Overview

overview

7

Static

static

5

JaffaCakes...5d.exe

windows7-x64

7

JaffaCakes...5d.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    137s
  • max time network
    148s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    28/03/2025, 07:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    JaffaCakes118_8a72777b7f9253e39f56e2268407705d.exe

  • Size

    43KB

  • MD5

    8a72777b7f9253e39f56e2268407705d

  • SHA1

    9e9b852fb16c42dc84e7dc8703bb8f4f71c801dd

  • SHA256

    a8a91ff9909250052d82119c7bf4480baf1231c5ec1b33e51cfbaeb3ad5d2449

  • SHA512

    fddb4fb80cacb0e9997a071d236949fe80b12429381c62d0567102bd887799acc9cdfbe0702de62a67df980b5578b175e7ded567a9974f603ef3fc6ce43228c5

  • SSDEEP

    768:spGSdgqGRivxe9En6ZxVniAAvTx3Er6ySOXdJaDhL812XmXHM:CNKqkiEUsxVnEvTNi3SyXaLXmXHM

Score
7/10
bootkitdiscoverypersistenceupx

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence
  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Windows directory 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8a72777b7f9253e39f56e2268407705d.exe
    "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8a72777b7f9253e39f56e2268407705d.exe"
    1⤵
    • Writes to the Master Boot Record (MBR)
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1996
    • C:\windows\svchosts.exe
      C:\windows\svchosts.exe auto
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      PID:1900
    • C:\progra~1\Intern~1\iexplore.exe
      C:\\progra~1\\Intern~1\\iexplore.exe http://jianqiangzhe1.com/AddSetup.asp?id=137&localID=232138804165&isqq=3
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2940
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2940 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2888

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    71KB

    MD5

    83142242e97b8953c386f988aa694e4a

    SHA1

    833ed12fc15b356136dcdd27c61a50f59c5c7d50

    SHA256

    d72761e1a334a754ce8250e3af7ea4bf25301040929fd88cf9e50b4a9197d755

    SHA512

    bb6da177bd16d163f377d9b4c63f6d535804137887684c113cc2f643ceab4f34338c06b5a29213c23d375e95d22ef417eac928822dfb3688ce9e2de9d5242d10

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    71c7ad3a31dbf0879442f4e871753d12

    SHA1

    c5ce5494a307a797a3801e9262728f64b172e92a

    SHA256

    7e8d66c6ca5ecf1887107ab3e5565a451a7badd8aa310913c23f8f0ef5d0a4cd

    SHA512

    6c7691f843d06e126b6e665c10db63194b328160beb4f8d4b173ba1b24ddfc64c4f737b9077e1bc29e63e99c5527d5385ca80054971ecd70661ec20e1b8e7f52

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    4564e44410be048e20c2149e387a80ae

    SHA1

    b086cdba15bade4d7de26546e2ff4af944e4dd95

    SHA256

    a1430e8915272c817bc69cc29cdee6a0e53ccec33b7fbde5561cd65a2689cd19

    SHA512

    25f64cf33be61101614f47a357b9b8ffd7e34d6be92ed328da8ced38942f27797a64b3e7938e0d338097aa007c9fe2302677781fde359dc846c71a40ee6d40b2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    a8d2edca230daaf8e25ee3927d676369

    SHA1

    91317faa925b7e8ace1e49fed3a510083c129dfb

    SHA256

    cd33c5af5270bf5a84ee76558002791607e09f065d4e00e48d3a476e4c5e028e

    SHA512

    551cd4221da7441322c8eb6f318a212c6f59aca5858cf972c181137090045b6a6e2242398abe67a6a174face1df84a51d1fb7e2038e809c19ceb09e5981e8798

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    40eae2438c30713f16277fa5d74dcfad

    SHA1

    57fd6eacb9e8a2ce5424a8cba9b6dd3e38f694bb

    SHA256

    a1685bc57c7a01d768e3a5bab31744221afb2a4c94fe79bd336f9d7e897aa3ea

    SHA512

    2767b61c1af2e73e3465b625e9d848d18156970437cc550da911f2b72b18cdcea7cb271c93546545fbcd59bc96871470adde06c8ffd2b49afd205825b886896a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    060c86aa690ecaab4a4422596b9c7576

