Analysis

  • max time kernel
    141s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    27/01/2025, 20:52

General

  • Target

    JaffaCakes118_4394101d29bd57686b458ce2b4cbffff.exe

  • Size

    13KB

  • MD5

    4394101d29bd57686b458ce2b4cbffff

  • SHA1

    e5e39839d64316bc953ec65834fbd6ada0fd7218

  • SHA256

    ed3e3dbaae5139050b8cd1cb61ecbe18a911900275692eadc384544639c6db9d

  • SHA512

    092f78b4998ee56f13c5316f7af5c630926ab8723e5c854c96df8b640e190155ad0418bb941afbf3725fc32fa8a4567ccf0d1a2287a1d415ae698c96233f0ab8

  • SSDEEP

    192:DmGwWlwFtGnHpAcZPJJhc2l7NPnEZQuPPp0+:DKWotQpDZPJfFt5EXPPp0+

Score
3/10

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies Internet Explorer settings 1 TTPs 35 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4394101d29bd57686b458ce2b4cbffff.exe
    "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4394101d29bd57686b458ce2b4cbffff.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2396
    • C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4394101d29bd57686b458ce2b4cbffff.exe
      C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4394101d29bd57686b458ce2b4cbffff.exe
      2⤵
        PID:2524
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2116
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2116 CREDAT:275457 /prefetch:2
        2⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2880

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            520ed0bfae9e7e4ed426c48042b1fb85

            SHA1

            6335a75638980870a0fa97c41dcf043b2ea95c05

            SHA256

            859f6c8b4ffee921ceb2f0533f0b2cd4045f466ef6e2510d4748e1b165d14acb

            SHA512

            f82496b4ef703ee82f853af41ab20f54af1674f42087d9a2eee4ae2cf4c956cc28a1dfadbca7c72b9780c488f1344946af3e33c2b01536836ab0dd84176f9880

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            8a17bb185307e6d57ecb4e493a5cf957

            SHA1

            93b600671dfb05af1492e3d6929d3c91b8466404

            SHA256

            6eb40f2c5f0963974841b51266c4c47da17e3db41efd24c1674c07b43406984f

            SHA512

            04246e80295e4bc96212bbb336e55ebd1d5b354f2356b6a623e9d9c428bffba8fb9ded1c331ab5142731963e561f79b651646fe46eeed6f54c0b5db056bfe1ec

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            bf7ea3bb5f9301abca94b42727be56d9

            SHA1

            5bc53463d27d100307c86ca24918044888f775fa

            SHA256

            ebc41642e5c78048a2ac44af53a6bd2cfa2f8155b1d98aeac077ffad78da8cc3

            SHA512

            7755f574e33385562a09b81c07661ea1cb58cd09c7bc674c0f1487837ab933b3c2ae2635e309fb6d641c42d4af7aea877166cc16c45e954b55770bf94670e1e8

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            38906017fb6bb600b619697303eb9132

            SHA1

            f9a5b59cdaf3c5cb1b4bce425a3fcb2e3174e5b9

            SHA256

            fd8b39d7a87bac2b88165ea6a709022770bb9ba02c2cd64cfe3111a8b09c7067

            SHA512

            546e378da48ef303a35a4d641d23235961a3657c21ea2e768f7f52d72710e5db40d7599bb043c3aa01d0ba5bb92772430eb7ee09d3eff0d53e57990c5a77803e

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            4e3b9409fb5c1598d70acfb6663df43b

            SHA1

            9fecb9e8e75b412bac60108943474e0460e9db1a

            SHA256

            b93cbf750f9420ff0ece2b9efba52f50adaf98ed743fd689d5af8c085b31ce10

            SHA512

            e5811233338ff6833b4a5f9477ff0add88e73eaebe6283c2cce4db71d7618f9543d98fac9f4fadbed61a7c99fb4685812dfff6d4d96eed832607a7ace264e8e4

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            0953c0189079f53f72561f30f4a96f8c

            SHA1

            cfdd04f38b9ede53c906f5ae5d8358f5a75c3cc7

            SHA256

            500ab4efe3be24a78cd422cc03b6ffff2f980d0925b62ebf8246eb67c8520766

            SHA512

            874be29b13283b2f426fed966f782f06187cd57d6ffacbf48a84b369c8fdd1d116157cef014fa771446611961e16a082668b22f6f2bdd78e65c1b2cbe8155723

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            7a6383c3544651a4df6c462f721e2cc0

            SHA1

            073a77d242feda73d8de6bdf2e36e2c8570927b4

            SHA256

            8e05ab779871f5aa5080d36831202ddb208365d5dca1b0512a5775afff45aa80

            SHA512

            529d0d8c5f88563e1976f011349dcabccfe46d91efca1f7cc627360ca8755ab383a7a6031317ed2478b820545c48cfa96ec092d08cce147205dedfa29a4862f9

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            66e946b409200130819889f7983f8edb

            SHA1

            d7660a08028a3ba058e833a0db66de24f5bcd8fd

            SHA256

            b489921e03181aa0c70e7ddfed926c30c54b3c8016ed132de5d7f5afc2cd853c

            SHA512

            3b015d15d1b35541f7b8b9b4930e339159280961352f7cedb9fc6d86f59619f15bf9cb218888aa340708fd56d7a9d6764262eed9f4cce2286848cb0bbd64670f

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            47398dcb7922c38d8a5f8b826e2c29cf

