Analysis

  • max time kernel
    141s
  • max time network
    133s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    27/01/2025, 15:10

General

  • Target

    JaffaCakes118_40dadb31be99c854573769b3141c156f.exe

  • Size

    16KB

  • MD5

    40dadb31be99c854573769b3141c156f

  • SHA1

    9e27f172a85337ca340120a26cdac1a74791276f

  • SHA256

    e8bf17254e3a94cf7883caac0fbd2b534f7efc7544d239c12447094be56d5ab0

  • SHA512

    562f98aecef901308fbb59bf510c09b1a01799f08865b194c09c42daae4b03cbeedbc7dedd03b85cf1844942372fa0d3599d196abb49b5b1cdfb454ec51b82aa

  • SSDEEP

    384:P1wPXbtu3BvXuPik8rINykudC+5X8lfPOZQwRt:avbtu3hYGC+5XqfPOZQU

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
  • Drops file in System32 directory 2 IoCs
  • Drops file in Windows directory 6 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
  • Modifies Internet Explorer start page 1 TTPs 4 IoCs
  • Modifies registry class 2 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_40dadb31be99c854573769b3141c156f.exe
    "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_40dadb31be99c854573769b3141c156f.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Modifies Internet Explorer start page
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:576
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://mmsf.miwin.net/
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3000
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3000 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1648
    • C:\Windows\system\taskmgr.exe
      "C:\Windows\system\taskmgr.exe"
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • Drops file in System32 directory
      • Drops file in Windows directory
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer start page
      • Modifies registry class
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:1172

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          6661f3d831d243ce1d7c26f1adb81787

          SHA1

          becf44bed2f975beaae6bb2ca3ebf36c684034df

          SHA256

          4675905a778e6dcb1c89962f1d3b71bd66f8f3743c213582785be46e66d40f0f

          SHA512

          cc56a4f4773b957e8fc3be94a7832b3d47a9d06a68a99cbfbe3335701c6364a8a8a8a0db1112a433c37f90193df29a4784daed74ed937daf2b114fadc964bafd

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          6740557df68892cb4dc9e599b69a5229

          SHA1

          c393ff71d63b7a4562906a3d806f3533db177b7d

          SHA256

          955ccd97fd9d1296a766b74142533f181f5930f72fc0fc6f8706d943dd32c396

          SHA512

          7a8bb09b26039362228d8769647a77802fbf604b7b998b8f687302b83e56c9b47371eef12fae627761f871d6553da0542a71c1d149cc558a209bb1bd3467dbb7

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          194481fc1e2019f23a43525f5fb9c608

          SHA1

          afe16e81cf04c05d05250dd35ff69b1c6289cf34

          SHA256

          4e7e27805596b046e6df9868499ca01d14087617816dc6c5be7d422fc411a101

          SHA512

          f959446299017b864360e551d257ceaf01c91df8a5fd7dbe63e90aca954da6634d497b3f782d45e263d1b36c70158451123399d22719d4b0eb0b84fa781a66ee

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          f9a8901cd440174330fe811d20daef7e

          SHA1

          7b605fe90b133cd2acb436967a8dd8e3058a8ddc

          SHA256

          e90d156027e7b43888b2cb7755994044724cadd23f000ac2eafde961115a15f1

          SHA512

          be4421e18fb0f248d716b53139dcc9c632ab8fc403abd632fad1619816002d5860732b11a5840fee2e0d5bb8ba8278c1963b361b0dcbef4ce96a9bc60fabda6f

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          9aa139a3e66aeafce2631b4d765eba3e

          SHA1

          5c4735d36256bf803bb4cba22566140689a616e0

          SHA256

          592f827e7620ea85fb510be4f2118170912c42432c373bbcd5c739a824a12e7e

          SHA512

          3c7f49575fd3a756d012314b76150dbfd1b010e30a39ec3aca294ad5eab9530016cf4ebe0d90bb9e0a18af4350fa8a6f39a93747bd0f7146b5d557d2ac21167b

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          080c28f39320ce571a30adfa9fe91c04

          SHA1

          6c32e9f84d4cd73697c59be4341f4cfe9e954dc8

          SHA256

          950a84de359eda2800245cfa001b07bd488353b583044db39223d86eb0d078b4

          SHA512

          edd56f676877481fce0d0ca92f7f007678440a01a9aa8f1caeb004184f953f32cd11c6597bf583fb7415ef2106b8d43f2e41de8f30f133352503801e770d46cb

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          e2fa83958fa29796e730747ae9d31b0a

          SHA1

          4c505c13439361f9815c0221bc3a93601f1f50f9

          SHA256

          ea98c5f5289c30a01cfc23003fbd7068ea710c6c5e671be758983686a3f11128

          SHA512

          7c7376fca4fe347d1d725ad3ff419e2d003414464c6249476fdaa8857c646bc4ee66ae2d4d76b7e7cbe3c8a384c2a10f8046308b36e1ae89866ecb0b639e3b5c

