Analysis

  • max time kernel
    134s
  • max time network
    136s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    27/01/2025, 15:12

General

  • Target

    JaffaCakes118_40dd585383358253ab47de6f05b38a71.exe

  • Size

    564KB

  • MD5

    40dd585383358253ab47de6f05b38a71

  • SHA1

    7a95736022859031c6d06c9dbcafcc0eb66d134b

  • SHA256

    e31eb92bc1607542f267d7f7050664e43d7cbacdaa1852345e4d74e28cd6d44f

  • SHA512

    2849cacaa9606057012476e0c5474d5e60341c45e9994a0a2d29a0e24281ec8e99f60d95ad681ea92f0be9fddf32a523a29d2da0467cfac4cdbdd3f0ba3e7cf1

  • SSDEEP

    12288:u+MDtCi7NFlZnNqZ9xGrLpZ0ZHEqtgb0Ub:utplNFgxG5eZngb0U

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 7 IoCs
  • Indicator Removal: File Deletion 1 TTPs

    Adversaries may delete files left behind by the actions of their intrusion activity.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 7 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • NSIS installer 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 37 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_40dd585383358253ab47de6f05b38a71.exe
    "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_40dd585383358253ab47de6f05b38a71.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2120
    • C:\Users\Admin\AppData\Local\Temp\nbfile0.exe
      C:\Users\Admin\AppData\Local\Temp\nbfile0.exe
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2320
      • C:\Windows\SysWOW64\WScript.exe
        "C:\Windows\System32\WScript.exe" "C:\newsetup.vbs"
        3⤵
        • System Location Discovery: System Language Discovery
        PID:1720
      • C:\Windows\SysWOW64\WScript.exe
        "C:\Windows\System32\WScript.exe" "C:\1.vbs"
        3⤵
        • System Location Discovery: System Language Discovery
        PID:2444
    • C:\Users\Admin\AppData\Local\Temp\nbfile1.exe
      C:\Users\Admin\AppData\Local\Temp\nbfile1.exe
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2416
      • C:\Program Files\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://down.97199.com/install2/?sl3
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2340
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2340 CREDAT:275457 /prefetch:2
          4⤵
          • System Location Discovery: System Language Discovery
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2920
      • C:\Windows\SysWOW64\cmd.exe
        C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\nbfile1.exe
        3⤵
        • System Location Discovery: System Language Discovery
        PID:2756

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

          Filesize

          914B

          MD5

          e4a68ac854ac5242460afd72481b2a44

          SHA1

          df3c24f9bfd666761b268073fe06d1cc8d4f82a4

          SHA256

          cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

          SHA512

          5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

          Filesize

          1KB

          MD5

          a266bb7dcc38a562631361bbf61dd11b

          SHA1

          3b1efd3a66ea28b16697394703a72ca340a05bd5

          SHA256

          df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

          SHA512

          0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

          Filesize

          252B

          MD5

          0c8a91dbc036d2672a25807459587bac

          SHA1

          ca8a7c485d3c9f41e66c4d2af551aea9b24e05a1

          SHA256

          5692f8c8631cb344fc3b3973ab485d8ce6de5f62eeef4a39585e0c7e279844ca

          SHA512

          cc70bdcceb7817d40078a55e61c8a1b87ed3cd3702ed8fe402f287b590789d7eefe2ebd4eebb1ffa2fa42b7921cddac8cc7aa9e3573e3395544d34732aef5df6

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          d9ec6973dd97c952bd55e9dbfcb56cf2

          SHA1

          84a85340e4e8f2229963c40973bfdf9d180fb626

          SHA256

          f5e1ad322b55cc62453a53938feb3b83793913b20ae27aeebb52b044186d1a7e

          SHA512

          b6f80927c1fcc0ccde4878f8da1afca24a0072d9dbb18c84b124e097eb5510cea7f08bf23eaf4376d213b90426db59fd0c165aeefda2c66dc647f7135b7896aa

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          e6e7c63e6fd0cc8165a2df77c231f002

