Analysis

  • max time kernel
    121s
  • max time network
    145s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    27/01/2025, 20:33

General

  • Target

    JaffaCakes118_4370f30a8ff5ca6a92cb41dd5c6eb630.exe

  • Size

    659KB

  • MD5

    4370f30a8ff5ca6a92cb41dd5c6eb630

  • SHA1

    62533e76e25b58615a96d70b4913e74868a3b886

  • SHA256

    a59f4e9896c128232dd7df54e68fe550688527348b57fdc79a355b82d9352285

  • SHA512

    eceec368c0c951968cb8460138567e38852eb23217d955ff770159b4b4ecfd2e652c73cc0d6745709503d8fc77af9deac83263f39f6d9ea713e378b97d819493

  • SSDEEP

    12288:KxOKNZvg35P0CIqfss3NTBizEMARGTqUQ4Oehv/B+:K0KNZvaP0ZsdTByxLuUQs90

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies Internet Explorer settings 1 TTPs 35 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4370f30a8ff5ca6a92cb41dd5c6eb630.exe
    "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4370f30a8ff5ca6a92cb41dd5c6eb630.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Modifies Internet Explorer settings
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2384
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.flvtube.net/12224
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1248
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1248 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2976

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          ef2eddfcd1b84a57ee116db7faedc120

          SHA1

          ea649b41387c41c6d35e54ae00425489f1ec25ca

          SHA256

          f596aa216c5162dd63b1620df83ec4286c45906eb2fdc950461b6eb72faf6902

          SHA512

          72a8aa0c2d9bc288245b5ba382c4291ebd0d4f6c56116120e2278ceb975309fbef52bb3c933348f38df796acd36b3e7f70d8306dd6fd8fc69e7701b9b123d80e

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          77bf5f1b0bd069f76d135593c7020f75

          SHA1

          d8882efbe948bae1ed6877060fb80c5648341c38

          SHA256

          8245a1b4fef938392d2a3e8d6d52c6640d07b485bfaacb6782094bee9d577db3

          SHA512

          89d092a03f249f31da2a16f789d3985c297951fc2f492ef9dddb152ecd08bba69a15ebef8d0f9dd7313a1392995c601c7f4678c8e8c73f8f05128ecd8494ab25

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          6a5d5776ffacb7f86c65bf8d88b2e2c6

          SHA1

          67511ad54754abc27694ad36a1ca7e56a706584d

          SHA256

          6dc553dbef03bb597e9855804428ff93604f47cbc0977528fb757a9edbb8ba20

          SHA512

          516b84b135f77ad06892621d9879b4d8921c2c1136256f23a3e5309deb808eaf1479202d9e86741a3be47d3a75677b4dd40bc4c497e0984e86b1ba52edd67a9e

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          a39b5cbeb00ae1f1096e1c82f613e8c1

          SHA1

          2864a4f1843e249bbc27ecd35caafde5ed087d4f

          SHA256

          7895e7fafefa09d0d64b00823a0d453c84e3f84761ec51817818090784b1c1f5

          SHA512

          2ac2e20843a67aaf9de4bb95e907245b2ac7f35d565525568b894696263db12a0f02969adfbf7a7b9b45632be95641c0b1ddf3e08859930d8641a6214ec841f7

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          9296d59c819eeba7734e6896a3f2416d

          SHA1

          bb153564dceb3c889031dbd60c519a3808bf8465

          SHA256

          defa71f2178a01a26e604af0997db9c4619d959550dce1e437a7c5f62d234d80

          SHA512

          7b7741ba6378859cf44c78c4f1136918c4c7346550dcfa088dc21db5f3fb7d2a960371794bf10849349535fef4f43cb5236f870f0f909f78b880e3d8bad91cc9

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          b8ee18eed7c05a152c16d85f5629d5f9