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          f7a44b5e88e6ab506dd4d0a17b375fdb

          SHA1

          7e75b034d8d89a9975dec38e20b35bebbeacdaf8

          SHA256

          414bf6edc776da473eb2a794800eecc2aea37bce0ef42c55a8ada1e9b3b1cbf8

          SHA512

          96ea5f6236625cbaa4e8082ce3360f2ac2cae5977536a2547657c0bfd2c8ef3c5a596f792afbaf4103eb5bc9e458ed0c295b7be81fb875c513bb9270c2f1df2a

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          37c84edc8163820ae858cfd17020e6e8

          SHA1

          35c852fd8f7cbd8615af19e0c2fbb3b9b7543f65

          SHA256

          1b82c03b8cfd3bb72edd19c1045a8853b8052dac41fa7253a054ee759d80604e

          SHA512

          30f5206da044a73c57e2c536ee9f3e713145b9745395d07d90c8668a1ef3654cfbdc401489ac8346116c811dc4a5c570006e64dc040d944fbce055973310d08a

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          1bce17e741e2f97531fff4004f180d91

          SHA1

          7b4064372a15a104496308e440ec14cc4f49f3e8

          SHA256

          8b74dc8b11d1f6091a52e3003bc664a37bb4e20a548f095a7370077fefdf4f44

          SHA512

          85ad040a52b2104108c9a9bff940cc29deb8d9c782709253a70a73a9ed587d944f83bb46226971ccfb611dc7d3fb809148492f8a85dc60ac196449cd3f18441e

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          1b8e558f562c598ca2cdb5189390d112

          SHA1

          b1528a05296ce5e3eacb22945d7108ea257d217e

          SHA256

          086dd2a9644e1dfb63ea16829b9d1b7090c63a7d823c1c88cb7b5e3f29299969

          SHA512

          d1a56806a703e564f3bf3c7db09ea9947c91d9109e349be3961a19c77909689b1ee778b681d794568234d216af56361f157ab09a279e08f107e4ef109c81958f

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          03698b8fa9207f9b462be7ff2dcca282

          SHA1

          96b0d3c35407805044d934b5f6c2bca641dc1699

          SHA256

          7741f73948d18cd7201616d430f07d7b358a77fd5855ce3776f2b8b01060ade7

          SHA512

          d5981ad80a008d8fc85041b1eb4dac72915d509954b4bc040375b899f5464381c56be658b0ec5dfcbf6f8f0eef32e76555c771d81668db4155c2c1f4193c4c76

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          a57cb86fd2c19740796dcdfedc19b1c2

          SHA1

          8beac5cf7f1f862673369cc2fb84054b0dceee7c

          SHA256

          9e3c01f3a55e9dd48eaf97c32886ce6288a964ea376eeaf6bf18d6993504a3ba

          SHA512

          7fa5e8a7fc8c8d5523efa2275c1339a66c9ccdcfb0fa6bd2d05c6cd3f04b43eb45cb94b148d4adc3cd056042786131a5c324381c5a79e6b5c4da63ea39b65472

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          3be26333cccc80ad76337849345aa14b

          SHA1

          b7f3b1564922903524685a633a8c38dadaf719b1

          SHA256

          16af51f0f500a2aaf9bd7f57cb26b45001a8de306fed7db42a1bbc8c3eea59ae

          SHA512

          61ff48be2cdfc7fc858ceee6c02e629cc66de714f82fadc428dcae41d6e4a99cdbb5b91b3b7616deb35bbc3b68f0fb19a41b821662f27a49ffc74d97a1772015

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          d2760a07221b8fde4b80bfcc2fb3ff30

          SHA1

          09925809a041a053b3e89715f9a9eb805c2d8b4a

          SHA256

          ceab0f85efcd1c2fcc1864dbef9d4420fffbbe46bc4dfdcbe170418cf8524f98

          SHA512

          e4286cd81a173d4bce855625fd03d82363ddffe7c01a1df46adcdab12fb6ac49a7766d761b34aff70e1bf5a6808e340723c0fe6b8f954a4f8bacd6fb2c215139

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          6e0dc99d548328dd5eb10ed4da5a1e6d

          SHA1

          15eed3901ddb4efecedd2868fd435d8d69509978

          SHA256

          735ec11a9a94112537aaf7980ee8016387acedeae873a0ac4030b5afeb1bf227

          SHA512

          6f7c5b9077ebf9dc66c9525aa89ff8e2ffd68fb87bff8dddaaf839bad4caa5664d53e682e91277de7bfd1c11addde0db7291e0e52fe22269adc707cab9d6c2d4

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          46a0249e63f3d0e88ac080b3461b9abc