    SHA1

    5d972c52a5d57a53b4aeb041b2f2274e94e789b1

    SHA256

    4e7354ebff77496797ab63d47c1586b922d1e8fd4b5bbee18f9f753a3e9ba4d3

    SHA512

    063089c9779e3e0829d1d8e948dca6924d414ae66c0865219575e77ff82b2d9fbce4f63b1fdc9611d9a473025b9873e8e985951dff19fd02e3916cfa741928a9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    764c510208bdde4312788ab6d2c60b51

    SHA1

    017abacfb46779bff9757ea34654e5c0e0442bcc

    SHA256

    9b4bcce2aca0147cf60f3c1d2952c898b82bcbd84347560f27208dc39d93dc5b

    SHA512

    02a1626f1ca5ad31d9b472cc9d2cf0e68eae877ed8de383811596caa35116c0d4f434bb1eecedf4004f36c9ad1d8c805d4ff59eb4622a8fbcd90fa21f21c70c5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    a35289c7a68d2bcfcf03815425b883ea

    SHA1

    e9e3ca144c8a4c5db0229a5f7718c64a719da6fe

    SHA256

    29450579720715d3c7b5ee7c80304bf457c32513232767dd6ae1bf8206be9076

    SHA512

    a6d83b3976de99b676e6a8472ee7378a634f0b266f53ecd5687f08c5cadf56035e03c0b0f4b2269b039fbb784bb4193785d154996403fb765e38a58dec1b49dc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    56a3dcd7c9ac82c4d93a46057a4d744e

    SHA1

    ff5f21bc3e1c9f8fd2486689aaf04ff64a827bf6

    SHA256

    61d2bc6eb6d86bb9d7209003e8b86df152c850582515b516872574b67a571c13

    SHA512

    9f0d257f40c38e71333a4dfec537dc5daf32e848b89d0649e1d8ad552399033649413ff083f92b719b6b4764527f2e6172cf88e44bce82ef4f7727437f859aaf

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    13b36f1a67dd856604c6302db91ef11f

    SHA1

    0f30d0f2e36032748091ed917099f4053fe50d77

    SHA256

    deebddb17ad6ea7287c86a7be3cf99994199a3ff688aa2b96bd2bedfa1db77c4

    SHA512

    45c6c3bf958c5f9be31de31e55c4cc3b23ef1c6e0d043437b1cf81ee7721a996a7a17dbaea3073c82c117684231c3f0b1a43a0cbdb17663cd8214840836f9981

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    57d7c55ff4f3bf76071c7212001e72f0

    SHA1

    9a93273d1d3a3859c0ab905c07bcc63808882a4b

    SHA256

    b053d5f3cea37ccad3b56bad8b9ff1837363a73087f52b7a6120ebe9312fd328

    SHA512

    d246962023bed5fcc03cbb48d4230297179b9b73d24901af3685e76368d1cc3588bf5f72014dfd9437ce6c3b5ce7eff7662c9bc380a1d9d00692a79684965dfa

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    f092ccee4cb1722605ba0733c7a3d0da

    SHA1

    18e2223ffecb0cb0d49276d6525989755ce54240

    SHA256

    df97aad4551f7c2a57adbf8df5720fd8753a5a29ccf37852b4bfcab150e0946c

    SHA512

    578ecbc080b92a9a06db4088b8aecfbf42d44180fd84bb17f7b1415ad59904014de40b6733e55f63dcb1ca0574bc88b197ac7ff3166e1679af3357ae0915de8a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    cca6db060147463ed44639dbcb32333a

    SHA1

    5fce87c1419c28a40a47725b9b623322193362cc

    SHA256

    6731e1711b5dc40e6a674330fdc5923d16116f78e149c2372c026fd6a7c66892

    SHA512

    9e3a959a5df0111ae12f51868d99be9531a2c93680366ad090317bfdddc816aacc19033a6f2672490726652899d43b095f6732e12c4cb27be5969aa2e922734b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    719133ef567cd51fb66292ec0f2d4531

    SHA1

    329ad3973c25035321a79ce3664b46cda1a3ad6a

    SHA256

    8bb11092820b79584a8004efd1d218344ace1e68be05f37b7e43cab321b74988

    SHA512

    f53e71e6ea634723959826adc783df6af94bf207e57e1b50d0f1fbc92bda63801112f135cf7a29a192173b0e38bf5a6fe812ff7d015c8e63be18ad0e784479de

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    a355568bff12246e8cf1c44c67487a7d