          SHA1

          3ee13751cfd9898ed2bbfbffaeb7291790f938f4

          SHA256

          779fce436e0c0425df1b651a940ef5d49997b2168c106a8f74618cced90de43d

          SHA512

          508c99195c6d8b06b67b60340951fcd734b9fddba3b5187fb7843f0c750f0eeeca1b7abc7b7e26c6006715f12627f8f9d2760dc4496c057b430a6d57fffef844

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          4ed9d29837424f875a69162a65fa1035

          SHA1

          3911548f8236b3e56365b709b2d9238989754ba9

          SHA256

          9b3460c2e86e46fb836ef1f6b337380bef0c0c6b95c1afc365335b30a93cd973

          SHA512

          1f4f669fa49b7e4cc35fba5458534b59535964b495500f20a40d8f0b6d8c188c240c8a85fbb9aad75a3190e71ba69e6d2580142eaecc23b6ae0e8ea2497ea5c7

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          8978a83306d0f80821068e19dcbd45eb

          SHA1

          4931235d1808bb242c39e53e0040e82425996ca1

          SHA256

          07b23e31fa2163b819b915d45bea779efd6a8dbce2b78d6c9689f29022df12d2

          SHA512

          043c5dae1c904d9681d9658167c93f9e231890d2a000f9b265388c075d249e0f034c4727f063bffa97bb6d893316633e63c1c9c4edc8a64684a4724cd664de10

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          b591d5b5bc854996c46f354ff08a703e

          SHA1

          c27f5a773310c9f47691db82a13247758dcaaf36

          SHA256

          f85b6f60692928640494fd8d242a6e8c00f97c6b249b98f0368fd0d2eb009028

          SHA512

          d60f2e0fba94e489dead926021ce25a73f1e0739432ba4614bbcdd17a9fe1c074c4b3c6ae59cfc6f3f597deb525f8539a3520ccdb508b8b3df864a489e276047

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          20302650a4a80ea8f06544e5d42b264b

          SHA1

          7bb88e7f7e177080bd567ea47d1783c28899f221

          SHA256

          c637748b031375be70138102c2cb7de04a74191d1734d2bb462d15cc8a470934

          SHA512

          72eaa6745526bec5fd231fc637ce30f1fc398edc082c317605feed79ce3cac9a9789f3510a5916a96c0bd7940d2ee966335938e4ed37fba9e8ec5006840f25d9

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          74df6b7111af43b6da603c0dd558c165

          SHA1

          5b227a51031e3cfefb9d80d137c1f1e06765c089

          SHA256

          d51147d23fb938497fa9e645e2d276837361a615c4e86e6562e0621e1bb4b0bb

          SHA512

          4f5f49a6dcd18d3dee936a37ae536c02ba7f0ab0b79fb50a8df23d10636a6baf7431f5642b2913a5904693f9248f35fbf6537cfdac826510e40dc26ef1ee64b6

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          d073f3b8e4c8b1ca54ac05d0f6309896

          SHA1

          66421636c6e52a4dd41aa325f9911592cffb69e0

          SHA256

          1466fc9476a2f0bf6bd43b3a808155614f329258de066b1dd0cc0f048d46d8ea

          SHA512

          737946d14566e6dd8a8732e57c573b9774f332308fefb449c19c3027bbfaecb7ec4f31673a4a735854e974d273644ae85a6ff74c73e144e6cb7186216de8be3a

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          fd6ff487c320978a6f4e1e20b273cc76

          SHA1

          f91c4d57b734b488eec7c2419e1388ee31b2fb1f

          SHA256

          c0f7e552498e8a7cac4bb5bd42a2231b378d4c9b58580af91f63a8d54e39a8ff

          SHA512

          e34d9a0f05e8dba64e1799588521cca25e40d6ba185d3daa3526efef8eb3214d8ed518ed2fb55513e3c87cfbaa70051278b65cb9ee3309b1ebbc360893cc504c

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          b94f7224aab0ef9d975654ce1af1fe0a