          SHA1

          28866a1ec5701f6900ef0cc365792730b9a0360b

          SHA256

          f6d13a56e5eb66a97cb0dfc1017a3c8956e2a43bc752acbaf810f34b6cc12306

          SHA512

          6f58a2b3cacddc59ffc19b186fee26a5427c8d4f50150dcfc30acb903caad6399d708905e93367139657fa2b6e69cbb34e666301c514ea3b29bfc9d7a0306462

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          9fd726a1d6b9c3daa6236746093861cb

          SHA1

          4cf51b961526dbbd1b67fc8831fe61bf3f42d1b0

          SHA256

          9bb8f0a6703c24c7f17c7bd99e4a08dd103ebc136cd5497936bf14e8448f86a8

          SHA512

          1e07ff5755161417c6cd33806db1e51cb4189c1e012a4551edf87bfe6f512e7f5b7e3bbad4515f3c344d3bddc2aa9ce60f775565e809eefaa161b13cbbfa9853

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          d730a1eff2fb65553cdbda36caa06ecc

          SHA1

          591a733e034eae6414516e918a9da121e4fa2587

          SHA256

          5d9edb61959db321a5bc8fc09444ab905aad3d37252df7f642e098738671eb8b

          SHA512

          3809a8e81494cca26c8dfab95b25996237827dec6f21a3d9d099465f8941c450a1b8b95e952fc80bc5920851a063e23a63f2a8e5aff93c03b8750218190f1931

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          9541cc32b330ef1548a77be631f7bdc3

          SHA1

          32609a9079ff8017603893fe89e8b700f5697261

          SHA256

          cb9c267835f47760b995382c26354429f8525ed17bb52777ad502de39e49df30

          SHA512

          1ef5635f3da21b4db475878ff1218857b5a1d6deb50ca01dcc77ccf6f14111ba9d7c4dcc29c482e7bff18850bb4c83423444cec0d73ef328d408236a6ca31f65

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          5f3b5f0158d7c0b9af657393e7960d58

          SHA1

          c23cb5b94293b6d06f682d9ccf09964e7f8f3f5b

          SHA256

          f7f88b7bed46ac18e618be3cfafefa8495c0c4e93495994568bfb5eac6712ff2

          SHA512

          444a396e59fed00263fef0090cfa1a7bafee0346e2ecd57158fc91a550172daa2e956fd8527812f9293c1ee893a7032bb354baa0d55838f7ac2be1f9a5e876aa

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          af40640a3c868cd96602f6f40729c967

          SHA1

          609205aec0b61a0c9068225f315e5f9c8b143168

          SHA256

          6dc9f412dc8f6264158e564ceb4dcf669266b5d26faacbe568294cdaad069d45

          SHA512

          7f56ac977f911f78d266ccd915ec5433197f86b447a3c9ba34297b0e92b410bad9d5cb3a03fb1efa662be50b220d58b8427e36d17c6fa9b42b22ef9aa996b8fe

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          6380eb39048e936df46edada5ff8b4df

          SHA1

          d15b803ebaef1612335204308a6f7c32302efd46

          SHA256

          35112f8091d5b74ebda63eb864fac69dc15343404a4fbcd0d7a084131e685a13

          SHA512

          3674657e6009c6f18379e40a2b6ca61d0d0aea46ecee9ff515d5a5463092912d5d48e6d7e8bb7b5e9957fddbf14d51f6bcf0b0a0f0a894df84fabc6f61698c88

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          62caaf332b10b658784be82ba0107423

          SHA1

          ef62cba0ab4bac85f0e52d6ea227680916d53b98

          SHA256

          a41b959fb774be0ca5cf0a872d54f60f83f9a8bd958eb028831dfee13a82f5b9

          SHA512

          58bf8866deaba90dc32bb5d67a8da698d5d1a718ca014d41e2983ca62fa5a1dfb655ede8e96e4cb721e51dbad5c3ee493c0904132c4099b983416d0ec43a694e

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          152b4841e8ee63d3193bf60e9efaa806