            SHA1

            c8bd40584e970da2b6fd5d019bdab7950c25b21c

            SHA256

            0f3e2e699d99975e2c2e21ccdf9f1ed75ccaf4e3e3adebba852e077f2336c4e8

            SHA512

            2054ffd4b92a13789d2428537a066f27ea144336add22c20c746fbc39718f688861ff3647536df01267b4422424ff7f2222274d3c72b5d11ae1ae71a337ba244

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            23fdb839a507ec772686714103bc1bab

            SHA1

            ec058590d7f81f8698818867462271c27b243b01

            SHA256

            3f594f02948467f72dc2269f569db055ca7cb3c693ff4c39ea862cf4c68a3197

            SHA512

            b985d3269bd395901eb3495adbc451e108ef32db6989051f2bc5fb97b78434c83a207902580e2da0b8f332e99d74e376e2b58686f98481007b10f9495778a4a9

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            3ade838ab1f0111e2054e74d0229a530

            SHA1

            cca2353d399cc3f0e0dc1fcb43b1b8eb19536fb5

            SHA256

            b77ddeb7899a46ebfd039a170878feac7b6687d0693df6156127fb2e324df663

            SHA512

            75e4daf0dac77cb2a75988f31a4f4a8b1bfcbd0e64d324ecc04b91e1915d69f2a179fad44922265c6dd9afc7b42327edb818c68ac1a37ae4a4de079f64cc7a81

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            0cddc15250b411e1eba484d11e8908d8

            SHA1

            45aeea2641c81ede595ccac922e4828a3f93428f

            SHA256

            2ccde73b6e323b1f166c7577aa1989619205209894a29838c3c148107e4b6c8a

            SHA512

            5cae5e58b46966560dfbaaa0549cff01572a31b5c64abd51fc0ecf7cf2e22ab543f60320c938e3cfeeb9e3135b6303747309a226420e4b9feec51cd3a1fc1f8f

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            31d09184ddc743e63102ff70645b6fcf

            SHA1

            6462a620265b89869f214ba5f0fa4ceb8fcb3ce1

            SHA256

            15c867f3c521444a3901b80bb206ad580f9f7c51c383419217dab389709b6857

            SHA512

            4d0fb60869e33f85b5a269ae248967f08155719200fe6396025280c8d8b5c288ad3b09610fb5bdd6d9c30fb1d3cd5c10c2c10a76dae3989b8686b68d300c07d7

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            b7f31fc8b9b24e1047ead63275d5b851

            SHA1

            b4e06d8a96993dfe9a5337d1193d21ec0de71be5

            SHA256

            64d7733f9a3bc795ebf70a06581d652c148424d44c98f3a63201d838e065ef2b

            SHA512

            582aba93a53081b5272549c23d20ff52e7df7e38468f92b31544bf4d0a4e51b2c5425856880a52dffe9ea2a3811aa956bad1dfac28ec37fb9fb27f425234c130

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            8fab4ec959536d1622058b35570f7473

            SHA1

            8ec1af8a1fe642e544aa3e25e88609776a38b9e4

            SHA256

            d1d859e33eeb2450be0f69cd6a7383d4dfc22d9120d690ca98f000aeae547ed1

            SHA512

            10380de8eb8599d4207ba5ae2a0a4c896866c08ddd5ec28868a7bd324833363b946e2fccf2a0b0cb0863845077524d177a683ee3c5077f9e1dc592e43b357b35

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            34bef99fb7d32fdc27aa0b91f850d594

            SHA1

            a6749ad6f914ec193893e7d858aba039b5b82dd4

            SHA256

            f641b8211a8358f0b1e06fa57cd39daa5e48ad9766560c5129a1bcf5543b7b35

            SHA512

            a899ab24aae4b8310d38ef998b382f1034f745f641d24ffedfe2b78759cb47bd69ece56a184c7efc97c57e82ce1da44c4d5cd445f08619b8b5734ecb3d4bcb91

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            9d4ed21219a00a4bc39c52cc850d6cfb

            SHA1

            d54a309feef1f94928489e2038a162182f06e422

            SHA256

            1b625c3be6368df1d9ea1fd1cd7fd51ee73b97881148c3968ffcee230d6f968e

            SHA512

            7ec5f46cc7d3ecf8be166a60296bd7ae6c09d32e03308c2021f23989634c987d7cb0eb562ada7e7d55e7e905f1ebb8737fc57091271d07e1329c2ca8c98c4102

          • C:\Users\Admin\AppData\Local\Temp\CabC0E0.tmp

            Filesize

            70KB

            MD5

            49aebf8cbd62d92ac215b2923fb1b9f5

            SHA1

            1723be06719828dda65ad804298d0431f6aff976

            SHA256

            b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

            SHA512

            bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

          • C:\Users\Admin\AppData\Local\Temp\TarC191.tmp

            Filesize

            181KB

            MD5

            4ea6026cf93ec6338144661bf1202cd1

            SHA1

            a1dec9044f750ad887935a01430bf49322fbdcb7

            SHA256

            8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

            SHA512

            6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

          • memory/2396-0-0x0000000000500000-0x0000000000505000-memory.dmp

            Filesize

            20KB

          • memory/2524-8-0x0000000000400000-0x0000000000500000-memory.dmp

            Filesize

            1024KB

          • memory/2524-2-0x0000000000100000-0x0000000000101000-memory.dmp

            Filesize

            4KB

          • memory/2524-1-0x0000000000400000-0x0000000000500000-memory.dmp

            Filesize

            1024KB

          • memory/2524-3-0x0000000000120000-0x0000000000122000-memory.dmp

            Filesize

            8KB

          • memory/2524-347-0x0000000000500000-0x0000000000505000-memory.dmp

            Filesize

            20KB