          SHA1

          2964ac3f091fc778cdb73fae1e67f89a50121b26

          SHA256

          38178bc3369aed01772d23e1a6a3ca661e6466c7412964145bc8d9b6728f4484

          SHA512

          aa21b66ba4a88fbf77940fca1f9cbc3a3d78977f27e27820c52fccf3a6634f2dc15f7bc9691af19148dde683b7fe2e458895fb9e7f5ac6fc99b166d89678f77a

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          0a864ce6d88fa0325ed9ea5cab01f9c9

          SHA1

          f3ee6283434cbbb3652548c8e12d4bbd7930ff52

          SHA256

          5dac37aa18d6730f178216514b0785625bd3fd2fca92bac656999f661ce6f3fa

          SHA512

          2bc24453d5736c4c762516a790119eb97c3e615c82e1f104d8bcadc594d1dd493284de63ad5034abb8f6a83398cf24f6f52b4bad3f9a2a98897c11bf3ec969d2

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          0e13233b05133056f88130493205d7c8

          SHA1

          f1d6f598ded99357a691e344d07802de31e3ccb3

          SHA256

          d537997d23816fe22e0e6f2b938c111f25a28b5a187b5dd4c715c57a77ba00ea

          SHA512

          6a0deba9c8def8a3ff286821a4d475fe95bcb2329655f378d5309ca8d62339b22661b98622f26fc7a563be6165103127f928f46b5d9de4c5d7de5d35ac8ae41f

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          124e013dca991f9c0d49da6be12f547d

          SHA1

          57fbcba01d4fb02668c44fc508d8a5eaed0078b3

          SHA256

          a063b537cb2e5df4a9aac8e439a976de3bc5b983391ed38e65b631200a8b2683

          SHA512

          eb730d23fbfd51efca521706f6ea98921900a9df6903aa3e7b7472231bd952d4060870a71db7d61b0713629f73c3556b0770c21f4d2067b83cb2975c3e097934

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          f8fdb748d3a962fb9247b463614725c8

          SHA1

          1bd0b0b7c1a7617960e4962d66366c3d25f6df58

          SHA256

          f94ca1f7b894a05df72d580a37168e0ea10acb1d12b321fbb10e00b481063653

          SHA512

          1e5a695efab0d9a05950244605c260716182f920bee8b2d1fd4ce6d529ebc898cfb65719f92bfd0f1d0f6b762361287c4bcedbdbcd82507fa000374bbbbc43f8

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          e3091b0ef0eff44661edb1e57de40c0d

          SHA1

          36404e9360fdb8f1464e0fd52faf86d54da2a8c1

          SHA256

          f1efbd7db1d8da87c93b820d65ea3d078ec42987cf9ed1e1711ad932e4fece8e

          SHA512

          873fc9186ec7899dff8673ad1d9aad0e3bda33b56da77551fee34b1aa0c3339f0baa230260a4ab42d49ddd86e8ca8684a6d5e36959f14199479231a4f37d1b54

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          fd1671989bb46d1428c1f23aaf95a5e3

          SHA1

          597a4ca90e53174cddca0064cc8ce389ef42c6c1

          SHA256

          2aa6ad2e79fba0061419bdc15bc2cf151b6a98a4c297a23a376bce854caab0bc

          SHA512

          d9589775bea0ba9ed2b1cd99f4d053f08cea2f50346fe1bd31b68758e77e93725af91cc48240c73d4e1e9236d8154620a3c2b74e13e82b4c51913de43ab7358a

        • C:\Users\Admin\AppData\Local\Temp\Cab8BEE.tmp

          Filesize

          70KB

          MD5

          49aebf8cbd62d92ac215b2923fb1b9f5

          SHA1

          1723be06719828dda65ad804298d0431f6aff976

          SHA256

          b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

          SHA512

          bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

        • C:\Users\Admin\AppData\Local\Temp\Tar8C8D.tmp

          Filesize

          181KB

          MD5

          4ea6026cf93ec6338144661bf1202cd1

          SHA1

          a1dec9044f750ad887935a01430bf49322fbdcb7

          SHA256

          8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

          SHA512

          6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

        • \Windows\system\taskmgr.exe

          Filesize

          16KB

          MD5

          40dadb31be99c854573769b3141c156f

          SHA1

          9e27f172a85337ca340120a26cdac1a74791276f

          SHA256

          e8bf17254e3a94cf7883caac0fbd2b534f7efc7544d239c12447094be56d5ab0

          SHA512

          562f98aecef901308fbb59bf510c09b1a01799f08865b194c09c42daae4b03cbeedbc7dedd03b85cf1844942372fa0d3599d196abb49b5b1cdfb454ec51b82aa

        • memory/576-12-0x0000000000400000-0x0000000000410000-memory.dmp

          Filesize

          64KB

        • memory/1172-22-0x0000000000400000-0x0000000000410000-memory.dmp

          Filesize

          64KB