    SHA1

    68fb44461cd8e874a1cfe40a0d344d851853e01e

    SHA256

    85cfdf5d96f197fcdb7fafc2eae26627e992e0ab464cc26d75d012b823a2ce87

    SHA512

    b7b60aaa92c94e1ad165e0c4de6ec8047a1f3bbf9ee05fca3e088e3d8260aed3e0e8f279195aa5c2d158b5793b5c0968799c296ade7b77111de7c98f511d90df

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    6616774c88bf15fec49a91e5435ffd83

    SHA1

    7d46a2045a55efb83bd1964efc432aef77383d2a

    SHA256

    a794be0402b7a9ff0f0c3ec7b1c9732514444674ada1ba4f7fecd31bce468a73

    SHA512

    130454638a97cd6062040898e9958c610a93be4ba4e9ba820dfcab777f5f54b255d25d56780a3391645d5efadd0799414fa998c9d9f714c359134107e16b4b70

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    0d38e7f3fcec2796902f64edf73f5673

    SHA1

    9a7a9448a4297e36336e594c4d1049b5183337ab

    SHA256

    4d8b8aaf6d1e9bec2d69269af8f1a187b2f150b2f9ff1101a475883bb06a1409

    SHA512

    f71c14e464fb9a1209303043fa002ff3c14ce0efa4bcbe86d5f0e37c02b1fe19b0c96a9221c7d6225f84796f3c623113bd40cdf97f826e24bfaaebc06698f159

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    666fc8f60aeefb0bd5f95ee0a8652452

    SHA1

    c022dc81aa97f02cbb86a0137923a4b1f9c8388d

    SHA256

    d76200940dece85f5ae9f7bc48f91687534c1dc4dc926a3dd529bcbc27581220

    SHA512

    b4e9f7ae47437d161a12098cffa12325719d92bd16c41d31ad9ee68ba35907c4c7b69b496c9af464a2537752236ca2958328d1cfebd3ea6998b893c05931fd5d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    33a1aa51d892517dd751252bcb3ed6f5

    SHA1

    579f0f165691abf4d88f2da622c7dbef7dab7cc3

    SHA256

    aaf8d57b9e190f3bf60e2585275e018f8fff781a753fafff6bca6aedf523477b

    SHA512

    f15cd3cbf630acacca3239aa2d6c4c87a4979e4046f9e7770f8db74ab8efb7df9d2c11203290a803f4637c76628dd337807389c530516653a42641e89bc3ff87

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabC083.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarC166.tmp
    Filesize

    183KB

    MD5

    109cab5505f5e065b63d01361467a83b

    SHA1

    4ed78955b9272a9ed689b51bf2bf4a86a25e53fc

    SHA256

    ea6b7f51e85835c09259d9475a7d246c3e764ad67c449673f9dc97172c351673

    SHA512

    753a6da5d6889dd52f40208e37f2b8c185805ef81148682b269fff5aa84a46d710fe0ebfe05bce625da2e801e1c26745998a41266fa36bf47bc088a224d730cc

    Download Submit

  • C:\Windows\svchosts.exe
    Filesize

    43KB

    MD5

    8a72777b7f9253e39f56e2268407705d

    SHA1

    9e9b852fb16c42dc84e7dc8703bb8f4f71c801dd

    SHA256

    a8a91ff9909250052d82119c7bf4480baf1231c5ec1b33e51cfbaeb3ad5d2449

    SHA512

    fddb4fb80cacb0e9997a071d236949fe80b12429381c62d0567102bd887799acc9cdfbe0702de62a67df980b5578b175e7ded567a9974f603ef3fc6ce43228c5

    Download Submit

  • memory/1900-497-0x0000000000400000-0x000000000041E000-memory.dmp

    Filesize

    120KB

    Download

  • memory/1900-496-0x0000000000400000-0x000000000041E000-memory.dmp

    Filesize

    120KB

    Download

  • memory/1900-19-0x0000000000420000-0x0000000000422000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1996-0-0x0000000000400000-0x000000000041E000-memory.dmp

    Filesize

    120KB

    Download

  • memory/1996-6-0x00000000002B0000-0x00000000002CE000-memory.dmp

    Filesize

    120KB

    Download

  • memory/1996-10-0x00000000002B0000-0x00000000002CE000-memory.dmp

    Filesize

    120KB

    Download

  • memory/1996-21-0x0000000000400000-0x000000000041E000-memory.dmp

    Filesize

    120KB

    Download

  • memory/2940-14-0x00000000032E0000-0x00000000032F0000-memory.dmp

    Filesize

    64KB

    Download