\Local\Temp\3582-490\JaffaCakes118_7af578439c23caca854aa5a5519c1a30.exe
    Filesize

    699KB

    MD5

    4c586576edfde173d60c344d8ea45642

    SHA1

    86fd9c94839ccb7ae2b9192635cc9851b3c9ec84

    SHA256

    f3cabf8053c0d51be2309b06164c37cf4e6eb70f19f82b05e41514deff1b5e7e

    SHA512

    6281e009239fe7a321b9eb17975b885c158761dbcbeeee5065c55592dbd1c3d27a001d262e62bcfcb312f27d4dbff39b2287b7268b96fc09dcbe1b41ab11c84b

    Download Submit

  • \Users\Admin\AppData\Local\Temp\3582-490\JaffaCakes118_7af578439c23caca854aa5a5519c1a30Srv.exe
    Filesize

    55KB

    MD5

    ff5e1f27193ce51eec318714ef038bef

    SHA1

    b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

    SHA256

    fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

    SHA512

    c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    Download Submit

  • memory/772-35-0x0000000000400000-0x000000000050E000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/772-115-0x0000000000150000-0x000000000017E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/772-15-0x0000000000400000-0x000000000050E000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/772-17-0x0000000000150000-0x000000000017E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/1672-20-0x0000000000230000-0x000000000023F000-memory.dmp

    Filesize

    60KB

    Download

  • memory/1672-28-0x0000000000240000-0x000000000026E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/1672-19-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/1672-22-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2752-31-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2752-32-0x0000000000240000-0x0000000000241000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2752-33-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/3060-11-0x0000000002C50000-0x0000000002D5E000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/3060-547-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/3060-437-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/3060-73-0x0000000002C50000-0x0000000002D5E000-memory.dmp

    Filesize

    1.1MB

    Download