          SHA1

          33425478408c0269c5ff6d3881c7989cadfa4939

          SHA256

          9641d455e9f55b593087eab99478db49385a6aab262b2e77f18c4f575f0e4321

          SHA512

          b5d70072d8db1d3321e1fe83cab0a6fcffbe1fee746e75f1e9e57ade1e4721d70c097ddfa08d9920f95213ca5b1d544aa4bb3fc43c9f15c6dcbf469945929872

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          e6a3a6d1504ccc675a20c72989ac6615

          SHA1

          80c3c5b498c91ba669516aaffc89cff0ea5fd197

          SHA256

          0dce00c586ebde8e3e6f58e8df6512be7b4ccec242cf4fd280c9ea6d4ae2cf71

          SHA512

          4253aed0e41b46f43bec190b7f6267aad4b3258478ff52350764a69a8e95f0389e9ae41a3399b7afccfac305cc528042ec8f7257962042c18641a590f392d9a1

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          cd9d178590280f7d1f24af471e051ecf

          SHA1

          b10f7f14725a648442fd76b6508f652f47e3fce6

          SHA256

          8e818192abfee29014cb8c36b3bab0808d8b8b7fdef4345f5004dbd86359b94f

          SHA512

          7021f9e5d046e540374ba11b39ec6fa640990eadcd88bf0179e4d19e73f2e2ee3c16fe9fa50a3175fc37fc3347c2cd4903f784996e23eec9e10347039d786485

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          cc0b7ab4fd498e6cc402e20f2d1f6443

          SHA1

          6403fb4624c6aa6bd4a610c64b47a86f013ee76a

          SHA256

          1d98d3f6dec3ad5b9884ac653161f1a31c4bd0bc6452b5a165d61a18a6ce8f26

          SHA512

          a3604387ba3457e5924fcb0d4859300daa646d5b0a58864d05e7aa2d0f6018a27d78cae6840b0a583efe53899687fa847667fe0e6846ca63811c6ad06d24ac36

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          f5d0088bf1c739bb6402df6e993d995e

          SHA1

          aa3fc03880ae8bfadc46e10ec2e18823a1837a7d

          SHA256

          5dc60c535e314e9bb13d39bbd8edc309bd0e180beb7194b9a841288c1f2e774d

          SHA512

          10568848efb35886bbd99889bc514e31ea42bc57bb76fa892ba05e703fa0cd525253244f3f7628fb2ab562b50f49b312a2b4c3042232c5a262d248e6edacedd2

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          9ddbaa7468b5bb3aa57a5950510a9436

          SHA1

          65af3e5e9e23e3c0b290c051cda4ec7d3b0b8a09

          SHA256

          0662ba5806313df76af796165966584c57e4ac0c54c522e37387e23ee1c52165

          SHA512

          b2de5a03c942782c4f35f366efb2173418f8e124aa998b9f954d959e959e58dd64acc604d93cf7354176024862e9729cbb478eeb13b1c4dd09832f1353a99fec

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          e0910a4cb7133e0a23dd8a77c4fb12da

          SHA1

          60886700c04bc77faa35c2351b5548013963e408

          SHA256

          8687530a92d5fcef2a7feafaf4a623aeb082f09da636da4b0a6677e26ee9b4ce

          SHA512

          31d4c8606a293826783427d367078ab0edf39501c6f87c6736559a339435ea4050b3436e4164c86191b113a5de532aa8b3a02c3647a6163eccc3b97f94042593

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          244fb73adb13c48bdb923f21cb3921b4

          SHA1

          e088bb392e945f79a5dfaf1ca14a0d811dae7512

          SHA256

          db44244557429721c307d500326987071c503d4a9122afff05a7b71e151d6944

          SHA512

          5db14aeee39b76005fb7126a00581ad60243a35c1dda584ddbda76de7bacfe0e2fee535157a463296638e663eda62151381a000a5b02c1552a529398b5c19882

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          5fd815dfa6f2270a3ec1349197b9bc68

          SHA1

          677d8876a5692784c919d12e46c83b0333296af9

          SHA256

          4ee90b00b9f2711f0f3479e3f7c08f160e90cf7b1f15e10dbc15232f30147ad9

          SHA512

          69a545fccf1c359a883b68bd4285fa159ea0f9ffaf233c4fc8054401963bf1e4f255268f796a3ff3e6597c9a103c8bdafc130646cb11559eb04b7c934852df9a