          SHA1

          b5d2da0d35b415d250f81d5d4b9621180c964752

          SHA256

          a93f6721c4dbea69e403192a8561f737f549e9141210298bf511acfedf013152

          SHA512

          34ed8ee233ed63cf0fefef623936e2c1f1b7575ea94af3d945d3fe957914ecb30a1ee0c621c02351c9c8ffb5b18a6db19324afa0f8212a79e48278e489ae6627

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          9f2be240c2440279634046b4e618aaa1

          SHA1

          2f5a9282ef12f46df9b5421497346c08ecb006a9

          SHA256

          dca901fe24ebf94dc77238dfe6278eec3b320eda87f1e2c70b4e9888c68ec863

          SHA512

          2a291705dabbf6f21b802caa35beba99d3f2a189eb3cac79fcb23fcf5857c6cc12376eba8ab6335ef4fb6bffcb2c5376315baee83dc833df388330985b31d0bd

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          63f061498ce3f098b77c4130f150cebb

          SHA1

          0ca27f0504d97e05181d7b5fc549789451e9d9d6

          SHA256

          55a90243eaf6c1344580ed519b5e36db5668c92fc72bbac8e0c0d2de4e8556bc

          SHA512

          ad9f7bf08907f66768218e3be242234b4bdbb8681aba50fc515c711f16b60f9adbc9d07225534a655a82fddce86ce14d814f91ebbcace31e0accaec9e787bfa3

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          8aff0e863b62909f8c67071f5735148c

          SHA1

          4d26384512a497e8e0056cf2a7ad58ab6576b39f

          SHA256

          d6eebaf53a6d5b8cbea68d910106b4c04ee81f02d01071953c338ebc91100d35

          SHA512

          ac517ac1f390c09925541411b08e7823d8f4e72949af675ae6f8d6b600ccc5884499b6938a8564c84eaf6e10839ff611bab8bd86658e7dd375834fe44fb0b12e

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          299c519a4ecb234d087508613ad95e46

          SHA1

          33ac29aa07bb0fdbaea53b619234464ee116c778

          SHA256

          34227b46268010a02eaefe881e8036ccadba3dd78234dd8f13e201851208c733

          SHA512

          f26c5c9a889eaf42216550f3c942c9787abd42012c8890fc994fdbaeae09edb2e25fafe134871d17bd66bd425401154db72690dc0ec584452bb40ff2cfdad440

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          db6d705e66c769b01504262dc377390d

          SHA1

          aa40703587f19b57c1a9cbe4c0a8f7a4925a0e24

          SHA256

          ad362909d9132b775e335b6e9a653263f075c42aa96f74f0d636523f78eeca28

          SHA512

          8b27dce97a07f5f28362e764ebde26cff2af79657aa14fa2597d5e9b518e91d6a5be9562e2ba0ba02bcda36b4c84c18680911bc24e44ae60192b3e55d4d5b6c1

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          2d328ad55b007417c757d248ea832581

          SHA1

          644975330d9581d6902062b13941f2a959893d28

          SHA256

          692d0973e1e3f374e7bcac951b3793002a114d57487186aa5f6b46b60291c050

          SHA512

          97deea4a2a56df859799b2184e7d05d865eb93c392d311cf62d53c48f303b53a0a8119084eb45f42549a843164514107812f594b2cd465b794abe41203c1cc81

        • C:\Users\Admin\AppData\Local\Temp\CabCA54.tmp

          Filesize

          70KB

          MD5

          49aebf8cbd62d92ac215b2923fb1b9f5

          SHA1

          1723be06719828dda65ad804298d0431f6aff976

          SHA256

          b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

          SHA512

          bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

        • C:\Users\Admin\AppData\Local\Temp\TarCB03.tmp

          Filesize

          181KB

          MD5

          4ea6026cf93ec6338144661bf1202cd1

          SHA1

          a1dec9044f750ad887935a01430bf49322fbdcb7

          SHA256

          8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

          SHA512

          6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

        • memory/2384-0-0x00000000001D0000-0x00000000001D1000-memory.dmp

          Filesize

          4KB

        • memory/2384-1-0x00000000001D0000-0x00000000001D1000-memory.dmp

          Filesize

          4KB