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          3a9aa252437ffde787e021ee1b459ada

          SHA1

          f0b32625201c87bba96d80044fd4a92cf20c6203

          SHA256

          b9b0e3be33c5d1f0f4dbf46acc66d2c54989e89231312528d8e4f568669b23c4

          SHA512

          b13686d0e263d0f048b642791adb7ffc84af7d3fb468ed48376b8af48833455287614b622333789f5ff14041e57abf791f6f916a69f851779272842d4350c0b8

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

          Filesize

          242B

          MD5

          0f3f54c2b98c50c6e0267180b6897f5c

          SHA1

          3158e0a36712ae31bb2f39a4a4181d426847e2d4

          SHA256

          b04deff6bda2b77405a4e27037f841011305d0b76722196939ba912679278115

          SHA512

          f5e26f3fec36d4d883181285d7e3ed563060568246fe5d673f2d8faccd7e418a78e09825d7616e491ef1e0b60b9f669ead1ad102e8a50224ed2f02e5f80c1de7

        • C:\Users\Admin\AppData\Local\Temp\CabF5C5.tmp

          Filesize

          70KB

          MD5

          49aebf8cbd62d92ac215b2923fb1b9f5

          SHA1

          1723be06719828dda65ad804298d0431f6aff976

          SHA256

          b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

          SHA512

          bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

        • C:\Users\Admin\AppData\Local\Temp\TarF5D8.tmp

          Filesize

          181KB

          MD5

          4ea6026cf93ec6338144661bf1202cd1

          SHA1

          a1dec9044f750ad887935a01430bf49322fbdcb7

          SHA256

          8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

          SHA512

          6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

        • C:\newsetup.vbs

          Filesize

          631B

          MD5

          5e2c0c26e344eeae4304c9bb561ea89b

          SHA1

          4664f9d0f582ab586ab197515aa45499eb18db41

          SHA256

          f74ed58e1ff45165abf943ff0364fff8e5d873b9051ccba0da940399fbd8aac3

          SHA512

          4aa5f6d5c35160470f99808dab9a68f826e726eae0b7f536e71665b978d72502faf971c4f9f2a9a792b3aca04736c9c97d633da7b34b50dbd3831dcb67284d97

        • \Users\Admin\AppData\Local\Temp\nbfile0.exe

          Filesize

          35KB

          MD5

          08f52a4ccd01913b9a9691093a64366f

          SHA1

          e44c6620b4107a0f55e89f632c007a9a1ec88119

          SHA256

          85357e0168e34f2d01f319a0f129132b77f03cafb6820ecf6dda64a39266582d

          SHA512

          d6a9eed3a663f59047cb6d74aed375a7041060921ea80835f039726fa171fbf7b030c29a4c3059ae875058605f54bebfcba7d4daaf36b5ed1cb960e91d4755fc

        • \Users\Admin\AppData\Local\Temp\nbfile1.exe

          Filesize

          467KB

          MD5

          74869a0346ab36bbba85022612505121

          SHA1

          2cd02f46f2f9f46eaf15fce40a3bf4781f80cf8a

          SHA256

          6de866b5c8abb1db9b2be231b365c1aa029118fbc58823f443f00e3a33dff18a

          SHA512

          723812083113cff82aa5e2243759c572518865e351cc81b7c2b85a05557862dbbd7a98b964ff6f3aa3802bb5d4dab01a14147211495fc5803d9ddb7b715f4de5

        • memory/2120-30-0x0000000000400000-0x0000000000493000-memory.dmp

          Filesize

          588KB

        • memory/2120-21-0x0000000000320000-0x00000000003AA000-memory.dmp

          Filesize

          552KB

        • memory/2416-25-0x0000000000020000-0x0000000000022000-memory.dmp

          Filesize

          8KB

        • memory/2416-24-0x0000000000400000-0x000000000048A000-memory.dmp

          Filesize

          552KB

        • memory/2416-31-0x0000000000400000-0x000000000048A000-memory.dmp

          Filesize

          552KB